Uses of Class
org.forgerock.secrets.Purpose

Packages that use Purpose

Package	Description
org.forgerock.opendj.rest2ldap.authz	This package contains Filter to authenticate and authorize LDAP connections.
org.forgerock.secrets	Provides a unified API for accessing secrets of various kinds.
org.forgerock.secrets.keystore	Implementations of SecretStore for accessing keys stored in Java KeyStores, such as PKCS#11 Hardware Security Modules (HSMs) and PKCS#12 file-based encrypted key stores.
org.forgerock.secrets.propertyresolver	Provides a SecretStore implementation that loads secrets from a Common Configuration PropertyResolver and then decodes it with a SecretPropertyFormat.

Uses of Purpose in org.forgerock.opendj.rest2ldap.authz

Methods in org.forgerock.opendj.rest2ldap.authz with parameters of type Purpose

Modifier and Type	Method	Description
<S extends Secret> Promise<Stream<S>,NeverThrowsException>	SecretStores.SecretKeyStore.getValid(Purpose<S> purpose)
static <T extends Secret> JwtFactories.JwtSecretsProvider	JwtFactories.newSecretsProvider(Clock clock, SecretStore<? super T> secretStore, Purpose<? extends T>... purposes)	Returns a new JwtFactories.JwtSecretsProvider.

Constructors in org.forgerock.opendj.rest2ldap.authz with parameters of type Purpose

Modifier	Constructor	Description
	SecretKeyStore(Clock clock, SecretStores.SecretKeyGenerator<? extends SecretKey> secretKeyGenerator, Purpose<?>[] purposes)	Creates a new SingleSecretStore that produces secrets based on the secret key generated by the given SecretStores.SecretKeyStore.secretKeyGenerator.

Uses of Purpose in org.forgerock.secrets

Fields in org.forgerock.secrets declared as Purpose

Modifier and Type	Field	Description
static final Purpose<DataDecryptionKey>	Purpose.DATA_DECRYPTION	Indicates a key intended for decrypting data.
static final Purpose<DataEncryptionKey>	Purpose.DATA_ENCRYPTION	Indicates a key intended for encrypting data.
static final Purpose<KeyAgreementKey>	Purpose.KEY_AGREEMENT	Indicates a key intended for an interactive key agreement protocol, such as Diffie-Hellman (DH) or the elliptic curve equivalent (ECDH).
static final Purpose<KeyDecryptionKey>	Purpose.KEY_DECRYPTION	Indicates a key intended for decrypting ("unwrapping") other keys.
static final Purpose<KeyEncryptionKey>	Purpose.KEY_ENCRYPTION	Indicates a key intended for encrypting ("wrapping") other keys.
static final Purpose<GenericSecret>	Purpose.PASSWORD	Indicates a secret intended to be used as a password for authentication to some service.
static final Purpose<SigningKey>	Purpose.SIGN	Indicates a key intended for creating digital signatures or message authentication codes (MACs).
static final Purpose<VerificationKey>	Purpose.VERIFY	Indicates a key intended for verifying digital signatures or message authentication codes.
static final Purpose<CertificateVerificationKey>	Purpose.VERIFY_CERTIFICATE	Indicates a key intended for verifying certificate signatures.

Methods in org.forgerock.secrets that return Purpose

Modifier and Type	Method	Description
Purpose<?>	NoSuchSecretException.getPurpose()	Returns the purpose for which no secret was found, or null if not specified.
static <T extends Secret> Purpose<T>	Purpose.purpose(String label, Class<T> type)	Constructs a purpose object.
static <T extends Secret> Purpose<T>	Purpose.purpose(String label, Class<T> type, SecretConstraint<? super T>... constraints)	Constructs a purpose object.
final Purpose<T>	Purpose.withConstraints(SecretConstraint<? super T>... constraints)	Constructs a new purpose that is identical to this purpose but which imposes additional constraints on the secrets that can satisfy it.

Methods in org.forgerock.secrets with parameters of type Purpose

Modifier and Type	Method	Description
static <T extends Secret> SecretReference<T>	SecretReference.active(SecretsProvider secretsProvider, Purpose<T> purpose, Clock clock)	Creates a reference to the active secret for the given purpose using the given secrets provider.
<T extends CryptoKey> KeyStore	SecretsProvider.asKeyStore(Purpose<T> purpose)	Returns a view of this secrets provider as a keystore for the given purpose.
<T extends Secret> T	SecretBuilder.build(Purpose<T> purpose)	Builds a secret of the given type, enforcing any constraints attached to the purpose.
<S extends Secret> SecretReference<S>	SecretsProvider.createActiveReference(Purpose<S> purpose)	Creates the secret reference from the given purpose.
<S extends Secret> SecretReference<S>	SecretsProvider.createNamedReference(Purpose<S> purpose, String name)	Creates a reference to a secret with the given name (stable id) for the given purpose.
<S extends Secret> ValidSecretsReference<S,NeverThrowsException>	SecretsProvider.createValidOrNamedReference(Purpose<S> purpose, String name)	Creates the valid secrets reference from the given purpose.
<S extends Secret> ValidSecretsReference<S,NeverThrowsException>	SecretsProvider.createValidReference(Purpose<S> purpose)	Creates the valid secrets reference from the given purpose.
default <S extends T> Promise<S,NoSuchSecretException>	SecretStore.getActive(Purpose<S> purpose)	Returns the active secret for the given purpose.
<S extends T> Promise<S,NoSuchSecretException>	ThreadPoolSecretStore.getActive(Purpose<S> purpose)
<S extends Secret> Promise<S,NoSuchSecretException>	SecretsProvider.getActiveSecret(Purpose<S> purpose)	Gets the currently active secret for the given purpose.
X509ExtendedKeyManager	SecretsProvider.getKeyManager(Purpose<? extends CryptoKey> purpose)	Returns a KeyManager that can be used to initialize an SSLContext, allowing certificates and private keys to be retrieved from this secrets provider.
X509ExtendedKeyManager	SecretsProvider.getKeyManager(Purpose<? extends CryptoKey> purpose, Options options)	Returns a KeyManager that can be used to initialize an SSLContext, allowing certificates and private keys to be retrieved from this secrets provider.
default <S extends T> Promise<S,NoSuchSecretException>	SecretStore.getNamed(Purpose<S> purpose, String name)	Returns the named secret from this store.
<S extends T> Promise<S,NoSuchSecretException>	ThreadPoolSecretStore.getNamed(Purpose<S> purpose, String name)
<S extends Secret> Promise<Stream<S>,NeverThrowsException>	SecretsProvider.getNamedOrValidSecrets(Purpose<S> purpose, String id)	If the given id is not null, then this returns the single named secret that corresponds to that stable id (or a stream of valid secrets for the given purpose if no such secret exists), otherwise it returns all valid secrets for the given purpose.
<S extends Secret> Promise<S,NoSuchSecretException>	SecretsProvider.getNamedSecret(Purpose<S> purpose, String id)	Gets the secret for the given purpose with the given stable secret id.
SecretsTrustManager	SecretsProvider.getTrustManager(Purpose<? extends CryptoKey> purpose)	Constructs an X509ExtendedTrustManager that will retrieve certificates from this secrets provider for the provided purpose.
SecretsTrustManager	SecretsProvider.getTrustManager(Purpose<? extends CryptoKey> purpose, Options options)	Constructs an X509ExtendedTrustManager that will retrieve certificates from this secrets provider for the provided purpose.
<S extends T> Promise<Stream<S>,NeverThrowsException>	SecretStore.getValid(Purpose<S> purpose)	Returns all valid secrets for the given purpose from this store.
<S extends T> Promise<Stream<S>,NeverThrowsException>	ThreadPoolSecretStore.getValid(Purpose<S> purpose)
<S extends Secret> Promise<Stream<S>,NeverThrowsException>	SecretsProvider.getValidSecrets(Purpose<S> purpose)	Returns all secrets for the given purpose which have not yet expired.
static <T extends Secret> SecretReference<T>	SecretReference.named(SecretsProvider secretsProvider, Purpose<T> purpose, String name, Clock clock)	Creates a reference to a named secret using the given secrets provider.
default void	SecretStore.retire(Purpose<? extends T> purpose, String secretIdToRetire)	Retires the given secret for the given purpose.
void	ThreadPoolSecretStore.retire(Purpose<? extends T> purpose, String secretIdToRetire)
default void	SecretStore.rotate(Purpose<? extends T> purpose, String newActiveSecretId)	Rotates the active secret for the given purpose.
void	ThreadPoolSecretStore.rotate(Purpose<? extends T> purpose, String newActiveSecretId)
protected <T extends Secret> void	SecretsProvider.setActiveStore(SecretStore<? super T> store, Purpose<? extends T> purpose)	Sets the active store to use for the given purpose.
final <T extends Secret> SecretsProvider	SecretsProvider.setActiveStore(SecretStore<? super T> store, Purpose<? extends T>... purposes)	Sets the active store to use for the given purpose.
<S extends Secret> SecretsProvider	SecretsProvider.useSpecificSecretForPurpose(Purpose<S> purpose, S secret)	Configures this SecretsProvider to always return the specific given secret for the given purpose.
<S extends Secret> SecretsProvider	SecretsProvider.useSpecificSecretsForPurpose(Purpose<S> purpose, List<S> secrets)	Configures this SecretsProvider to always return the specific given secrets for the given purpose.
static <T extends Secret> ValidSecretsReference<T,NeverThrowsException>	ValidSecretsReference.valid(SecretsProvider secretsProvider, Purpose<T> purpose, Clock clock)	Creates a reference to the valid secrets for the given purpose using the given secrets provider.
static <T extends Secret> ValidSecretsReference<T,NeverThrowsException>	ValidSecretsReference.validOrNamed(SecretsProvider secretsProvider, Purpose<T> purpose, String name, Clock clock)	This creates a reference to either the named secret or all valid secrets for the purpose.

Method parameters in org.forgerock.secrets with type arguments of type Purpose

Modifier and Type	Method	Description
KeyStore	SecretsProvider.asKeyStore(Set<Purpose<? extends CryptoKey>> purposes)	Returns a view of this secrets provider as a keystore for the given purposes.
X509ExtendedKeyManager	SecretsProvider.getKeyManager(Set<Purpose<? extends CryptoKey>> purposes, Options options)	Returns a KeyManager that can be used to initialize an SSLContext, allowing certificates and private keys to be retrieved from this secrets provider.
SecretsTrustManager	SecretsProvider.getTrustManager(Set<Purpose<? extends CryptoKey>> purposes, Options options)	Constructs an X509ExtendedTrustManager that will retrieve certificates from this secrets provider for the provided purposes.

Constructors in org.forgerock.secrets with parameters of type Purpose

Modifier	Constructor	Description
	NoSuchSecretException(Purpose<?> purpose)	Constructs the exception for the given purpose.
	NoSuchSecretException(Purpose<?> purpose, String id)	Constructs the exception for the given purpose and secret stable id.
	SecretReference(SecretsProvider provider, Purpose<T> purpose)	Deprecated. Use SecretsProvider.createActiveReference(Purpose) or SecretReference.active(SecretsProvider, Purpose, Clock) instead.
	SecretReference(SecretsProvider provider, Purpose<T> purpose, Clock clock)	Deprecated. Use SecretsProvider.createActiveReference(Purpose) or SecretReference.active(SecretsProvider, Purpose, Clock) instead.
	SecretsLoadStoreParameter(SecretsProvider secretsProvider, Purpose<? extends CryptoKey> purpose, Clock clock)	Initialises the keystore with the given secrets API objects.

Constructor parameters in org.forgerock.secrets with type arguments of type Purpose

Modifier	Constructor	Description
	SecretsLoadStoreParameter(SecretsProvider secretsProvider, Set<Purpose<? extends CryptoKey>> purposes, Clock clock)	Initialises the keystore with the given secrets API objects.

Uses of Purpose in org.forgerock.secrets.keystore

Methods in org.forgerock.secrets.keystore with parameters of type Purpose

Modifier and Type	Method	Description
<S extends Secret> Promise<S,NoSuchSecretException>	KeyStoreSecretStore.getActive(Purpose<S> purpose)
<S extends Secret> Promise<S,NoSuchSecretException>	KeyStoreSecretStore.getNamed(Purpose<S> purpose, String id)
<S extends Secret> Promise<Stream<S>,NeverThrowsException>	KeyStoreSecretStore.getValid(Purpose<S> purpose)
void	KeyStoreSecretStore.retire(Purpose<? extends Secret> purpose, String oldAlias)	Retires a key previously used for a given purpose.
void	KeyStoreSecretStore.rotate(Purpose<? extends Secret> purpose, String newAlias)	Rotates the key associated with a given purpose.

Uses of Purpose in org.forgerock.secrets.propertyresolver

Methods in org.forgerock.secrets.propertyresolver with parameters of type Purpose

Modifier and Type	Method	Description
<S extends Secret> Promise<S,NoSuchSecretException>	FileSystemSecretStore.getActive(Purpose<S> purpose)
<S extends Secret> Promise<S,NoSuchSecretException>	PropertyResolverSecretStore.getActive(Purpose<S> purpose)
<S extends Secret> Promise<S,NoSuchSecretException>	FileSystemSecretStore.getNamed(Purpose<S> purpose, String name)
<S extends Secret> Promise<S,NoSuchSecretException>	PropertyResolverSecretStore.getNamed(Purpose<S> purpose, String name)
<S extends Secret> Promise<Stream<S>,NeverThrowsException>	FileSystemSecretStore.getValid(Purpose<S> purpose)
<S extends Secret> Promise<Stream<S>,NeverThrowsException>	PropertyResolverSecretStore.getValid(Purpose<S> purpose)	Returns a stream of the active secret for the given purpose.

Constructors in org.forgerock.secrets.propertyresolver with parameters of type Purpose

Modifier	Constructor	Description
	PemPropertyFormat(SecretsProvider secretsProvider, Purpose<GenericSecret> decryptionPasswordPurpose)	Initializes the property format with the given secrets provider and purpose for decrypting password-encrypted PEM files.
	PemPropertyFormat(SecretsProvider secretsProvider, Purpose<GenericSecret> decryptionPasswordPurpose, Supplier<SecretBuilder> secretBuilderSupplier)	Initializes the property format with the given secrets provider and purpose for decrypting password-encrypted PEM files.