001/*- 002 * #%L 003 * Smile CDR - CDR 004 * %% 005 * Copyright (C) 2016 - 2025 Smile CDR, Inc. 006 * %% 007 * All rights reserved. 008 * #L% 009 */ 010package ca.cdr.api.security; 011 012import jakarta.annotation.Nonnull; 013import org.apache.http.message.BasicNameValuePair; 014 015import java.util.ArrayList; 016import java.util.List; 017 018/** 019 * Keeps user-defined parameters used for SMART client authentication. 020 * Before object is used to build {@code ClientAuthInterceptor}, one of myJwt or mySecret properties 021 * must be valid depending on the intended authorization flow: 022 * <ul><li>myJwt: for private_key_jwt workflow</li> 023 * <li>mySecret: for client_secret workflow</li></ul> 024 */ 025public class ClientAuthParams { 026 027 /** 028 * Client id configured in authentication server 029 */ 030 private final String myClientId; 031 032 /** 033 * Name of the client secret defined in authentication server. 034 * Used for client_secret client authentication flow. 035 */ 036 private String myClientSecret; 037 038 /** 039 * Name of the keystore containing the JWT used to authenticate token requests 040 * Used for private_key_jwt client authentication flow. 041 */ 042 private String myKeystoreName; 043 044 /** 045 * Some security servers don't accept https protocol in the audience. This flag 046 * forces http as the audience protocol 047 */ 048 private boolean myForceHttpInTokenRequestAudience; 049 050 /** 051 * Requested access token scope. 052 */ 053 private String myScope; 054 055 /** 056 * Used in jwt and client credentials flows 057 * List of pairs name-value which will be added to access token request 058 */ 059 protected final List<BasicNameValuePair> myCustomTokenRequestParams = new ArrayList<>(); 060 061 /** 062 * Client TLS configuration, if a TLS-enabled connection is desired 063 */ 064 private Object myClientTlsConfig; 065 066 public ClientAuthParams(@Nonnull String theClientId) { 067 myClientId = theClientId; 068 } 069 070 public ClientAuthParams withKeystore(String theKeystoreName) { 071 myKeystoreName = theKeystoreName; 072 return this; 073 } 074 075 public ClientAuthParams withClientSecret(String theClientSecret) { 076 myClientSecret = theClientSecret; 077 return this; 078 } 079 080 @SuppressWarnings("UnusedReturnValue") 081 public ClientAuthParams withScope(String theScope) { 082 myScope = theScope; 083 return this; 084 } 085 086 public ClientAuthParams withAdditionalParameters(List<BasicNameValuePair> theAdditionalParameters) { 087 myCustomTokenRequestParams.addAll(theAdditionalParameters); 088 return this; 089 } 090 091 public ClientAuthParams withForceHttpInTokenRequestAudience(boolean theForceHttp) { 092 myForceHttpInTokenRequestAudience = theForceHttp; 093 return this; 094 } 095 096 public void withTlsConfig(Object theClientTlsConfig) { 097 myClientTlsConfig = theClientTlsConfig; 098 } 099 100 public boolean isForceHttpInTokenRequestAudience() { 101 return myForceHttpInTokenRequestAudience; 102 } 103 104 public String getKeystoreName() { 105 return myKeystoreName; 106 } 107 108 public String getClientId() { 109 return myClientId; 110 } 111 112 public List<BasicNameValuePair> getCustomTokenRequestParams() { 113 return myCustomTokenRequestParams; 114 } 115 116 public String getScope() { 117 return myScope; 118 } 119 120 public String getClientSecret() { 121 return myClientSecret; 122 } 123 124 public Object getClientTlsConfig() { 125 return myClientTlsConfig; 126 } 127}