001/* 002 * oauth2-oidc-sdk 003 * 004 * Copyright 2012-2016, Connect2id Ltd and contributors. 005 * 006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 007 * this file except in compliance with the License. You may obtain a copy of the 008 * License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software distributed 013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the 015 * specific language governing permissions and limitations under the License. 016 */ 017 018package com.nimbusds.openid.connect.sdk.op; 019 020 021import java.net.URI; 022import java.util.Collections; 023import java.util.HashSet; 024import java.util.Set; 025 026import net.minidev.json.JSONObject; 027 028import com.nimbusds.oauth2.sdk.ParseException; 029import com.nimbusds.oauth2.sdk.as.AuthorizationServerEndpointMetadata; 030import com.nimbusds.oauth2.sdk.util.JSONObjectUtils; 031 032 033/** 034 * OpenID Provider (OP) endpoint metadata. 035 * 036 * <p>Related specifications: 037 * 038 * <ul> 039 * <li>OAuth 2.0 Authorization Server Metadata (RFC 8414) 040 * <li>OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound 041 * Access Tokens (RFC 8705) 042 * <li>OAuth 2.0 Device Flow for Browserless and Input Constrained Devices 043 * (draft-ietf-oauth-device-flow-14) 044 * <li>OpenID Connect Discovery 1.0, section 3. 045 * <li>OpenID Connect Session Management 1.0, section 2.1 (draft 28). 046 * <li>OpenID Connect Front-Channel Logout 1.0, section 3 (draft 02). 047 * <li>OpenID Connect Back-Channel Logout 1.0, section 2.1 (draft 04). 048 * <li>OpenID Connect Federation 1.0 (draft 10). 049 * </ul> 050 */ 051public class OIDCProviderEndpointMetadata extends AuthorizationServerEndpointMetadata { 052 053 /** 054 * The registered parameter names. 055 */ 056 private static final Set<String> REGISTERED_PARAMETER_NAMES; 057 058 059 static { 060 Set<String> p = new HashSet<>(AuthorizationServerEndpointMetadata.getRegisteredParameterNames()); 061 p.add("userinfo_endpoint"); 062 p.add("federation_registration_endpoint"); 063 REGISTERED_PARAMETER_NAMES = Collections.unmodifiableSet(p); 064 } 065 066 067 /** 068 * Gets the registered provider metadata parameter names for endpoints. 069 * 070 * @return The registered provider metadata parameter names for the 071 * endpoints, as an unmodifiable set. 072 */ 073 public static Set<String> getRegisteredParameterNames() { 074 075 return REGISTERED_PARAMETER_NAMES; 076 } 077 078 079 /** 080 * The UserInfo endpoint. 081 */ 082 private URI userInfoEndpoint; 083 084 085 /** 086 * The federation registration endpoint. 087 */ 088 private URI federationRegistrationEndpoint; 089 090 091 /** 092 * Creates a new OpenID Connect provider endpoint metadata instance. 093 */ 094 public OIDCProviderEndpointMetadata() { 095 } 096 097 098 /** 099 * Converts an authorization server endpoint metadata to an OpenID 100 * Connect provider endpoint metadata instance. 101 */ 102 public OIDCProviderEndpointMetadata(final AuthorizationServerEndpointMetadata mtlsEndpointAliases) { 103 104 setAuthorizationEndpointURI(mtlsEndpointAliases.getAuthorizationEndpointURI()); 105 setTokenEndpointURI(mtlsEndpointAliases.getTokenEndpointURI()); 106 setRegistrationEndpointURI(mtlsEndpointAliases.getRegistrationEndpointURI()); 107 setIntrospectionEndpointURI(mtlsEndpointAliases.getIntrospectionEndpointURI()); 108 setRevocationEndpointURI(mtlsEndpointAliases.getRevocationEndpointURI()); 109 setDeviceAuthorizationEndpointURI(mtlsEndpointAliases.getDeviceAuthorizationEndpointURI()); 110 setPushedAuthorizationRequestEndpointURI(mtlsEndpointAliases.getPushedAuthorizationRequestEndpointURI()); 111 setRequestObjectEndpoint(mtlsEndpointAliases.getRequestObjectEndpoint()); 112 } 113 114 115 /** 116 * Gets the UserInfo endpoint URI. Corresponds the 117 * {@code userinfo_endpoint} metadata field. 118 * 119 * @return The UserInfo endpoint URI, {@code null} if not specified. 120 */ 121 public URI getUserInfoEndpointURI() { 122 123 return userInfoEndpoint; 124 } 125 126 127 /** 128 * Sets the UserInfo endpoint URI. Corresponds the 129 * {@code userinfo_endpoint} metadata field. 130 * 131 * @param userInfoEndpoint The UserInfo endpoint URI, {@code null} if 132 * not specified. 133 */ 134 public void setUserInfoEndpointURI(final URI userInfoEndpoint) { 135 136 this.userInfoEndpoint = userInfoEndpoint; 137 } 138 139 140 /** 141 * Gets the federation registration endpoint URI. Corresponds to the 142 * {@code federation_registration_endpoint} metadata field. 143 * 144 * @return The federation registration endpoint URI, {@code null} if 145 * not specified. 146 */ 147 public URI getFederationRegistrationEndpointURI() { 148 149 return federationRegistrationEndpoint; 150 } 151 152 153 /** 154 * Sets the federation registration endpoint URI. Corresponds to the 155 * {@code federation_registration_endpoint} metadata field. 156 * 157 * @param federationRegistrationEndpoint The federation registration 158 * endpoint URI, {@code null} if 159 * not specified. 160 */ 161 public void setFederationRegistrationEndpointURI(final URI federationRegistrationEndpoint) { 162 163 this.federationRegistrationEndpoint = federationRegistrationEndpoint; 164 } 165 166 167 /** 168 * Returns the JSON object representation of this OpenID Connect 169 * provider metadata. 170 * 171 * @return The JSON object representation. 172 */ 173 public JSONObject toJSONObject() { 174 175 JSONObject o = super.toJSONObject(); 176 177 if (userInfoEndpoint != null) 178 o.put("userinfo_endpoint", userInfoEndpoint.toString()); 179 180 if (federationRegistrationEndpoint != null) 181 o.put("federation_registration_endpoint", federationRegistrationEndpoint.toString()); 182 183 return o; 184 } 185 186 187 /** 188 * Parses an OAuth 2.0 Authorisation Server endpoint metadata from the specified 189 * JSON object. 190 * 191 * @param jsonObject The JSON object to parse. Must not be 192 * {@code null}. 193 * 194 * @return The OAuth 2.0 Authorisation Server endpoint metadata. 195 * 196 * @throws ParseException If the JSON object couldn't be parsed to an 197 * OAuth 2.0 Authorisation Server endpoint metadata. 198 */ 199 public static OIDCProviderEndpointMetadata parse(final JSONObject jsonObject) 200 throws ParseException { 201 202 AuthorizationServerEndpointMetadata as = AuthorizationServerEndpointMetadata.parse(jsonObject); 203 204 OIDCProviderEndpointMetadata op = new OIDCProviderEndpointMetadata(); 205 206 op.setAuthorizationEndpointURI(as.getAuthorizationEndpointURI()); 207 op.setTokenEndpointURI(as.getTokenEndpointURI()); 208 op.setRegistrationEndpointURI(as.getRegistrationEndpointURI()); 209 op.setIntrospectionEndpointURI(as.getIntrospectionEndpointURI()); 210 op.setRevocationEndpointURI(as.getRevocationEndpointURI()); 211 op.setDeviceAuthorizationEndpointURI(as.getDeviceAuthorizationEndpointURI()); 212 op.setPushedAuthorizationRequestEndpointURI(as.getPushedAuthorizationRequestEndpointURI()); 213 op.setRequestObjectEndpoint(as.getRequestObjectEndpoint()); 214 op.userInfoEndpoint = JSONObjectUtils.getURI(jsonObject, "userinfo_endpoint", null); 215 op.federationRegistrationEndpoint = JSONObjectUtils.getURI(jsonObject, "federation_registration_endpoint", null); 216 217 return op; 218 } 219}