Class OpenSshCertificateBuilder


  • public class OpenSshCertificateBuilder
    extends java.lang.Object
    Holds all the data necessary to create a signed OpenSSH Certificate
    • Field Detail

      • SIGNATURE_ALGORITHM_MAP

        protected static final java.util.Map<java.lang.String,​java.lang.String> SIGNATURE_ALGORITHM_MAP
      • publicKey

        protected java.security.PublicKey publicKey
      • serial

        protected long serial
      • id

        protected java.lang.String id
      • principals

        protected java.util.Collection<java.lang.String> principals
      • validAfter

        protected long validAfter
      • validBefore

        protected long validBefore
      • nonce

        protected byte[] nonce
    • Method Detail

      • validate

        protected void validate()
      • sign

        public OpenSshCertificate sign​(java.security.KeyPair caKeypair)
                                throws java.lang.Exception
        Creates a certificate signed with the given CA key. For RSA keys "rsa-sha2-512" is used for the signature.
        Parameters:
        caKeypair - CA key used to sign
        Returns:
        the signed certificate
        Throws:
        java.lang.Exception - if an error occurred
      • sign

        public OpenSshCertificate sign​(java.security.KeyPair caKeypair,
                                       java.lang.String signatureAlgorithm)
                                throws java.lang.Exception
        Creates a certificate signed with the given CA key using the specified signature algorithm. If a signature algorithm is given, it must be appropriate for the CA key type, otherwise an exception is thrown. If signatureAlgorithm == null, an appropriate signature algorithm is chosen automatically, for RSA keys "rsa-sha2-512" is used then.
        Parameters:
        caKeypair - CA key used to sign
        signatureAlgorithm - to use; if null automatically chosen based on the CA key type
        Returns:
        the signed certificate
        Throws:
        java.lang.Exception - if an error occurred
      • validateOptions

        private void validateOptions​(java.util.List<OpenSshCertificate.CertificateOption> options)
        Validates that there are no duplicate options.
        Parameters:
        options - the options to check
        Throws:
        java.lang.IllegalArgumentException - if there are duplicates