Package com.nimbusds.openid.connect.sdk.rp.statement

Class SoftwareStatementProcessor<C extends com.nimbusds.jose.proc.SecurityContext>

  • Type Parameters:
    C - Optional security context to pass to the underlying JWK source.
    @ThreadSafe
public class SoftwareStatementProcessor<C extends com.nimbusds.jose.proc.SecurityContext>
extends Object
    Processor of software statements for client registrations.

    Related specifications:

    • OAuth 2.0 Dynamic Client Registration Protocol (RFC 7591), sections 2.3 and 3.1.1.

    • Constructor Detail

      • SoftwareStatementProcessor

        public SoftwareStatementProcessor​(Issuer issuer,
                                  boolean required,
                                  Set<com.nimbusds.jose.JWSAlgorithm> jwsAlgs,
                                  com.nimbusds.jose.jwk.JWKSet jwkSet)
        Creates a new software statement processor.
        Parameters:
        issuer - The expected software statement issuer. Must not be null.
        required - If true the processed client metadata must include a software statement and if missing this will result in a invalid_software_statement error. If false client metadata with missing software statement will be returned unmodified by the processor.
        jwsAlgs - The expected JWS algorithms of the software statements. Must not be empty or null.
        jwkSet - The public JWK set for verifying the software statement signatures.

      • SoftwareStatementProcessor

        public SoftwareStatementProcessor​(Issuer issuer,
                                  boolean required,
                                  Set<com.nimbusds.jose.JWSAlgorithm> jwsAlgs,
                                  URL jwkSetURL,
                                  int connectTimeoutMs,
                                  int readTimeoutMs,
                                  int sizeLimitBytes)
        Creates a new software statement processor.
        Parameters:
        issuer - The expected software statement issuer. Must not be null.
        required - If true the processed client metadata must include a software statement and if missing this will result in a invalid_software_statement error. If false client metadata with missing software statement will be returned unmodified by the processor.
        jwsAlgs - The expected JWS algorithms of the software statements. Must not be empty or null.
        jwkSetURL - The public JWK set URL for verifying the software statement signatures.
        connectTimeoutMs - The HTTP connect timeout in milliseconds for retrieving the JWK set, zero implies no timeout (determined by the underlying HTTP client).
        readTimeoutMs - The HTTP read timeout in milliseconds for retrieving the JWK set, zero implies no timeout (determined by the underlying HTTP client).
        sizeLimitBytes - The HTTP entity size limit in bytes when retrieving the JWK set, zero implies no limit.

      • SoftwareStatementProcessor

        public SoftwareStatementProcessor​(Issuer issuer,
                                  boolean required,
                                  Set<com.nimbusds.jose.JWSAlgorithm> jwsAlgs,
                                  com.nimbusds.jose.jwk.source.JWKSource<C> jwkSource)
        Creates a new software statement processor.
        Parameters:
        issuer - The expected software statement issuer. Must not be null.
        required - If true the processed client metadata must include a software statement and if missing this will result in a invalid_software_statement error. If false client metadata with missing software statement will be returned unmodified by the processor.
        jwsAlgs - The expected JWS algorithms of the software statements. Must not be empty or null.
        jwkSource - The public JWK source to use for verifying the software statement signatures.

      • SoftwareStatementProcessor

        public SoftwareStatementProcessor​(Issuer issuer,
                                  boolean required,
                                  Set<com.nimbusds.jose.JWSAlgorithm> jwsAlgs,
                                  com.nimbusds.jose.jwk.source.JWKSource<C> jwkSource,
                                  Set<String> additionalRequiredClaims)
        Creates a new software statement processor.
        Parameters:
        issuer - The expected software statement issuer. Must not be null.
        required - If true the processed client metadata must include a software statement and if missing this will result in a invalid_software_statement error. If false client metadata with missing software statement will be returned unmodified by the processor.
        jwsAlgs - The expected JWS algorithms of the software statements. Must not be empty or null.
        jwkSource - The public JWK source to use for verifying the software statement signatures.
        additionalRequiredClaims - The names of any additional JWT claims other than "iss" (issuer) that must be present in the software statement, empty or null if none.

    • Method Detail

      • process

        public OIDCClientMetadata process​(OIDCClientMetadata clientMetadata)
                           throws InvalidSoftwareStatementException,
                                  com.nimbusds.jose.JOSEException
        Processes an optional software statement in the specified client metadata.
        Parameters:
        clientMetadata - The client metadata, must not be null.
        Returns:
        The processed client metadata, with the merged software statement.
        Throws:
        InvalidSoftwareStatementException - On a invalid or missing required software statement.
        com.nimbusds.jose.JOSEException - On a internal JOSE signature verification exception.

      • process

        public OIDCClientMetadata process​(OIDCClientMetadata clientMetadata,
                                  C context)
                           throws InvalidSoftwareStatementException,
                                  com.nimbusds.jose.JOSEException
        Processes an optional software statement in the specified client metadata.
        Parameters:
        clientMetadata - The client metadata, must not be null.
        context - Optional security context to pass to the underlying JWK source, null if not specified.
        Returns:
        The processed client metadata, with the merged software statement.
        Throws:
        InvalidSoftwareStatementException - On a invalid or missing required software statement.
        com.nimbusds.jose.JOSEException - On a internal JOSE signature verification exception.