Package com.nimbusds.openid.connect.sdk.federation.trust

Class TrustChainResolver

java.lang.Object

com.nimbusds.openid.connect.sdk.federation.trust.TrustChainResolver

public class TrustChainResolver
extends Object

Trust chain resolver.

Related specifications:

• OpenID Connect Federation 1.0, section 9.

Constructor Summary

Constructors

Constructor	Description
TrustChainResolver(EntityID trustAnchor)	Creates a new trust chain resolver with a single trust anchor, with no trust chain constraints.
TrustChainResolver(EntityID trustAnchor, com.nimbusds.jose.jwk.JWKSet trustAnchorJWKSet)	Creates a new trust chain resolver with a single trust anchor, with no trust chain constraints.
TrustChainResolver(Map<EntityID,com.nimbusds.jose.jwk.JWKSet> trustAnchors, int httpConnectTimeoutMs, int httpReadTimeoutMs)	Creates a new trust chain resolver with multiple trust anchors, with no trust chain constraints.
TrustChainResolver(Map<EntityID,com.nimbusds.jose.jwk.JWKSet> trustAnchors, TrustChainConstraints constraints, EntityStatementRetriever statementRetriever)	Creates new trust chain resolver.

Method Summary

Modifier and Type	Method	Description
TrustChainConstraints	getConstraints()	Returns the configured trust chain constraints.
EntityStatementRetriever	getEntityStatementRetriever()	Returns the configured entity statement retriever.
Map<EntityID,com.nimbusds.jose.jwk.JWKSet>	getTrustAnchors()	Returns the configured trust anchors.
TrustChainSet	resolveTrustChains(EntityID target)	Resolves the trust chains for the specified target.
TrustChainSet	resolveTrustChains(EntityID target, EntityMetadataValidator targetMetadataValidator)	Resolves the trust chains for the specified target, with optional validation of the target entity metadata.
TrustChainSet	resolveTrustChains(EntityStatement targetStatement)	Resolves the trust chains for the specified target.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

TrustChainResolver

public TrustChainResolver(EntityID trustAnchor)

Creates a new trust chain resolver with a single trust anchor, with no trust chain constraints.

Parameters:

trustAnchor - The trust anchor. Must not be null.

TrustChainResolver

public TrustChainResolver(EntityID trustAnchor,
 com.nimbusds.jose.jwk.JWKSet trustAnchorJWKSet)

Creates a new trust chain resolver with a single trust anchor, with no trust chain constraints.

Parameters:

trustAnchor - The trust anchor. Must not be null.

trustAnchorJWKSet - The trust anchor public JWK set, null if not available.

TrustChainResolver

public TrustChainResolver(Map<EntityID,com.nimbusds.jose.jwk.JWKSet> trustAnchors,
 int httpConnectTimeoutMs,
 int httpReadTimeoutMs)

Creates a new trust chain resolver with multiple trust anchors, with no trust chain constraints.

Parameters:

trustAnchors - The trust anchors with their public JWK sets (if available). Must contain at least one anchor.

httpConnectTimeoutMs - The HTTP connect timeout in milliseconds, zero means timeout determined by the underlying HTTP client.

httpReadTimeoutMs - The HTTP read timeout in milliseconds, zero means timeout determined by the underlying HTTP client.

TrustChainResolver

public TrustChainResolver(Map<EntityID,com.nimbusds.jose.jwk.JWKSet> trustAnchors,
 TrustChainConstraints constraints,
 EntityStatementRetriever statementRetriever)

Creates new trust chain resolver.

Parameters:

trustAnchors - The trust anchors with their public JWK sets. Must contain at least one anchor.

constraints - The constraints to apply during retrieval. Must not be null.

statementRetriever - The entity statement retriever to use. Must not be null.

Method Details

getTrustAnchors

public Map<EntityID,com.nimbusds.jose.jwk.JWKSet> getTrustAnchors()

Returns the configured trust anchors.

Returns:

The trust anchors with their public JWK sets (if available). Contains at least one anchor.

getEntityStatementRetriever

public EntityStatementRetriever getEntityStatementRetriever()

Returns the configured entity statement retriever.

Returns:

The entity statement retriever.

getConstraints

public TrustChainConstraints getConstraints()

Returns the configured trust chain constraints.

Returns:

The constraints.

resolveTrustChains

public TrustChainSet resolveTrustChains(EntityID target)
                                 throws ResolveException

Resolves the trust chains for the specified target.

Parameters:

target - The target. Must not be null.

Returns:

The resolved trust chains, containing at least one valid and verified chain.

Throws:

ResolveException - If no trust chain could be resolved.

resolveTrustChains

public TrustChainSet resolveTrustChains(EntityID target,
 EntityMetadataValidator targetMetadataValidator)
                                 throws ResolveException,
InvalidEntityMetadataException

Resolves the trust chains for the specified target, with optional validation of the target entity metadata. The validator can for example check that for an entity which is expected to be an OpenID relying party the required party metadata is present.

Parameters:

target - The target. Must not be null.

targetMetadataValidator - To perform optional validation of the retrieved target entity metadata, before proceeding with retrieving the entity statements from the authorities, null if not specified.

Returns:

The resolved trust chains, containing at least one valid and verified chain.

Throws:

ResolveException - If a trust chain could not be resolved.

InvalidEntityMetadataException - If the optional target entity metadata validation didn't pass.

resolveTrustChains

public TrustChainSet resolveTrustChains(EntityStatement targetStatement)
                                 throws ResolveException

Resolves the trust chains for the specified target.

Parameters:

targetStatement - The target entity statement. Must not be null.

Returns:

The resolved trust chains, containing at least one valid and verified chain.

Throws:

ResolveException - If no trust chain could be resolved.