Package org.apache.sshd.certificate
Class OpenSshCertificateBuilder
- java.lang.Object
-
- org.apache.sshd.certificate.OpenSshCertificateBuilder
-
public class OpenSshCertificateBuilder extends Object
Holds all the data necessary to create a signed OpenSSH Certificate
-
-
Field Summary
Fields Modifier and Type Field Description protected List<OpenSshCertificate.CertificateOption>
criticalOptions
protected List<OpenSshCertificate.CertificateOption>
extensions
protected String
id
protected byte[]
nonce
protected Collection<String>
principals
protected PublicKey
publicKey
protected long
serial
protected static Map<String,String>
SIGNATURE_ALGORITHM_MAP
protected OpenSshCertificate.Type
type
protected long
validAfter
protected long
validBefore
-
Constructor Summary
Constructors Modifier Constructor Description protected
OpenSshCertificateBuilder(OpenSshCertificate.Type type)
-
Method Summary
-
-
-
Field Detail
-
type
protected final OpenSshCertificate.Type type
-
publicKey
protected PublicKey publicKey
-
serial
protected long serial
-
id
protected String id
-
principals
protected Collection<String> principals
-
criticalOptions
protected List<OpenSshCertificate.CertificateOption> criticalOptions
-
extensions
protected List<OpenSshCertificate.CertificateOption> extensions
-
validAfter
protected long validAfter
-
validBefore
protected long validBefore
-
nonce
protected byte[] nonce
-
-
Constructor Detail
-
OpenSshCertificateBuilder
protected OpenSshCertificateBuilder(OpenSshCertificate.Type type)
-
-
Method Detail
-
userCertificate
public static OpenSshCertificateBuilder userCertificate()
-
hostCertificate
public static OpenSshCertificateBuilder hostCertificate()
-
publicKey
public OpenSshCertificateBuilder publicKey(PublicKey publicKey)
-
serial
public OpenSshCertificateBuilder serial(long serial)
-
id
public OpenSshCertificateBuilder id(String id)
-
principals
public OpenSshCertificateBuilder principals(Collection<String> principals)
-
criticalOptions
public OpenSshCertificateBuilder criticalOptions(List<OpenSshCertificate.CertificateOption> criticalOptions)
-
extensions
public OpenSshCertificateBuilder extensions(List<OpenSshCertificate.CertificateOption> extensions)
-
validAfter
public OpenSshCertificateBuilder validAfter(long validAfter)
-
nonce
public OpenSshCertificateBuilder nonce(byte[] nonce)
-
validAfter
public OpenSshCertificateBuilder validAfter(Instant validAfter)
If null, usesOpenSshCertificate.MIN_EPOCH
- Parameters:
validAfter
-Instant
to use for validBefore- Returns:
- Self reference
-
validBefore
public OpenSshCertificateBuilder validBefore(long validBefore)
-
validBefore
public OpenSshCertificateBuilder validBefore(Instant validBefore)
If null, usesOpenSshCertificate.INFINITY
- Parameters:
validBefore
-Instant
to use for validBefore- Returns:
- Self reference
-
validate
protected void validate()
-
sign
public OpenSshCertificate sign(KeyPair caKeypair) throws Exception
Creates a certificate signed with the given CA key. For RSA keys "rsa-sha2-512" is used for the signature.- Parameters:
caKeypair
- CA key used to sign- Returns:
- the signed certificate
- Throws:
Exception
- if an error occurred
-
sign
public OpenSshCertificate sign(KeyPair caKeypair, String signatureAlgorithm) throws Exception
Creates a certificate signed with the given CA key using the specified signature algorithm. If a signature algorithm is given, it must be appropriate for the CA key type, otherwise an exception is thrown. IfsignatureAlgorithm == null
, an appropriate signature algorithm is chosen automatically, for RSA keys "rsa-sha2-512" is used then.- Parameters:
caKeypair
- CA key used to signsignatureAlgorithm
- to use; ifnull
automatically chosen based on the CA key type- Returns:
- the signed certificate
- Throws:
Exception
- if an error occurred
-
-