001/* 002 * oauth2-oidc-sdk 003 * 004 * Copyright 2012-2020, Connect2id Ltd and contributors. 005 * 006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 007 * this file except in compliance with the License. You may obtain a copy of the 008 * License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software distributed 013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the 015 * specific language governing permissions and limitations under the License. 016 */ 017 018package com.nimbusds.openid.connect.sdk.assurance.claims; 019 020 021import java.util.Collection; 022 023import net.jcip.annotations.Immutable; 024import net.minidev.json.JSONObject; 025 026import com.nimbusds.langtag.LangTag; 027import com.nimbusds.oauth2.sdk.ParseException; 028import com.nimbusds.oauth2.sdk.util.JSONObjectUtils; 029import com.nimbusds.openid.connect.sdk.claims.ClaimsSetRequest; 030 031 032/** 033 * OpenID Connect verified claims set request, intended to represent the 034 * {@code verified_claims} sub-element within a {@code userinfo} or 035 * {@code id_token} element in a 036 * {@link com.nimbusds.openid.connect.sdk.OIDCClaimsRequest claims} request 037 * parameter. 038 * 039 * <p>Example: 040 * 041 * <pre> 042 * { 043 * "verification": { 044 * "trust_framework": "eidas_ial_high" 045 * }, 046 * "claims":{ 047 * "given_name": null, 048 * "family_name": null, 049 * "birthdate": null 050 * } 051 * } 052 * </pre> 053 * 054 * <p>Related specifications: 055 * 056 * <ul> 057 * <li>OpenID Connect Core 1.0, section 5.5. 058 * <li>OpenID Connect for Identity Assurance 1.0. 059 * </ul> 060 */ 061@Immutable 062public class VerifiedClaimsSetRequest extends ClaimsSetRequest { 063 064 065 /** 066 * The verification element for the requested verified claims. 067 */ 068 private final JSONObject verificationJSONObject; 069 070 071 /** 072 * Creates a new empty OpenID Connect verified claims set request. 073 */ 074 public VerifiedClaimsSetRequest() { 075 super(); 076 verificationJSONObject = null; 077 } 078 079 080 /** 081 * Creates a new OpenID Connect verified claims set request. 082 * 083 * @param entries The request entries. Must not be 084 * {@code null}. 085 * @param verificationJSONObject The verification JSON object, 086 * {@code null} if not specified. 087 */ 088 public VerifiedClaimsSetRequest(final Collection<ClaimsSetRequest.Entry> entries, 089 final JSONObject verificationJSONObject) { 090 super(entries); 091 this.verificationJSONObject = verificationJSONObject; 092 } 093 094 095 /** 096 * Gets the {@code verification} element. 097 * 098 * @return The {@code verification} JSON object, {@code null} if not 099 * specified. 100 */ 101 public JSONObject getVerificationJSONObject() { 102 return verificationJSONObject; 103 } 104 105 106 /** 107 * Sets the {@code verification} element. 108 * 109 * @param jsonObject The {@code verification} JSON object, {@code null} 110 * if not specified. 111 * 112 * @return The updated verified claims set request. 113 */ 114 public VerifiedClaimsSetRequest withVerificationJSONObject(final JSONObject jsonObject) { 115 return new VerifiedClaimsSetRequest(getEntries(), jsonObject); 116 } 117 118 119 @Override 120 public VerifiedClaimsSetRequest add(final String claimName) { 121 ClaimsSetRequest csr = add(new ClaimsSetRequest.Entry(claimName)); 122 return new VerifiedClaimsSetRequest(csr.getEntries(), getVerificationJSONObject()); 123 } 124 125 126 @Override 127 public VerifiedClaimsSetRequest add(final ClaimsSetRequest.Entry entry) { 128 ClaimsSetRequest csr = super.add(entry); 129 return new VerifiedClaimsSetRequest(csr.getEntries(), getVerificationJSONObject()); 130 } 131 132 133 @Override 134 public VerifiedClaimsSetRequest delete(final String claimName, final LangTag langTag) { 135 ClaimsSetRequest csr = super.delete(claimName, langTag); 136 return new VerifiedClaimsSetRequest(csr.getEntries(), getVerificationJSONObject()); 137 } 138 139 140 @Override 141 public VerifiedClaimsSetRequest delete(final String claimName) { 142 ClaimsSetRequest csr = super.delete(claimName); 143 return new VerifiedClaimsSetRequest(csr.getEntries(), getVerificationJSONObject()); 144 } 145 146 147 /** 148 * Returns the JSON object representation of this verified claims set 149 * request. 150 * 151 * <p>Example: 152 * 153 * <pre> 154 * { 155 * "verification": { 156 * "trust_framework": "eidas_ial_high" 157 * }, 158 * "claims":{ 159 * "given_name": null, 160 * "family_name": null, 161 * "birthdate": null 162 * } 163 * } 164 * </pre> 165 * 166 * @return The JSON object, empty if no claims are specified. 167 */ 168 @Override 169 public JSONObject toJSONObject() { 170 171 JSONObject o = new JSONObject(); 172 173 if (verificationJSONObject != null && ! verificationJSONObject.isEmpty()) { 174 o.put(VerifiedClaimsSet.VERIFICATION_ELEMENT, verificationJSONObject); 175 } 176 177 JSONObject claims = super.toJSONObject(); 178 179 if (claims != null && ! claims.isEmpty()) { 180 o.put(VerifiedClaimsSet.CLAIMS_ELEMENT, claims); 181 } 182 183 return o; 184 } 185 186 187 /** 188 * Parses an OpenID Connect verified claims set request from the 189 * specified JSON object representation. 190 * 191 * <p>Example: 192 * 193 * <pre> 194 * { 195 * "verification": { 196 * "trust_framework": "eidas_ial_high" 197 * }, 198 * "claims":{ 199 * "given_name": null, 200 * "family_name": null, 201 * "birthdate": null 202 * } 203 * } 204 * </pre> 205 * 206 * @param jsonObject The JSON object to parse. Must not be 207 * {@code null}. 208 * 209 * @return The verified claims set request. 210 * 211 * @throws ParseException If parsing failed. 212 */ 213 public static VerifiedClaimsSetRequest parse(final JSONObject jsonObject) 214 throws ParseException { 215 216 JSONObject verificationJSONObject = JSONObjectUtils.getJSONObject(jsonObject, VerifiedClaimsSet.VERIFICATION_ELEMENT, null); 217 218 JSONObject claimsJSONObject = JSONObjectUtils.getJSONObject(jsonObject, VerifiedClaimsSet.CLAIMS_ELEMENT, new JSONObject()); 219 220 if (claimsJSONObject.isEmpty()) { 221 throw new ParseException("Empty verified claims object"); 222 } 223 224 return new VerifiedClaimsSetRequest( 225 ClaimsSetRequest.parse(claimsJSONObject).getEntries(), 226 verificationJSONObject); 227 } 228 229 230 /** 231 * Parses an OpenID Connect verified claims set request from the 232 * specified JSON object string representation. 233 * 234 * <p>Example: 235 * 236 * <pre> 237 * { 238 * "verification": { 239 * "trust_framework": "eidas_ial_high" 240 * }, 241 * "claims":{ 242 * "given_name": null, 243 * "family_name": null, 244 * "birthdate": null 245 * } 246 * } 247 * </pre> 248 * 249 * @param json The JSON object string to parse. Must not be 250 * {@code null}. 251 * 252 * @return The verified claims set request. 253 * 254 * @throws ParseException If parsing failed. 255 */ 256 public static VerifiedClaimsSetRequest parse(final String json) 257 throws ParseException { 258 259 return parse(JSONObjectUtils.parse(json)); 260 } 261}