Class ProofTokenState


  • @SupportedAll
    public class ProofTokenState
    extends Object
    When issuing SAML2 Holder-of-Key assertions, the proof token is usually an X509Certificate. This state must be specified in the invocation, both to the REST-STS, and in the call to the TokenGenerationService made by the REST/SOAP STS. This is the analogue to the UseKey element in the WS-Trust defined RequestSecurityToken, which is defined as 'generally used when the client supplies a public-key that it wishes to be embedded in T as the proof key.' See http://docs.oasis-open.org/ws-sx/ws-trust/v1.4/errata01/os/ws-trust-1.4-errata01-os-complete.html for details. The CXF-STS parses out the KeyInfo element included in the UseKey to create the org.apache.cxf.sts.request.ReceivedKey which encapsulates this public key. Thus the SOAP-STS can use this ReceivedKey to constitute the ProofTokenState, and the REST-STS will be invoked with the json representation of this class, which can then be forwarded on to the TokenGenerationService when SAML2 HoK tokens are being issued. Note that the WS-Trust spec allows for the UseKey to include symmetric key information, resulting in a SAML2 HoK with a KeyInfo element which contains symmetric key information. The TokenGenerationService and the REST-STS will not support proof tokens based on symmetric key information for the moment. It may be that PublicKey based proof tokens need to be supported in the future. If so, this class will add a ctor which takes a PublicKey, and encode which sort of proof-token-state has been provided (e.g. X509Certificate or PublicKey).
    • Method Detail

      • getX509Certificate

        public X509Certificate getX509Certificate()
        Gets the X509Certificate
        Returns:
        the X509Certificate
      • hashCode

        public int hashCode()
        Overrides:
        hashCode in class Object
      • fromJson

        public static ProofTokenState fromJson​(JsonValue jsonValue)
                                        throws org.forgerock.openam.sts.TokenMarshalException
        Constructs a ProofTokenState from the specified JsonValue representation.
        Parameters:
        jsonValue - the JsonValue representation to construct the ProofTokenState from.
        Returns:
        a ProofTokenState
        Throws:
        org.forgerock.openam.sts.TokenMarshalException - If there is a problem parsing the JSON.