You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@taverna.apache.org by st...@apache.org on 2015/02/17 12:32:09 UTC
[03/50] [abbrv] incubator-taverna-engine git commit:
taverna-credential-manager*
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/6475d582/taverna-credential-manager-impl/src/main/java/net/sf/taverna/t2/security/credentialmanager/impl/DefaultMasterPasswordProvider.java
----------------------------------------------------------------------
diff --git a/taverna-credential-manager-impl/src/main/java/net/sf/taverna/t2/security/credentialmanager/impl/DefaultMasterPasswordProvider.java b/taverna-credential-manager-impl/src/main/java/net/sf/taverna/t2/security/credentialmanager/impl/DefaultMasterPasswordProvider.java
new file mode 100644
index 0000000..9b72188
--- /dev/null
+++ b/taverna-credential-manager-impl/src/main/java/net/sf/taverna/t2/security/credentialmanager/impl/DefaultMasterPasswordProvider.java
@@ -0,0 +1,51 @@
+package net.sf.taverna.t2.security.credentialmanager.impl;
+
+import static net.sf.taverna.t2.security.credentialmanager.CredentialManager.USER_SET_MASTER_PASSWORD_INDICATOR_FILE_NAME;
+
+import java.io.File;
+
+import net.sf.taverna.t2.security.credentialmanager.MasterPasswordProvider;
+import uk.org.taverna.configuration.app.ApplicationConfiguration;
+
+//import org.apache.log4j.Logger;
+
+public class DefaultMasterPasswordProvider implements MasterPasswordProvider {
+ /**
+ * Default master password for Credential Manager - used by default and
+ * ignored if user sets their own
+ */
+ private final String DEFAULT_MASTER_PASSWORD = "taverna";
+ private ApplicationConfiguration appConfig;
+
+ @Override
+ public int getProviderPriority() {
+ // Higher priority then the UI provider so this one will be tried first
+ return 101;
+ }
+
+ /**
+ * Sets the applicationConfiguration.
+ *
+ * @param applicationConfiguration
+ * the new value of applicationConfiguration
+ */
+ public void setApplicationConfiguration(
+ ApplicationConfiguration applicationConfiguration) {
+ appConfig = applicationConfiguration;
+ }
+
+ @Override
+ public String getMasterPassword(boolean firstTime) {
+ File cmDir = DistinguishedNameParserImpl.getTheCredentialManagerDefaultDirectory(appConfig);
+ File flagFile = new File(cmDir,
+ USER_SET_MASTER_PASSWORD_INDICATOR_FILE_NAME);
+ if (flagFile.exists())
+ return null;
+ return DEFAULT_MASTER_PASSWORD;
+ }
+
+ @Override
+ public void setMasterPassword(String password) {
+ // We always ignore this; we're never changing our password
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/6475d582/taverna-credential-manager-impl/src/main/java/net/sf/taverna/t2/security/credentialmanager/impl/DistinguishedNameParserImpl.java
----------------------------------------------------------------------
diff --git a/taverna-credential-manager-impl/src/main/java/net/sf/taverna/t2/security/credentialmanager/impl/DistinguishedNameParserImpl.java b/taverna-credential-manager-impl/src/main/java/net/sf/taverna/t2/security/credentialmanager/impl/DistinguishedNameParserImpl.java
new file mode 100644
index 0000000..b9a9f9f
--- /dev/null
+++ b/taverna-credential-manager-impl/src/main/java/net/sf/taverna/t2/security/credentialmanager/impl/DistinguishedNameParserImpl.java
@@ -0,0 +1,179 @@
+/*******************************************************************************
+ * Copyright (C) 2014 The University of Manchester
+ *
+ * Modifications to the initial code base are copyright of their
+ * respective authors, or their employers as appropriate.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
+ ******************************************************************************/
+package net.sf.taverna.t2.security.credentialmanager.impl;
+
+import java.io.ByteArrayInputStream;
+import java.io.File;
+import java.math.BigInteger;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+
+import net.sf.taverna.t2.security.credentialmanager.CMException;
+import net.sf.taverna.t2.security.credentialmanager.DistinguishedNameParser;
+
+import org.apache.log4j.Logger;
+
+import uk.org.taverna.configuration.app.ApplicationConfiguration;
+
+/**
+ * Utility methods for Credential Manager and security-related stuff.
+ *
+ * @author Alex Nenadic
+ * @author Stian Soiland-Reyes
+ * @author Christian Brenninkmeijer
+ */
+public class DistinguishedNameParserImpl implements DistinguishedNameParser{
+ private static Logger logger = Logger.getLogger(DistinguishedNameParserImpl.class);
+
+ public DistinguishedNameParserImpl(){
+ System.out.println("Creating DistinguishedNameParserImpl");
+ System.out.println(this instanceof net.sf.taverna.t2.security.credentialmanager.DistinguishedNameParser);
+ }
+
+ /**
+ * Get the configuration directory where the security stuff will be/is saved
+ * to.
+ */
+ public static File getTheCredentialManagerDefaultDirectory(
+ ApplicationConfiguration applicationConfiguration) {
+ File home = applicationConfiguration.getApplicationHomeDir();
+ File secConfigDirectory = new File(home, "security");
+ if (!secConfigDirectory.exists())
+ secConfigDirectory.mkdir();
+ return secConfigDirectory;
+ }
+
+ @Override
+ public final File getCredentialManagerDefaultDirectory(
+ ApplicationConfiguration applicationConfiguration) {
+ return getTheCredentialManagerDefaultDirectory(applicationConfiguration);
+ }
+
+ static URI resolveUriFragment(URI uri, String realm)
+ throws URISyntaxException {
+ /*
+ * Little hack to encode the fragment correctly - why does not
+ * java.net.URI expose this quoting or have setFragment()?
+ */
+ URI fragment = new URI("http", "localhost", "/", realm);
+ fragment = fragment.resolve(fragment.getPath()).relativize(fragment);
+ return uri.resolve(fragment);
+ }
+
+ @Override
+ public final URI setFragmentForURI(URI uri, String fragment)
+ throws URISyntaxException {
+ return new URI(uri.getScheme(), uri.getUserInfo(), uri.getHost(),
+ uri.getPort(), uri.getPath(), uri.getQuery(), fragment);
+ }
+
+ @Override
+ public final URI setUserInfoForURI(URI uri, String userinfo)
+ throws URISyntaxException {
+ return new URI(uri.getScheme(), userinfo, uri.getHost(), uri.getPort(),
+ uri.getPath(), uri.getQuery(), uri.getFragment());
+ }
+
+ @Override
+ public final X509Certificate convertCertificate(Certificate cert)
+ throws CMException {
+ try {
+ // Get the factory for X509 certificates
+ CertificateFactory cf = CertificateFactory.getInstance("X.509");
+ // Get the encoded (binary) form of the certificate.
+ // For an X509 certificate the encoding will be DER.
+ ByteArrayInputStream bais = new ByteArrayInputStream(
+ cert.getEncoded());
+ // Create the X509 certificate object from the stream
+ return (X509Certificate) cf.generateCertificate(bais);
+ } catch (CertificateException ex) {
+ throw new CMException(
+ "Failed to convert the certificate object into X.509 certificate.",
+ ex);
+ }
+ }
+
+ /**
+ * Get the message digest of the given byte array as a string of hexadecimal
+ * characters in the form XX:XX:XX... using the given digest algorithm.
+ */
+ public String getMessageDigestAsFormattedString(byte[] messageBytes,
+ String digestAlgorithm) {
+
+ MessageDigest messageDigest;
+ byte[] digestBytes;
+ try {
+ messageDigest = MessageDigest.getInstance(digestAlgorithm);
+ digestBytes = messageDigest.digest(messageBytes);
+ } catch (NoSuchAlgorithmException ex) {
+ logger.error("Failed to create message digest.", ex);
+ return "";
+ }
+
+ // Create the integer value from the digest bytes
+ BigInteger number = new BigInteger(1, digestBytes);
+ // Convert the integer from decimal to hexadecimal representation
+ String hexValueString = number.toString(16).toUpperCase();
+
+ StringBuffer strBuff = new StringBuffer(hexValueString);
+ // If the hex number contains odd number of characters -
+ // insert a padding "0" at the front of the string
+ if ((strBuff.length() % 2) != 0)
+ strBuff.insert(0, '0');
+
+ // Insert colons after every two hex characters - start form the end of
+ // the hex string
+ if (strBuff.length() > 2)
+ for (int i = 2; i < strBuff.length(); i += 3)
+ strBuff.insert(i, ':');
+
+ return strBuff.toString();
+ }
+
+
+ private String emailAddress; // not from RFC 2253, yet some certificates
+ // contain this field
+
+ private String CN;
+ private String L;
+ private String ST;
+ private String C;
+ private String O;
+ private String OU;
+
+ /**
+ * Parses a DN string and fills in fields with DN parts. Heavily based on
+ * uk.ac.omii.security.utils.DNParser class from omii-security-utils
+ * library.
+ *
+ * http://maven.omii.ac.uk/maven2/repository/omii/omii-security-utils/
+ */
+ public ParsedDistinguishedNameImpl parseDN(String DNstr) {
+ return new ParsedDistinguishedNameImpl(DNstr);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/6475d582/taverna-credential-manager-impl/src/main/java/net/sf/taverna/t2/security/credentialmanager/impl/ParsedDistinguishedNameImpl.java
----------------------------------------------------------------------
diff --git a/taverna-credential-manager-impl/src/main/java/net/sf/taverna/t2/security/credentialmanager/impl/ParsedDistinguishedNameImpl.java b/taverna-credential-manager-impl/src/main/java/net/sf/taverna/t2/security/credentialmanager/impl/ParsedDistinguishedNameImpl.java
new file mode 100644
index 0000000..c049d49
--- /dev/null
+++ b/taverna-credential-manager-impl/src/main/java/net/sf/taverna/t2/security/credentialmanager/impl/ParsedDistinguishedNameImpl.java
@@ -0,0 +1,265 @@
+/*******************************************************************************
+ * Copyright (C) 2014 The University of Manchester
+ *
+ * Modifications to the initial code base are copyright of their
+ * respective authors, or their employers as appropriate.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
+ ******************************************************************************/
+package net.sf.taverna.t2.security.credentialmanager.impl;
+
+import java.net.URI;
+import java.util.ArrayList;
+import net.sf.taverna.t2.security.credentialmanager.ParsedDistinguishedName;
+import org.apache.log4j.Logger;
+
+/**
+ * Parses a Distinguished Name and stores the parts for retreival.
+ *
+ * @author Alex Nenadic
+ * @author Stian Soiland-Reyes
+ * @author Christian Brenninkmeijer
+ */
+public class ParsedDistinguishedNameImpl implements ParsedDistinguishedName{
+ private static final Logger logger = Logger.getLogger(ParsedDistinguishedNameImpl.class);
+
+ private String emailAddress; // not from RFC 2253, yet some certificates
+ // contain this field
+ private String CN;
+ private String L;
+ private String ST;
+ private String C;
+ private String O;
+ private String OU;
+
+ // /**
+ // * Gets the intended certificate uses, i.e. Netscape Certificate Type
+ // * extension (2.16.840.1.113730.1.1) as a string.
+ // */
+ // // From openssl's documentation: "The [above] extension is non standard,
+ // Netscape
+ // // specific and largely obsolete. Their use in new applications is
+ // discouraged."
+ // // TODO replace with "basicConstraints, keyUsage and extended key usage
+ // extensions
+ // // which are now used instead."
+ // public static String getIntendedCertificateUses(byte[] value) {
+ //
+ // // Netscape Certificate Types (2.16.840.1.113730.1.1) denoting the
+ // // intended uses of a certificate
+ // int[] INTENDED_USES = new int[] { NetscapeCertType.sslClient,
+ // NetscapeCertType.sslServer, NetscapeCertType.smime,
+ // NetscapeCertType.objectSigning, NetscapeCertType.reserved,
+ // NetscapeCertType.sslCA, NetscapeCertType.smimeCA,
+ // NetscapeCertType.objectSigningCA, };
+ //
+ // // Netscape Certificate Type strings (2.16.840.1.113730.1.1)
+ // HashMap<String, String> INTENDED_USES_STRINGS = new HashMap<String,
+ // String>();
+ // INTENDED_USES_STRINGS.put("128", "SSL Client");
+ // INTENDED_USES_STRINGS.put("64", "SSL Server");
+ // INTENDED_USES_STRINGS.put("32", "S/MIME");
+ // INTENDED_USES_STRINGS.put("16", "Object Signing");
+ // INTENDED_USES_STRINGS.put("8", "Reserved");
+ // INTENDED_USES_STRINGS.put("4", "SSL CA");
+ // INTENDED_USES_STRINGS.put("2", "S/MIME CA");
+ // INTENDED_USES_STRINGS.put("1", "Object Signing CA");
+ //
+ // // Get DER octet string from extension value
+ // ASN1OctetString derOctetString = new DEROctetString(value);
+ // byte[] octets = derOctetString.getOctets();
+ // // Get DER bit string
+ // DERBitString derBitString = new DERBitString(octets);
+ // int val = new NetscapeCertType(derBitString).intValue();
+ // StringBuffer strBuff = new StringBuffer();
+ // for (int i = 0, len = INTENDED_USES.length; i < len; i++) {
+ // int use = INTENDED_USES[i];
+ // if ((val & use) == use) {
+ // strBuff.append(INTENDED_USES_STRINGS.get(String.valueOf(use))
+ // + ", \n");
+ // }
+ // }
+ // // remove the last ", \n" from the end of the buffer
+ // String str = strBuff.toString();
+ // str = str.substring(0, str.length() - 3);
+ // return str;
+ // }
+
+ // FROM RFC 2253:
+ // CN commonName
+ // L localityName
+ // ST stateOrProvinceName
+ // O organizationName
+ // OU organizationalUnitName
+ // C countryName
+ // STREET streetAddress
+ // DC domainComponent
+ // UID userid
+
+ /**
+ * Parses a DN string and fills in fields with DN parts. Heavily based on
+ * uk.ac.omii.security.utils.DNParser class from omii-security-utils
+ * library.
+ *
+ * http://maven.omii.ac.uk/maven2/repository/omii/omii-security-utils/
+ */
+ public ParsedDistinguishedNameImpl(String DNstr) {
+ // ///////////////////////////////////////////////////////////////////////////////////////////////////
+ // Parse the DN String and put into variables. First, tokenise using a
+ // "," character as a delimiter
+ // UNLESS escaped with a "\" character. Put the tokens into an
+ // ArrayList. These should be name value pairs
+ // separated by "=". Tokenise these using a StringTokenizer class, test
+ // for the name, and if one of the
+ // recognised names, copy into the correct variable. The reason
+ // StringTokenizer is not used for the major
+ // token list is that the StringTokenizer class does not handle escaped
+ // delimiters so an escaped delimiter
+ // in the code would be treated as a valid one.
+
+ int i = 0;
+
+ char majorListDelimiter = ',';
+ char majorListEscapeChar = '\\';
+
+ // String minorListDelimiter = "=";
+
+ String DNchars = DNstr;
+
+ int startIndex = 0;
+ int endIndex = 0;
+ boolean ignoreThisChar = false;
+
+ boolean inQuotes = false;
+
+ ArrayList<String> majorTokenList = new ArrayList<String>();
+
+ for (i = 0; i < DNchars.length(); i++) {
+ if (ignoreThisChar == true) {
+ ignoreThisChar = false;
+ } else if ((inQuotes == false) && (DNchars.charAt(i) == '\"')) {
+ inQuotes = true;
+ } else if ((inQuotes == true) && (DNchars.charAt(i) == '\"')) {
+ inQuotes = false;
+ } else if (inQuotes == true) {
+ continue;
+ } else if (DNchars.charAt(i) == majorListEscapeChar) {
+ ignoreThisChar = true;
+ } else if ((DNchars.charAt(i) == majorListDelimiter)
+ && (ignoreThisChar == false)) {
+ endIndex = i;
+ majorTokenList.add(DNchars.substring(startIndex, endIndex));
+ startIndex = i + 1;
+ }
+ }
+
+ // Add last token - after the last delimiter
+ endIndex = DNchars.length();
+ majorTokenList.add(DNchars.substring(startIndex, endIndex));
+
+ for (String currentToken : majorTokenList) {
+ currentToken = currentToken.trim();
+
+ // split on first equals only, as value can contain an equals char
+ String[] minorTokenList = currentToken.split("=", 2);
+
+ if (minorTokenList.length == 2) {
+ // there had better be a key and a value only
+ String DNTokenName = minorTokenList[0].toUpperCase();
+ String DNTokenValue = minorTokenList[1];
+
+ if (DNTokenName.equals("CN")
+ || DNTokenName.equals("COMMONNAME")) {
+ CN = DNTokenValue;
+ } else if (DNTokenName.equals("EMAIL")
+ || DNTokenName.equals("EMAILADDRESS")) {
+ emailAddress = DNTokenValue;
+ } else if (DNTokenName.equals("OU")
+ || DNTokenName.equals("ORGANIZATIONALUNITNAME")) {
+ OU = DNTokenValue;
+ } else if (DNTokenName.equals("O")
+ || DNTokenName.equals("ORGANIZATIONNAME")) {
+ O = DNTokenValue;
+ } else if (DNTokenName.equals("L")
+ || DNTokenName.equals("LOCALITYNAME")) {
+ L = DNTokenValue;
+ } else if (DNTokenName.equals("ST")
+ || DNTokenName.equals("STATEORPROVINCENAME")) {
+ ST = DNTokenValue;
+ } else if (DNTokenName.equals("C")
+ || DNTokenName.equals("COUNTRYNAME")) {
+ C = DNTokenValue;
+ }
+ }
+ // else we have a key with no value, so skip processing the key
+ }
+
+ if (CN == null)
+ CN = "none";
+
+ if (emailAddress == null)
+ emailAddress = "none";
+
+ if (OU == null)
+ OU = "none";
+
+ if (O == null)
+ O = "none";
+
+ if (L == null)
+ L = "none";
+
+ if (ST == null)
+ ST = "none";
+
+ if (C == null)
+ C = "none";
+ }
+
+ @Override
+ public String getCN() {
+ return CN;
+ }
+
+ @Override
+ public String getEmailAddress() {
+ return emailAddress;
+ }
+
+ @Override
+ public String getOU() {
+ return OU;
+ }
+
+ @Override
+ public String getO() {
+ return O;
+ }
+
+ @Override
+ public String getL() {
+ return L;
+ }
+
+ @Override
+ public String getST() {
+ return ST;
+ }
+
+ @Override
+ public String getC() {
+ return C;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/6475d582/taverna-credential-manager-impl/src/main/resources/META-INF/spring/credential-manager-impl-context-osgi.xml
----------------------------------------------------------------------
diff --git a/taverna-credential-manager-impl/src/main/resources/META-INF/spring/credential-manager-impl-context-osgi.xml b/taverna-credential-manager-impl/src/main/resources/META-INF/spring/credential-manager-impl-context-osgi.xml
new file mode 100644
index 0000000..3c59bf6
--- /dev/null
+++ b/taverna-credential-manager-impl/src/main/resources/META-INF/spring/credential-manager-impl-context-osgi.xml
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans:beans xmlns="http://www.springframework.org/schema/osgi"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:beans="http://www.springframework.org/schema/beans"
+ xsi:schemaLocation="http://www.springframework.org/schema/beans
+ http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/osgi
+ http://www.springframework.org/schema/osgi/spring-osgi.xsd">
+
+ <service ref="credentialManager"
+ interface="net.sf.taverna.t2.security.credentialmanager.CredentialManager" />
+ <service ref="defaultMasterPassword"
+ interface="net.sf.taverna.t2.security.credentialmanager.MasterPasswordProvider" />
+ <service ref="distinguishedNameParser"
+ interface="net.sf.taverna.t2.security.credentialmanager.DistinguishedNameParser" />
+
+ <reference id="applicationConfiguration"
+ interface="uk.org.taverna.configuration.app.ApplicationConfiguration" />
+
+ <list id="masterPasswordProviders"
+ interface="net.sf.taverna.t2.security.credentialmanager.MasterPasswordProvider"
+ cardinality="0..N" comparator-ref="MasterPasswordProviderComparator" />
+ <list id="javaTruststorePasswordProviders"
+ interface="net.sf.taverna.t2.security.credentialmanager.JavaTruststorePasswordProvider"
+ cardinality="0..N" />
+ <list id="serviceUsernameAndPasswordProviders"
+ interface="net.sf.taverna.t2.security.credentialmanager.ServiceUsernameAndPasswordProvider"
+ cardinality="0..N" />
+ <list id="trustConfirmationProviders"
+ interface="net.sf.taverna.t2.security.credentialmanager.TrustConfirmationProvider"
+ cardinality="0..N" />
+</beans:beans>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/6475d582/taverna-credential-manager-impl/src/main/resources/META-INF/spring/credential-manager-impl-context.xml
----------------------------------------------------------------------
diff --git a/taverna-credential-manager-impl/src/main/resources/META-INF/spring/credential-manager-impl-context.xml b/taverna-credential-manager-impl/src/main/resources/META-INF/spring/credential-manager-impl-context.xml
new file mode 100644
index 0000000..d1531e1
--- /dev/null
+++ b/taverna-credential-manager-impl/src/main/resources/META-INF/spring/credential-manager-impl-context.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://www.springframework.org/schema/beans
+ http://www.springframework.org/schema/beans/spring-beans.xsd">
+
+ <bean id="credentialManager" init-method="installAuthenticator"
+ class="net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl">
+ <property name="masterPasswordProviders" ref="masterPasswordProviders" />
+ <property name="javaTruststorePasswordProviders" ref="javaTruststorePasswordProviders" />
+ <property name="serviceUsernameAndPasswordProviders" ref="serviceUsernameAndPasswordProviders" />
+ <property name="trustConfirmationProviders" ref="trustConfirmationProviders" />
+ <property name="applicationConfiguration" ref="applicationConfiguration" />
+ </bean>
+
+ <bean id="MasterPasswordProviderComparator"
+ class="net.sf.taverna.t2.security.credentialmanager.MasterPasswordProvider$ProviderComparator" />
+
+ <bean id="distinguishedNameParser"
+ class="net.sf.taverna.t2.security.credentialmanager.impl.DistinguishedNameParserImpl" />
+ <bean id="defaultMasterPassword"
+ class="net.sf.taverna.t2.security.credentialmanager.impl.DefaultMasterPasswordProvider">
+ <property name="applicationConfiguration" ref="applicationConfiguration" />
+ </bean>
+</beans>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/6475d582/taverna-credential-manager-impl/src/main/resources/trusted-certificates/AddTrustExternalCARoot.crt
----------------------------------------------------------------------
diff --git a/taverna-credential-manager-impl/src/main/resources/trusted-certificates/AddTrustExternalCARoot.crt b/taverna-credential-manager-impl/src/main/resources/trusted-certificates/AddTrustExternalCARoot.crt
new file mode 100644
index 0000000..20585f1
--- /dev/null
+++ b/taverna-credential-manager-impl/src/main/resources/trusted-certificates/AddTrustExternalCARoot.crt
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU
+MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs
+IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290
+MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux
+FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h
+bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v
+dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt
+H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9
+uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX
+mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX
+a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN
+E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0
+WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD
+VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0
+Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU
+cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx
+IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN
+AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH
+YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5
+6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC
+Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX
+c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a
+mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ=
+-----END CERTIFICATE-----
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/6475d582/taverna-credential-manager-impl/src/main/resources/trusted-certificates/TERENASSLCA.crt
----------------------------------------------------------------------
diff --git a/taverna-credential-manager-impl/src/main/resources/trusted-certificates/TERENASSLCA.crt b/taverna-credential-manager-impl/src/main/resources/trusted-certificates/TERENASSLCA.crt
new file mode 100644
index 0000000..1e70af9
--- /dev/null
+++ b/taverna-credential-manager-impl/src/main/resources/trusted-certificates/TERENASSLCA.crt
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEmDCCA4CgAwIBAgIQS8gUAy8H+mqk8Nop32F5ujANBgkqhkiG9w0BAQUFADCB
+lzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug
+Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho
+dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xHzAdBgNVBAMTFlVUTi1VU0VSRmlyc3Qt
+SGFyZHdhcmUwHhcNMDkwNTE4MDAwMDAwWhcNMjAwNTMwMTA0ODM4WjA2MQswCQYD
+VQQGEwJOTDEPMA0GA1UEChMGVEVSRU5BMRYwFAYDVQQDEw1URVJFTkEgU1NMIENB
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw+NIxC9cwcupmf0booNd
+ij2tOtDipEMfTQ7+NSUwpWkbxOjlwY9UfuFqoppcXN49/ALOlrhfj4NbzGBAkPjk
+tjolnF8UUeyx56+eUKExVccCvaxSin81joL6hK0V/qJ/gxA6VVOULAEWdJRUYyij
+8lspPZSIgCDiFFkhGbSkmOFg5vLrooCDQ+CtaPN5GYtoQ1E/iptBhQw1jF218bbl
+p8ODtWsjb9Sl61DllPFKX+4nSxQSFSRMDc9ijbcAIa06Mg9YC18em9HfnY6pGTVQ
+L0GprTvG4EWyUzl/Ib8iGodcNK5Sbwd9ogtOnyt5pn0T3fV/g3wvWl13eHiRoBS/
+fQIDAQABo4IBPjCCATowHwYDVR0jBBgwFoAUoXJfJhsomEOVXQc31YWWnUvSw0Uw
+HQYDVR0OBBYEFAy9k2gM896ro0lrKzdXR+qQ47ntMA4GA1UdDwEB/wQEAwIBBjAS
+BgNVHRMBAf8ECDAGAQH/AgEAMBgGA1UdIAQRMA8wDQYLKwYBBAGyMQECAh0wRAYD
+VR0fBD0wOzA5oDegNYYzaHR0cDovL2NybC51c2VydHJ1c3QuY29tL1VUTi1VU0VS
+Rmlyc3QtSGFyZHdhcmUuY3JsMHQGCCsGAQUFBwEBBGgwZjA9BggrBgEFBQcwAoYx
+aHR0cDovL2NydC51c2VydHJ1c3QuY29tL1VUTkFkZFRydXN0U2VydmVyX0NBLmNy
+dDAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG
+9w0BAQUFAAOCAQEATiPuSJz2hYtxxApuc5NywDqOgIrZs8qy1AGcKM/yXA4hRJML
+thoh45gBlA5nSYEevj0NTmDa76AxTpXv8916WoIgQ7ahY0OzUGlDYktWYrA0irkT
+Q1mT7BR5iPNIk+idyfqHcgxrVqDDFY1opYcfcS3mWm08aXFABFXcoEOUIEU4eNe9
+itg5xt8Jt1qaqQO4KBB4zb8BG1oRPjj02Bs0ec8z0gH9rJjNbUcRkEy7uVvYcOfV
+r7bMxIbmdcCeKbYrDyqlaQIN4+mitF3A884saoU4dmHGSYKrUbOCprlBmCiY+2v+
+ihb/MX5UR6g83EMmqZsFt57ANEORMNQywxFa4Q==
+-----END CERTIFICATE-----
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/6475d582/taverna-credential-manager-impl/src/main/resources/trusted-certificates/UTNAddTrustServer_CA.crt
----------------------------------------------------------------------
diff --git a/taverna-credential-manager-impl/src/main/resources/trusted-certificates/UTNAddTrustServer_CA.crt b/taverna-credential-manager-impl/src/main/resources/trusted-certificates/UTNAddTrustServer_CA.crt
new file mode 100644
index 0000000..3642581
--- /dev/null
+++ b/taverna-credential-manager-impl/src/main/resources/trusted-certificates/UTNAddTrustServer_CA.crt
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEPDCCAySgAwIBAgIQSEus8arH1xND0aJ0NUmXJTANBgkqhkiG9w0BAQUFADBv
+MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk
+ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF
+eHRlcm5hbCBDQSBSb290MB4XDTA1MDYwNzA4MDkxMFoXDTIwMDUzMDEwNDgzOFow
+gZcxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJVVDEXMBUGA1UEBxMOU2FsdCBMYWtl
+IENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEhMB8GA1UECxMY
+aHR0cDovL3d3dy51c2VydHJ1c3QuY29tMR8wHQYDVQQDExZVVE4tVVNFUkZpcnN0
+LUhhcmR3YXJlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsffDOD+0
+qH/POYJRZ9Btn9L/WPPnnyvsDYlUmbk4mRb34CF5SMK7YXQSlh08anLVPBBnOjnt
+KxPNZuuVCTOkbJex6MbswXV5nEZejavQav25KlUXEFSzGfCa9vGxXbanbfvgcRdr
+ooj7AN/+GjF3DJoBerEy4ysBBzhuw6VeI7xFm3tQwckwj9vlK3rTW/szQB6g1ZgX
+vIuHw4nTXaCOsqqq9o5piAbF+okh8widaS4JM5spDUYPjMxJNLBpUb35Bs1orWZM
+vD6sYb0KiA7I3z3ufARMnQpea5HW7sftKI2rTYeJc9BupNAeFosU4XZEA39jrOTN
+SZzFkvSrMqFIWwIDAQABo4GqMIGnMB8GA1UdIwQYMBaAFK29mHo0tCb3+sQmVO8D
+veAky1QaMB0GA1UdDgQWBBShcl8mGyiYQ5VdBzfVhZadS9LDRTAOBgNVHQ8BAf8E
+BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zBEBgNVHR8EPTA7MDmgN6A1hjNodHRwOi8v
+Y3JsLnVzZXJ0cnVzdC5jb20vQWRkVHJ1c3RFeHRlcm5hbENBUm9vdC5jcmwwDQYJ
+KoZIhvcNAQEFBQADggEBADzse+Cuow6WbTDXhcbSaFtFWoKmNA+wyZIjXhFtCBGy
+dAkjOjUlc1heyrl8KPpH7PmgA1hQtlPvjNs55Gfp2MooRtSn4PU4dfjny1y/HRE8
+akCbLURW0/f/BSgyDBXIZEWT6CEkjy3aeoR7T8/NsiV8dxDTlNEEkaglHAkiD31E
+NREU768A/l7qX46w2ZJZuvwTlqAYAVbO2vYoC7Gv3VxPXLLzj1pxz+0YrWOIHY6V
+9+qV5x+tkLiECEeFfyIvGh1IMNZMCNg3GWcyK+tc0LL8blefBDVekAB+EcfeEyrN
+pG1FJseIVqDwavfY5/wnfmcI0L36tsNhAgFlubgvz1o=
+-----END CERTIFICATE-----
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/6475d582/taverna-credential-manager-impl/src/main/resources/trusted-certificates/heater.cs.man.ac.uk-not-needed.pem
----------------------------------------------------------------------
diff --git a/taverna-credential-manager-impl/src/main/resources/trusted-certificates/heater.cs.man.ac.uk-not-needed.pem b/taverna-credential-manager-impl/src/main/resources/trusted-certificates/heater.cs.man.ac.uk-not-needed.pem
new file mode 100644
index 0000000..e7e861f
--- /dev/null
+++ b/taverna-credential-manager-impl/src/main/resources/trusted-certificates/heater.cs.man.ac.uk-not-needed.pem
@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEczCCA1ugAwIBAgIQPNDfg7NaMsjkGjowei7/JjANBgkqhkiG9w0BAQUFADA2
+MQswCQYDVQQGEwJOTDEPMA0GA1UEChMGVEVSRU5BMRYwFAYDVQQDEw1URVJFTkEg
+U1NMIENBMB4XDTEzMDUyMjAwMDAwMFoXDTE2MDUyMTIzNTk1OVowQTEhMB8GA1UE
+CxMYRG9tYWluIENvbnRyb2wgVmFsaWRhdGVkMRwwGgYDVQQDExNoZWF0ZXIuY3Mu
+bWFuLmFjLnVrMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2egVdh/d
+PbrglnEp/BATt2UWk48tplWdt0aFcpvatItJZ4+CY0Rfd0TCIRKDp+PppbE1/PcE
+pe77Zngiu1YYnOpAIoS3Mfgc/yxssEHJj/tAjY1d4/NFa8jwY/MIoSPZrNGtTEpf
+IMn7OUNsEh1YyWYdDmvNaxQFdLVjO/QhFqtQedUJEg7YaD1/OacmQoWAZvOPkXeQ
+lUHpieiFjGeJYI/RCqWE1tjU6E/4WtczOsXXA50kFJ/XykQVwto3e8ckKju6HI0g
+FL1R/7wrhfSJ5rkiwmlPWZd5Keik/va/8JJKlWG3OzYaLb5qPTqgaKTTKbWvU/nX
+cPeKaIZ0Sa7AYwIDAQABo4IBcDCCAWwwHwYDVR0jBBgwFoAUDL2TaAzz3qujSWsr
+N1dH6pDjue0wHQYDVR0OBBYEFEKp10paTphB4PCL5kK5C/aVod4+MA4GA1UdDwEB
+/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
+BQcDAjAiBgNVHSAEGzAZMA0GCysGAQQBsjEBAgIdMAgGBmeBDAECATA6BgNVHR8E
+MzAxMC+gLaArhilodHRwOi8vY3JsLnRjcy50ZXJlbmEub3JnL1RFUkVOQVNTTENB
+LmNybDBtBggrBgEFBQcBAQRhMF8wNQYIKwYBBQUHMAKGKWh0dHA6Ly9jcnQudGNz
+LnRlcmVuYS5vcmcvVEVSRU5BU1NMQ0EuY3J0MCYGCCsGAQUFBzABhhpodHRwOi8v
+b2NzcC50Y3MudGVyZW5hLm9yZzAeBgNVHREEFzAVghNoZWF0ZXIuY3MubWFuLmFj
+LnVrMA0GCSqGSIb3DQEBBQUAA4IBAQCIO7fl98dU24AfcCGyZDPA2zHi0coqAZbA
+SZ31z5IPezLXpPkpN/msiYuUkIx5DjWjzv9w/sAQ952YUGz0z7AFDamMcyETlMb+
+trWedNHk0FghwoQTNW+WXxBa9My8K3IeO1FOt58lKVay9aqVZjiumt+P3LKocXfP
+0cNAPNHR57j9MO+D0fWOCMfbfYk3jEuz1k6vMZomZi35tb61QQ/mYbva7EodBxRt
+HrzOsWPG1jgt32zRibnCc1C6cBry5BkWQ1/9dpJ2LHM6JVVknoRGYng+L91OLfj8
+8PB6BTrehrqH5fe5kcgW02XlezIkaKpzEYc4Jpdf817A1rOSVuBv
+-----END CERTIFICATE-----
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/6475d582/taverna-credential-manager-impl/src/main/resources/trusted-certificates/www.biocatalogue.org-revoked.pem
----------------------------------------------------------------------
diff --git a/taverna-credential-manager-impl/src/main/resources/trusted-certificates/www.biocatalogue.org-revoked.pem b/taverna-credential-manager-impl/src/main/resources/trusted-certificates/www.biocatalogue.org-revoked.pem
new file mode 100644
index 0000000..f687fb1
--- /dev/null
+++ b/taverna-credential-manager-impl/src/main/resources/trusted-certificates/www.biocatalogue.org-revoked.pem
@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEdTCCA12gAwIBAgIQWKdgSd6Zw0PQcE4pbzsWZDANBgkqhkiG9w0BAQUFADA2
+MQswCQYDVQQGEwJOTDEPMA0GA1UEChMGVEVSRU5BMRYwFAYDVQQDEw1URVJFTkEg
+U1NMIENBMB4XDTEzMDgwNTAwMDAwMFoXDTE2MDgwNDIzNTk1OVowQjEhMB8GA1UE
+CxMYRG9tYWluIENvbnRyb2wgVmFsaWRhdGVkMR0wGwYDVQQDExR3d3cuYmlvY2F0
+YWxvZ3VlLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL++4x8O
+F1YaggcA9OMinMRMkzDHyMnDTDD6piy23nX1F7EetzvhZOWeuotrZRrRm9XnzJ+v
+JOcFXa8ibTZRKF9wdwxRqkH9RVtskYQWFO0oTIdFagRpceHJM2cfI+YLwxaNkekP
+zFhsT/m0Zql6WSD9sTzB/FApcaBkR+gQXP+bQyutxr8cvrwnpgJWYPjUr1jHIXbq
+ZxTwYE1ezeHM9zroO831C8r1PX/goWND6+cNccalsancXraMDwASphhu7LYniSCZ
+zRKwhssl7Xg8ytjkACC8nS4jeyUNmhKa8iPDJthkgGfhT9T+XzUj/NkGNm98IXtn
+m5puPjTaKAe7H90CAwEAAaOCAXEwggFtMB8GA1UdIwQYMBaAFAy9k2gM896ro0lr
+KzdXR+qQ47ntMB0GA1UdDgQWBBQkiYQZefzKYVzbL1td0qbF6uabRzAOBgNVHQ8B
+Af8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB
+BQUHAwIwIgYDVR0gBBswGTANBgsrBgEEAbIxAQICHTAIBgZngQwBAgEwOgYDVR0f
+BDMwMTAvoC2gK4YpaHR0cDovL2NybC50Y3MudGVyZW5hLm9yZy9URVJFTkFTU0xD
+QS5jcmwwbQYIKwYBBQUHAQEEYTBfMDUGCCsGAQUFBzAChilodHRwOi8vY3J0LnRj
+cy50ZXJlbmEub3JnL1RFUkVOQVNTTENBLmNydDAmBggrBgEFBQcwAYYaaHR0cDov
+L29jc3AudGNzLnRlcmVuYS5vcmcwHwYDVR0RBBgwFoIUd3d3LmJpb2NhdGFsb2d1
+ZS5vcmcwDQYJKoZIhvcNAQEFBQADggEBAA1ix/IzQ0mESvfXXX+Dwzx5fXzJ/Rnr
+q93pSBZnroPzpcV84PTE2O7jVi0QHPUsSTtQKp3NHk1zV8xEWR+DNYBVEecNuzcg
+NOXCXF3arXSR7eY1LNwrIaAzbrdxExKlwhPAhhQZ2hxcRX8wvsPT/+sZhlG8wEjj
+y7lg8YtdNjBrRIwYlAQBb1+ilFc7Pge+54B2aMDnv7boRt/XTYdL8XYjcOC2JlE6
+ETnNPD1bNk5Rg+nZwpzAqY+yKKdgk8jsWGr8/eJ88LtpzjZUILH7owU3EHQSQyTq
+T7gcAL+eBwRVfUXKatoB/1uTrQvJz8YHRMDULyIPGGh8rlhJtdAGLk8=
+-----END CERTIFICATE-----
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/6475d582/taverna-credential-manager-impl/src/main/resources/trusted-certificates/www.biodiversitycatalogue.org-revoked.pem
----------------------------------------------------------------------
diff --git a/taverna-credential-manager-impl/src/main/resources/trusted-certificates/www.biodiversitycatalogue.org-revoked.pem b/taverna-credential-manager-impl/src/main/resources/trusted-certificates/www.biodiversitycatalogue.org-revoked.pem
new file mode 100644
index 0000000..05b3926
--- /dev/null
+++ b/taverna-credential-manager-impl/src/main/resources/trusted-certificates/www.biodiversitycatalogue.org-revoked.pem
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIE4zCCA8ugAwIBAgIPSNz7e2uWg8LSOeQaskiFMA0GCSqGSIb3DQEBBQUAMDYx
+CzAJBgNVBAYTAk5MMQ8wDQYDVQQKEwZURVJFTkExFjAUBgNVBAMTDVRFUkVOQSBT
+U0wgQ0EwHhcNMTIxMTIyMDAwMDAwWhcNMTUxMTIyMjM1OTU5WjCBpzELMAkGA1UE
+BhMCR0IxDjAMBgNVBAgTBVdhbGVzMRAwDgYDVQQHEwdDYXJkaWZmMRswGQYDVQQK
+ExJDYXJkaWZmIFVuaXZlcnNpdHkxMTAvBgNVBAsTKEJpb1ZlTCBCaW9kaXZlcnNp
+dHkgVmlydHVhbCBlLUxhYm9yYXRvcnkxJjAkBgNVBAMTHXd3dy5iaW9kaXZlcnNp
+dHljYXRhbG9ndWUub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+rPabZIqwVD+WqCt6WgJJuh40TLU50tiGipECf+4JwU45pz1VAI+HS8V9RcnlUhWs
+WCjCtl2XeBv7kxlMxGUZAZ3uCZGhqUuzC1g/G2nwsrsLv+Xo09setIXUinFFJB8G
+oSRhflZ8YfGPg26Q5Efmd+ecATSIyXMH7w9/IfJ/gHLsBrJjyXz4pTmjQ242jDEz
+Uf6u1kdDp/0moAcVXgCv4Ev1N8eDmvDYzQcD/fdjOD62xi1IEixKgiaMzvBM14gj
+ZuyCPLpc4naD+gfwz2ecZ4moWmUTOouaA5w54Z1d/6b08xJsysoE6B5YKAP2z27i
+iqA5YHySvhJ7AJ90dbg1mwIDAQABo4IBejCCAXYwHwYDVR0jBBgwFoAUDL2TaAzz
+3qujSWsrN1dH6pDjue0wHQYDVR0OBBYEFBsGmwvAkT9J7ehe+2x5cZ6zh/dPMA4G
+A1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMB
+BggrBgEFBQcDAjAiBgNVHSAEGzAZMA0GCysGAQQBsjEBAgIdMAgGBmeBDAECAjA6
+BgNVHR8EMzAxMC+gLaArhilodHRwOi8vY3JsLnRjcy50ZXJlbmEub3JnL1RFUkVO
+QVNTTENBLmNybDBtBggrBgEFBQcBAQRhMF8wNQYIKwYBBQUHMAKGKWh0dHA6Ly9j
+cnQudGNzLnRlcmVuYS5vcmcvVEVSRU5BU1NMQ0EuY3J0MCYGCCsGAQUFBzABhhpo
+dHRwOi8vb2NzcC50Y3MudGVyZW5hLm9yZzAoBgNVHREEITAfgh13d3cuYmlvZGl2
+ZXJzaXR5Y2F0YWxvZ3VlLm9yZzANBgkqhkiG9w0BAQUFAAOCAQEAw86F5CulT1aY
+c3UrW2ndPNMwAkMHJApvJHBqYFCDZTjatZZOaMBG8Ka3IznIpskH9L5XSh+Af+px
+NYhtMxRpeLXjjisYyJIwomI4mtF4+35mv5zPAW6cgf0bMp0gt6CFPqpo42WcKzZW
+nasesR978XViPXhUJbN+KaW6dW1zZAB9kHE8jJ4COWpBKKBKQwiOhVQGvhgKfjYE
+txawV7OUiV5IS9h5FndFUqCipBcIDVhE8dJdLKnMNBo03HzgLFNHONM0zEpHkNPg
+dASnuVpol6ldJYnEUbDNY5EC//D7s7h6fJciAQMLbELVrNMjv7IK5i1YjFAGn27i
+CXrSjJd7ow==
+-----END CERTIFICATE-----
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/6475d582/taverna-credential-manager-impl/src/test/java/net/sf/taverna/t2/security/credentialmanager/impl/CredentialManagerImplIT.java
----------------------------------------------------------------------
diff --git a/taverna-credential-manager-impl/src/test/java/net/sf/taverna/t2/security/credentialmanager/impl/CredentialManagerImplIT.java b/taverna-credential-manager-impl/src/test/java/net/sf/taverna/t2/security/credentialmanager/impl/CredentialManagerImplIT.java
new file mode 100644
index 0000000..593e223
--- /dev/null
+++ b/taverna-credential-manager-impl/src/test/java/net/sf/taverna/t2/security/credentialmanager/impl/CredentialManagerImplIT.java
@@ -0,0 +1,339 @@
+/*******************************************************************************
+ * Copyright (C) 2008-2010 The University of Manchester
+ *
+ * Modifications to the initial code base are copyright of their
+ * respective authors, or their employers as appropriate.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
+ ******************************************************************************/
+package net.sf.taverna.t2.security.credentialmanager.impl;
+
+import static org.junit.Assert.*;
+
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.net.URL;
+import java.security.Key;
+import java.security.KeyStore;
+import java.security.Security;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Enumeration;
+import java.util.List;
+import java.util.Random;
+
+import javax.net.ssl.HttpsURLConnection;
+
+import net.sf.taverna.t2.lang.observer.Observable;
+import net.sf.taverna.t2.lang.observer.Observer;
+import net.sf.taverna.t2.security.credentialmanager.CMException;
+import net.sf.taverna.t2.security.credentialmanager.KeystoreChangedEvent;
+import net.sf.taverna.t2.security.credentialmanager.MasterPasswordProvider;
+import net.sf.taverna.t2.security.credentialmanager.TrustConfirmationProvider;
+import net.sf.taverna.t2.security.credentialmanager.UsernamePassword;
+
+import org.apache.commons.io.FileUtils;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.junit.AfterClass;
+import org.junit.BeforeClass;
+import org.junit.Ignore;
+import org.junit.Test;
+
+/**
+ * Tests here require Java strong/unlimited cryptography policy to be installed
+ * so they are part of integration tests.
+ *
+ * Java strong/unlimited cryptography policy is required to use the Credential Manager and
+ * the full security capabilities in Taverna. Java by default comes with the weak policy
+ * that disables the use of certain cryto algorithms and bigger key sizes. Although
+ * it is claimed that as of Java 6 the default policy is strong, we have seen otherwise,
+ * so make sure you install it.
+ *
+ * For Java 6, strong/unlimited cryptography policy can be downloaded
+ * (together with the installation instructions) from:
+ * http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html
+ *
+ * These tests use an existing keystore (in resources/security/t2keystore.ubr) and
+ * truststore (in resources/security/t2truststore.ubr) that are not empty.
+ *
+ * @author Alex Nenadic
+ *
+ */
+public class CredentialManagerImplIT {
+
+ private static CredentialManagerImpl credentialManager;
+ // Master password for Credential Manager's Keystore and Truststore
+ private static String masterPassword = "(cl%ZDxu66AN/{vNXbLF";
+ private static DummyMasterPasswordProvider masterPasswordProvider;
+ private static File credentialManagerDirectory;
+
+ private static UsernamePassword usernamePassword;
+ private static URI serviceURI;
+ private static UsernamePassword usernamePassword2;
+ private static URI serviceURI2;
+ private static UsernamePassword usernamePassword3;
+ private static URI serviceURI3;
+
+ private static Key privateKey;
+ private static Certificate[] privateKeyCertChain;
+ private static URL privateKeyFileURL = CredentialManagerImplTest.class.getResource(
+ "/security/test-private-key-cert.p12");
+ private static final String privateKeyAndPKCS12KeystorePassword = "test"; // password for the test PKCS#12 keystore in resources
+
+ private static X509Certificate trustedCertficateGoogle;
+ private static URL trustedCertficateGoogleFileURL = CredentialManagerImplTest.class.getResource(
+ "/security/google-trusted-certificate.pem");
+ private static X509Certificate trustedCertficateHeater;
+ private static URL trustedCertficateHeaterFileURL = CredentialManagerImplTest.class.getResource(
+ "/security/tomcat_heater_certificate.pem");
+
+ private static Observer<KeystoreChangedEvent> keystoreChangedObserver;
+
+ /**
+ * @throws java.lang.Exception
+ */
+ @BeforeClass
+ @Ignore
+ public static void setUpBeforeCLass() throws Exception {
+
+ Security.addProvider(new BouncyCastleProvider());
+
+ // Create some test username and passwords for services
+ serviceURI = new URI("http://someservice");
+ usernamePassword = new UsernamePassword("testuser", "testpasswd");
+ serviceURI2 = new URI("http://someservice2");
+ usernamePassword2 = new UsernamePassword("testuser2", "testpasswd2");
+ serviceURI3 = new URI("http://someservice3");
+ usernamePassword3 = new UsernamePassword("testuser3", "testpasswd3");
+
+ // Load the test private key and its certificate
+ File privateKeyCertFile = new File(privateKeyFileURL.getPath());
+ KeyStore pkcs12Keystore = java.security.KeyStore.getInstance("PKCS12", "BC"); // We have to use the BC provider here as the certificate chain is not loaded if we use whichever provider is first in Java!!!
+ FileInputStream inStream = new FileInputStream(privateKeyCertFile);
+ pkcs12Keystore.load(inStream, privateKeyAndPKCS12KeystorePassword.toCharArray());
+ // KeyStore pkcs12Keystore = credentialManager.loadPKCS12Keystore(privateKeyCertFile, privateKeyPassword);
+ Enumeration<String> aliases = pkcs12Keystore.aliases();
+ while (aliases.hasMoreElements()) {
+ // The test-private-key-cert.p12 file contains only one private key
+ // and corresponding certificate entry
+ String alias = aliases.nextElement();
+ if (pkcs12Keystore.isKeyEntry(alias)) { // is it a (private) key entry?
+ privateKey = pkcs12Keystore.getKey(alias,
+ privateKeyAndPKCS12KeystorePassword.toCharArray());
+ privateKeyCertChain = pkcs12Keystore.getCertificateChain(alias);
+ break;
+ }
+ }
+ inStream.close();
+
+ // Load the test trusted certificate (belonging to *.Google.com)
+ File trustedCertFile = new File(trustedCertficateGoogleFileURL.getPath());
+ inStream = new FileInputStream(trustedCertFile);
+ CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
+ trustedCertficateGoogle = (X509Certificate) certFactory.generateCertificate(inStream);
+ try{
+ inStream.close();
+ }
+ catch (Exception e) {
+ // Ignore
+ }
+ // Load the test trusted certificate (belonging to heater.cs.man.ac.uk)
+ File trustedCertFile2 = new File(trustedCertficateHeaterFileURL.getPath());
+ inStream = new FileInputStream(trustedCertFile2);
+ trustedCertficateHeater = (X509Certificate) certFactory.generateCertificate(inStream);
+ try{
+ inStream.close();
+ }
+ catch (Exception e) {
+ // Ignore
+ }
+
+ credentialManager = new CredentialManagerImpl();
+
+// // The code below sets up the Keystore and Truststore files and loads some data into them
+// // and saves them into a temp directory. These files can later be used for testing the Credential
+// // Manager with non-empty keystores.
+// Random randomGenerator = new Random();
+// String credentialManagerDirectoryPath = System
+// .getProperty("java.io.tmpdir")
+// + System.getProperty("file.separator")
+// + "taverna-security-"
+// + randomGenerator.nextInt(1000000);
+// System.out.println("Credential Manager's directory path: "
+// + credentialManagerDirectoryPath);
+// credentialManagerDirectory = new File(credentialManagerDirectoryPath);
+// credentialManager.setConfigurationDirectoryPath(credentialManagerDirectory);
+//
+// // Create the dummy master password provider
+// masterPasswordProvider = new DummyMasterPasswordProvider();
+// masterPasswordProvider.setMasterPassword(masterPassword);
+// List<MasterPasswordProvider> masterPasswordProviders = new ArrayList<MasterPasswordProvider>();
+// masterPasswordProviders.add(masterPasswordProvider);
+// credentialManager.setMasterPasswordProviders(masterPasswordProviders);
+//
+// // Add some stuff into Credential Manager
+// credentialManager.addUsernameAndPasswordForService(usernamePassword, serviceURI);
+// credentialManager.addUsernameAndPasswordForService(usernamePassword2, serviceURI2);
+// credentialManager.addUsernameAndPasswordForService(usernamePassword3, serviceURI3);
+// credentialManager.addKeyPair(privateKey, privateKeyCertChain);
+// credentialManager.addTrustedCertificate(trustedCertficate);
+
+
+ // Set up a random temp directory and copy the test keystore files
+ // from resources/security
+ Random randomGenerator = new Random();
+ String credentialManagerDirectoryPath = System
+ .getProperty("java.io.tmpdir")
+ + System.getProperty("file.separator")
+ + "taverna-security-"
+ + randomGenerator.nextInt(1000000);
+ System.out.println("Credential Manager's directory path: "
+ + credentialManagerDirectoryPath);
+ credentialManagerDirectory = new File(credentialManagerDirectoryPath);
+ if (!credentialManagerDirectory.exists()) {
+ credentialManagerDirectory.mkdir();
+ }
+ URL keystoreFileURL = CredentialManagerImplIT.class
+ .getResource("/security/t2keystore.ubr");
+ File keystoreFile = new File(keystoreFileURL.getPath());
+ File keystoreDestFile = new File(credentialManagerDirectory,
+ "taverna-keystore.ubr");
+ URL truststroreFileURL = CredentialManagerImplIT.class
+ .getResource("/security/t2truststore.ubr");
+ File truststoreFile = new File(truststroreFileURL.getPath());
+ File truststoreDestFile = new File(credentialManagerDirectory,
+ "taverna-truststore.ubr");
+ FileUtils.copyFile(keystoreFile, keystoreDestFile);
+ FileUtils.copyFile(truststoreFile, truststoreDestFile);
+ credentialManager.setConfigurationDirectoryPath(credentialManagerDirectory);
+
+ // Create the dummy master password provider
+ masterPasswordProvider = new DummyMasterPasswordProvider();
+ masterPasswordProvider.setMasterPassword(masterPassword);
+ List<MasterPasswordProvider> masterPasswordProviders = new ArrayList<MasterPasswordProvider>();
+ masterPasswordProviders.add(masterPasswordProvider);
+ credentialManager.setMasterPasswordProviders(masterPasswordProviders);
+
+ // Set an empty list for trust confirmation providers
+ credentialManager.setTrustConfirmationProviders(new ArrayList<TrustConfirmationProvider>());
+
+ keystoreChangedObserver = new Observer<KeystoreChangedEvent>() {
+ @Override
+ public void notify(Observable<KeystoreChangedEvent> sender,
+ KeystoreChangedEvent message) throws Exception {
+ // TODO Auto-generated method stub
+ }
+ };
+ credentialManager.addObserver(keystoreChangedObserver);
+ }
+
+ @AfterClass
+ @Ignore
+ // Clean up the credentialManagerDirectory we created for testing
+ public static void cleanUp(){
+
+ if (credentialManagerDirectory.exists()){
+ try {
+ FileUtils.deleteDirectory(credentialManagerDirectory);
+ System.out.println("Deleting Credential Manager's directory: "
+ + credentialManagerDirectory.getAbsolutePath());
+ } catch (IOException e) {
+ System.out.println(e.getStackTrace());
+ }
+ }
+ }
+
+ @Test
+ @Ignore
+ public void testCredentialManager() throws CMException, URISyntaxException, IOException{
+
+ // There are 3 service username and password entries in the Keystore
+ List<URI> serviceList = credentialManager.getServiceURIsForAllUsernameAndPasswordPairs();
+ assertTrue(serviceList.size() == 3);
+ System.out.println();
+ assertTrue(serviceList.contains(serviceURI2));
+
+ credentialManager.deleteUsernameAndPasswordForService(serviceURI3);
+ assertFalse(credentialManager.hasUsernamePasswordForService(serviceURI3));
+
+ // There are 2 private/public key pair entries in the Keystore
+ credentialManager.hasKeyPair(privateKey, privateKeyCertChain);
+
+ // There are Google's and heater.cs.man.ac's trusted certificates in the Truststore
+ credentialManager.hasTrustedCertificate(trustedCertficateGoogle);
+ // Open a HTTPS connection to Google
+ URL url = new URL("https://code.google.com/p/taverna/");
+ HttpsURLConnection conn;
+ conn = (HttpsURLConnection) url.openConnection();
+ // This should work
+ conn.connect();
+ assertEquals("HTTP/1.1 200 OK", conn.getHeaderField(0));
+ conn.disconnect();
+
+ credentialManager.hasTrustedCertificate(trustedCertficateHeater);
+ // Open a HTTPS connection to heater
+ url = new URL("https://heater.cs.man.ac.uk:7443/");
+ conn = (HttpsURLConnection) url.openConnection();
+ // This should work
+ conn.connect();
+ assertEquals("HTTP/1.1 200 OK", conn.getHeaderField(0));
+ conn.disconnect();
+
+ }
+
+ public void generateKeystores() throws Exception{
+
+ setUpBeforeCLass();
+
+ // The code below sets up the Keystore and Truststore files and loads some data into them
+ // and saves them into a temp directory. These files can later be used for testing the Credential
+ // Manager with non-empty keystores.
+ Random randomGenerator = new Random();
+ String credentialManagerDirectoryPath = System
+ .getProperty("java.io.tmpdir")
+ + System.getProperty("file.separator")
+ + "taverna-security-"
+ + randomGenerator.nextInt(1000000);
+ System.out.println("Credential Manager's Keystore and Truststore will be saved to: "
+ + credentialManagerDirectoryPath);
+ credentialManagerDirectory = new File(credentialManagerDirectoryPath);
+ credentialManager.setConfigurationDirectoryPath(credentialManagerDirectory);
+
+ // Create the dummy master password provider
+ masterPasswordProvider = new DummyMasterPasswordProvider();
+// masterPasswordProvider.setMasterPassword(masterPassword);
+ masterPasswordProvider.setMasterPassword("uber");
+ List<MasterPasswordProvider> masterPasswordProviders = new ArrayList<MasterPasswordProvider>();
+ masterPasswordProviders.add(masterPasswordProvider);
+ credentialManager.setMasterPasswordProviders(masterPasswordProviders);
+
+ // Add some stuff into Credential Manager
+ credentialManager.addUsernameAndPasswordForService(usernamePassword, new URI("http://heater.cs.man.ac.uk:7070/axis/services/HelloService-PlaintextPassword?wsdl"));
+
+// credentialManager.addUsernameAndPasswordForService(usernamePassword, serviceURI);
+// credentialManager.addUsernameAndPasswordForService(usernamePassword2, serviceURI2);
+// credentialManager.addUsernameAndPasswordForService(usernamePassword3, serviceURI3);
+// credentialManager.addKeyPair(privateKey, privateKeyCertChain);
+ credentialManager.addTrustedCertificate(trustedCertficateHeater);
+ }
+
+
+}