You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@taverna.apache.org by st...@apache.org on 2015/02/23 11:10:21 UTC
[46/54] [partial] incubator-taverna-engine git commit: Revert
"temporarily empty repository"
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/246a16e2/taverna-credential-manager-impl/src/test/java/net/sf/taverna/t2/security/credentialmanager/impl/CredentialManagerImplTest.java
----------------------------------------------------------------------
diff --git a/taverna-credential-manager-impl/src/test/java/net/sf/taverna/t2/security/credentialmanager/impl/CredentialManagerImplTest.java b/taverna-credential-manager-impl/src/test/java/net/sf/taverna/t2/security/credentialmanager/impl/CredentialManagerImplTest.java
new file mode 100644
index 0000000..931fa07
--- /dev/null
+++ b/taverna-credential-manager-impl/src/test/java/net/sf/taverna/t2/security/credentialmanager/impl/CredentialManagerImplTest.java
@@ -0,0 +1,872 @@
+/*******************************************************************************
+ * Copyright (C) 2008-2010 The University of Manchester
+ *
+ * Modifications to the initial code base are copyright of their
+ * respective authors, or their employers as appropriate.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
+ ******************************************************************************/
+package net.sf.taverna.t2.security.credentialmanager.impl;
+
+import static org.junit.Assert.*;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.net.URL;
+import java.security.Key;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.Security;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Enumeration;
+import java.util.List;
+import java.util.Random;
+
+import javax.net.ssl.SSLSocketFactory;
+
+import net.sf.taverna.t2.lang.observer.Observable;
+import net.sf.taverna.t2.lang.observer.Observer;
+import net.sf.taverna.t2.security.credentialmanager.CMException;
+import net.sf.taverna.t2.security.credentialmanager.CredentialManager;
+import net.sf.taverna.t2.security.credentialmanager.CredentialManager.KeystoreType;
+import net.sf.taverna.t2.security.credentialmanager.JavaTruststorePasswordProvider;
+import net.sf.taverna.t2.security.credentialmanager.KeystoreChangedEvent;
+import net.sf.taverna.t2.security.credentialmanager.MasterPasswordProvider;
+import net.sf.taverna.t2.security.credentialmanager.ServiceUsernameAndPasswordProvider;
+import net.sf.taverna.t2.security.credentialmanager.TrustConfirmationProvider;
+import net.sf.taverna.t2.security.credentialmanager.UsernamePassword;
+
+import org.apache.commons.io.FileUtils;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+/**
+ * Tests here should not require Java strong/unlimited cryptography policy to be installed,
+ * although if something goes wrong that is the first thing to be checked for.
+ *
+ * Java by default comes with the weak policy
+ * that disables the use of certain cryto algorithms and bigger key sizes. Although
+ * it is claimed that as of Java 6 the default policy is strong, we have seen otherwise,
+ * so make sure you install it.
+ *
+ * For Java 6, strong/unlimited cryptography policy can be downloaded
+ * (together with the installation instructions) from:
+ * http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html
+ *
+ * An empty Keystore/Truststore is created before each test so we always start afresh
+ * (see the setUp() method).
+ * s
+ * @author Alex Nenadic
+ *
+ */
+public class CredentialManagerImplTest {
+
+ private CredentialManagerImpl credentialManager;
+ private String masterPassword = "uber";
+ private DummyMasterPasswordProvider masterPasswordProvider;
+ private File credentialManagerDirectory;
+
+ private static UsernamePassword usernamePassword;
+ private static URI serviceURI;
+
+ private static Key privateKey;
+ private static Certificate[] privateKeyCertChain;
+ private static URL privateKeyFileURL = CredentialManagerImplTest.class.getResource(
+ "/security/test-private-key-cert.p12");
+ private static final String privateKeyAndPKCS12KeystorePassword = "test"; // password for the test PKCS#12 keystore in resources
+
+ private static X509Certificate trustedCertficate;
+ private static URL trustedCertficateFileURL = CredentialManagerImplTest.class.getResource(
+ "/security/google-trusted-certificate.pem");
+
+ private static Observer<KeystoreChangedEvent> keystoreChangedObserver;
+
+ /**
+ * @throws java.lang.Exception
+ */
+ @BeforeClass
+ public static void setUpBeforeClass() throws Exception {
+
+ // Just in case, add the BouncyCastle provider
+ // It gets added from the CredentialManagerImpl constructor as well
+ // but we may need some crypto operations before we invoke the Cred. Manager
+ Security.addProvider(new BouncyCastleProvider());
+
+ // Create a test username and password for a service
+ serviceURI = new URI("http://someservice");
+ usernamePassword = new UsernamePassword("testuser", "testpasswd");
+
+ // Load the test private key and its certificate
+ File privateKeyCertFile = new File(privateKeyFileURL.getPath());
+ KeyStore pkcs12Keystore = java.security.KeyStore.getInstance("PKCS12", "BC"); // We have to use the BC provider here as the certificate chain is not loaded if we use whichever provider is first in Java!!!
+ FileInputStream inStream = new FileInputStream(privateKeyCertFile);
+ pkcs12Keystore.load(inStream, privateKeyAndPKCS12KeystorePassword.toCharArray());
+ // KeyStore pkcs12Keystore = credentialManager.loadPKCS12Keystore(privateKeyCertFile, privateKeyPassword);
+ Enumeration<String> aliases = pkcs12Keystore.aliases();
+ while (aliases.hasMoreElements()) {
+ // The test-private-key-cert.p12 file contains only one private key
+ // and corresponding certificate entry
+ String alias = aliases.nextElement();
+ if (pkcs12Keystore.isKeyEntry(alias)) { // is it a (private) key entry?
+ privateKey = pkcs12Keystore.getKey(alias,
+ privateKeyAndPKCS12KeystorePassword.toCharArray());
+ privateKeyCertChain = pkcs12Keystore.getCertificateChain(alias);
+ break;
+ }
+ }
+ inStream.close();
+
+ // Load the test trusted certificate (belonging to *.Google.com)
+ File trustedCertFile = new File(trustedCertficateFileURL.getPath());
+ inStream = new FileInputStream(trustedCertFile);
+ CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
+ trustedCertficate = (X509Certificate) certFactory.generateCertificate(inStream);
+ try{
+ inStream.close();
+ }
+ catch (Exception e) {
+ // Ignore
+ }
+
+ keystoreChangedObserver = new Observer<KeystoreChangedEvent>() {
+
+ @Override
+ public void notify(Observable<KeystoreChangedEvent> sender,
+ KeystoreChangedEvent message) throws Exception {
+ // TODO Auto-generated method stub
+
+ }
+ };
+ }
+
+ /**
+ * @throws java.lang.Exception
+ */
+ @Before
+ public void setUp() throws Exception {
+
+ try {
+ credentialManager = new CredentialManagerImpl();
+ } catch (CMException e) {
+ System.out.println(e.getStackTrace());
+ }
+ Random randomGenerator = new Random();
+ String credentialManagerDirectoryPath = System
+ .getProperty("java.io.tmpdir")
+ + System.getProperty("file.separator")
+ + "taverna-security-"
+ + randomGenerator.nextInt(1000000);
+ System.out.println("Credential Manager's directory path: "
+ + credentialManagerDirectoryPath);
+ credentialManagerDirectory = new File(credentialManagerDirectoryPath);
+ try {
+ credentialManager
+ .setConfigurationDirectoryPath(credentialManagerDirectory);
+ } catch (CMException e) {
+ System.out.println(e.getStackTrace());
+ }
+
+ // Create the dummy master password provider
+ masterPasswordProvider = new DummyMasterPasswordProvider();
+ masterPasswordProvider.setMasterPassword(masterPassword);
+ List<MasterPasswordProvider> masterPasswordProviders = new ArrayList<MasterPasswordProvider>();
+ masterPasswordProviders.add(masterPasswordProvider);
+ credentialManager.setMasterPasswordProviders(masterPasswordProviders);
+
+ // Set an empty list for service username and password providers
+ credentialManager.setServiceUsernameAndPasswordProviders(new ArrayList<ServiceUsernameAndPasswordProvider>());
+
+ credentialManager.setJavaTruststorePasswordProviders(new ArrayList<JavaTruststorePasswordProvider>());
+
+ credentialManager.setTrustConfirmationProviders(new ArrayList<TrustConfirmationProvider>());
+
+ }
+
+ @After
+ // Clean up the credentialManagerDirectory we created for testing
+ public void cleanUp(){
+// assertTrue(credentialManagerDirectory.exists());
+// assertFalse(credentialManagerDirectory.listFiles().length == 0); // something was created there
+
+ if (credentialManagerDirectory.exists()){
+ try {
+ FileUtils.deleteDirectory(credentialManagerDirectory);
+ System.out.println("Deleting Credential Manager's directory: "
+ + credentialManagerDirectory.getAbsolutePath());
+ } catch (IOException e) {
+ System.out.println(e.getStackTrace());
+ }
+ }
+ }
+
+ /**
+ * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#CredentialManagerImpl()}.
+ * @throws CMException
+ */
+ @Test
+ public void testCredentialManagerImpl() throws CMException {
+ new CredentialManagerImpl();
+ }
+
+ /**
+ * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#getUsernameAndPasswordForService(java.net.URI, boolean, java.lang.String)}.
+ * @throws URISyntaxException
+ * @throws CMException
+ */
+ @Test
+ public void testGetUsernameAndPasswordForServiceURI() throws URISyntaxException, CMException {
+ // The Credential Manage's Keystore is empty so we should not be able to find anything initially
+ assertNull(credentialManager.getUsernameAndPasswordForService(serviceURI, false, ""));
+
+ credentialManager.addUsernameAndPasswordForService(usernamePassword,serviceURI);
+
+ UsernamePassword testUsernamePassword = credentialManager.getUsernameAndPasswordForService(serviceURI, false, "");
+ assertNotNull(testUsernamePassword);
+ assertTrue(Arrays.equals(usernamePassword.getPassword(), testUsernamePassword.getPassword()));
+ assertTrue(usernamePassword.getUsername().equals(testUsernamePassword.getUsername()));
+ }
+
+ /**
+ * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#addUsernameAndPasswordForService(net.sf.taverna.t2.security.credentialmanager.UsernamePassword, java.net.URI)}.
+ * @throws URISyntaxException
+ * @throws CMException
+ */
+ @Test
+ public void testAddUsernameAndPasswordForService() throws CMException, URISyntaxException {
+
+ String alias = credentialManager.addUsernameAndPasswordForService(usernamePassword,serviceURI);
+
+ UsernamePassword testUsernamePassword = credentialManager.getUsernameAndPasswordForService(serviceURI, false, "");
+ assertNotNull(testUsernamePassword);
+ assertTrue(credentialManager.hasEntryWithAlias(CredentialManager.KeystoreType.KEYSTORE, alias));
+ assertTrue(Arrays.equals(usernamePassword.getPassword(), testUsernamePassword.getPassword()));
+ assertTrue(usernamePassword.getUsername().equals(testUsernamePassword.getUsername()));
+ }
+
+ /**
+ * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#hasUsernamePasswordForService(java.net.URI)}.
+ * @throws CMException
+ */
+ @Test
+ public void testHasUsernamePasswordForService() throws CMException {
+
+ UsernamePassword testUsernamePassword = credentialManager.getUsernameAndPasswordForService(serviceURI, false, "");
+ assertNull(testUsernamePassword);
+
+ String alias = credentialManager.addUsernameAndPasswordForService(usernamePassword,serviceURI);
+ testUsernamePassword = credentialManager.getUsernameAndPasswordForService(serviceURI, false, "");
+ assertNotNull(testUsernamePassword);
+ assertTrue(credentialManager.hasEntryWithAlias(CredentialManager.KeystoreType.KEYSTORE, alias));
+ assertTrue(Arrays.equals(usernamePassword.getPassword(), testUsernamePassword.getPassword()));
+ assertTrue(usernamePassword.getUsername().equals(testUsernamePassword.getUsername()));
+ }
+
+ /**
+ * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#deleteUsernameAndPasswordForService(java.net.URI)}.
+ * @throws URISyntaxException
+ * @throws CMException
+ */
+ @Test
+ public void testDeleteUsernameAndPasswordForServiceURI() throws URISyntaxException, CMException {
+
+ // The Credential Manage's Keystore is empty initially so this should
+ // have no effect apart from initializing the Keystore/Truststore
+ credentialManager.deleteUsernameAndPasswordForService(serviceURI);
+
+ credentialManager.addUsernameAndPasswordForService(usernamePassword,serviceURI);
+ credentialManager.deleteUsernameAndPasswordForService(serviceURI);
+
+ assertNull(credentialManager.getUsernameAndPasswordForService(serviceURI, false, ""));
+ }
+
+ /**
+ * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#addKeyPair(java.security.Key, java.security.cert.Certificate[])}.
+ * @throws CMException
+ * @throws KeyStoreException
+ * @throws NoSuchAlgorithmException
+ * @throws UnrecoverableKeyException
+ * @throws IOException
+ * @throws FileNotFoundException
+ * @throws CertificateException
+ */
+ @Test
+ public void testAddKeyPair() throws CMException, KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException, CertificateException, FileNotFoundException, IOException {
+
+ String alias = credentialManager.addKeyPair(privateKey, privateKeyCertChain);
+ assertTrue(credentialManager.hasKeyPair(privateKey, privateKeyCertChain));
+ assertTrue(credentialManager.hasEntryWithAlias(CredentialManager.KeystoreType.KEYSTORE, alias));
+
+ credentialManager.deleteKeyPair(alias);
+ assertFalse(credentialManager.hasKeyPair(privateKey, privateKeyCertChain));
+ assertFalse(credentialManager.hasEntryWithAlias(CredentialManager.KeystoreType.KEYSTORE, alias));
+ }
+
+ /**
+ * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#hasKeyPair(java.security.Key, java.security.cert.Certificate[])}.
+ * @throws CMException
+ * @throws KeyStoreException
+ * @throws NoSuchAlgorithmException
+ * @throws UnrecoverableKeyException
+ * @throws IOException
+ * @throws FileNotFoundException
+ * @throws CertificateException
+ */
+ @Test
+ public void testHasKeyPair() throws CMException, KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException, CertificateException, FileNotFoundException, IOException {
+ assertFalse(credentialManager.hasKeyPair(privateKey, privateKeyCertChain));
+ credentialManager.addKeyPair(privateKey, privateKeyCertChain);
+ assertTrue(credentialManager.hasKeyPair(privateKey, privateKeyCertChain));
+ }
+
+ /**
+ * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#deleteKeyPair(java.lang.String)}.
+ * @throws CMException
+ * @throws KeyStoreException
+ * @throws NoSuchAlgorithmException
+ * @throws UnrecoverableKeyException
+ * @throws IOException
+ * @throws FileNotFoundException
+ * @throws CertificateException
+ */
+ @Test
+ public void testDeleteKeyPair() throws CMException, KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException, CertificateException, FileNotFoundException, IOException {
+ // The Credential Manage's Keystore is empty initially so this should
+ // have no effect apart from initializing the Keystore/Truststore
+ credentialManager.deleteKeyPair("somealias");
+
+ String alias = credentialManager.addKeyPair(privateKey, privateKeyCertChain);
+ credentialManager.deleteKeyPair(alias);
+ assertFalse(credentialManager.hasEntryWithAlias(CredentialManager.KeystoreType.KEYSTORE, alias));
+ }
+
+ /**
+ * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#deleteKeyPair(Key, Certificate[])}.
+ * @throws CMException
+ */
+ @Test
+ public void testDeleteKeyPair2() throws CMException, KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException, CertificateException, FileNotFoundException, IOException {
+ credentialManager.addKeyPair(privateKey, privateKeyCertChain);
+ assertTrue(credentialManager.hasKeyPair(privateKey, privateKeyCertChain));
+ credentialManager.deleteKeyPair(privateKey, privateKeyCertChain);
+ assertFalse(credentialManager.hasKeyPair(privateKey, privateKeyCertChain));
+ }
+
+ /**
+ * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#exportKeyPair(java.lang.String, java.io.File, java.lang.String)}.
+ * @throws CMException
+ * @throws KeyStoreException
+ * @throws NoSuchAlgorithmException
+ * @throws UnrecoverableKeyException
+ */
+ @Test
+ public void testExportKeyPair() throws CMException, KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException {
+ String alias = credentialManager.addKeyPair(privateKey, privateKeyCertChain);
+ File fileToExportTo = new File(credentialManagerDirectory, "test-export-key.p12");
+ credentialManager.exportKeyPair(alias, fileToExportTo, privateKeyAndPKCS12KeystorePassword);
+ assertTrue(fileToExportTo.exists());
+ // Load it back from the file we just saved
+ KeyStore ks = credentialManager.loadPKCS12Keystore(fileToExportTo, privateKeyAndPKCS12KeystorePassword);
+ Enumeration<String> aliases = ks.aliases();
+ Key newPrivateKey = null;
+ Certificate[] newPrivateKeyCerts = null;
+ while (aliases.hasMoreElements()) {
+ // The test-private-key-cert.p12 file contains only one private key
+ // and corresponding certificate entry
+ alias = aliases.nextElement();
+ if (ks.isKeyEntry(alias)) { // is it a (private) key entry?
+ newPrivateKey = ks.getKey(alias,
+ privateKeyAndPKCS12KeystorePassword.toCharArray());
+ newPrivateKeyCerts = ks.getCertificateChain(alias);
+ break;
+ }
+ }
+ assertNotNull(newPrivateKey);
+ assertNotNull(newPrivateKeyCerts);
+ //assertTrue(Arrays.equals(newPrivateKey.getEncoded(), privateKey.getEncoded()));
+ assertTrue(newPrivateKey.equals(privateKey));
+ assertTrue(Arrays.equals(newPrivateKeyCerts, privateKeyCertChain));
+ }
+
+ /**
+ * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#getCertificate(java.lang.String, java.lang.String)}.
+ * @throws CMException
+ */
+ @Test
+ public void testGetCertificate() throws CMException {
+ String alias = credentialManager.addKeyPair(privateKey, privateKeyCertChain);
+ // Get certificate from the Keystore associated with the private key we just inserted
+ Certificate privateKeyCertificate = credentialManager.getCertificate(CredentialManager.KeystoreType.KEYSTORE, alias);
+ assertNotNull(privateKeyCertificate);
+ assertTrue(privateKeyCertChain[0].equals(privateKeyCertificate));
+
+ // We should also have some trusted certificates in the Truststore
+ // Need to get their aliases
+ ArrayList<String> truststoreAliases = credentialManager.getAliases(CredentialManager.KeystoreType.TRUSTSTORE);
+ assertTrue(!truststoreAliases.isEmpty());
+ // Just get the first one
+ Certificate trustedCertificate = credentialManager.getCertificate(CredentialManager.KeystoreType.TRUSTSTORE, truststoreAliases.get(0));
+ assertNotNull(trustedCertificate);
+ }
+
+ /**
+ * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#getKeyPairsCertificateChain(java.lang.String)}.
+ * @throws CMException
+ */
+ @Test
+ public void testGetKeyPairCertificateChain() throws CMException {
+ String alias = credentialManager.addKeyPair(privateKey, privateKeyCertChain);
+ Certificate[] keyPairCertificateChain = credentialManager.getKeyPairsCertificateChain(alias);
+ assertNotNull(keyPairCertificateChain);
+ assertTrue(Arrays.equals(privateKeyCertChain, keyPairCertificateChain));
+ }
+
+ /**
+ * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#getKeyPairsPrivateKey(java.lang.String)}.
+ * @throws CMException
+ */
+ @Test
+ public void testGetKeyPairsPrivateKey() throws CMException {
+ String alias = credentialManager.addKeyPair(privateKey, privateKeyCertChain);
+ Key prvKey = credentialManager.getKeyPairsPrivateKey(alias);
+ assertNotNull(prvKey);
+ assertEquals(privateKey, prvKey);
+ }
+
+ /**
+ * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#addTrustedCertificate(java.security.cert.X509Certificate)}.
+ * @throws CMException
+ */
+ @Test
+ public void testAddTrustedCertificate() throws CMException {
+
+ String alias = credentialManager.addTrustedCertificate(trustedCertficate);
+ assertTrue(credentialManager.hasTrustedCertificate(trustedCertficate));
+ assertTrue(credentialManager.hasEntryWithAlias(CredentialManager.KeystoreType.TRUSTSTORE, alias));
+
+ credentialManager.deleteTrustedCertificate(alias);
+ assertFalse(credentialManager.hasTrustedCertificate(trustedCertficate));
+ assertFalse(credentialManager.hasEntryWithAlias(CredentialManager.KeystoreType.TRUSTSTORE, alias));
+ }
+
+ /**
+ * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#createTrustedCertificateAlias(java.security.cert.X509Certificate)}.
+ * @throws CMException
+ */
+ @Test
+ public void testGetX509CertificateAlias() throws CMException {
+
+ String alias = credentialManager.createTrustedCertificateAlias(trustedCertficate);
+ String alias2 = credentialManager.addTrustedCertificate(trustedCertficate);
+ assertEquals(alias, alias2);
+
+ }
+
+ /**
+ * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#deleteTrustedCertificate(java.lang.String)}.
+ * @throws CMException
+ */
+ @Test
+ public void testDeleteTrustedCertificate() throws CMException {
+ // The Credential Manage's Truststore is empty initially so this should
+ // have no effect apart from initializing the Keystore/Truststore
+ credentialManager.deleteTrustedCertificate("somealias");
+
+ String alias = credentialManager.addTrustedCertificate(trustedCertficate);
+ assertTrue(credentialManager.hasEntryWithAlias(CredentialManager.KeystoreType.TRUSTSTORE, alias));
+ credentialManager.deleteTrustedCertificate(alias);
+ assertFalse(credentialManager.hasTrustedCertificate(trustedCertficate));
+ assertFalse(credentialManager.hasEntryWithAlias(CredentialManager.KeystoreType.TRUSTSTORE, alias));
+ }
+
+ /**
+ * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#deleteTrustedCertificate(X509Certificate)}.
+ * @throws CMException
+ */
+ @Test
+ public void testDeleteTrustedCertificate2() throws CMException {
+
+ credentialManager.addTrustedCertificate(trustedCertficate);
+ assertTrue(credentialManager.hasTrustedCertificate(trustedCertficate));
+ credentialManager.deleteTrustedCertificate(trustedCertficate);
+ assertFalse(credentialManager.hasTrustedCertificate(trustedCertficate));
+ }
+
+ /**
+ * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#isKeyEntry(java.lang.String)}.
+ * @throws CMException
+ */
+ @Test
+ public void testIsKeyEntry() throws CMException {
+ // The Credential Manage's Keystore/Truststore is empty initially so this should
+ // have no effect apart from initializing them
+ // This should throw an exception
+ assertFalse(credentialManager.isKeyEntry("somealias"));
+
+ String aliasPassword = credentialManager.addUsernameAndPasswordForService(usernamePassword, serviceURI);
+ String aliasKeyPair = credentialManager.addKeyPair(privateKey, privateKeyCertChain);
+ String aliasTrustedCert = credentialManager.addTrustedCertificate(trustedCertficate);
+
+ assertTrue(credentialManager.isKeyEntry(aliasPassword)); // passwords are saves as symmetric key entries
+ assertTrue(credentialManager.isKeyEntry(aliasKeyPair));
+ assertFalse(credentialManager.isKeyEntry(aliasTrustedCert));
+ }
+
+ /**
+ * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#hasEntryWithAlias(java.lang.String, java.lang.String)}.
+ * @throws CMException
+ */
+ @Test
+ public void testHasEntryWithAlias() throws CMException {
+
+ String aliasTrustedCert = credentialManager.createTrustedCertificateAlias(trustedCertficate);
+ assertFalse(credentialManager.hasEntryWithAlias(KeystoreType.TRUSTSTORE, aliasTrustedCert));
+
+ String aliasTrustedCert2 = credentialManager.addTrustedCertificate(trustedCertficate);
+ assertTrue(credentialManager.hasEntryWithAlias(KeystoreType.TRUSTSTORE, aliasTrustedCert2));
+ }
+
+ /**
+ * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#getAliases(net.sf.taverna.t2.security.credentialmanager.CredentialManager.KeystoreType)}.
+ * @throws CMException
+ */
+ @Test
+ public void testGetAliases() throws CMException {
+
+ ArrayList<String> keystoreAliases = credentialManager.getAliases(KeystoreType.KEYSTORE);
+ ArrayList<String> truststoreAliases = credentialManager.getAliases(KeystoreType.TRUSTSTORE);
+
+ // Initially Keystore/Truststore is empty
+ assertTrue(keystoreAliases.isEmpty());
+
+ String aliasPassword = credentialManager.addUsernameAndPasswordForService(usernamePassword, serviceURI);
+ String aliasKeyPair = credentialManager.addKeyPair(privateKey, privateKeyCertChain);
+ String aliasTrustedCert = credentialManager.addTrustedCertificate(trustedCertficate);
+
+ keystoreAliases = credentialManager.getAliases(KeystoreType.KEYSTORE);
+ truststoreAliases = credentialManager.getAliases(KeystoreType.TRUSTSTORE);
+
+ assertTrue(keystoreAliases.size() == 2);
+ assertTrue(truststoreAliases.size() >= 1); // we at least have the one we inserted but could be more copied from Java's defauls truststore
+
+ assertTrue(keystoreAliases.contains(aliasPassword));
+ assertTrue(keystoreAliases.contains(aliasKeyPair));
+ assertTrue(truststoreAliases.contains(aliasTrustedCert));
+ }
+
+ /**
+ * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#getServiceURIsForAllUsernameAndPasswordPairs()}.
+ * @throws CMException
+ * @throws URISyntaxException
+ */
+ @Test
+ public void testGetServiceURIsForAllUsernameAndPasswordPairs() throws CMException, URISyntaxException {
+ // Initially empty so this
+ assertTrue(credentialManager.getServiceURIsForAllUsernameAndPasswordPairs().isEmpty());
+
+ credentialManager.addUsernameAndPasswordForService(usernamePassword, serviceURI);
+
+ URI serviceURI2 = new URI("http://someservice2");
+ UsernamePassword usernamePassword2 = new UsernamePassword("testuser2", "testpasswd2");
+ credentialManager.addUsernameAndPasswordForService(usernamePassword2, serviceURI2);
+
+ List<URI> serviceURIs = credentialManager.getServiceURIsForAllUsernameAndPasswordPairs();
+ assertTrue(credentialManager.getServiceURIsForAllUsernameAndPasswordPairs().size() == 2);
+ assertTrue(serviceURIs.contains(serviceURI));
+ assertTrue(serviceURIs.contains(serviceURI2));
+
+ }
+
+ /**
+ * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#loadPKCS12Keystore(java.io.File, java.lang.String)}.
+ * @throws CMException
+ * @throws KeyStoreException
+ * @throws NoSuchAlgorithmException
+ * @throws UnrecoverableKeyException
+ */
+ @Test
+ public void testLoadPKCS12Keystore() throws CMException, KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException {
+ KeyStore pkcs12Keystore = credentialManager.loadPKCS12Keystore(new File(privateKeyFileURL.getPath()), privateKeyAndPKCS12KeystorePassword);
+
+ Key privateKey2 = null;
+ Certificate[] privateKeyCertChain2 = null;
+
+ Enumeration<String> aliases = pkcs12Keystore.aliases();
+ while (aliases.hasMoreElements()) {
+ // The test-private-key-cert.p12 file contains only one private key
+ // and corresponding certificate entry
+ String alias = aliases.nextElement();
+ if (pkcs12Keystore.isKeyEntry(alias)) { // is it a (private) key entry?
+ privateKey2 = pkcs12Keystore.getKey(alias,
+ privateKeyAndPKCS12KeystorePassword.toCharArray());
+ privateKeyCertChain2 = pkcs12Keystore.getCertificateChain(alias);
+ break;
+ }
+ }
+ assertNotNull(privateKey2);
+ assertNotNull(privateKeyCertChain2);
+ }
+
+ /**
+ * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#addObserver(net.sf.taverna.t2.lang.observer.Observer)}.
+ */
+ @Test
+ public void testAddObserver() {
+
+ credentialManager.addObserver(keystoreChangedObserver);
+ assertEquals(keystoreChangedObserver, credentialManager.getObservers().get(0));
+ }
+
+ /**
+ * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#getObservers()}.
+ */
+ @Test
+ public void testGetObservers() {
+ // Initially there are no observers
+ assertTrue(credentialManager.getObservers().isEmpty());
+
+ credentialManager.addObserver(keystoreChangedObserver);
+
+ assertEquals(keystoreChangedObserver, credentialManager.getObservers().get(0));
+ }
+
+ /**
+ * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#removeObserver(net.sf.taverna.t2.lang.observer.Observer)}.
+ */
+ @Test
+ public void testRemoveObserver() {
+ credentialManager.addObserver(keystoreChangedObserver);
+ assertTrue(credentialManager.getObservers().size() == 1);
+ credentialManager.removeObserver(keystoreChangedObserver);
+ assertTrue(credentialManager.getObservers().size() == 0);
+ }
+
+ /**
+ * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#confirmMasterPassword(java.lang.String)}.
+ * @throws CMException
+ */
+ @Test
+ public void testConfirmMasterPassword() throws CMException {
+ credentialManager.confirmMasterPassword("uber");
+ }
+
+ /**
+ * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#changeMasterPassword(java.lang.String)}.
+ * @throws CMException
+ */
+ @Test
+ public void testChangeMasterPassword() throws CMException {
+ // Test the changeMasterPassword() method first to see if
+ // it will initialize Credential Manager properly
+ credentialManager.changeMasterPassword("blah");
+ credentialManager.confirmMasterPassword("blah");
+
+ // Add new stuff - key pair and password entries - under the new master password
+ String keyPairAlias = credentialManager.addKeyPair(privateKey, privateKeyCertChain);
+ credentialManager.addUsernameAndPasswordForService(usernamePassword, serviceURI);
+
+ // Change the master password again and try to retrieve the private key and password
+ credentialManager.changeMasterPassword("hlab");
+ assertArrayEquals(credentialManager.getUsernameAndPasswordForService(serviceURI, false, "").getPassword(), usernamePassword.getPassword());
+ assertEquals(privateKey, credentialManager.getKeyPairsPrivateKey(keyPairAlias));
+ assertTrue(Arrays.equals(privateKeyCertChain, credentialManager.getKeyPairsCertificateChain(keyPairAlias)));
+
+ // Load the Credential Manager back from the saved file to see of entries will be picked up properly
+ CredentialManagerImpl credentialManagerNew = null;
+ try {
+ credentialManagerNew = new CredentialManagerImpl();
+ } catch (CMException e) {
+ System.out.println(e.getStackTrace());
+ }
+ try {
+ credentialManagerNew
+ .setConfigurationDirectoryPath(credentialManagerDirectory);
+ } catch (CMException e) {
+ System.out.println(e.getStackTrace());
+ }
+
+ // Create the dummy master password provider
+ masterPasswordProvider = new DummyMasterPasswordProvider();
+ masterPasswordProvider.setMasterPassword("hlab");
+ List<MasterPasswordProvider> masterPasswordProviders = new ArrayList<MasterPasswordProvider>();
+ masterPasswordProviders.add(masterPasswordProvider);
+ credentialManager.setMasterPasswordProviders(masterPasswordProviders);
+
+ // Set an empty list for service username and password providers
+ credentialManagerNew.setServiceUsernameAndPasswordProviders(new ArrayList<ServiceUsernameAndPasswordProvider>());
+
+ credentialManager.setJavaTruststorePasswordProviders(new ArrayList<JavaTruststorePasswordProvider>());
+
+ credentialManager.setTrustConfirmationProviders(new ArrayList<TrustConfirmationProvider>());
+
+ assertArrayEquals(credentialManager.getUsernameAndPasswordForService(serviceURI, false, "").getPassword(), usernamePassword.getPassword());
+ assertEquals(privateKey, credentialManager.getKeyPairsPrivateKey(keyPairAlias));
+ assertTrue(Arrays.equals(privateKeyCertChain, credentialManager.getKeyPairsCertificateChain(keyPairAlias)));
+
+ }
+
+ /**
+ * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#initializeSSL()}.
+ * @throws CMException
+ */
+ @Test
+ public void testInitializeSSL() throws CMException {
+ //credentialManager.initializeSSL();
+ }
+
+ /**
+ * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#getTavernaSSLSocketFactory()}.
+ * @throws CMException
+ */
+ @Test
+ public void testGetTavernaSSLSocketFactory() throws CMException {
+ SSLSocketFactory sslSocketFactory = credentialManager.getTavernaSSLSocketFactory();
+ assertNotNull(sslSocketFactory);
+
+ // This should also create Taverna's SSLSocketFactory backed by Credential Manager's Keystore and Truststore
+ // if not already created
+ credentialManager.initializeSSL();
+ assertEquals(sslSocketFactory, credentialManager.getTavernaSSLSocketFactory());
+
+ }
+
+ /**
+ * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#setMasterPasswordProviders(java.util.List)}.
+ */
+ @Test
+ public void testSetMasterPasswordProviders() {
+
+ List<MasterPasswordProvider> masterPasswordProviders = new ArrayList<MasterPasswordProvider>();
+ masterPasswordProviders.add(masterPasswordProvider);
+
+ credentialManager.setMasterPasswordProviders(masterPasswordProviders);
+
+ assertTrue(credentialManager.getMasterPasswordProviders().contains(masterPasswordProvider));
+
+ // Set it to null and see what happens
+ credentialManager.setMasterPasswordProviders(null);
+ assertNull(credentialManager.getMasterPasswordProviders());
+ }
+
+ /**
+ * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#getMasterPasswordProviders()}.
+ */
+ @Test
+ public void testGetMasterPasswordProviders() {
+
+ assertFalse(credentialManager.getMasterPasswordProviders().isEmpty());
+ assertTrue(credentialManager.getMasterPasswordProviders().contains(masterPasswordProvider));
+ }
+
+ /**
+ * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#setJavaTruststorePasswordProviders(java.util.List)}.
+ */
+ @Test
+ public void testSetJavaTruststorePasswordProviders() {
+
+ List<JavaTruststorePasswordProvider> javaTruststorePasswordProviders = new ArrayList<JavaTruststorePasswordProvider>();
+ JavaTruststorePasswordProvider javaTruststorePasswordProvider = new DummyJavaTruststorePasswordProvider();
+ javaTruststorePasswordProvider.setJavaTruststorePassword("blah");
+ javaTruststorePasswordProviders.add(javaTruststorePasswordProvider);
+
+ credentialManager.setJavaTruststorePasswordProviders(javaTruststorePasswordProviders);
+
+ assertTrue(credentialManager.getJavaTruststorePasswordProviders().contains(javaTruststorePasswordProvider));
+
+ // Set it to null and see what happens
+ credentialManager.setJavaTruststorePasswordProviders(null);
+ assertNull(credentialManager.getJavaTruststorePasswordProviders());
+ }
+
+ /**
+ * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#getJavaTruststorePasswordProviders()}.
+ */
+ @Test
+ public void testGetJavaTruststorePasswordProviders() {
+
+ assertTrue(credentialManager.getJavaTruststorePasswordProviders().isEmpty());
+ }
+
+ /**
+ * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#setServiceUsernameAndPasswordProviders(java.util.List)}.
+ * @throws URISyntaxException
+ */
+ @Test
+ public void testSetServiceUsernameAndPasswordProviders() throws URISyntaxException {
+
+ List<ServiceUsernameAndPasswordProvider> serviceUsernameAndPasswordProviders = new ArrayList<ServiceUsernameAndPasswordProvider>();
+ ServiceUsernameAndPasswordProvider serviceUsernameAndPasswordProvider = new DummyServiceUsernameAndPasswordProvider();
+ serviceUsernameAndPasswordProvider.setServiceUsernameAndPassword(new URI("http://someservice"), new UsernamePassword("blah", "blah"));
+ serviceUsernameAndPasswordProviders.add(serviceUsernameAndPasswordProvider);
+
+ credentialManager.setServiceUsernameAndPasswordProviders(serviceUsernameAndPasswordProviders);
+
+ assertTrue(credentialManager.getServiceUsernameAndPasswordProviders().contains(serviceUsernameAndPasswordProvider));
+
+ // Set it to null and see what happens
+ credentialManager.setServiceUsernameAndPasswordProviders(null);
+ assertNull(credentialManager.getServiceUsernameAndPasswordProviders());
+ }
+
+ /**
+ * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#getServiceUsernameAndPasswordProviders()}.
+ */
+ @Test
+ public void testGetServiceUsernameAndPasswordProviders() {
+
+ assertTrue(credentialManager.getServiceUsernameAndPasswordProviders().isEmpty());
+ }
+
+ /**
+ * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#setTrustConfirmationProviders(java.util.List)}.
+ * @throws IOException
+ */
+ @Test
+ public void testSetTrustConfirmationProviders() throws IOException {
+ List<TrustConfirmationProvider> trustConfirmationProviders = new ArrayList<TrustConfirmationProvider>();
+ TrustConfirmationProvider trustConfirmationProvider = new TrustAlwaysTrustConfirmationProvider();
+ trustConfirmationProviders.add(trustConfirmationProvider);
+
+ credentialManager.setTrustConfirmationProviders(trustConfirmationProviders);
+
+ assertTrue(credentialManager.getTrustConfirmationProviders().contains(trustConfirmationProvider));
+
+ // Set it to null and see what happens
+ credentialManager.setTrustConfirmationProviders(null);
+ assertNull(credentialManager.getTrustConfirmationProviders());
+ }
+
+ /**
+ * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#getTrustConfirmationProviders()}.
+ */
+ @Test
+ public void testGetTrustConfirmationProviders() {
+
+ assertTrue(credentialManager.getTrustConfirmationProviders().isEmpty());
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/246a16e2/taverna-credential-manager-impl/src/test/java/net/sf/taverna/t2/security/credentialmanager/impl/DummyJavaTruststorePasswordProvider.java
----------------------------------------------------------------------
diff --git a/taverna-credential-manager-impl/src/test/java/net/sf/taverna/t2/security/credentialmanager/impl/DummyJavaTruststorePasswordProvider.java b/taverna-credential-manager-impl/src/test/java/net/sf/taverna/t2/security/credentialmanager/impl/DummyJavaTruststorePasswordProvider.java
new file mode 100644
index 0000000..6a1b9dc
--- /dev/null
+++ b/taverna-credential-manager-impl/src/test/java/net/sf/taverna/t2/security/credentialmanager/impl/DummyJavaTruststorePasswordProvider.java
@@ -0,0 +1,39 @@
+/*******************************************************************************
+ * Copyright (C) 2008-2010 The University of Manchester
+ *
+ * Modifications to the initial code base are copyright of their
+ * respective authors, or their employers as appropriate.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
+ ******************************************************************************/
+package net.sf.taverna.t2.security.credentialmanager.impl;
+
+import net.sf.taverna.t2.security.credentialmanager.JavaTruststorePasswordProvider;
+
+public class DummyJavaTruststorePasswordProvider implements JavaTruststorePasswordProvider{
+
+ String javaTruststorePassword;
+
+ @Override
+ public String getJavaTruststorePassword() {
+ return javaTruststorePassword;
+ }
+
+ @Override
+ public void setJavaTruststorePassword(String password) {
+ javaTruststorePassword = password;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/246a16e2/taverna-credential-manager-impl/src/test/java/net/sf/taverna/t2/security/credentialmanager/impl/DummyMasterPasswordProvider.java
----------------------------------------------------------------------
diff --git a/taverna-credential-manager-impl/src/test/java/net/sf/taverna/t2/security/credentialmanager/impl/DummyMasterPasswordProvider.java b/taverna-credential-manager-impl/src/test/java/net/sf/taverna/t2/security/credentialmanager/impl/DummyMasterPasswordProvider.java
new file mode 100644
index 0000000..ddcd7e6
--- /dev/null
+++ b/taverna-credential-manager-impl/src/test/java/net/sf/taverna/t2/security/credentialmanager/impl/DummyMasterPasswordProvider.java
@@ -0,0 +1,50 @@
+/*******************************************************************************
+ * Copyright (C) 2008-2010 The University of Manchester
+ *
+ * Modifications to the initial code base are copyright of their
+ * respective authors, or their employers as appropriate.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
+ ******************************************************************************/
+package net.sf.taverna.t2.security.credentialmanager.impl;
+
+import net.sf.taverna.t2.security.credentialmanager.MasterPasswordProvider;
+
+public class DummyMasterPasswordProvider implements MasterPasswordProvider{
+
+ private String masterPassword;
+ private int priority = 0;
+
+ @Override
+ public String getMasterPassword(boolean firstTime) {
+ return masterPassword;
+ }
+
+ @Override
+ public int getProviderPriority() {
+ return priority;
+ }
+
+ @Override
+ public void setMasterPassword(String password) {
+ masterPassword = password;
+ }
+
+// @Override
+// public void setProviderPriority(int priority) {
+// this.priority = priority;
+// }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/246a16e2/taverna-credential-manager-impl/src/test/java/net/sf/taverna/t2/security/credentialmanager/impl/DummyServiceUsernameAndPasswordProvider.java
----------------------------------------------------------------------
diff --git a/taverna-credential-manager-impl/src/test/java/net/sf/taverna/t2/security/credentialmanager/impl/DummyServiceUsernameAndPasswordProvider.java b/taverna-credential-manager-impl/src/test/java/net/sf/taverna/t2/security/credentialmanager/impl/DummyServiceUsernameAndPasswordProvider.java
new file mode 100644
index 0000000..f2227fc
--- /dev/null
+++ b/taverna-credential-manager-impl/src/test/java/net/sf/taverna/t2/security/credentialmanager/impl/DummyServiceUsernameAndPasswordProvider.java
@@ -0,0 +1,50 @@
+/*******************************************************************************
+ * Copyright (C) 2008-2010 The University of Manchester
+ *
+ * Modifications to the initial code base are copyright of their
+ * respective authors, or their employers as appropriate.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
+ ******************************************************************************/
+package net.sf.taverna.t2.security.credentialmanager.impl;
+
+import java.net.URI;
+
+import net.sf.taverna.t2.security.credentialmanager.ServiceUsernameAndPasswordProvider;
+import net.sf.taverna.t2.security.credentialmanager.UsernamePassword;
+
+public class DummyServiceUsernameAndPasswordProvider implements ServiceUsernameAndPasswordProvider{
+
+ private UsernamePassword usernamePassword;
+ private URI serviceURI;
+ private String requestingMessage;
+
+ @Override
+ public UsernamePassword getServiceUsernameAndPassword(URI serviceURI,
+ String requestingMessage) {
+ this.requestingMessage = requestingMessage;
+ this.serviceURI = serviceURI;
+ return usernamePassword;
+ }
+
+ @Override
+ public void setServiceUsernameAndPassword(URI serviceURI,
+ UsernamePassword usernamePassword) {
+
+ //this.serviceURI = serviceURI;
+ this.usernamePassword = usernamePassword;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/246a16e2/taverna-credential-manager-impl/src/test/java/net/sf/taverna/t2/security/credentialmanager/impl/HTTPAuthenticatorIT.java
----------------------------------------------------------------------
diff --git a/taverna-credential-manager-impl/src/test/java/net/sf/taverna/t2/security/credentialmanager/impl/HTTPAuthenticatorIT.java b/taverna-credential-manager-impl/src/test/java/net/sf/taverna/t2/security/credentialmanager/impl/HTTPAuthenticatorIT.java
new file mode 100644
index 0000000..18068db
--- /dev/null
+++ b/taverna-credential-manager-impl/src/test/java/net/sf/taverna/t2/security/credentialmanager/impl/HTTPAuthenticatorIT.java
@@ -0,0 +1,535 @@
+/*******************************************************************************
+ * Copyright (C) 2008-2010 The University of Manchester
+ *
+ * Modifications to the initial code base are copyright of their
+ * respective authors, or their employers as appropriate.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
+ ******************************************************************************/
+package net.sf.taverna.t2.security.credentialmanager.impl;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+
+import java.io.File;
+import java.io.IOException;
+import java.net.Authenticator;
+import java.net.PasswordAuthentication;
+import java.net.URL;
+import java.net.URLConnection;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Random;
+
+import net.sf.taverna.t2.security.credentialmanager.CMException;
+import net.sf.taverna.t2.security.credentialmanager.CredentialManager;
+import net.sf.taverna.t2.security.credentialmanager.JavaTruststorePasswordProvider;
+import net.sf.taverna.t2.security.credentialmanager.MasterPasswordProvider;
+import net.sf.taverna.t2.security.credentialmanager.ServiceUsernameAndPasswordProvider;
+import net.sf.taverna.t2.security.credentialmanager.TrustConfirmationProvider;
+import net.sf.taverna.t2.security.credentialmanager.UsernamePassword;
+
+import org.apache.commons.io.FileUtils;
+import org.junit.After;
+import org.junit.AfterClass;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.mortbay.jetty.Connector;
+import org.mortbay.jetty.Handler;
+import org.mortbay.jetty.Server;
+import org.mortbay.jetty.handler.DefaultHandler;
+import org.mortbay.jetty.handler.HandlerCollection;
+import org.mortbay.jetty.nio.SelectChannelConnector;
+import org.mortbay.jetty.security.Constraint;
+import org.mortbay.jetty.security.ConstraintMapping;
+import org.mortbay.jetty.security.HashUserRealm;
+import org.mortbay.jetty.security.SecurityHandler;
+import org.mortbay.jetty.webapp.WebAppContext;
+
+/**
+ *
+ * Based on net.sf.tavenra.security.credentialmanager.FixedPasswordProvider from the
+ * Taverna 2 codebase.
+ *
+ * @author Stian Soiland-Reyes
+ * @author Alex Nenadic
+ *
+ */
+public class HTTPAuthenticatorIT {
+
+ protected static final String WRONG_PASSWORD = "wrongOne";
+ protected final static String PASSWORD = "basicPassword";
+ protected static final String PASSWORD2 = "password2";
+ protected static final String PASSWORD3 = "password3";
+ protected static final String PASSWORD4 = "password4";
+ protected static final String REALM = "realm1";
+ protected static final String REALM2 = "realm2";
+ protected final static String USERNAME = "basicUser";
+
+ protected static final int PORT = 9638;
+
+ private final class CountingAuthenticator extends
+ CredentialManagerAuthenticator {
+
+ public CountingAuthenticator(CredentialManager credManager) {
+ super(credManager);
+ }
+
+ private int calls;
+
+ @Override
+ protected PasswordAuthentication getPasswordAuthentication() {
+ calls++;
+ return super.getPasswordAuthentication();
+ }
+ }
+
+ public class NullAuthenticator extends Authenticator {
+ }
+
+ protected static final String ROLE_NAME = "user";
+ protected static final String HTML = "/html/";
+ protected static Server server;
+ protected static HashUserRealm userRealm;
+ private static SecurityHandler sh;
+
+ private static CredentialManagerImpl credentialManager;
+ private static File credentialManagerDirectory;
+ private static DummyMasterPasswordProvider masterPasswordProvider;
+ private static HTTPAuthenticatorServiceUsernameAndPasswordProvider httpAuthProvider;
+
+ @BeforeClass
+ public static void startCredentialManager() throws CMException, IOException {
+
+ try {
+ credentialManager = new CredentialManagerImpl();
+ } catch (CMException e) {
+ System.out.println(e.getStackTrace());
+ }
+ Random randomGenerator = new Random();
+ String credentialManagerDirectoryPath = System
+ .getProperty("java.io.tmpdir")
+ + System.getProperty("file.separator")
+ + "taverna-security-"
+ + randomGenerator.nextInt(1000000);
+ System.out.println("Credential Manager's directory path: "
+ + credentialManagerDirectoryPath);
+ credentialManagerDirectory = new File(credentialManagerDirectoryPath);
+ try {
+ credentialManager
+ .setConfigurationDirectoryPath(credentialManagerDirectory);
+ } catch (CMException e) {
+ System.out.println(e.getStackTrace());
+ }
+
+ // Create the dummy master password provider
+ masterPasswordProvider = new DummyMasterPasswordProvider();
+ /* Short password to avoid issues with key sizes and Java strong crypto policy*/
+ masterPasswordProvider.setMasterPassword("uber");
+ List<MasterPasswordProvider> masterPasswordProviders = new ArrayList<MasterPasswordProvider>();
+ masterPasswordProviders.add(masterPasswordProvider);
+ credentialManager.setMasterPasswordProviders(masterPasswordProviders);
+
+ // Put our HTTP authenticator in the list of service username and password providers
+ httpAuthProvider = new HTTPAuthenticatorServiceUsernameAndPasswordProvider();
+ ArrayList<ServiceUsernameAndPasswordProvider> serviceUsernameAndPasswordProviders = new ArrayList<ServiceUsernameAndPasswordProvider>();
+ serviceUsernameAndPasswordProviders.add(httpAuthProvider);
+ credentialManager.setServiceUsernameAndPasswordProviders(serviceUsernameAndPasswordProviders);
+
+ // These can be empty
+ credentialManager.setJavaTruststorePasswordProviders(new ArrayList<JavaTruststorePasswordProvider>());
+ credentialManager.setTrustConfirmationProviders(new ArrayList<TrustConfirmationProvider>());
+ }
+
+ @AfterClass
+ // Clean up the credentialManagerDirectory we created for testing
+ public static void cleanUp(){
+
+ if (credentialManagerDirectory.exists()){
+ try {
+ FileUtils.deleteDirectory(credentialManagerDirectory);
+ System.out.println("Deleting Credential Manager's directory: "
+ + credentialManagerDirectory.getAbsolutePath());
+ } catch (IOException e) {
+ System.out.println(e.getStackTrace());
+ }
+ }
+ }
+
+ @BeforeClass
+ public static void jettyServer() throws Exception {
+
+ server = new Server();
+
+ Connector connector = new SelectChannelConnector();
+ connector.setPort(PORT);
+ server.setConnectors(new Connector[] { connector });
+ ConstraintMapping cm = new ConstraintMapping();
+ Constraint constraint = new Constraint();
+ constraint.setName(Constraint.__BASIC_AUTH);
+ constraint.setRoles(new String[] { ROLE_NAME });
+ constraint.setAuthenticate(true);
+ cm.setConstraint(constraint);
+ cm.setPathSpec("/*");
+
+ sh = new SecurityHandler();
+ userRealm = new HashUserRealm(REALM);
+ userRealm.put(USERNAME, PASSWORD);
+ userRealm.addUserToRole(USERNAME, ROLE_NAME);
+ sh.setUserRealm(userRealm);
+ sh.setConstraintMappings(new ConstraintMapping[] { cm });
+
+ WebAppContext webappcontext = new WebAppContext();
+ webappcontext.setContextPath("/");
+
+ URL htmlRoot = HTTPAuthenticatorIT.class.getResource(HTML);
+ assertNotNull("Could not find " + HTML, htmlRoot);
+ webappcontext.setWar(htmlRoot.toExternalForm());
+
+ webappcontext.addHandler(sh);
+
+ HandlerCollection handlers = new HandlerCollection();
+ handlers.setHandlers(new Handler[] { webappcontext,
+ new DefaultHandler() });
+
+ server.setHandler(handlers);
+ server.start();
+ }
+
+
+ @AfterClass
+ public static void shutdownJetty() throws Exception {
+ server.stop();
+ }
+
+ @Before
+ @After
+ public void resetAuthenticator() throws CMException {
+ Authenticator.setDefault(new NullAuthenticator());
+ HTTPAuthenticatorServiceUsernameAndPasswordProvider.resetCalls();
+ }
+
+ @Before
+ public void resetAuthCache() throws CMException {
+ credentialManager.resetAuthCache();
+ }
+
+ @Before
+ public void resetUserRealmPassword() {
+ userRealm.put(USERNAME, PASSWORD);
+ userRealm.setName(REALM);
+ }
+
+ @Test()
+ public void failsWithoutAuthenticator() throws Exception {
+ URL url = new URL("http://localhost:" + PORT + "/test.html");
+ URLConnection c = url.openConnection();
+ assertEquals("HTTP/1.1 401 Unauthorized", c.getHeaderField(0));
+ }
+
+ @Test()
+ public void withAuthenticator() throws Exception {
+ assertEquals("Unexpected calls to password provider", 0,
+ HTTPAuthenticatorServiceUsernameAndPasswordProvider.getCalls());
+ // Set the authenticator to our Credential Manager-backed one that also
+ // counts calls to itself
+ CountingAuthenticator authenticator = new CountingAuthenticator(credentialManager);
+ assertEquals("Unexpected calls to authenticator", 0,
+ authenticator.calls);
+ Authenticator.setDefault(authenticator);
+// FixedPasswordProvider.setUsernamePassword(new UsernamePassword(
+// USERNAME, PASSWORD));
+
+ URL url = new URL("http://localhost:" + PORT + "/test.html");
+ httpAuthProvider.setServiceUsernameAndPassword(url.toURI(), new UsernamePassword(
+ USERNAME, PASSWORD));
+ URLConnection c = url.openConnection();
+
+ c.connect();
+ try {
+ c.getContent();
+ } catch (Exception ex) {
+ }
+ System.out.println(c.getHeaderField(0));
+ assertEquals("Did not invoke authenticator", 1, authenticator.calls);
+ assertEquals("Did not invoke our password provider", 1,
+ HTTPAuthenticatorServiceUsernameAndPasswordProvider.getCalls());
+ assertEquals("HTTP/1.1 200 OK", c.getHeaderField(0));
+
+
+ assertEquals("Unexpected prompt/realm", REALM, httpAuthProvider.getRequestMessage());
+ assertEquals("Unexpected URI", url.toURI().toASCIIString() + "#" + REALM, HTTPAuthenticatorServiceUsernameAndPasswordProvider
+ .getServiceURI().toASCIIString());
+
+ // And test Java's cache:
+ URLConnection c2 = url.openConnection();
+ c2.connect();
+ assertEquals("HTTP/1.1 200 OK", c2.getHeaderField(0));
+ assertEquals("JVM invoked our authenticator again instead of caching", 1,
+ authenticator.calls);
+ assertEquals("Invoked our password provider again instead of caching",
+ 1, HTTPAuthenticatorServiceUsernameAndPasswordProvider.getCalls());
+
+ }
+
+ @Test()
+ public void withAuthenticatorResetJava() throws Exception {
+ assertTrue("Could not reset JVMs authCache, ignore on non-Sun JVM",
+ credentialManager.resetAuthCache());
+
+ assertEquals("Unexpected calls to password provider", 0,
+ HTTPAuthenticatorServiceUsernameAndPasswordProvider.getCalls());
+ CountingAuthenticator authenticator = new CountingAuthenticator(credentialManager);
+ assertEquals("Unexpected calls to authenticator", 0,
+ authenticator.calls);
+ Authenticator.setDefault(authenticator);
+// FixedPasswordProvider.setUsernamePassword(new UsernamePassword(
+// USERNAME, PASSWORD));
+
+ URL url = new URL("http://localhost:" + PORT + "/test.html");
+ httpAuthProvider.setServiceUsernameAndPassword(url.toURI(), new UsernamePassword(
+ USERNAME, PASSWORD));
+ URLConnection c = url.openConnection();
+
+ c.connect();
+ try {
+ c.getContent();
+ } catch (Exception ex) {
+ }
+
+ assertEquals("HTTP/1.1 200 OK", c.getHeaderField(0));
+
+ assertEquals("Did not invoke authenticator", 1, authenticator.calls);
+ assertEquals("Did not invoke our password provider", 1,
+ HTTPAuthenticatorServiceUsernameAndPasswordProvider.getCalls());
+
+ assertEquals("Unexpected prompt/realm", REALM, httpAuthProvider.getRequestMessage());
+ assertEquals("Unexpected URI", url.toURI().toASCIIString() + "#" + REALM, HTTPAuthenticatorServiceUsernameAndPasswordProvider
+ .getServiceURI().toASCIIString());
+
+
+
+ // And without Java's cache:
+ assertTrue("Could not reset VMs authCache, ignore on non-Sun VM",
+ credentialManager.resetAuthCache());
+
+ URLConnection c2 = url.openConnection();
+ c2.connect();
+ assertEquals("HTTP/1.1 200 OK", c2.getHeaderField(0));
+ assertEquals("Did not invoke our authenticator again", 2,
+ authenticator.calls);
+ assertEquals("Did not invoke our password provider again",
+ 2, HTTPAuthenticatorServiceUsernameAndPasswordProvider.getCalls());
+
+ }
+
+
+ @Test()
+ public void differentRealm() throws Exception {
+
+ assertEquals("Unexpected calls to password provider", 0,
+ HTTPAuthenticatorServiceUsernameAndPasswordProvider.getCalls());
+ CountingAuthenticator authenticator = new CountingAuthenticator(credentialManager);
+ assertEquals("Unexpected calls to authenticator", 0,
+ authenticator.calls);
+ Authenticator.setDefault(authenticator);
+ // Different password in case resetAuthCache() did not run
+ UsernamePassword userPassword = new UsernamePassword(
+ USERNAME, PASSWORD4);
+ userRealm.put(USERNAME, PASSWORD4);
+// userPassword.setShouldSave(true);
+ //FixedPasswordProvider.setUsernamePassword(userPassword);
+
+ URL url = new URL("http://localhost:" + PORT + "/test.html");
+ httpAuthProvider.setServiceUsernameAndPassword(url.toURI(), userPassword);
+ URLConnection c = url.openConnection();
+
+ c.connect();
+ try {
+ c.getContent();
+ } catch (Exception ex) {
+ }
+
+ assertEquals("Unexpected prompt/realm", REALM, httpAuthProvider.getRequestMessage());
+ assertEquals("Unexpected URI", url.toURI().toASCIIString() + "#" + REALM, HTTPAuthenticatorServiceUsernameAndPasswordProvider
+ .getServiceURI().toASCIIString());
+
+ assertEquals("HTTP/1.1 200 OK", c.getHeaderField(0));
+
+ assertEquals("Did not invoke authenticator", 1, authenticator.calls);
+ assertEquals("Did not invoke our password provider", 1,
+ HTTPAuthenticatorServiceUsernameAndPasswordProvider.getCalls());
+
+
+ // different realm should be treated as a second connection, and not even use saved credentials
+
+ credentialManager.resetAuthCache();
+ userRealm.setName(REALM2);
+
+ URLConnection c2 = url.openConnection();
+ c2.connect();
+ try {
+ c.getContent();
+ } catch (Exception ex) {
+ }
+
+ assertEquals("HTTP/1.1 200 OK", c2.getHeaderField(0));
+
+ assertEquals("Did not invoke authenticator again", 2,
+ authenticator.calls);
+ assertEquals("Did not invoke provider again",
+ 2, HTTPAuthenticatorServiceUsernameAndPasswordProvider.getCalls());
+
+ assertEquals("Unexpected prompt/realm", REALM2, httpAuthProvider
+ .getRequestMessage());
+ assertEquals("Unexpected URI", url.toURI().toASCIIString() + "#" + REALM2, HTTPAuthenticatorServiceUsernameAndPasswordProvider
+ .getServiceURI().toASCIIString());
+ }
+
+
+ @Test()
+ public void wrongPasswordDontSave() throws Exception {
+ assertEquals("Unexpected calls to password provider", 0,
+ HTTPAuthenticatorServiceUsernameAndPasswordProvider.getCalls());
+ CountingAuthenticator authenticator = new CountingAuthenticator(credentialManager);
+ assertEquals("Unexpected calls to authenticator", 0,
+ authenticator.calls);
+ Authenticator.setDefault(authenticator);
+
+ // Make the server expect different password so our cache is no longer
+ // valid
+ userRealm.put(USERNAME, PASSWORD2);
+ // But we'll try with the old one, which we'll this time ask to save in
+ // DB
+ UsernamePassword usernamePassword = new UsernamePassword(USERNAME,
+ PASSWORD);
+ assertFalse("Should not be set to save by default", usernamePassword
+ .isShouldSave());
+ //FixedPasswordProvider.setUsernamePassword(usernamePassword);
+
+ URL url = new URL("http://localhost:" + PORT + "/test.html");
+ httpAuthProvider.setServiceUsernameAndPassword(url.toURI(), usernamePassword);
+ URLConnection c = url.openConnection();
+ try {
+ c.getContent();
+ } catch (Exception ex) {
+ }
+
+ assertEquals("Unexpected prompt/realm", REALM, httpAuthProvider
+ .getRequestMessage());
+ assertEquals("Unexpected URI", url.toURI().toASCIIString() + "#" + REALM, HTTPAuthenticatorServiceUsernameAndPasswordProvider
+ .getServiceURI().toASCIIString());
+
+ assertEquals("HTTP/1.1 401 Unauthorized", c.getHeaderField(0));
+
+ assertTrue("Did not invoke authenticator enough times",
+ authenticator.calls > 1);
+ assertEquals("Should have asked provider as much as authenticator",
+ authenticator.calls, HTTPAuthenticatorServiceUsernameAndPasswordProvider.getCalls());
+
+
+ // Update provider to now provide the right one
+// HTTPAuthenticatorServiceUsernameAndPasswordProvider.setUsernamePassword(new UsernamePassword(
+// USERNAME, PASSWORD2));
+ httpAuthProvider.setServiceUsernameAndPassword(url.toURI(), new UsernamePassword(
+ USERNAME, PASSWORD2));
+ HTTPAuthenticatorServiceUsernameAndPasswordProvider.resetCalls();
+ authenticator.calls = 0;
+
+ URLConnection c2 = url.openConnection();
+ try {
+ c2.getContent();
+ } catch (Exception ex) {
+ }
+ assertEquals("Did not call authenticator again with cache pw invalid",
+ 1, authenticator.calls);
+ assertEquals(
+ "id not called our password provider once",
+ 1, HTTPAuthenticatorServiceUsernameAndPasswordProvider.getCalls());
+ assertEquals("HTTP/1.1 200 OK", c2.getHeaderField(0));
+ }
+
+ @Test()
+ public void saveToDatabase() throws Exception {
+ assertEquals("Unexpected calls to password provider", 0,
+ HTTPAuthenticatorServiceUsernameAndPasswordProvider.getCalls());
+ CountingAuthenticator authenticator = new CountingAuthenticator(credentialManager);
+ assertEquals("Unexpected calls to authenticator", 0,
+ authenticator.calls);
+ Authenticator.setDefault(authenticator);
+
+ // Make the server expect different password so our cache is no longer
+ // valid (In case CredManager.resetAuthCache() did not succeed on non-Sun VMs)
+ userRealm.put(USERNAME, PASSWORD3);
+ // But we'll try with the old one, which we'll this time ask to save in
+ // DB
+ UsernamePassword usernamePassword = new UsernamePassword(USERNAME,
+ PASSWORD2);
+ usernamePassword.setShouldSave(true);
+ //HTTPAuthenticatorServiceUsernameAndPasswordProvider.setUsernamePassword(usernamePassword);
+
+ URL url = new URL("http://localhost:" + PORT + "/test.html");
+ httpAuthProvider.setServiceUsernameAndPassword(url.toURI(), usernamePassword);
+ URLConnection c = url.openConnection();
+ try {
+ c.getContent();
+ } catch (Exception ex) {
+ }
+
+ assertEquals("Unexpected prompt/realm", REALM, httpAuthProvider
+ .getRequestMessage());
+ assertEquals("Unexpected URI", url.toURI().toASCIIString() + "#" + REALM, HTTPAuthenticatorServiceUsernameAndPasswordProvider
+ .getServiceURI().toASCIIString());
+
+ assertEquals("HTTP/1.1 401 Unauthorized", c.getHeaderField(0));
+
+ assertTrue("Did not invoke authenticator enough times",
+ authenticator.calls > 1);
+ assertEquals(
+ "Asked our provider more than once, not saved in credMan?", 1,
+ HTTPAuthenticatorServiceUsernameAndPasswordProvider.getCalls());
+
+
+
+ // Expect the old one again
+ userRealm.put(USERNAME, PASSWORD2);
+ // We'll now set our provider to give an invalid password, but we should
+ // not be asked
+ // as the old one (now correct agian) is stored in DB
+// HTTPAuthenticatorServiceUsernameAndPasswordProvider.setUsernamePassword(new UsernamePassword(
+// USERNAME, WRONG_PASSWORD));
+ httpAuthProvider.setServiceUsernameAndPassword(url.toURI(), new UsernamePassword(
+ USERNAME, WRONG_PASSWORD));
+
+ HTTPAuthenticatorServiceUsernameAndPasswordProvider.resetCalls();
+ authenticator.calls = 0;
+
+ URLConnection c2 = url.openConnection();
+ try {
+ c2.getContent();
+ } catch (Exception ex) {
+ }
+ assertEquals("Did not call authenticator again with cache pw invalid",
+ 1, authenticator.calls);
+ assertEquals(
+ "Called our password provider instead of using credMan saved one",
+ 0, HTTPAuthenticatorServiceUsernameAndPasswordProvider.getCalls());
+ assertEquals("HTTP/1.1 200 OK", c2.getHeaderField(0));
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/246a16e2/taverna-credential-manager-impl/src/test/java/net/sf/taverna/t2/security/credentialmanager/impl/HTTPAuthenticatorServiceUsernameAndPasswordProvider.java
----------------------------------------------------------------------
diff --git a/taverna-credential-manager-impl/src/test/java/net/sf/taverna/t2/security/credentialmanager/impl/HTTPAuthenticatorServiceUsernameAndPasswordProvider.java b/taverna-credential-manager-impl/src/test/java/net/sf/taverna/t2/security/credentialmanager/impl/HTTPAuthenticatorServiceUsernameAndPasswordProvider.java
new file mode 100644
index 0000000..5d3d6f2
--- /dev/null
+++ b/taverna-credential-manager-impl/src/test/java/net/sf/taverna/t2/security/credentialmanager/impl/HTTPAuthenticatorServiceUsernameAndPasswordProvider.java
@@ -0,0 +1,73 @@
+/*******************************************************************************
+ * Copyright (C) 2008-2010 The University of Manchester
+ *
+ * Modifications to the initial code base are copyright of their
+ * respective authors, or their employers as appropriate.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
+ ******************************************************************************/
+package net.sf.taverna.t2.security.credentialmanager.impl;
+
+import java.net.URI;
+
+import net.sf.taverna.t2.security.credentialmanager.ServiceUsernameAndPasswordProvider;
+import net.sf.taverna.t2.security.credentialmanager.UsernamePassword;
+
+/**
+ *
+ * @author Stian Soiland-Reyes
+ * @author Alex Nenadic
+ *
+ */
+public class HTTPAuthenticatorServiceUsernameAndPasswordProvider implements ServiceUsernameAndPasswordProvider {
+
+ private static UsernamePassword usernamePassword;
+ private static URI serviceURI;
+ private static String requestMessage;
+ private static long calls = 0;
+
+ public static long getCalls() {
+ return calls;
+ }
+
+
+ public static void resetCalls() {
+ calls = 0;
+ }
+
+ @Override
+ public UsernamePassword getServiceUsernameAndPassword(URI serviceURI,
+ String requestMessage) {
+ HTTPAuthenticatorServiceUsernameAndPasswordProvider.serviceURI = serviceURI;
+ HTTPAuthenticatorServiceUsernameAndPasswordProvider.requestMessage = requestMessage;
+ calls++;
+ return usernamePassword.clone();
+ }
+
+ @Override
+ public void setServiceUsernameAndPassword(URI serviceURI,
+ UsernamePassword usernamePassword) {
+ HTTPAuthenticatorServiceUsernameAndPasswordProvider.serviceURI = serviceURI;
+ HTTPAuthenticatorServiceUsernameAndPasswordProvider.usernamePassword = usernamePassword;
+ }
+
+ public static URI getServiceURI() {
+ return serviceURI;
+ }
+
+ public String getRequestMessage() {
+ return requestMessage;
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/246a16e2/taverna-credential-manager-impl/src/test/java/net/sf/taverna/t2/security/credentialmanager/impl/HTTPSConnectionAndTrustConfirmationIT.java
----------------------------------------------------------------------
diff --git a/taverna-credential-manager-impl/src/test/java/net/sf/taverna/t2/security/credentialmanager/impl/HTTPSConnectionAndTrustConfirmationIT.java b/taverna-credential-manager-impl/src/test/java/net/sf/taverna/t2/security/credentialmanager/impl/HTTPSConnectionAndTrustConfirmationIT.java
new file mode 100644
index 0000000..a9211b1
--- /dev/null
+++ b/taverna-credential-manager-impl/src/test/java/net/sf/taverna/t2/security/credentialmanager/impl/HTTPSConnectionAndTrustConfirmationIT.java
@@ -0,0 +1,336 @@
+/*******************************************************************************
+ * Copyright (C) 2008-2010 The University of Manchester
+ *
+ * Modifications to the initial code base are copyright of their
+ * respective authors, or their employers as appropriate.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
+ ******************************************************************************/
+package net.sf.taverna.t2.security.credentialmanager.impl;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.fail;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.net.URL;
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.SecureRandom;
+import java.security.Security;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Random;
+
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLHandshakeException;
+import javax.net.ssl.TrustManagerFactory;
+
+import net.sf.taverna.t2.security.credentialmanager.CMException;
+import net.sf.taverna.t2.security.credentialmanager.MasterPasswordProvider;
+import net.sf.taverna.t2.security.credentialmanager.TrustConfirmationProvider;
+
+import org.apache.commons.io.FileUtils;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+//import org.apache.log4j.Logger;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+public class HTTPSConnectionAndTrustConfirmationIT {
+
+
+ private static CredentialManagerImpl credentialManager;
+ private static DummyMasterPasswordProvider masterPasswordProvider;
+ private static File credentialManagerDirectory;
+ //private static URL trustedCertficateFileURL = HTTPSConnectionAndTrustConfirmationIT.class.getResource("/security/tomcat_heater_certificate.pem");
+
+ // Log4J Logger
+ //private static Logger logger = Logger.getLogger(HTTPSConnectionAndTrustConfirmationIT.class);
+
+// public static void main(String[] args){
+//
+// try {
+// CredentialManagerOld.initialiseSSL();
+// //CredentialManager.getInstance();
+// //HttpsURLConnection.setDefaultSSLSocketFactory(CredentialManager.createTavernaSSLSocketFactory());
+// URL url = new URL ("https://rpc103.cs.man.ac.uk:8443/wsrf/services/cagrid/SecureHelloWorld?wsdl");
+// HttpsURLConnection httpsConnection = (HttpsURLConnection) url.openConnection();
+// // user should be asked automatically if they want to trust the connection
+// httpsConnection.connect();
+//
+// } catch (CMException e) {
+// logger.error("", e);
+// } catch (MalformedURLException e) {
+// logger.error("", e);
+// } catch (IOException e) {
+// logger.error("", e);
+// }
+// catch(Exception ex){ // anything we did not expect
+// logger.error("", ex);
+// }
+//
+// }
+
+ /**
+ * @throws java.lang.Exception
+ */
+ @BeforeClass
+ public static void setUpBeforeClass() throws Exception {
+
+ // Just in case, add the BouncyCastle provider
+ // It gets added from the CredentialManagerImpl constructor as well
+ // but we may need some crypto operations before we invoke the Cred. Manager
+ Security.addProvider(new BouncyCastleProvider());
+ }
+
+ /**
+ * @throws java.lang.Exception
+ */
+ @Before
+ public void setUp() throws Exception {
+
+ try {
+ credentialManager = new CredentialManagerImpl();
+ } catch (CMException e) {
+ System.out.println(e.getStackTrace());
+ }
+ Random randomGenerator = new Random();
+ String credentialManagerDirectoryPath = System
+ .getProperty("java.io.tmpdir")
+ + System.getProperty("file.separator")
+ + "taverna-security-"
+ + randomGenerator.nextInt(1000000);
+ System.out.println("Credential Manager's directory path: "
+ + credentialManagerDirectoryPath);
+ credentialManagerDirectory = new File(credentialManagerDirectoryPath);
+ try {
+ credentialManager
+ .setConfigurationDirectoryPath(credentialManagerDirectory);
+ } catch (CMException e) {
+ System.out.println(e.getStackTrace());
+ }
+
+ // Create the dummy master password provider
+ masterPasswordProvider = new DummyMasterPasswordProvider();
+ masterPasswordProvider.setMasterPassword("uber");
+ List<MasterPasswordProvider> masterPasswordProviders = new ArrayList<MasterPasswordProvider>();
+ masterPasswordProviders.add(masterPasswordProvider);
+ credentialManager.setMasterPasswordProviders(masterPasswordProviders);
+
+ // Set an empty list for trust confirmation providers
+ credentialManager.setTrustConfirmationProviders(new ArrayList<TrustConfirmationProvider>());
+ }
+
+ @After
+ // Clean up the credentialManagerDirectory we created for testing
+ public void cleanUp() throws NoSuchAlgorithmException, KeyManagementException, NoSuchProviderException, KeyStoreException, UnrecoverableKeyException, CertificateException, IOException{
+// assertTrue(credentialManagerDirectory.exists());
+// assertFalse(credentialManagerDirectory.listFiles().length == 0); // something was created there
+
+ if (credentialManagerDirectory.exists()){
+ try {
+ FileUtils.deleteDirectory(credentialManagerDirectory);
+ System.out.println("Deleting Credential Manager's directory: "
+ + credentialManagerDirectory.getAbsolutePath());
+ } catch (IOException e) {
+ System.out.println(e.getStackTrace());
+ }
+ }
+
+ // Reset the SSLSocketFactory in JVM so we always have a clean start
+ SSLContext sc = null;
+ sc = SSLContext.getInstance("SSLv3");
+
+ // Create a "default" JSSE X509KeyManager.
+ KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509",
+ "SunJSSE");
+ KeyStore ks = KeyStore.getInstance("JKS");
+ ks.load(null, null);
+ kmf.init(ks, "blah".toCharArray());
+
+ // Create a "default" JSSE X509TrustManager.
+ TrustManagerFactory tmf = TrustManagerFactory.getInstance(
+ "SunX509", "SunJSSE");
+ KeyStore ts = KeyStore.getInstance("JKS");
+ ts.load(null, null);
+ tmf.init(ts);
+
+ sc.init(kmf.getKeyManagers(), tmf.getTrustManagers(), new SecureRandom());
+ SSLContext.setDefault(sc);
+ HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
+ }
+
+ @Test
+ public void testTrustConfirmationProvidersTrustAlways() throws IOException, CMException {
+ // Initially trust provider list is empty, we only verify by what is in
+ // Credential Manager's Truststore (and it does not contains the certificate for https://heater.cs.man.ac.uk:7443/)
+
+ // Do not forget to initialise Taverna's/Credential Manager's SSLSocketFactory
+ credentialManager.initializeSSL();
+
+ URL url = new URL("https://heater.cs.man.ac.uk:7443/");
+ HttpsURLConnection conn;
+ conn = (HttpsURLConnection) url.openConnection();
+ try{
+ // This should fail
+ conn.connect();
+ fail("Connection to https://heater.cs.man.ac.uk:7443/ should be untrusted at this point.");
+ }
+ catch(SSLHandshakeException sslex){
+ // expected to fail so all is good
+ System.out.println(sslex.getStackTrace());
+ }
+ finally{
+ conn.disconnect();
+ }
+
+ // Add the trust confirmation provider that trusts everyone
+ List<TrustConfirmationProvider> trustProviders = new ArrayList<TrustConfirmationProvider>();
+ trustProviders.add(new TrustAlwaysTrustConfirmationProvider());
+ credentialManager.setTrustConfirmationProviders(trustProviders);
+
+ HttpsURLConnection conn2 = (HttpsURLConnection) url.openConnection();
+ // This should work now
+ conn2.connect();
+ System.out.println("Status header: "+ conn2.getHeaderField(0));
+
+ assertEquals("HTTP/1.1 200 OK", conn2.getHeaderField(0));
+ conn2.disconnect();
+ }
+
+ @Test
+ public void testTrustConfirmationProvidersTrustNever() throws IOException, CMException {
+ // Initially trust provider list is empty, we only verify by what is in
+ // Credential Manager's Truststore (and it does not contains the certificate for https://heater.cs.man.ac.uk:7443/)
+
+ // Do not forget to initialise Taverna's/Credential Manager's SSLSocketFactory
+ credentialManager.initializeSSL();
+
+ URL url = new URL("https://heater.cs.man.ac.uk:7443/");
+ HttpsURLConnection conn;
+ conn = (HttpsURLConnection) url.openConnection();
+ try{
+ // This should fail
+ conn.connect();
+ fail("Connection to https://heater.cs.man.ac.uk:7443/ should be untrusted at this point.");
+ }
+ catch(SSLHandshakeException sslex){
+ // expected to fail so all is good
+ }
+ finally{
+ conn.disconnect();
+ }
+
+ // Add the trust confirmation provider that trusts no one
+ List<TrustConfirmationProvider> trustProviders = new ArrayList<TrustConfirmationProvider>();
+ credentialManager.setTrustConfirmationProviders(trustProviders);
+ trustProviders = new ArrayList<TrustConfirmationProvider>();
+ trustProviders.add(new TrustNeverTrustConfimationProvider());
+ credentialManager.setTrustConfirmationProviders(trustProviders);
+
+ HttpsURLConnection conn2 = (HttpsURLConnection) url.openConnection();
+ try{
+ // This should still fail as our trust providers are not trusting anyone
+ // and we have not added heater's certificate to Credential Manager's Truststore
+ conn2.connect();
+ fail("Connection to https://heater.cs.man.ac.uk:7443/ should be untrusted at this point.");
+ }
+ catch(SSLHandshakeException sslex){
+ // expected to fail so all is good
+ }
+ finally{
+ conn2.disconnect();
+ }
+ }
+
+ @Test
+ public void testTrustConfirmationAddDeleteCertificateDirectly() throws CMException, IOException, CertificateException{
+ // Initially trust provider list is empty, we only verify by what is in
+ // Credential Manager's Truststore (and it does not contains the certificate for https://heater.cs.man.ac.uk:7443/)
+
+ // Do not forget to initialise Taverna's/Credential Manager's SSLSocketFactory
+ credentialManager.initializeSSL();
+
+ URL url = new URL("https://heater.cs.man.ac.uk:7443/");
+ HttpsURLConnection conn;
+ conn = (HttpsURLConnection) url.openConnection();
+ try{
+ // This should fail
+ conn.connect();
+ fail("Connection to https://heater.cs.man.ac.uk:7443/ should be untrusted at this point.");
+ }
+ catch(SSLHandshakeException sslex){
+ // expected to fail so all is good
+ }
+ finally{
+ conn.disconnect();
+ }
+
+ // Add heater's certificate directly to Credential Manager's Truststore
+
+ // Load the test trusted certificate (belonging to heater.cs.man.ac.uk)
+ X509Certificate trustedCertficate;
+ URL trustedCertficateFileURL = getClass().getResource("/security/tomcat_heater_certificate.pem");
+ System.out.println("testTrustConfirmationAddDeleteCertificateDirectly: trusted certficate file URL " + trustedCertficateFileURL);
+ File trustedCertFile = new File(trustedCertficateFileURL.getPath());
+ FileInputStream inStream = new FileInputStream(trustedCertFile);
+ //InputStream inStream = getClass().getClassLoader().getResourceAsStream("security/tomcat_heater_certificate.pem");
+ CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
+ trustedCertficate = (X509Certificate) certFactory.generateCertificate(inStream);
+ try{
+ inStream.close();
+ }
+ catch (Exception e) {
+ // Ignore
+ }
+ String alias = credentialManager.addTrustedCertificate(trustedCertficate);
+
+ HttpsURLConnection conn2 = (HttpsURLConnection) url.openConnection();
+ // This should work now
+ conn2.connect();
+ //System.out.println(conn2.getHeaderField(0));
+
+ assertEquals("HTTP/1.1 200 OK", conn2.getHeaderField(0));
+ conn2.disconnect();
+
+ // Now remove certificate and see if the "trust" changes
+ credentialManager.deleteTrustedCertificate(alias);
+ HttpsURLConnection conn3;
+ conn3 = (HttpsURLConnection) url.openConnection();
+ try{
+ // This should fail
+ conn3.connect();
+ fail("Connection to https://heater.cs.man.ac.uk:7443/ should be untrusted at this point.");
+ }
+ catch(SSLHandshakeException sslex){
+ // expected to fail so all is good
+ }
+ finally{
+ conn3.disconnect();
+ }
+ }
+}