View Javadoc
1   /**
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements. See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership. The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License. You may obtain a copy of the License at
9    *
10   * http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied. See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.wss4j.stax.test;
20  
21  import java.io.InputStream;
22  import java.security.KeyStore;
23  import java.security.cert.Certificate;
24  import java.security.cert.X509Certificate;
25  import java.time.ZoneOffset;
26  import java.time.ZonedDateTime;
27  import java.util.LinkedList;
28  import java.util.List;
29  
30  import javax.xml.namespace.QName;
31  
32  import org.apache.wss4j.common.crypto.WSProviderConfig;
33  import org.apache.wss4j.common.ext.WSSecurityException;
34  import org.apache.wss4j.common.saml.SAMLCallback;
35  import org.apache.wss4j.common.saml.SamlAssertionWrapper;
36  import org.apache.wss4j.common.saml.bean.SubjectBean;
37  import org.apache.wss4j.common.saml.bean.Version;
38  import org.apache.wss4j.common.util.DateUtil;
39  import org.apache.wss4j.stax.ext.WSSConstants;
40  import org.apache.wss4j.stax.impl.InboundWSSecurityContextImpl;
41  import org.apache.wss4j.stax.impl.securityToken.HttpsSecurityTokenImpl;
42  import org.apache.wss4j.stax.impl.securityToken.SamlSecurityTokenImpl;
43  import org.apache.wss4j.stax.impl.securityToken.UsernameSecurityTokenImpl;
44  import org.apache.wss4j.stax.impl.securityToken.X509SecurityTokenImpl;
45  import org.apache.wss4j.stax.securityEvent.EncryptedPartSecurityEvent;
46  import org.apache.wss4j.stax.securityEvent.HttpsTokenSecurityEvent;
47  import org.apache.wss4j.stax.securityEvent.OperationSecurityEvent;
48  import org.apache.wss4j.stax.securityEvent.RequiredElementSecurityEvent;
49  import org.apache.wss4j.stax.securityEvent.SamlTokenSecurityEvent;
50  import org.apache.wss4j.stax.securityEvent.SignatureConfirmationSecurityEvent;
51  import org.apache.wss4j.stax.securityEvent.SignedPartSecurityEvent;
52  import org.apache.wss4j.stax.securityEvent.TimestampSecurityEvent;
53  import org.apache.wss4j.stax.securityEvent.UsernameTokenSecurityEvent;
54  import org.apache.wss4j.stax.securityEvent.X509TokenSecurityEvent;
55  import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
56  import org.apache.wss4j.stax.setup.WSSec;
57  import org.apache.xml.security.exceptions.XMLSecurityException;
58  import org.apache.xml.security.stax.config.Init;
59  import org.apache.xml.security.stax.ext.XMLSecurityConstants;
60  import org.apache.xml.security.stax.ext.stax.XMLSecEvent;
61  import org.apache.xml.security.stax.ext.stax.XMLSecEventFactory;
62  import org.apache.xml.security.stax.impl.util.IDGenerator;
63  import org.apache.xml.security.stax.securityEvent.EncryptedElementSecurityEvent;
64  import org.apache.xml.security.stax.securityEvent.SecurityEvent;
65  import org.apache.xml.security.stax.securityEvent.SecurityEventListener;
66  import org.apache.xml.security.stax.securityEvent.SignatureValueSecurityEvent;
67  import org.apache.xml.security.stax.securityEvent.SignedElementSecurityEvent;
68  import org.junit.jupiter.api.BeforeAll;
69  import org.junit.jupiter.api.Test;
70  
71  import static org.junit.jupiter.api.Assertions.assertEquals;
72  import static org.junit.jupiter.api.Assertions.assertTrue;
73  
74  public class InboundWSSecurityContextImplTest {
75  
76      @BeforeAll
77      public static void setUp() throws Exception {
78          WSProviderConfig.init();
79          Init.init(WSSec.class.getClassLoader().getResource("wss/wss-config.xml").toURI(), WSSec.class);
80      }
81  
82      @Test
83      public void testTokenIdentificationTransportSecurity() throws Exception {
84  
85          final List<SecurityEvent> securityEventList = generateTransportBindingSecurityEvents();
86  
87          assertEquals(securityEventList.size(), 11);
88  
89          for (SecurityEvent securityEvent : securityEventList) {
90              if (securityEvent instanceof HttpsTokenSecurityEvent) {
91                  HttpsTokenSecurityEvent tokenSecurityEvent = (HttpsTokenSecurityEvent) securityEvent;
92                  assertEquals(tokenSecurityEvent.getSecurityToken().getTokenUsages().size(), 2);
93                  assertTrue(tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TOKENUSAGE_MAIN_SIGNATURE));
94                  assertTrue(tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TOKENUSAGE_MAIN_ENCRYPTION));
95              } else if (securityEvent instanceof X509TokenSecurityEvent) {
96                  X509TokenSecurityEvent tokenSecurityEvent = (X509TokenSecurityEvent) securityEvent;
97                  assertEquals(tokenSecurityEvent.getSecurityToken().getTokenUsages().size(), 1);
98                  assertTrue(tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TOKENUSAGE_SIGNED_ENDORSING_ENCRYPTED_SUPPORTING_TOKENS));
99              } else if (securityEvent instanceof UsernameTokenSecurityEvent) {
100                 UsernameTokenSecurityEvent tokenSecurityEvent = (UsernameTokenSecurityEvent) securityEvent;
101                 assertEquals(tokenSecurityEvent.getSecurityToken().getTokenUsages().size(), 1);
102                 assertTrue(tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TOKENUSAGE_SIGNED_ENCRYPTED_SUPPORTING_TOKENS));
103             }
104         }
105     }
106 
107     public List<SecurityEvent> generateTransportBindingSecurityEvents() throws Exception {
108 
109         final List<SecurityEvent> securityEventList = new LinkedList<>();
110 
111         SecurityEventListener securityEventListener = new SecurityEventListener() {
112             @Override
113             public void registerSecurityEvent(SecurityEvent securityEvent) throws WSSecurityException {
114                 securityEventList.add(securityEvent);
115             }
116         };
117 
118         InboundWSSecurityContextImpl inboundWSSecurityContext = new InboundWSSecurityContextImpl();
119         inboundWSSecurityContext.addSecurityEventListener(securityEventListener);
120         inboundWSSecurityContext.put(WSSConstants.TRANSPORT_SECURITY_ACTIVE, Boolean.TRUE);
121 
122         HttpsTokenSecurityEvent httpsTokenSecurityEvent = new HttpsTokenSecurityEvent();
123         httpsTokenSecurityEvent.setSecurityToken(
124                 new HttpsSecurityTokenImpl(
125                         getX509Token(WSSecurityTokenConstants.X509V3Token).getX509Certificates()[0]));
126         inboundWSSecurityContext.registerSecurityEvent(httpsTokenSecurityEvent);
127 
128         TimestampSecurityEvent timestampSecurityEvent = new TimestampSecurityEvent();
129         inboundWSSecurityContext.registerSecurityEvent(timestampSecurityEvent);
130 
131         List<QName> timestampPath = new LinkedList<>();
132         timestampPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
133         timestampPath.add(WSSConstants.TAG_WSU_TIMESTAMP);
134 
135         RequiredElementSecurityEvent timestampRequiredElementSecurityEvent = new RequiredElementSecurityEvent();
136         timestampRequiredElementSecurityEvent.setElementPath(timestampPath);
137         inboundWSSecurityContext.registerSecurityEvent(timestampRequiredElementSecurityEvent);
138 
139         List<QName> usernameTokenPath = new LinkedList<>();
140         usernameTokenPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
141         usernameTokenPath.add(WSSConstants.TAG_WSSE_USERNAME_TOKEN);
142 
143         XMLSecEvent usernameTokenXmlEvent = XMLSecEventFactory.createXmlSecStartElement(WSSConstants.TAG_WSSE_USERNAME_TOKEN, null, null);
144 
145         UsernameTokenSecurityEvent usernameTokenSecurityEvent = new UsernameTokenSecurityEvent();
146         ZonedDateTime now = ZonedDateTime.now(ZoneOffset.UTC);
147         String created = DateUtil.getDateTimeFormatter(true).format(now);
148         UsernameSecurityTokenImpl usernameSecurityToken = new UsernameSecurityTokenImpl(
149                 WSSConstants.UsernameTokenPasswordType.PASSWORD_TEXT,
150                 "username", "password", created, null, new byte[10], 10L,
151                 null, IDGenerator.generateID(null), WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE);
152         usernameSecurityToken.setElementPath(usernameTokenPath);
153         usernameSecurityToken.setXMLSecEvent(usernameTokenXmlEvent);
154         usernameTokenSecurityEvent.setSecurityToken(usernameSecurityToken);
155         inboundWSSecurityContext.registerSecurityEvent(usernameTokenSecurityEvent);
156 
157         SignatureConfirmationSecurityEvent signatureConfirmationSecurityEvent = new SignatureConfirmationSecurityEvent();
158         inboundWSSecurityContext.registerSecurityEvent(signatureConfirmationSecurityEvent);
159 
160         List<QName> scPath = new LinkedList<>();
161         scPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
162         scPath.add(WSSConstants.TAG_WSSE11_SIG_CONF);
163 
164         RequiredElementSecurityEvent scRequiredElementSecurityEvent = new RequiredElementSecurityEvent();
165         scRequiredElementSecurityEvent.setElementPath(scPath);
166         inboundWSSecurityContext.registerSecurityEvent(scRequiredElementSecurityEvent);
167 
168         List<QName> bstPath = new LinkedList<>();
169         bstPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
170         bstPath.add(WSSConstants.TAG_WSSE_BINARY_SECURITY_TOKEN);
171 
172         XMLSecEvent signedEndorsingSupportingTokenXmlEvent = XMLSecEventFactory.createXmlSecStartElement(WSSConstants.TAG_WSSE_USERNAME_TOKEN, null, null);
173 
174         X509TokenSecurityEvent x509TokenSecurityEvent = new X509TokenSecurityEvent();
175         X509SecurityTokenImpl signedEndorsingEncryptedSupportingToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
176         signedEndorsingEncryptedSupportingToken.setElementPath(bstPath);
177         signedEndorsingEncryptedSupportingToken.setXMLSecEvent(signedEndorsingSupportingTokenXmlEvent);
178         x509TokenSecurityEvent.setSecurityToken(signedEndorsingEncryptedSupportingToken);
179         signedEndorsingEncryptedSupportingToken.addTokenUsage(WSSecurityTokenConstants.TokenUsage_Signature);
180         inboundWSSecurityContext.registerSecurityEvent(x509TokenSecurityEvent);
181 
182         SignatureValueSecurityEvent signatureValueSecurityEvent = new SignatureValueSecurityEvent();
183         inboundWSSecurityContext.registerSecurityEvent(signatureValueSecurityEvent);
184 
185         List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<>();
186         protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
187 
188         SignedElementSecurityEvent signedTimestampElementSecurityEvent = new SignedElementSecurityEvent(signedEndorsingEncryptedSupportingToken, true, protectionOrder);
189         signedTimestampElementSecurityEvent.setElementPath(timestampPath);
190         inboundWSSecurityContext.registerSecurityEvent(signedTimestampElementSecurityEvent);
191 
192         SignedElementSecurityEvent signedBSTElementSecurityEvent = new SignedElementSecurityEvent(signedEndorsingEncryptedSupportingToken, true, protectionOrder);
193         signedBSTElementSecurityEvent.setElementPath(bstPath);
194         signedBSTElementSecurityEvent.setXmlSecEvent(signedEndorsingSupportingTokenXmlEvent);
195         inboundWSSecurityContext.registerSecurityEvent(signedBSTElementSecurityEvent);
196 
197         OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
198         operationSecurityEvent.setOperation(new QName("definitions"));
199         inboundWSSecurityContext.registerSecurityEvent(operationSecurityEvent);
200 
201         return securityEventList;
202     }
203 
204     @Test
205     public void testTokenIdentificationAsymmetricSecurity() throws Exception {
206 
207         final List<SecurityEvent> securityEventList = generateAsymmetricBindingSecurityEvents();
208 
209         boolean mainSignatureTokenOccured = false;
210         boolean signedEndorsingSupportingTokenOccured = false;
211         boolean signedEndorsingEncryptedSupportingTokenOccured = false;
212         boolean supportingTokensOccured = false;
213         boolean encryptedSupportingTokensOccured = false;
214         boolean mainEncryptionTokenOccured = false;
215         boolean usernameTokenOccured = false;
216         assertEquals(securityEventList.size(), 34);
217         int x509TokenIndex = 0;
218         for (SecurityEvent securityEvent : securityEventList) {
219             if (securityEvent instanceof X509TokenSecurityEvent && x509TokenIndex == 0) {
220                 x509TokenIndex++;
221                 X509TokenSecurityEvent tokenSecurityEvent = (X509TokenSecurityEvent) securityEvent;
222                 assertEquals(tokenSecurityEvent.getSecurityToken().getTokenUsages().size(), 1);
223                 assertTrue(tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TOKENUSAGE_MAIN_ENCRYPTION));
224                 mainEncryptionTokenOccured = true;
225             } else if (securityEvent instanceof X509TokenSecurityEvent && x509TokenIndex == 1) {
226                 x509TokenIndex++;
227                 X509TokenSecurityEvent tokenSecurityEvent = (X509TokenSecurityEvent) securityEvent;
228                 assertEquals(tokenSecurityEvent.getSecurityToken().getTokenUsages().size(), 1);
229                 assertTrue(tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TOKENUSAGE_ENCRYPTED_SUPPORTING_TOKENS));
230                 signedEndorsingSupportingTokenOccured = true;
231             } else if (securityEvent instanceof X509TokenSecurityEvent && x509TokenIndex == 2) {
232                 x509TokenIndex++;
233                 X509TokenSecurityEvent tokenSecurityEvent = (X509TokenSecurityEvent) securityEvent;
234                 assertEquals(tokenSecurityEvent.getSecurityToken().getTokenUsages().size(), 1);
235                 assertTrue(tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS));
236                 encryptedSupportingTokensOccured = true;
237             } else if (securityEvent instanceof X509TokenSecurityEvent && x509TokenIndex == 3) {
238                 x509TokenIndex++;
239                 X509TokenSecurityEvent tokenSecurityEvent = (X509TokenSecurityEvent) securityEvent;
240                 assertEquals(tokenSecurityEvent.getSecurityToken().getTokenUsages().size(), 1);
241                 assertTrue(tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TOKENUSAGE_MAIN_SIGNATURE));
242                 supportingTokensOccured = true;
243             } else if (securityEvent instanceof X509TokenSecurityEvent && x509TokenIndex == 4) {
244                 x509TokenIndex++;
245                 X509TokenSecurityEvent tokenSecurityEvent = (X509TokenSecurityEvent) securityEvent;
246                 assertEquals(tokenSecurityEvent.getSecurityToken().getTokenUsages().size(), 1);
247                 assertTrue(tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TOKENUSAGE_SIGNED_ENDORSING_SUPPORTING_TOKENS));
248                 signedEndorsingEncryptedSupportingTokenOccured = true;
249             } else if (securityEvent instanceof X509TokenSecurityEvent && x509TokenIndex == 5) {
250                 x509TokenIndex++;
251                 X509TokenSecurityEvent tokenSecurityEvent = (X509TokenSecurityEvent) securityEvent;
252                 assertEquals(tokenSecurityEvent.getSecurityToken().getTokenUsages().size(), 1);
253                 assertTrue(tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TOKENUSAGE_SIGNED_ENDORSING_ENCRYPTED_SUPPORTING_TOKENS));
254                 mainSignatureTokenOccured = true;
255             } else if (securityEvent instanceof UsernameTokenSecurityEvent) {
256                 UsernameTokenSecurityEvent tokenSecurityEvent = (UsernameTokenSecurityEvent) securityEvent;
257                 assertEquals(tokenSecurityEvent.getSecurityToken().getTokenUsages().size(), 1);
258                 assertTrue(tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TOKENUSAGE_SIGNED_ENCRYPTED_SUPPORTING_TOKENS));
259                 usernameTokenOccured = true;
260             }
261         }
262 
263         assertTrue(mainSignatureTokenOccured);
264         assertTrue(mainEncryptionTokenOccured);
265         assertTrue(signedEndorsingSupportingTokenOccured);
266         assertTrue(signedEndorsingEncryptedSupportingTokenOccured);
267         assertTrue(supportingTokensOccured);
268         assertTrue(encryptedSupportingTokensOccured);
269         assertTrue(usernameTokenOccured);
270     }
271 
272     public List<SecurityEvent> generateAsymmetricBindingSecurityEvents() throws Exception {
273         final List<SecurityEvent> securityEventList = new LinkedList<>();
274 
275         SecurityEventListener securityEventListener = new SecurityEventListener() {
276             @Override
277             public void registerSecurityEvent(SecurityEvent securityEvent) throws WSSecurityException {
278                 securityEventList.add(securityEvent);
279             }
280         };
281 
282         InboundWSSecurityContextImpl inboundWSSecurityContext = new InboundWSSecurityContextImpl();
283         inboundWSSecurityContext.addSecurityEventListener(securityEventListener);
284 
285         TimestampSecurityEvent timestampSecurityEvent = new TimestampSecurityEvent();
286         inboundWSSecurityContext.registerSecurityEvent(timestampSecurityEvent);
287 
288         List<QName> timestampPath = new LinkedList<>();
289         timestampPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
290         timestampPath.add(WSSConstants.TAG_WSU_TIMESTAMP);
291 
292         RequiredElementSecurityEvent timestampRequiredElementSecurityEvent = new RequiredElementSecurityEvent();
293         timestampRequiredElementSecurityEvent.setElementPath(timestampPath);
294         inboundWSSecurityContext.registerSecurityEvent(timestampRequiredElementSecurityEvent);
295 
296         SignatureConfirmationSecurityEvent signatureConfirmationSecurityEvent = new SignatureConfirmationSecurityEvent();
297         inboundWSSecurityContext.registerSecurityEvent(signatureConfirmationSecurityEvent);
298 
299         List<QName> scPath = new LinkedList<>();
300         scPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
301         scPath.add(WSSConstants.TAG_WSSE11_SIG_CONF);
302 
303         RequiredElementSecurityEvent scRequiredElementSecurityEvent = new RequiredElementSecurityEvent();
304         scRequiredElementSecurityEvent.setElementPath(scPath);
305         inboundWSSecurityContext.registerSecurityEvent(scRequiredElementSecurityEvent);
306 
307         List<QName> bstPath = new LinkedList<>();
308         bstPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
309         bstPath.add(WSSConstants.TAG_WSSE_BINARY_SECURITY_TOKEN);
310 
311         XMLSecEvent recipientTokenXmlEvent = XMLSecEventFactory.createXmlSecStartElement(WSSConstants.TAG_WSSE_USERNAME_TOKEN, null, null);
312 
313         X509TokenSecurityEvent recipientX509TokenSecurityEvent = new X509TokenSecurityEvent();
314         X509SecurityTokenImpl recipientToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
315         recipientX509TokenSecurityEvent.setSecurityToken(recipientToken);
316         recipientToken.setElementPath(bstPath);
317         recipientToken.setXMLSecEvent(recipientTokenXmlEvent);
318         recipientToken.addTokenUsage(WSSecurityTokenConstants.TokenUsage_Encryption);
319         inboundWSSecurityContext.registerSecurityEvent(recipientX509TokenSecurityEvent);
320 
321         List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<>();
322         protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
323         protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
324 
325         List<QName> signaturePath = new LinkedList<>();
326         signaturePath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
327         signaturePath.add(WSSConstants.TAG_dsig_Signature);
328 
329         EncryptedElementSecurityEvent signatureEncryptedElementSecurityEvent = new EncryptedElementSecurityEvent(recipientToken, true, protectionOrder);
330         signatureEncryptedElementSecurityEvent.setElementPath(signaturePath);
331         inboundWSSecurityContext.registerSecurityEvent(signatureEncryptedElementSecurityEvent);
332 
333         List<QName> usernameTokenPath = new LinkedList<>();
334         usernameTokenPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
335         usernameTokenPath.add(WSSConstants.TAG_WSSE_USERNAME_TOKEN);
336 
337         XMLSecEvent usernameTokenXmlEvent = XMLSecEventFactory.createXmlSecStartElement(WSSConstants.TAG_WSSE_USERNAME_TOKEN, null, null);
338 
339         EncryptedElementSecurityEvent usernameEncryptedElementSecurityEvent = new EncryptedElementSecurityEvent(recipientToken, true, protectionOrder);
340         usernameEncryptedElementSecurityEvent.setElementPath(usernameTokenPath);
341         usernameEncryptedElementSecurityEvent.setXmlSecEvent(usernameTokenXmlEvent);
342         inboundWSSecurityContext.registerSecurityEvent(usernameEncryptedElementSecurityEvent);
343 
344         XMLSecEvent signedEndorsingEncryptedTokenXmlEvent = XMLSecEventFactory.createXmlSecStartElement(WSSConstants.TAG_WSSE_USERNAME_TOKEN, null, null);
345 
346         EncryptedElementSecurityEvent signedEndorsedEncryptedTokenEncryptedElementSecurityEvent = new EncryptedElementSecurityEvent(recipientToken, true, protectionOrder);
347         signedEndorsedEncryptedTokenEncryptedElementSecurityEvent.setElementPath(bstPath);
348         signedEndorsedEncryptedTokenEncryptedElementSecurityEvent.setXmlSecEvent(signedEndorsingEncryptedTokenXmlEvent);
349         inboundWSSecurityContext.registerSecurityEvent(signedEndorsedEncryptedTokenEncryptedElementSecurityEvent);
350 
351         XMLSecEvent encryptedSupportingTokenXmlEvent = XMLSecEventFactory.createXmlSecStartElement(WSSConstants.TAG_WSSE_USERNAME_TOKEN, null, null);
352 
353         EncryptedElementSecurityEvent encryptedSupportingTokenEncryptedElementSecurityEvent = new EncryptedElementSecurityEvent(recipientToken, true, protectionOrder);
354         encryptedSupportingTokenEncryptedElementSecurityEvent.setElementPath(bstPath);
355         encryptedSupportingTokenEncryptedElementSecurityEvent.setXmlSecEvent(encryptedSupportingTokenXmlEvent);
356         inboundWSSecurityContext.registerSecurityEvent(encryptedSupportingTokenEncryptedElementSecurityEvent);
357 
358         UsernameTokenSecurityEvent usernameTokenSecurityEvent = new UsernameTokenSecurityEvent();
359         ZonedDateTime now = ZonedDateTime.now(ZoneOffset.UTC);
360         String created = DateUtil.getDateTimeFormatter(true).format(now);
361         UsernameSecurityTokenImpl usernameSecurityToken = new UsernameSecurityTokenImpl(
362                 WSSConstants.UsernameTokenPasswordType.PASSWORD_TEXT,
363                 "username", "password", created, null, new byte[10], 10L,
364                 null, IDGenerator.generateID(null), WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE);
365         usernameSecurityToken.setElementPath(usernameTokenPath);
366         usernameSecurityToken.setXMLSecEvent(usernameTokenXmlEvent);
367         usernameTokenSecurityEvent.setSecurityToken(usernameSecurityToken);
368         inboundWSSecurityContext.registerSecurityEvent(usernameTokenSecurityEvent);
369 
370         XMLSecEvent signedEndorsingTokenXmlEvent = XMLSecEventFactory.createXmlSecStartElement(WSSConstants.TAG_WSSE_USERNAME_TOKEN, null, null);
371 
372         X509TokenSecurityEvent signedEndorsingSupporting509TokenSecurityEvent = new X509TokenSecurityEvent();
373         X509SecurityTokenImpl signedEndorsingSupportingToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
374         signedEndorsingSupporting509TokenSecurityEvent.setSecurityToken(signedEndorsingSupportingToken);
375         signedEndorsingSupportingToken.setElementPath(bstPath);
376         signedEndorsingSupportingToken.setXMLSecEvent(signedEndorsingTokenXmlEvent);
377         inboundWSSecurityContext.registerSecurityEvent(signedEndorsingSupporting509TokenSecurityEvent);
378 
379         X509TokenSecurityEvent encryptedSupporting509TokenSecurityEvent = new X509TokenSecurityEvent();
380         X509SecurityTokenImpl encryptedSupportingToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
381         encryptedSupporting509TokenSecurityEvent.setSecurityToken(encryptedSupportingToken);
382         encryptedSupportingToken.setElementPath(bstPath);
383         encryptedSupportingToken.setXMLSecEvent(encryptedSupportingTokenXmlEvent);
384         inboundWSSecurityContext.registerSecurityEvent(encryptedSupporting509TokenSecurityEvent);
385 
386         X509TokenSecurityEvent supporting509TokenSecurityEvent = new X509TokenSecurityEvent();
387         X509SecurityTokenImpl supportingToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
388         supporting509TokenSecurityEvent.setSecurityToken(supportingToken);
389         supportingToken.setElementPath(bstPath);
390         inboundWSSecurityContext.registerSecurityEvent(supporting509TokenSecurityEvent);
391 
392         X509TokenSecurityEvent signedEndorsingEncryptedSupporting509TokenSecurityEvent = new X509TokenSecurityEvent();
393         X509SecurityTokenImpl signedEndorsingEncryptedSupportingToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
394         signedEndorsingEncryptedSupporting509TokenSecurityEvent.setSecurityToken(signedEndorsingEncryptedSupportingToken);
395         signedEndorsingEncryptedSupportingToken.setElementPath(bstPath);
396         signedEndorsingEncryptedSupportingToken.setXMLSecEvent(signedEndorsingEncryptedTokenXmlEvent);
397         inboundWSSecurityContext.registerSecurityEvent(signedEndorsingEncryptedSupporting509TokenSecurityEvent);
398 
399         XMLSecEvent initiatorTokenXmlEvent = XMLSecEventFactory.createXmlSecStartElement(WSSConstants.TAG_WSSE_USERNAME_TOKEN, null, null);
400 
401         X509TokenSecurityEvent initiator509TokenSecurityEvent = new X509TokenSecurityEvent();
402         X509SecurityTokenImpl initiatorToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
403         initiator509TokenSecurityEvent.setSecurityToken(initiatorToken);
404         initiatorToken.setElementPath(bstPath);
405         initiatorToken.setXMLSecEvent(initiatorTokenXmlEvent);
406         inboundWSSecurityContext.registerSecurityEvent(initiator509TokenSecurityEvent);
407 
408         initiator509TokenSecurityEvent = new X509TokenSecurityEvent();
409         initiator509TokenSecurityEvent.setSecurityToken(initiatorToken);
410         initiatorToken.addTokenUsage(WSSecurityTokenConstants.TokenUsage_Signature);
411         inboundWSSecurityContext.registerSecurityEvent(initiator509TokenSecurityEvent);
412 
413         SignatureValueSecurityEvent signatureValueSecurityEvent = new SignatureValueSecurityEvent();
414         inboundWSSecurityContext.registerSecurityEvent(signatureValueSecurityEvent);
415 
416         SignedElementSecurityEvent signedTimestampElementSecurityEvent = new SignedElementSecurityEvent(initiatorToken, true, protectionOrder);
417         signedTimestampElementSecurityEvent.setElementPath(timestampPath);
418         inboundWSSecurityContext.registerSecurityEvent(signedTimestampElementSecurityEvent);
419 
420         SignedElementSecurityEvent signedSCElementSecurityEvent = new SignedElementSecurityEvent(initiatorToken, true, protectionOrder);
421         signedSCElementSecurityEvent.setElementPath(scPath);
422         inboundWSSecurityContext.registerSecurityEvent(signedSCElementSecurityEvent);
423 
424         SignedElementSecurityEvent signedUsernameTokenElementSecurityEvent = new SignedElementSecurityEvent(initiatorToken, true, protectionOrder);
425         signedUsernameTokenElementSecurityEvent.setElementPath(usernameTokenPath);
426         signedUsernameTokenElementSecurityEvent.setXmlSecEvent(usernameTokenXmlEvent);
427         inboundWSSecurityContext.registerSecurityEvent(signedUsernameTokenElementSecurityEvent);
428 
429         SignedElementSecurityEvent bstElementSecurityEvent = new SignedElementSecurityEvent(initiatorToken, true, protectionOrder);
430         bstElementSecurityEvent.setElementPath(bstPath);
431         bstElementSecurityEvent.setXmlSecEvent(signedEndorsingTokenXmlEvent);
432         inboundWSSecurityContext.registerSecurityEvent(bstElementSecurityEvent);
433 
434         bstElementSecurityEvent = new SignedElementSecurityEvent(initiatorToken, true, protectionOrder);
435         bstElementSecurityEvent.setElementPath(bstPath);
436         bstElementSecurityEvent.setXmlSecEvent(signedEndorsingEncryptedTokenXmlEvent);
437         inboundWSSecurityContext.registerSecurityEvent(bstElementSecurityEvent);
438 
439         bstElementSecurityEvent = new SignedElementSecurityEvent(initiatorToken, true, protectionOrder);
440         bstElementSecurityEvent.setElementPath(bstPath);
441         bstElementSecurityEvent.setXmlSecEvent(initiatorTokenXmlEvent);
442         inboundWSSecurityContext.registerSecurityEvent(bstElementSecurityEvent);
443 
444         List<QName> header1Path = new LinkedList<>();
445         header1Path.addAll(WSSConstants.SOAP_11_HEADER_PATH);
446         header1Path.add(new QName("x", "Header1", "x"));
447 
448         SignedPartSecurityEvent header1SignedPartSecurityEvent = new SignedPartSecurityEvent(initiatorToken, true, protectionOrder);
449         header1SignedPartSecurityEvent.setElementPath(header1Path);
450         inboundWSSecurityContext.registerSecurityEvent(header1SignedPartSecurityEvent);
451 
452         List<QName> header2Path = new LinkedList<>();
453         header2Path.addAll(WSSConstants.SOAP_11_HEADER_PATH);
454         header2Path.add(new QName("x", "Header1", "x"));
455 
456         SignedPartSecurityEvent header2SignedPartSecurityEvent = new SignedPartSecurityEvent(initiatorToken, true, protectionOrder);
457         header2SignedPartSecurityEvent.setElementPath(header2Path);
458         inboundWSSecurityContext.registerSecurityEvent(header2SignedPartSecurityEvent);
459 
460         List<QName> bodyPath = new LinkedList<>();
461         bodyPath.addAll(WSSConstants.SOAP_11_BODY_PATH);
462 
463         SignedPartSecurityEvent bodySignedPartSecurityEvent = new SignedPartSecurityEvent(initiatorToken, true, protectionOrder);
464         bodySignedPartSecurityEvent.setElementPath(bodyPath);
465         inboundWSSecurityContext.registerSecurityEvent(bodySignedPartSecurityEvent);
466 
467         signedEndorsingSupporting509TokenSecurityEvent = new X509TokenSecurityEvent();
468         signedEndorsingSupporting509TokenSecurityEvent.setSecurityToken(signedEndorsingSupportingToken);
469         signedEndorsingSupportingToken.addTokenUsage(WSSecurityTokenConstants.TokenUsage_Signature);
470         inboundWSSecurityContext.registerSecurityEvent(signedEndorsingSupporting509TokenSecurityEvent);
471 
472         SignatureValueSecurityEvent signature2ValueSecurityEvent = new SignatureValueSecurityEvent();
473         inboundWSSecurityContext.registerSecurityEvent(signature2ValueSecurityEvent);
474 
475         SignedElementSecurityEvent signatureElementSecurityEvent = new SignedElementSecurityEvent(signedEndorsingSupportingToken, true, protectionOrder);
476         signatureElementSecurityEvent.setElementPath(signaturePath);
477         inboundWSSecurityContext.registerSecurityEvent(signatureElementSecurityEvent);
478 
479         bstElementSecurityEvent = new SignedElementSecurityEvent(signedEndorsingSupportingToken, true, protectionOrder);
480         bstElementSecurityEvent.setElementPath(bstPath);
481         bstElementSecurityEvent.setXmlSecEvent(signedEndorsingTokenXmlEvent);
482         inboundWSSecurityContext.registerSecurityEvent(bstElementSecurityEvent);
483 
484         signedEndorsingEncryptedSupporting509TokenSecurityEvent = new X509TokenSecurityEvent();
485         signedEndorsingEncryptedSupporting509TokenSecurityEvent.setSecurityToken(signedEndorsingEncryptedSupportingToken);
486         signedEndorsingEncryptedSupportingToken.addTokenUsage(WSSecurityTokenConstants.TokenUsage_Signature);
487         inboundWSSecurityContext.registerSecurityEvent(signedEndorsingEncryptedSupporting509TokenSecurityEvent);
488 
489         signature2ValueSecurityEvent = new SignatureValueSecurityEvent();
490         inboundWSSecurityContext.registerSecurityEvent(signature2ValueSecurityEvent);
491 
492         signatureElementSecurityEvent = new SignedElementSecurityEvent(signedEndorsingEncryptedSupportingToken, true, protectionOrder);
493         signatureElementSecurityEvent.setElementPath(signaturePath);
494         inboundWSSecurityContext.registerSecurityEvent(signatureElementSecurityEvent);
495 
496         bstElementSecurityEvent = new SignedElementSecurityEvent(signedEndorsingEncryptedSupportingToken, true, protectionOrder);
497         bstElementSecurityEvent.setElementPath(bstPath);
498         bstElementSecurityEvent.setXmlSecEvent(signedEndorsingEncryptedTokenXmlEvent);
499         inboundWSSecurityContext.registerSecurityEvent(bstElementSecurityEvent);
500 
501         EncryptedPartSecurityEvent bodyEncryptedPartSecurityEvent = new EncryptedPartSecurityEvent(recipientToken, true, protectionOrder);
502         bodyEncryptedPartSecurityEvent.setElementPath(bodyPath);
503         inboundWSSecurityContext.registerSecurityEvent(bodyEncryptedPartSecurityEvent);
504 
505         EncryptedPartSecurityEvent header2EncryptedPartSecurityEvent = new EncryptedPartSecurityEvent(recipientToken, true, protectionOrder);
506         header2EncryptedPartSecurityEvent.setElementPath(header2Path);
507         inboundWSSecurityContext.registerSecurityEvent(header2EncryptedPartSecurityEvent);
508 
509         OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
510         operationSecurityEvent.setOperation(new QName("definitions"));
511         inboundWSSecurityContext.registerSecurityEvent(operationSecurityEvent);
512         return securityEventList;
513     }
514 
515     @Test
516     public void testTokenIdentificationSymmetricSecurity() throws Exception {
517 
518         final List<SecurityEvent> securityEventList = generateSymmetricBindingSecurityEvents();
519 
520         assertEquals(securityEventList.size(), 24);
521 
522         for (SecurityEvent securityEvent : securityEventList) {
523             if (securityEvent instanceof X509TokenSecurityEvent) {
524                 X509TokenSecurityEvent tokenSecurityEvent = (X509TokenSecurityEvent) securityEvent;
525                 assertEquals(tokenSecurityEvent.getSecurityToken().getTokenUsages().size(), 1);
526                 assertTrue(tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TOKENUSAGE_SIGNED_ENDORSING_SUPPORTING_TOKENS));
527             } else if (securityEvent instanceof UsernameTokenSecurityEvent) {
528                 UsernameTokenSecurityEvent tokenSecurityEvent = (UsernameTokenSecurityEvent) securityEvent;
529                 assertEquals(tokenSecurityEvent.getSecurityToken().getTokenUsages().size(), 1);
530                 assertTrue(tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TOKENUSAGE_SIGNED_ENCRYPTED_SUPPORTING_TOKENS));
531             } else if (securityEvent instanceof SamlTokenSecurityEvent) {
532                 SamlTokenSecurityEvent tokenSecurityEvent = (SamlTokenSecurityEvent) securityEvent;
533                 assertEquals(tokenSecurityEvent.getSecurityToken().getTokenUsages().size(), 2);
534                 assertTrue(tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TOKENUSAGE_MAIN_SIGNATURE));
535                 assertTrue(tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TOKENUSAGE_MAIN_ENCRYPTION));
536             }
537         }
538     }
539 
540     public List<SecurityEvent> generateSymmetricBindingSecurityEvents() throws Exception {
541         final List<SecurityEvent> securityEventList = new LinkedList<>();
542 
543         SecurityEventListener securityEventListener = new SecurityEventListener() {
544             @Override
545             public void registerSecurityEvent(SecurityEvent securityEvent) throws WSSecurityException {
546                 securityEventList.add(securityEvent);
547             }
548         };
549 
550         InboundWSSecurityContextImpl inboundWSSecurityContext = new InboundWSSecurityContextImpl();
551         inboundWSSecurityContext.addSecurityEventListener(securityEventListener);
552 
553         TimestampSecurityEvent timestampSecurityEvent = new TimestampSecurityEvent();
554         inboundWSSecurityContext.registerSecurityEvent(timestampSecurityEvent);
555 
556         List<QName> timestampPath = new LinkedList<>();
557         timestampPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
558         timestampPath.add(WSSConstants.TAG_WSU_TIMESTAMP);
559 
560         RequiredElementSecurityEvent timestampRequiredElementSecurityEvent = new RequiredElementSecurityEvent();
561         timestampRequiredElementSecurityEvent.setElementPath(timestampPath);
562         inboundWSSecurityContext.registerSecurityEvent(timestampRequiredElementSecurityEvent);
563 
564         SignatureConfirmationSecurityEvent signatureConfirmationSecurityEvent = new SignatureConfirmationSecurityEvent();
565         inboundWSSecurityContext.registerSecurityEvent(signatureConfirmationSecurityEvent);
566 
567         List<QName> scPath = new LinkedList<>();
568         scPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
569         scPath.add(WSSConstants.TAG_WSSE11_SIG_CONF);
570 
571         RequiredElementSecurityEvent scRequiredElementSecurityEvent = new RequiredElementSecurityEvent();
572         scRequiredElementSecurityEvent.setElementPath(scPath);
573         inboundWSSecurityContext.registerSecurityEvent(scRequiredElementSecurityEvent);
574 
575         List<QName> samlTokenPath = new LinkedList<>();
576         samlTokenPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
577         samlTokenPath.add(WSSConstants.TAG_SAML2_ASSERTION);
578 
579         XMLSecEvent samlTokenXmlEvent = XMLSecEventFactory.createXmlSecStartElement(WSSConstants.TAG_WSSE_USERNAME_TOKEN, null, null);
580 
581         SAMLCallback samlCallback = new SAMLCallback();
582         samlCallback.setSamlVersion(Version.SAML_20);
583         samlCallback.setIssuer("xs:anyURI");
584         SubjectBean subjectBean = new SubjectBean();
585         samlCallback.setSubject(subjectBean);
586         SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(samlCallback);
587 
588         SamlSecurityTokenImpl samlSecurityToken = new SamlSecurityTokenImpl(
589                 samlAssertionWrapper, getX509Token(WSSecurityTokenConstants.X509V3Token), null, null, WSSecurityTokenConstants.KeyIdentifier_X509KeyIdentifier,
590                 null);
591         samlSecurityToken.setElementPath(samlTokenPath);
592         samlSecurityToken.setXMLSecEvent(samlTokenXmlEvent);
593         samlSecurityToken.addTokenUsage(WSSecurityTokenConstants.TokenUsage_Encryption);
594         SamlTokenSecurityEvent samlTokenSecurityEvent = new SamlTokenSecurityEvent();
595         samlTokenSecurityEvent.setSecurityToken(samlSecurityToken);
596         inboundWSSecurityContext.registerSecurityEvent(samlTokenSecurityEvent);
597 
598         List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<>();
599         protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
600         protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
601 
602         List<QName> usernamePath = new LinkedList<>();
603         usernamePath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
604         usernamePath.add(WSSConstants.TAG_WSSE_USERNAME_TOKEN);
605 
606         XMLSecEvent usernameTokenXmlEvent = XMLSecEventFactory.createXmlSecStartElement(WSSConstants.TAG_WSSE_USERNAME_TOKEN, null, null);
607 
608         EncryptedElementSecurityEvent usernameEncryptedElementSecurityEvent = new EncryptedElementSecurityEvent(samlSecurityToken, true, protectionOrder);
609         usernameEncryptedElementSecurityEvent.setElementPath(usernamePath);
610         usernameEncryptedElementSecurityEvent.setXmlSecEvent(usernameTokenXmlEvent);
611         inboundWSSecurityContext.registerSecurityEvent(usernameEncryptedElementSecurityEvent);
612 
613         List<QName> usernameTokenPath = new LinkedList<>();
614         usernameTokenPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
615         usernameTokenPath.add(WSSConstants.TAG_WSSE_USERNAME_TOKEN);
616 
617         UsernameTokenSecurityEvent usernameTokenSecurityEvent = new UsernameTokenSecurityEvent();
618         ZonedDateTime now = ZonedDateTime.now(ZoneOffset.UTC);
619         String created = DateUtil.getDateTimeFormatter(true).format(now);
620         UsernameSecurityTokenImpl usernameSecurityToken = new UsernameSecurityTokenImpl(
621                 WSSConstants.UsernameTokenPasswordType.PASSWORD_TEXT,
622                 "username", "password", created, null, new byte[10], 10L,
623                 null, IDGenerator.generateID(null), WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE);
624         usernameSecurityToken.setElementPath(usernamePath);
625         usernameSecurityToken.setXMLSecEvent(usernameTokenXmlEvent);
626         usernameTokenSecurityEvent.setSecurityToken(usernameSecurityToken);
627         inboundWSSecurityContext.registerSecurityEvent(usernameTokenSecurityEvent);
628 
629         List<QName> signaturePath = new LinkedList<>();
630         signaturePath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
631         signaturePath.add(WSSConstants.TAG_dsig_Signature);
632 
633         EncryptedElementSecurityEvent signatureEncryptedElementSecurityEvent = new EncryptedElementSecurityEvent(samlSecurityToken, true, protectionOrder);
634         signatureEncryptedElementSecurityEvent.setElementPath(signaturePath);
635         inboundWSSecurityContext.registerSecurityEvent(signatureEncryptedElementSecurityEvent);
636 
637         samlSecurityToken.addTokenUsage(WSSecurityTokenConstants.TokenUsage_Signature);
638         samlTokenSecurityEvent = new SamlTokenSecurityEvent();
639         samlTokenSecurityEvent.setSecurityToken(samlSecurityToken);
640         inboundWSSecurityContext.registerSecurityEvent(samlTokenSecurityEvent);
641 
642         SignatureValueSecurityEvent signatureValueSecurityEvent = new SignatureValueSecurityEvent();
643         inboundWSSecurityContext.registerSecurityEvent(signatureValueSecurityEvent);
644 
645         SignedElementSecurityEvent signedTimestampElementSecurityEvent = new SignedElementSecurityEvent(samlSecurityToken, true, protectionOrder);
646         signedTimestampElementSecurityEvent.setElementPath(timestampPath);
647         inboundWSSecurityContext.registerSecurityEvent(signedTimestampElementSecurityEvent);
648 
649         SignedElementSecurityEvent signedSCElementSecurityEvent = new SignedElementSecurityEvent(samlSecurityToken, true, protectionOrder);
650         signedSCElementSecurityEvent.setElementPath(scPath);
651         inboundWSSecurityContext.registerSecurityEvent(signedSCElementSecurityEvent);
652 
653         SignedElementSecurityEvent signedUsernameTokenElementSecurityEvent = new SignedElementSecurityEvent(samlSecurityToken, true, protectionOrder);
654         signedUsernameTokenElementSecurityEvent.setElementPath(usernameTokenPath);
655         signedUsernameTokenElementSecurityEvent.setXmlSecEvent(usernameTokenXmlEvent);
656         inboundWSSecurityContext.registerSecurityEvent(signedUsernameTokenElementSecurityEvent);
657 
658         List<QName> bstPath = new LinkedList<>();
659         bstPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
660         bstPath.add(WSSConstants.TAG_WSSE_BINARY_SECURITY_TOKEN);
661 
662         XMLSecEvent bstTokenXmlEvent = XMLSecEventFactory.createXmlSecStartElement(WSSConstants.TAG_WSSE_USERNAME_TOKEN, null, null);
663 
664         SignedElementSecurityEvent bstElementSecurityEvent = new SignedElementSecurityEvent(samlSecurityToken, true, protectionOrder);
665         bstElementSecurityEvent.setElementPath(bstPath);
666         bstElementSecurityEvent.setXmlSecEvent(bstTokenXmlEvent);
667         inboundWSSecurityContext.registerSecurityEvent(bstElementSecurityEvent);
668 
669         SignedElementSecurityEvent samlTokenElementSecurityEvent = new SignedElementSecurityEvent(samlSecurityToken, true, protectionOrder);
670         samlTokenElementSecurityEvent.setElementPath(samlTokenPath);
671         samlTokenElementSecurityEvent.setXmlSecEvent(samlTokenXmlEvent);
672         inboundWSSecurityContext.registerSecurityEvent(samlTokenElementSecurityEvent);
673 
674         List<QName> header1Path = new LinkedList<>();
675         header1Path.addAll(WSSConstants.SOAP_11_HEADER_PATH);
676         header1Path.add(new QName("x", "Header1", "x"));
677 
678         SignedPartSecurityEvent header1SignedPartSecurityEvent = new SignedPartSecurityEvent(samlSecurityToken, true, protectionOrder);
679         header1SignedPartSecurityEvent.setElementPath(header1Path);
680         inboundWSSecurityContext.registerSecurityEvent(header1SignedPartSecurityEvent);
681 
682         List<QName> header2Path = new LinkedList<>();
683         header2Path.addAll(WSSConstants.SOAP_11_HEADER_PATH);
684         header2Path.add(new QName("x", "Header1", "x"));
685 
686         SignedPartSecurityEvent header2SignedPartSecurityEvent = new SignedPartSecurityEvent(samlSecurityToken, true, protectionOrder);
687         header2SignedPartSecurityEvent.setElementPath(header2Path);
688         inboundWSSecurityContext.registerSecurityEvent(header2SignedPartSecurityEvent);
689 
690         List<QName> bodyPath = new LinkedList<>();
691         bodyPath.addAll(WSSConstants.SOAP_11_BODY_PATH);
692 
693         SignedPartSecurityEvent bodySignedPartSecurityEvent = new SignedPartSecurityEvent(samlSecurityToken, true, protectionOrder);
694         bodySignedPartSecurityEvent.setElementPath(bodyPath);
695         inboundWSSecurityContext.registerSecurityEvent(bodySignedPartSecurityEvent);
696 
697         X509TokenSecurityEvent x509TokenSecurityEvent = new X509TokenSecurityEvent();
698         X509SecurityTokenImpl signedEndorsingSupportingToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
699         x509TokenSecurityEvent.setSecurityToken(signedEndorsingSupportingToken);
700         signedEndorsingSupportingToken.setElementPath(bstPath);
701         signedEndorsingSupportingToken.setXMLSecEvent(bstTokenXmlEvent);
702         signedEndorsingSupportingToken.addTokenUsage(WSSecurityTokenConstants.TokenUsage_Signature);
703         inboundWSSecurityContext.registerSecurityEvent(x509TokenSecurityEvent);
704 
705         SignatureValueSecurityEvent signature2ValueSecurityEvent = new SignatureValueSecurityEvent();
706         inboundWSSecurityContext.registerSecurityEvent(signature2ValueSecurityEvent);
707 
708         SignedElementSecurityEvent signatureElementSecurityEvent = new SignedElementSecurityEvent(signedEndorsingSupportingToken, true, protectionOrder);
709         signatureElementSecurityEvent.setElementPath(signaturePath);
710         inboundWSSecurityContext.registerSecurityEvent(signatureElementSecurityEvent);
711 
712         bstElementSecurityEvent = new SignedElementSecurityEvent(signedEndorsingSupportingToken, true, protectionOrder);
713         bstElementSecurityEvent.setElementPath(bstPath);
714         bstElementSecurityEvent.setXmlSecEvent(bstTokenXmlEvent);
715         inboundWSSecurityContext.registerSecurityEvent(bstElementSecurityEvent);
716 
717         EncryptedPartSecurityEvent header2EncryptedPartSecurityEvent = new EncryptedPartSecurityEvent(samlSecurityToken, true, protectionOrder);
718         header2EncryptedPartSecurityEvent.setElementPath(header2Path);
719         inboundWSSecurityContext.registerSecurityEvent(header2EncryptedPartSecurityEvent);
720 
721         EncryptedPartSecurityEvent bodyEncryptedPartSecurityEvent = new EncryptedPartSecurityEvent(samlSecurityToken, true, protectionOrder);
722         bodyEncryptedPartSecurityEvent.setElementPath(bodyPath);
723         inboundWSSecurityContext.registerSecurityEvent(bodyEncryptedPartSecurityEvent);
724 
725         OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
726         operationSecurityEvent.setOperation(new QName("definitions"));
727         inboundWSSecurityContext.registerSecurityEvent(operationSecurityEvent);
728         return securityEventList;
729     }
730 
731     private X509SecurityTokenImpl getX509Token(WSSecurityTokenConstants.TokenType tokenType) throws Exception {
732 
733         final KeyStore keyStore = KeyStore.getInstance("jks");
734         InputStream input = this.getClass().getClassLoader().getResourceAsStream("transmitter.jks");
735         keyStore.load(input, "default".toCharArray());
736         input.close();
737 
738         X509SecurityTokenImpl x509SecurityToken =
739                 new X509SecurityTokenImpl(tokenType, null, null, null, IDGenerator.generateID(null),
740                         WSSecurityTokenConstants.KEYIDENTIFIER_THUMBPRINT_IDENTIFIER, null, true) {
741 
742             @Override
743             protected String getAlias() throws WSSecurityException {
744                 return "transmitter";
745             }
746         };
747         x509SecurityToken.setSecretKey("", keyStore.getKey("transmitter", "default".toCharArray()));
748         x509SecurityToken.setPublicKey(keyStore.getCertificate("transmitter").getPublicKey());
749 
750         Certificate[] certificates;
751         try {
752             certificates = keyStore.getCertificateChain("transmitter");
753         } catch (Exception e) {
754             throw new XMLSecurityException(e);
755         }
756 
757         X509Certificate[] x509Certificates = new X509Certificate[certificates.length];
758         for (int i = 0; i < certificates.length; i++) {
759             Certificate certificate = certificates[i];
760             x509Certificates[i] = (X509Certificate) certificate;
761         }
762         x509SecurityToken.setX509Certificates(x509Certificates);
763         return x509SecurityToken;
764     }
765 }