You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@taverna.apache.org by re...@apache.org on 2015/03/20 16:14:54 UTC
[2/2] incubator-taverna-engine git commit: package names changed to
org.apache.taverna.*
package names changed to org.apache.taverna.*
Project: http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/commit/d5b1c811
Tree: http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/tree/d5b1c811
Diff: http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/diff/d5b1c811
Branch: refs/heads/master
Commit: d5b1c81104606411c5e8f94b464492fe7c621daa
Parents: 315a829
Author: redmitry <re...@84.88.50.62>
Authored: Fri Mar 20 16:13:53 2015 +0100
Committer: redmitry <re...@84.88.50.62>
Committed: Fri Mar 20 16:13:53 2015 +0100
----------------------------------------------------------------------
.../security/credentialmanager/CMException.java | 61 ---
.../CMNotInitialisedException.java | 45 --
.../credentialmanager/CredentialManager.java | 415 -------------------
.../DistinguishedNameParser.java | 61 ---
.../JavaTruststorePasswordProvider.java | 73 ----
.../credentialmanager/KeystoreChangedEvent.java | 39 --
.../MasterPasswordProvider.java | 112 -----
.../ParsedDistinguishedName.java | 74 ----
.../ServiceUsernameAndPasswordProvider.java | 64 ---
.../TrustConfirmationProvider.java | 56 ---
.../credentialmanager/UsernamePassword.java | 90 ----
.../security/credentialmanager/CMException.java | 61 +++
.../CMNotInitialisedException.java | 45 ++
.../credentialmanager/CredentialManager.java | 415 +++++++++++++++++++
.../DistinguishedNameParser.java | 61 +++
.../JavaTruststorePasswordProvider.java | 73 ++++
.../credentialmanager/KeystoreChangedEvent.java | 39 ++
.../MasterPasswordProvider.java | 112 +++++
.../ParsedDistinguishedName.java | 74 ++++
.../ServiceUsernameAndPasswordProvider.java | 64 +++
.../TrustConfirmationProvider.java | 56 +++
.../credentialmanager/UsernamePassword.java | 90 ++++
...rity.credentialmanager.CredentialProviderSPI | 2 +-
23 files changed, 1091 insertions(+), 1091 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/d5b1c811/taverna-credential-manager/src/main/java/net/sf/taverna/t2/security/credentialmanager/CMException.java
----------------------------------------------------------------------
diff --git a/taverna-credential-manager/src/main/java/net/sf/taverna/t2/security/credentialmanager/CMException.java b/taverna-credential-manager/src/main/java/net/sf/taverna/t2/security/credentialmanager/CMException.java
deleted file mode 100644
index a18e39b..0000000
--- a/taverna-credential-manager/src/main/java/net/sf/taverna/t2/security/credentialmanager/CMException.java
+++ /dev/null
@@ -1,61 +0,0 @@
-/*******************************************************************************
- * Copyright (C) 2007 The University of Manchester
- *
- * Modifications to the initial code base are copyright of their
- * respective authors, or their employers as appropriate.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
- ******************************************************************************/
-package net.sf.taverna.t2.security.credentialmanager;
-
-/**
- * Represents a (cryptographic or any other) exception thrown by Credential
- * Manager.
- *
- * @author Alexandra Nenadic
- */
-public class CMException extends Exception {
-
- private static final long serialVersionUID = 3885885604048806903L;
-
- /**
- * Creates a new CMException.
- */
- public CMException() {
- super();
- }
-
- /**
- * Creates a new CMException with the specified message.
- */
- public CMException(String message) {
- super(message);
- }
-
- /**
- * Creates a new CMException with the specified message and cause.
- *
- */
- public CMException(String message, Throwable cause) {
- super(message, cause);
- }
-
- /**
- * Creates a new CMException with the specified cause throwable.
- */
- public CMException(Throwable cause) {
- super(cause);
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/d5b1c811/taverna-credential-manager/src/main/java/net/sf/taverna/t2/security/credentialmanager/CMNotInitialisedException.java
----------------------------------------------------------------------
diff --git a/taverna-credential-manager/src/main/java/net/sf/taverna/t2/security/credentialmanager/CMNotInitialisedException.java b/taverna-credential-manager/src/main/java/net/sf/taverna/t2/security/credentialmanager/CMNotInitialisedException.java
deleted file mode 100644
index aa978fc..0000000
--- a/taverna-credential-manager/src/main/java/net/sf/taverna/t2/security/credentialmanager/CMNotInitialisedException.java
+++ /dev/null
@@ -1,45 +0,0 @@
-/*******************************************************************************
- * Copyright (C) 2007 The University of Manchester
- *
- * Modifications to the initial code base are copyright of their
- * respective authors, or their employers as appropriate.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
- ******************************************************************************/
-package net.sf.taverna.t2.security.credentialmanager;
-
-/**
- * Represents an exception thrown by Credential Manager if an application tries
- * to invoke certain methods on it before it has been initialised.
- *
- * @author Alex Nenadic
- */
-public class CMNotInitialisedException extends Exception {
- private static final long serialVersionUID = 6041577726294822985L;
-
- /**
- * Creates a new CMNotInitialisedException.
- */
- public CMNotInitialisedException() {
- super();
- }
-
- /**
- * Creates a new CMNotInitialisedException with the specified message.
- */
- public CMNotInitialisedException(String message) {
- super(message);
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/d5b1c811/taverna-credential-manager/src/main/java/net/sf/taverna/t2/security/credentialmanager/CredentialManager.java
----------------------------------------------------------------------
diff --git a/taverna-credential-manager/src/main/java/net/sf/taverna/t2/security/credentialmanager/CredentialManager.java b/taverna-credential-manager/src/main/java/net/sf/taverna/t2/security/credentialmanager/CredentialManager.java
deleted file mode 100644
index 808dd65..0000000
--- a/taverna-credential-manager/src/main/java/net/sf/taverna/t2/security/credentialmanager/CredentialManager.java
+++ /dev/null
@@ -1,415 +0,0 @@
-/*******************************************************************************
- * Copyright (C) 2008-2014 The University of Manchester
- *
- * Modifications to the initial code base are copyright of their
- * respective authors, or their employers as appropriate.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
- ******************************************************************************/
-package net.sf.taverna.t2.security.credentialmanager;
-
-import java.io.File;
-import java.net.Authenticator;
-import java.net.URI;
-import java.security.Key;
-import java.security.KeyStore;
-import java.security.cert.Certificate;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.List;
-
-import javax.net.ssl.SSLSocketFactory;
-
-import net.sf.taverna.t2.lang.observer.Observer;
-
-/**
- * Provides a wrapper for Taverna's Keystore and Truststore and implements
- * methods for managing user's credentials (passwords, private/proxy key pairs)
- * and credentials of trusted services and CAs' (i.e. their public key
- * certificates).
- * <p>
- * Keystore and Truststore are Bouncy Castle UBER-type keystores saved as files
- * called "taverna-keystore.ubr" and "taverna-truststore.ubr" respectively. In
- * the case of the Workbench, they are located in a directory called "security"
- * inside the taverna.home directory. This location can be changed, e.g. in the
- * case of the server and command line tool you may want to pass in the location
- * of the Credential Manager's files.
- *
- * @author Alex Nenadic
- * @author Stian Soiland-Reyes
- */
-public interface CredentialManager {
-
- public static final String KEYSTORE_FILE_NAME = "taverna-keystore.ubr";
- public static final String TRUSTSTORE_FILE_NAME = "taverna-truststore.ubr";
-
- public static final String UTF_8 = "UTF-8";
-
- public static final String PROPERTY_TRUSTSTORE = "javax.net.ssl.trustStore";
- public static final String PROPERTY_TRUSTSTORE_PASSWORD = "javax.net.ssl.trustStorePassword";
- public static final String PROPERTY_KEYSTORE = "javax.net.ssl.keyStore";
- public static final String PROPERTY_KEYSTORE_PASSWORD = "javax.net.ssl.keyStorePassword";
- public static final String PROPERTY_KEYSTORE_TYPE = "javax.net.ssl.keyStoreType";
- public static final String PROPERTY_KEYSTORE_PROVIDER = "javax.net.ssl.keyStoreProvider";
- public static final String PROPERTY_TRUSTSTORE_TYPE = "javax.net.ssl.trustStoreType";
- public static final String PROPERTY_TRUSTSTORE_PROVIDER = "javax.net.ssl.trustStoreProvider";
-
- // Existence of the file with this name in the Credential Manager folder
- // indicates the we have deleted the revoked certificates from some of our services -
- // BioCatalogue, BiodiversityCatalogue, heater.
- public static final String CERTIFICATES_REVOKED_INDICATOR_FILE_NAME = "certificates_revoked";
-
- /*
- * ASCII NUL character - for separating the username from the rest of the
- * string when saving it in the Keystore. Seems like a good separator as it
- * will highly unlikely feature in a username.
- */
- public static final char USERNAME_AND_PASSWORD_SEPARATOR_CHARACTER = '\u0000';
-
- /*
- * Constants denoting which of the two Credential Manager's keystores
- * (Keystore or Truststore) we are currently performing an operation on (in
- * cases when the same operation can be done on both).
- */
- public static enum KeystoreType {
- KEYSTORE, TRUSTSTORE
- };
-
- /*
- * Existence of this file in the Credential Manager folder indicates the
- * user has set the master password so do not use the default password
- */
- public static final String USER_SET_MASTER_PASSWORD_INDICATOR_FILE_NAME = "user_set_master_password";
-
- /*
- * Default password for Truststore - needed as the Truststore needs to be
- * populated before the Workbench starts up to initiate the SSLSocketFactory
- * and to avoid popping up a dialog to ask the user for it.
- */
- // private static final String TRUSTSTORE_PASSWORD = "Tu/Ap%2_$dJt6*+Rca9v";
-
- /**
- * Set the directory where Credential Manager's Keystore and Truststore
- * files will be read from. If this method is not used, the directory will
- * default to <TAVERNA_HOME>/security somewhere in user's home directory.
- *
- * If you want to use this method to change the location of Credential
- * Manager's configuration directory then make sure you call it before any
- * other method on Credential Manager.
- *
- * @param credentialManagerDirectory
- * @throws CMException
- */
- void setConfigurationDirectoryPath(File credentialManagerDirectory)
- throws CMException;
-
- /**
- * Checks if the Keystore contains a username and password for the given
- * service URI.
- */
- boolean hasUsernamePasswordForService(URI serviceURI) throws CMException;
-
- /**
- * Get a username and password pair for the given service's URI, or null if
- * it does not exit.
- * <p>
- * If the username and password are not available in the Keystore, it will
- * invoke implementations of the {@link ServiceUsernameAndPasswordProvider}
- * interface asking the user (typically through the UI) or resolving
- * hard-coded credentials.
- * <p>
- * If the parameter <code>useURIPathRecursion</code> is true, then the
- * Credential Manager will also attempt to look for stored credentials for
- * each of the parent fragments of the URI.
- *
- * @param serviceURI
- * The URI of the service for which we are providing the username
- * and password
- *
- * @param useURIPathRecursion
- * Whether to look for any username and passwords stored in the
- * Keystore for the parent fragments of the service URI (for
- * example, we are looking for the credentials for service
- * http://somehost/some-fragment but we already have credentials
- * stored for http://somehost which can be reused)
- *
- * @param requestingMessage
- * The message to be presented to the user when asking for the
- * username and password, normally useful for UI providers that
- * pop up dialogs, can be ignored otherwise
- *
- * @return username and password pair for the given service
- *
- * @throws CMException
- * if anything goes wrong during Keystore lookup, etc.
- */
- UsernamePassword getUsernameAndPasswordForService(URI serviceURI,
- boolean useURIPathRecursion, String requestingMessage)
- throws CMException;
-
- /**
- * Insert a username and password pair for the given service URI in the
- * Keystore.
- * <p>
- * Effectively, this method inserts a new secret key entry in the Keystore,
- * where key contains <USERNAME>"\000"<PASSWORD> string, i.e. password is
- * prepended with the username and separated by a \000 character (which
- * hopefully will not appear in the username).
- * <p>
- * Username and password string is saved in the Keystore as byte array using
- * SecretKeySpec (which constructs a secret key from the given byte array
- * but does not check if the given bytes indeed specify a secret key of the
- * specified algorithm).
- * <p>
- * An alias used to identify the username and password entry is constructed
- * as "password#"<SERVICE_URL> using the service URL this username/password
- * pair is to be used for.
- *
- * @param usernamePassword
- * The {@link UsernamePassword} to store
- * @param serviceURI
- * The (possibly normalized) URI to store the credentials under
- * @return TODO
- * @throws CMException
- * If the credentials could not be stored
- *
- * @return the alias under which this username and password entry was saved
- * in the Keystore
- */
- String addUsernameAndPasswordForService(UsernamePassword usernamePassword,
- URI serviceURI) throws CMException;
-
- /**
- * Delete a username and password pair for the given service URI from the
- * Keystore.
- */
- void deleteUsernameAndPasswordForService(URI serviceURI) throws CMException;
-
- /**
- * Checks if the Keystore contains the given key pair entry (private key and
- * its corresponding public key certificate chain).
- */
- public boolean hasKeyPair(Key privateKey, Certificate[] certs)
- throws CMException;
-
- /**
- * Insert a new key entry containing private key and the corresponding
- * public key certificate chain in the Keystore.
- *
- * An alias used to identify the keypair entry is constructed as:
- * "keypair#"<CERT_SUBJECT_COMMON_NAME>"#"<CERT_ISSUER_COMMON_NAME>"#"<
- * CERT_SERIAL_NUMBER>
- *
- * @return the alias under which this key entry was saved in the Keystore
- */
- String addKeyPair(Key privateKey, Certificate[] certs) throws CMException;
-
- /**
- * Delete a key pair entry from the Keystore given its alias.
- */
- void deleteKeyPair(String alias) throws CMException;
-
- /**
- * Delete a key pair entry from the Keystore given its private and public
- * key parts.
- */
- void deleteKeyPair(Key privateKey, Certificate[] certs) throws CMException;
-
- /**
- * Create a Keystore alias that would be used for adding the given key pair
- * (private and public key) entry to the Keystore. The alias is cretaed as
- * "keypair#"<CERT_SUBJECT_COMMON_NAME>"#"<CERT_ISSUER_COMMON_NAME>"#"<
- * CERT_SERIAL_NUMBER>
- *
- * @param privateKey
- * private key
- * @param certs
- * public key's certificate chain
- * @return
- */
- String createKeyPairAlias(Key privateKey, Certificate certs[]);
-
- /**
- * Export a key entry containing private key and public key certificate
- * chain from the Keystore to a PKCS #12 file.
- */
- void exportKeyPair(String alias, File exportFile, String pkcs12Password)
- throws CMException;
-
- /**
- * Get certificate entry from the Keystore or Truststore. If the given alias
- * name identifies a trusted certificate entry, the certificate associated
- * with that entry is returned from the Truststore. If the given alias name
- * identifies a key pair entry, the first element of the certificate chain
- * of that entry is returned from the Keystore.
- */
- Certificate getCertificate(KeystoreType ksType, String alias)
- throws CMException;
-
- /**
- * Get certificate chain for the key pair entry from the Keystore given its
- * alias.
- * <p>
- * This method works for the Keystore only as the Truststore does not
- * contain key pair entries, but trusted certificate entries only.
- */
- Certificate[] getKeyPairsCertificateChain(String alias) throws CMException;
-
- /**
- * Get the private key part of a key pair entry from the Keystore given its
- * alias.
- * <p>
- * This method works for the Keystore only as the Truststore does not
- * contain key pair entries, but trusted certificate entries only.
- */
- Key getKeyPairsPrivateKey(String alias) throws CMException;
-
- /**
- * Checks if the Truststore contains the given public key certificate.
- */
- boolean hasTrustedCertificate(Certificate cert) throws CMException;
-
- /**
- * Insert a trusted certificate entry in the Truststore with an alias
- * constructed as:
- *
- * "trustedcert#<CERT_SUBJECT_COMMON_NAME>"#"<CERT_ISSUER_COMMON_NAME>"#
- * "<CERT_SERIAL_NUMBER>
- *
- * @return the alias under which this trusted certificate entry was saved in
- * the Keystore
- */
- String addTrustedCertificate(X509Certificate cert) throws CMException;
-
- /**
- * Delete a trusted certificate entry from the Truststore given its alias.
- */
- void deleteTrustedCertificate(String alias) throws CMException;
-
- /**
- * Delete a trusted certificate entry from the Truststore given the
- * certificate.
- */
- void deleteTrustedCertificate(X509Certificate cert) throws CMException;
-
- /**
- * Create a Truststore alias that would be used for adding the given trusted
- * X509 certificate to the Truststore. The alias is cretaed as
- * "trustedcert#"<CERT_SUBJECT_COMMON_NAME>"#"<CERT_ISSUER_COMMON_NAME>"#"<
- * CERT_SERIAL_NUMBER>
- *
- * @param cert
- * certificate to generate the alias for
- * @return the alias for the given certificate
- */
- String createTrustedCertificateAlias(X509Certificate cert);
-
- /**
- * Check if the given alias identifies a key entry in the Keystore.
- */
- boolean isKeyEntry(String alias) throws CMException;
-
- /**
- * Check if the Keystore/Truststore contains an entry with the given alias.
- */
- boolean hasEntryWithAlias(KeystoreType ksType, String alias)
- throws CMException;
-
- /**
- * Get all the aliases from the Keystore/Truststore or null if there was
- * some error while accessing it.
- */
- ArrayList<String> getAliases(KeystoreType ksType) throws CMException;
-
- /**
- * Get service URIs associated with all username/password pairs currently in
- * the Keystore.
- *
- * @see #hasUsernamePasswordForService(URI)
- */
- List<URI> getServiceURIsForAllUsernameAndPasswordPairs() throws CMException;
-
- /**
- * Load a PKCS12-type keystore from a file using the supplied password.
- */
- KeyStore loadPKCS12Keystore(File pkcs12File, String pkcs12Password)
- throws CMException;
-
- /**
- * Add an observer of the changes to the Keystore or Truststore.
- */
- void addObserver(Observer<KeystoreChangedEvent> observer);
-
- /**
- * Get all current observers of changes to the Keystore or Truststore.
- */
- List<Observer<KeystoreChangedEvent>> getObservers();
-
- /**
- * Remove an observer of the changes to the Keystore or Truststore.
- */
- void removeObserver(Observer<KeystoreChangedEvent> observer);
-
- /**
- * Checks if Keystore's master password is the same as the one provided.
- *
- * @param password
- * @return
- * @throws CMException
- */
- boolean confirmMasterPassword(String password) throws CMException;
-
- /**
- * Change the Keystore and the Truststore's master password to the one
- * provided. The Keystore and Truststore both use the same password.
- */
- void changeMasterPassword(String newPassword) throws CMException;
-
- /**
- * Reset the JVMs cache for authentication like HTTP Basic Auth.
- * <p>
- * Note that this method uses undocumented calls to
- * <code>sun.net.www.protocol.http.AuthCacheValue</code> which might not be
- * valid in virtual machines other than Sun Java 6. If these calls fail,
- * this method will log the error and return <code>false</code>.
- *
- * @return <code>true</code> if the VMs cache could be reset, or
- * <code>false</code> otherwise.
- */
- boolean resetAuthCache();
-
- /**
- * Set the default SSLContext to use Credential Manager's Keystore and
- * Truststore for managing SSL connections from Taverna and also set
- * HttpsURLConnection's default SSLSocketFactory to use the one from the
- * just configured SSLContext, i.e. backed by Credential Manager's Keystore
- * and Truststore.
- *
- * @throws CMException
- */
- void initializeSSL() throws CMException;
-
- /**
- * Get Taverna's SSLSocketFactory backed by Credential Manager's Keystore
- * and Truststore.
- *
- * @return
- * @throws CMException
- */
- SSLSocketFactory getTavernaSSLSocketFactory() throws CMException;
-
- public Authenticator getAuthenticator();
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/d5b1c811/taverna-credential-manager/src/main/java/net/sf/taverna/t2/security/credentialmanager/DistinguishedNameParser.java
----------------------------------------------------------------------
diff --git a/taverna-credential-manager/src/main/java/net/sf/taverna/t2/security/credentialmanager/DistinguishedNameParser.java b/taverna-credential-manager/src/main/java/net/sf/taverna/t2/security/credentialmanager/DistinguishedNameParser.java
deleted file mode 100644
index eb1d171..0000000
--- a/taverna-credential-manager/src/main/java/net/sf/taverna/t2/security/credentialmanager/DistinguishedNameParser.java
+++ /dev/null
@@ -1,61 +0,0 @@
-/*******************************************************************************
- * Copyright (C) 2014 The University of Manchester
- *
- * Modifications to the initial code base are copyright of their
- * respective authors, or their employers as appropriate.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
- ******************************************************************************/
-package net.sf.taverna.t2.security.credentialmanager;
-
-import java.io.File;
-import java.net.URI;
-import java.net.URISyntaxException;
-import java.security.cert.Certificate;
-import java.security.cert.X509Certificate;
-import uk.org.taverna.configuration.app.ApplicationConfiguration;
-
-/**
- * Methods for parsing Distinguished Names and various associated utility methods.
- *
- * @author Alex Nenadic
- * @author Stian Soiland-Reyes
- * @author Christian Brenninkmeijer
- */
-public interface DistinguishedNameParser {
-
- /**
- * Parses a DN string and fills in fields with DN parts.
- */
- public ParsedDistinguishedName parseDN(String DNstr);
-
- public String getMessageDigestAsFormattedString(byte[] certBinaryEncoding, String shA1);
-
- /**
- * Convert the certificate object into an X509Certificate object.
- */
- public X509Certificate convertCertificate(Certificate certificate) throws CMException;
-
- public URI setUserInfoForURI(URI uri, String userinfo) throws URISyntaxException;
-
- public URI setFragmentForURI(URI uri, String userinfo) throws URISyntaxException;
-
- /**
- * Get the configuration directory where the security stuff will be/is saved
- * to.
- */
- public File getCredentialManagerDefaultDirectory(ApplicationConfiguration applicationConfiguration);
-
- }
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/d5b1c811/taverna-credential-manager/src/main/java/net/sf/taverna/t2/security/credentialmanager/JavaTruststorePasswordProvider.java
----------------------------------------------------------------------
diff --git a/taverna-credential-manager/src/main/java/net/sf/taverna/t2/security/credentialmanager/JavaTruststorePasswordProvider.java b/taverna-credential-manager/src/main/java/net/sf/taverna/t2/security/credentialmanager/JavaTruststorePasswordProvider.java
deleted file mode 100644
index 7da73ca..0000000
--- a/taverna-credential-manager/src/main/java/net/sf/taverna/t2/security/credentialmanager/JavaTruststorePasswordProvider.java
+++ /dev/null
@@ -1,73 +0,0 @@
-/*******************************************************************************
- * Copyright (C) 2008-2010 The University of Manchester
- *
- * Modifications to the initial code base are copyright of their
- * respective authors, or their employers as appropriate.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
- ******************************************************************************/
-package net.sf.taverna.t2.security.credentialmanager;
-
-/**
- * Defines an interface for providing a password for Java's default truststore
- * located in JAVA_HOME/lib/security/cacerts.
- * <p>
- * Used by Credential Manager when trying to copy the trusted certificates from the
- * Java's default truststore into the Credential Manageger's own Truststore. It will
- * first try the default Java passwords and then if they do not work - it will loop
- * through all the providers until one can provide the password. If none
- * can, the certificates will not be copied.
- * <p>
- * A typical implementation of this class would pop up a dialog
- * and ask the user for the password. Such providers should check
- * {@link GraphicsEnvironment#isHeadless()} before returning to avoid
- * attempts to pop up dialogues on server/headless installations.
- * <p>
- * It is safe to return <code>null</code> if the provider does not have an
- * opinion.
- *
- * @see CredentialManagerOld
- * @author Alex Nenadic
- * @author Stian Soiland-Reyes
- *
- */
-public interface JavaTruststorePasswordProvider {
-
- /**
- * Get the Java truststore password.
- * <p>
- * This method will only be called if the provider returned
- * <code>true</code> from {@link #canProvideJavaTruststorePassword()}.
- * <p>
- * This method will be called when initialising the Credential Manager
- * for the first time, in the cases where the Java truststore password has
- * been changed from the VM default. The Credential Manager will need this
- * password to unlock the Java truststore and copy the trusted certificate
- * into the Credential Managers's own Truststore.
- * <p>
- * Generally only advanced users would change this password.
- *
- * @return The Java truststore password, or <code>null</code> if not
- * available (for instance if user action was cancelled).
- */
- public String getJavaTruststorePassword();
-
- /**
- * Set the Java truststore password.
- * @param password to set
- */
- public void setJavaTruststorePassword(String password);
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/d5b1c811/taverna-credential-manager/src/main/java/net/sf/taverna/t2/security/credentialmanager/KeystoreChangedEvent.java
----------------------------------------------------------------------
diff --git a/taverna-credential-manager/src/main/java/net/sf/taverna/t2/security/credentialmanager/KeystoreChangedEvent.java b/taverna-credential-manager/src/main/java/net/sf/taverna/t2/security/credentialmanager/KeystoreChangedEvent.java
deleted file mode 100644
index de20a5a..0000000
--- a/taverna-credential-manager/src/main/java/net/sf/taverna/t2/security/credentialmanager/KeystoreChangedEvent.java
+++ /dev/null
@@ -1,39 +0,0 @@
-/*******************************************************************************
- * Copyright (C) 2007 The University of Manchester
- *
- * Modifications to the initial code base are copyright of their
- * respective authors, or their employers as appropriate.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
- ******************************************************************************/
-package net.sf.taverna.t2.security.credentialmanager;
-
-import net.sf.taverna.t2.security.credentialmanager.CredentialManager.KeystoreType;
-
-/**
- * An event given to {@link CredentialManagerOld} observers registered using
- * {@link Observable#addObserver(net.sf.taverna.t2.lang.observer.Observer)} to
- * let them know the Keystore or Truststore have been changed.
- *
- * @author Alex Nenadic
- */
-public class KeystoreChangedEvent {
- // Whether the change is on the Keystore or the Truststore
- public final KeystoreType keystoreType;
-
- public KeystoreChangedEvent(KeystoreType keystoreType) {
- this.keystoreType = keystoreType;
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/d5b1c811/taverna-credential-manager/src/main/java/net/sf/taverna/t2/security/credentialmanager/MasterPasswordProvider.java
----------------------------------------------------------------------
diff --git a/taverna-credential-manager/src/main/java/net/sf/taverna/t2/security/credentialmanager/MasterPasswordProvider.java b/taverna-credential-manager/src/main/java/net/sf/taverna/t2/security/credentialmanager/MasterPasswordProvider.java
deleted file mode 100644
index 83aaf7f..0000000
--- a/taverna-credential-manager/src/main/java/net/sf/taverna/t2/security/credentialmanager/MasterPasswordProvider.java
+++ /dev/null
@@ -1,112 +0,0 @@
-/*******************************************************************************
- * Copyright (C) 2008-2010 The University of Manchester
- *
- * Modifications to the initial code base are copyright of their
- * respective authors, or their employers as appropriate.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
- ******************************************************************************/
-package net.sf.taverna.t2.security.credentialmanager;
-
-import java.util.Comparator;
-
-/**
- * Defines an interface for providing a master password for the Credential
- * Manager. This master password is used to encrypt/decrypt the Credential
- * Manager's Keystore/Truststore.
- * <p>
- * A typical implementation of this class would pop up a dialog to ask the user
- * for the master password. Such providers should check
- * {@link GraphicsEnvironment#isHeadless()} before returning, to avoid attempts
- * to pop up dialogues on server/headless installations.
- * <p>
- * Another example may be to read the master password from a file or from
- * command line parameters.
- *
- * @see CredentialManager
- * @author Alex Nenadic
- * @author Stian Soiland-Reyes
- */
-public interface MasterPasswordProvider {
-
- /**
- * Get the master password for the Credential Manager.
- * <p>
- * This method will only be called if the provider returned
- * <code>true</code> from {@link #canProvideMasterPassword()}.
- * <p>
- * If the parameter <code>firstTime</code> is <code>true</code>, this is a
- * request for <em>setting</em> the master password, as the Keystore and
- * Truststore have not been created yet.
- *
- * @see #canProvideMasterPassword()
- * @param firstTime
- * <code>true</code> if this is the first time the keystore is
- * accessed, in which case the returned password will be used to
- * encrypt the keystore. If <code>false</code>, the returned
- * password will be used to decrypt (unlock) the keystore.
- * @return The master password, or <code>null</code> if not available (user
- * cancelled, etc.)
- */
- public String getMasterPassword(boolean firstTime);
-
- /**
- * Set the master password.
- *
- * @param password
- * to set
- */
- public void setMasterPassword(String password);
-
- /**
- * Get the priority of this provider.
- * <p>
- * The providers with highest priority will be asked first, lower-priority
- * providers will be asked only if the higher ones either return
- * <code>false</code> on the canProvideMasterPassword() method, or return
- * <code>null</code> on the corresponding actual request.
- * <p>
- * It is undetermined who will be asked first if providers have the same
- * priority.
- * <p>
- * A typical priority for UI providers that pop up a dialog to as the user
- * could be <code>100</code>, allowing server-side providers to override
- * with priorities like <code>500</code>, or fall-back providers (say by
- * reading system properties) to have a priority of <code>10</code>.
- *
- * @return The priority of this provider. Higher number means higher
- * priority.
- */
- public int getProviderPriority();
-
- /**
- * Set the provider's priority that determines the order in which various
- * master password providers will be invoked.
- *
- * @param priority
- * provider's priority
- */
- // public void setProviderPriority(int priority);
-
- public class ProviderComparator implements
- Comparator<MasterPasswordProvider> {
- @Override
- public int compare(MasterPasswordProvider provider1,
- MasterPasswordProvider provider2) {
- return provider1.getProviderPriority()
- - provider2.getProviderPriority();
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/d5b1c811/taverna-credential-manager/src/main/java/net/sf/taverna/t2/security/credentialmanager/ParsedDistinguishedName.java
----------------------------------------------------------------------
diff --git a/taverna-credential-manager/src/main/java/net/sf/taverna/t2/security/credentialmanager/ParsedDistinguishedName.java b/taverna-credential-manager/src/main/java/net/sf/taverna/t2/security/credentialmanager/ParsedDistinguishedName.java
deleted file mode 100644
index f484493..0000000
--- a/taverna-credential-manager/src/main/java/net/sf/taverna/t2/security/credentialmanager/ParsedDistinguishedName.java
+++ /dev/null
@@ -1,74 +0,0 @@
-/*******************************************************************************
- * Copyright (C) 2014 The University of Manchester
- *
- * Modifications to the initial code base are copyright of their
- * respective authors, or their employers as appropriate.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
- ******************************************************************************/
-package net.sf.taverna.t2.security.credentialmanager;
-
-
-/**
- * A parsed Distinguished Name with getters for parts.
- *
- * @author Alex Nenadic
- * @author Stian Soiland-Reyes
- * @author Christian Brenninkmeijer
- */
-public interface ParsedDistinguishedName {
-
- /**
- *
- * @return The common name
- */
- public String getCN();
-
- /**
- *
- * @return The Email address
- */
- public String getEmailAddress();
-
- /**
- *
- * @return The organizational unit name
- */
- public String getOU();
-
- /**
- *
- * @return The organization name
- */
- public String getO();
-
- /**
- *
- * @return The locality name
- */
- public String getL();
-
- /**
- *
- * @return The state or province name
- */
- public String getST();
-
- /**
- *
- * @return The country name
- */
- public String getC();
-}
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/d5b1c811/taverna-credential-manager/src/main/java/net/sf/taverna/t2/security/credentialmanager/ServiceUsernameAndPasswordProvider.java
----------------------------------------------------------------------
diff --git a/taverna-credential-manager/src/main/java/net/sf/taverna/t2/security/credentialmanager/ServiceUsernameAndPasswordProvider.java b/taverna-credential-manager/src/main/java/net/sf/taverna/t2/security/credentialmanager/ServiceUsernameAndPasswordProvider.java
deleted file mode 100644
index 5a0835a..0000000
--- a/taverna-credential-manager/src/main/java/net/sf/taverna/t2/security/credentialmanager/ServiceUsernameAndPasswordProvider.java
+++ /dev/null
@@ -1,64 +0,0 @@
-/*******************************************************************************
- * Copyright (C) 2008-2010 The University of Manchester
- *
- * Modifications to the initial code base are copyright of their
- * respective authors, or their employers as appropriate.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
- ******************************************************************************/
-package net.sf.taverna.t2.security.credentialmanager;
-
-import java.net.URI;
-
-/**
- * Defines an interface for providing a username and password for a service to
- * be invoked as part of a workflow run.
- * <p>
- * Used by Credential Manager when looking up the username and password for the
- * service in its Keystore - if it cannot find anything it will loop through all
- * providers until one can provide them. If none can, the service invocation
- * will (most probably) fail.
- * <p>
- * A typical implementation of this class would pop up a dialog and ask the user
- * for the password. Such providers should check
- * {@link GraphicsEnvironment#isHeadless()} before returning to avoid attempts
- * to pop up dialogues on server/headless installations.
- *
- * @see CredentialManager
- * @author Alex Nenadic
- * @author Stian Soiland-Reyes
- */
-public interface ServiceUsernameAndPasswordProvider {
- /**
- * Get the username and password pair for the given service URI.
- *
- * @param serviceURI
- * The service we are looking username and password for
- * @param requestMessage
- * The message to be presented to the user when asking for the
- * username and password, normally useful for UI providers that
- * pop up dialogs, can be ignored otherwise
- * @return the username and password pair for the given service URI, or
- * <tt>null</tt> if the provider does not know for this URI.
- */
- UsernamePassword getServiceUsernameAndPassword(URI serviceURI,
- String requestMessage);
-
- /**
- * Set the username and password pair for the given service URI.
- */
- void setServiceUsernameAndPassword(URI serviceURI,
- UsernamePassword usernamePassword);
-}
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/d5b1c811/taverna-credential-manager/src/main/java/net/sf/taverna/t2/security/credentialmanager/TrustConfirmationProvider.java
----------------------------------------------------------------------
diff --git a/taverna-credential-manager/src/main/java/net/sf/taverna/t2/security/credentialmanager/TrustConfirmationProvider.java b/taverna-credential-manager/src/main/java/net/sf/taverna/t2/security/credentialmanager/TrustConfirmationProvider.java
deleted file mode 100644
index ca6af82..0000000
--- a/taverna-credential-manager/src/main/java/net/sf/taverna/t2/security/credentialmanager/TrustConfirmationProvider.java
+++ /dev/null
@@ -1,56 +0,0 @@
-package net.sf.taverna.t2.security.credentialmanager;
-
-import java.security.cert.X509Certificate;
-
-/**
- * Defines an interface for providing ways to confirm/decline trust in a given
- * service (i.e. its public key certificate).
- * <p>
- * Used by Credential Manager when looking up the username and password for the
- * service in its Keystore - if it cannot find anything it will loop through all
- * providers until one can provide them. If none can, the service invocation
- * will (most probably) fail.
- * <p>
- * A typical implementation of this class would pop up a dialog and ask the user
- * for the password. Such providers should check
- * {@link GraphicsEnvironment#isHeadless()} before returning to avoid attempts
- * to pop up dialogues on server/headless installations.
- * <p>
- * It is safe to return <code>null</code> if the provider does not have an
- * opinion.
- *
- * @see CredentialManager
- * @author Alex Nenadic
- * @author Stian Soiland-Reyes
- *
- */
-public interface TrustConfirmationProvider {
- /**
- * If the given public key certificate should be trusted or not.
- * <p>
- * This method is called when a SSL connection is attempted to a service
- * which certificate could not be confirmed using the Credential Manager's
- * Truststore (i.e. it could not be found there).
- * <p>
- * A typical implementation of this class would pop up a dialog and ask the
- * user if they want to trust the service. Such providers should check
- * {@link GraphicsEnvironment#isHeadless()} before returning to avoid
- * attempts to pop up dialogues on server/headless installations.
- * <p>
- * The provider can return <code>null</code> if it does not have an opinion
- * whether the certificate should be trusted or not (in which case other
- * providers will be asked), or an instance of {@link TrustConfirmation}
- * confirming or denying if the certificate is to be trusted.
- * <p>
- * If the provider returns <code>true</code>, the Credential Manager will
- * also save the first certificate of the certificate chain (chain[0]) in
- * its Truststore so the user will not be asked next time.
- *
- * @param chain
- * X509 certificate chain to confirm whether it is trusted or not
- * @return <code>null</code> if the provider does not have an opinion,
- * <code>true</code> if certificate is to be trusted and
- * <code>false</code> if not.
- */
- public Boolean shouldTrustCertificate(X509Certificate[] chain);
-}
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/d5b1c811/taverna-credential-manager/src/main/java/net/sf/taverna/t2/security/credentialmanager/UsernamePassword.java
----------------------------------------------------------------------
diff --git a/taverna-credential-manager/src/main/java/net/sf/taverna/t2/security/credentialmanager/UsernamePassword.java b/taverna-credential-manager/src/main/java/net/sf/taverna/t2/security/credentialmanager/UsernamePassword.java
deleted file mode 100644
index a5ee1a7..0000000
--- a/taverna-credential-manager/src/main/java/net/sf/taverna/t2/security/credentialmanager/UsernamePassword.java
+++ /dev/null
@@ -1,90 +0,0 @@
-/*******************************************************************************
- * Copyright (C) 2007 The University of Manchester
- *
- * Modifications to the initial code base are copyright of their
- * respective authors, or their employers as appropriate.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
- ******************************************************************************/
-package net.sf.taverna.t2.security.credentialmanager;
-
-import java.util.Arrays;
-
-/**
- *
- * @author Stian Soiland-Reyes
- */
-public class UsernamePassword {
- private char[] password;
- private boolean shouldSave = false;
- private String username;
-
- @Override
- public UsernamePassword clone() {
- UsernamePassword up = new UsernamePassword();
- up.setUsername(getUsername());
- up.setPassword(getPassword().clone());
- up.setShouldSave(isShouldSave());
- return up;
- }
-
- public UsernamePassword() {
- }
-
- public UsernamePassword(String username, String password) {
- this.username = username;
- this.password = password.toCharArray();
- }
-
- public char[] getPassword() {
- return password;
- }
-
- public String getPasswordAsString() {
- return String.valueOf(password);
- }
-
- public String getUsername() {
- return username;
- }
-
- public boolean isShouldSave() {
- return shouldSave;
- }
-
- public void resetPassword() {
- if (this.password == null)
- return;
- Arrays.fill(this.password, '\u0000');
- }
-
- public void setPassword(char[] password) {
- resetPassword();
- this.password = password;
- }
-
- public void setShouldSave(boolean shouldSave) {
- this.shouldSave = shouldSave;
- }
-
- public void setUsername(String username) {
- this.username = username;
- }
-
- @Override
- protected void finalize() throws Throwable {
- resetPassword();
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/d5b1c811/taverna-credential-manager/src/main/java/org/apache/taverna/security/credentialmanager/CMException.java
----------------------------------------------------------------------
diff --git a/taverna-credential-manager/src/main/java/org/apache/taverna/security/credentialmanager/CMException.java b/taverna-credential-manager/src/main/java/org/apache/taverna/security/credentialmanager/CMException.java
new file mode 100644
index 0000000..1cb1514
--- /dev/null
+++ b/taverna-credential-manager/src/main/java/org/apache/taverna/security/credentialmanager/CMException.java
@@ -0,0 +1,61 @@
+/*******************************************************************************
+ * Copyright (C) 2007 The University of Manchester
+ *
+ * Modifications to the initial code base are copyright of their
+ * respective authors, or their employers as appropriate.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
+ ******************************************************************************/
+package org.apache.taverna.security.credentialmanager;
+
+/**
+ * Represents a (cryptographic or any other) exception thrown by Credential
+ * Manager.
+ *
+ * @author Alexandra Nenadic
+ */
+public class CMException extends Exception {
+
+ private static final long serialVersionUID = 3885885604048806903L;
+
+ /**
+ * Creates a new CMException.
+ */
+ public CMException() {
+ super();
+ }
+
+ /**
+ * Creates a new CMException with the specified message.
+ */
+ public CMException(String message) {
+ super(message);
+ }
+
+ /**
+ * Creates a new CMException with the specified message and cause.
+ *
+ */
+ public CMException(String message, Throwable cause) {
+ super(message, cause);
+ }
+
+ /**
+ * Creates a new CMException with the specified cause throwable.
+ */
+ public CMException(Throwable cause) {
+ super(cause);
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/d5b1c811/taverna-credential-manager/src/main/java/org/apache/taverna/security/credentialmanager/CMNotInitialisedException.java
----------------------------------------------------------------------
diff --git a/taverna-credential-manager/src/main/java/org/apache/taverna/security/credentialmanager/CMNotInitialisedException.java b/taverna-credential-manager/src/main/java/org/apache/taverna/security/credentialmanager/CMNotInitialisedException.java
new file mode 100644
index 0000000..48e4e6f
--- /dev/null
+++ b/taverna-credential-manager/src/main/java/org/apache/taverna/security/credentialmanager/CMNotInitialisedException.java
@@ -0,0 +1,45 @@
+/*******************************************************************************
+ * Copyright (C) 2007 The University of Manchester
+ *
+ * Modifications to the initial code base are copyright of their
+ * respective authors, or their employers as appropriate.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
+ ******************************************************************************/
+package org.apache.taverna.security.credentialmanager;
+
+/**
+ * Represents an exception thrown by Credential Manager if an application tries
+ * to invoke certain methods on it before it has been initialised.
+ *
+ * @author Alex Nenadic
+ */
+public class CMNotInitialisedException extends Exception {
+ private static final long serialVersionUID = 6041577726294822985L;
+
+ /**
+ * Creates a new CMNotInitialisedException.
+ */
+ public CMNotInitialisedException() {
+ super();
+ }
+
+ /**
+ * Creates a new CMNotInitialisedException with the specified message.
+ */
+ public CMNotInitialisedException(String message) {
+ super(message);
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/d5b1c811/taverna-credential-manager/src/main/java/org/apache/taverna/security/credentialmanager/CredentialManager.java
----------------------------------------------------------------------
diff --git a/taverna-credential-manager/src/main/java/org/apache/taverna/security/credentialmanager/CredentialManager.java b/taverna-credential-manager/src/main/java/org/apache/taverna/security/credentialmanager/CredentialManager.java
new file mode 100644
index 0000000..d41d6e7
--- /dev/null
+++ b/taverna-credential-manager/src/main/java/org/apache/taverna/security/credentialmanager/CredentialManager.java
@@ -0,0 +1,415 @@
+/*******************************************************************************
+ * Copyright (C) 2008-2014 The University of Manchester
+ *
+ * Modifications to the initial code base are copyright of their
+ * respective authors, or their employers as appropriate.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
+ ******************************************************************************/
+package org.apache.taverna.security.credentialmanager;
+
+import java.io.File;
+import java.net.Authenticator;
+import java.net.URI;
+import java.security.Key;
+import java.security.KeyStore;
+import java.security.cert.Certificate;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.net.ssl.SSLSocketFactory;
+
+import net.sf.taverna.t2.lang.observer.Observer;
+
+/**
+ * Provides a wrapper for Taverna's Keystore and Truststore and implements
+ * methods for managing user's credentials (passwords, private/proxy key pairs)
+ * and credentials of trusted services and CAs' (i.e. their public key
+ * certificates).
+ * <p>
+ * Keystore and Truststore are Bouncy Castle UBER-type keystores saved as files
+ * called "taverna-keystore.ubr" and "taverna-truststore.ubr" respectively. In
+ * the case of the Workbench, they are located in a directory called "security"
+ * inside the taverna.home directory. This location can be changed, e.g. in the
+ * case of the server and command line tool you may want to pass in the location
+ * of the Credential Manager's files.
+ *
+ * @author Alex Nenadic
+ * @author Stian Soiland-Reyes
+ */
+public interface CredentialManager {
+
+ public static final String KEYSTORE_FILE_NAME = "taverna-keystore.ubr";
+ public static final String TRUSTSTORE_FILE_NAME = "taverna-truststore.ubr";
+
+ public static final String UTF_8 = "UTF-8";
+
+ public static final String PROPERTY_TRUSTSTORE = "javax.net.ssl.trustStore";
+ public static final String PROPERTY_TRUSTSTORE_PASSWORD = "javax.net.ssl.trustStorePassword";
+ public static final String PROPERTY_KEYSTORE = "javax.net.ssl.keyStore";
+ public static final String PROPERTY_KEYSTORE_PASSWORD = "javax.net.ssl.keyStorePassword";
+ public static final String PROPERTY_KEYSTORE_TYPE = "javax.net.ssl.keyStoreType";
+ public static final String PROPERTY_KEYSTORE_PROVIDER = "javax.net.ssl.keyStoreProvider";
+ public static final String PROPERTY_TRUSTSTORE_TYPE = "javax.net.ssl.trustStoreType";
+ public static final String PROPERTY_TRUSTSTORE_PROVIDER = "javax.net.ssl.trustStoreProvider";
+
+ // Existence of the file with this name in the Credential Manager folder
+ // indicates the we have deleted the revoked certificates from some of our services -
+ // BioCatalogue, BiodiversityCatalogue, heater.
+ public static final String CERTIFICATES_REVOKED_INDICATOR_FILE_NAME = "certificates_revoked";
+
+ /*
+ * ASCII NUL character - for separating the username from the rest of the
+ * string when saving it in the Keystore. Seems like a good separator as it
+ * will highly unlikely feature in a username.
+ */
+ public static final char USERNAME_AND_PASSWORD_SEPARATOR_CHARACTER = '\u0000';
+
+ /*
+ * Constants denoting which of the two Credential Manager's keystores
+ * (Keystore or Truststore) we are currently performing an operation on (in
+ * cases when the same operation can be done on both).
+ */
+ public static enum KeystoreType {
+ KEYSTORE, TRUSTSTORE
+ };
+
+ /*
+ * Existence of this file in the Credential Manager folder indicates the
+ * user has set the master password so do not use the default password
+ */
+ public static final String USER_SET_MASTER_PASSWORD_INDICATOR_FILE_NAME = "user_set_master_password";
+
+ /*
+ * Default password for Truststore - needed as the Truststore needs to be
+ * populated before the Workbench starts up to initiate the SSLSocketFactory
+ * and to avoid popping up a dialog to ask the user for it.
+ */
+ // private static final String TRUSTSTORE_PASSWORD = "Tu/Ap%2_$dJt6*+Rca9v";
+
+ /**
+ * Set the directory where Credential Manager's Keystore and Truststore
+ * files will be read from. If this method is not used, the directory will
+ * default to <TAVERNA_HOME>/security somewhere in user's home directory.
+ *
+ * If you want to use this method to change the location of Credential
+ * Manager's configuration directory then make sure you call it before any
+ * other method on Credential Manager.
+ *
+ * @param credentialManagerDirectory
+ * @throws CMException
+ */
+ void setConfigurationDirectoryPath(File credentialManagerDirectory)
+ throws CMException;
+
+ /**
+ * Checks if the Keystore contains a username and password for the given
+ * service URI.
+ */
+ boolean hasUsernamePasswordForService(URI serviceURI) throws CMException;
+
+ /**
+ * Get a username and password pair for the given service's URI, or null if
+ * it does not exit.
+ * <p>
+ * If the username and password are not available in the Keystore, it will
+ * invoke implementations of the {@link ServiceUsernameAndPasswordProvider}
+ * interface asking the user (typically through the UI) or resolving
+ * hard-coded credentials.
+ * <p>
+ * If the parameter <code>useURIPathRecursion</code> is true, then the
+ * Credential Manager will also attempt to look for stored credentials for
+ * each of the parent fragments of the URI.
+ *
+ * @param serviceURI
+ * The URI of the service for which we are providing the username
+ * and password
+ *
+ * @param useURIPathRecursion
+ * Whether to look for any username and passwords stored in the
+ * Keystore for the parent fragments of the service URI (for
+ * example, we are looking for the credentials for service
+ * http://somehost/some-fragment but we already have credentials
+ * stored for http://somehost which can be reused)
+ *
+ * @param requestingMessage
+ * The message to be presented to the user when asking for the
+ * username and password, normally useful for UI providers that
+ * pop up dialogs, can be ignored otherwise
+ *
+ * @return username and password pair for the given service
+ *
+ * @throws CMException
+ * if anything goes wrong during Keystore lookup, etc.
+ */
+ UsernamePassword getUsernameAndPasswordForService(URI serviceURI,
+ boolean useURIPathRecursion, String requestingMessage)
+ throws CMException;
+
+ /**
+ * Insert a username and password pair for the given service URI in the
+ * Keystore.
+ * <p>
+ * Effectively, this method inserts a new secret key entry in the Keystore,
+ * where key contains <USERNAME>"\000"<PASSWORD> string, i.e. password is
+ * prepended with the username and separated by a \000 character (which
+ * hopefully will not appear in the username).
+ * <p>
+ * Username and password string is saved in the Keystore as byte array using
+ * SecretKeySpec (which constructs a secret key from the given byte array
+ * but does not check if the given bytes indeed specify a secret key of the
+ * specified algorithm).
+ * <p>
+ * An alias used to identify the username and password entry is constructed
+ * as "password#"<SERVICE_URL> using the service URL this username/password
+ * pair is to be used for.
+ *
+ * @param usernamePassword
+ * The {@link UsernamePassword} to store
+ * @param serviceURI
+ * The (possibly normalized) URI to store the credentials under
+ * @return TODO
+ * @throws CMException
+ * If the credentials could not be stored
+ *
+ * @return the alias under which this username and password entry was saved
+ * in the Keystore
+ */
+ String addUsernameAndPasswordForService(UsernamePassword usernamePassword,
+ URI serviceURI) throws CMException;
+
+ /**
+ * Delete a username and password pair for the given service URI from the
+ * Keystore.
+ */
+ void deleteUsernameAndPasswordForService(URI serviceURI) throws CMException;
+
+ /**
+ * Checks if the Keystore contains the given key pair entry (private key and
+ * its corresponding public key certificate chain).
+ */
+ public boolean hasKeyPair(Key privateKey, Certificate[] certs)
+ throws CMException;
+
+ /**
+ * Insert a new key entry containing private key and the corresponding
+ * public key certificate chain in the Keystore.
+ *
+ * An alias used to identify the keypair entry is constructed as:
+ * "keypair#"<CERT_SUBJECT_COMMON_NAME>"#"<CERT_ISSUER_COMMON_NAME>"#"<
+ * CERT_SERIAL_NUMBER>
+ *
+ * @return the alias under which this key entry was saved in the Keystore
+ */
+ String addKeyPair(Key privateKey, Certificate[] certs) throws CMException;
+
+ /**
+ * Delete a key pair entry from the Keystore given its alias.
+ */
+ void deleteKeyPair(String alias) throws CMException;
+
+ /**
+ * Delete a key pair entry from the Keystore given its private and public
+ * key parts.
+ */
+ void deleteKeyPair(Key privateKey, Certificate[] certs) throws CMException;
+
+ /**
+ * Create a Keystore alias that would be used for adding the given key pair
+ * (private and public key) entry to the Keystore. The alias is cretaed as
+ * "keypair#"<CERT_SUBJECT_COMMON_NAME>"#"<CERT_ISSUER_COMMON_NAME>"#"<
+ * CERT_SERIAL_NUMBER>
+ *
+ * @param privateKey
+ * private key
+ * @param certs
+ * public key's certificate chain
+ * @return
+ */
+ String createKeyPairAlias(Key privateKey, Certificate certs[]);
+
+ /**
+ * Export a key entry containing private key and public key certificate
+ * chain from the Keystore to a PKCS #12 file.
+ */
+ void exportKeyPair(String alias, File exportFile, String pkcs12Password)
+ throws CMException;
+
+ /**
+ * Get certificate entry from the Keystore or Truststore. If the given alias
+ * name identifies a trusted certificate entry, the certificate associated
+ * with that entry is returned from the Truststore. If the given alias name
+ * identifies a key pair entry, the first element of the certificate chain
+ * of that entry is returned from the Keystore.
+ */
+ Certificate getCertificate(KeystoreType ksType, String alias)
+ throws CMException;
+
+ /**
+ * Get certificate chain for the key pair entry from the Keystore given its
+ * alias.
+ * <p>
+ * This method works for the Keystore only as the Truststore does not
+ * contain key pair entries, but trusted certificate entries only.
+ */
+ Certificate[] getKeyPairsCertificateChain(String alias) throws CMException;
+
+ /**
+ * Get the private key part of a key pair entry from the Keystore given its
+ * alias.
+ * <p>
+ * This method works for the Keystore only as the Truststore does not
+ * contain key pair entries, but trusted certificate entries only.
+ */
+ Key getKeyPairsPrivateKey(String alias) throws CMException;
+
+ /**
+ * Checks if the Truststore contains the given public key certificate.
+ */
+ boolean hasTrustedCertificate(Certificate cert) throws CMException;
+
+ /**
+ * Insert a trusted certificate entry in the Truststore with an alias
+ * constructed as:
+ *
+ * "trustedcert#<CERT_SUBJECT_COMMON_NAME>"#"<CERT_ISSUER_COMMON_NAME>"#
+ * "<CERT_SERIAL_NUMBER>
+ *
+ * @return the alias under which this trusted certificate entry was saved in
+ * the Keystore
+ */
+ String addTrustedCertificate(X509Certificate cert) throws CMException;
+
+ /**
+ * Delete a trusted certificate entry from the Truststore given its alias.
+ */
+ void deleteTrustedCertificate(String alias) throws CMException;
+
+ /**
+ * Delete a trusted certificate entry from the Truststore given the
+ * certificate.
+ */
+ void deleteTrustedCertificate(X509Certificate cert) throws CMException;
+
+ /**
+ * Create a Truststore alias that would be used for adding the given trusted
+ * X509 certificate to the Truststore. The alias is cretaed as
+ * "trustedcert#"<CERT_SUBJECT_COMMON_NAME>"#"<CERT_ISSUER_COMMON_NAME>"#"<
+ * CERT_SERIAL_NUMBER>
+ *
+ * @param cert
+ * certificate to generate the alias for
+ * @return the alias for the given certificate
+ */
+ String createTrustedCertificateAlias(X509Certificate cert);
+
+ /**
+ * Check if the given alias identifies a key entry in the Keystore.
+ */
+ boolean isKeyEntry(String alias) throws CMException;
+
+ /**
+ * Check if the Keystore/Truststore contains an entry with the given alias.
+ */
+ boolean hasEntryWithAlias(KeystoreType ksType, String alias)
+ throws CMException;
+
+ /**
+ * Get all the aliases from the Keystore/Truststore or null if there was
+ * some error while accessing it.
+ */
+ ArrayList<String> getAliases(KeystoreType ksType) throws CMException;
+
+ /**
+ * Get service URIs associated with all username/password pairs currently in
+ * the Keystore.
+ *
+ * @see #hasUsernamePasswordForService(URI)
+ */
+ List<URI> getServiceURIsForAllUsernameAndPasswordPairs() throws CMException;
+
+ /**
+ * Load a PKCS12-type keystore from a file using the supplied password.
+ */
+ KeyStore loadPKCS12Keystore(File pkcs12File, String pkcs12Password)
+ throws CMException;
+
+ /**
+ * Add an observer of the changes to the Keystore or Truststore.
+ */
+ void addObserver(Observer<KeystoreChangedEvent> observer);
+
+ /**
+ * Get all current observers of changes to the Keystore or Truststore.
+ */
+ List<Observer<KeystoreChangedEvent>> getObservers();
+
+ /**
+ * Remove an observer of the changes to the Keystore or Truststore.
+ */
+ void removeObserver(Observer<KeystoreChangedEvent> observer);
+
+ /**
+ * Checks if Keystore's master password is the same as the one provided.
+ *
+ * @param password
+ * @return
+ * @throws CMException
+ */
+ boolean confirmMasterPassword(String password) throws CMException;
+
+ /**
+ * Change the Keystore and the Truststore's master password to the one
+ * provided. The Keystore and Truststore both use the same password.
+ */
+ void changeMasterPassword(String newPassword) throws CMException;
+
+ /**
+ * Reset the JVMs cache for authentication like HTTP Basic Auth.
+ * <p>
+ * Note that this method uses undocumented calls to
+ * <code>sun.net.www.protocol.http.AuthCacheValue</code> which might not be
+ * valid in virtual machines other than Sun Java 6. If these calls fail,
+ * this method will log the error and return <code>false</code>.
+ *
+ * @return <code>true</code> if the VMs cache could be reset, or
+ * <code>false</code> otherwise.
+ */
+ boolean resetAuthCache();
+
+ /**
+ * Set the default SSLContext to use Credential Manager's Keystore and
+ * Truststore for managing SSL connections from Taverna and also set
+ * HttpsURLConnection's default SSLSocketFactory to use the one from the
+ * just configured SSLContext, i.e. backed by Credential Manager's Keystore
+ * and Truststore.
+ *
+ * @throws CMException
+ */
+ void initializeSSL() throws CMException;
+
+ /**
+ * Get Taverna's SSLSocketFactory backed by Credential Manager's Keystore
+ * and Truststore.
+ *
+ * @return
+ * @throws CMException
+ */
+ SSLSocketFactory getTavernaSSLSocketFactory() throws CMException;
+
+ public Authenticator getAuthenticator();
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/d5b1c811/taverna-credential-manager/src/main/java/org/apache/taverna/security/credentialmanager/DistinguishedNameParser.java
----------------------------------------------------------------------
diff --git a/taverna-credential-manager/src/main/java/org/apache/taverna/security/credentialmanager/DistinguishedNameParser.java b/taverna-credential-manager/src/main/java/org/apache/taverna/security/credentialmanager/DistinguishedNameParser.java
new file mode 100644
index 0000000..8d21b29
--- /dev/null
+++ b/taverna-credential-manager/src/main/java/org/apache/taverna/security/credentialmanager/DistinguishedNameParser.java
@@ -0,0 +1,61 @@
+/*******************************************************************************
+ * Copyright (C) 2014 The University of Manchester
+ *
+ * Modifications to the initial code base are copyright of their
+ * respective authors, or their employers as appropriate.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
+ ******************************************************************************/
+package org.apache.taverna.security.credentialmanager;
+
+import java.io.File;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.security.cert.Certificate;
+import java.security.cert.X509Certificate;
+import uk.org.taverna.configuration.app.ApplicationConfiguration;
+
+/**
+ * Methods for parsing Distinguished Names and various associated utility methods.
+ *
+ * @author Alex Nenadic
+ * @author Stian Soiland-Reyes
+ * @author Christian Brenninkmeijer
+ */
+public interface DistinguishedNameParser {
+
+ /**
+ * Parses a DN string and fills in fields with DN parts.
+ */
+ public ParsedDistinguishedName parseDN(String DNstr);
+
+ public String getMessageDigestAsFormattedString(byte[] certBinaryEncoding, String shA1);
+
+ /**
+ * Convert the certificate object into an X509Certificate object.
+ */
+ public X509Certificate convertCertificate(Certificate certificate) throws CMException;
+
+ public URI setUserInfoForURI(URI uri, String userinfo) throws URISyntaxException;
+
+ public URI setFragmentForURI(URI uri, String userinfo) throws URISyntaxException;
+
+ /**
+ * Get the configuration directory where the security stuff will be/is saved
+ * to.
+ */
+ public File getCredentialManagerDefaultDirectory(ApplicationConfiguration applicationConfiguration);
+
+ }
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/d5b1c811/taverna-credential-manager/src/main/java/org/apache/taverna/security/credentialmanager/JavaTruststorePasswordProvider.java
----------------------------------------------------------------------
diff --git a/taverna-credential-manager/src/main/java/org/apache/taverna/security/credentialmanager/JavaTruststorePasswordProvider.java b/taverna-credential-manager/src/main/java/org/apache/taverna/security/credentialmanager/JavaTruststorePasswordProvider.java
new file mode 100644
index 0000000..72a912c
--- /dev/null
+++ b/taverna-credential-manager/src/main/java/org/apache/taverna/security/credentialmanager/JavaTruststorePasswordProvider.java
@@ -0,0 +1,73 @@
+/*******************************************************************************
+ * Copyright (C) 2008-2010 The University of Manchester
+ *
+ * Modifications to the initial code base are copyright of their
+ * respective authors, or their employers as appropriate.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
+ ******************************************************************************/
+package org.apache.taverna.security.credentialmanager;
+
+/**
+ * Defines an interface for providing a password for Java's default truststore
+ * located in JAVA_HOME/lib/security/cacerts.
+ * <p>
+ * Used by Credential Manager when trying to copy the trusted certificates from the
+ * Java's default truststore into the Credential Manageger's own Truststore. It will
+ * first try the default Java passwords and then if they do not work - it will loop
+ * through all the providers until one can provide the password. If none
+ * can, the certificates will not be copied.
+ * <p>
+ * A typical implementation of this class would pop up a dialog
+ * and ask the user for the password. Such providers should check
+ * {@link GraphicsEnvironment#isHeadless()} before returning to avoid
+ * attempts to pop up dialogues on server/headless installations.
+ * <p>
+ * It is safe to return <code>null</code> if the provider does not have an
+ * opinion.
+ *
+ * @see CredentialManagerOld
+ * @author Alex Nenadic
+ * @author Stian Soiland-Reyes
+ *
+ */
+public interface JavaTruststorePasswordProvider {
+
+ /**
+ * Get the Java truststore password.
+ * <p>
+ * This method will only be called if the provider returned
+ * <code>true</code> from {@link #canProvideJavaTruststorePassword()}.
+ * <p>
+ * This method will be called when initialising the Credential Manager
+ * for the first time, in the cases where the Java truststore password has
+ * been changed from the VM default. The Credential Manager will need this
+ * password to unlock the Java truststore and copy the trusted certificate
+ * into the Credential Managers's own Truststore.
+ * <p>
+ * Generally only advanced users would change this password.
+ *
+ * @return The Java truststore password, or <code>null</code> if not
+ * available (for instance if user action was cancelled).
+ */
+ public String getJavaTruststorePassword();
+
+ /**
+ * Set the Java truststore password.
+ * @param password to set
+ */
+ public void setJavaTruststorePassword(String password);
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/d5b1c811/taverna-credential-manager/src/main/java/org/apache/taverna/security/credentialmanager/KeystoreChangedEvent.java
----------------------------------------------------------------------
diff --git a/taverna-credential-manager/src/main/java/org/apache/taverna/security/credentialmanager/KeystoreChangedEvent.java b/taverna-credential-manager/src/main/java/org/apache/taverna/security/credentialmanager/KeystoreChangedEvent.java
new file mode 100644
index 0000000..677fac4
--- /dev/null
+++ b/taverna-credential-manager/src/main/java/org/apache/taverna/security/credentialmanager/KeystoreChangedEvent.java
@@ -0,0 +1,39 @@
+/*******************************************************************************
+ * Copyright (C) 2007 The University of Manchester
+ *
+ * Modifications to the initial code base are copyright of their
+ * respective authors, or their employers as appropriate.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
+ ******************************************************************************/
+package org.apache.taverna.security.credentialmanager;
+
+import org.apache.taverna.security.credentialmanager.CredentialManager.KeystoreType;
+
+/**
+ * An event given to {@link CredentialManagerOld} observers registered using
+ * {@link Observable#addObserver(net.sf.taverna.t2.lang.observer.Observer)} to
+ * let them know the Keystore or Truststore have been changed.
+ *
+ * @author Alex Nenadic
+ */
+public class KeystoreChangedEvent {
+ // Whether the change is on the Keystore or the Truststore
+ public final KeystoreType keystoreType;
+
+ public KeystoreChangedEvent(KeystoreType keystoreType) {
+ this.keystoreType = keystoreType;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/d5b1c811/taverna-credential-manager/src/main/java/org/apache/taverna/security/credentialmanager/MasterPasswordProvider.java
----------------------------------------------------------------------
diff --git a/taverna-credential-manager/src/main/java/org/apache/taverna/security/credentialmanager/MasterPasswordProvider.java b/taverna-credential-manager/src/main/java/org/apache/taverna/security/credentialmanager/MasterPasswordProvider.java
new file mode 100644
index 0000000..ca7e5ea
--- /dev/null
+++ b/taverna-credential-manager/src/main/java/org/apache/taverna/security/credentialmanager/MasterPasswordProvider.java
@@ -0,0 +1,112 @@
+/*******************************************************************************
+ * Copyright (C) 2008-2010 The University of Manchester
+ *
+ * Modifications to the initial code base are copyright of their
+ * respective authors, or their employers as appropriate.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
+ ******************************************************************************/
+package org.apache.taverna.security.credentialmanager;
+
+import java.util.Comparator;
+
+/**
+ * Defines an interface for providing a master password for the Credential
+ * Manager. This master password is used to encrypt/decrypt the Credential
+ * Manager's Keystore/Truststore.
+ * <p>
+ * A typical implementation of this class would pop up a dialog to ask the user
+ * for the master password. Such providers should check
+ * {@link GraphicsEnvironment#isHeadless()} before returning, to avoid attempts
+ * to pop up dialogues on server/headless installations.
+ * <p>
+ * Another example may be to read the master password from a file or from
+ * command line parameters.
+ *
+ * @see CredentialManager
+ * @author Alex Nenadic
+ * @author Stian Soiland-Reyes
+ */
+public interface MasterPasswordProvider {
+
+ /**
+ * Get the master password for the Credential Manager.
+ * <p>
+ * This method will only be called if the provider returned
+ * <code>true</code> from {@link #canProvideMasterPassword()}.
+ * <p>
+ * If the parameter <code>firstTime</code> is <code>true</code>, this is a
+ * request for <em>setting</em> the master password, as the Keystore and
+ * Truststore have not been created yet.
+ *
+ * @see #canProvideMasterPassword()
+ * @param firstTime
+ * <code>true</code> if this is the first time the keystore is
+ * accessed, in which case the returned password will be used to
+ * encrypt the keystore. If <code>false</code>, the returned
+ * password will be used to decrypt (unlock) the keystore.
+ * @return The master password, or <code>null</code> if not available (user
+ * cancelled, etc.)
+ */
+ public String getMasterPassword(boolean firstTime);
+
+ /**
+ * Set the master password.
+ *
+ * @param password
+ * to set
+ */
+ public void setMasterPassword(String password);
+
+ /**
+ * Get the priority of this provider.
+ * <p>
+ * The providers with highest priority will be asked first, lower-priority
+ * providers will be asked only if the higher ones either return
+ * <code>false</code> on the canProvideMasterPassword() method, or return
+ * <code>null</code> on the corresponding actual request.
+ * <p>
+ * It is undetermined who will be asked first if providers have the same
+ * priority.
+ * <p>
+ * A typical priority for UI providers that pop up a dialog to as the user
+ * could be <code>100</code>, allowing server-side providers to override
+ * with priorities like <code>500</code>, or fall-back providers (say by
+ * reading system properties) to have a priority of <code>10</code>.
+ *
+ * @return The priority of this provider. Higher number means higher
+ * priority.
+ */
+ public int getProviderPriority();
+
+ /**
+ * Set the provider's priority that determines the order in which various
+ * master password providers will be invoked.
+ *
+ * @param priority
+ * provider's priority
+ */
+ // public void setProviderPriority(int priority);
+
+ public class ProviderComparator implements
+ Comparator<MasterPasswordProvider> {
+ @Override
+ public int compare(MasterPasswordProvider provider1,
+ MasterPasswordProvider provider2) {
+ return provider1.getProviderPriority()
+ - provider2.getProviderPriority();
+ }
+ }
+}