001/*
002 * oauth2-oidc-sdk
003 *
004 * Copyright 2012-2016, Connect2id Ltd and contributors.
005 *
006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use
007 * this file except in compliance with the License. You may obtain a copy of the
008 * License at
009 *
010 *    http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software distributed
013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the
015 * specific language governing permissions and limitations under the License.
016 */
017
018package com.nimbusds.openid.connect.sdk.claims;
019
020
021import net.jcip.annotations.Immutable;
022
023import com.nimbusds.jose.JWSAlgorithm;
024
025import com.nimbusds.oauth2.sdk.AuthorizationCode;
026import com.nimbusds.oauth2.sdk.ResponseType;
027
028
029/**
030 * Authorisation code hash ({@code c_hash}).
031 *
032 * <p>Related specifications:
033 *
034 * <ul>
035 *     <li>OpenID Connect Core 1.0, section 3.3.2.11.
036 * </ul>
037 */
038@Immutable
039public final class CodeHash extends HashClaim {
040
041
042        /**
043         * Checks if an authorisation code hash claim must be included in ID
044         * tokens for the specified response type.
045         *
046         * @param responseType The he OpenID Connect response type. Must not be
047         *                     {@code null}.
048         *
049         * @return {@code true} if the code hash is required, else
050         *         {@code false}.
051         */
052        public static boolean isRequiredInIDTokenClaims(final ResponseType responseType) {
053
054                // Only required in hybrid flow for 'code id_token' and 'code id_token token'
055                // Disregard authz / token endpoint!
056                return new ResponseType("code", "id_token").equals(responseType) ||
057                        new ResponseType("code", "id_token", "token").equals(responseType);
058
059        }
060
061
062        /**
063         * Creates a new authorisation code hash with the specified value.
064         *
065         * @param value The authorisation code hash value. Must not be 
066         *              {@code null}.
067         */
068        public CodeHash(final String value) {
069        
070                super(value);
071        }
072
073
074        /**
075         * Computes the hash for the specified authorisation code and reference
076         * JSON Web Signature (JWS) algorithm.
077         *
078         * @param code The authorisation code. Must not be {@code null}.
079         * @param alg  The reference JWS algorithm. Must not be {@code null}.
080         *
081         * @return The authorisation code hash, or {@code null} if the JWS
082         *         algorithm is not supported.
083         */
084        public static CodeHash compute(final AuthorizationCode code, final JWSAlgorithm alg) {
085
086                String value = computeValue(code, alg);
087
088                if (value == null)
089                        return null;
090
091                return new CodeHash(value);
092        }
093
094
095        @Override
096        public boolean equals(final Object object) {
097        
098                return object instanceof CodeHash &&
099                       this.toString().equals(object.toString());
100        }
101}