public class OpenSshCertificateBuilder
extends java.lang.Object
Modifier and Type | Field and Description |
---|---|
protected java.util.List<OpenSshCertificate.CertificateOption> |
criticalOptions |
protected java.util.List<OpenSshCertificate.CertificateOption> |
extensions |
protected java.lang.String |
id |
protected byte[] |
nonce |
protected java.util.Collection<java.lang.String> |
principals |
protected java.security.PublicKey |
publicKey |
protected long |
serial |
protected static java.util.Map<java.lang.String,java.lang.String> |
SIGNATURE_ALGORITHM_MAP |
protected OpenSshCertificate.Type |
type |
protected long |
validAfter |
protected long |
validBefore |
Modifier | Constructor and Description |
---|---|
protected |
OpenSshCertificateBuilder(OpenSshCertificate.Type type) |
Modifier and Type | Method and Description |
---|---|
OpenSshCertificateBuilder |
criticalOptions(java.util.List<OpenSshCertificate.CertificateOption> criticalOptions) |
OpenSshCertificateBuilder |
extensions(java.util.List<OpenSshCertificate.CertificateOption> extensions) |
static OpenSshCertificateBuilder |
hostCertificate() |
OpenSshCertificateBuilder |
id(java.lang.String id) |
private java.util.List<OpenSshCertificate.CertificateOption> |
lexicallyOrderOptions(java.util.List<OpenSshCertificate.CertificateOption> options)
Lexically orders certificate options by name.
|
OpenSshCertificateBuilder |
nonce(byte[] nonce) |
OpenSshCertificateBuilder |
principals(java.util.Collection<java.lang.String> principals) |
OpenSshCertificateBuilder |
publicKey(java.security.PublicKey publicKey) |
OpenSshCertificateBuilder |
serial(long serial) |
OpenSshCertificate |
sign(java.security.KeyPair caKeypair)
Creates a certificate signed with the given CA key.
|
OpenSshCertificate |
sign(java.security.KeyPair caKeypair,
java.lang.String signatureAlgorithm)
Creates a certificate signed with the given CA key using the specified signature algorithm.
|
static OpenSshCertificateBuilder |
userCertificate() |
OpenSshCertificateBuilder |
validAfter(java.time.Instant validAfter)
If null, uses
OpenSshCertificate.MIN_EPOCH |
OpenSshCertificateBuilder |
validAfter(long validAfter) |
protected void |
validate() |
private void |
validateOptions(java.util.List<OpenSshCertificate.CertificateOption> options)
Validates that there are no duplicate options.
|
OpenSshCertificateBuilder |
validBefore(java.time.Instant validBefore)
If null, uses
OpenSshCertificate.INFINITY |
OpenSshCertificateBuilder |
validBefore(long validBefore) |
protected static final java.util.Map<java.lang.String,java.lang.String> SIGNATURE_ALGORITHM_MAP
protected final OpenSshCertificate.Type type
protected java.security.PublicKey publicKey
protected long serial
protected java.lang.String id
protected java.util.Collection<java.lang.String> principals
protected java.util.List<OpenSshCertificate.CertificateOption> criticalOptions
protected java.util.List<OpenSshCertificate.CertificateOption> extensions
protected long validAfter
protected long validBefore
protected byte[] nonce
protected OpenSshCertificateBuilder(OpenSshCertificate.Type type)
public static OpenSshCertificateBuilder userCertificate()
public static OpenSshCertificateBuilder hostCertificate()
public OpenSshCertificateBuilder publicKey(java.security.PublicKey publicKey)
public OpenSshCertificateBuilder serial(long serial)
public OpenSshCertificateBuilder id(java.lang.String id)
public OpenSshCertificateBuilder principals(java.util.Collection<java.lang.String> principals)
public OpenSshCertificateBuilder criticalOptions(java.util.List<OpenSshCertificate.CertificateOption> criticalOptions)
public OpenSshCertificateBuilder extensions(java.util.List<OpenSshCertificate.CertificateOption> extensions)
public OpenSshCertificateBuilder validAfter(long validAfter)
public OpenSshCertificateBuilder nonce(byte[] nonce)
public OpenSshCertificateBuilder validAfter(java.time.Instant validAfter)
OpenSshCertificate.MIN_EPOCH
validAfter
- Instant
to use for validBeforepublic OpenSshCertificateBuilder validBefore(long validBefore)
public OpenSshCertificateBuilder validBefore(java.time.Instant validBefore)
OpenSshCertificate.INFINITY
validBefore
- Instant
to use for validBeforeprotected void validate()
public OpenSshCertificate sign(java.security.KeyPair caKeypair) throws java.lang.Exception
caKeypair
- CA key used to signjava.lang.Exception
- if an error occurredpublic OpenSshCertificate sign(java.security.KeyPair caKeypair, java.lang.String signatureAlgorithm) throws java.lang.Exception
signatureAlgorithm == null
, an appropriate signature algorithm is chosen automatically, for RSA keys
"rsa-sha2-512" is used then.caKeypair
- CA key used to signsignatureAlgorithm
- to use; if null
automatically chosen based on the CA key typejava.lang.Exception
- if an error occurredprivate void validateOptions(java.util.List<OpenSshCertificate.CertificateOption> options)
options
- the options to checkjava.lang.IllegalArgumentException
- if there are duplicatesprivate java.util.List<OpenSshCertificate.CertificateOption> lexicallyOrderOptions(java.util.List<OpenSshCertificate.CertificateOption> options)
options
- the options to order