Package com.nimbusds.oauth2.sdk.auth
Class PKITLSClientAuthentication
- java.lang.Object
-
- com.nimbusds.oauth2.sdk.auth.ClientAuthentication
-
- com.nimbusds.oauth2.sdk.auth.TLSClientAuthentication
-
- com.nimbusds.oauth2.sdk.auth.PKITLSClientAuthentication
-
@Immutable public class PKITLSClientAuthentication extends TLSClientAuthentication
PKI mutual TLS client authentication at the Token endpoint. The client certificate is PKI bound, as opposed toself_signed_tls_client_authwhich relies on a self-signed certificate. ImplementsClientAuthenticationMethod.TLS_CLIENT_AUTH.Related specifications:
- OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound Access Tokens (draft-ietf-oauth-mtls-15), section 2.1.
-
-
Field Summary
-
Fields inherited from class com.nimbusds.oauth2.sdk.auth.TLSClientAuthentication
certificate
-
-
Constructor Summary
Constructors Constructor Description PKITLSClientAuthentication(ClientID clientID, String certSubjectDN)Deprecated.This constructor does set the certificatePKITLSClientAuthentication(ClientID clientID, X509Certificate certificate)Creates a new PKI mutual TLS client authentication.PKITLSClientAuthentication(ClientID clientID, SSLSocketFactory sslSocketFactory)Creates a new PKI mutual TLS client authentication.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description StringgetClientX509CertificateSubjectDN()Gets the subject DN of the received validated client X.509 certificate.static PKITLSClientAuthenticationparse(HTTPRequest httpRequest)Parses a PKI mutual TLS client authentication from the specified HTTP request.-
Methods inherited from class com.nimbusds.oauth2.sdk.auth.TLSClientAuthentication
applyTo, getClientX509Certificate, getSSLSocketFactory
-
Methods inherited from class com.nimbusds.oauth2.sdk.auth.ClientAuthentication
getClientID, getMethod
-
-
-
-
Constructor Detail
-
PKITLSClientAuthentication
public PKITLSClientAuthentication(ClientID clientID, SSLSocketFactory sslSocketFactory)
Creates a new PKI mutual TLS client authentication. This constructor is intended for an outgoing token request.- Parameters:
clientID- The client identifier. Must not benull.sslSocketFactory- The SSL socket factory to use for the outgoing HTTPS request and to present the client certificate(s),nullto use the default one.
-
PKITLSClientAuthentication
@Deprecated public PKITLSClientAuthentication(ClientID clientID, String certSubjectDN)
Deprecated.This constructor does set the certificateCreates a new PKI mutual TLS client authentication. This constructor is intended for a received token request.- Parameters:
clientID- The client identifier. Must not benull.certSubjectDN- The subject DN of the received validated client X.509 certificate. Must not benull.
-
PKITLSClientAuthentication
public PKITLSClientAuthentication(ClientID clientID, X509Certificate certificate)
Creates a new PKI mutual TLS client authentication. This constructor is intended for a received token request.- Parameters:
clientID- The client identifier. Must not benull.certificate- The validated client X.509 certificate from the received HTTPS request. Must not benull.
-
-
Method Detail
-
getClientX509CertificateSubjectDN
public String getClientX509CertificateSubjectDN()
Gets the subject DN of the received validated client X.509 certificate.- Returns:
- The subject DN.
-
parse
public static PKITLSClientAuthentication parse(HTTPRequest httpRequest) throws ParseException
Parses a PKI mutual TLS client authentication from the specified HTTP request.- Parameters:
httpRequest- The HTTP request to parse. Must not benulland must include a validated client X.509 certificate.- Returns:
- The PKI mutual TLS client authentication.
- Throws:
ParseException- If theclient_idor client X.509 certificate is missing.
-
-