001/* 002 * oauth2-oidc-sdk 003 * 004 * Copyright 2012-2016, Connect2id Ltd and contributors. 005 * 006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 007 * this file except in compliance with the License. You may obtain a copy of the 008 * License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software distributed 013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the 015 * specific language governing permissions and limitations under the License. 016 */ 017 018package com.nimbusds.openid.connect.sdk.claims; 019 020 021import net.jcip.annotations.Immutable; 022 023import com.nimbusds.oauth2.sdk.id.Identifier; 024 025 026/** 027 * Authentication Context Class Reference ({@code acr}). It identifies the 028 * authentication context, i.e. the information that the relying party may 029 * require before it makes an entitlements decision with respect to an 030 * authentication response. Such context may include, but is not limited to, 031 * the actual authentication method used or level of assurance such as 032 * ITU-T X.1254 | ISO/IEC 29115 entity authentication assurance level. 033 * 034 * <p>The ACR is represented by a string or an URI string. 035 * 036 * <p>Related specifications: 037 * 038 * <ul> 039 * <li>OpenID Connect Core 1.0, section 2. 040 * <li>OpenID Connect Extended Authentication Profile (EAP) ACR Values 1.0 041 * - draft 00 042 * <li>RFC 6711 043 * <li>See ISO/IEC DIS 29115 044 * </ul> 045 */ 046@Immutable 047public final class ACR extends Identifier { 048 049 050 private static final long serialVersionUID = 7234490015365923377L; 051 052 053 /** 054 * Phishing-Resistant. An authentication mechanism where a party 055 * potentially under the control of the Relying Party cannot gain 056 * sufficient information to be able to successfully authenticate to 057 * the End User's OpenID Provider as if that party were the End User. 058 * (Note that the potentially malicious Relying Party controls where 059 * the User-Agent is redirected to and thus may not send it to the End 060 * User's actual OpenID Provider). NOTE: These semantics are the same 061 * as those specified in [OpenID.PAPE]. 062 */ 063 public static final ACR PHR = new ACR("phr"); 064 065 066 /** 067 * Phishing-Resistant Hardware-Protected. An authentication mechanism 068 * meeting the requirements for phishing-resistant {@link #PHR} 069 * authentication in which additionally information needed to be able 070 * to successfully authenticate to the End User's OpenID Provider as if 071 * that party were the End User is held in a hardware-protected device 072 * or component. 073 */ 074 public static final ACR PHRH = new ACR("phrh"); 075 076 077 /** 078 * Creates a new Authentication Context Class Reference (ACR) with the 079 * specified value. 080 * 081 * @param value The ACR value. Must not be {@code null}. 082 */ 083 public ACR(final String value) { 084 085 super(value); 086 } 087 088 089 @Override 090 public boolean equals(final Object object) { 091 092 return object instanceof ACR && 093 this.toString().equals(object.toString()); 094 } 095}