Package org.apache.sshd.certificate

Class OpenSshCertificateBuilder

java.lang.Object

org.apache.sshd.certificate.OpenSshCertificateBuilder

public class OpenSshCertificateBuilder
extends java.lang.Object

Holds all the data necessary to create a signed OpenSSH Certificate

Field Summary

Fields

Modifier and Type	Field	Description
protected java.util.List<OpenSshCertificate.CertificateOption>	criticalOptions
protected java.util.List<OpenSshCertificate.CertificateOption>	extensions
protected java.lang.String	id
protected byte[]	nonce
protected java.util.Collection<java.lang.String>	principals
protected java.security.PublicKey	publicKey
protected long	serial
protected static java.util.Map<java.lang.String,java.lang.String>	SIGNATURE_ALGORITHM_MAP
protected OpenSshCertificate.Type	type
protected long	validAfter
protected long	validBefore

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	OpenSshCertificateBuilder(OpenSshCertificate.Type type)

Method Summary

Modifier and Type	Method	Description
OpenSshCertificateBuilder	criticalOptions(java.util.List<OpenSshCertificate.CertificateOption> criticalOptions)
OpenSshCertificateBuilder	extensions(java.util.List<OpenSshCertificate.CertificateOption> extensions)
static OpenSshCertificateBuilder	hostCertificate()
OpenSshCertificateBuilder	id(java.lang.String id)
OpenSshCertificateBuilder	nonce(byte[] nonce)
OpenSshCertificateBuilder	principals(java.util.Collection<java.lang.String> principals)
OpenSshCertificateBuilder	publicKey(java.security.PublicKey publicKey)
OpenSshCertificateBuilder	serial(long serial)
OpenSshCertificate	sign(java.security.KeyPair caKeypair)	Creates a certificate signed with the given CA key.
OpenSshCertificate	sign(java.security.KeyPair caKeypair, java.lang.String signatureAlgorithm)	Creates a certificate signed with the given CA key using the specified signature algorithm.
static OpenSshCertificateBuilder	userCertificate()
OpenSshCertificateBuilder	validAfter(long validAfter)
OpenSshCertificateBuilder	validAfter(java.time.Instant validAfter)	If null, uses OpenSshCertificate.MIN_EPOCH
protected void	validate()
OpenSshCertificateBuilder	validBefore(long validBefore)
OpenSshCertificateBuilder	validBefore(java.time.Instant validBefore)	If null, uses OpenSshCertificate.INFINITY

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

SIGNATURE_ALGORITHM_MAP

protected static final java.util.Map<java.lang.String,java.lang.String> SIGNATURE_ALGORITHM_MAP

type

protected final OpenSshCertificate.Type type

publicKey

protected java.security.PublicKey publicKey

serial

protected long serial

id

protected java.lang.String id

principals

protected java.util.Collection<java.lang.String> principals

criticalOptions

protected java.util.List<OpenSshCertificate.CertificateOption> criticalOptions

extensions

protected java.util.List<OpenSshCertificate.CertificateOption> extensions

validAfter

protected long validAfter

validBefore

protected long validBefore

nonce

protected byte[] nonce

Constructor Detail

OpenSshCertificateBuilder

protected OpenSshCertificateBuilder(OpenSshCertificate.Type type)

Method Detail

userCertificate

public static OpenSshCertificateBuilder userCertificate()

hostCertificate

public static OpenSshCertificateBuilder hostCertificate()

publicKey

public OpenSshCertificateBuilder publicKey(java.security.PublicKey publicKey)

serial

public OpenSshCertificateBuilder serial(long serial)

id

public OpenSshCertificateBuilder id(java.lang.String id)

principals

public OpenSshCertificateBuilder principals(java.util.Collection<java.lang.String> principals)

criticalOptions

public OpenSshCertificateBuilder criticalOptions(java.util.List<OpenSshCertificate.CertificateOption> criticalOptions)

extensions

public OpenSshCertificateBuilder extensions(java.util.List<OpenSshCertificate.CertificateOption> extensions)

validAfter

public OpenSshCertificateBuilder validAfter(long validAfter)

nonce

public OpenSshCertificateBuilder nonce(byte[] nonce)

validAfter

public OpenSshCertificateBuilder validAfter(java.time.Instant validAfter)

If null, uses OpenSshCertificate.MIN_EPOCH

Parameters:

validAfter - Instant to use for validBefore

Returns:

Self reference

validBefore

public OpenSshCertificateBuilder validBefore(long validBefore)

validBefore

public OpenSshCertificateBuilder validBefore(java.time.Instant validBefore)

If null, uses OpenSshCertificate.INFINITY

Parameters:

validBefore - Instant to use for validBefore

Returns:

Self reference

validate

protected void validate()

sign

public OpenSshCertificate sign(java.security.KeyPair caKeypair)
                        throws java.lang.Exception

Creates a certificate signed with the given CA key. For RSA keys "rsa-sha2-512" is used for the signature.

Parameters:

caKeypair - CA key used to sign

Returns:

the signed certificate

Throws:

java.lang.Exception - if an error occurred

sign

public OpenSshCertificate sign(java.security.KeyPair caKeypair,
                               java.lang.String signatureAlgorithm)
                        throws java.lang.Exception

Creates a certificate signed with the given CA key using the specified signature algorithm. If a signature algorithm is given, it must be appropriate for the CA key type, otherwise an exception is thrown. If signatureAlgorithm == null, an appropriate signature algorithm is chosen automatically, for RSA keys "rsa-sha2-512" is used then.

Parameters:

caKeypair - CA key used to sign

signatureAlgorithm - to use; if null automatically chosen based on the CA key type

Returns:

the signed certificate

Throws:

java.lang.Exception - if an error occurred