001/* 002 * oauth2-oidc-sdk 003 * 004 * Copyright 2012-2016, Connect2id Ltd and contributors. 005 * 006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 007 * this file except in compliance with the License. You may obtain a copy of the 008 * License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software distributed 013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the 015 * specific language governing permissions and limitations under the License. 016 */ 017 018package com.nimbusds.oauth2.sdk.as; 019 020 021import java.net.URI; 022import java.util.Collections; 023import java.util.HashSet; 024import java.util.Set; 025 026import net.minidev.json.JSONObject; 027 028import com.nimbusds.oauth2.sdk.ParseException; 029import com.nimbusds.oauth2.sdk.util.JSONObjectUtils; 030import com.nimbusds.oauth2.sdk.util.OrderedJSONObject; 031 032 033/** 034 * OAuth 2.0 Authorisation Server (AS) metadata for the endpoints. 035 * 036 * <p>Related specifications: 037 * 038 * <ul> 039 * <li>OAuth 2.0 Authorization Server Metadata (RFC 8414) 040 * <li>OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound 041 * Access Tokens (draft-ietf-oauth-mtls-15) 042 * <li>OAuth 2.0 Pushed Authorization Requests 043 * (draft-lodderstedt-oauth-par-01) 044 * <li>OAuth 2.0 Device Flow for Browserless and Input Constrained Devices 045 * (draft-ietf-oauth-device-flow-14) 046 * </ul> 047 */ 048public class AuthorizationServerEndpointMetadata { 049 050 /** 051 * The registered parameter names. 052 */ 053 private static final Set<String> REGISTERED_PARAMETER_NAMES; 054 055 056 static { 057 Set<String> p = new HashSet<>(); 058 p.add("authorization_endpoint"); 059 p.add("token_endpoint"); 060 p.add("registration_endpoint"); 061 p.add("introspection_endpoint"); 062 p.add("revocation_endpoint"); 063 p.add("device_authorization_endpoint"); 064 p.add("request_object_endpoint"); 065 p.add("pushed_authorization_request_endpoint"); 066 REGISTERED_PARAMETER_NAMES = Collections.unmodifiableSet(p); 067 } 068 069 070 /** 071 * Gets the registered provider metadata parameter names for endpoints. 072 * 073 * @return The registered provider metadata parameter names for endpoints, 074 * as an unmodifiable set. 075 */ 076 public static Set<String> getRegisteredParameterNames() { 077 078 return REGISTERED_PARAMETER_NAMES; 079 } 080 081 082 /** 083 * The authorisation endpoint. 084 */ 085 private URI authzEndpoint; 086 087 088 /** 089 * The token endpoint. 090 */ 091 private URI tokenEndpoint; 092 093 094 /** 095 * The registration endpoint. 096 */ 097 private URI regEndpoint; 098 099 100 /** 101 * The token introspection endpoint. 102 */ 103 private URI introspectionEndpoint; 104 105 106 /** 107 * The token revocation endpoint. 108 */ 109 private URI revocationEndpoint; 110 111 112 /** 113 * The request object endpoint. 114 */ 115 private URI requestObjectEndpoint; 116 117 118 /** 119 * The pushed request object endpoint. 120 */ 121 private URI parEndpoint; 122 123 124 /** 125 * The device authorization endpoint. 126 */ 127 private URI deviceAuthzEndpoint; 128 129 130 /** 131 * Creates a new OAuth 2.0 Authorisation Server (AS) endpoint metadata instance. 132 */ 133 public AuthorizationServerEndpointMetadata() { 134 } 135 136 137 /** 138 * Gets the authorisation endpoint URI. Corresponds the 139 * {@code authorization_endpoint} metadata field. 140 * 141 * @return The authorisation endpoint URI, {@code null} if not 142 * specified. 143 */ 144 public URI getAuthorizationEndpointURI() { 145 146 return authzEndpoint; 147 } 148 149 150 /** 151 * Sets the authorisation endpoint URI. Corresponds the 152 * {@code authorization_endpoint} metadata field. 153 * 154 * @param authzEndpoint The authorisation endpoint URI, {@code null} if 155 * not specified. 156 */ 157 public void setAuthorizationEndpointURI(final URI authzEndpoint) { 158 159 this.authzEndpoint = authzEndpoint; 160 } 161 162 163 /** 164 * Gets the token endpoint URI. Corresponds the {@code token_endpoint} 165 * metadata field. 166 * 167 * @return The token endpoint URI, {@code null} if not specified. 168 */ 169 public URI getTokenEndpointURI() { 170 171 return tokenEndpoint; 172 } 173 174 175 /** 176 * Sts the token endpoint URI. Corresponds the {@code token_endpoint} 177 * metadata field. 178 * 179 * @param tokenEndpoint The token endpoint URI, {@code null} if not 180 * specified. 181 */ 182 public void setTokenEndpointURI(final URI tokenEndpoint) { 183 184 this.tokenEndpoint = tokenEndpoint; 185 } 186 187 188 /** 189 * Gets the client registration endpoint URI. Corresponds to the 190 * {@code registration_endpoint} metadata field. 191 * 192 * @return The client registration endpoint URI, {@code null} if not 193 * specified. 194 */ 195 public URI getRegistrationEndpointURI() { 196 197 return regEndpoint; 198 } 199 200 201 /** 202 * Sets the client registration endpoint URI. Corresponds to the 203 * {@code registration_endpoint} metadata field. 204 * 205 * @param regEndpoint The client registration endpoint URI, 206 * {@code null} if not specified. 207 */ 208 public void setRegistrationEndpointURI(final URI regEndpoint) { 209 210 this.regEndpoint = regEndpoint; 211 } 212 213 214 /** 215 * Gets the token introspection endpoint URI. Corresponds to the 216 * {@code introspection_endpoint} metadata field. 217 * 218 * @return The token introspection endpoint URI, {@code null} if not 219 * specified. 220 */ 221 public URI getIntrospectionEndpointURI() { 222 223 return introspectionEndpoint; 224 } 225 226 227 /** 228 * Sets the token introspection endpoint URI. Corresponds to the 229 * {@code introspection_endpoint} metadata field. 230 * 231 * @param introspectionEndpoint The token introspection endpoint URI, 232 * {@code null} if not specified. 233 */ 234 public void setIntrospectionEndpointURI(final URI introspectionEndpoint) { 235 236 this.introspectionEndpoint = introspectionEndpoint; 237 } 238 239 240 /** 241 * Gets the token revocation endpoint URI. Corresponds to the 242 * {@code revocation_endpoint} metadata field. 243 * 244 * @return The token revocation endpoint URI, {@code null} if not 245 * specified. 246 */ 247 public URI getRevocationEndpointURI() { 248 249 return revocationEndpoint; 250 } 251 252 253 /** 254 * Sets the token revocation endpoint URI. Corresponds to the 255 * {@code revocation_endpoint} metadata field. 256 * 257 * @param revocationEndpoint The token revocation endpoint URI, 258 * {@code null} if not specified. 259 */ 260 public void setRevocationEndpointURI(final URI revocationEndpoint) { 261 262 this.revocationEndpoint = revocationEndpoint; 263 } 264 265 266 /** 267 * Gets the request object endpoint. Corresponds to the 268 * {@code request_object_endpoint} metadata field. 269 * 270 * @return The request object endpoint, {@code null} if not specified. 271 */ 272 public URI getRequestObjectEndpoint() { 273 274 return requestObjectEndpoint; 275 } 276 277 278 /** 279 * Sets the request object endpoint. Corresponds to the 280 * {@code request_object_endpoint} metadata field. 281 * 282 * @param requestObjectEndpoint The request object endpoint, 283 * {@code null} if not specified. 284 */ 285 public void setRequestObjectEndpoint(final URI requestObjectEndpoint) { 286 287 this.requestObjectEndpoint = requestObjectEndpoint; 288 } 289 290 291 /** 292 * Gets the pushed authorisation request endpoint. Corresponds to the 293 * {@code pushed_authorization_request_endpoint} metadata field. 294 * 295 * @return The pushed authorisation request endpoint, {@code null} if 296 * not specified. 297 */ 298 public URI getPushedAuthorizationRequestEndpoint() { 299 300 return parEndpoint; 301 } 302 303 304 /** 305 * Gets the pushed authorisation request endpoint. Corresponds to the 306 * {@code pushed_authorization_request_endpoint} metadata field. 307 * 308 * @param parEndpoint The pushed authorisation request endpoint, 309 * {@code null} if not specified. 310 */ 311 public void setPushedAuthorizationRequestEndpoint(final URI parEndpoint) { 312 313 this.parEndpoint = parEndpoint; 314 } 315 316 317 /** 318 * Gets the device authorization endpoint URI. Corresponds the 319 * {@code device_authorization_endpoint} metadata field. 320 * 321 * @return The device authorization endpoint URI, {@code null} if not 322 * specified. 323 */ 324 public URI getDeviceAuthorizationEndpointURI() { 325 326 return deviceAuthzEndpoint; 327 } 328 329 330 /** 331 * Sets the device authorization endpoint URI. Corresponds the 332 * {@code device_authorization_endpoint} metadata field. 333 * 334 * @param deviceAuthzEndpoint The device authorization endpoint URI, 335 * {@code null} if not specified. 336 */ 337 public void setDeviceAuthorizationEndpointURI(final URI deviceAuthzEndpoint) { 338 339 this.deviceAuthzEndpoint = deviceAuthzEndpoint; 340 } 341 342 343 /** 344 * Returns the JSON object representation of this OpenID Connect 345 * provider metadata. 346 * 347 * @return The JSON object representation. 348 */ 349 public JSONObject toJSONObject() { 350 351 JSONObject o = new OrderedJSONObject(); 352 353 if (authzEndpoint != null) 354 o.put("authorization_endpoint", authzEndpoint.toString()); 355 356 if (tokenEndpoint != null) 357 o.put("token_endpoint", tokenEndpoint.toString()); 358 359 if (regEndpoint != null) 360 o.put("registration_endpoint", regEndpoint.toString()); 361 362 if (introspectionEndpoint != null) 363 o.put("introspection_endpoint", introspectionEndpoint.toString()); 364 365 if (revocationEndpoint != null) 366 o.put("revocation_endpoint", revocationEndpoint.toString()); 367 368 if (requestObjectEndpoint != null) 369 o.put("request_object_endpoint", requestObjectEndpoint.toString()); 370 371 if (parEndpoint != null) 372 o.put("pushed_authorization_request_endpoint", parEndpoint.toString()); 373 374 if (deviceAuthzEndpoint != null) 375 o.put("device_authorization_endpoint", deviceAuthzEndpoint.toString()); 376 377 return o; 378 } 379 380 381 @Override 382 public String toString() { 383 return toJSONObject().toJSONString(); 384 } 385 386 387 /** 388 * Parses an OAuth 2.0 Authorisation Server endpoint metadata from the specified 389 * JSON object. 390 * 391 * @param jsonObject The JSON object to parse. Must not be 392 * {@code null}. 393 * 394 * @return The OAuth 2.0 Authorisation Server endpoint metadata. 395 * 396 * @throws ParseException If the JSON object couldn't be parsed to an 397 * OAuth 2.0 Authorisation Server endpoint metadata. 398 */ 399 public static AuthorizationServerEndpointMetadata parse(final JSONObject jsonObject) 400 throws ParseException { 401 402 // Parse issuer and subject_types_supported first 403 404 AuthorizationServerEndpointMetadata as = new AuthorizationServerEndpointMetadata(); 405 406 as.authzEndpoint = JSONObjectUtils.getURI(jsonObject, "authorization_endpoint", null); 407 as.tokenEndpoint = JSONObjectUtils.getURI(jsonObject, "token_endpoint", null); 408 as.regEndpoint = JSONObjectUtils.getURI(jsonObject, "registration_endpoint", null); 409 as.introspectionEndpoint = JSONObjectUtils.getURI(jsonObject, "introspection_endpoint", null); 410 as.revocationEndpoint = JSONObjectUtils.getURI(jsonObject, "revocation_endpoint", null); 411 as.deviceAuthzEndpoint = JSONObjectUtils.getURI(jsonObject, "device_authorization_endpoint", null); 412 as.requestObjectEndpoint = JSONObjectUtils.getURI(jsonObject, "request_object_endpoint", null); 413 as.parEndpoint = JSONObjectUtils.getURI(jsonObject, "pushed_authorization_request_endpoint", null); 414 return as; 415 } 416}