All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.nimbusds.oauth2.sdk.auth.X509CertificateConfirmation Maven / Gradle / Ivy

Go to download

OAuth 2.0 SDK with OpenID Connection extensions for developing client and server applications.

There is a newer version: 11.20.1
Show newest version
/*
 * oauth2-oidc-sdk
 *
 * Copyright 2012-2016, Connect2id Ltd and contributors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use
 * this file except in compliance with the License. You may obtain a copy of the
 * License at
 *
 *    http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software distributed
 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
 * CONDITIONS OF ANY KIND, either express or implied. See the License for the
 * specific language governing permissions and limitations under the License.
 */

package com.nimbusds.oauth2.sdk.auth;


import java.security.cert.X509Certificate;
import java.util.AbstractMap;
import java.util.Map;
import java.util.Objects;

import net.jcip.annotations.Immutable;
import net.minidev.json.JSONObject;

import com.nimbusds.jose.util.Base64URL;
import com.nimbusds.jose.util.X509CertUtils;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.oauth2.sdk.util.JSONObjectUtils;


/**
 * X.509 certificate SHA-256 confirmation.
 */
@Immutable
public final class X509CertificateConfirmation {
	
	
	/**
	 * The X.509 certificate SHA-256 thumbprint.
	 */
	private final Base64URL x5tS256;
	
	
	/**
	 * Creates a new X.509 certificate SHA-256 confirmation.
	 *
	 * @param x5tS256 The X.509 certificate SHA-256 thumbprint. Must not
	 *                be {@code null}.
	 */
	public X509CertificateConfirmation(final Base64URL x5tS256) {
		
		if (x5tS256 == null) {
			throw new IllegalArgumentException("The X.509 certificate thumbprint must not be null");
		}
		
		this.x5tS256 = x5tS256;
	}
	
	
	/**
	 * Returns the X.509 certificate SHA-256 thumbprint.
	 *
	 * @return The X.509 certificate SHA-256 thumbprint.
	 */
	public Base64URL getValue() {
		
		return x5tS256;
	}
	
	
	/**
	 * Returns this X.509 certificate SHA-256 confirmation as a JSON
	 * object.
	 *
	 * 

Example: * *

	 * {
	 *   "cnf" : { "x5t#S256" : "bwcK0esc3ACC3DB2Y5_lESsXE8o9ltc05O89jdN-dg2" }
	 * }
	 * 
* * @return The JSON object. */ public JSONObject toJSONObject() { JSONObject jsonObject = new JSONObject(); Map.Entry cnfClaim = toJWTClaim(); jsonObject.put(cnfClaim.getKey(), cnfClaim.getValue()); return jsonObject; } /** * Returns this X.509 certificate SHA-256 confirmation as a JWT claim. * *

Example: * *

	 * "cnf" : { "x5t#S256" : "bwcK0esc3ACC3DB2Y5_lESsXE8o9ltc05O89jdN-dg2" }
	 * 
* * @return The JWT claim name / value. */ public Map.Entry toJWTClaim() { JSONObject cnf = new JSONObject(); cnf.put("x5t#S256", x5tS256.toString()); return new AbstractMap.SimpleImmutableEntry<>( "cnf", cnf ); } /** * Applies this X.509 certificate SHA-256 confirmation to the specified * JWT claims set. * * @param jwtClaimsSet The JWT claims set. * * @return The modified JWT claims set. */ public JWTClaimsSet applyTo(final JWTClaimsSet jwtClaimsSet) { Map.Entry cnfClaim = toJWTClaim(); return new JWTClaimsSet.Builder(jwtClaimsSet) .claim(cnfClaim.getKey(), cnfClaim.getValue()) .build(); } @Override public String toString() { return toJSONObject().toJSONString(); } @Override public boolean equals(Object o) { if (this == o) return true; if (!(o instanceof X509CertificateConfirmation)) return false; X509CertificateConfirmation that = (X509CertificateConfirmation) o; return x5tS256.equals(that.x5tS256); } @Override public int hashCode() { return Objects.hash(x5tS256); } /** * Parses a X.509 certificate confirmation from the specified JWT * claims set. * * @param jwtClaimsSet The JWT claims set. * * @return The X.509 certificate confirmation, {@code null} if not * found. */ public static X509CertificateConfirmation parse(final JWTClaimsSet jwtClaimsSet) { Map jsonObjectClaim; try { jsonObjectClaim = jwtClaimsSet.getJSONObjectClaim("cnf"); } catch (java.text.ParseException e) { return null; } if (jsonObjectClaim == null) { return null; } return parseFromConfirmationJSONObject(new JSONObject(jsonObjectClaim)); } /** * Parses a X.509 certificate confirmation from the specified JSON * object representation of a JWT claims set. * * @param jsonObject The JSON object. * * @return The X.509 certificate confirmation, {@code null} if not * found. */ public static X509CertificateConfirmation parse(final JSONObject jsonObject) { if (! jsonObject.containsKey("cnf")) { return null; } try { return parseFromConfirmationJSONObject(JSONObjectUtils.getJSONObject(jsonObject, "cnf")); } catch (ParseException e) { return null; } } /** * Parses a X.509 certificate confirmation from the specified * confirmation ("cnf") JSON object. * * @param cnf The confirmation JSON object, {@code null} if none. * * @return The X.509 certificate confirmation, {@code null} if not * found. */ public static X509CertificateConfirmation parseFromConfirmationJSONObject(final JSONObject cnf) { if (cnf == null) { return null; } try { String x5tString = JSONObjectUtils.getString(cnf, "x5t#S256"); return new X509CertificateConfirmation(new Base64URL(x5tString)); } catch (ParseException e) { return null; } } /** * Creates a confirmation of the specified X.509 certificate. * * @param x509Cert The X.509 certificate. * * @return The X.509 certificate confirmation. */ public static X509CertificateConfirmation of(final X509Certificate x509Cert) { return new X509CertificateConfirmation(X509CertUtils.computeSHA256Thumbprint(x509Cert)); } }




© 2015 - 2024 Weber Informatics LLC | Privacy Policy