001package com.nimbusds.openid.connect.provider.spi.tokens;
002
003
004import java.time.Instant;
005import java.util.List;
006import java.util.Map;
007import java.util.Set;
008
009import com.nimbusds.langtag.LangTag;
010import com.nimbusds.oauth2.sdk.Scope;
011import com.nimbusds.oauth2.sdk.auth.X509CertificateConfirmation;
012import com.nimbusds.oauth2.sdk.id.*;
013import net.minidev.json.JSONObject;
014import org.apache.commons.lang3.builder.ToStringBuilder;
015
016
017/**
018 * Mutable access token authorisation.
019 */
020public final class MutableAccessTokenAuthorization implements AccessTokenAuthorization {
021        
022        
023        private Subject sub;
024        
025        
026        private Actor act;
027        
028        
029        private ClientID clientID;
030        
031        
032        private Scope scope;
033        
034        
035        private Instant exp;
036        
037        
038        private Instant iat;
039        
040        
041        private Issuer iss;
042        
043        
044        private List<Audience> audList;
045        
046        
047        private JWTID jti;
048        
049        
050        private Set<String> claimNames;
051        
052        
053        private List<LangTag> claimsLocales;
054        
055        
056        private JSONObject presetClaims;
057        
058        
059        private JSONObject data;
060        
061        
062        private X509CertificateConfirmation cnfX5t;
063        
064        
065        private Map<String, Object> otherTopLevelParams;
066        
067        
068        /**
069         * Creates a new empty mutable access token authorisation.
070         */
071        public MutableAccessTokenAuthorization() {
072        }
073        
074        
075        /**
076         * Creates a new mutable access token authorisation from the specified
077         * one.
078         *
079         * @param source The source access token authorisation. Must not be
080         *               {@code null}.
081         */
082        public MutableAccessTokenAuthorization(final AccessTokenAuthorization source) {
083                sub = source.getSubject();
084                act = source.getActor();
085                clientID = source.getClientID();
086                scope = source.getScope();
087                exp = source.getExpirationTime();
088                iat = source.getIssueTime();
089                iss = source.getIssuer();
090                audList = source.getAudienceList();
091                jti = source.getJWTID();
092                claimNames = source.getClaimNames();
093                claimsLocales = source.getClaimsLocales();
094                presetClaims = source.getPresetClaims();
095                data = source.getData();
096                cnfX5t = source.getClientCertificateConfirmation();
097                otherTopLevelParams = source.getOtherTopLevelParameters();
098        }
099        
100        
101        /**
102         * Sets the token subject.
103         *
104         * @param sub The subject, {@code null} if not specified.
105         *            
106         * @return This object.
107         */
108        public MutableAccessTokenAuthorization withSubject(final Subject sub) {
109                this.sub = sub;
110                return this;
111        }
112        
113        
114        @Override
115        public Subject getSubject() {
116                return sub;
117        }
118        
119        
120        /**
121         * Sets the token actor, in impersonation and delegation scenarios.
122         *
123         * @param act The actor, {@code null} if not specified.
124         *
125         * @return This object.
126         */
127        public MutableAccessTokenAuthorization withActor(final Actor act) {
128                this.act = act;
129                return this;
130        }
131        
132        
133        @Override
134        public Actor getActor() {
135                return act;
136        }
137        
138        
139        /**
140         * Sets the identifier of the client to which the token is issued.
141         *
142         * @param clientID The client identifier, {@code null} if not
143         *                 specified.
144         *
145         * @return This object.
146         */
147        public MutableAccessTokenAuthorization withClientID(final ClientID clientID) {
148                this.clientID = clientID;
149                return this;
150        }
151        
152        
153        @Override
154        public ClientID getClientID() {
155                return clientID;
156        }
157        
158        
159        /**
160         * Sets the scope of the token.
161         *
162         * @param scope The scope, {@code null} if not specified.
163         *
164         * @return This object.
165         */
166        public MutableAccessTokenAuthorization withScope(final Scope scope) {
167                this.scope = scope;
168                return this;
169        }
170        
171        
172        @Override
173        public Scope getScope() {
174                return scope;
175        }
176        
177        
178        /**
179         * Sets the expiration time of the token.
180         *
181         * @param exp The expiration time, {@code null} if not specified.
182         *
183         * @return This object.
184         */
185        public MutableAccessTokenAuthorization withExpirationTime(final Instant exp) {
186                this.exp = exp;
187                return this;
188        }
189        
190        
191        @Override
192        public Instant getExpirationTime() {
193                return exp;
194        }
195        
196        
197        /**
198         * Sets the issue time of the token.
199         *
200         * @param iat The issue time, {@code null} if not specified.
201         *
202         * @return This object.
203         */
204        public MutableAccessTokenAuthorization withIssueTime(final Instant iat) {
205                this.iat = iat;
206                return this;
207        }
208        
209        
210        @Override
211        public Instant getIssueTime() {
212                return iat;
213        }
214        
215        
216        /**
217         * Sets the issuer of the token.
218         *
219         * @param iss The issuer, {@code null} if not specified.
220         *
221         * @return This object.
222         */
223        public MutableAccessTokenAuthorization withIssuer(final Issuer iss) {
224                this.iss = iss;
225                return this;
226        }
227        
228        
229        @Override
230        public Issuer getIssuer() {
231                return iss;
232        }
233        
234        
235        /**
236         * Sets the audience list of the token, which may be the logical
237         * names of the intended resource servers.
238         *
239         * @param audList The audience list, {@code null} if not specified.
240         *
241         * @return This object.
242         */
243        public MutableAccessTokenAuthorization withAudienceList(final List<Audience> audList) {
244                this.audList = audList;
245                return this;
246        }
247        
248        
249        @Override
250        public List<Audience> getAudienceList() {
251                return audList;
252        }
253        
254        
255        /**
256         * Sets the JSON Web Token (JWT) identifier of the token.
257         *
258         * @param jti The JWT ID, {@code null} if not specified or applicable.
259         *
260         * @return This object.
261         */
262        public MutableAccessTokenAuthorization withJWTID(final JWTID jti) {
263                this.jti = jti;
264                return this;
265        }
266        
267        
268        @Override
269        public JWTID getJWTID() {
270                return jti;
271        }
272        
273        
274        /**
275         * Sets the names of the consented OpenID claims to be accessed at
276         * the UserInfo endpoint.
277         *
278         * @param claimNames The claim names, {@code null} if not specified.
279         *
280         * @return This object.
281         */
282        public MutableAccessTokenAuthorization withClaimNames(final Set<String> claimNames) {
283                this.claimNames = claimNames;
284                return this;
285        }
286        
287        
288        @Override
289        public Set<String> getClaimNames() {
290                return claimNames;
291        }
292        
293        
294        /**
295         * Sets the preferred locales for the consented OpenID claims.
296         *
297         * @param claimsLocales The preferred claims locales, {@code null} if
298         *                      not specified.
299         *
300         * @return This object.
301         */
302        public MutableAccessTokenAuthorization withClaimsLocales(final List<LangTag> claimsLocales) {
303                this.claimsLocales = claimsLocales;
304                return this;
305        }
306        
307        
308        @Override
309        public List<LangTag> getClaimsLocales() {
310                return claimsLocales;
311        }
312        
313        
314        /**
315         * Sets the preset OpenID claims to be included in the UserInfo
316         * response.
317         *
318         * @param presetClaims The preset OpenID claims, {@code null} if not
319         *                     specified.
320         *
321         * @return This object.
322         */
323        public MutableAccessTokenAuthorization withPresetClaims(final JSONObject presetClaims) {
324                this.presetClaims = presetClaims;
325                return this;
326        }
327        
328        
329        @Override
330        public JSONObject getPresetClaims() {
331                return presetClaims;
332        }
333        
334        
335        /**
336         * Sets the optional data for the token.
337         *
338         * @param data The optional data, represented as a JSON object,
339         *             {@code null} if not specified.
340         *
341         * @return This object.
342         */
343        public MutableAccessTokenAuthorization withData(final JSONObject data) {
344                this.data = data;
345                return this;
346        }
347        
348        
349        @Override
350        public JSONObject getData() {
351                return data;
352        }
353        
354        
355        /**
356         * Sets the client X.509 certificate confirmation (SHA-256 thumbprint)
357         * for mutual TLS.
358         *
359         * @param cnfX5t The client X.509 certificate confirmation,
360         *               {@code null} if not specified.
361         *
362         * @return This object.
363         */
364        public MutableAccessTokenAuthorization withClientCertificateConfirmation(final X509CertificateConfirmation cnfX5t) {
365                this.cnfX5t = cnfX5t;
366                return this;
367        }
368        
369        
370        @Override
371        public X509CertificateConfirmation getClientCertificateConfirmation() {
372                return cnfX5t;
373        }
374        
375        
376        /**
377         * Sets the other top-level parameters.
378         *
379         * @param params Other top-level parameters, the values should map to
380         *               JSON entities, {@code null} if none.
381         *
382         * @return This object.
383         */
384        public MutableAccessTokenAuthorization withOtherTopLevelParameters(final Map<String, Object> params) {
385                otherTopLevelParams = params;
386                return this;
387        }
388        
389        
390        @Override
391        public Map<String, Object> getOtherTopLevelParameters() {
392                return otherTopLevelParams;
393        }
394        
395        
396        @Override
397        public String toString() {
398                return new ToStringBuilder(this)
399                        .append("sub", sub)
400                        .append("act", act)
401                        .append("client_id", clientID)
402                        .append("scope", scope)
403                        .append("exp", exp)
404                        .append("iat", iat)
405                        .append("iss", iss)
406                        .append("aud", audList)
407                        .append("jti", jti)
408                        .append("claim_names", claimNames)
409                        .append("claims_locales", claimsLocales)
410                        .append("preset_claims", presetClaims)
411                        .append("data", data)
412                        .append("cnf", cnfX5t)
413                        .append("other", otherTopLevelParams)
414                        .toString();
415        }
416}