001/* 002 * oauth2-oidc-sdk 003 * 004 * Copyright 2012-2016, Connect2id Ltd and contributors. 005 * 006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 007 * this file except in compliance with the License. You may obtain a copy of the 008 * License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software distributed 013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the 015 * specific language governing permissions and limitations under the License. 016 */ 017 018package com.nimbusds.openid.connect.sdk.claims; 019 020 021import net.jcip.annotations.Immutable; 022 023import com.nimbusds.jose.JWSAlgorithm; 024import com.nimbusds.jose.jwk.Curve; 025import com.nimbusds.oauth2.sdk.AuthorizationCode; 026import com.nimbusds.oauth2.sdk.ResponseType; 027 028 029/** 030 * Authorisation code hash ({@code c_hash}). 031 * 032 * <p>Related specifications: 033 * 034 * <ul> 035 * <li>OpenID Connect Core 1.0, section 3.3.2.11. 036 * </ul> 037 */ 038@Immutable 039public final class CodeHash extends HashClaim { 040 041 042 private static final long serialVersionUID = 4627813971222806593L; 043 044 045 /** 046 * Checks if an authorisation code hash claim must be included in ID 047 * tokens for the specified response type. 048 * 049 * @param responseType The he OpenID Connect response type. Must not be 050 * {@code null}. 051 * 052 * @return {@code true} if the code hash is required, else 053 * {@code false}. 054 */ 055 public static boolean isRequiredInIDTokenClaims(final ResponseType responseType) { 056 057 // Only required in hybrid flow for 'code id_token' and 'code id_token token' 058 // Disregard authz / token endpoint! 059 return ResponseType.CODE_IDTOKEN.equals(responseType) || ResponseType.CODE_IDTOKEN_TOKEN.equals(responseType); 060 } 061 062 063 /** 064 * Creates a new authorisation code hash with the specified value. 065 * 066 * @param value The authorisation code hash value. Must not be 067 * {@code null}. 068 */ 069 public CodeHash(final String value) { 070 071 super(value); 072 } 073 074 075 /** 076 * Computes the hash for the specified authorisation code and reference 077 * JSON Web Signature (JWS) algorithm. 078 * 079 * @param code The authorisation code. Must not be {@code null}. 080 * @param alg The reference JWS algorithm. Must not be {@code null}. 081 * 082 * @return The authorisation code hash, or {@code null} if the JWS 083 * algorithm is not supported. 084 * 085 * @deprecated Use {@link #compute(AuthorizationCode, JWSAlgorithm, Curve)} 086 * instead. 087 */ 088 @Deprecated 089 public static CodeHash compute(final AuthorizationCode code, final JWSAlgorithm alg) { 090 091 String value = computeValue(code, alg); 092 093 if (value == null) 094 return null; 095 096 return new CodeHash(value); 097 } 098 099 100 /** 101 * Computes the hash for the specified authorisation code and reference 102 * JSON Web Signature (JWS) algorithm. 103 * 104 * @param code The authorisation code. Must not be {@code null}. 105 * @param alg The reference JWS algorithm. Must not be {@code null}. 106 * @param crv The JWK curve used with the JWS algorithm, {@code null} 107 * if not applicable. 108 * 109 * @return The authorisation code hash, or {@code null} if the JWS 110 * algorithm is not supported. 111 */ 112 public static CodeHash compute(final AuthorizationCode code, 113 final JWSAlgorithm alg, 114 final Curve crv) { 115 116 String value = computeValue(code, alg, crv); 117 118 if (value == null) 119 return null; 120 121 return new CodeHash(value); 122 } 123 124 125 @Override 126 public boolean equals(final Object object) { 127 128 return object instanceof CodeHash && 129 this.toString().equals(object.toString()); 130 } 131}