Package | Description |
---|---|
org.forgerock.openig.secrets |
Provides the Common Secrets API for accessing secrets of various kinds.
|
org.forgerock.openig.util |
Miscellaneous utility classes.
|
org.forgerock.secrets |
Provides a unified API for accessing secrets of various kinds.
|
org.forgerock.secrets.keystore |
Implementations of
SecretStore for accessing keys stored in Java KeyStores, such as
PKCS#11 Hardware Security Modules (HSMs) and PKCS#12 file-based encrypted key stores. |
org.forgerock.secrets.propertyresolver |
Provides a
SecretStore implementation that loads secrets from a Common Configuration
PropertyResolver and then decodes it with a
SecretPropertyFormat . |
Modifier and Type | Method and Description |
---|---|
<S extends Secret> |
SecretsService.createReference(Purpose<S> purpose)
Create a
SecretReference for the given Purpose . |
<S extends Secret> |
DefaultSecretsService.createReference(Purpose<S> purpose) |
<S extends Secret> |
SecretsServiceProvider.getActiveSecret(Purpose<S> purpose) |
<S extends Secret> |
SecretsService.getActiveSecret(Purpose<S> purpose)
Gets the currently active secret for the given purpose.
|
<S extends Secret> |
DefaultSecretsService.getActiveSecret(Purpose<S> purpose) |
<S extends Secret> |
SecretsServiceProvider.getNamedOrValidSecrets(Purpose<S> purpose,
String id) |
<S extends Secret> |
SecretsServiceProvider.getNamedSecret(Purpose<S> purpose,
String id) |
<S extends Secret> |
SecretsService.getNamedSecret(Purpose<S> purpose,
String id)
Gets the secret for the given purpose with the given stable secret id.
|
<S extends Secret> |
DefaultSecretsService.getNamedSecret(Purpose<S> purpose,
String id) |
<S extends Secret> |
SecretsServiceProvider.getValidSecrets(Purpose<S> purpose) |
<S extends Secret> |
SecretsService.getValidSecrets(Purpose<S> purpose)
Returns all secrets for the given purpose which have not yet expired.
|
<S extends Secret> |
DefaultSecretsService.getValidSecrets(Purpose<S> purpose) |
Modifier and Type | Method and Description |
---|---|
static <S extends Secret> |
JsonValues.purposeOf(Class<S> type)
|
Modifier and Type | Field and Description |
---|---|
static Purpose<DataDecryptionKey> |
Purpose.DATA_DECRYPTION
Indicates a key intended for decrypting data.
|
static Purpose<DataEncryptionKey> |
Purpose.DATA_ENCRYPTION
Indicates a key intended for encrypting data.
|
static Purpose<KeyAgreementKey> |
Purpose.KEY_AGREEMENT
Indicates a key intended for an interactive key agreement protocol, such as Diffie-Hellman (DH) or the
elliptic curve equivalent (ECDH).
|
static Purpose<KeyDecryptionKey> |
Purpose.KEY_DECRYPTION
Indicates a key intended for decrypting ("unwrapping") other keys.
|
static Purpose<KeyEncryptionKey> |
Purpose.KEY_ENCRYPTION
Indicates a key intended for encrypting ("wrapping") other keys.
|
static Purpose<GenericSecret> |
Purpose.PASSWORD
Indicates a secret intended to be used as a password for authentication to some service.
|
static Purpose<SigningKey> |
Purpose.SIGN
Indicates a key intended for creating digital signatures or message authentication codes (MACs).
|
static Purpose<VerificationKey> |
Purpose.VERIFY
Indicates a key intended for verifying digital signatures or message authentication codes.
|
Modifier and Type | Method and Description |
---|---|
Purpose<?> |
NoSuchSecretException.getPurpose()
Returns the purpose for which no secret was found.
|
static <T extends Secret> |
Purpose.purpose(String label,
Class<T> type)
Constructs a purpose object.
|
Modifier and Type | Method and Description |
---|---|
<S extends T> |
ThreadPoolSecretStore.getActive(Purpose<S> purpose) |
<S extends T> |
SecretStore.getActive(Purpose<S> purpose)
Returns the active secret for the given purpose.
|
<S extends Secret> |
SecretsProvider.getActiveSecret(Purpose<S> purpose)
Gets the currently active secret for the given purpose.
|
<S extends T> |
ThreadPoolSecretStore.getNamed(Purpose<S> purpose,
String name) |
<S extends T> |
SecretStore.getNamed(Purpose<S> purpose,
String name)
Returns the named secret from this store.
|
<S extends Secret> |
SecretsProvider.getNamedOrValidSecrets(Purpose<S> purpose,
String id)
If the given id is not null, then this returns the single named secret that corresponds to that stable id (or
a stream of valid secrets for the given
purpose if no such secret exists), otherwise it returns all
valid secrets for the given purpose. |
<S extends Secret> |
SecretsProvider.getNamedSecret(Purpose<S> purpose,
String id)
Gets the secret for the given purpose with the given stable secret id.
|
<S extends T> |
ThreadPoolSecretStore.getValid(Purpose<S> purpose) |
<S extends T> |
SecretStore.getValid(Purpose<S> purpose)
Returns all valid secrets for the given purpose from this store.
|
<S extends Secret> |
SecretsProvider.getValidSecrets(Purpose<S> purpose)
Returns all secrets for the given purpose which have not yet expired.
|
void |
ThreadPoolSecretStore.retire(Purpose<? extends T> purpose,
String secretIdToRetire) |
default void |
SecretStore.retire(Purpose<? extends T> purpose,
String secretIdToRetire)
Retires the given secret for the given purpose.
|
void |
ThreadPoolSecretStore.rotate(Purpose<? extends T> purpose,
String newActiveSecretId) |
default void |
SecretStore.rotate(Purpose<? extends T> purpose,
String newActiveSecretId)
Rotates the active secret for the given purpose.
|
<T extends Secret> |
SecretsProvider.setActiveStore(SecretStore<? super T> store,
Purpose<? extends T>... purposes)
Sets the active store to use for the given purpose.
|
protected <T extends Secret> |
SecretsProvider.setActiveStore(SecretStore<? super T> store,
Purpose<? extends T> purpose)
Sets the active store to use for the given purpose.
|
Constructor and Description |
---|
NoSuchSecretException(Purpose<?> purpose)
Constructs the exception for the given purpose.
|
NoSuchSecretException(Purpose<?> purpose,
String id)
Constructs the exception for the given purpose and secret stable id.
|
SecretReference(SecretsProvider provider,
Purpose<T> purpose)
Constructs the secret reference from the given provider and purpose using the system clock to check for expiry.
|
SecretReference(SecretsProvider provider,
Purpose<T> purpose,
Clock clock)
Constructs the secret reference from the given provider and purpose.
|
Modifier and Type | Method and Description |
---|---|
<S extends CryptoKey> |
KeyStoreSecretStore.getActive(Purpose<S> purpose) |
<S extends CryptoKey> |
KeyStoreSecretStore.getNamed(Purpose<S> purpose,
String id) |
<S extends CryptoKey> |
KeyStoreSecretStore.getValid(Purpose<S> purpose) |
void |
KeyStoreSecretStore.retire(Purpose<? extends CryptoKey> purpose,
String oldAlias)
Retires a key previously used for a given purpose.
|
void |
KeyStoreSecretStore.rotate(Purpose<? extends CryptoKey> purpose,
String newAlias)
Rotates the key associated with a given purpose.
|
Modifier and Type | Method and Description |
---|---|
<S extends Secret> |
PropertyResolverSecretStore.getActive(Purpose<S> purpose) |
<S extends Secret> |
PropertyResolverSecretStore.getNamed(Purpose<S> purpose,
String name) |
<S extends Secret> |
PropertyResolverSecretStore.getValid(Purpose<S> purpose) |
Copyright 2011-2017 ForgeRock AS.