Package com.nimbusds.openid.connect.sdk.federation.trust.constraints

Class TrustChainConstraints

java.lang.Object
com.nimbusds.openid.connect.sdk.federation.trust.constraints.TrustChainConstraints
All Implemented Interfaces:
net.minidev.json.JSONAware
@Immutable public final class TrustChainConstraints extends Object implements net.minidev.json.JSONAware
Trust chain constraints.

Example JSON object: 

 {
   "max_path_length"    : 2,
   "naming_constraints" : {
        "permitted" : [ "https://example.com" ],
        "excluded"  : [ "https://east.example.com" ]
   },
   "allowed_leaf_entity_types" : [ "openid_provider", "openid_relying_party" ]
 }

Related specifications:

  • OpenID Connect Federation 1.0, section 5.2.
  • RFC 5280, section 4.2.1.10.

  • Field Details

  • Constructor Details

    • TrustChainConstraints

      public TrustChainConstraints()
      Creates a new no constraints instance.

    • TrustChainConstraints

      public TrustChainConstraints(int maxPathLength)
      Creates a new trust chain constraints instance.
      Parameters:
      maxPathLength - The maximum number of entities between this and the leaf entity in the chain, -1 if not specified.

    • TrustChainConstraints

      public TrustChainConstraints(int maxPathLength, List<EntityIDConstraint> permittedEntityIDs, List<EntityIDConstraint> excludedEntityIDs, LeafEntityTypeConstraint leafEntityTypeConstraint)
      Creates a new trust chain constraints instance.
      Parameters:
      maxPathLength - The maximum number of entities between this and the leaf entity in the chain, -1 if not specified.
      permittedEntityIDs - The permitted entity IDs, null if not specified.
      excludedEntityIDs - The excluded entities, null if not specified.
      leafEntityTypeConstraint - The leaf entity type constraint, null if not specified.

  • Method Details

    • isPermitted

      public boolean isPermitted(int numIntermediatesInPath)
      Checks if the given number of intermediates is permitted.
      Parameters:
      numIntermediatesInPath - The number of intermediate entities between the entity specifying the constraints and the specified entity. Must be zero or greater.
      Returns:
      true if permitted, else false.

    • isPermitted

      public boolean isPermitted(EntityID entityID)
      Checks if the specified entity ID is permitted.
      Parameters:
      entityID - The entity ID. Must not be null.
      Returns:
      true if permitted, else false.

    • isPermitted

      public boolean isPermitted(int numIntermediatesInPath, EntityID entityID)
      Checks if the entity ID with the given number of intermediates is permitted.
      Parameters:
      numIntermediatesInPath - The number of intermediate entities between the entity specifying the constraints and the specified entity. Must be zero or greater.
      entityID - The entity ID. Must not be null.
      Returns:
      true if allowed, else false.

    • getMaxPathLength

      public int getMaxPathLength()
      Returns the maximum number of entities between this and the last one in the chain.
      Returns:
      The maximum number of entities between this and the last one in the chain, -1 if not specified.

    • getPermittedEntityIDs

      public List<EntityIDConstraint> getPermittedEntityIDs()
      Returns the permitted entity IDs.
      Returns:
      The permitted entity IDs, empty list if not specified.

    • getExcludedEntityIDs

      public List<EntityIDConstraint> getExcludedEntityIDs()
      Returns the excluded entity IDs.
      Returns:
      The excluded entity IDs, empty list if not specified.

    • getLeafEntityTypeConstraint

      public LeafEntityTypeConstraint getLeafEntityTypeConstraint()
      Returns the leaf entity type constraint.
      Returns:
      The leaf entity type constraint.

    • toJSONObject

      public net.minidev.json.JSONObject toJSONObject()
      Returns a JSON object representation of this trust chain constraints.
      Returns:
      The JSON object.

    • toJSONString

      public String toJSONString()
      Specified by:
      toJSONString in interface net.minidev.json.JSONAware

    • equals

      public boolean equals(Object o)
      Overrides:
      equals in class Object

    • hashCode

      public int hashCode()
      Overrides:
      hashCode in class Object

    • parse

      public static TrustChainConstraints parse(net.minidev.json.JSONObject jsonObject) throws ParseException
      Parses a trust chain constraints instance from the specified JSON object.
      Parameters:
      jsonObject - The JSON object. Must not be null.
      Returns:
      The trust chain constraints.
      Throws:
      ParseException - If parsing failed.