Package com.nimbusds.openid.connect.sdk.federation.trust.constraints

Class TrustChainConstraints

  • All Implemented Interfaces:
    net.minidev.json.JSONAware
    @Immutable
public final class TrustChainConstraints
extends Object
implements net.minidev.json.JSONAware
    Trust chain constraints.

    Example JSON object: 

     {
   "max_path_length"    : 2,
   "naming_constraints" : {
        "permitted" : [ "https://example.com" ],
        "excluded"  : [ "https://east.example.com" ]
   },
   "allowed_leaf_entity_types" : [ "openid_provider", "openid_relying_party" ]
 }

    Related specifications:

    • OpenID Connect Federation 1.0, section 5.2.
    • RFC 5280, section 4.2.1.10.

    • Constructor Detail

      • TrustChainConstraints

        public TrustChainConstraints​(int maxPathLength)
        Creates a new trust chain constraints instance.
        Parameters:
        maxPathLength - The maximum number of entities between this and the leaf entity in the chain, -1 if not specified.

      • TrustChainConstraints

        public TrustChainConstraints​(int maxPathLength,
                             List<EntityIDConstraint> permittedEntityIDs,
                             List<EntityIDConstraint> excludedEntityIDs,
                             LeafEntityTypeConstraint leafEntityTypeConstraint)
        Creates a new trust chain constraints instance.
        Parameters:
        maxPathLength - The maximum number of entities between this and the leaf entity in the chain, -1 if not specified.
        permittedEntityIDs - The permitted entity IDs, null if not specified.
        excludedEntityIDs - The excluded entities, null if not specified.
        leafEntityTypeConstraint - The leaf entity type constraint, null if not specified.

    • Method Detail

      • isPermitted

        public boolean isPermitted​(int numIntermediatesInPath)
        Checks if the given number of intermediates is permitted.
        Parameters:
        numIntermediatesInPath - The number of intermediate entities between the entity specifying the constraints and the specified entity. Must be zero or greater.
        Returns:
        true if permitted, else false.

      • isPermitted

        public boolean isPermitted​(EntityID entityID)
        Checks if the specified entity ID is permitted.
        Parameters:
        entityID - The entity ID. Must not be null.
        Returns:
        true if permitted, else false.

      • isPermitted

        public boolean isPermitted​(int numIntermediatesInPath,
                           EntityID entityID)
        Checks if the entity ID with the given number of intermediates is permitted.
        Parameters:
        numIntermediatesInPath - The number of intermediate entities between the entity specifying the constraints and the specified entity. Must be zero or greater.
        entityID - The entity ID. Must not be null.
        Returns:
        true if allowed, else false.

      • getMaxPathLength

        public int getMaxPathLength()
        Returns the maximum number of entities between this and the last one in the chain.
        Returns:
        The maximum number of entities between this and the last one in the chain, -1 if not specified.

      • toJSONObject

        public net.minidev.json.JSONObject toJSONObject()
        Returns a JSON object representation of this trust chain constraints.
        Returns:
        The JSON object.

      • toJSONString

        public String toJSONString()
        Specified by:
        toJSONString in interface net.minidev.json.JSONAware

      • parse

        public static TrustChainConstraints parse​(net.minidev.json.JSONObject jsonObject)
                                   throws ParseException
        Parses a trust chain constraints instance from the specified JSON object.
        Parameters:
        jsonObject - The JSON object. Must not be null.
        Returns:
        The trust chain constraints.
        Throws:
        ParseException - If parsing failed.