Source code

001/*
002 * oauth2-oidc-sdk
003 *
004 * Copyright 2012-2016, Connect2id Ltd and contributors.
005 *
006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use
007 * this file except in compliance with the License. You may obtain a copy of the
008 * License at
009 *
010 *    http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software distributed
013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the
015 * specific language governing permissions and limitations under the License.
016 */
017
018package com.nimbusds.oauth2.sdk.pkce;
019
020
021import java.security.MessageDigest;
022import java.security.NoSuchAlgorithmException;
023
024import com.nimbusds.jose.util.Base64URL;
025import com.nimbusds.oauth2.sdk.id.Identifier;
026
027
028/**
029 * Authorisation code challenge.
030 *
031 * <p>Related specifications:
032 *
033 * <ul>
034 *     <li>Proof Key for Code Exchange by OAuth Public Clients (RFC 7636).
035 * </ul>
036 */
037public class CodeChallenge extends Identifier {
038        
039
040        /**
041         * Creates a new code challenge with the specified value.
042         *
043         * @param value The code challenge value. Must not be {@code null} or
044         *              empty string.
045         */
046        public CodeChallenge(final String value) {
047                super(value);
048        }
049
050
051        /**
052         * Computes the code challenge using the specified method and verifier.
053         *
054         * @param method       The code challenge method. Must be supported and
055         *                     not {@code null}.
056         * @param codeVerifier The code verifier. Must not be {@code null}.
057         *
058         * @return The computed code challenge.
059         */
060        public static CodeChallenge compute(final CodeChallengeMethod method, final CodeVerifier codeVerifier) {
061
062                if (CodeChallengeMethod.PLAIN.equals(method)) {
063                        return new CodeChallenge(codeVerifier.getValue());
064                }
065
066                if (CodeChallengeMethod.S256.equals(method)) {
067
068                        MessageDigest md;
069
070                        try {
071                                md = MessageDigest.getInstance("SHA-256");
072                        } catch (NoSuchAlgorithmException e) {
073                                throw new IllegalStateException(e.getMessage());
074                        }
075
076                        byte[] hash = md.digest(codeVerifier.getValueBytes());
077
078                        return new CodeChallenge(Base64URL.encode(hash).toString());
079                }
080
081                throw new IllegalArgumentException("Unsupported code challenge method: " + method);
082        }
083}