Package com.nimbusds.openid.connect.sdk.federation.entities

Class EntityStatement

java.lang.Object

com.nimbusds.openid.connect.sdk.federation.entities.EntityStatement

@Immutable
public final class EntityStatement
extends Object

Federation entity statement.

Related specifications:

• OpenID Connect Federation 1.0, section 2.1.

Method Summary

Modifier and Type	Method	Description
EntityStatementClaimsSet	getClaimsSet()	Returns the statement claims.
EntityID	getEntityID()	Returns the entity ID.
com.nimbusds.jwt.SignedJWT	getSignedStatement()	Returns the signed statement.
boolean	isTrustAnchor()	Returns true if this entity statement is for a trust anchor.
static EntityStatement	parse(com.nimbusds.jwt.SignedJWT signedStmt)	Parses a federation entity statement.
static EntityStatement	parse(String signedStmtString)	Parses a federation entity statement.
static EntityStatement	sign(EntityStatementClaimsSet claimsSet, com.nimbusds.jose.jwk.JWK signingJWK)	Signs the specified federation entity claims set.
static EntityStatement	sign(EntityStatementClaimsSet claimsSet, com.nimbusds.jose.jwk.JWK signingJWK, com.nimbusds.jose.JWSAlgorithm jwsAlg)	Signs the specified federation entity claims set.
com.nimbusds.jose.util.Base64URL	verifySignature(com.nimbusds.jose.jwk.JWKSet jwkSet)	Verifies the signature and checks the statement issue and expiration times.
com.nimbusds.jose.util.Base64URL	verifySignatureOfSelfStatement()	Verifies the signature for a self-statement (typically for a trust anchor or leaf) and checks the statement issue and expiration times.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

getEntityID

public EntityID getEntityID()

Returns the entity ID.

Returns:

The entity ID.

getSignedStatement

public com.nimbusds.jwt.SignedJWT getSignedStatement()

Returns the signed statement.

Returns:

The signed statement as signed JWT.

getClaimsSet

public EntityStatementClaimsSet getClaimsSet()

Returns the statement claims.

Returns:

The statement claims.

isTrustAnchor

public boolean isTrustAnchor()

Returns true if this entity statement is for a trust anchor.

Returns:

true for a trust anchor, else false.

verifySignatureOfSelfStatement

public com.nimbusds.jose.util.Base64URL verifySignatureOfSelfStatement()
                                                                throws com.nimbusds.jose.proc.BadJOSEException,
                                                                       com.nimbusds.jose.JOSEException

Verifies the signature for a self-statement (typically for a trust anchor or leaf) and checks the statement issue and expiration times.

Returns:

The SHA-256 thumbprint of the key used to successfully verify the signature.

Throws:

com.nimbusds.jose.proc.BadJOSEException - If the signature is invalid or the statement is expired or before the issue time.

com.nimbusds.jose.JOSEException - On a internal JOSE exception.

verifySignature

public com.nimbusds.jose.util.Base64URL verifySignature(com.nimbusds.jose.jwk.JWKSet jwkSet)
                                                 throws com.nimbusds.jose.proc.BadJOSEException,
                                                        com.nimbusds.jose.JOSEException

Verifies the signature and checks the statement issue and expiration times.

Parameters:

jwkSet - The JWK set to use for the signature verification. Must not be null.

Returns:

The SHA-256 thumbprint of the key used to successfully verify the signature.

Throws:

com.nimbusds.jose.proc.BadJOSEException - If the signature is invalid or the statement is expired or before the issue time.

com.nimbusds.jose.JOSEException - On a internal JOSE exception.

sign

public static EntityStatement sign(EntityStatementClaimsSet claimsSet,
                                   com.nimbusds.jose.jwk.JWK signingJWK)
                            throws com.nimbusds.jose.JOSEException

Signs the specified federation entity claims set.

Parameters:

claimsSet - The claims set. Must not be null.

signingJWK - The private signing JWK. Must be contained in the entity JWK set and not null.

Returns:

The signed federation entity statement.

Throws:

com.nimbusds.jose.JOSEException - On a internal signing exception.

sign

public static EntityStatement sign(EntityStatementClaimsSet claimsSet,
                                   com.nimbusds.jose.jwk.JWK signingJWK,
                                   com.nimbusds.jose.JWSAlgorithm jwsAlg)
                            throws com.nimbusds.jose.JOSEException

Signs the specified federation entity claims set.

Parameters:

claimsSet - The claims set. Must not be null.

signingJWK - The private signing JWK. Must be contained in the entity JWK set and not null.

jwsAlg - The signing algorithm. Must be supported by the JWK and not null.

Returns:

The signed federation entity statement.

Throws:

com.nimbusds.jose.JOSEException - On a internal signing exception.

parse

public static EntityStatement parse(com.nimbusds.jwt.SignedJWT signedStmt)
                             throws ParseException

Parses a federation entity statement.

Parameters:

signedStmt - The signed statement as a signed JWT. Must not be null.

Returns:

The federation entity statement.

Throws:

ParseException - If parsing failed.

parse

public static EntityStatement parse(String signedStmtString)
                             throws ParseException

Parses a federation entity statement.

Parameters:

signedStmtString - The signed statement as a signed JWT string. Must not be null.

Returns:

The federation entity statement.

Throws:

ParseException - If parsing failed.