001/* 002 * oauth2-oidc-sdk 003 * 004 * Copyright 2012-2016, Connect2id Ltd and contributors. 005 * 006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 007 * this file except in compliance with the License. You may obtain a copy of the 008 * License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software distributed 013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the 015 * specific language governing permissions and limitations under the License. 016 */ 017 018package com.nimbusds.openid.connect.sdk.federation.trust.marks; 019 020 021import java.net.URI; 022import java.util.Date; 023 024import com.nimbusds.jwt.JWTClaimsSet; 025import com.nimbusds.oauth2.sdk.ParseException; 026import com.nimbusds.oauth2.sdk.id.Identifier; 027import com.nimbusds.oauth2.sdk.id.Issuer; 028import com.nimbusds.oauth2.sdk.id.Subject; 029import com.nimbusds.oauth2.sdk.util.JSONObjectUtils; 030import com.nimbusds.openid.connect.sdk.claims.CommonClaimsSet; 031 032 033/** 034 * Federation trust mark claims set, serialisable to a JSON object. 035 * 036 * <p>Example claims set: 037 * 038 * <pre> 039 * { 040 * "iss" : "https://swamid.sunet.se", 041 * "sub" : "https://umu.se/op", 042 * "iat" : 1577833200, 043 * "exp" : 1609369200, 044 * "id" : "https://refeds.org/wp-content/uploads/2016/01/Sirtfi-1.0.pdf" 045 * } 046 * </pre> 047 * 048 * <p>Related specifications: 049 * 050 * <ul> 051 * <li>OpenID Connect Federation 1.0, section 4.3. 052 * </ul> 053 */ 054public class TrustMarkClaimsSet extends CommonClaimsSet { 055 056 057 /** 058 * The identifier claim name. 059 */ 060 public static final String ID_CLAIM_NAME = "id"; 061 062 063 /** 064 * The mark claim name. 065 */ 066 public static final String MARK_CLAIM_NAME = "mark"; 067 068 069 /** 070 * The expiration time claim name. 071 */ 072 public static final String EXP_CLAIM_NAME = "exp"; 073 074 075 /** 076 * The reference claim name. 077 */ 078 public static final String REF_CLAIM_NAME = "ref"; 079 080 081 /** 082 * Creates a new trust mark claims set with the minimum required 083 * claims. 084 * 085 * @param iss The issuer. Corresponds to the {@code iss} claim. Must 086 * not be {@code null}. 087 * @param sub The subject. Corresponds to the {@code sub} claim. Must 088 * not be {@code null}. 089 * @param id The identifier. Corresponds to the {@code id} claim. 090 * Must not be {@code null}. 091 * @param iat The issue time. Corresponds to the {@code iat} claim. 092 * Must not be {@code null}. 093 */ 094 public TrustMarkClaimsSet(final Issuer iss, 095 final Subject sub, 096 final Identifier id, 097 final Date iat) { 098 099 setClaim(ISS_CLAIM_NAME, iss.getValue()); 100 setClaim(SUB_CLAIM_NAME, sub.getValue()); 101 setClaim(ID_CLAIM_NAME, id.getValue()); 102 setDateClaim(IAT_CLAIM_NAME, iat); 103 } 104 105 106 /** 107 * Creates a new trust mark claims set from the specified JWT claims 108 * set. 109 * 110 * @param jwtClaimsSet The JWT claims set. Must not be {@code null}. 111 * 112 * @throws ParseException If the JWT claims set doesn't represent a 113 * valid trust mark claims set. 114 */ 115 public TrustMarkClaimsSet(final JWTClaimsSet jwtClaimsSet) 116 throws ParseException { 117 118 super(JSONObjectUtils.toJSONObject(jwtClaimsSet)); 119 120 validateRequiredClaimsPresence(); 121 } 122 123 124 /** 125 * Validates this claims set for having all minimum required claims for 126 * a trust mark. 127 * 128 * @throws ParseException If the validation failed and a required claim 129 * is missing. 130 */ 131 public void validateRequiredClaimsPresence() 132 throws ParseException { 133 134 if (getIssuer() == null) { 135 throw new ParseException("Missing iss (issuer) claim"); 136 } 137 138 if (getSubject() == null) { 139 throw new ParseException("Missing sub (subject) claim"); 140 } 141 142 if (getID() == null) { 143 throw new ParseException("Missing id (identifier) claim"); 144 } 145 146 if (getIssueTime() == null) { 147 throw new ParseException("Missing iat (issued-at) claim"); 148 } 149 } 150 151 152 /** 153 * Returns the identifier. Corresponds to the {@code id} claim. 154 * 155 * @return The identifier. 156 */ 157 public Identifier getID() { 158 159 return new Identifier(getStringClaim(ID_CLAIM_NAME)); 160 } 161 162 163 /** 164 * Gets the mark URI. Corresponds to the {@code mark} claim. 165 * 166 * @return The mark URI, {@code null} if not specified or parsing 167 * failed. 168 */ 169 public URI getMark() { 170 171 return getURIClaim(MARK_CLAIM_NAME); 172 } 173 174 175 /** 176 * Sets the mark URI. Corresponds to the {@code mark} claim. 177 * 178 * @param markURI The mark URI, {@code null} if not specified. 179 */ 180 public void setMark(final URI markURI) { 181 182 setURIClaim(MARK_CLAIM_NAME, markURI); 183 } 184 185 186 /** 187 * Gets the expiration time. Corresponds to the {@code exp} claim. 188 * 189 * @return The expiration time, {@code null} if not specified or 190 * parsing failed. 191 */ 192 public Date getExpirationTime() { 193 194 return getDateClaim(EXP_CLAIM_NAME); 195 } 196 197 198 /** 199 * Sets the expiration time. Corresponds to the {@code exp} claim. 200 * 201 * @param exp The expiration time, {@code null} if not specified. 202 */ 203 public void setExpirationTime(final Date exp) { 204 205 setDateClaim(EXP_CLAIM_NAME, exp); 206 } 207 208 209 /** 210 * Gets the reference URI. Corresponds to the {@code ref} claim. 211 * 212 * @return The reference URI, {@code null} if not specified or parsing 213 * failed. 214 */ 215 public URI getReference() { 216 217 return getURIClaim(REF_CLAIM_NAME); 218 } 219 220 221 /** 222 * Sets the reference URI. Corresponds to the {@code ref} claim. 223 * 224 * @param refURI The reference URI, {@code null} if not specified. 225 */ 226 public void setReference(final URI refURI) { 227 228 setURIClaim(REF_CLAIM_NAME, refURI); 229 } 230}