Interface OpenSshCertificate
- All Superinterfaces:
Destroyable,Key,PrivateKey,PublicKey,Serializable
- All Known Implementing Classes:
OpenSshCertificateImpl
An OpenSSH certificate key as specified by OpenSSH.
- See Also:
-
Nested Class Summary
Nested ClassesModifier and TypeInterfaceDescriptionstatic classCertificate Options are a set of bytes that isstatic enumOpenSshCertificates have a type indicating whether the certificate if for a host key (certifying a host identity) or for a user key (certifying a user identity). -
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final longThe maximumgetValidAfter()orgetValidBefore()value.static final longFields inherited from interface java.security.PrivateKey
serialVersionUIDFields inherited from interface java.security.PublicKey
serialVersionUID -
Method Summary
Modifier and TypeMethodDescriptionRetrieves the CA public key of this certificate.Retrieves the certified public key.Retrieves the critical options set in the certificate.Retrieves the extensions set in the certificate.getId()Retrieves a free-form text set by the CA when the certificate was generated; intended to identify the identity principal in log message.Retrieves the SSH key type of this certificate.byte[]Retrieves the raw byte content of the certificate, minus the signature.byte[]getNonce()Retrieves the nonce of this certificate.Retrieves the principals mentioned in the certificate.Retrieves the raw SSH key type of this certificate.byte[]Retrieves the raw signature bytes, without the signature algorithm.Retrieves the "reserved" field of the certificate.longRetrieves the serial number of this certificate.byte[]Retrieves the signature of the certificate, including the signature algorithm.Retrieves the signature algorithm used for the signature.getType()Retrieves the type of certificate.longRetrieves the time in number of seconds since theInstant.EPOCHat which this certificate becomes or became valid.longRetrieves the time in number of seconds since theInstant.EPOCHat which this certificate becomes or became invalid.static booleanisValidNow(OpenSshCertificate cert) Determines whether the givenOpenSshCertificateis valid at the current local system time.Methods inherited from interface javax.security.auth.Destroyable
destroy, isDestroyedMethods inherited from interface java.security.Key
getAlgorithm, getEncoded, getFormat
-
Field Details
-
MIN_EPOCH
static final long MIN_EPOCH- See Also:
-
INFINITY
static final long INFINITYThe maximumgetValidAfter()orgetValidBefore()value.Note that timestamps in OpenSSH certificates are unsigned 64-bit values.
- See Also:
-
-
Method Details
-
getRawKeyType
String getRawKeyType()Retrieves the raw SSH key type of this certificate.- Returns:
- the key type, for instance "ssh-rsa" for a "ssh-rsa-cert-v01@openssh.com" certificate
-
getNonce
byte[] getNonce()Retrieves the nonce of this certificate.- Returns:
- the nonce.
-
getKeyType
String getKeyType()Retrieves the SSH key type of this certificate.- Returns:
- the key type, for instance "ssh-rsa-cert-v01@openssh.com"
-
getCertPubKey
PublicKey getCertPubKey()Retrieves the certified public key.- Returns:
- the
PublicKey
-
getSerial
long getSerial()Retrieves the serial number of this certificate.- Returns:
- the serial number
-
getType
OpenSshCertificate.Type getType()Retrieves the type of certificate.- Returns:
- the
OpenSshCertificate.Type
-
getId
String getId()Retrieves a free-form text set by the CA when the certificate was generated; intended to identify the identity principal in log message.- Returns:
- the id; never
nullbut may be empty.
-
getPrincipals
Collection<String> getPrincipals()Retrieves the principals mentioned in the certificate.- Returns:
- the collection of principals, never
nullbut possibly empty
-
getValidAfter
long getValidAfter()Retrieves the time in number of seconds since theInstant.EPOCHat which this certificate becomes or became valid.- Returns:
- the number of seconds since the
Instant.EPOCHas an unsigned 64bit value - See Also:
-
getValidBefore
long getValidBefore()Retrieves the time in number of seconds since theInstant.EPOCHat which this certificate becomes or became invalid.- Returns:
- the number of seconds since the
Instant.EPOCHas an unsigned 64bit value - See Also:
-
getCriticalOptions
List<OpenSshCertificate.CertificateOption> getCriticalOptions()Retrieves the critical options set in the certificate.- Returns:
- the critical options as a list, never
nullbut possibly empty
-
getExtensions
List<OpenSshCertificate.CertificateOption> getExtensions()Retrieves the extensions set in the certificate.- Returns:
- the extensions as a list, never
nullbut possibly empty
-
getReserved
String getReserved()Retrieves the "reserved" field of the certificate. OpenSSH currently doesn't use it and ignores it.- Returns:
- the "reserved" field.
-
getCaPubKey
PublicKey getCaPubKey()Retrieves the CA public key of this certificate.- Returns:
- the
PublicKey
-
getMessage
byte[] getMessage()Retrieves the raw byte content of the certificate, minus the signature. This is the data that was signed.- Returns:
- the part of the certificate raw data that was signed
-
getSignature
byte[] getSignature()Retrieves the signature of the certificate, including the signature algorithm.- Returns:
- the signature bytes
- See Also:
-
getSignatureAlgorithm
String getSignatureAlgorithm()Retrieves the signature algorithm used for the signature.- Returns:
- the signature algorithm as recorded in the certificate
-
getRawSignature
byte[] getRawSignature()Retrieves the raw signature bytes, without the signature algorithm.- Returns:
- the signature bytes
- See Also:
-
isValidNow
Determines whether the givenOpenSshCertificateis valid at the current local system time.- Parameters:
cert- to check- Returns:
trueif the certificate is valid according to its timestamps,falseotherwise
-