Google Git
Sign in
apache / ws-wss4j / e2cfb4287e962e5848bfbd9f986ee3195e744505 / . / ws-security-stax / src / test / java / org / apache / wss4j / stax / test / InboundWSSecurityContextImplTest.java
blob: 7d19cf92ab78baa2cd16c8d94e409117a1cbc5b7 [file] [log] [blame]
/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.wss4j.stax.test;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.LinkedList;
import java.util.List;
import javax.xml.namespace.QName;
import org.apache.wss4j.common.crypto.WSProviderConfig;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.saml.SAMLCallback;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apache.wss4j.common.saml.bean.SubjectBean;
import org.apache.wss4j.common.saml.bean.Version;
import org.apache.wss4j.stax.ext.WSSConstants;
import org.apache.wss4j.stax.impl.InboundWSSecurityContextImpl;
import org.apache.wss4j.stax.impl.securityToken.HttpsSecurityTokenImpl;
import org.apache.wss4j.stax.impl.securityToken.SamlSecurityTokenImpl;
import org.apache.wss4j.stax.impl.securityToken.UsernameSecurityTokenImpl;
import org.apache.wss4j.stax.impl.securityToken.X509SecurityTokenImpl;
import org.apache.wss4j.stax.securityEvent.EncryptedPartSecurityEvent;
import org.apache.wss4j.stax.securityEvent.HttpsTokenSecurityEvent;
import org.apache.wss4j.stax.securityEvent.OperationSecurityEvent;
import org.apache.wss4j.stax.securityEvent.RequiredElementSecurityEvent;
import org.apache.wss4j.stax.securityEvent.SamlTokenSecurityEvent;
import org.apache.wss4j.stax.securityEvent.SignatureConfirmationSecurityEvent;
import org.apache.wss4j.stax.securityEvent.SignedPartSecurityEvent;
import org.apache.wss4j.stax.securityEvent.TimestampSecurityEvent;
import org.apache.wss4j.stax.securityEvent.UsernameTokenSecurityEvent;
import org.apache.wss4j.stax.securityEvent.X509TokenSecurityEvent;
import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
import org.apache.wss4j.stax.setup.WSSec;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.stax.config.Init;
import org.apache.xml.security.stax.ext.XMLSecurityConstants;
import org.apache.xml.security.stax.ext.stax.XMLSecEvent;
import org.apache.xml.security.stax.ext.stax.XMLSecEventFactory;
import org.apache.xml.security.stax.impl.util.IDGenerator;
import org.apache.xml.security.stax.securityEvent.EncryptedElementSecurityEvent;
import org.apache.xml.security.stax.securityEvent.SecurityEvent;
import org.apache.xml.security.stax.securityEvent.SecurityEventListener;
import org.apache.xml.security.stax.securityEvent.SignatureValueSecurityEvent;
import org.apache.xml.security.stax.securityEvent.SignedElementSecurityEvent;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
public class InboundWSSecurityContextImplTest {
@BeforeClass
public static void setUp() throws Exception {
WSProviderConfig.init();
Init.init(WSSec.class.getClassLoader().getResource("wss/wss-config.xml").toURI(), WSSec.class);
}
@Test
public void testTokenIdentificationTransportSecurity() throws Exception {
final List<SecurityEvent> securityEventList = generateTransportBindingSecurityEvents();
Assert.assertEquals(securityEventList.size(), 11);
for (int i = 0; i < securityEventList.size(); i++) {
SecurityEvent securityEvent = securityEventList.get(i);
if (securityEvent instanceof HttpsTokenSecurityEvent) {
HttpsTokenSecurityEvent tokenSecurityEvent = (HttpsTokenSecurityEvent) securityEvent;
Assert.assertEquals(tokenSecurityEvent.getSecurityToken().getTokenUsages().size(), 2);
Assert.assertTrue(tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TOKENUSAGE_MAIN_SIGNATURE));
Assert.assertTrue(tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TOKENUSAGE_MAIN_ENCRYPTION));
} else if (securityEvent instanceof X509TokenSecurityEvent) {
X509TokenSecurityEvent tokenSecurityEvent = (X509TokenSecurityEvent) securityEvent;
Assert.assertEquals(tokenSecurityEvent.getSecurityToken().getTokenUsages().size(), 1);
Assert.assertTrue(tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TOKENUSAGE_SIGNED_ENDORSING_ENCRYPTED_SUPPORTING_TOKENS));
} else if (securityEvent instanceof UsernameTokenSecurityEvent) {
UsernameTokenSecurityEvent tokenSecurityEvent = (UsernameTokenSecurityEvent) securityEvent;
Assert.assertEquals(tokenSecurityEvent.getSecurityToken().getTokenUsages().size(), 1);
Assert.assertTrue(tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TOKENUSAGE_SIGNED_ENCRYPTED_SUPPORTING_TOKENS));
}
}
}
public List<SecurityEvent> generateTransportBindingSecurityEvents() throws Exception {
final List<SecurityEvent> securityEventList = new LinkedList<SecurityEvent>();
SecurityEventListener securityEventListener = new SecurityEventListener() {
@Override
public void registerSecurityEvent(SecurityEvent securityEvent) throws WSSecurityException {
securityEventList.add(securityEvent);
}
};
InboundWSSecurityContextImpl inboundWSSecurityContext = new InboundWSSecurityContextImpl();
inboundWSSecurityContext.addSecurityEventListener(securityEventListener);
inboundWSSecurityContext.put(WSSConstants.TRANSPORT_SECURITY_ACTIVE, Boolean.TRUE);
HttpsTokenSecurityEvent httpsTokenSecurityEvent = new HttpsTokenSecurityEvent();
httpsTokenSecurityEvent.setSecurityToken(
new HttpsSecurityTokenImpl(
getX509Token(WSSecurityTokenConstants.X509V3Token).getX509Certificates()[0]));
inboundWSSecurityContext.registerSecurityEvent(httpsTokenSecurityEvent);
TimestampSecurityEvent timestampSecurityEvent = new TimestampSecurityEvent();
inboundWSSecurityContext.registerSecurityEvent(timestampSecurityEvent);
List<QName> timestampPath = new LinkedList<QName>();
timestampPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
timestampPath.add(WSSConstants.TAG_WSU_TIMESTAMP);
RequiredElementSecurityEvent timestampRequiredElementSecurityEvent = new RequiredElementSecurityEvent();
timestampRequiredElementSecurityEvent.setElementPath(timestampPath);
inboundWSSecurityContext.registerSecurityEvent(timestampRequiredElementSecurityEvent);
List<QName> usernameTokenPath = new LinkedList<QName>();
usernameTokenPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
usernameTokenPath.add(WSSConstants.TAG_WSSE_USERNAME_TOKEN);
XMLSecEvent usernameTokenXmlEvent = XMLSecEventFactory.createXmlSecStartElement(WSSConstants.TAG_WSSE_USERNAME_TOKEN, null, null);
UsernameTokenSecurityEvent usernameTokenSecurityEvent = new UsernameTokenSecurityEvent();
UsernameSecurityTokenImpl usernameSecurityToken = new UsernameSecurityTokenImpl(
WSSConstants.UsernameTokenPasswordType.PASSWORD_TEXT,
"username", "password", new Date().toString(), null, new byte[10], 10L,
null, IDGenerator.generateID(null), WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE);
usernameSecurityToken.setElementPath(usernameTokenPath);
usernameSecurityToken.setXMLSecEvent(usernameTokenXmlEvent);
usernameTokenSecurityEvent.setSecurityToken(usernameSecurityToken);
inboundWSSecurityContext.registerSecurityEvent(usernameTokenSecurityEvent);
SignatureConfirmationSecurityEvent signatureConfirmationSecurityEvent = new SignatureConfirmationSecurityEvent();
inboundWSSecurityContext.registerSecurityEvent(signatureConfirmationSecurityEvent);
List<QName> scPath = new LinkedList<QName>();
scPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
scPath.add(WSSConstants.TAG_WSSE11_SIG_CONF);
RequiredElementSecurityEvent scRequiredElementSecurityEvent = new RequiredElementSecurityEvent();
scRequiredElementSecurityEvent.setElementPath(scPath);
inboundWSSecurityContext.registerSecurityEvent(scRequiredElementSecurityEvent);
List<QName> bstPath = new LinkedList<QName>();
bstPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
bstPath.add(WSSConstants.TAG_WSSE_BINARY_SECURITY_TOKEN);
XMLSecEvent signedEndorsingSupportingTokenXmlEvent = XMLSecEventFactory.createXmlSecStartElement(WSSConstants.TAG_WSSE_USERNAME_TOKEN, null, null);
X509TokenSecurityEvent x509TokenSecurityEvent = new X509TokenSecurityEvent();
X509SecurityTokenImpl signedEndorsingEncryptedSupportingToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
signedEndorsingEncryptedSupportingToken.setElementPath(bstPath);
signedEndorsingEncryptedSupportingToken.setXMLSecEvent(signedEndorsingSupportingTokenXmlEvent);
x509TokenSecurityEvent.setSecurityToken(signedEndorsingEncryptedSupportingToken);
signedEndorsingEncryptedSupportingToken.addTokenUsage(WSSecurityTokenConstants.TokenUsage_Signature);
inboundWSSecurityContext.registerSecurityEvent(x509TokenSecurityEvent);
SignatureValueSecurityEvent signatureValueSecurityEvent = new SignatureValueSecurityEvent();
inboundWSSecurityContext.registerSecurityEvent(signatureValueSecurityEvent);
List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
SignedElementSecurityEvent signedTimestampElementSecurityEvent = new SignedElementSecurityEvent(signedEndorsingEncryptedSupportingToken, true, protectionOrder);
signedTimestampElementSecurityEvent.setElementPath(timestampPath);
inboundWSSecurityContext.registerSecurityEvent(signedTimestampElementSecurityEvent);
SignedElementSecurityEvent signedBSTElementSecurityEvent = new SignedElementSecurityEvent(signedEndorsingEncryptedSupportingToken, true, protectionOrder);
signedBSTElementSecurityEvent.setElementPath(bstPath);
signedBSTElementSecurityEvent.setXmlSecEvent(signedEndorsingSupportingTokenXmlEvent);
inboundWSSecurityContext.registerSecurityEvent(signedBSTElementSecurityEvent);
OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
operationSecurityEvent.setOperation(new QName("definitions"));
inboundWSSecurityContext.registerSecurityEvent(operationSecurityEvent);
return securityEventList;
}
@Test
public void testTokenIdentificationAsymmetricSecurity() throws Exception {
final List<SecurityEvent> securityEventList = generateAsymmetricBindingSecurityEvents();
boolean mainSignatureTokenOccured = false;
boolean signedEndorsingSupportingTokenOccured = false;
boolean signedEndorsingEncryptedSupportingTokenOccured = false;
boolean supportingTokensOccured = false;
boolean encryptedSupportingTokensOccured = false;
boolean mainEncryptionTokenOccured = false;
boolean usernameTokenOccured = false;
Assert.assertEquals(securityEventList.size(), 34);
int x509TokenIndex = 0;
for (int i = 0; i < securityEventList.size(); i++) {
SecurityEvent securityEvent = securityEventList.get(i);
if (securityEvent instanceof X509TokenSecurityEvent && x509TokenIndex == 0) {
x509TokenIndex++;
X509TokenSecurityEvent tokenSecurityEvent = (X509TokenSecurityEvent) securityEvent;
Assert.assertEquals(tokenSecurityEvent.getSecurityToken().getTokenUsages().size(), 1);
Assert.assertTrue(tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TOKENUSAGE_MAIN_ENCRYPTION));
mainEncryptionTokenOccured = true;
} else if (securityEvent instanceof X509TokenSecurityEvent && x509TokenIndex == 1) {
x509TokenIndex++;
X509TokenSecurityEvent tokenSecurityEvent = (X509TokenSecurityEvent) securityEvent;
Assert.assertEquals(tokenSecurityEvent.getSecurityToken().getTokenUsages().size(), 1);
Assert.assertTrue(tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TOKENUSAGE_ENCRYPTED_SUPPORTING_TOKENS));
signedEndorsingSupportingTokenOccured = true;
} else if (securityEvent instanceof X509TokenSecurityEvent && x509TokenIndex == 2) {
x509TokenIndex++;
X509TokenSecurityEvent tokenSecurityEvent = (X509TokenSecurityEvent) securityEvent;
Assert.assertEquals(tokenSecurityEvent.getSecurityToken().getTokenUsages().size(), 1);
Assert.assertTrue(tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS));
encryptedSupportingTokensOccured = true;
} else if (securityEvent instanceof X509TokenSecurityEvent && x509TokenIndex == 3) {
x509TokenIndex++;
X509TokenSecurityEvent tokenSecurityEvent = (X509TokenSecurityEvent) securityEvent;
Assert.assertEquals(tokenSecurityEvent.getSecurityToken().getTokenUsages().size(), 1);
Assert.assertTrue(tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TOKENUSAGE_MAIN_SIGNATURE));
supportingTokensOccured = true;
} else if (securityEvent instanceof X509TokenSecurityEvent && x509TokenIndex == 4) {
x509TokenIndex++;
X509TokenSecurityEvent tokenSecurityEvent = (X509TokenSecurityEvent) securityEvent;
Assert.assertEquals(tokenSecurityEvent.getSecurityToken().getTokenUsages().size(), 1);
Assert.assertTrue(tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TOKENUSAGE_SIGNED_ENDORSING_SUPPORTING_TOKENS));
signedEndorsingEncryptedSupportingTokenOccured = true;
} else if (securityEvent instanceof X509TokenSecurityEvent && x509TokenIndex == 5) {
x509TokenIndex++;
X509TokenSecurityEvent tokenSecurityEvent = (X509TokenSecurityEvent) securityEvent;
Assert.assertEquals(tokenSecurityEvent.getSecurityToken().getTokenUsages().size(), 1);
Assert.assertTrue(tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TOKENUSAGE_SIGNED_ENDORSING_ENCRYPTED_SUPPORTING_TOKENS));
mainSignatureTokenOccured = true;
} else if (securityEvent instanceof UsernameTokenSecurityEvent) {
UsernameTokenSecurityEvent tokenSecurityEvent = (UsernameTokenSecurityEvent) securityEvent;
Assert.assertEquals(tokenSecurityEvent.getSecurityToken().getTokenUsages().size(), 1);
Assert.assertTrue(tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TOKENUSAGE_SIGNED_ENCRYPTED_SUPPORTING_TOKENS));
usernameTokenOccured = true;
}
}
Assert.assertTrue(mainSignatureTokenOccured);
Assert.assertTrue(mainEncryptionTokenOccured);
Assert.assertTrue(signedEndorsingSupportingTokenOccured);
Assert.assertTrue(signedEndorsingEncryptedSupportingTokenOccured);
Assert.assertTrue(supportingTokensOccured);
Assert.assertTrue(encryptedSupportingTokensOccured);
Assert.assertTrue(usernameTokenOccured);
}
public List<SecurityEvent> generateAsymmetricBindingSecurityEvents() throws Exception {
final List<SecurityEvent> securityEventList = new LinkedList<SecurityEvent>();
SecurityEventListener securityEventListener = new SecurityEventListener() {
@Override
public void registerSecurityEvent(SecurityEvent securityEvent) throws WSSecurityException {
securityEventList.add(securityEvent);
}
};
InboundWSSecurityContextImpl inboundWSSecurityContext = new InboundWSSecurityContextImpl();
inboundWSSecurityContext.addSecurityEventListener(securityEventListener);
TimestampSecurityEvent timestampSecurityEvent = new TimestampSecurityEvent();
inboundWSSecurityContext.registerSecurityEvent(timestampSecurityEvent);
List<QName> timestampPath = new LinkedList<QName>();
timestampPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
timestampPath.add(WSSConstants.TAG_WSU_TIMESTAMP);
RequiredElementSecurityEvent timestampRequiredElementSecurityEvent = new RequiredElementSecurityEvent();
timestampRequiredElementSecurityEvent.setElementPath(timestampPath);
inboundWSSecurityContext.registerSecurityEvent(timestampRequiredElementSecurityEvent);
SignatureConfirmationSecurityEvent signatureConfirmationSecurityEvent = new SignatureConfirmationSecurityEvent();
inboundWSSecurityContext.registerSecurityEvent(signatureConfirmationSecurityEvent);
List<QName> scPath = new LinkedList<QName>();
scPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
scPath.add(WSSConstants.TAG_WSSE11_SIG_CONF);
RequiredElementSecurityEvent scRequiredElementSecurityEvent = new RequiredElementSecurityEvent();
scRequiredElementSecurityEvent.setElementPath(scPath);
inboundWSSecurityContext.registerSecurityEvent(scRequiredElementSecurityEvent);
List<QName> bstPath = new LinkedList<QName>();
bstPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
bstPath.add(WSSConstants.TAG_WSSE_BINARY_SECURITY_TOKEN);
XMLSecEvent recipientTokenXmlEvent = XMLSecEventFactory.createXmlSecStartElement(WSSConstants.TAG_WSSE_USERNAME_TOKEN, null, null);
X509TokenSecurityEvent recipientX509TokenSecurityEvent = new X509TokenSecurityEvent();
X509SecurityTokenImpl recipientToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
recipientX509TokenSecurityEvent.setSecurityToken(recipientToken);
recipientToken.setElementPath(bstPath);
recipientToken.setXMLSecEvent(recipientTokenXmlEvent);
recipientToken.addTokenUsage(WSSecurityTokenConstants.TokenUsage_Encryption);
inboundWSSecurityContext.registerSecurityEvent(recipientX509TokenSecurityEvent);
List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
List<QName> signaturePath = new LinkedList<QName>();
signaturePath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
signaturePath.add(WSSConstants.TAG_dsig_Signature);
EncryptedElementSecurityEvent signatureEncryptedElementSecurityEvent = new EncryptedElementSecurityEvent(recipientToken, true, protectionOrder);
signatureEncryptedElementSecurityEvent.setElementPath(signaturePath);
inboundWSSecurityContext.registerSecurityEvent(signatureEncryptedElementSecurityEvent);
List<QName> usernameTokenPath = new LinkedList<QName>();
usernameTokenPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
usernameTokenPath.add(WSSConstants.TAG_WSSE_USERNAME_TOKEN);
XMLSecEvent usernameTokenXmlEvent = XMLSecEventFactory.createXmlSecStartElement(WSSConstants.TAG_WSSE_USERNAME_TOKEN, null, null);
EncryptedElementSecurityEvent usernameEncryptedElementSecurityEvent = new EncryptedElementSecurityEvent(recipientToken, true, protectionOrder);
usernameEncryptedElementSecurityEvent.setElementPath(usernameTokenPath);
usernameEncryptedElementSecurityEvent.setXmlSecEvent(usernameTokenXmlEvent);
inboundWSSecurityContext.registerSecurityEvent(usernameEncryptedElementSecurityEvent);
XMLSecEvent signedEndorsingEncryptedTokenXmlEvent = XMLSecEventFactory.createXmlSecStartElement(WSSConstants.TAG_WSSE_USERNAME_TOKEN, null, null);
EncryptedElementSecurityEvent signedEndorsedEncryptedTokenEncryptedElementSecurityEvent = new EncryptedElementSecurityEvent(recipientToken, true, protectionOrder);
signedEndorsedEncryptedTokenEncryptedElementSecurityEvent.setElementPath(bstPath);
signedEndorsedEncryptedTokenEncryptedElementSecurityEvent.setXmlSecEvent(signedEndorsingEncryptedTokenXmlEvent);
inboundWSSecurityContext.registerSecurityEvent(signedEndorsedEncryptedTokenEncryptedElementSecurityEvent);
XMLSecEvent encryptedSupportingTokenXmlEvent = XMLSecEventFactory.createXmlSecStartElement(WSSConstants.TAG_WSSE_USERNAME_TOKEN, null, null);
EncryptedElementSecurityEvent encryptedSupportingTokenEncryptedElementSecurityEvent = new EncryptedElementSecurityEvent(recipientToken, true, protectionOrder);
encryptedSupportingTokenEncryptedElementSecurityEvent.setElementPath(bstPath);
encryptedSupportingTokenEncryptedElementSecurityEvent.setXmlSecEvent(encryptedSupportingTokenXmlEvent);
inboundWSSecurityContext.registerSecurityEvent(encryptedSupportingTokenEncryptedElementSecurityEvent);
UsernameTokenSecurityEvent usernameTokenSecurityEvent = new UsernameTokenSecurityEvent();
UsernameSecurityTokenImpl usernameSecurityToken = new UsernameSecurityTokenImpl(
WSSConstants.UsernameTokenPasswordType.PASSWORD_TEXT,
"username", "password", new Date().toString(), null, new byte[10], 10L,
null, IDGenerator.generateID(null), WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE);
usernameSecurityToken.setElementPath(usernameTokenPath);
usernameSecurityToken.setXMLSecEvent(usernameTokenXmlEvent);
usernameTokenSecurityEvent.setSecurityToken(usernameSecurityToken);
inboundWSSecurityContext.registerSecurityEvent(usernameTokenSecurityEvent);
XMLSecEvent signedEndorsingTokenXmlEvent = XMLSecEventFactory.createXmlSecStartElement(WSSConstants.TAG_WSSE_USERNAME_TOKEN, null, null);
X509TokenSecurityEvent signedEndorsingSupporting509TokenSecurityEvent = new X509TokenSecurityEvent();
X509SecurityTokenImpl signedEndorsingSupportingToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
signedEndorsingSupporting509TokenSecurityEvent.setSecurityToken(signedEndorsingSupportingToken);
signedEndorsingSupportingToken.setElementPath(bstPath);
signedEndorsingSupportingToken.setXMLSecEvent(signedEndorsingTokenXmlEvent);
inboundWSSecurityContext.registerSecurityEvent(signedEndorsingSupporting509TokenSecurityEvent);
X509TokenSecurityEvent encryptedSupporting509TokenSecurityEvent = new X509TokenSecurityEvent();
X509SecurityTokenImpl encryptedSupportingToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
encryptedSupporting509TokenSecurityEvent.setSecurityToken(encryptedSupportingToken);
encryptedSupportingToken.setElementPath(bstPath);
encryptedSupportingToken.setXMLSecEvent(encryptedSupportingTokenXmlEvent);
inboundWSSecurityContext.registerSecurityEvent(encryptedSupporting509TokenSecurityEvent);
X509TokenSecurityEvent supporting509TokenSecurityEvent = new X509TokenSecurityEvent();
X509SecurityTokenImpl supportingToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
supporting509TokenSecurityEvent.setSecurityToken(supportingToken);
supportingToken.setElementPath(bstPath);
inboundWSSecurityContext.registerSecurityEvent(supporting509TokenSecurityEvent);
X509TokenSecurityEvent signedEndorsingEncryptedSupporting509TokenSecurityEvent = new X509TokenSecurityEvent();
X509SecurityTokenImpl signedEndorsingEncryptedSupportingToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
signedEndorsingEncryptedSupporting509TokenSecurityEvent.setSecurityToken(signedEndorsingEncryptedSupportingToken);
signedEndorsingEncryptedSupportingToken.setElementPath(bstPath);
signedEndorsingEncryptedSupportingToken.setXMLSecEvent(signedEndorsingEncryptedTokenXmlEvent);
inboundWSSecurityContext.registerSecurityEvent(signedEndorsingEncryptedSupporting509TokenSecurityEvent);
XMLSecEvent initiatorTokenXmlEvent = XMLSecEventFactory.createXmlSecStartElement(WSSConstants.TAG_WSSE_USERNAME_TOKEN, null, null);
X509TokenSecurityEvent initiator509TokenSecurityEvent = new X509TokenSecurityEvent();
X509SecurityTokenImpl initiatorToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
initiator509TokenSecurityEvent.setSecurityToken(initiatorToken);
initiatorToken.setElementPath(bstPath);
initiatorToken.setXMLSecEvent(initiatorTokenXmlEvent);
inboundWSSecurityContext.registerSecurityEvent(initiator509TokenSecurityEvent);
initiator509TokenSecurityEvent = new X509TokenSecurityEvent();
initiator509TokenSecurityEvent.setSecurityToken(initiatorToken);
initiatorToken.addTokenUsage(WSSecurityTokenConstants.TokenUsage_Signature);
inboundWSSecurityContext.registerSecurityEvent(initiator509TokenSecurityEvent);
SignatureValueSecurityEvent signatureValueSecurityEvent = new SignatureValueSecurityEvent();
inboundWSSecurityContext.registerSecurityEvent(signatureValueSecurityEvent);
SignedElementSecurityEvent signedTimestampElementSecurityEvent = new SignedElementSecurityEvent(initiatorToken, true, protectionOrder);
signedTimestampElementSecurityEvent.setElementPath(timestampPath);
inboundWSSecurityContext.registerSecurityEvent(signedTimestampElementSecurityEvent);
SignedElementSecurityEvent signedSCElementSecurityEvent = new SignedElementSecurityEvent(initiatorToken, true, protectionOrder);
signedSCElementSecurityEvent.setElementPath(scPath);
inboundWSSecurityContext.registerSecurityEvent(signedSCElementSecurityEvent);
SignedElementSecurityEvent signedUsernameTokenElementSecurityEvent = new SignedElementSecurityEvent(initiatorToken, true, protectionOrder);
signedUsernameTokenElementSecurityEvent.setElementPath(usernameTokenPath);
signedUsernameTokenElementSecurityEvent.setXmlSecEvent(usernameTokenXmlEvent);
inboundWSSecurityContext.registerSecurityEvent(signedUsernameTokenElementSecurityEvent);
SignedElementSecurityEvent bstElementSecurityEvent = new SignedElementSecurityEvent(initiatorToken, true, protectionOrder);
bstElementSecurityEvent.setElementPath(bstPath);
bstElementSecurityEvent.setXmlSecEvent(signedEndorsingTokenXmlEvent);
inboundWSSecurityContext.registerSecurityEvent(bstElementSecurityEvent);
bstElementSecurityEvent = new SignedElementSecurityEvent(initiatorToken, true, protectionOrder);
bstElementSecurityEvent.setElementPath(bstPath);
bstElementSecurityEvent.setXmlSecEvent(signedEndorsingEncryptedTokenXmlEvent);
inboundWSSecurityContext.registerSecurityEvent(bstElementSecurityEvent);
bstElementSecurityEvent = new SignedElementSecurityEvent(initiatorToken, true, protectionOrder);
bstElementSecurityEvent.setElementPath(bstPath);
bstElementSecurityEvent.setXmlSecEvent(initiatorTokenXmlEvent);
inboundWSSecurityContext.registerSecurityEvent(bstElementSecurityEvent);
List<QName> header1Path = new LinkedList<QName>();
header1Path.addAll(WSSConstants.SOAP_11_HEADER_PATH);
header1Path.add(new QName("x", "Header1", "x"));
SignedPartSecurityEvent header1SignedPartSecurityEvent = new SignedPartSecurityEvent(initiatorToken, true, protectionOrder);
header1SignedPartSecurityEvent.setElementPath(header1Path);
inboundWSSecurityContext.registerSecurityEvent(header1SignedPartSecurityEvent);
List<QName> header2Path = new LinkedList<QName>();
header2Path.addAll(WSSConstants.SOAP_11_HEADER_PATH);
header2Path.add(new QName("x", "Header1", "x"));
SignedPartSecurityEvent header2SignedPartSecurityEvent = new SignedPartSecurityEvent(initiatorToken, true, protectionOrder);
header2SignedPartSecurityEvent.setElementPath(header2Path);
inboundWSSecurityContext.registerSecurityEvent(header2SignedPartSecurityEvent);
List<QName> bodyPath = new LinkedList<QName>();
bodyPath.addAll(WSSConstants.SOAP_11_BODY_PATH);
SignedPartSecurityEvent bodySignedPartSecurityEvent = new SignedPartSecurityEvent(initiatorToken, true, protectionOrder);
bodySignedPartSecurityEvent.setElementPath(bodyPath);
inboundWSSecurityContext.registerSecurityEvent(bodySignedPartSecurityEvent);
signedEndorsingSupporting509TokenSecurityEvent = new X509TokenSecurityEvent();
signedEndorsingSupporting509TokenSecurityEvent.setSecurityToken(signedEndorsingSupportingToken);
signedEndorsingSupportingToken.addTokenUsage(WSSecurityTokenConstants.TokenUsage_Signature);
inboundWSSecurityContext.registerSecurityEvent(signedEndorsingSupporting509TokenSecurityEvent);
SignatureValueSecurityEvent signature2ValueSecurityEvent = new SignatureValueSecurityEvent();
inboundWSSecurityContext.registerSecurityEvent(signature2ValueSecurityEvent);
SignedElementSecurityEvent signatureElementSecurityEvent = new SignedElementSecurityEvent(signedEndorsingSupportingToken, true, protectionOrder);
signatureElementSecurityEvent.setElementPath(signaturePath);
inboundWSSecurityContext.registerSecurityEvent(signatureElementSecurityEvent);
bstElementSecurityEvent = new SignedElementSecurityEvent(signedEndorsingSupportingToken, true, protectionOrder);
bstElementSecurityEvent.setElementPath(bstPath);
bstElementSecurityEvent.setXmlSecEvent(signedEndorsingTokenXmlEvent);
inboundWSSecurityContext.registerSecurityEvent(bstElementSecurityEvent);
signedEndorsingEncryptedSupporting509TokenSecurityEvent = new X509TokenSecurityEvent();
signedEndorsingEncryptedSupporting509TokenSecurityEvent.setSecurityToken(signedEndorsingEncryptedSupportingToken);
signedEndorsingEncryptedSupportingToken.addTokenUsage(WSSecurityTokenConstants.TokenUsage_Signature);
inboundWSSecurityContext.registerSecurityEvent(signedEndorsingEncryptedSupporting509TokenSecurityEvent);
signature2ValueSecurityEvent = new SignatureValueSecurityEvent();
inboundWSSecurityContext.registerSecurityEvent(signature2ValueSecurityEvent);
signatureElementSecurityEvent = new SignedElementSecurityEvent(signedEndorsingEncryptedSupportingToken, true, protectionOrder);
signatureElementSecurityEvent.setElementPath(signaturePath);
inboundWSSecurityContext.registerSecurityEvent(signatureElementSecurityEvent);
bstElementSecurityEvent = new SignedElementSecurityEvent(signedEndorsingEncryptedSupportingToken, true, protectionOrder);
bstElementSecurityEvent.setElementPath(bstPath);
bstElementSecurityEvent.setXmlSecEvent(signedEndorsingEncryptedTokenXmlEvent);
inboundWSSecurityContext.registerSecurityEvent(bstElementSecurityEvent);
EncryptedPartSecurityEvent bodyEncryptedPartSecurityEvent = new EncryptedPartSecurityEvent(recipientToken, true, protectionOrder);
bodyEncryptedPartSecurityEvent.setElementPath(bodyPath);
inboundWSSecurityContext.registerSecurityEvent(bodyEncryptedPartSecurityEvent);
EncryptedPartSecurityEvent header2EncryptedPartSecurityEvent = new EncryptedPartSecurityEvent(recipientToken, true, protectionOrder);
header2EncryptedPartSecurityEvent.setElementPath(header2Path);
inboundWSSecurityContext.registerSecurityEvent(header2EncryptedPartSecurityEvent);
OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
operationSecurityEvent.setOperation(new QName("definitions"));
inboundWSSecurityContext.registerSecurityEvent(operationSecurityEvent);
return securityEventList;
}
@Test
public void testTokenIdentificationSymmetricSecurity() throws Exception {
final List<SecurityEvent> securityEventList = generateSymmetricBindingSecurityEvents();
Assert.assertEquals(securityEventList.size(), 24);
for (int i = 0; i < securityEventList.size(); i++) {
SecurityEvent securityEvent = securityEventList.get(i);
if (securityEvent instanceof X509TokenSecurityEvent) {
X509TokenSecurityEvent tokenSecurityEvent = (X509TokenSecurityEvent) securityEvent;
Assert.assertEquals(tokenSecurityEvent.getSecurityToken().getTokenUsages().size(), 1);
Assert.assertTrue(tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TOKENUSAGE_SIGNED_ENDORSING_SUPPORTING_TOKENS));
} else if (securityEvent instanceof UsernameTokenSecurityEvent) {
UsernameTokenSecurityEvent tokenSecurityEvent = (UsernameTokenSecurityEvent) securityEvent;
Assert.assertEquals(tokenSecurityEvent.getSecurityToken().getTokenUsages().size(), 1);
Assert.assertTrue(tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TOKENUSAGE_SIGNED_ENCRYPTED_SUPPORTING_TOKENS));
} else if (securityEvent instanceof SamlTokenSecurityEvent) {
SamlTokenSecurityEvent tokenSecurityEvent = (SamlTokenSecurityEvent) securityEvent;
Assert.assertEquals(tokenSecurityEvent.getSecurityToken().getTokenUsages().size(), 2);
Assert.assertTrue(tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TOKENUSAGE_MAIN_SIGNATURE));
Assert.assertTrue(tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TOKENUSAGE_MAIN_ENCRYPTION));
}
}
}
public List<SecurityEvent> generateSymmetricBindingSecurityEvents() throws Exception {
final List<SecurityEvent> securityEventList = new LinkedList<SecurityEvent>();
SecurityEventListener securityEventListener = new SecurityEventListener() {
@Override
public void registerSecurityEvent(SecurityEvent securityEvent) throws WSSecurityException {
securityEventList.add(securityEvent);
}
};
InboundWSSecurityContextImpl inboundWSSecurityContext = new InboundWSSecurityContextImpl();
inboundWSSecurityContext.addSecurityEventListener(securityEventListener);
TimestampSecurityEvent timestampSecurityEvent = new TimestampSecurityEvent();
inboundWSSecurityContext.registerSecurityEvent(timestampSecurityEvent);
List<QName> timestampPath = new LinkedList<QName>();
timestampPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
timestampPath.add(WSSConstants.TAG_WSU_TIMESTAMP);
RequiredElementSecurityEvent timestampRequiredElementSecurityEvent = new RequiredElementSecurityEvent();
timestampRequiredElementSecurityEvent.setElementPath(timestampPath);
inboundWSSecurityContext.registerSecurityEvent(timestampRequiredElementSecurityEvent);
SignatureConfirmationSecurityEvent signatureConfirmationSecurityEvent = new SignatureConfirmationSecurityEvent();
inboundWSSecurityContext.registerSecurityEvent(signatureConfirmationSecurityEvent);
List<QName> scPath = new LinkedList<QName>();
scPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
scPath.add(WSSConstants.TAG_WSSE11_SIG_CONF);
RequiredElementSecurityEvent scRequiredElementSecurityEvent = new RequiredElementSecurityEvent();
scRequiredElementSecurityEvent.setElementPath(scPath);
inboundWSSecurityContext.registerSecurityEvent(scRequiredElementSecurityEvent);
List<QName> samlTokenPath = new LinkedList<QName>();
samlTokenPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
samlTokenPath.add(WSSConstants.TAG_SAML2_ASSERTION);
XMLSecEvent samlTokenXmlEvent = XMLSecEventFactory.createXmlSecStartElement(WSSConstants.TAG_WSSE_USERNAME_TOKEN, null, null);
SAMLCallback samlCallback = new SAMLCallback();
samlCallback.setSamlVersion(Version.SAML_20);
samlCallback.setIssuer("xs:anyURI");
SubjectBean subjectBean = new SubjectBean();
samlCallback.setSubject(subjectBean);
SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(samlCallback);
SamlSecurityTokenImpl samlSecurityToken = new SamlSecurityTokenImpl(
samlAssertionWrapper, getX509Token(WSSecurityTokenConstants.X509V3Token), null, null, WSSecurityTokenConstants.KeyIdentifier_X509KeyIdentifier,
null);
samlSecurityToken.setElementPath(samlTokenPath);
samlSecurityToken.setXMLSecEvent(samlTokenXmlEvent);
samlSecurityToken.addTokenUsage(WSSecurityTokenConstants.TokenUsage_Encryption);
SamlTokenSecurityEvent samlTokenSecurityEvent = new SamlTokenSecurityEvent();
samlTokenSecurityEvent.setSecurityToken(samlSecurityToken);
inboundWSSecurityContext.registerSecurityEvent(samlTokenSecurityEvent);
List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
List<QName> usernamePath = new LinkedList<QName>();
usernamePath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
usernamePath.add(WSSConstants.TAG_WSSE_USERNAME_TOKEN);
XMLSecEvent usernameTokenXmlEvent = XMLSecEventFactory.createXmlSecStartElement(WSSConstants.TAG_WSSE_USERNAME_TOKEN, null, null);
EncryptedElementSecurityEvent usernameEncryptedElementSecurityEvent = new EncryptedElementSecurityEvent(samlSecurityToken, true, protectionOrder);
usernameEncryptedElementSecurityEvent.setElementPath(usernamePath);
usernameEncryptedElementSecurityEvent.setXmlSecEvent(usernameTokenXmlEvent);
inboundWSSecurityContext.registerSecurityEvent(usernameEncryptedElementSecurityEvent);
List<QName> usernameTokenPath = new LinkedList<QName>();
usernameTokenPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
usernameTokenPath.add(WSSConstants.TAG_WSSE_USERNAME_TOKEN);
UsernameTokenSecurityEvent usernameTokenSecurityEvent = new UsernameTokenSecurityEvent();
UsernameSecurityTokenImpl usernameSecurityToken = new UsernameSecurityTokenImpl(
WSSConstants.UsernameTokenPasswordType.PASSWORD_TEXT,
"username", "password", new Date().toString(), null, new byte[10], 10L,
null, IDGenerator.generateID(null), WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE);
usernameSecurityToken.setElementPath(usernamePath);
usernameSecurityToken.setXMLSecEvent(usernameTokenXmlEvent);
usernameTokenSecurityEvent.setSecurityToken(usernameSecurityToken);
inboundWSSecurityContext.registerSecurityEvent(usernameTokenSecurityEvent);
List<QName> signaturePath = new LinkedList<QName>();
signaturePath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
signaturePath.add(WSSConstants.TAG_dsig_Signature);
EncryptedElementSecurityEvent signatureEncryptedElementSecurityEvent = new EncryptedElementSecurityEvent(samlSecurityToken, true, protectionOrder);
signatureEncryptedElementSecurityEvent.setElementPath(signaturePath);
inboundWSSecurityContext.registerSecurityEvent(signatureEncryptedElementSecurityEvent);
samlSecurityToken.addTokenUsage(WSSecurityTokenConstants.TokenUsage_Signature);
samlTokenSecurityEvent = new SamlTokenSecurityEvent();
samlTokenSecurityEvent.setSecurityToken(samlSecurityToken);
inboundWSSecurityContext.registerSecurityEvent(samlTokenSecurityEvent);
SignatureValueSecurityEvent signatureValueSecurityEvent = new SignatureValueSecurityEvent();
inboundWSSecurityContext.registerSecurityEvent(signatureValueSecurityEvent);
SignedElementSecurityEvent signedTimestampElementSecurityEvent = new SignedElementSecurityEvent(samlSecurityToken, true, protectionOrder);
signedTimestampElementSecurityEvent.setElementPath(timestampPath);
inboundWSSecurityContext.registerSecurityEvent(signedTimestampElementSecurityEvent);
SignedElementSecurityEvent signedSCElementSecurityEvent = new SignedElementSecurityEvent(samlSecurityToken, true, protectionOrder);
signedSCElementSecurityEvent.setElementPath(scPath);
inboundWSSecurityContext.registerSecurityEvent(signedSCElementSecurityEvent);
SignedElementSecurityEvent signedUsernameTokenElementSecurityEvent = new SignedElementSecurityEvent(samlSecurityToken, true, protectionOrder);
signedUsernameTokenElementSecurityEvent.setElementPath(usernameTokenPath);
signedUsernameTokenElementSecurityEvent.setXmlSecEvent(usernameTokenXmlEvent);
inboundWSSecurityContext.registerSecurityEvent(signedUsernameTokenElementSecurityEvent);
List<QName> bstPath = new LinkedList<QName>();
bstPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
bstPath.add(WSSConstants.TAG_WSSE_BINARY_SECURITY_TOKEN);
XMLSecEvent bstTokenXmlEvent = XMLSecEventFactory.createXmlSecStartElement(WSSConstants.TAG_WSSE_USERNAME_TOKEN, null, null);
SignedElementSecurityEvent bstElementSecurityEvent = new SignedElementSecurityEvent(samlSecurityToken, true, protectionOrder);
bstElementSecurityEvent.setElementPath(bstPath);
bstElementSecurityEvent.setXmlSecEvent(bstTokenXmlEvent);
inboundWSSecurityContext.registerSecurityEvent(bstElementSecurityEvent);
SignedElementSecurityEvent samlTokenElementSecurityEvent = new SignedElementSecurityEvent(samlSecurityToken, true, protectionOrder);
samlTokenElementSecurityEvent.setElementPath(samlTokenPath);
samlTokenElementSecurityEvent.setXmlSecEvent(samlTokenXmlEvent);
inboundWSSecurityContext.registerSecurityEvent(samlTokenElementSecurityEvent);
List<QName> header1Path = new LinkedList<QName>();
header1Path.addAll(WSSConstants.SOAP_11_HEADER_PATH);
header1Path.add(new QName("x", "Header1", "x"));
SignedPartSecurityEvent header1SignedPartSecurityEvent = new SignedPartSecurityEvent(samlSecurityToken, true, protectionOrder);
header1SignedPartSecurityEvent.setElementPath(header1Path);
inboundWSSecurityContext.registerSecurityEvent(header1SignedPartSecurityEvent);
List<QName> header2Path = new LinkedList<QName>();
header2Path.addAll(WSSConstants.SOAP_11_HEADER_PATH);
header2Path.add(new QName("x", "Header1", "x"));
SignedPartSecurityEvent header2SignedPartSecurityEvent = new SignedPartSecurityEvent(samlSecurityToken, true, protectionOrder);
header2SignedPartSecurityEvent.setElementPath(header2Path);
inboundWSSecurityContext.registerSecurityEvent(header2SignedPartSecurityEvent);
List<QName> bodyPath = new LinkedList<QName>();
bodyPath.addAll(WSSConstants.SOAP_11_BODY_PATH);
SignedPartSecurityEvent bodySignedPartSecurityEvent = new SignedPartSecurityEvent(samlSecurityToken, true, protectionOrder);
bodySignedPartSecurityEvent.setElementPath(bodyPath);
inboundWSSecurityContext.registerSecurityEvent(bodySignedPartSecurityEvent);
X509TokenSecurityEvent x509TokenSecurityEvent = new X509TokenSecurityEvent();
X509SecurityTokenImpl signedEndorsingSupportingToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
x509TokenSecurityEvent.setSecurityToken(signedEndorsingSupportingToken);
signedEndorsingSupportingToken.setElementPath(bstPath);
signedEndorsingSupportingToken.setXMLSecEvent(bstTokenXmlEvent);
signedEndorsingSupportingToken.addTokenUsage(WSSecurityTokenConstants.TokenUsage_Signature);
inboundWSSecurityContext.registerSecurityEvent(x509TokenSecurityEvent);
SignatureValueSecurityEvent signature2ValueSecurityEvent = new SignatureValueSecurityEvent();
inboundWSSecurityContext.registerSecurityEvent(signature2ValueSecurityEvent);
SignedElementSecurityEvent signatureElementSecurityEvent = new SignedElementSecurityEvent(signedEndorsingSupportingToken, true, protectionOrder);
signatureElementSecurityEvent.setElementPath(signaturePath);
inboundWSSecurityContext.registerSecurityEvent(signatureElementSecurityEvent);
bstElementSecurityEvent = new SignedElementSecurityEvent(signedEndorsingSupportingToken, true, protectionOrder);
bstElementSecurityEvent.setElementPath(bstPath);
bstElementSecurityEvent.setXmlSecEvent(bstTokenXmlEvent);
inboundWSSecurityContext.registerSecurityEvent(bstElementSecurityEvent);
EncryptedPartSecurityEvent header2EncryptedPartSecurityEvent = new EncryptedPartSecurityEvent(samlSecurityToken, true, protectionOrder);
header2EncryptedPartSecurityEvent.setElementPath(header2Path);
inboundWSSecurityContext.registerSecurityEvent(header2EncryptedPartSecurityEvent);
EncryptedPartSecurityEvent bodyEncryptedPartSecurityEvent = new EncryptedPartSecurityEvent(samlSecurityToken, true, protectionOrder);
bodyEncryptedPartSecurityEvent.setElementPath(bodyPath);
inboundWSSecurityContext.registerSecurityEvent(bodyEncryptedPartSecurityEvent);
OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
operationSecurityEvent.setOperation(new QName("definitions"));
inboundWSSecurityContext.registerSecurityEvent(operationSecurityEvent);
return securityEventList;
}
private X509SecurityTokenImpl getX509Token(WSSecurityTokenConstants.TokenType tokenType) throws Exception {
final KeyStore keyStore = KeyStore.getInstance("jks");
InputStream input = this.getClass().getClassLoader().getResourceAsStream("transmitter.jks");
keyStore.load(input, "default".toCharArray());
input.close();
X509SecurityTokenImpl x509SecurityToken =
new X509SecurityTokenImpl(tokenType, null, null, null, IDGenerator.generateID(null),
WSSecurityTokenConstants.KEYIDENTIFIER_THUMBPRINT_IDENTIFIER, null, true) {
@Override
protected String getAlias() throws WSSecurityException {
return "transmitter";
}
};
x509SecurityToken.setSecretKey("", keyStore.getKey("transmitter", "default".toCharArray()));
x509SecurityToken.setPublicKey(keyStore.getCertificate("transmitter").getPublicKey());
Certificate[] certificates;
try {
certificates = keyStore.getCertificateChain("transmitter");
} catch (Exception e) {
throw new XMLSecurityException(e);
}
X509Certificate[] x509Certificates = new X509Certificate[certificates.length];
for (int i = 0; i < certificates.length; i++) {
Certificate certificate = certificates[i];
x509Certificates[i] = (X509Certificate) certificate;
}
x509SecurityToken.setX509Certificates(x509Certificates);
return x509SecurityToken;
}
}