• Home
• com.nimbusds
• oauth2-oidc-sdk
• 9.7
• source code
• CIBASignedRequestClaimsSet.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.nimbusds.oauth2.sdk.ciba.CIBASignedRequestClaimsSet Maven / Gradle / Ivy

/*
 * oauth2-oidc-sdk
 *
 * Copyright 2012-2021, Connect2id Ltd and contributors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use
 * this file except in compliance with the License. You may obtain a copy of the
 * License at
 *
 *    http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software distributed
 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
 * CONDITIONS OF ANY KIND, either express or implied. See the License for the
 * specific language governing permissions and limitations under the License.
 */

package com.nimbusds.oauth2.sdk.ciba;


import java.util.*;

import com.nimbusds.oauth2.sdk.id.Audience;
import com.nimbusds.oauth2.sdk.id.Issuer;
import com.nimbusds.oauth2.sdk.id.JWTID;
import com.nimbusds.openid.connect.sdk.claims.ClaimsSet;


/**
 * CIBA signed request claims set, serialisable to a JSON object.
 *
 * 
Example signed request claims set:
 *
 * 
 * {
 *   "iss": "s6BhdRkqt3",
 *   "aud": "https://server.example.com",
 *   "exp": 1537820086,
 *   "iat": 1537819486,
 *   "nbf": 1537818886,
 *   "jti": "4LTCqACC2ESC5BWCnN3j58EnA",
 *   "scope": "openid email example-scope",
 *   "client_notification_token": "8d67dc78-7faa-4d41-aabd-67707b374255",
 *   "binding_message": "W4SCT",
 *   "login_hint_token": "eyJraWQiOiJsdGFjZXNidyIsImFsZyI6IkVTMjU2I
 *     n0.eyJzdWJfaWQiOnsic3ViamVjdF90eXBlIjoicGhvbmUiLCJwaG9uZSI6I
 *     isxMzMwMjgxODAwNCJ9fQ.Kk8jcUbHjJAQkRSHyDuFQr3NMEOSJEZc85VfER
 *     74tX6J9CuUllr89WKUHUR7MA0-mWlptMRRhdgW1ZDt7g1uwQ"
 * }
 * 
 *
 * 
Related specifications:
 *
 * 

 *     
OpenID Connect CIBA Flow - Core 1.0, section 7.1.1.
 * 
 */
public class CIBASignedRequestClaimsSet extends ClaimsSet {
	
	
	/**
	 * The request claim name.
	 */
	public static final String REQUEST_CLAIM_NAME = "request";
	
	
	/**
	 * The issue time claim name.
	 */
	public static final String IAT_CLAIM_NAME = "iat";
	
	
	/**
	 * The not-before time claim name.
	 */
	public static final String NBF_CLAIM_NAME = "nbf";
	
	
	/**
	 * The expiration time claim name.
	 */
	public static final String EXP_CLAIM_NAME = "exp";
	
	
	/**
	 * The JWT ID claim name.
	 */
	public static final String JTI_CLAIM_NAME = "jti";
	
	
	/**
	 * The names of the standard top-level claims.
	 */
	private static final Set STD_CLAIM_NAMES;
	
	
	static {
		Set claimNames = new HashSet<>(ClaimsSet.getStandardClaimNames());
		claimNames.add(REQUEST_CLAIM_NAME);
		claimNames.add(ISS_CLAIM_NAME);
		claimNames.add(AUD_CLAIM_NAME);
		claimNames.add(IAT_CLAIM_NAME);
		claimNames.add(NBF_CLAIM_NAME);
		claimNames.add(EXP_CLAIM_NAME);
		claimNames.add(JTI_CLAIM_NAME);
		STD_CLAIM_NAMES = Collections.unmodifiableSet(claimNames);
	}
	
	
	/**
	 * Gets the names of the standard top-level claims.
	 *
	 * @return The names of the standard top-level claims (read-only set).
	 */
	public static Set getStandardClaimNames() {
		
		return STD_CLAIM_NAMES;
	}
	
	
	/**
	 * Creates a new CIBA signed request claims set.
	 *
	 * @param cibaPlainRequest The CIBA plain request to use. Must not be
	 *                         {@code null}.
	 * @param iss              The issuer, must be set to the
	 *                         {@code client_id}.
	 * @param aud              The audience, must be set to the OpenID
	 *                         provider / OAuth 2.0 authorisation server
	 *                         issuer URI.
	 * @param iat              The issue time. Must not be {@code null}.
	 * @param nbf              The not-before time. Must not be
	 *                         {@code null}.
	 * @param exp              The expiration time. Must not be
	 *                         {@code null}.
	 * @param jti              The JWT ID. Must not be {@code null}.
	 */
	public CIBASignedRequestClaimsSet(
		final CIBARequest cibaPlainRequest,
		final Issuer iss,
		final Audience aud,
		final Date iat,
		final Date nbf,
		final Date exp,
		final JWTID jti) {
		
		if (cibaPlainRequest.isSigned()) {
			throw new IllegalArgumentException("The CIBA request must be plain");
		}
		
		for (Map.Entry claim: cibaPlainRequest.toJWTClaimsSet().getClaims().entrySet()) {
			setClaim(claim.getKey(), claim.getValue());
		}
		
		setIssuer(Objects.requireNonNull(iss));
		setAudience(Objects.requireNonNull(aud));
		setDateClaim(IAT_CLAIM_NAME, Objects.requireNonNull(iat));
		setDateClaim(NBF_CLAIM_NAME, Objects.requireNonNull(nbf));
		setDateClaim(EXP_CLAIM_NAME, Objects.requireNonNull(exp));
		setClaim(JTI_CLAIM_NAME, jti.getValue());
	}
}