001/* 002 * oauth2-oidc-sdk 003 * 004 * Copyright 2012-2016, Connect2id Ltd and contributors. 005 * 006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 007 * this file except in compliance with the License. You may obtain a copy of the 008 * License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software distributed 013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the 015 * specific language governing permissions and limitations under the License. 016 */ 017 018package com.nimbusds.openid.connect.sdk.op; 019 020 021import java.net.URI; 022import java.util.Collections; 023import java.util.HashSet; 024import java.util.Set; 025 026import net.minidev.json.JSONObject; 027 028import com.nimbusds.oauth2.sdk.ParseException; 029import com.nimbusds.oauth2.sdk.as.AuthorizationServerEndpointMetadata; 030import com.nimbusds.oauth2.sdk.util.JSONObjectUtils; 031 032 033/** 034 * OpenID Provider (OP) endpoint metadata. 035 * 036 * <p>Related specifications: 037 * 038 * <ul> 039 * <li>OAuth 2.0 Authorization Server Metadata (RFC 8414) 040 * <li>OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound 041 * Access Tokens (RFC 8705) 042 * <li>OAuth 2.0 Device Authorization Grant (RFC 8628) 043 * <li>OpenID Connect Discovery 1.0 044 * <li>OpenID Connect Session Management 1.0 045 * <li>OpenID Connect Front-Channel Logout 1.0 046 * <li>OpenID Connect Back-Channel Logout 1.0 047 * <li>OpenID Connect Federation 1.0 048 * </ul> 049 */ 050public class OIDCProviderEndpointMetadata extends AuthorizationServerEndpointMetadata implements ReadOnlyOIDCProviderEndpointMetadata { 051 052 /** 053 * The registered parameter names. 054 */ 055 private static final Set<String> REGISTERED_PARAMETER_NAMES; 056 057 058 static { 059 Set<String> p = new HashSet<>(AuthorizationServerEndpointMetadata.getRegisteredParameterNames()); 060 p.add("userinfo_endpoint"); 061 p.add("check_session_iframe"); 062 p.add("end_session_endpoint"); 063 REGISTERED_PARAMETER_NAMES = Collections.unmodifiableSet(p); 064 } 065 066 067 /** 068 * Gets the registered provider metadata parameter names for endpoints. 069 * 070 * @return The registered provider metadata parameter names for the 071 * endpoints, as an unmodifiable set. 072 */ 073 public static Set<String> getRegisteredParameterNames() { 074 075 return REGISTERED_PARAMETER_NAMES; 076 } 077 078 079 /** 080 * The UserInfo endpoint. 081 */ 082 private URI userInfoEndpoint; 083 084 085 /** 086 * The cross-origin check session iframe. 087 */ 088 private URI checkSessionIframe; 089 090 091 /** 092 * The logout endpoint. 093 */ 094 private URI endSessionEndpoint; 095 096 097 /** 098 * Creates a new OpenID Connect provider endpoint metadata instance. 099 */ 100 public OIDCProviderEndpointMetadata() { 101 } 102 103 104 /** 105 * Converts an authorisation server endpoint metadata to an OpenID 106 * Connect provider endpoint metadata instance. 107 * 108 * @param endpointMetadata The authorisation server endpoint metadata. 109 * Must not be {@code null}. 110 */ 111 public OIDCProviderEndpointMetadata(final AuthorizationServerEndpointMetadata endpointMetadata) { 112 113 setAuthorizationEndpointURI(endpointMetadata.getAuthorizationEndpointURI()); 114 setTokenEndpointURI(endpointMetadata.getTokenEndpointURI()); 115 setRegistrationEndpointURI(endpointMetadata.getRegistrationEndpointURI()); 116 setIntrospectionEndpointURI(endpointMetadata.getIntrospectionEndpointURI()); 117 setRevocationEndpointURI(endpointMetadata.getRevocationEndpointURI()); 118 setDeviceAuthorizationEndpointURI(endpointMetadata.getDeviceAuthorizationEndpointURI()); 119 setBackChannelAuthenticationEndpointURI(endpointMetadata.getBackChannelAuthenticationEndpointURI()); 120 setPushedAuthorizationRequestEndpointURI(endpointMetadata.getPushedAuthorizationRequestEndpointURI()); 121 setRequestObjectEndpoint(endpointMetadata.getRequestObjectEndpoint()); 122 setFederationRegistrationEndpointURI(endpointMetadata.getFederationRegistrationEndpointURI()); 123 } 124 125 126 @Override 127 public URI getUserInfoEndpointURI() { 128 return userInfoEndpoint; 129 } 130 131 132 /** 133 * Sets the UserInfo endpoint URI. Corresponds the 134 * {@code userinfo_endpoint} metadata field. 135 * 136 * @param userInfoEndpoint The UserInfo endpoint URI, {@code null} if 137 * not specified. 138 */ 139 public void setUserInfoEndpointURI(final URI userInfoEndpoint) { 140 this.userInfoEndpoint = userInfoEndpoint; 141 } 142 143 144 @Override 145 public URI getCheckSessionIframeURI() { 146 return checkSessionIframe; 147 } 148 149 150 /** 151 * Sets the cross-origin check session iframe URI. Corresponds to the 152 * {@code check_session_iframe} metadata field. 153 * 154 * @param checkSessionIframe The check session iframe URI, {@code null} 155 * if not specified. 156 */ 157 public void setCheckSessionIframeURI(final URI checkSessionIframe) { 158 this.checkSessionIframe = checkSessionIframe; 159 } 160 161 162 @Override 163 public URI getEndSessionEndpointURI() { 164 return endSessionEndpoint; 165 } 166 167 168 /** 169 * Sets the logout endpoint URI. Corresponds to the 170 * {@code end_session_endpoint} metadata field. 171 * 172 * @param endSessionEndpoint The logoout endpoint URI, {@code null} if 173 * not specified. 174 */ 175 public void setEndSessionEndpointURI(final URI endSessionEndpoint) { 176 this.endSessionEndpoint = endSessionEndpoint; 177 } 178 179 180 @Override 181 public JSONObject toJSONObject() { 182 183 JSONObject o = super.toJSONObject(); 184 185 if (getUserInfoEndpointURI() != null) 186 o.put("userinfo_endpoint", getUserInfoEndpointURI().toString()); 187 188 if (getCheckSessionIframeURI() != null) 189 o.put("check_session_iframe", getCheckSessionIframeURI().toString()); 190 191 if (getEndSessionEndpointURI() != null) 192 o.put("end_session_endpoint", getEndSessionEndpointURI().toString()); 193 194 return o; 195 } 196 197 198 /** 199 * Parses an OAuth 2.0 Authorisation Server endpoint metadata from the specified 200 * JSON object. 201 * 202 * @param jsonObject The JSON object to parse. Must not be 203 * {@code null}. 204 * 205 * @return The OAuth 2.0 Authorisation Server endpoint metadata. 206 * 207 * @throws ParseException If the JSON object couldn't be parsed to an 208 * OAuth 2.0 Authorisation Server endpoint metadata. 209 */ 210 public static OIDCProviderEndpointMetadata parse(final JSONObject jsonObject) 211 throws ParseException { 212 213 AuthorizationServerEndpointMetadata as = AuthorizationServerEndpointMetadata.parse(jsonObject); 214 215 OIDCProviderEndpointMetadata op = new OIDCProviderEndpointMetadata(); 216 217 op.setAuthorizationEndpointURI(as.getAuthorizationEndpointURI()); 218 op.setTokenEndpointURI(as.getTokenEndpointURI()); 219 op.setRegistrationEndpointURI(as.getRegistrationEndpointURI()); 220 op.setIntrospectionEndpointURI(as.getIntrospectionEndpointURI()); 221 op.setRevocationEndpointURI(as.getRevocationEndpointURI()); 222 op.setDeviceAuthorizationEndpointURI(as.getDeviceAuthorizationEndpointURI()); 223 op.setBackChannelAuthenticationEndpointURI(as.getBackChannelAuthenticationEndpointURI()); 224 op.setPushedAuthorizationRequestEndpointURI(as.getPushedAuthorizationRequestEndpointURI()); 225 op.setFederationRegistrationEndpointURI(as.getFederationRegistrationEndpointURI()); 226 op.setRequestObjectEndpoint(as.getRequestObjectEndpoint()); 227 op.userInfoEndpoint = JSONObjectUtils.getURI(jsonObject, "userinfo_endpoint", null); 228 op.checkSessionIframe = JSONObjectUtils.getURI(jsonObject, "check_session_iframe", null); 229 op.endSessionEndpoint = JSONObjectUtils.getURI(jsonObject, "end_session_endpoint", null); 230 231 return op; 232 } 233}