001package com.nimbusds.openid.connect.provider.spi.tokens; 002 003 004import java.time.Instant; 005import java.util.List; 006import java.util.Map; 007import java.util.Set; 008import java.util.StringJoiner; 009 010import net.minidev.json.JSONObject; 011 012import com.nimbusds.langtag.LangTag; 013import com.nimbusds.oauth2.sdk.Scope; 014import com.nimbusds.oauth2.sdk.auth.X509CertificateConfirmation; 015import com.nimbusds.oauth2.sdk.id.*; 016 017 018/** 019 * Mutable access token authorisation. 020 */ 021public final class MutableAccessTokenAuthorization implements AccessTokenAuthorization { 022 023 024 private Subject sub; 025 026 027 private Actor act; 028 029 030 private ClientID clientID; 031 032 033 private Scope scope; 034 035 036 private Instant exp; 037 038 039 private Instant iat; 040 041 042 private Issuer iss; 043 044 045 private List<Audience> audList; 046 047 048 private JWTID jti; 049 050 051 private Set<String> claimNames; 052 053 054 private List<LangTag> claimsLocales; 055 056 057 private JSONObject presetClaims; 058 059 060 private JSONObject claimsData; 061 062 063 private JSONObject data; 064 065 066 private X509CertificateConfirmation cnfX5t; 067 068 069 private Map<String, Object> otherTopLevelParams; 070 071 072 /** 073 * Creates a new empty mutable access token authorisation. 074 */ 075 public MutableAccessTokenAuthorization() { 076 } 077 078 079 /** 080 * Creates a new mutable access token authorisation from the specified 081 * one. 082 * 083 * @param source The source access token authorisation. Must not be 084 * {@code null}. 085 */ 086 public MutableAccessTokenAuthorization(final AccessTokenAuthorization source) { 087 sub = source.getSubject(); 088 act = source.getActor(); 089 clientID = source.getClientID(); 090 scope = source.getScope(); 091 exp = source.getExpirationTime(); 092 iat = source.getIssueTime(); 093 iss = source.getIssuer(); 094 audList = source.getAudienceList(); 095 jti = source.getJWTID(); 096 claimNames = source.getClaimNames(); 097 claimsLocales = source.getClaimsLocales(); 098 presetClaims = source.getPresetClaims(); 099 claimsData = source.getClaimsData(); 100 data = source.getData(); 101 cnfX5t = source.getClientCertificateConfirmation(); 102 otherTopLevelParams = source.getOtherTopLevelParameters(); 103 } 104 105 106 /** 107 * Sets the token subject. 108 * 109 * @param sub The subject, {@code null} if not specified. 110 * 111 * @return This object. 112 */ 113 public MutableAccessTokenAuthorization withSubject(final Subject sub) { 114 this.sub = sub; 115 return this; 116 } 117 118 119 @Override 120 public Subject getSubject() { 121 return sub; 122 } 123 124 125 /** 126 * Sets the token actor, in impersonation and delegation scenarios. 127 * 128 * @param act The actor, {@code null} if not specified. 129 * 130 * @return This object. 131 */ 132 public MutableAccessTokenAuthorization withActor(final Actor act) { 133 this.act = act; 134 return this; 135 } 136 137 138 @Override 139 public Actor getActor() { 140 return act; 141 } 142 143 144 /** 145 * Sets the identifier of the client to which the token is issued. 146 * 147 * @param clientID The client identifier, {@code null} if not 148 * specified. 149 * 150 * @return This object. 151 */ 152 public MutableAccessTokenAuthorization withClientID(final ClientID clientID) { 153 this.clientID = clientID; 154 return this; 155 } 156 157 158 @Override 159 public ClientID getClientID() { 160 return clientID; 161 } 162 163 164 /** 165 * Sets the scope of the token. 166 * 167 * @param scope The scope, {@code null} if not specified. 168 * 169 * @return This object. 170 */ 171 public MutableAccessTokenAuthorization withScope(final Scope scope) { 172 this.scope = scope; 173 return this; 174 } 175 176 177 @Override 178 public Scope getScope() { 179 return scope; 180 } 181 182 183 /** 184 * Sets the expiration time of the token. 185 * 186 * @param exp The expiration time, {@code null} if not specified. 187 * 188 * @return This object. 189 */ 190 public MutableAccessTokenAuthorization withExpirationTime(final Instant exp) { 191 this.exp = exp; 192 return this; 193 } 194 195 196 @Override 197 public Instant getExpirationTime() { 198 return exp; 199 } 200 201 202 /** 203 * Sets the issue time of the token. 204 * 205 * @param iat The issue time, {@code null} if not specified. 206 * 207 * @return This object. 208 */ 209 public MutableAccessTokenAuthorization withIssueTime(final Instant iat) { 210 this.iat = iat; 211 return this; 212 } 213 214 215 @Override 216 public Instant getIssueTime() { 217 return iat; 218 } 219 220 221 /** 222 * Sets the issuer of the token. 223 * 224 * @param iss The issuer, {@code null} if not specified. 225 * 226 * @return This object. 227 */ 228 public MutableAccessTokenAuthorization withIssuer(final Issuer iss) { 229 this.iss = iss; 230 return this; 231 } 232 233 234 @Override 235 public Issuer getIssuer() { 236 return iss; 237 } 238 239 240 /** 241 * Sets the audience list of the token, which may be the logical 242 * names of the intended resource servers. 243 * 244 * @param audList The audience list, {@code null} if not specified. 245 * 246 * @return This object. 247 */ 248 public MutableAccessTokenAuthorization withAudienceList(final List<Audience> audList) { 249 this.audList = audList; 250 return this; 251 } 252 253 254 @Override 255 public List<Audience> getAudienceList() { 256 return audList; 257 } 258 259 260 /** 261 * Sets the JSON Web Token (JWT) identifier of the token. 262 * 263 * @param jti The JWT ID, {@code null} if not specified or applicable. 264 * 265 * @return This object. 266 */ 267 public MutableAccessTokenAuthorization withJWTID(final JWTID jti) { 268 this.jti = jti; 269 return this; 270 } 271 272 273 @Override 274 public JWTID getJWTID() { 275 return jti; 276 } 277 278 279 /** 280 * Sets the names of the consented OpenID claims to be accessed at 281 * the UserInfo endpoint. 282 * 283 * @param claimNames The claim names, {@code null} if not specified. 284 * 285 * @return This object. 286 */ 287 public MutableAccessTokenAuthorization withClaimNames(final Set<String> claimNames) { 288 this.claimNames = claimNames; 289 return this; 290 } 291 292 293 @Override 294 public Set<String> getClaimNames() { 295 return claimNames; 296 } 297 298 299 /** 300 * Sets the preferred locales for the consented OpenID claims. 301 * 302 * @param claimsLocales The preferred claims locales, {@code null} if 303 * not specified. 304 * 305 * @return This object. 306 */ 307 public MutableAccessTokenAuthorization withClaimsLocales(final List<LangTag> claimsLocales) { 308 this.claimsLocales = claimsLocales; 309 return this; 310 } 311 312 313 @Override 314 public List<LangTag> getClaimsLocales() { 315 return claimsLocales; 316 } 317 318 319 /** 320 * Sets the preset OpenID claims to be included in the UserInfo 321 * response. 322 * 323 * @param presetClaims The preset OpenID claims, {@code null} if not 324 * specified. 325 * 326 * @return This object. 327 */ 328 public MutableAccessTokenAuthorization withPresetClaims(final JSONObject presetClaims) { 329 this.presetClaims = presetClaims; 330 return this; 331 } 332 333 334 @Override 335 public JSONObject getPresetClaims() { 336 return presetClaims; 337 } 338 339 340 /** 341 * Sets the claims fulfillment data for the claims source at the 342 * UserInfo endpoint. 343 * 344 * @param claimsData The claims fulfillment data, {@code null} if not 345 * specified. 346 * 347 * @return This object. 348 */ 349 public MutableAccessTokenAuthorization withClaimsData(final JSONObject claimsData) { 350 this.claimsData = claimsData; 351 return this; 352 } 353 354 355 @Override 356 public JSONObject getClaimsData() { 357 return claimsData; 358 } 359 360 361 /** 362 * Sets the optional data for the token. 363 * 364 * @param data The optional data, represented as a JSON object, 365 * {@code null} if not specified. 366 * 367 * @return This object. 368 */ 369 public MutableAccessTokenAuthorization withData(final JSONObject data) { 370 this.data = data; 371 return this; 372 } 373 374 375 @Override 376 public JSONObject getData() { 377 return data; 378 } 379 380 381 /** 382 * Sets the client X.509 certificate confirmation (SHA-256 thumbprint) 383 * for mutual TLS. 384 * 385 * @param cnfX5t The client X.509 certificate confirmation, 386 * {@code null} if not specified. 387 * 388 * @return This object. 389 */ 390 public MutableAccessTokenAuthorization withClientCertificateConfirmation(final X509CertificateConfirmation cnfX5t) { 391 this.cnfX5t = cnfX5t; 392 return this; 393 } 394 395 396 @Override 397 public X509CertificateConfirmation getClientCertificateConfirmation() { 398 return cnfX5t; 399 } 400 401 402 /** 403 * Sets the other top-level parameters. 404 * 405 * @param params Other top-level parameters, the values should map to 406 * JSON entities, {@code null} if none. 407 * 408 * @return This object. 409 */ 410 public MutableAccessTokenAuthorization withOtherTopLevelParameters(final Map<String, Object> params) { 411 otherTopLevelParams = params; 412 return this; 413 } 414 415 416 @Override 417 public Map<String, Object> getOtherTopLevelParameters() { 418 return otherTopLevelParams; 419 } 420 421 422 @Override 423 public String toString() { 424 return new StringJoiner(", ", MutableAccessTokenAuthorization.class.getSimpleName() + "[", "]") 425 .add("sub=" + sub) 426 .add("act=" + act) 427 .add("clientID=" + clientID) 428 .add("scope=" + scope) 429 .add("exp=" + exp) 430 .add("iat=" + iat) 431 .add("iss=" + iss) 432 .add("audList=" + audList) 433 .add("jti=" + jti) 434 .add("claimNames=" + claimNames) 435 .add("claimsLocales=" + claimsLocales) 436 .add("presetClaims=" + presetClaims) 437 .add("claimsData=" + claimsData) 438 .add("data=" + data) 439 .add("cnfX5t=" + cnfX5t) 440 .add("otherTopLevelParams=" + otherTopLevelParams) 441 .toString(); 442 } 443}