Uses of Class
org.forgerock.secrets.Purpose
-
Packages that use Purpose Package Description org.forgerock.http.oauth2 This package provides APIs for OAuth 2.0 services implementations.org.forgerock.json.jose.jwe Classes and interfaces for JWT encryption and JWEs.org.forgerock.json.jose.jwk Classes and interfaces for creating and manipulating JWKs.org.forgerock.json.jose.jws Classes and interfaces for JWT signing and JWS'.org.forgerock.json.jose.tokenhandler JWT implementation(s) ofTokenHandler
.org.forgerock.macaroons Implementation of Macaroons: Cookies with contextual caveats for decentralized authorization in the cloud. SeeMacaroon
for more details.org.forgerock.oauth.resolvers This package contains classes to generate Open ID Resolvers, which can validate a supplied JWS against an Open ID Connect provider.org.forgerock.oauth.resolvers.service This package contains classes for a service which can be configured to produce OpenID Connect Resolvers.org.forgerock.openam.secrets The AM supporting classes for centrally configuring secrets.org.forgerock.secrets Provides a unified API for accessing secrets of various kinds.org.forgerock.secrets.gcp.sm Classes for integrating Google Secret Manager into the ForgeRock Secrets API.org.forgerock.secrets.gcpkms A secret store implementation that can retrieve keys from a Google Cloud Platform Key Management Service.org.forgerock.secrets.jwkset Secret store backend for retrieving keys from a local or remote JWK Set.org.forgerock.secrets.keystore Implementations ofSecretStore
for accessing keys stored in Java KeyStores, such as PKCS#11 Hardware Security Modules (HSMs) and PKCS#12 file-based encrypted key stores.org.forgerock.secrets.propertyresolver Provides aSecretStore
implementation that loads secrets from a Common ConfigurationPropertyResolver
and then decodes it with aSecretPropertyFormat
.org.forgerock.secrets.vault Secrets backend that reads secrets from a remote Hashicorp Vault server. -
-
Uses of Purpose in org.forgerock.http.oauth2
Methods in org.forgerock.http.oauth2 with parameters of type Purpose Modifier and Type Method Description EncryptedPrivateKeyJwtClientAuthenticationFilter.Builder
EncryptedPrivateKeyJwtClientAuthenticationFilter.Builder. withEncryptionPurpose(Purpose<DataEncryptionKey> encryptionPurpose)
Deprecated, for removal: This API element is subject to removal in a future version.T
PrivateKeyJwtClientAuthenticationFilter.Builder. withSigningPurpose(Purpose<SigningKey> signingPurpose)
Deprecated, for removal: This API element is subject to removal in a future version. -
Uses of Purpose in org.forgerock.json.jose.jwe
Methods in org.forgerock.json.jose.jwe that return Purpose Modifier and Type Method Description Purpose<? extends CryptoKey>
JweAlgorithm. getDecryptionPurpose(String label)
Returns aPurpose
that can be used to retrieve keys that are suitable for decryption with this JWE algorithm.Purpose<? extends CryptoKey>
JweAlgorithmType. getDecryptionPurpose(String label)
Returns aPurpose
that can be used to retrieve keys that are suitable for decryption with this type of JWE algorithm.Purpose<? extends CryptoKey>
JweAlgorithm. getEncryptionPurpose(String label)
Returns aPurpose
that can be used to retrieve keys that are suitable for encryption with this JWE algorithm.Purpose<? extends CryptoKey>
JweAlgorithmType. getEncryptionPurpose(String label)
Returns aPurpose
that can be used to retrieve keys that are suitable for encryption with this type of JWE algorithm.Methods in org.forgerock.json.jose.jwe with parameters of type Purpose Modifier and Type Method Description Promise<? extends EncryptedJwt,JweDecryptionCheckedException>
EncryptedJwt. decrypt(SecretsProvider secretsProvider, Purpose<? extends CryptoKey> purpose)
Attempts to decrypt the JWT using any available keys for the givenPurpose
from the givenSecretsProvider
.Promise<SignedThenEncryptedJwt,JweDecryptionCheckedException>
SignedThenEncryptedJwt. decrypt(SecretsProvider secretsProvider, Purpose<? extends CryptoKey> purpose)
Promise<SignedThenEncryptedJwt,JweDecryptionCheckedException>
SignedThenEncryptedJwt. decryptAndVerify(SecretsProvider secretsProvider, Purpose<? extends CryptoKey> decryptionPurpose, Purpose<VerificationKey> verificationPurpose)
Decrypts the outer JWT and then verifies the signature on the inner JWT using secrets from the suppliedSecretsProvider
.Promise<byte[],JweDecryptionCheckedException>
EncryptedJwt. decryptRawPayload(SecretsProvider secretsProvider, Purpose<? extends CryptoKey> purpose)
Attempts to decrypt the raw payload of the JWT using any keys from the givenSecretsProvider
that satisfy the suppliedPurpose
. -
Uses of Purpose in org.forgerock.json.jose.jwk
Methods in org.forgerock.json.jose.jwk with parameters of type Purpose Modifier and Type Method Description <T extends CryptoKey>
TJWK. toCryptoKey(Purpose<T> purpose, Instant expiry)
Converts this JWK into aCryptoKey
subclass object for use with the Secrets API. -
Uses of Purpose in org.forgerock.json.jose.jws
Methods in org.forgerock.json.jose.jws with parameters of type Purpose Modifier and Type Method Description Promise<? extends EncryptedJwt,JweDecryptionCheckedException>
EncryptedThenSignedJwt. decrypt(SecretsProvider secretsProvider, Purpose<? extends CryptoKey> decryptionPurpose)
Decrypts the inner encrypted JWE so that the payload can be accessed.SigningHandler
SigningManager. newSigningHandler(JWK jwk, Purpose<SigningKey> purpose)
Returns a signing handler from the given JSON Web Key (JWK) which will be used to sign a JWT.SigningHandler
SigningManager. newSigningHandler(JWK jwk, Purpose<SigningKey> purpose, Instant expiry)
Returns a signing handler from the given JSON Web Key (JWK) which will be used to sign a JWT.Promise<SigningHandler,NoSuchSecretException>
SigningManager. newSigningHandler(Purpose<SigningKey> purpose)
Constructs a new SigningHandler configured for signing with the provided secret purpose.SigningHandler
SigningManager. newVerificationHandler(JWK jwk, Purpose<VerificationKey> purpose)
Returns a signing handler from the given JSON Web Key (JWK) which will be used to verify a JWT.SigningHandler
SigningManager. newVerificationHandler(JWK jwk, Purpose<VerificationKey> purpose, Instant expiry)
Returns a signing handler from the given JSON Web Key (JWK) which will be used to verify a JWT.Promise<SigningHandler,NeverThrowsException>
SigningManager. newVerificationHandler(Purpose<VerificationKey> purpose, String keyId)
Constructs a new SigningHandler configured for verifying with the provided secret purpose. -
Uses of Purpose in org.forgerock.json.jose.tokenhandler
Methods in org.forgerock.json.jose.tokenhandler with parameters of type Purpose Modifier and Type Method Description SecretsJwtTokenHandler.Builder
SecretsJwtTokenHandler.Builder. decryptionPurpose(Purpose<? extends CryptoKey> decryptionKeyPurpose)
Specifies thePurpose
used to retrieve decryption keys from the secrets provider.SecretsJwtTokenHandler.Builder
SecretsJwtTokenHandler.Builder. encryptionPurpose(Purpose<? extends CryptoKey> encryptionKeyPurpose)
Specifies thePurpose
used to retrieve encryption keys from the secrets provider.SecretsJwtTokenHandler.Builder
SecretsJwtTokenHandler.Builder. signingPurpose(Purpose<SigningKey> signingKeyPurpose)
Specifies thePurpose
used to retrieve signing keys from the secrets provider.SecretsJwtTokenHandler.Builder
SecretsJwtTokenHandler.Builder. verificationPurpose(Purpose<VerificationKey> verificationKeyPurpose)
Specifies thePurpose
used to retrieve verification keys from the secrets provider.Constructors in org.forgerock.json.jose.tokenhandler with parameters of type Purpose Constructor Description SecretsJwtTokenHandler(JweAlgorithm jweAlgorithm, EncryptionMethod jweMethod, JwsAlgorithm jwsAlgorithm, Optional<Long> tokenLifeTimeInSeconds, KeyPair jweKeyPair, SigningManager manager, Purpose<SigningKey> signingKeyPurpose, Purpose<VerificationKey> verificationKeyPurpose, Clock clock)
Deprecated.UseSecretsJwtTokenHandler.builder()
instead. -
Uses of Purpose in org.forgerock.macaroons
Constructors in org.forgerock.macaroons with parameters of type Purpose Constructor Description MacaroonVerifier(SecretsProvider secretsProvider, Purpose<VerificationKey> purpose)
Constructs the macaroon verifier with the given source of verification keys. -
Uses of Purpose in org.forgerock.oauth.resolvers
Methods in org.forgerock.oauth.resolvers with parameters of type Purpose Modifier and Type Method Description OpenIdResolver
OpenIdResolverFactory. createSecretsProviderResolver(String issuer, SecretsProvider provider, Purpose<VerificationKey> purpose)
Creates a public key based resolver for the suppliedissuer
using keys available through the givenprovider
.Constructors in org.forgerock.oauth.resolvers with parameters of type Purpose Constructor Description EncryptedOpenIdResolverFactory(SecretsProvider secretsProvider, Purpose<DataDecryptionKey> idTokenPurpose)
Constructs a newEncryptedOpenIdResolverFactory
instance. -
Uses of Purpose in org.forgerock.oauth.resolvers.service
Constructors in org.forgerock.oauth.resolvers.service with parameters of type Purpose Constructor Description OpenIdResolverServiceImpl(Client client, SecretsProvider secretsProvider, Purpose<DataDecryptionKey> idTokenPurpose)
Constructor for the OpenIdResolverServiceImpl which will use the supplied read and connection timeouts when communicating over HTTP. -
Uses of Purpose in org.forgerock.openam.secrets
Methods in org.forgerock.openam.secrets that return Purpose Modifier and Type Method Description Purpose<S>
DefaultingPurpose. getCustomPurpose(String instanceId)
Returns the instance specific purpose.Purpose<S>
DefaultingPurpose. getDefaultPurpose()
Returns the default purpose.static Purpose<KeyEncryptionKey>
SecretsUtils. realmQualifiedEncryptionPurpose(String realm, String rootPurpose)
Returns the purpose to use at the global scope for looking up a realm-specific encryption key.Methods in org.forgerock.openam.secrets with parameters of type Purpose Modifier and Type Method Description <T extends Secret>
SecretReference<T>SecretsReferenceProvider. get(Purpose<T> purpose)
Get the reference for the secrets that fulfil the purpose.<S extends Secret>
Promise<S,NoSuchSecretException>SecretsProviderFacade. getActiveSecret(Purpose<S> purpose)
<S extends Secret>
Promise<S,NoSuchSecretException>SecretsProviderFacade. getNamedSecret(Purpose<S> purpose, String id)
<S extends Secret>
Promise<Stream<S>,NeverThrowsException>SecretsProviderFacade. getValidSecrets(Purpose<S> purpose)
Constructors in org.forgerock.openam.secrets with parameters of type Purpose Constructor Description DefaultingPurpose(Purpose<S> defaultPurpose, String customSecretId)
Creates a new defaulting purpose. -
Uses of Purpose in org.forgerock.secrets
Fields in org.forgerock.secrets declared as Purpose Modifier and Type Field Description static Purpose<DataDecryptionKey>
Purpose. DATA_DECRYPTION
Indicates a key intended for decrypting data.static Purpose<DataEncryptionKey>
Purpose. DATA_ENCRYPTION
Indicates a key intended for encrypting data.static Purpose<KeyAgreementKey>
Purpose. KEY_AGREEMENT
Indicates a key intended for an interactive key agreement protocol, such as Diffie-Hellman (DH) or the elliptic curve equivalent (ECDH).static Purpose<KeyDecryptionKey>
Purpose. KEY_DECRYPTION
Indicates a key intended for decrypting ("unwrapping") other keys.static Purpose<KeyEncryptionKey>
Purpose. KEY_ENCRYPTION
Indicates a key intended for encrypting ("wrapping") other keys.static Purpose<GenericSecret>
Purpose. PASSWORD
Indicates a secret intended to be used as a password for authentication to some service.static Purpose<SigningKey>
Purpose. SIGN
Indicates a key intended for creating digital signatures or message authentication codes (MACs).static Purpose<VerificationKey>
Purpose. VERIFY
Indicates a key intended for verifying digital signatures or message authentication codes.static Purpose<CertificateVerificationKey>
Purpose. VERIFY_CERTIFICATE
Indicates a key intended for verifying certificate signatures.Methods in org.forgerock.secrets that return Purpose Modifier and Type Method Description Purpose<?>
NoSuchSecretException. getPurpose()
Returns the purpose for which no secret was found.static <T extends Secret>
Purpose<T>Purpose. purpose(String label, Class<T> type)
Constructs a purpose object.static <T extends Secret>
Purpose<T>Purpose. purpose(String label, Class<T> type, SecretConstraint<? super T>... constraints)
Constructs a purpose object.Purpose<T>
Purpose. withConstraints(SecretConstraint<? super T>... constraints)
Constructs a new purpose that is identical to this purpose but which imposes additional constraints on the secrets that can satisfy it.Methods in org.forgerock.secrets with parameters of type Purpose Modifier and Type Method Description static <T extends Secret>
SecretReference<T>SecretReference. active(SecretsProvider secretsProvider, Purpose<T> purpose, Clock clock)
Creates a reference to the active secret for the given purpose using the given secrets provider.<T extends CryptoKey>
KeyStoreSecretsProvider. asKeyStore(Purpose<T> purpose)
Returns a view of this secrets provider as a keystore for the given purpose.<T extends Secret>
TSecretBuilder. build(Purpose<T> purpose)
Builds a secret of the given type, enforcing anyconstraints
attached to the purpose.<S extends Secret>
SecretReference<S>SecretsProvider. createActiveReference(Purpose<S> purpose)
Creates the secret reference from the given purpose.<S extends Secret>
SecretReference<S>SecretsProvider. createNamedReference(Purpose<S> purpose, String name)
Creates a reference to a secret with the given name (stable id) for the given purpose.default <S extends T>
Promise<S,NoSuchSecretException>SecretStore. getActive(Purpose<S> purpose)
Returns the active secret for the given purpose.<S extends T>
Promise<S,NoSuchSecretException>ThreadPoolSecretStore. getActive(Purpose<S> purpose)
<S extends Secret>
Promise<S,NoSuchSecretException>SecretsProvider. getActiveSecret(Purpose<S> purpose)
Gets the currently active secret for the given purpose.X509ExtendedKeyManager
SecretsProvider. getKeyManager(Purpose<? extends CryptoKey> purpose)
Returns aKeyManager
that can be used toinitialize an SSLContext
, allowing certificates and private keys to be retrieved from this secrets provider.X509ExtendedKeyManager
SecretsProvider. getKeyManager(Purpose<? extends CryptoKey> purpose, Options options)
Returns aKeyManager
that can be used toinitialize an SSLContext
, allowing certificates and private keys to be retrieved from this secrets provider.default <S extends T>
Promise<S,NoSuchSecretException>SecretStore. getNamed(Purpose<S> purpose, String name)
Returns the named secret from this store.<S extends T>
Promise<S,NoSuchSecretException>ThreadPoolSecretStore. getNamed(Purpose<S> purpose, String name)
<S extends Secret>
Promise<Stream<S>,NeverThrowsException>SecretsProvider. getNamedOrValidSecrets(Purpose<S> purpose, String id)
If the given id is not null, then this returns the single named secret that corresponds to that stable id (or a stream of valid secrets for the givenpurpose
if no such secret exists), otherwise it returns all valid secrets for the given purpose.<S extends Secret>
Promise<S,NoSuchSecretException>SecretsProvider. getNamedSecret(Purpose<S> purpose, String id)
Gets the secret for the given purpose with the given stable secret id.SecretsTrustManager
SecretsProvider. getTrustManager(Purpose<? extends CryptoKey> purpose)
Constructs anX509ExtendedTrustManager
that will retrieve certificates from this secrets provider for the provided purpose.SecretsTrustManager
SecretsProvider. getTrustManager(Purpose<? extends CryptoKey> purpose, Options options)
Constructs anX509ExtendedTrustManager
that will retrieve certificates from this secrets provider for the provided purpose.<S extends T>
Promise<Stream<S>,NeverThrowsException>SecretStore. getValid(Purpose<S> purpose)
Returns all valid secrets for the given purpose from this store.<S extends T>
Promise<Stream<S>,NeverThrowsException>ThreadPoolSecretStore. getValid(Purpose<S> purpose)
<S extends Secret>
Promise<Stream<S>,NeverThrowsException>SecretsProvider. getValidSecrets(Purpose<S> purpose)
Returns all secrets for the given purpose which have not yet expired.static <T extends Secret>
SecretReference<T>SecretReference. named(SecretsProvider secretsProvider, Purpose<T> purpose, String name, Clock clock)
Creates a reference to a named secret using the given secrets provider.default void
SecretStore. retire(Purpose<? extends T> purpose, String secretIdToRetire)
Retires the given secret for the given purpose.void
ThreadPoolSecretStore. retire(Purpose<? extends T> purpose, String secretIdToRetire)
default void
SecretStore. rotate(Purpose<? extends T> purpose, String newActiveSecretId)
Rotates the active secret for the given purpose.void
ThreadPoolSecretStore. rotate(Purpose<? extends T> purpose, String newActiveSecretId)
protected <T extends Secret>
voidSecretsProvider. setActiveStore(SecretStore<? super T> store, Purpose<? extends T> purpose)
Sets the active store to use for the given purpose.<T extends Secret>
SecretsProviderSecretsProvider. setActiveStore(SecretStore<? super T> store, Purpose<? extends T>... purposes)
Sets the active store to use for the given purpose.<S extends Secret>
SecretsProviderSecretsProvider. useSpecificSecretForPurpose(Purpose<S> purpose, S secret)
Configures this SecretsProvider to always return the specific given secret for the given purpose.Constructors in org.forgerock.secrets with parameters of type Purpose Constructor Description NoSuchSecretException(Purpose<?> purpose)
Constructs the exception for the given purpose.NoSuchSecretException(Purpose<?> purpose, String id)
Constructs the exception for the given purpose and secret stable id.SecretReference(SecretsProvider provider, Purpose<T> purpose)
Deprecated.SecretReference(SecretsProvider provider, Purpose<T> purpose, Clock clock)
Deprecated.SecretsLoadStoreParameter(SecretsProvider secretsProvider, Purpose<? extends CryptoKey> purpose, Clock clock)
Initialises the keystore with the given secrets API objects. -
Uses of Purpose in org.forgerock.secrets.gcp.sm
Methods in org.forgerock.secrets.gcp.sm with parameters of type Purpose Modifier and Type Method Description <S extends Secret>
Promise<S,NoSuchSecretException>GoogleSecretManagerSecretStore. getActive(Purpose<S> purpose)
<S extends Secret>
Promise<S,NoSuchSecretException>GoogleSecretManagerSecretStore. getNamed(Purpose<S> purpose, String name)
<S extends Secret>
Promise<Stream<S>,NeverThrowsException>GoogleSecretManagerSecretStore. getValid(Purpose<S> purpose)
Method parameters in org.forgerock.secrets.gcp.sm with type arguments of type Purpose Modifier and Type Method Description GoogleSecretManagerSecretStore.Builder
GoogleSecretManagerSecretStore.Builder. formatMapping(Function<Purpose<?>,Optional<SecretDecoder>> formatMapping)
Specifies aSecretDecoder
to use to decode data returned by Secret Manager.GoogleSecretManagerSecretStore.Builder
GoogleSecretManagerSecretStore.Builder. purposeMapping(Function<Purpose<?>,String> purposeMapping)
Specifies the GCP secret name to use for the given purpose.GoogleSecretManagerSecretStore.Builder
GoogleSecretManagerSecretStore.Builder. purposeMapping(Map<Purpose<?>,String> purposeMapping)
Specifies the GCP secret name to use for the given purpose. -
Uses of Purpose in org.forgerock.secrets.gcpkms
Methods in org.forgerock.secrets.gcpkms with parameters of type Purpose Modifier and Type Method Description <S extends CryptoKey>
Promise<S,NoSuchSecretException>GoogleKmsSecretStore. getActive(Purpose<S> purpose)
<S extends CryptoKey>
Promise<S,NoSuchSecretException>GoogleKmsSecretStore. getNamed(Purpose<S> purpose, String name)
<S extends CryptoKey>
Promise<Stream<S>,NeverThrowsException>GoogleKmsSecretStore. getValid(Purpose<S> purpose)
Method parameters in org.forgerock.secrets.gcpkms with type arguments of type Purpose Modifier and Type Method Description GoogleKmsSecretStore.Builder
GoogleKmsSecretStore.Builder. cryptoKeyMapping(Function<Purpose<? extends CryptoKey>,String> cryptoKeyMapping)
Sets the mapping from purposes to crypto key names in KMS.GoogleKmsSecretStore.Builder
GoogleKmsSecretStore.Builder. cryptoKeyMapping(Map<Purpose<? extends CryptoKey>,String> mapping)
Sets the mapping from purposes to crypto key names in KMS.Constructors in org.forgerock.secrets.gcpkms with parameters of type Purpose Constructor Description GoogleKmsEncryptedPropertyFormat(GoogleKmsSecretStore secretStore, Purpose<DataDecryptionKey> purpose)
Initializes the property format with the given secret store and purpose. -
Uses of Purpose in org.forgerock.secrets.jwkset
Methods in org.forgerock.secrets.jwkset with parameters of type Purpose Modifier and Type Method Description <S extends CryptoKey>
Promise<S,NoSuchSecretException>JwkSetSecretStore. getNamed(Purpose<S> purpose, String name)
<S extends CryptoKey>
Promise<Stream<S>,NeverThrowsException>JwkSetSecretStore. getValid(Purpose<S> purpose)
-
Uses of Purpose in org.forgerock.secrets.keystore
Methods in org.forgerock.secrets.keystore with parameters of type Purpose Modifier and Type Method Description <S extends CryptoKey>
Promise<S,NoSuchSecretException>KeyStoreSecretStore. getActive(Purpose<S> purpose)
<S extends CryptoKey>
Promise<S,NoSuchSecretException>KeyStoreSecretStore. getNamed(Purpose<S> purpose, String id)
<S extends CryptoKey>
Promise<Stream<S>,NeverThrowsException>KeyStoreSecretStore. getValid(Purpose<S> purpose)
void
KeyStoreSecretStore. retire(Purpose<? extends CryptoKey> purpose, String oldAlias)
Retires a key previously used for a given purpose.void
KeyStoreSecretStore. rotate(Purpose<? extends CryptoKey> purpose, String newAlias)
Rotates the key associated with a given purpose. -
Uses of Purpose in org.forgerock.secrets.propertyresolver
Methods in org.forgerock.secrets.propertyresolver with parameters of type Purpose Modifier and Type Method Description <S extends Secret>
Promise<S,NoSuchSecretException>PropertyResolverSecretStore. getActive(Purpose<S> purpose)
<S extends Secret>
Promise<S,NoSuchSecretException>PropertyResolverSecretStore. getNamed(Purpose<S> purpose, String name)
<S extends Secret>
Promise<Stream<S>,NeverThrowsException>PropertyResolverSecretStore. getValid(Purpose<S> purpose)
Returns a stream of the active secret for the given purpose.Constructors in org.forgerock.secrets.propertyresolver with parameters of type Purpose Constructor Description PemPropertyFormat(SecretsProvider secretsProvider, Purpose<GenericSecret> decryptionPasswordPurpose)
Initializes the property format with the given secrets provider and purpose for decrypting password-encrypted PEM files.PemPropertyFormat(SecretsProvider secretsProvider, Purpose<GenericSecret> decryptionPasswordPurpose, Supplier<SecretBuilder> secretBuilderSupplier)
Initializes the property format with the given secrets provider and purpose for decrypting password-encrypted PEM files. -
Uses of Purpose in org.forgerock.secrets.vault
Methods in org.forgerock.secrets.vault that return types with arguments of type Purpose Modifier and Type Method Description Function<Purpose<?>,String>
VaultConfig. getPurposeMapping()
Returns the mapping from purposes to Vault secret names.Method parameters in org.forgerock.secrets.vault with type arguments of type Purpose Modifier and Type Method Description VaultConfig.Builder
VaultConfig.Builder. purposeMapping(Function<Purpose<?>,String> purposeMapping)
Configures the mapping from purposes to named entries in a Vault secret engine.VaultConfig.Builder
VaultConfig.Builder. purposeMapping(Map<Purpose<?>,String> purposeMapping)
Configures the mapping from purposes to named entries in a Vault secret engine.
-