Source code

001/*
002 * oauth2-oidc-sdk
003 *
004 * Copyright 2012-2016, Connect2id Ltd and contributors.
005 *
006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use
007 * this file except in compliance with the License. You may obtain a copy of the
008 * License at
009 *
010 *    http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software distributed
013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the
015 * specific language governing permissions and limitations under the License.
016 */
017
018package com.nimbusds.oauth2.sdk.assertions;
019
020
021import java.util.Date;
022import java.util.List;
023
024import com.nimbusds.oauth2.sdk.id.*;
025
026
027/**
028 * Common assertion details used in JWT bearer assertions and SAML 2.0 bearer
029 * assertions.
030 *
031 * <p>Related specifications:
032 *
033 * <ul>
034 *     <li>Assertion Framework for OAuth 2.0 Client Authentication and
035 *         Authorization Grants (RFC 7521), section 5.1.
036 * </ul>
037 */
038public abstract class AssertionDetails {
039        
040
041        /**
042         * The issuer (required).
043         */
044        private final Issuer issuer;
045
046
047        /**
048         * The subject (required).
049         */
050        private final Subject subject;
051
052
053        /**
054         * The audience that this assertion is intended for (required).
055         */
056        private final List<Audience> audience;
057
058
059        /**
060         * The time at which this assertion was issued (optional).
061         */
062        private final Date iat;
063
064
065        /**
066         * The expiration time that limits the time window during which the
067         * assertion can be used (required).
068         */
069        private final Date exp;
070
071
072        /**
073         * Unique identifier for the assertion (optional). The identifier may
074         * be used by implementations requiring message de-duplication for
075         * one-time use assertions.
076         */
077        private final Identifier id;
078
079
080        /**
081         * Creates a new assertion details instance.
082         *
083         * @param issuer   The issuer. Must not be {@code null}.
084         * @param subject  The subject. Must not be {@code null}.
085         * @param audience The audience, typically including the URI of the
086         *                 authorisation server's token endpoint. Must not be
087         *                 {@code null}.
088         * @param exp      The expiration time. Must not be {@code null}.
089         * @param iat      The time at which the assertion was issued,
090         *                 {@code null} if not specified.
091         * @param id       Unique identifier for the assertion, {@code null} if
092         *                 not specified.
093         */
094        public AssertionDetails(final Issuer issuer,
095                                final Subject subject,
096                                final List<Audience> audience,
097                                final Date iat,
098                                final Date exp,
099                                final Identifier id) {
100                if (issuer == null)
101                        throw new IllegalArgumentException("The issuer must not be null");
102
103                this.issuer = issuer;
104
105                if (subject == null)
106                        throw new IllegalArgumentException("The subject must not be null");
107
108                this.subject = subject;
109
110
111                if (audience == null || audience.isEmpty())
112                        throw new IllegalArgumentException("The audience must not be null or empty");
113
114                this.audience = audience;
115
116
117                if (exp == null)
118                        throw new IllegalArgumentException("The expiration time must not be null");
119                this.exp = exp;
120
121                this.iat = iat;
122
123                this.id = id;
124        }
125        
126        
127        /**
128         * Returns the issuer.
129         *
130         * @return The issuer.
131         */
132        public Issuer getIssuer() {
133                
134                return issuer;
135        }
136        
137        
138        /**
139         * Returns the subject.
140         *
141         * @return The subject.
142         */
143        public Subject getSubject() {
144                
145                return subject;
146        }
147        
148        
149        /**
150         * Returns the audience.
151         *
152         * @return The audience, typically including the URI of the
153         *         authorisation server's token endpoint.
154         */
155        public List<Audience> getAudience() {
156                
157                return audience;
158        }
159        
160        
161        /**
162         * Returns the expiration time.
163         *
164         * @return The expiration time.
165         */
166        public Date getExpirationTime() {
167                
168                return exp;
169        }
170        
171        
172        /**
173         * Returns the optional issue time.
174         *
175         * @return The issue time, {@code null} if not specified.
176         */
177        public Date getIssueTime() {
178                
179                return iat;
180        }
181        
182        
183        /**
184         * Returns the optional assertion identifier.
185         *
186         * @return The identifier, {@code null} if not specified.
187         */
188        public Identifier getID() {
189                
190                return id;
191        }
192}