Source code

001package com.nimbusds.openid.connect.sdk.claims;
002
003
004import net.jcip.annotations.Immutable;
005
006import com.nimbusds.jose.JWSAlgorithm;
007
008import com.nimbusds.oauth2.sdk.AuthorizationCode;
009import com.nimbusds.oauth2.sdk.ResponseType;
010
011
012/**
013 * Authorisation code hash ({@code c_hash}).
014 *
015 * <p>Related specifications:
016 *
017 * <ul>
018 *     <li>OpenID Connect Core 1.0, section 3.3.2.11.
019 * </ul>
020 */
021@Immutable
022public final class CodeHash extends HashClaim {
023
024
025        /**
026         * Checks if an authorisation code hash claim must be included in ID
027         * tokens for the specified response type.
028         *
029         * @param responseType The he OpenID Connect response type. Must not be
030         *                     {@code null}.
031         *
032         * @return {@code true} if the code hash is required, else
033         *         {@code false}.
034         */
035        public static boolean isRequiredInIDTokenClaims(final ResponseType responseType) {
036
037                // Only required in hybrid flow for 'code id_token' and 'code id_token token'
038                // Disregard authz / token endpoint!
039                if (    new ResponseType("code", "id_token").equals(responseType) ||
040                        new ResponseType("code", "id_token", "token").equals(responseType)) {
041
042                        return true;
043                }
044
045                return false;
046        }
047
048
049        /**
050         * Creates a new authorisation code hash with the specified value.
051         *
052         * @param value The authorisation code hash value. Must not be 
053         *              {@code null}.
054         */
055        public CodeHash(final String value) {
056        
057                super(value);
058        }
059
060
061        /**
062         * Computes the hash for the specified authorisation code and reference
063         * JSON Web Signature (JWS) algorithm.
064         *
065         * @param code The authorisation code. Must not be {@code null}.
066         * @param alg  The reference JWS algorithm. Must not be {@code null}.
067         *
068         * @return The authorisation code hash, or {@code null} if the JWS
069         *         algorithm is not supported.
070         */
071        public static CodeHash compute(final AuthorizationCode code, final JWSAlgorithm alg) {
072
073                String value = computeValue(code, alg);
074
075                if (value == null)
076                        return null;
077
078                return new CodeHash(value);
079        }
080
081
082        @Override
083        public boolean equals(final Object object) {
084        
085                return object instanceof CodeHash &&
086                       this.toString().equals(object.toString());
087        }
088}