Package io.jans.as.client.model
Class JwtState
java.lang.Object
io.jans.as.client.model.JwtState
- Version:
- November 20, 2018
- Author:
- Javier Rojas Blum
-
Constructor Summary
ConstructorsConstructorDescriptionJwtState(io.jans.as.model.crypto.encryption.KeyEncryptionAlgorithm keyEncryptionAlgorithm, io.jans.as.model.crypto.encryption.BlockEncryptionAlgorithm blockEncryptionAlgorithm, io.jans.as.model.crypto.AbstractCryptoProvider cryptoProvider) JwtState(io.jans.as.model.crypto.encryption.KeyEncryptionAlgorithm keyEncryptionAlgorithm, io.jans.as.model.crypto.encryption.BlockEncryptionAlgorithm blockEncryptionAlgorithm, String sharedKey) JwtState(io.jans.as.model.crypto.signature.SignatureAlgorithm signatureAlgorithm, io.jans.as.model.crypto.AbstractCryptoProvider cryptoProvider) JwtState(io.jans.as.model.crypto.signature.SignatureAlgorithm signatureAlgorithm, String sharedKey, io.jans.as.model.crypto.AbstractCryptoProvider cryptoProvider) -
Method Summary
Modifier and TypeMethodDescriptionorg.json.JSONObjectgetAs()String identifying the authorization server that this request was sent to.Access Token hash value.getAud()String identifying the client that this state value is intended for.io.jans.as.model.crypto.encryption.BlockEncryptionAlgorithmgetcHash()Code hash value.getEncodedJwt(org.json.JSONObject jwks) getExp()The expiration time claim identifies the expiration time on or after which the JWT MUST NOT be accepted for processing.getIat()Timestamp of when this Authorization Request was issued.getIss()String identifying the party that issued this state value.getJti()The "jti" (JWT ID) claim provides a unique identifier for the JWT.io.jans.as.model.crypto.encryption.KeyEncryptionAlgorithmgetKeyId()Identifier of the key used to sign this state token at the issuer.getRfp()String containing a verifiable identifier for the browser session, that cannot be guessed by a third party.io.jans.as.model.crypto.signature.SignatureAlgorithmURI containing the location the user agent is to be redirected to after authorization.io.jans.as.model.jwt.JwtTypegetType()protected org.json.JSONObjectprotected org.json.JSONObjectvoidsetAdditionalClaims(org.json.JSONObject additionalClaims) voidString identifying the authorization server that this request was sent to.voidAccess Token hash value.voidString identifying the client that this state value is intended for.voidsetBlockEncryptionAlgorithm(io.jans.as.model.crypto.encryption.BlockEncryptionAlgorithm blockEncryptionAlgorithm) voidCode hash value.voidThe expiration time claim identifies the expiration time on or after which the JWT MUST NOT be accepted for processing.voidTimestamp of when this Authorization Request was issued.voidString identifying the party that issued this state value.voidThe "jti" (JWT ID) claim provides a unique identifier for the JWT.voidsetKeyEncryptionAlgorithm(io.jans.as.model.crypto.encryption.KeyEncryptionAlgorithm keyEncryptionAlgorithm) voidIdentifier of the key used to sign this state token at the issuer.voidString containing a verifiable identifier for the browser session, that cannot be guessed by a third party.voidsetSignatureAlgorithm(io.jans.as.model.crypto.signature.SignatureAlgorithm signatureAlgorithm) voidsetTargetLinkUri(String targetLinkUri) URI containing the location the user agent is to be redirected to after authorization.voidsetType(io.jans.as.model.jwt.JwtType type)
-
Constructor Details
-
JwtState
public JwtState(io.jans.as.model.crypto.signature.SignatureAlgorithm signatureAlgorithm, io.jans.as.model.crypto.AbstractCryptoProvider cryptoProvider) -
JwtState
public JwtState(io.jans.as.model.crypto.signature.SignatureAlgorithm signatureAlgorithm, String sharedKey, io.jans.as.model.crypto.AbstractCryptoProvider cryptoProvider) -
JwtState
public JwtState(io.jans.as.model.crypto.encryption.KeyEncryptionAlgorithm keyEncryptionAlgorithm, io.jans.as.model.crypto.encryption.BlockEncryptionAlgorithm blockEncryptionAlgorithm, io.jans.as.model.crypto.AbstractCryptoProvider cryptoProvider) -
JwtState
public JwtState(io.jans.as.model.crypto.encryption.KeyEncryptionAlgorithm keyEncryptionAlgorithm, io.jans.as.model.crypto.encryption.BlockEncryptionAlgorithm blockEncryptionAlgorithm, String sharedKey)
-
-
Method Details
-
getType
public io.jans.as.model.jwt.JwtType getType() -
setType
public void setType(io.jans.as.model.jwt.JwtType type) -
getSignatureAlgorithm
public io.jans.as.model.crypto.signature.SignatureAlgorithm getSignatureAlgorithm() -
setSignatureAlgorithm
public void setSignatureAlgorithm(io.jans.as.model.crypto.signature.SignatureAlgorithm signatureAlgorithm) -
getKeyEncryptionAlgorithm
public io.jans.as.model.crypto.encryption.KeyEncryptionAlgorithm getKeyEncryptionAlgorithm() -
setKeyEncryptionAlgorithm
public void setKeyEncryptionAlgorithm(io.jans.as.model.crypto.encryption.KeyEncryptionAlgorithm keyEncryptionAlgorithm) -
getBlockEncryptionAlgorithm
public io.jans.as.model.crypto.encryption.BlockEncryptionAlgorithm getBlockEncryptionAlgorithm() -
setBlockEncryptionAlgorithm
public void setBlockEncryptionAlgorithm(io.jans.as.model.crypto.encryption.BlockEncryptionAlgorithm blockEncryptionAlgorithm) -
getKeyId
Identifier of the key used to sign this state token at the issuer. Identifier of the key used to encrypt this JWT state token at the issuer.- Returns:
- The key identifier
-
setKeyId
Identifier of the key used to sign this state token at the issuer. Identifier of the key used to encrypt this JWT state token at the issuer.- Parameters:
keyId- The key identifier
-
getRfp
String containing a verifiable identifier for the browser session, that cannot be guessed by a third party. The verification of this element by the client protects it from accepting authorization responses generated in response to forged requests generated by third parties.- Returns:
- The Request Forgery Protection value
-
setRfp
String containing a verifiable identifier for the browser session, that cannot be guessed by a third party. The verification of this element by the client protects it from accepting authorization responses generated in response to forged requests generated by third parties.- Parameters:
rfp- The Request Forgery Protection value
-
getIat
Timestamp of when this Authorization Request was issued.- Returns:
- The Issued at value
-
setIat
Timestamp of when this Authorization Request was issued.- Parameters:
iat- The Issued at value
-
getExp
The expiration time claim identifies the expiration time on or after which the JWT MUST NOT be accepted for processing. The processing of the "exp" claim requires that the current date/time MUST be before the expiration date/time listed in the "exp" claim. Implementers MAY provide for some small leeway, usually no more than a few minutes, to account for clock skew. Its value MUST be a number containing an IntDate value.- Returns:
- The expiration time value
-
setExp
The expiration time claim identifies the expiration time on or after which the JWT MUST NOT be accepted for processing. The processing of the "exp" claim requires that the current date/time MUST be before the expiration date/time listed in the "exp" claim. Implementers MAY provide for some small leeway, usually no more than a few minutes, to account for clock skew. Its value MUST be a number containing an IntDate value.- Parameters:
exp- The expiration time value
-
getIss
String identifying the party that issued this state value.- Returns:
- The issuer value
-
setIss
String identifying the party that issued this state value.- Parameters:
iss- The issuer value
-
getAud
String identifying the client that this state value is intended for.- Returns:
- The audience
-
setAud
String identifying the client that this state value is intended for.- Parameters:
aud- The audience
-
getTargetLinkUri
URI containing the location the user agent is to be redirected to after authorization.- Returns:
- The target link URI
-
setTargetLinkUri
URI containing the location the user agent is to be redirected to after authorization.- Parameters:
targetLinkUri- The target link URI
-
getAs
String identifying the authorization server that this request was sent to.- Returns:
- The authorization server
-
setAs
String identifying the authorization server that this request was sent to.- Parameters:
as- The authorization server
-
getJti
The "jti" (JWT ID) claim provides a unique identifier for the JWT. The identifier value MUST be assigned in a manner that ensures that there is a negligible probability that the same value will be accidentally assigned to a different data object. The "jti" claim can be used to prevent the JWT from being replayed. The "jti" value is a case-sensitive string.- Returns:
- The JWT ID
-
setJti
The "jti" (JWT ID) claim provides a unique identifier for the JWT. The identifier value MUST be assigned in a manner that ensures that there is a negligible probability that the same value will be accidentally assigned to a different data object. The "jti" claim can be used to prevent the JWT from being replayed. The "jti" value is a case-sensitive string.- Parameters:
jti- The JWT ID
-
getAtHash
Access Token hash value. Its value is the base64url encoding of the left-most half of the hash of the octets of the ASCII representation of the "access_token" value, where the hash algorithm used is the hash algorithm used in the "alg" parameter of the State Token's JWS header. For instance, if the "alg" is "RS256", hash the "access_token" value with SHA-256, then take the left-most 128 bits and base64url encode them. The "at_hash" value is a case sensitive string. This is REQUIRED if the JWT [RFC7519] state token is being produced by the AS and issued with a "access_token" in the authorization response.- Returns:
- The access token hash value
-
setAtHash
Access Token hash value. Its value is the base64url encoding of the left-most half of the hash of the octets of the ASCII representation of the "access_token" value, where the hash algorithm used is the hash algorithm used in the "alg" parameter of the State Token's JWS header. For instance, if the "alg" is "RS256", hash the "access_token" value with SHA-256, then take the left-most 128 bits and base64url encode them. The "at_hash" value is a case sensitive string. This is REQUIRED if the JWT [RFC7519] state token is being produced by the AS and issued with a "access_token" in the authorization response.- Parameters:
atHash- The access token hash value
-
getcHash
Code hash value. Its value is the base64url encoding of the left-most half of the hash of the octets of the ASCII representation of the "code" value, where the hash algorithm used is the hash algorithm used in the "alg" header parameter of the State Token's JWS [RFC7515] header. For instance, if the "alg" is "HS512", hash the "code" value with SHA-512, then take the left-most 256 bits and base64url encode them. The "c_hash" value is a case sensitive string. This is REQUIRED if the JWT [RFC7519] state token is being produced by the AS and issued with a "code" in the authorization response.- Returns:
- The code hash value
-
setcHash
Code hash value. Its value is the base64url encoding of the left-most half of the hash of the octets of the ASCII representation of the "code" value, where the hash algorithm used is the hash algorithm used in the "alg" header parameter of the State Token's JWS [RFC7515] header. For instance, if the "alg" is "HS512", hash the "code" value with SHA-512, then take the left-most 256 bits and base64url encode them. The "c_hash" value is a case sensitive string. This is REQUIRED if the JWT [RFC7519] state token is being produced by the AS and issued with a "code" in the authorization response.- Parameters:
cHash- The code hash value
-
getAdditionalClaims
public org.json.JSONObject getAdditionalClaims() -
setAdditionalClaims
public void setAdditionalClaims(org.json.JSONObject additionalClaims) -
getEncodedJwt
- Throws:
Exception
-
getEncodedJwt
- Throws:
Exception
-
headerToJSONObject
protected org.json.JSONObject headerToJSONObject() throws io.jans.as.model.exception.InvalidJwtException- Throws:
io.jans.as.model.exception.InvalidJwtException
-
payloadToJSONObject
protected org.json.JSONObject payloadToJSONObject() throws org.json.JSONException- Throws:
org.json.JSONException
-