001/* 002 * oauth2-oidc-sdk 003 * 004 * Copyright 2012-2016, Connect2id Ltd and contributors. 005 * 006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 007 * this file except in compliance with the License. You may obtain a copy of the 008 * License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software distributed 013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the 015 * specific language governing permissions and limitations under the License. 016 */ 017 018package com.nimbusds.openid.connect.sdk.federation.trust.marks; 019 020 021import java.net.URI; 022import java.util.Date; 023 024import com.nimbusds.jwt.JWTClaimsSet; 025import com.nimbusds.oauth2.sdk.ParseException; 026import com.nimbusds.oauth2.sdk.id.Identifier; 027import com.nimbusds.oauth2.sdk.id.Issuer; 028import com.nimbusds.oauth2.sdk.id.Subject; 029import com.nimbusds.openid.connect.sdk.claims.CommonClaimsSet; 030 031 032/** 033 * Federation trust mark claims set, serialisable to a JSON object. 034 * 035 * <p>Example claims set: 036 * 037 * <pre> 038 * { 039 * "iss" : "https://swamid.sunet.se", 040 * "sub" : "https://umu.se/op", 041 * "iat" : 1577833200, 042 * "exp" : 1609369200, 043 * "id" : "https://refeds.org/wp-content/uploads/2016/01/Sirtfi-1.0.pdf" 044 * } 045 * </pre> 046 * 047 * <p>Related specifications: 048 * 049 * <ul> 050 * <li>OpenID Connect Federation 1.0, section 4.3. 051 * </ul> 052 */ 053public class TrustMarkClaimsSet extends CommonClaimsSet { 054 055 056 /** 057 * The identifier claim name. 058 */ 059 public static final String ID_CLAIM_NAME = "id"; 060 061 062 /** 063 * The mark claim name. 064 */ 065 public static final String MARK_CLAIM_NAME = "mark"; 066 067 068 /** 069 * The expiration time claim name. 070 */ 071 public static final String EXP_CLAIM_NAME = "exp"; 072 073 074 /** 075 * The reference claim name. 076 */ 077 public static final String REF_CLAIM_NAME = "ref"; 078 079 080 /** 081 * Creates a new trust mark claims set with the minimum required 082 * claims. 083 * 084 * @param iss The issuer. Corresponds to the {@code iss} claim. Must 085 * not be {@code null}. 086 * @param sub The subject. Corresponds to the {@code sub} claim. Must 087 * not be {@code null}. 088 * @param id The identifier. Corresponds to the {@code id} claim. 089 * Must not be {@code null}. 090 * @param iat The issue time. Corresponds to the {@code iat} claim. 091 * Must not be {@code null}. 092 */ 093 public TrustMarkClaimsSet(final Issuer iss, 094 final Subject sub, 095 final Identifier id, 096 final Date iat) { 097 098 setClaim(ISS_CLAIM_NAME, iss.getValue()); 099 setClaim(SUB_CLAIM_NAME, sub.getValue()); 100 setClaim(ID_CLAIM_NAME, id.getValue()); 101 setDateClaim(IAT_CLAIM_NAME, iat); 102 } 103 104 105 /** 106 * Creates a new trust mark claims set from the specified JWT claims 107 * set. 108 * 109 * @param jwtClaimsSet The JWT claims set. Must not be {@code null}. 110 * 111 * @throws ParseException If the JWT claims set doesn't represent a 112 * valid trust mark claims set. 113 */ 114 public TrustMarkClaimsSet(final JWTClaimsSet jwtClaimsSet) 115 throws ParseException { 116 117 super(jwtClaimsSet.toJSONObject()); 118 119 validateRequiredClaimsPresence(); 120 } 121 122 123 /** 124 * Validates this claims set for having all minimum required claims for 125 * a trust mark. 126 * 127 * @throws ParseException If the validation failed and a required claim 128 * is missing. 129 */ 130 public void validateRequiredClaimsPresence() 131 throws ParseException { 132 133 if (getIssuer() == null) { 134 throw new ParseException("Missing iss (issuer) claim"); 135 } 136 137 if (getSubject() == null) { 138 throw new ParseException("Missing sub (subject) claim"); 139 } 140 141 if (getID() == null) { 142 throw new ParseException("Missing id (identifier) claim"); 143 } 144 145 if (getIssueTime() == null) { 146 throw new ParseException("Missing iat (issued-at) claim"); 147 } 148 } 149 150 151 /** 152 * Returns the identifier. Corresponds to the {@code id} claim. 153 * 154 * @return The identifier. 155 */ 156 public Identifier getID() { 157 158 return new Identifier(getStringClaim(ID_CLAIM_NAME)); 159 } 160 161 162 /** 163 * Gets the mark URI. Corresponds to the {@code mark} claim. 164 * 165 * @return The mark URI, {@code null} if not specified or parsing 166 * failed. 167 */ 168 public URI getMark() { 169 170 return getURIClaim(MARK_CLAIM_NAME); 171 } 172 173 174 /** 175 * Sets the mark URI. Corresponds to the {@code mark} claim. 176 * 177 * @param markURI The mark URI, {@code null} if not specified. 178 */ 179 public void setMark(final URI markURI) { 180 181 setURIClaim(MARK_CLAIM_NAME, markURI); 182 } 183 184 185 /** 186 * Gets the expiration time. Corresponds to the {@code exp} claim. 187 * 188 * @return The expiration time, {@code null} if not specified or 189 * parsing failed. 190 */ 191 public Date getExpirationTime() { 192 193 return getDateClaim(EXP_CLAIM_NAME); 194 } 195 196 197 /** 198 * Sets the expiration time. Corresponds to the {@code exp} claim. 199 * 200 * @param exp The expiration time, {@code null} if not specified. 201 */ 202 public void setExpirationTime(final Date exp) { 203 204 setDateClaim(EXP_CLAIM_NAME, exp); 205 } 206 207 208 /** 209 * Gets the reference URI. Corresponds to the {@code ref} claim. 210 * 211 * @return The reference URI, {@code null} if not specified or parsing 212 * failed. 213 */ 214 public URI getReference() { 215 216 return getURIClaim(REF_CLAIM_NAME); 217 } 218 219 220 /** 221 * Sets the reference URI. Corresponds to the {@code ref} claim. 222 * 223 * @param refURI The reference URI, {@code null} if not specified. 224 */ 225 public void setReference(final URI refURI) { 226 227 setURIClaim(REF_CLAIM_NAME, refURI); 228 } 229}