hudson.util.Secret Java Examples

@Override
public boolean configure(StaplerRequest req, JSONObject json) throws FormException {
    url = (String) json.get("url");
    email = (String) json.get("email");
    apiKey = Secret.fromString((String) json.get("apiKey"));
    stream = (String) json.get("stream");
    topic = (String) json.get("topic");
    jenkinsUrl = (String) json.get("jenkinsUrl");
    smartNotify = Boolean.TRUE.equals(json.get("smartNotify"));
    save();

    // Cleanup the configuration file from previous plugin id - humbug
    File oldConfig = new File(Jenkins.getInstance().getRootDir(), OLD_CONFIG_FILE_NAME);
    if (oldConfig.exists()) {
        if (oldConfig.delete()) {
            logger.log(Level.INFO, "Old humbug configuration file successfully cleaned up.");
        } else {
            logger.log(Level.WARNING, "Failed to cleanup old humbug configuration file.");
        }
    }

    return super.configure(req, json);
}
 

@Ignore
@Test
public void testHtml() throws Exception {
    List<JsonParameterVariables> jsonParameterVariables = new ArrayList<JsonParameterVariables>();
    jsonParameterVariables.add(new JsonParameterVariables("KEY", "value"));
    LambdaInvokeBuildStepVariables variables = new LambdaInvokeBuildStepVariables(false, "accessKeyId", Secret.fromString("secretKey"), "eu-west-1", "function", "payload", true, jsonParameterVariables);

    FreeStyleProject p = j.createFreeStyleProject();
    LambdaInvokeBuildStep before = new LambdaInvokeBuildStep(variables);
    p.getBuildersList().add(before);

    j.submit(j.createWebClient().getPage(p, "configure").getFormByName("config"));

    LambdaInvokeBuildStep after = p.getBuildersList().get(LambdaInvokeBuildStep.class);

    assertEquals(before, after);
}
 

private UsernamePasswordCredentials withValidCredentials() {
    final List<StandardUsernamePasswordCredentials> all =
            CredentialsProvider.lookupCredentials(
                    StandardUsernamePasswordCredentials.class,
                    (Item) null,
                    ACL.SYSTEM,
                    Collections.emptyList());

    StandardUsernamePasswordCredentials jenkinsCredentials =
            CredentialsMatchers.firstOrNull(all,
                    CredentialsMatchers.withId(credentialsId));

    if (jenkinsCredentials == null) {
        throw new ParsingException("Could not find the credentials for " + credentialsId);
    }

    return new UsernamePasswordCredentials(
            jenkinsCredentials.getUsername(),
            Secret.toString(jenkinsCredentials.getPassword()));
}
 

@Test
@Ignore
public void testHtml() throws Exception {
    LambdaUploadVariables variables = new LambdaUploadVariables(false, "accessKeyId", Secret.fromString("secretKey"), "eu-west-1", "ziplocation", "description", "function", "handler", "1024", "role", "nodejs", "30", true, false, "full", null, false, "", "");
    List<LambdaUploadVariables> variablesList = new ArrayList<>();
    variablesList.add(variables);

    FreeStyleProject p = j.createFreeStyleProject();
    LambdaUploadPublisher before = new LambdaUploadPublisher(variablesList);
    p.getPublishersList().add(before);

    j.submit(j.createWebClient().getPage(p,"configure").getFormByName("config"));

    LambdaUploadPublisher after = p.getPublishersList().get(LambdaUploadPublisher.class);

    assertEquals(before, after);
}
 

@Test
@ConfiguredWithCode("Proxy.yml")
public void describeProxyConfig() throws Exception {
    ConfiguratorRegistry registry = ConfiguratorRegistry.get();
    ConfigurationContext context = new ConfigurationContext(registry);
    final CNode configNode = getProxyNode(context);

    Secret password = requireNonNull(Secret.decrypt(getProxyNode(context).getScalarValue("secretPassword")));

    final String yamlConfig = Util.toYamlString(configNode);
    assertEquals(String.join("\n",
            "name: \"proxyhost\"",
            "noProxyHost: \"externalhost\"",
            "port: 80",
            "secretPassword: \"" + password.getEncryptedValue() + "\"",
            "testUrl: \"http://google.com\"",
            "userName: \"login\"",
            ""
    ), yamlConfig);
}
 

@Issue("JENKINS-27389")
@Test public void grabEnv() {
    story.addStep(new Statement() {
        @Override public void evaluate() throws Throwable {
            String credentialsId = "creds";
            String secret = "s3cr3t";
            CredentialsProvider.lookupStores(story.j.jenkins).iterator().next().addCredentials(Domain.global(), new StringCredentialsImpl(CredentialsScope.GLOBAL, credentialsId, "sample", Secret.fromString(secret)));
            WorkflowJob p = story.j.jenkins.createProject(WorkflowJob.class, "p");
            p.setDefinition(new CpsFlowDefinition(""
                    + "def extract(id) {\n"
                    + "  def v\n"
                    + "  withCredentials([string(credentialsId: id, variable: 'temp')]) {\n"
                    + "    v = env.temp\n"
                    + "  }\n"
                    + "  v\n"
                    + "}\n"
                    + "node {\n"
                    + "  echo \"got: ${extract('" + credentialsId + "')}\"\n"
                    + "}", true));
            story.j.assertLogContains("got: " + secret, story.j.assertBuildStatusSuccess(p.scheduleBuild2(0).get()));
        }
    });
}
 

public void setUp() throws IOException, InterruptedException, ReflectiveOperationException {
    MockitoAnnotations.initMocks(this);
    jobId = UUID.randomUUID().toString();
    jobNonce = UUID.randomUUID().toString();

    // Override the secret key so that we can test this class without {@link jenkins.model.Jenkins}.
    Field field = Secret.class.getDeclaredField("SECRET");
    field.setAccessible(true);
    field.set(null, RandomStringUtils.random(16));
}
 

@DataBoundConstructor
public ConduitCredentialsImpl(
        @CheckForNull String id,
        @NonNull @CheckForNull String url,
        @Nullable String gateway,
        @CheckForNull String description,
        @CheckForNull String token) {
    super(id, description);
    this.url = url;
    this.gateway = gateway;
    this.token = Secret.fromString(token);
}
 

@Test
public void testGetLambdaClientConfig() throws Exception {
    LambdaPublishBuildStepVariables variables = new LambdaPublishBuildStepVariables(false, "ID", Secret.fromString("SECRET}"), "eu-west-1", "ARN", "ALIAS", "DESCRIPTION");
    variables.expandVariables(new EnvVars());
    LambdaClientConfig lambdaClientConfig = variables.getLambdaClientConfig();

    AWSLambda lambda = lambdaClientConfig.getClient();
    assertNotNull(lambda);
}
 

public AWSCodePipelineSCM(
        final String projectName,
        final boolean clear,
        final String region,
        final String awsAccessKey,
        final String awsSecretKey,
        final String proxyHost,
        final String proxyPort,
        final String category,
        final String provider,
        final String version,
        final AWSClientFactory awsClientFactory) {

    clearWorkspace        = clear;
    this.region           = Validation.sanitize(region.trim());
    this.awsAccessKey     = Validation.sanitize(awsAccessKey.trim());
    this.awsSecretKey     = Secret.fromString(Validation.sanitize(awsSecretKey.trim()));
    this.proxyHost        = Validation.sanitize(proxyHost.trim());
    this.projectName      = null;
    actionTypeCategory    = Validation.sanitize(category.trim());
    actionTypeProvider    = Validation.sanitize(provider.trim());
    actionTypeVersion     = Validation.sanitize(version.trim());
    this.awsClientFactory = awsClientFactory;

    if (proxyPort != null && !proxyPort.isEmpty()) {
        this.proxyPort = Integer.parseInt(proxyPort);
    }
    else {
        this.proxyPort = 0;
    }
}
 

@Override public MultiEnvironment bind(Run<?,?> build, FilePath workspace, Launcher launcher, TaskListener listener) throws IOException, InterruptedException {
    SSHUserPrivateKey sshKey = getCredentials(build);
    UnbindableDir keyDir = UnbindableDir.create(workspace);
    FilePath keyFile =  keyDir.getDirPath().child("ssh-key-" + keyFileVariable);

    StringBuilder contents = new StringBuilder();
    for (String key : sshKey.getPrivateKeys()) {
        contents.append(key);
        contents.append('\n');
    }
    keyFile.write(contents.toString(), "UTF-8");
    keyFile.chmod(0400);

    Map<String, String> map = new LinkedHashMap<>();
    map.put(keyFileVariable, keyFile.getRemote());
    if (passphraseVariable != null) {
        Secret passphrase = sshKey.getPassphrase();
        if (passphrase != null) {
            map.put(passphraseVariable, passphrase.getPlainText());
        } else {
            map.put(passphraseVariable, "");
        }
    }
    if (usernameVariable != null) {
        map.put(usernameVariable, sshKey.getUsername());
    }

    return new MultiEnvironment(map, keyDir.getUnbinder());
}
 

@Before
public void setUp() {
    baseRequest = new UploadRequest.Builder()
        .setOwnerName("owner-name")
        .setAppName("app-name")
        .build();
    given(mockTaskListener.getLogger()).willReturn(mockLogger);
    final AppCenterServiceFactory factory = new AppCenterServiceFactory(Secret.fromString("secret-token"), mockWebServer.url("/").toString(), mockProxyConfig);
    task = new CreateUploadResourceTask(mockTaskListener, factory);
}
 

@Before
public void setUp() {
    Secret secret = Secret.fromString(SECRET_VALUE);
    listener = StreamTaskListener.fromStdout();
    StandardUsernameCredentials cred = new StandardUsernamePasswordCredentialsImpl(USER_NAME, secret);
    provider = new CredentialsProviderImpl(listener, cred);
}
 

@DataBoundConstructor
public VaultAppRoleCredential(@CheckForNull CredentialsScope scope, @CheckForNull String id,
    @CheckForNull String description, @NonNull String roleId, @NonNull Secret secretId,
    String path) {
    super(scope, id, description);
    this.secretId = secretId;
    this.roleId = roleId;
    if (path == null) {
        this.path = "approle";
    } else {
        this.path = path;
    }
}
 

public void expandVariables(EnvVars env) {
    awsAccessKeyId = ExpansionUtils.expand(awsAccessKeyId, env);
    clearTextAwsSecretKey = ExpansionUtils.expand(Secret.toString(Secret.fromString(awsSecretKey)), env);
    awsRegion = ExpansionUtils.expand(awsRegion, env);
    functionName = ExpansionUtils.expand(functionName, env);
    payload = ExpansionUtils.expand(payload, env);
    if(jsonParameters != null) {
        for (JsonParameterVariables jsonParameter : jsonParameters) {
            jsonParameter.expandVariables(env);
        }
    }
}
 

public void initializeModel() {
    final CodePipelineStateModel model = new CodePipelineStateModel();
    model.setActionTypeCategory(actionTypeCategory);
    model.setAwsAccessKey(awsAccessKey);
    model.setAwsSecretKey(Secret.toString(awsSecretKey));
    model.setCompressionType(CompressionType.None);
    model.setJob(job);
    model.setProxyHost(proxyHost);
    model.setProxyPort(proxyPort);
    model.setRegion(region);
    CodePipelineStateService.setModel(model);
}
 

@Deprecated
public LambdaEventSourceBuildStepVariables(boolean useInstanceCredentials, String awsAccessKeyId, Secret awsSecretKey, String awsRegion, String functionName, String functionAlias, String eventSourceArn) {
    this.useInstanceCredentials = useInstanceCredentials;
    this.awsAccessKeyId = awsAccessKeyId;
    this.awsSecretKey = awsSecretKey != null ? awsSecretKey.getEncryptedValue() : null;
    this.awsRegion = awsRegion;
    this.functionName = functionName;
    this.functionAlias = functionAlias;
    this.eventSourceArn = eventSourceArn;
}
 

static void setupGitLabConnections(JenkinsRule jenkins, MockServerRule mockServer) throws IOException {
    GitLabConnectionConfig connectionConfig = jenkins.get(GitLabConnectionConfig.class);
    String apiTokenId = "apiTokenId";
    for (CredentialsStore credentialsStore : CredentialsProvider.lookupStores(Jenkins.getInstance())) {
        if (credentialsStore instanceof SystemCredentialsProvider.StoreImpl) {
            List<Domain> domains = credentialsStore.getDomains();
            credentialsStore.addCredentials(domains.get(0),
                new StringCredentialsImpl(CredentialsScope.SYSTEM, apiTokenId, "GitLab API Token", Secret.fromString(TestUtility.API_TOKEN)));
        }
    }
    connectionConfig.addConnection(new GitLabConnection(TestUtility.GITLAB_CONNECTION_V3, "http://localhost:" + mockServer.getPort() + "/gitlab", apiTokenId, new V3GitLabClientBuilder(), false, 10, 10));
    connectionConfig.addConnection(new GitLabConnection(TestUtility.GITLAB_CONNECTION_V4, "http://localhost:" + mockServer.getPort() + "/gitlab", apiTokenId, new V4GitLabClientBuilder(), false, 10, 10));

}
 

@NonNull
@Override
public Secret getSecret() {
    String k = defaultIfBlank(vaultKey, DEFAULT_VAULT_KEY);
    String s = getVaultSecret(path, k, engineVersion);
    if (s == null) {
        throw new VaultPluginException("Fetching from Vault failed for key " + k, null);
    }
    return Secret.fromString(s);
}
 

@Override
public String getToken(Vault vault) {
    try {
        return vault.auth().loginByGithub(Secret.toString(accessToken)).getAuthClientToken();
    } catch (VaultException e) {
        throw new VaultPluginException("could not log in into vault", e);
    }
}
 

@DataBoundConstructor
public DingTalkSecurityPolicyConfig(boolean checked, String type, String value, String desc) {
  this.checked = checked;
  this.type = type;
  this.value = Secret.fromString(value);
  this.desc = desc;
}
 

/**
 * Validate top level configuration values.
 *
 * @param log Destination Task Log
 * @return Whether or not the configuration is valid.
 */
private boolean validateConfiguration(@Nonnull PrintStream log) {
    String roleArn = getRoleArn();
    String akid = Secret.toString(getAkid());
    String skid = Secret.toString(getSkid());

    // [Required]: Auth Credentials
    if ((roleArn == null || roleArn.isEmpty()) && (akid == null || akid.isEmpty() || skid == null || skid.isEmpty())) {
        writeToLog(log, "Either IAM Role ARN or AKID/SKID must be set.");
        return false;
    }

    // [Required]: Project
    if (projectName == null || projectName.isEmpty()) {
        writeToLog(log, "Project must be set.");
        return false;
    }
    // [Required]: DevicePool
    if (devicePoolName == null || devicePoolName.isEmpty()) {
        writeToLog(log, "DevicePool must be set.");
        return false;
    }
    // [Required]: App Artifact
    if (!ifWebApp && (appArtifact == null || appArtifact.isEmpty())) {
        writeToLog(log, "Application Artifact must be set.");
        return false;
    }
    // [Required]: At least one test.
    if (testToRun == null || stringToTestType(testToRun) == null) {
        writeToLog(log, "A test type must be set.");
        return false;
    }
    return true;
}
 

@Test
@Issue("SECURITY-1458")
public void shouldNotExportValuesWithSecretConstructors() throws Exception {
    DataBoundConfigurator<DataBoundSecretConstructor> c = new DataBoundConfigurator<>(DataBoundSecretConstructor.class);
    String res = export(c, new DataBoundSecretConstructor(Secret.fromString("test")));
    assertThat(res, not(containsString("test")));
}
 

@Deprecated
public LambdaInvokeBuildStepVariables(boolean useInstanceCredentials, String awsAccessKeyId, Secret awsSecretKey, String awsRegion, String functionName, String payload, boolean synchronous, List<JsonParameterVariables> jsonParameters) {
    this.useInstanceCredentials = useInstanceCredentials;
    this.awsAccessKeyId = awsAccessKeyId;
    this.awsSecretKey = awsSecretKey != null ? awsSecretKey.getEncryptedValue() : null;
    this.awsRegion = awsRegion;
    this.functionName = functionName;
    this.payload = payload;
    this.synchronous = synchronous;
    this.jsonParameters = jsonParameters;
}
 

@Issue("JENKINS-38831")
@Test
public void testTrackingOfCredential() {
    story.addStep(new Statement() {
        @Override public void evaluate() throws Throwable {
            String credentialsId = "creds";
            String secret = "s3cr3t";
            StringCredentialsImpl credentials = new StringCredentialsImpl(CredentialsScope.GLOBAL, credentialsId, "sample", Secret.fromString(secret));
            Fingerprint fingerprint = CredentialsProvider.getFingerprintOf(credentials);

            CredentialsProvider.lookupStores(story.j.jenkins).iterator().next().addCredentials(Domain.global(), credentials);
            WorkflowJob p = story.j.jenkins.createProject(WorkflowJob.class, "p");
            p.setDefinition(new CpsFlowDefinition(""
              + "def extract(id) {\n"
              + "  def v\n"
              + "  withCredentials([[$class: 'StringBinding', credentialsId: id, variable: 'temp']]) {\n"
              + "    v = env.temp\n"
              + "  }\n"
              + "  v\n"
              + "}\n"
              + "node {\n"
              + "  echo \"got: ${extract('" + credentialsId + "')}\"\n"
              + "}", true));

            assertThat("No fingerprint created until first use", fingerprint, nullValue());

            story.j.assertLogContains("got: " + secret, story.j.assertBuildStatusSuccess(p.scheduleBuild2(0).get()));

            fingerprint = CredentialsProvider.getFingerprintOf(credentials);

            assertThat(fingerprint, notNullValue());
            assertThat(fingerprint.getJobs(), hasItem(is(p.getFullName())));
        }
    });
}
 

private void verifyGlobalConfig() {
    DescriptorImpl globalConfig = j.jenkins.getDescriptorByType(DescriptorImpl.class);
    assertEquals("ZulipUrl", globalConfig.getUrl());
    assertEquals("[email protected]", globalConfig.getEmail());
    assertEquals("secret", Secret.toString(globalConfig.getApiKey()));
    assertEquals("defaultStream", globalConfig.getStream());
    assertEquals("defaultTopic", globalConfig.getTopic());
    assertTrue(globalConfig.isSmartNotify());
    assertEquals("JenkinsUrl", globalConfig.getJenkinsUrl());
}
 

@Before
public void setup() throws IOException {
    for (CredentialsStore credentialsStore : CredentialsProvider.lookupStores(Jenkins.getInstance())) {
        if (credentialsStore instanceof SystemCredentialsProvider.StoreImpl) {
            List<Domain> domains = credentialsStore.getDomains();
            credentialsStore.addCredentials(domains.get(0),
                new StringCredentialsImpl(CredentialsScope.SYSTEM, API_TOKEN_ID, "GitLab API Token", Secret.fromString(API_TOKEN_ID)));
        }
    }
}
 

public void expandVariables(EnvVars env) {
    awsAccessKeyId = ExpansionUtils.expand(awsAccessKeyId, env);
    clearTextAwsSecretKey = ExpansionUtils.expand(Secret.toString(Secret.fromString(this.awsSecretKey)), env);
    awsRegion = ExpansionUtils.expand(this.awsRegion, env);
    functionARN = ExpansionUtils.expand(this.functionARN, env);
    functionAlias = ExpansionUtils.expand(this.functionAlias, env);
    versionDescription = ExpansionUtils.expand(this.versionDescription, env);
}
 

@Test
public void smokes() throws Exception {
    DumbSlave slave = j.createOnlineSlave();
    VirtualChannel channel = slave.getChannel();
    FreeStyleProject item = j.createFreeStyleProject();
    CredentialsStore store = CredentialsProvider.lookupStores(j.getInstance()).iterator().next();
    assertThat(store, instanceOf(SystemCredentialsProvider.StoreImpl.class));
    Domain domain = new Domain("docker", "A domain for docker credentials",
            Collections.<DomainSpecification>singletonList(new DockerServerDomainSpecification()));
    DockerServerCredentials credentials = new DockerServerCredentials(CredentialsScope.GLOBAL, "foo", "desc", Secret.fromString("a"), "b", "c");
    store.addDomain(domain, credentials);
    DockerServerEndpoint endpoint = new DockerServerEndpoint("tcp://localhost:2736", credentials.getId());
    FilePath dotDocker = DockerServerEndpoint.dotDocker(channel);
    List<FilePath> dotDockerKids = dotDocker.list();
    int initialSize = dotDockerKids == null ? 0 : dotDockerKids.size();
    KeyMaterialFactory factory = endpoint.newKeyMaterialFactory(item, channel);
    KeyMaterial keyMaterial = factory.materialize();
    FilePath path = null;
    try {
        assertThat(keyMaterial.env().get("DOCKER_HOST", "missing"), is("tcp://localhost:2736"));
        assertThat(keyMaterial.env().get("DOCKER_TLS_VERIFY", "missing"), is("1"));
        assertThat(keyMaterial.env().get("DOCKER_CERT_PATH", "missing"), not("missing"));
        path = new FilePath(channel, keyMaterial.env().get("DOCKER_CERT_PATH", "missing"));
        if (!Functions.isWindows()) {
            assertThat(path.mode() & 0777, is(0700));
        }
        assertThat(path.child("key.pem").readToString(), is("a"));
        assertThat(path.child("cert.pem").readToString(), is("b"));
        assertThat(path.child("ca.pem").readToString(), is("c"));
    } finally {
        keyMaterial.close();
    }
    assertThat(path.child("key.pem").exists(), is(false));
    assertThat(path.child("cert.pem").exists(), is(false));
    assertThat(path.child("ca.pem").exists(), is(false));
    assertThat(dotDocker.list().size(), is(initialSize));
}
 

@Test
public void shouldFailIfMissingVaultAddress() {
    final String credentialsId = "creds";
    final String token = "fakeToken";
    final String jobId = "testJob";
    story.addStep(new Statement() {
        @Override
        public void evaluate() throws Throwable {
            VaultTokenCredential c = new VaultTokenCredential(CredentialsScope.GLOBAL,
                credentialsId, "fake description", Secret.fromString(token));
            CredentialsProvider.lookupStores(story.j.jenkins).iterator().next()
                .addCredentials(Domain.global(), c);
            WorkflowJob p = story.j.jenkins.createProject(WorkflowJob.class, jobId);
            p.setDefinition(new CpsFlowDefinition(""
                + "node {\n"
                + "  withCredentials([[$class: 'VaultTokenCredentialBinding', addrVariable: 'VAULT_ADDR', tokenVariable: 'VAULT_TOKEN', credentialsId: '"
                + credentialsId + "']]) {\n"
                + "      " + getShellString() + " 'echo \"" + getVariable("VAULT_ADDR") + ":"
                + getVariable("VAULT_TOKEN") + "\" > script'\n"
                + "  }\n"
                + "}", true));
            WorkflowRun b = p.scheduleBuild2(0).waitForStart();
            story.j.assertBuildStatus(Result.FAILURE, story.j.waitForCompletion(b));
            story.j.assertLogNotContains(token, b);
        }
    });
}