Package org.forgerock.openig.secrets

Class SecretsKeyManagerHeaplet

java.lang.Object

org.forgerock.openig.heap.GenericHeaplet

org.forgerock.openig.secrets.SecretsKeyManagerHeaplet

All Implemented Interfaces:

Heaplet

public class SecretsKeyManagerHeaplet
extends GenericHeaplet

A SecretsKeyManagerHeaplet acts as a factory of SecretsKeyManager.

It is meant to be used when private keys, to be used in TLS handshakes, are available through the ForgeRock Secrets API (when using KeyStoreSecretStore for instance).

 {
       "type": "SecretsKeyManager",
       "config": {
         "signingSecretId":  ["secret-id1", ...]     [ REQUIRED - Secret IDs used to retrieve private keys. ]
         "secretsProvider":  Secrets Provider        [ REQUIRED - Resolves private key. ]
       }
    }
 

Note: "signingSecretId" can also be a single string, like: "signingSecretId": "secretId".

Usage example with a keystore

Use a given private key found in a given keystore during TLS handshake.

 {
      "type": "SecretsKeyManager",
      "config": {
        "signingSecretId": "key.manager.secret.id",
        "secretsProvider": {
          "type": "KeyStoreSecretStore",
          "config": {
            "file": "&{ig.istance.dir}/certs/openig.example.com.p12",
            "storePassword": "keystore.pass",
            "secretsProvider": "SecretsPasswords",
            "mappings": [{
              "secretId": "key.manager.secret.id",
              "aliases": [ "openig.example.com" ]
            }]
          }
        }
      }
   }
 

See Also:

• SecretsKeyManager
• SecretsProvider.getKeyManager(Purpose)

Field Summary

Fields

Modifier and Type	Field	Description
static final String	NAME	Public name used by resolver.

Fields inherited from class org.forgerock.openig.heap.GenericHeaplet

config, heap, name, object, qualified

Constructor Summary

Constructors

Constructor	Description
SecretsKeyManagerHeaplet()

Method Summary

Modifier and Type	Method	Description
Object	create()	Called to request the heaplet create an object.

Methods inherited from class org.forgerock.openig.heap.GenericHeaplet

create, destroy, endpointRegistry, evaluatedWithHeapProperties, expression, getConfig, getHeap, getType, initialBindings, meterRegistryHolder, start

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

NAME

public static final String NAME

Public name used by resolver.

See Also:

• Constant Field Values

Constructor Details

SecretsKeyManagerHeaplet

public SecretsKeyManagerHeaplet()

Method Details

create

public Object create()
              throws HeapException

Description copied from class: GenericHeaplet

Called to request the heaplet create an object. Called by Heaplet.create(Name, JsonValue, Heap) after initializing the protected field members. Implementations should parse configuration but not acquire resources, start threads, or log any initialization messages. These tasks should be performed by the GenericHeaplet.start() method.

Specified by:

create in class GenericHeaplet

Returns:

The created object.

Throws:

HeapException - if an exception occurred during creation of the heap object or any of its dependencies.