001package com.nimbusds.openid.connect.provider.spi.grants; 002 003 004import net.minidev.json.JSONObject; 005 006import com.nimbusds.oauth2.sdk.ParseException; 007import com.nimbusds.oauth2.sdk.token.TokenEncoding; 008import com.nimbusds.oauth2.sdk.util.JSONObjectUtils; 009 010 011/** 012 * Access token specification.. 013 */ 014public class AccessTokenSpec extends TokenSpec { 015 016 017 /** 018 * The access token encoding. 019 */ 020 private final TokenEncoding encoding; 021 022 023 /** 024 * If {@code true} flags the access token for encryption. Applies to 025 * self-contained access tokens only. 026 */ 027 private final boolean encrypt; 028 029 030 /** 031 * Creates a new default access token specification. 032 */ 033 public AccessTokenSpec() { 034 035 this(0l, TokenEncoding.SELF_CONTAINED, false); 036 } 037 038 039 /** 040 * Creates a new access token specification. 041 * 042 * @param lifetime The access token lifetime, in seconds, zero if not 043 * specified (to apply the default configured lifetime 044 * for access tokens). 045 * @param encoding The access token encoding. Must not be {@code null}. 046 * @param encrypt If {@code true} flags the access token for 047 * encryption. Applies to self-contained (JWT) access 048 * tokens only. 049 */ 050 public AccessTokenSpec(final long lifetime, 051 final TokenEncoding encoding, 052 final boolean encrypt) { 053 054 super(lifetime); 055 056 if (encoding == null) { 057 throw new IllegalArgumentException("The access token encoding must not be null"); 058 } 059 060 this.encoding = encoding; 061 062 if (encoding.equals(TokenEncoding.SELF_CONTAINED)) { 063 // Only JWT tokens may be encrypted 064 this.encrypt = encrypt; 065 } else { 066 this.encrypt = false; 067 } 068 } 069 070 071 /** 072 * Returns the access token encoding. 073 * 074 * @return The access token encoding. 075 */ 076 public TokenEncoding getEncoding() { 077 078 return encoding; 079 } 080 081 082 /** 083 * Returns the access token encryption flag. 084 * 085 * @return If {@code true} the access token is flagged for encryption. 086 * Applies to self-contained access tokens only. 087 */ 088 public boolean encrypt() { 089 090 return encrypt; 091 } 092 093 094 @Override 095 public JSONObject toJSONObject() { 096 097 JSONObject o = super.toJSONObject(); 098 099 o.put("encoding", encoding.toString()); 100 101 if (encoding.equals(TokenEncoding.SELF_CONTAINED)) { 102 o.put("encrypt", encrypt); 103 } 104 105 return o; 106 } 107 108 109 /** 110 * Parses an access token specification from the specified JSON object. 111 * 112 * @param o The JSON object. Must not be {@code null}. 113 * 114 * @return The access token specification. 115 * 116 * @throws ParseException If parsing failed. 117 */ 118 public static AccessTokenSpec parse(final JSONObject o) 119 throws ParseException { 120 121 TokenSpec tokenSpec = TokenSpec.parse(o); 122 123 TokenEncoding encoding = TokenEncoding.SELF_CONTAINED; 124 boolean encrypt = false; 125 126 if (o.containsKey("encoding")) { 127 128 String c = JSONObjectUtils.getString(o, "encoding"); 129 130 try { 131 encoding = TokenEncoding.valueOf(c.toUpperCase()); 132 133 } catch (IllegalArgumentException e) { 134 135 throw new ParseException("Invalid access token encoding"); 136 } 137 } 138 139 if (encoding.equals(TokenEncoding.SELF_CONTAINED)) { 140 141 if (o.containsKey("encrypt")) { 142 143 encrypt = JSONObjectUtils.getBoolean(o, "encrypt"); 144 } 145 } 146 147 return new AccessTokenSpec(tokenSpec.getLifetime(), encoding, encrypt); 148 } 149}