Interface OpenSshCertificate

All Superinterfaces:
Destroyable, Key, PrivateKey, PublicKey, Serializable
All Known Implementing Classes:
OpenSshCertificateImpl

public interface OpenSshCertificate extends PublicKey, PrivateKey
An OpenSSH certificate key as specified by OpenSSH.
See Also:
  • Field Details

  • Method Details

    • getRawKeyType

      String getRawKeyType()
      Retrieves the raw SSH key type of this certificate.
      Returns:
      the key type, for instance "ssh-rsa" for a "ssh-rsa-cert-v01@openssh.com" certificate
    • getNonce

      byte[] getNonce()
      Retrieves the nonce of this certificate.
      Returns:
      the nonce.
    • getKeyType

      String getKeyType()
      Retrieves the SSH key type of this certificate.
      Returns:
      the key type, for instance "ssh-rsa-cert-v01@openssh.com"
    • getCertPubKey

      PublicKey getCertPubKey()
      Retrieves the certified public key.
      Returns:
      the PublicKey
    • getSerial

      long getSerial()
      Retrieves the serial number of this certificate.
      Returns:
      the serial number
    • getType

      Retrieves the type of certificate.
      Returns:
      the OpenSshCertificate.Type
    • getId

      String getId()
      Retrieves a free-form text set by the CA when the certificate was generated; intended to identify the identity principal in log message.
      Returns:
      the id; never null but may be empty.
    • getPrincipals

      Collection<String> getPrincipals()
      Retrieves the principals mentioned in the certificate.
      Returns:
      the collection of principals, never null but possibly empty
    • getValidAfter

      long getValidAfter()
      Retrieves the time in number of seconds since the Instant.EPOCH at which this certificate becomes or became valid.
      Returns:
      the number of seconds since the Instant.EPOCH as an unsigned 64bit value
      See Also:
    • getValidBefore

      long getValidBefore()
      Retrieves the time in number of seconds since the Instant.EPOCH at which this certificate becomes or became invalid.
      Returns:
      the number of seconds since the Instant.EPOCH as an unsigned 64bit value
      See Also:
    • getCriticalOptions

      Retrieves the critical options set in the certificate.
      Returns:
      the critical options as a list, never null but possibly empty
    • getExtensions

      Retrieves the extensions set in the certificate.
      Returns:
      the extensions as a list, never null but possibly empty
    • getReserved

      String getReserved()
      Retrieves the "reserved" field of the certificate. OpenSSH currently doesn't use it and ignores it.
      Returns:
      the "reserved" field.
    • getCaPubKey

      PublicKey getCaPubKey()
      Retrieves the CA public key of this certificate.
      Returns:
      the PublicKey
    • getMessage

      byte[] getMessage()
      Retrieves the raw byte content of the certificate, minus the signature. This is the data that was signed.
      Returns:
      the part of the certificate raw data that was signed
    • getSignature

      byte[] getSignature()
      Retrieves the signature of the certificate, including the signature algorithm.
      Returns:
      the signature bytes
      See Also:
    • getSignatureAlgorithm

      String getSignatureAlgorithm()
      Retrieves the signature algorithm used for the signature.
      Returns:
      the signature algorithm as recorded in the certificate
    • getRawSignature

      byte[] getRawSignature()
      Retrieves the raw signature bytes, without the signature algorithm.
      Returns:
      the signature bytes
      See Also:
    • isValidNow

      static boolean isValidNow(OpenSshCertificate cert)
      Determines whether the given OpenSshCertificate is valid at the current local system time.
      Parameters:
      cert - to check
      Returns:
      true if the certificate is valid according to its timestamps, false otherwise