Class TrustChainResolver
- java.lang.Object
-
- com.nimbusds.openid.connect.sdk.federation.trust.TrustChainResolver
-
public class TrustChainResolver extends Object
Trust chain resolver.Related specifications:
- OpenID Connect Federation 1.0, section 7.
-
-
Constructor Summary
Constructors Constructor Description TrustChainResolver(EntityID trustAnchor)Creates a new trust chain resolver with a single trust anchor, withno trust chain constraints.TrustChainResolver(EntityID trustAnchor, com.nimbusds.jose.jwk.JWKSet trustAnchorJWKSet)Creates a new trust chain resolver with a single trust anchor, withno trust chain constraints.TrustChainResolver(Map<EntityID,com.nimbusds.jose.jwk.JWKSet> trustAnchors, int httpConnectTimeoutMs, int httpReadTimeoutMs)Creates a new trust chain resolver with multiple trust anchors, withno trust chain constraints.TrustChainResolver(Map<EntityID,com.nimbusds.jose.jwk.JWKSet> trustAnchors, TrustChainConstraints constraints, EntityStatementRetriever statementRetriever)Creates new trust chain resolver.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description TrustChainConstraintsgetConstraints()Returns the configured trust chain constraints.EntityStatementRetrievergetEntityStatementRetriever()Returns the configured entity statement retriever.Map<EntityID,com.nimbusds.jose.jwk.JWKSet>getTrustAnchors()Returns the configured trust anchors.TrustChainSetresolveTrustChains(EntityID target)Resolves the trust chains for the specified target.TrustChainSetresolveTrustChains(EntityID target, EntityMetadataValidator targetMetadataValidator)Resolves the trust chains for the specified target, with optional validation of the target entity metadata.TrustChainSetresolveTrustChains(EntityStatement targetStatement)Resolves the trust chains for the specified target.
-
-
-
Constructor Detail
-
TrustChainResolver
public TrustChainResolver(EntityID trustAnchor)
Creates a new trust chain resolver with a single trust anchor, withno trust chain constraints.- Parameters:
trustAnchor- The trust anchor. Must not benull.
-
TrustChainResolver
public TrustChainResolver(EntityID trustAnchor, com.nimbusds.jose.jwk.JWKSet trustAnchorJWKSet)
Creates a new trust chain resolver with a single trust anchor, withno trust chain constraints.- Parameters:
trustAnchor- The trust anchor. Must not benull.trustAnchorJWKSet- The trust anchor public JWK set,nullif not available.
-
TrustChainResolver
public TrustChainResolver(Map<EntityID,com.nimbusds.jose.jwk.JWKSet> trustAnchors, int httpConnectTimeoutMs, int httpReadTimeoutMs)
Creates a new trust chain resolver with multiple trust anchors, withno trust chain constraints.- Parameters:
trustAnchors- The trust anchors with their public JWK sets (if available). Must contain at least one anchor.httpConnectTimeoutMs- The HTTP connect timeout in milliseconds, zero means timeout determined by the underlying HTTP client.httpReadTimeoutMs- The HTTP read timeout in milliseconds, zero means timout determined by the underlying HTTP client.
-
TrustChainResolver
public TrustChainResolver(Map<EntityID,com.nimbusds.jose.jwk.JWKSet> trustAnchors, TrustChainConstraints constraints, EntityStatementRetriever statementRetriever)
Creates new trust chain resolver.- Parameters:
trustAnchors- The trust anchors with their public JWK sets. Must contain at least one anchor.statementRetriever- The entity statement retriever to use. Must not benull.
-
-
Method Detail
-
getTrustAnchors
public Map<EntityID,com.nimbusds.jose.jwk.JWKSet> getTrustAnchors()
Returns the configured trust anchors.- Returns:
- The trust anchors with their public JWK sets (if available). Contains at least one anchor.
-
getEntityStatementRetriever
public EntityStatementRetriever getEntityStatementRetriever()
Returns the configured entity statement retriever.- Returns:
- The entity statement retriever.
-
getConstraints
public TrustChainConstraints getConstraints()
Returns the configured trust chain constraints.- Returns:
- The constraints.
-
resolveTrustChains
public TrustChainSet resolveTrustChains(EntityID target) throws ResolveException
Resolves the trust chains for the specified target.- Parameters:
target- The target. Must not benull.- Returns:
- The resolved trust chains, containing at least one valid and verified chain.
- Throws:
ResolveException- If no trust chain could be resolved.
-
resolveTrustChains
public TrustChainSet resolveTrustChains(EntityID target, EntityMetadataValidator targetMetadataValidator) throws ResolveException, InvalidEntityMetadataException
Resolves the trust chains for the specified target, with optional validation of the target entity metadata. The validator can for example check that for an entity which is expected to be an OpenID relying party the required party metadata is present.- Parameters:
target- The target. Must not benull.targetMetadataValidator- To perform optional validation of the retrieved target entity metadata, before proceeding with retrieving the entity statements from the authorities,nullif not specified.- Returns:
- The resolved trust chains, containing at least one valid and verified chain.
- Throws:
ResolveException- If no trust chain could be resolved.InvalidEntityMetadataException
-
resolveTrustChains
public TrustChainSet resolveTrustChains(EntityStatement targetStatement) throws ResolveException
Resolves the trust chains for the specified target.- Parameters:
targetStatement- The target entity statement. Must not benull.- Returns:
- The resolved trust chains, containing at least one valid and verified chain.
- Throws:
ResolveException- If no trust chain could be resolved.
-
-