Package org.forgerock.macaroons

Class Macaroon.Caveat

java.lang.Object

org.forgerock.macaroons.Macaroon.Caveat

Enclosing class:

Macaroon

public static final class Macaroon.Caveat
extends Object

Represents a caveat on a macaroon. A caveat is a restriction on how the macaroon is used. See Macaroon for more details.

Method Summary

Modifier and Type	Method	Description
boolean	equals(Object o)
byte[]	getIdentifier()	The caveat identifier.
String	getIdentifierAsString()	Returns the caveat identifier as a string after UTF-8 decoding.
String	getLocationHint()	Returns a location hint for the 3rd-party service that can satisfy a caveat.
byte[]	getVerifierId()	Returns the encrypted verifier identifier for a 3rd-party caveat.
int	hashCode()
boolean	isFirstParty()	Indicates that this is a 1st-party caveat.
boolean	isThirdParty()	Indicates that this is a 3rd-party caveat.
String	toString()

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Method Details

getIdentifier

public byte[] getIdentifier()

The caveat identifier. For a first-party caveat this will be a UTF-8 string describing the condition to be satisfied. For a third-party caveat it will be some bytes that are understood by the third party service.

Returns:

the caveat identifier.

getIdentifierAsString

public String getIdentifierAsString()

Returns the caveat identifier as a string after UTF-8 decoding.

Returns:

the identifier as a string.

getLocationHint

public String getLocationHint()

Returns a location hint for the 3rd-party service that can satisfy a caveat. This will be null for 1st-party caveats. Note that the location hint is not authenticated and so can be tampered with. Clients should ensure they only contact services from a known whitelist.

Returns:

the location hint.

getVerifierId

public byte[] getVerifierId()

Returns the encrypted verifier identifier for a 3rd-party caveat. This will be null for 1st-party caveats. The verifier ID is an encrypted Macaroon key that will be used to sign a discharge macaroon for this caveat. The key will be decrypted during macaroon verification.

Returns:

the verifier ID.

isFirstParty

public boolean isFirstParty()

Indicates that this is a 1st-party caveat.

Returns:

true if this is a 1st-party caveat.

isThirdParty

public boolean isThirdParty()

Indicates that this is a 3rd-party caveat.

Returns:

true if this is a 3rd-party caveat.

equals

public boolean equals(Object o)

Overrides:

equals in class Object

hashCode

public int hashCode()

Overrides:

hashCode in class Object

toString

public String toString()

Overrides:

toString in class Object