Package org.apache.sshd.certificate
Class OpenSshCertificateBuilder
java.lang.Object
org.apache.sshd.certificate.OpenSshCertificateBuilder
Holds all the data necessary to create a signed OpenSSH Certificate
-
Field Summary
FieldsModifier and TypeFieldDescriptionprotected List<OpenSshCertificate.CertificateOption> protected List<OpenSshCertificate.CertificateOption> protected Stringprotected byte[]protected Collection<String> protected PublicKeyprotected longprotected final OpenSshCertificate.Typeprotected longprotected long -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptioncriticalOptions(List<OpenSshCertificate.CertificateOption> criticalOptions) extensions(List<OpenSshCertificate.CertificateOption> extensions) static OpenSshCertificateBuilderprivate List<OpenSshCertificate.CertificateOption> Lexically orders certificate options by name.nonce(byte[] nonce) principals(Collection<String> principals) serial(long serial) Creates a certificate signed with the given CA key.Creates a certificate signed with the given CA key using the specified signature algorithm.static OpenSshCertificateBuildervalidAfter(long validAfter) validAfter(Instant validAfter) If null, usesOpenSshCertificate.MIN_EPOCHprotected voidvalidate()private voidValidates that there are no duplicate options.validBefore(long validBefore) validBefore(Instant validBefore) If null, usesOpenSshCertificate.INFINITY
-
Field Details
-
SIGNATURE_ALGORITHM_MAP
-
type
-
publicKey
-
serial
protected long serial -
id
-
principals
-
criticalOptions
-
extensions
-
validAfter
protected long validAfter -
validBefore
protected long validBefore -
nonce
protected byte[] nonce
-
-
Constructor Details
-
OpenSshCertificateBuilder
-
-
Method Details
-
userCertificate
-
hostCertificate
-
publicKey
-
serial
-
id
-
principals
-
criticalOptions
public OpenSshCertificateBuilder criticalOptions(List<OpenSshCertificate.CertificateOption> criticalOptions) -
extensions
-
validAfter
-
nonce
-
validAfter
If null, usesOpenSshCertificate.MIN_EPOCH- Parameters:
validAfter-Instantto use for validBefore- Returns:
- Self reference
-
validBefore
-
validBefore
If null, usesOpenSshCertificate.INFINITY- Parameters:
validBefore-Instantto use for validBefore- Returns:
- Self reference
-
validate
protected void validate() -
sign
Creates a certificate signed with the given CA key. For RSA keys "rsa-sha2-512" is used for the signature.- Parameters:
caKeypair- CA key used to sign- Returns:
- the signed certificate
- Throws:
Exception- if an error occurred
-
sign
Creates a certificate signed with the given CA key using the specified signature algorithm. If a signature algorithm is given, it must be appropriate for the CA key type, otherwise an exception is thrown. IfsignatureAlgorithm == null, an appropriate signature algorithm is chosen automatically, for RSA keys "rsa-sha2-512" is used then.- Parameters:
caKeypair- CA key used to signsignatureAlgorithm- to use; ifnullautomatically chosen based on the CA key type- Returns:
- the signed certificate
- Throws:
Exception- if an error occurred
-
validateOptions
Validates that there are no duplicate options.- Parameters:
options- the options to check- Throws:
IllegalArgumentException- if there are duplicates
-
lexicallyOrderOptions
private List<OpenSshCertificate.CertificateOption> lexicallyOrderOptions(List<OpenSshCertificate.CertificateOption> options) Lexically orders certificate options by name.- Parameters:
options- the options to order- Returns:
- a list containing the options in lexical order
-