001/* 002 * oauth2-oidc-sdk 003 * 004 * Copyright 2012-2020, Connect2id Ltd and contributors. 005 * 006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 007 * this file except in compliance with the License. You may obtain a copy of the 008 * License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software distributed 013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the 015 * specific language governing permissions and limitations under the License. 016 */ 017 018package com.nimbusds.openid.connect.sdk.federation.api; 019 020 021import java.net.URI; 022import java.util.*; 023 024import net.jcip.annotations.Immutable; 025 026import com.nimbusds.jwt.SignedJWT; 027import com.nimbusds.jwt.util.DateUtils; 028import com.nimbusds.oauth2.sdk.ParseException; 029import com.nimbusds.oauth2.sdk.http.HTTPRequest; 030import com.nimbusds.oauth2.sdk.id.Identifier; 031import com.nimbusds.oauth2.sdk.id.Subject; 032import com.nimbusds.oauth2.sdk.util.MultivaluedMapUtils; 033import com.nimbusds.oauth2.sdk.util.StringUtils; 034import com.nimbusds.openid.connect.sdk.federation.entities.EntityID; 035 036 037/** 038 * Trust mark status request. 039 * 040 * <p>Related specifications: 041 * 042 * <ul> 043 * <li>OpenID Connect Federation 1.0, section 7.4.1. 044 * </ul> 045 */ 046@Immutable 047public class TrustMarkStatusRequest extends FederationAPIRequest { 048 049 050 /** 051 * The trust mark subject. 052 */ 053 private final Subject subject; 054 055 056 /** 057 * The trust mark identifier. 058 */ 059 private final Identifier id; 060 061 062 /** 063 * The trust mark issue time. 064 */ 065 private final Date iat; 066 067 068 /** 069 * The trust mark. 070 */ 071 private final SignedJWT trustMark; 072 073 074 /** 075 * Creates a new trust mark status request. 076 * 077 * @param endpoint The trust mark status endpoint. Must not be 078 * {@code null}. 079 * @param subject The subject. Must not be {@code null}. 080 * @param id The trust mark identifier. Must not be {@code null}. 081 * @param iat The trust mark issue time, {@code null} if not 082 * specified. 083 */ 084 public TrustMarkStatusRequest(final URI endpoint, 085 final Subject subject, 086 final Identifier id, 087 final Date iat) { 088 089 super(endpoint); 090 091 if (subject == null) { 092 throw new IllegalArgumentException("The subject must not be null"); 093 } 094 this.subject = subject; 095 096 if (id == null) { 097 throw new IllegalArgumentException("The ID must not be null"); 098 } 099 this.id = id; 100 101 this.iat = iat; 102 103 trustMark = null; 104 } 105 106 107 /** 108 * Creates a new trust mark status request. 109 * 110 * @param endpoint The trust mark status endpoint. Must not be 111 * {@code null}. 112 * @param trustMark The trust mark. Must not be {@code null}. 113 */ 114 public TrustMarkStatusRequest(final URI endpoint, 115 final SignedJWT trustMark) { 116 super(endpoint); 117 118 if (trustMark == null) { 119 throw new IllegalArgumentException("The trust mark must not be null"); 120 } 121 this.trustMark = trustMark; 122 123 subject = null; 124 id = null; 125 iat = null; 126 } 127 128 129 /** 130 * Returns the trust mark subject. 131 * 132 * @return The trust mark subject, {@code null} if not specified. 133 */ 134 public Subject getSubject() { 135 return subject; 136 } 137 138 139 /** 140 * Returns the trust mark subject entity ID. 141 * 142 * @return The trust mark subject entity ID, {@code null} if not 143 * specified. 144 */ 145 public EntityID getSubjectEntityID() { 146 return subject != null ? new EntityID(subject) : null; 147 } 148 149 150 /** 151 * Returns the trust mark ID. 152 * 153 * @return The trust mark ID, {@code null} if not specified. 154 */ 155 public Identifier getID() { 156 return id; 157 } 158 159 160 /** 161 * Returns the trust mark issue time. 162 * 163 * @return The trust mark issue time, {@code null} if not specified. 164 */ 165 public Date getIssueTime() { 166 return iat; 167 } 168 169 170 /** 171 * Returns the trust mark. 172 * 173 * @return The trust mark, {@code null} if not specified. 174 */ 175 public SignedJWT getTrustMark() { 176 return trustMark; 177 } 178 179 180 @Override 181 public Map<String, List<String>> toParameters() { 182 Map<String, List<String>> params = new LinkedHashMap<>(); 183 if (getSubject() != null) { 184 params.put("sub", Collections.singletonList(getSubject().getValue())); 185 } 186 if (getID() != null) { 187 params.put("id", Collections.singletonList(getID().getValue())); 188 } 189 if (getIssueTime() != null) { 190 params.put("iat", Collections.singletonList(DateUtils.toSecondsSinceEpoch(getIssueTime()) + "")); 191 } 192 if (getTrustMark() != null) { 193 params.put("trust_mark", Collections.singletonList(getTrustMark().serialize())); 194 } 195 return params; 196 } 197 198 199 /** 200 * Parses a trust mark status request from the specified query string 201 * parameters. 202 * 203 * @param params The query string parameters. Must not be {@code null}. 204 * 205 * @return The trust mark status request. 206 * 207 * @throws ParseException If parsing failed. 208 */ 209 public static TrustMarkStatusRequest parse(final Map<String, List<String>> params) 210 throws ParseException { 211 212 Subject subject = null; 213 String value = MultivaluedMapUtils.getFirstValue(params, "sub"); 214 if (StringUtils.isNotBlank(value)) { 215 subject = new Subject(value); 216 } 217 218 Identifier id = null; 219 value = MultivaluedMapUtils.getFirstValue(params, "id"); 220 if (StringUtils.isNotBlank(value)) { 221 id = new Identifier(value); 222 } 223 224 Date iat = null; 225 value = MultivaluedMapUtils.getFirstValue(params, "iat"); 226 if (StringUtils.isNotBlank(value)) { 227 try { 228 iat = DateUtils.fromSecondsSinceEpoch(Long.parseLong(value)); 229 } catch (NumberFormatException e) { 230 throw new ParseException("Illegal iat"); 231 } 232 } 233 234 SignedJWT trustMark = null; 235 value = MultivaluedMapUtils.getFirstValue(params, "trust_mark"); 236 if (StringUtils.isNotBlank(value)) { 237 try { 238 trustMark = SignedJWT.parse(value); 239 } catch (java.text.ParseException e) { 240 throw new ParseException("Invalid trust mark: " + e.getMessage(), e); 241 } 242 } 243 244 if (trustMark != null) { 245 return new TrustMarkStatusRequest(null, trustMark); 246 } 247 248 try { 249 return new TrustMarkStatusRequest(null, subject, id, iat); 250 } catch (IllegalArgumentException e) { 251 throw new ParseException("Invalid request: " + e.getMessage()); 252 } 253 } 254 255 256 /** 257 * Parses a trust mark status request from the specified HTTP request. 258 * 259 * @param httpRequest The HTTP request. Must not be {@code null}. 260 * 261 * @return The trust negotiation request. 262 * 263 * @throws ParseException If parsing failed. 264 */ 265 public static TrustMarkStatusRequest parse(final HTTPRequest httpRequest) 266 throws ParseException { 267 268 httpRequest.ensureMethod(HTTPRequest.Method.GET); 269 270 TrustMarkStatusRequest request = TrustMarkStatusRequest.parse(httpRequest.getQueryParameters()); 271 272 if (request.getTrustMark() != null) { 273 return new TrustMarkStatusRequest( 274 httpRequest.getURI(), 275 request.trustMark 276 ); 277 } else { 278 return new TrustMarkStatusRequest( 279 httpRequest.getURI(), 280 request.getSubject(), 281 request.getID(), 282 request.getIssueTime() 283 ); 284 } 285 } 286}