001/* 002 * oauth2-oidc-sdk 003 * 004 * Copyright 2012-2020, Connect2id Ltd and contributors. 005 * 006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 007 * this file except in compliance with the License. You may obtain a copy of the 008 * License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software distributed 013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the 015 * specific language governing permissions and limitations under the License. 016 */ 017 018package com.nimbusds.openid.connect.sdk.federation.trust; 019 020 021import java.util.HashSet; 022 023import com.nimbusds.openid.connect.sdk.federation.entities.EntityStatement; 024import com.nimbusds.openid.connect.sdk.federation.trust.constraints.TrustChainConstraints; 025 026 027/** 028 * Trust chain set with methods for {@link #getShortest getting the shortest 029 * chain} and {@link #filter filtering according to path length and entity ID 030 * constraints}. 031 */ 032public class TrustChainSet extends HashSet<TrustChain> { 033 034 035 /** 036 * Returns the shortest trust chain in this set. 037 * 038 * @return The (first) shortest chain, {@code null} for an empty set. 039 */ 040 public TrustChain getShortest() { 041 042 TrustChain shortest = null; 043 044 for (TrustChain chain: this) { 045 if (chain.length() == 1) { 046 return chain; // return immediately 047 } else if (shortest == null) { 048 shortest = chain; // record first 049 } else if (chain.length() < shortest.length()) { 050 shortest = chain; 051 } 052 } 053 054 return shortest; 055 } 056 057 058 /** 059 * Returns a filtered trust chain set according to constraints. 060 * 061 * @param constraints The constraints. Must not be {@code null}. 062 * 063 * @return The filtered trust chain set. 064 */ 065 public TrustChainSet filter(final TrustChainConstraints constraints) { 066 067 TrustChainSet permitted = new TrustChainSet(); 068 069 for (TrustChain chain: this) { 070 071 if (constraints.getMaxPathLength() < 0 || chain.length() -1 <= constraints.getMaxPathLength()) { 072 073 boolean foundNonPermitted = false; 074 075 for (EntityStatement stmt: chain.getSuperiorStatements()) { 076 077 if (! constraints.isPermitted(stmt.getClaimsSet().getIssuerEntityID())) { 078 foundNonPermitted = true; 079 break; 080 } 081 } 082 083 if (! foundNonPermitted) { 084 permitted.add(chain); 085 } 086 } 087 } 088 089 return permitted; 090 } 091}