package org.jenkinsci.plugins.jvctb.config;
import static com.google.common.base.Optional.absent;
import static com.google.common.base.Optional.fromNullable;
import static com.google.common.base.Strings.isNullOrEmpty;
import com.cloudbees.plugins.credentials.CredentialsMatchers;
import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.CredentialsScope;
import com.cloudbees.plugins.credentials.SystemCredentialsProvider;
import com.cloudbees.plugins.credentials.common.StandardCredentials;
import com.cloudbees.plugins.credentials.common.StandardListBoxModel;
import com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials;
import com.cloudbees.plugins.credentials.domains.DomainRequirement;
import com.cloudbees.plugins.credentials.domains.URIRequirementBuilder;
import com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl;
import com.google.common.base.Optional;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import hudson.model.Item;
import hudson.model.Queue;
import hudson.model.queue.Tasks;
import hudson.security.ACL;
import hudson.util.FormValidation;
import hudson.util.ListBoxModel;
import hudson.util.Secret;
import java.util.List;
import jenkins.model.Jenkins;
import org.apache.commons.lang.StringUtils;
import org.jenkinsci.plugins.plaincredentials.StringCredentials;
/* Read more about credentials api here: https://github.com/jenkinsci/credentials-plugin/blob/master/docs/consumer.adoc */
public class CredentialsHelper {
@SuppressFBWarnings("NP_NULL_PARAM_DEREF")
public static ListBoxModel doFillCredentialsIdItems(
final Item item, final String credentialsId, final String uri) {
final StandardListBoxModel result = new StandardListBoxModel();
if (item == null) {
if (!Jenkins.getInstance().hasPermission(Jenkins.ADMINISTER)) {
return result.includeCurrentValue(credentialsId);
}
} else {
if (!item.hasPermission(Item.EXTENDED_READ)
&& !item.hasPermission(CredentialsProvider.USE_ITEM)) {
return result.includeCurrentValue(credentialsId);
}
}
return result //
.includeEmptyValue() //
.includeMatchingAs(
item instanceof Queue.Task ? Tasks.getAuthenticationOf((Queue.Task) item) : ACL.SYSTEM,
item,
StandardCredentials.class,
URIRequirementBuilder.fromUri(uri).build(),
CredentialsMatchers.anyOf(
CredentialsMatchers.instanceOf(StandardUsernamePasswordCredentials.class),
CredentialsMatchers.instanceOf(StringCredentials.class)))
.includeCurrentValue(credentialsId);
}
public static FormValidation doCheckFillCredentialsId(
final Item item, final String credentialsId, final String uri) {
if (item == null) {
if (!Jenkins.getInstance().hasPermission(Jenkins.ADMINISTER)) {
return FormValidation.ok();
}
} else {
if (!item.hasPermission(Item.EXTENDED_READ)
&& !item.hasPermission(CredentialsProvider.USE_ITEM)) {
return FormValidation.ok();
}
}
if (isNullOrEmpty(credentialsId)) {
return FormValidation.ok();
}
if (!findCredentials(item, credentialsId, uri).isPresent()) {
return FormValidation.error("Cannot find currently selected credentials");
}
return FormValidation.ok();
}
public static Optional<StandardCredentials> findCredentials(
final Item item, final String credentialsId, final String uri) {
if (isNullOrEmpty(credentialsId)) {
return absent();
}
return fromNullable(
CredentialsMatchers.firstOrNull(
CredentialsProvider.lookupCredentials(
StandardCredentials.class,
item,
item instanceof Queue.Task
? Tasks.getAuthenticationOf((Queue.Task) item)
: ACL.SYSTEM,
URIRequirementBuilder.fromUri(uri).build()),
CredentialsMatchers.allOf(
CredentialsMatchers.withId(credentialsId),
CredentialsMatchers.anyOf(
CredentialsMatchers.instanceOf(StandardUsernamePasswordCredentials.class),
CredentialsMatchers.instanceOf(StringCredentials.class)))));
}
public static String migrateCredentials(final String username, final String password) {
String credentialsId = null;
final DomainRequirement domainRequirement = null;
final List<StandardUsernamePasswordCredentials> credentials =
CredentialsMatchers.filter(
CredentialsProvider.lookupCredentials(
StandardUsernamePasswordCredentials.class,
Jenkins.getInstance(),
ACL.SYSTEM,
domainRequirement),
CredentialsMatchers.withUsername(username));
for (final StandardUsernamePasswordCredentials cred : credentials) {
if (StringUtils.equals(password, Secret.toString(cred.getPassword()))) {
// If some credentials have the same username/password, use those.
credentialsId = cred.getId();
break;
}
}
if (StringUtils.isBlank(credentialsId)) {
// If we couldn't find any existing credentials,
// create new credentials with the principal and secret and use it.
final StandardUsernamePasswordCredentials newCredentials =
new UsernamePasswordCredentialsImpl(
CredentialsScope.SYSTEM,
null,
"Migrated by Violation comments to bitbucket plugin",
username,
password);
SystemCredentialsProvider.getInstance().getCredentials().add(newCredentials);
credentialsId = newCredentials.getId();
}
if (StringUtils.isNotEmpty(credentialsId)) {
return credentialsId;
} else {
return null;
}
}
}
