001/*- 002 * #%L 003 * Smile CDR - CDR 004 * %% 005 * Copyright (C) 2016 - 2025 Smile CDR, Inc. 006 * %% 007 * All rights reserved. 008 * #L% 009 */ 010package ca.cdr.api.security; 011 012import jakarta.annotation.Nonnull; 013import org.apache.http.message.BasicNameValuePair; 014 015import java.util.ArrayList; 016import java.util.List; 017 018/** 019 * Keeps user-defined parameters used for SMART client authentication. 020 * Before object is used to build {@code ClientAuthInterceptor}, one of myJwt or mySecret properties 021 * must be valid depending on the intended authorization flow: 022 * <ul><li>myJwt: for private_key_jwt workflow</li> 023 * <li>mySecret: for client_secret workflow</li></ul> 024 */ 025public class ClientAuthParams { 026 027 /** 028 * Client id configured in authentication server 029 */ 030 private final String myClientId; 031 032 /** 033 * Name of the client secret defined in authentication server. 034 * Used for client_secret client authentication flow. 035 */ 036 private String myClientSecret; 037 038 /** 039 * Name of the keystore containing the JWT used to authenticate token requests 040 * Used for private_key_jwt client authentication flow. 041 */ 042 private String myKeystoreName; 043 044 /** 045 * Some security servers don't accept https protocol in the audience. This flag 046 * forces http as the audience protocol 047 */ 048 private boolean myForceHttpInTokenRequestAudience; 049 050 /** 051 * Requested access token scope. 052 */ 053 private String myScope; 054 055 /** 056 * Used in jwt and client credentials flows 057 * List of pairs name-value which will be added to access token request 058 */ 059 protected final List<BasicNameValuePair> myCustomTokenRequestParams = new ArrayList<>(); 060 061 /** 062 * Client TLS configuration, if a TLS-enabled connection is desired 063 */ 064 private Object myClientTlsConfig; 065 066 /** 067 * The base url auth server 068 */ 069 private String myBaseUrl; 070 071 public ClientAuthParams(@Nonnull String theClientId) { 072 myClientId = theClientId; 073 } 074 075 public ClientAuthParams withKeystore(String theKeystoreName) { 076 myKeystoreName = theKeystoreName; 077 return this; 078 } 079 080 public ClientAuthParams withClientSecret(String theClientSecret) { 081 myClientSecret = theClientSecret; 082 return this; 083 } 084 085 @SuppressWarnings("UnusedReturnValue") 086 public ClientAuthParams withScope(String theScope) { 087 myScope = theScope; 088 return this; 089 } 090 091 public ClientAuthParams withAdditionalParameters(List<BasicNameValuePair> theAdditionalParameters) { 092 myCustomTokenRequestParams.addAll(theAdditionalParameters); 093 return this; 094 } 095 096 public ClientAuthParams withForceHttpInTokenRequestAudience(boolean theForceHttp) { 097 myForceHttpInTokenRequestAudience = theForceHttp; 098 return this; 099 } 100 101 public ClientAuthParams withTlsConfig(Object theClientTlsConfig) { 102 myClientTlsConfig = theClientTlsConfig; 103 return this; 104 } 105 106 public ClientAuthParams withBaseUrl(String theBaseUrl) { 107 myBaseUrl = theBaseUrl; 108 return this; 109 } 110 111 public boolean isForceHttpInTokenRequestAudience() { 112 return myForceHttpInTokenRequestAudience; 113 } 114 115 public String getKeystoreName() { 116 return myKeystoreName; 117 } 118 119 public String getClientId() { 120 return myClientId; 121 } 122 123 public List<BasicNameValuePair> getCustomTokenRequestParams() { 124 return myCustomTokenRequestParams; 125 } 126 127 public String getScope() { 128 return myScope; 129 } 130 131 public String getClientSecret() { 132 return myClientSecret; 133 } 134 135 public Object getClientTlsConfig() { 136 return myClientTlsConfig; 137 } 138 139 public String getBaseUrl() { 140 return myBaseUrl; 141 } 142}