001/* 002 * oauth2-oidc-sdk 003 * 004 * Copyright 2012-2016, Connect2id Ltd and contributors. 005 * 006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 007 * this file except in compliance with the License. You may obtain a copy of the 008 * License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software distributed 013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the 015 * specific language governing permissions and limitations under the License. 016 */ 017 018package com.nimbusds.openid.connect.sdk.op; 019 020 021import java.util.ArrayList; 022import java.util.List; 023 024import net.jcip.annotations.Immutable; 025 026import com.nimbusds.openid.connect.sdk.AuthenticationRequest; 027import com.nimbusds.openid.connect.sdk.ClaimsRequest; 028import com.nimbusds.openid.connect.sdk.claims.ACR; 029import com.nimbusds.openid.connect.sdk.claims.ClaimRequirement; 030 031 032/** 033 * Resolved authentication Context Class Reference (ACR) request. 034 */ 035@Immutable 036public final class ACRRequest { 037 038 039 /** 040 * The essential ACR values. 041 */ 042 private final List<ACR> essentialACRs; 043 044 045 /** 046 * The voluntary ACR values. 047 */ 048 private final List<ACR> voluntaryACRs; 049 050 051 /** 052 * Creates a new Authentication Context Class Reference (ACR) request. 053 * 054 * @param essentialACRs The requested essential ACR values, by order of 055 * preference, {@code null} if not specified. 056 * @param voluntaryACRs The requested voluntary ACR values, by order of 057 * preference, {@code null} if not specified. 058 */ 059 public ACRRequest(final List<ACR> essentialACRs, final List<ACR> voluntaryACRs) { 060 061 this.essentialACRs = essentialACRs; 062 this.voluntaryACRs = voluntaryACRs; 063 } 064 065 066 /** 067 * Gets the requested essential ACR values. 068 * 069 * @return The essential ACR values, by order of preference, 070 * {@code null} if not specified. 071 */ 072 public List<ACR> getEssentialACRs() { 073 074 return essentialACRs; 075 } 076 077 078 /** 079 * Gets the requested voluntary ACR values. 080 * 081 * @return The voluntary ACR values, by order of preference, 082 * {@code null} if not specified. 083 */ 084 public List<ACR> getVoluntaryACRs() { 085 086 return voluntaryACRs; 087 } 088 089 090 /** 091 * Checks if this authentication Context Class Reference (ACR) request 092 * has not essential or voluntary values specified. 093 * 094 * @return {@code true} if this ACR request doesn't specify any 095 * essential or voluntary values, else {@code false}. 096 */ 097 public boolean isEmpty() { 098 099 return !(essentialACRs != null && !essentialACRs.isEmpty()) && 100 !(voluntaryACRs != null && !voluntaryACRs.isEmpty()); 101 } 102 103 104 105 /** 106 * Resolves the requested essential and voluntary ACR values from the 107 * specified OpenID Connect authentication request. 108 * 109 * @param authRequest The OpenID Connect authentication request. Should 110 * be resolved. Must not be {@code null}. 111 * 112 * @return The resolved ACR request. 113 */ 114 public static ACRRequest resolve(final AuthenticationRequest authRequest) { 115 116 List<ACR> essentialACRs = null; 117 List<ACR> voluntaryACRs = null; 118 119 ClaimsRequest claimsRequest = authRequest.getClaims(); 120 121 if (claimsRequest != null) { 122 123 for (ClaimsRequest.Entry claimEntry: claimsRequest.getIDTokenClaims()) { 124 125 if (! claimEntry.getClaimName().equals("acr")) 126 continue; 127 128 if (claimEntry.getClaimRequirement().equals(ClaimRequirement.ESSENTIAL)) { 129 130 essentialACRs = new ArrayList<>(); 131 132 if (claimEntry.getValue() != null) 133 essentialACRs.add(new ACR(claimEntry.getValue())); 134 135 if (claimEntry.getValues() != null) { 136 137 for (String v: claimEntry.getValues()) 138 essentialACRs.add(new ACR(v)); 139 } 140 141 } else { 142 voluntaryACRs = new ArrayList<>(); 143 144 if (claimEntry.getValue() != null) 145 voluntaryACRs.add(new ACR(claimEntry.getValue())); 146 147 if (claimEntry.getValues() != null) { 148 149 for (String v: claimEntry.getValues()) 150 voluntaryACRs.add(new ACR(v)); 151 } 152 } 153 } 154 } 155 156 157 List<ACR> topLevelACRs = authRequest.getACRValues(); 158 159 if (topLevelACRs != null) { 160 161 if (voluntaryACRs == null) 162 voluntaryACRs = new ArrayList<>(); 163 164 voluntaryACRs.addAll(topLevelACRs); 165 } 166 167 return new ACRRequest(essentialACRs, voluntaryACRs); 168 } 169}