org.forgerock.secrets

Class ThreadPoolSecretStore<T extends Secret>

java.lang.Object

org.forgerock.secrets.ThreadPoolSecretStore<T>

Type Parameters:

T - the type of secrets this store handles.

All Implemented Interfaces:

SecretStore<T>

public final class ThreadPoolSecretStore<T extends Secret>
extends Object
implements SecretStore<T>

A secret store that wraps another secret store and performs all query operations in a background thread using a thread pool.

Field Summary

Fields inherited from interface org.forgerock.secrets.SecretStore

CLOCK, LEASE_EXPIRY_DURATION

Method Summary

Modifier and Type	Method and Description
<S extends T> Promise<S,NoSuchSecretException>	getActive(Purpose<S> purpose) Returns the active secret for the given purpose.
<S extends T> Promise<S,NoSuchSecretException>	getNamed(Purpose<S> purpose, String name) Returns the named secret from this store.
Class<T>	getStoredType() The top-level class that this store is capable of storing.
<S extends T> Promise<Stream<S>,NeverThrowsException>	getValid(Purpose<S> purpose) Returns all valid secrets for the given purpose from this store.
void	refresh() Indicates that the store should refresh its secrets from the backing storage mechanism.
void	retire(Purpose<? extends T> purpose, String secretIdToRetire) Retires the given secret for the given purpose.
void	revoke(String secretId) Revokes the given secret for all purposes in this store.
void	rotate(Purpose<? extends T> purpose, String newActiveSecretId) Rotates the active secret for the given purpose.
static <S extends Secret> ThreadPoolSecretStore<S>	wrap(SecretStore<S> store) Wraps the given store in an asynchronous thread-pool executor using the system ForkJoinPool.commonPool().
static <S extends Secret> ThreadPoolSecretStore<S>	wrap(SecretStore<S> store, ExecutorService executor) Wraps the given store in an asynchronous thread-pool executor using the given thread pool.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

wrap

public static <S extends Secret> ThreadPoolSecretStore<S> wrap(SecretStore<S> store,
                                                               ExecutorService executor)

Wraps the given store in an asynchronous thread-pool executor using the given thread pool.

Type Parameters:

S - the type of secrets the store manages.

Parameters:

store - the store to wrap.

executor - the thread pool.

Returns:

the store wrapped in a thread pool.

wrap

public static <S extends Secret> ThreadPoolSecretStore<S> wrap(SecretStore<S> store)

Wraps the given store in an asynchronous thread-pool executor using the system ForkJoinPool.commonPool().

Type Parameters:

S - the type of secrets the store manages.

Parameters:

store - the store to wrap.

Returns:

the store wrapped in the common thread pool.

getStoredType

public Class<T> getStoredType()

Description copied from interface: SecretStore

The top-level class that this store is capable of storing. This is a reification of the type parameter and can be used to lookup stores for a given type.

Specified by:

getStoredType in interface SecretStore<T extends Secret>

Returns:

the top-most type that this store is capable of storing, typically either CryptoKey for key-stores, GenericSecret for password stores, or Secret if the store is capable of storing any type of secret.

getActive

public <S extends T> Promise<S,NoSuchSecretException> getActive(Purpose<S> purpose)

Description copied from interface: SecretStore

Returns the active secret for the given purpose.

Specified by:

getActive in interface SecretStore<T extends Secret>

Type Parameters:

S - the type of secret.

Parameters:

purpose - the purpose for which a secret is required.

Returns:

the active secret from this store.

getNamed

public <S extends T> Promise<S,NoSuchSecretException> getNamed(Purpose<S> purpose,
                                                               String name)

Description copied from interface: SecretStore

Returns the named secret from this store.

Specified by:

getNamed in interface SecretStore<T extends Secret>

Type Parameters:

S - the type of secret.

Parameters:

purpose - the secret purpose.

name - the name (stable id) of the secret.

Returns:

the named secret, or Optional.empty() if no such secret exists.

getValid

public <S extends T> Promise<Stream<S>,NeverThrowsException> getValid(Purpose<S> purpose)

Description copied from interface: SecretStore

Returns all valid secrets for the given purpose from this store.

Specified by:

getValid in interface SecretStore<T extends Secret>

Type Parameters:

S - the type of secret.

Parameters:

purpose - the purpose.

Returns:

a stream of all valid secrets of the given type from this store, or an empty stream if none exist.

refresh

public void refresh()

Description copied from interface: SecretStore

Indicates that the store should refresh its secrets from the backing storage mechanism. This can be used to cause reload of a store after a secret rotation if the backend does not automatically detect such changes.

Specified by:

refresh in interface SecretStore<T extends Secret>

rotate

public void rotate(Purpose<? extends T> purpose,
                   String newActiveSecretId)

Description copied from interface: SecretStore

Rotates the active secret for the given purpose. The secret with the given stable id will be used as the active secret after this method completes, while the previous active secret will still be available as a named or valid secret until it is retired. This is an optional operation and will throw UnsupportedOperationException if the store does not implement rotation directly. Some stores natively support rotation, in which case this should be done using store-specific interfaces.

Specified by:

rotate in interface SecretStore<T extends Secret>

Parameters:

purpose - the purpose for which to rotate the active secret.

newActiveSecretId - the stable id of the new active secret.

retire

public void retire(Purpose<? extends T> purpose,
                   String secretIdToRetire)

Description copied from interface: SecretStore

Retires the given secret for the given purpose. The named secret will no longer be considered valid for this purpose. This is an optional operation and will throw UnsupportedOperationException if the store does not implement rotation directly. Some stores natively support rotation, in which case this should be done using store-specific interfaces. If the given secret is the current active secret for the purpose then the previous active secret will become active. If there are no still-valid previous secrets then there will be no active secret for that purpose and any attempts to use it will generate NoSuchSecretExceptions.

Specified by:

retire in interface SecretStore<T extends Secret>

Parameters:

purpose - the purpose for which to retire the secret.

secretIdToRetire - the stable id of the secret to retire.

revoke

public void revoke(String secretId)

Description copied from interface: SecretStore

Revokes the given secret for all purposes in this store. The named secret will no longer be available as an active, named or valid secret for any purpose. If the given secret is currently the active secret for any purpose, then the store will revert to using the previous active secret for that purpose. If no previous secret is still valid then there will be no active secret for that purpose and any attempts to use it will generate a NoSuchSecretException. It is therefore advised to rotate a new secret into use for all such purposes before revoking the active secret.

Note that if the store does not contain the named secret then it will silently ignore this request.

Specified by:

revoke in interface SecretStore<T extends Secret>

Parameters:

secretId - the stable id of the secret to revoke.