Class EntityStatementClaimsSet
- java.lang.Object
-
- com.nimbusds.openid.connect.sdk.claims.ClaimsSet
-
- com.nimbusds.openid.connect.sdk.claims.CommonClaimsSet
-
- com.nimbusds.openid.connect.sdk.federation.entities.EntityStatementClaimsSet
-
- All Implemented Interfaces:
net.minidev.json.JSONAware
public class EntityStatementClaimsSet extends CommonClaimsSet
Federation entity statement claims set, serialisable to a JSON object.Example claims set:
{ "iss": "https://feide.no", "sub": "https://ntnu.no", "iat": 1516239022, "exp": 1516298022, "crit": ["jti"], "jti": "7l2lncFdY6SlhNia", "policy_language_crit": ["regexp"], "metadata_policy": { "openid_provider": { "issuer": {"value": "https://ntnu.no"}, "organization_name": {"value": "NTNU"}, "id_token_signing_alg_values_supported": {"subset_of": ["RS256", "RS384", "RS512"]}, "op_policy_uri": { "regexp": "^https:\/\/[\w-]+\.example\.com\/[\w-]+\.html"} }, "openid_relying_party": { "organization_name": {"value": "NTNU"}, "grant_types_supported": { "subset_of": ["authorization_code", "implicit"]}, "scopes": { "subset_of": ["openid", "profile", "email", "phone"]} } }, "constraints": { "max_path_length": 2 } "jwks": { "keys": [ { "alg": "RS256", "e": "AQAB", "ext": true, "key_ops": ["verify"], "kid": "key1", "kty": "RSA", "n": "pnXBOusEANuug6ewezb9J_...", "use": "sig" } ] }, "authority_hints": [ "https://edugain.org/federation" ] }
Related specifications:
- OpenID Connect Federation 1.0, section 2.1.
-
-
Field Summary
Fields Modifier and Type Field Description static String
AUTHORITY_HINTS_CLAIM_NAME
The authority hints claim name.static String
CONSTRAINTS_CLAIM_NAME
The constraints claim name.static String
CRITICAL_CLAIM_NAME
The critical claim name.static String
EXP_CLAIM_NAME
The expiration time claim name.static String
JWKS_CLAIM_NAME
The JWK set claim name.static String
METADATA_CLAIM_NAME
The metadata claim name.static String
METADATA_POLICY_CLAIM_NAME
The metadata policy claim name.static String
POLICY_LANGUAGE_CRITICAL_CLAIM_NAME
The policy critical claim name.static String
TRUST_ANCHOR_ID_CLAIM_NAME
The assumed trust anchor in a explicit client registration.-
Fields inherited from class com.nimbusds.openid.connect.sdk.claims.CommonClaimsSet
IAT_CLAIM_NAME, SUB_CLAIM_NAME
-
Fields inherited from class com.nimbusds.openid.connect.sdk.claims.ClaimsSet
AUD_CLAIM_NAME, claims, ISS_CLAIM_NAME
-
-
Constructor Summary
Constructors Constructor Description EntityStatementClaimsSet(com.nimbusds.jwt.JWTClaimsSet jwtClaimsSet)
Creates a new federation entity statement claims set from the specified JWT claims set.EntityStatementClaimsSet(Issuer iss, Subject sub, Date iat, Date exp, com.nimbusds.jose.jwk.JWKSet jwks)
Creates a new federation entity statement claims set with the minimum required claims.EntityStatementClaimsSet(EntityID iss, EntityID sub, Date iat, Date exp, com.nimbusds.jose.jwk.JWKSet jwks)
Creates a new federation entity statement claims set with the minimum required claims.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description AuthorizationServerMetadata
getASMetadata()
Gets the OAuth 2.0 authorisation server metadata if present for this entity.List<EntityID>
getAuthorityHints()
Gets the entity IDs of the intermediate entities or trust anchors.TrustChainConstraints
getConstraints()
Gets the trust chain constraints for subordinate entities.List<String>
getCriticalExtensionClaims()
Gets the names of the critical extension claims.List<String>
getCriticalPolicyExtensions()
Gets the names of the critical policy extensions.Date
getExpirationTime()
Gets the entity statement expiration time.FederationEntityMetadata
getFederationEntityMetadata()
Gets the federation entity metadata if present for this entity.EntityID
getIssuerEntityID()
Returns the issuer as entity ID.com.nimbusds.jose.jwk.JWKSet
getJWKSet()
Gets the entity JWK set.net.minidev.json.JSONObject
getMetadata(FederationMetadataType type)
Gets the metadata for the specified type.MetadataPolicy
getMetadataPolicy(FederationMetadataType type)
Gets the metadata policy for the specified type.net.minidev.json.JSONObject
getMetadataPolicyJSONObject()
Gets the complete metadata policy JSON object.ClientMetadata
getOAuthClientMetadata()
Gets the OAuth 2.0 client metadata if present for this entity.OIDCProviderMetadata
getOPMetadata()
Gets the OpenID provider metadata if present for this entity.OIDCClientMetadata
getRPMetadata()
Gets the OpenID relying party metadata if present for this entity.EntityID
getSubjectEntityID()
Returns the subject as entity ID.EntityID
getTrustAnchorID()
Gets the used trust anchor in a explicit client registration in OpenID Connect Federation 1.0.boolean
hasMetadata()
Returnstrue
if a metadata field is present.boolean
isSelfStatement()
Returnstrue
if this is a self-statement (issuer and subject match).void
setASMetadata(AuthorizationServerMetadata asMetadata)
Sets the OAuth 2.0 authorisation server metadata if present for this entity.void
setAuthorityHints(List<EntityID> trustChain)
Sets the entity IDs of the intermediate entities or trust anchors.void
setConstraints(TrustChainConstraints constraints)
Sets the trust chain constraint for subordinate entities.void
setCriticalExtensionClaims(List<String> claimNames)
Sets the names of the critical extension claims.void
setCriticalPolicyExtensions(List<String> extNames)
Sets the names of the critical policy extensions.void
setFederationEntityMetadata(FederationEntityMetadata entityMetadata)
Sets the federation entity metadata if present for this entity.void
setMetadata(FederationMetadataType type, net.minidev.json.JSONObject metadata)
Sets the metadata for the specified type.void
setMetadataPolicy(FederationMetadataType type, MetadataPolicy metadataPolicy)
Sets the metadata policy for the specified type.void
setMetadataPolicyJSONObject(net.minidev.json.JSONObject metadataPolicy)
Sets the complete metadata policy JSON object.void
setOAuthClientMetadata(ClientMetadata clientMetadata)
Sets the OAuth 2.0 client metadata if present for this entity.void
setOPMetadata(OIDCProviderMetadata opMetadata)
Gets the OpenID provider metadata if present for this entity.void
setRPMetadata(OIDCClientMetadata rpMetadata)
Sets the OpenID relying party metadata if present for this entity.void
setTrustAnchorID(EntityID trustAnchorID)
Sets the used trust anchor in a explicit client registration in OpenID Connect Federation 1.0.void
validateRequiredClaimsPresence()
Validates this claims set for having all minimum required claims for an entity statement.-
Methods inherited from class com.nimbusds.openid.connect.sdk.claims.CommonClaimsSet
getIssueTime, getStandardClaimNames, getSubject
-
Methods inherited from class com.nimbusds.openid.connect.sdk.claims.ClaimsSet
equals, getAudience, getBooleanClaim, getClaim, getClaim, getDateClaim, getIssuer, getJSONObjectClaim, getLangTaggedClaim, getNumberClaim, getStringClaim, getStringClaim, getStringListClaim, getURIClaim, getURLClaim, hashCode, putAll, putAll, setAudience, setAudience, setClaim, setClaim, setDateClaim, setIssuer, setURIClaim, setURLClaim, toJSONObject, toJSONString, toJWTClaimsSet
-
-
-
-
Field Detail
-
EXP_CLAIM_NAME
public static final String EXP_CLAIM_NAME
The expiration time claim name.- See Also:
- Constant Field Values
-
JWKS_CLAIM_NAME
public static final String JWKS_CLAIM_NAME
The JWK set claim name.- See Also:
- Constant Field Values
-
AUTHORITY_HINTS_CLAIM_NAME
public static final String AUTHORITY_HINTS_CLAIM_NAME
The authority hints claim name.- See Also:
- Constant Field Values
-
METADATA_CLAIM_NAME
public static final String METADATA_CLAIM_NAME
The metadata claim name.- See Also:
- Constant Field Values
-
METADATA_POLICY_CLAIM_NAME
public static final String METADATA_POLICY_CLAIM_NAME
The metadata policy claim name.- See Also:
- Constant Field Values
-
TRUST_ANCHOR_ID_CLAIM_NAME
public static final String TRUST_ANCHOR_ID_CLAIM_NAME
The assumed trust anchor in a explicit client registration. Intended for entity statements issued by an OP for RP performing explicit client registration only.- See Also:
- Constant Field Values
-
CONSTRAINTS_CLAIM_NAME
public static final String CONSTRAINTS_CLAIM_NAME
The constraints claim name.- See Also:
- Constant Field Values
-
CRITICAL_CLAIM_NAME
public static final String CRITICAL_CLAIM_NAME
The critical claim name.- See Also:
- Constant Field Values
-
POLICY_LANGUAGE_CRITICAL_CLAIM_NAME
public static final String POLICY_LANGUAGE_CRITICAL_CLAIM_NAME
The policy critical claim name.- See Also:
- Constant Field Values
-
-
Constructor Detail
-
EntityStatementClaimsSet
public EntityStatementClaimsSet(Issuer iss, Subject sub, Date iat, Date exp, com.nimbusds.jose.jwk.JWKSet jwks)
Creates a new federation entity statement claims set with the minimum required claims.- Parameters:
iss
- The issuer. Must not benull
.sub
- The subject. Must not benull
.iat
- The issue time. Must not benull
.exp
- The expiration time. Must not benull
.jwks
- The entity public JWK set,null
if not required.
-
EntityStatementClaimsSet
public EntityStatementClaimsSet(EntityID iss, EntityID sub, Date iat, Date exp, com.nimbusds.jose.jwk.JWKSet jwks)
Creates a new federation entity statement claims set with the minimum required claims.- Parameters:
iss
- The issuer. Must not benull
.sub
- The subject. Must not benull
.iat
- The issue time. Must not benull
.exp
- The expiration time. Must not benull
.jwks
- The entity public JWK set,null
if not required.
-
EntityStatementClaimsSet
public EntityStatementClaimsSet(com.nimbusds.jwt.JWTClaimsSet jwtClaimsSet) throws ParseException
Creates a new federation entity statement claims set from the specified JWT claims set.- Parameters:
jwtClaimsSet
- The JWT claims set. Must not benull
.- Throws:
ParseException
- If the JWT claims set doesn't represent a valid federation entity statement claims set.
-
-
Method Detail
-
validateRequiredClaimsPresence
public void validateRequiredClaimsPresence() throws ParseException
Validates this claims set for having all minimum required claims for an entity statement. If aselt-statement
check for thepresence of metadata
. Ifcritical extension claims
are listed their presence is also checked.- Throws:
ParseException
- If the validation failed and a required claim is missing.
-
isSelfStatement
public boolean isSelfStatement()
Returnstrue
if this is a self-statement (issuer and subject match).- Returns:
true
for a self-statement,false
if not.
-
getIssuerEntityID
public EntityID getIssuerEntityID()
Returns the issuer as entity ID.- Returns:
- The issuer as entity ID.
-
getSubjectEntityID
public EntityID getSubjectEntityID()
Returns the subject as entity ID.- Returns:
- The subject as entity ID.
-
getExpirationTime
public Date getExpirationTime()
Gets the entity statement expiration time. Corresponds to theexp
claim.- Returns:
- The expiration time,
null
if not specified or parsing failed.
-
getJWKSet
public com.nimbusds.jose.jwk.JWKSet getJWKSet()
Gets the entity JWK set.- Returns:
- The entity JWK set,
null
if not specified or parsing failed.
-
getAuthorityHints
public List<EntityID> getAuthorityHints()
Gets the entity IDs of the intermediate entities or trust anchors.- Returns:
- The entity IDs,
null
or empty list for a trust anchor, or if parsing failed.
-
setAuthorityHints
public void setAuthorityHints(List<EntityID> trustChain)
Sets the entity IDs of the intermediate entities or trust anchors.- Parameters:
trustChain
- The entity IDs,null
or empty list for a trust anchor.
-
hasMetadata
public boolean hasMetadata()
Returnstrue
if a metadata field is present.- Returns:
true
if for a metadata field for an OpenID relying party, OpenID provider, OAuth authorisation server, OAuth client, OAuth protected resource or a federation entity is present.
-
getMetadata
public net.minidev.json.JSONObject getMetadata(FederationMetadataType type)
Gets the metadata for the specified type. Use a typed getter, such asgetRPMetadata()
, when available.- Parameters:
type
- The type. Must not benull
.- Returns:
- The metadata,
null
if not specified.
-
setMetadata
public void setMetadata(FederationMetadataType type, net.minidev.json.JSONObject metadata)
Sets the metadata for the specified type. Use a typed setter, such assetRPMetadata(com.nimbusds.openid.connect.sdk.rp.OIDCClientMetadata)
, when available.- Parameters:
type
- The type. Must not benull
.metadata
- The metadata,null
if not specified.
-
getRPMetadata
public OIDCClientMetadata getRPMetadata()
Gets the OpenID relying party metadata if present for this entity.- Returns:
- The RP metadata,
null
if not specified or if parsing failed.
-
setRPMetadata
public void setRPMetadata(OIDCClientMetadata rpMetadata)
Sets the OpenID relying party metadata if present for this entity.- Parameters:
rpMetadata
- The RP metadata,null
if not specified.
-
getOPMetadata
public OIDCProviderMetadata getOPMetadata()
Gets the OpenID provider metadata if present for this entity.- Returns:
- The OP metadata,
null
if not specified or if parsing failed.
-
setOPMetadata
public void setOPMetadata(OIDCProviderMetadata opMetadata)
Gets the OpenID provider metadata if present for this entity.- Parameters:
opMetadata
- The OP metadata,null
if not specified.
-
getOAuthClientMetadata
public ClientMetadata getOAuthClientMetadata()
Gets the OAuth 2.0 client metadata if present for this entity.- Returns:
- The client metadata,
null
if not specified or if parsing failed.
-
setOAuthClientMetadata
public void setOAuthClientMetadata(ClientMetadata clientMetadata)
Sets the OAuth 2.0 client metadata if present for this entity.- Parameters:
clientMetadata
- The client metadata,null
if not specified.
-
getASMetadata
public AuthorizationServerMetadata getASMetadata()
Gets the OAuth 2.0 authorisation server metadata if present for this entity.- Returns:
- The AS metadata,
null
if not specified or if parsing failed.
-
setASMetadata
public void setASMetadata(AuthorizationServerMetadata asMetadata)
Sets the OAuth 2.0 authorisation server metadata if present for this entity.- Parameters:
asMetadata
- The AS metadata,null
if not specified.
-
getFederationEntityMetadata
public FederationEntityMetadata getFederationEntityMetadata()
Gets the federation entity metadata if present for this entity.- Returns:
- The federation entity metadata,
null
if not specified or if parsing failed.
-
setFederationEntityMetadata
public void setFederationEntityMetadata(FederationEntityMetadata entityMetadata)
Sets the federation entity metadata if present for this entity.- Parameters:
entityMetadata
- The federation entity metadata,null
if not specified.
-
getMetadataPolicyJSONObject
public net.minidev.json.JSONObject getMetadataPolicyJSONObject()
Gets the complete metadata policy JSON object.- Returns:
- The metadata policy JSON object,
null
if not specified or if parsing failed.
-
setMetadataPolicyJSONObject
public void setMetadataPolicyJSONObject(net.minidev.json.JSONObject metadataPolicy)
Sets the complete metadata policy JSON object.- Parameters:
metadataPolicy
- The metadata policy JSON object,null
if not specified.
-
getMetadataPolicy
public MetadataPolicy getMetadataPolicy(FederationMetadataType type) throws PolicyViolationException
Gets the metadata policy for the specified type.- Parameters:
type
- The type. Must not benull
.- Returns:
- The metadata policy,
null
or if JSON parsing failed. - Throws:
PolicyViolationException
- On a policy violation.
-
setMetadataPolicy
public void setMetadataPolicy(FederationMetadataType type, MetadataPolicy metadataPolicy)
Sets the metadata policy for the specified type.- Parameters:
type
- The type. Must not benull
.metadataPolicy
- The metadata policy,null
if not specified.
-
getTrustAnchorID
public EntityID getTrustAnchorID()
Gets the used trust anchor in a explicit client registration in OpenID Connect Federation 1.0. Intended for entity statements issued by an OpenID provider for a Relying party performing explicit client registration only.Corresponds to thetrust_anchor_id
client metadata field.- Returns:
- The trust anchor ID,
null
if not specified.
-
setTrustAnchorID
public void setTrustAnchorID(EntityID trustAnchorID)
Sets the used trust anchor in a explicit client registration in OpenID Connect Federation 1.0. Intended for entity statements issued by an OpenID provider for a Relying party performing explicit client registration only.Corresponds to thetrust_anchor_id
client metadata field.- Parameters:
trustAnchorID
- The trust anchor ID,null
if not specified.
-
getConstraints
public TrustChainConstraints getConstraints()
Gets the trust chain constraints for subordinate entities.- Returns:
- The trust chain constraints,
null
if not specified or if parsing failed.
-
setConstraints
public void setConstraints(TrustChainConstraints constraints)
Sets the trust chain constraint for subordinate entities.- Parameters:
constraints
- The trust chain constraints,null
if not specified.
-
getCriticalExtensionClaims
public List<String> getCriticalExtensionClaims()
Gets the names of the critical extension claims.- Returns:
- The names of the critical extension claims,
null
if not specified or if parsing failed.
-
setCriticalExtensionClaims
public void setCriticalExtensionClaims(List<String> claimNames)
Sets the names of the critical extension claims.- Parameters:
claimNames
- The names of the critical extension claims,null
if not specified. Must not be an empty list.
-
getCriticalPolicyExtensions
public List<String> getCriticalPolicyExtensions()
Gets the names of the critical policy extensions.- Returns:
- The names of the critical policy extensions or if parsing failed.
-
setCriticalPolicyExtensions
public void setCriticalPolicyExtensions(List<String> extNames)
Sets the names of the critical policy extensions.- Parameters:
extNames
- The names of the critical policy extensions,null
if not specified. Must not be an empty list.
-
-