001/* 002 * oauth2-oidc-sdk 003 * 004 * Copyright 2012-2020, Connect2id Ltd and contributors. 005 * 006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 007 * this file except in compliance with the License. You may obtain a copy of the 008 * License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software distributed 013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the 015 * specific language governing permissions and limitations under the License. 016 */ 017 018package com.nimbusds.openid.connect.sdk.federation.api; 019 020 021import com.nimbusds.common.contenttype.ContentType; 022import com.nimbusds.jwt.SignedJWT; 023import com.nimbusds.jwt.util.DateUtils; 024import com.nimbusds.oauth2.sdk.ParseException; 025import com.nimbusds.oauth2.sdk.http.HTTPRequest; 026import com.nimbusds.oauth2.sdk.id.Identifier; 027import com.nimbusds.oauth2.sdk.id.Subject; 028import com.nimbusds.oauth2.sdk.util.MultivaluedMapUtils; 029import com.nimbusds.oauth2.sdk.util.StringUtils; 030import com.nimbusds.oauth2.sdk.util.URLUtils; 031import com.nimbusds.openid.connect.sdk.federation.entities.EntityID; 032import net.jcip.annotations.Immutable; 033 034import java.net.URI; 035import java.util.*; 036 037 038/** 039 * Trust mark status request. 040 * 041 * <p>Related specifications: 042 * 043 * <ul> 044 * <li>OpenID Connect Federation 1.0, section 7.4.1. 045 * </ul> 046 */ 047@Immutable 048public class TrustMarkStatusRequest extends FederationAPIRequest { 049 050 051 /** 052 * The trust mark subject. 053 */ 054 private final Subject subject; 055 056 057 /** 058 * The trust mark identifier. 059 */ 060 private final Identifier id; 061 062 063 /** 064 * The trust mark issue time. 065 */ 066 private final Date iat; 067 068 069 /** 070 * The trust mark. 071 */ 072 private final SignedJWT trustMark; 073 074 075 /** 076 * Creates a new trust mark status request. 077 * 078 * @param endpoint The trust mark status endpoint. Must not be 079 * {@code null}. 080 * @param subject The subject. Must not be {@code null}. 081 * @param id The trust mark identifier. Must not be {@code null}. 082 * @param iat The trust mark issue time, {@code null} if not 083 * specified. 084 */ 085 public TrustMarkStatusRequest(final URI endpoint, 086 final Subject subject, 087 final Identifier id, 088 final Date iat) { 089 090 super(endpoint); 091 092 if (subject == null) { 093 throw new IllegalArgumentException("The subject must not be null"); 094 } 095 this.subject = subject; 096 097 if (id == null) { 098 throw new IllegalArgumentException("The ID must not be null"); 099 } 100 this.id = id; 101 102 this.iat = iat; 103 104 trustMark = null; 105 } 106 107 108 /** 109 * Creates a new trust mark status request. 110 * 111 * @param endpoint The trust mark status endpoint. Must not be 112 * {@code null}. 113 * @param trustMark The trust mark. Must not be {@code null}. 114 */ 115 public TrustMarkStatusRequest(final URI endpoint, 116 final SignedJWT trustMark) { 117 super(endpoint); 118 119 if (trustMark == null) { 120 throw new IllegalArgumentException("The trust mark must not be null"); 121 } 122 this.trustMark = trustMark; 123 124 subject = null; 125 id = null; 126 iat = null; 127 } 128 129 130 /** 131 * Returns the trust mark subject. 132 * 133 * @return The trust mark subject, {@code null} if not specified. 134 */ 135 public Subject getSubject() { 136 return subject; 137 } 138 139 140 /** 141 * Returns the trust mark subject entity ID. 142 * 143 * @return The trust mark subject entity ID, {@code null} if not 144 * specified. 145 */ 146 public EntityID getSubjectEntityID() { 147 return subject != null ? new EntityID(subject) : null; 148 } 149 150 151 /** 152 * Returns the trust mark ID. 153 * 154 * @return The trust mark ID, {@code null} if not specified. 155 */ 156 public Identifier getID() { 157 return id; 158 } 159 160 161 /** 162 * Returns the trust mark issue time. 163 * 164 * @return The trust mark issue time, {@code null} if not specified. 165 */ 166 public Date getIssueTime() { 167 return iat; 168 } 169 170 171 /** 172 * Returns the trust mark. 173 * 174 * @return The trust mark, {@code null} if not specified. 175 */ 176 public SignedJWT getTrustMark() { 177 return trustMark; 178 } 179 180 181 @Override 182 public Map<String, List<String>> toParameters() { 183 Map<String, List<String>> params = new LinkedHashMap<>(); 184 if (getSubject() != null) { 185 params.put("sub", Collections.singletonList(getSubject().getValue())); 186 } 187 if (getID() != null) { 188 params.put("id", Collections.singletonList(getID().getValue())); 189 } 190 if (getIssueTime() != null) { 191 params.put("iat", Collections.singletonList(DateUtils.toSecondsSinceEpoch(getIssueTime()) + "")); 192 } 193 if (getTrustMark() != null) { 194 params.put("trust_mark", Collections.singletonList(getTrustMark().serialize())); 195 } 196 return params; 197 } 198 199 200 @Override 201 public HTTPRequest toHTTPRequest() { 202 HTTPRequest httpRequest = new HTTPRequest(HTTPRequest.Method.POST, getEndpointURI()); 203 httpRequest.setEntityContentType(ContentType.APPLICATION_URLENCODED); 204 httpRequest.setBody(URLUtils.serializeParameters(toParameters())); 205 return httpRequest; 206 } 207 208 209 /** 210 * Parses a trust mark status request from the specified request 211 * parameters. 212 * 213 * @param params The request parameters. Must not be {@code null}. 214 * 215 * @return The trust mark status request. 216 * 217 * @throws ParseException If parsing failed. 218 */ 219 public static TrustMarkStatusRequest parse(final Map<String, List<String>> params) 220 throws ParseException { 221 222 Subject subject = null; 223 String value = MultivaluedMapUtils.getFirstValue(params, "sub"); 224 if (StringUtils.isNotBlank(value)) { 225 subject = new Subject(value); 226 } 227 228 Identifier id = null; 229 value = MultivaluedMapUtils.getFirstValue(params, "id"); 230 if (StringUtils.isNotBlank(value)) { 231 id = new Identifier(value); 232 } 233 234 Date iat = null; 235 value = MultivaluedMapUtils.getFirstValue(params, "iat"); 236 if (StringUtils.isNotBlank(value)) { 237 try { 238 iat = DateUtils.fromSecondsSinceEpoch(Long.parseLong(value)); 239 } catch (NumberFormatException e) { 240 throw new ParseException("Illegal iat"); 241 } 242 } 243 244 SignedJWT trustMark = null; 245 value = MultivaluedMapUtils.getFirstValue(params, "trust_mark"); 246 if (StringUtils.isNotBlank(value)) { 247 try { 248 trustMark = SignedJWT.parse(value); 249 } catch (java.text.ParseException e) { 250 throw new ParseException("Invalid trust mark: " + e.getMessage(), e); 251 } 252 } 253 254 if (trustMark != null) { 255 return new TrustMarkStatusRequest(null, trustMark); 256 } 257 258 try { 259 return new TrustMarkStatusRequest(null, subject, id, iat); 260 } catch (IllegalArgumentException e) { 261 throw new ParseException("Invalid request: " + e.getMessage()); 262 } 263 } 264 265 266 /** 267 * Parses a trust mark status request from the specified HTTP request. 268 * 269 * @param httpRequest The HTTP request. Must not be {@code null}. 270 * 271 * @return The trust negotiation request. 272 * 273 * @throws ParseException If parsing failed. 274 */ 275 public static TrustMarkStatusRequest parse(final HTTPRequest httpRequest) 276 throws ParseException { 277 278 httpRequest.ensureMethod(HTTPRequest.Method.POST); 279 httpRequest.ensureEntityContentType(ContentType.APPLICATION_URLENCODED); 280 281 TrustMarkStatusRequest request = TrustMarkStatusRequest.parse(httpRequest.getBodyAsFormParameters()); 282 283 if (request.getTrustMark() != null) { 284 return new TrustMarkStatusRequest( 285 httpRequest.getURI(), 286 request.trustMark 287 ); 288 } else { 289 return new TrustMarkStatusRequest( 290 httpRequest.getURI(), 291 request.getSubject(), 292 request.getID(), 293 request.getIssueTime() 294 ); 295 } 296 } 297}