001/*
002 * oauth2-oidc-sdk
003 *
004 * Copyright 2012-2020, Connect2id Ltd and contributors.
005 *
006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use
007 * this file except in compliance with the License. You may obtain a copy of the
008 * License at
009 *
010 *    http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software distributed
013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the
015 * specific language governing permissions and limitations under the License.
016 */
017
018package com.nimbusds.openid.connect.sdk.federation.trust;
019
020
021import java.util.HashSet;
022
023import com.nimbusds.openid.connect.sdk.federation.entities.EntityStatement;
024import com.nimbusds.openid.connect.sdk.federation.trust.constraints.TrustChainConstraints;
025
026
027/**
028 * Trust chain set with methods for {@link #getShortest getting the shortest
029 * chain} and {@link #filter filtering according to path length and entity ID
030 * constraints}.
031 */
032public class TrustChainSet extends HashSet<TrustChain> {
033        
034        
035        /**
036         * Returns the shortest trust chain in this set.
037         *
038         * @return The (first) shortest chain, {@code null} for an empty set.
039         */
040        public TrustChain getShortest() {
041                
042                TrustChain shortest = null;
043                
044                for (TrustChain chain: this) {
045                        if (chain.length() == 1) {
046                                return chain; // return immediately
047                        } else if (shortest == null) {
048                                shortest = chain; // record first
049                        } else if (chain.length() < shortest.length()) {
050                                shortest = chain;
051                        }
052                }
053                
054                return shortest;
055        }
056        
057        
058        /**
059         * Returns a filtered trust chain set according to constraints.
060         *
061         * @param constraints The constraints. Must not be {@code null}.
062         *
063         * @return The filtered trust chain set.
064         */
065        public TrustChainSet filter(final TrustChainConstraints constraints) {
066                
067                TrustChainSet permitted = new TrustChainSet();
068                
069                for (TrustChain chain: this) {
070                        
071                        if (constraints.getMaxPathLength() < 0 || chain.length() -1 <= constraints.getMaxPathLength()) {
072                                
073                                boolean foundNonPermitted = false;
074                                
075                                for (EntityStatement stmt: chain.getSuperiorStatements()) {
076                                        
077                                        if (! constraints.isPermitted(stmt.getClaimsSet().getIssuerEntityID())) {
078                                                foundNonPermitted = true;
079                                                break;
080                                        }
081                                }
082                                
083                                if (! foundNonPermitted) {
084                                        permitted.add(chain);
085                                }
086                        }
087                }
088                
089                return permitted;
090        }
091}