Package org.forgerock.openam.sts.tokengeneration.oidc.crypto

Class OpenIdConnectTokenPKIProviderImpl

java.lang.Object

org.forgerock.openam.sts.tokengeneration.STSCryptoProviderBase

org.forgerock.openam.sts.tokengeneration.oidc.crypto.OpenIdConnectTokenPKIProviderImpl

All Implemented Interfaces:

OpenIdConnectTokenPKIProvider

public class OpenIdConnectTokenPKIProviderImpl
extends STSCryptoProviderBase
implements OpenIdConnectTokenPKIProvider

See Also:

OpenIdConnectTokenPKIProvider

Field Summary

Fields inherited from class org.forgerock.openam.sts.tokengeneration.STSCryptoProviderBase

JKS_KEYSTORE

Constructor Summary

Constructors

Constructor	Description
OpenIdConnectTokenPKIProviderImpl(OpenIdConnectTokenConfig tokenConfiguration)

Method Summary

Modifier and Type	Method	Description
X509Certificate[]	getProviderCertificateChain(String keyAlias)	Get the OpenIdConnect Provider's X509Certificate[] corresponding to their PrivateKeyEntry.
PrivateKey	getProviderPrivateKey(String keyAlias, String keyPassword)	Get the OpenIdConnect Provider's PrivateKey.

Methods inherited from class org.forgerock.openam.sts.tokengeneration.STSCryptoProviderBase

getPrivateKey, getX509Certificate, getX509CertificateChain

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

OpenIdConnectTokenPKIProviderImpl

public OpenIdConnectTokenPKIProviderImpl(OpenIdConnectTokenConfig tokenConfiguration)
                                  throws TokenCreationException

Throws:

TokenCreationException

Method Detail

getProviderPrivateKey

public PrivateKey getProviderPrivateKey(String keyAlias,
                                        String keyPassword)
                                 throws TokenCreationException

Description copied from interface: OpenIdConnectTokenPKIProvider

Get the OpenIdConnect Provider's PrivateKey. Used to sign the OpenIdConnect token.

Specified by:

getProviderPrivateKey in interface OpenIdConnectTokenPKIProvider

Parameters:

keyAlias - alias identifying the KeyStore PrivateKeyEntry

keyPassword - password for the PrivateKeyEntry

Returns:

the non-null PrivateKey corresponding to this entry.

Throws:

TokenCreationException - if a PrivateKey entry could not be found

getProviderCertificateChain

public X509Certificate[] getProviderCertificateChain(String keyAlias)
                                              throws TokenCreationException

Description copied from interface: OpenIdConnectTokenPKIProvider

Get the OpenIdConnect Provider's X509Certificate[] corresponding to their PrivateKeyEntry. Used to create the reference to the X509Certificate state corresponding to the OP's private key, as documented here: https://tools.ietf.org/html/draft-ietf-jose-json-web-signature-41#section-4.1

Specified by:

getProviderCertificateChain in interface OpenIdConnectTokenPKIProvider

Parameters:

keyAlias - alias identifying the PrivateKeyEntry

Returns:

the non-null X509Certificate[] corresponding to this entry, as returned from the underlying KeyStore. The leaf cert will be the first entry.

Throws:

TokenCreationException - if an entry could not be found