001package com.nimbusds.oauth2.sdk.assertions; 002 003 004import java.util.Date; 005import java.util.List; 006 007import com.nimbusds.oauth2.sdk.id.*; 008 009 010/** 011 * Common assertion details used in JWT bearer assertions and SAML 2.0 bearer 012 * assertions. 013 * 014 * <p>Related specifications: 015 * 016 * <ul> 017 * <li>Assertion Framework for OAuth 2.0 Client Authentication and 018 * Authorization Grants (RFC 7521), section 5.1. 019 * </ul> 020 */ 021public abstract class AssertionDetails { 022 023 024 /** 025 * The issuer (required). 026 */ 027 private final Issuer issuer; 028 029 030 /** 031 * The subject (required). 032 */ 033 private final Subject subject; 034 035 036 /** 037 * The audience that this assertion is intended for (required). 038 */ 039 private final List<Audience> audience; 040 041 042 /** 043 * The time at which this assertion was issued (optional). 044 */ 045 private final Date iat; 046 047 048 /** 049 * The expiration time that limits the time window during which the 050 * assertion can be used (required). 051 */ 052 private final Date exp; 053 054 055 /** 056 * Unique identifier for the assertion (optional). The identifier may 057 * be used by implementations requiring message de-duplication for 058 * one-time use assertions. 059 */ 060 private final Identifier id; 061 062 063 /** 064 * Creates a new assertion details instance. 065 * 066 * @param issuer The issuer. Must not be {@code null}. 067 * @param subject The subject. Must not be {@code null}. 068 * @param audience The audience, typically including the URI of the 069 * authorisation server's token endpoint. Must not be 070 * {@code null}. 071 * @param exp The expiration time. Must not be {@code null}. 072 * @param iat The time at which the assertion was issued, 073 * {@code null} if not specified. 074 * @param id Unique identifier for the assertion, {@code null} if 075 * not specified. 076 */ 077 public AssertionDetails(final Issuer issuer, 078 final Subject subject, 079 final List<Audience> audience, 080 final Date iat, 081 final Date exp, 082 final Identifier id) { 083 if (issuer == null) 084 throw new IllegalArgumentException("The issuer must not be null"); 085 086 this.issuer = issuer; 087 088 if (subject == null) 089 throw new IllegalArgumentException("The subject must not be null"); 090 091 this.subject = subject; 092 093 094 if (audience == null || audience.isEmpty()) 095 throw new IllegalArgumentException("The audience must not be null or empty"); 096 097 this.audience = audience; 098 099 100 if (exp == null) 101 throw new IllegalArgumentException("The expiration time must not be null"); 102 this.exp = exp; 103 104 this.iat = iat; 105 106 this.id = id; 107 } 108 109 110 /** 111 * Returns the issuer. 112 * 113 * @return The issuer. 114 */ 115 public Issuer getIssuer() { 116 117 return issuer; 118 } 119 120 121 /** 122 * Returns the subject. 123 * 124 * @return The subject. 125 */ 126 public Subject getSubject() { 127 128 return subject; 129 } 130 131 132 /** 133 * Returns the audience. 134 * 135 * @return The audience, typically including the URI of the 136 * authorisation server's token endpoint. 137 */ 138 public List<Audience> getAudience() { 139 140 return audience; 141 } 142 143 144 /** 145 * Returns the expiration time. 146 * 147 * @return The expiration time. 148 */ 149 public Date getExpirationTime() { 150 151 return exp; 152 } 153 154 155 /** 156 * Returns the optional issue time. 157 * 158 * @return The issue time, {@code null} if not specified. 159 */ 160 public Date getIssueTime() { 161 162 return iat; 163 } 164 165 166 /** 167 * Returns the optional assertion identifier. 168 * 169 * @return The identifier, {@code null} if not specified. 170 */ 171 public Identifier getID() { 172 173 return id; 174 } 175}