001package com.nimbusds.openid.connect.sdk.op; 002 003 004import java.util.ArrayList; 005import java.util.List; 006 007import net.jcip.annotations.Immutable; 008 009import com.nimbusds.openid.connect.sdk.ClaimsRequest; 010import com.nimbusds.openid.connect.sdk.OIDCAuthorizationRequest; 011import com.nimbusds.openid.connect.sdk.claims.ACR; 012import com.nimbusds.openid.connect.sdk.claims.ClaimRequirement; 013 014 015/** 016 * Resolved authentication Context Class Reference (ACR) request. 017 * 018 * @author Vladimir Dzhuvinov 019 */ 020@Immutable 021public final class ACRRequest { 022 023 024 /** 025 * The essential ACR values. 026 */ 027 private final List<ACR> essentialACRs; 028 029 030 /** 031 * The voluntary ACR values. 032 */ 033 private final List<ACR> voluntaryACRs; 034 035 036 /** 037 * Creates a new Authentication Context Class Reference (ACR) request. 038 * 039 * @param essentialACRs The requested essential ACR values, by order of 040 * preference, {@code null} if not specified. 041 * @param voluntaryACRs The requested voluntary ACR values, by order of 042 * preference, {@code null} if not specified. 043 */ 044 public ACRRequest(final List<ACR> essentialACRs, final List<ACR> voluntaryACRs) { 045 046 this.essentialACRs = essentialACRs; 047 this.voluntaryACRs = voluntaryACRs; 048 } 049 050 051 /** 052 * Gets the requested essential ACR values. 053 * 054 * @return The essential ACR values, by order of preference, 055 * {@code null} if not specified. 056 */ 057 public List<ACR> getEssentialACRs() { 058 059 return essentialACRs; 060 } 061 062 063 /** 064 * Gets the requested voluntary ACR values. 065 * 066 * @return The voluntary ACR values, by order of preference, 067 * {@code null} if not specified. 068 */ 069 public List<ACR> getVoluntaryACRs() { 070 071 return voluntaryACRs; 072 } 073 074 075 /** 076 * Checks if this authentication Context Class Reference (ACR) request 077 * has not essential or voluntary values specified. 078 * 079 * @return {@code true} if this ACR request doesn't specify any 080 * essential or voluntary values, else {@code false}. 081 */ 082 public boolean noValuesSpecified() { 083 084 if (essentialACRs != null && ! essentialACRs.isEmpty()) 085 return false; 086 087 if (voluntaryACRs != null && ! voluntaryACRs.isEmpty()) 088 return false; 089 090 return true; 091 } 092 093 094 095 /** 096 * Resolves the requested essential and voluntary ACR values from the 097 * specified OpenID Connect authorisation request. 098 * 099 * @param authzRequest The OpenID Connect authorisation request. Should 100 * be resolved. Must not be {@code null}. 101 * 102 * @return The resolved ACR request. 103 */ 104 public static ACRRequest resolve(final OIDCAuthorizationRequest authzRequest) { 105 106 List<ACR> essentialACRs = null; 107 List<ACR> voluntaryACRs = null; 108 109 ClaimsRequest claimsRequest = authzRequest.getClaims(); 110 111 if (claimsRequest != null) { 112 113 for (ClaimsRequest.Entry claimEntry: claimsRequest.getIDTokenClaims()) { 114 115 if (! claimEntry.getClaimName().equals("acr")) 116 continue; 117 118 if (claimEntry.getClaimRequirement().equals(ClaimRequirement.ESSENTIAL)) { 119 120 essentialACRs = new ArrayList<ACR>(); 121 122 if (claimEntry.getValue() != null) 123 essentialACRs.add(new ACR(claimEntry.getValue())); 124 125 if (claimEntry.getValues() != null) { 126 127 for (String v: claimEntry.getValues()) 128 essentialACRs.add(new ACR(v)); 129 } 130 131 } else { 132 voluntaryACRs = new ArrayList<ACR>(); 133 134 if (claimEntry.getValue() != null) 135 voluntaryACRs.add(new ACR(claimEntry.getValue())); 136 137 if (claimEntry.getValues() != null) { 138 139 for (String v: claimEntry.getValues()) 140 voluntaryACRs.add(new ACR(v)); 141 } 142 } 143 } 144 } 145 146 147 List<ACR> topLevelACRs = authzRequest.getACRValues(); 148 149 if (topLevelACRs != null) { 150 151 if (voluntaryACRs == null) 152 voluntaryACRs = new ArrayList<ACR>(); 153 154 voluntaryACRs.addAll(topLevelACRs); 155 } 156 157 return new ACRRequest(essentialACRs, voluntaryACRs); 158 } 159}