Class TrustChain
- java.lang.Object
-
- com.nimbusds.openid.connect.sdk.federation.trust.TrustChain
-
@Immutable public final class TrustChain extends Object
Federation entity trust chain.Related specifications:
- OpenID Connect Federation 1.0, sections 2.2 and 7.
-
-
Constructor Summary
Constructors Constructor Description TrustChain(EntityStatement leaf, List<EntityStatement> superiors)
Creates a new federation entity trust chain.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description EntityStatement
getLeafSelfStatement()
Returns the leaf entity self-statement.List<EntityStatement>
getSuperiorStatements()
Returns the superior entity statements.EntityID
getTrustAnchorEntityID()
Returns the entity ID of the trust anchor.Iterator<EntityStatement>
iteratorFromLeaf()
Return an iterator starting from the leaf entity statement.int
length()
Returns the length of this trust chain.MetadataPolicy
resolveCombinedMetadataPolicy()
Resolves the combined metadata policy for this trust chain.MetadataPolicy
resolveCombinedMetadataPolicy(PolicyOperationCombinationValidator combinationValidator)
Resolves the combined metadata policy for this trust chain.Date
resolveExpirationTime()
Resolves the expiration time for this trust chain.void
verifySignatures(com.nimbusds.jose.jwk.JWKSet trustAnchorJWKSet)
Verifies the signatures in this trust chain.
-
-
-
Constructor Detail
-
TrustChain
public TrustChain(EntityStatement leaf, List<EntityStatement> superiors)
Creates a new federation entity trust chain. Validates the subject - issuer chain, the signatures are not verified.- Parameters:
leaf
- The leaf entity self-statement. Must not benull
.superiors
- The superior entity statements, starting with a statement of the first superior about the leaf, ending with the statement of the trust anchor about the last intermediate or the leaf (for a minimal trust chain). Must contain at least one entity statement.- Throws:
IllegalArgumentException
- If the subject - issuer chain is broken.
-
-
Method Detail
-
getLeafSelfStatement
public EntityStatement getLeafSelfStatement()
Returns the leaf entity self-statement.- Returns:
- The leaf entity self-statement.
-
getSuperiorStatements
public List<EntityStatement> getSuperiorStatements()
Returns the superior entity statements.- Returns:
- The superior entity statements, starting with a statement of the first superior about the leaf, ending with the statement of the trust anchor about the last intermediate or the leaf (for a minimal trust chain).
-
getTrustAnchorEntityID
public EntityID getTrustAnchorEntityID()
Returns the entity ID of the trust anchor.- Returns:
- The entity ID of the trust anchor.
-
length
public int length()
Returns the length of this trust chain. A minimal trust chain with a leaf and anchor has a length of one.- Returns:
- The trust chain length.
-
resolveCombinedMetadataPolicy
public MetadataPolicy resolveCombinedMetadataPolicy() throws ParseException, PolicyViolationException
Resolves the combined metadata policy for this trust chain. Uses thedefault policy combination validator
.- Returns:
- The combined metadata policy, with no policy operations if no policies were found.
- Throws:
ParseException
- On a policy parse exception.PolicyViolationException
- On a policy violation exception.
-
resolveCombinedMetadataPolicy
public MetadataPolicy resolveCombinedMetadataPolicy(PolicyOperationCombinationValidator combinationValidator) throws ParseException, PolicyViolationException
Resolves the combined metadata policy for this trust chain.- Parameters:
combinationValidator
- The policy operation combination validator. Must not benull
.- Returns:
- The combined metadata policy, with no policy operations if no policies were found.
- Throws:
ParseException
- On a policy parse exception.PolicyViolationException
- On a policy violation exception.
-
iteratorFromLeaf
public Iterator<EntityStatement> iteratorFromLeaf()
Return an iterator starting from the leaf entity statement.- Returns:
- The iterator.
-
resolveExpirationTime
public Date resolveExpirationTime()
Resolves the expiration time for this trust chain. Equals the nearest expiration when all entity statements in the trust chain are considered.- Returns:
- The expiration time for this trust chain.
-
verifySignatures
public void verifySignatures(com.nimbusds.jose.jwk.JWKSet trustAnchorJWKSet) throws com.nimbusds.jose.proc.BadJOSEException, com.nimbusds.jose.JOSEException
Verifies the signatures in this trust chain.- Parameters:
trustAnchorJWKSet
- The trust anchor JWK set. Must not benull
.- Throws:
com.nimbusds.jose.proc.BadJOSEException
- If a signature is invalid or a statement is expired or before the issue time.com.nimbusds.jose.JOSEException
- On a internal JOSE exception.
-
-