Class OpenSshCertificateImpl
java.lang.Object
org.apache.sshd.common.config.keys.OpenSshCertificateImpl
- All Implemented Interfaces:
Serializable
,Key
,PrivateKey
,PublicKey
,Destroyable
,OpenSshCertificate
- See Also:
-
Nested Class Summary
Nested classes/interfaces inherited from interface org.apache.sshd.common.config.keys.OpenSshCertificate
OpenSshCertificate.CertificateOption, OpenSshCertificate.Type
-
Field Summary
FieldsModifier and TypeFieldDescriptionprivate PublicKey
private PublicKey
private List<OpenSshCertificate.CertificateOption>
private List<OpenSshCertificate.CertificateOption>
private String
private String
private byte[]
private byte[]
private Collection<String>
private String
private long
private static final long
private byte[]
private int
private long
private long
Fields inherited from interface org.apache.sshd.common.config.keys.OpenSshCertificate
INFINITY, MIN_EPOCH
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionRetrieves the CA public key of this certificate.Retrieves the certified public key.Retrieves the critical options set in the certificate.byte[]
Retrieves the extensions set in the certificate.getId()
Retrieves a free-form text set by the CA when the certificate was generated; intended to identify the identity principal in log message.Retrieves the SSH key type of this certificate.byte[]
Retrieves the raw byte content of the certificate, minus the signature.byte[]
getNonce()
Retrieves the nonce of this certificate.Retrieves the principals mentioned in the certificate.Retrieves the raw SSH key type of this certificate.byte[]
Retrieves the raw signature bytes, without the signature algorithm.Retrieves the "reserved" field of the certificate.long
Retrieves the serial number of this certificate.byte[]
Retrieves the signature of the certificate, including the signature algorithm.Retrieves the signature algorithm used for the signature.getType()
Retrieves the type of certificate.long
Retrieves the time in number of seconds since theInstant.EPOCH
at which this certificate becomes or became valid.long
Retrieves the time in number of seconds since theInstant.EPOCH
at which this certificate becomes or became invalid.void
setCaPubKey
(PublicKey caPubKey) void
setCertPubKey
(PublicKey certificatePublicKey) void
setCriticalOptions
(List<OpenSshCertificate.CertificateOption> criticalOptions) void
setExtensions
(List<OpenSshCertificate.CertificateOption> extensions) void
void
setKeyType
(String keyType) void
setMessage
(byte[] message) void
setNonce
(byte[] nonce) void
setPrincipals
(Collection<String> principals) void
setReserved
(String reserved) void
setSerial
(long serial) void
setSignature
(byte[] signature) void
void
setValidAfter
(long validAfter) void
setValidAfter
(Instant validAfter) If null, usesOpenSshCertificate.MIN_EPOCH
void
setValidBefore
(long validBefore) void
setValidBefore
(Instant validBefore) If null, usesOpenSshCertificate.INFINITY
private static String
toDate
(long timestamp) toString()
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
Methods inherited from interface javax.security.auth.Destroyable
destroy, isDestroyed
-
Field Details
-
serialVersionUID
private static final long serialVersionUID- See Also:
-
keyType
-
nonce
private byte[] nonce -
certificatePublicKey
-
serial
private long serial -
type
private int type -
id
-
principals
-
validAfter
private long validAfter -
validBefore
private long validBefore -
criticalOptions
-
extensions
-
reserved
-
caPubKey
-
message
private byte[] message -
signature
private byte[] signature
-
-
Constructor Details
-
OpenSshCertificateImpl
public OpenSshCertificateImpl()
-
-
Method Details
-
getRawKeyType
Description copied from interface:OpenSshCertificate
Retrieves the raw SSH key type of this certificate.- Specified by:
getRawKeyType
in interfaceOpenSshCertificate
- Returns:
- the key type, for instance "ssh-rsa" for a "ssh-rsa-cert-v01@openssh.com" certificate
-
getNonce
public byte[] getNonce()Description copied from interface:OpenSshCertificate
Retrieves the nonce of this certificate.- Specified by:
getNonce
in interfaceOpenSshCertificate
- Returns:
- the nonce.
-
getKeyType
Description copied from interface:OpenSshCertificate
Retrieves the SSH key type of this certificate.- Specified by:
getKeyType
in interfaceOpenSshCertificate
- Returns:
- the key type, for instance "ssh-rsa-cert-v01@openssh.com"
-
getCertPubKey
Description copied from interface:OpenSshCertificate
Retrieves the certified public key.- Specified by:
getCertPubKey
in interfaceOpenSshCertificate
- Returns:
- the
PublicKey
-
getSerial
public long getSerial()Description copied from interface:OpenSshCertificate
Retrieves the serial number of this certificate.- Specified by:
getSerial
in interfaceOpenSshCertificate
- Returns:
- the serial number
-
getType
Description copied from interface:OpenSshCertificate
Retrieves the type of certificate.- Specified by:
getType
in interfaceOpenSshCertificate
- Returns:
- the
OpenSshCertificate.Type
-
getId
Description copied from interface:OpenSshCertificate
Retrieves a free-form text set by the CA when the certificate was generated; intended to identify the identity principal in log message.- Specified by:
getId
in interfaceOpenSshCertificate
- Returns:
- the id; never
null
but may be empty.
-
getPrincipals
Description copied from interface:OpenSshCertificate
Retrieves the principals mentioned in the certificate.- Specified by:
getPrincipals
in interfaceOpenSshCertificate
- Returns:
- the collection of principals, never
null
but possibly empty
-
getValidAfter
public long getValidAfter()Description copied from interface:OpenSshCertificate
Retrieves the time in number of seconds since theInstant.EPOCH
at which this certificate becomes or became valid.- Specified by:
getValidAfter
in interfaceOpenSshCertificate
- Returns:
- the number of seconds since the
Instant.EPOCH
as an unsigned 64bit value - See Also:
-
getValidBefore
public long getValidBefore()Description copied from interface:OpenSshCertificate
Retrieves the time in number of seconds since theInstant.EPOCH
at which this certificate becomes or became invalid.- Specified by:
getValidBefore
in interfaceOpenSshCertificate
- Returns:
- the number of seconds since the
Instant.EPOCH
as an unsigned 64bit value - See Also:
-
getCriticalOptions
Description copied from interface:OpenSshCertificate
Retrieves the critical options set in the certificate.- Specified by:
getCriticalOptions
in interfaceOpenSshCertificate
- Returns:
- the critical options as a list, never
null
but possibly empty
-
getExtensions
Description copied from interface:OpenSshCertificate
Retrieves the extensions set in the certificate.- Specified by:
getExtensions
in interfaceOpenSshCertificate
- Returns:
- the extensions as a list, never
null
but possibly empty
-
getReserved
Description copied from interface:OpenSshCertificate
Retrieves the "reserved" field of the certificate. OpenSSH currently doesn't use it and ignores it.- Specified by:
getReserved
in interfaceOpenSshCertificate
- Returns:
- the "reserved" field.
-
getCaPubKey
Description copied from interface:OpenSshCertificate
Retrieves the CA public key of this certificate.- Specified by:
getCaPubKey
in interfaceOpenSshCertificate
- Returns:
- the
PublicKey
-
getMessage
public byte[] getMessage()Description copied from interface:OpenSshCertificate
Retrieves the raw byte content of the certificate, minus the signature. This is the data that was signed.- Specified by:
getMessage
in interfaceOpenSshCertificate
- Returns:
- the part of the certificate raw data that was signed
-
getSignature
public byte[] getSignature()Description copied from interface:OpenSshCertificate
Retrieves the signature of the certificate, including the signature algorithm.- Specified by:
getSignature
in interfaceOpenSshCertificate
- Returns:
- the signature bytes
- See Also:
-
getRawSignature
public byte[] getRawSignature()Description copied from interface:OpenSshCertificate
Retrieves the raw signature bytes, without the signature algorithm.- Specified by:
getRawSignature
in interfaceOpenSshCertificate
- Returns:
- the signature bytes
- See Also:
-
getSignatureAlgorithm
Description copied from interface:OpenSshCertificate
Retrieves the signature algorithm used for the signature.- Specified by:
getSignatureAlgorithm
in interfaceOpenSshCertificate
- Returns:
- the signature algorithm as recorded in the certificate
-
getAlgorithm
- Specified by:
getAlgorithm
in interfaceKey
-
getFormat
-
getEncoded
public byte[] getEncoded()- Specified by:
getEncoded
in interfaceKey
-
setKeyType
-
setNonce
public void setNonce(byte[] nonce) -
setCertPubKey
-
setSerial
public void setSerial(long serial) -
setType
-
setId
-
setPrincipals
-
setValidAfter
public void setValidAfter(long validAfter) -
setValidAfter
If null, usesOpenSshCertificate.MIN_EPOCH
- Parameters:
validAfter
-Instant
to use for validAfter
-
setValidBefore
public void setValidBefore(long validBefore) -
setValidBefore
If null, usesOpenSshCertificate.INFINITY
- Parameters:
validBefore
-Instant
to use for validBefore
-
setCriticalOptions
-
setExtensions
-
setReserved
-
setCaPubKey
-
setMessage
public void setMessage(byte[] message) -
setSignature
public void setSignature(byte[] signature) -
toDate
-
toString
-