001/* 002 * oauth2-oidc-sdk 003 * 004 * Copyright 2012-2016, Connect2id Ltd and contributors. 005 * 006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 007 * this file except in compliance with the License. You may obtain a copy of the 008 * License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software distributed 013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the 015 * specific language governing permissions and limitations under the License. 016 */ 017 018package com.nimbusds.oauth2.sdk.as; 019 020 021import java.net.URI; 022import java.util.*; 023 024import net.minidev.json.JSONObject; 025 026import com.nimbusds.oauth2.sdk.*; 027import com.nimbusds.oauth2.sdk.util.JSONObjectUtils; 028import com.nimbusds.oauth2.sdk.util.OrderedJSONObject; 029 030 031/** 032 * OAuth 2.0 Authorisation Server (AS) metadata for the endpoints. 033 * 034 * <p>Related specifications: 035 * 036 * <ul> 037 * <li>OAuth 2.0 Authorization Server Metadata (RFC 8414) 038 * <li>OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound 039 * Access Tokens (draft-ietf-oauth-mtls-15) 040 * <li>OAuth 2.0 Device Flow for Browserless and Input Constrained Devices 041 * (draft-ietf-oauth-device-flow-14) 042 * </ul> 043 */ 044public class AuthorizationServerEndpointMetadata { 045 046 /** 047 * The registered parameter names. 048 */ 049 private static final Set<String> REGISTERED_PARAMETER_NAMES; 050 051 052 static { 053 Set<String> p = new HashSet<>(); 054 p.add("authorization_endpoint"); 055 p.add("token_endpoint"); 056 p.add("registration_endpoint"); 057 p.add("introspection_endpoint"); 058 p.add("revocation_endpoint"); 059 p.add("device_authorization_endpoint"); 060 p.add("request_object_endpoint"); 061 REGISTERED_PARAMETER_NAMES = Collections.unmodifiableSet(p); 062 } 063 064 065 /** 066 * Gets the registered provider metadata parameter names for endpoints. 067 * 068 * @return The registered provider metadata parameter names for endpoints, 069 * as an unmodifiable set. 070 */ 071 public static Set<String> getRegisteredParameterNames() { 072 073 return REGISTERED_PARAMETER_NAMES; 074 } 075 076 077 /** 078 * The authorisation endpoint. 079 */ 080 private URI authzEndpoint; 081 082 083 /** 084 * The token endpoint. 085 */ 086 private URI tokenEndpoint; 087 088 089 /** 090 * The registration endpoint. 091 */ 092 private URI regEndpoint; 093 094 095 /** 096 * The token introspection endpoint. 097 */ 098 private URI introspectionEndpoint; 099 100 101 /** 102 * The token revocation endpoint. 103 */ 104 private URI revocationEndpoint; 105 106 107 /** 108 * The request object endpoint. 109 */ 110 private URI requestObjectEndpoint; 111 112 113 /** 114 * The device authorization endpoint. 115 */ 116 private URI deviceAuthzEndpoint; 117 118 119 /** 120 * Creates a new OAuth 2.0 Authorisation Server (AS) endpoint metadata instance. 121 */ 122 public AuthorizationServerEndpointMetadata() { 123 } 124 125 126 /** 127 * Gets the authorisation endpoint URI. Corresponds the 128 * {@code authorization_endpoint} metadata field. 129 * 130 * @return The authorisation endpoint URI, {@code null} if not 131 * specified. 132 */ 133 public URI getAuthorizationEndpointURI() { 134 135 return authzEndpoint; 136 } 137 138 139 /** 140 * Sets the authorisation endpoint URI. Corresponds the 141 * {@code authorization_endpoint} metadata field. 142 * 143 * @param authzEndpoint The authorisation endpoint URI, {@code null} if 144 * not specified. 145 */ 146 public void setAuthorizationEndpointURI(final URI authzEndpoint) { 147 148 this.authzEndpoint = authzEndpoint; 149 } 150 151 152 /** 153 * Gets the token endpoint URI. Corresponds the {@code token_endpoint} 154 * metadata field. 155 * 156 * @return The token endpoint URI, {@code null} if not specified. 157 */ 158 public URI getTokenEndpointURI() { 159 160 return tokenEndpoint; 161 } 162 163 164 /** 165 * Sts the token endpoint URI. Corresponds the {@code token_endpoint} 166 * metadata field. 167 * 168 * @param tokenEndpoint The token endpoint URI, {@code null} if not 169 * specified. 170 */ 171 public void setTokenEndpointURI(final URI tokenEndpoint) { 172 173 this.tokenEndpoint = tokenEndpoint; 174 } 175 176 177 /** 178 * Gets the client registration endpoint URI. Corresponds to the 179 * {@code registration_endpoint} metadata field. 180 * 181 * @return The client registration endpoint URI, {@code null} if not 182 * specified. 183 */ 184 public URI getRegistrationEndpointURI() { 185 186 return regEndpoint; 187 } 188 189 190 /** 191 * Sets the client registration endpoint URI. Corresponds to the 192 * {@code registration_endpoint} metadata field. 193 * 194 * @param regEndpoint The client registration endpoint URI, 195 * {@code null} if not specified. 196 */ 197 public void setRegistrationEndpointURI(final URI regEndpoint) { 198 199 this.regEndpoint = regEndpoint; 200 } 201 202 203 /** 204 * Gets the token introspection endpoint URI. Corresponds to the 205 * {@code introspection_endpoint} metadata field. 206 * 207 * @return The token introspection endpoint URI, {@code null} if not 208 * specified. 209 */ 210 public URI getIntrospectionEndpointURI() { 211 212 return introspectionEndpoint; 213 } 214 215 216 /** 217 * Sets the token introspection endpoint URI. Corresponds to the 218 * {@code introspection_endpoint} metadata field. 219 * 220 * @param introspectionEndpoint The token introspection endpoint URI, 221 * {@code null} if not specified. 222 */ 223 public void setIntrospectionEndpointURI(final URI introspectionEndpoint) { 224 225 this.introspectionEndpoint = introspectionEndpoint; 226 } 227 228 229 /** 230 * Gets the token revocation endpoint URI. Corresponds to the 231 * {@code revocation_endpoint} metadata field. 232 * 233 * @return The token revocation endpoint URI, {@code null} if not 234 * specified. 235 */ 236 public URI getRevocationEndpointURI() { 237 238 return revocationEndpoint; 239 } 240 241 242 /** 243 * Sets the token revocation endpoint URI. Corresponds to the 244 * {@code revocation_endpoint} metadata field. 245 * 246 * @param revocationEndpoint The token revocation endpoint URI, 247 * {@code null} if not specified. 248 */ 249 public void setRevocationEndpointURI(final URI revocationEndpoint) { 250 251 this.revocationEndpoint = revocationEndpoint; 252 } 253 254 255 /** 256 * Gets the request object endpoint. Corresponds to the 257 * {@code request_object_endpoint} metadata field. 258 * 259 * @return The request object endpoint, {@code null} if not specified. 260 */ 261 public URI getRequestObjectEndpoint() { 262 263 return requestObjectEndpoint; 264 } 265 266 267 /** 268 * Sets the request object endpoint. Corresponds to the 269 * {@code request_object_endpoint} metadata field. 270 * 271 * @param requestObjectEndpoint The request object endpoint, 272 * {@code null} if not specified. 273 */ 274 public void setRequestObjectEndpoint(final URI requestObjectEndpoint) { 275 276 this.requestObjectEndpoint = requestObjectEndpoint; 277 } 278 279 280 /** 281 * Gets the device authorization endpoint URI. Corresponds the 282 * {@code device_authorization_endpoint} metadata field. 283 * 284 * @return The device authorization endpoint URI, {@code null} if not 285 * specified. 286 */ 287 public URI getDeviceAuthorizationEndpointURI() { 288 289 return deviceAuthzEndpoint; 290 } 291 292 293 /** 294 * Sets the device authorization endpoint URI. Corresponds the 295 * {@code device_authorization_endpoint} metadata field. 296 * 297 * @param deviceAuthzEndpoint The device authorization endpoint URI, 298 * {@code null} if not specified. 299 */ 300 public void setDeviceAuthorizationEndpointURI(final URI deviceAuthzEndpoint) { 301 302 this.deviceAuthzEndpoint = deviceAuthzEndpoint; 303 } 304 305 306 /** 307 * Returns the JSON object representation of this OpenID Connect 308 * provider metadata. 309 * 310 * @return The JSON object representation. 311 */ 312 public JSONObject toJSONObject() { 313 314 JSONObject o = new OrderedJSONObject(); 315 316 if (authzEndpoint != null) 317 o.put("authorization_endpoint", authzEndpoint.toString()); 318 319 if (tokenEndpoint != null) 320 o.put("token_endpoint", tokenEndpoint.toString()); 321 322 if (regEndpoint != null) 323 o.put("registration_endpoint", regEndpoint.toString()); 324 325 if (introspectionEndpoint != null) 326 o.put("introspection_endpoint", introspectionEndpoint.toString()); 327 328 if (revocationEndpoint != null) 329 o.put("revocation_endpoint", revocationEndpoint.toString()); 330 331 if (requestObjectEndpoint != null) 332 o.put("request_object_endpoint", requestObjectEndpoint.toString()); 333 334 if (deviceAuthzEndpoint != null) 335 o.put("device_authorization_endpoint", deviceAuthzEndpoint.toString()); 336 337 return o; 338 } 339 340 341 @Override 342 public String toString() { 343 return toJSONObject().toJSONString(); 344 } 345 346 347 /** 348 * Parses an OAuth 2.0 Authorisation Server endpoint metadata from the specified 349 * JSON object. 350 * 351 * @param jsonObject The JSON object to parse. Must not be 352 * {@code null}. 353 * 354 * @return The OAuth 2.0 Authorisation Server endpoint metadata. 355 * 356 * @throws ParseException If the JSON object couldn't be parsed to an 357 * OAuth 2.0 Authorisation Server endpoint metadata. 358 */ 359 public static AuthorizationServerEndpointMetadata parse(final JSONObject jsonObject) 360 throws ParseException { 361 362 // Parse issuer and subject_types_supported first 363 364 AuthorizationServerEndpointMetadata as = new AuthorizationServerEndpointMetadata(); 365 366 as.authzEndpoint = JSONObjectUtils.getURI(jsonObject, "authorization_endpoint", null); 367 as.tokenEndpoint = JSONObjectUtils.getURI(jsonObject, "token_endpoint", null); 368 as.regEndpoint = JSONObjectUtils.getURI(jsonObject, "registration_endpoint", null); 369 as.introspectionEndpoint = JSONObjectUtils.getURI(jsonObject, "introspection_endpoint", null); 370 as.revocationEndpoint = JSONObjectUtils.getURI(jsonObject, "revocation_endpoint", null); 371 as.deviceAuthzEndpoint = JSONObjectUtils.getURI(jsonObject, "device_authorization_endpoint", null); 372 as.requestObjectEndpoint = JSONObjectUtils.getURI(jsonObject, "request_object_endpoint", null); 373 374 return as; 375 } 376}