Package org.forgerock.secrets.propertyresolver

Class PemPropertyFormat

java.lang.Object

org.forgerock.secrets.propertyresolver.PemPropertyFormat

All Implemented Interfaces:

SecretPropertyFormat, SecretDecoder

public final class PemPropertyFormat
extends Object
implements SecretPropertyFormat

Supports decoding keys and certificates in PEM format. Technically, the format now used by lots of software is not quite the same as PEM, but the name has stuck. This implements the format that everyone uses.

The following specific types of objects can be loaded:

• X.509 certificates (BEGIN CERTIFICATE).
• PKCS#8 format public keys (BEGIN PUBLIC KEY).
• PKCS#8 format private keys (BEGIN PRIVATE KEY.
• PKCS#1 format RSA public/private keys (BEGIN RSA PUBLIC KEY).
• "PKCS#1-style" encoded EC and DSA private keys (BEGIN EC PRIVATE KEY).
• Encrypted PKCS#8 private keys (BEGIN ENCRYPTED PRIVATE KEY.
• Encrypted legacy OpenSSL private keys (BEGIN RSA PRIVATE KEY with additional Proc-Type and DEK-Info header fields).
• Raw HMAC or AES secret keys (BEGIN AES/HMAC SECRET KEY). This is a non-standard ForgeRock addition.
• Generic secrets such as passwords or API keys (BEGIN GENERIC SECRET). This is a non-standard ForgeRock addition.

See Also:

• RFC 7468.

Field Summary

Fields inherited from interface org.forgerock.secrets.SecretDecoder

RAW

Fields inherited from interface org.forgerock.secrets.propertyresolver.SecretPropertyFormat

PLAIN

Constructor Summary

Constructors

Constructor	Description
PemPropertyFormat()	Initializes the property format without any support for decrypting private key files.
PemPropertyFormat(Supplier<SecretBuilder> secretBuilderSupplier)	Initializes the property format without any support for decrypting private key files.
PemPropertyFormat(SecretsProvider secretsProvider, Purpose<GenericSecret> decryptionPasswordPurpose)	Initializes the property format with the given secrets provider and purpose for decrypting password-encrypted PEM files.
PemPropertyFormat(SecretsProvider secretsProvider, Purpose<GenericSecret> decryptionPasswordPurpose, Supplier<SecretBuilder> secretBuilderSupplier)	Initializes the property format with the given secrets provider and purpose for decrypting password-encrypted PEM files.

Method Summary

Modifier and Type	Method	Description
SecretBuilder	decode(String propertyValue)	Decodes the input property value, setting relevant properties on a SecretBuilder object.
Promise<SecretBuilder,NoSuchSecretException>	decodeToPromise(String propertyValue)	Decodes the input property value, setting relevant properties on a SecretBuilder object.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.forgerock.secrets.propertyresolver.SecretPropertyFormat

decodeToPromise

Constructor Details

PemPropertyFormat

public PemPropertyFormat(SecretsProvider secretsProvider,
 Purpose<GenericSecret> decryptionPasswordPurpose,
 Supplier<SecretBuilder> secretBuilderSupplier)

Initializes the property format with the given secrets provider and purpose for decrypting password-encrypted PEM files. All valid passwords for the given purpose will be tried in turn to attempt to decrypt private key files.

Parameters:

secretsProvider - the secrets provider to retrieve decryption passwords from.

decryptionPasswordPurpose - the purpose to use for retrieving passwords.

secretBuilderSupplier - a supplier for new SecretBuilder objects when parsing the pem.

PemPropertyFormat

public PemPropertyFormat(SecretsProvider secretsProvider,
 Purpose<GenericSecret> decryptionPasswordPurpose)

Initializes the property format with the given secrets provider and purpose for decrypting password-encrypted PEM files. All valid passwords for the given purpose will be tried in turn to attempt to decrypt private key files.

Parameters:

secretsProvider - the secrets provider to retrieve decryption passwords from.

decryptionPasswordPurpose - the purpose to use for retrieving passwords.

PemPropertyFormat

public PemPropertyFormat(Supplier<SecretBuilder> secretBuilderSupplier)

Initializes the property format without any support for decrypting private key files. Only unencrypted private keys are supported in this mode. Use PemPropertyFormat(SecretsProvider, Purpose) for encryption support.

Parameters:

secretBuilderSupplier - a supplier for new SecretBuilder objects when parsing the pem.

PemPropertyFormat

public PemPropertyFormat()

Initializes the property format without any support for decrypting private key files. Only unencrypted private keys are supported in this mode. Use PemPropertyFormat(SecretsProvider, Purpose) for encryption support.

Method Details

decodeToPromise

public Promise<SecretBuilder,NoSuchSecretException> decodeToPromise(String propertyValue)

Description copied from interface: SecretPropertyFormat

Decodes the input property value, setting relevant properties on a SecretBuilder object.

Specified by:

decodeToPromise in interface SecretPropertyFormat

Parameters:

propertyValue - the value of the secret property.

Returns:

a promise of the decoded secret information.

decode

public SecretBuilder decode(String propertyValue)
                     throws NoSuchSecretException

Description copied from interface: SecretPropertyFormat

Decodes the input property value, setting relevant properties on a SecretBuilder object.

Specified by:

decode in interface SecretPropertyFormat

Parameters:

propertyValue - the value of the secret property.

Returns:

the decoded secret information.

Throws:

NoSuchSecretException - If the property value does not contain a value that can be decoded.