Uses of Class
org.forgerock.secrets.Purpose
Package
Description
This package provides APIs for OAuth 2.0 services implementations.
Classes and interfaces for JWT encryption and JWEs.
Classes and interfaces for creating and manipulating JWKs.
Classes and interfaces for JWT signing and JWS'.
JWT implementation(s) of
TokenHandler
.Provides the Common Secrets API for accessing secrets of various kinds.
This package contains classes used to perform JWT validation.
Contains every Commons secrets related classes used in IG but not backported into Commons.
Contains everything commonly used to work with
TypeDefinition
.Miscellaneous utility classes.
Provides a unified API for accessing secrets of various kinds.
Secret store backend for retrieving keys from a local or remote JWK Set.
Implementations of
SecretStore
for accessing keys stored in Java KeyStores, such as
PKCS#11 Hardware Security Modules (HSMs) and PKCS#12 file-based encrypted key stores.A Secrets API backend that can obtain OAuth 2 access tokens from a token endpoint, along with a collection of
grant type handlers.
Provides a
SecretStore
implementation that loads secrets from a Common Configuration
PropertyResolver
and then decodes it with a
SecretPropertyFormat
.-
Uses of Purpose in org.forgerock.http.oauth2
Modifier and TypeMethodDescriptionEncryptedPrivateKeyJwtClientAuthenticationFilter.Builder.withEncryptionPurpose
(Purpose<DataEncryptionKey> encryptionPurpose) Deprecated, for removal: This API element is subject to removal in a future version.PrivateKeyJwtClientAuthenticationFilter.Builder.withSigningPurpose
(Purpose<SigningKey> signingPurpose) Deprecated, for removal: This API element is subject to removal in a future version. -
Uses of Purpose in org.forgerock.json.jose.jwe
Modifier and TypeMethodDescriptionJweAlgorithm.getDecryptionPurpose
(String label) Returns aPurpose
that can be used to retrieve keys that are suitable for decryption with this JWE algorithm.JweAlgorithmType.getDecryptionPurpose
(String label) Returns aPurpose
that can be used to retrieve keys that are suitable for decryption with this type of JWE algorithm.JweAlgorithm.getEncryptionPurpose
(String label) Returns aPurpose
that can be used to retrieve keys that are suitable for encryption with this JWE algorithm.JweAlgorithmType.getEncryptionPurpose
(String label) Returns aPurpose
that can be used to retrieve keys that are suitable for encryption with this type of JWE algorithm.Modifier and TypeMethodDescriptionPromise<? extends EncryptedJwt,
JweDecryptionCheckedException> EncryptedJwt.decrypt
(SecretsProvider secretsProvider, Purpose<? extends CryptoKey> purpose) Attempts to decrypt the JWT using any available keys for the givenPurpose
from the givenSecretsProvider
.SignedThenEncryptedJwt.decrypt
(SecretsProvider secretsProvider, Purpose<? extends CryptoKey> purpose) SignedThenEncryptedJwt.decryptAndVerify
(SecretsProvider secretsProvider, Purpose<? extends CryptoKey> decryptionPurpose, Purpose<VerificationKey> verificationPurpose) Decrypts the outer JWT and then verifies the signature on the inner JWT using secrets from the suppliedSecretsProvider
.Promise<byte[],
JweDecryptionCheckedException> EncryptedJwt.decryptRawPayload
(SecretsProvider secretsProvider, Purpose<? extends CryptoKey> purpose) Attempts to decrypt the raw payload of the JWT using any keys from the givenSecretsProvider
that satisfy the suppliedPurpose
. -
Uses of Purpose in org.forgerock.json.jose.jwk
Modifier and TypeMethodDescription<T extends CryptoKey>
TJWK.toCryptoKey
(Purpose<T> purpose, Instant expiry) Converts this JWK into aCryptoKey
subclass object for use with the Secrets API. -
Uses of Purpose in org.forgerock.json.jose.jws
Modifier and TypeMethodDescriptionPromise<? extends EncryptedJwt,
JweDecryptionCheckedException> EncryptedThenSignedJwt.decrypt
(SecretsProvider secretsProvider, Purpose<? extends CryptoKey> decryptionPurpose) Decrypts the inner encrypted JWE so that the payload can be accessed.SigningManager.newSigningHandler
(JWK jwk, Purpose<SigningKey> purpose) Returns a signing handler from the given JSON Web Key (JWK) which will be used to sign a JWT.SigningManager.newSigningHandler
(JWK jwk, Purpose<SigningKey> purpose, Instant expiry) Returns a signing handler from the given JSON Web Key (JWK) which will be used to sign a JWT.SigningManager.newSigningHandler
(Purpose<SigningKey> purpose) Constructs a new SigningHandler configured for signing with the provided secret purpose.SigningManager.newVerificationHandler
(JWK jwk, Purpose<VerificationKey> purpose) Returns a signing handler from the given JSON Web Key (JWK) which will be used to verify a JWT.SigningManager.newVerificationHandler
(JWK jwk, Purpose<VerificationKey> purpose, Instant expiry) Returns a signing handler from the given JSON Web Key (JWK) which will be used to verify a JWT.SigningManager.newVerificationHandler
(Purpose<VerificationKey> purpose, String keyId) Constructs a new SigningHandler configured for verifying with the provided secret purpose. -
Uses of Purpose in org.forgerock.json.jose.tokenhandler
Modifier and TypeMethodDescriptionSecretsJwtTokenHandler.Builder.decryptionPurpose
(Purpose<? extends CryptoKey> decryptionKeyPurpose) Specifies thePurpose
used to retrieve decryption keys from the secrets provider.SecretsJwtTokenHandler.Builder.encryptionPurpose
(Purpose<? extends CryptoKey> encryptionKeyPurpose) Specifies thePurpose
used to retrieve encryption keys from the secrets provider.SecretsJwtTokenHandler.Builder.signingPurpose
(Purpose<SigningKey> signingKeyPurpose) Specifies thePurpose
used to retrieve signing keys from the secrets provider.SecretsJwtTokenHandler.Builder.verificationPurpose
(Purpose<VerificationKey> verificationKeyPurpose) Specifies thePurpose
used to retrieve verification keys from the secrets provider.ModifierConstructorDescriptionSecretsJwtTokenHandler
(JweAlgorithm jweAlgorithm, EncryptionMethod jweMethod, JwsAlgorithm jwsAlgorithm, Optional<Long> tokenLifeTimeInSeconds, KeyPair jweKeyPair, SigningManager manager, Purpose<SigningKey> signingKeyPurpose, Purpose<VerificationKey> verificationKeyPurpose, Clock clock) Deprecated.UseSecretsJwtTokenHandler.builder()
instead. -
Uses of Purpose in org.forgerock.openig.secrets
Modifier and TypeMethodDescriptionSecretsService.asKeyStore
(Purpose<T> purpose) Returns a view of this secrets provider as a keystore for the given purpose.<S extends Secret>
SecretReference<S>SecretsService.createActiveReference
(Purpose<S> purpose) Create aSecretReference
for the givenPurpose
.<S extends Secret>
SecretReference<S>SecretsService.createNamedReference
(Purpose<S> purpose, String name) Creates a reference to a secret with the given name (stable id) for the given purpose.<S extends GenericSecret>
Promise<S,NoSuchSecretException> <S extends Secret>
Promise<S,NoSuchSecretException> SecretsService.getActiveSecret
(Purpose<S> purpose) Gets the currently active secret for the given purpose.SecretsService.getKeyManager
(Purpose<? extends CryptoKey> purpose) Returns aKeyManager
that can be used toinitialize an SSLContext
, allowing certificates and private keys to be retrieved from this secrets provider.SecretsService.getKeyManager
(Purpose<? extends CryptoKey> purpose, Options options) Returns aKeyManager
that can be used toinitialize an SSLContext
, allowing certificates and private keys to be retrieved from this secrets provider.<S extends GenericSecret>
Promise<S,NoSuchSecretException> <S extends Secret>
Promise<Stream<S>,NeverThrowsException> SecretsService.getNamedOrValidSecrets
(Purpose<S> purpose, String id) If the given id is not null, then this returns the single named secret that corresponds to that stable id (or a stream of valid secrets for the givenpurpose
if no such secret exists), otherwise it returns all valid secrets for the given purpose.<S extends Secret>
Promise<S,NoSuchSecretException> SecretsService.getNamedSecret
(Purpose<S> purpose, String id) Gets the secret for the given purpose with the given stable secret id.SecretsService.getTrustManager
(Purpose<? extends CryptoKey> purpose) Constructs anX509ExtendedTrustManager
that will retrieve certificates from this secrets provider for the provided purpose.SecretsService.getTrustManager
(Purpose<? extends CryptoKey> purpose, Options options) Constructs anX509ExtendedTrustManager
that will retrieve certificates from this secrets provider for the provided purpose.<S extends GenericSecret>
Promise<Stream<S>,NeverThrowsException> <S extends Secret>
Promise<Stream<S>,NeverThrowsException> SecretsService.getValidSecrets
(Purpose<S> purpose) Returns all secrets for the given purpose which have not yet expired.HsmSecretStoreHeaplet.keyStore
(SecretsProvider secretsProvider, Purpose<GenericSecret> storePasswordPurpose, Options options) KeyStoreSecretStoreHeaplet.keyStore
(SecretsProvider secretsProvider, Purpose<GenericSecret> storePasswordPurpose, Options options) <S extends Secret>
SecretsProviderSecretsService.useSpecificSecretForPurpose
(Purpose<S> purpose, S secret) Configures this SecretsProvider to always return the specific given secret for the given purpose. -
Uses of Purpose in org.forgerock.openig.tools.jwt.validation
Modifier and TypeMethodDescriptionstatic JwtConstraint
Constraints.canBeDecrypted
(SecretsProvider secretsProvider, Purpose<DataDecryptionKey> purpose) Provides aJwtConstraint
configured with the suppliedSecretsProvider
that contain a secret capable of decrypting and verifying a JWT's encryption.static JwtConstraint
Constraints.hasValidSignature
(SecretsProvider secretsProvider, Purpose<VerificationKey> purpose) Validates the signature of thisSignedJwt
.ModifierConstructorDescriptionJweDecryptionConstraint
(SecretsProvider secretsProvider, Purpose<DataDecryptionKey> purpose) Construct aJweDecryptionConstraint
.JwsSignatureVerifier
(SigningManager signingManager, Purpose<VerificationKey> verificationPurpose) Constructor taking aSigningManager
and verificationPurpose
. -
Uses of Purpose in org.forgerock.openig.tools.secrets
-
Uses of Purpose in org.forgerock.openig.types
-
Uses of Purpose in org.forgerock.openig.util
Modifier and TypeMethodDescriptionstatic <S extends Secret>
Function<JsonValue,Purpose<S>, JsonValueException> Modifier and TypeMethodDescriptionstatic <S extends Secret>
Function<JsonValue,SecretReference<S>, JsonValueException> JsonValues.secretReferenceOf
(Function<JsonValue, Purpose<S>, JsonValueException> purposeTransformer, SecretsProvider secretsProvider) Returns a function that returns aSecretReference
for thePurpose
represented by the givenString
value label and known to the suppliedSecretsProvider
. -
Uses of Purpose in org.forgerock.secrets
Modifier and TypeFieldDescriptionstatic final Purpose<DataDecryptionKey>
Purpose.DATA_DECRYPTION
Indicates a key intended for decrypting data.static final Purpose<DataEncryptionKey>
Purpose.DATA_ENCRYPTION
Indicates a key intended for encrypting data.static final Purpose<KeyAgreementKey>
Purpose.KEY_AGREEMENT
Indicates a key intended for an interactive key agreement protocol, such as Diffie-Hellman (DH) or the elliptic curve equivalent (ECDH).static final Purpose<KeyDecryptionKey>
Purpose.KEY_DECRYPTION
Indicates a key intended for decrypting ("unwrapping") other keys.static final Purpose<KeyEncryptionKey>
Purpose.KEY_ENCRYPTION
Indicates a key intended for encrypting ("wrapping") other keys.static final Purpose<GenericSecret>
Purpose.PASSWORD
Indicates a secret intended to be used as a password for authentication to some service.static final Purpose<SigningKey>
Purpose.SIGN
Indicates a key intended for creating digital signatures or message authentication codes (MACs).static final Purpose<VerificationKey>
Purpose.VERIFY
Indicates a key intended for verifying digital signatures or message authentication codes.static final Purpose<CertificateVerificationKey>
Purpose.VERIFY_CERTIFICATE
Indicates a key intended for verifying certificate signatures.Modifier and TypeMethodDescriptionPurpose<?>
NoSuchSecretException.getPurpose()
Returns the purpose for which no secret was found, or null if not specified.Constructs a purpose object.Purpose.purpose
(String label, Class<T> type, SecretConstraint<? super T>... constraints) Constructs a purpose object.Purpose.withConstraints
(SecretConstraint<? super T>... constraints) Constructs a new purpose that is identical to this purpose but which imposes additional constraints on the secrets that can satisfy it.Modifier and TypeMethodDescriptionstatic <T extends Secret>
SecretReference<T>SecretReference.active
(SecretsProvider secretsProvider, Purpose<T> purpose, Clock clock) Creates a reference to the active secret for the given purpose using the given secrets provider.SecretsProvider.asKeyStore
(Purpose<T> purpose) Returns a view of this secrets provider as a keystore for the given purpose.<T extends Secret>
TBuilds a secret of the given type, enforcing anyconstraints
attached to the purpose.<T extends Secret>
SecretBuilder.SecretAndExpirer<T>SecretBuilder.buildWithExpirer
(Purpose<T> purpose) Builds a secret of the given type, enforcing anyconstraints
attached to the purpose.<S extends Secret>
SecretReference<S>SecretsProvider.createActiveReference
(Purpose<S> purpose) Creates the secret reference from the given purpose.<S extends Secret>
SecretReference<S>SecretsProvider.createNamedReference
(Purpose<S> purpose, String name) Creates a reference to a secret with the given name (stable id) for the given purpose.<S extends Secret>
ValidSecretsReference<S,NeverThrowsException> SecretsProvider.createValidOrNamedReference
(Purpose<S> purpose, String name) Creates the valid secrets reference from the given purpose.<S extends Secret>
ValidSecretsReference<S,NeverThrowsException> SecretsProvider.createValidReference
(Purpose<S> purpose) Creates the valid secrets reference from the given purpose.default <S extends T>
Promise<S,NoSuchSecretException> Returns the active secret for the given purpose.<S extends T>
Promise<S,NoSuchSecretException> <S extends Secret>
Promise<S,NoSuchSecretException> SecretsProvider.getActiveSecret
(Purpose<S> purpose) Gets the currently active secret for the given purpose.SecretsProvider.getKeyManager
(Purpose<? extends CryptoKey> purpose) Returns aKeyManager
that can be used toinitialize an SSLContext
, allowing certificates and private keys to be retrieved from this secrets provider.SecretsProvider.getKeyManager
(Purpose<? extends CryptoKey> purpose, Options options) Returns aKeyManager
that can be used toinitialize an SSLContext
, allowing certificates and private keys to be retrieved from this secrets provider.default <S extends T>
Promise<S,NoSuchSecretException> Returns the named secret from this store.<S extends T>
Promise<S,NoSuchSecretException> <S extends Secret>
Promise<Stream<S>,NeverThrowsException> SecretsProvider.getNamedOrValidSecrets
(Purpose<S> purpose, String id) If the given id is not null, then this returns the single named secret that corresponds to that stable id (or a stream of valid secrets for the givenpurpose
if no such secret exists), otherwise it returns all valid secrets for the given purpose.<S extends Secret>
Promise<S,NoSuchSecretException> SecretsProvider.getNamedSecret
(Purpose<S> purpose, String id) Gets the secret for the given purpose with the given stable secret id.SecretsProvider.getTrustManager
(Purpose<? extends CryptoKey> purpose) Constructs anX509ExtendedTrustManager
that will retrieve certificates from this secrets provider for the provided purpose.SecretsProvider.getTrustManager
(Purpose<? extends CryptoKey> purpose, Options options) Constructs anX509ExtendedTrustManager
that will retrieve certificates from this secrets provider for the provided purpose.<S extends T>
Promise<Stream<S>,NeverThrowsException> Returns all valid secrets for the given purpose from this store.<S extends T>
Promise<Stream<S>,NeverThrowsException> <S extends Secret>
Promise<Stream<S>,NeverThrowsException> SecretsProvider.getValidSecrets
(Purpose<S> purpose) Returns all secrets for the given purpose which have not yet expired.static <T extends Secret>
SecretReference<T>SecretReference.named
(SecretsProvider secretsProvider, Purpose<T> purpose, String name, Clock clock) Creates a reference to a named secret using the given secrets provider.default void
Retires the given secret for the given purpose.void
default void
Rotates the active secret for the given purpose.void
protected <T extends Secret>
voidSecretsProvider.setActiveStore
(SecretStore<? super T> store, Purpose<? extends T> purpose) Sets the active store to use for the given purpose.final <T extends Secret>
SecretsProviderSecretsProvider.setActiveStore
(SecretStore<? super T> store, Purpose<? extends T>... purposes) Sets the active store to use for the given purpose.<S extends Secret>
SecretsProviderSecretsProvider.useSpecificSecretForPurpose
(Purpose<S> purpose, S secret) Configures this SecretsProvider to always return the specific given secret for the given purpose.<S extends Secret>
SecretsProviderSecretsProvider.useSpecificSecretsForPurpose
(Purpose<S> purpose, List<S> secrets) Configures this SecretsProvider to always return the specific given secrets for the given purpose.static <T extends Secret>
ValidSecretsReference<T,NeverThrowsException> ValidSecretsReference.valid
(SecretsProvider secretsProvider, Purpose<T> purpose, Clock clock) Creates a reference to the valid secrets for the given purpose using the given secrets provider.static <T extends Secret>
ValidSecretsReference<T,NeverThrowsException> ValidSecretsReference.validOrNamed
(SecretsProvider secretsProvider, Purpose<T> purpose, String name, Clock clock) This creates a reference to either the named secret or all valid secrets for the purpose.Modifier and TypeMethodDescriptionSecretsProvider.asKeyStore
(Set<Purpose<? extends CryptoKey>> purposes) Returns a view of this secrets provider as a keystore for the given purposes.SecretsProvider.getKeyManager
(Set<Purpose<? extends CryptoKey>> purposes, Options options) Returns aKeyManager
that can be used toinitialize an SSLContext
, allowing certificates and private keys to be retrieved from this secrets provider.SecretsProvider.getTrustManager
(Set<Purpose<? extends CryptoKey>> purposes, Options options) Constructs anX509ExtendedTrustManager
that will retrieve certificates from this secrets provider for the provided purposes.ModifierConstructorDescriptionNoSuchSecretException
(Purpose<?> purpose) Constructs the exception for the given purpose.NoSuchSecretException
(Purpose<?> purpose, String id) Constructs the exception for the given purpose and secret stable id.SecretReference
(SecretsProvider provider, Purpose<T> purpose) Deprecated.SecretReference
(SecretsProvider provider, Purpose<T> purpose, Clock clock) Deprecated.SecretsLoadStoreParameter
(SecretsProvider secretsProvider, Purpose<? extends CryptoKey> purpose, Clock clock) Initialises the keystore with the given secrets API objects.ModifierConstructorDescriptionSecretsLoadStoreParameter
(SecretsProvider secretsProvider, Set<Purpose<? extends CryptoKey>> purposes, Clock clock) Initialises the keystore with the given secrets API objects. -
Uses of Purpose in org.forgerock.secrets.jwkset
-
Uses of Purpose in org.forgerock.secrets.keystore
Modifier and TypeMethodDescription<S extends Secret>
Promise<S,NoSuchSecretException> <S extends Secret>
Promise<S,NoSuchSecretException> <S extends Secret>
Promise<Stream<S>,NeverThrowsException> void
Retires a key previously used for a given purpose.void
Rotates the key associated with a given purpose. -
Uses of Purpose in org.forgerock.secrets.oauth2
Modifier and TypeMethodDescriptionAccessTokenSecretStore.Builder.forPurpose
(Purpose<GenericSecret> purpose) Configures the purpose for which this access token store is to be used.<S extends GenericSecret>
Promise<S,NoSuchSecretException> <S extends GenericSecret>
Promise<S,NoSuchSecretException> <S extends GenericSecret>
Promise<Stream<S>,NeverThrowsException> -
Uses of Purpose in org.forgerock.secrets.propertyresolver
Modifier and TypeMethodDescription<S extends Secret>
Promise<S,NoSuchSecretException> <S extends Secret>
Promise<S,NoSuchSecretException> <S extends Secret>
Promise<S,NoSuchSecretException> <S extends Secret>
Promise<S,NoSuchSecretException> <S extends Secret>
Promise<Stream<S>,NeverThrowsException> <S extends Secret>
Promise<Stream<S>,NeverThrowsException> Returns a stream of the active secret for the given purpose.ModifierConstructorDescriptionPemPropertyFormat
(SecretsProvider secretsProvider, Purpose<GenericSecret> decryptionPasswordPurpose) Initializes the property format with the given secrets provider and purpose for decrypting password-encrypted PEM files.PemPropertyFormat
(SecretsProvider secretsProvider, Purpose<GenericSecret> decryptionPasswordPurpose, Supplier<SecretBuilder> secretBuilderSupplier) Initializes the property format with the given secrets provider and purpose for decrypting password-encrypted PEM files.
EncryptedPrivateKeyJwtClientAuthenticationFilter.Builder.withEncryptionSecretReference(SecretReference)
instead.