Package org.mockserver.saml

Class SamlSigningCredential

java.lang.Object
org.mockserver.saml.SamlSigningCredential
public class SamlSigningCredential extends Object
The RSA signing credential (private key + X.509 certificate) used to enveloped-sign SAML assertions and to publish the IdP signing certificate in the metadata.

If the configuration supplies a PEM-encoded certificate and key they are parsed and reused (mirroring the way the TLS layer accepts user-provided certificates); otherwise a fresh self-signed RSA-2048 credential is generated with the existing AsymmetricKeyGenerator and BouncyCastle certificate builder (the same building blocks the TLS BCKeyAndCertificateFactory uses), so no real IdP infrastructure is required.

  • Method Details

    • from

      public static SamlSigningCredential from(SamlProviderConfiguration config)
      Builds the signing credential from configuration: parses a supplied PEM pair if present, otherwise generates a self-signed credential keyed to the IdP entity id. The signing algorithm defaults to RSA-2048/SHA-256 (the historic default) but can be overridden via SamlProviderConfiguration.getSigningAlgorithm() (e.g. ES256, RS512).

    • getPrivateKey

      public PrivateKey getPrivateKey()

    • getAlgorithm

      public AsymmetricKeyPairAlgorithm getAlgorithm()
      The signing algorithm used by this credential, which determines the XML-DSig SignatureMethod/DigestMethod used when enveloped-signing assertions.

    • getCertificate

      public X509Certificate getCertificate()

    • getCertificateBase64

      public String getCertificateBase64()
      The base64 DER of the certificate, exactly as embedded in a SAML <ds:X509Certificate> or metadata <ds:X509Certificate> element (no PEM header/footer, no line wrapping).