001/* 002 * oauth2-oidc-sdk 003 * 004 * Copyright 2012-2016, Connect2id Ltd and contributors. 005 * 006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 007 * this file except in compliance with the License. You may obtain a copy of the 008 * License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software distributed 013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the 015 * specific language governing permissions and limitations under the License. 016 */ 017 018package com.nimbusds.openid.connect.sdk.op; 019 020 021import java.net.URI; 022import java.util.*; 023 024import net.minidev.json.JSONObject; 025 026import com.nimbusds.oauth2.sdk.*; 027import com.nimbusds.oauth2.sdk.as.AuthorizationServerEndpointMetadata; 028import com.nimbusds.oauth2.sdk.util.JSONObjectUtils; 029 030 031/** 032 * OpenID Provider (OP) endpoint metadata. 033 * 034 * <p>Related specifications: 035 * 036 * <ul> 037 * <li>OAuth 2.0 Authorization Server Metadata (RFC 8414) 038 * <li>OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound 039 * Access Tokens (draft-ietf-oauth-mtls-15) 040 * <li>OAuth 2.0 Device Flow for Browserless and Input Constrained Devices 041 * (draft-ietf-oauth-device-flow-14) 042 * <li>OpenID Connect Discovery 1.0, section 3. 043 * <li>OpenID Connect Session Management 1.0, section 2.1 (draft 28). 044 * <li>OpenID Connect Front-Channel Logout 1.0, section 3 (draft 02). 045 * <li>OpenID Connect Back-Channel Logout 1.0, section 2.1 (draft 04). 046 * </ul> 047 */ 048public class OIDCProviderEndpointMetadata extends AuthorizationServerEndpointMetadata { 049 050 /** 051 * The registered parameter names. 052 */ 053 private static final Set<String> REGISTERED_PARAMETER_NAMES; 054 055 056 static { 057 Set<String> p = new HashSet<>(AuthorizationServerEndpointMetadata.getRegisteredParameterNames()); 058 p.add("userinfo_endpoint"); 059 REGISTERED_PARAMETER_NAMES = Collections.unmodifiableSet(p); 060 } 061 062 063 /** 064 * Gets the registered provider metadata parameter names for endpoints. 065 * 066 * @return The registered provider metadata parameter names for endpoints, 067 * as an unmodifiable set. 068 */ 069 public static Set<String> getRegisteredParameterNames() { 070 071 return REGISTERED_PARAMETER_NAMES; 072 } 073 074 075 /** 076 * The UserInfo endpoint. 077 */ 078 private URI userInfoEndpoint; 079 080 081 /** 082 * Creates a new OpenID Connect provider endpoint metadata instance. 083 */ 084 public OIDCProviderEndpointMetadata() { 085 } 086 087 088 /** 089 * Converts an authorization server endpoint metadata to an OpenID Connect 090 * provider endpoint metadata instance. 091 */ 092 public OIDCProviderEndpointMetadata(AuthorizationServerEndpointMetadata mtlsEndpointAliases) { 093 094 setAuthorizationEndpointURI(mtlsEndpointAliases.getAuthorizationEndpointURI()); 095 setTokenEndpointURI(mtlsEndpointAliases.getTokenEndpointURI()); 096 setRegistrationEndpointURI(mtlsEndpointAliases.getRegistrationEndpointURI()); 097 setIntrospectionEndpointURI(mtlsEndpointAliases.getIntrospectionEndpointURI()); 098 setRevocationEndpointURI(mtlsEndpointAliases.getRevocationEndpointURI()); 099 setDeviceAuthorizationEndpointURI(mtlsEndpointAliases.getDeviceAuthorizationEndpointURI()); 100 setRequestObjectEndpoint(mtlsEndpointAliases.getRequestObjectEndpoint()); 101 } 102 103 104 /** 105 * Gets the UserInfo endpoint URI. Corresponds the 106 * {@code userinfo_endpoint} metadata field. 107 * 108 * @return The UserInfo endpoint URI, {@code null} if not specified. 109 */ 110 public URI getUserInfoEndpointURI() { 111 112 return userInfoEndpoint; 113 } 114 115 116 /** 117 * Sets the UserInfo endpoint URI. Corresponds the 118 * {@code userinfo_endpoint} metadata field. 119 * 120 * @param userInfoEndpoint The UserInfo endpoint URI, {@code null} if 121 * not specified. 122 */ 123 public void setUserInfoEndpointURI(final URI userInfoEndpoint) { 124 125 this.userInfoEndpoint = userInfoEndpoint; 126 } 127 128 129 /** 130 * Returns the JSON object representation of this OpenID Connect 131 * provider metadata. 132 * 133 * @return The JSON object representation. 134 */ 135 public JSONObject toJSONObject() { 136 137 JSONObject o = super.toJSONObject(); 138 139 if (userInfoEndpoint != null) 140 o.put("userinfo_endpoint", userInfoEndpoint.toString()); 141 142 return o; 143 } 144 145 146 /** 147 * Parses an OAuth 2.0 Authorisation Server endpoint metadata from the specified 148 * JSON object. 149 * 150 * @param jsonObject The JSON object to parse. Must not be 151 * {@code null}. 152 * 153 * @return The OAuth 2.0 Authorisation Server endpoint metadata. 154 * 155 * @throws ParseException If the JSON object couldn't be parsed to an 156 * OAuth 2.0 Authorisation Server endpoint metadata. 157 */ 158 public static OIDCProviderEndpointMetadata parse(final JSONObject jsonObject) 159 throws ParseException { 160 161 AuthorizationServerEndpointMetadata as = AuthorizationServerEndpointMetadata.parse(jsonObject); 162 163 OIDCProviderEndpointMetadata op = new OIDCProviderEndpointMetadata(); 164 165 op.setAuthorizationEndpointURI(as.getAuthorizationEndpointURI()); 166 op.setTokenEndpointURI(as.getTokenEndpointURI()); 167 op.setRegistrationEndpointURI(as.getRegistrationEndpointURI()); 168 op.setIntrospectionEndpointURI(as.getIntrospectionEndpointURI()); 169 op.setRevocationEndpointURI(as.getRevocationEndpointURI()); 170 op.setDeviceAuthorizationEndpointURI(as.getDeviceAuthorizationEndpointURI()); 171 op.setRequestObjectEndpoint(as.getRequestObjectEndpoint()); 172 op.userInfoEndpoint = JSONObjectUtils.getURI(jsonObject, "userinfo_endpoint", null); 173 174 return op; 175 } 176}