Class EntityStatement
- java.lang.Object
-
- com.nimbusds.openid.connect.sdk.federation.entities.EntityStatement
-
@Immutable public final class EntityStatement extends Object
Federation entity statement.Related specifications:
- OpenID Connect Federation 1.0, section 2.1.
-
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description EntityStatementClaimsSet
getClaimsSet()
Returns the statement claims.EntityID
getEntityID()
Returns the entity ID.com.nimbusds.jwt.SignedJWT
getSignedStatement()
Returns the signed statement.boolean
isTrustAnchor()
Returnstrue
if this entity statement is for atrust anchor
.static EntityStatement
parse(com.nimbusds.jwt.SignedJWT signedStmt)
Parses a federation entity statement.static EntityStatement
parse(String signedStmtString)
Parses a federation entity statement.static EntityStatement
sign(EntityStatementClaimsSet claimsSet, com.nimbusds.jose.jwk.JWK signingJWK)
Signs the specified federation entity claims set.static EntityStatement
sign(EntityStatementClaimsSet claimsSet, com.nimbusds.jose.jwk.JWK signingJWK, com.nimbusds.jose.JWSAlgorithm jwsAlg)
Signs the specified federation entity claims set.com.nimbusds.jose.util.Base64URL
verifySignature(com.nimbusds.jose.jwk.JWKSet jwkSet)
Verifies the signature and checks the statement issue and expiration times.com.nimbusds.jose.util.Base64URL
verifySignatureOfSelfStatement()
Verifies the signature for a self-statement (typically for a trust anchor or leaf) and checks the statement issue and expiration times.
-
-
-
Method Detail
-
getEntityID
public EntityID getEntityID()
Returns the entity ID.- Returns:
- The entity ID.
-
getSignedStatement
public com.nimbusds.jwt.SignedJWT getSignedStatement()
Returns the signed statement.- Returns:
- The signed statement as signed JWT.
-
getClaimsSet
public EntityStatementClaimsSet getClaimsSet()
Returns the statement claims.- Returns:
- The statement claims.
-
isTrustAnchor
public boolean isTrustAnchor()
Returnstrue
if this entity statement is for atrust anchor
.- Returns:
true
for a trust anchor, elsefalse
.
-
verifySignatureOfSelfStatement
public com.nimbusds.jose.util.Base64URL verifySignatureOfSelfStatement() throws com.nimbusds.jose.proc.BadJOSEException, com.nimbusds.jose.JOSEException
Verifies the signature for a self-statement (typically for a trust anchor or leaf) and checks the statement issue and expiration times.- Returns:
- The SHA-256 thumbprint of the key used to successfully verify the signature.
- Throws:
com.nimbusds.jose.proc.BadJOSEException
- If the signature is invalid or the statement is expired or before the issue time.com.nimbusds.jose.JOSEException
- On a internal JOSE exception.
-
verifySignature
public com.nimbusds.jose.util.Base64URL verifySignature(com.nimbusds.jose.jwk.JWKSet jwkSet) throws com.nimbusds.jose.proc.BadJOSEException, com.nimbusds.jose.JOSEException
Verifies the signature and checks the statement issue and expiration times.- Parameters:
jwkSet
- The JWK set to use for the signature verification. Must not benull
.- Returns:
- The SHA-256 thumbprint of the key used to successfully verify the signature.
- Throws:
com.nimbusds.jose.proc.BadJOSEException
- If the signature is invalid or the statement is expired or before the issue time.com.nimbusds.jose.JOSEException
- On a internal JOSE exception.
-
sign
public static EntityStatement sign(EntityStatementClaimsSet claimsSet, com.nimbusds.jose.jwk.JWK signingJWK) throws com.nimbusds.jose.JOSEException
Signs the specified federation entity claims set.- Parameters:
claimsSet
- The claims set. Must not benull
.signingJWK
- The private signing JWK. Must be contained in the entity JWK set and notnull
.- Returns:
- The signed federation entity statement.
- Throws:
com.nimbusds.jose.JOSEException
- On a internal signing exception.
-
sign
public static EntityStatement sign(EntityStatementClaimsSet claimsSet, com.nimbusds.jose.jwk.JWK signingJWK, com.nimbusds.jose.JWSAlgorithm jwsAlg) throws com.nimbusds.jose.JOSEException
Signs the specified federation entity claims set.- Parameters:
claimsSet
- The claims set. Must not benull
.signingJWK
- The private signing JWK. Must be contained in the entity JWK set and notnull
.jwsAlg
- The signing algorithm. Must be supported by the JWK and notnull
.- Returns:
- The signed federation entity statement.
- Throws:
com.nimbusds.jose.JOSEException
- On a internal signing exception.
-
parse
public static EntityStatement parse(com.nimbusds.jwt.SignedJWT signedStmt) throws ParseException
Parses a federation entity statement.- Parameters:
signedStmt
- The signed statement as a signed JWT. Must not benull
.- Returns:
- The federation entity statement.
- Throws:
ParseException
- If parsing failed.
-
parse
public static EntityStatement parse(String signedStmtString) throws ParseException
Parses a federation entity statement.- Parameters:
signedStmtString
- The signed statement as a signed JWT string. Must not benull
.- Returns:
- The federation entity statement.
- Throws:
ParseException
- If parsing failed.
-
-