001/* 002 * oauth2-oidc-sdk 003 * 004 * Copyright 2012-2016, Connect2id Ltd and contributors. 005 * 006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 007 * this file except in compliance with the License. You may obtain a copy of the 008 * License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software distributed 013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the 015 * specific language governing permissions and limitations under the License. 016 */ 017 018package com.nimbusds.openid.connect.sdk.claims; 019 020 021import net.jcip.annotations.Immutable; 022 023import com.nimbusds.jose.JWSAlgorithm; 024 025import com.nimbusds.oauth2.sdk.AuthorizationCode; 026import com.nimbusds.oauth2.sdk.ResponseType; 027 028 029/** 030 * Authorisation code hash ({@code c_hash}). 031 * 032 * <p>Related specifications: 033 * 034 * <ul> 035 * <li>OpenID Connect Core 1.0, section 3.3.2.11. 036 * </ul> 037 */ 038@Immutable 039public final class CodeHash extends HashClaim { 040 041 042 /** 043 * Checks if an authorisation code hash claim must be included in ID 044 * tokens for the specified response type. 045 * 046 * @param responseType The he OpenID Connect response type. Must not be 047 * {@code null}. 048 * 049 * @return {@code true} if the code hash is required, else 050 * {@code false}. 051 */ 052 public static boolean isRequiredInIDTokenClaims(final ResponseType responseType) { 053 054 // Only required in hybrid flow for 'code id_token' and 'code id_token token' 055 // Disregard authz / token endpoint! 056 return new ResponseType("code", "id_token").equals(responseType) || 057 new ResponseType("code", "id_token", "token").equals(responseType); 058 059 } 060 061 062 /** 063 * Creates a new authorisation code hash with the specified value. 064 * 065 * @param value The authorisation code hash value. Must not be 066 * {@code null}. 067 */ 068 public CodeHash(final String value) { 069 070 super(value); 071 } 072 073 074 /** 075 * Computes the hash for the specified authorisation code and reference 076 * JSON Web Signature (JWS) algorithm. 077 * 078 * @param code The authorisation code. Must not be {@code null}. 079 * @param alg The reference JWS algorithm. Must not be {@code null}. 080 * 081 * @return The authorisation code hash, or {@code null} if the JWS 082 * algorithm is not supported. 083 */ 084 public static CodeHash compute(final AuthorizationCode code, final JWSAlgorithm alg) { 085 086 String value = computeValue(code, alg); 087 088 if (value == null) 089 return null; 090 091 return new CodeHash(value); 092 } 093 094 095 @Override 096 public boolean equals(final Object object) { 097 098 return object instanceof CodeHash && 099 this.toString().equals(object.toString()); 100 } 101}