Package com.nimbusds.openid.connect.sdk.federation.entities

Class EntityStatement

java.lang.Object
com.nimbusds.openid.connect.sdk.federation.entities.EntityStatement
@Immutable public final class EntityStatement extends Object
Federation entity statement.

Related specifications:

  • OpenID Connect Federation 1.0, section 2.1.

  • Method Details

    • getEntityID

      public EntityID getEntityID()
      Returns the entity ID.
      Returns:
      The entity ID.

    • getSignedStatement

      public com.nimbusds.jwt.SignedJWT getSignedStatement()
      Returns the signed statement.
      Returns:
      The signed statement as signed JWT.

    • getClaimsSet

      public EntityStatementClaimsSet getClaimsSet()
      Returns the statement claims.
      Returns:
      The statement claims.

    • isTrustAnchor

      public boolean isTrustAnchor()
      Returns true if this entity statement is for a trust anchor.
      Returns:
      true for a trust anchor, else false.

    • verifySignatureOfSelfStatement

      public com.nimbusds.jose.util.Base64URL verifySignatureOfSelfStatement() throws com.nimbusds.jose.proc.BadJOSEException, com.nimbusds.jose.JOSEException
      Verifies the signature for a self-statement (typically for a trust anchor or leaf) and checks the statement issue and expiration times.
      Returns:
      The SHA-256 thumbprint of the key used to successfully verify the signature.
      Throws:
      com.nimbusds.jose.proc.BadJOSEException - If the signature is invalid or the statement is expired or before the issue time.
      com.nimbusds.jose.JOSEException - On a internal JOSE exception.

    • verifySignature

      public com.nimbusds.jose.util.Base64URL verifySignature(com.nimbusds.jose.jwk.JWKSet jwkSet) throws com.nimbusds.jose.proc.BadJOSEException, com.nimbusds.jose.JOSEException
      Verifies the signature and checks the statement issue and expiration times.
      Parameters:
      jwkSet - The JWK set to use for the signature verification. Must not be null.
      Returns:
      The SHA-256 thumbprint of the key used to successfully verify the signature.
      Throws:
      com.nimbusds.jose.proc.BadJOSEException - If the signature is invalid or the statement is expired or before the issue time.
      com.nimbusds.jose.JOSEException - On a internal JOSE exception.

    • sign

      public static EntityStatement sign(EntityStatementClaimsSet claimsSet, com.nimbusds.jose.jwk.JWK signingJWK) throws com.nimbusds.jose.JOSEException
      Signs the specified federation entity claims set.
      Parameters:
      claimsSet - The claims set. Must not be null.
      signingJWK - The private signing JWK. Must be contained in the entity JWK set and not null.
      Returns:
      The signed federation entity statement.
      Throws:
      com.nimbusds.jose.JOSEException - On a internal signing exception.

    • sign

      public static EntityStatement sign(EntityStatementClaimsSet claimsSet, com.nimbusds.jose.jwk.JWK signingJWK, com.nimbusds.jose.JWSAlgorithm jwsAlg) throws com.nimbusds.jose.JOSEException
      Signs the specified federation entity claims set.
      Parameters:
      claimsSet - The claims set. Must not be null.
      signingJWK - The private signing JWK. Must be contained in the entity JWK set and not null.
      jwsAlg - The signing algorithm. Must be supported by the JWK and not null.
      Returns:
      The signed federation entity statement.
      Throws:
      com.nimbusds.jose.JOSEException - On a internal signing exception.

    • parse

      public static EntityStatement parse(com.nimbusds.jwt.SignedJWT signedStmt) throws ParseException
      Parses a federation entity statement.
      Parameters:
      signedStmt - The signed statement as a signed JWT. Must not be null.
      Returns:
      The federation entity statement.
      Throws:
      ParseException - If parsing failed.

    • parse

      public static EntityStatement parse(String signedStmtString) throws ParseException
      Parses a federation entity statement.
      Parameters:
      signedStmtString - The signed statement as a signed JWT string. Must not be null.
      Returns:
      The federation entity statement.
      Throws:
      ParseException - If parsing failed.