Uses of Class
org.forgerock.secrets.Purpose
-
Packages that use Purpose Package Description org.forgerock.http.oauth2 This package provides APIs for OAuth 2.0 services implementations.org.forgerock.json.jose.jws Classes and interfaces for JWT signing and JWS'.org.forgerock.json.jose.tokenhandler JWT implementation(s) ofTokenHandler
.org.forgerock.macaroons Implementation of Macaroons: Cookies with contextual caveats for decentralized authorization in the cloud. SeeMacaroon
for more details.org.forgerock.oauth.resolvers This package contains classes to generate Open ID Resolvers, which can validate a supplied JWS against an Open ID Connect provider.org.forgerock.oauth.resolvers.service This package contains classes for a service which can be configured to produce OpenID Connect Resolvers.org.forgerock.openam.secrets The AM supporting classes for centrally configuring secrets.org.forgerock.secrets Provides a unified API for accessing secrets of various kinds.org.forgerock.secrets.gcp.sm Classes for integrating Google Secret Manager into the ForgeRock Secrets API.org.forgerock.secrets.gcpkms A secret store implementation that can retrieve keys from a Google Cloud Platform Key Management Service.org.forgerock.secrets.jwkset Secret store backend for retrieving keys from a local or remote JWK Set.org.forgerock.secrets.keystore Implementations ofSecretStore
for accessing keys stored in Java KeyStores, such as PKCS#11 Hardware Security Modules (HSMs) and PKCS#12 file-based encrypted key stores.org.forgerock.secrets.propertyresolver Provides aSecretStore
implementation that loads secrets from a Common ConfigurationPropertyResolver
and then decodes it with aSecretPropertyFormat
. -
-
Uses of Purpose in org.forgerock.http.oauth2
Methods in org.forgerock.http.oauth2 with parameters of type Purpose Modifier and Type Method Description EncryptedPrivateKeyJwtClientAuthenticationFilter.Builder
EncryptedPrivateKeyJwtClientAuthenticationFilter.Builder. withEncryptionPurpose(Purpose<DataEncryptionKey> encryptionPurpose)
Sets the purpose to look up the encryption key to encrypt private key jwt.T
PrivateKeyJwtClientAuthenticationFilter.Builder. withSigningPurpose(Purpose<SigningKey> signingPurpose)
Sets purpose to look up the signing key. -
Uses of Purpose in org.forgerock.json.jose.jws
Methods in org.forgerock.json.jose.jws with parameters of type Purpose Modifier and Type Method Description Promise<SigningHandler,NoSuchSecretException>
SigningManager. newSigningHandler(Purpose<SigningKey> purpose)
Constructs a new SigningHandler configured for signing with the provided secret purpose.Promise<SigningHandler,NeverThrowsException>
SigningManager. newVerificationHandler(Purpose<VerificationKey> purpose, String keyId)
Constructs a new SigningHandler configured for verifying with the provided secret purpose. -
Uses of Purpose in org.forgerock.json.jose.tokenhandler
Constructors in org.forgerock.json.jose.tokenhandler with parameters of type Purpose Constructor Description SecretsJwtTokenHandler(JweAlgorithm jweAlgorithm, EncryptionMethod jweMethod, JwsAlgorithm jwsAlgorithm, Optional<Long> tokenLifeTimeInSeconds, KeyPair jweKeyPair, SigningManager manager, Purpose<SigningKey> signingKeyPurpose, Purpose<VerificationKey> verificationKeyPurpose, Clock clock)
Constructs a new JWT token handler. -
Uses of Purpose in org.forgerock.macaroons
Constructors in org.forgerock.macaroons with parameters of type Purpose Constructor Description MacaroonVerifier(SecretsProvider secretsProvider, Purpose<VerificationKey> purpose)
Constructs the macaroon verifier with the given source of verification keys. -
Uses of Purpose in org.forgerock.oauth.resolvers
Methods in org.forgerock.oauth.resolvers with parameters of type Purpose Modifier and Type Method Description OpenIdResolver
OpenIdResolverFactory. createSecretsProviderResolver(String issuer, SecretsProvider provider, Purpose<VerificationKey> purpose)
Creates a public key based resolver for the suppliedissuer
using keys available through the givenprovider
.Constructors in org.forgerock.oauth.resolvers with parameters of type Purpose Constructor Description EncryptedOpenIdResolverFactory(SecretsProvider secretsProvider, Purpose<DataDecryptionKey> idTokenPurpose)
Constructs a newEncryptedOpenIdResolverFactory
instance. -
Uses of Purpose in org.forgerock.oauth.resolvers.service
Constructors in org.forgerock.oauth.resolvers.service with parameters of type Purpose Constructor Description OpenIdResolverServiceImpl(Client client, SecretsProvider secretsProvider, Purpose<DataDecryptionKey> idTokenPurpose)
Constructor for the OpenIdResolverServiceImpl which will use the supplied read and connection timeouts when communicating over HTTP. -
Uses of Purpose in org.forgerock.openam.secrets
Methods in org.forgerock.openam.secrets that return Purpose Modifier and Type Method Description Purpose<S>
DefaultingPurpose. getCustomPurpose(String instanceId)
Returns the instance specific purpose.Purpose<S>
DefaultingPurpose. getDefaultPurpose()
Returns the default purpose.static Purpose<KeyEncryptionKey>
SecretsUtils. realmQualifiedEncryptionPurpose(String realm, String rootPurpose)
Returns the purpose to use at the global scope for looking up a realm-specific encryption key.Methods in org.forgerock.openam.secrets with parameters of type Purpose Modifier and Type Method Description <T extends Secret>
SecretReference<T>SecretsReferenceProvider. get(Purpose<T> purpose)
Get the reference for the secrets that fulfil the purpose.<S extends Secret>
Promise<S,NoSuchSecretException>SecretsProviderFacade. getActiveSecret(Purpose<S> purpose)
<S extends Secret>
Promise<S,NoSuchSecretException>SecretsProviderFacade. getNamedSecret(Purpose<S> purpose, String id)
<S extends Secret>
Promise<Stream<S>,NeverThrowsException>SecretsProviderFacade. getValidSecrets(Purpose<S> purpose)
Constructors in org.forgerock.openam.secrets with parameters of type Purpose Constructor Description DefaultingPurpose(Purpose<S> defaultPurpose, String customSecretId)
Creates a new defaulting purpose. -
Uses of Purpose in org.forgerock.secrets
Fields in org.forgerock.secrets declared as Purpose Modifier and Type Field Description static Purpose<DataDecryptionKey>
Purpose. DATA_DECRYPTION
Indicates a key intended for decrypting data.static Purpose<DataEncryptionKey>
Purpose. DATA_ENCRYPTION
Indicates a key intended for encrypting data.static Purpose<KeyAgreementKey>
Purpose. KEY_AGREEMENT
Indicates a key intended for an interactive key agreement protocol, such as Diffie-Hellman (DH) or the elliptic curve equivalent (ECDH).static Purpose<KeyDecryptionKey>
Purpose. KEY_DECRYPTION
Indicates a key intended for decrypting ("unwrapping") other keys.static Purpose<KeyEncryptionKey>
Purpose. KEY_ENCRYPTION
Indicates a key intended for encrypting ("wrapping") other keys.static Purpose<GenericSecret>
Purpose. PASSWORD
Indicates a secret intended to be used as a password for authentication to some service.static Purpose<SigningKey>
Purpose. SIGN
Indicates a key intended for creating digital signatures or message authentication codes (MACs).static Purpose<VerificationKey>
Purpose. VERIFY
Indicates a key intended for verifying digital signatures or message authentication codes.static Purpose<CertificateVerificationKey>
Purpose. VERIFY_CERTIFICATE
Indicates a key intended for verifying certificate signatures.Methods in org.forgerock.secrets that return Purpose Modifier and Type Method Description Purpose<?>
NoSuchSecretException. getPurpose()
Returns the purpose for which no secret was found.static <T extends Secret>
Purpose<T>Purpose. purpose(String label, Class<T> type)
Constructs a purpose object.static <T extends Secret>
Purpose<T>Purpose. purpose(String label, Class<T> type, SecretConstraint<? super T>... constraints)
Constructs a purpose object.Purpose<T>
Purpose. withConstraints(SecretConstraint<? super T>... constraints)
Constructs a new purpose that is identical to this purpose but which imposes additional constraints on the secrets that can satisfy it.Methods in org.forgerock.secrets with parameters of type Purpose Modifier and Type Method Description static <T extends Secret>
SecretReference<T>SecretReference. active(SecretsProvider secretsProvider, Purpose<T> purpose, Clock clock)
Creates a reference to the active secret for the given purpose using the given secrets provider.<T extends CryptoKey>
KeyStoreSecretsProvider. asKeyStore(Purpose<T> purpose)
Returns a view of this secrets provider as a keystore for the given purpose.<T extends Secret>
TSecretBuilder. build(Purpose<T> purpose)
Builds a secret of the given type, enforcing anyconstraints
attached to the purpose.<S extends Secret>
SecretReference<S>SecretsProvider. createActiveReference(Purpose<S> purpose)
Creates the secret reference from the given purpose.<S extends Secret>
SecretReference<S>SecretsProvider. createNamedReference(Purpose<S> purpose, String name)
Creates a reference to a secret with the given name (stable id) for the given purpose.default <S extends T>
Promise<S,NoSuchSecretException>SecretStore. getActive(Purpose<S> purpose)
Returns the active secret for the given purpose.<S extends T>
Promise<S,NoSuchSecretException>ThreadPoolSecretStore. getActive(Purpose<S> purpose)
<S extends Secret>
Promise<S,NoSuchSecretException>SecretsProvider. getActiveSecret(Purpose<S> purpose)
Gets the currently active secret for the given purpose.X509ExtendedKeyManager
SecretsProvider. getKeyManager(Purpose<? extends CryptoKey> purpose)
Returns aKeyManager
that can be used toinitialize an SSLContext
, allowing certificates and private keys to be retrieved from this secrets provider.X509ExtendedKeyManager
SecretsProvider. getKeyManager(Purpose<? extends CryptoKey> purpose, Options options)
Returns aKeyManager
that can be used toinitialize an SSLContext
, allowing certificates and private keys to be retrieved from this secrets provider.default <S extends T>
Promise<S,NoSuchSecretException>SecretStore. getNamed(Purpose<S> purpose, String name)
Returns the named secret from this store.<S extends T>
Promise<S,NoSuchSecretException>ThreadPoolSecretStore. getNamed(Purpose<S> purpose, String name)
<S extends Secret>
Promise<Stream<S>,NeverThrowsException>SecretsProvider. getNamedOrValidSecrets(Purpose<S> purpose, String id)
If the given id is not null, then this returns the single named secret that corresponds to that stable id (or a stream of valid secrets for the givenpurpose
if no such secret exists), otherwise it returns all valid secrets for the given purpose.<S extends Secret>
Promise<S,NoSuchSecretException>SecretsProvider. getNamedSecret(Purpose<S> purpose, String id)
Gets the secret for the given purpose with the given stable secret id.SecretsTrustManager
SecretsProvider. getTrustManager(Purpose<? extends CryptoKey> purpose)
Constructs anX509ExtendedTrustManager
that will retrieve certificates from this secrets provider for the provided purpose.SecretsTrustManager
SecretsProvider. getTrustManager(Purpose<? extends CryptoKey> purpose, Options options)
Constructs anX509ExtendedTrustManager
that will retrieve certificates from this secrets provider for the provided purpose.<S extends T>
Promise<Stream<S>,NeverThrowsException>SecretStore. getValid(Purpose<S> purpose)
Returns all valid secrets for the given purpose from this store.<S extends T>
Promise<Stream<S>,NeverThrowsException>ThreadPoolSecretStore. getValid(Purpose<S> purpose)
<S extends Secret>
Promise<Stream<S>,NeverThrowsException>SecretsProvider. getValidSecrets(Purpose<S> purpose)
Returns all secrets for the given purpose which have not yet expired.static <T extends Secret>
SecretReference<T>SecretReference. named(SecretsProvider secretsProvider, Purpose<T> purpose, String name, Clock clock)
Creates a reference to a named secret using the given secrets provider.default void
SecretStore. retire(Purpose<? extends T> purpose, String secretIdToRetire)
Retires the given secret for the given purpose.void
ThreadPoolSecretStore. retire(Purpose<? extends T> purpose, String secretIdToRetire)
default void
SecretStore. rotate(Purpose<? extends T> purpose, String newActiveSecretId)
Rotates the active secret for the given purpose.void
ThreadPoolSecretStore. rotate(Purpose<? extends T> purpose, String newActiveSecretId)
protected <T extends Secret>
voidSecretsProvider. setActiveStore(SecretStore<? super T> store, Purpose<? extends T> purpose)
Sets the active store to use for the given purpose.<T extends Secret>
SecretsProviderSecretsProvider. setActiveStore(SecretStore<? super T> store, Purpose<? extends T>... purposes)
Sets the active store to use for the given purpose.Constructors in org.forgerock.secrets with parameters of type Purpose Constructor Description NoSuchSecretException(Purpose<?> purpose)
Constructs the exception for the given purpose.NoSuchSecretException(Purpose<?> purpose, String id)
Constructs the exception for the given purpose and secret stable id.SecretReference(SecretsProvider provider, Purpose<T> purpose)
Deprecated.SecretReference(SecretsProvider provider, Purpose<T> purpose, Clock clock)
Deprecated.SecretsLoadStoreParameter(SecretsProvider secretsProvider, Purpose<? extends CryptoKey> purpose, Clock clock)
Initialises the keystore with the given secrets API objects. -
Uses of Purpose in org.forgerock.secrets.gcp.sm
Methods in org.forgerock.secrets.gcp.sm with parameters of type Purpose Modifier and Type Method Description <S extends Secret>
Promise<S,NoSuchSecretException>GoogleSecretManagerSecretStore. getActive(Purpose<S> purpose)
<S extends Secret>
Promise<S,NoSuchSecretException>GoogleSecretManagerSecretStore. getNamed(Purpose<S> purpose, String name)
<S extends Secret>
Promise<Stream<S>,NeverThrowsException>GoogleSecretManagerSecretStore. getValid(Purpose<S> purpose)
Method parameters in org.forgerock.secrets.gcp.sm with type arguments of type Purpose Modifier and Type Method Description GoogleSecretManagerSecretStore.Builder
GoogleSecretManagerSecretStore.Builder. formatMapping(Function<Purpose<?>,Optional<SecretDecoder>> formatMapping)
Specifies aSecretDecoder
to use to decode data returned by Secret Manager.GoogleSecretManagerSecretStore.Builder
GoogleSecretManagerSecretStore.Builder. purposeMapping(Function<Purpose<?>,String> purposeMapping)
Specifies the GCP secret name to use for the given purpose.GoogleSecretManagerSecretStore.Builder
GoogleSecretManagerSecretStore.Builder. purposeMapping(Map<Purpose<?>,String> purposeMapping)
Specifies the GCP secret name to use for the given purpose. -
Uses of Purpose in org.forgerock.secrets.gcpkms
Methods in org.forgerock.secrets.gcpkms with parameters of type Purpose Modifier and Type Method Description <S extends CryptoKey>
Promise<S,NoSuchSecretException>GoogleKmsSecretStore. getActive(Purpose<S> purpose)
<S extends CryptoKey>
Promise<S,NoSuchSecretException>GoogleKmsSecretStore. getNamed(Purpose<S> purpose, String name)
<S extends CryptoKey>
Promise<Stream<S>,NeverThrowsException>GoogleKmsSecretStore. getValid(Purpose<S> purpose)
Method parameters in org.forgerock.secrets.gcpkms with type arguments of type Purpose Modifier and Type Method Description GoogleKmsSecretStore.Builder
GoogleKmsSecretStore.Builder. cryptoKeyMapping(Function<Purpose<? extends CryptoKey>,String> cryptoKeyMapping)
Sets the mapping from purposes to crypto key names in KMS.GoogleKmsSecretStore.Builder
GoogleKmsSecretStore.Builder. cryptoKeyMapping(Map<Purpose<? extends CryptoKey>,String> mapping)
Sets the mapping from purposes to crypto key names in KMS.Constructors in org.forgerock.secrets.gcpkms with parameters of type Purpose Constructor Description GoogleKmsEncryptedPropertyFormat(GoogleKmsSecretStore secretStore, Purpose<DataDecryptionKey> purpose)
Initializes the property format with the given secret store and purpose. -
Uses of Purpose in org.forgerock.secrets.jwkset
Methods in org.forgerock.secrets.jwkset with parameters of type Purpose Modifier and Type Method Description <S extends CryptoKey>
Promise<S,NoSuchSecretException>JwkSetSecretStore. getNamed(Purpose<S> purpose, String name)
<S extends CryptoKey>
Promise<Stream<S>,NeverThrowsException>JwkSetSecretStore. getValid(Purpose<S> purpose)
-
Uses of Purpose in org.forgerock.secrets.keystore
Methods in org.forgerock.secrets.keystore with parameters of type Purpose Modifier and Type Method Description <S extends CryptoKey>
Promise<S,NoSuchSecretException>KeyStoreSecretStore. getActive(Purpose<S> purpose)
<S extends CryptoKey>
Promise<S,NoSuchSecretException>KeyStoreSecretStore. getNamed(Purpose<S> purpose, String id)
<S extends CryptoKey>
Promise<Stream<S>,NeverThrowsException>KeyStoreSecretStore. getValid(Purpose<S> purpose)
void
KeyStoreSecretStore. retire(Purpose<? extends CryptoKey> purpose, String oldAlias)
Retires a key previously used for a given purpose.void
KeyStoreSecretStore. rotate(Purpose<? extends CryptoKey> purpose, String newAlias)
Rotates the key associated with a given purpose. -
Uses of Purpose in org.forgerock.secrets.propertyresolver
Methods in org.forgerock.secrets.propertyresolver with parameters of type Purpose Modifier and Type Method Description <S extends Secret>
Promise<S,NoSuchSecretException>PropertyResolverSecretStore. getActive(Purpose<S> purpose)
<S extends Secret>
Promise<S,NoSuchSecretException>PropertyResolverSecretStore. getNamed(Purpose<S> purpose, String name)
<S extends Secret>
Promise<Stream<S>,NeverThrowsException>PropertyResolverSecretStore. getValid(Purpose<S> purpose)
Returns a stream of the active secret for the given purpose.Constructors in org.forgerock.secrets.propertyresolver with parameters of type Purpose Constructor Description PemPropertyFormat(SecretsProvider secretsProvider, Purpose<GenericSecret> decryptionPasswordPurpose)
Initializes the property format with the given secrets provider and purpose for decrypting password-encrypted PEM files.
-