Package org.forgerock.openig.handler
Class JwkSetHandler
java.lang.Object
org.forgerock.openig.handler.JwkSetHandler
- All Implemented Interfaces:
Handler
Creates a JwkSetHandler to store the cryptographic keys.
{
"type": "JwkSetHandler",
"config": {
"secretsProvider" : Secrets Provider [REQUIRED - The provider used to resolve
the secret.]
"purposes" [{ array of objects [REQUIRED]
"secretId" : expression [REQUIRED - the secret ID.]
"keyUsage" : expression<enum> [REQUIRED - the key usage of the Secret ID.]
"jwkAlgorithm" : expression {OPTIONAL - the algorithm to include in the generated
JWK. There is some validation
to ensure that the algorithm is valid
against the known possible values but it
is not possible to know the actual
algorithm used when the key was
generated. See
https://datatracker.ietf.org/doc/html/rfc7517#section-4.4]
}]
"exposePrivateSecrets" : boolean [OPTIONAL - If set to true, include the private and
symmetric keys in the generated JWK. Be
aware of the security considerations of
enabling this setting. Defaults to false.]
}
}
}
- See Also:
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic class
Creates and initializes a JwkSetHandler in a heap environment. -
Method Summary
-
Method Details
-
handle
Description copied from interface:Handler
Returns aPromise
representing the asynchronousResponse
of the givenrequest
. If any (asynchronous) processing goes wrong, the promise still contains aResponse
(probably from the 4xx or 5xx status code family).A handler that doesn't hand-off the processing to another downstream handler is responsible for creating the response.
The returned
Promise
contains the response returned from the server as-is. This is responsibility of the handler to produce the appropriate error response (404, 500, ...) in case of processing error.Note: As of Promise 2.0 implementation, it is not permitted to throw any runtime exception here. Doing so produce unexpected behaviour (most likely a server-side hang of the processing thread).
-