Package org.apache.sshd.common.config.keys

Interface OpenSshCertificate

  • All Superinterfaces:
    javax.security.auth.Destroyable, java.security.Key, java.security.PrivateKey, java.security.PublicKey, java.io.Serializable, SshPublicKey
    All Known Implementing Classes:
    OpenSshCertificateImpl
    public interface OpenSshCertificate
extends SshPublicKey, java.security.PrivateKey
    An OpenSSH certificate key as specified by OpenSSH.
    See Also:
    PROTOCOL.certkeys

    • Method Summary

      All Methods Static Methods Instance Methods Abstract Methods 
      Modifier and Type Method Description
      java.security.PublicKey getCaPubKey()
      Retrieves the CA public key of this certificate.
      java.security.PublicKey getCertPubKey()
      Retrieves the certified public key.
      java.util.List<OpenSshCertificate.CertificateOption> getCriticalOptions()
      Retrieves the critical options set in the certificate.
      java.util.SortedMap<java.lang.String,​java.lang.String> getCriticalOptionsMap()
      Retrieves the critical options set in the certificate.
      java.util.List<OpenSshCertificate.CertificateOption> getExtensions()
      Retrieves the extensions set in the certificate.
      java.util.SortedMap<java.lang.String,​java.lang.String> getExtensionsMap()
      Retrieves the extensions set in the certificate.
      java.lang.String getId()
      Retrieves a free-form text set by the CA when the certificate was generated; intended to identify the identity principal in log message.
      byte[] getMessage()
      Retrieves the raw byte content of the certificate, minus the signature.
      byte[] getNonce()
      Retrieves the nonce of this certificate.
      java.util.Collection<java.lang.String> getPrincipals()
      Retrieves the principals mentioned in the certificate.
      java.lang.String getRawKeyType()
      Retrieves the raw SSH key type of this certificate.
      byte[] getRawSignature()
      Retrieves the raw signature bytes, without the signature algorithm.
      java.lang.String getReserved()
      Retrieves the "reserved" field of the certificate.
      long getSerial()
      Retrieves the serial number of this certificate.
      byte[] getSignature()
      Retrieves the signature of the certificate, including the signature algorithm.
      java.lang.String getSignatureAlgorithm()
      Retrieves the signature algorithm used for the signature.
      OpenSshCertificate.Type getType()
      Retrieves the type of certificate.
      long getValidAfter()
      Retrieves the time in number of seconds since the Instant.EPOCH at which this certificate becomes or became valid.
      long getValidBefore()
      Retrieves the time in number of seconds since the Instant.EPOCH at which this certificate becomes or became invalid.
      static boolean isValidAt​(OpenSshCertificate cert, java.time.Instant time)
      Determines whether the given OpenSshCertificate is valid at the given Instant.
      static boolean isValidNow​(OpenSshCertificate cert)
      Determines whether the given OpenSshCertificate is valid at the current local system time.

      • Methods inherited from interface javax.security.auth.Destroyable

        destroy, isDestroyed

      • Methods inherited from interface java.security.Key

        getAlgorithm, getEncoded, getFormat

    • Method Detail

      • getRawKeyType

        java.lang.String getRawKeyType()
        Retrieves the raw SSH key type of this certificate.
        Returns:
        the key type, for instance "ssh-rsa" for a "ssh-rsa-cert-v01@openssh.com" certificate

      • getNonce

        byte[] getNonce()
        Retrieves the nonce of this certificate.
        Returns:
        the nonce.

      • getCertPubKey

        java.security.PublicKey getCertPubKey()
        Retrieves the certified public key.
        Returns:
        the PublicKey

      • getSerial

        long getSerial()
        Retrieves the serial number of this certificate.
        Returns:
        the serial number

      • getId

        java.lang.String getId()
        Retrieves a free-form text set by the CA when the certificate was generated; intended to identify the identity principal in log message.
        Returns:
        the id; never null but may be empty.

      • getPrincipals

        java.util.Collection<java.lang.String> getPrincipals()
        Retrieves the principals mentioned in the certificate.
        Returns:
        the collection of principals, never null but possibly empty

      • getValidAfter

        long getValidAfter()
        Retrieves the time in number of seconds since the Instant.EPOCH at which this certificate becomes or became valid.
        Returns:
        the number of seconds since the Instant.EPOCH as an unsigned 64bit value
        See Also:
        isValidNow(OpenSshCertificate)

      • getValidBefore

        long getValidBefore()
        Retrieves the time in number of seconds since the Instant.EPOCH at which this certificate becomes or became invalid.
        Returns:
        the number of seconds since the Instant.EPOCH as an unsigned 64bit value
        See Also:
        isValidNow(OpenSshCertificate)

      • getCriticalOptionsMap

        java.util.SortedMap<java.lang.String,​java.lang.String> getCriticalOptionsMap()
        Retrieves the critical options set in the certificate.
        Returns:
        the critical options as an unmodifiable map, never null but possibly empty

      • getExtensionsMap

        java.util.SortedMap<java.lang.String,​java.lang.String> getExtensionsMap()
        Retrieves the extensions set in the certificate.
        Returns:
        the extensions as an unmodifiable map, never null but possibly empty

      • getReserved

        java.lang.String getReserved()
        Retrieves the "reserved" field of the certificate. OpenSSH currently doesn't use it and ignores it.
        Returns:
        the "reserved" field.

      • getCaPubKey

        java.security.PublicKey getCaPubKey()
        Retrieves the CA public key of this certificate.
        Returns:
        the PublicKey

      • getMessage

        byte[] getMessage()
        Retrieves the raw byte content of the certificate, minus the signature. This is the data that was signed.
        Returns:
        the part of the certificate raw data that was signed

      • getSignature

        byte[] getSignature()
        Retrieves the signature of the certificate, including the signature algorithm.
        Returns:
        the signature bytes
        See Also:
        getRawSignature()

      • getSignatureAlgorithm

        java.lang.String getSignatureAlgorithm()
        Retrieves the signature algorithm used for the signature.
        Returns:
        the signature algorithm as recorded in the certificate

      • getRawSignature

        byte[] getRawSignature()
        Retrieves the raw signature bytes, without the signature algorithm.
        Returns:
        the signature bytes
        See Also:
        getSignature()

      • isValidNow

        static boolean isValidNow​(OpenSshCertificate cert)
        Determines whether the given OpenSshCertificate is valid at the current local system time.
        Parameters:
        cert - to check
        Returns:
        true if the certificate is valid according to its timestamps, false otherwise

      • isValidAt

        static boolean isValidAt​(OpenSshCertificate cert,
                         java.time.Instant time)
        Determines whether the given OpenSshCertificate is valid at the given Instant.
        Parameters:
        cert - to check
        Returns:
        true if the certificate is valid according to its timestamps, false otherwise