Package org.forgerock.openam.sts.user.invocation

Class ProofTokenState

java.lang.Object

org.forgerock.openam.sts.user.invocation.ProofTokenState

@SupportedAll
public class ProofTokenState
extends Object

When issuing SAML2 Holder-of-Key assertions, the proof token is usually an X509Certificate. This state must be specified in the invocation, both to the REST-STS, and in the call to the TokenGenerationService made by the REST/SOAP STS. This is the analogue to the UseKey element in the WS-Trust defined RequestSecurityToken, which is defined as 'generally used when the client supplies a public-key that it wishes to be embedded in T as the proof key.' See http://docs.oasis-open.org/ws-sx/ws-trust/v1.4/errata01/os/ws-trust-1.4-errata01-os-complete.html for details. The CXF-STS parses out the KeyInfo element included in the UseKey to create the org.apache.cxf.sts.request.ReceivedKey which encapsulates this public key. Thus the SOAP-STS can use this ReceivedKey to constitute the ProofTokenState, and the REST-STS will be invoked with the json representation of this class, which can then be forwarded on to the TokenGenerationService when SAML2 HoK tokens are being issued. Note that the WS-Trust spec allows for the UseKey to include symmetric key information, resulting in a SAML2 HoK with a KeyInfo element which contains symmetric key information. The TokenGenerationService and the REST-STS will not support proof tokens based on symmetric key information for the moment. It may be that PublicKey based proof tokens need to be supported in the future. If so, this class will add a ctor which takes a PublicKey, and encode which sort of proof-token-state has been provided (e.g. X509Certificate or PublicKey).

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	ProofTokenState.ProofTokenStateBuilder	Builder class for ProofTokenState

Method Summary

Modifier and Type	Method	Description
static ProofTokenState.ProofTokenStateBuilder	builder()	Creates a ProofTokenStateBuilder
boolean	equals(Object other)
static ProofTokenState	fromJson(JsonValue jsonValue)	Constructs a ProofTokenState from the specified JsonValue representation.
X509Certificate	getX509Certificate()	Gets the X509Certificate
int	hashCode()
JsonValue	toJson()	Gets the JsonValue representation of the ProofTokenState
String	toString()

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Method Details

getX509Certificate

public X509Certificate getX509Certificate()

Gets the X509Certificate

Returns:

the X509Certificate

equals

public boolean equals(Object other)

Overrides:

equals in class Object

hashCode

public int hashCode()

Overrides:

hashCode in class Object

toString

public String toString()

Overrides:

toString in class Object

builder

public static ProofTokenState.ProofTokenStateBuilder builder()

Creates a ProofTokenStateBuilder

Returns:

a ProofTokenStateBuilder

fromJson

public static ProofTokenState fromJson(JsonValue jsonValue)
                                throws org.forgerock.openam.sts.TokenMarshalException

Constructs a ProofTokenState from the specified JsonValue representation.

Parameters:

jsonValue - the JsonValue representation to construct the ProofTokenState from.

Returns:

a ProofTokenState

Throws:

org.forgerock.openam.sts.TokenMarshalException - If there is a problem parsing the JSON.

toJson

public JsonValue toJson()
                 throws IllegalStateException

Gets the JsonValue representation of the ProofTokenState

Returns:

the JsonValue of the ProofTokenState

Throws:

IllegalStateException - If there is a problem generating the JSON.