Package com.nimbusds.oauth2.sdk.auth
Class SelfSignedTLSClientAuthentication
- java.lang.Object
-
- com.nimbusds.oauth2.sdk.auth.ClientAuthentication
-
- com.nimbusds.oauth2.sdk.auth.TLSClientAuthentication
-
- com.nimbusds.oauth2.sdk.auth.SelfSignedTLSClientAuthentication
-
@Immutable public class SelfSignedTLSClientAuthentication extends TLSClientAuthentication
Self-signed certificate mutual TLS client authentication at the Token endpoint. The client certificate is self-signed, as opposed totls_client_auth
which relies on PKI binding. ImplementsClientAuthenticationMethod.SELF_SIGNED_TLS_CLIENT_AUTH
.Related specifications:
- OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound Access Tokens (draft-ietf-oauth-mtls-14), section 2.2.
-
-
Constructor Summary
Constructors Constructor Description SelfSignedTLSClientAuthentication(ClientID clientID, X509Certificate x509Certificate)
Creates a new self-signed certificate mutual TLS client authentication.SelfSignedTLSClientAuthentication(ClientID clientID, SSLSocketFactory sslSocketFactory)
Creates a new self-signed certificate mutual TLS client authentication.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description X509Certificate
getClientX509Certificate()
Returns the validated client X.509 certificate from the received HTTPS request.static SelfSignedTLSClientAuthentication
parse(HTTPRequest httpRequest)
Parses a self-signed certificate mutual TLS client authentication from the specified HTTP request.-
Methods inherited from class com.nimbusds.oauth2.sdk.auth.TLSClientAuthentication
applyTo, getSSLSocketFactory
-
Methods inherited from class com.nimbusds.oauth2.sdk.auth.ClientAuthentication
getClientID, getMethod
-
-
-
-
Constructor Detail
-
SelfSignedTLSClientAuthentication
public SelfSignedTLSClientAuthentication(ClientID clientID, SSLSocketFactory sslSocketFactory)
Creates a new self-signed certificate mutual TLS client authentication. This constructor is intended for an outgoing token request.- Parameters:
clientID
- The client identifier. Must not benull
.sslSocketFactory
- The SSL socket factory to use for the outgoing HTTPS request and to present the client certificate(s),null
to use the default one.
-
SelfSignedTLSClientAuthentication
public SelfSignedTLSClientAuthentication(ClientID clientID, X509Certificate x509Certificate)
Creates a new self-signed certificate mutual TLS client authentication. This constructor is intended for a received token request.- Parameters:
clientID
- The client identifier. Must not benull
.x509Certificate
- The validated client X.509 certificate from the received HTTPS request. Must not benull
.
-
-
Method Detail
-
getClientX509Certificate
public X509Certificate getClientX509Certificate()
Returns the validated client X.509 certificate from the received HTTPS request.- Returns:
- The client X.509 certificate,
null
for an outgoing HTTPS request.
-
parse
public static SelfSignedTLSClientAuthentication parse(HTTPRequest httpRequest) throws ParseException
Parses a self-signed certificate mutual TLS client authentication from the specified HTTP request.- Parameters:
httpRequest
- The HTTP request to parse. Must not benull
and must include a validated client X.509 certificate.- Returns:
- The self-signed TLS / X.509 certificate client authentication.
- Throws:
ParseException
- If theclient_id
or client X.509 certificate is missing.
-
-