001/* 002 * oauth2-oidc-sdk 003 * 004 * Copyright 2012-2020, Connect2id Ltd and contributors. 005 * 006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 007 * this file except in compliance with the License. You may obtain a copy of the 008 * License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software distributed 013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the 015 * specific language governing permissions and limitations under the License. 016 */ 017 018package com.nimbusds.oauth2.sdk.dpop; 019 020 021import java.net.URI; 022import java.util.Date; 023 024import com.nimbusds.jose.JOSEException; 025import com.nimbusds.jose.JOSEObjectType; 026import com.nimbusds.jwt.SignedJWT; 027import com.nimbusds.oauth2.sdk.id.JWTID; 028import com.nimbusds.oauth2.sdk.token.AccessToken; 029import com.nimbusds.openid.connect.sdk.Nonce; 030 031 032/** 033 * DPoP proof JWT factory. 034 */ 035public interface DPoPProofFactory { 036 037 038 /** 039 * The DPoP JWT (typ) type. 040 */ 041 JOSEObjectType TYPE = new JOSEObjectType("dpop+jwt"); 042 043 044 /** 045 * The minimal required JWT ID (jti) length, 12 bytes (96 bits). 046 */ 047 int MINIMAL_JTI_BYTE_LENGTH = 96 / 8; 048 049 050 /** 051 * Creates a new DPoP proof. 052 * 053 * @param htm The HTTP request method. Must not be {@code null}. 054 * @param htu The HTTP URI, without a query or fragment. Must not be 055 * {@code null}. 056 * 057 * @return The signed DPoP JWT. 058 * 059 * @throws JOSEException If signing failed. 060 */ 061 SignedJWT createDPoPJWT(final String htm, 062 final URI htu) 063 throws JOSEException; 064 065 066 /** 067 * Creates a new DPoP proof. 068 * 069 * @param htm The HTTP request method. Must not be {@code null}. 070 * @param htu The HTTP URI, without a query or fragment. Must not be 071 * {@code null}. 072 * @param nonce The nonce, {@code null} if not specified. 073 * 074 * @return The signed DPoP JWT. 075 * 076 * @throws JOSEException If signing failed. 077 */ 078 SignedJWT createDPoPJWT(final String htm, 079 final URI htu, 080 final Nonce nonce) 081 throws JOSEException; 082 083 084 /** 085 * Creates a new DPoP proof. 086 * 087 * @param htm The HTTP request method. Must not be 088 * {@code null}. 089 * @param htu The HTTP URI, without a query or fragment. Must 090 * not be {@code null}. 091 * @param accessToken The access token for the access token hash 092 * ("ath") claim computation, {@code null} if not 093 * specified. 094 * 095 * @return The signed DPoP JWT. 096 * 097 * @throws JOSEException If signing failed. 098 */ 099 SignedJWT createDPoPJWT(final String htm, 100 final URI htu, 101 final AccessToken accessToken) 102 throws JOSEException; 103 104 105 /** 106 * Creates a new DPoP proof. 107 * 108 * @param htm The HTTP request method. Must not be 109 * {@code null}. 110 * @param htu The HTTP URI, without a query or fragment. Must 111 * not be {@code null}. 112 * @param accessToken The access token for the access token hash 113 * ("ath") claim computation, {@code null} if not 114 * specified. 115 * @param nonce The nonce, {@code null} if not specified. 116 * 117 * @return The signed DPoP JWT. 118 * 119 * @throws JOSEException If signing failed. 120 */ 121 SignedJWT createDPoPJWT(final String htm, 122 final URI htu, 123 final AccessToken accessToken, 124 final Nonce nonce) 125 throws JOSEException; 126 127 128 /** 129 * Creates a new DPoP proof. 130 * 131 * @param jti The JWT ID. Must not be {@code null}. 132 * @param htm The HTTP request method. Must not be 133 * {@code null}. 134 * @param htu The HTTP URI, without a query or fragment. Must 135 * not be {@code null}. 136 * @param iat The issue time. Must not be {@code null}. 137 * @param accessToken The access token for the access token hash 138 * ("ath") claim computation, {@code null} if not 139 * specified. 140 * 141 * @return The signed DPoP JWT. 142 * 143 * @throws JOSEException If signing failed. 144 */ 145 @Deprecated 146 SignedJWT createDPoPJWT(final JWTID jti, 147 final String htm, 148 final URI htu, 149 final Date iat, 150 final AccessToken accessToken) 151 throws JOSEException; 152 153 154 /** 155 * Creates a new DPoP proof. 156 * 157 * @param jti The JWT ID. Must not be {@code null}. 158 * @param htm The HTTP request method. Must not be 159 * {@code null}. 160 * @param htu The HTTP URI, without a query or fragment. Must 161 * not be {@code null}. 162 * @param iat The issue time. Must not be {@code null}. 163 * @param accessToken The access token for the access token hash 164 * ("ath") claim computation, {@code null} if not 165 * specified. 166 * @param nonce The nonce, {@code null} if not specified. 167 * 168 * @return The signed DPoP JWT. 169 * 170 * @throws JOSEException If signing failed. 171 */ 172 SignedJWT createDPoPJWT(final JWTID jti, 173 final String htm, 174 final URI htu, 175 final Date iat, 176 final AccessToken accessToken, 177 final Nonce nonce) 178 throws JOSEException; 179}