Source code

001/*
002 * oauth2-oidc-sdk
003 *
004 * Copyright 2012-2021, Connect2id Ltd and contributors.
005 *
006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use
007 * this file except in compliance with the License. You may obtain a copy of the
008 * License at
009 *
010 *    http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software distributed
013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the
015 * specific language governing permissions and limitations under the License.
016 */
017
018package com.nimbusds.oauth2.sdk.ciba;
019
020
021import java.util.*;
022
023import com.nimbusds.oauth2.sdk.id.Audience;
024import com.nimbusds.oauth2.sdk.id.Issuer;
025import com.nimbusds.oauth2.sdk.id.JWTID;
026import com.nimbusds.openid.connect.sdk.claims.ClaimsSet;
027
028
029/**
030 * CIBA signed request claims set, serialisable to a JSON object.
031 *
032 * <p>Example signed request claims set:
033 *
034 * <pre>
035 * {
036 *   "iss": "s6BhdRkqt3",
037 *   "aud": "https://server.example.com",
038 *   "exp": 1537820086,
039 *   "iat": 1537819486,
040 *   "nbf": 1537818886,
041 *   "jti": "4LTCqACC2ESC5BWCnN3j58EnA",
042 *   "scope": "openid email example-scope",
043 *   "client_notification_token": "8d67dc78-7faa-4d41-aabd-67707b374255",
044 *   "binding_message": "W4SCT",
045 *   "login_hint_token": "eyJraWQiOiJsdGFjZXNidyIsImFsZyI6IkVTMjU2I
046 *     n0.eyJzdWJfaWQiOnsic3ViamVjdF90eXBlIjoicGhvbmUiLCJwaG9uZSI6I
047 *     isxMzMwMjgxODAwNCJ9fQ.Kk8jcUbHjJAQkRSHyDuFQr3NMEOSJEZc85VfER
048 *     74tX6J9CuUllr89WKUHUR7MA0-mWlptMRRhdgW1ZDt7g1uwQ"
049 * }
050 * </pre>
051 *
052 * <p>Related specifications:
053 *
054 * <ul>
055 *     <li>OpenID Connect CIBA Flow - Core 1.0, section 7.1.1.
056 * </ul>
057 */
058public class CIBASignedRequestClaimsSet extends ClaimsSet {
059        
060        
061        /**
062         * The request claim name.
063         */
064        public static final String REQUEST_CLAIM_NAME = "request";
065        
066        
067        /**
068         * The issue time claim name.
069         */
070        public static final String IAT_CLAIM_NAME = "iat";
071        
072        
073        /**
074         * The not-before time claim name.
075         */
076        public static final String NBF_CLAIM_NAME = "nbf";
077        
078        
079        /**
080         * The expiration time claim name.
081         */
082        public static final String EXP_CLAIM_NAME = "exp";
083        
084        
085        /**
086         * The JWT ID claim name.
087         */
088        public static final String JTI_CLAIM_NAME = "jti";
089        
090        
091        /**
092         * The names of the standard top-level claims.
093         */
094        private static final Set<String> STD_CLAIM_NAMES;
095        
096        
097        static {
098                Set<String> claimNames = new HashSet<>(ClaimsSet.getStandardClaimNames());
099                claimNames.add(REQUEST_CLAIM_NAME);
100                claimNames.add(ISS_CLAIM_NAME);
101                claimNames.add(AUD_CLAIM_NAME);
102                claimNames.add(IAT_CLAIM_NAME);
103                claimNames.add(NBF_CLAIM_NAME);
104                claimNames.add(EXP_CLAIM_NAME);
105                claimNames.add(JTI_CLAIM_NAME);
106                STD_CLAIM_NAMES = Collections.unmodifiableSet(claimNames);
107        }
108        
109        
110        /**
111         * Gets the names of the standard top-level claims.
112         *
113         * @return The names of the standard top-level claims (read-only set).
114         */
115        public static Set<String> getStandardClaimNames() {
116                
117                return STD_CLAIM_NAMES;
118        }
119        
120        
121        /**
122         * Creates a new CIBA signed request claims set.
123         *
124         * @param cibaPlainRequest The CIBA plain request to use. Must not be
125         *                         {@code null}.
126         * @param iss              The issuer, must be set to the
127         *                         {@code client_id}.
128         * @param aud              The audience, must be set to the OpenID
129         *                         provider / OAuth 2.0 authorisation server
130         *                         issuer URI.
131         * @param iat              The issue time. Must not be {@code null}.
132         * @param nbf              The not-before time. Must not be
133         *                         {@code null}.
134         * @param exp              The expiration time. Must not be
135         *                         {@code null}.
136         * @param jti              The JWT ID. Must not be {@code null}.
137         */
138        public CIBASignedRequestClaimsSet(
139                final CIBARequest cibaPlainRequest,
140                final Issuer iss,
141                final Audience aud,
142                final Date iat,
143                final Date nbf,
144                final Date exp,
145                final JWTID jti) {
146                
147                if (cibaPlainRequest.isSigned()) {
148                        throw new IllegalArgumentException("The CIBA request must be plain");
149                }
150                
151                for (Map.Entry<String,Object> claim: cibaPlainRequest.toJWTClaimsSet().getClaims().entrySet()) {
152                        setClaim(claim.getKey(), claim.getValue());
153                }
154                
155                setIssuer(Objects.requireNonNull(iss));
156                setAudience(Objects.requireNonNull(aud));
157                setDateClaim(IAT_CLAIM_NAME, Objects.requireNonNull(iat));
158                setDateClaim(NBF_CLAIM_NAME, Objects.requireNonNull(nbf));
159                setDateClaim(EXP_CLAIM_NAME, Objects.requireNonNull(exp));
160                setClaim(JTI_CLAIM_NAME, jti.getValue());
161        }
162}