org.apache.sshd.common.config.keys.OpenSshCertificateImpl Maven / Gradle / Ivy

Go to download
Show more of this group Show more artifacts with this name
Show all versions of wildfly-client-all
This artifact provides a single jar that contains all classes required to use remote EJB and JMS, including all dependencies. It is intended for use by those not using maven, maven users should just import the EJB and JMS BOM's instead (shaded JAR's cause lots of problems with maven, as it is very easy to inadvertently end up with different versions on classes on the class path).
The newest version!
/*
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements. See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership. The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License. You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied. See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */
package org.apache.sshd.common.config.keys;

import java.security.PublicKey;
import java.time.Instant;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import java.util.concurrent.TimeUnit;

import org.apache.sshd.common.util.GenericUtils;
import org.apache.sshd.common.util.NumberUtils;
import org.apache.sshd.common.util.buffer.ByteArrayBuffer;

/**
 * @author Apache MINA SSHD Project
 */
public class OpenSshCertificateImpl implements OpenSshCertificate {

    private static final long serialVersionUID = -3592634724148744943L;

    private String keyType;
    private byte[] nonce;
    private PublicKey certificatePublicKey;
    private long serial;
    // Keep storing the raw code here to not break serialization
    private int type;
    private String id;
    private Collection principals;
    // match ssh-keygen behavior where the default is the epoch
    private long validAfter = OpenSshCertificate.MIN_EPOCH;
    // match ssh-keygen behavior where the default would be forever
    private long validBefore = OpenSshCertificate.INFINITY;
    private List criticalOptions;
    private List extensions;
    private String reserved;
    private PublicKey caPubKey;
    private byte[] message;
    private byte[] signature;

    public OpenSshCertificateImpl() {
        super();
    }

    @Override
    public String getRawKeyType() {
        return GenericUtils.isEmpty(keyType) ? null : keyType.split("@")[0].substring(0, keyType.indexOf("-cert"));
    }

    @Override
    public byte[] getNonce() {
        return nonce;
    }

    @Override
    public String getKeyType() {
        return keyType;
    }

    @Override
    public PublicKey getCertPubKey() {
        return certificatePublicKey;
    }

    @Override
    public long getSerial() {
        return serial;
    }

    @Override
    public Type getType() {
        return Type.fromCode(type);
    }

    @Override
    public String getId() {
        return id;
    }

    @Override
    public Collection getPrincipals() {
        return principals == null ? Collections.emptyList() : principals;
    }

    @Override
    public long getValidAfter() {
        return validAfter;
    }

    @Override
    public long getValidBefore() {
        return validBefore;
    }

    @Override
    public List getCriticalOptions() {
        return criticalOptions == null ? Collections.emptyList() : criticalOptions;
    }

    @Override
    public List getExtensions() {
        return extensions == null ? Collections.emptyList() : extensions;
    }

    @Override
    public String getReserved() {
        return reserved;
    }

    @Override
    public PublicKey getCaPubKey() {
        return caPubKey;
    }

    @Override
    public byte[] getMessage() {
        return message;
    }

    @Override
    public byte[] getSignature() {
        return signature;
    }

    @Override
    public byte[] getRawSignature() {
        if (signature == null) {
            return null;
        }
        ByteArrayBuffer buffer = new ByteArrayBuffer(signature);
        buffer.getString();
        return buffer.getBytes();
    }

    @Override
    public String getSignatureAlgorithm() {
        return NumberUtils.isEmpty(signature) ? null : new ByteArrayBuffer(signature).getString();
    }

    @Override
    public String getAlgorithm() {
        return null;
    }

    @Override
    public String getFormat() {
        return null;
    }

    @Override
    public byte[] getEncoded() {
        return GenericUtils.EMPTY_BYTE_ARRAY;
    }

    public void setKeyType(String keyType) {
        this.keyType = keyType;
    }

    public void setNonce(byte[] nonce) {
        this.nonce = nonce;
    }

    public void setCertPubKey(PublicKey certificatePublicKey) {
        this.certificatePublicKey = certificatePublicKey;
    }

    public void setSerial(long serial) {
        this.serial = serial;
    }

    public void setType(Type type) {
        this.type = type.getCode();
    }

    public void setId(String id) {
        this.id = id;
    }

    public void setPrincipals(Collection principals) {
        this.principals = principals;
    }

    public void setValidAfter(long validAfter) {
        this.validAfter = validAfter;
    }

    /**
     * If null, uses {@link OpenSshCertificate#MIN_EPOCH}
     *
     * @param validAfter {@link Instant} to use for validAfter
     */
    public void setValidAfter(Instant validAfter) {
        if (validAfter == null) {
            setValidAfter(OpenSshCertificate.MIN_EPOCH);
        } else if (Instant.EPOCH.compareTo(validAfter) <= 0) {
            setValidAfter(validAfter.getEpochSecond());
        } else {
            throw new IllegalArgumentException("Valid-after cannot be < epoch");
        }
    }

    public void setValidBefore(long validBefore) {
        this.validBefore = validBefore;
    }

    /**
     * If null, uses {@link OpenSshCertificate#INFINITY}
     *
     * @param validBefore {@link Instant} to use for validBefore
     */
    public void setValidBefore(Instant validBefore) {
        if (validBefore == null) {
            setValidBefore(OpenSshCertificate.INFINITY);
        } else if (Instant.EPOCH.compareTo(validBefore) <= 0) {
            setValidBefore(validBefore.getEpochSecond());
        } else {
            throw new IllegalArgumentException("Valid-before cannot be < epoch");
        }
    }

    public void setCriticalOptions(List criticalOptions) {
        this.criticalOptions = criticalOptions;
    }

    public void setExtensions(List extensions) {
        this.extensions = extensions;
    }

    public void setReserved(String reserved) {
        this.reserved = reserved;
    }

    public void setCaPubKey(PublicKey caPubKey) {
        this.caPubKey = caPubKey;
    }

    public void setMessage(byte[] message) {
        this.message = message;
    }

    public void setSignature(byte[] signature) {
        this.signature = signature;
    }

    private static String toDate(long timestamp) {
        if (timestamp < 0) {
            return "infinity";
        }
        Date date = new Date(TimeUnit.SECONDS.toMillis(timestamp));
        return date.toString();
    }

    @Override
    public String toString() {
        return getKeyType()
               + "[id=" + getId()
               + ", serial=" + getSerial()
               + ", type=" + getType()
               + ", validAfter=" + toDate(getValidAfter())
               + ", validBefore=" + toDate(getValidBefore())
               + "]";
    }

}