Class PemPropertyFormat
- java.lang.Object
-
- org.forgerock.secrets.propertyresolver.PemPropertyFormat
-
- All Implemented Interfaces:
SecretPropertyFormat
,SecretDecoder
public final class PemPropertyFormat extends Object implements SecretPropertyFormat
Supports decoding keys and certificates in PEM format. Technically, the format now used by lots of software is not quite the same as PEM, but the name has stuck. This implements the format that everyone uses.The following specific types of objects can be loaded:
- X.509 certificates (
BEGIN CERTIFICATE
). - PKCS#8 format public keys (
BEGIN PUBLIC KEY
). - PKCS#8 format private keys (
BEGIN PRIVATE KEY
. - PKCS#1 format RSA public/private keys (
BEGIN RSA PUBLIC KEY
). - "PKCS#1-style" encoded EC and DSA private keys (
BEGIN EC PRIVATE KEY
). - Encrypted PKCS#8 private keys (
BEGIN ENCRYPTED PRIVATE KEY
. - Encrypted legacy OpenSSL private keys (
BEGIN RSA PRIVATE KEY
with additionalProc-Type
andDEK-Info
header fields). - Raw HMAC or AES secret keys (
BEGIN AES/HMAC SECRET KEY
). This is a non-standard ForgeRock addition. - Generic secrets such as passwords or API keys (
BEGIN GENERIC SECRET
). This is a non-standard ForgeRock addition.
- See Also:
- RFC 7468.
-
-
Field Summary
-
Fields inherited from interface org.forgerock.secrets.SecretDecoder
RAW
-
Fields inherited from interface org.forgerock.secrets.propertyresolver.SecretPropertyFormat
PLAIN
-
-
Constructor Summary
Constructors Constructor Description PemPropertyFormat()
Initializes the property format without any support for decrypting private key files.PemPropertyFormat(Supplier<SecretBuilder> secretBuilderSupplier)
Initializes the property format without any support for decrypting private key files.PemPropertyFormat(SecretsProvider secretsProvider, Purpose<GenericSecret> decryptionPasswordPurpose)
Initializes the property format with the given secrets provider and purpose for decrypting password-encrypted PEM files.PemPropertyFormat(SecretsProvider secretsProvider, Purpose<GenericSecret> decryptionPasswordPurpose, Supplier<SecretBuilder> secretBuilderSupplier)
Initializes the property format with the given secrets provider and purpose for decrypting password-encrypted PEM files.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description SecretBuilder
decode(String propertyValue)
Decodes the input property value, setting relevant properties on aSecretBuilder
object.Promise<SecretBuilder,NoSuchSecretException>
decodeToPromise(String propertyValue)
Decodes the input property value, setting relevant properties on aSecretBuilder
object.-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.forgerock.secrets.propertyresolver.SecretPropertyFormat
decodeToPromise
-
-
-
-
Constructor Detail
-
PemPropertyFormat
public PemPropertyFormat(SecretsProvider secretsProvider, Purpose<GenericSecret> decryptionPasswordPurpose, Supplier<SecretBuilder> secretBuilderSupplier)
Initializes the property format with the given secrets provider and purpose for decrypting password-encrypted PEM files. All valid passwords for the given purpose will be tried in turn to attempt to decrypt private key files.- Parameters:
secretsProvider
- the secrets provider to retrieve decryption passwords from.decryptionPasswordPurpose
- the purpose to use for retrieving passwords.secretBuilderSupplier
- a supplier for new SecretBuilder objects when parsing the pem.
-
PemPropertyFormat
public PemPropertyFormat(SecretsProvider secretsProvider, Purpose<GenericSecret> decryptionPasswordPurpose)
Initializes the property format with the given secrets provider and purpose for decrypting password-encrypted PEM files. All valid passwords for the given purpose will be tried in turn to attempt to decrypt private key files.- Parameters:
secretsProvider
- the secrets provider to retrieve decryption passwords from.decryptionPasswordPurpose
- the purpose to use for retrieving passwords.
-
PemPropertyFormat
public PemPropertyFormat(Supplier<SecretBuilder> secretBuilderSupplier)
Initializes the property format without any support for decrypting private key files. Only unencrypted private keys are supported in this mode. UsePemPropertyFormat(SecretsProvider, Purpose)
for encryption support.- Parameters:
secretBuilderSupplier
- a supplier for new SecretBuilder objects when parsing the pem.
-
PemPropertyFormat
public PemPropertyFormat()
Initializes the property format without any support for decrypting private key files. Only unencrypted private keys are supported in this mode. UsePemPropertyFormat(SecretsProvider, Purpose)
for encryption support.
-
-
Method Detail
-
decodeToPromise
public Promise<SecretBuilder,NoSuchSecretException> decodeToPromise(String propertyValue)
Description copied from interface:SecretPropertyFormat
Decodes the input property value, setting relevant properties on aSecretBuilder
object.- Specified by:
decodeToPromise
in interfaceSecretPropertyFormat
- Parameters:
propertyValue
- the value of the secret property.- Returns:
- a promise of the decoded secret information.
-
decode
public SecretBuilder decode(String propertyValue) throws NoSuchSecretException
Description copied from interface:SecretPropertyFormat
Decodes the input property value, setting relevant properties on aSecretBuilder
object.- Specified by:
decode
in interfaceSecretPropertyFormat
- Parameters:
propertyValue
- the value of the secret property.- Returns:
- the decoded secret information.
- Throws:
NoSuchSecretException
- If the property value does not contain a value that can be decoded.
-
-