Class EntityStatement
- java.lang.Object
-
- com.nimbusds.openid.connect.sdk.federation.entities.EntityStatement
-
@Immutable public final class EntityStatement extends Object
Federation entity statement / entity configuration.Related specifications:
- OpenID Connect Federation 1.0, section 3.1.
-
-
Field Summary
Fields Modifier and Type Field Description static com.nimbusds.common.contenttype.ContentType
CONTENT_TYPE
The federation entity statement content type (application/entity-statement+jwt
).static com.nimbusds.jose.JOSEObjectType
JOSE_OBJECT_TYPE
The federation entity statement JOSE object type (entity-statement+jwt
).
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description EntityStatementClaimsSet
getClaimsSet()
Returns the statement claims.EntityID
getEntityID()
Returns the entity ID.com.nimbusds.jwt.SignedJWT
getSignedStatement()
Returns the signed statement.static EntityStatement
parse(com.nimbusds.jwt.SignedJWT signedStmt)
Parses a federation entity statement.static EntityStatement
parse(String signedStmtString)
Parses a federation entity statement.static EntityStatement
sign(EntityStatementClaimsSet claimsSet, com.nimbusds.jose.jwk.JWK signingJWK)
Signs the specified federation entity claims set.static EntityStatement
sign(EntityStatementClaimsSet claimsSet, com.nimbusds.jose.jwk.JWK signingJWK, com.nimbusds.jose.JWSAlgorithm jwsAlg)
Signs the specified federation entity claims set.com.nimbusds.jose.util.Base64URL
verifySignature(com.nimbusds.jose.jwk.JWKSet jwkSet)
Verifies the signature and checks the statement type, issue and expiration times.com.nimbusds.jose.util.Base64URL
verifySignatureOfSelfStatement()
Verifies the signature for a self-statement (typically for a trust anchor or leaf) and checks the statement issue and expiration times.
-
-
-
Field Detail
-
JOSE_OBJECT_TYPE
public static final com.nimbusds.jose.JOSEObjectType JOSE_OBJECT_TYPE
The federation entity statement JOSE object type (entity-statement+jwt
).
-
CONTENT_TYPE
public static final com.nimbusds.common.contenttype.ContentType CONTENT_TYPE
The federation entity statement content type (application/entity-statement+jwt
).
-
-
Method Detail
-
getEntityID
public EntityID getEntityID()
Returns the entity ID.- Returns:
- The entity ID.
-
getSignedStatement
public com.nimbusds.jwt.SignedJWT getSignedStatement()
Returns the signed statement.- Returns:
- The signed statement as signed JWT.
-
getClaimsSet
public EntityStatementClaimsSet getClaimsSet()
Returns the statement claims.- Returns:
- The statement claims.
-
verifySignatureOfSelfStatement
public com.nimbusds.jose.util.Base64URL verifySignatureOfSelfStatement() throws com.nimbusds.jose.proc.BadJOSEException, com.nimbusds.jose.JOSEException
Verifies the signature for a self-statement (typically for a trust anchor or leaf) and checks the statement issue and expiration times.- Returns:
- The SHA-256 thumbprint of the key used to successfully verify the signature.
- Throws:
com.nimbusds.jose.proc.BadJOSEException
- If the signature is invalid or the statement is expired or before the issue time.com.nimbusds.jose.JOSEException
- On a internal JOSE exception.
-
verifySignature
public com.nimbusds.jose.util.Base64URL verifySignature(com.nimbusds.jose.jwk.JWKSet jwkSet) throws com.nimbusds.jose.proc.BadJOSEException, com.nimbusds.jose.JOSEException
Verifies the signature and checks the statement type, issue and expiration times.- Parameters:
jwkSet
- The JWK set to use for the signature verification. Must not benull
.- Returns:
- The SHA-256 thumbprint of the key used to successfully verify the signature.
- Throws:
com.nimbusds.jose.proc.BadJOSEException
- If the signature is invalid or the statement is expired or before the issue time.com.nimbusds.jose.JOSEException
- On an internal JOSE exception.
-
sign
public static EntityStatement sign(EntityStatementClaimsSet claimsSet, com.nimbusds.jose.jwk.JWK signingJWK) throws com.nimbusds.jose.JOSEException
Signs the specified federation entity claims set.- Parameters:
claimsSet
- The claims set. Must not benull
.signingJWK
- The private signing JWK. Must be contained in the entity JWK set and notnull
.- Returns:
- The signed federation entity statement.
- Throws:
com.nimbusds.jose.JOSEException
- On a internal signing exception.
-
sign
public static EntityStatement sign(EntityStatementClaimsSet claimsSet, com.nimbusds.jose.jwk.JWK signingJWK, com.nimbusds.jose.JWSAlgorithm jwsAlg) throws com.nimbusds.jose.JOSEException
Signs the specified federation entity claims set.- Parameters:
claimsSet
- The claims set. Must not benull
.signingJWK
- The private signing JWK. Must be contained in the entity JWK set and notnull
.jwsAlg
- The signing algorithm. Must be supported by the JWK and notnull
.- Returns:
- The signed federation entity statement.
- Throws:
com.nimbusds.jose.JOSEException
- On a internal signing exception.
-
parse
public static EntityStatement parse(com.nimbusds.jwt.SignedJWT signedStmt) throws ParseException
Parses a federation entity statement.- Parameters:
signedStmt
- The signed statement as a signed JWT. Must not benull
.- Returns:
- The federation entity statement.
- Throws:
ParseException
- If parsing failed.
-
parse
public static EntityStatement parse(String signedStmtString) throws ParseException
Parses a federation entity statement.- Parameters:
signedStmtString
- The signed statement as a signed JWT string. Must not benull
.- Returns:
- The federation entity statement.
- Throws:
ParseException
- If parsing failed.
-
-