Package org.forgerock.openig.secrets

Class SecretsKeyManagerHeaplet

java.lang.Object

org.forgerock.openig.heap.GenericHeaplet

org.forgerock.openig.secrets.SecretsKeyManagerHeaplet

All Implemented Interfaces:

Heaplet

public class SecretsKeyManagerHeaplet
extends GenericHeaplet

A SecretsKeyManagerHeaplet acts as a factory of SecretsKeyManager.

It is meant to be used when private keys, to be used in TLS handshakes, are available through the ForgeRock Secrets API (when using KeyStoreSecretStore for instance).

 {
       "type": "SecretsKeyManager",
       "config": {
         "signingSecretId":  secret-id               [ REQUIRED - Secret ID used to retrieve private key. ]
         "secretsProvider":  Secrets Provider        [ REQUIRED - Resolves private key. ]
       }
    }
 

Usage example with a keystore

Use a given private key found in a given keystore during TLS handshake.

 {
      "type": "SecretsKeyManager",
      "config": {
        "signingSecretId": "key.manager.secret.id",
        "secretsProvider": {
          "type": "KeyStoreSecretStore",
          "config": {
            "file": "&{ig.istance.dir}/certs/openig.example.com.p12",
            "storePassword": "keystore.pass",
            "secretsProvider": "SecretsPasswords",
            "mappings": [{
              "secretId": "key.manager.secret.id",
              "aliases": [ "openig.example.com" ]
            }]
          }
        }
      }
   }
 

See Also:

• SecretsKeyManager
• SecretsProvider.getKeyManager(Purpose)

Field Summary

Fields inherited from class org.forgerock.openig.heap.GenericHeaplet

config, heap, name, object, qualified

Constructor Summary

Constructors

Constructor	Description
SecretsKeyManagerHeaplet()

Method Summary

Modifier and Type	Method	Description
Object	create()	Called to request the heaplet create an object.

Methods inherited from class org.forgerock.openig.heap.GenericHeaplet

create, destroy, endpointRegistry, evaluatedWithHeapProperties, expression, getConfig, getHeap, getType, initialBindings, meterRegistryHolder, start

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

SecretsKeyManagerHeaplet

public SecretsKeyManagerHeaplet()

Method Details

create

public Object create()
              throws HeapException

Description copied from class: GenericHeaplet

Called to request the heaplet create an object. Called by Heaplet.create(Name, JsonValue, Heap) after initializing the protected field members. Implementations should parse configuration but not acquire resources, start threads, or log any initialization messages. These tasks should be performed by the GenericHeaplet.start() method.

Specified by:

create in class GenericHeaplet

Returns:

The created object.

Throws:

HeapException - if an exception occurred during creation of the heap object or any of its dependencies.