com.nimbusds.openid.connect.sdk.federation.api.ResolveClaimsSet Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of oauth2-oidc-sdk Show documentation
Show all versions of oauth2-oidc-sdk Show documentation
OAuth 2.0 SDK with OpenID Connection extensions for developing client
and server applications.
/*
* oauth2-oidc-sdk
*
* Copyright 2012-2021, Connect2id Ltd and contributors.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software distributed
* under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package com.nimbusds.openid.connect.sdk.federation.api;
import java.util.*;
import net.minidev.json.JSONObject;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.oauth2.sdk.id.Issuer;
import com.nimbusds.oauth2.sdk.id.Subject;
import com.nimbusds.oauth2.sdk.util.CollectionUtils;
import com.nimbusds.oauth2.sdk.util.JSONObjectUtils;
import com.nimbusds.oauth2.sdk.util.MapUtils;
import com.nimbusds.openid.connect.sdk.federation.entities.CommonFederationClaimsSet;
import com.nimbusds.openid.connect.sdk.federation.entities.EntityID;
import com.nimbusds.openid.connect.sdk.federation.trust.TrustChain;
/**
* Resolve response claims set.
*
* Related specifications:
*
*
* - OpenID Connect Federation 1.0, section 7.2.2.
*
*/
public class ResolveClaimsSet extends CommonFederationClaimsSet {
/**
* The trust chain claim name.
*/
public static final String TRUST_CHAIN_CLAIM_NAME = "trust_chain";
/**
* The names of the standard top-level claims.
*/
private static final Set STD_CLAIM_NAMES;
static {
Set claimNames = new HashSet<>();
claimNames.add(ISS_CLAIM_NAME);
claimNames.add(SUB_CLAIM_NAME);
claimNames.add(IAT_CLAIM_NAME);
claimNames.add(EXP_CLAIM_NAME);
claimNames.add(METADATA_CLAIM_NAME);
claimNames.add(TRUST_MARKS_CLAIM_NAME);
claimNames.add(TRUST_CHAIN_CLAIM_NAME);
STD_CLAIM_NAMES = Collections.unmodifiableSet(claimNames);
}
/**
* Gets the names of the standard top-level claims.
*
* @return The names of the standard top-level claims (read-only set).
*/
public static Set getStandardClaimNames() {
return STD_CLAIM_NAMES;
}
/**
* Creates a new resolve response claims set with the minimum required
* claims.
*
* @param iss The issuer. Must not be {@code null}.
* @param sub The subject. Must not be {@code null}.
* @param iat The issue time. Must not be {@code null}.
* @param exp The expiration time. Must not be {@code null}.
* @param metadata The metadata JSON object. Must not be {@code null}.
*/
public ResolveClaimsSet(final Issuer iss,
final Subject sub,
final Date iat,
final Date exp,
final JSONObject metadata) {
this(new EntityID(iss.getValue()), new EntityID(sub.getValue()), iat, exp, metadata);
}
/**
* Creates a new resolve response claims set with the minimum required
* claims.
*
* @param iss The issuer. Must not be {@code null}.
* @param sub The subject. Must not be {@code null}.
* @param iat The issue time. Must not be {@code null}.
* @param exp The expiration time. Must not be {@code null}.
* @param metadata The metadata JSON object. Must not be {@code null}.
*/
public ResolveClaimsSet(final EntityID iss,
final EntityID sub,
final Date iat,
final Date exp,
final JSONObject metadata) {
setClaim(ISS_CLAIM_NAME, iss.getValue());
setClaim(SUB_CLAIM_NAME, sub.getValue());
if (iat == null) {
throw new IllegalArgumentException("The iat (issued-at) claim must not be null");
}
setDateClaim(IAT_CLAIM_NAME, iat);
if (exp == null) {
throw new IllegalArgumentException("The exp (expiration) claim must not be null");
}
setDateClaim(EXP_CLAIM_NAME, exp);
if (metadata == null || metadata.isEmpty()) {
throw new IllegalArgumentException("The metadata claim must not be null");
}
setClaim(METADATA_CLAIM_NAME, metadata);
}
/**
* Creates a new resolve response claims set from the specified JWT
* claims set.
*
* @param jwtClaimsSet The JWT claims set. Must not be {@code null}.
*
* @throws ParseException If the JWT claims set doesn't represent a
* valid resolve response claims set.
*/
public ResolveClaimsSet(final JWTClaimsSet jwtClaimsSet)
throws ParseException {
super(JSONObjectUtils.toJSONObject(jwtClaimsSet));
validateRequiredClaimsPresence();
}
/**
* Validates this claims set for having all minimum required claims for
* a resolve response.
*
* @throws ParseException If the validation failed and a required claim
* is missing.
*/
public void validateRequiredClaimsPresence()
throws ParseException {
super.validateRequiredClaimsPresence();
if (MapUtils.isEmpty(getJSONObjectClaim(METADATA_CLAIM_NAME))) {
throw new ParseException("Missing metadata claim");
}
}
/**
* Gets the trust chain. Corresponds to the {@code trust_chain} claim.
*
* @return The trust chain, {@code null} if not specified or parsing
* failed.
*/
public TrustChain getTrustChain() {
List chainJWTs = getStringListClaim(TRUST_CHAIN_CLAIM_NAME);
if (CollectionUtils.isEmpty(chainJWTs)) {
return null;
}
try {
return TrustChain.parseSerialized(chainJWTs);
} catch (ParseException e) {
return null;
}
}
/**
* Sets the trust chain. Corresponds to the {@code trust_chain} claim.
*
* @param trustChain The trust chain, {@code null} if not specified.
*/
public void setTrustChain(final TrustChain trustChain) {
if (trustChain != null) {
setClaim(TRUST_CHAIN_CLAIM_NAME, trustChain.toSerializedJWTs());
} else {
setClaim(TRUST_CHAIN_CLAIM_NAME, null);
}
}
}