001/* 002 * oauth2-oidc-sdk 003 * 004 * Copyright 2012-2020, Connect2id Ltd and contributors. 005 * 006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 007 * this file except in compliance with the License. You may obtain a copy of the 008 * License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software distributed 013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the 015 * specific language governing permissions and limitations under the License. 016 */ 017 018package com.nimbusds.oauth2.sdk.dpop; 019 020 021import java.net.URI; 022import java.util.Date; 023 024import com.nimbusds.jose.JOSEException; 025import com.nimbusds.jose.JOSEObjectType; 026import com.nimbusds.jwt.SignedJWT; 027import com.nimbusds.oauth2.sdk.id.JWTID; 028import com.nimbusds.oauth2.sdk.token.AccessToken; 029 030 031/** 032 * DPoP proof JWT factory. 033 */ 034public interface DPoPProofFactory { 035 036 037 /** 038 * The DPoP JWT (typ) type. 039 */ 040 JOSEObjectType TYPE = new JOSEObjectType("dpop+jwt"); 041 042 043 /** 044 * The minimal required JWT ID (jti) length, 12 bytes (96 bits). 045 */ 046 int MINIMAL_JTI_BYTE_LENGTH = 96 / 8; 047 048 049 /** 050 * Creates a new DPoP proof. 051 * 052 * @param htm The HTTP request method. Must not be {@code null}. 053 * @param htu The HTTP URI, without a query or fragment. Must not be 054 * {@code null}. 055 * 056 * @return The signed DPoP JWT. 057 * 058 * @throws JOSEException If signing failed. 059 */ 060 SignedJWT createDPoPJWT(final String htm, 061 final URI htu) 062 throws JOSEException; 063 064 065 /** 066 * Creates a new DPoP proof. 067 * 068 * @param htm The HTTP request method. Must not be 069 * {@code null}. 070 * @param htu The HTTP URI, without a query or fragment. Must 071 * not be {@code null}. 072 * @param accessToken The access token for the access token hash 073 * ("ath") claim computation, {@code null} if not 074 * specified. 075 * 076 * @return The signed DPoP JWT. 077 * 078 * @throws JOSEException If signing failed. 079 */ 080 SignedJWT createDPoPJWT(final String htm, 081 final URI htu, 082 final AccessToken accessToken) 083 throws JOSEException; 084 085 086 /** 087 * Creates a new DPoP proof. 088 * 089 * @param jti The JWT ID. Must not be {@code null}. 090 * @param htm The HTTP request method. Must not be 091 * {@code null}. 092 * @param htu The HTTP URI, without a query or fragment. Must 093 * not be {@code null}. 094 * @param iat The issue time. Must not be {@code null}. 095 * @param accessToken The access token for the access token hash 096 * ("ath") claim computation, {@code null} if not 097 * specified. 098 * 099 * @return The signed DPoP JWT. 100 * 101 * @throws JOSEException If signing failed. 102 */ 103 SignedJWT createDPoPJWT(final JWTID jti, 104 final String htm, 105 final URI htu, 106 final Date iat, 107 final AccessToken accessToken) 108 throws JOSEException; 109}