public interface CredentialManager
Keystore and Truststore are Bouncy Castle UBER-type keystores saved as files called "taverna-keystore.ubr" and "taverna-truststore.ubr" respectively. In the case of the Workbench, they are located in a directory called "security" inside the taverna.home directory. This location can be changed, e.g. in the case of the server and command line tool you may want to pass in the location of the Credential Manager's files.
Modifier and Type | Interface and Description |
---|---|
static class |
CredentialManager.KeystoreType |
Modifier and Type | Field and Description |
---|---|
static String |
CERTIFICATES_REVOKED_INDICATOR_FILE_NAME |
static String |
KEYSTORE_FILE_NAME |
static String |
PROPERTY_KEYSTORE |
static String |
PROPERTY_KEYSTORE_PASSWORD |
static String |
PROPERTY_KEYSTORE_PROVIDER |
static String |
PROPERTY_KEYSTORE_TYPE |
static String |
PROPERTY_TRUSTSTORE |
static String |
PROPERTY_TRUSTSTORE_PASSWORD |
static String |
PROPERTY_TRUSTSTORE_PROVIDER |
static String |
PROPERTY_TRUSTSTORE_TYPE |
static String |
TRUSTSTORE_FILE_NAME |
static String |
USER_SET_MASTER_PASSWORD_INDICATOR_FILE_NAME |
static char |
USERNAME_AND_PASSWORD_SEPARATOR_CHARACTER |
static String |
UTF_8 |
Modifier and Type | Method and Description |
---|---|
String |
addKeyPair(Key privateKey,
Certificate[] certs)
Insert a new key entry containing private key and the corresponding
public key certificate chain in the Keystore.
|
void |
addObserver(Observer<KeystoreChangedEvent> observer)
Add an observer of the changes to the Keystore or Truststore.
|
String |
addTrustedCertificate(X509Certificate cert)
Insert a trusted certificate entry in the Truststore with an alias
constructed as:
"trustedcert#
|
String |
addUsernameAndPasswordForService(UsernamePassword usernamePassword,
URI serviceURI)
Insert a username and password pair for the given service URI in the
Keystore.
|
void |
changeMasterPassword(String newPassword)
Change the Keystore and the Truststore's master password to the one
provided.
|
boolean |
confirmMasterPassword(String password)
Checks if Keystore's master password is the same as the one provided.
|
String |
createKeyPairAlias(Key privateKey,
Certificate[] certs)
Create a Keystore alias that would be used for adding the given key pair
(private and public key) entry to the Keystore.
|
String |
createTrustedCertificateAlias(X509Certificate cert)
Create a Truststore alias that would be used for adding the given trusted
X509 certificate to the Truststore.
|
void |
deleteKeyPair(Key privateKey,
Certificate[] certs)
Delete a key pair entry from the Keystore given its private and public
key parts.
|
void |
deleteKeyPair(String alias)
Delete a key pair entry from the Keystore given its alias.
|
void |
deleteTrustedCertificate(String alias)
Delete a trusted certificate entry from the Truststore given its alias.
|
void |
deleteTrustedCertificate(X509Certificate cert)
Delete a trusted certificate entry from the Truststore given the
certificate.
|
void |
deleteUsernameAndPasswordForService(URI serviceURI)
Delete a username and password pair for the given service URI from the
Keystore.
|
void |
exportKeyPair(String alias,
Path exportFile,
String pkcs12Password)
Export a key entry containing private key and public key certificate
chain from the Keystore to a PKCS #12 file.
|
ArrayList<String> |
getAliases(CredentialManager.KeystoreType ksType)
Get all the aliases from the Keystore/Truststore or null if there was
some error while accessing it.
|
Authenticator |
getAuthenticator() |
Certificate |
getCertificate(CredentialManager.KeystoreType ksType,
String alias)
Get certificate entry from the Keystore or Truststore.
|
Certificate[] |
getKeyPairsCertificateChain(String alias)
Get certificate chain for the key pair entry from the Keystore given its
alias.
|
Key |
getKeyPairsPrivateKey(String alias)
Get the private key part of a key pair entry from the Keystore given its
alias.
|
List<Observer<KeystoreChangedEvent>> |
getObservers()
Get all current observers of changes to the Keystore or Truststore.
|
List<URI> |
getServiceURIsForAllUsernameAndPasswordPairs()
Get service URIs associated with all username/password pairs currently in
the Keystore.
|
SSLSocketFactory |
getTavernaSSLSocketFactory()
Get Taverna's SSLSocketFactory backed by Credential Manager's Keystore
and Truststore.
|
UsernamePassword |
getUsernameAndPasswordForService(URI serviceURI,
boolean useURIPathRecursion,
String requestingMessage)
Get a username and password pair for the given service's URI, or null if
it does not exit.
|
boolean |
hasEntryWithAlias(CredentialManager.KeystoreType ksType,
String alias)
Check if the Keystore/Truststore contains an entry with the given alias.
|
boolean |
hasKeyPair(Key privateKey,
Certificate[] certs)
Checks if the Keystore contains the given key pair entry (private key and
its corresponding public key certificate chain).
|
boolean |
hasTrustedCertificate(Certificate cert)
Checks if the Truststore contains the given public key certificate.
|
boolean |
hasUsernamePasswordForService(URI serviceURI)
Checks if the Keystore contains a username and password for the given
service URI.
|
void |
initializeSSL()
Set the default SSLContext to use Credential Manager's Keystore and
Truststore for managing SSL connections from Taverna and also set
HttpsURLConnection's default SSLSocketFactory to use the one from the
just configured SSLContext, i.e.
|
boolean |
isKeyEntry(String alias)
Check if the given alias identifies a key entry in the Keystore.
|
KeyStore |
loadPKCS12Keystore(Path pkcs12File,
String pkcs12Password)
Load a PKCS12-type keystore from a file using the supplied password.
|
void |
removeObserver(Observer<KeystoreChangedEvent> observer)
Remove an observer of the changes to the Keystore or Truststore.
|
boolean |
resetAuthCache()
Reset the JVMs cache for authentication like HTTP Basic Auth.
|
void |
setConfigurationDirectoryPath(Path credentialManagerDirectory)
Set the directory where Credential Manager's Keystore and Truststore
files will be read from.
|
static final String KEYSTORE_FILE_NAME
static final String TRUSTSTORE_FILE_NAME
static final String UTF_8
static final String PROPERTY_TRUSTSTORE
static final String PROPERTY_TRUSTSTORE_PASSWORD
static final String PROPERTY_KEYSTORE
static final String PROPERTY_KEYSTORE_PASSWORD
static final String PROPERTY_KEYSTORE_TYPE
static final String PROPERTY_KEYSTORE_PROVIDER
static final String PROPERTY_TRUSTSTORE_TYPE
static final String PROPERTY_TRUSTSTORE_PROVIDER
static final String CERTIFICATES_REVOKED_INDICATOR_FILE_NAME
static final char USERNAME_AND_PASSWORD_SEPARATOR_CHARACTER
static final String USER_SET_MASTER_PASSWORD_INDICATOR_FILE_NAME
void setConfigurationDirectoryPath(Path credentialManagerDirectory) throws CMException
credentialManagerDirectory
- CMException
boolean hasUsernamePasswordForService(URI serviceURI) throws CMException
CMException
UsernamePassword getUsernameAndPasswordForService(URI serviceURI, boolean useURIPathRecursion, String requestingMessage) throws CMException
If the username and password are not available in the Keystore, it will
invoke implementations of the ServiceUsernameAndPasswordProvider
interface asking the user (typically through the UI) or resolving
hard-coded credentials.
If the parameter useURIPathRecursion
is true, then the
Credential Manager will also attempt to look for stored credentials for
each of the parent fragments of the URI.
serviceURI
- The URI of the service for which we are providing the username
and passworduseURIPathRecursion
- Whether to look for any username and passwords stored in the
Keystore for the parent fragments of the service URI (for
example, we are looking for the credentials for service
http://somehost/some-fragment but we already have credentials
stored for http://somehost which can be reused)requestingMessage
- The message to be presented to the user when asking for the
username and password, normally useful for UI providers that
pop up dialogs, can be ignored otherwiseCMException
- if anything goes wrong during Keystore lookup, etc.String addUsernameAndPasswordForService(UsernamePassword usernamePassword, URI serviceURI) throws CMException
Effectively, this method inserts a new secret key entry in the Keystore,
where key contains
Username and password string is saved in the Keystore as byte array using
SecretKeySpec (which constructs a secret key from the given byte array
but does not check if the given bytes indeed specify a secret key of the
specified algorithm).
An alias used to identify the username and password entry is constructed
as "password#"
usernamePassword
- The UsernamePassword
to storeserviceURI
- The (possibly normalized) URI to store the credentials underCMException
- If the credentials could not be storedvoid deleteUsernameAndPasswordForService(URI serviceURI) throws CMException
CMException
boolean hasKeyPair(Key privateKey, Certificate[] certs) throws CMException
CMException
String addKeyPair(Key privateKey, Certificate[] certs) throws CMException
CMException
void deleteKeyPair(String alias) throws CMException
CMException
void deleteKeyPair(Key privateKey, Certificate[] certs) throws CMException
CMException
String createKeyPairAlias(Key privateKey, Certificate[] certs)
privateKey
- private keycerts
- public key's certificate chainvoid exportKeyPair(String alias, Path exportFile, String pkcs12Password) throws CMException
CMException
Certificate getCertificate(CredentialManager.KeystoreType ksType, String alias) throws CMException
CMException
Certificate[] getKeyPairsCertificateChain(String alias) throws CMException
This method works for the Keystore only as the Truststore does not contain key pair entries, but trusted certificate entries only.
CMException
Key getKeyPairsPrivateKey(String alias) throws CMException
This method works for the Keystore only as the Truststore does not contain key pair entries, but trusted certificate entries only.
CMException
boolean hasTrustedCertificate(Certificate cert) throws CMException
CMException
String addTrustedCertificate(X509Certificate cert) throws CMException
CMException
void deleteTrustedCertificate(String alias) throws CMException
CMException
void deleteTrustedCertificate(X509Certificate cert) throws CMException
CMException
String createTrustedCertificateAlias(X509Certificate cert)
cert
- certificate to generate the alias forboolean isKeyEntry(String alias) throws CMException
CMException
boolean hasEntryWithAlias(CredentialManager.KeystoreType ksType, String alias) throws CMException
CMException
ArrayList<String> getAliases(CredentialManager.KeystoreType ksType) throws CMException
CMException
List<URI> getServiceURIsForAllUsernameAndPasswordPairs() throws CMException
CMException
hasUsernamePasswordForService(URI)
KeyStore loadPKCS12Keystore(Path pkcs12File, String pkcs12Password) throws CMException
CMException
void addObserver(Observer<KeystoreChangedEvent> observer)
List<Observer<KeystoreChangedEvent>> getObservers()
void removeObserver(Observer<KeystoreChangedEvent> observer)
boolean confirmMasterPassword(String password) throws CMException
password
- CMException
void changeMasterPassword(String newPassword) throws CMException
CMException
boolean resetAuthCache()
Note that this method uses undocumented calls to
sun.net.www.protocol.http.AuthCacheValue
which might not be
valid in virtual machines other than Sun Java 6. If these calls fail,
this method will log the error and return false
.
true
if the VMs cache could be reset, or
false
otherwise.void initializeSSL() throws CMException
CMException
SSLSocketFactory getTavernaSSLSocketFactory() throws CMException
CMException
Authenticator getAuthenticator()
Copyright © 2015–2016 The Apache Software Foundation. All rights reserved.