CryptoKey (OpenAM Server Only 6.5.5 Documentation)

java.lang.Object
- org.forgerock.secrets.Secret
- - org.forgerock.secrets.keys.CryptoKey

All Implemented Interfaces:

AutoCloseable

Direct Known Subclasses:

DataDecryptionKey, DataEncryptionKey, KeyAgreementKey, KeyDecryptionKey, KeyEncryptionKey, SigningKey, VerificationKey
```
public abstract class CryptoKey
extends Secret
```
Base class for all secrets that are used as keys for cryptographic operations. This class roughly corresponds to the CryptoKey interface in the WebCrypto standard.

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`boolean`	`allowsAlgorithm(String algorithm)` Checks whether this key is allowed to be used with the given algorithm.
`void`	`close()`
`<T> T`	`export(KeyFormat<T> format)` Exports the key material in the given format.
`Optional<Certificate>`	`getCertificate()` Returns any certificate associated with this key.
`<T extends Certificate> Optional<T>`	`getCertificate(Class<T> certificateType)` Returns the certificate of the given type if one is available.
`String`	`getKeyAlgorithm()` Returns the algorithm used by the underlying key, for instance "RSA" or "EC".
`KeyType`	`getKeyType()` Returns an indication of the type of key this is.
`Set<KeyUsage>`	`getKeyUsages()` Returns the key usages that the key can be used for.
`Optional<PublicKey>`	`getPublicKey()` Returns the public key associated with this secret, if one is available.
`<T extends PublicKey> Optional<T>`	`getPublicKey(Class<T> keyType)` Returns the public key associated with this secret, if one is available.
`boolean`	`isExtractable()` Indicates whether the raw key material can be extracted for this key.

Methods inherited from class org.forgerock.secrets.Secret
equals, getExpiryTime, getStableId, hashCode, isExpired, toString

Methods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, wait, wait, wait

- Method Detail
  - getKeyType
```
public KeyType getKeyType()
```
    Returns an indication of the type of key this is.
    
    Returns:
    
    the type of key.
  - getKeyAlgorithm
```
public String getKeyAlgorithm()
```
    Returns the algorithm used by the underlying key, for instance "RSA" or "EC".
    
    Returns:
    
    the key algorithm.
  - export
```
public <T> T export(KeyFormat<T> format)
             throws NoSuchSecretException
```
    Exports the key material in the given format.
    
    Type Parameters:
    
    T - the type of result returned.
    
    Parameters:
    
    format - the format to export the key material in.
    
    Returns:
    
    the exported key material.
    
    Throws:
    
    NoSuchSecretException - if the secret could not be exported.
  - getCertificate
```
public <T extends Certificate> Optional<T> getCertificate(Class<T> certificateType)
```
    Returns the certificate of the given type if one is available.
    
    Type Parameters:
    
    T - the type of certificate.
    
    Parameters:
    
    certificateType - the type of certificate to get.
    
    Returns:
    
    the certificate of the given type, or empty if none available.
  - getCertificate
```
public Optional<Certificate> getCertificate()
```
    Returns any certificate associated with this key.
    
    Returns:
    
    the certificate associated with this key, if one is available.
  - getPublicKey
```
public <T extends PublicKey> Optional<T> getPublicKey(Class<T> keyType)
```
    Returns the public key associated with this secret, if one is available. Note that if a public key has not been directly associated with this key then currently no attempt is made to derive it from any secret key material.
    
    Type Parameters:
    
    T - the type of public key.
    
    Parameters:
    
    keyType - the type of public key to return.
    
    Returns:
    
    the public key, if available.
  - getPublicKey
```
public Optional<PublicKey> getPublicKey()
```
    Returns the public key associated with this secret, if one is available. Note that if a public key has not been directly associated with this key then currently no attempt is made to derive it from any secret key material.
    
    Returns:
    
    the public key, if available.
  - getKeyUsages
```
public Set<KeyUsage> getKeyUsages()
```
    Returns the key usages that the key can be used for.
    
    Returns:
    
    the set of key usages that are allowed for this key.
  - allowsAlgorithm
```
public boolean allowsAlgorithm(String algorithm)
```
    Checks whether this key is allowed to be used with the given algorithm. The algorithm name is application-specific, such as a JWS signing algorithm (e.g., ES256) or a Java Cipher algorithm name (e.g., RSA/ECB/PKCS1Padding).
    
    Parameters:
    
    algorithm - the algorithm to check if this key can be used with.
    
    Returns:
    
    true if the algorithm is allowed to be used with this key.
  - isExtractable
```
public boolean isExtractable()
```
    Indicates whether the raw key material can be extracted for this key. Note that some aspects of the key may still be exported even if the key itself is not extractable, for instance a public certificate. The main reason why a key is not extractable is because it is stored in secure storage such as a Hardware Security Module (HSM) or on a remote server.
    
    Returns:
    
    whether the raw key material can be extracted or not.
  - close
```
public void close()
```
    Specified by:
    
    close in interface AutoCloseable
    
    Overrides:
    
    close in class Secret

Class CryptoKey

Method Summary

Methods inherited from class org.forgerock.secrets.Secret

Methods inherited from class java.lang.Object

Method Detail

getKeyType

getKeyAlgorithm

export

getCertificate

getCertificate

getPublicKey

getPublicKey

getKeyUsages

allowsAlgorithm

isExtractable

close