Package org.apache.sshd.certificate

Class OpenSshCertificateBuilder

java.lang.Object

org.apache.sshd.certificate.OpenSshCertificateBuilder

public class OpenSshCertificateBuilder
extends Object

Holds all the data necessary to create a signed OpenSSH Certificate

Field Summary

Fields

Modifier and Type	Field	Description
protected List<OpenSshCertificate.CertificateOption>	criticalOptions
protected List<OpenSshCertificate.CertificateOption>	extensions
protected String	id
protected byte[]	nonce
protected Collection<String>	principals
protected PublicKey	publicKey
protected long	serial
protected static final Map<String,String>	SIGNATURE_ALGORITHM_MAP
protected final OpenSshCertificate.Type	type
protected long	validAfter
protected long	validBefore

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	OpenSshCertificateBuilder(OpenSshCertificate.Type type)

Method Summary

Modifier and Type	Method	Description
OpenSshCertificateBuilder	criticalOptions(List<OpenSshCertificate.CertificateOption> criticalOptions)
OpenSshCertificateBuilder	extensions(List<OpenSshCertificate.CertificateOption> extensions)
static OpenSshCertificateBuilder	hostCertificate()
OpenSshCertificateBuilder	id(String id)
OpenSshCertificateBuilder	nonce(byte[] nonce)
OpenSshCertificateBuilder	principals(Collection<String> principals)
OpenSshCertificateBuilder	publicKey(PublicKey publicKey)
OpenSshCertificateBuilder	serial(long serial)
OpenSshCertificate	sign(KeyPair caKeypair)	Creates a certificate signed with the given CA key.
OpenSshCertificate	sign(KeyPair caKeypair, String signatureAlgorithm)	Creates a certificate signed with the given CA key using the specified signature algorithm.
static OpenSshCertificateBuilder	userCertificate()
OpenSshCertificateBuilder	validAfter(long validAfter)
OpenSshCertificateBuilder	validAfter(Instant validAfter)	If null, uses OpenSshCertificate.MIN_EPOCH
protected void	validate()
OpenSshCertificateBuilder	validBefore(long validBefore)
OpenSshCertificateBuilder	validBefore(Instant validBefore)	If null, uses OpenSshCertificate.INFINITY

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

SIGNATURE_ALGORITHM_MAP

protected static final Map<String,String> SIGNATURE_ALGORITHM_MAP

type

protected final OpenSshCertificate.Type type

publicKey

protected PublicKey publicKey

serial

protected long serial

id

protected String id

principals

protected Collection<String> principals

criticalOptions

protected List<OpenSshCertificate.CertificateOption> criticalOptions

extensions

protected List<OpenSshCertificate.CertificateOption> extensions

validAfter

protected long validAfter

validBefore

protected long validBefore

nonce

protected byte[] nonce

Constructor Details

OpenSshCertificateBuilder

protected OpenSshCertificateBuilder(OpenSshCertificate.Type type)

Method Details

userCertificate

public static OpenSshCertificateBuilder userCertificate()

hostCertificate

public static OpenSshCertificateBuilder hostCertificate()

publicKey

public OpenSshCertificateBuilder publicKey(PublicKey publicKey)

serial

public OpenSshCertificateBuilder serial(long serial)

id

public OpenSshCertificateBuilder id(String id)

principals

public OpenSshCertificateBuilder principals(Collection<String> principals)

criticalOptions

public OpenSshCertificateBuilder criticalOptions(List<OpenSshCertificate.CertificateOption> criticalOptions)

extensions

public OpenSshCertificateBuilder extensions(List<OpenSshCertificate.CertificateOption> extensions)

validAfter

public OpenSshCertificateBuilder validAfter(long validAfter)

nonce

public OpenSshCertificateBuilder nonce(byte[] nonce)

validAfter

public OpenSshCertificateBuilder validAfter(Instant validAfter)

If null, uses OpenSshCertificate.MIN_EPOCH

Parameters:

validAfter - Instant to use for validBefore

Returns:

Self reference

validBefore

public OpenSshCertificateBuilder validBefore(long validBefore)

validBefore

public OpenSshCertificateBuilder validBefore(Instant validBefore)

If null, uses OpenSshCertificate.INFINITY

Parameters:

validBefore - Instant to use for validBefore

Returns:

Self reference

validate

protected void validate()

sign

public OpenSshCertificate sign(KeyPair caKeypair)
                        throws Exception

Creates a certificate signed with the given CA key. For RSA keys "rsa-sha2-512" is used for the signature.

Parameters:

caKeypair - CA key used to sign

Returns:

the signed certificate

Throws:

Exception - if an error occurred

sign

public OpenSshCertificate sign(KeyPair caKeypair,
 String signatureAlgorithm)
                        throws Exception

Creates a certificate signed with the given CA key using the specified signature algorithm. If a signature algorithm is given, it must be appropriate for the CA key type, otherwise an exception is thrown. If signatureAlgorithm == null, an appropriate signature algorithm is chosen automatically, for RSA keys "rsa-sha2-512" is used then.

Parameters:

caKeypair - CA key used to sign

signatureAlgorithm - to use; if null automatically chosen based on the CA key type

Returns:

the signed certificate

Throws:

Exception - if an error occurred