* Parses the role set from a string.
     * @param value The string to parse.
     * @param encrypted Whether the string is encrypted.
     * @param roleSet The set of roles.
     */
    protected void parseRoleSet(final String value, final boolean encrypted, final Set<String> roleSet) {
        String rolesStr = value;
        if (encrypted && cipher != null) {
            try {
                rolesStr = cipher.decryptoText(rolesStr);

* Nginx
* HAProxy

## Let's Encrypt { #lets-encrypt }

Antes de Let's Encrypt, estos **certificados HTTPS** eran vendidos por terceros.

El proceso para adquirir uno de estos certificados solía ser complicado, requerir bastante papeleo y los certificados eran bastante costosos.

Pero luego se creó **<a href="https://letsencrypt.org/" class="external-link" target="_blank">Let's Encrypt</a>**.

No es muy popular o usado hoy en día.

OAuth2 no especifica cómo encriptar la comunicación, espera que tengas tu aplicación servida con HTTPS.

/// tip | Consejo

En la sección sobre **deployment** verás cómo configurar HTTPS de forma gratuita, usando Traefik y Let's Encrypt.

///

## OpenID Connect { #openid-connect }

/// tip | Dica

Na seção sobre **deployment** você irá ver como configurar HTTPS de modo gratuito, usando Traefik e Let’s Encrypt.

///

## OpenID Connect { #openid-connect }

OpenID Connect é outra especificação, baseada em **OAuth2**.

/// tip | Подсказка

В разделе **Развертывание** вы увидите как настроить протокол HTTPS бесплатно, используя Traefik и Let's Encrypt.

///

## OpenID Connect { #openid-connect }

OpenID Connect - это еще один протокол, основанный на **OAuth2**.

    /** Queries field name. */
    public static final String QUERIES = "queries";

    /** Virtual hosts field name. */
    public static final String VIRTUAL_HOSTS = "virtualHosts";

    /** Prefix for encrypted/ciphered values. */
    public static final String CIPHER_PREFIX = "{cipher}";

    /** System user identifier. */
    public static final String SYSTEM_USER = "system";

    /** Empty user ID placeholder. */

app.cipher.algorism=aes
# Secret key for encryption (change this value for production).
app.cipher.key=___change__me___
# Algorithm for digest calculation.
app.digest.algorism=sha256
# Regex pattern for properties to encrypt.
app.encrypt.property.pattern=.*password|.*key|.*token|.*secret

# Extension names for application customization.
app.extension.names=

# Audit log format.
app.audit.log.format=

# JVM options for the crawler process.

    }

    default void setLdapAdminSecurityCredentials(final String value) {
        setSystemProperty(Constants.LDAP_ADMIN_SECURITY_CREDENTIALS,
                Constants.CIPHER_PREFIX + ComponentUtil.getPrimaryCipher().encrypt(value));
    }

    default String getLdapAdminSecurityCredentials() {
        final String value = getSystemProperty(Constants.LDAP_ADMIN_SECURITY_CREDENTIALS);

html. if pub.E > 1<<31-1 { return false, errors.New("crypto/rsa: public exponent too large") } return fipsApproved, nil } // Encrypt performs the RSA public key operation. func Encrypt(pub *PublicKey, plaintext []byte) ([]byte, error) { fips140.RecordNonApproved() if _, err := checkPublicKey(pub); err != nil { return nil, err } return encrypt(pub, plaintext) } func encrypt(pub *PublicKey, plaintext []byte) ([]byte, error) { m, err := bigmod.NewNat().SetBytes(plaintext, pub.N) if err != nil { return...

     */
    String getAppDigestAlgorism();

    /**
     * Get the value for the key 'app.encrypt.property.pattern'. <br>
     * The value is, e.g. .*password|.*key|.*token|.*secret <br>
     * comment: Regex pattern for properties to encrypt.
     * @return The value of found property. (NotNull: if not found, exception but basically no way)
     */