Source code

001package com.nimbusds.openid.connect.sdk.claims;
002
003
004import net.jcip.annotations.Immutable;
005
006import com.nimbusds.jose.JWSAlgorithm;
007
008import com.nimbusds.oauth2.sdk.AuthorizationCode;
009import com.nimbusds.oauth2.sdk.ResponseType;
010
011
012/**
013 * Authorisation code hash ({@code c_hash}).
014 *
015 * <p>Related specifications:
016 *
017 * <ul>
018 *     <li>OpenID Connect Core 1.0, section 3.3.2.11.
019 * </ul>
020 */
021@Immutable
022public final class CodeHash extends HashClaim {
023
024
025        /**
026         * Checks if an authorisation code hash claim must be included in ID
027         * tokens for the specified response type.
028         *
029         * @param responseType The he OpenID Connect response type. Must not be
030         *                     {@code null}.
031         *
032         * @return {@code true} if the code hash is required, else
033         *         {@code false}.
034         */
035        public static boolean isRequiredInIDTokenClaims(final ResponseType responseType) {
036
037                // Only required in hybrid flow for 'code id_token' and 'code id_token token'
038                // Disregard authz / token endpoint!
039                return new ResponseType("code", "id_token").equals(responseType) ||
040                        new ResponseType("code", "id_token", "token").equals(responseType);
041
042        }
043
044
045        /**
046         * Creates a new authorisation code hash with the specified value.
047         *
048         * @param value The authorisation code hash value. Must not be 
049         *              {@code null}.
050         */
051        public CodeHash(final String value) {
052        
053                super(value);
054        }
055
056
057        /**
058         * Computes the hash for the specified authorisation code and reference
059         * JSON Web Signature (JWS) algorithm.
060         *
061         * @param code The authorisation code. Must not be {@code null}.
062         * @param alg  The reference JWS algorithm. Must not be {@code null}.
063         *
064         * @return The authorisation code hash, or {@code null} if the JWS
065         *         algorithm is not supported.
066         */
067        public static CodeHash compute(final AuthorizationCode code, final JWSAlgorithm alg) {
068
069                String value = computeValue(code, alg);
070
071                if (value == null)
072                        return null;
073
074                return new CodeHash(value);
075        }
076
077
078        @Override
079        public boolean equals(final Object object) {
080        
081                return object instanceof CodeHash &&
082                       this.toString().equals(object.toString());
083        }
084}