[jira] [Work logged] (SSHD-1166) Support generating OpenSSH client certificates

Fri, 04 Jun 2021 00:57:05 -0700 


     [ 
https://issues.apache.org/jira/browse/SSHD-1166?focusedWorklogId=606543&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-606543
 ]

ASF GitHub Bot logged work on SSHD-1166:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 04/Jun/21 07:56
            Start Date: 04/Jun/21 07:56
    Worklog Time Spent: 10m 
      Work Description: alex-sherwin commented on a change in pull request #198:
URL: https://github.com/apache/mina-sshd/pull/198#discussion_r645085978



##########
File path: 
sshd-common/src/main/java/org/apache/sshd/common/config/keys/OpenSshCertificate.java
##########
@@ -52,26 +57,34 @@
     Collection<String> getPrincipals();
 
     /**
-     * Retrieves the time in number of seconds since the {@link 
java.time.Instant#EPOCH} at which this certificate
-     * becomes or became valid.
-     *
-     * @return the number of seconds since the Instant.EPOCH <em>as an 
unsigned 64bit value</em>
-     * @see    {{@link #isValidNow(OpenSshCertificate)}
+     * When null, implies forever
      */
-    long getValidAfter();
+    Instant getValidAfter();
+
+    default long getValidAfterEpochSeconds() {
+        if (getValidAfter() == null) {
+            return VALID_AFTER_FOREVER_EPOCH;
+        }
+        return getValidAfter().getEpochSecond();
+    }
 
     /**
-     * Retrieves the time in number of seconds since the {@link 
java.time.Instant#EPOCH} at which this certificate
-     * becomes or became invalid.
+     * When null, implies forever
      *
-     * @return the number of seconds since the Instant.EPOCH <em>as an 
unsigned 64bit value</em>
-     * @see    {{@link #isValidNow(OpenSshCertificate)}
+     * @return
      */

Review comment:
       Restored these javadocs

##########
File path: 
sshd-core/src/main/java/org/apache/sshd/certificate/OpenSshCertificateSignRequest.java
##########
@@ -0,0 +1,136 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.sshd.certificate;
+
+import java.security.PublicKey;
+import java.time.Instant;
+import java.util.Collection;
+import java.util.List;
+
+import org.apache.sshd.common.config.keys.OpenSshCertificate;
+
+/**
+ * Holds all the data necessary to create a signed OpenSSH Certificate
+ */

Review comment:
       This was implemented

##########
File path: 
sshd-common/src/main/java/org/apache/sshd/common/config/keys/OpenSshCertificate.java
##########
@@ -52,26 +57,34 @@
     Collection<String> getPrincipals();
 
     /**
-     * Retrieves the time in number of seconds since the {@link 
java.time.Instant#EPOCH} at which this certificate
-     * becomes or became valid.
-     *
-     * @return the number of seconds since the Instant.EPOCH <em>as an 
unsigned 64bit value</em>
-     * @see    {{@link #isValidNow(OpenSshCertificate)}
+     * When null, implies forever
      */
-    long getValidAfter();
+    Instant getValidAfter();
+
+    default long getValidAfterEpochSeconds() {
+        if (getValidAfter() == null) {
+            return VALID_AFTER_FOREVER_EPOCH;
+        }
+        return getValidAfter().getEpochSecond();

Review comment:
       I restored the raw storage to `long` and experimented with a few ideas 
to try and give a better developer UX, but, the best I could come up with was 
https://github.com/apache/mina-sshd/pull/198/commits/ffaa35ae566aa04a79a3bf94625af4d970756a55#diff-0b82051894f817aa54f0e169b2bb96d0fce8a989838e0dd4574ca7ab395d5f9eR199-R201
   
   Which is just to have a helper that can set the values as an `Instant` but 
not before `Instant.EPOCH`




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


Issue Time Tracking
-------------------

    Worklog Id:     (was: 606543)
    Time Spent: 4h 10m  (was: 4h)

> Support generating OpenSSH client certificates
> ----------------------------------------------
>
>                 Key: SSHD-1166
>                 URL: https://issues.apache.org/jira/browse/SSHD-1166
>             Project: MINA SSHD
>          Issue Type: New Feature
>            Reporter: Alex Sherwin
>            Priority: Major
>          Time Spent: 4h 10m
>  Remaining Estimate: 0h
>
> Support generating OpenSSH client certificates
> The OpenSSH certificate spec is defined here: 
> https://cvsweb.openbsd.org/src/usr.bin/ssh/PROTOCOL.certkeys?annotate=HEAD
> MINA already supports using OpenSSH client certs for publickey auth via 
> SSHD-1161
> This ticket is to support creating/generating OpenSSH client certificates



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org

Reply via email to