Uses of Class
org.forgerock.secrets.SecretsProvider
Package
Description
This package contains the common config property resolvers.
This package provides APIs for OAuth 2.0 services implementations.
Classes and interfaces for JWT encryption and JWEs.
Classes and interfaces for JWT signing and JWS'.
JWT implementation(s) of
TokenHandler
.Implementation of
Macaroons: Cookies with contextual caveats for decentralized
authorization in the cloud. See
Macaroon
for more details.This package contains classes to generate Open ID Resolvers, which can
validate a supplied JWS against an Open ID Connect provider.
This package contains classes for a service which can be configured to
produce OpenID Connect Resolvers.
The AM supporting classes for centrally configuring secrets.
Provides a unified API for accessing secrets of various kinds.
Provides a
SecretStore
implementation that loads secrets from a Common Configuration
PropertyResolver
and then decodes it with a
SecretPropertyFormat
.-
Uses of SecretsProvider in org.forgerock.config.resolvers
Modifier and TypeMethodDescriptionstatic PropertyResolver
PropertyResolvers.secretsPropertyResolver
(SecretsProvider secretsProvider) Constructs a resolver that looks upGenericSecret
s from the givenSecretsProvider
and converts them to UTF-8 strings. -
Uses of SecretsProvider in org.forgerock.http.oauth2
Modifier and TypeFieldDescriptionprotected SecretsProvider
PrivateKeyJwtClientAuthenticationFilter.Builder.secretsProvider
SecretsProvider
capable of providing the secret.Modifier and TypeMethodDescriptionPrivateKeyJwtClientAuthenticationFilter.Builder.withSecretsProvider
(SecretsProvider secretsProvider) Deprecated, for removal: This API element is subject to removal in a future version. -
Uses of SecretsProvider in org.forgerock.json.jose.jwe
Modifier and TypeMethodDescriptionPromise<? extends EncryptedJwt,
JweDecryptionCheckedException> EncryptedJwt.decrypt
(SecretsProvider secretsProvider, Purpose<? extends CryptoKey> purpose) Attempts to decrypt the JWT using any available keys for the givenPurpose
from the givenSecretsProvider
.SignedThenEncryptedJwt.decrypt
(SecretsProvider secretsProvider, Purpose<? extends CryptoKey> purpose) SignedThenEncryptedJwt.decryptAndVerify
(SecretsProvider secretsProvider, Purpose<? extends CryptoKey> decryptionPurpose, Purpose<VerificationKey> verificationPurpose) Decrypts the outer JWT and then verifies the signature on the inner JWT using secrets from the suppliedSecretsProvider
.Promise<byte[],
JweDecryptionCheckedException> EncryptedJwt.decryptRawPayload
(SecretsProvider secretsProvider, Purpose<? extends CryptoKey> purpose) Attempts to decrypt the raw payload of the JWT using any keys from the givenSecretsProvider
that satisfy the suppliedPurpose
. -
Uses of SecretsProvider in org.forgerock.json.jose.jws
Modifier and TypeMethodDescriptionPromise<? extends EncryptedJwt,
JweDecryptionCheckedException> EncryptedThenSignedJwt.decrypt
(SecretsProvider secretsProvider, Purpose<? extends CryptoKey> decryptionPurpose) Decrypts the inner encrypted JWE so that the payload can be accessed.ModifierConstructorDescriptionSigningManager
(SecretsProvider provider) Builds a new SigningManager that can buildSigningHandler
based on asynchronously retrieved Secrets from the givenprovider
. -
Uses of SecretsProvider in org.forgerock.json.jose.tokenhandler
Modifier and TypeMethodDescriptionSecretsJwtTokenHandler.Builder.secretsProvider
(SecretsProvider secretsProvider) Configures theSecretsProvider
from which to retrieve signing and encryption keys. -
Uses of SecretsProvider in org.forgerock.macaroons
ModifierConstructorDescriptionMacaroonVerifier
(SecretsProvider secretsProvider, Purpose<VerificationKey> purpose) Constructs the macaroon verifier with the given source of verification keys. -
Uses of SecretsProvider in org.forgerock.oauth.resolvers
Modifier and TypeMethodDescriptionOpenIdResolverFactory.createSecretsProviderResolver
(String issuer, SecretsProvider provider, Purpose<VerificationKey> purpose) Creates a public key based resolver for the suppliedissuer
using keys available through the givenprovider
.ModifierConstructorDescriptionEncryptedOpenIdResolverFactory
(SecretsProvider secretsProvider, Purpose<DataDecryptionKey> idTokenPurpose) Constructs a newEncryptedOpenIdResolverFactory
instance. -
Uses of SecretsProvider in org.forgerock.oauth.resolvers.service
ModifierConstructorDescriptionOpenIdResolverServiceImpl
(Client client, BiPredicate<String, String> issuerComparator, SecretsProvider secretsProvider, Purpose<DataDecryptionKey> idTokenPurpose) Constructor for the OpenIdResolverServiceImpl which will use the supplied read and connection timeouts when communicating over HTTP.OpenIdResolverServiceImpl
(Client client, SecretsProvider secretsProvider, Purpose<DataDecryptionKey> idTokenPurpose) Constructor for the OpenIdResolverServiceImpl which will use the supplied read and connection timeouts when communicating over HTTP. -
Uses of SecretsProvider in org.forgerock.openam.secrets
Modifier and TypeClassDescriptionclass
A facade aroundSecretsProvider
instances from the realm and global levels that will delegate correctly to the global provider when a secret is not found in the realm, and knows how to resolve secrets for aDefaultingPurpose
.Modifier and TypeMethodDescriptionSecretsProviderFacadeFactory.createGlobal
(SecretsProvider secretsProvider) Make a facade from a single secrets provider.SecretsProviderFacadeFactory.createRealm
(SecretsProvider globalSecretsProvider, SecretsProvider realmSecretsProvider) Make a facade from the given secrets provider.ModifierConstructorDescriptionprotected
SecretsProviderFacade
(SecretsProvider secretsProvider, org.forgerock.openam.secrets.rotation.SecretLabelListener secretLabelListener, org.forgerock.openam.audit.AuditEventFactory auditEventFactory, org.forgerock.openam.audit.AuditEventPublisher auditEventPublisher) protected
SecretsProviderFacade
(SecretsProvider globalSecretsProvider, SecretsProvider realmSecretsProvider, org.forgerock.openam.secrets.rotation.SecretLabelListener secretLabelListener, org.forgerock.openam.audit.AuditEventFactory auditEventFactory, org.forgerock.openam.audit.AuditEventPublisher auditEventPublisher) SecretsReferenceProvider
(SecretsProvider secretsProvider) -
Uses of SecretsProvider in org.forgerock.secrets
Modifier and TypeMethodDescriptionfinal <T extends Secret>
SecretsProviderSecretsProvider.setActiveStore
(SecretStore<? super T> store, Purpose<? extends T>... purposes) Sets the active store to use for the given purpose.SecretsProvider.setDefaultStores
(SecretStore<?> activeStore, SecretStore<?>... defaultStores) Sets the default store(s) to use if there is no specific store configured for a particular purpose.<S extends Secret>
SecretsProviderSecretsProvider.useSpecificSecretForPurpose
(Purpose<S> purpose, S secret) Configures this SecretsProvider to always return the specific given secret for the given purpose.<S extends Secret>
SecretsProviderSecretsProvider.useSpecificSecretsForPurpose
(Purpose<S> purpose, List<S> secrets) Configures this SecretsProvider to always return the specific given secrets for the given purpose.Modifier and TypeMethodDescriptionstatic <T extends Secret>
SecretReference<T>SecretReference.active
(SecretsProvider secretsProvider, Purpose<T> purpose, Clock clock) Creates a reference to the active secret for the given purpose using the given secrets provider.static <T extends Secret>
SecretReference<T>SecretReference.named
(SecretsProvider secretsProvider, Purpose<T> purpose, String name, Clock clock) Creates a reference to a named secret using the given secrets provider.static <T extends Secret>
ValidSecretsReference<T,NeverThrowsException> ValidSecretsReference.valid
(SecretsProvider secretsProvider, Purpose<T> purpose, Clock clock) Creates a reference to the valid secrets for the given purpose using the given secrets provider.static <T extends Secret>
ValidSecretsReference<T,NeverThrowsException> ValidSecretsReference.validOrNamed
(SecretsProvider secretsProvider, Purpose<T> purpose, String name, Clock clock) This creates a reference to either the named secret or all valid secrets for the purpose.ModifierConstructorDescriptionSecretReference
(SecretsProvider provider, Purpose<T> purpose) Deprecated.SecretReference
(SecretsProvider provider, Purpose<T> purpose, Clock clock) Deprecated.SecretsLoadStoreParameter
(SecretsProvider secretsProvider, Set<Purpose<? extends CryptoKey>> purposes, Clock clock) Initialises the keystore with the given secrets API objects.SecretsLoadStoreParameter
(SecretsProvider secretsProvider, Purpose<? extends CryptoKey> purpose, Clock clock) Initialises the keystore with the given secrets API objects. -
Uses of SecretsProvider in org.forgerock.secrets.propertyresolver
ModifierConstructorDescriptionPemPropertyFormat
(SecretsProvider secretsProvider, Purpose<GenericSecret> decryptionPasswordPurpose) Initializes the property format with the given secrets provider and purpose for decrypting password-encrypted PEM files.PemPropertyFormat
(SecretsProvider secretsProvider, Purpose<GenericSecret> decryptionPasswordPurpose, Supplier<SecretBuilder> secretBuilderSupplier) Initializes the property format with the given secrets provider and purpose for decrypting password-encrypted PEM files.
SecretReference
API instead.