Source code

001/*
002 * oauth2-oidc-sdk
003 *
004 * Copyright 2012-2024, Connect2id Ltd and contributors.
005 *
006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use
007 * this file except in compliance with the License. You may obtain a copy of the
008 * License at
009 *
010 *    http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software distributed
013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the
015 * specific language governing permissions and limitations under the License.
016 */
017
018package com.nimbusds.oauth2.sdk.dpop.verifiers;
019
020
021import com.nimbusds.oauth2.sdk.id.JWTID;
022import net.jcip.annotations.Immutable;
023
024import java.util.Objects;
025
026
027/**
028 * DPoP proof use.
029 */
030@Immutable
031public final class DPoPProofUse {
032
033
034        private final DPoPIssuer iss;
035
036        private final JWTID jti;
037
038        private final long maxAge;
039
040
041        /**
042         * Creates new DPoP proof use.
043         *
044         * @param iss    The DPoP proof issuer. Must not be {@code null}.
045         * @param jti    The DPoP proof JWT ID. Must not be {@code null}.
046         * @param maxAge The maximum accepted DPoP proof "iat" age relative to
047         *               the current system time, in seconds. Intended to limit
048         *               replay by bounding how long a proof is valid after
049         *               issue.
050         */
051        public DPoPProofUse(final DPoPIssuer iss, final JWTID jti, final long maxAge) {
052                this.jti = Objects.requireNonNull(jti);
053                this.iss = Objects.requireNonNull(iss);
054                if (maxAge < 0) {
055                        throw new IllegalArgumentException("The DPoP proof max age must be non-negative");
056                }
057                this.maxAge = maxAge;
058        }
059
060
061        /**
062         * Returns the DPoP proof issuer.
063         *
064         * @return The issuer.
065         */
066        public DPoPIssuer getIssuer() {
067                return iss;
068        }
069
070
071        /**
072         * Returns the DPoP proof JWT ID.
073         *
074         * @return The JWT ID.
075         */
076        public JWTID getJWTID() {
077                return jti;
078        }
079
080
081        /**
082         * Returns the maximum accepted DPoP proof "iat" age relative to the
083         * current system time, in seconds. Intended to limit replay by
084         * bounding how long a proof is valid after issue.
085         *
086         * @return The maximum accepted DPoP proof {@code iat} age.
087         */
088        public long getMaxAge() {
089                return maxAge;
090        }
091}