You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@taverna.apache.org by st...@apache.org on 2016/05/04 17:00:39 UTC
[3/5] incubator-taverna-engine git commit:
taverna-credential-manager-api
taverna-credential-manager-api
Project: http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/commit/987633bb
Tree: http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/tree/987633bb
Diff: http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/diff/987633bb
Branch: refs/heads/master
Commit: 987633bbe8e2e76f9acb18e5b0eb057a9bacae20
Parents: 63f5ea0
Author: Stian Soiland-Reyes <st...@apache.org>
Authored: Wed May 4 14:05:38 2016 +0100
Committer: Stian Soiland-Reyes <st...@apache.org>
Committed: Wed May 4 14:05:38 2016 +0100
----------------------------------------------------------------------
README.md | 2 +-
pom.xml | 2 +-
taverna-credential-manager-api/pom.xml | 77 ++++
.../security/credentialmanager/CMException.java | 60 +++
.../CMNotInitialisedException.java | 44 ++
.../credentialmanager/CredentialManager.java | 414 +++++++++++++++++++
.../DistinguishedNameParser.java | 60 +++
.../JavaTruststorePasswordProvider.java | 72 ++++
.../credentialmanager/KeystoreChangedEvent.java | 38 ++
.../MasterPasswordProvider.java | 111 +++++
.../ParsedDistinguishedName.java | 73 ++++
.../ServiceUsernameAndPasswordProvider.java | 63 +++
.../TrustConfirmationProvider.java | 75 ++++
.../credentialmanager/UsernamePassword.java | 89 ++++
...rity.credentialmanager.CredentialProviderSPI | 1 +
.../src/test/resources/html/test.html | 23 ++
.../src/test/resources/realm.properties | 16 +
taverna-credential-manager-impl/pom.xml | 2 +-
taverna-credential-manager/pom.xml | 77 ----
.../security/credentialmanager/CMException.java | 60 ---
.../CMNotInitialisedException.java | 44 --
.../credentialmanager/CredentialManager.java | 414 -------------------
.../DistinguishedNameParser.java | 60 ---
.../JavaTruststorePasswordProvider.java | 72 ----
.../credentialmanager/KeystoreChangedEvent.java | 38 --
.../MasterPasswordProvider.java | 111 -----
.../ParsedDistinguishedName.java | 73 ----
.../ServiceUsernameAndPasswordProvider.java | 63 ---
.../TrustConfirmationProvider.java | 75 ----
.../credentialmanager/UsernamePassword.java | 89 ----
...rity.credentialmanager.CredentialProviderSPI | 1 -
.../src/test/resources/html/test.html | 23 --
.../src/test/resources/realm.properties | 16 -
33 files changed, 1219 insertions(+), 1219 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/987633bb/README.md
----------------------------------------------------------------------
diff --git a/README.md b/README.md
index 437e468..a798fe2 100644
--- a/README.md
+++ b/README.md
@@ -132,7 +132,7 @@ packaging of the
* [taverna-activity-test-utils](taverna-activity-test-utils/) Apache Taverna Activity test utils
* [taverna-capability-api](taverna-capability-api/) Apache Taverna Platform Capability API
* [taverna-capability-impl](taverna-capability-impl/) Apache Taverna Platform Capability impl
-* [taverna-credential-manager](taverna-credential-manager/) Apache Taverna Credential manager
+* [taverna-credential-manager-api](taverna-credential-manager-api/) Apache Taverna Credential Manager API
* [taverna-credential-manager-impl](taverna-credential-manager-impl/) Apache Taverna Credential Manager impl
* [taverna-database-configuration-api](taverna-database-configuration-api/) Apache Taverna Database Configuration API
* [taverna-database-configuration-impl](taverna-database-configuration-impl/) Apache Taverna Database Configuration impl
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/987633bb/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 10765c7..c905d45 100644
--- a/pom.xml
+++ b/pom.xml
@@ -50,7 +50,7 @@
<module>taverna-activity-test-utils</module>
<module>taverna-capability-api</module>
<module>taverna-capability-impl</module>
- <module>taverna-credential-manager</module>
+ <module>taverna-credential-manager-api</module>
<module>taverna-credential-manager-impl</module>
<module>taverna-database-configuration-api</module>
<module>taverna-database-configuration-impl</module>
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/987633bb/taverna-credential-manager-api/pom.xml
----------------------------------------------------------------------
diff --git a/taverna-credential-manager-api/pom.xml b/taverna-credential-manager-api/pom.xml
new file mode 100644
index 0000000..5127f80
--- /dev/null
+++ b/taverna-credential-manager-api/pom.xml
@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>org.apache.taverna.engine</groupId>
+ <artifactId>apache-taverna-engine</artifactId>
+ <version>3.1.0-incubating-SNAPSHOT</version>
+ </parent>
+ <artifactId>taverna-credential-manager-api</artifactId>
+ <packaging>bundle</packaging>
+ <name>Apache Taverna Credential Manager API</name>
+ <dependencies>
+ <dependency>
+ <groupId>${project.parent.groupId}</groupId>
+ <artifactId>taverna-observer</artifactId>
+ <version>${project.parent.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.taverna.osgi</groupId>
+ <artifactId>taverna-app-configuration-api</artifactId>
+ <version>${taverna.osgi.version}</version>
+ </dependency>
+ <!-- <dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>com.springsource.org.bouncycastle.jce</artifactId>
+ <version>1.39.0</version>
+ </dependency>
+ <dependency>
+<groupId>org.bouncycastle</groupId><artifactId>bcprov-jdk15on</artifactId>
+<version>1.54</version>
+
+ </dependency>
+-->
+ <dependency>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ <version>${log4j.version}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <version>${junit.version}</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>commons-io</groupId>
+ <artifactId>commons-io</artifactId>
+ <version>${commons.io.version}</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.mortbay.jetty</groupId>
+ <artifactId>jetty</artifactId>
+ <version>${jetty.version}</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+</project>
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/987633bb/taverna-credential-manager-api/src/main/java/org/apache/taverna/security/credentialmanager/CMException.java
----------------------------------------------------------------------
diff --git a/taverna-credential-manager-api/src/main/java/org/apache/taverna/security/credentialmanager/CMException.java b/taverna-credential-manager-api/src/main/java/org/apache/taverna/security/credentialmanager/CMException.java
new file mode 100644
index 0000000..02a3c3a
--- /dev/null
+++ b/taverna-credential-manager-api/src/main/java/org/apache/taverna/security/credentialmanager/CMException.java
@@ -0,0 +1,60 @@
+/*
+* Licensed to the Apache Software Foundation (ASF) under one
+* or more contributor license agreements. See the NOTICE file
+* distributed with this work for additional information
+* regarding copyright ownership. The ASF licenses this file
+* to you under the Apache License, Version 2.0 (the
+* "License"); you may not use this file except in compliance
+* with the License. You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing,
+* software distributed under the License is distributed on an
+* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+* KIND, either express or implied. See the License for the
+* specific language governing permissions and limitations
+* under the License.
+*/
+
+package org.apache.taverna.security.credentialmanager;
+
+/**
+ * Represents a (cryptographic or any other) exception thrown by Credential
+ * Manager.
+ *
+ * @author Alexandra Nenadic
+ */
+public class CMException extends Exception {
+
+ private static final long serialVersionUID = 3885885604048806903L;
+
+ /**
+ * Creates a new CMException.
+ */
+ public CMException() {
+ super();
+ }
+
+ /**
+ * Creates a new CMException with the specified message.
+ */
+ public CMException(String message) {
+ super(message);
+ }
+
+ /**
+ * Creates a new CMException with the specified message and cause.
+ *
+ */
+ public CMException(String message, Throwable cause) {
+ super(message, cause);
+ }
+
+ /**
+ * Creates a new CMException with the specified cause throwable.
+ */
+ public CMException(Throwable cause) {
+ super(cause);
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/987633bb/taverna-credential-manager-api/src/main/java/org/apache/taverna/security/credentialmanager/CMNotInitialisedException.java
----------------------------------------------------------------------
diff --git a/taverna-credential-manager-api/src/main/java/org/apache/taverna/security/credentialmanager/CMNotInitialisedException.java b/taverna-credential-manager-api/src/main/java/org/apache/taverna/security/credentialmanager/CMNotInitialisedException.java
new file mode 100644
index 0000000..f912700
--- /dev/null
+++ b/taverna-credential-manager-api/src/main/java/org/apache/taverna/security/credentialmanager/CMNotInitialisedException.java
@@ -0,0 +1,44 @@
+/*
+* Licensed to the Apache Software Foundation (ASF) under one
+* or more contributor license agreements. See the NOTICE file
+* distributed with this work for additional information
+* regarding copyright ownership. The ASF licenses this file
+* to you under the Apache License, Version 2.0 (the
+* "License"); you may not use this file except in compliance
+* with the License. You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing,
+* software distributed under the License is distributed on an
+* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+* KIND, either express or implied. See the License for the
+* specific language governing permissions and limitations
+* under the License.
+*/
+
+package org.apache.taverna.security.credentialmanager;
+
+/**
+ * Represents an exception thrown by Credential Manager if an application tries
+ * to invoke certain methods on it before it has been initialised.
+ *
+ * @author Alex Nenadic
+ */
+public class CMNotInitialisedException extends Exception {
+ private static final long serialVersionUID = 6041577726294822985L;
+
+ /**
+ * Creates a new CMNotInitialisedException.
+ */
+ public CMNotInitialisedException() {
+ super();
+ }
+
+ /**
+ * Creates a new CMNotInitialisedException with the specified message.
+ */
+ public CMNotInitialisedException(String message) {
+ super(message);
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/987633bb/taverna-credential-manager-api/src/main/java/org/apache/taverna/security/credentialmanager/CredentialManager.java
----------------------------------------------------------------------
diff --git a/taverna-credential-manager-api/src/main/java/org/apache/taverna/security/credentialmanager/CredentialManager.java b/taverna-credential-manager-api/src/main/java/org/apache/taverna/security/credentialmanager/CredentialManager.java
new file mode 100644
index 0000000..5ccd8f2
--- /dev/null
+++ b/taverna-credential-manager-api/src/main/java/org/apache/taverna/security/credentialmanager/CredentialManager.java
@@ -0,0 +1,414 @@
+/*
+* Licensed to the Apache Software Foundation (ASF) under one
+* or more contributor license agreements. See the NOTICE file
+* distributed with this work for additional information
+* regarding copyright ownership. The ASF licenses this file
+* to you under the Apache License, Version 2.0 (the
+* "License"); you may not use this file except in compliance
+* with the License. You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing,
+* software distributed under the License is distributed on an
+* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+* KIND, either express or implied. See the License for the
+* specific language governing permissions and limitations
+* under the License.
+*/
+
+package org.apache.taverna.security.credentialmanager;
+
+import java.net.Authenticator;
+import java.net.URI;
+import java.nio.file.Path;
+import java.security.Key;
+import java.security.KeyStore;
+import java.security.cert.Certificate;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.net.ssl.SSLSocketFactory;
+
+import org.apache.taverna.lang.observer.Observer;
+
+/**
+ * Provides a wrapper for Taverna's Keystore and Truststore and implements
+ * methods for managing user's credentials (passwords, private/proxy key pairs)
+ * and credentials of trusted services and CAs' (i.e. their public key
+ * certificates).
+ * <p>
+ * Keystore and Truststore are Bouncy Castle UBER-type keystores saved as files
+ * called "taverna-keystore.ubr" and "taverna-truststore.ubr" respectively. In
+ * the case of the Workbench, they are located in a directory called "security"
+ * inside the taverna.home directory. This location can be changed, e.g. in the
+ * case of the server and command line tool you may want to pass in the location
+ * of the Credential Manager's files.
+ *
+ * @author Alex Nenadic
+ * @author Stian Soiland-Reyes
+ */
+public interface CredentialManager {
+
+ public static final String KEYSTORE_FILE_NAME = "taverna-keystore.ubr";
+ public static final String TRUSTSTORE_FILE_NAME = "taverna-truststore.ubr";
+
+ public static final String UTF_8 = "UTF-8";
+
+ public static final String PROPERTY_TRUSTSTORE = "javax.net.ssl.trustStore";
+ public static final String PROPERTY_TRUSTSTORE_PASSWORD = "javax.net.ssl.trustStorePassword";
+ public static final String PROPERTY_KEYSTORE = "javax.net.ssl.keyStore";
+ public static final String PROPERTY_KEYSTORE_PASSWORD = "javax.net.ssl.keyStorePassword";
+ public static final String PROPERTY_KEYSTORE_TYPE = "javax.net.ssl.keyStoreType";
+ public static final String PROPERTY_KEYSTORE_PROVIDER = "javax.net.ssl.keyStoreProvider";
+ public static final String PROPERTY_TRUSTSTORE_TYPE = "javax.net.ssl.trustStoreType";
+ public static final String PROPERTY_TRUSTSTORE_PROVIDER = "javax.net.ssl.trustStoreProvider";
+
+ // Existence of the file with this name in the Credential Manager folder
+ // indicates the we have deleted the revoked certificates from some of our services -
+ // BioCatalogue, BiodiversityCatalogue, heater.
+ public static final String CERTIFICATES_REVOKED_INDICATOR_FILE_NAME = "certificates_revoked";
+
+ /*
+ * ASCII NUL character - for separating the username from the rest of the
+ * string when saving it in the Keystore. Seems like a good separator as it
+ * will highly unlikely feature in a username.
+ */
+ public static final char USERNAME_AND_PASSWORD_SEPARATOR_CHARACTER = '\u0000';
+
+ /*
+ * Constants denoting which of the two Credential Manager's keystores
+ * (Keystore or Truststore) we are currently performing an operation on (in
+ * cases when the same operation can be done on both).
+ */
+ public static enum KeystoreType {
+ KEYSTORE, TRUSTSTORE
+ };
+
+ /*
+ * Existence of this file in the Credential Manager folder indicates the
+ * user has set the master password so do not use the default password
+ */
+ public static final String USER_SET_MASTER_PASSWORD_INDICATOR_FILE_NAME = "user_set_master_password";
+
+ /*
+ * Default password for Truststore - needed as the Truststore needs to be
+ * populated before the Workbench starts up to initiate the SSLSocketFactory
+ * and to avoid popping up a dialog to ask the user for it.
+ */
+ // private static final String TRUSTSTORE_PASSWORD = "Tu/Ap%2_$dJt6*+Rca9v";
+
+ /**
+ * Set the directory where Credential Manager's Keystore and Truststore
+ * files will be read from. If this method is not used, the directory will
+ * default to <TAVERNA_HOME>/security somewhere in user's home directory.
+ *
+ * If you want to use this method to change the location of Credential
+ * Manager's configuration directory then make sure you call it before any
+ * other method on Credential Manager.
+ *
+ * @param credentialManagerDirectory
+ * @throws CMException
+ */
+ void setConfigurationDirectoryPath(Path credentialManagerDirectory)
+ throws CMException;
+
+ /**
+ * Checks if the Keystore contains a username and password for the given
+ * service URI.
+ */
+ boolean hasUsernamePasswordForService(URI serviceURI) throws CMException;
+
+ /**
+ * Get a username and password pair for the given service's URI, or null if
+ * it does not exit.
+ * <p>
+ * If the username and password are not available in the Keystore, it will
+ * invoke implementations of the {@link ServiceUsernameAndPasswordProvider}
+ * interface asking the user (typically through the UI) or resolving
+ * hard-coded credentials.
+ * <p>
+ * If the parameter <code>useURIPathRecursion</code> is true, then the
+ * Credential Manager will also attempt to look for stored credentials for
+ * each of the parent fragments of the URI.
+ *
+ * @param serviceURI
+ * The URI of the service for which we are providing the username
+ * and password
+ *
+ * @param useURIPathRecursion
+ * Whether to look for any username and passwords stored in the
+ * Keystore for the parent fragments of the service URI (for
+ * example, we are looking for the credentials for service
+ * http://somehost/some-fragment but we already have credentials
+ * stored for http://somehost which can be reused)
+ *
+ * @param requestingMessage
+ * The message to be presented to the user when asking for the
+ * username and password, normally useful for UI providers that
+ * pop up dialogs, can be ignored otherwise
+ *
+ * @return username and password pair for the given service
+ *
+ * @throws CMException
+ * if anything goes wrong during Keystore lookup, etc.
+ */
+ UsernamePassword getUsernameAndPasswordForService(URI serviceURI,
+ boolean useURIPathRecursion, String requestingMessage)
+ throws CMException;
+
+ /**
+ * Insert a username and password pair for the given service URI in the
+ * Keystore.
+ * <p>
+ * Effectively, this method inserts a new secret key entry in the Keystore,
+ * where key contains <USERNAME>"\000"<PASSWORD> string, i.e. password is
+ * prepended with the username and separated by a \000 character (which
+ * hopefully will not appear in the username).
+ * <p>
+ * Username and password string is saved in the Keystore as byte array using
+ * SecretKeySpec (which constructs a secret key from the given byte array
+ * but does not check if the given bytes indeed specify a secret key of the
+ * specified algorithm).
+ * <p>
+ * An alias used to identify the username and password entry is constructed
+ * as "password#"<SERVICE_URL> using the service URL this username/password
+ * pair is to be used for.
+ *
+ * @param usernamePassword
+ * The {@link UsernamePassword} to store
+ * @param serviceURI
+ * The (possibly normalized) URI to store the credentials under
+ * @return TODO
+ * @throws CMException
+ * If the credentials could not be stored
+ *
+ * @return the alias under which this username and password entry was saved
+ * in the Keystore
+ */
+ String addUsernameAndPasswordForService(UsernamePassword usernamePassword,
+ URI serviceURI) throws CMException;
+
+ /**
+ * Delete a username and password pair for the given service URI from the
+ * Keystore.
+ */
+ void deleteUsernameAndPasswordForService(URI serviceURI) throws CMException;
+
+ /**
+ * Checks if the Keystore contains the given key pair entry (private key and
+ * its corresponding public key certificate chain).
+ */
+ public boolean hasKeyPair(Key privateKey, Certificate[] certs)
+ throws CMException;
+
+ /**
+ * Insert a new key entry containing private key and the corresponding
+ * public key certificate chain in the Keystore.
+ *
+ * An alias used to identify the keypair entry is constructed as:
+ * "keypair#"<CERT_SUBJECT_COMMON_NAME>"#"<CERT_ISSUER_COMMON_NAME>"#"<
+ * CERT_SERIAL_NUMBER>
+ *
+ * @return the alias under which this key entry was saved in the Keystore
+ */
+ String addKeyPair(Key privateKey, Certificate[] certs) throws CMException;
+
+ /**
+ * Delete a key pair entry from the Keystore given its alias.
+ */
+ void deleteKeyPair(String alias) throws CMException;
+
+ /**
+ * Delete a key pair entry from the Keystore given its private and public
+ * key parts.
+ */
+ void deleteKeyPair(Key privateKey, Certificate[] certs) throws CMException;
+
+ /**
+ * Create a Keystore alias that would be used for adding the given key pair
+ * (private and public key) entry to the Keystore. The alias is cretaed as
+ * "keypair#"<CERT_SUBJECT_COMMON_NAME>"#"<CERT_ISSUER_COMMON_NAME>"#"<
+ * CERT_SERIAL_NUMBER>
+ *
+ * @param privateKey
+ * private key
+ * @param certs
+ * public key's certificate chain
+ * @return
+ */
+ String createKeyPairAlias(Key privateKey, Certificate certs[]);
+
+ /**
+ * Export a key entry containing private key and public key certificate
+ * chain from the Keystore to a PKCS #12 file.
+ */
+ void exportKeyPair(String alias, Path exportFile, String pkcs12Password)
+ throws CMException;
+
+ /**
+ * Get certificate entry from the Keystore or Truststore. If the given alias
+ * name identifies a trusted certificate entry, the certificate associated
+ * with that entry is returned from the Truststore. If the given alias name
+ * identifies a key pair entry, the first element of the certificate chain
+ * of that entry is returned from the Keystore.
+ */
+ Certificate getCertificate(KeystoreType ksType, String alias)
+ throws CMException;
+
+ /**
+ * Get certificate chain for the key pair entry from the Keystore given its
+ * alias.
+ * <p>
+ * This method works for the Keystore only as the Truststore does not
+ * contain key pair entries, but trusted certificate entries only.
+ */
+ Certificate[] getKeyPairsCertificateChain(String alias) throws CMException;
+
+ /**
+ * Get the private key part of a key pair entry from the Keystore given its
+ * alias.
+ * <p>
+ * This method works for the Keystore only as the Truststore does not
+ * contain key pair entries, but trusted certificate entries only.
+ */
+ Key getKeyPairsPrivateKey(String alias) throws CMException;
+
+ /**
+ * Checks if the Truststore contains the given public key certificate.
+ */
+ boolean hasTrustedCertificate(Certificate cert) throws CMException;
+
+ /**
+ * Insert a trusted certificate entry in the Truststore with an alias
+ * constructed as:
+ *
+ * "trustedcert#<CERT_SUBJECT_COMMON_NAME>"#"<CERT_ISSUER_COMMON_NAME>"#
+ * "<CERT_SERIAL_NUMBER>
+ *
+ * @return the alias under which this trusted certificate entry was saved in
+ * the Keystore
+ */
+ String addTrustedCertificate(X509Certificate cert) throws CMException;
+
+ /**
+ * Delete a trusted certificate entry from the Truststore given its alias.
+ */
+ void deleteTrustedCertificate(String alias) throws CMException;
+
+ /**
+ * Delete a trusted certificate entry from the Truststore given the
+ * certificate.
+ */
+ void deleteTrustedCertificate(X509Certificate cert) throws CMException;
+
+ /**
+ * Create a Truststore alias that would be used for adding the given trusted
+ * X509 certificate to the Truststore. The alias is cretaed as
+ * "trustedcert#"<CERT_SUBJECT_COMMON_NAME>"#"<CERT_ISSUER_COMMON_NAME>"#"<
+ * CERT_SERIAL_NUMBER>
+ *
+ * @param cert
+ * certificate to generate the alias for
+ * @return the alias for the given certificate
+ */
+ String createTrustedCertificateAlias(X509Certificate cert);
+
+ /**
+ * Check if the given alias identifies a key entry in the Keystore.
+ */
+ boolean isKeyEntry(String alias) throws CMException;
+
+ /**
+ * Check if the Keystore/Truststore contains an entry with the given alias.
+ */
+ boolean hasEntryWithAlias(KeystoreType ksType, String alias)
+ throws CMException;
+
+ /**
+ * Get all the aliases from the Keystore/Truststore or null if there was
+ * some error while accessing it.
+ */
+ ArrayList<String> getAliases(KeystoreType ksType) throws CMException;
+
+ /**
+ * Get service URIs associated with all username/password pairs currently in
+ * the Keystore.
+ *
+ * @see #hasUsernamePasswordForService(URI)
+ */
+ List<URI> getServiceURIsForAllUsernameAndPasswordPairs() throws CMException;
+
+ /**
+ * Load a PKCS12-type keystore from a file using the supplied password.
+ */
+ KeyStore loadPKCS12Keystore(Path pkcs12File, String pkcs12Password)
+ throws CMException;
+
+ /**
+ * Add an observer of the changes to the Keystore or Truststore.
+ */
+ void addObserver(Observer<KeystoreChangedEvent> observer);
+
+ /**
+ * Get all current observers of changes to the Keystore or Truststore.
+ */
+ List<Observer<KeystoreChangedEvent>> getObservers();
+
+ /**
+ * Remove an observer of the changes to the Keystore or Truststore.
+ */
+ void removeObserver(Observer<KeystoreChangedEvent> observer);
+
+ /**
+ * Checks if Keystore's master password is the same as the one provided.
+ *
+ * @param password
+ * @return
+ * @throws CMException
+ */
+ boolean confirmMasterPassword(String password) throws CMException;
+
+ /**
+ * Change the Keystore and the Truststore's master password to the one
+ * provided. The Keystore and Truststore both use the same password.
+ */
+ void changeMasterPassword(String newPassword) throws CMException;
+
+ /**
+ * Reset the JVMs cache for authentication like HTTP Basic Auth.
+ * <p>
+ * Note that this method uses undocumented calls to
+ * <code>sun.net.www.protocol.http.AuthCacheValue</code> which might not be
+ * valid in virtual machines other than Sun Java 6. If these calls fail,
+ * this method will log the error and return <code>false</code>.
+ *
+ * @return <code>true</code> if the VMs cache could be reset, or
+ * <code>false</code> otherwise.
+ */
+ boolean resetAuthCache();
+
+ /**
+ * Set the default SSLContext to use Credential Manager's Keystore and
+ * Truststore for managing SSL connections from Taverna and also set
+ * HttpsURLConnection's default SSLSocketFactory to use the one from the
+ * just configured SSLContext, i.e. backed by Credential Manager's Keystore
+ * and Truststore.
+ *
+ * @throws CMException
+ */
+ void initializeSSL() throws CMException;
+
+ /**
+ * Get Taverna's SSLSocketFactory backed by Credential Manager's Keystore
+ * and Truststore.
+ *
+ * @return
+ * @throws CMException
+ */
+ SSLSocketFactory getTavernaSSLSocketFactory() throws CMException;
+
+ public Authenticator getAuthenticator();
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/987633bb/taverna-credential-manager-api/src/main/java/org/apache/taverna/security/credentialmanager/DistinguishedNameParser.java
----------------------------------------------------------------------
diff --git a/taverna-credential-manager-api/src/main/java/org/apache/taverna/security/credentialmanager/DistinguishedNameParser.java b/taverna-credential-manager-api/src/main/java/org/apache/taverna/security/credentialmanager/DistinguishedNameParser.java
new file mode 100644
index 0000000..e2d31ab
--- /dev/null
+++ b/taverna-credential-manager-api/src/main/java/org/apache/taverna/security/credentialmanager/DistinguishedNameParser.java
@@ -0,0 +1,60 @@
+/*
+* Licensed to the Apache Software Foundation (ASF) under one
+* or more contributor license agreements. See the NOTICE file
+* distributed with this work for additional information
+* regarding copyright ownership. The ASF licenses this file
+* to you under the Apache License, Version 2.0 (the
+* "License"); you may not use this file except in compliance
+* with the License. You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing,
+* software distributed under the License is distributed on an
+* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+* KIND, either express or implied. See the License for the
+* specific language governing permissions and limitations
+* under the License.
+*/
+
+package org.apache.taverna.security.credentialmanager;
+
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.nio.file.Path;
+import java.security.cert.Certificate;
+import java.security.cert.X509Certificate;
+import org.apache.taverna.configuration.app.ApplicationConfiguration;
+
+/**
+ * Methods for parsing Distinguished Names and various associated utility methods.
+ *
+ * @author Alex Nenadic
+ * @author Stian Soiland-Reyes
+ * @author Christian Brenninkmeijer
+ */
+public interface DistinguishedNameParser {
+
+ /**
+ * Parses a DN string and fills in fields with DN parts.
+ */
+ public ParsedDistinguishedName parseDN(String DNstr);
+
+ public String getMessageDigestAsFormattedString(byte[] certBinaryEncoding, String shA1);
+
+ /**
+ * Convert the certificate object into an X509Certificate object.
+ */
+ public X509Certificate convertCertificate(Certificate certificate) throws CMException;
+
+ public URI setUserInfoForURI(URI uri, String userinfo) throws URISyntaxException;
+
+ public URI setFragmentForURI(URI uri, String userinfo) throws URISyntaxException;
+
+ /**
+ * Get the configuration directory where the security stuff will be/is saved
+ * to.
+ */
+ public Path getCredentialManagerDefaultDirectory(ApplicationConfiguration applicationConfiguration);
+
+ }
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/987633bb/taverna-credential-manager-api/src/main/java/org/apache/taverna/security/credentialmanager/JavaTruststorePasswordProvider.java
----------------------------------------------------------------------
diff --git a/taverna-credential-manager-api/src/main/java/org/apache/taverna/security/credentialmanager/JavaTruststorePasswordProvider.java b/taverna-credential-manager-api/src/main/java/org/apache/taverna/security/credentialmanager/JavaTruststorePasswordProvider.java
new file mode 100644
index 0000000..b03fbac
--- /dev/null
+++ b/taverna-credential-manager-api/src/main/java/org/apache/taverna/security/credentialmanager/JavaTruststorePasswordProvider.java
@@ -0,0 +1,72 @@
+/*
+* Licensed to the Apache Software Foundation (ASF) under one
+* or more contributor license agreements. See the NOTICE file
+* distributed with this work for additional information
+* regarding copyright ownership. The ASF licenses this file
+* to you under the Apache License, Version 2.0 (the
+* "License"); you may not use this file except in compliance
+* with the License. You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing,
+* software distributed under the License is distributed on an
+* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+* KIND, either express or implied. See the License for the
+* specific language governing permissions and limitations
+* under the License.
+*/
+
+package org.apache.taverna.security.credentialmanager;
+
+/**
+ * Defines an interface for providing a password for Java's default truststore
+ * located in JAVA_HOME/lib/security/cacerts.
+ * <p>
+ * Used by Credential Manager when trying to copy the trusted certificates from the
+ * Java's default truststore into the Credential Manageger's own Truststore. It will
+ * first try the default Java passwords and then if they do not work - it will loop
+ * through all the providers until one can provide the password. If none
+ * can, the certificates will not be copied.
+ * <p>
+ * A typical implementation of this class would pop up a dialog
+ * and ask the user for the password. Such providers should check
+ * {@link GraphicsEnvironment#isHeadless()} before returning to avoid
+ * attempts to pop up dialogues on server/headless installations.
+ * <p>
+ * It is safe to return <code>null</code> if the provider does not have an
+ * opinion.
+ *
+ * @see CredentialManagerOld
+ * @author Alex Nenadic
+ * @author Stian Soiland-Reyes
+ *
+ */
+public interface JavaTruststorePasswordProvider {
+
+ /**
+ * Get the Java truststore password.
+ * <p>
+ * This method will only be called if the provider returned
+ * <code>true</code> from {@link #canProvideJavaTruststorePassword()}.
+ * <p>
+ * This method will be called when initialising the Credential Manager
+ * for the first time, in the cases where the Java truststore password has
+ * been changed from the VM default. The Credential Manager will need this
+ * password to unlock the Java truststore and copy the trusted certificate
+ * into the Credential Managers's own Truststore.
+ * <p>
+ * Generally only advanced users would change this password.
+ *
+ * @return The Java truststore password, or <code>null</code> if not
+ * available (for instance if user action was cancelled).
+ */
+ public String getJavaTruststorePassword();
+
+ /**
+ * Set the Java truststore password.
+ * @param password to set
+ */
+ public void setJavaTruststorePassword(String password);
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/987633bb/taverna-credential-manager-api/src/main/java/org/apache/taverna/security/credentialmanager/KeystoreChangedEvent.java
----------------------------------------------------------------------
diff --git a/taverna-credential-manager-api/src/main/java/org/apache/taverna/security/credentialmanager/KeystoreChangedEvent.java b/taverna-credential-manager-api/src/main/java/org/apache/taverna/security/credentialmanager/KeystoreChangedEvent.java
new file mode 100644
index 0000000..6c74f59
--- /dev/null
+++ b/taverna-credential-manager-api/src/main/java/org/apache/taverna/security/credentialmanager/KeystoreChangedEvent.java
@@ -0,0 +1,38 @@
+/*
+* Licensed to the Apache Software Foundation (ASF) under one
+* or more contributor license agreements. See the NOTICE file
+* distributed with this work for additional information
+* regarding copyright ownership. The ASF licenses this file
+* to you under the Apache License, Version 2.0 (the
+* "License"); you may not use this file except in compliance
+* with the License. You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing,
+* software distributed under the License is distributed on an
+* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+* KIND, either express or implied. See the License for the
+* specific language governing permissions and limitations
+* under the License.
+*/
+
+package org.apache.taverna.security.credentialmanager;
+
+import org.apache.taverna.security.credentialmanager.CredentialManager.KeystoreType;
+
+/**
+ * An event given to {@link CredentialManagerOld} observers registered using
+ * {@link Observable#addObserver(org.apache.taverna.lang.observer.Observer)} to
+ * let them know the Keystore or Truststore have been changed.
+ *
+ * @author Alex Nenadic
+ */
+public class KeystoreChangedEvent {
+ // Whether the change is on the Keystore or the Truststore
+ public final KeystoreType keystoreType;
+
+ public KeystoreChangedEvent(KeystoreType keystoreType) {
+ this.keystoreType = keystoreType;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/987633bb/taverna-credential-manager-api/src/main/java/org/apache/taverna/security/credentialmanager/MasterPasswordProvider.java
----------------------------------------------------------------------
diff --git a/taverna-credential-manager-api/src/main/java/org/apache/taverna/security/credentialmanager/MasterPasswordProvider.java b/taverna-credential-manager-api/src/main/java/org/apache/taverna/security/credentialmanager/MasterPasswordProvider.java
new file mode 100644
index 0000000..3011573
--- /dev/null
+++ b/taverna-credential-manager-api/src/main/java/org/apache/taverna/security/credentialmanager/MasterPasswordProvider.java
@@ -0,0 +1,111 @@
+/*
+* Licensed to the Apache Software Foundation (ASF) under one
+* or more contributor license agreements. See the NOTICE file
+* distributed with this work for additional information
+* regarding copyright ownership. The ASF licenses this file
+* to you under the Apache License, Version 2.0 (the
+* "License"); you may not use this file except in compliance
+* with the License. You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing,
+* software distributed under the License is distributed on an
+* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+* KIND, either express or implied. See the License for the
+* specific language governing permissions and limitations
+* under the License.
+*/
+
+package org.apache.taverna.security.credentialmanager;
+
+import java.util.Comparator;
+
+/**
+ * Defines an interface for providing a master password for the Credential
+ * Manager. This master password is used to encrypt/decrypt the Credential
+ * Manager's Keystore/Truststore.
+ * <p>
+ * A typical implementation of this class would pop up a dialog to ask the user
+ * for the master password. Such providers should check
+ * {@link GraphicsEnvironment#isHeadless()} before returning, to avoid attempts
+ * to pop up dialogues on server/headless installations.
+ * <p>
+ * Another example may be to read the master password from a file or from
+ * command line parameters.
+ *
+ * @see CredentialManager
+ * @author Alex Nenadic
+ * @author Stian Soiland-Reyes
+ */
+public interface MasterPasswordProvider {
+
+ /**
+ * Get the master password for the Credential Manager.
+ * <p>
+ * This method will only be called if the provider returned
+ * <code>true</code> from {@link #canProvideMasterPassword()}.
+ * <p>
+ * If the parameter <code>firstTime</code> is <code>true</code>, this is a
+ * request for <em>setting</em> the master password, as the Keystore and
+ * Truststore have not been created yet.
+ *
+ * @see #canProvideMasterPassword()
+ * @param firstTime
+ * <code>true</code> if this is the first time the keystore is
+ * accessed, in which case the returned password will be used to
+ * encrypt the keystore. If <code>false</code>, the returned
+ * password will be used to decrypt (unlock) the keystore.
+ * @return The master password, or <code>null</code> if not available (user
+ * cancelled, etc.)
+ */
+ public String getMasterPassword(boolean firstTime);
+
+ /**
+ * Set the master password.
+ *
+ * @param password
+ * to set
+ */
+ public void setMasterPassword(String password);
+
+ /**
+ * Get the priority of this provider.
+ * <p>
+ * The providers with highest priority will be asked first, lower-priority
+ * providers will be asked only if the higher ones either return
+ * <code>false</code> on the canProvideMasterPassword() method, or return
+ * <code>null</code> on the corresponding actual request.
+ * <p>
+ * It is undetermined who will be asked first if providers have the same
+ * priority.
+ * <p>
+ * A typical priority for UI providers that pop up a dialog to as the user
+ * could be <code>100</code>, allowing server-side providers to override
+ * with priorities like <code>500</code>, or fall-back providers (say by
+ * reading system properties) to have a priority of <code>10</code>.
+ *
+ * @return The priority of this provider. Higher number means higher
+ * priority.
+ */
+ public int getProviderPriority();
+
+ /**
+ * Set the provider's priority that determines the order in which various
+ * master password providers will be invoked.
+ *
+ * @param priority
+ * provider's priority
+ */
+ // public void setProviderPriority(int priority);
+
+ public class ProviderComparator implements
+ Comparator<MasterPasswordProvider> {
+ @Override
+ public int compare(MasterPasswordProvider provider1,
+ MasterPasswordProvider provider2) {
+ return provider1.getProviderPriority()
+ - provider2.getProviderPriority();
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/987633bb/taverna-credential-manager-api/src/main/java/org/apache/taverna/security/credentialmanager/ParsedDistinguishedName.java
----------------------------------------------------------------------
diff --git a/taverna-credential-manager-api/src/main/java/org/apache/taverna/security/credentialmanager/ParsedDistinguishedName.java b/taverna-credential-manager-api/src/main/java/org/apache/taverna/security/credentialmanager/ParsedDistinguishedName.java
new file mode 100644
index 0000000..620a796
--- /dev/null
+++ b/taverna-credential-manager-api/src/main/java/org/apache/taverna/security/credentialmanager/ParsedDistinguishedName.java
@@ -0,0 +1,73 @@
+/*
+* Licensed to the Apache Software Foundation (ASF) under one
+* or more contributor license agreements. See the NOTICE file
+* distributed with this work for additional information
+* regarding copyright ownership. The ASF licenses this file
+* to you under the Apache License, Version 2.0 (the
+* "License"); you may not use this file except in compliance
+* with the License. You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing,
+* software distributed under the License is distributed on an
+* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+* KIND, either express or implied. See the License for the
+* specific language governing permissions and limitations
+* under the License.
+*/
+
+package org.apache.taverna.security.credentialmanager;
+
+
+/**
+ * A parsed Distinguished Name with getters for parts.
+ *
+ * @author Alex Nenadic
+ * @author Stian Soiland-Reyes
+ * @author Christian Brenninkmeijer
+ */
+public interface ParsedDistinguishedName {
+
+ /**
+ *
+ * @return The common name
+ */
+ public String getCN();
+
+ /**
+ *
+ * @return The Email address
+ */
+ public String getEmailAddress();
+
+ /**
+ *
+ * @return The organizational unit name
+ */
+ public String getOU();
+
+ /**
+ *
+ * @return The organization name
+ */
+ public String getO();
+
+ /**
+ *
+ * @return The locality name
+ */
+ public String getL();
+
+ /**
+ *
+ * @return The state or province name
+ */
+ public String getST();
+
+ /**
+ *
+ * @return The country name
+ */
+ public String getC();
+}
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/987633bb/taverna-credential-manager-api/src/main/java/org/apache/taverna/security/credentialmanager/ServiceUsernameAndPasswordProvider.java
----------------------------------------------------------------------
diff --git a/taverna-credential-manager-api/src/main/java/org/apache/taverna/security/credentialmanager/ServiceUsernameAndPasswordProvider.java b/taverna-credential-manager-api/src/main/java/org/apache/taverna/security/credentialmanager/ServiceUsernameAndPasswordProvider.java
new file mode 100644
index 0000000..900c247
--- /dev/null
+++ b/taverna-credential-manager-api/src/main/java/org/apache/taverna/security/credentialmanager/ServiceUsernameAndPasswordProvider.java
@@ -0,0 +1,63 @@
+/*
+* Licensed to the Apache Software Foundation (ASF) under one
+* or more contributor license agreements. See the NOTICE file
+* distributed with this work for additional information
+* regarding copyright ownership. The ASF licenses this file
+* to you under the Apache License, Version 2.0 (the
+* "License"); you may not use this file except in compliance
+* with the License. You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing,
+* software distributed under the License is distributed on an
+* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+* KIND, either express or implied. See the License for the
+* specific language governing permissions and limitations
+* under the License.
+*/
+
+package org.apache.taverna.security.credentialmanager;
+
+import java.net.URI;
+
+/**
+ * Defines an interface for providing a username and password for a service to
+ * be invoked as part of a workflow run.
+ * <p>
+ * Used by Credential Manager when looking up the username and password for the
+ * service in its Keystore - if it cannot find anything it will loop through all
+ * providers until one can provide them. If none can, the service invocation
+ * will (most probably) fail.
+ * <p>
+ * A typical implementation of this class would pop up a dialog and ask the user
+ * for the password. Such providers should check
+ * {@link GraphicsEnvironment#isHeadless()} before returning to avoid attempts
+ * to pop up dialogues on server/headless installations.
+ *
+ * @see CredentialManager
+ * @author Alex Nenadic
+ * @author Stian Soiland-Reyes
+ */
+public interface ServiceUsernameAndPasswordProvider {
+ /**
+ * Get the username and password pair for the given service URI.
+ *
+ * @param serviceURI
+ * The service we are looking username and password for
+ * @param requestMessage
+ * The message to be presented to the user when asking for the
+ * username and password, normally useful for UI providers that
+ * pop up dialogs, can be ignored otherwise
+ * @return the username and password pair for the given service URI, or
+ * <tt>null</tt> if the provider does not know for this URI.
+ */
+ UsernamePassword getServiceUsernameAndPassword(URI serviceURI,
+ String requestMessage);
+
+ /**
+ * Set the username and password pair for the given service URI.
+ */
+ void setServiceUsernameAndPassword(URI serviceURI,
+ UsernamePassword usernamePassword);
+}
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/987633bb/taverna-credential-manager-api/src/main/java/org/apache/taverna/security/credentialmanager/TrustConfirmationProvider.java
----------------------------------------------------------------------
diff --git a/taverna-credential-manager-api/src/main/java/org/apache/taverna/security/credentialmanager/TrustConfirmationProvider.java b/taverna-credential-manager-api/src/main/java/org/apache/taverna/security/credentialmanager/TrustConfirmationProvider.java
new file mode 100644
index 0000000..4a57901
--- /dev/null
+++ b/taverna-credential-manager-api/src/main/java/org/apache/taverna/security/credentialmanager/TrustConfirmationProvider.java
@@ -0,0 +1,75 @@
+/*
+* Licensed to the Apache Software Foundation (ASF) under one
+* or more contributor license agreements. See the NOTICE file
+* distributed with this work for additional information
+* regarding copyright ownership. The ASF licenses this file
+* to you under the Apache License, Version 2.0 (the
+* "License"); you may not use this file except in compliance
+* with the License. You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing,
+* software distributed under the License is distributed on an
+* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+* KIND, either express or implied. See the License for the
+* specific language governing permissions and limitations
+* under the License.
+*/
+
+package org.apache.taverna.security.credentialmanager;
+
+import java.security.cert.X509Certificate;
+
+/**
+ * Defines an interface for providing ways to confirm/decline trust in a given
+ * service (i.e. its public key certificate).
+ * <p>
+ * Used by Credential Manager when looking up the username and password for the
+ * service in its Keystore - if it cannot find anything it will loop through all
+ * providers until one can provide them. If none can, the service invocation
+ * will (most probably) fail.
+ * <p>
+ * A typical implementation of this class would pop up a dialog and ask the user
+ * for the password. Such providers should check
+ * {@link GraphicsEnvironment#isHeadless()} before returning to avoid attempts
+ * to pop up dialogues on server/headless installations.
+ * <p>
+ * It is safe to return <code>null</code> if the provider does not have an
+ * opinion.
+ *
+ * @see CredentialManager
+ * @author Alex Nenadic
+ * @author Stian Soiland-Reyes
+ *
+ */
+public interface TrustConfirmationProvider {
+ /**
+ * If the given public key certificate should be trusted or not.
+ * <p>
+ * This method is called when a SSL connection is attempted to a service
+ * which certificate could not be confirmed using the Credential Manager's
+ * Truststore (i.e. it could not be found there).
+ * <p>
+ * A typical implementation of this class would pop up a dialog and ask the
+ * user if they want to trust the service. Such providers should check
+ * {@link GraphicsEnvironment#isHeadless()} before returning to avoid
+ * attempts to pop up dialogues on server/headless installations.
+ * <p>
+ * The provider can return <code>null</code> if it does not have an opinion
+ * whether the certificate should be trusted or not (in which case other
+ * providers will be asked), or an instance of {@link TrustConfirmation}
+ * confirming or denying if the certificate is to be trusted.
+ * <p>
+ * If the provider returns <code>true</code>, the Credential Manager will
+ * also save the first certificate of the certificate chain (chain[0]) in
+ * its Truststore so the user will not be asked next time.
+ *
+ * @param chain
+ * X509 certificate chain to confirm whether it is trusted or not
+ * @return <code>null</code> if the provider does not have an opinion,
+ * <code>true</code> if certificate is to be trusted and
+ * <code>false</code> if not.
+ */
+ public Boolean shouldTrustCertificate(X509Certificate[] chain);
+}
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/987633bb/taverna-credential-manager-api/src/main/java/org/apache/taverna/security/credentialmanager/UsernamePassword.java
----------------------------------------------------------------------
diff --git a/taverna-credential-manager-api/src/main/java/org/apache/taverna/security/credentialmanager/UsernamePassword.java b/taverna-credential-manager-api/src/main/java/org/apache/taverna/security/credentialmanager/UsernamePassword.java
new file mode 100644
index 0000000..c1be471
--- /dev/null
+++ b/taverna-credential-manager-api/src/main/java/org/apache/taverna/security/credentialmanager/UsernamePassword.java
@@ -0,0 +1,89 @@
+/*
+* Licensed to the Apache Software Foundation (ASF) under one
+* or more contributor license agreements. See the NOTICE file
+* distributed with this work for additional information
+* regarding copyright ownership. The ASF licenses this file
+* to you under the Apache License, Version 2.0 (the
+* "License"); you may not use this file except in compliance
+* with the License. You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing,
+* software distributed under the License is distributed on an
+* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+* KIND, either express or implied. See the License for the
+* specific language governing permissions and limitations
+* under the License.
+*/
+
+package org.apache.taverna.security.credentialmanager;
+
+import java.util.Arrays;
+
+/**
+ *
+ * @author Stian Soiland-Reyes
+ */
+public class UsernamePassword {
+ private char[] password;
+ private boolean shouldSave = false;
+ private String username;
+
+ @Override
+ public UsernamePassword clone() {
+ UsernamePassword up = new UsernamePassword();
+ up.setUsername(getUsername());
+ up.setPassword(getPassword().clone());
+ up.setShouldSave(isShouldSave());
+ return up;
+ }
+
+ public UsernamePassword() {
+ }
+
+ public UsernamePassword(String username, String password) {
+ this.username = username;
+ this.password = password.toCharArray();
+ }
+
+ public char[] getPassword() {
+ return password;
+ }
+
+ public String getPasswordAsString() {
+ return String.valueOf(password);
+ }
+
+ public String getUsername() {
+ return username;
+ }
+
+ public boolean isShouldSave() {
+ return shouldSave;
+ }
+
+ public void resetPassword() {
+ if (this.password == null)
+ return;
+ Arrays.fill(this.password, '\u0000');
+ }
+
+ public void setPassword(char[] password) {
+ resetPassword();
+ this.password = password;
+ }
+
+ public void setShouldSave(boolean shouldSave) {
+ this.shouldSave = shouldSave;
+ }
+
+ public void setUsername(String username) {
+ this.username = username;
+ }
+
+ @Override
+ protected void finalize() throws Throwable {
+ resetPassword();
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/987633bb/taverna-credential-manager-api/src/main/resources/META-INF/services/org.apache.taverna.security.credentialmanager.CredentialProviderSPI
----------------------------------------------------------------------
diff --git a/taverna-credential-manager-api/src/main/resources/META-INF/services/org.apache.taverna.security.credentialmanager.CredentialProviderSPI b/taverna-credential-manager-api/src/main/resources/META-INF/services/org.apache.taverna.security.credentialmanager.CredentialProviderSPI
new file mode 100644
index 0000000..a6b03b4
--- /dev/null
+++ b/taverna-credential-manager-api/src/main/resources/META-INF/services/org.apache.taverna.security.credentialmanager.CredentialProviderSPI
@@ -0,0 +1 @@
+org.apache.taverna.security.credentialmanager.DefaultMasterPasswordProvider
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/987633bb/taverna-credential-manager-api/src/test/resources/html/test.html
----------------------------------------------------------------------
diff --git a/taverna-credential-manager-api/src/test/resources/html/test.html b/taverna-credential-manager-api/src/test/resources/html/test.html
new file mode 100644
index 0000000..fc56725
--- /dev/null
+++ b/taverna-credential-manager-api/src/test/resources/html/test.html
@@ -0,0 +1,23 @@
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+-->
+<html>
+ <body>
+ Hello!
+ </body>
+</html>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/987633bb/taverna-credential-manager-api/src/test/resources/realm.properties
----------------------------------------------------------------------
diff --git a/taverna-credential-manager-api/src/test/resources/realm.properties b/taverna-credential-manager-api/src/test/resources/realm.properties
new file mode 100644
index 0000000..ba88d7a
--- /dev/null
+++ b/taverna-credential-manager-api/src/test/resources/realm.properties
@@ -0,0 +1,16 @@
+## Licensed to the Apache Software Foundation (ASF) under one or more
+## contributor license agreements. See the NOTICE file distributed with
+## this work for additional information regarding copyright ownership.
+## The ASF licenses this file to You under the Apache License, Version 2.0
+## (the "License"); you may not use this file except in compliance with
+## the License. You may obtain a copy of the License at
+##
+## http://www.apache.org/licenses/LICENSE-2.0
+##
+## Unless required by applicable law or agreed to in writing, software
+## distributed under the License is distributed on an "AS IS" BASIS,
+## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+## See the License for the specific language governing permissions and
+## limitations under the License.
+
+test: test, user
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/987633bb/taverna-credential-manager-impl/pom.xml
----------------------------------------------------------------------
diff --git a/taverna-credential-manager-impl/pom.xml b/taverna-credential-manager-impl/pom.xml
index 2b29560..3f200e7 100644
--- a/taverna-credential-manager-impl/pom.xml
+++ b/taverna-credential-manager-impl/pom.xml
@@ -64,7 +64,7 @@
<dependencies>
<dependency>
<groupId>${project.parent.groupId}</groupId>
- <artifactId>taverna-credential-manager</artifactId>
+ <artifactId>taverna-credential-manager-api</artifactId>
<version>${project.parent.version}</version>
</dependency>
<dependency>
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/987633bb/taverna-credential-manager/pom.xml
----------------------------------------------------------------------
diff --git a/taverna-credential-manager/pom.xml b/taverna-credential-manager/pom.xml
deleted file mode 100644
index 2a9ba6e..0000000
--- a/taverna-credential-manager/pom.xml
+++ /dev/null
@@ -1,77 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
-
--->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
- <modelVersion>4.0.0</modelVersion>
- <parent>
- <groupId>org.apache.taverna.engine</groupId>
- <artifactId>apache-taverna-engine</artifactId>
- <version>3.1.0-incubating-SNAPSHOT</version>
- </parent>
- <artifactId>taverna-credential-manager</artifactId>
- <packaging>bundle</packaging>
- <name>Apache Taverna Credential manager</name>
- <dependencies>
- <dependency>
- <groupId>${project.parent.groupId}</groupId>
- <artifactId>taverna-observer</artifactId>
- <version>${project.parent.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.taverna.osgi</groupId>
- <artifactId>taverna-app-configuration-api</artifactId>
- <version>${taverna.osgi.version}</version>
- </dependency>
- <!-- <dependency>
- <groupId>org.bouncycastle</groupId>
- <artifactId>com.springsource.org.bouncycastle.jce</artifactId>
- <version>1.39.0</version>
- </dependency>
- <dependency>
-<groupId>org.bouncycastle</groupId><artifactId>bcprov-jdk15on</artifactId>
-<version>1.54</version>
-
- </dependency>
--->
- <dependency>
- <groupId>log4j</groupId>
- <artifactId>log4j</artifactId>
- <version>${log4j.version}</version>
- </dependency>
-
- <dependency>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- <version>${junit.version}</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>commons-io</groupId>
- <artifactId>commons-io</artifactId>
- <version>${commons.io.version}</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>org.mortbay.jetty</groupId>
- <artifactId>jetty</artifactId>
- <version>${jetty.version}</version>
- <scope>test</scope>
- </dependency>
- </dependencies>
-</project>
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/987633bb/taverna-credential-manager/src/main/java/org/apache/taverna/security/credentialmanager/CMException.java
----------------------------------------------------------------------
diff --git a/taverna-credential-manager/src/main/java/org/apache/taverna/security/credentialmanager/CMException.java b/taverna-credential-manager/src/main/java/org/apache/taverna/security/credentialmanager/CMException.java
deleted file mode 100644
index 02a3c3a..0000000
--- a/taverna-credential-manager/src/main/java/org/apache/taverna/security/credentialmanager/CMException.java
+++ /dev/null
@@ -1,60 +0,0 @@
-/*
-* Licensed to the Apache Software Foundation (ASF) under one
-* or more contributor license agreements. See the NOTICE file
-* distributed with this work for additional information
-* regarding copyright ownership. The ASF licenses this file
-* to you under the Apache License, Version 2.0 (the
-* "License"); you may not use this file except in compliance
-* with the License. You may obtain a copy of the License at
-*
-* http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing,
-* software distributed under the License is distributed on an
-* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-* KIND, either express or implied. See the License for the
-* specific language governing permissions and limitations
-* under the License.
-*/
-
-package org.apache.taverna.security.credentialmanager;
-
-/**
- * Represents a (cryptographic or any other) exception thrown by Credential
- * Manager.
- *
- * @author Alexandra Nenadic
- */
-public class CMException extends Exception {
-
- private static final long serialVersionUID = 3885885604048806903L;
-
- /**
- * Creates a new CMException.
- */
- public CMException() {
- super();
- }
-
- /**
- * Creates a new CMException with the specified message.
- */
- public CMException(String message) {
- super(message);
- }
-
- /**
- * Creates a new CMException with the specified message and cause.
- *
- */
- public CMException(String message, Throwable cause) {
- super(message, cause);
- }
-
- /**
- * Creates a new CMException with the specified cause throwable.
- */
- public CMException(Throwable cause) {
- super(cause);
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/987633bb/taverna-credential-manager/src/main/java/org/apache/taverna/security/credentialmanager/CMNotInitialisedException.java
----------------------------------------------------------------------
diff --git a/taverna-credential-manager/src/main/java/org/apache/taverna/security/credentialmanager/CMNotInitialisedException.java b/taverna-credential-manager/src/main/java/org/apache/taverna/security/credentialmanager/CMNotInitialisedException.java
deleted file mode 100644
index f912700..0000000
--- a/taverna-credential-manager/src/main/java/org/apache/taverna/security/credentialmanager/CMNotInitialisedException.java
+++ /dev/null
@@ -1,44 +0,0 @@
-/*
-* Licensed to the Apache Software Foundation (ASF) under one
-* or more contributor license agreements. See the NOTICE file
-* distributed with this work for additional information
-* regarding copyright ownership. The ASF licenses this file
-* to you under the Apache License, Version 2.0 (the
-* "License"); you may not use this file except in compliance
-* with the License. You may obtain a copy of the License at
-*
-* http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing,
-* software distributed under the License is distributed on an
-* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-* KIND, either express or implied. See the License for the
-* specific language governing permissions and limitations
-* under the License.
-*/
-
-package org.apache.taverna.security.credentialmanager;
-
-/**
- * Represents an exception thrown by Credential Manager if an application tries
- * to invoke certain methods on it before it has been initialised.
- *
- * @author Alex Nenadic
- */
-public class CMNotInitialisedException extends Exception {
- private static final long serialVersionUID = 6041577726294822985L;
-
- /**
- * Creates a new CMNotInitialisedException.
- */
- public CMNotInitialisedException() {
- super();
- }
-
- /**
- * Creates a new CMNotInitialisedException with the specified message.
- */
- public CMNotInitialisedException(String message) {
- super(message);
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/987633bb/taverna-credential-manager/src/main/java/org/apache/taverna/security/credentialmanager/CredentialManager.java
----------------------------------------------------------------------
diff --git a/taverna-credential-manager/src/main/java/org/apache/taverna/security/credentialmanager/CredentialManager.java b/taverna-credential-manager/src/main/java/org/apache/taverna/security/credentialmanager/CredentialManager.java
deleted file mode 100644
index 5ccd8f2..0000000
--- a/taverna-credential-manager/src/main/java/org/apache/taverna/security/credentialmanager/CredentialManager.java
+++ /dev/null
@@ -1,414 +0,0 @@
-/*
-* Licensed to the Apache Software Foundation (ASF) under one
-* or more contributor license agreements. See the NOTICE file
-* distributed with this work for additional information
-* regarding copyright ownership. The ASF licenses this file
-* to you under the Apache License, Version 2.0 (the
-* "License"); you may not use this file except in compliance
-* with the License. You may obtain a copy of the License at
-*
-* http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing,
-* software distributed under the License is distributed on an
-* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-* KIND, either express or implied. See the License for the
-* specific language governing permissions and limitations
-* under the License.
-*/
-
-package org.apache.taverna.security.credentialmanager;
-
-import java.net.Authenticator;
-import java.net.URI;
-import java.nio.file.Path;
-import java.security.Key;
-import java.security.KeyStore;
-import java.security.cert.Certificate;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.List;
-
-import javax.net.ssl.SSLSocketFactory;
-
-import org.apache.taverna.lang.observer.Observer;
-
-/**
- * Provides a wrapper for Taverna's Keystore and Truststore and implements
- * methods for managing user's credentials (passwords, private/proxy key pairs)
- * and credentials of trusted services and CAs' (i.e. their public key
- * certificates).
- * <p>
- * Keystore and Truststore are Bouncy Castle UBER-type keystores saved as files
- * called "taverna-keystore.ubr" and "taverna-truststore.ubr" respectively. In
- * the case of the Workbench, they are located in a directory called "security"
- * inside the taverna.home directory. This location can be changed, e.g. in the
- * case of the server and command line tool you may want to pass in the location
- * of the Credential Manager's files.
- *
- * @author Alex Nenadic
- * @author Stian Soiland-Reyes
- */
-public interface CredentialManager {
-
- public static final String KEYSTORE_FILE_NAME = "taverna-keystore.ubr";
- public static final String TRUSTSTORE_FILE_NAME = "taverna-truststore.ubr";
-
- public static final String UTF_8 = "UTF-8";
-
- public static final String PROPERTY_TRUSTSTORE = "javax.net.ssl.trustStore";
- public static final String PROPERTY_TRUSTSTORE_PASSWORD = "javax.net.ssl.trustStorePassword";
- public static final String PROPERTY_KEYSTORE = "javax.net.ssl.keyStore";
- public static final String PROPERTY_KEYSTORE_PASSWORD = "javax.net.ssl.keyStorePassword";
- public static final String PROPERTY_KEYSTORE_TYPE = "javax.net.ssl.keyStoreType";
- public static final String PROPERTY_KEYSTORE_PROVIDER = "javax.net.ssl.keyStoreProvider";
- public static final String PROPERTY_TRUSTSTORE_TYPE = "javax.net.ssl.trustStoreType";
- public static final String PROPERTY_TRUSTSTORE_PROVIDER = "javax.net.ssl.trustStoreProvider";
-
- // Existence of the file with this name in the Credential Manager folder
- // indicates the we have deleted the revoked certificates from some of our services -
- // BioCatalogue, BiodiversityCatalogue, heater.
- public static final String CERTIFICATES_REVOKED_INDICATOR_FILE_NAME = "certificates_revoked";
-
- /*
- * ASCII NUL character - for separating the username from the rest of the
- * string when saving it in the Keystore. Seems like a good separator as it
- * will highly unlikely feature in a username.
- */
- public static final char USERNAME_AND_PASSWORD_SEPARATOR_CHARACTER = '\u0000';
-
- /*
- * Constants denoting which of the two Credential Manager's keystores
- * (Keystore or Truststore) we are currently performing an operation on (in
- * cases when the same operation can be done on both).
- */
- public static enum KeystoreType {
- KEYSTORE, TRUSTSTORE
- };
-
- /*
- * Existence of this file in the Credential Manager folder indicates the
- * user has set the master password so do not use the default password
- */
- public static final String USER_SET_MASTER_PASSWORD_INDICATOR_FILE_NAME = "user_set_master_password";
-
- /*
- * Default password for Truststore - needed as the Truststore needs to be
- * populated before the Workbench starts up to initiate the SSLSocketFactory
- * and to avoid popping up a dialog to ask the user for it.
- */
- // private static final String TRUSTSTORE_PASSWORD = "Tu/Ap%2_$dJt6*+Rca9v";
-
- /**
- * Set the directory where Credential Manager's Keystore and Truststore
- * files will be read from. If this method is not used, the directory will
- * default to <TAVERNA_HOME>/security somewhere in user's home directory.
- *
- * If you want to use this method to change the location of Credential
- * Manager's configuration directory then make sure you call it before any
- * other method on Credential Manager.
- *
- * @param credentialManagerDirectory
- * @throws CMException
- */
- void setConfigurationDirectoryPath(Path credentialManagerDirectory)
- throws CMException;
-
- /**
- * Checks if the Keystore contains a username and password for the given
- * service URI.
- */
- boolean hasUsernamePasswordForService(URI serviceURI) throws CMException;
-
- /**
- * Get a username and password pair for the given service's URI, or null if
- * it does not exit.
- * <p>
- * If the username and password are not available in the Keystore, it will
- * invoke implementations of the {@link ServiceUsernameAndPasswordProvider}
- * interface asking the user (typically through the UI) or resolving
- * hard-coded credentials.
- * <p>
- * If the parameter <code>useURIPathRecursion</code> is true, then the
- * Credential Manager will also attempt to look for stored credentials for
- * each of the parent fragments of the URI.
- *
- * @param serviceURI
- * The URI of the service for which we are providing the username
- * and password
- *
- * @param useURIPathRecursion
- * Whether to look for any username and passwords stored in the
- * Keystore for the parent fragments of the service URI (for
- * example, we are looking for the credentials for service
- * http://somehost/some-fragment but we already have credentials
- * stored for http://somehost which can be reused)
- *
- * @param requestingMessage
- * The message to be presented to the user when asking for the
- * username and password, normally useful for UI providers that
- * pop up dialogs, can be ignored otherwise
- *
- * @return username and password pair for the given service
- *
- * @throws CMException
- * if anything goes wrong during Keystore lookup, etc.
- */
- UsernamePassword getUsernameAndPasswordForService(URI serviceURI,
- boolean useURIPathRecursion, String requestingMessage)
- throws CMException;
-
- /**
- * Insert a username and password pair for the given service URI in the
- * Keystore.
- * <p>
- * Effectively, this method inserts a new secret key entry in the Keystore,
- * where key contains <USERNAME>"\000"<PASSWORD> string, i.e. password is
- * prepended with the username and separated by a \000 character (which
- * hopefully will not appear in the username).
- * <p>
- * Username and password string is saved in the Keystore as byte array using
- * SecretKeySpec (which constructs a secret key from the given byte array
- * but does not check if the given bytes indeed specify a secret key of the
- * specified algorithm).
- * <p>
- * An alias used to identify the username and password entry is constructed
- * as "password#"<SERVICE_URL> using the service URL this username/password
- * pair is to be used for.
- *
- * @param usernamePassword
- * The {@link UsernamePassword} to store
- * @param serviceURI
- * The (possibly normalized) URI to store the credentials under
- * @return TODO
- * @throws CMException
- * If the credentials could not be stored
- *
- * @return the alias under which this username and password entry was saved
- * in the Keystore
- */
- String addUsernameAndPasswordForService(UsernamePassword usernamePassword,
- URI serviceURI) throws CMException;
-
- /**
- * Delete a username and password pair for the given service URI from the
- * Keystore.
- */
- void deleteUsernameAndPasswordForService(URI serviceURI) throws CMException;
-
- /**
- * Checks if the Keystore contains the given key pair entry (private key and
- * its corresponding public key certificate chain).
- */
- public boolean hasKeyPair(Key privateKey, Certificate[] certs)
- throws CMException;
-
- /**
- * Insert a new key entry containing private key and the corresponding
- * public key certificate chain in the Keystore.
- *
- * An alias used to identify the keypair entry is constructed as:
- * "keypair#"<CERT_SUBJECT_COMMON_NAME>"#"<CERT_ISSUER_COMMON_NAME>"#"<
- * CERT_SERIAL_NUMBER>
- *
- * @return the alias under which this key entry was saved in the Keystore
- */
- String addKeyPair(Key privateKey, Certificate[] certs) throws CMException;
-
- /**
- * Delete a key pair entry from the Keystore given its alias.
- */
- void deleteKeyPair(String alias) throws CMException;
-
- /**
- * Delete a key pair entry from the Keystore given its private and public
- * key parts.
- */
- void deleteKeyPair(Key privateKey, Certificate[] certs) throws CMException;
-
- /**
- * Create a Keystore alias that would be used for adding the given key pair
- * (private and public key) entry to the Keystore. The alias is cretaed as
- * "keypair#"<CERT_SUBJECT_COMMON_NAME>"#"<CERT_ISSUER_COMMON_NAME>"#"<
- * CERT_SERIAL_NUMBER>
- *
- * @param privateKey
- * private key
- * @param certs
- * public key's certificate chain
- * @return
- */
- String createKeyPairAlias(Key privateKey, Certificate certs[]);
-
- /**
- * Export a key entry containing private key and public key certificate
- * chain from the Keystore to a PKCS #12 file.
- */
- void exportKeyPair(String alias, Path exportFile, String pkcs12Password)
- throws CMException;
-
- /**
- * Get certificate entry from the Keystore or Truststore. If the given alias
- * name identifies a trusted certificate entry, the certificate associated
- * with that entry is returned from the Truststore. If the given alias name
- * identifies a key pair entry, the first element of the certificate chain
- * of that entry is returned from the Keystore.
- */
- Certificate getCertificate(KeystoreType ksType, String alias)
- throws CMException;
-
- /**
- * Get certificate chain for the key pair entry from the Keystore given its
- * alias.
- * <p>
- * This method works for the Keystore only as the Truststore does not
- * contain key pair entries, but trusted certificate entries only.
- */
- Certificate[] getKeyPairsCertificateChain(String alias) throws CMException;
-
- /**
- * Get the private key part of a key pair entry from the Keystore given its
- * alias.
- * <p>
- * This method works for the Keystore only as the Truststore does not
- * contain key pair entries, but trusted certificate entries only.
- */
- Key getKeyPairsPrivateKey(String alias) throws CMException;
-
- /**
- * Checks if the Truststore contains the given public key certificate.
- */
- boolean hasTrustedCertificate(Certificate cert) throws CMException;
-
- /**
- * Insert a trusted certificate entry in the Truststore with an alias
- * constructed as:
- *
- * "trustedcert#<CERT_SUBJECT_COMMON_NAME>"#"<CERT_ISSUER_COMMON_NAME>"#
- * "<CERT_SERIAL_NUMBER>
- *
- * @return the alias under which this trusted certificate entry was saved in
- * the Keystore
- */
- String addTrustedCertificate(X509Certificate cert) throws CMException;
-
- /**
- * Delete a trusted certificate entry from the Truststore given its alias.
- */
- void deleteTrustedCertificate(String alias) throws CMException;
-
- /**
- * Delete a trusted certificate entry from the Truststore given the
- * certificate.
- */
- void deleteTrustedCertificate(X509Certificate cert) throws CMException;
-
- /**
- * Create a Truststore alias that would be used for adding the given trusted
- * X509 certificate to the Truststore. The alias is cretaed as
- * "trustedcert#"<CERT_SUBJECT_COMMON_NAME>"#"<CERT_ISSUER_COMMON_NAME>"#"<
- * CERT_SERIAL_NUMBER>
- *
- * @param cert
- * certificate to generate the alias for
- * @return the alias for the given certificate
- */
- String createTrustedCertificateAlias(X509Certificate cert);
-
- /**
- * Check if the given alias identifies a key entry in the Keystore.
- */
- boolean isKeyEntry(String alias) throws CMException;
-
- /**
- * Check if the Keystore/Truststore contains an entry with the given alias.
- */
- boolean hasEntryWithAlias(KeystoreType ksType, String alias)
- throws CMException;
-
- /**
- * Get all the aliases from the Keystore/Truststore or null if there was
- * some error while accessing it.
- */
- ArrayList<String> getAliases(KeystoreType ksType) throws CMException;
-
- /**
- * Get service URIs associated with all username/password pairs currently in
- * the Keystore.
- *
- * @see #hasUsernamePasswordForService(URI)
- */
- List<URI> getServiceURIsForAllUsernameAndPasswordPairs() throws CMException;
-
- /**
- * Load a PKCS12-type keystore from a file using the supplied password.
- */
- KeyStore loadPKCS12Keystore(Path pkcs12File, String pkcs12Password)
- throws CMException;
-
- /**
- * Add an observer of the changes to the Keystore or Truststore.
- */
- void addObserver(Observer<KeystoreChangedEvent> observer);
-
- /**
- * Get all current observers of changes to the Keystore or Truststore.
- */
- List<Observer<KeystoreChangedEvent>> getObservers();
-
- /**
- * Remove an observer of the changes to the Keystore or Truststore.
- */
- void removeObserver(Observer<KeystoreChangedEvent> observer);
-
- /**
- * Checks if Keystore's master password is the same as the one provided.
- *
- * @param password
- * @return
- * @throws CMException
- */
- boolean confirmMasterPassword(String password) throws CMException;
-
- /**
- * Change the Keystore and the Truststore's master password to the one
- * provided. The Keystore and Truststore both use the same password.
- */
- void changeMasterPassword(String newPassword) throws CMException;
-
- /**
- * Reset the JVMs cache for authentication like HTTP Basic Auth.
- * <p>
- * Note that this method uses undocumented calls to
- * <code>sun.net.www.protocol.http.AuthCacheValue</code> which might not be
- * valid in virtual machines other than Sun Java 6. If these calls fail,
- * this method will log the error and return <code>false</code>.
- *
- * @return <code>true</code> if the VMs cache could be reset, or
- * <code>false</code> otherwise.
- */
- boolean resetAuthCache();
-
- /**
- * Set the default SSLContext to use Credential Manager's Keystore and
- * Truststore for managing SSL connections from Taverna and also set
- * HttpsURLConnection's default SSLSocketFactory to use the one from the
- * just configured SSLContext, i.e. backed by Credential Manager's Keystore
- * and Truststore.
- *
- * @throws CMException
- */
- void initializeSSL() throws CMException;
-
- /**
- * Get Taverna's SSLSocketFactory backed by Credential Manager's Keystore
- * and Truststore.
- *
- * @return
- * @throws CMException
- */
- SSLSocketFactory getTavernaSSLSocketFactory() throws CMException;
-
- public Authenticator getAuthenticator();
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/987633bb/taverna-credential-manager/src/main/java/org/apache/taverna/security/credentialmanager/DistinguishedNameParser.java
----------------------------------------------------------------------
diff --git a/taverna-credential-manager/src/main/java/org/apache/taverna/security/credentialmanager/DistinguishedNameParser.java b/taverna-credential-manager/src/main/java/org/apache/taverna/security/credentialmanager/DistinguishedNameParser.java
deleted file mode 100644
index e2d31ab..0000000
--- a/taverna-credential-manager/src/main/java/org/apache/taverna/security/credentialmanager/DistinguishedNameParser.java
+++ /dev/null
@@ -1,60 +0,0 @@
-/*
-* Licensed to the Apache Software Foundation (ASF) under one
-* or more contributor license agreements. See the NOTICE file
-* distributed with this work for additional information
-* regarding copyright ownership. The ASF licenses this file
-* to you under the Apache License, Version 2.0 (the
-* "License"); you may not use this file except in compliance
-* with the License. You may obtain a copy of the License at
-*
-* http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing,
-* software distributed under the License is distributed on an
-* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-* KIND, either express or implied. See the License for the
-* specific language governing permissions and limitations
-* under the License.
-*/
-
-package org.apache.taverna.security.credentialmanager;
-
-import java.net.URI;
-import java.net.URISyntaxException;
-import java.nio.file.Path;
-import java.security.cert.Certificate;
-import java.security.cert.X509Certificate;
-import org.apache.taverna.configuration.app.ApplicationConfiguration;
-
-/**
- * Methods for parsing Distinguished Names and various associated utility methods.
- *
- * @author Alex Nenadic
- * @author Stian Soiland-Reyes
- * @author Christian Brenninkmeijer
- */
-public interface DistinguishedNameParser {
-
- /**
- * Parses a DN string and fills in fields with DN parts.
- */
- public ParsedDistinguishedName parseDN(String DNstr);
-
- public String getMessageDigestAsFormattedString(byte[] certBinaryEncoding, String shA1);
-
- /**
- * Convert the certificate object into an X509Certificate object.
- */
- public X509Certificate convertCertificate(Certificate certificate) throws CMException;
-
- public URI setUserInfoForURI(URI uri, String userinfo) throws URISyntaxException;
-
- public URI setFragmentForURI(URI uri, String userinfo) throws URISyntaxException;
-
- /**
- * Get the configuration directory where the security stuff will be/is saved
- * to.
- */
- public Path getCredentialManagerDefaultDirectory(ApplicationConfiguration applicationConfiguration);
-
- }