001package com.nimbusds.openid.connect.provider.spi.tokens;
002
003
004import java.time.Instant;
005import java.util.List;
006import java.util.Map;
007import java.util.Set;
008import java.util.StringJoiner;
009
010import net.minidev.json.JSONObject;
011
012import com.nimbusds.langtag.LangTag;
013import com.nimbusds.oauth2.sdk.Scope;
014import com.nimbusds.oauth2.sdk.auth.X509CertificateConfirmation;
015import com.nimbusds.oauth2.sdk.id.*;
016
017
018/**
019 * Mutable access token authorisation.
020 */
021public final class MutableAccessTokenAuthorization implements AccessTokenAuthorization {
022        
023        
024        private Subject sub;
025        
026        
027        private Actor act;
028        
029        
030        private ClientID clientID;
031        
032        
033        private Scope scope;
034        
035        
036        private Instant exp;
037        
038        
039        private Instant iat;
040        
041        
042        private Issuer iss;
043        
044        
045        private List<Audience> audList;
046        
047        
048        private JWTID jti;
049        
050        
051        private Set<String> claimNames;
052        
053        
054        private List<LangTag> claimsLocales;
055        
056        
057        private JSONObject presetClaims;
058        
059        
060        private JSONObject claimsData;
061        
062        
063        private JSONObject data;
064        
065        
066        private X509CertificateConfirmation cnfX5t;
067        
068        
069        private Map<String, Object> otherTopLevelParams;
070        
071        
072        /**
073         * Creates a new empty mutable access token authorisation.
074         */
075        public MutableAccessTokenAuthorization() {
076        }
077        
078        
079        /**
080         * Creates a new mutable access token authorisation from the specified
081         * one.
082         *
083         * @param source The source access token authorisation. Must not be
084         *               {@code null}.
085         */
086        public MutableAccessTokenAuthorization(final AccessTokenAuthorization source) {
087                sub = source.getSubject();
088                act = source.getActor();
089                clientID = source.getClientID();
090                scope = source.getScope();
091                exp = source.getExpirationTime();
092                iat = source.getIssueTime();
093                iss = source.getIssuer();
094                audList = source.getAudienceList();
095                jti = source.getJWTID();
096                claimNames = source.getClaimNames();
097                claimsLocales = source.getClaimsLocales();
098                presetClaims = source.getPresetClaims();
099                claimsData = source.getClaimsData();
100                data = source.getData();
101                cnfX5t = source.getClientCertificateConfirmation();
102                otherTopLevelParams = source.getOtherTopLevelParameters();
103        }
104        
105        
106        /**
107         * Sets the token subject.
108         *
109         * @param sub The subject, {@code null} if not specified.
110         *            
111         * @return This object.
112         */
113        public MutableAccessTokenAuthorization withSubject(final Subject sub) {
114                this.sub = sub;
115                return this;
116        }
117        
118        
119        @Override
120        public Subject getSubject() {
121                return sub;
122        }
123        
124        
125        /**
126         * Sets the token actor, in impersonation and delegation scenarios.
127         *
128         * @param act The actor, {@code null} if not specified.
129         *
130         * @return This object.
131         */
132        public MutableAccessTokenAuthorization withActor(final Actor act) {
133                this.act = act;
134                return this;
135        }
136        
137        
138        @Override
139        public Actor getActor() {
140                return act;
141        }
142        
143        
144        /**
145         * Sets the identifier of the client to which the token is issued.
146         *
147         * @param clientID The client identifier, {@code null} if not
148         *                 specified.
149         *
150         * @return This object.
151         */
152        public MutableAccessTokenAuthorization withClientID(final ClientID clientID) {
153                this.clientID = clientID;
154                return this;
155        }
156        
157        
158        @Override
159        public ClientID getClientID() {
160                return clientID;
161        }
162        
163        
164        /**
165         * Sets the scope of the token.
166         *
167         * @param scope The scope, {@code null} if not specified.
168         *
169         * @return This object.
170         */
171        public MutableAccessTokenAuthorization withScope(final Scope scope) {
172                this.scope = scope;
173                return this;
174        }
175        
176        
177        @Override
178        public Scope getScope() {
179                return scope;
180        }
181        
182        
183        /**
184         * Sets the expiration time of the token.
185         *
186         * @param exp The expiration time, {@code null} if not specified.
187         *
188         * @return This object.
189         */
190        public MutableAccessTokenAuthorization withExpirationTime(final Instant exp) {
191                this.exp = exp;
192                return this;
193        }
194        
195        
196        @Override
197        public Instant getExpirationTime() {
198                return exp;
199        }
200        
201        
202        /**
203         * Sets the issue time of the token.
204         *
205         * @param iat The issue time, {@code null} if not specified.
206         *
207         * @return This object.
208         */
209        public MutableAccessTokenAuthorization withIssueTime(final Instant iat) {
210                this.iat = iat;
211                return this;
212        }
213        
214        
215        @Override
216        public Instant getIssueTime() {
217                return iat;
218        }
219        
220        
221        /**
222         * Sets the issuer of the token.
223         *
224         * @param iss The issuer, {@code null} if not specified.
225         *
226         * @return This object.
227         */
228        public MutableAccessTokenAuthorization withIssuer(final Issuer iss) {
229                this.iss = iss;
230                return this;
231        }
232        
233        
234        @Override
235        public Issuer getIssuer() {
236                return iss;
237        }
238        
239        
240        /**
241         * Sets the audience list of the token, which may be the logical
242         * names of the intended resource servers.
243         *
244         * @param audList The audience list, {@code null} if not specified.
245         *
246         * @return This object.
247         */
248        public MutableAccessTokenAuthorization withAudienceList(final List<Audience> audList) {
249                this.audList = audList;
250                return this;
251        }
252        
253        
254        @Override
255        public List<Audience> getAudienceList() {
256                return audList;
257        }
258        
259        
260        /**
261         * Sets the JSON Web Token (JWT) identifier of the token.
262         *
263         * @param jti The JWT ID, {@code null} if not specified or applicable.
264         *
265         * @return This object.
266         */
267        public MutableAccessTokenAuthorization withJWTID(final JWTID jti) {
268                this.jti = jti;
269                return this;
270        }
271        
272        
273        @Override
274        public JWTID getJWTID() {
275                return jti;
276        }
277        
278        
279        /**
280         * Sets the names of the consented OpenID claims to be accessed at
281         * the UserInfo endpoint.
282         *
283         * @param claimNames The claim names, {@code null} if not specified.
284         *
285         * @return This object.
286         */
287        public MutableAccessTokenAuthorization withClaimNames(final Set<String> claimNames) {
288                this.claimNames = claimNames;
289                return this;
290        }
291        
292        
293        @Override
294        public Set<String> getClaimNames() {
295                return claimNames;
296        }
297        
298        
299        /**
300         * Sets the preferred locales for the consented OpenID claims.
301         *
302         * @param claimsLocales The preferred claims locales, {@code null} if
303         *                      not specified.
304         *
305         * @return This object.
306         */
307        public MutableAccessTokenAuthorization withClaimsLocales(final List<LangTag> claimsLocales) {
308                this.claimsLocales = claimsLocales;
309                return this;
310        }
311        
312        
313        @Override
314        public List<LangTag> getClaimsLocales() {
315                return claimsLocales;
316        }
317        
318        
319        /**
320         * Sets the preset OpenID claims to be included in the UserInfo
321         * response.
322         *
323         * @param presetClaims The preset OpenID claims, {@code null} if not
324         *                     specified.
325         *
326         * @return This object.
327         */
328        public MutableAccessTokenAuthorization withPresetClaims(final JSONObject presetClaims) {
329                this.presetClaims = presetClaims;
330                return this;
331        }
332        
333        
334        @Override
335        public JSONObject getPresetClaims() {
336                return presetClaims;
337        }
338        
339        
340        /**
341         * Sets the claims fulfillment data for the claims source at the
342         * UserInfo endpoint.
343         *
344         * @param claimsData The claims fulfillment data, {@code null} if not
345         *                   specified.
346         *
347         * @return This object.
348         */
349        public MutableAccessTokenAuthorization withClaimsData(final JSONObject claimsData) {
350                this.claimsData = claimsData;
351                return this;
352        }
353        
354        
355        @Override
356        public JSONObject getClaimsData() {
357                return claimsData;
358        }
359        
360        
361        /**
362         * Sets the optional data for the token.
363         *
364         * @param data The optional data, represented as a JSON object,
365         *             {@code null} if not specified.
366         *
367         * @return This object.
368         */
369        public MutableAccessTokenAuthorization withData(final JSONObject data) {
370                this.data = data;
371                return this;
372        }
373        
374        
375        @Override
376        public JSONObject getData() {
377                return data;
378        }
379        
380        
381        /**
382         * Sets the client X.509 certificate confirmation (SHA-256 thumbprint)
383         * for mutual TLS.
384         *
385         * @param cnfX5t The client X.509 certificate confirmation,
386         *               {@code null} if not specified.
387         *
388         * @return This object.
389         */
390        public MutableAccessTokenAuthorization withClientCertificateConfirmation(final X509CertificateConfirmation cnfX5t) {
391                this.cnfX5t = cnfX5t;
392                return this;
393        }
394        
395        
396        @Override
397        public X509CertificateConfirmation getClientCertificateConfirmation() {
398                return cnfX5t;
399        }
400        
401        
402        /**
403         * Sets the other top-level parameters.
404         *
405         * @param params Other top-level parameters, the values should map to
406         *               JSON entities, {@code null} if none.
407         *
408         * @return This object.
409         */
410        public MutableAccessTokenAuthorization withOtherTopLevelParameters(final Map<String, Object> params) {
411                otherTopLevelParams = params;
412                return this;
413        }
414        
415        
416        @Override
417        public Map<String, Object> getOtherTopLevelParameters() {
418                return otherTopLevelParams;
419        }
420        
421        
422        @Override
423        public String toString() {
424                return new StringJoiner(", ", MutableAccessTokenAuthorization.class.getSimpleName() + "[", "]")
425                        .add("sub=" + sub)
426                        .add("act=" + act)
427                        .add("clientID=" + clientID)
428                        .add("scope=" + scope)
429                        .add("exp=" + exp)
430                        .add("iat=" + iat)
431                        .add("iss=" + iss)
432                        .add("audList=" + audList)
433                        .add("jti=" + jti)
434                        .add("claimNames=" + claimNames)
435                        .add("claimsLocales=" + claimsLocales)
436                        .add("presetClaims=" + presetClaims)
437                        .add("claimsData=" + claimsData)
438                        .add("data=" + data)
439                        .add("cnfX5t=" + cnfX5t)
440                        .add("otherTopLevelParams=" + otherTopLevelParams)
441                        .toString();
442        }
443}