001/* 002 * oauth2-oidc-sdk 003 * 004 * Copyright 2012-2016, Connect2id Ltd and contributors. 005 * 006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 007 * this file except in compliance with the License. You may obtain a copy of the 008 * License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software distributed 013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the 015 * specific language governing permissions and limitations under the License. 016 */ 017 018package com.nimbusds.oauth2.sdk; 019 020 021import com.nimbusds.oauth2.sdk.auth.ClientAuthentication; 022 023import java.net.URI; 024import java.util.Collections; 025import java.util.List; 026 027 028/** 029 * Abstract request with optional client authentication. Supports more than 030 * one client authentication method, for deployments that allow migration of 031 * the authentication methods for a client, for example, from 032 * {@code client_secret_basic} to {@code private_key_jwt}. 033 * 034 * <p>Client authentication methods: 035 * 036 * <ul> 037 * <li>{@link com.nimbusds.oauth2.sdk.auth.ClientSecretBasic client_secret_basic} 038 * <li>{@link com.nimbusds.oauth2.sdk.auth.ClientSecretPost client_secret_post} 039 * <li>{@link com.nimbusds.oauth2.sdk.auth.ClientSecretJWT client_secret_jwt} 040 * <li>{@link com.nimbusds.oauth2.sdk.auth.PrivateKeyJWT private_key_jwt} 041 * <li>{@link com.nimbusds.oauth2.sdk.auth.SelfSignedTLSClientAuthentication self_signed_tls_client_auth} 042 * <li>{@link com.nimbusds.oauth2.sdk.auth.PKITLSClientAuthentication tls_client_auth} 043 * </ul> 044 */ 045public abstract class AbstractOptionallyAuthenticatedRequest extends AbstractRequest { 046 047 048 /** 049 * The client authentication candidates, null if none. 050 */ 051 private final List<ClientAuthentication> clientAuth; 052 053 054 /** 055 * Creates a new abstract request with optional client authentication. 056 * 057 * @param endpoint The URI of the endpoint. May be {@code null} if 058 * the {@link #toHTTPRequest} method is not going to 059 * be used. 060 * @param clientAuth The client authentication, {@code null} if none. 061 */ 062 protected AbstractOptionallyAuthenticatedRequest(final URI endpoint, 063 final ClientAuthentication clientAuth) { 064 this(endpoint, clientAuth != null ? Collections.singletonList(clientAuth) : null); 065 } 066 067 068 /** 069 * Creates a new abstract request with optional client authentication 070 * candidates. 071 * 072 * @param endpoint The URI of the endpoint. May be 073 * {@code null} if the 074 * {@link #toHTTPRequest} method is not 075 * going to be used. 076 * @param clientAuthCandidates The client authentication candidates, 077 * {@code null} if none. 078 */ 079 public AbstractOptionallyAuthenticatedRequest(final URI endpoint, 080 final List<ClientAuthentication> clientAuthCandidates) { 081 super(endpoint); 082 this.clientAuth = clientAuthCandidates; 083 } 084 085 086 /** 087 * Returns the client authentication. 088 * 089 * @return The client authentication, {@code null} if none. 090 */ 091 public ClientAuthentication getClientAuthentication() { 092 return clientAuth != null && ! clientAuth.isEmpty() ? clientAuth.get(0) : null; 093 } 094 095 096 /** 097 * Returns the client authentication candidates. This method is 098 * intended for deployments that allow migration of the authentication 099 * methods for a client, for example from {@code client_secret_basic} 100 * to {@code private_key_jwt}. 101 * 102 * @return The client authentication candidates, empty list if none. 103 */ 104 public List<ClientAuthentication> getClientAuthenticationCandidates() { 105 return clientAuth; 106 } 107}