Uses of Class
org.forgerock.secrets.SecretsProvider
-
Packages that use SecretsProvider Package Description org.forgerock.http.oauth2 This package provides APIs for OAuth 2.0 services implementations.org.forgerock.json.jose.jwe Classes and interfaces for JWT encryption and JWEs.org.forgerock.json.jose.jws Classes and interfaces for JWT signing and JWS'.org.forgerock.json.jose.tokenhandler JWT implementation(s) ofTokenHandler
.org.forgerock.openig.filter.oauth2.client.authentication Collection of heaplets supporting OAuth2 client authentication Filters.org.forgerock.openig.heap Manages collections or "heaps" of associated objects, initialized from declarative configuration artifacts.org.forgerock.openig.secrets Provides the Common Secrets API for accessing secrets of various kinds.org.forgerock.openig.tools.jwt.validation This package contains classes used to perform JWT validation.org.forgerock.openig.util Miscellaneous utility classes.org.forgerock.secrets Provides a unified API for accessing secrets of various kinds.org.forgerock.secrets.propertyresolver Provides aSecretStore
implementation that loads secrets from a Common ConfigurationPropertyResolver
and then decodes it with aSecretPropertyFormat
. -
-
Uses of SecretsProvider in org.forgerock.http.oauth2
Fields in org.forgerock.http.oauth2 declared as SecretsProvider Modifier and Type Field Description protected SecretsProvider
PrivateKeyJwtClientAuthenticationFilter.Builder. secretsProvider
SecretsProvider
capable of providing the secret.Methods in org.forgerock.http.oauth2 with parameters of type SecretsProvider Modifier and Type Method Description T
PrivateKeyJwtClientAuthenticationFilter.Builder. withSecretsProvider(SecretsProvider secretsProvider)
Deprecated, for removal: This API element is subject to removal in a future version.Please useSecretReference
API instead. -
Uses of SecretsProvider in org.forgerock.json.jose.jwe
Methods in org.forgerock.json.jose.jwe with parameters of type SecretsProvider Modifier and Type Method Description Promise<? extends EncryptedJwt,JweDecryptionCheckedException>
EncryptedJwt. decrypt(SecretsProvider secretsProvider, Purpose<? extends CryptoKey> purpose)
Attempts to decrypt the JWT using any available keys for the givenPurpose
from the givenSecretsProvider
.Promise<SignedThenEncryptedJwt,JweDecryptionCheckedException>
SignedThenEncryptedJwt. decrypt(SecretsProvider secretsProvider, Purpose<? extends CryptoKey> purpose)
Promise<SignedThenEncryptedJwt,JweDecryptionCheckedException>
SignedThenEncryptedJwt. decryptAndVerify(SecretsProvider secretsProvider, Purpose<? extends CryptoKey> decryptionPurpose, Purpose<VerificationKey> verificationPurpose)
Decrypts the outer JWT and then verifies the signature on the inner JWT using secrets from the suppliedSecretsProvider
.Promise<byte[],JweDecryptionCheckedException>
EncryptedJwt. decryptRawPayload(SecretsProvider secretsProvider, Purpose<? extends CryptoKey> purpose)
Attempts to decrypt the raw payload of the JWT using any keys from the givenSecretsProvider
that satisfy the suppliedPurpose
. -
Uses of SecretsProvider in org.forgerock.json.jose.jws
Methods in org.forgerock.json.jose.jws with parameters of type SecretsProvider Modifier and Type Method Description Promise<? extends EncryptedJwt,JweDecryptionCheckedException>
EncryptedThenSignedJwt. decrypt(SecretsProvider secretsProvider, Purpose<? extends CryptoKey> decryptionPurpose)
Decrypts the inner encrypted JWE so that the payload can be accessed.Constructors in org.forgerock.json.jose.jws with parameters of type SecretsProvider Constructor Description SigningManager(SecretsProvider provider)
Builds a new SigningManager that can buildSigningHandler
based on asynchronously retrieved Secrets from the givenprovider
. -
Uses of SecretsProvider in org.forgerock.json.jose.tokenhandler
Methods in org.forgerock.json.jose.tokenhandler with parameters of type SecretsProvider Modifier and Type Method Description SecretsJwtTokenHandler.Builder
SecretsJwtTokenHandler.Builder. secretsProvider(SecretsProvider secretsProvider)
Configures theSecretsProvider
from which to retrieve signing and encryption keys. -
Uses of SecretsProvider in org.forgerock.openig.filter.oauth2.client.authentication
Fields in org.forgerock.openig.filter.oauth2.client.authentication declared as SecretsProvider Modifier and Type Field Description protected SecretsProvider
PrivateKeyJwtClientAuthenticationFilterHeaplet. secretsProvider
ConfiguredSecretsProvider
providing access to required keys. -
Uses of SecretsProvider in org.forgerock.openig.heap
Methods in org.forgerock.openig.heap that return SecretsProvider Modifier and Type Method Description SecretsProvider
GenericHeaplet. getSecretsProvider()
Returns theSecretsProvider
from the heap. -
Uses of SecretsProvider in org.forgerock.openig.secrets
Methods in org.forgerock.openig.secrets that return SecretsProvider Modifier and Type Method Description static SecretsProvider
SecretsUtils. getSecretsProvider(org.slf4j.Logger logger, JsonValue node, Heap heap)
Returns aSecretsProvider
as specified with theSecretsUtils.CONFIG_SECRETS_PROVIDER
attribute or falling back to the defaultSecretsProvider
found in the heap.SecretsProvider
DefaultSecretsService. setDefaultStores(SecretStore<?> activeStore, SecretStore<?>... defaultStores)
Deprecated.SecretsProvider
SecretsService. setDefaultStores(SecretStore<?> activeStore, SecretStore<?>... defaultStores)
Sets the default store(s) to use if there is no specific store configured for a particular purpose.<S extends Secret>
SecretsProviderDefaultSecretsService. useSpecificSecretForPurpose(Purpose<S> purpose, S secret)
Deprecated.<S extends Secret>
SecretsProviderSecretsService. useSpecificSecretForPurpose(Purpose<S> purpose, S secret)
Configures this SecretsProvider to always return the specific given secret for the given purpose.Methods in org.forgerock.openig.secrets that return types with arguments of type SecretsProvider Modifier and Type Method Description static Function<JsonValue,SecretsProvider,HeapException>
SecretsProviderHeaplet. secretsProvider(Heap heap)
Method supporting other client heaplets that wish to create aSecretsProvider
using alternative compact configuration formats.Methods in org.forgerock.openig.secrets with parameters of type SecretsProvider Modifier and Type Method Description static byte[]
SecretsUtils. getPasswordSecretIdOrPasswordAsByte(SecretsProvider secretsProvider, JsonValue secretIdNode, JsonValue deprecatedNode, org.slf4j.Logger logger)
Retrieve a required shared secret value (asbyte[]
) from the givensecretIdNode
anddeprecatedNode
nodes.KeyStoreSecretStore
HsmSecretStoreHeaplet. keyStore(SecretsProvider secretsProvider, Purpose<GenericSecret> storePasswordPurpose, Options options)
KeyStoreSecretStore
KeyStoreSecretStoreHeaplet. keyStore(SecretsProvider secretsProvider, Purpose<GenericSecret> storePasswordPurpose, Options options)
static <S extends CryptoKey>
SSecretsUtils. retrieveCryptoKeyFromSecretId(SecretsProvider secretsProvider, JsonValue secretIdNode, Class<S> type)
Retrieves aCryptoKey
from the given node.static SecretReference<GenericSecret>
SecretsUtils. retrievePasswordAsReference(SecretsProvider secretsProvider, JsonValue secretIdNode, JsonValue deprecatedNode, org.slf4j.Logger logger)
Retrieve a required password as aSecretReference
from the givensecretIdNode
anddeprecatedNode
nodes.static SecretReference<GenericSecret>
SecretsUtils. retrievePasswordAsReference(SecretsProvider secretsProvider, JsonValue secretIdNode, JsonValue deprecatedNode, org.slf4j.Logger logger, boolean isRequired)
DefaultSecretsService.Builder
DefaultSecretsService.Builder. withSecretsProvider(SecretsProvider provider)
Configure this service with the given parentprovider
.Constructors in org.forgerock.openig.secrets with parameters of type SecretsProvider Constructor Description DefaultSecretsService(SecretsProvider provider)
Deprecated.Constructs a newDefaultSecretsService
with a given provider. -
Uses of SecretsProvider in org.forgerock.openig.tools.jwt.validation
Methods in org.forgerock.openig.tools.jwt.validation with parameters of type SecretsProvider Modifier and Type Method Description static JwtConstraint
Constraints. canBeDecrypted(SecretsProvider secretsProvider, Purpose<DataDecryptionKey> purpose)
Provides aJwtConstraint
configured with the suppliedSecretsProvider
that contain a secret capable of decrypting and verifying a JWT's encryption.Constructors in org.forgerock.openig.tools.jwt.validation with parameters of type SecretsProvider Constructor Description JweDecryptionConstraint(SecretsProvider secretsProvider, Purpose<DataDecryptionKey> purpose)
Construct aJweDecryptionConstraint
. -
Uses of SecretsProvider in org.forgerock.openig.util
Methods in org.forgerock.openig.util with parameters of type SecretsProvider Modifier and Type Method Description static <S extends Secret>
Function<JsonValue,SecretReference<S>,JsonValueException>JsonValues. secretReferenceOf(Function<JsonValue,Purpose<S>,JsonValueException> purposeTransformer, SecretsProvider secretsProvider)
Returns a function that returns aSecretReference
for thePurpose
represented by the givenString
value label and known to the suppliedSecretsProvider
. -
Uses of SecretsProvider in org.forgerock.secrets
Methods in org.forgerock.secrets that return SecretsProvider Modifier and Type Method Description <T extends Secret>
SecretsProviderSecretsProvider. setActiveStore(SecretStore<? super T> store, Purpose<? extends T>... purposes)
Sets the active store to use for the given purpose.SecretsProvider
SecretsProvider. setDefaultStores(SecretStore<?> activeStore, SecretStore<?>... defaultStores)
Sets the default store(s) to use if there is no specific store configured for a particular purpose.<S extends Secret>
SecretsProviderSecretsProvider. useSpecificSecretForPurpose(Purpose<S> purpose, S secret)
Configures this SecretsProvider to always return the specific given secret for the given purpose.Methods in org.forgerock.secrets with parameters of type SecretsProvider Modifier and Type Method Description static <T extends Secret>
SecretReference<T>SecretReference. active(SecretsProvider secretsProvider, Purpose<T> purpose, Clock clock)
Creates a reference to the active secret for the given purpose using the given secrets provider.static <T extends Secret>
SecretReference<T>SecretReference. named(SecretsProvider secretsProvider, Purpose<T> purpose, String name, Clock clock)
Creates a reference to a named secret using the given secrets provider.Constructors in org.forgerock.secrets with parameters of type SecretsProvider Constructor Description SecretReference(SecretsProvider provider, Purpose<T> purpose)
Deprecated.SecretReference(SecretsProvider provider, Purpose<T> purpose, Clock clock)
Deprecated.SecretsLoadStoreParameter(SecretsProvider secretsProvider, Set<Purpose<? extends CryptoKey>> purposes, Clock clock)
Initialises the keystore with the given secrets API objects.SecretsLoadStoreParameter(SecretsProvider secretsProvider, Purpose<? extends CryptoKey> purpose, Clock clock)
Initialises the keystore with the given secrets API objects. -
Uses of SecretsProvider in org.forgerock.secrets.propertyresolver
Constructors in org.forgerock.secrets.propertyresolver with parameters of type SecretsProvider Constructor Description PemPropertyFormat(SecretsProvider secretsProvider, Purpose<GenericSecret> decryptionPasswordPurpose)
Initializes the property format with the given secrets provider and purpose for decrypting password-encrypted PEM files.PemPropertyFormat(SecretsProvider secretsProvider, Purpose<GenericSecret> decryptionPasswordPurpose, Supplier<SecretBuilder> secretBuilderSupplier)
Initializes the property format with the given secrets provider and purpose for decrypting password-encrypted PEM files.
-