Class TrustChain
- java.lang.Object
-
- com.nimbusds.openid.connect.sdk.federation.trust.TrustChain
-
@Immutable public final class TrustChain extends Object
Federation entity trust chain.Related specifications:
- OpenID Connect Federation 1.0, sections 2.2 and 7.
-
-
Constructor Summary
Constructors Constructor Description TrustChain(EntityStatement leaf, List<EntityStatement> superiors)
Creates a new federation entity trust chain.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description EntityStatement
getLeafSelfStatement()
Returns the leaf entity self-statement.List<EntityStatement>
getSuperiorStatements()
Returns the superior entity statements.EntityID
getTrustAnchorEntityID()
Returns the entity ID of the trust anchor.Iterator<EntityStatement>
iteratorFromLeaf()
Return an iterator starting from the leaf entity statement.int
length()
Returns the length of this trust chain.MetadataPolicy
resolveCombinedMetadataPolicy(FederationMetadataType type)
Resolves the combined metadata policy for this trust chain.MetadataPolicy
resolveCombinedMetadataPolicy(FederationMetadataType type, PolicyOperationCombinationValidator combinationValidator)
Resolves the combined metadata policy for this trust chain.Date
resolveExpirationTime()
Resolves the expiration time for this trust chain.void
verifySignatures(com.nimbusds.jose.jwk.JWKSet trustAnchorJWKSet)
Verifies the signatures in this trust chain.
-
-
-
Constructor Detail
-
TrustChain
public TrustChain(EntityStatement leaf, List<EntityStatement> superiors)
Creates a new federation entity trust chain. Validates the subject - issuer chain, the signatures are not verified.- Parameters:
leaf
- The leaf entity self-statement. Must not benull
.superiors
- The superior entity statements, starting with a statement of the first superior about the leaf, ending with the statement of the trust anchor about the last intermediate or the leaf (for a minimal trust chain). Must contain at least one entity statement.- Throws:
IllegalArgumentException
- If the subject - issuer chain is broken.
-
-
Method Detail
-
getLeafSelfStatement
public EntityStatement getLeafSelfStatement()
Returns the leaf entity self-statement.- Returns:
- The leaf entity self-statement.
-
getSuperiorStatements
public List<EntityStatement> getSuperiorStatements()
Returns the superior entity statements.- Returns:
- The superior entity statements, starting with a statement of the first superior about the leaf, ending with the statement of the trust anchor about the last intermediate or the leaf (for a minimal trust chain).
-
getTrustAnchorEntityID
public EntityID getTrustAnchorEntityID()
Returns the entity ID of the trust anchor.- Returns:
- The entity ID of the trust anchor.
-
length
public int length()
Returns the length of this trust chain. A minimal trust chain with a leaf and anchor has a length of one.- Returns:
- The trust chain length.
-
resolveCombinedMetadataPolicy
public MetadataPolicy resolveCombinedMetadataPolicy(FederationMetadataType type) throws PolicyViolationException
Resolves the combined metadata policy for this trust chain. Uses thedefault policy combination validator
.- Parameters:
type
- The metadata type, such asopenid_relying_party
. Must not benull
.- Returns:
- The combined metadata policy, with no policy operations if no policies were found.
- Throws:
PolicyViolationException
- On a policy violation exception.
-
resolveCombinedMetadataPolicy
public MetadataPolicy resolveCombinedMetadataPolicy(FederationMetadataType type, PolicyOperationCombinationValidator combinationValidator) throws PolicyViolationException
Resolves the combined metadata policy for this trust chain.- Parameters:
type
- The metadata type, such asopenid_relying_party
. Must not benull
.combinationValidator
- The policy operation combination validator. Must not benull
.- Returns:
- The combined metadata policy, with no policy operations if no policies were found.
- Throws:
PolicyViolationException
- On a policy violation exception.
-
iteratorFromLeaf
public Iterator<EntityStatement> iteratorFromLeaf()
Return an iterator starting from the leaf entity statement.- Returns:
- The iterator.
-
resolveExpirationTime
public Date resolveExpirationTime()
Resolves the expiration time for this trust chain. Equals the nearest expiration when all entity statements in the trust chain are considered.- Returns:
- The expiration time for this trust chain.
-
verifySignatures
public void verifySignatures(com.nimbusds.jose.jwk.JWKSet trustAnchorJWKSet) throws com.nimbusds.jose.proc.BadJOSEException, com.nimbusds.jose.JOSEException
Verifies the signatures in this trust chain.- Parameters:
trustAnchorJWKSet
- The trust anchor JWK set. Must not benull
.- Throws:
com.nimbusds.jose.proc.BadJOSEException
- If a signature is invalid or a statement is expired or before the issue time.com.nimbusds.jose.JOSEException
- On a internal JOSE exception.
-
-