org.apache.sshd.common.config.keys.OpenSshCertificateImpl Maven / Gradle / Ivy
The newest version!
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.sshd.common.config.keys;
import java.security.PublicKey;
import java.time.Instant;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import java.util.concurrent.TimeUnit;
import org.apache.sshd.common.util.GenericUtils;
import org.apache.sshd.common.util.NumberUtils;
import org.apache.sshd.common.util.buffer.ByteArrayBuffer;
/**
* @author Apache MINA SSHD Project
*/
public class OpenSshCertificateImpl implements OpenSshCertificate {
private static final long serialVersionUID = -3592634724148744943L;
private String keyType;
private byte[] nonce;
private PublicKey certificatePublicKey;
private long serial;
// Keep storing the raw code here to not break serialization
private int type;
private String id;
private Collection principals;
// match ssh-keygen behavior where the default is the epoch
private long validAfter = OpenSshCertificate.MIN_EPOCH;
// match ssh-keygen behavior where the default would be forever
private long validBefore = OpenSshCertificate.INFINITY;
private List criticalOptions;
private List extensions;
private String reserved;
private PublicKey caPubKey;
private byte[] message;
private byte[] signature;
public OpenSshCertificateImpl() {
super();
}
@Override
public String getRawKeyType() {
return GenericUtils.isEmpty(keyType) ? null : keyType.split("@")[0].substring(0, keyType.indexOf("-cert"));
}
@Override
public byte[] getNonce() {
return nonce;
}
@Override
public String getKeyType() {
return keyType;
}
@Override
public PublicKey getCertPubKey() {
return certificatePublicKey;
}
@Override
public long getSerial() {
return serial;
}
@Override
public Type getType() {
return Type.fromCode(type);
}
@Override
public String getId() {
return id;
}
@Override
public Collection getPrincipals() {
return principals == null ? Collections.emptyList() : principals;
}
@Override
public long getValidAfter() {
return validAfter;
}
@Override
public long getValidBefore() {
return validBefore;
}
@Override
public List getCriticalOptions() {
return criticalOptions == null ? Collections.emptyList() : criticalOptions;
}
@Override
public List getExtensions() {
return extensions == null ? Collections.emptyList() : extensions;
}
@Override
public String getReserved() {
return reserved;
}
@Override
public PublicKey getCaPubKey() {
return caPubKey;
}
@Override
public byte[] getMessage() {
return message;
}
@Override
public byte[] getSignature() {
return signature;
}
@Override
public byte[] getRawSignature() {
if (signature == null) {
return null;
}
ByteArrayBuffer buffer = new ByteArrayBuffer(signature);
buffer.getString();
return buffer.getBytes();
}
@Override
public String getSignatureAlgorithm() {
return NumberUtils.isEmpty(signature) ? null : new ByteArrayBuffer(signature).getString();
}
@Override
public String getAlgorithm() {
return null;
}
@Override
public String getFormat() {
return null;
}
@Override
public byte[] getEncoded() {
return GenericUtils.EMPTY_BYTE_ARRAY;
}
public void setKeyType(String keyType) {
this.keyType = keyType;
}
public void setNonce(byte[] nonce) {
this.nonce = nonce;
}
public void setCertPubKey(PublicKey certificatePublicKey) {
this.certificatePublicKey = certificatePublicKey;
}
public void setSerial(long serial) {
this.serial = serial;
}
public void setType(Type type) {
this.type = type.getCode();
}
public void setId(String id) {
this.id = id;
}
public void setPrincipals(Collection principals) {
this.principals = principals;
}
public void setValidAfter(long validAfter) {
this.validAfter = validAfter;
}
/**
* If null, uses {@link OpenSshCertificate#MIN_EPOCH}
*
* @param validAfter {@link Instant} to use for validAfter
*/
public void setValidAfter(Instant validAfter) {
if (validAfter == null) {
setValidAfter(OpenSshCertificate.MIN_EPOCH);
} else if (Instant.EPOCH.compareTo(validAfter) <= 0) {
setValidAfter(validAfter.getEpochSecond());
} else {
throw new IllegalArgumentException("Valid-after cannot be < epoch");
}
}
public void setValidBefore(long validBefore) {
this.validBefore = validBefore;
}
/**
* If null, uses {@link OpenSshCertificate#INFINITY}
*
* @param validBefore {@link Instant} to use for validBefore
*/
public void setValidBefore(Instant validBefore) {
if (validBefore == null) {
setValidBefore(OpenSshCertificate.INFINITY);
} else if (Instant.EPOCH.compareTo(validBefore) <= 0) {
setValidBefore(validBefore.getEpochSecond());
} else {
throw new IllegalArgumentException("Valid-before cannot be < epoch");
}
}
public void setCriticalOptions(List criticalOptions) {
this.criticalOptions = criticalOptions;
}
public void setExtensions(List extensions) {
this.extensions = extensions;
}
public void setReserved(String reserved) {
this.reserved = reserved;
}
public void setCaPubKey(PublicKey caPubKey) {
this.caPubKey = caPubKey;
}
public void setMessage(byte[] message) {
this.message = message;
}
public void setSignature(byte[] signature) {
this.signature = signature;
}
private static String toDate(long timestamp) {
if (timestamp < 0) {
return "infinity";
}
Date date = new Date(TimeUnit.SECONDS.toMillis(timestamp));
return date.toString();
}
@Override
public String toString() {
return getKeyType()
+ "[id=" + getId()
+ ", serial=" + getSerial()
+ ", type=" + getType()
+ ", validAfter=" + toDate(getValidAfter())
+ ", validBefore=" + toDate(getValidBefore())
+ "]";
}
}
© 2015 - 2024 Weber Informatics LLC | Privacy Policy