Package com.authlete.common.dto

Class CredentialIssuerMetadata

  • All Implemented Interfaces:
    Serializable
    public class CredentialIssuerMetadata
extends Object
implements Serializable
    A class that represents the set of credential issuer metadata. The set consists of the following.
    • credential_issuer
    • authorization_servers
    • credential_endpoint
    • batch_credential_endpoint
    • deferred_credential_endpoint
    • credential_response_encryption
    • credential_configurations_supported

    A credential issuer announces these metadata at /.well-known/openid-credential-issuer.

    Breaking Changes

    The "OpenID for Verifiable Credential Issuance" specification tends to repeat breaking changes. Such changes affect this Java class. The following are notable changes.

    1. The type of the "credentials_supported" metadata has been changed from a JSON array to a JSON object.
    2. The "authorization_server" metadata has been renamed to "authorization_servers", and its type has been changed from a string to a JSON array.
    3. The "credentials_supported" metadata has been renamed to "credential_configurations_supported". (December, 2023)
    4. The "credential_response_encryption_alg_values_supported" metadata, the "credential_response_encryption_enc_values_supported" metadata, and the "require_credential_response_encryption" metadata have been packed into one JSON object, "credential_response_encryption". (January, 2024)
    Since:
    3.55, Authlete 3.0
    See Also:
    OpenID for Verifiable Credential Issuance, OpenID for Verifiable Credential Issuance, Working Draft, Serialized Form

    • Constructor Detail

      • CredentialIssuerMetadata

        public CredentialIssuerMetadata()
        The default constructor.

      • CredentialIssuerMetadata

        public CredentialIssuerMetadata​(CredentialIssuerMetadata metadata)
        Copy constructor.
        Parameters:
        metadata - Source to copy data from. null won't raise any exception.

    • Method Detail

      • getCredentialIssuer

        public URI getCredentialIssuer()
        Get the identifier of the credential issuer. This property corresponds to the credential_issuer metadata.

        To make the feature of credential issuance function, this property must be set.

        Returns:
        The identifier of the credential issuer.

      • setCredentialIssuer

        public CredentialIssuerMetadata setCredentialIssuer​(URI issuer)
        Set the identifier of the credential issuer. This property corresponds to the credential_issuer metadata.

        To make the feature of credential issuance function, this property must be set.

        Parameters:
        issuer - The identifier of the credential issuer.
        Returns:
        this object.

      • getAuthorizationServers

        public URI[] getAuthorizationServers()
        Get the identifiers of the authorization servers that the credential issuer relies on for authorization. This property corresponds to the authorization_servers metadata.

        When the credential issuer works as an authorization server for itself, this property should be omitted.

        Returns:
        The identifiers of the authorization servers that the credential issuer relies on for authorization.
        Since:
        3.86

      • setAuthorizationServers

        public CredentialIssuerMetadata setAuthorizationServers​(URI[] servers)
        Set the identifiers of the authorization servers that the credential issuer relies on for authorization. This property corresponds to the authorization_servers metadata.

        When the credential issuer works as an authorization server for itself, this property should be omitted.

        Parameters:
        servers - The identifiers of the authorization servers that the credential issuer relies on for authorization.
        Returns:
        this object.
        Since:
        3.86

      • getCredentialEndpoint

        public URI getCredentialEndpoint()
        Get the URL of the credential endpoint. This property corresponds to the credential_endpoint metadata.

        To make the feature of credential issuance function, this property must be set.

        Returns:
        The URL of the credential endpoint.

      • setCredentialEndpoint

        public CredentialIssuerMetadata setCredentialEndpoint​(URI endpoint)
        Set the URL of the credential endpoint. This property corresponds to the credential_endpoint metadata.

        To make the feature of credential issuance function, this property must be set.

        Parameters:
        endpoint - The URL of the credential endpoint.
        Returns:
        this object.

      • getBatchCredentialEndpoint

        public URI getBatchCredentialEndpoint()
        Get the URL of the batch credential endpoint. This property corresponds to the batch_credential_endpoint metadata.

        If the credential issuer does not support the batch credential endpoint, this property should be omitted.

        Returns:
        The URL of the batch credential endpoint.

      • setBatchCredentialEndpoint

        public CredentialIssuerMetadata setBatchCredentialEndpoint​(URI endpoint)
        Set the URL of the batch credential endpoint. This property corresponds to the batch_credential_endpoint metadata.

        If the credential issuer does not support the batch credential endpoint, this property should be omitted.

        Parameters:
        endpoint - The URL of the batch credential endpoint.
        Returns:

      • getDeferredCredentialEndpoint

        public URI getDeferredCredentialEndpoint()
        Get the URL of the deferred credential endpoint. This property corresponds to the deferred_credential_endpoint metadata.

        If the credential issuer does not support the deferred credential endpoint, this property should be omitted.

        Returns:
        The URL of the deferred credential endpoint.
        Since:
        3.59

      • setDeferredCredentialEndpoint

        public CredentialIssuerMetadata setDeferredCredentialEndpoint​(URI endpoint)
        Set the URL of the deferred credential endpoint. This property corresponds to the deferred_credential_endpoint metadata.

        If the credential issuer does not support the deferred credential endpoint, this property should be omitted.

        Parameters:
        endpoint - The URL of the deferred credential endpoint.
        Returns:
        this object.
        Since:
        3.59

      • getCredentialResponseEncryptionAlgValuesSupported

        public JWEAlg[] getCredentialResponseEncryptionAlgValuesSupported()
        Get the supported JWE alg algorithms for credential response encryption. This property corresponds to the credential_response_encryption.alg_values_supported metadata.
        Returns:
        The supported JWE alg algorithms for credential response encryption.
        Since:
        3.86

      • setCredentialResponseEncryptionAlgValuesSupported

        public CredentialIssuerMetadata setCredentialResponseEncryptionAlgValuesSupported​(JWEAlg[] algs)
        Set the supported JWE alg algorithms for credential response encryption. This property corresponds to the credential_response_encryption.alg_values_supported metadata.
        Parameters:
        algs - The supported JWE alg algorithms for credential response encryption.
        Returns:
        this object.
        Since:
        3.86

      • getCredentialResponseEncryptionEncValuesSupported

        public JWEEnc[] getCredentialResponseEncryptionEncValuesSupported()
        Get the supported JWE enc algorithms for credential response encryption. This property corresponds to the credential_response_encryption.enc_values_supported metadata.
        Returns:
        The supported JWE enc algorithms for credential response encryption.
        Since:
        3.86

      • setCredentialResponseEncryptionEncValuesSupported

        public CredentialIssuerMetadata setCredentialResponseEncryptionEncValuesSupported​(JWEEnc[] encs)
        Set the supported JWE enc algorithms for credential response encryption. This property corresponds to the credential_response_encryption.enc_values_supported metadata.
        Parameters:
        encs - The supported JWE enc algorithms for credential response encryption.
        Returns:
        this object.
        Since:
        3.86

      • isRequireCredentialResponseEncryption

        public boolean isRequireCredentialResponseEncryption()
        Get the boolean flag indicating whether credential response encryption is required. This property corresponds to the credential_response_encryption.encryption_required metadata.

        If this flag is true, every credential request to the credential issuer must include the credential_response_encryption property.

        Returns:
        true if credential response encryption is required.
        Since:
        3.86

      • setRequireCredentialResponseEncryption

        public CredentialIssuerMetadata setRequireCredentialResponseEncryption​(boolean required)
        Set the boolean flag indicating whether credential response encryption is required. This property corresponds to the credential_response_encryption.encryption_required metadata.

        If this flag is true, every credential request to the credential issuer must include the credential_response_encryption property.

        Parameters:
        required - true to require credential response encryption.
        Returns:
        this object.
        Since:
        3.86

      • getCredentialsSupported

        public String getCredentialsSupported()
        Get the information about supported credential configurations in the JSON format. This property corresponds to the credential_configurations_supported metadata.

        To make the feature of credential issuance function, this property must be set.

        NOTE: Due to the breaking change of the "OpenID for Verifiable Credential Issuance" specification, the type of the content of this "credentialsSupported" property has been changed from a JSON array to a JSON object.

        NOTE: Due to another breaking change made in December 2023, the credentials_supported metadata has been renamed to credential_configurations_supported.

        Returns:
        The supported credential configurations. If not null, the value is a string representing a JSON object.

      • setCredentialsSupported

        public CredentialIssuerMetadata setCredentialsSupported​(String credentialsSupported)
        Set the information about supported credential configurations in the JSON format. This property corresponds to the credential_configurations_supported metadata.

        To make the feature of credential issuance function, this property must be set.

        NOTE: Due to the breaking change of the "OpenID for Verifiable Credential Issuance" specification, the type of the content of this "credentialsSupported" property has been changed from a JSON array to a JSON object.

        NOTE: Due to another breaking change made in December 2023, the credentials_supported metadata has been renamed to credential_configurations_supported.

        Parameters:
        credentialsSupported - The supported credential configurations. If not null, the value is a string representing a JSON object.
        Returns:
        this object.

      • isEmpty

        public boolean isEmpty()
        Check if all properties of this instance are null.
        Returns:
        true if all properties are null.

      • toMap

        public Map<String,​Object> toMap()
        Create a Map instance that represents a JSON object conforming to the format of the credential issuer metadata defined in "OpenID for Verifiable Credential Issuance".

        The following is an example of Map content. 

         {
   "credential_issuer":
     "https://credential-issuer.example.com",
   "authorization_servers": [
     "https://authorization-server.example.com"
   ],
   "credential_endpoint":
     "https://credential-issuer.example.com/credential",
   "batch_credential_endpoint":
     "https://credential-issuer.example.com/batch_credential",
   "deferred_credential_endpoint":
     "https://credential-issuer.example.com/deferred_credential",
   "credential_configurations_supported": {
     "UniversityDegreeCredential": {
       "format": "jwt_vc_json",
       "scope": "UniversityDegree",
       "cryptographic_binding_methods_supported": [
         "did:example"
       ],
       "cryptographic_suites_supported": [
         "ES256K"
       ],
       "credential_definition": {
         "type": [
           "VerifiableCredential",
           "UniversityDegreeCredential"
         ],
         "credentialSubject": {
           "given_name": {},
           "family_name": {},
           "degree": {},
           "gpa": {}
         }
       }
     }
   }
 }

        NOTE: Due to the breaking change of the "OpenID for Verifiable Credential Issuance" specification, the type of the "credentials_supported" property has been changed from a JSON array to a JSON object.

        NOTE: Due to another breaking change made in December 2023, the credentials_supported metadata has been renamed to credential_configurations_supported.

        Returns:
        A Map instance that represents a JSON object conforming to the format of the credential issuer metadata.
        Throws:
        IllegalStateException - The value of the credentialsSupported property failed to be parsed as a JSON object.