| Package | Description |
|---|---|
| org.forgerock.oauth.resolvers |
This package contains classes to generate Open ID Resolvers, which can
validate a supplied JWS against an Open ID Connect provider.
|
| org.forgerock.openam.secrets |
The AM supporting classes for centrally configuring secrets.
|
| org.forgerock.secrets |
Provides a unified API for accessing secrets of various kinds.
|
| org.forgerock.secrets.jwkset |
Secret store backend for retrieving keys from a local or remote JWK Set.
|
| org.forgerock.secrets.keystore |
Implementations of
SecretStore for accessing keys stored in Java KeyStores, such as
PKCS#11 Hardware Security Modules (HSMs) and PKCS#12 file-based encrypted key stores. |
| org.forgerock.secrets.propertyresolver |
Provides a
SecretStore implementation that loads secrets from a Common Configuration
PropertyResolver and then decodes it with a
SecretPropertyFormat. |
| Modifier and Type | Method and Description |
|---|---|
OpenIdResolver |
OpenIdResolverFactory.createSecretsProviderResolver(String issuer,
SecretsProvider provider,
Purpose<VerificationKey> purpose)
Creates a public key based resolver for the supplied
issuer using
keys available through the given provider. |
| Modifier and Type | Method and Description |
|---|---|
Purpose<S> |
DefaultingPurpose.getCustomPurpose(String instanceId)
Returns the instance specific purpose.
|
Purpose<S> |
DefaultingPurpose.getDefaultPurpose()
Returns the default purpose.
|
static Purpose<KeyEncryptionKey> |
SecretsUtils.realmQualifiedEncryptionPurpose(String realm,
String rootPurpose)
Returns the purpose to use at the global scope for looking up a realm-specific encryption
key.
|
| Constructor and Description |
|---|
DefaultingPurpose(Purpose<S> defaultPurpose,
String customSecretId)
Creates a new defaulting purpose.
|
| Modifier and Type | Field and Description |
|---|---|
static Purpose<DataDecryptionKey> |
Purpose.DATA_DECRYPTION
Indicates a key intended for decrypting data.
|
static Purpose<DataEncryptionKey> |
Purpose.DATA_ENCRYPTION
Indicates a key intended for encrypting data.
|
static Purpose<KeyAgreementKey> |
Purpose.KEY_AGREEMENT
Indicates a key intended for an interactive key agreement protocol, such as Diffie-Hellman (DH) or the
elliptic curve equivalent (ECDH).
|
static Purpose<KeyDecryptionKey> |
Purpose.KEY_DECRYPTION
Indicates a key intended for decrypting ("unwrapping") other keys.
|
static Purpose<KeyEncryptionKey> |
Purpose.KEY_ENCRYPTION
Indicates a key intended for encrypting ("wrapping") other keys.
|
static Purpose<GenericSecret> |
Purpose.PASSWORD
Indicates a secret intended to be used as a password for authentication to some service.
|
static Purpose<SigningKey> |
Purpose.SIGN
Indicates a key intended for creating digital signatures or message authentication codes (MACs).
|
static Purpose<VerificationKey> |
Purpose.VERIFY
Indicates a key intended for verifying digital signatures or message authentication codes.
|
| Modifier and Type | Method and Description |
|---|---|
Purpose<?> |
NoSuchSecretException.getPurpose()
Returns the purpose for which no secret was found.
|
static <T extends Secret> |
Purpose.purpose(String label,
Class<T> type)
Constructs a purpose object.
|
| Modifier and Type | Method and Description |
|---|---|
<S extends T> |
ThreadPoolSecretStore.getActive(Purpose<S> purpose) |
<S extends T> |
SecretStore.getActive(Purpose<S> purpose)
Returns the active secret for the given purpose.
|
<S extends Secret> |
SecretsProvider.getActiveSecret(Purpose<S> purpose)
Gets the currently active secret for the given purpose.
|
<S extends T> |
ThreadPoolSecretStore.getNamed(Purpose<S> purpose,
String name) |
<S extends T> |
SecretStore.getNamed(Purpose<S> purpose,
String name)
Returns the named secret from this store.
|
<S extends Secret> |
SecretsProvider.getNamedOrValidSecrets(Purpose<S> purpose,
String id)
If the given id is not null, then this returns the single named secret that corresponds to that stable id (or
a stream of valid secrets for the given
purpose if no such secret exists), otherwise it returns all
valid secrets for the given purpose. |
<S extends Secret> |
SecretsProvider.getNamedSecret(Purpose<S> purpose,
String id)
Gets the secret for the given purpose with the given stable secret id.
|
<S extends T> |
ThreadPoolSecretStore.getValid(Purpose<S> purpose) |
<S extends T> |
SecretStore.getValid(Purpose<S> purpose)
Returns all valid secrets for the given purpose from this store.
|
<S extends Secret> |
SecretsProvider.getValidSecrets(Purpose<S> purpose)
Returns all secrets for the given purpose which have not yet expired.
|
void |
ThreadPoolSecretStore.retire(Purpose<? extends T> purpose,
String secretIdToRetire) |
default void |
SecretStore.retire(Purpose<? extends T> purpose,
String secretIdToRetire)
Retires the given secret for the given purpose.
|
void |
ThreadPoolSecretStore.rotate(Purpose<? extends T> purpose,
String newActiveSecretId) |
default void |
SecretStore.rotate(Purpose<? extends T> purpose,
String newActiveSecretId)
Rotates the active secret for the given purpose.
|
<T extends Secret> |
SecretsProvider.setActiveStore(SecretStore<? super T> store,
Purpose<? extends T>... purposes)
Sets the active store to use for the given purpose.
|
protected <T extends Secret> |
SecretsProvider.setActiveStore(SecretStore<? super T> store,
Purpose<? extends T> purpose)
Sets the active store to use for the given purpose.
|
| Constructor and Description |
|---|
NoSuchSecretException(Purpose<?> purpose)
Constructs the exception for the given purpose.
|
NoSuchSecretException(Purpose<?> purpose,
String id)
Constructs the exception for the given purpose and secret stable id.
|
SecretReference(SecretsProvider provider,
Purpose<T> purpose)
Constructs the secret reference from the given provider and purpose using the system clock to check for expiry.
|
SecretReference(SecretsProvider provider,
Purpose<T> purpose,
Clock clock)
Constructs the secret reference from the given provider and purpose.
|
| Modifier and Type | Method and Description |
|---|---|
<S extends CryptoKey> |
JwkSetSecretStore.getActive(Purpose<S> purpose) |
<S extends CryptoKey> |
JwkSetSecretStore.getNamed(Purpose<S> purpose,
String name) |
<S extends CryptoKey> |
JwkSetSecretStore.getValid(Purpose<S> purpose) |
| Modifier and Type | Method and Description |
|---|---|
<S extends CryptoKey> |
KeyStoreSecretStore.getActive(Purpose<S> purpose) |
<S extends CryptoKey> |
KeyStoreSecretStore.getNamed(Purpose<S> purpose,
String id) |
<S extends CryptoKey> |
KeyStoreSecretStore.getValid(Purpose<S> purpose) |
void |
KeyStoreSecretStore.retire(Purpose<? extends CryptoKey> purpose,
String oldAlias)
Retires a key previously used for a given purpose.
|
void |
KeyStoreSecretStore.rotate(Purpose<? extends CryptoKey> purpose,
String newAlias)
Rotates the key associated with a given purpose.
|
| Modifier and Type | Method and Description |
|---|---|
<S extends Secret> |
PropertyResolverSecretStore.getActive(Purpose<S> purpose) |
<S extends Secret> |
PropertyResolverSecretStore.getNamed(Purpose<S> purpose,
String name) |
<S extends Secret> |
PropertyResolverSecretStore.getValid(Purpose<S> purpose) |
Copyright © 2010-2018, ForgeRock All Rights Reserved.