public class CredentialManagerImpl extends Object implements CredentialManager, Observable<KeystoreChangedEvent>
#CredentialManagerService
.Modifier and Type | Class and Description |
---|---|
class |
CredentialManagerImpl.ClearCachedServiceURIsObserver
Clear the cached service URIs that have username and password associated
with them.
|
class |
CredentialManagerImpl.KeystoreChangedObserver
If any change to the Keystore or Truststore occurs - create the new
SSLSocketFactory and set the new default SSLContext which is initialised
with the updated Keystore and Truststore material
|
CredentialManager.KeystoreType
Modifier and Type | Field and Description |
---|---|
static List<String> |
defaultTrustStorePasswords
Various passwords to try for the Java's default truststore.
|
static String |
OLD_T2TRUSTSTORE_FILE |
static String |
OLD_TRUSTSTORE_PASSWORD |
CERTIFICATES_REVOKED_INDICATOR_FILE_NAME, KEYSTORE_FILE_NAME, PROPERTY_KEYSTORE, PROPERTY_KEYSTORE_PASSWORD, PROPERTY_KEYSTORE_PROVIDER, PROPERTY_KEYSTORE_TYPE, PROPERTY_TRUSTSTORE, PROPERTY_TRUSTSTORE_PASSWORD, PROPERTY_TRUSTSTORE_PROVIDER, PROPERTY_TRUSTSTORE_TYPE, TRUSTSTORE_FILE_NAME, USER_SET_MASTER_PASSWORD_INDICATOR_FILE_NAME, USERNAME_AND_PASSWORD_SEPARATOR_CHARACTER, UTF_8
Constructor and Description |
---|
CredentialManagerImpl() |
Modifier and Type | Method and Description |
---|---|
void |
addFragmentedURI(LinkedHashSet<URI> possibles,
URI uri,
String rawFragment) |
String |
addKeyPair(Key privateKey,
Certificate[] certs)
Insert a new key entry containing private key and the corresponding
public key certificate chain in the Keystore.
|
void |
addObserver(Observer<KeystoreChangedEvent> observer)
Add an observer of the changes to the Keystore or Truststore.
|
String |
addTrustedCertificate(X509Certificate cert)
Insert a trusted certificate entry in the Truststore with an alias
constructed as:
"trustedcert#
|
String |
addUsernameAndPasswordForService(UsernamePassword usernamePassword,
URI serviceURI)
Insert a username and password pair for the given service URI in the
Keystore.
|
void |
changeMasterPassword(String newMasterPassword)
Change the Keystore and the Truststore's master password to the one
provided.
|
boolean |
confirmMasterPassword(String password)
Checks if Keystore's master password is the same as the one provided.
|
String |
createKeyPairAlias(Key privateKey,
Certificate[] certs)
Create a Keystore alias that would be used for adding the given key pair
(private and public key) entry to the Keystore.
|
String |
createTrustedCertificateAlias(X509Certificate cert)
Create a Truststore alias that would be used for adding the given trusted
X509 certificate to the Truststore.
|
void |
deleteKeyPair(Key privateKey,
Certificate[] certs)
Delete a key pair entry from the Keystore given its private and public
key parts.
|
void |
deleteKeyPair(String alias)
Delete a key pair entry from the Keystore given its alias.
|
void |
deleteRevokedCertificates() |
void |
deleteTrustedCertificate(String alias)
Delete a trusted certificate entry from the Truststore given its alias.
|
void |
deleteTrustedCertificate(X509Certificate cert)
Delete a trusted certificate entry from the Truststore given the
certificate.
|
void |
deleteUsernameAndPasswordForService(String serviceURL)
Deprecated.
Use
deleteUsernameAndPasswordForService(URI serviceURI)
instead. |
void |
deleteUsernameAndPasswordForService(URI serviceURI)
Delete a username and password pair for the given service URI from the
Keystore.
|
void |
exportKeyPair(String alias,
Path exportFile,
String pkcs12Password)
Export a key entry containing private key and public key certificate
chain from the Keystore to a PKCS #12 file.
|
ArrayList<String> |
getAliases(CredentialManager.KeystoreType ksType)
Get all the aliases from the Keystore/Truststore or null if there was
some error while accessing it.
|
Authenticator |
getAuthenticator() |
Certificate |
getCertificate(CredentialManager.KeystoreType ksType,
String alias)
Get certificate entry from the Keystore or Truststore.
|
protected Map<URI,URI> |
getFragmentMappedURIsForAllUsernameAndPasswordPairs() |
List<JavaTruststorePasswordProvider> |
getJavaTruststorePasswordProviders()
Get the Java truststore password providers for providing the password to
encrypt/decrypt the Java's default truststore.
|
Certificate[] |
getKeyPairsCertificateChain(String alias)
Get certificate chain for the key pair entry from the Keystore.
|
Key |
getKeyPairsPrivateKey(String alias)
Get the private key part of a key pair entry from the Keystore given its
alias.
|
List<MasterPasswordProvider> |
getMasterPasswordProviders()
Get the master password providers for providing the master password to
encrypt/decrypt the Credential Maager's Keystore and Truststore.
|
List<Observer<KeystoreChangedEvent>> |
getObservers()
Get all current observers of changes to the Keystore or Truststore.
|
protected LinkedHashSet<URI> |
getPossibleServiceURIsToLookup(URI serviceURI,
boolean usePathRecursion) |
List<URI> |
getServiceURIsForAllUsernameAndPasswordPairs()
Get service URIs associated with all username/password pairs currently in
the Keystore.
|
ArrayList<String> |
getServiceURLsforAllUsernameAndPasswordPairs()
Deprecated.
|
List<ServiceUsernameAndPasswordProvider> |
getServiceUsernameAndPasswordProviders()
Get the providers of username and passwords for services.
|
SSLSocketFactory |
getTavernaSSLSocketFactory()
Get Taverna's SSLSocketFactory backed by Credential Manager's Keystore
and Truststore.
|
List<TrustConfirmationProvider> |
getTrustConfirmationProviders()
Get the providers of trust confirmation for HTTPS connections to external
services/sites
|
String[] |
getUsernameAndPasswordForService(String serviceURL)
Deprecated.
|
UsernamePassword |
getUsernameAndPasswordForService(URI serviceURI,
boolean usePathRecursion,
String requestingMessage)
Get a username and password pair for the given service's URI, or null if
it does not exit.
|
boolean |
hasEntryWithAlias(CredentialManager.KeystoreType ksType,
String alias)
Check if the Keystore/Truststore contains an entry with the given alias.
|
boolean |
hasKeyPair(Key privateKey,
Certificate[] certs)
Checks if the Keystore contains the given key pair entry (private key and
its corresponding public key certificate chain).
|
boolean |
hasTrustedCertificate(Certificate cert)
Checks if the Truststore contains the given public key certificate.
|
boolean |
hasUsernamePasswordForService(URI serviceURI)
Checks if the Keystore contains a username and password for the given
service URI.
|
void |
initializeSSL()
Set the default SSLContext to use Credential Manager's Keystore and
Truststore for managing SSL connections from Taverna and also set
HttpsURLConnection's default SSLSocketFactory to use the one from the
just configured SSLContext, i.e.
|
void |
installAuthenticator()
Connects this credential manager to the Java HTTP authenticator mechanism.
|
boolean |
isKeyEntry(String alias)
Check if the given alias identifies is a key entry in the Keystore.
|
KeyStore |
loadPKCS12Keystore(Path pkcs12File,
String pkcs12Password)
Load a PKCS12-type keystore from a file using the supplied password.
|
URI |
normalizeServiceURI(URI serviceURI)
Normalize an URI for insertion as the basis for path-recursive lookups,
ie.
|
void |
removeObserver(Observer<KeystoreChangedEvent> observer)
Remove an observer of the changes to the Keystore or Truststore.
|
boolean |
resetAuthCache()
Reset the JVMs cache for authentication like HTTP Basic Auth.
|
String |
saveUsernameAndPasswordForService(String username,
String password,
String serviceURL)
Deprecated.
|
void |
setApplicationConfiguration(ApplicationConfiguration applicationConfiguration)
Sets the applicationConfiguration.
|
void |
setConfigurationDirectoryPath(Path credentialManagerPath)
Set the directory where Credential Manager's Keystore and Truststore
files will be read from.
|
void |
setJavaTruststorePasswordProviders(List<JavaTruststorePasswordProvider> javaTruststorePasswordProvider)
Set the Java truststore password providers for providing the password to
encrypt/decrypt the Java's default truststore.
|
void |
setMasterPasswordProviders(List<MasterPasswordProvider> masterPasswordProviders)
Set the master password providers for providing the master password to
encrypt/decrypt the Credential Maager's Keystore and Truststore.
|
void |
setServiceUsernameAndPasswordProviders(List<ServiceUsernameAndPasswordProvider> serviceUsernameAndPasswordProviders)
Set the providers of username and passwords for services.
|
void |
setTrustConfirmationProviders(List<TrustConfirmationProvider> trustConfirmationProviders)
Set the providers of trust confirmation for HTTPS connections to external
services/sites.
|
public static List<String> defaultTrustStorePasswords
public static final String OLD_TRUSTSTORE_PASSWORD
public static final String OLD_T2TRUSTSTORE_FILE
public CredentialManagerImpl() throws CMException
CMException
public void installAuthenticator()
public void deleteRevokedCertificates()
@Deprecated public String[] getUsernameAndPasswordForService(String serviceURL) throws CMException
getUsernameAndPasswordForService(URI, boolean, String)
insteadCMException
public UsernamePassword getUsernameAndPasswordForService(URI serviceURI, boolean usePathRecursion, String requestingMessage) throws CMException
If the username and password are not available in the Keystore, it will
invoke implementations of the ServiceUsernameAndPasswordProvider
interface asking the user (typically through the UI) or resolving
hard-coded credentials.
If the parameter useURIPathRecursion
is true, then the
Credential Manager will also attempt to look for stored credentials for
each of the parent fragments of the URI.
getUsernameAndPasswordForService
in interface CredentialManager
serviceURI
- The URI of the service for which we are providing the username
and passworduseURIPathRecursion
- Whether to look for any username and passwords stored in the
Keystore for the parent fragments of the service URI (for
example, we are looking for the credentials for service
http://somehost/some-fragment but we already have credentials
stored for http://somehost which can be reused)requestingMessage
- The message to be presented to the user when asking for the
username and password, normally useful for UI providers that
pop up dialogs, can be ignored otherwiseCMException
- if anything goes wrong during Keystore lookup, etc.protected Map<URI,URI> getFragmentMappedURIsForAllUsernameAndPasswordPairs() throws CMException
CMException
protected LinkedHashSet<URI> getPossibleServiceURIsToLookup(URI serviceURI, boolean usePathRecursion)
public void addFragmentedURI(LinkedHashSet<URI> possibles, URI uri, String rawFragment)
@Deprecated public ArrayList<String> getServiceURLsforAllUsernameAndPasswordPairs() throws CMException
CMException
getServiceURIsForAllUsernameAndPasswordPairs()
public String addUsernameAndPasswordForService(UsernamePassword usernamePassword, URI serviceURI) throws CMException
Effectively, this method inserts a new secret key entry in the Keystore,
where key contains
Username and password string is saved in the Keystore as byte array using
SecretKeySpec (which constructs a secret key from the given byte array
but does not check if the given bytes indeed specify a secret key of the
specified algorithm).
An alias used to identify the username and password entry is constructed
as "password#"
addUsernameAndPasswordForService
in interface CredentialManager
usernamePassword
- The UsernamePassword
to storeserviceURI
- The (possibly normalized) URI to store the credentials underCMException
- If the credentials could not be stored@Deprecated public String saveUsernameAndPasswordForService(String username, String password, String serviceURL) throws CMException
addUsernameAndPasswordForService(UsernamePassword, URI)
instead
Effectively, this method inserts a new secret key entry in the Keystore,
where key contains
Username and password string is saved in the Keystore as byte array using
SecretKeySpec (which constructs a secret key from the given byte array
but does not check if the given bytes indeed specify a secret key of the
specified algorithm).
An alias used to identify the username and password entry is constructed
as "password#"
CMException
public void deleteUsernameAndPasswordForService(URI serviceURI) throws CMException
deleteUsernameAndPasswordForService
in interface CredentialManager
CMException
@Deprecated public void deleteUsernameAndPasswordForService(String serviceURL) throws CMException
deleteUsernameAndPasswordForService(URI serviceURI)
instead.CMException
public String addKeyPair(Key privateKey, Certificate[] certs) throws CMException
addKeyPair
in interface CredentialManager
CMException
public boolean hasKeyPair(Key privateKey, Certificate[] certs) throws CMException
hasKeyPair
in interface CredentialManager
CMException
public void deleteKeyPair(String alias) throws CMException
deleteKeyPair
in interface CredentialManager
CMException
public void deleteKeyPair(Key privateKey, Certificate[] certs) throws CMException
deleteKeyPair
in interface CredentialManager
CMException
public void exportKeyPair(String alias, Path exportFile, String pkcs12Password) throws CMException
exportKeyPair
in interface CredentialManager
CMException
public Certificate getCertificate(CredentialManager.KeystoreType ksType, String alias) throws CMException
getCertificate
in interface CredentialManager
CMException
public Certificate[] getKeyPairsCertificateChain(String alias) throws CMException
getKeyPairsCertificateChain
in interface CredentialManager
CMException
public Key getKeyPairsPrivateKey(String alias) throws CMException
This method works for the Keystore only as the Truststore does not contain key pair entries, but trusted certificate entries only.
getKeyPairsPrivateKey
in interface CredentialManager
CMException
public String addTrustedCertificate(X509Certificate cert) throws CMException
addTrustedCertificate
in interface CredentialManager
CMException
public String createKeyPairAlias(Key privateKey, Certificate[] certs)
createKeyPairAlias
in interface CredentialManager
privateKey
- private keycerts
- public key's certificate chainpublic String createTrustedCertificateAlias(X509Certificate cert)
createTrustedCertificateAlias
in interface CredentialManager
cert
- certificate to generate the alias forpublic boolean hasTrustedCertificate(Certificate cert) throws CMException
hasTrustedCertificate
in interface CredentialManager
CMException
public void deleteTrustedCertificate(String alias) throws CMException
deleteTrustedCertificate
in interface CredentialManager
CMException
public void deleteTrustedCertificate(X509Certificate cert) throws CMException
deleteTrustedCertificate
in interface CredentialManager
CMException
public boolean isKeyEntry(String alias) throws CMException
isKeyEntry
in interface CredentialManager
CMException
public boolean hasEntryWithAlias(CredentialManager.KeystoreType ksType, String alias) throws CMException
hasEntryWithAlias
in interface CredentialManager
CMException
public ArrayList<String> getAliases(CredentialManager.KeystoreType ksType) throws CMException
getAliases
in interface CredentialManager
CMException
public List<URI> getServiceURIsForAllUsernameAndPasswordPairs() throws CMException
getServiceURIsForAllUsernameAndPasswordPairs
in interface CredentialManager
CMException
hasUsernamePasswordForService(URI)
public KeyStore loadPKCS12Keystore(Path pkcs12File, String pkcs12Password) throws CMException
loadPKCS12Keystore
in interface CredentialManager
CMException
public void addObserver(Observer<KeystoreChangedEvent> observer)
addObserver
in interface Observable<KeystoreChangedEvent>
addObserver
in interface CredentialManager
observer
- the class who wants notified of changespublic List<Observer<KeystoreChangedEvent>> getObservers()
getObservers
in interface Observable<KeystoreChangedEvent>
getObservers
in interface CredentialManager
public void removeObserver(Observer<KeystoreChangedEvent> observer)
removeObserver
in interface Observable<KeystoreChangedEvent>
removeObserver
in interface CredentialManager
observer
- the class who no longer wants notifiedpublic boolean confirmMasterPassword(String password) throws CMException
confirmMasterPassword
in interface CredentialManager
CMException
public void changeMasterPassword(String newMasterPassword) throws CMException
changeMasterPassword
in interface CredentialManager
CMException
public void initializeSSL() throws CMException
CredentialManager
initializeSSL
in interface CredentialManager
CMException
public SSLSocketFactory getTavernaSSLSocketFactory() throws CMException
CredentialManager
getTavernaSSLSocketFactory
in interface CredentialManager
CMException
public Authenticator getAuthenticator()
getAuthenticator
in interface CredentialManager
public URI normalizeServiceURI(URI serviceURI)
URI uri = URI.create("http://foo.org/dir1/dirX/../dir2/filename.html?q=x") System.out.println(CredentialManager.normalizeServiceURI(uri)); >>> http://foo.org/dir1/dir2/ uri = URI.create("http://foo.org/dir1/dir2/"); System.out.println(CredentialManager.normalizeServiceURI(uri)); >>> http://foo.org/dir1/dir2/
Note that #fragments are preserved, as these are used to indicate HTTP Basic Auth realms
serviceURI
- URI for a service that is to be normalizedpublic boolean resetAuthCache()
Note that this method uses undocumented calls to
sun.net.www.protocol.http.AuthCacheValue
which might not be
valid in virtual machines other than Sun Java 6. If these calls fail,
this method will log the error and return false
.
resetAuthCache
in interface CredentialManager
true
if the JVMs cache could be reset, or
false
otherwise.public boolean hasUsernamePasswordForService(URI serviceURI) throws CMException
hasUsernamePasswordForService
in interface CredentialManager
CMException
public void setConfigurationDirectoryPath(Path credentialManagerPath) throws CMException
setConfigurationDirectoryPath
in interface CredentialManager
credentialManagerDirectory
- CMException
public void setMasterPasswordProviders(List<MasterPasswordProvider> masterPasswordProviders)
This is done through the Spring DM.
public List<MasterPasswordProvider> getMasterPasswordProviders()
public void setJavaTruststorePasswordProviders(List<JavaTruststorePasswordProvider> javaTruststorePasswordProvider)
This is done through the Spring DM.
public List<JavaTruststorePasswordProvider> getJavaTruststorePasswordProviders()
public void setServiceUsernameAndPasswordProviders(List<ServiceUsernameAndPasswordProvider> serviceUsernameAndPasswordProviders)
This is done through the Spring DM.
public List<ServiceUsernameAndPasswordProvider> getServiceUsernameAndPasswordProviders()
public void setTrustConfirmationProviders(List<TrustConfirmationProvider> trustConfirmationProviders)
This is done through the Spring DM.
public List<TrustConfirmationProvider> getTrustConfirmationProviders()
public void setApplicationConfiguration(ApplicationConfiguration applicationConfiguration)
applicationConfiguration
- the new value of applicationConfigurationCopyright © 2015–2016 The Apache Software Foundation. All rights reserved.