Package com.authlete.common.dto

Class CredentialIssuerMetadata

  • All Implemented Interfaces:
    Serializable
    public class CredentialIssuerMetadata
extends Object
implements Serializable
    A class that represents the set of credential issuer metadata. The set consists of the following:
    Parameter Spec Version
    1.0-ID1 1.0-Final
    credential_issuer
    authorization_servers
    credential_endpoint
    batch_credential_endpoint deprecated
    deferred_credential_endpoint
    notification_endpoint
    nonce_endpoint
    credential_request_encryption
    credential_response_encryption
    batch_credential_issuance
    display
    credential_configurations_supported

    The following parameters, which existed in the 1.0-ID1 version but have removed from the 1.0-Final version, are not supported by Authlete from the beginning:

    • credential_identifiers_supported
    • signed_metadata

    A credential issuer announces these metadata at /.well-known/openid-credential-issuer.

    Breaking Changes

    The "OpenID for Verifiable Credential Issuance" specification tends to repeat breaking changes. Such changes affect this Java class. The following are notable changes.

    1. The type of the "credentials_supported" metadata has been changed from a JSON array to a JSON object.
    2. The "authorization_server" metadata has been renamed to "authorization_servers", and its type has been changed from a string to a JSON array.
    3. The "credentials_supported" metadata has been renamed to "credential_configurations_supported". (December, 2023)
    4. The "credential_response_encryption_alg_values_supported" metadata, the "credential_response_encryption_enc_values_supported" metadata, and the "require_credential_response_encryption" metadata have been packed into one JSON object, "credential_response_encryption". (January, 2024)
    Since:
    3.55, Authlete 3.0
    See Also:
    OpenID for Verifiable Credential Issuance 1.0, OpenID for Verifiable Credential Issuance 1.0, Implementer's Draft 1, Serialized Form

    • Constructor Detail

      • CredentialIssuerMetadata

        public CredentialIssuerMetadata()
        The default constructor.

      • CredentialIssuerMetadata

        public CredentialIssuerMetadata​(CredentialIssuerMetadata metadata)
        Copy constructor.
        Parameters:
        metadata - Source to copy data from. null won't raise any exception.

    • Method Detail

      • getCredentialIssuer

        public URI getCredentialIssuer()
        Get the identifier of the credential issuer. This property corresponds to the credential_issuer metadata.

        To make the feature of credential issuance function, this property must be set.

        Returns:
        The identifier of the credential issuer.

      • setCredentialIssuer

        public CredentialIssuerMetadata setCredentialIssuer​(URI issuer)
        Set the identifier of the credential issuer. This property corresponds to the credential_issuer metadata.

        To make the feature of credential issuance function, this property must be set.

        Parameters:
        issuer - The identifier of the credential issuer.
        Returns:
        this object.

      • getAuthorizationServers

        public URI[] getAuthorizationServers()
        Get the identifiers of the authorization servers that the credential issuer relies on for authorization. This property corresponds to the authorization_servers metadata.

        When the credential issuer works as an authorization server for itself, this property should be omitted.

        Returns:
        The identifiers of the authorization servers that the credential issuer relies on for authorization.
        Since:
        3.86

      • setAuthorizationServers

        public CredentialIssuerMetadata setAuthorizationServers​(URI[] servers)
        Set the identifiers of the authorization servers that the credential issuer relies on for authorization. This property corresponds to the authorization_servers metadata.

        When the credential issuer works as an authorization server for itself, this property should be omitted.

        Parameters:
        servers - The identifiers of the authorization servers that the credential issuer relies on for authorization.
        Returns:
        this object.
        Since:
        3.86

      • getCredentialEndpoint

        public URI getCredentialEndpoint()
        Get the URL of the credential endpoint. This property corresponds to the credential_endpoint metadata.

        To make the feature of credential issuance function, this property must be set.

        Returns:
        The URL of the credential endpoint.

      • setCredentialEndpoint

        public CredentialIssuerMetadata setCredentialEndpoint​(URI endpoint)
        Set the URL of the credential endpoint. This property corresponds to the credential_endpoint metadata.

        To make the feature of credential issuance function, this property must be set.

        Parameters:
        endpoint - The URL of the credential endpoint.
        Returns:
        this object.

      • getBatchCredentialEndpoint

        public URI getBatchCredentialEndpoint()
        Get the URL of the batch credential endpoint. This property corresponds to the batch_credential_endpoint metadata.

        If the credential issuer does not support the batch credential endpoint, this property should be omitted.

        NOTE: This metadata parameter was deprecated and is not available in the 1.0-Final version of the OID4VCI specification.

        Returns:
        The URL of the batch credential endpoint.

      • setBatchCredentialEndpoint

        public CredentialIssuerMetadata setBatchCredentialEndpoint​(URI endpoint)
        Set the URL of the batch credential endpoint. This property corresponds to the batch_credential_endpoint metadata.

        If the credential issuer does not support the batch credential endpoint, this property should be omitted.

        NOTE: This metadata parameter was deprecated and is not available in the 1.0-Final version of the OID4VCI specification.

        Parameters:
        endpoint - The URL of the batch credential endpoint.
        Returns:
        this object.

      • getDeferredCredentialEndpoint

        public URI getDeferredCredentialEndpoint()
        Get the URL of the deferred credential endpoint. This property corresponds to the deferred_credential_endpoint metadata.

        If the credential issuer does not support the deferred credential endpoint, this property should be omitted.

        Returns:
        The URL of the deferred credential endpoint.
        Since:
        3.59

      • setDeferredCredentialEndpoint

        public CredentialIssuerMetadata setDeferredCredentialEndpoint​(URI endpoint)
        Set the URL of the deferred credential endpoint. This property corresponds to the deferred_credential_endpoint metadata.

        If the credential issuer does not support the deferred credential endpoint, this property should be omitted.

        Parameters:
        endpoint - The URL of the deferred credential endpoint.
        Returns:
        this object.
        Since:
        3.59

      • getNotificationEndpoint

        public URI getNotificationEndpoint()
        Get the URL of the notification endpoint. This property corresponds to the notification_endpoint metadata.
        Returns:
        The URL of the notification endpoint.
        Since:
        4.26

      • setNotificationEndpoint

        public CredentialIssuerMetadata setNotificationEndpoint​(URI endpoint)
        Set the URL of the notification endpoint. This property corresponds to the notification_endpoint metadata.
        Parameters:
        endpoint - The URL of the notification endpoint.
        Returns:
        this object.
        Since:
        4.26

      • getNonceEndpoint

        public URI getNonceEndpoint()
        Get the URL of the nonce endpoint. This property corresponds to the nonce_endpoint metadata.

        NOTE: This metadata parameter exists in the 1.0-Final version of the OID4VCI specification but is not available in the 1.0-ID1 version.

        Returns:
        The URL of the nonce endpoint.
        Since:
        4.26

      • setNonceEndpoint

        public CredentialIssuerMetadata setNonceEndpoint​(URI endpoint)
        Set the URL of the nonce endpoint. This property corresponds to the nonce_endpoint metadata.

        NOTE: This metadata parameter exists in the 1.0-Final version of the OID4VCI specification but is not available in the 1.0-ID1 version.

        Parameters:
        endpoint - The URL of the nonce endpoint.
        Returns:
        this object.
        Since:
        4.26

      • getCredentialRequestEncryptionJwks

        public String getCredentialRequestEncryptionJwks()
        Get the JWK Set for credential request encryption.

        The public part of this JWK Set is used as the value of the credential_request_encryption.jwks metadata.

        NOTE: This metadata parameter exists in the 1.0-Final version of the OID4VCI specification but is not available in the 1.0-ID1 version.

        Returns:
        The JWK Set for credential request encryption.
        Since:
        4.26

      • setCredentialRequestEncryptionJwks

        public CredentialIssuerMetadata setCredentialRequestEncryptionJwks​(String jwks)
        Set the JWK Set for credential request encryption.

        The public part of this JWK Set is used as the value of the credential_request_encryption.jwks metadata.

        NOTE: This metadata parameter exists in the 1.0-Final version of the OID4VCI specification but is not available in the 1.0-ID1 version.

        Parameters:
        jwks - The JWK Set for credential request encryption.
        Returns:
        this object.
        Since:
        4.26

      • getCredentialRequestEncryptionEncValuesSupported

        public JWEEnc[] getCredentialRequestEncryptionEncValuesSupported()
        Get the supported JWE enc algorithms for credential request encryption. This property corresponds to the credential_request_encryption.enc_values_supported metadata.

        NOTE: This metadata parameter exists in the 1.0-Final version of the OID4VCI specification but is not available in the 1.0-ID1 version.

        Returns:
        The supported JWE enc algorithms for credential request encryption.
        Since:
        4.26

      • setCredentialRequestEncryptionEncValuesSupported

        public CredentialIssuerMetadata setCredentialRequestEncryptionEncValuesSupported​(JWEEnc[] encs)
        Set the supported JWE enc algorithms for credential request encryption. This property corresponds to the credential_request_encryption.enc_values_supported metadata.

        NOTE: This metadata parameter exists in the 1.0-Final version of the OID4VCI specification but is not available in the 1.0-ID1 version.

        Parameters:
        encs - The supported JWE enc algorithms for credential request encryption.
        Returns:
        this object.
        Since:
        4.26

      • getCredentialRequestEncryptionZipValuesSupported

        public JWEZip[] getCredentialRequestEncryptionZipValuesSupported()
        Get the supported JWE zip algorithms for credential request encryption. This property corresponds to the credential_request_encryption.zip_values_supported metadata.

        NOTE: This metadata parameter exists in the 1.0-Final version of the OID4VCI specification but is not available in the 1.0-ID1 version.

        Returns:
        The supported JWE zip algorithms for credential request encryption.
        Since:
        4.26

      • setCredentialRequestEncryptionZipValuesSupported

        public CredentialIssuerMetadata setCredentialRequestEncryptionZipValuesSupported​(JWEZip[] zips)
        Set the supported JWE zip algorithms for credential request encryption. This property corresponds to the credential_request_encryption.zip_values_supported metadata.

        NOTE: This metadata parameter exists in the 1.0-Final version of the OID4VCI specification but is not available in the 1.0-ID1 version.

        Parameters:
        zips - The supported JWE zip algorithms for credential request encryption.
        Returns:
        this object.
        Since:
        4.26

      • isRequireCredentialRequestEncryption

        public boolean isRequireCredentialRequestEncryption()
        Get the boolean flag indicating whether credential request encryption is required. This property corresponds to the credential_request_encryption.encryption_required metadata.

        If this flag is true, every credential request to the credential issuer must be encrypted.

        Returns:
        true if credential request encryption is required.
        Since:
        4.26

      • setRequireCredentialRequestEncryption

        public CredentialIssuerMetadata setRequireCredentialRequestEncryption​(boolean required)
        Set the boolean flag indicating whether credential request encryption is required. This property corresponds to the credential_request_encryption.encryption_required metadata.

        If this flag is true, every credential request to the credential issuer must be encrypted

        Parameters:
        required - true to require credential request encryption.
        Returns:
        this object.
        Since:
        4.26

      • getCredentialResponseEncryptionAlgValuesSupported

        public JWEAlg[] getCredentialResponseEncryptionAlgValuesSupported()
        Get the supported JWE alg algorithms for credential response encryption. This property corresponds to the credential_response_encryption.alg_values_supported metadata.
        Returns:
        The supported JWE alg algorithms for credential response encryption.
        Since:
        3.86

      • setCredentialResponseEncryptionAlgValuesSupported

        public CredentialIssuerMetadata setCredentialResponseEncryptionAlgValuesSupported​(JWEAlg[] algs)
        Set the supported JWE alg algorithms for credential response encryption. This property corresponds to the credential_response_encryption.alg_values_supported metadata.
        Parameters:
        algs - The supported JWE alg algorithms for credential response encryption.
        Returns:
        this object.
        Since:
        3.86

      • getCredentialResponseEncryptionEncValuesSupported

        public JWEEnc[] getCredentialResponseEncryptionEncValuesSupported()
        Get the supported JWE enc algorithms for credential response encryption. This property corresponds to the credential_response_encryption.enc_values_supported metadata.
        Returns:
        The supported JWE enc algorithms for credential response encryption.
        Since:
        3.86

      • setCredentialResponseEncryptionEncValuesSupported

        public CredentialIssuerMetadata setCredentialResponseEncryptionEncValuesSupported​(JWEEnc[] encs)
        Set the supported JWE enc algorithms for credential response encryption. This property corresponds to the credential_response_encryption.enc_values_supported metadata.
        Parameters:
        encs - The supported JWE enc algorithms for credential response encryption.
        Returns:
        this object.
        Since:
        3.86

      • getCredentialResponseEncryptionZipValuesSupported

        public JWEZip[] getCredentialResponseEncryptionZipValuesSupported()
        Get the supported JWE zip algorithms for credential response encryption. This property corresponds to the credential_response_encryption.zip_values_supported metadata.

        NOTE: This metadata parameter exists in the 1.0-Final version of the OID4VCI specification but is not available in the 1.0-ID1 version.

        Returns:
        The supported JWE zip algorithms for credential response encryption.
        Since:
        4.26

      • setCredentialResponseEncryptionZipValuesSupported

        public CredentialIssuerMetadata setCredentialResponseEncryptionZipValuesSupported​(JWEZip[] zips)
        Set the supported JWE zip algorithms for credential response encryption. This property corresponds to the credential_response_encryption.zip_values_supported metadata.

        NOTE: This metadata parameter exists in the 1.0-Final version of the OID4VCI specification but is not available in the 1.0-ID1 version.

        Parameters:
        zips - The supported JWE zip algorithms for credential response encryption.
        Returns:
        this object.
        Since:
        4.26

      • isRequireCredentialResponseEncryption

        public boolean isRequireCredentialResponseEncryption()
        Get the boolean flag indicating whether credential response encryption is required. This property corresponds to the credential_response_encryption.encryption_required metadata.

        If this flag is true, every credential request to the credential issuer must include the credential_response_encryption property.

        Returns:
        true if credential response encryption is required.
        Since:
        3.86

      • setRequireCredentialResponseEncryption

        public CredentialIssuerMetadata setRequireCredentialResponseEncryption​(boolean required)
        Set the boolean flag indicating whether credential response encryption is required. This property corresponds to the credential_response_encryption.encryption_required metadata.

        If this flag is true, every credential request to the credential issuer must include the credential_response_encryption property.

        Parameters:
        required - true to require credential response encryption.
        Returns:
        this object.
        Since:
        3.86

      • getBatchSize

        public int getBatchSize()
        Get the maximum array size for the proofs parameter in a credential request. This property corresponds to the batch_credential_issuance.batch_size metadata.

        If the value of this property is 2 or greater, the batch_credential_issuance parameter will appear in the response from the credential metadata endpoint.

        NOTE: This metadata parameter exists in the 1.0-Final version of the OID4VCI specification but is not available in the 1.0-ID1 version.

        Returns:
        The maximum array size for the proofs parameter in a credential request.
        Since:
        4.26

      • setBatchSize

        public CredentialIssuerMetadata setBatchSize​(int batchSize)
        Set the maximum array size for the proofs parameter in a credential request. This property corresponds to the batch_credential_issuance.batch_size metadata.

        If the value of this property is 2 or greater, the batch_credential_issuance parameter will appear in the response from the credential metadata endpoint.

        NOTE: This metadata parameter exists in the 1.0-Final version of the OID4VCI specification but is not available in the 1.0-ID1 version.

        Parameters:
        batchSize - The maximum array size for the proofs parameter in a credential request.
        Returns:
        this object.
        Since:
        4.26

      • getDisplay

        public String getDisplay()
        Get the display properties of this credential issuer in JSON array format.

        The following is an example of display value excerpted from Appendix I.1. Credential IssuerMetadata of the OID4VCI specification. 

         [
   {
     "name": "Example University",
     "locale": "en-US",
     "logo": {
       "uri": "https://university.example.edu/public/logo.png",
       "alt_text":"a square logo of a university"
     }
   },
   {
     "name": "Example Université",
     "locale": "fr-FR",
     "logo": {
       "uri": "https://university.example.edu/public/logo.png",
       "alt_text":"Un logo universitaire carré"
     }
   }
 ]
        Returns:
        The display properties.
        Since:
        4.26

      • setDisplay

        public CredentialIssuerMetadata setDisplay​(String display)
        Set the display properties of this credential issuer in JSON array format.

        The following is an example of display value excerpted from Appendix I.1. Credential IssuerMetadata of the OID4VCI specification. 

         [
   {
     "name": "Example University",
     "locale": "en-US",
     "logo": {
       "uri": "https://university.example.edu/public/logo.png",
       "alt_text":"a square logo of a university"
     }
   },
   {
     "name": "Example Université",
     "locale": "fr-FR",
     "logo": {
       "uri": "https://university.example.edu/public/logo.png",
       "alt_text":"Un logo universitaire carré"
     }
   }
 ]
        Parameters:
        display - The display properties.
        Returns:
        this object.
        Since:
        4.26

      • getCredentialsSupported

        public String getCredentialsSupported()
        Get the information about supported credential configurations in the JSON format. This property corresponds to the credential_configurations_supported metadata.

        To make the feature of credential issuance function, this property must be set.

        NOTE: Due to the breaking change of the "OpenID for Verifiable Credential Issuance" specification, the type of the content of this "credentialsSupported" property has been changed from a JSON array to a JSON object.

        NOTE: Due to another breaking change made in December 2023, the credentials_supported metadata has been renamed to credential_configurations_supported.

        Returns:
        The supported credential configurations. If not null, the value is a string representing a JSON object.

      • setCredentialsSupported

        public CredentialIssuerMetadata setCredentialsSupported​(String credentialsSupported)
        Set the information about supported credential configurations in the JSON format. This property corresponds to the credential_configurations_supported metadata.

        To make the feature of credential issuance function, this property must be set.

        NOTE: Due to the breaking change of the "OpenID for Verifiable Credential Issuance" specification, the type of the content of this "credentialsSupported" property has been changed from a JSON array to a JSON object.

        NOTE: Due to another breaking change made in December 2023, the credentials_supported metadata has been renamed to credential_configurations_supported.

        Parameters:
        credentialsSupported - The supported credential configurations. If not null, the value is a string representing a JSON object.
        Returns:
        this object.

      • isEmpty

        public boolean isEmpty()
        Check if all properties of this instance are null.
        Returns:
        true if all properties are null.

      • toMap

        public Map<String,​Object> toMap()
        Create a Map instance that represents a JSON object conforming to the format of the credential issuer metadata defined in "OpenID for Verifiable Credential Issuance".

        The following is an example of Map content. 

         {
   "credential_issuer":
     "https://credential-issuer.example.com",
   "authorization_servers": [
     "https://authorization-server.example.com"
   ],
   "credential_endpoint":
     "https://credential-issuer.example.com/credential",
   "batch_credential_endpoint":
     "https://credential-issuer.example.com/batch_credential",
   "deferred_credential_endpoint":
     "https://credential-issuer.example.com/deferred_credential",
   "credential_configurations_supported": {
     "UniversityDegreeCredential": {
       "format": "jwt_vc_json",
       "scope": "UniversityDegree",
       "cryptographic_binding_methods_supported": [
         "did:example"
       ],
       "cryptographic_suites_supported": [
         "ES256K"
       ],
       "credential_definition": {
         "type": [
           "VerifiableCredential",
           "UniversityDegreeCredential"
         ],
         "credentialSubject": {
           "given_name": {},
           "family_name": {},
           "degree": {},
           "gpa": {}
         }
       }
     }
   }
 }

        NOTE: Due to the breaking change of the "OpenID for Verifiable Credential Issuance" specification, the type of the "credentials_supported" property has been changed from a JSON array to a JSON object.

        NOTE: Due to another breaking change made in December 2023, the credentials_supported metadata has been renamed to credential_configurations_supported.

        Returns:
        A Map instance that represents a JSON object conforming to the format of the credential issuer metadata.
        Throws:
        IllegalStateException - The value of the credentialsSupported property failed to be parsed as a JSON object.