com.cloudbees.plugins.credentials.domains.DomainRequirement Java Examples

public ListBoxModel doFillGApiKeyIDItems(
        @AncestorInPath Item item) {
    StandardListBoxModel result = new StandardListBoxModel();
    if (item == null) {
        if (!Jenkins.getInstance().hasPermission(Jenkins.ADMINISTER)) {
            return result.includeCurrentValue(gApiKeyID);
        }
    } else {
        if (!item.hasPermission(Item.EXTENDED_READ)
                && !item.hasPermission(CredentialsProvider.USE_ITEM)) {
            return result.includeCurrentValue(gApiKeyID);
        }
    }
    if (gApiKeyID != null) {
        result.includeMatchingAs(ACL.SYSTEM, Jenkins.getInstance(), StringCredentials.class,
                Collections.<DomainRequirement> emptyList(), CredentialsMatchers.allOf(CredentialsMatchers.withId(gApiKeyID)));
    }
    return result
            .includeMatchingAs(ACL.SYSTEM, Jenkins.getInstance(), StringCredentials.class,
                    Collections.<DomainRequirement> emptyList(), CredentialsMatchers.allOf(CredentialsMatchers.instanceOf(StringCredentials.class)));
}
 

/**
 * Makes the key materials available locally and returns {@link KeyMaterialFactory} that gives you the parameters
 * needed to access it.
 */
public KeyMaterialFactory newKeyMaterialFactory(@Nonnull Run context, @Nonnull VirtualChannel target) throws IOException, InterruptedException {
    DockerServerCredentials creds=null;
    if (credentialsId!=null) {
        List<DomainRequirement> domainRequirements = URIRequirementBuilder.fromUri(getUri()).build();
        domainRequirements.add(new DockerServerDomainRequirement());
        creds = CredentialsProvider.findCredentialById(credentialsId, DockerServerCredentials.class, context,
                domainRequirements);
    }

    // the directory needs to be outside workspace to avoid prying eyes
    FilePath dotDocker = dotDocker(target);
    dotDocker.mkdirs();
    // ServerKeyMaterialFactory.materialize creates a random subdir if one is needed:
    return newKeyMaterialFactory(dotDocker, creds);
}
 

/**
 * Makes the key materials available locally and returns {@link KeyMaterialFactory} that gives you the parameters
 * needed to access it.
 * 
 * @deprecated Call {@link #newKeyMaterialFactory(Run, VirtualChannel)}
 */
@Deprecated
public KeyMaterialFactory newKeyMaterialFactory(@Nonnull Item context, @Nonnull VirtualChannel target) throws IOException, InterruptedException {
    // as a build step, your access to credentials are constrained by what the build
    // can access, hence Jenkins.getAuthentication()
    DockerServerCredentials creds=null;
    if (credentialsId!=null) {
        List<DomainRequirement> domainRequirements = URIRequirementBuilder.fromUri(getUri()).build();
        domainRequirements.add(new DockerServerDomainRequirement());
        creds = CredentialsMatchers.firstOrNull(
                CredentialsProvider.lookupCredentials(
                        DockerServerCredentials.class, context, Jenkins.getAuthentication(),
                        domainRequirements),
                CredentialsMatchers.withId(credentialsId)
        );
    }

    // the directory needs to be outside workspace to avoid prying eyes
    FilePath dotDocker = dotDocker(target);
    dotDocker.mkdirs();
    // ServerKeyMaterialFactory.materialize creates a random subdir if one is needed:
    return newKeyMaterialFactory(dotDocker, creds);
}
 

public ListBoxModel doFillCredentialsIdItems(@AncestorInPath Item item) {
    if (item == null && !Jenkins.getActiveInstance().hasPermission(Jenkins.ADMINISTER) ||
        item != null && !item.hasPermission(Item.EXTENDED_READ)) {
        return new StandardListBoxModel();
    }
    // TODO may also need to specify a specific authentication and domain requirements
    return new StandardListBoxModel()
            .withEmptySelection()
            .withMatching(AuthenticationTokens.matcher(DockerRegistryToken.class),
                    CredentialsProvider.lookupCredentials(
                            StandardCredentials.class,
                            item,
                            null,
                            Collections.<DomainRequirement>emptyList()
                    )
            );
}
 

/**
 * Plugins that want to refer to a {@link IdCredentials} should do so via ID string,
 * and use this method to resolve it and convert to {@link DockerRegistryToken}.
 *
 * @param context
 *       If you are a build step trying to access DockerHub in the context of a build/job,
 *       specify that build. Otherwise null. If you are scoped to something else, you might
 *       have to interact with {@link CredentialsProvider} directly.
 */
@CheckForNull DockerRegistryToken getToken(@CheckForNull Run context) {
    if (credentialsId == null) {
        return null;
    }

    List<DomainRequirement> requirements = Collections.emptyList();
    try {
        requirements = Collections.<DomainRequirement>singletonList(new HostnameRequirement(getEffectiveUrl().getHost()));
    } catch (IOException e) {
        LOGGER.log(Level.FINE, "Unable to add domain requirement for endpoint URL", e);
    }

    return AuthenticationTokens.convert(DockerRegistryToken.class,
            CredentialsProvider.findCredentialById(credentialsId, IdCredentials.class, context, requirements));
}
 

/**
 * Plugins that want to refer to a {@link IdCredentials} should do so via ID string,
 * and use this method to resolve it and convert to {@link DockerRegistryToken}.
 *
 * Implements the logic {@link CredentialsProvider#findCredentialById(String, Class, Run, DomainRequirement...)}
 * but for an {@link Item}.
 *
 * @param context
 *       If you are a build step trying to access DockerHub in the context of a build/job,
 *       specify that job. Otherwise null. If you are scoped to something else, you might
 *       have to interact with {@link CredentialsProvider} directly.
 *
 * @deprecated Call {@link #getToken(Run)}
 */
@Deprecated
public @CheckForNull DockerRegistryToken getToken(Item context) {
    if (credentialsId == null) {
        return null;
    }

    // as a build step, your access to credentials are constrained by what the build
    // can access, hence Jenkins.getAuthentication()

    List<DomainRequirement> requirements = Collections.emptyList();
    try {
        requirements = Collections.<DomainRequirement>singletonList(new HostnameRequirement(getEffectiveUrl().getHost()));
    } catch (IOException e) {
        // shrug off this error and move on. We are matching with ID anyway.
        LOGGER.log(Level.FINE, "Unable to add domain requirement for endpoint URL", e);
    }

    // look for subtypes that know how to create a token, such as Google Container Registry
    return AuthenticationTokens.convert(DockerRegistryToken.class, firstOrNull(CredentialsProvider.lookupCredentials(
            IdCredentials.class, context, Jenkins.getAuthentication(), requirements),
            allOf(AuthenticationTokens.matcher(DockerRegistryToken.class), withId(credentialsId))));
}
 

public static ListBoxModel doFillCredentialsIDItems(@AncestorInPath Jenkins context) {
    if (context == null || !context.hasPermission(Item.CONFIGURE)) {
        return new StandardListBoxModel();
    }

    List<DomainRequirement> domainRequirements = new ArrayList<DomainRequirement>();
    return new StandardListBoxModel()
            .withEmptySelection()
            .withMatching(
                    CredentialsMatchers.anyOf(
                            CredentialsMatchers.instanceOf(ConduitCredentials.class)),
                    CredentialsProvider.lookupCredentials(
                            StandardCredentials.class,
                            context,
                            ACL.SYSTEM,
                            domainRequirements));
}
 

private static VaultCredential retrieveVaultCredentials(String id) {
    if (StringUtils.isBlank(id)) {
        throw new VaultPluginException(
            "The credential id was not configured - please specify the credentials to use.");
    } else {
        LOGGER.log(Level.INFO, "Retrieving vault credential ID : " + id);
    }
    List<VaultCredential> credentials = CredentialsProvider
        .lookupCredentials(VaultCredential.class,
            Jenkins.get(),
            ACL.SYSTEM,
            Collections.<DomainRequirement>emptyList());
    VaultCredential credential = CredentialsMatchers
        .firstOrNull(credentials, new IdMatcher(id));

    if (credential == null) {
        throw new CredentialsUnavailableException(id);
    }

    return credential;
}
 

public AbstractIdCredentialsListBoxModel<?, ?> doFillCredentialIdItems(
        @AncestorInPath Item owner) {
    if (owner == null || !owner.hasPermission(Item.CONFIGURE)) {
        return new AWSCredentialsListBoxModel();
    }

    List<AmazonWebServicesCredentials>
            creds =
            CredentialsProvider
                    .lookupCredentials(AmazonWebServicesCredentials.class, owner, ACL.SYSTEM,
                            Collections.<DomainRequirement>emptyList());

    return new AWSCredentialsListBoxModel()
            .withEmptySelection()
            .withAll(creds);
}
 

public FormValidation doCheckCredentialsId(@AncestorInPath Item item,
    final @QueryParameter String credentialsId,
    final @QueryParameter String url) {

  if (item == null) {
    if (!Jenkins.get().hasPermission(Jenkins.ADMINISTER)) {
      return FormValidation.ok();
    }
  } else if (!item.hasPermission(Item.EXTENDED_READ) && !item.hasPermission(CredentialsProvider.USE_ITEM)) {
    return FormValidation.ok();
  }
  if (StringUtils.isBlank(credentialsId)) {
    return FormValidation.warning(Messages.Site_emptyCredentialsId());
  }

  List<DomainRequirement> domainRequirements = URIRequirementBuilder.fromUri(url).build();
  if (CredentialsProvider.listCredentials(StandardUsernameCredentials.class, item, getAuthentication(item), domainRequirements, CredentialsMatchers.withId(credentialsId)).isEmpty()) {
    return FormValidation.error(Messages.Site_invalidCredentialsId());
  }
  return FormValidation.ok();
}
 

private String getgApiKey() {
    StandardCredentials credentials = null;
    try {
        credentials = CredentialsMatchers.firstOrNull(
                lookupCredentials(StandardCredentials.class, (Item) null, ACL.SYSTEM, new ArrayList<DomainRequirement>()),
                CredentialsMatchers.withId(gApiKeyID));
    }
    catch (NullPointerException e) {
        throw new ConnectionException(SR.getString("api.key.not.set"));
    }
    if (credentials != null) {
        if (credentials instanceof StringCredentials) {
            return ((StringCredentials) credentials).getSecret().getPlainText();
        }
    }
    throw new IllegalStateException("Could not find Acunetix API Key ID: " + gApiKeyID);
}
 

private static AmazonWebServicesCredentials lookupNamedCredential(String credentialsId)
        throws CredentialNotFoundException {
    final Jenkins jenkins = Jenkins.getInstanceOrNull();

    if (jenkins == null)
        throw new RuntimeException("Missing Jenkins Instance");

    List<AmazonWebServicesCredentials> credentialList =
            CredentialsProvider.lookupCredentials(
                    AmazonWebServicesCredentials.class, jenkins, ACL.SYSTEM,
                    Collections.<DomainRequirement>emptyList());

    AmazonWebServicesCredentials cred =
            CredentialsMatchers.firstOrNull(credentialList,
                    CredentialsMatchers.allOf(
                            CredentialsMatchers.withId(credentialsId)));

    if (cred == null) {
        throw new CredentialNotFoundException(credentialsId);
    }
    return cred;
}
 

private void setAuthHeaders(DockerSwarmAgentTemplate dockerSwarmAgentTemplate, ServiceSpec crReq) {
    String credentialsId = dockerSwarmAgentTemplate.getPullCredentialsId();

    // Exit if no credentials are provided
    if (credentialsId == null || credentialsId.length() == 0) {
        return;
    }

    // Get the credentials
    StandardUsernamePasswordCredentials credentials = CredentialsMatchers
            .firstOrNull(lookupCredentials(StandardUsernamePasswordCredentials.class, (Item) null, ACL.SYSTEM,
                    Collections.<DomainRequirement>emptyList()), CredentialsMatchers.withId(credentialsId));

    // Add the credentials to the header
    crReq.setAuthHeader(credentials.getUsername(), credentials.getPassword().getPlainText(),
            dockerSwarmAgentTemplate.getEmail(), dockerSwarmAgentTemplate.getServerAddress());
}
 

public ListBoxModel fillCredentialsIdItems(Item context, String remote) {
    List<DomainRequirement> domainRequirements;
    if (remote == null) {
        domainRequirements = Collections.emptyList();
    } else {
        domainRequirements = URIRequirementBuilder.fromUri(remote.trim()).build();
    }

    return new StandardListBoxModel()
            .includeEmptyValue()
            .withMatching(
                    CredentialsMatchers.anyOf(
                            CredentialsMatchers.instanceOf(StandardUsernamePasswordCredentials.class),
                            CredentialsMatchers.instanceOf(StandardCertificateCredentials.class),
                            CredentialsMatchers.instanceOf(SSHUserPrivateKey.class)
                    ),
                    CredentialsProvider.lookupCredentials(StandardCredentials.class,
                            context,
                            ACL.SYSTEM,
                            domainRequirements)
            );
}
 

public FormValidation doCheckCredentialsId(@AncestorInPath Item owner, @QueryParameter String value) {
    for (FileCredentials c : CredentialsProvider.lookupCredentials(FileCredentials.class, owner, null, Collections.<DomainRequirement>emptyList())) {
        if (c.getId().equals(value)) {
            InputStream is = null;
            try {
                is = c.getContent();
                byte[] data = new byte[4];
                if (is.read(data) == 4 && data[0] == 'P' && data[1] == 'K' && data[2] == 3 && data[3] == 4) {
                    return FormValidation.ok();
                } else {
                    return FormValidation.error(Messages.ZipFileBinding_NotZipFile());
                }
            } catch (IOException x) {
                return FormValidation.warning(Messages.ZipFileBinding_CouldNotVerifyFileFormat());
            }
            finally {
                if (is != null) {
                    IOUtils.closeQuietly(is);
                }
            }
        }
    }
    return FormValidation.error(Messages.ZipFileBinding_NoSuchCredentials());
}
 

/**
 *
 * @param serverCredentialMappings
 * @param logMessagePrefix
 * @return credentials by Maven server Id
 */
@Nonnull
public Map<String, StandardUsernameCredentials> resolveCredentials(@Nullable final List<ServerCredentialMapping> serverCredentialMappings, String logMessagePrefix) {
    // CredentialsHelper.removeMavenServerDefinitions() requires a Map implementation that supports `null` values. `HashMap` supports `null` values, `TreeMap` doesn't
    // https://github.com/jenkinsci/config-file-provider-plugin/blob/config-file-provider-2.16.4/src/main/java/org/jenkinsci/plugins/configfiles/maven/security/CredentialsHelper.java#L252
    Map<String, StandardUsernameCredentials> mavenServerIdToCredentials = new HashMap<>();
    if (serverCredentialMappings == null) {
        return mavenServerIdToCredentials;
    }
    List<ServerCredentialMapping> unresolvedServerCredentialsMappings = new ArrayList<>();
    for (ServerCredentialMapping serverCredentialMapping : serverCredentialMappings) {

        List<DomainRequirement> domainRequirements = StringUtils.isBlank(serverCredentialMapping.getServerId()) ?  Collections.emptyList(): Collections.singletonList(new MavenServerIdRequirement(serverCredentialMapping.getServerId()));
        @Nullable
        final StandardUsernameCredentials credentials = CredentialsProvider.findCredentialById(serverCredentialMapping.getCredentialsId(), StandardUsernameCredentials.class, build, domainRequirements);

        if (credentials == null) {
            unresolvedServerCredentialsMappings.add(serverCredentialMapping);
        } else {
            mavenServerIdToCredentials.put(serverCredentialMapping.getServerId(), credentials);
        }
    }
    if (!unresolvedServerCredentialsMappings.isEmpty()) {
        /*
         * we prefer to print a warning message rather than failing the build with an AbortException if some credentials are NOT found for backward compatibility reasons.
         * The behaviour of o.j.p.configfiles.m.s.CredentialsHelper.resolveCredentials(model.Run, List<ServerCredentialMapping>, TaskListener)` is to just print a warning message
         */
        console.println("[withMaven] WARNING " + logMessagePrefix + " - Silently skip Maven server Ids with missing associated Jenkins credentials: " +
                unresolvedServerCredentialsMappings.stream().map(new ServerCredentialMappingToStringFunction()).collect(Collectors.joining(", ")));
    }
    return mavenServerIdToCredentials;
}
 

private static List<ConduitCredentials> availableCredentials(Job owner) {
    return CredentialsProvider.lookupCredentials(
            ConduitCredentials.class,
            owner,
            null,
            new ArrayList<DomainRequirement>()
    );
}
 

public static String migrateCredentials(final String username, final String password) {
  String credentialsId = null;
  final DomainRequirement domainRequirement = null;
  final List<StandardUsernamePasswordCredentials> credentials =
      CredentialsMatchers.filter(
          CredentialsProvider.lookupCredentials(
              StandardUsernamePasswordCredentials.class,
              Jenkins.getInstance(),
              ACL.SYSTEM,
              domainRequirement),
          CredentialsMatchers.withUsername(username));
  for (final StandardUsernamePasswordCredentials cred : credentials) {
    if (StringUtils.equals(password, Secret.toString(cred.getPassword()))) {
      // If some credentials have the same username/password, use those.
      credentialsId = cred.getId();
      break;
    }
  }
  if (StringUtils.isBlank(credentialsId)) {
    // If we couldn't find any existing credentials,
    // create new credentials with the principal and secret and use it.
    final StandardUsernamePasswordCredentials newCredentials =
        new UsernamePasswordCredentialsImpl(
            CredentialsScope.SYSTEM,
            null,
            "Migrated by Violation comments to bitbucket plugin",
            username,
            password);
    SystemCredentialsProvider.getInstance().getCredentials().add(newCredentials);
    credentialsId = newCredentials.getId();
  }
  if (StringUtils.isNotEmpty(credentialsId)) {
    return credentialsId;
  } else {
    return null;
  }
}
 

private static <C extends Credentials> List<C> getAllCredentials(Class<C> type) {
  ItemGroup<?> itemGroup = null;
  Authentication authentication = SYSTEM;
  DomainRequirement domainRequirement = null;

  return lookupCredentials(type, itemGroup, authentication, domainRequirement);
}
 

public ListBoxModel doFillCredentialsIdItems(@AncestorInPath Job<?,?> owner) {
    if (owner == null || !owner.hasPermission(Item.CONFIGURE)) {
        return new ListBoxModel();
    }
    List<DomainRequirement> apiEndpoint = URIRequirementBuilder.fromUri(BitbucketApi.OAUTH_ENDPOINT).build();

    return new StandardUsernameListBoxModel()
            .withEmptySelection()
            .withAll(CredentialsProvider.lookupCredentials(StandardUsernamePasswordCredentials.class, owner, null, apiEndpoint));
}
 

public ListBoxModel doFillCredentialsIdItems(@AncestorInPath Item item, @QueryParameter String uri) {
    if (item == null && !Jenkins.getActiveInstance().hasPermission(Jenkins.ADMINISTER) ||
        item != null && !item.hasPermission(Item.EXTENDED_READ)) {
        return new StandardListBoxModel();
    }
    List<DomainRequirement> domainRequirements = URIRequirementBuilder.fromUri(uri).build();
    domainRequirements.add(new DockerServerDomainRequirement());
    return new StandardListBoxModel()
            .withEmptySelection()
            .withMatching(
                    AuthenticationTokens.matcher(KeyMaterialFactory.class),
                    CredentialsProvider
                            .lookupCredentials(BASE_CREDENTIAL_TYPE, item, null, domainRequirements)
            );
}
 

/** {@inheritDoc} */
@NonNull
@Override
public Result test(DomainRequirement scope) {
    if (scope instanceof DockerServerDomainRequirement) {
        // we are a very simple specification
        return Result.POSITIVE;
    }
    return Result.UNKNOWN;
}
 

public ListBoxModel doFillCredentialsItems() {
    final ListBoxModel model = new ListBoxModel();

    DomainRequirement domain = new DomainRequirement();
    for (AwsKeyCredentials credentials : CredentialsProvider.lookupCredentials(AwsKeyCredentials.class, Jenkins.getInstance(), ACL.SYSTEM, domain)) {
        model.add(credentials.getId());
    }
    return model;
}
 

public ListBoxModel doFillCredentialsItems() {
    final ListBoxModel model = new ListBoxModel();

    DomainRequirement domain = new DomainRequirement();
    for (AwsKeyCredentials credentials : CredentialsProvider.lookupCredentials(AwsKeyCredentials.class, Jenkins.getInstance(), ACL.SYSTEM, domain)) {
        model.add(credentials.getId());
    }
    return model;
}
 

/**
 * Helper method to create a EC2Connector when only the credentialsId is
 * known.
 * 
 * @param credentialsId
 *            the credentialsId used to access Amazon AWS
 * @return either a connector to access AWS/EC2 or null if the credentials
 *         are not known.
 */
public static EC2Connector getEC2Connector(final String credentialsId) {
    final DomainRequirement domain = new DomainRequirement();
    final AwsKeyCredentials credentials = CredentialsMatchers.firstOrNull(CredentialsProvider.lookupCredentials(AwsKeyCredentials.class, Jenkins.getInstance(), null, domain),
            CredentialsMatchers.withId(credentialsId));
    if (credentials == null) {
        LOGGER.warning("No credentials found for ID='" + credentialsId + "'");
        return null;
    }
    return new EC2Connector(new AmazonEC2Client(credentials.getAwsAuthCredentials()));
}
 

private static SSLConfig toSSlConfig(String credentialsId) {
    if (credentialsId == null) return null;

    DockerServerCredentials credentials = firstOrNull(
        lookupCredentials(
            DockerServerCredentials.class,
            Jenkins.getInstance(),
            ACL.SYSTEM,
            Collections.<DomainRequirement>emptyList()),
        withId(credentialsId));
    return credentials == null ? null :
        new DockerServerCredentialsSSLConfig(credentials);
}
 

/**
 * Removes any scheme requirements.
 *
 * @return {@code this}.
 */
@NonNull
public GitURIRequirementsBuilder withoutScheme() {
    for (Iterator<DomainRequirement> iterator = requirements.iterator(); iterator.hasNext(); ) {
        DomainRequirement r = iterator.next();
        if (r instanceof SchemeRequirement) {
            iterator.remove();
        }
    }
    return this;
}
 

/**
 * Removes any path requirements.
 *
 * @return {@code this}.
 */
@NonNull
public GitURIRequirementsBuilder withoutPath() {
    for (Iterator<DomainRequirement> iterator = requirements.iterator(); iterator.hasNext(); ) {
        DomainRequirement r = iterator.next();
        if (r instanceof PathRequirement) {
            iterator.remove();
        }
    }
    return this;
}
 

/**
 * Removes any hostname or hostname:port requirements.
 *
 * @return {@code this}.
 */
@NonNull
public GitURIRequirementsBuilder withoutHostname() {
    for (Iterator<DomainRequirement> iterator = requirements.iterator(); iterator.hasNext(); ) {
        DomainRequirement r = iterator.next();
        if (r instanceof HostnameRequirement) {
            iterator.remove();
        }
    }
    return this;
}
 

/**
 * Removes any hostname:port requirements.
 *
 * @return {@code this}.
 */
@NonNull
public GitURIRequirementsBuilder withoutHostnamePort() {
    for (Iterator<DomainRequirement> iterator = requirements.iterator(); iterator.hasNext(); ) {
        DomainRequirement r = iterator.next();
        if (r instanceof HostnamePortRequirement) {
            iterator.remove();
        }
    }
    return this;
}