001/* 002 * oauth2-oidc-sdk 003 * 004 * Copyright 2012-2016, Connect2id Ltd and contributors. 005 * 006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 007 * this file except in compliance with the License. You may obtain a copy of the 008 * License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software distributed 013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the 015 * specific language governing permissions and limitations under the License. 016 */ 017 018package com.nimbusds.oauth2.sdk; 019 020 021import java.util.LinkedHashMap; 022import java.util.Map; 023 024import com.nimbusds.jose.util.Base64URL; 025import net.jcip.annotations.Immutable; 026 027 028/** 029 * SAML 2.0 bearer grant. Used in access token requests with a SAML 2.0 bearer 030 * assertion. 031 * 032 * <p>Related specifications: 033 * 034 * <ul> 035 * <li>Assertion Framework for OAuth 2.0 Client Authentication and 036 * Authorization Grants (RFC 7521), section 4.1. 037 * <li>SAML 2.0 Profile for OAuth 2.0 Client Authentication and 038 * Authorization Grants (RFC 7522), section-2.1. 039 * </ul> 040 */ 041@Immutable 042public class SAML2BearerGrant extends AssertionGrant { 043 044 045 /** 046 * The grant type. 047 */ 048 public static final GrantType GRANT_TYPE = GrantType.SAML2_BEARER; 049 050 051 /** 052 * Cached {@code unsupported_grant_type} exception. 053 */ 054 private static final ParseException UNSUPPORTED_GRANT_TYPE_EXCEPTION 055 = new ParseException("The \"grant_type\" must be " + GRANT_TYPE, OAuth2Error.UNSUPPORTED_GRANT_TYPE); 056 057 058 /** 059 * The SAML 2.0 assertion. 060 */ 061 private final Base64URL assertion; 062 063 064 /** 065 * Creates a new SAML 2.0 bearer assertion grant. 066 * 067 * @param assertion The SAML 2.0 bearer assertion. Must not be 068 * {@code null}. 069 */ 070 public SAML2BearerGrant(final Base64URL assertion) { 071 072 super(GRANT_TYPE); 073 074 if (assertion == null) 075 throw new IllegalArgumentException("The SAML 2.0 bearer assertion must not be null"); 076 077 this.assertion = assertion; 078 } 079 080 081 /** 082 * Gets the SAML 2.0 bearer assertion. 083 * 084 * @return The SAML 2.0 bearer assertion. 085 */ 086 public Base64URL getSAML2Assertion() { 087 088 return assertion; 089 } 090 091 092 @Override 093 public String getAssertion() { 094 095 return assertion.toString(); 096 } 097 098 099 @Override 100 public Map<String,String> toParameters() { 101 102 Map<String,String> params = new LinkedHashMap<>(); 103 params.put("grant_type", GRANT_TYPE.getValue()); 104 params.put("assertion", assertion.toString()); 105 return params; 106 } 107 108 109 @Override 110 public boolean equals(Object o) { 111 if (this == o) return true; 112 if (o == null || getClass() != o.getClass()) return false; 113 114 SAML2BearerGrant that = (SAML2BearerGrant) o; 115 116 return assertion.equals(that.assertion); 117 118 } 119 120 121 @Override 122 public int hashCode() { 123 return assertion.hashCode(); 124 } 125 126 127 /** 128 * Parses a SAML 2.0 bearer grant from the specified parameters. 129 * 130 * <p>Example: 131 * 132 * <pre> 133 * grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Asaml2- 134 * bearer&assertion=PEFzc2VydGlvbiBJc3N1ZUluc3RhbnQ9IjIwMTEtMDU 135 * [...omitted for brevity...]aG5TdGF0ZW1lbnQ-PC9Bc3NlcnRpb24- 136 * </pre> 137 * 138 * @param params The parameters. 139 * 140 * @return The SAML 2.0 bearer grant. 141 * 142 * @throws ParseException If parsing failed. 143 */ 144 public static SAML2BearerGrant parse(final Map<String,String> params) 145 throws ParseException { 146 147 // Parse grant type 148 String grantTypeString = params.get("grant_type"); 149 150 if (grantTypeString == null) 151 throw MISSING_GRANT_TYPE_PARAM_EXCEPTION; 152 153 if (! GrantType.parse(grantTypeString).equals(GRANT_TYPE)) 154 throw UNSUPPORTED_GRANT_TYPE_EXCEPTION; 155 156 // Parse JWT assertion 157 String assertionString = params.get("assertion"); 158 159 if (assertionString == null || assertionString.trim().isEmpty()) 160 throw MISSING_ASSERTION_PARAM_EXCEPTION; 161 162 return new SAML2BearerGrant(new Base64URL(assertionString)); 163 } 164}