IS-256 Support for return URL and nonce for autostart

bankid-api/pom.xml

@@ -9,7 +9,7 @@
   <parent>
     <groupId>se.swedenconnect.bankid</groupId>
     <artifactId>saml-bankid-idp-parent</artifactId>
-    <version>1.2.1</version>
+    <version>1.3.0-SNAPSHOT</version>
   </parent>
 
   <name>Sweden Connect :: BankID :: Relying Party API</name>

bankid-api/src/main/java/se/swedenconnect/bankid/rpapi/LibraryVersion.java

@@ -23,8 +23,8 @@
 public final class LibraryVersion {
 
   private static final int MAJOR = 1;
-  private static final int MINOR = 2;
-  private static final int PATCH = 1;
+  private static final int MINOR = 3;
+  private static final int PATCH = 0;
 
   /**
    * Global serialization value for classes.

bankid-api/src/main/java/se/swedenconnect/bankid/rpapi/service/AuthenticateRequest.java

@@ -15,6 +15,8 @@
  */
 package se.swedenconnect.bankid.rpapi.service;
 
+import jakarta.annotation.Nonnull;
+import jakarta.annotation.Nullable;
 import se.swedenconnect.bankid.rpapi.types.BankIDException;
 import se.swedenconnect.bankid.rpapi.types.Requirement;
 
@@ -38,46 +40,95 @@ public class AuthenticateRequest {
   /** Requirements on how the auth order must be performed. */
   private final Requirement requirement;
 
+  /** The returnUrl given when starting the app on the same device. */
+  private final String returnUrl;
+
+  /** The nonce given when starting the app on the same device. */
+  private final String nonce;
+
+  /**
+   * Creates parameter object for an {@link BankIDClient#authenticate(AuthenticateRequest)} call.
+   *
+   * @param endUserIp the user IP address as seen by the relying party
+   * @param userVisibleData data to display to the user during authentication (optional)
+   * @param requirement used by the relying party to set requirements how the authentication operation must be
+   *     performed. Default rules are applied if omitted
+   * @throws BankIDException for errors
+   */
+  /*
+  public AuthenticateRequest(@Nonnull final String endUserIp, @Nullable final UserVisibleData userVisibleData,
+      @Nullable final Requirement requirement) {
+    this(endUserIp, userVisibleData, requirement, null, null);
+  }
+   */
+
   /**
    * Creates parameter object for an {@link BankIDClient#authenticate(AuthenticateRequest)} call.
    *
    * @param endUserIp the user IP address as seen by the relying party
    * @param userVisibleData data to display to the user during authentication (optional)
    * @param requirement used by the relying party to set requirements how the authentication operation must be
-   *          performed. Default rules are applied if omitted
+   *     performed. Default rules are applied if omitted
+   * @param returnUrl the returnUrl given when starting the app on the same device
+   * @param nonce the nonce given when starting the app on the same device
    * @throws BankIDException for errors
    */
-  public AuthenticateRequest(
-      final String endUserIp, final UserVisibleData userVisibleData, final Requirement requirement) {
+  public AuthenticateRequest(@Nonnull final String endUserIp, @Nullable final UserVisibleData userVisibleData,
+      @Nullable final Requirement requirement, @Nullable final String returnUrl, @Nullable final String nonce) {
     this.endUserIp = endUserIp;
     this.userVisibleData = userVisibleData;
     this.requirement = requirement;
+    this.returnUrl = returnUrl;
+    this.nonce = nonce;
   }
 
   /**
    * Gets the user IP address as seen by the relying party.
    *
    * @return the user IP
    */
+  @Nonnull
   public String getEndUserIp() {
     return this.endUserIp;
   }
 
   /**
    * Gets the data to display to the user during authentication.
-   * 
+   *
    * @return the data to display or {@code null}
    */
+  @Nullable
   public UserVisibleData getUserVisibleData() {
     return this.userVisibleData;
   }
 
   /**
    * Gets the authentication requirements.
-   * 
+   *
    * @return the {@link Requirement} or {@code null}
    */
+  @Nullable
   public Requirement getRequirement() {
     return this.requirement;
   }
+
+  /**
+   * Gets the returnUrl given when starting the app on the same device.
+   *
+   * @return the return URL or {@code null}
+   */
+  @Nullable
+  public String getReturnUrl() {
+    return this.returnUrl;
+  }
+
+  /**
+   * Gets the nonce given when starting the app on the same device.
+   *
+   * @return the nonce or {@code null}
+   */
+  @Nullable
+  public String getNonce() {
+    return this.nonce;
+  }
 }

bankid-api/src/main/java/se/swedenconnect/bankid/rpapi/service/DataToSign.java

@@ -15,18 +15,20 @@
  */
 package se.swedenconnect.bankid.rpapi.service;
 
+import java.io.Serial;
 import java.util.Base64;
 import java.util.Optional;
 
 import se.swedenconnect.bankid.rpapi.LibraryVersion;
 
 /**
  * Class the represents "to-be-signed" input for a signature operation.
- * 
+ *
  * @author Martin Lindström
  */
 public class DataToSign extends UserVisibleData {
 
+  @Serial
   private static final long serialVersionUID = LibraryVersion.SERIAL_VERSION_UID;
 
   /** Data not displayed to the user (optional). */
@@ -35,11 +37,11 @@ public class DataToSign extends UserVisibleData {
   /**
    * Assigns the data that is part of the signature process but should not be displayed to the user. This supplied data
    * is the raw bytes and the method will Base64 encode it.
-   * 
+   *
    * <p>
    * See also {@link DataToSign#setUserNonVisibleData(String)}.
    * </p>
-   * 
+   *
    * @param bytes the data that is part of the signature process but should not be displayed to the user (raw data)
    */
   public void setUserNonVisibleDataRaw(final byte[] bytes) {
@@ -54,7 +56,7 @@ public void setUserNonVisibleDataRaw(final byte[] bytes) {
    * <p>
    * See also {@link DataToSign#setUserNonVisibleDataRaw(byte[])}.
    * </p>
-   * 
+   *
    * @param userNonVisibleData the data that is part of the signature process but should not be displayed to the user
    *          (base64-encoded)
    */
@@ -64,7 +66,7 @@ public void setUserNonVisibleData(final String userNonVisibleData) {
 
   /**
    * Returns the data that is part of the signature process but should not be displayed to the user.
-   * 
+   *
    * @return data to be signed, but not displayed to the user
    */
   public String getUserNonVisibleData() {

bankid-api/src/main/java/se/swedenconnect/bankid/rpapi/service/SignatureRequest.java

@@ -15,6 +15,8 @@
  */
 package se.swedenconnect.bankid.rpapi.service;
 
+import jakarta.annotation.Nonnull;
+import jakarta.annotation.Nullable;
 import se.swedenconnect.bankid.rpapi.types.BankIDException;
 import se.swedenconnect.bankid.rpapi.types.Requirement;
 
@@ -24,57 +26,47 @@
  * @author Martin Lindström
  * @author Felix Hellman
  */
-public class SignatureRequest {
-
-  /** The The user IP address as seen by RP. */
-  private final String endUserIp;
-
-  /** The data to sign (and display). */
-  private final DataToSign dataToSign;
-
-  /** Requirements on how the sign order must be performed. */
-  private final Requirement requirement;
+public class SignatureRequest extends AuthenticateRequest {
 
   /**
    * Creates parameter object for an {@link BankIDClient#sign(SignatureRequest)} call.
    *
    * @param endUserIp the user IP address as seen by the relying party
    * @param dataToSign the data to sign
-   * @param requirement used by the relying party to set requirements how the sign operation must be performed. Default
-   *          rules are applied if omitted
+   * @param requirement used by the relying party to set requirements how the sign operation must be performed.
+   *     Default rules are applied if omitted
    * @throws BankIDException for errors
    */
-  public SignatureRequest(final String endUserIp, final DataToSign dataToSign, final Requirement requirement) {
-    this.endUserIp = endUserIp;
-    this.dataToSign = dataToSign;
-    this.requirement = requirement;
+  /*
+  public SignatureRequest(@Nonnull final String endUserIp, @Nonnull final DataToSign dataToSign,
+      @Nullable final Requirement requirement) {
+    super(endUserIp, dataToSign, requirement);
   }
+   */
 
   /**
-   * Gets the user IP address as seen by the relying party.
+   * Creates parameter object for an {@link BankIDClient#sign(SignatureRequest)} call.
    *
-   * @return the user IP
+   * @param endUserIp the user IP address as seen by the relying party
+   * @param dataToSign the data to sign
+   * @param requirement used by the relying party to set requirements how the sign operation must be performed.
+   *     Default rules are applied if omitted
+   * @param returnUrl the returnUrl given when starting the app on the same device
+   * @param nonce the nonce given when starting the app on the same device
+   * @throws BankIDException for errors
    */
-  public String getEndUserIp() {
-    return this.endUserIp;
+  public SignatureRequest(@Nonnull final String endUserIp, @Nonnull final DataToSign dataToSign,
+      @Nullable final Requirement requirement, @Nullable final String returnUrl, @Nullable final String nonce) {
+    super(endUserIp, dataToSign, requirement, returnUrl, nonce);
   }
 
   /**
    * Gets the data to sign.
-   * 
+   *
    * @return the data to sign
    */
   public DataToSign getDataToSign() {
-    return this.dataToSign;
+    return (DataToSign) this.getUserVisibleData();
   }
 
-  /**
-   * Gets the signing requirements.
-   * 
-   * @return the {@link Requirement} or {@code null}
-   */
-  public Requirement getRequirement() {
-    return this.requirement;
-  }
-
 }

bankid-api/src/main/java/se/swedenconnect/bankid/rpapi/service/UserVisibleData.java

@@ -15,6 +15,7 @@
  */
 package se.swedenconnect.bankid.rpapi.service;
 
+import java.io.Serial;
 import java.io.Serializable;
 import java.nio.charset.StandardCharsets;
 import java.util.Base64;
@@ -25,11 +26,12 @@
 /**
  * Class that represents the BankID {@code userVisibleData} and {@code userVisibleDataFormat} parameters that may be
  * used in calls to authenticate and sign.
- * 
+ *
  * @author Martin Lindström
  */
 public class UserVisibleData implements Serializable {
 
+  @Serial
   private static final long serialVersionUID = LibraryVersion.SERIAL_VERSION_UID;
 
   /** Constant for the Simple Markdown V1 format. */
@@ -53,7 +55,7 @@ public UserVisibleData() {
    * By using this method, the caller can assign the text that will be displayed to the user. The method will take care
    * of Base64-encoding.
    * </p>
-   * 
+   *
    * @param displayText the (non-encoded) display text
    * @see #setUserVisibleData(String)
    */
@@ -67,7 +69,7 @@ public void setDisplayText(final String displayText) {
    * <p>
    * See also {@link #setDisplayText(String)}.
    * </p>
-   * 
+   *
    * @param userVisibleData base64-encoded data to be displayed
    */
   public void setUserVisibleData(final String userVisibleData) {
@@ -76,8 +78,8 @@ public void setUserVisibleData(final String userVisibleData) {
 
   /**
    * Returns the text to be displayed. The returned string is Base64 encoded.
-   * 
-   * 
+   *
+   *
    * @return text to be displayed and signed (base64-encoded)
    */
   public String getUserVisibleData() {
@@ -86,7 +88,7 @@ public String getUserVisibleData() {
 
   /**
    * Gets the identifier for formatting the user visible data.
-   * 
+   *
    * @return formatting identifier or {@code null} if not assigned
    */
   public String getUserVisibleDataFormat() {
@@ -95,7 +97,7 @@ public String getUserVisibleDataFormat() {
 
   /**
    * Assigns the identifier for formatting the user visible data.
-   * 
+   *
    * @param userVisibleDataFormat formatting identifier
    */
   public void setUserVisibleDataFormat(final String userVisibleDataFormat) {