All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.nimbusds.openid.connect.sdk.federation.api.ResolveClaimsSet Maven / Gradle / Ivy

The newest version!
/*
 * oauth2-oidc-sdk
 *
 * Copyright 2012-2021, Connect2id Ltd and contributors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use
 * this file except in compliance with the License. You may obtain a copy of the
 * License at
 *
 *    http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software distributed
 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
 * CONDITIONS OF ANY KIND, either express or implied. See the License for the
 * specific language governing permissions and limitations under the License.
 */

package com.nimbusds.openid.connect.sdk.federation.api;


import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.oauth2.sdk.id.Issuer;
import com.nimbusds.oauth2.sdk.id.Subject;
import com.nimbusds.oauth2.sdk.util.CollectionUtils;
import com.nimbusds.oauth2.sdk.util.JSONObjectUtils;
import com.nimbusds.oauth2.sdk.util.MapUtils;
import com.nimbusds.openid.connect.sdk.federation.entities.CommonFederationClaimsSet;
import com.nimbusds.openid.connect.sdk.federation.entities.EntityID;
import com.nimbusds.openid.connect.sdk.federation.trust.TrustChain;
import net.minidev.json.JSONObject;

import java.util.*;


/**
 * Resolve response claims set.
 *
 * 

Related specifications: * *

    *
  • OpenID Connect Federation 1.0, section 7.2.2. *
*/ public class ResolveClaimsSet extends CommonFederationClaimsSet { /** * The trust chain claim name. */ public static final String TRUST_CHAIN_CLAIM_NAME = "trust_chain"; /** * The names of the standard top-level claims. */ private static final Set STD_CLAIM_NAMES; static { Set claimNames = new HashSet<>(); claimNames.add(ISS_CLAIM_NAME); claimNames.add(SUB_CLAIM_NAME); claimNames.add(IAT_CLAIM_NAME); claimNames.add(EXP_CLAIM_NAME); claimNames.add(METADATA_CLAIM_NAME); claimNames.add(TRUST_MARKS_CLAIM_NAME); claimNames.add(TRUST_CHAIN_CLAIM_NAME); STD_CLAIM_NAMES = Collections.unmodifiableSet(claimNames); } /** * Gets the names of the standard top-level claims. * * @return The names of the standard top-level claims (read-only set). */ public static Set getStandardClaimNames() { return STD_CLAIM_NAMES; } /** * Creates a new resolve response claims set with the minimum required * claims. * * @param iss The issuer. Must not be {@code null}. * @param sub The subject. Must not be {@code null}. * @param iat The issue time. Must not be {@code null}. * @param exp The expiration time. Must not be {@code null}. * @param metadata The metadata JSON object. Must not be {@code null}. */ public ResolveClaimsSet(final Issuer iss, final Subject sub, final Date iat, final Date exp, final JSONObject metadata) { this(new EntityID(iss.getValue()), new EntityID(sub.getValue()), iat, exp, metadata); } /** * Creates a new resolve response claims set with the minimum required * claims. * * @param iss The issuer. Must not be {@code null}. * @param sub The subject. Must not be {@code null}. * @param iat The issue time. Must not be {@code null}. * @param exp The expiration time. Must not be {@code null}. * @param metadata The metadata JSON object. Must not be {@code null}. */ public ResolveClaimsSet(final EntityID iss, final EntityID sub, final Date iat, final Date exp, final JSONObject metadata) { setClaim(ISS_CLAIM_NAME, iss.getValue()); setClaim(SUB_CLAIM_NAME, sub.getValue()); if (iat == null) { throw new IllegalArgumentException("The iat (issued-at) claim must not be null"); } setDateClaim(IAT_CLAIM_NAME, iat); if (exp == null) { throw new IllegalArgumentException("The exp (expiration) claim must not be null"); } setDateClaim(EXP_CLAIM_NAME, exp); if (metadata == null || metadata.isEmpty()) { throw new IllegalArgumentException("The metadata claim must not be null"); } setClaim(METADATA_CLAIM_NAME, metadata); } /** * Creates a new resolve response claims set from the specified JWT * claims set. * * @param jwtClaimsSet The JWT claims set. Must not be {@code null}. * * @throws ParseException If the JWT claims set doesn't represent a * valid resolve response claims set. */ public ResolveClaimsSet(final JWTClaimsSet jwtClaimsSet) throws ParseException { super(JSONObjectUtils.toJSONObject(jwtClaimsSet)); validateRequiredClaimsPresence(); } /** * Validates this claims set for having all minimum required claims for * a resolve response. * * @throws ParseException If the validation failed and a required claim * is missing. */ public void validateRequiredClaimsPresence() throws ParseException { super.validateRequiredClaimsPresence(); if (MapUtils.isEmpty(getJSONObjectClaim(METADATA_CLAIM_NAME))) { throw new ParseException("Missing metadata claim"); } } /** * Gets the trust chain. Corresponds to the {@code trust_chain} claim. * * @return The trust chain, {@code null} if not specified or parsing * failed. */ public TrustChain getTrustChain() { List chainJWTs = getStringListClaim(TRUST_CHAIN_CLAIM_NAME); if (CollectionUtils.isEmpty(chainJWTs)) { return null; } try { return TrustChain.parseSerialized(chainJWTs); } catch (ParseException e) { return null; } } /** * Sets the trust chain. Corresponds to the {@code trust_chain} claim. * * @param trustChain The trust chain, {@code null} if not specified. */ public void setTrustChain(final TrustChain trustChain) { if (trustChain != null) { setClaim(TRUST_CHAIN_CLAIM_NAME, trustChain.toSerializedJWTs()); } else { setClaim(TRUST_CHAIN_CLAIM_NAME, null); } } }




© 2015 - 2025 Weber Informatics LLC | Privacy Policy