001/* 002 * oauth2-oidc-sdk 003 * 004 * Copyright 2012-2016, Connect2id Ltd and contributors. 005 * 006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 007 * this file except in compliance with the License. You may obtain a copy of the 008 * License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software distributed 013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the 015 * specific language governing permissions and limitations under the License. 016 */ 017 018package com.nimbusds.openid.connect.sdk.op; 019 020 021import java.net.URI; 022import java.util.Collections; 023import java.util.HashSet; 024import java.util.Set; 025 026import net.minidev.json.JSONObject; 027 028import com.nimbusds.oauth2.sdk.ParseException; 029import com.nimbusds.oauth2.sdk.as.AuthorizationServerEndpointMetadata; 030import com.nimbusds.oauth2.sdk.util.JSONObjectUtils; 031 032 033/** 034 * OpenID Provider (OP) endpoint metadata. 035 * 036 * <p>Related specifications: 037 * 038 * <ul> 039 * <li>OAuth 2.0 Authorization Server Metadata (RFC 8414) 040 * <li>OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound 041 * Access Tokens (RFC 8705) 042 * <li>OAuth 2.0 Device Flow for Browserless and Input Constrained Devices 043 * (draft-ietf-oauth-device-flow-14) 044 * <li>OpenID Connect Discovery 1.0, section 3. 045 * <li>OpenID Connect Session Management 1.0, section 2.1 (draft 28). 046 * <li>OpenID Connect Front-Channel Logout 1.0, section 3 (draft 02). 047 * <li>OpenID Connect Back-Channel Logout 1.0, section 2.1 (draft 04). 048 * <li>OpenID Connect Federation 1.0 (draft 10). 049 * </ul> 050 */ 051public class OIDCProviderEndpointMetadata extends AuthorizationServerEndpointMetadata implements ReadOnlyOIDCProviderEndpointMetadata { 052 053 /** 054 * The registered parameter names. 055 */ 056 private static final Set<String> REGISTERED_PARAMETER_NAMES; 057 058 059 static { 060 Set<String> p = new HashSet<>(AuthorizationServerEndpointMetadata.getRegisteredParameterNames()); 061 p.add("userinfo_endpoint"); 062 p.add("check_session_iframe"); 063 p.add("end_session_endpoint"); 064 p.add("federation_registration_endpoint"); 065 REGISTERED_PARAMETER_NAMES = Collections.unmodifiableSet(p); 066 } 067 068 069 /** 070 * Gets the registered provider metadata parameter names for endpoints. 071 * 072 * @return The registered provider metadata parameter names for the 073 * endpoints, as an unmodifiable set. 074 */ 075 public static Set<String> getRegisteredParameterNames() { 076 077 return REGISTERED_PARAMETER_NAMES; 078 } 079 080 081 /** 082 * The UserInfo endpoint. 083 */ 084 private URI userInfoEndpoint; 085 086 087 /** 088 * The federation registration endpoint. 089 */ 090 private URI federationRegistrationEndpoint; 091 092 093 /** 094 * The cross-origin check session iframe. 095 */ 096 private URI checkSessionIframe; 097 098 099 /** 100 * The logout endpoint. 101 */ 102 private URI endSessionEndpoint; 103 104 105 /** 106 * Creates a new OpenID Connect provider endpoint metadata instance. 107 */ 108 public OIDCProviderEndpointMetadata() { 109 } 110 111 112 /** 113 * Converts an authorization server endpoint metadata to an OpenID 114 * Connect provider endpoint metadata instance. 115 */ 116 public OIDCProviderEndpointMetadata(final AuthorizationServerEndpointMetadata endpointMetadata) { 117 118 setAuthorizationEndpointURI(endpointMetadata.getAuthorizationEndpointURI()); 119 setTokenEndpointURI(endpointMetadata.getTokenEndpointURI()); 120 setRegistrationEndpointURI(endpointMetadata.getRegistrationEndpointURI()); 121 setIntrospectionEndpointURI(endpointMetadata.getIntrospectionEndpointURI()); 122 setRevocationEndpointURI(endpointMetadata.getRevocationEndpointURI()); 123 setDeviceAuthorizationEndpointURI(endpointMetadata.getDeviceAuthorizationEndpointURI()); 124 setBackChannelAuthenticationEndpoint(endpointMetadata.getBackChannelAuthenticationEndpoint()); 125 setPushedAuthorizationRequestEndpointURI(endpointMetadata.getPushedAuthorizationRequestEndpointURI()); 126 setRequestObjectEndpoint(endpointMetadata.getRequestObjectEndpoint()); 127 } 128 129 130 @Override 131 public URI getUserInfoEndpointURI() { 132 133 return userInfoEndpoint; 134 } 135 136 137 /** 138 * Sets the UserInfo endpoint URI. Corresponds the 139 * {@code userinfo_endpoint} metadata field. 140 * 141 * @param userInfoEndpoint The UserInfo endpoint URI, {@code null} if 142 * not specified. 143 */ 144 public void setUserInfoEndpointURI(final URI userInfoEndpoint) { 145 146 this.userInfoEndpoint = userInfoEndpoint; 147 } 148 149 150 @Override 151 public URI getCheckSessionIframeURI() { 152 153 return checkSessionIframe; 154 } 155 156 157 /** 158 * Sets the cross-origin check session iframe URI. Corresponds to the 159 * {@code check_session_iframe} metadata field. 160 * 161 * @param checkSessionIframe The check session iframe URI, {@code null} 162 * if not specified. 163 */ 164 public void setCheckSessionIframeURI(final URI checkSessionIframe) { 165 166 this.checkSessionIframe = checkSessionIframe; 167 } 168 169 170 @Override 171 public URI getEndSessionEndpointURI() { 172 173 return endSessionEndpoint; 174 } 175 176 177 /** 178 * Sets the logout endpoint URI. Corresponds to the 179 * {@code end_session_endpoint} metadata field. 180 * 181 * @param endSessionEndpoint The logoout endpoint URI, {@code null} if 182 * not specified. 183 */ 184 public void setEndSessionEndpointURI(final URI endSessionEndpoint) { 185 186 this.endSessionEndpoint = endSessionEndpoint; 187 } 188 189 190 @Override 191 public URI getFederationRegistrationEndpointURI() { 192 193 return federationRegistrationEndpoint; 194 } 195 196 197 /** 198 * Sets the federation registration endpoint URI. Corresponds to the 199 * {@code federation_registration_endpoint} metadata field. 200 * 201 * @param federationRegistrationEndpoint The federation registration 202 * endpoint URI, {@code null} if 203 * not specified. 204 */ 205 public void setFederationRegistrationEndpointURI(final URI federationRegistrationEndpoint) { 206 207 this.federationRegistrationEndpoint = federationRegistrationEndpoint; 208 } 209 210 211 @Override 212 public JSONObject toJSONObject() { 213 214 JSONObject o = super.toJSONObject(); 215 216 if (getUserInfoEndpointURI() != null) 217 o.put("userinfo_endpoint", getUserInfoEndpointURI().toString()); 218 219 if (getCheckSessionIframeURI() != null) 220 o.put("check_session_iframe", getCheckSessionIframeURI().toString()); 221 222 if (getEndSessionEndpointURI() != null) 223 o.put("end_session_endpoint", getEndSessionEndpointURI().toString()); 224 225 if (getFederationRegistrationEndpointURI() != null) 226 o.put("federation_registration_endpoint", getFederationRegistrationEndpointURI().toString()); 227 228 return o; 229 } 230 231 232 /** 233 * Parses an OAuth 2.0 Authorisation Server endpoint metadata from the specified 234 * JSON object. 235 * 236 * @param jsonObject The JSON object to parse. Must not be 237 * {@code null}. 238 * 239 * @return The OAuth 2.0 Authorisation Server endpoint metadata. 240 * 241 * @throws ParseException If the JSON object couldn't be parsed to an 242 * OAuth 2.0 Authorisation Server endpoint metadata. 243 */ 244 public static OIDCProviderEndpointMetadata parse(final JSONObject jsonObject) 245 throws ParseException { 246 247 AuthorizationServerEndpointMetadata as = AuthorizationServerEndpointMetadata.parse(jsonObject); 248 249 OIDCProviderEndpointMetadata op = new OIDCProviderEndpointMetadata(); 250 251 op.setAuthorizationEndpointURI(as.getAuthorizationEndpointURI()); 252 op.setTokenEndpointURI(as.getTokenEndpointURI()); 253 op.setRegistrationEndpointURI(as.getRegistrationEndpointURI()); 254 op.setIntrospectionEndpointURI(as.getIntrospectionEndpointURI()); 255 op.setRevocationEndpointURI(as.getRevocationEndpointURI()); 256 op.setDeviceAuthorizationEndpointURI(as.getDeviceAuthorizationEndpointURI()); 257 op.setBackChannelAuthenticationEndpoint(as.getBackChannelAuthenticationEndpoint()); 258 op.setPushedAuthorizationRequestEndpointURI(as.getPushedAuthorizationRequestEndpointURI()); 259 op.setRequestObjectEndpoint(as.getRequestObjectEndpoint()); 260 op.userInfoEndpoint = JSONObjectUtils.getURI(jsonObject, "userinfo_endpoint", null); 261 op.checkSessionIframe = JSONObjectUtils.getURI(jsonObject, "check_session_iframe", null); 262 op.endSessionEndpoint = JSONObjectUtils.getURI(jsonObject, "end_session_endpoint", null); 263 op.federationRegistrationEndpoint = JSONObjectUtils.getURI(jsonObject, "federation_registration_endpoint", null); 264 265 return op; 266 } 267}