Uses of Class
org.forgerock.secrets.keys.CryptoKey
-
Packages that use CryptoKey Package Description org.forgerock.json.jose.jwe Classes and interfaces for JWT encryption and JWEs.org.forgerock.json.jose.jwk Classes and interfaces for creating and manipulating JWKs.org.forgerock.json.jose.jws Classes and interfaces for JWT signing and JWS'.org.forgerock.json.jose.tokenhandler JWT implementation(s) ofTokenHandler
.org.forgerock.json.jose.utils Utility classes for JWT creation and manipulation.org.forgerock.openig.secrets Provides the Common Secrets API for accessing secrets of various kinds.org.forgerock.secrets Provides a unified API for accessing secrets of various kinds.org.forgerock.secrets.jwkset Secret store backend for retrieving keys from a local or remote JWK Set.org.forgerock.secrets.keys Contains cryptographic key related API objects.org.forgerock.secrets.keystore Implementations ofSecretStore
for accessing keys stored in Java KeyStores, such as PKCS#11 Hardware Security Modules (HSMs) and PKCS#12 file-based encrypted key stores. -
-
Uses of CryptoKey in org.forgerock.json.jose.jwe
Methods in org.forgerock.json.jose.jwe that return types with arguments of type CryptoKey Modifier and Type Method Description Purpose<? extends CryptoKey>
JweAlgorithm. getDecryptionPurpose(String label)
Returns aPurpose
that can be used to retrieve keys that are suitable for decryption with this JWE algorithm.Purpose<? extends CryptoKey>
JweAlgorithmType. getDecryptionPurpose(String label)
Returns aPurpose
that can be used to retrieve keys that are suitable for decryption with this type of JWE algorithm.Purpose<? extends CryptoKey>
JweAlgorithm. getEncryptionPurpose(String label)
Returns aPurpose
that can be used to retrieve keys that are suitable for encryption with this JWE algorithm.Purpose<? extends CryptoKey>
JweAlgorithmType. getEncryptionPurpose(String label)
Returns aPurpose
that can be used to retrieve keys that are suitable for encryption with this type of JWE algorithm.Method parameters in org.forgerock.json.jose.jwe with type arguments of type CryptoKey Modifier and Type Method Description Promise<? extends EncryptedJwt,JweDecryptionCheckedException>
EncryptedJwt. decrypt(SecretsProvider secretsProvider, Purpose<? extends CryptoKey> purpose)
Attempts to decrypt the JWT using any available keys for the givenPurpose
from the givenSecretsProvider
.Promise<SignedThenEncryptedJwt,JweDecryptionCheckedException>
SignedThenEncryptedJwt. decrypt(SecretsProvider secretsProvider, Purpose<? extends CryptoKey> purpose)
Promise<SignedThenEncryptedJwt,JweDecryptionCheckedException>
SignedThenEncryptedJwt. decryptAndVerify(SecretsProvider secretsProvider, Purpose<? extends CryptoKey> decryptionPurpose, Purpose<VerificationKey> verificationPurpose)
Decrypts the outer JWT and then verifies the signature on the inner JWT using secrets from the suppliedSecretsProvider
.Promise<byte[],JweDecryptionCheckedException>
EncryptedJwt. decryptRawPayload(SecretsProvider secretsProvider, Purpose<? extends CryptoKey> purpose)
Attempts to decrypt the raw payload of the JWT using any keys from the givenSecretsProvider
that satisfy the suppliedPurpose
. -
Uses of CryptoKey in org.forgerock.json.jose.jwk
Methods in org.forgerock.json.jose.jwk with type parameters of type CryptoKey Modifier and Type Method Description <T extends CryptoKey>
TJWK. toCryptoKey(Purpose<T> purpose, Instant expiry)
Converts this JWK into aCryptoKey
subclass object for use with the Secrets API. -
Uses of CryptoKey in org.forgerock.json.jose.jws
Method parameters in org.forgerock.json.jose.jws with type arguments of type CryptoKey Modifier and Type Method Description Promise<? extends EncryptedJwt,JweDecryptionCheckedException>
EncryptedThenSignedJwt. decrypt(SecretsProvider secretsProvider, Purpose<? extends CryptoKey> decryptionPurpose)
Decrypts the inner encrypted JWE so that the payload can be accessed. -
Uses of CryptoKey in org.forgerock.json.jose.tokenhandler
Method parameters in org.forgerock.json.jose.tokenhandler with type arguments of type CryptoKey Modifier and Type Method Description SecretsJwtTokenHandler.Builder
SecretsJwtTokenHandler.Builder. decryptionPurpose(Purpose<? extends CryptoKey> decryptionKeyPurpose)
Specifies thePurpose
used to retrieve decryption keys from the secrets provider.SecretsJwtTokenHandler.Builder
SecretsJwtTokenHandler.Builder. encryptionPurpose(Purpose<? extends CryptoKey> encryptionKeyPurpose)
Specifies thePurpose
used to retrieve encryption keys from the secrets provider. -
Uses of CryptoKey in org.forgerock.json.jose.utils
Methods in org.forgerock.json.jose.utils that return types with arguments of type CryptoKey Modifier and Type Method Description static SecretConstraint<CryptoKey>
JoseSecretConstraints. allowedAlgorithm(Algorithm algorithm)
Enforces that the key is allowed to be used with the given JWA algorithm.Methods in org.forgerock.json.jose.utils with parameters of type CryptoKey Modifier and Type Method Description static void
Utils. checkRsaKeySize(CryptoKey key)
Verifies that the RSA key being used meets minimum key size requirement of 2048 bits as specified in the JOSE specifications. -
Uses of CryptoKey in org.forgerock.openig.secrets
Methods in org.forgerock.openig.secrets with type parameters of type CryptoKey Modifier and Type Method Description <T extends CryptoKey>
KeyStoreDefaultSecretsService. asKeyStore(Purpose<T> purpose)
Deprecated.<T extends CryptoKey>
KeyStoreSecretsService. asKeyStore(Purpose<T> purpose)
Returns a view of this secrets provider as a keystore for the given purpose.<T extends CryptoKey>
KeyStoreSecretsServiceProvider. asKeyStore(Purpose<T> purpose)
static <S extends CryptoKey>
SSecretsUtils. retrieveCryptoKeyFromSecretId(SecretsProvider secretsProvider, JsonValue secretIdNode, Class<S> type)
Retrieves aCryptoKey
from the given node.Methods in org.forgerock.openig.secrets that return types with arguments of type CryptoKey Modifier and Type Method Description static SecretConstraint<CryptoKey>
SecretsUtils. allowedKeyType(KeyType expected)
Enforce that aCryptoKey
satisfies the given key type constraint.Methods in org.forgerock.openig.secrets with parameters of type CryptoKey Modifier and Type Method Description static Key
SecretsUtils. exportAsKey(CryptoKey cryptoKey)
Exports the key material in the raw format.static Key
SecretsUtils. exportAsKeyAndClose(CryptoKey cryptoKey)
Exports the key material in the raw format and close the provided key material.Method parameters in org.forgerock.openig.secrets with type arguments of type CryptoKey Modifier and Type Method Description X509ExtendedKeyManager
DefaultSecretsService. getKeyManager(Purpose<? extends CryptoKey> purpose)
Deprecated.X509ExtendedKeyManager
DefaultSecretsService. getKeyManager(Purpose<? extends CryptoKey> purpose, Options options)
Deprecated.X509ExtendedKeyManager
SecretsService. getKeyManager(Purpose<? extends CryptoKey> purpose)
Returns aKeyManager
that can be used toinitialize an SSLContext
, allowing certificates and private keys to be retrieved from this secrets provider.X509ExtendedKeyManager
SecretsService. getKeyManager(Purpose<? extends CryptoKey> purpose, Options options)
Returns aKeyManager
that can be used toinitialize an SSLContext
, allowing certificates and private keys to be retrieved from this secrets provider.X509ExtendedKeyManager
SecretsServiceProvider. getKeyManager(Purpose<? extends CryptoKey> purpose)
X509ExtendedKeyManager
SecretsServiceProvider. getKeyManager(Purpose<? extends CryptoKey> purpose, Options options)
SecretsTrustManager
DefaultSecretsService. getTrustManager(Purpose<? extends CryptoKey> purpose)
Deprecated.SecretsTrustManager
DefaultSecretsService. getTrustManager(Purpose<? extends CryptoKey> purpose, Options options)
Deprecated.SecretsTrustManager
SecretsService. getTrustManager(Purpose<? extends CryptoKey> purpose)
Constructs anX509ExtendedTrustManager
that will retrieve certificates from this secrets provider for the provided purpose.SecretsTrustManager
SecretsService. getTrustManager(Purpose<? extends CryptoKey> purpose, Options options)
Constructs anX509ExtendedTrustManager
that will retrieve certificates from this secrets provider for the provided purpose.SecretsTrustManager
SecretsServiceProvider. getTrustManager(Purpose<? extends CryptoKey> purpose)
SecretsTrustManager
SecretsServiceProvider. getTrustManager(Purpose<? extends CryptoKey> purpose, Options options)
-
Uses of CryptoKey in org.forgerock.secrets
Methods in org.forgerock.secrets with type parameters of type CryptoKey Modifier and Type Method Description <T extends CryptoKey>
KeyStoreSecretsProvider. asKeyStore(Purpose<T> purpose)
Returns a view of this secrets provider as a keystore for the given purpose.Methods in org.forgerock.secrets that return types with arguments of type CryptoKey Modifier and Type Method Description static SecretConstraint<CryptoKey>
SecretConstraint. allowedAlgorithm(String algorithm)
Enforces that the key is allowed to be used with the given algorithm.static SecretConstraint<CryptoKey>
SecretConstraint. allowedKeyUsages(Set<KeyUsage> keyUsages)
Enforces that the key satisfies at least one of the given key usage constraints.static SecretConstraint<CryptoKey>
SecretConstraint. allowedKeyUsages(KeyUsage first, KeyUsage... rest)
Enforces that the key satisfies at least one of the given key usage constraints.static SecretConstraint<CryptoKey>
SecretConstraint. ellipticCurveKeyParameters(ECParameterSpec requiredParameters)
Enforces that the key is an elliptic curve key with the given parameters.static SecretConstraint<CryptoKey>
SecretConstraint. keyAlgorithm(String keyAlgorithm)
Enforces a particular key algorithm (case insensitive).static SecretConstraint<CryptoKey>
SecretConstraint. requiredKeyUsages(Set<KeyUsage> keyUsages)
Enforces that the key satisfies all of the given key usage constraints.static SecretConstraint<CryptoKey>
SecretConstraint. requiredKeyUsages(KeyUsage first, KeyUsage... rest)
Enforces that the key satisfies all of the given key usage constraints.Method parameters in org.forgerock.secrets with type arguments of type CryptoKey Modifier and Type Method Description X509ExtendedKeyManager
SecretsProvider. getKeyManager(Purpose<? extends CryptoKey> purpose)
Returns aKeyManager
that can be used toinitialize an SSLContext
, allowing certificates and private keys to be retrieved from this secrets provider.X509ExtendedKeyManager
SecretsProvider. getKeyManager(Purpose<? extends CryptoKey> purpose, Options options)
Returns aKeyManager
that can be used toinitialize an SSLContext
, allowing certificates and private keys to be retrieved from this secrets provider.SecretsTrustManager
SecretsProvider. getTrustManager(Purpose<? extends CryptoKey> purpose)
Constructs anX509ExtendedTrustManager
that will retrieve certificates from this secrets provider for the provided purpose.SecretsTrustManager
SecretsProvider. getTrustManager(Purpose<? extends CryptoKey> purpose, Options options)
Constructs anX509ExtendedTrustManager
that will retrieve certificates from this secrets provider for the provided purpose.Constructor parameters in org.forgerock.secrets with type arguments of type CryptoKey Constructor Description SecretsLoadStoreParameter(SecretsProvider secretsProvider, Purpose<? extends CryptoKey> purpose, Clock clock)
Initialises the keystore with the given secrets API objects. -
Uses of CryptoKey in org.forgerock.secrets.jwkset
Methods in org.forgerock.secrets.jwkset with type parameters of type CryptoKey Modifier and Type Method Description <S extends CryptoKey>
Promise<S,NoSuchSecretException>JwkSetSecretStore. getNamed(Purpose<S> purpose, String name)
<S extends CryptoKey>
Promise<Stream<S>,NeverThrowsException>JwkSetSecretStore. getValid(Purpose<S> purpose)
Methods in org.forgerock.secrets.jwkset that return types with arguments of type CryptoKey Modifier and Type Method Description Class<CryptoKey>
JwkSetSecretStore. getStoredType()
Methods in org.forgerock.secrets.jwkset with parameters of type CryptoKey Modifier and Type Method Description JWK
JwkKeyFormat. export(CryptoKey key, Key rawKey)
-
Uses of CryptoKey in org.forgerock.secrets.keys
Classes in org.forgerock.secrets.keys with type parameters of type CryptoKey Modifier and Type Interface Description interface
DecryptionKey<T extends CryptoKey>
Marker interface for all key types that can be used for decryption.interface
EncryptionKey<T extends CryptoKey>
Marker interface for all key types that can be used for encryption.Subclasses of CryptoKey in org.forgerock.secrets.keys Modifier and Type Class Description class
CertificateVerificationKey
A key used for verifying certificate signatures.class
DataDecryptionKey
A key that is used for decrypting confidential data.class
DataEncryptionKey
A key that is used for encrypting confidential data.class
KeyAgreementKey
A key that is used in a key-agreement protocol (such as Diffie-Hellman) to agree another key.class
KeyDecryptionKey
A key that is used to decrypt (or "unwrap") other keys that have been encrypted with aKeyEncryptionKey
.class
KeyEncryptionKey
A key that is used to encrypt ("wrap") other keys.class
SigningKey
A key that is used for signing digital signatures.class
VerificationKey
A key used for verifying digital signatures.Methods in org.forgerock.secrets.keys that return types with arguments of type CryptoKey Modifier and Type Method Description Class<? extends CryptoKey>
KeyUsage. getKeyType()
The key type corresponding to this key usage.Methods in org.forgerock.secrets.keys with parameters of type CryptoKey Modifier and Type Method Description T
KeyFormat. export(CryptoKey key, Key rawKey)
Exports the given crypto key and raw key material.String
KeyFormatPem. export(CryptoKey key, Key rawKey)
Key
KeyFormatRaw. export(CryptoKey key, Key rawKey)
Method parameters in org.forgerock.secrets.keys with type arguments of type CryptoKey Modifier and Type Method Description static EnumSet<KeyUsage>
KeyUsage. forKeyType(Class<? extends CryptoKey> keyType)
Returns the set of all key usages that are applicable to the given key type. -
Uses of CryptoKey in org.forgerock.secrets.keystore
Methods in org.forgerock.secrets.keystore with type parameters of type CryptoKey Modifier and Type Method Description <S extends CryptoKey>
Promise<S,NoSuchSecretException>KeyStoreSecretStore. getActive(Purpose<S> purpose)
<S extends CryptoKey>
Promise<S,NoSuchSecretException>KeyStoreSecretStore. getNamed(Purpose<S> purpose, String id)
<S extends CryptoKey>
Promise<Stream<S>,NeverThrowsException>KeyStoreSecretStore. getValid(Purpose<S> purpose)
Methods in org.forgerock.secrets.keystore that return types with arguments of type CryptoKey Modifier and Type Method Description Class<CryptoKey>
KeyStoreSecretStore. getStoredType()
Method parameters in org.forgerock.secrets.keystore with type arguments of type CryptoKey Modifier and Type Method Description void
KeyStoreSecretStore. retire(Purpose<? extends CryptoKey> purpose, String oldAlias)
Retires a key previously used for a given purpose.void
KeyStoreSecretStore. rotate(Purpose<? extends CryptoKey> purpose, String newAlias)
Rotates the key associated with a given purpose.
-