001/* 002 * oauth2-oidc-sdk 003 * 004 * Copyright 2012-2016, Connect2id Ltd and contributors. 005 * 006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 007 * this file except in compliance with the License. You may obtain a copy of the 008 * License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software distributed 013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the 015 * specific language governing permissions and limitations under the License. 016 */ 017 018package com.nimbusds.openid.connect.sdk.op; 019 020 021import java.net.URI; 022import java.util.Collections; 023import java.util.HashSet; 024import java.util.Set; 025 026import net.minidev.json.JSONObject; 027 028import com.nimbusds.oauth2.sdk.ParseException; 029import com.nimbusds.oauth2.sdk.as.AuthorizationServerEndpointMetadata; 030import com.nimbusds.oauth2.sdk.util.JSONObjectUtils; 031 032 033/** 034 * OpenID Provider (OP) endpoint metadata. 035 * 036 * <p>Related specifications: 037 * 038 * <ul> 039 * <li>OAuth 2.0 Authorization Server Metadata (RFC 8414) 040 * <li>OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound 041 * Access Tokens (RFC 8705) 042 * <li>OAuth 2.0 Device Flow for Browserless and Input Constrained Devices 043 * (draft-ietf-oauth-device-flow-14) 044 * <li>OpenID Connect Discovery 1.0, section 3. 045 * <li>OpenID Connect Session Management 1.0, section 2.1 (draft 28). 046 * <li>OpenID Connect Front-Channel Logout 1.0, section 3 (draft 02). 047 * <li>OpenID Connect Back-Channel Logout 1.0, section 2.1 (draft 07). 048 * <li>OpenID Connect Federation 1.0 (draft 22). 049 * </ul> 050 */ 051public class OIDCProviderEndpointMetadata extends AuthorizationServerEndpointMetadata implements ReadOnlyOIDCProviderEndpointMetadata { 052 053 /** 054 * The registered parameter names. 055 */ 056 private static final Set<String> REGISTERED_PARAMETER_NAMES; 057 058 059 static { 060 Set<String> p = new HashSet<>(AuthorizationServerEndpointMetadata.getRegisteredParameterNames()); 061 p.add("userinfo_endpoint"); 062 p.add("check_session_iframe"); 063 p.add("end_session_endpoint"); 064 REGISTERED_PARAMETER_NAMES = Collections.unmodifiableSet(p); 065 } 066 067 068 /** 069 * Gets the registered provider metadata parameter names for endpoints. 070 * 071 * @return The registered provider metadata parameter names for the 072 * endpoints, as an unmodifiable set. 073 */ 074 public static Set<String> getRegisteredParameterNames() { 075 076 return REGISTERED_PARAMETER_NAMES; 077 } 078 079 080 /** 081 * The UserInfo endpoint. 082 */ 083 private URI userInfoEndpoint; 084 085 086 /** 087 * The cross-origin check session iframe. 088 */ 089 private URI checkSessionIframe; 090 091 092 /** 093 * The logout endpoint. 094 */ 095 private URI endSessionEndpoint; 096 097 098 /** 099 * Creates a new OpenID Connect provider endpoint metadata instance. 100 */ 101 public OIDCProviderEndpointMetadata() { 102 } 103 104 105 /** 106 * Converts an authorisation server endpoint metadata to an OpenID 107 * Connect provider endpoint metadata instance. 108 * 109 * @param endpointMetadata The authorisation server endpoint metadata. 110 * Must not be {@code null}. 111 */ 112 public OIDCProviderEndpointMetadata(final AuthorizationServerEndpointMetadata endpointMetadata) { 113 114 setAuthorizationEndpointURI(endpointMetadata.getAuthorizationEndpointURI()); 115 setTokenEndpointURI(endpointMetadata.getTokenEndpointURI()); 116 setRegistrationEndpointURI(endpointMetadata.getRegistrationEndpointURI()); 117 setIntrospectionEndpointURI(endpointMetadata.getIntrospectionEndpointURI()); 118 setRevocationEndpointURI(endpointMetadata.getRevocationEndpointURI()); 119 setDeviceAuthorizationEndpointURI(endpointMetadata.getDeviceAuthorizationEndpointURI()); 120 setBackChannelAuthenticationEndpointURI(endpointMetadata.getBackChannelAuthenticationEndpointURI()); 121 setPushedAuthorizationRequestEndpointURI(endpointMetadata.getPushedAuthorizationRequestEndpointURI()); 122 setRequestObjectEndpoint(endpointMetadata.getRequestObjectEndpoint()); 123 setFederationRegistrationEndpointURI(endpointMetadata.getFederationRegistrationEndpointURI()); 124 } 125 126 127 @Override 128 public URI getUserInfoEndpointURI() { 129 return userInfoEndpoint; 130 } 131 132 133 /** 134 * Sets the UserInfo endpoint URI. Corresponds the 135 * {@code userinfo_endpoint} metadata field. 136 * 137 * @param userInfoEndpoint The UserInfo endpoint URI, {@code null} if 138 * not specified. 139 */ 140 public void setUserInfoEndpointURI(final URI userInfoEndpoint) { 141 this.userInfoEndpoint = userInfoEndpoint; 142 } 143 144 145 @Override 146 public URI getCheckSessionIframeURI() { 147 return checkSessionIframe; 148 } 149 150 151 /** 152 * Sets the cross-origin check session iframe URI. Corresponds to the 153 * {@code check_session_iframe} metadata field. 154 * 155 * @param checkSessionIframe The check session iframe URI, {@code null} 156 * if not specified. 157 */ 158 public void setCheckSessionIframeURI(final URI checkSessionIframe) { 159 this.checkSessionIframe = checkSessionIframe; 160 } 161 162 163 @Override 164 public URI getEndSessionEndpointURI() { 165 return endSessionEndpoint; 166 } 167 168 169 /** 170 * Sets the logout endpoint URI. Corresponds to the 171 * {@code end_session_endpoint} metadata field. 172 * 173 * @param endSessionEndpoint The logoout endpoint URI, {@code null} if 174 * not specified. 175 */ 176 public void setEndSessionEndpointURI(final URI endSessionEndpoint) { 177 this.endSessionEndpoint = endSessionEndpoint; 178 } 179 180 181 @Override 182 public JSONObject toJSONObject() { 183 184 JSONObject o = super.toJSONObject(); 185 186 if (getUserInfoEndpointURI() != null) 187 o.put("userinfo_endpoint", getUserInfoEndpointURI().toString()); 188 189 if (getCheckSessionIframeURI() != null) 190 o.put("check_session_iframe", getCheckSessionIframeURI().toString()); 191 192 if (getEndSessionEndpointURI() != null) 193 o.put("end_session_endpoint", getEndSessionEndpointURI().toString()); 194 195 return o; 196 } 197 198 199 /** 200 * Parses an OAuth 2.0 Authorisation Server endpoint metadata from the specified 201 * JSON object. 202 * 203 * @param jsonObject The JSON object to parse. Must not be 204 * {@code null}. 205 * 206 * @return The OAuth 2.0 Authorisation Server endpoint metadata. 207 * 208 * @throws ParseException If the JSON object couldn't be parsed to an 209 * OAuth 2.0 Authorisation Server endpoint metadata. 210 */ 211 public static OIDCProviderEndpointMetadata parse(final JSONObject jsonObject) 212 throws ParseException { 213 214 AuthorizationServerEndpointMetadata as = AuthorizationServerEndpointMetadata.parse(jsonObject); 215 216 OIDCProviderEndpointMetadata op = new OIDCProviderEndpointMetadata(); 217 218 op.setAuthorizationEndpointURI(as.getAuthorizationEndpointURI()); 219 op.setTokenEndpointURI(as.getTokenEndpointURI()); 220 op.setRegistrationEndpointURI(as.getRegistrationEndpointURI()); 221 op.setIntrospectionEndpointURI(as.getIntrospectionEndpointURI()); 222 op.setRevocationEndpointURI(as.getRevocationEndpointURI()); 223 op.setDeviceAuthorizationEndpointURI(as.getDeviceAuthorizationEndpointURI()); 224 op.setBackChannelAuthenticationEndpointURI(as.getBackChannelAuthenticationEndpointURI()); 225 op.setPushedAuthorizationRequestEndpointURI(as.getPushedAuthorizationRequestEndpointURI()); 226 op.setFederationRegistrationEndpointURI(as.getFederationRegistrationEndpointURI()); 227 op.setRequestObjectEndpoint(as.getRequestObjectEndpoint()); 228 op.userInfoEndpoint = JSONObjectUtils.getURI(jsonObject, "userinfo_endpoint", null); 229 op.checkSessionIframe = JSONObjectUtils.getURI(jsonObject, "check_session_iframe", null); 230 op.endSessionEndpoint = JSONObjectUtils.getURI(jsonObject, "end_session_endpoint", null); 231 232 return op; 233 } 234}