Package org.apache.sshd.certificate
Class OpenSshCertificateBuilder
java.lang.Object
org.apache.sshd.certificate.OpenSshCertificateBuilder
Holds all the data necessary to create a signed OpenSSH Certificate
-
Field Summary
Modifier and TypeFieldDescriptionprotected List<OpenSshCertificate.CertificateOption>
protected List<OpenSshCertificate.CertificateOption>
protected String
protected byte[]
protected Collection<String>
protected PublicKey
protected long
protected final OpenSshCertificate.Type
protected long
protected long
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptioncriticalOptions
(List<OpenSshCertificate.CertificateOption> criticalOptions) extensions
(List<OpenSshCertificate.CertificateOption> extensions) static OpenSshCertificateBuilder
nonce
(byte[] nonce) principals
(Collection<String> principals) serial
(long serial) Creates a certificate signed with the given CA key.Creates a certificate signed with the given CA key using the specified signature algorithm.static OpenSshCertificateBuilder
validAfter
(long validAfter) validAfter
(Instant validAfter) If null, usesOpenSshCertificate.MIN_EPOCH
protected void
validate()
validBefore
(long validBefore) validBefore
(Instant validBefore) If null, usesOpenSshCertificate.INFINITY
-
Field Details
-
SIGNATURE_ALGORITHM_MAP
-
type
-
publicKey
-
serial
protected long serial -
id
-
principals
-
criticalOptions
-
extensions
-
validAfter
protected long validAfter -
validBefore
protected long validBefore -
nonce
protected byte[] nonce
-
-
Constructor Details
-
OpenSshCertificateBuilder
-
-
Method Details
-
userCertificate
-
hostCertificate
-
publicKey
-
serial
-
id
-
principals
-
criticalOptions
public OpenSshCertificateBuilder criticalOptions(List<OpenSshCertificate.CertificateOption> criticalOptions) -
extensions
-
validAfter
-
nonce
-
validAfter
If null, usesOpenSshCertificate.MIN_EPOCH
- Parameters:
validAfter
-Instant
to use for validBefore- Returns:
- Self reference
-
validBefore
-
validBefore
If null, usesOpenSshCertificate.INFINITY
- Parameters:
validBefore
-Instant
to use for validBefore- Returns:
- Self reference
-
validate
protected void validate() -
sign
Creates a certificate signed with the given CA key. For RSA keys "rsa-sha2-512" is used for the signature.- Parameters:
caKeypair
- CA key used to sign- Returns:
- the signed certificate
- Throws:
Exception
- if an error occurred
-
sign
Creates a certificate signed with the given CA key using the specified signature algorithm. If a signature algorithm is given, it must be appropriate for the CA key type, otherwise an exception is thrown. IfsignatureAlgorithm == null
, an appropriate signature algorithm is chosen automatically, for RSA keys "rsa-sha2-512" is used then.- Parameters:
caKeypair
- CA key used to signsignatureAlgorithm
- to use; ifnull
automatically chosen based on the CA key type- Returns:
- the signed certificate
- Throws:
Exception
- if an error occurred
-