You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@taverna.apache.org by st...@apache.org on 2015/02/17 12:32:13 UTC
[07/50] [abbrv] incubator-taverna-engine git commit:
taverna-credential-manager*
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/6475d582/credential-manager-impl/src/main/java/net/sf/taverna/t2/security/credentialmanager/impl/DefaultMasterPasswordProvider.java
----------------------------------------------------------------------
diff --git a/credential-manager-impl/src/main/java/net/sf/taverna/t2/security/credentialmanager/impl/DefaultMasterPasswordProvider.java b/credential-manager-impl/src/main/java/net/sf/taverna/t2/security/credentialmanager/impl/DefaultMasterPasswordProvider.java
deleted file mode 100644
index 9b72188..0000000
--- a/credential-manager-impl/src/main/java/net/sf/taverna/t2/security/credentialmanager/impl/DefaultMasterPasswordProvider.java
+++ /dev/null
@@ -1,51 +0,0 @@
-package net.sf.taverna.t2.security.credentialmanager.impl;
-
-import static net.sf.taverna.t2.security.credentialmanager.CredentialManager.USER_SET_MASTER_PASSWORD_INDICATOR_FILE_NAME;
-
-import java.io.File;
-
-import net.sf.taverna.t2.security.credentialmanager.MasterPasswordProvider;
-import uk.org.taverna.configuration.app.ApplicationConfiguration;
-
-//import org.apache.log4j.Logger;
-
-public class DefaultMasterPasswordProvider implements MasterPasswordProvider {
- /**
- * Default master password for Credential Manager - used by default and
- * ignored if user sets their own
- */
- private final String DEFAULT_MASTER_PASSWORD = "taverna";
- private ApplicationConfiguration appConfig;
-
- @Override
- public int getProviderPriority() {
- // Higher priority then the UI provider so this one will be tried first
- return 101;
- }
-
- /**
- * Sets the applicationConfiguration.
- *
- * @param applicationConfiguration
- * the new value of applicationConfiguration
- */
- public void setApplicationConfiguration(
- ApplicationConfiguration applicationConfiguration) {
- appConfig = applicationConfiguration;
- }
-
- @Override
- public String getMasterPassword(boolean firstTime) {
- File cmDir = DistinguishedNameParserImpl.getTheCredentialManagerDefaultDirectory(appConfig);
- File flagFile = new File(cmDir,
- USER_SET_MASTER_PASSWORD_INDICATOR_FILE_NAME);
- if (flagFile.exists())
- return null;
- return DEFAULT_MASTER_PASSWORD;
- }
-
- @Override
- public void setMasterPassword(String password) {
- // We always ignore this; we're never changing our password
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/6475d582/credential-manager-impl/src/main/java/net/sf/taverna/t2/security/credentialmanager/impl/DistinguishedNameParserImpl.java
----------------------------------------------------------------------
diff --git a/credential-manager-impl/src/main/java/net/sf/taverna/t2/security/credentialmanager/impl/DistinguishedNameParserImpl.java b/credential-manager-impl/src/main/java/net/sf/taverna/t2/security/credentialmanager/impl/DistinguishedNameParserImpl.java
deleted file mode 100644
index b9a9f9f..0000000
--- a/credential-manager-impl/src/main/java/net/sf/taverna/t2/security/credentialmanager/impl/DistinguishedNameParserImpl.java
+++ /dev/null
@@ -1,179 +0,0 @@
-/*******************************************************************************
- * Copyright (C) 2014 The University of Manchester
- *
- * Modifications to the initial code base are copyright of their
- * respective authors, or their employers as appropriate.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
- ******************************************************************************/
-package net.sf.taverna.t2.security.credentialmanager.impl;
-
-import java.io.ByteArrayInputStream;
-import java.io.File;
-import java.math.BigInteger;
-import java.net.URI;
-import java.net.URISyntaxException;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.security.cert.Certificate;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509Certificate;
-
-import net.sf.taverna.t2.security.credentialmanager.CMException;
-import net.sf.taverna.t2.security.credentialmanager.DistinguishedNameParser;
-
-import org.apache.log4j.Logger;
-
-import uk.org.taverna.configuration.app.ApplicationConfiguration;
-
-/**
- * Utility methods for Credential Manager and security-related stuff.
- *
- * @author Alex Nenadic
- * @author Stian Soiland-Reyes
- * @author Christian Brenninkmeijer
- */
-public class DistinguishedNameParserImpl implements DistinguishedNameParser{
- private static Logger logger = Logger.getLogger(DistinguishedNameParserImpl.class);
-
- public DistinguishedNameParserImpl(){
- System.out.println("Creating DistinguishedNameParserImpl");
- System.out.println(this instanceof net.sf.taverna.t2.security.credentialmanager.DistinguishedNameParser);
- }
-
- /**
- * Get the configuration directory where the security stuff will be/is saved
- * to.
- */
- public static File getTheCredentialManagerDefaultDirectory(
- ApplicationConfiguration applicationConfiguration) {
- File home = applicationConfiguration.getApplicationHomeDir();
- File secConfigDirectory = new File(home, "security");
- if (!secConfigDirectory.exists())
- secConfigDirectory.mkdir();
- return secConfigDirectory;
- }
-
- @Override
- public final File getCredentialManagerDefaultDirectory(
- ApplicationConfiguration applicationConfiguration) {
- return getTheCredentialManagerDefaultDirectory(applicationConfiguration);
- }
-
- static URI resolveUriFragment(URI uri, String realm)
- throws URISyntaxException {
- /*
- * Little hack to encode the fragment correctly - why does not
- * java.net.URI expose this quoting or have setFragment()?
- */
- URI fragment = new URI("http", "localhost", "/", realm);
- fragment = fragment.resolve(fragment.getPath()).relativize(fragment);
- return uri.resolve(fragment);
- }
-
- @Override
- public final URI setFragmentForURI(URI uri, String fragment)
- throws URISyntaxException {
- return new URI(uri.getScheme(), uri.getUserInfo(), uri.getHost(),
- uri.getPort(), uri.getPath(), uri.getQuery(), fragment);
- }
-
- @Override
- public final URI setUserInfoForURI(URI uri, String userinfo)
- throws URISyntaxException {
- return new URI(uri.getScheme(), userinfo, uri.getHost(), uri.getPort(),
- uri.getPath(), uri.getQuery(), uri.getFragment());
- }
-
- @Override
- public final X509Certificate convertCertificate(Certificate cert)
- throws CMException {
- try {
- // Get the factory for X509 certificates
- CertificateFactory cf = CertificateFactory.getInstance("X.509");
- // Get the encoded (binary) form of the certificate.
- // For an X509 certificate the encoding will be DER.
- ByteArrayInputStream bais = new ByteArrayInputStream(
- cert.getEncoded());
- // Create the X509 certificate object from the stream
- return (X509Certificate) cf.generateCertificate(bais);
- } catch (CertificateException ex) {
- throw new CMException(
- "Failed to convert the certificate object into X.509 certificate.",
- ex);
- }
- }
-
- /**
- * Get the message digest of the given byte array as a string of hexadecimal
- * characters in the form XX:XX:XX... using the given digest algorithm.
- */
- public String getMessageDigestAsFormattedString(byte[] messageBytes,
- String digestAlgorithm) {
-
- MessageDigest messageDigest;
- byte[] digestBytes;
- try {
- messageDigest = MessageDigest.getInstance(digestAlgorithm);
- digestBytes = messageDigest.digest(messageBytes);
- } catch (NoSuchAlgorithmException ex) {
- logger.error("Failed to create message digest.", ex);
- return "";
- }
-
- // Create the integer value from the digest bytes
- BigInteger number = new BigInteger(1, digestBytes);
- // Convert the integer from decimal to hexadecimal representation
- String hexValueString = number.toString(16).toUpperCase();
-
- StringBuffer strBuff = new StringBuffer(hexValueString);
- // If the hex number contains odd number of characters -
- // insert a padding "0" at the front of the string
- if ((strBuff.length() % 2) != 0)
- strBuff.insert(0, '0');
-
- // Insert colons after every two hex characters - start form the end of
- // the hex string
- if (strBuff.length() > 2)
- for (int i = 2; i < strBuff.length(); i += 3)
- strBuff.insert(i, ':');
-
- return strBuff.toString();
- }
-
-
- private String emailAddress; // not from RFC 2253, yet some certificates
- // contain this field
-
- private String CN;
- private String L;
- private String ST;
- private String C;
- private String O;
- private String OU;
-
- /**
- * Parses a DN string and fills in fields with DN parts. Heavily based on
- * uk.ac.omii.security.utils.DNParser class from omii-security-utils
- * library.
- *
- * http://maven.omii.ac.uk/maven2/repository/omii/omii-security-utils/
- */
- public ParsedDistinguishedNameImpl parseDN(String DNstr) {
- return new ParsedDistinguishedNameImpl(DNstr);
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/6475d582/credential-manager-impl/src/main/java/net/sf/taverna/t2/security/credentialmanager/impl/ParsedDistinguishedNameImpl.java
----------------------------------------------------------------------
diff --git a/credential-manager-impl/src/main/java/net/sf/taverna/t2/security/credentialmanager/impl/ParsedDistinguishedNameImpl.java b/credential-manager-impl/src/main/java/net/sf/taverna/t2/security/credentialmanager/impl/ParsedDistinguishedNameImpl.java
deleted file mode 100644
index c049d49..0000000
--- a/credential-manager-impl/src/main/java/net/sf/taverna/t2/security/credentialmanager/impl/ParsedDistinguishedNameImpl.java
+++ /dev/null
@@ -1,265 +0,0 @@
-/*******************************************************************************
- * Copyright (C) 2014 The University of Manchester
- *
- * Modifications to the initial code base are copyright of their
- * respective authors, or their employers as appropriate.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
- ******************************************************************************/
-package net.sf.taverna.t2.security.credentialmanager.impl;
-
-import java.net.URI;
-import java.util.ArrayList;
-import net.sf.taverna.t2.security.credentialmanager.ParsedDistinguishedName;
-import org.apache.log4j.Logger;
-
-/**
- * Parses a Distinguished Name and stores the parts for retreival.
- *
- * @author Alex Nenadic
- * @author Stian Soiland-Reyes
- * @author Christian Brenninkmeijer
- */
-public class ParsedDistinguishedNameImpl implements ParsedDistinguishedName{
- private static final Logger logger = Logger.getLogger(ParsedDistinguishedNameImpl.class);
-
- private String emailAddress; // not from RFC 2253, yet some certificates
- // contain this field
- private String CN;
- private String L;
- private String ST;
- private String C;
- private String O;
- private String OU;
-
- // /**
- // * Gets the intended certificate uses, i.e. Netscape Certificate Type
- // * extension (2.16.840.1.113730.1.1) as a string.
- // */
- // // From openssl's documentation: "The [above] extension is non standard,
- // Netscape
- // // specific and largely obsolete. Their use in new applications is
- // discouraged."
- // // TODO replace with "basicConstraints, keyUsage and extended key usage
- // extensions
- // // which are now used instead."
- // public static String getIntendedCertificateUses(byte[] value) {
- //
- // // Netscape Certificate Types (2.16.840.1.113730.1.1) denoting the
- // // intended uses of a certificate
- // int[] INTENDED_USES = new int[] { NetscapeCertType.sslClient,
- // NetscapeCertType.sslServer, NetscapeCertType.smime,
- // NetscapeCertType.objectSigning, NetscapeCertType.reserved,
- // NetscapeCertType.sslCA, NetscapeCertType.smimeCA,
- // NetscapeCertType.objectSigningCA, };
- //
- // // Netscape Certificate Type strings (2.16.840.1.113730.1.1)
- // HashMap<String, String> INTENDED_USES_STRINGS = new HashMap<String,
- // String>();
- // INTENDED_USES_STRINGS.put("128", "SSL Client");
- // INTENDED_USES_STRINGS.put("64", "SSL Server");
- // INTENDED_USES_STRINGS.put("32", "S/MIME");
- // INTENDED_USES_STRINGS.put("16", "Object Signing");
- // INTENDED_USES_STRINGS.put("8", "Reserved");
- // INTENDED_USES_STRINGS.put("4", "SSL CA");
- // INTENDED_USES_STRINGS.put("2", "S/MIME CA");
- // INTENDED_USES_STRINGS.put("1", "Object Signing CA");
- //
- // // Get DER octet string from extension value
- // ASN1OctetString derOctetString = new DEROctetString(value);
- // byte[] octets = derOctetString.getOctets();
- // // Get DER bit string
- // DERBitString derBitString = new DERBitString(octets);
- // int val = new NetscapeCertType(derBitString).intValue();
- // StringBuffer strBuff = new StringBuffer();
- // for (int i = 0, len = INTENDED_USES.length; i < len; i++) {
- // int use = INTENDED_USES[i];
- // if ((val & use) == use) {
- // strBuff.append(INTENDED_USES_STRINGS.get(String.valueOf(use))
- // + ", \n");
- // }
- // }
- // // remove the last ", \n" from the end of the buffer
- // String str = strBuff.toString();
- // str = str.substring(0, str.length() - 3);
- // return str;
- // }
-
- // FROM RFC 2253:
- // CN commonName
- // L localityName
- // ST stateOrProvinceName
- // O organizationName
- // OU organizationalUnitName
- // C countryName
- // STREET streetAddress
- // DC domainComponent
- // UID userid
-
- /**
- * Parses a DN string and fills in fields with DN parts. Heavily based on
- * uk.ac.omii.security.utils.DNParser class from omii-security-utils
- * library.
- *
- * http://maven.omii.ac.uk/maven2/repository/omii/omii-security-utils/
- */
- public ParsedDistinguishedNameImpl(String DNstr) {
- // ///////////////////////////////////////////////////////////////////////////////////////////////////
- // Parse the DN String and put into variables. First, tokenise using a
- // "," character as a delimiter
- // UNLESS escaped with a "\" character. Put the tokens into an
- // ArrayList. These should be name value pairs
- // separated by "=". Tokenise these using a StringTokenizer class, test
- // for the name, and if one of the
- // recognised names, copy into the correct variable. The reason
- // StringTokenizer is not used for the major
- // token list is that the StringTokenizer class does not handle escaped
- // delimiters so an escaped delimiter
- // in the code would be treated as a valid one.
-
- int i = 0;
-
- char majorListDelimiter = ',';
- char majorListEscapeChar = '\\';
-
- // String minorListDelimiter = "=";
-
- String DNchars = DNstr;
-
- int startIndex = 0;
- int endIndex = 0;
- boolean ignoreThisChar = false;
-
- boolean inQuotes = false;
-
- ArrayList<String> majorTokenList = new ArrayList<String>();
-
- for (i = 0; i < DNchars.length(); i++) {
- if (ignoreThisChar == true) {
- ignoreThisChar = false;
- } else if ((inQuotes == false) && (DNchars.charAt(i) == '\"')) {
- inQuotes = true;
- } else if ((inQuotes == true) && (DNchars.charAt(i) == '\"')) {
- inQuotes = false;
- } else if (inQuotes == true) {
- continue;
- } else if (DNchars.charAt(i) == majorListEscapeChar) {
- ignoreThisChar = true;
- } else if ((DNchars.charAt(i) == majorListDelimiter)
- && (ignoreThisChar == false)) {
- endIndex = i;
- majorTokenList.add(DNchars.substring(startIndex, endIndex));
- startIndex = i + 1;
- }
- }
-
- // Add last token - after the last delimiter
- endIndex = DNchars.length();
- majorTokenList.add(DNchars.substring(startIndex, endIndex));
-
- for (String currentToken : majorTokenList) {
- currentToken = currentToken.trim();
-
- // split on first equals only, as value can contain an equals char
- String[] minorTokenList = currentToken.split("=", 2);
-
- if (minorTokenList.length == 2) {
- // there had better be a key and a value only
- String DNTokenName = minorTokenList[0].toUpperCase();
- String DNTokenValue = minorTokenList[1];
-
- if (DNTokenName.equals("CN")
- || DNTokenName.equals("COMMONNAME")) {
- CN = DNTokenValue;
- } else if (DNTokenName.equals("EMAIL")
- || DNTokenName.equals("EMAILADDRESS")) {
- emailAddress = DNTokenValue;
- } else if (DNTokenName.equals("OU")
- || DNTokenName.equals("ORGANIZATIONALUNITNAME")) {
- OU = DNTokenValue;
- } else if (DNTokenName.equals("O")
- || DNTokenName.equals("ORGANIZATIONNAME")) {
- O = DNTokenValue;
- } else if (DNTokenName.equals("L")
- || DNTokenName.equals("LOCALITYNAME")) {
- L = DNTokenValue;
- } else if (DNTokenName.equals("ST")
- || DNTokenName.equals("STATEORPROVINCENAME")) {
- ST = DNTokenValue;
- } else if (DNTokenName.equals("C")
- || DNTokenName.equals("COUNTRYNAME")) {
- C = DNTokenValue;
- }
- }
- // else we have a key with no value, so skip processing the key
- }
-
- if (CN == null)
- CN = "none";
-
- if (emailAddress == null)
- emailAddress = "none";
-
- if (OU == null)
- OU = "none";
-
- if (O == null)
- O = "none";
-
- if (L == null)
- L = "none";
-
- if (ST == null)
- ST = "none";
-
- if (C == null)
- C = "none";
- }
-
- @Override
- public String getCN() {
- return CN;
- }
-
- @Override
- public String getEmailAddress() {
- return emailAddress;
- }
-
- @Override
- public String getOU() {
- return OU;
- }
-
- @Override
- public String getO() {
- return O;
- }
-
- @Override
- public String getL() {
- return L;
- }
-
- @Override
- public String getST() {
- return ST;
- }
-
- @Override
- public String getC() {
- return C;
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/6475d582/credential-manager-impl/src/main/resources/META-INF/spring/credential-manager-impl-context-osgi.xml
----------------------------------------------------------------------
diff --git a/credential-manager-impl/src/main/resources/META-INF/spring/credential-manager-impl-context-osgi.xml b/credential-manager-impl/src/main/resources/META-INF/spring/credential-manager-impl-context-osgi.xml
deleted file mode 100644
index 3c59bf6..0000000
--- a/credential-manager-impl/src/main/resources/META-INF/spring/credential-manager-impl-context-osgi.xml
+++ /dev/null
@@ -1,31 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans:beans xmlns="http://www.springframework.org/schema/osgi"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:beans="http://www.springframework.org/schema/beans"
- xsi:schemaLocation="http://www.springframework.org/schema/beans
- http://www.springframework.org/schema/beans/spring-beans.xsd
- http://www.springframework.org/schema/osgi
- http://www.springframework.org/schema/osgi/spring-osgi.xsd">
-
- <service ref="credentialManager"
- interface="net.sf.taverna.t2.security.credentialmanager.CredentialManager" />
- <service ref="defaultMasterPassword"
- interface="net.sf.taverna.t2.security.credentialmanager.MasterPasswordProvider" />
- <service ref="distinguishedNameParser"
- interface="net.sf.taverna.t2.security.credentialmanager.DistinguishedNameParser" />
-
- <reference id="applicationConfiguration"
- interface="uk.org.taverna.configuration.app.ApplicationConfiguration" />
-
- <list id="masterPasswordProviders"
- interface="net.sf.taverna.t2.security.credentialmanager.MasterPasswordProvider"
- cardinality="0..N" comparator-ref="MasterPasswordProviderComparator" />
- <list id="javaTruststorePasswordProviders"
- interface="net.sf.taverna.t2.security.credentialmanager.JavaTruststorePasswordProvider"
- cardinality="0..N" />
- <list id="serviceUsernameAndPasswordProviders"
- interface="net.sf.taverna.t2.security.credentialmanager.ServiceUsernameAndPasswordProvider"
- cardinality="0..N" />
- <list id="trustConfirmationProviders"
- interface="net.sf.taverna.t2.security.credentialmanager.TrustConfirmationProvider"
- cardinality="0..N" />
-</beans:beans>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/6475d582/credential-manager-impl/src/main/resources/META-INF/spring/credential-manager-impl-context.xml
----------------------------------------------------------------------
diff --git a/credential-manager-impl/src/main/resources/META-INF/spring/credential-manager-impl-context.xml b/credential-manager-impl/src/main/resources/META-INF/spring/credential-manager-impl-context.xml
deleted file mode 100644
index d1531e1..0000000
--- a/credential-manager-impl/src/main/resources/META-INF/spring/credential-manager-impl-context.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://www.springframework.org/schema/beans
- http://www.springframework.org/schema/beans/spring-beans.xsd">
-
- <bean id="credentialManager" init-method="installAuthenticator"
- class="net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl">
- <property name="masterPasswordProviders" ref="masterPasswordProviders" />
- <property name="javaTruststorePasswordProviders" ref="javaTruststorePasswordProviders" />
- <property name="serviceUsernameAndPasswordProviders" ref="serviceUsernameAndPasswordProviders" />
- <property name="trustConfirmationProviders" ref="trustConfirmationProviders" />
- <property name="applicationConfiguration" ref="applicationConfiguration" />
- </bean>
-
- <bean id="MasterPasswordProviderComparator"
- class="net.sf.taverna.t2.security.credentialmanager.MasterPasswordProvider$ProviderComparator" />
-
- <bean id="distinguishedNameParser"
- class="net.sf.taverna.t2.security.credentialmanager.impl.DistinguishedNameParserImpl" />
- <bean id="defaultMasterPassword"
- class="net.sf.taverna.t2.security.credentialmanager.impl.DefaultMasterPasswordProvider">
- <property name="applicationConfiguration" ref="applicationConfiguration" />
- </bean>
-</beans>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/6475d582/credential-manager-impl/src/main/resources/trusted-certificates/AddTrustExternalCARoot.crt
----------------------------------------------------------------------
diff --git a/credential-manager-impl/src/main/resources/trusted-certificates/AddTrustExternalCARoot.crt b/credential-manager-impl/src/main/resources/trusted-certificates/AddTrustExternalCARoot.crt
deleted file mode 100644
index 20585f1..0000000
--- a/credential-manager-impl/src/main/resources/trusted-certificates/AddTrustExternalCARoot.crt
+++ /dev/null
@@ -1,25 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU
-MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs
-IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290
-MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux
-FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h
-bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v
-dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt
-H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9
-uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX
-mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX
-a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN
-E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0
-WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD
-VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0
-Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU
-cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx
-IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN
-AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH
-YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5
-6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC
-Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX
-c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a
-mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ=
------END CERTIFICATE-----
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/6475d582/credential-manager-impl/src/main/resources/trusted-certificates/TERENASSLCA.crt
----------------------------------------------------------------------
diff --git a/credential-manager-impl/src/main/resources/trusted-certificates/TERENASSLCA.crt b/credential-manager-impl/src/main/resources/trusted-certificates/TERENASSLCA.crt
deleted file mode 100644
index 1e70af9..0000000
--- a/credential-manager-impl/src/main/resources/trusted-certificates/TERENASSLCA.crt
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEmDCCA4CgAwIBAgIQS8gUAy8H+mqk8Nop32F5ujANBgkqhkiG9w0BAQUFADCB
-lzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug
-Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho
-dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xHzAdBgNVBAMTFlVUTi1VU0VSRmlyc3Qt
-SGFyZHdhcmUwHhcNMDkwNTE4MDAwMDAwWhcNMjAwNTMwMTA0ODM4WjA2MQswCQYD
-VQQGEwJOTDEPMA0GA1UEChMGVEVSRU5BMRYwFAYDVQQDEw1URVJFTkEgU1NMIENB
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw+NIxC9cwcupmf0booNd
-ij2tOtDipEMfTQ7+NSUwpWkbxOjlwY9UfuFqoppcXN49/ALOlrhfj4NbzGBAkPjk
-tjolnF8UUeyx56+eUKExVccCvaxSin81joL6hK0V/qJ/gxA6VVOULAEWdJRUYyij
-8lspPZSIgCDiFFkhGbSkmOFg5vLrooCDQ+CtaPN5GYtoQ1E/iptBhQw1jF218bbl
-p8ODtWsjb9Sl61DllPFKX+4nSxQSFSRMDc9ijbcAIa06Mg9YC18em9HfnY6pGTVQ
-L0GprTvG4EWyUzl/Ib8iGodcNK5Sbwd9ogtOnyt5pn0T3fV/g3wvWl13eHiRoBS/
-fQIDAQABo4IBPjCCATowHwYDVR0jBBgwFoAUoXJfJhsomEOVXQc31YWWnUvSw0Uw
-HQYDVR0OBBYEFAy9k2gM896ro0lrKzdXR+qQ47ntMA4GA1UdDwEB/wQEAwIBBjAS
-BgNVHRMBAf8ECDAGAQH/AgEAMBgGA1UdIAQRMA8wDQYLKwYBBAGyMQECAh0wRAYD
-VR0fBD0wOzA5oDegNYYzaHR0cDovL2NybC51c2VydHJ1c3QuY29tL1VUTi1VU0VS
-Rmlyc3QtSGFyZHdhcmUuY3JsMHQGCCsGAQUFBwEBBGgwZjA9BggrBgEFBQcwAoYx
-aHR0cDovL2NydC51c2VydHJ1c3QuY29tL1VUTkFkZFRydXN0U2VydmVyX0NBLmNy
-dDAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG
-9w0BAQUFAAOCAQEATiPuSJz2hYtxxApuc5NywDqOgIrZs8qy1AGcKM/yXA4hRJML
-thoh45gBlA5nSYEevj0NTmDa76AxTpXv8916WoIgQ7ahY0OzUGlDYktWYrA0irkT
-Q1mT7BR5iPNIk+idyfqHcgxrVqDDFY1opYcfcS3mWm08aXFABFXcoEOUIEU4eNe9
-itg5xt8Jt1qaqQO4KBB4zb8BG1oRPjj02Bs0ec8z0gH9rJjNbUcRkEy7uVvYcOfV
-r7bMxIbmdcCeKbYrDyqlaQIN4+mitF3A884saoU4dmHGSYKrUbOCprlBmCiY+2v+
-ihb/MX5UR6g83EMmqZsFt57ANEORMNQywxFa4Q==
------END CERTIFICATE-----
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/6475d582/credential-manager-impl/src/main/resources/trusted-certificates/UTNAddTrustServer_CA.crt
----------------------------------------------------------------------
diff --git a/credential-manager-impl/src/main/resources/trusted-certificates/UTNAddTrustServer_CA.crt b/credential-manager-impl/src/main/resources/trusted-certificates/UTNAddTrustServer_CA.crt
deleted file mode 100644
index 3642581..0000000
--- a/credential-manager-impl/src/main/resources/trusted-certificates/UTNAddTrustServer_CA.crt
+++ /dev/null
@@ -1,25 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEPDCCAySgAwIBAgIQSEus8arH1xND0aJ0NUmXJTANBgkqhkiG9w0BAQUFADBv
-MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk
-ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF
-eHRlcm5hbCBDQSBSb290MB4XDTA1MDYwNzA4MDkxMFoXDTIwMDUzMDEwNDgzOFow
-gZcxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJVVDEXMBUGA1UEBxMOU2FsdCBMYWtl
-IENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEhMB8GA1UECxMY
-aHR0cDovL3d3dy51c2VydHJ1c3QuY29tMR8wHQYDVQQDExZVVE4tVVNFUkZpcnN0
-LUhhcmR3YXJlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsffDOD+0
-qH/POYJRZ9Btn9L/WPPnnyvsDYlUmbk4mRb34CF5SMK7YXQSlh08anLVPBBnOjnt
-KxPNZuuVCTOkbJex6MbswXV5nEZejavQav25KlUXEFSzGfCa9vGxXbanbfvgcRdr
-ooj7AN/+GjF3DJoBerEy4ysBBzhuw6VeI7xFm3tQwckwj9vlK3rTW/szQB6g1ZgX
-vIuHw4nTXaCOsqqq9o5piAbF+okh8widaS4JM5spDUYPjMxJNLBpUb35Bs1orWZM
-vD6sYb0KiA7I3z3ufARMnQpea5HW7sftKI2rTYeJc9BupNAeFosU4XZEA39jrOTN
-SZzFkvSrMqFIWwIDAQABo4GqMIGnMB8GA1UdIwQYMBaAFK29mHo0tCb3+sQmVO8D
-veAky1QaMB0GA1UdDgQWBBShcl8mGyiYQ5VdBzfVhZadS9LDRTAOBgNVHQ8BAf8E
-BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zBEBgNVHR8EPTA7MDmgN6A1hjNodHRwOi8v
-Y3JsLnVzZXJ0cnVzdC5jb20vQWRkVHJ1c3RFeHRlcm5hbENBUm9vdC5jcmwwDQYJ
-KoZIhvcNAQEFBQADggEBADzse+Cuow6WbTDXhcbSaFtFWoKmNA+wyZIjXhFtCBGy
-dAkjOjUlc1heyrl8KPpH7PmgA1hQtlPvjNs55Gfp2MooRtSn4PU4dfjny1y/HRE8
-akCbLURW0/f/BSgyDBXIZEWT6CEkjy3aeoR7T8/NsiV8dxDTlNEEkaglHAkiD31E
-NREU768A/l7qX46w2ZJZuvwTlqAYAVbO2vYoC7Gv3VxPXLLzj1pxz+0YrWOIHY6V
-9+qV5x+tkLiECEeFfyIvGh1IMNZMCNg3GWcyK+tc0LL8blefBDVekAB+EcfeEyrN
-pG1FJseIVqDwavfY5/wnfmcI0L36tsNhAgFlubgvz1o=
------END CERTIFICATE-----
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/6475d582/credential-manager-impl/src/main/resources/trusted-certificates/heater.cs.man.ac.uk-not-needed.pem
----------------------------------------------------------------------
diff --git a/credential-manager-impl/src/main/resources/trusted-certificates/heater.cs.man.ac.uk-not-needed.pem b/credential-manager-impl/src/main/resources/trusted-certificates/heater.cs.man.ac.uk-not-needed.pem
deleted file mode 100644
index e7e861f..0000000
--- a/credential-manager-impl/src/main/resources/trusted-certificates/heater.cs.man.ac.uk-not-needed.pem
+++ /dev/null
@@ -1,26 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEczCCA1ugAwIBAgIQPNDfg7NaMsjkGjowei7/JjANBgkqhkiG9w0BAQUFADA2
-MQswCQYDVQQGEwJOTDEPMA0GA1UEChMGVEVSRU5BMRYwFAYDVQQDEw1URVJFTkEg
-U1NMIENBMB4XDTEzMDUyMjAwMDAwMFoXDTE2MDUyMTIzNTk1OVowQTEhMB8GA1UE
-CxMYRG9tYWluIENvbnRyb2wgVmFsaWRhdGVkMRwwGgYDVQQDExNoZWF0ZXIuY3Mu
-bWFuLmFjLnVrMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2egVdh/d
-PbrglnEp/BATt2UWk48tplWdt0aFcpvatItJZ4+CY0Rfd0TCIRKDp+PppbE1/PcE
-pe77Zngiu1YYnOpAIoS3Mfgc/yxssEHJj/tAjY1d4/NFa8jwY/MIoSPZrNGtTEpf
-IMn7OUNsEh1YyWYdDmvNaxQFdLVjO/QhFqtQedUJEg7YaD1/OacmQoWAZvOPkXeQ
-lUHpieiFjGeJYI/RCqWE1tjU6E/4WtczOsXXA50kFJ/XykQVwto3e8ckKju6HI0g
-FL1R/7wrhfSJ5rkiwmlPWZd5Keik/va/8JJKlWG3OzYaLb5qPTqgaKTTKbWvU/nX
-cPeKaIZ0Sa7AYwIDAQABo4IBcDCCAWwwHwYDVR0jBBgwFoAUDL2TaAzz3qujSWsr
-N1dH6pDjue0wHQYDVR0OBBYEFEKp10paTphB4PCL5kK5C/aVod4+MA4GA1UdDwEB
-/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
-BQcDAjAiBgNVHSAEGzAZMA0GCysGAQQBsjEBAgIdMAgGBmeBDAECATA6BgNVHR8E
-MzAxMC+gLaArhilodHRwOi8vY3JsLnRjcy50ZXJlbmEub3JnL1RFUkVOQVNTTENB
-LmNybDBtBggrBgEFBQcBAQRhMF8wNQYIKwYBBQUHMAKGKWh0dHA6Ly9jcnQudGNz
-LnRlcmVuYS5vcmcvVEVSRU5BU1NMQ0EuY3J0MCYGCCsGAQUFBzABhhpodHRwOi8v
-b2NzcC50Y3MudGVyZW5hLm9yZzAeBgNVHREEFzAVghNoZWF0ZXIuY3MubWFuLmFj
-LnVrMA0GCSqGSIb3DQEBBQUAA4IBAQCIO7fl98dU24AfcCGyZDPA2zHi0coqAZbA
-SZ31z5IPezLXpPkpN/msiYuUkIx5DjWjzv9w/sAQ952YUGz0z7AFDamMcyETlMb+
-trWedNHk0FghwoQTNW+WXxBa9My8K3IeO1FOt58lKVay9aqVZjiumt+P3LKocXfP
-0cNAPNHR57j9MO+D0fWOCMfbfYk3jEuz1k6vMZomZi35tb61QQ/mYbva7EodBxRt
-HrzOsWPG1jgt32zRibnCc1C6cBry5BkWQ1/9dpJ2LHM6JVVknoRGYng+L91OLfj8
-8PB6BTrehrqH5fe5kcgW02XlezIkaKpzEYc4Jpdf817A1rOSVuBv
------END CERTIFICATE-----
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/6475d582/credential-manager-impl/src/main/resources/trusted-certificates/www.biocatalogue.org-revoked.pem
----------------------------------------------------------------------
diff --git a/credential-manager-impl/src/main/resources/trusted-certificates/www.biocatalogue.org-revoked.pem b/credential-manager-impl/src/main/resources/trusted-certificates/www.biocatalogue.org-revoked.pem
deleted file mode 100644
index f687fb1..0000000
--- a/credential-manager-impl/src/main/resources/trusted-certificates/www.biocatalogue.org-revoked.pem
+++ /dev/null
@@ -1,26 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEdTCCA12gAwIBAgIQWKdgSd6Zw0PQcE4pbzsWZDANBgkqhkiG9w0BAQUFADA2
-MQswCQYDVQQGEwJOTDEPMA0GA1UEChMGVEVSRU5BMRYwFAYDVQQDEw1URVJFTkEg
-U1NMIENBMB4XDTEzMDgwNTAwMDAwMFoXDTE2MDgwNDIzNTk1OVowQjEhMB8GA1UE
-CxMYRG9tYWluIENvbnRyb2wgVmFsaWRhdGVkMR0wGwYDVQQDExR3d3cuYmlvY2F0
-YWxvZ3VlLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL++4x8O
-F1YaggcA9OMinMRMkzDHyMnDTDD6piy23nX1F7EetzvhZOWeuotrZRrRm9XnzJ+v
-JOcFXa8ibTZRKF9wdwxRqkH9RVtskYQWFO0oTIdFagRpceHJM2cfI+YLwxaNkekP
-zFhsT/m0Zql6WSD9sTzB/FApcaBkR+gQXP+bQyutxr8cvrwnpgJWYPjUr1jHIXbq
-ZxTwYE1ezeHM9zroO831C8r1PX/goWND6+cNccalsancXraMDwASphhu7LYniSCZ
-zRKwhssl7Xg8ytjkACC8nS4jeyUNmhKa8iPDJthkgGfhT9T+XzUj/NkGNm98IXtn
-m5puPjTaKAe7H90CAwEAAaOCAXEwggFtMB8GA1UdIwQYMBaAFAy9k2gM896ro0lr
-KzdXR+qQ47ntMB0GA1UdDgQWBBQkiYQZefzKYVzbL1td0qbF6uabRzAOBgNVHQ8B
-Af8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB
-BQUHAwIwIgYDVR0gBBswGTANBgsrBgEEAbIxAQICHTAIBgZngQwBAgEwOgYDVR0f
-BDMwMTAvoC2gK4YpaHR0cDovL2NybC50Y3MudGVyZW5hLm9yZy9URVJFTkFTU0xD
-QS5jcmwwbQYIKwYBBQUHAQEEYTBfMDUGCCsGAQUFBzAChilodHRwOi8vY3J0LnRj
-cy50ZXJlbmEub3JnL1RFUkVOQVNTTENBLmNydDAmBggrBgEFBQcwAYYaaHR0cDov
-L29jc3AudGNzLnRlcmVuYS5vcmcwHwYDVR0RBBgwFoIUd3d3LmJpb2NhdGFsb2d1
-ZS5vcmcwDQYJKoZIhvcNAQEFBQADggEBAA1ix/IzQ0mESvfXXX+Dwzx5fXzJ/Rnr
-q93pSBZnroPzpcV84PTE2O7jVi0QHPUsSTtQKp3NHk1zV8xEWR+DNYBVEecNuzcg
-NOXCXF3arXSR7eY1LNwrIaAzbrdxExKlwhPAhhQZ2hxcRX8wvsPT/+sZhlG8wEjj
-y7lg8YtdNjBrRIwYlAQBb1+ilFc7Pge+54B2aMDnv7boRt/XTYdL8XYjcOC2JlE6
-ETnNPD1bNk5Rg+nZwpzAqY+yKKdgk8jsWGr8/eJ88LtpzjZUILH7owU3EHQSQyTq
-T7gcAL+eBwRVfUXKatoB/1uTrQvJz8YHRMDULyIPGGh8rlhJtdAGLk8=
------END CERTIFICATE-----
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/6475d582/credential-manager-impl/src/main/resources/trusted-certificates/www.biodiversitycatalogue.org-revoked.pem
----------------------------------------------------------------------
diff --git a/credential-manager-impl/src/main/resources/trusted-certificates/www.biodiversitycatalogue.org-revoked.pem b/credential-manager-impl/src/main/resources/trusted-certificates/www.biodiversitycatalogue.org-revoked.pem
deleted file mode 100644
index 05b3926..0000000
--- a/credential-manager-impl/src/main/resources/trusted-certificates/www.biodiversitycatalogue.org-revoked.pem
+++ /dev/null
@@ -1,29 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIE4zCCA8ugAwIBAgIPSNz7e2uWg8LSOeQaskiFMA0GCSqGSIb3DQEBBQUAMDYx
-CzAJBgNVBAYTAk5MMQ8wDQYDVQQKEwZURVJFTkExFjAUBgNVBAMTDVRFUkVOQSBT
-U0wgQ0EwHhcNMTIxMTIyMDAwMDAwWhcNMTUxMTIyMjM1OTU5WjCBpzELMAkGA1UE
-BhMCR0IxDjAMBgNVBAgTBVdhbGVzMRAwDgYDVQQHEwdDYXJkaWZmMRswGQYDVQQK
-ExJDYXJkaWZmIFVuaXZlcnNpdHkxMTAvBgNVBAsTKEJpb1ZlTCBCaW9kaXZlcnNp
-dHkgVmlydHVhbCBlLUxhYm9yYXRvcnkxJjAkBgNVBAMTHXd3dy5iaW9kaXZlcnNp
-dHljYXRhbG9ndWUub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
-rPabZIqwVD+WqCt6WgJJuh40TLU50tiGipECf+4JwU45pz1VAI+HS8V9RcnlUhWs
-WCjCtl2XeBv7kxlMxGUZAZ3uCZGhqUuzC1g/G2nwsrsLv+Xo09setIXUinFFJB8G
-oSRhflZ8YfGPg26Q5Efmd+ecATSIyXMH7w9/IfJ/gHLsBrJjyXz4pTmjQ242jDEz
-Uf6u1kdDp/0moAcVXgCv4Ev1N8eDmvDYzQcD/fdjOD62xi1IEixKgiaMzvBM14gj
-ZuyCPLpc4naD+gfwz2ecZ4moWmUTOouaA5w54Z1d/6b08xJsysoE6B5YKAP2z27i
-iqA5YHySvhJ7AJ90dbg1mwIDAQABo4IBejCCAXYwHwYDVR0jBBgwFoAUDL2TaAzz
-3qujSWsrN1dH6pDjue0wHQYDVR0OBBYEFBsGmwvAkT9J7ehe+2x5cZ6zh/dPMA4G
-A1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMB
-BggrBgEFBQcDAjAiBgNVHSAEGzAZMA0GCysGAQQBsjEBAgIdMAgGBmeBDAECAjA6
-BgNVHR8EMzAxMC+gLaArhilodHRwOi8vY3JsLnRjcy50ZXJlbmEub3JnL1RFUkVO
-QVNTTENBLmNybDBtBggrBgEFBQcBAQRhMF8wNQYIKwYBBQUHMAKGKWh0dHA6Ly9j
-cnQudGNzLnRlcmVuYS5vcmcvVEVSRU5BU1NMQ0EuY3J0MCYGCCsGAQUFBzABhhpo
-dHRwOi8vb2NzcC50Y3MudGVyZW5hLm9yZzAoBgNVHREEITAfgh13d3cuYmlvZGl2
-ZXJzaXR5Y2F0YWxvZ3VlLm9yZzANBgkqhkiG9w0BAQUFAAOCAQEAw86F5CulT1aY
-c3UrW2ndPNMwAkMHJApvJHBqYFCDZTjatZZOaMBG8Ka3IznIpskH9L5XSh+Af+px
-NYhtMxRpeLXjjisYyJIwomI4mtF4+35mv5zPAW6cgf0bMp0gt6CFPqpo42WcKzZW
-nasesR978XViPXhUJbN+KaW6dW1zZAB9kHE8jJ4COWpBKKBKQwiOhVQGvhgKfjYE
-txawV7OUiV5IS9h5FndFUqCipBcIDVhE8dJdLKnMNBo03HzgLFNHONM0zEpHkNPg
-dASnuVpol6ldJYnEUbDNY5EC//D7s7h6fJciAQMLbELVrNMjv7IK5i1YjFAGn27i
-CXrSjJd7ow==
------END CERTIFICATE-----
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/6475d582/credential-manager-impl/src/test/java/net/sf/taverna/t2/security/credentialmanager/impl/CredentialManagerImplIT.java
----------------------------------------------------------------------
diff --git a/credential-manager-impl/src/test/java/net/sf/taverna/t2/security/credentialmanager/impl/CredentialManagerImplIT.java b/credential-manager-impl/src/test/java/net/sf/taverna/t2/security/credentialmanager/impl/CredentialManagerImplIT.java
deleted file mode 100644
index 593e223..0000000
--- a/credential-manager-impl/src/test/java/net/sf/taverna/t2/security/credentialmanager/impl/CredentialManagerImplIT.java
+++ /dev/null
@@ -1,339 +0,0 @@
-/*******************************************************************************
- * Copyright (C) 2008-2010 The University of Manchester
- *
- * Modifications to the initial code base are copyright of their
- * respective authors, or their employers as appropriate.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
- ******************************************************************************/
-package net.sf.taverna.t2.security.credentialmanager.impl;
-
-import static org.junit.Assert.*;
-
-
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.IOException;
-import java.net.URI;
-import java.net.URISyntaxException;
-import java.net.URL;
-import java.security.Key;
-import java.security.KeyStore;
-import java.security.Security;
-import java.security.cert.Certificate;
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Enumeration;
-import java.util.List;
-import java.util.Random;
-
-import javax.net.ssl.HttpsURLConnection;
-
-import net.sf.taverna.t2.lang.observer.Observable;
-import net.sf.taverna.t2.lang.observer.Observer;
-import net.sf.taverna.t2.security.credentialmanager.CMException;
-import net.sf.taverna.t2.security.credentialmanager.KeystoreChangedEvent;
-import net.sf.taverna.t2.security.credentialmanager.MasterPasswordProvider;
-import net.sf.taverna.t2.security.credentialmanager.TrustConfirmationProvider;
-import net.sf.taverna.t2.security.credentialmanager.UsernamePassword;
-
-import org.apache.commons.io.FileUtils;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.junit.AfterClass;
-import org.junit.BeforeClass;
-import org.junit.Ignore;
-import org.junit.Test;
-
-/**
- * Tests here require Java strong/unlimited cryptography policy to be installed
- * so they are part of integration tests.
- *
- * Java strong/unlimited cryptography policy is required to use the Credential Manager and
- * the full security capabilities in Taverna. Java by default comes with the weak policy
- * that disables the use of certain cryto algorithms and bigger key sizes. Although
- * it is claimed that as of Java 6 the default policy is strong, we have seen otherwise,
- * so make sure you install it.
- *
- * For Java 6, strong/unlimited cryptography policy can be downloaded
- * (together with the installation instructions) from:
- * http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html
- *
- * These tests use an existing keystore (in resources/security/t2keystore.ubr) and
- * truststore (in resources/security/t2truststore.ubr) that are not empty.
- *
- * @author Alex Nenadic
- *
- */
-public class CredentialManagerImplIT {
-
- private static CredentialManagerImpl credentialManager;
- // Master password for Credential Manager's Keystore and Truststore
- private static String masterPassword = "(cl%ZDxu66AN/{vNXbLF";
- private static DummyMasterPasswordProvider masterPasswordProvider;
- private static File credentialManagerDirectory;
-
- private static UsernamePassword usernamePassword;
- private static URI serviceURI;
- private static UsernamePassword usernamePassword2;
- private static URI serviceURI2;
- private static UsernamePassword usernamePassword3;
- private static URI serviceURI3;
-
- private static Key privateKey;
- private static Certificate[] privateKeyCertChain;
- private static URL privateKeyFileURL = CredentialManagerImplTest.class.getResource(
- "/security/test-private-key-cert.p12");
- private static final String privateKeyAndPKCS12KeystorePassword = "test"; // password for the test PKCS#12 keystore in resources
-
- private static X509Certificate trustedCertficateGoogle;
- private static URL trustedCertficateGoogleFileURL = CredentialManagerImplTest.class.getResource(
- "/security/google-trusted-certificate.pem");
- private static X509Certificate trustedCertficateHeater;
- private static URL trustedCertficateHeaterFileURL = CredentialManagerImplTest.class.getResource(
- "/security/tomcat_heater_certificate.pem");
-
- private static Observer<KeystoreChangedEvent> keystoreChangedObserver;
-
- /**
- * @throws java.lang.Exception
- */
- @BeforeClass
- @Ignore
- public static void setUpBeforeCLass() throws Exception {
-
- Security.addProvider(new BouncyCastleProvider());
-
- // Create some test username and passwords for services
- serviceURI = new URI("http://someservice");
- usernamePassword = new UsernamePassword("testuser", "testpasswd");
- serviceURI2 = new URI("http://someservice2");
- usernamePassword2 = new UsernamePassword("testuser2", "testpasswd2");
- serviceURI3 = new URI("http://someservice3");
- usernamePassword3 = new UsernamePassword("testuser3", "testpasswd3");
-
- // Load the test private key and its certificate
- File privateKeyCertFile = new File(privateKeyFileURL.getPath());
- KeyStore pkcs12Keystore = java.security.KeyStore.getInstance("PKCS12", "BC"); // We have to use the BC provider here as the certificate chain is not loaded if we use whichever provider is first in Java!!!
- FileInputStream inStream = new FileInputStream(privateKeyCertFile);
- pkcs12Keystore.load(inStream, privateKeyAndPKCS12KeystorePassword.toCharArray());
- // KeyStore pkcs12Keystore = credentialManager.loadPKCS12Keystore(privateKeyCertFile, privateKeyPassword);
- Enumeration<String> aliases = pkcs12Keystore.aliases();
- while (aliases.hasMoreElements()) {
- // The test-private-key-cert.p12 file contains only one private key
- // and corresponding certificate entry
- String alias = aliases.nextElement();
- if (pkcs12Keystore.isKeyEntry(alias)) { // is it a (private) key entry?
- privateKey = pkcs12Keystore.getKey(alias,
- privateKeyAndPKCS12KeystorePassword.toCharArray());
- privateKeyCertChain = pkcs12Keystore.getCertificateChain(alias);
- break;
- }
- }
- inStream.close();
-
- // Load the test trusted certificate (belonging to *.Google.com)
- File trustedCertFile = new File(trustedCertficateGoogleFileURL.getPath());
- inStream = new FileInputStream(trustedCertFile);
- CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
- trustedCertficateGoogle = (X509Certificate) certFactory.generateCertificate(inStream);
- try{
- inStream.close();
- }
- catch (Exception e) {
- // Ignore
- }
- // Load the test trusted certificate (belonging to heater.cs.man.ac.uk)
- File trustedCertFile2 = new File(trustedCertficateHeaterFileURL.getPath());
- inStream = new FileInputStream(trustedCertFile2);
- trustedCertficateHeater = (X509Certificate) certFactory.generateCertificate(inStream);
- try{
- inStream.close();
- }
- catch (Exception e) {
- // Ignore
- }
-
- credentialManager = new CredentialManagerImpl();
-
-// // The code below sets up the Keystore and Truststore files and loads some data into them
-// // and saves them into a temp directory. These files can later be used for testing the Credential
-// // Manager with non-empty keystores.
-// Random randomGenerator = new Random();
-// String credentialManagerDirectoryPath = System
-// .getProperty("java.io.tmpdir")
-// + System.getProperty("file.separator")
-// + "taverna-security-"
-// + randomGenerator.nextInt(1000000);
-// System.out.println("Credential Manager's directory path: "
-// + credentialManagerDirectoryPath);
-// credentialManagerDirectory = new File(credentialManagerDirectoryPath);
-// credentialManager.setConfigurationDirectoryPath(credentialManagerDirectory);
-//
-// // Create the dummy master password provider
-// masterPasswordProvider = new DummyMasterPasswordProvider();
-// masterPasswordProvider.setMasterPassword(masterPassword);
-// List<MasterPasswordProvider> masterPasswordProviders = new ArrayList<MasterPasswordProvider>();
-// masterPasswordProviders.add(masterPasswordProvider);
-// credentialManager.setMasterPasswordProviders(masterPasswordProviders);
-//
-// // Add some stuff into Credential Manager
-// credentialManager.addUsernameAndPasswordForService(usernamePassword, serviceURI);
-// credentialManager.addUsernameAndPasswordForService(usernamePassword2, serviceURI2);
-// credentialManager.addUsernameAndPasswordForService(usernamePassword3, serviceURI3);
-// credentialManager.addKeyPair(privateKey, privateKeyCertChain);
-// credentialManager.addTrustedCertificate(trustedCertficate);
-
-
- // Set up a random temp directory and copy the test keystore files
- // from resources/security
- Random randomGenerator = new Random();
- String credentialManagerDirectoryPath = System
- .getProperty("java.io.tmpdir")
- + System.getProperty("file.separator")
- + "taverna-security-"
- + randomGenerator.nextInt(1000000);
- System.out.println("Credential Manager's directory path: "
- + credentialManagerDirectoryPath);
- credentialManagerDirectory = new File(credentialManagerDirectoryPath);
- if (!credentialManagerDirectory.exists()) {
- credentialManagerDirectory.mkdir();
- }
- URL keystoreFileURL = CredentialManagerImplIT.class
- .getResource("/security/t2keystore.ubr");
- File keystoreFile = new File(keystoreFileURL.getPath());
- File keystoreDestFile = new File(credentialManagerDirectory,
- "taverna-keystore.ubr");
- URL truststroreFileURL = CredentialManagerImplIT.class
- .getResource("/security/t2truststore.ubr");
- File truststoreFile = new File(truststroreFileURL.getPath());
- File truststoreDestFile = new File(credentialManagerDirectory,
- "taverna-truststore.ubr");
- FileUtils.copyFile(keystoreFile, keystoreDestFile);
- FileUtils.copyFile(truststoreFile, truststoreDestFile);
- credentialManager.setConfigurationDirectoryPath(credentialManagerDirectory);
-
- // Create the dummy master password provider
- masterPasswordProvider = new DummyMasterPasswordProvider();
- masterPasswordProvider.setMasterPassword(masterPassword);
- List<MasterPasswordProvider> masterPasswordProviders = new ArrayList<MasterPasswordProvider>();
- masterPasswordProviders.add(masterPasswordProvider);
- credentialManager.setMasterPasswordProviders(masterPasswordProviders);
-
- // Set an empty list for trust confirmation providers
- credentialManager.setTrustConfirmationProviders(new ArrayList<TrustConfirmationProvider>());
-
- keystoreChangedObserver = new Observer<KeystoreChangedEvent>() {
- @Override
- public void notify(Observable<KeystoreChangedEvent> sender,
- KeystoreChangedEvent message) throws Exception {
- // TODO Auto-generated method stub
- }
- };
- credentialManager.addObserver(keystoreChangedObserver);
- }
-
- @AfterClass
- @Ignore
- // Clean up the credentialManagerDirectory we created for testing
- public static void cleanUp(){
-
- if (credentialManagerDirectory.exists()){
- try {
- FileUtils.deleteDirectory(credentialManagerDirectory);
- System.out.println("Deleting Credential Manager's directory: "
- + credentialManagerDirectory.getAbsolutePath());
- } catch (IOException e) {
- System.out.println(e.getStackTrace());
- }
- }
- }
-
- @Test
- @Ignore
- public void testCredentialManager() throws CMException, URISyntaxException, IOException{
-
- // There are 3 service username and password entries in the Keystore
- List<URI> serviceList = credentialManager.getServiceURIsForAllUsernameAndPasswordPairs();
- assertTrue(serviceList.size() == 3);
- System.out.println();
- assertTrue(serviceList.contains(serviceURI2));
-
- credentialManager.deleteUsernameAndPasswordForService(serviceURI3);
- assertFalse(credentialManager.hasUsernamePasswordForService(serviceURI3));
-
- // There are 2 private/public key pair entries in the Keystore
- credentialManager.hasKeyPair(privateKey, privateKeyCertChain);
-
- // There are Google's and heater.cs.man.ac's trusted certificates in the Truststore
- credentialManager.hasTrustedCertificate(trustedCertficateGoogle);
- // Open a HTTPS connection to Google
- URL url = new URL("https://code.google.com/p/taverna/");
- HttpsURLConnection conn;
- conn = (HttpsURLConnection) url.openConnection();
- // This should work
- conn.connect();
- assertEquals("HTTP/1.1 200 OK", conn.getHeaderField(0));
- conn.disconnect();
-
- credentialManager.hasTrustedCertificate(trustedCertficateHeater);
- // Open a HTTPS connection to heater
- url = new URL("https://heater.cs.man.ac.uk:7443/");
- conn = (HttpsURLConnection) url.openConnection();
- // This should work
- conn.connect();
- assertEquals("HTTP/1.1 200 OK", conn.getHeaderField(0));
- conn.disconnect();
-
- }
-
- public void generateKeystores() throws Exception{
-
- setUpBeforeCLass();
-
- // The code below sets up the Keystore and Truststore files and loads some data into them
- // and saves them into a temp directory. These files can later be used for testing the Credential
- // Manager with non-empty keystores.
- Random randomGenerator = new Random();
- String credentialManagerDirectoryPath = System
- .getProperty("java.io.tmpdir")
- + System.getProperty("file.separator")
- + "taverna-security-"
- + randomGenerator.nextInt(1000000);
- System.out.println("Credential Manager's Keystore and Truststore will be saved to: "
- + credentialManagerDirectoryPath);
- credentialManagerDirectory = new File(credentialManagerDirectoryPath);
- credentialManager.setConfigurationDirectoryPath(credentialManagerDirectory);
-
- // Create the dummy master password provider
- masterPasswordProvider = new DummyMasterPasswordProvider();
-// masterPasswordProvider.setMasterPassword(masterPassword);
- masterPasswordProvider.setMasterPassword("uber");
- List<MasterPasswordProvider> masterPasswordProviders = new ArrayList<MasterPasswordProvider>();
- masterPasswordProviders.add(masterPasswordProvider);
- credentialManager.setMasterPasswordProviders(masterPasswordProviders);
-
- // Add some stuff into Credential Manager
- credentialManager.addUsernameAndPasswordForService(usernamePassword, new URI("http://heater.cs.man.ac.uk:7070/axis/services/HelloService-PlaintextPassword?wsdl"));
-
-// credentialManager.addUsernameAndPasswordForService(usernamePassword, serviceURI);
-// credentialManager.addUsernameAndPasswordForService(usernamePassword2, serviceURI2);
-// credentialManager.addUsernameAndPasswordForService(usernamePassword3, serviceURI3);
-// credentialManager.addKeyPair(privateKey, privateKeyCertChain);
- credentialManager.addTrustedCertificate(trustedCertficateHeater);
- }
-
-
-}