Package org.forgerock.openig.tools.secrets

Class GenericWrapperSecretStore

java.lang.Object

org.forgerock.openig.tools.secrets.GenericWrapperSecretStore

All Implemented Interfaces:

SecretStore<CryptoKey>

public final class GenericWrapperSecretStore
extends Object
implements SecretStore<CryptoKey>

A SecretStore that maps GenericSecrets from an underlying SecretsProvider to CryptoKeys.

This implementation is very basic. It could be enhanced by caching created secrets instead of recreating them.

Field Summary

Fields inherited from interface org.forgerock.secrets.SecretStore

CLOCK, LEASE_EXPIRY_DURATION

Method Summary

Modifier and Type	Method	Description
Class<CryptoKey>	getStoredType()	The top-level class that this store is capable of storing.
<S extends CryptoKey> Promise<Stream<S>,NeverThrowsException>	getValid(Purpose<S> purpose)	Returns all valid secrets for the given purpose from this store.
void	refresh()	Indicates that the store should refresh its secrets from the backing storage mechanism.
static GenericWrapperSecretStore	secretKey(SecretsProvider secretsProvider, String algorithm, Clock clock)	Creates a GenericWrapperSecretStore that maps generic secrets to a Secret Key based crypto key.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.forgerock.secrets.SecretStore

getActive, getNamed, retire, revoke, rotate

Method Details

secretKey

public static GenericWrapperSecretStore secretKey(SecretsProvider secretsProvider,
 String algorithm,
 Clock clock)

Creates a GenericWrapperSecretStore that maps generic secrets to a Secret Key based crypto key.

Parameters:

secretsProvider - the SecretsProvider containing generic secrets

clock - the Clock used to build the new secret

algorithm - the algorithm to associate with the secret when creating a Key.

Returns:

a new instance of a GenericWrapperSecretStore.

getStoredType

public Class<CryptoKey> getStoredType()

Description copied from interface: SecretStore

The top-level class that this store is capable of storing. This is a reification of the type parameter and can be used to lookup stores for a given type.

Specified by:

getStoredType in interface SecretStore<CryptoKey>

Returns:

the top-most type that this store is capable of storing, typically either CryptoKey for key-stores, GenericSecret for password stores, or Secret if the store is capable of storing any type of secret.

getValid

public <S extends CryptoKey>
Promise<Stream<S>,NeverThrowsException> getValid(Purpose<S> purpose)

Description copied from interface: SecretStore

Returns all valid secrets for the given purpose from this store.

Specified by:

getValid in interface SecretStore<CryptoKey>

Type Parameters:

S - the type of secret.

Parameters:

purpose - the purpose.

Returns:

a stream of all valid secrets of the given type from this store, or an empty stream if none exist.

refresh

public void refresh()

Description copied from interface: SecretStore

Indicates that the store should refresh its secrets from the backing storage mechanism. This can be used to cause reload of a store after a secret rotation if the backend does not automatically detect such changes. Refresh may be an asynchronous operation and no guarantees are made about when clients of this secret store may see updated secrets after a call to refresh.

Specified by:

refresh in interface SecretStore<CryptoKey>