Source code

001/*
002 * oauth2-oidc-sdk
003 *
004 * Copyright 2012-2016, Connect2id Ltd and contributors.
005 *
006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use
007 * this file except in compliance with the License. You may obtain a copy of the
008 * License at
009 *
010 *    http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software distributed
013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the
015 * specific language governing permissions and limitations under the License.
016 */
017
018package com.nimbusds.oauth2.sdk.assertions;
019
020
021import com.nimbusds.oauth2.sdk.id.Audience;
022import com.nimbusds.oauth2.sdk.id.Identifier;
023import com.nimbusds.oauth2.sdk.id.Issuer;
024import com.nimbusds.oauth2.sdk.id.Subject;
025import com.nimbusds.oauth2.sdk.util.CollectionUtils;
026
027import java.util.Date;
028import java.util.List;
029import java.util.Objects;
030
031
032/**
033 * Common assertion details used in JWT bearer assertions and SAML 2.0 bearer
034 * assertions.
035 *
036 * <p>Related specifications:
037 *
038 * <ul>
039 *     <li>Assertion Framework for OAuth 2.0 Client Authentication and
040 *         Authorization Grants (RFC 7521)
041 * </ul>
042 */
043public abstract class AssertionDetails {
044        
045
046        /**
047         * The issuer (required).
048         */
049        private final Issuer issuer;
050
051
052        /**
053         * The subject (required).
054         */
055        private final Subject subject;
056
057
058        /**
059         * The audience that this assertion is intended for (required).
060         */
061        private final List<Audience> audience;
062
063
064        /**
065         * The time at which this assertion was issued (optional).
066         */
067        private final Date iat;
068
069
070        /**
071         * The expiration time that limits the time window during which the
072         * assertion can be used (required).
073         */
074        private final Date exp;
075
076
077        /**
078         * Unique identifier for the assertion (optional). The identifier may
079         * be used by implementations requiring message de-duplication for
080         * one-time use assertions.
081         */
082        private final Identifier id;
083
084
085        /**
086         * Creates a new assertion details instance.
087         *
088         * @param issuer   The issuer. Must not be {@code null}.
089         * @param subject  The subject. Must not be {@code null}.
090         * @param audience The audience, typically including the URI of the
091         *                 authorisation server's token endpoint. Must not be
092         *                 {@code null}.
093         * @param exp      The expiration time. Must not be {@code null}.
094         * @param iat      The time at which the assertion was issued,
095         *                 {@code null} if not specified.
096         * @param id       Unique identifier for the assertion, {@code null} if
097         *                 not specified.
098         */
099        public AssertionDetails(final Issuer issuer,
100                                final Subject subject,
101                                final List<Audience> audience,
102                                final Date iat,
103                                final Date exp,
104                                final Identifier id) {
105
106                this.issuer = Objects.requireNonNull(issuer);
107                this.subject = Objects.requireNonNull(subject);
108
109                if (CollectionUtils.isEmpty(audience))
110                        throw new IllegalArgumentException("The audience must not be null or empty");
111                this.audience = audience;
112
113                this.exp = Objects.requireNonNull(exp);
114                this.iat = iat;
115                this.id = id;
116        }
117        
118        
119        /**
120         * Returns the issuer.
121         *
122         * @return The issuer.
123         */
124        public Issuer getIssuer() {
125                
126                return issuer;
127        }
128        
129        
130        /**
131         * Returns the subject.
132         *
133         * @return The subject.
134         */
135        public Subject getSubject() {
136                
137                return subject;
138        }
139        
140        
141        /**
142         * Returns the audience.
143         *
144         * @return The audience, typically a singleton list with the
145         *         authorisation server issuer URI.
146         */
147        public List<Audience> getAudience() {
148                
149                return audience;
150        }
151        
152        
153        /**
154         * Returns the expiration time.
155         *
156         * @return The expiration time.
157         */
158        public Date getExpirationTime() {
159                
160                return exp;
161        }
162        
163        
164        /**
165         * Returns the optional issue time.
166         *
167         * @return The issue time, {@code null} if not specified.
168         */
169        public Date getIssueTime() {
170                
171                return iat;
172        }
173        
174        
175        /**
176         * Returns the optional assertion identifier.
177         *
178         * @return The identifier, {@code null} if not specified.
179         */
180        public Identifier getID() {
181                
182                return id;
183        }
184}