Source code

001/*
002 * oauth2-oidc-sdk
003 *
004 * Copyright 2012-2016, Connect2id Ltd and contributors.
005 *
006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use
007 * this file except in compliance with the License. You may obtain a copy of the
008 * License at
009 *
010 *    http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software distributed
013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the
015 * specific language governing permissions and limitations under the License.
016 */
017
018package com.nimbusds.openid.connect.sdk.claims;
019
020
021import net.jcip.annotations.Immutable;
022
023import com.nimbusds.oauth2.sdk.id.Identifier;
024
025
026/**
027 * Authentication Context Class Reference ({@code acr}). It identifies the 
028 * authentication context, i.e. the information that the relying party may 
029 * require before it makes an entitlements decision with respect to an 
030 * authentication response. Such context may include, but is not limited to, 
031 * the actual authentication method used or level of assurance such as 
032 * ITU-T X.1254 | ISO/IEC 29115 entity authentication assurance level.
033 *
034 * <p>The ACR is represented by a string or a URI string.
035 *
036 * <p>Related specifications:
037 *
038 * <ul>
039 *     <li>OpenID Connect Core 1.0
040 *     <li>OpenID Connect Extended Authentication Profile (EAP) ACR Values 1.0
041 *     <li>RFC 6711
042 *     <li>See ISO/IEC DIS 29115
043 * </ul>
044 */
045@Immutable
046public final class ACR extends Identifier {
047        
048        
049        private static final long serialVersionUID = 7234490015365923377L;
050        
051        
052        /**
053         * Phishing-Resistant. An authentication mechanism where a party
054         * potentially under the control of the Relying Party cannot gain
055         * sufficient information to be able to successfully authenticate to
056         * the End User's OpenID Provider as if that party were the End User.
057         * (Note that the potentially malicious Relying Party controls where
058         * the User-Agent is redirected to and thus may not send it to the End
059         * User's actual OpenID Provider). NOTE: These semantics are the same
060         * as those specified in [OpenID.PAPE].
061         */
062        public static final ACR PHR = new ACR("phr");
063        
064        
065        /**
066         * Phishing-Resistant Hardware-Protected. An authentication mechanism
067         * meeting the requirements for phishing-resistant {@link #PHR}
068         * authentication in which additionally information needed to be able
069         * to successfully authenticate to the End User's OpenID Provider as if
070         * that party were the End User is held in a hardware-protected device
071         * or component.
072         */
073        public static final ACR PHRH = new ACR("phrh");
074        
075        
076        /**
077         * Creates a new Authentication Context Class Reference (ACR) with the
078         * specified value.
079         *
080         * @param value The ACR value. Must not be {@code null}.
081         */
082        public ACR(final String value) {
083        
084                super(value);
085        }
086
087
088        @Override
089        public boolean equals(final Object object) {
090        
091                return object instanceof ACR &&
092                       this.toString().equals(object.toString());
093        }
094}