1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.wss4j.stax.test;
20
21 import java.io.InputStream;
22 import java.security.KeyStore;
23 import java.security.cert.Certificate;
24 import java.security.cert.X509Certificate;
25 import java.time.ZoneOffset;
26 import java.time.ZonedDateTime;
27 import java.util.LinkedList;
28 import java.util.List;
29
30 import javax.xml.namespace.QName;
31
32 import org.apache.wss4j.common.crypto.WSProviderConfig;
33 import org.apache.wss4j.common.ext.WSSecurityException;
34 import org.apache.wss4j.common.saml.SAMLCallback;
35 import org.apache.wss4j.common.saml.SamlAssertionWrapper;
36 import org.apache.wss4j.common.saml.bean.SubjectBean;
37 import org.apache.wss4j.common.saml.bean.Version;
38 import org.apache.wss4j.common.util.DateUtil;
39 import org.apache.wss4j.stax.ext.WSSConstants;
40 import org.apache.wss4j.stax.impl.InboundWSSecurityContextImpl;
41 import org.apache.wss4j.stax.impl.securityToken.HttpsSecurityTokenImpl;
42 import org.apache.wss4j.stax.impl.securityToken.SamlSecurityTokenImpl;
43 import org.apache.wss4j.stax.impl.securityToken.UsernameSecurityTokenImpl;
44 import org.apache.wss4j.stax.impl.securityToken.X509SecurityTokenImpl;
45 import org.apache.wss4j.stax.securityEvent.EncryptedPartSecurityEvent;
46 import org.apache.wss4j.stax.securityEvent.HttpsTokenSecurityEvent;
47 import org.apache.wss4j.stax.securityEvent.OperationSecurityEvent;
48 import org.apache.wss4j.stax.securityEvent.RequiredElementSecurityEvent;
49 import org.apache.wss4j.stax.securityEvent.SamlTokenSecurityEvent;
50 import org.apache.wss4j.stax.securityEvent.SignatureConfirmationSecurityEvent;
51 import org.apache.wss4j.stax.securityEvent.SignedPartSecurityEvent;
52 import org.apache.wss4j.stax.securityEvent.TimestampSecurityEvent;
53 import org.apache.wss4j.stax.securityEvent.UsernameTokenSecurityEvent;
54 import org.apache.wss4j.stax.securityEvent.X509TokenSecurityEvent;
55 import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
56 import org.apache.wss4j.stax.setup.WSSec;
57 import org.apache.xml.security.exceptions.XMLSecurityException;
58 import org.apache.xml.security.stax.config.Init;
59 import org.apache.xml.security.stax.ext.XMLSecurityConstants;
60 import org.apache.xml.security.stax.ext.stax.XMLSecEvent;
61 import org.apache.xml.security.stax.ext.stax.XMLSecEventFactory;
62 import org.apache.xml.security.stax.impl.util.IDGenerator;
63 import org.apache.xml.security.stax.securityEvent.EncryptedElementSecurityEvent;
64 import org.apache.xml.security.stax.securityEvent.SecurityEvent;
65 import org.apache.xml.security.stax.securityEvent.SecurityEventListener;
66 import org.apache.xml.security.stax.securityEvent.SignatureValueSecurityEvent;
67 import org.apache.xml.security.stax.securityEvent.SignedElementSecurityEvent;
68 import org.junit.jupiter.api.BeforeAll;
69 import org.junit.jupiter.api.Test;
70
71 import static org.junit.jupiter.api.Assertions.assertEquals;
72 import static org.junit.jupiter.api.Assertions.assertTrue;
73
74 public class InboundWSSecurityContextImplTest {
75
76 @BeforeAll
77 public static void setUp() throws Exception {
78 WSProviderConfig.init();
79 Init.init(WSSec.class.getClassLoader().getResource("wss/wss-config.xml").toURI(), WSSec.class);
80 }
81
82 @Test
83 public void testTokenIdentificationTransportSecurity() throws Exception {
84
85 final List<SecurityEvent> securityEventList = generateTransportBindingSecurityEvents();
86
87 assertEquals(securityEventList.size(), 11);
88
89 for (SecurityEvent securityEvent : securityEventList) {
90 if (securityEvent instanceof HttpsTokenSecurityEvent) {
91 HttpsTokenSecurityEvent tokenSecurityEvent = (HttpsTokenSecurityEvent) securityEvent;
92 assertEquals(tokenSecurityEvent.getSecurityToken().getTokenUsages().size(), 2);
93 assertTrue(tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TOKENUSAGE_MAIN_SIGNATURE));
94 assertTrue(tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TOKENUSAGE_MAIN_ENCRYPTION));
95 } else if (securityEvent instanceof X509TokenSecurityEvent) {
96 X509TokenSecurityEvent tokenSecurityEvent = (X509TokenSecurityEvent) securityEvent;
97 assertEquals(tokenSecurityEvent.getSecurityToken().getTokenUsages().size(), 1);
98 assertTrue(tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TOKENUSAGE_SIGNED_ENDORSING_ENCRYPTED_SUPPORTING_TOKENS));
99 } else if (securityEvent instanceof UsernameTokenSecurityEvent) {
100 UsernameTokenSecurityEvent tokenSecurityEvent = (UsernameTokenSecurityEvent) securityEvent;
101 assertEquals(tokenSecurityEvent.getSecurityToken().getTokenUsages().size(), 1);
102 assertTrue(tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TOKENUSAGE_SIGNED_ENCRYPTED_SUPPORTING_TOKENS));
103 }
104 }
105 }
106
107 public List<SecurityEvent> generateTransportBindingSecurityEvents() throws Exception {
108
109 final List<SecurityEvent> securityEventList = new LinkedList<>();
110
111 SecurityEventListener securityEventListener = new SecurityEventListener() {
112 @Override
113 public void registerSecurityEvent(SecurityEvent securityEvent) throws WSSecurityException {
114 securityEventList.add(securityEvent);
115 }
116 };
117
118 InboundWSSecurityContextImpl inboundWSSecurityContext = new InboundWSSecurityContextImpl();
119 inboundWSSecurityContext.addSecurityEventListener(securityEventListener);
120 inboundWSSecurityContext.put(WSSConstants.TRANSPORT_SECURITY_ACTIVE, Boolean.TRUE);
121
122 HttpsTokenSecurityEvent httpsTokenSecurityEvent = new HttpsTokenSecurityEvent();
123 httpsTokenSecurityEvent.setSecurityToken(
124 new HttpsSecurityTokenImpl(
125 getX509Token(WSSecurityTokenConstants.X509V3Token).getX509Certificates()[0]));
126 inboundWSSecurityContext.registerSecurityEvent(httpsTokenSecurityEvent);
127
128 TimestampSecurityEvent timestampSecurityEvent = new TimestampSecurityEvent();
129 inboundWSSecurityContext.registerSecurityEvent(timestampSecurityEvent);
130
131 List<QName> timestampPath = new LinkedList<>();
132 timestampPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
133 timestampPath.add(WSSConstants.TAG_WSU_TIMESTAMP);
134
135 RequiredElementSecurityEvent timestampRequiredElementSecurityEvent = new RequiredElementSecurityEvent();
136 timestampRequiredElementSecurityEvent.setElementPath(timestampPath);
137 inboundWSSecurityContext.registerSecurityEvent(timestampRequiredElementSecurityEvent);
138
139 List<QName> usernameTokenPath = new LinkedList<>();
140 usernameTokenPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
141 usernameTokenPath.add(WSSConstants.TAG_WSSE_USERNAME_TOKEN);
142
143 XMLSecEvent usernameTokenXmlEvent = XMLSecEventFactory.createXmlSecStartElement(WSSConstants.TAG_WSSE_USERNAME_TOKEN, null, null);
144
145 UsernameTokenSecurityEvent usernameTokenSecurityEvent = new UsernameTokenSecurityEvent();
146 ZonedDateTime now = ZonedDateTime.now(ZoneOffset.UTC);
147 String created = DateUtil.getDateTimeFormatter(true).format(now);
148 UsernameSecurityTokenImpl usernameSecurityToken = new UsernameSecurityTokenImpl(
149 WSSConstants.UsernameTokenPasswordType.PASSWORD_TEXT,
150 "username", "password", created, null, new byte[10], 10L,
151 null, IDGenerator.generateID(null), WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE);
152 usernameSecurityToken.setElementPath(usernameTokenPath);
153 usernameSecurityToken.setXMLSecEvent(usernameTokenXmlEvent);
154 usernameTokenSecurityEvent.setSecurityToken(usernameSecurityToken);
155 inboundWSSecurityContext.registerSecurityEvent(usernameTokenSecurityEvent);
156
157 SignatureConfirmationSecurityEvent signatureConfirmationSecurityEvent = new SignatureConfirmationSecurityEvent();
158 inboundWSSecurityContext.registerSecurityEvent(signatureConfirmationSecurityEvent);
159
160 List<QName> scPath = new LinkedList<>();
161 scPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
162 scPath.add(WSSConstants.TAG_WSSE11_SIG_CONF);
163
164 RequiredElementSecurityEvent scRequiredElementSecurityEvent = new RequiredElementSecurityEvent();
165 scRequiredElementSecurityEvent.setElementPath(scPath);
166 inboundWSSecurityContext.registerSecurityEvent(scRequiredElementSecurityEvent);
167
168 List<QName> bstPath = new LinkedList<>();
169 bstPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
170 bstPath.add(WSSConstants.TAG_WSSE_BINARY_SECURITY_TOKEN);
171
172 XMLSecEvent signedEndorsingSupportingTokenXmlEvent = XMLSecEventFactory.createXmlSecStartElement(WSSConstants.TAG_WSSE_USERNAME_TOKEN, null, null);
173
174 X509TokenSecurityEvent x509TokenSecurityEvent = new X509TokenSecurityEvent();
175 X509SecurityTokenImpl signedEndorsingEncryptedSupportingToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
176 signedEndorsingEncryptedSupportingToken.setElementPath(bstPath);
177 signedEndorsingEncryptedSupportingToken.setXMLSecEvent(signedEndorsingSupportingTokenXmlEvent);
178 x509TokenSecurityEvent.setSecurityToken(signedEndorsingEncryptedSupportingToken);
179 signedEndorsingEncryptedSupportingToken.addTokenUsage(WSSecurityTokenConstants.TokenUsage_Signature);
180 inboundWSSecurityContext.registerSecurityEvent(x509TokenSecurityEvent);
181
182 SignatureValueSecurityEvent signatureValueSecurityEvent = new SignatureValueSecurityEvent();
183 inboundWSSecurityContext.registerSecurityEvent(signatureValueSecurityEvent);
184
185 List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<>();
186 protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
187
188 SignedElementSecurityEvent signedTimestampElementSecurityEvent = new SignedElementSecurityEvent(signedEndorsingEncryptedSupportingToken, true, protectionOrder);
189 signedTimestampElementSecurityEvent.setElementPath(timestampPath);
190 inboundWSSecurityContext.registerSecurityEvent(signedTimestampElementSecurityEvent);
191
192 SignedElementSecurityEvent signedBSTElementSecurityEvent = new SignedElementSecurityEvent(signedEndorsingEncryptedSupportingToken, true, protectionOrder);
193 signedBSTElementSecurityEvent.setElementPath(bstPath);
194 signedBSTElementSecurityEvent.setXmlSecEvent(signedEndorsingSupportingTokenXmlEvent);
195 inboundWSSecurityContext.registerSecurityEvent(signedBSTElementSecurityEvent);
196
197 OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
198 operationSecurityEvent.setOperation(new QName("definitions"));
199 inboundWSSecurityContext.registerSecurityEvent(operationSecurityEvent);
200
201 return securityEventList;
202 }
203
204 @Test
205 public void testTokenIdentificationAsymmetricSecurity() throws Exception {
206
207 final List<SecurityEvent> securityEventList = generateAsymmetricBindingSecurityEvents();
208
209 boolean mainSignatureTokenOccured = false;
210 boolean signedEndorsingSupportingTokenOccured = false;
211 boolean signedEndorsingEncryptedSupportingTokenOccured = false;
212 boolean supportingTokensOccured = false;
213 boolean encryptedSupportingTokensOccured = false;
214 boolean mainEncryptionTokenOccured = false;
215 boolean usernameTokenOccured = false;
216 assertEquals(securityEventList.size(), 34);
217 int x509TokenIndex = 0;
218 for (SecurityEvent securityEvent : securityEventList) {
219 if (securityEvent instanceof X509TokenSecurityEvent && x509TokenIndex == 0) {
220 x509TokenIndex++;
221 X509TokenSecurityEvent tokenSecurityEvent = (X509TokenSecurityEvent) securityEvent;
222 assertEquals(tokenSecurityEvent.getSecurityToken().getTokenUsages().size(), 1);
223 assertTrue(tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TOKENUSAGE_MAIN_ENCRYPTION));
224 mainEncryptionTokenOccured = true;
225 } else if (securityEvent instanceof X509TokenSecurityEvent && x509TokenIndex == 1) {
226 x509TokenIndex++;
227 X509TokenSecurityEvent tokenSecurityEvent = (X509TokenSecurityEvent) securityEvent;
228 assertEquals(tokenSecurityEvent.getSecurityToken().getTokenUsages().size(), 1);
229 assertTrue(tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TOKENUSAGE_ENCRYPTED_SUPPORTING_TOKENS));
230 signedEndorsingSupportingTokenOccured = true;
231 } else if (securityEvent instanceof X509TokenSecurityEvent && x509TokenIndex == 2) {
232 x509TokenIndex++;
233 X509TokenSecurityEvent tokenSecurityEvent = (X509TokenSecurityEvent) securityEvent;
234 assertEquals(tokenSecurityEvent.getSecurityToken().getTokenUsages().size(), 1);
235 assertTrue(tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS));
236 encryptedSupportingTokensOccured = true;
237 } else if (securityEvent instanceof X509TokenSecurityEvent && x509TokenIndex == 3) {
238 x509TokenIndex++;
239 X509TokenSecurityEvent tokenSecurityEvent = (X509TokenSecurityEvent) securityEvent;
240 assertEquals(tokenSecurityEvent.getSecurityToken().getTokenUsages().size(), 1);
241 assertTrue(tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TOKENUSAGE_MAIN_SIGNATURE));
242 supportingTokensOccured = true;
243 } else if (securityEvent instanceof X509TokenSecurityEvent && x509TokenIndex == 4) {
244 x509TokenIndex++;
245 X509TokenSecurityEvent tokenSecurityEvent = (X509TokenSecurityEvent) securityEvent;
246 assertEquals(tokenSecurityEvent.getSecurityToken().getTokenUsages().size(), 1);
247 assertTrue(tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TOKENUSAGE_SIGNED_ENDORSING_SUPPORTING_TOKENS));
248 signedEndorsingEncryptedSupportingTokenOccured = true;
249 } else if (securityEvent instanceof X509TokenSecurityEvent && x509TokenIndex == 5) {
250 x509TokenIndex++;
251 X509TokenSecurityEvent tokenSecurityEvent = (X509TokenSecurityEvent) securityEvent;
252 assertEquals(tokenSecurityEvent.getSecurityToken().getTokenUsages().size(), 1);
253 assertTrue(tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TOKENUSAGE_SIGNED_ENDORSING_ENCRYPTED_SUPPORTING_TOKENS));
254 mainSignatureTokenOccured = true;
255 } else if (securityEvent instanceof UsernameTokenSecurityEvent) {
256 UsernameTokenSecurityEvent tokenSecurityEvent = (UsernameTokenSecurityEvent) securityEvent;
257 assertEquals(tokenSecurityEvent.getSecurityToken().getTokenUsages().size(), 1);
258 assertTrue(tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TOKENUSAGE_SIGNED_ENCRYPTED_SUPPORTING_TOKENS));
259 usernameTokenOccured = true;
260 }
261 }
262
263 assertTrue(mainSignatureTokenOccured);
264 assertTrue(mainEncryptionTokenOccured);
265 assertTrue(signedEndorsingSupportingTokenOccured);
266 assertTrue(signedEndorsingEncryptedSupportingTokenOccured);
267 assertTrue(supportingTokensOccured);
268 assertTrue(encryptedSupportingTokensOccured);
269 assertTrue(usernameTokenOccured);
270 }
271
272 public List<SecurityEvent> generateAsymmetricBindingSecurityEvents() throws Exception {
273 final List<SecurityEvent> securityEventList = new LinkedList<>();
274
275 SecurityEventListener securityEventListener = new SecurityEventListener() {
276 @Override
277 public void registerSecurityEvent(SecurityEvent securityEvent) throws WSSecurityException {
278 securityEventList.add(securityEvent);
279 }
280 };
281
282 InboundWSSecurityContextImpl inboundWSSecurityContext = new InboundWSSecurityContextImpl();
283 inboundWSSecurityContext.addSecurityEventListener(securityEventListener);
284
285 TimestampSecurityEvent timestampSecurityEvent = new TimestampSecurityEvent();
286 inboundWSSecurityContext.registerSecurityEvent(timestampSecurityEvent);
287
288 List<QName> timestampPath = new LinkedList<>();
289 timestampPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
290 timestampPath.add(WSSConstants.TAG_WSU_TIMESTAMP);
291
292 RequiredElementSecurityEvent timestampRequiredElementSecurityEvent = new RequiredElementSecurityEvent();
293 timestampRequiredElementSecurityEvent.setElementPath(timestampPath);
294 inboundWSSecurityContext.registerSecurityEvent(timestampRequiredElementSecurityEvent);
295
296 SignatureConfirmationSecurityEvent signatureConfirmationSecurityEvent = new SignatureConfirmationSecurityEvent();
297 inboundWSSecurityContext.registerSecurityEvent(signatureConfirmationSecurityEvent);
298
299 List<QName> scPath = new LinkedList<>();
300 scPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
301 scPath.add(WSSConstants.TAG_WSSE11_SIG_CONF);
302
303 RequiredElementSecurityEvent scRequiredElementSecurityEvent = new RequiredElementSecurityEvent();
304 scRequiredElementSecurityEvent.setElementPath(scPath);
305 inboundWSSecurityContext.registerSecurityEvent(scRequiredElementSecurityEvent);
306
307 List<QName> bstPath = new LinkedList<>();
308 bstPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
309 bstPath.add(WSSConstants.TAG_WSSE_BINARY_SECURITY_TOKEN);
310
311 XMLSecEvent recipientTokenXmlEvent = XMLSecEventFactory.createXmlSecStartElement(WSSConstants.TAG_WSSE_USERNAME_TOKEN, null, null);
312
313 X509TokenSecurityEvent recipientX509TokenSecurityEvent = new X509TokenSecurityEvent();
314 X509SecurityTokenImpl recipientToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
315 recipientX509TokenSecurityEvent.setSecurityToken(recipientToken);
316 recipientToken.setElementPath(bstPath);
317 recipientToken.setXMLSecEvent(recipientTokenXmlEvent);
318 recipientToken.addTokenUsage(WSSecurityTokenConstants.TokenUsage_Encryption);
319 inboundWSSecurityContext.registerSecurityEvent(recipientX509TokenSecurityEvent);
320
321 List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<>();
322 protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
323 protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
324
325 List<QName> signaturePath = new LinkedList<>();
326 signaturePath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
327 signaturePath.add(WSSConstants.TAG_dsig_Signature);
328
329 EncryptedElementSecurityEvent signatureEncryptedElementSecurityEvent = new EncryptedElementSecurityEvent(recipientToken, true, protectionOrder);
330 signatureEncryptedElementSecurityEvent.setElementPath(signaturePath);
331 inboundWSSecurityContext.registerSecurityEvent(signatureEncryptedElementSecurityEvent);
332
333 List<QName> usernameTokenPath = new LinkedList<>();
334 usernameTokenPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
335 usernameTokenPath.add(WSSConstants.TAG_WSSE_USERNAME_TOKEN);
336
337 XMLSecEvent usernameTokenXmlEvent = XMLSecEventFactory.createXmlSecStartElement(WSSConstants.TAG_WSSE_USERNAME_TOKEN, null, null);
338
339 EncryptedElementSecurityEvent usernameEncryptedElementSecurityEvent = new EncryptedElementSecurityEvent(recipientToken, true, protectionOrder);
340 usernameEncryptedElementSecurityEvent.setElementPath(usernameTokenPath);
341 usernameEncryptedElementSecurityEvent.setXmlSecEvent(usernameTokenXmlEvent);
342 inboundWSSecurityContext.registerSecurityEvent(usernameEncryptedElementSecurityEvent);
343
344 XMLSecEvent signedEndorsingEncryptedTokenXmlEvent = XMLSecEventFactory.createXmlSecStartElement(WSSConstants.TAG_WSSE_USERNAME_TOKEN, null, null);
345
346 EncryptedElementSecurityEvent signedEndorsedEncryptedTokenEncryptedElementSecurityEvent = new EncryptedElementSecurityEvent(recipientToken, true, protectionOrder);
347 signedEndorsedEncryptedTokenEncryptedElementSecurityEvent.setElementPath(bstPath);
348 signedEndorsedEncryptedTokenEncryptedElementSecurityEvent.setXmlSecEvent(signedEndorsingEncryptedTokenXmlEvent);
349 inboundWSSecurityContext.registerSecurityEvent(signedEndorsedEncryptedTokenEncryptedElementSecurityEvent);
350
351 XMLSecEvent encryptedSupportingTokenXmlEvent = XMLSecEventFactory.createXmlSecStartElement(WSSConstants.TAG_WSSE_USERNAME_TOKEN, null, null);
352
353 EncryptedElementSecurityEvent encryptedSupportingTokenEncryptedElementSecurityEvent = new EncryptedElementSecurityEvent(recipientToken, true, protectionOrder);
354 encryptedSupportingTokenEncryptedElementSecurityEvent.setElementPath(bstPath);
355 encryptedSupportingTokenEncryptedElementSecurityEvent.setXmlSecEvent(encryptedSupportingTokenXmlEvent);
356 inboundWSSecurityContext.registerSecurityEvent(encryptedSupportingTokenEncryptedElementSecurityEvent);
357
358 UsernameTokenSecurityEvent usernameTokenSecurityEvent = new UsernameTokenSecurityEvent();
359 ZonedDateTime now = ZonedDateTime.now(ZoneOffset.UTC);
360 String created = DateUtil.getDateTimeFormatter(true).format(now);
361 UsernameSecurityTokenImpl usernameSecurityToken = new UsernameSecurityTokenImpl(
362 WSSConstants.UsernameTokenPasswordType.PASSWORD_TEXT,
363 "username", "password", created, null, new byte[10], 10L,
364 null, IDGenerator.generateID(null), WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE);
365 usernameSecurityToken.setElementPath(usernameTokenPath);
366 usernameSecurityToken.setXMLSecEvent(usernameTokenXmlEvent);
367 usernameTokenSecurityEvent.setSecurityToken(usernameSecurityToken);
368 inboundWSSecurityContext.registerSecurityEvent(usernameTokenSecurityEvent);
369
370 XMLSecEvent signedEndorsingTokenXmlEvent = XMLSecEventFactory.createXmlSecStartElement(WSSConstants.TAG_WSSE_USERNAME_TOKEN, null, null);
371
372 X509TokenSecurityEvent signedEndorsingSupporting509TokenSecurityEvent = new X509TokenSecurityEvent();
373 X509SecurityTokenImpl signedEndorsingSupportingToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
374 signedEndorsingSupporting509TokenSecurityEvent.setSecurityToken(signedEndorsingSupportingToken);
375 signedEndorsingSupportingToken.setElementPath(bstPath);
376 signedEndorsingSupportingToken.setXMLSecEvent(signedEndorsingTokenXmlEvent);
377 inboundWSSecurityContext.registerSecurityEvent(signedEndorsingSupporting509TokenSecurityEvent);
378
379 X509TokenSecurityEvent encryptedSupporting509TokenSecurityEvent = new X509TokenSecurityEvent();
380 X509SecurityTokenImpl encryptedSupportingToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
381 encryptedSupporting509TokenSecurityEvent.setSecurityToken(encryptedSupportingToken);
382 encryptedSupportingToken.setElementPath(bstPath);
383 encryptedSupportingToken.setXMLSecEvent(encryptedSupportingTokenXmlEvent);
384 inboundWSSecurityContext.registerSecurityEvent(encryptedSupporting509TokenSecurityEvent);
385
386 X509TokenSecurityEvent supporting509TokenSecurityEvent = new X509TokenSecurityEvent();
387 X509SecurityTokenImpl supportingToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
388 supporting509TokenSecurityEvent.setSecurityToken(supportingToken);
389 supportingToken.setElementPath(bstPath);
390 inboundWSSecurityContext.registerSecurityEvent(supporting509TokenSecurityEvent);
391
392 X509TokenSecurityEvent signedEndorsingEncryptedSupporting509TokenSecurityEvent = new X509TokenSecurityEvent();
393 X509SecurityTokenImpl signedEndorsingEncryptedSupportingToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
394 signedEndorsingEncryptedSupporting509TokenSecurityEvent.setSecurityToken(signedEndorsingEncryptedSupportingToken);
395 signedEndorsingEncryptedSupportingToken.setElementPath(bstPath);
396 signedEndorsingEncryptedSupportingToken.setXMLSecEvent(signedEndorsingEncryptedTokenXmlEvent);
397 inboundWSSecurityContext.registerSecurityEvent(signedEndorsingEncryptedSupporting509TokenSecurityEvent);
398
399 XMLSecEvent initiatorTokenXmlEvent = XMLSecEventFactory.createXmlSecStartElement(WSSConstants.TAG_WSSE_USERNAME_TOKEN, null, null);
400
401 X509TokenSecurityEvent initiator509TokenSecurityEvent = new X509TokenSecurityEvent();
402 X509SecurityTokenImpl initiatorToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
403 initiator509TokenSecurityEvent.setSecurityToken(initiatorToken);
404 initiatorToken.setElementPath(bstPath);
405 initiatorToken.setXMLSecEvent(initiatorTokenXmlEvent);
406 inboundWSSecurityContext.registerSecurityEvent(initiator509TokenSecurityEvent);
407
408 initiator509TokenSecurityEvent = new X509TokenSecurityEvent();
409 initiator509TokenSecurityEvent.setSecurityToken(initiatorToken);
410 initiatorToken.addTokenUsage(WSSecurityTokenConstants.TokenUsage_Signature);
411 inboundWSSecurityContext.registerSecurityEvent(initiator509TokenSecurityEvent);
412
413 SignatureValueSecurityEvent signatureValueSecurityEvent = new SignatureValueSecurityEvent();
414 inboundWSSecurityContext.registerSecurityEvent(signatureValueSecurityEvent);
415
416 SignedElementSecurityEvent signedTimestampElementSecurityEvent = new SignedElementSecurityEvent(initiatorToken, true, protectionOrder);
417 signedTimestampElementSecurityEvent.setElementPath(timestampPath);
418 inboundWSSecurityContext.registerSecurityEvent(signedTimestampElementSecurityEvent);
419
420 SignedElementSecurityEvent signedSCElementSecurityEvent = new SignedElementSecurityEvent(initiatorToken, true, protectionOrder);
421 signedSCElementSecurityEvent.setElementPath(scPath);
422 inboundWSSecurityContext.registerSecurityEvent(signedSCElementSecurityEvent);
423
424 SignedElementSecurityEvent signedUsernameTokenElementSecurityEvent = new SignedElementSecurityEvent(initiatorToken, true, protectionOrder);
425 signedUsernameTokenElementSecurityEvent.setElementPath(usernameTokenPath);
426 signedUsernameTokenElementSecurityEvent.setXmlSecEvent(usernameTokenXmlEvent);
427 inboundWSSecurityContext.registerSecurityEvent(signedUsernameTokenElementSecurityEvent);
428
429 SignedElementSecurityEvent bstElementSecurityEvent = new SignedElementSecurityEvent(initiatorToken, true, protectionOrder);
430 bstElementSecurityEvent.setElementPath(bstPath);
431 bstElementSecurityEvent.setXmlSecEvent(signedEndorsingTokenXmlEvent);
432 inboundWSSecurityContext.registerSecurityEvent(bstElementSecurityEvent);
433
434 bstElementSecurityEvent = new SignedElementSecurityEvent(initiatorToken, true, protectionOrder);
435 bstElementSecurityEvent.setElementPath(bstPath);
436 bstElementSecurityEvent.setXmlSecEvent(signedEndorsingEncryptedTokenXmlEvent);
437 inboundWSSecurityContext.registerSecurityEvent(bstElementSecurityEvent);
438
439 bstElementSecurityEvent = new SignedElementSecurityEvent(initiatorToken, true, protectionOrder);
440 bstElementSecurityEvent.setElementPath(bstPath);
441 bstElementSecurityEvent.setXmlSecEvent(initiatorTokenXmlEvent);
442 inboundWSSecurityContext.registerSecurityEvent(bstElementSecurityEvent);
443
444 List<QName> header1Path = new LinkedList<>();
445 header1Path.addAll(WSSConstants.SOAP_11_HEADER_PATH);
446 header1Path.add(new QName("x", "Header1", "x"));
447
448 SignedPartSecurityEvent header1SignedPartSecurityEvent = new SignedPartSecurityEvent(initiatorToken, true, protectionOrder);
449 header1SignedPartSecurityEvent.setElementPath(header1Path);
450 inboundWSSecurityContext.registerSecurityEvent(header1SignedPartSecurityEvent);
451
452 List<QName> header2Path = new LinkedList<>();
453 header2Path.addAll(WSSConstants.SOAP_11_HEADER_PATH);
454 header2Path.add(new QName("x", "Header1", "x"));
455
456 SignedPartSecurityEvent header2SignedPartSecurityEvent = new SignedPartSecurityEvent(initiatorToken, true, protectionOrder);
457 header2SignedPartSecurityEvent.setElementPath(header2Path);
458 inboundWSSecurityContext.registerSecurityEvent(header2SignedPartSecurityEvent);
459
460 List<QName> bodyPath = new LinkedList<>();
461 bodyPath.addAll(WSSConstants.SOAP_11_BODY_PATH);
462
463 SignedPartSecurityEvent bodySignedPartSecurityEvent = new SignedPartSecurityEvent(initiatorToken, true, protectionOrder);
464 bodySignedPartSecurityEvent.setElementPath(bodyPath);
465 inboundWSSecurityContext.registerSecurityEvent(bodySignedPartSecurityEvent);
466
467 signedEndorsingSupporting509TokenSecurityEvent = new X509TokenSecurityEvent();
468 signedEndorsingSupporting509TokenSecurityEvent.setSecurityToken(signedEndorsingSupportingToken);
469 signedEndorsingSupportingToken.addTokenUsage(WSSecurityTokenConstants.TokenUsage_Signature);
470 inboundWSSecurityContext.registerSecurityEvent(signedEndorsingSupporting509TokenSecurityEvent);
471
472 SignatureValueSecurityEvent signature2ValueSecurityEvent = new SignatureValueSecurityEvent();
473 inboundWSSecurityContext.registerSecurityEvent(signature2ValueSecurityEvent);
474
475 SignedElementSecurityEvent signatureElementSecurityEvent = new SignedElementSecurityEvent(signedEndorsingSupportingToken, true, protectionOrder);
476 signatureElementSecurityEvent.setElementPath(signaturePath);
477 inboundWSSecurityContext.registerSecurityEvent(signatureElementSecurityEvent);
478
479 bstElementSecurityEvent = new SignedElementSecurityEvent(signedEndorsingSupportingToken, true, protectionOrder);
480 bstElementSecurityEvent.setElementPath(bstPath);
481 bstElementSecurityEvent.setXmlSecEvent(signedEndorsingTokenXmlEvent);
482 inboundWSSecurityContext.registerSecurityEvent(bstElementSecurityEvent);
483
484 signedEndorsingEncryptedSupporting509TokenSecurityEvent = new X509TokenSecurityEvent();
485 signedEndorsingEncryptedSupporting509TokenSecurityEvent.setSecurityToken(signedEndorsingEncryptedSupportingToken);
486 signedEndorsingEncryptedSupportingToken.addTokenUsage(WSSecurityTokenConstants.TokenUsage_Signature);
487 inboundWSSecurityContext.registerSecurityEvent(signedEndorsingEncryptedSupporting509TokenSecurityEvent);
488
489 signature2ValueSecurityEvent = new SignatureValueSecurityEvent();
490 inboundWSSecurityContext.registerSecurityEvent(signature2ValueSecurityEvent);
491
492 signatureElementSecurityEvent = new SignedElementSecurityEvent(signedEndorsingEncryptedSupportingToken, true, protectionOrder);
493 signatureElementSecurityEvent.setElementPath(signaturePath);
494 inboundWSSecurityContext.registerSecurityEvent(signatureElementSecurityEvent);
495
496 bstElementSecurityEvent = new SignedElementSecurityEvent(signedEndorsingEncryptedSupportingToken, true, protectionOrder);
497 bstElementSecurityEvent.setElementPath(bstPath);
498 bstElementSecurityEvent.setXmlSecEvent(signedEndorsingEncryptedTokenXmlEvent);
499 inboundWSSecurityContext.registerSecurityEvent(bstElementSecurityEvent);
500
501 EncryptedPartSecurityEvent bodyEncryptedPartSecurityEvent = new EncryptedPartSecurityEvent(recipientToken, true, protectionOrder);
502 bodyEncryptedPartSecurityEvent.setElementPath(bodyPath);
503 inboundWSSecurityContext.registerSecurityEvent(bodyEncryptedPartSecurityEvent);
504
505 EncryptedPartSecurityEvent header2EncryptedPartSecurityEvent = new EncryptedPartSecurityEvent(recipientToken, true, protectionOrder);
506 header2EncryptedPartSecurityEvent.setElementPath(header2Path);
507 inboundWSSecurityContext.registerSecurityEvent(header2EncryptedPartSecurityEvent);
508
509 OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
510 operationSecurityEvent.setOperation(new QName("definitions"));
511 inboundWSSecurityContext.registerSecurityEvent(operationSecurityEvent);
512 return securityEventList;
513 }
514
515 @Test
516 public void testTokenIdentificationSymmetricSecurity() throws Exception {
517
518 final List<SecurityEvent> securityEventList = generateSymmetricBindingSecurityEvents();
519
520 assertEquals(securityEventList.size(), 24);
521
522 for (SecurityEvent securityEvent : securityEventList) {
523 if (securityEvent instanceof X509TokenSecurityEvent) {
524 X509TokenSecurityEvent tokenSecurityEvent = (X509TokenSecurityEvent) securityEvent;
525 assertEquals(tokenSecurityEvent.getSecurityToken().getTokenUsages().size(), 1);
526 assertTrue(tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TOKENUSAGE_SIGNED_ENDORSING_SUPPORTING_TOKENS));
527 } else if (securityEvent instanceof UsernameTokenSecurityEvent) {
528 UsernameTokenSecurityEvent tokenSecurityEvent = (UsernameTokenSecurityEvent) securityEvent;
529 assertEquals(tokenSecurityEvent.getSecurityToken().getTokenUsages().size(), 1);
530 assertTrue(tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TOKENUSAGE_SIGNED_ENCRYPTED_SUPPORTING_TOKENS));
531 } else if (securityEvent instanceof SamlTokenSecurityEvent) {
532 SamlTokenSecurityEvent tokenSecurityEvent = (SamlTokenSecurityEvent) securityEvent;
533 assertEquals(tokenSecurityEvent.getSecurityToken().getTokenUsages().size(), 2);
534 assertTrue(tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TOKENUSAGE_MAIN_SIGNATURE));
535 assertTrue(tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TOKENUSAGE_MAIN_ENCRYPTION));
536 }
537 }
538 }
539
540 public List<SecurityEvent> generateSymmetricBindingSecurityEvents() throws Exception {
541 final List<SecurityEvent> securityEventList = new LinkedList<>();
542
543 SecurityEventListener securityEventListener = new SecurityEventListener() {
544 @Override
545 public void registerSecurityEvent(SecurityEvent securityEvent) throws WSSecurityException {
546 securityEventList.add(securityEvent);
547 }
548 };
549
550 InboundWSSecurityContextImpl inboundWSSecurityContext = new InboundWSSecurityContextImpl();
551 inboundWSSecurityContext.addSecurityEventListener(securityEventListener);
552
553 TimestampSecurityEvent timestampSecurityEvent = new TimestampSecurityEvent();
554 inboundWSSecurityContext.registerSecurityEvent(timestampSecurityEvent);
555
556 List<QName> timestampPath = new LinkedList<>();
557 timestampPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
558 timestampPath.add(WSSConstants.TAG_WSU_TIMESTAMP);
559
560 RequiredElementSecurityEvent timestampRequiredElementSecurityEvent = new RequiredElementSecurityEvent();
561 timestampRequiredElementSecurityEvent.setElementPath(timestampPath);
562 inboundWSSecurityContext.registerSecurityEvent(timestampRequiredElementSecurityEvent);
563
564 SignatureConfirmationSecurityEvent signatureConfirmationSecurityEvent = new SignatureConfirmationSecurityEvent();
565 inboundWSSecurityContext.registerSecurityEvent(signatureConfirmationSecurityEvent);
566
567 List<QName> scPath = new LinkedList<>();
568 scPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
569 scPath.add(WSSConstants.TAG_WSSE11_SIG_CONF);
570
571 RequiredElementSecurityEvent scRequiredElementSecurityEvent = new RequiredElementSecurityEvent();
572 scRequiredElementSecurityEvent.setElementPath(scPath);
573 inboundWSSecurityContext.registerSecurityEvent(scRequiredElementSecurityEvent);
574
575 List<QName> samlTokenPath = new LinkedList<>();
576 samlTokenPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
577 samlTokenPath.add(WSSConstants.TAG_SAML2_ASSERTION);
578
579 XMLSecEvent samlTokenXmlEvent = XMLSecEventFactory.createXmlSecStartElement(WSSConstants.TAG_WSSE_USERNAME_TOKEN, null, null);
580
581 SAMLCallback samlCallback = new SAMLCallback();
582 samlCallback.setSamlVersion(Version.SAML_20);
583 samlCallback.setIssuer("xs:anyURI");
584 SubjectBean subjectBean = new SubjectBean();
585 samlCallback.setSubject(subjectBean);
586 SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(samlCallback);
587
588 SamlSecurityTokenImpl samlSecurityToken = new SamlSecurityTokenImpl(
589 samlAssertionWrapper, getX509Token(WSSecurityTokenConstants.X509V3Token), null, null, WSSecurityTokenConstants.KeyIdentifier_X509KeyIdentifier,
590 null);
591 samlSecurityToken.setElementPath(samlTokenPath);
592 samlSecurityToken.setXMLSecEvent(samlTokenXmlEvent);
593 samlSecurityToken.addTokenUsage(WSSecurityTokenConstants.TokenUsage_Encryption);
594 SamlTokenSecurityEvent samlTokenSecurityEvent = new SamlTokenSecurityEvent();
595 samlTokenSecurityEvent.setSecurityToken(samlSecurityToken);
596 inboundWSSecurityContext.registerSecurityEvent(samlTokenSecurityEvent);
597
598 List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<>();
599 protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
600 protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
601
602 List<QName> usernamePath = new LinkedList<>();
603 usernamePath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
604 usernamePath.add(WSSConstants.TAG_WSSE_USERNAME_TOKEN);
605
606 XMLSecEvent usernameTokenXmlEvent = XMLSecEventFactory.createXmlSecStartElement(WSSConstants.TAG_WSSE_USERNAME_TOKEN, null, null);
607
608 EncryptedElementSecurityEvent usernameEncryptedElementSecurityEvent = new EncryptedElementSecurityEvent(samlSecurityToken, true, protectionOrder);
609 usernameEncryptedElementSecurityEvent.setElementPath(usernamePath);
610 usernameEncryptedElementSecurityEvent.setXmlSecEvent(usernameTokenXmlEvent);
611 inboundWSSecurityContext.registerSecurityEvent(usernameEncryptedElementSecurityEvent);
612
613 List<QName> usernameTokenPath = new LinkedList<>();
614 usernameTokenPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
615 usernameTokenPath.add(WSSConstants.TAG_WSSE_USERNAME_TOKEN);
616
617 UsernameTokenSecurityEvent usernameTokenSecurityEvent = new UsernameTokenSecurityEvent();
618 ZonedDateTime now = ZonedDateTime.now(ZoneOffset.UTC);
619 String created = DateUtil.getDateTimeFormatter(true).format(now);
620 UsernameSecurityTokenImpl usernameSecurityToken = new UsernameSecurityTokenImpl(
621 WSSConstants.UsernameTokenPasswordType.PASSWORD_TEXT,
622 "username", "password", created, null, new byte[10], 10L,
623 null, IDGenerator.generateID(null), WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE);
624 usernameSecurityToken.setElementPath(usernamePath);
625 usernameSecurityToken.setXMLSecEvent(usernameTokenXmlEvent);
626 usernameTokenSecurityEvent.setSecurityToken(usernameSecurityToken);
627 inboundWSSecurityContext.registerSecurityEvent(usernameTokenSecurityEvent);
628
629 List<QName> signaturePath = new LinkedList<>();
630 signaturePath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
631 signaturePath.add(WSSConstants.TAG_dsig_Signature);
632
633 EncryptedElementSecurityEvent signatureEncryptedElementSecurityEvent = new EncryptedElementSecurityEvent(samlSecurityToken, true, protectionOrder);
634 signatureEncryptedElementSecurityEvent.setElementPath(signaturePath);
635 inboundWSSecurityContext.registerSecurityEvent(signatureEncryptedElementSecurityEvent);
636
637 samlSecurityToken.addTokenUsage(WSSecurityTokenConstants.TokenUsage_Signature);
638 samlTokenSecurityEvent = new SamlTokenSecurityEvent();
639 samlTokenSecurityEvent.setSecurityToken(samlSecurityToken);
640 inboundWSSecurityContext.registerSecurityEvent(samlTokenSecurityEvent);
641
642 SignatureValueSecurityEvent signatureValueSecurityEvent = new SignatureValueSecurityEvent();
643 inboundWSSecurityContext.registerSecurityEvent(signatureValueSecurityEvent);
644
645 SignedElementSecurityEvent signedTimestampElementSecurityEvent = new SignedElementSecurityEvent(samlSecurityToken, true, protectionOrder);
646 signedTimestampElementSecurityEvent.setElementPath(timestampPath);
647 inboundWSSecurityContext.registerSecurityEvent(signedTimestampElementSecurityEvent);
648
649 SignedElementSecurityEvent signedSCElementSecurityEvent = new SignedElementSecurityEvent(samlSecurityToken, true, protectionOrder);
650 signedSCElementSecurityEvent.setElementPath(scPath);
651 inboundWSSecurityContext.registerSecurityEvent(signedSCElementSecurityEvent);
652
653 SignedElementSecurityEvent signedUsernameTokenElementSecurityEvent = new SignedElementSecurityEvent(samlSecurityToken, true, protectionOrder);
654 signedUsernameTokenElementSecurityEvent.setElementPath(usernameTokenPath);
655 signedUsernameTokenElementSecurityEvent.setXmlSecEvent(usernameTokenXmlEvent);
656 inboundWSSecurityContext.registerSecurityEvent(signedUsernameTokenElementSecurityEvent);
657
658 List<QName> bstPath = new LinkedList<>();
659 bstPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
660 bstPath.add(WSSConstants.TAG_WSSE_BINARY_SECURITY_TOKEN);
661
662 XMLSecEvent bstTokenXmlEvent = XMLSecEventFactory.createXmlSecStartElement(WSSConstants.TAG_WSSE_USERNAME_TOKEN, null, null);
663
664 SignedElementSecurityEvent bstElementSecurityEvent = new SignedElementSecurityEvent(samlSecurityToken, true, protectionOrder);
665 bstElementSecurityEvent.setElementPath(bstPath);
666 bstElementSecurityEvent.setXmlSecEvent(bstTokenXmlEvent);
667 inboundWSSecurityContext.registerSecurityEvent(bstElementSecurityEvent);
668
669 SignedElementSecurityEvent samlTokenElementSecurityEvent = new SignedElementSecurityEvent(samlSecurityToken, true, protectionOrder);
670 samlTokenElementSecurityEvent.setElementPath(samlTokenPath);
671 samlTokenElementSecurityEvent.setXmlSecEvent(samlTokenXmlEvent);
672 inboundWSSecurityContext.registerSecurityEvent(samlTokenElementSecurityEvent);
673
674 List<QName> header1Path = new LinkedList<>();
675 header1Path.addAll(WSSConstants.SOAP_11_HEADER_PATH);
676 header1Path.add(new QName("x", "Header1", "x"));
677
678 SignedPartSecurityEvent header1SignedPartSecurityEvent = new SignedPartSecurityEvent(samlSecurityToken, true, protectionOrder);
679 header1SignedPartSecurityEvent.setElementPath(header1Path);
680 inboundWSSecurityContext.registerSecurityEvent(header1SignedPartSecurityEvent);
681
682 List<QName> header2Path = new LinkedList<>();
683 header2Path.addAll(WSSConstants.SOAP_11_HEADER_PATH);
684 header2Path.add(new QName("x", "Header1", "x"));
685
686 SignedPartSecurityEvent header2SignedPartSecurityEvent = new SignedPartSecurityEvent(samlSecurityToken, true, protectionOrder);
687 header2SignedPartSecurityEvent.setElementPath(header2Path);
688 inboundWSSecurityContext.registerSecurityEvent(header2SignedPartSecurityEvent);
689
690 List<QName> bodyPath = new LinkedList<>();
691 bodyPath.addAll(WSSConstants.SOAP_11_BODY_PATH);
692
693 SignedPartSecurityEvent bodySignedPartSecurityEvent = new SignedPartSecurityEvent(samlSecurityToken, true, protectionOrder);
694 bodySignedPartSecurityEvent.setElementPath(bodyPath);
695 inboundWSSecurityContext.registerSecurityEvent(bodySignedPartSecurityEvent);
696
697 X509TokenSecurityEvent x509TokenSecurityEvent = new X509TokenSecurityEvent();
698 X509SecurityTokenImpl signedEndorsingSupportingToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
699 x509TokenSecurityEvent.setSecurityToken(signedEndorsingSupportingToken);
700 signedEndorsingSupportingToken.setElementPath(bstPath);
701 signedEndorsingSupportingToken.setXMLSecEvent(bstTokenXmlEvent);
702 signedEndorsingSupportingToken.addTokenUsage(WSSecurityTokenConstants.TokenUsage_Signature);
703 inboundWSSecurityContext.registerSecurityEvent(x509TokenSecurityEvent);
704
705 SignatureValueSecurityEvent signature2ValueSecurityEvent = new SignatureValueSecurityEvent();
706 inboundWSSecurityContext.registerSecurityEvent(signature2ValueSecurityEvent);
707
708 SignedElementSecurityEvent signatureElementSecurityEvent = new SignedElementSecurityEvent(signedEndorsingSupportingToken, true, protectionOrder);
709 signatureElementSecurityEvent.setElementPath(signaturePath);
710 inboundWSSecurityContext.registerSecurityEvent(signatureElementSecurityEvent);
711
712 bstElementSecurityEvent = new SignedElementSecurityEvent(signedEndorsingSupportingToken, true, protectionOrder);
713 bstElementSecurityEvent.setElementPath(bstPath);
714 bstElementSecurityEvent.setXmlSecEvent(bstTokenXmlEvent);
715 inboundWSSecurityContext.registerSecurityEvent(bstElementSecurityEvent);
716
717 EncryptedPartSecurityEvent header2EncryptedPartSecurityEvent = new EncryptedPartSecurityEvent(samlSecurityToken, true, protectionOrder);
718 header2EncryptedPartSecurityEvent.setElementPath(header2Path);
719 inboundWSSecurityContext.registerSecurityEvent(header2EncryptedPartSecurityEvent);
720
721 EncryptedPartSecurityEvent bodyEncryptedPartSecurityEvent = new EncryptedPartSecurityEvent(samlSecurityToken, true, protectionOrder);
722 bodyEncryptedPartSecurityEvent.setElementPath(bodyPath);
723 inboundWSSecurityContext.registerSecurityEvent(bodyEncryptedPartSecurityEvent);
724
725 OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
726 operationSecurityEvent.setOperation(new QName("definitions"));
727 inboundWSSecurityContext.registerSecurityEvent(operationSecurityEvent);
728 return securityEventList;
729 }
730
731 private X509SecurityTokenImpl getX509Token(WSSecurityTokenConstants.TokenType tokenType) throws Exception {
732
733 final KeyStore keyStore = KeyStore.getInstance("jks");
734 InputStream input = this.getClass().getClassLoader().getResourceAsStream("transmitter.jks");
735 keyStore.load(input, "default".toCharArray());
736 input.close();
737
738 X509SecurityTokenImpl x509SecurityToken =
739 new X509SecurityTokenImpl(tokenType, null, null, null, IDGenerator.generateID(null),
740 WSSecurityTokenConstants.KEYIDENTIFIER_THUMBPRINT_IDENTIFIER, null, true) {
741
742 @Override
743 protected String getAlias() throws WSSecurityException {
744 return "transmitter";
745 }
746 };
747 x509SecurityToken.setSecretKey("", keyStore.getKey("transmitter", "default".toCharArray()));
748 x509SecurityToken.setPublicKey(keyStore.getCertificate("transmitter").getPublicKey());
749
750 Certificate[] certificates;
751 try {
752 certificates = keyStore.getCertificateChain("transmitter");
753 } catch (Exception e) {
754 throw new XMLSecurityException(e);
755 }
756
757 X509Certificate[] x509Certificates = new X509Certificate[certificates.length];
758 for (int i = 0; i < certificates.length; i++) {
759 Certificate certificate = certificates[i];
760 x509Certificates[i] = (X509Certificate) certificate;
761 }
762 x509SecurityToken.setX509Certificates(x509Certificates);
763 return x509SecurityToken;
764 }
765 }