public class OpenSshCertificateBuilder extends Object
Modifier and Type | Field and Description |
---|---|
protected List<OpenSshCertificate.CertificateOption> |
criticalOptions |
protected List<OpenSshCertificate.CertificateOption> |
extensions |
protected String |
id |
protected byte[] |
nonce |
protected Collection<String> |
principals |
protected PublicKey |
publicKey |
protected long |
serial |
protected static Map<String,String> |
SIGNATURE_ALGORITHM_MAP |
protected OpenSshCertificate.Type |
type |
protected long |
validAfter |
protected long |
validBefore |
Modifier | Constructor and Description |
---|---|
protected |
OpenSshCertificateBuilder(OpenSshCertificate.Type type) |
protected final OpenSshCertificate.Type type
protected PublicKey publicKey
protected long serial
protected String id
protected Collection<String> principals
protected List<OpenSshCertificate.CertificateOption> criticalOptions
protected List<OpenSshCertificate.CertificateOption> extensions
protected long validAfter
protected long validBefore
protected byte[] nonce
protected OpenSshCertificateBuilder(OpenSshCertificate.Type type)
public static OpenSshCertificateBuilder userCertificate()
public static OpenSshCertificateBuilder hostCertificate()
public OpenSshCertificateBuilder publicKey(PublicKey publicKey)
public OpenSshCertificateBuilder serial(long serial)
public OpenSshCertificateBuilder id(String id)
public OpenSshCertificateBuilder principals(Collection<String> principals)
public OpenSshCertificateBuilder criticalOptions(List<OpenSshCertificate.CertificateOption> criticalOptions)
public OpenSshCertificateBuilder extensions(List<OpenSshCertificate.CertificateOption> extensions)
public OpenSshCertificateBuilder validAfter(long validAfter)
public OpenSshCertificateBuilder nonce(byte[] nonce)
public OpenSshCertificateBuilder validAfter(Instant validAfter)
OpenSshCertificate.MIN_EPOCH
validAfter
- Instant
to use for validBeforepublic OpenSshCertificateBuilder validBefore(long validBefore)
public OpenSshCertificateBuilder validBefore(Instant validBefore)
OpenSshCertificate.INFINITY
validBefore
- Instant
to use for validBeforeprotected void validate()
public OpenSshCertificate sign(KeyPair caKeypair) throws Exception
caKeypair
- CA key used to signException
- if an error occurredpublic OpenSshCertificate sign(KeyPair caKeypair, String signatureAlgorithm) throws Exception
signatureAlgorithm == null
, an appropriate signature algorithm is chosen automatically, for RSA keys
"rsa-sha2-512" is used then.caKeypair
- CA key used to signsignatureAlgorithm
- to use; if null
automatically chosen based on the CA key typeException
- if an error occurredCopyright © 2008–2024 The Apache Software Foundation. All rights reserved.