Package com.nimbusds.oauth2.sdk.auth.verifier

Interface PKIClientX509CertificateBindingVerifier<T>

public interface PKIClientX509CertificateBindingVerifier<T>

Client X.509 certificate binding verifier. Intended for verifying that a client X.509 certificate submitted during successful PKI mutual TLS authentication (in tls_client_auth) matches one of the the registered values for the client. These can be: tls_client_auth_subject_dn, tls_client_auth_san_dns, tls_client_auth_san_uri, tls_client_auth_san_ip or tls_client_auth_san_email.

Implementations must be tread-safe.

Method Summary

Modifier and Type	Method	Description
void	verifyCertificateBinding(ClientID clientID, X509Certificate certificate, Context<T> context)	Verifies that the specified X.509 certificate binds to the claimed client ID.

Method Detail

verifyCertificateBinding

void verifyCertificateBinding(ClientID clientID,
                              X509Certificate certificate,
                              Context<T> context)
                       throws InvalidClientException

Verifies that the specified X.509 certificate binds to the claimed client ID.

Parameters:

clientID - The claimed client ID. Not null.

certificate - The X.509 certificate. Not null.

context - Additional context. May be null.

Throws:

InvalidClientException - If client ID and certificate don't bind or are invalid.