001/* 002 * oauth2-oidc-sdk 003 * 004 * Copyright 2012-2016, Connect2id Ltd and contributors. 005 * 006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 007 * this file except in compliance with the License. You may obtain a copy of the 008 * License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software distributed 013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the 015 * specific language governing permissions and limitations under the License. 016 */ 017 018package com.nimbusds.openid.connect.sdk.assurance; 019 020 021import java.util.Collections; 022import java.util.LinkedList; 023import java.util.List; 024 025import net.jcip.annotations.Immutable; 026import net.minidev.json.JSONArray; 027import net.minidev.json.JSONAware; 028import net.minidev.json.JSONObject; 029 030import com.nimbusds.oauth2.sdk.ParseException; 031import com.nimbusds.oauth2.sdk.util.JSONArrayUtils; 032import com.nimbusds.oauth2.sdk.util.JSONObjectUtils; 033import com.nimbusds.oauth2.sdk.util.StringUtils; 034import com.nimbusds.oauth2.sdk.util.date.DateWithTimeZoneOffset; 035import com.nimbusds.openid.connect.sdk.assurance.evidences.IdentityEvidence; 036 037 038/** 039 * Identity verification. 040 * 041 * <p>Related specifications: 042 * 043 * <ul> 044 * <li>OpenID Connect for Identity Assurance 1.0, section 5.1. 045 * </ul> 046 */ 047@Immutable 048public final class IdentityVerification implements JSONAware { 049 050 051 /** 052 * The trust framework. 053 */ 054 private final IdentityTrustFramework trustFramework; 055 056 057 /** 058 * The assurance level if required by the trust framework. 059 */ 060 private final IdentityAssuranceLevel assuranceLevel; 061 062 063 /** 064 * The assurance process if required by the trust framework. 065 */ 066 private final IdentityAssuranceProcess assuranceProcess; 067 068 069 /** 070 * The verification timestamp if required by the trust framework. 071 */ 072 private final DateWithTimeZoneOffset time; 073 074 075 /** 076 * The verification process reference if required by the trust 077 * framework. 078 */ 079 private final VerificationProcess verificationProcess; 080 081 082 /** 083 * The identity evidences. 084 */ 085 private final List<IdentityEvidence> evidence; 086 087 088 /** 089 * Creates a new identity verification with a single evidence. 090 * 091 * @param trustFramework The trust framework. Must not be 092 * {@code null}. 093 * @param time The verification timestamp if required by 094 * the trust framework, {@code null} if not 095 * required. 096 * @param verificationProcess The verification process reference if 097 * required by the trust framework, 098 * {@code null} if not required. 099 * @param evidence The identity evidence, {@code null} if 100 * not specified. 101 */ 102 @Deprecated 103 public IdentityVerification(final IdentityTrustFramework trustFramework, 104 final DateWithTimeZoneOffset time, 105 final VerificationProcess verificationProcess, 106 final IdentityEvidence evidence) { 107 108 this(trustFramework, time, verificationProcess, Collections.singletonList(evidence)); 109 } 110 111 112 /** 113 * Creates a new identity verification with a single evidence. 114 * 115 * @param trustFramework The trust framework. Must not be 116 * {@code null}. 117 * @param assuranceLevel The assurance level if required by the 118 * trust framework, {@code null} if not 119 * required. 120 * @param assuranceProcess The assurance process if required by the 121 * trust framework, {@code null} if not 122 * required. 123 * @param time The verification timestamp if required by 124 * the trust framework, {@code null} if not 125 * required. 126 * @param verificationProcess The verification process reference if 127 * required by the trust framework, 128 * {@code null} if not required. 129 * @param evidence The identity evidence, {@code null} if 130 * not specified. 131 */ 132 public IdentityVerification(final IdentityTrustFramework trustFramework, 133 final IdentityAssuranceLevel assuranceLevel, 134 final IdentityAssuranceProcess assuranceProcess, 135 final DateWithTimeZoneOffset time, 136 final VerificationProcess verificationProcess, 137 final IdentityEvidence evidence) { 138 139 this(trustFramework, assuranceLevel, assuranceProcess, time, verificationProcess, Collections.singletonList(evidence)); 140 } 141 142 143 /** 144 * Creates a new identity verification with multiple evidences. 145 * 146 * @param trustFramework The trust framework. Must not be 147 * {@code null}. 148 * @param time The verification timestamp if required by 149 * the trust framework, {@code null} if not 150 * required. 151 * @param verificationProcess The verification process reference if 152 * required by the trust framework, 153 * {@code null} if not required. 154 * @param evidence The identity evidences, {@code null} if 155 * not specified. 156 */ 157 @Deprecated 158 public IdentityVerification(final IdentityTrustFramework trustFramework, 159 final DateWithTimeZoneOffset time, 160 final VerificationProcess verificationProcess, 161 final List<IdentityEvidence> evidence) { 162 163 this(trustFramework, null, null, time, verificationProcess, evidence); 164 } 165 166 167 /** 168 * Creates a new identity verification with multiple evidences. 169 * 170 * @param trustFramework The trust framework. Must not be 171 * {@code null}. 172 * @param assuranceLevel The assurance level if required by the 173 * trust framework, {@code null} if not 174 * required. 175 * @param assuranceProcess The assurance process if required by the 176 * trust framework, {@code null} if not 177 * required. 178 * @param time The verification timestamp if required by 179 * the trust framework, {@code null} if not 180 * required. 181 * @param verificationProcess The verification process reference if 182 * required by the trust framework, 183 * {@code null} if not required. 184 * @param evidence The identity evidences, {@code null} if 185 * not specified. 186 */ 187 public IdentityVerification(final IdentityTrustFramework trustFramework, 188 final IdentityAssuranceLevel assuranceLevel, 189 final IdentityAssuranceProcess assuranceProcess, 190 final DateWithTimeZoneOffset time, 191 final VerificationProcess verificationProcess, 192 final List<IdentityEvidence> evidence) { 193 194 if (trustFramework == null) { 195 throw new IllegalArgumentException("The trust framework must not be null"); 196 } 197 this.trustFramework = trustFramework; 198 199 this.assuranceLevel = assuranceLevel; 200 this.assuranceProcess = assuranceProcess; 201 this.time = time; 202 this.verificationProcess = verificationProcess; 203 this.evidence = evidence; 204 } 205 206 207 /** 208 * Returns the trust framework. 209 * 210 * @return The trust framework. 211 */ 212 public IdentityTrustFramework getTrustFramework() { 213 return trustFramework; 214 } 215 216 217 /** 218 * Returns the assurance level. 219 * 220 * @return The assurance level if required by the trust framework, 221 * {@code null} if not specified. 222 */ 223 public IdentityAssuranceLevel getAssuranceLevel() { 224 return assuranceLevel; 225 } 226 227 228 /** 229 * Returns the assurance process. 230 * 231 * @return The assurance process if required by the trust framework, 232 * {@code null} if not specified. 233 */ 234 public IdentityAssuranceProcess getAssuranceProcess() { 235 return assuranceProcess; 236 } 237 238 239 /** 240 * Returns the verification timestamp. 241 * 242 * @return The verification timestamp if required by the trust 243 * framework, {@code null} if not specified. 244 */ 245 public DateWithTimeZoneOffset getVerificationTime() { 246 return time; 247 } 248 249 250 /** 251 * Returns the verification process reference. 252 * 253 * @return The verification process reference if required by the trust 254 * framework, {@code null} if not specified. 255 */ 256 public VerificationProcess getVerificationProcess() { 257 return verificationProcess; 258 } 259 260 261 /** 262 * Returns the identity evidence. 263 * 264 * @return The identity evidence, {@code null} or empty if not 265 * specified. 266 */ 267 public List<IdentityEvidence> getEvidence() { 268 return evidence; 269 } 270 271 272 /** 273 * Returns a JSON object representation of this identity verification. 274 * 275 * @return The JSON object. 276 */ 277 public JSONObject toJSONObject() { 278 279 JSONObject o = new JSONObject(); 280 o.put("trust_framework", getTrustFramework().getValue()); 281 282 if (getAssuranceLevel() != null) { 283 o.put("assurance_level", getAssuranceLevel().getValue()); 284 } 285 286 if (getAssuranceProcess() != null) { 287 o.put("assurance_process", getAssuranceProcess().toJSONObject()); 288 } 289 290 if (getVerificationTime() != null) { 291 o.put("time", getVerificationTime().toISO8601String()); 292 } 293 294 if (getVerificationProcess() != null) { 295 o.put("verification_process", getVerificationProcess().getValue()); 296 } 297 298 if (getEvidence() != null) { 299 JSONArray evidenceArray = new JSONArray(); 300 for (IdentityEvidence ev : getEvidence()) { 301 if (ev != null) { 302 evidenceArray.add(ev.toJSONObject()); 303 } 304 } 305 if (! evidenceArray.isEmpty()) { 306 o.put("evidence", evidenceArray); 307 } 308 } 309 310 return o; 311 } 312 313 314 @Override 315 public String toJSONString() { 316 317 return toJSONObject().toJSONString(); 318 } 319 320 321 /** 322 * Parses an identity verification from the specified JSON object. 323 * 324 * @param jsonObject The JSON object. Must not be {@code null}. 325 * 326 * @return The identity verification. 327 * 328 * @throws ParseException If parsing failed. 329 */ 330 public static IdentityVerification parse(final JSONObject jsonObject) 331 throws ParseException { 332 333 IdentityTrustFramework trustFramework = new IdentityTrustFramework(JSONObjectUtils.getString(jsonObject, "trust_framework")); 334 335 IdentityAssuranceLevel assuranceLevel = null; 336 String stringValue = JSONObjectUtils.getString(jsonObject, "assurance_level", null); 337 if (StringUtils.isNotBlank(stringValue)) { 338 assuranceLevel = new IdentityAssuranceLevel(stringValue); 339 } 340 341 IdentityAssuranceProcess assuranceProcess = null; 342 JSONObject jsonObjectValue = JSONObjectUtils.getJSONObject(jsonObject, "assurance_process", null); 343 if (jsonObjectValue != null) { 344 assuranceProcess = IdentityAssuranceProcess.parse(jsonObjectValue); 345 } 346 347 DateWithTimeZoneOffset time = null; 348 stringValue = JSONObjectUtils.getString(jsonObject, "time", null); 349 if (StringUtils.isNotBlank(stringValue)) { 350 time = DateWithTimeZoneOffset.parseISO8601String(stringValue); 351 } 352 353 VerificationProcess verificationProcess = null; 354 stringValue = JSONObjectUtils.getString(jsonObject, "verification_process", null); 355 if (StringUtils.isNotBlank(stringValue)) { 356 verificationProcess = new VerificationProcess(stringValue); 357 } 358 359 List<IdentityEvidence> evidence = null; 360 if (jsonObject.get("evidence") != null) { 361 evidence = new LinkedList<>(); 362 JSONArray jsonArray = JSONObjectUtils.getJSONArray(jsonObject, "evidence"); 363 for (JSONObject item : JSONArrayUtils.toJSONObjectList(jsonArray)) { 364 evidence.add(IdentityEvidence.parse(item)); 365 } 366 } 367 368 return new IdentityVerification(trustFramework, assuranceLevel, assuranceProcess, time, verificationProcess, evidence); 369 } 370}