public interface OpenSshCertificate extends PublicKey, PrivateKey
| Modifier and Type | Interface and Description |
|---|---|
static class |
OpenSshCertificate.CertificateOption
Certificate Options are a set of bytes that is
|
static class |
OpenSshCertificate.Type
OpenSshCertificates have a type indicating whether the certificate if for a host key (certifying a host
identity) or for a user key (certifying a user identity). |
| Modifier and Type | Field and Description |
|---|---|
static long |
INFINITY
The maximum
getValidAfter() or getValidBefore() value. |
static long |
MIN_EPOCH
|
serialVersionUIDserialVersionUID| Modifier and Type | Method and Description |
|---|---|
PublicKey |
getCaPubKey()
Retrieves the CA public key of this certificate.
|
PublicKey |
getCertPubKey()
Retrieves the certified public key.
|
List<OpenSshCertificate.CertificateOption> |
getCriticalOptions()
Retrieves the critical options set in the certificate.
|
List<OpenSshCertificate.CertificateOption> |
getExtensions()
Retrieves the extensions set in the certificate.
|
String |
getId()
Retrieves a free-form text set by the CA when the certificate was generated; intended to identify the identity
principal in log message.
|
String |
getKeyType()
Retrieves the SSH key type of this certificate.
|
byte[] |
getMessage()
Retrieves the raw byte content of the certificate, minus the signature.
|
byte[] |
getNonce()
Retrieves the nonce of this certificate.
|
Collection<String> |
getPrincipals()
Retrieves the principals mentioned in the certificate.
|
String |
getRawKeyType()
Retrieves the raw SSH key type of this certificate.
|
byte[] |
getRawSignature()
Retrieves the raw signature bytes, without the signature algorithm.
|
String |
getReserved()
Retrieves the "reserved" field of the certificate.
|
long |
getSerial()
Retrieves the serial number of this certificate.
|
byte[] |
getSignature()
Retrieves the signature of the certificate, including the signature algorithm.
|
String |
getSignatureAlgorithm()
Retrieves the signature algorithm used for the signature.
|
OpenSshCertificate.Type |
getType()
Retrieves the type of certificate.
|
long |
getValidAfter()
Retrieves the time in number of seconds since the
Instant.EPOCH at which this certificate
becomes or became valid. |
long |
getValidBefore()
Retrieves the time in number of seconds since the
Instant.EPOCH at which this certificate
becomes or became invalid. |
static boolean |
isValidNow(OpenSshCertificate cert)
Determines whether the given
OpenSshCertificate is valid at the current local system time. |
getAlgorithm, getEncoded, getFormatdestroy, isDestroyedstatic final long MIN_EPOCH
static final long INFINITY
getValidAfter() or getValidBefore() value.
Note that timestamps in OpenSSH certificates are unsigned 64-bit values.
String getRawKeyType()
byte[] getNonce()
String getKeyType()
long getSerial()
OpenSshCertificate.Type getType()
OpenSshCertificate.TypeString getId()
null but may be empty.Collection<String> getPrincipals()
null but possibly emptylong getValidAfter()
Instant.EPOCH at which this certificate
becomes or became valid.Instant.EPOCH as an unsigned 64bit valueisValidNow(OpenSshCertificate)long getValidBefore()
Instant.EPOCH at which this certificate
becomes or became invalid.Instant.EPOCH as an unsigned 64bit valueisValidNow(OpenSshCertificate)List<OpenSshCertificate.CertificateOption> getCriticalOptions()
null but possibly emptyList<OpenSshCertificate.CertificateOption> getExtensions()
null but possibly emptyString getReserved()
PublicKey getCaPubKey()
PublicKeybyte[] getMessage()
byte[] getSignature()
getRawSignature()String getSignatureAlgorithm()
byte[] getRawSignature()
getSignature()static boolean isValidNow(OpenSshCertificate cert)
OpenSshCertificate is valid at the current local system time.cert - to checktrue if the certificate is valid according to its timestamps, false otherwiseCopyright © 2018–2021 The Apache Software Foundation. All rights reserved.