Spring Security Make OpenSamlMetadataRelyingPartyRegistrationConverter public

Expected Behavior

Class and its methods should be public.

Current Behavior

Class and its methods are package-private.

Context

To allow writing alternatives to RelyingPartyRegistrations and others by adapting OpenSAML APIs. For example, in order to implement verification (https://github.com/spring-projects/spring-security/issues/15018#issuecomment-2110477455) and refreshing (https://github.com/spring-projects/spring-security/issues/15027#issuecomment-2100971114).

Comment From: jzheaux

I believe this will be addressed in #12116. I'll leave this ticket open for the moment just in case the other evolves differently than I imagine.

Comment From: OrangeDog

Workaround:

try {
    Class<?> converterClass = Class.forName("org.springframework.security.saml2.provider.service.registration.OpenSamlMetadataRelyingPartyRegistrationConverter");
    Constructor<?> converterConstructor = converterClass.getDeclaredConstructor();
    converterConstructor.setAccessible(true);
    Object converterInstance = converterConstructor.newInstance();
    Method converterMethod = converterClass.getDeclaredMethod("convert", EntityDescriptor.class);
    converterMethod.setAccessible(true);
    this.converter = value -> {
        try {
            return (RelyingPartyRegistration.Builder) converterMethod.invoke(converterInstance, value);
        } catch (InvocationTargetException ex) {
            if (ex.getTargetException() instanceof RuntimeException cause) {
                throw cause;
            } else {
                throw new RuntimeException("Cannot convert metadata", ex);
            }
        } catch (IllegalAccessException ex) {
            throw new IllegalStateException("Cannot convert metadata", ex);
        }
    };
}
catch (ReflectiveOperationException ex) {
    throw new IllegalStateException("Cannot initialise metadata converter", ex);
}