com.nimbusds.oauth2.sdk.auth.verifier

Interface ClientX509CertificateBindingVerifier<T>

public interface ClientX509CertificateBindingVerifier<T>

Client X.509 certificate binding verifier. Intended for verifying that the subject and root issuer of a client X.509 certificate submitted during successful mutual TLS authentication (in tls_client_auth) match the registered tls_client_auth_subject_dn and tls_client_auth_root_dn values for the submitted client ID.

Implementations must be tread-safe.

Method Summary

Modifier and Type	Method and Description
void	verifyCertificateBinding(ClientID clientID, String subjectDN, String rootDN, Context<T> context) Verifies that the specified X.509 certificate issuer DN and subject DN bind to the claimed client ID.

Method Detail

verifyCertificateBinding

void verifyCertificateBinding(ClientID clientID,
                              String subjectDN,
                              String rootDN,
                              Context<T> context)
                       throws InvalidClientException

Verifies that the specified X.509 certificate issuer DN and subject DN bind to the claimed client ID.

Parameters:

clientID - The claimed client ID. Not null.

subjectDN - The X.509 certificate subject DN. Not null.

rootDN - The X.509 certificate root DN, null if not available.

context - Additional context. May be null.

Throws:

InvalidClientException - If client ID and issuer / subject DN tuple don't bind or are invalid.