Package org.apache.sshd.common.config.keys

Interface OpenSshCertificate

All Superinterfaces:

Destroyable, Key, PrivateKey, PublicKey, Serializable

All Known Implementing Classes:

OpenSshCertificateImpl

public interface OpenSshCertificate
extends PublicKey, PrivateKey

An OpenSSH certificate key as specified by OpenSSH.

Author:

Apache MINA SSHD Project

See Also:

PROTOCOL.certkeys

Nested Class Summary

Nested Classes

Modifier and Type	Interface	Description
static class	OpenSshCertificate.CertificateOption	Certificate Options are a set of bytes that is
static class	OpenSshCertificate.Type	OpenSshCertificates have a type indicating whether the certificate if for a host key (certifying a host identity) or for a user key (certifying a user identity).

Field Summary

Fields

Modifier and Type	Field	Description
static long	INFINITY	The maximum getValidAfter() or getValidBefore() value.
static long	MIN_EPOCH	The minimal getValidAfter() or getValidBefore() value, corresponding to Instant#EPOCH.

Fields inherited from interface java.security.PrivateKey

serialVersionUID

Fields inherited from interface java.security.PublicKey

serialVersionUID

Method Summary

Modifier and Type	Method	Description
PublicKey	getCaPubKey()	Retrieves the CA public key of this certificate.
PublicKey	getCertPubKey()	Retrieves the certified public key.
List<OpenSshCertificate.CertificateOption>	getCriticalOptions()	Retrieves the critical options set in the certificate.
List<OpenSshCertificate.CertificateOption>	getExtensions()	Retrieves the extensions set in the certificate.
String	getId()	Retrieves a free-form text set by the CA when the certificate was generated; intended to identify the identity principal in log message.
String	getKeyType()	Retrieves the SSH key type of this certificate.
byte[]	getMessage()	Retrieves the raw byte content of the certificate, minus the signature.
byte[]	getNonce()	Retrieves the nonce of this certificate.
Collection<String>	getPrincipals()	Retrieves the principals mentioned in the certificate.
String	getRawKeyType()	Retrieves the raw SSH key type of this certificate.
byte[]	getRawSignature()	Retrieves the raw signature bytes, without the signature algorithm.
String	getReserved()	Retrieves the "reserved" field of the certificate.
long	getSerial()	Retrieves the serial number of this certificate.
byte[]	getSignature()	Retrieves the signature of the certificate, including the signature algorithm.
String	getSignatureAlgorithm()	Retrieves the signature algorithm used for the signature.
OpenSshCertificate.Type	getType()	Retrieves the type of certificate.
long	getValidAfter()	Retrieves the time in number of seconds since the Instant.EPOCH at which this certificate becomes or became valid.
long	getValidBefore()	Retrieves the time in number of seconds since the Instant.EPOCH at which this certificate becomes or became invalid.
static boolean	isValidNow(OpenSshCertificate cert)	Determines whether the given OpenSshCertificate is valid at the current local system time.

Methods inherited from interface javax.security.auth.Destroyable

destroy, isDestroyed

Methods inherited from interface java.security.Key

getAlgorithm, getEncoded, getFormat

Field Detail

MIN_EPOCH

static final long MIN_EPOCH

The minimal getValidAfter() or getValidBefore() value, corresponding to Instant#EPOCH.

See Also:

Constant Field Values

INFINITY

static final long INFINITY

The maximum getValidAfter() or getValidBefore() value.

Note that timestamps in OpenSSH certificates are unsigned 64-bit values.

See Also:

isValidNow(OpenSshCertificate), Constant Field Values

Method Detail

getRawKeyType

String getRawKeyType()

Retrieves the raw SSH key type of this certificate.

Returns:

the key type, for instance "ssh-rsa" for a "ssh-rsa-cert-v01@openssh.com" certificate

getNonce

byte[] getNonce()

Retrieves the nonce of this certificate.

Returns:

the nonce.

getKeyType

String getKeyType()

Retrieves the SSH key type of this certificate.

Returns:

the key type, for instance "ssh-rsa-cert-v01@openssh.com"

getCertPubKey

PublicKey getCertPubKey()

Retrieves the certified public key.

Returns:

the PublicKey

getSerial

long getSerial()

Retrieves the serial number of this certificate.

Returns:

the serial number

getType

OpenSshCertificate.Type getType()

Retrieves the type of certificate.

Returns:

the OpenSshCertificate.Type

getId

String getId()

Retrieves a free-form text set by the CA when the certificate was generated; intended to identify the identity principal in log message.

Returns:

the id; never null but may be empty.

getPrincipals

Collection<String> getPrincipals()

Retrieves the principals mentioned in the certificate.

Returns:

the collection of principals, never null but possibly empty

getValidAfter

long getValidAfter()

Retrieves the time in number of seconds since the Instant.EPOCH at which this certificate becomes or became valid.

Returns:

the number of seconds since the Instant.EPOCH as an unsigned 64bit value

See Also:

isValidNow(OpenSshCertificate)

getValidBefore

long getValidBefore()

Retrieves the time in number of seconds since the Instant.EPOCH at which this certificate becomes or became invalid.

Returns:

the number of seconds since the Instant.EPOCH as an unsigned 64bit value

See Also:

isValidNow(OpenSshCertificate)

getCriticalOptions

List<OpenSshCertificate.CertificateOption> getCriticalOptions()

Retrieves the critical options set in the certificate.

Returns:

the critical options as a list, never null but possibly empty

getExtensions

List<OpenSshCertificate.CertificateOption> getExtensions()

Retrieves the extensions set in the certificate.

Returns:

the extensions as a list, never null but possibly empty

getReserved

String getReserved()

Retrieves the "reserved" field of the certificate. OpenSSH currently doesn't use it and ignores it.

Returns:

the "reserved" field.

getCaPubKey

PublicKey getCaPubKey()

Retrieves the CA public key of this certificate.

Returns:

the PublicKey

getMessage

byte[] getMessage()

Retrieves the raw byte content of the certificate, minus the signature. This is the data that was signed.

Returns:

the part of the certificate raw data that was signed

getSignature

byte[] getSignature()

Retrieves the signature of the certificate, including the signature algorithm.

Returns:

the signature bytes

See Also:

getRawSignature()

getSignatureAlgorithm

String getSignatureAlgorithm()

Retrieves the signature algorithm used for the signature.

Returns:

the signature algorithm as recorded in the certificate

getRawSignature

byte[] getRawSignature()

Retrieves the raw signature bytes, without the signature algorithm.

Returns:

the signature bytes

See Also:

getSignature()

isValidNow

static boolean isValidNow(OpenSshCertificate cert)

Determines whether the given OpenSshCertificate is valid at the current local system time.

Parameters:

cert - to check

Returns:

true if the certificate is valid according to its timestamps, false otherwise