Spring Security Add Static Factories to Saml2X509Credential

Saml2X509Credential constructors are somewhat complicated to use.

For example, there are possible constructs that don't make sense:

new Saml2X509Credential(privateKey, x509Cerificate, Saml2X509CredentialType.ENCRYPTION)

The above is awkward in the context of SAML 2.0 since the common use case for encryption is to encrypt something using the other party's public certificate, not their private key as well.

Also, some constructs are possible at compile-time, but then throw an exception at runtime:

new Saml2X509Credential(x509Cerificate, Saml2X509CredentialType.DECRYPTION)

When run, the above will error because no private key was supplied.

Both of these scenarios can be addressed by adding some simple static factories to Saml2X509Credential like:

public static Saml2X509Credential encryption(X509Certificiate certificate) { ... }

public static Saml2X509Credential decryption(PrivateKey key, X509Certificate certificate) { ... }

The nice thing about these as well is that they remove the application's need to work with the Saml2X509CredentialType class, further simplifying their application.

Comment From: ThomasVitale

Hi @jzheaux, can I help with this task?

Comment From: jzheaux

Nice, @ThomasVitale! The issue is yours.

Comment From: ThomasVitale

@jzheaux I opened a PR here: https://github.com/spring-projects/spring-security/pull/8822 I added static factories for the 4 main operations plus unit tests. How does it look?