OpenSshCertificate (Maverick Legacy - Client Assembly 1.7.61 API)

java.lang.Object
- com.maverick.ssh.components.jce.OpenSshCertificate

All Implemented Interfaces:

SshPublicKey, SecureComponent

Direct Known Subclasses:

OpenSshDsaCertificate, OpenSshEcdsaCertificate, OpenSshEd25519Certificate, OpenSshRsaCertificate, OpenSshRsaSha256Certificate, OpenSshRsaSha512Certificate
```
public abstract class OpenSshCertificate
extends Object
implements SshPublicKey
```
To generate a key that supports this use ssh-keygen -s ca_key -I 2 -n lee,kelly -z 12345 -O force-command=ls -O source-address=192.168.82.0/24 -O no-port-forwarding user_key.pub

Author:

lee

Field Summary

Fields
Modifier and Type	Field and Description
`static String`	`OPTION_FORCE_COMMAND`
`static String`	`OPTION_SOURCE_ADDRESS`
`static String`	`PERMIT_AGENT_FORWARDING`
`static String`	`PERMIT_PORT_FORWARDING`
`static String`	`PERMIT_USER_PTY`
`static String`	`PERMIT_USER_RC`
`static String`	`PERMIT_X11_FORWARDING`
`static int`	`SSH_CERT_TYPE_HOST`
`static int`	`SSH_CERT_TYPE_USER`

Constructor Summary

Constructors
Constructor and Description

OpenSshCertificate()

Constructors
Constructor and Description
`OpenSshCertificate()`

Method Summary

All Methods Instance Methods Abstract Methods Concrete Methods Deprecated Methods
Modifier and Type	Method and Description
`protected void`	`decodeCertificate(ByteArrayReader reader)`
`protected abstract void`	`decodePublicKey(ByteArrayReader reader)`
`protected void`	`encodeCertificate(ByteArrayWriter writer)`
`Map<String,String>`	`getCriticalOptions()` Deprecated. Process CertificateExtension values directly.
`List<CriticalOption>`	`getCriticalOptionsList()`
`byte[]`	`getEncoded()` Encode the public key into a blob of binary data, the encoded result will be passed into init to recreate the key.
`String`	`getEncodingAlgorithm()` The algorithm name used in the encoding of the public key
`CertificateExtension`	`getExtension(String key)`
`List<String>`	`getExtensions()` Deprecated. Process CertificateExtension values directly.
`List<CertificateExtension>`	`getExtensionsList()`
`Map<String,String>`	`getExtensionsMap()` Deprecated. Process CertificateExtension values directly.
`String`	`getFingerprint()` Return an SSH fingerprint of the public key
`String`	`getForcedCommand()`
`String`	`getKeyId()`
`List<String>`	`getPrincipals()`
`UnsignedInteger64`	`getSerial()`
`SshPublicKey`	`getSignedBy()`
`SshPublicKey`	`getSignedKey()`
`String`	`getSigningAlgorithm()` The algorithm name expected to be encoded in SSH signatures
`Set<String>`	`getSourceAddresses()`
`int`	`getType()`
`Date`	`getValidAfter()`
`Date`	`getValidBefore()`
`OpenSshCertificate`	`init(byte[] blob)`
`void`	`init(byte[] blob, int start, int len)` Initialize the public key from a blob of binary data.
`boolean`	`isForceCommand()`
`boolean`	`isHostCertificate()`
`boolean`	`isUserCertificate()`
`void`	`sign(SshPublicKey publicKey, UnsignedInteger64 serial, int type, String keyId, List<String> validPrincipals, UnsignedInteger64 validAfter, UnsignedInteger64 validBefore, List<CriticalOption> criticalOptions, List<CertificateExtension> extensions, SshKeyPair signingKey)`
`void`	`verify()`

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface com.maverick.ssh.components.SshPublicKey
getAlgorithm, getBitLength, getJCEPublicKey, test, verifySignature

Methods inherited from interface com.maverick.ssh.SecureComponent
getPriority, getSecurityLevel

Field Detail
- SSH_CERT_TYPE_USER
```
public static final int SSH_CERT_TYPE_USER
```
  See Also:
  
  Constant Field Values
- SSH_CERT_TYPE_HOST
```
public static final int SSH_CERT_TYPE_HOST
```
  See Also:
  
  Constant Field Values
- PERMIT_X11_FORWARDING
```
public static final String PERMIT_X11_FORWARDING
```
  See Also:
  
  Constant Field Values
- PERMIT_PORT_FORWARDING
```
public static final String PERMIT_PORT_FORWARDING
```
  See Also:
  
  Constant Field Values
- PERMIT_AGENT_FORWARDING
```
public static final String PERMIT_AGENT_FORWARDING
```
  See Also:
  
  Constant Field Values
- PERMIT_USER_PTY
```
public static final String PERMIT_USER_PTY
```
  See Also:
  
  Constant Field Values
- PERMIT_USER_RC
```
public static final String PERMIT_USER_RC
```
  See Also:
  
  Constant Field Values
- OPTION_FORCE_COMMAND
```
public static final String OPTION_FORCE_COMMAND
```
  See Also:
  
  Constant Field Values
- OPTION_SOURCE_ADDRESS
```
public static final String OPTION_SOURCE_ADDRESS
```
  See Also:
  
  Constant Field Values

Constructor Detail
- OpenSshCertificate
```
public OpenSshCertificate()
```

Method Detail

getEncodingAlgorithm
```
public String getEncodingAlgorithm()
```
Description copied from interface: SshPublicKey

The algorithm name used in the encoding of the public key

Specified by:

getEncodingAlgorithm in interface SshPublicKey

getSigningAlgorithm
```
public String getSigningAlgorithm()
```
Description copied from interface: SshPublicKey

The algorithm name expected to be encoded in SSH signatures

Specified by:

getSigningAlgorithm in interface SshPublicKey

isUserCertificate
```
public boolean isUserCertificate()
```

isHostCertificate
```
public boolean isHostCertificate()
```

getSignedKey
```
public SshPublicKey getSignedKey()
```

getFingerprint
```
public final String getFingerprint()
                            throws SshException
```
Description copied from interface: SshPublicKey

Return an SSH fingerprint of the public key

Specified by:

getFingerprint in interface SshPublicKey

Returns:

String

Throws:

SshException

init

public OpenSshCertificate init(byte[] blob)
                        throws SshException

Throws:: SshException

init
```
public void init(byte[] blob,
                 int start,
                 int len)
          throws SshException
```
Description copied from interface: SshPublicKey

Initialize the public key from a blob of binary data.

Specified by:

init in interface SshPublicKey

Throws:

SshException

getEncoded
```
public byte[] getEncoded()
                  throws SshException
```
Description copied from interface: SshPublicKey

Encode the public key into a blob of binary data, the encoded result will be passed into init to recreate the key.

Specified by:

getEncoded in interface SshPublicKey

Returns:

an encoded byte array

Throws:

SshException

decodePublicKey

protected abstract void decodePublicKey(ByteArrayReader reader)
                                 throws IOException,
                                        SshException

Throws:: IOException; SshException

encodeCertificate

protected void encodeCertificate(ByteArrayWriter writer)
                          throws IOException,
                                 SshException

Throws:: IOException; SshException

getExtension

public CertificateExtension getExtension(String key)

decodeCertificate

protected void decodeCertificate(ByteArrayReader reader)
                          throws IOException,
                                 SshException

Throws:: IOException; SshException

sign

public void sign(SshPublicKey publicKey,
                 UnsignedInteger64 serial,
                 int type,
                 String keyId,
                 List<String> validPrincipals,
                 UnsignedInteger64 validAfter,
                 UnsignedInteger64 validBefore,
                 List<CriticalOption> criticalOptions,
                 List<CertificateExtension> extensions,
                 SshKeyPair signingKey)
          throws SshException

Throws:: SshException

verify

public void verify()
            throws SshException

Throws:: SshException

getSignedBy
```
public SshPublicKey getSignedBy()
```

getType
```
public int getType()
```

getPrincipals
```
public List<String> getPrincipals()
```

getExtensions
```
@Deprecated
public List<String> getExtensions()
```
Deprecated. Process CertificateExtension values directly.

Returns:

getCriticalOptionsList

public List<CriticalOption> getCriticalOptionsList()

getExtensionsList

public List<CertificateExtension> getExtensionsList()

getExtensionsMap
```
@Deprecated
public Map<String,String> getExtensionsMap()
```
Deprecated. Process CertificateExtension values directly.

Returns:

isForceCommand
```
public boolean isForceCommand()
```

getForcedCommand
```
public String getForcedCommand()
```

getSourceAddresses

public Set<String> getSourceAddresses()

getValidBefore
```
public Date getValidBefore()
```

getValidAfter
```
public Date getValidAfter()
```

getSerial
```
public UnsignedInteger64 getSerial()
```

getKeyId
```
public String getKeyId()
```

getCriticalOptions
```
@Deprecated
public Map<String,String> getCriticalOptions()
```
Deprecated. Process CertificateExtension values directly.

Returns:

Class OpenSshCertificate

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Methods inherited from interface com.maverick.ssh.components.SshPublicKey

Methods inherited from interface com.maverick.ssh.SecureComponent

Field Detail

SSH_CERT_TYPE_USER

SSH_CERT_TYPE_HOST

PERMIT_X11_FORWARDING

PERMIT_PORT_FORWARDING

PERMIT_AGENT_FORWARDING

PERMIT_USER_PTY

PERMIT_USER_RC

OPTION_FORCE_COMMAND

OPTION_SOURCE_ADDRESS

Constructor Detail

OpenSshCertificate

Method Detail

getEncodingAlgorithm

getSigningAlgorithm

isUserCertificate

isHostCertificate

getSignedKey

getFingerprint

init

init

getEncoded

decodePublicKey

encodeCertificate

getExtension

decodeCertificate

sign

verify

getSignedBy

getType

getPrincipals

getExtensions

getCriticalOptionsList

getExtensionsList

getExtensionsMap

isForceCommand

getForcedCommand

getSourceAddresses

getValidBefore

getValidAfter

getSerial

getKeyId

getCriticalOptions