org.springframework.security.saml2.credentials

Class Saml2X509Credential

java.lang.Object

org.springframework.security.saml2.credentials.Saml2X509Credential

public class Saml2X509Credential
extends java.lang.Object

Saml2X509Credential is meant to hold an X509 certificate, or an X509 certificate and a private key. Per: https://www.oasis-open.org/committees/download.php/8958/sstc-saml-implementation-guidelines-draft-01.pdf Line: 584, Section 4.3 Credentials Used for both signing, signature verification and encryption/decryption

Since:

5.2

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	Saml2X509Credential.Saml2X509CredentialType

Constructor Summary

Constructors

Constructor and Description
Saml2X509Credential(java.security.PrivateKey privateKey, java.security.cert.X509Certificate certificate, Saml2X509Credential.Saml2X509CredentialType... types) Creates a Saml2X509Credentials representing Service Provider credentials for signing, decryption or both.
Saml2X509Credential(java.security.cert.X509Certificate certificate, Saml2X509Credential.Saml2X509CredentialType... types) Creates a Saml2X509Credentials representing Identity Provider credentials for verification, encryption or both.

Method Summary

Modifier and Type	Method and Description
java.security.cert.X509Certificate	getCertificate() Returns the X509 certificate for ths credential.
protected java.util.Set<Saml2X509Credential.Saml2X509CredentialType>	getCredentialTypes() Returns the credential types for this credential.
java.security.PrivateKey	getPrivateKey() Returns the private key, or null if this credential type doesn't require one.
boolean	isDecryptionCredential() Returns true if the credential has a private key and can be used for decryption, the types will contain Saml2X509Credential.Saml2X509CredentialType.DECRYPTION.
boolean	isEncryptionCredential() Returns true if the credential has a certificate and can be used for signature verification, the types will contain Saml2X509Credential.Saml2X509CredentialType.VERIFICATION.
boolean	isSignatureVerficationCredential() Returns true if the credential has a certificate and can be used for signature verification, the types will contain Saml2X509Credential.Saml2X509CredentialType.VERIFICATION.
boolean	isSigningCredential() Returns true if the credential has a private key and can be used for signing, the types will contain Saml2X509Credential.Saml2X509CredentialType.SIGNING.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

Saml2X509Credential

public Saml2X509Credential(java.security.cert.X509Certificate certificate,
                           Saml2X509Credential.Saml2X509CredentialType... types)

Creates a Saml2X509Credentials representing Identity Provider credentials for verification, encryption or both.

Parameters:

certificate - an IDP X509Certificate, cannot be null

types - credential types, must be one of Saml2X509Credential.Saml2X509CredentialType.VERIFICATION or Saml2X509Credential.Saml2X509CredentialType.ENCRYPTION or both.

Saml2X509Credential

public Saml2X509Credential(java.security.PrivateKey privateKey,
                           java.security.cert.X509Certificate certificate,
                           Saml2X509Credential.Saml2X509CredentialType... types)

Creates a Saml2X509Credentials representing Service Provider credentials for signing, decryption or both.

Parameters:

privateKey - a private key used for signing or decryption, cannot be null

certificate - an SP X509Certificate shared with identity providers, cannot be null

types - credential types, must be one of Saml2X509Credential.Saml2X509CredentialType.SIGNING or Saml2X509Credential.Saml2X509CredentialType.DECRYPTION or both.

Method Detail

isSigningCredential

public boolean isSigningCredential()

Returns true if the credential has a private key and can be used for signing, the types will contain Saml2X509Credential.Saml2X509CredentialType.SIGNING.

Returns:

true if the credential is a Saml2X509Credential.Saml2X509CredentialType.SIGNING type

isDecryptionCredential

public boolean isDecryptionCredential()

Returns true if the credential has a private key and can be used for decryption, the types will contain Saml2X509Credential.Saml2X509CredentialType.DECRYPTION.

Returns:

true if the credential is a Saml2X509Credential.Saml2X509CredentialType.DECRYPTION type

isSignatureVerficationCredential

public boolean isSignatureVerficationCredential()

Returns true if the credential has a certificate and can be used for signature verification, the types will contain Saml2X509Credential.Saml2X509CredentialType.VERIFICATION.

Returns:

true if the credential is a Saml2X509Credential.Saml2X509CredentialType.VERIFICATION type

isEncryptionCredential

public boolean isEncryptionCredential()

Returns true if the credential has a certificate and can be used for signature verification, the types will contain Saml2X509Credential.Saml2X509CredentialType.VERIFICATION.

Returns:

true if the credential is a Saml2X509Credential.Saml2X509CredentialType.VERIFICATION type

getCredentialTypes

protected java.util.Set<Saml2X509Credential.Saml2X509CredentialType> getCredentialTypes()

Returns the credential types for this credential.

Returns:

a set of credential types/usages that this credential can be used for

getPrivateKey

public java.security.PrivateKey getPrivateKey()

Returns the private key, or null if this credential type doesn't require one.

Returns:

the private key, or null

See Also:

#Saml2X509Credential(PrivateKey, X509Certificate, Saml2X509CredentialType...)}

getCertificate

public java.security.cert.X509Certificate getCertificate()

Returns the X509 certificate for ths credential. Cannot be null

Returns:

the X509 certificate