[ 
https://issues.apache.org/jira/browse/SSHD-1166?focusedWorklogId=603607&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-603607
 ]

ASF GitHub Bot logged work on SSHD-1166:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 28/May/21 16:20
            Start Date: 28/May/21 16:20
    Worklog Time Spent: 10m 
      Work Description: alex-sherwin commented on a change in pull request #198:
URL: https://github.com/apache/mina-sshd/pull/198#discussion_r641669298



##########
File path: 
sshd-common/src/main/java/org/apache/sshd/common/config/keys/OpenSshCertificate.java
##########
@@ -52,26 +57,34 @@
     Collection<String> getPrincipals();
 
     /**
-     * Retrieves the time in number of seconds since the {@link 
java.time.Instant#EPOCH} at which this certificate
-     * becomes or became valid.
-     *
-     * @return the number of seconds since the Instant.EPOCH <em>as an 
unsigned 64bit value</em>
-     * @see    {{@link #isValidNow(OpenSshCertificate)}
+     * When null, implies forever
      */
-    long getValidAfter();
+    Instant getValidAfter();
+
+    default long getValidAfterEpochSeconds() {
+        if (getValidAfter() == null) {
+            return VALID_AFTER_FOREVER_EPOCH;
+        }
+        return getValidAfter().getEpochSecond();

Review comment:
       Perhaps the MINA code should make some assumptions which match that of 
OpenSSH, which is that the only possible valid `Instant` values are from the 
epoch to uint64 max
   
   Since it's impossible to encode a `validAfter` pre epoch, the developer 
probably should not be able to set an `Instant` that tries to do so.
   
   Going back to using Java long's wouldn't help I don't think, since they are 
signed, it would be too easy for a developer to think they were doing something 
valid when in fact it's never valid to encode a pre epoch value for 
`validAfter`.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


Issue Time Tracking
-------------------

    Worklog Id:     (was: 603607)
    Time Spent: 2h 40m  (was: 2.5h)

> Support generating OpenSSH client certificates
> ----------------------------------------------
>
>                 Key: SSHD-1166
>                 URL: https://issues.apache.org/jira/browse/SSHD-1166
>             Project: MINA SSHD
>          Issue Type: New Feature
>            Reporter: Alex Sherwin
>            Priority: Major
>          Time Spent: 2h 40m
>  Remaining Estimate: 0h
>
> Support generating OpenSSH client certificates
> The OpenSSH certificate spec is defined here: 
> https://cvsweb.openbsd.org/src/usr.bin/ssh/PROTOCOL.certkeys?annotate=HEAD
> MINA already supports using OpenSSH client certs for publickey auth via 
> SSHD-1161
> This ticket is to support creating/generating OpenSSH client certificates



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org

Reply via email to