[
https://issues.apache.org/jira/browse/SSHD-1166?focusedWorklogId=603557&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-603557
]
ASF GitHub Bot logged work on SSHD-1166:
----------------------------------------
Author: ASF GitHub Bot
Created on: 28/May/21 15:14
Start Date: 28/May/21 15:14
Worklog Time Spent: 10m
Work Description: alex-sherwin commented on a change in pull request #198:
URL: https://github.com/apache/mina-sshd/pull/198#discussion_r641627958
##########
File path:
sshd-common/src/main/java/org/apache/sshd/common/config/keys/OpenSshCertificate.java
##########
@@ -52,26 +57,34 @@
Collection<String> getPrincipals();
/**
- * Retrieves the time in number of seconds since the {@link
java.time.Instant#EPOCH} at which this certificate
- * becomes or became valid.
- *
- * @return the number of seconds since the Instant.EPOCH <em>as an
unsigned 64bit value</em>
- * @see {{@link #isValidNow(OpenSshCertificate)}
+ * When null, implies forever
*/
- long getValidAfter();
+ Instant getValidAfter();
+
+ default long getValidAfterEpochSeconds() {
+ if (getValidAfter() == null) {
+ return VALID_AFTER_FOREVER_EPOCH;
+ }
+ return getValidAfter().getEpochSecond();
Review comment:
My observation was that for the `validAfter` field, a certificate has a
uint64 encoded as `0` in the case of a "forever" certificate, so my intention
was to treat this as a special case in two ways:
1. during decoding (in `OpenSSHCertPublicKeyParser`), when it decodes the
bytes as a uint64 `0`, leave the `Instant` as null (to signify forever)
2. On `OpenSshCertificate.getValidAfterEpochSeconds` (simply a helper),
apply this same logic in reverse, if the value is null, return the magic
"forever" epoch that should be encoded
The intention would be that the business code a developer writes only needs
to interact with the `Instant` (null for forever, otherwise set a value), and
`OpenSshCertificate.getValidAfterEpochSeconds` and
`OpenSshCertificate.getValidBeforeEpochSeconds` are simply used when encoding
the bytes of the certificate into a `Buffer`
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
Issue Time Tracking
-------------------
Worklog Id: (was: 603557)
Time Spent: 1h (was: 50m)
> Support generating OpenSSH client certificates
> ----------------------------------------------
>
> Key: SSHD-1166
> URL: https://issues.apache.org/jira/browse/SSHD-1166
> Project: MINA SSHD
> Issue Type: New Feature
> Reporter: Alex Sherwin
> Priority: Major
> Time Spent: 1h
> Remaining Estimate: 0h
>
> Support generating OpenSSH client certificates
> The OpenSSH certificate spec is defined here:
> https://cvsweb.openbsd.org/src/usr.bin/ssh/PROTOCOL.certkeys?annotate=HEAD
> MINA already supports using OpenSSH client certs for publickey auth via
> SSHD-1161
> This ticket is to support creating/generating OpenSSH client certificates
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
