com.nimbusds.oauth2.sdk.auth

Class TLSClientAuthentication

java.lang.Object

com.nimbusds.oauth2.sdk.auth.ClientAuthentication

com.nimbusds.oauth2.sdk.auth.TLSClientAuthentication

@Immutable
public class TLSClientAuthentication
extends ClientAuthentication

Client TLS / X.509 certificate authentication at the Token endpoint. Implements ClientAuthenticationMethod.TLS_CLIENT_AUTH.

Related specifications:

• Mutual TLS Profile for OAuth 2.0 (draft-ietf-oauth-mtls-02), section 2.

Constructor Summary

Constructors

Constructor and Description
TLSClientAuthentication(ClientID clientID, SSLSocketFactory sslSocketFactory) Creates a new TLS / X.509 certificate client authentication.
TLSClientAuthentication(ClientID clientID, X509Certificate x509Certificate) Creates a new TLS / X.509 certificate client authentication.

Method Summary

Modifier and Type	Method and Description
void	applyTo(HTTPRequest httpRequest) Applies the authentication to the specified HTTP request by setting its Authorization header and/or POST entity-body parameters (according to the implemented client authentication method).
X509Certificate	getClientX509Certificate() Returns the validated client X.509 certificate from the received HTTPS request.
SSLSocketFactory	getSSLSocketFactory() Returns the SSL socket factory to use for the outgoing HTTPS request and to present the client certificate(s).
static TLSClientAuthentication	parse(HTTPRequest httpRequest) Parses a client TLS / X.509 certificate authentication from the specified HTTP request.

Methods inherited from class com.nimbusds.oauth2.sdk.auth.ClientAuthentication

getClientID, getMethod

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

TLSClientAuthentication

public TLSClientAuthentication(ClientID clientID,
                               SSLSocketFactory sslSocketFactory)

Creates a new TLS / X.509 certificate client authentication. This constructor is intended for an outgoing token request.

Parameters:

clientID - The client identifier. Must not be null.

sslSocketFactory - The SSL socket factory to use for the outgoing HTTPS request and to present the client certificate(s), null to use the default one.

TLSClientAuthentication

public TLSClientAuthentication(ClientID clientID,
                               X509Certificate x509Certificate)

Creates a new TLS / X.509 certificate client authentication. This constructor is intended for a received token request.

Parameters:

clientID - The client identifier. Must not be null.

x509Certificate - The validated client X.509 certificate from the received HTTPS request. Must not be null.

Method Detail

getSSLSocketFactory

public SSLSocketFactory getSSLSocketFactory()

Returns the SSL socket factory to use for the outgoing HTTPS request and to present the client certificate(s).

Returns:

The SSL socket factory, null to use the default one.

getClientX509Certificate

public X509Certificate getClientX509Certificate()

Returns the validated client X.509 certificate from the received HTTPS request.

Returns:

The client X.509 certificate, null for an outgoing HTTPS request.

applyTo

public void applyTo(HTTPRequest httpRequest)

Description copied from class: ClientAuthentication

Applies the authentication to the specified HTTP request by setting its Authorization header and/or POST entity-body parameters (according to the implemented client authentication method).

Specified by:

applyTo in class ClientAuthentication

Parameters:

httpRequest - The HTTP request. Must not be null.

parse

public static TLSClientAuthentication parse(HTTPRequest httpRequest)
                                     throws ParseException

Parses a client TLS / X.509 certificate authentication from the specified HTTP request.

Parameters:

httpRequest - The HTTP request to parse. Must not be null and must include a validated client X.509 certificate.

Returns:

The client TLS / X.509 certificate authentication.

Throws:

ParseException - If the client_id or client X.509 certificate is missing.