From 16cac8f9cbd32b371d4aa357dcf9f677eeb9271b Mon Sep 17 00:00:00 2001 From: James Robson Date: Mon, 13 Jun 2022 10:22:10 +0100 Subject: [PATCH 1/5] Restore SnapshotTaker for SSHUserPrivateKey --- .../impl/BasicSSHUserPrivateKey.java | 30 +++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/src/main/java/com/cloudbees/jenkins/plugins/sshcredentials/impl/BasicSSHUserPrivateKey.java b/src/main/java/com/cloudbees/jenkins/plugins/sshcredentials/impl/BasicSSHUserPrivateKey.java index 5598a27..a4facfd 100644 --- a/src/main/java/com/cloudbees/jenkins/plugins/sshcredentials/impl/BasicSSHUserPrivateKey.java +++ b/src/main/java/com/cloudbees/jenkins/plugins/sshcredentials/impl/BasicSSHUserPrivateKey.java @@ -25,6 +25,8 @@ import com.cloudbees.jenkins.plugins.sshcredentials.SSHUserPrivateKey; import com.cloudbees.plugins.credentials.CredentialsScope; +import com.cloudbees.plugins.credentials.CredentialsSnapshotTaker; + import edu.umd.cs.findbugs.annotations.CheckForNull; import edu.umd.cs.findbugs.annotations.NonNull; import hudson.DescriptorExtensionList; @@ -531,4 +533,32 @@ private Object readResolve() { // the critical field allow the permission check to make the XML read to fail completely in case of violation Items.XSTREAM2.addCriticalField(BasicSSHUserPrivateKey.class, "privateKeySource"); } + + @Extension + public static class CredentialsSnapshotTakerImpl extends CredentialsSnapshotTaker { + /** + * {@inheritDoc} + */ + @Override + public Class type() { + return SSHUserPrivateKey.class; + } + + /** + * {@inheritDoc} + */ + @Override + public SSHUserPrivateKey snapshot(SSHUserPrivateKey credentials) { + if (credentials instanceof BasicSSHUserPrivateKey) { + final PrivateKeySource keySource = ((BasicSSHUserPrivateKey) credentials).getPrivateKeySource(); + if (keySource.isSnapshotSource()) { + return credentials; + } + } + final Secret passphrase = credentials.getPassphrase(); + return new BasicSSHUserPrivateKey(credentials.getScope(), credentials.getId(), credentials.getUsername(), + new DirectEntryPrivateKeySource(credentials.getPrivateKeys()), + passphrase == null ? null : passphrase.getEncryptedValue(), credentials.getDescription()); + } + } } From da45d191bbabc92f434e1956008c86b4a6de50eb Mon Sep 17 00:00:00 2001 From: James Robson Date: Fri, 17 Jun 2022 15:01:34 +0100 Subject: [PATCH 2/5] Refactor snapshot taker --- .../impl/BasicSSHUserPrivateKey.java | 27 ----------------- .../impl/SSHUserPrivateKeySnapshotTaker.java | 30 +++++++++++++++++++ 2 files changed, 30 insertions(+), 27 deletions(-) create mode 100644 src/main/java/com/cloudbees/jenkins/plugins/sshcredentials/impl/SSHUserPrivateKeySnapshotTaker.java diff --git a/src/main/java/com/cloudbees/jenkins/plugins/sshcredentials/impl/BasicSSHUserPrivateKey.java b/src/main/java/com/cloudbees/jenkins/plugins/sshcredentials/impl/BasicSSHUserPrivateKey.java index a4facfd..c2c4567 100644 --- a/src/main/java/com/cloudbees/jenkins/plugins/sshcredentials/impl/BasicSSHUserPrivateKey.java +++ b/src/main/java/com/cloudbees/jenkins/plugins/sshcredentials/impl/BasicSSHUserPrivateKey.java @@ -534,31 +534,4 @@ private Object readResolve() { Items.XSTREAM2.addCriticalField(BasicSSHUserPrivateKey.class, "privateKeySource"); } - @Extension - public static class CredentialsSnapshotTakerImpl extends CredentialsSnapshotTaker { - /** - * {@inheritDoc} - */ - @Override - public Class type() { - return SSHUserPrivateKey.class; - } - - /** - * {@inheritDoc} - */ - @Override - public SSHUserPrivateKey snapshot(SSHUserPrivateKey credentials) { - if (credentials instanceof BasicSSHUserPrivateKey) { - final PrivateKeySource keySource = ((BasicSSHUserPrivateKey) credentials).getPrivateKeySource(); - if (keySource.isSnapshotSource()) { - return credentials; - } - } - final Secret passphrase = credentials.getPassphrase(); - return new BasicSSHUserPrivateKey(credentials.getScope(), credentials.getId(), credentials.getUsername(), - new DirectEntryPrivateKeySource(credentials.getPrivateKeys()), - passphrase == null ? null : passphrase.getEncryptedValue(), credentials.getDescription()); - } - } } diff --git a/src/main/java/com/cloudbees/jenkins/plugins/sshcredentials/impl/SSHUserPrivateKeySnapshotTaker.java b/src/main/java/com/cloudbees/jenkins/plugins/sshcredentials/impl/SSHUserPrivateKeySnapshotTaker.java new file mode 100644 index 0000000..d898a74 --- /dev/null +++ b/src/main/java/com/cloudbees/jenkins/plugins/sshcredentials/impl/SSHUserPrivateKeySnapshotTaker.java @@ -0,0 +1,30 @@ +package com.cloudbees.jenkins.plugins.sshcredentials.impl; + +import com.cloudbees.jenkins.plugins.sshcredentials.SSHUserPrivateKey; +import com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey.DirectEntryPrivateKeySource; +import com.cloudbees.plugins.credentials.CredentialsSnapshotTaker; + +import hudson.Extension; +import hudson.util.Secret; + +@Extension +public class SSHUserPrivateKeySnapshotTaker extends CredentialsSnapshotTaker { + /** + * {@inheritDoc} + */ + @Override + public Class type() { + return SSHUserPrivateKey.class; + } + + /** + * {@inheritDoc} + */ + @Override + public SSHUserPrivateKey snapshot(SSHUserPrivateKey credentials) { + final Secret passphrase = credentials.getPassphrase(); + return new BasicSSHUserPrivateKey(credentials.getScope(), credentials.getId(), credentials.getUsername(), + new DirectEntryPrivateKeySource(credentials.getPrivateKeys()), + passphrase == null ? null : passphrase.getEncryptedValue(), credentials.getDescription()); + } +} From a6aaa7ed19f08dfbded99f852bdd09779af0959b Mon Sep 17 00:00:00 2001 From: James Robson Date: Fri, 24 Jun 2022 11:13:00 +0100 Subject: [PATCH 3/5] Special case snapshots of BasicSSHUserPrivateKey --- .../sshcredentials/impl/SSHUserPrivateKeySnapshotTaker.java | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/main/java/com/cloudbees/jenkins/plugins/sshcredentials/impl/SSHUserPrivateKeySnapshotTaker.java b/src/main/java/com/cloudbees/jenkins/plugins/sshcredentials/impl/SSHUserPrivateKeySnapshotTaker.java index d898a74..e3df5be 100644 --- a/src/main/java/com/cloudbees/jenkins/plugins/sshcredentials/impl/SSHUserPrivateKeySnapshotTaker.java +++ b/src/main/java/com/cloudbees/jenkins/plugins/sshcredentials/impl/SSHUserPrivateKeySnapshotTaker.java @@ -22,6 +22,9 @@ public Class type() { */ @Override public SSHUserPrivateKey snapshot(SSHUserPrivateKey credentials) { + if (credentials instanceof BasicSSHUserPrivateKey) { + return credentials; + } final Secret passphrase = credentials.getPassphrase(); return new BasicSSHUserPrivateKey(credentials.getScope(), credentials.getId(), credentials.getUsername(), new DirectEntryPrivateKeySource(credentials.getPrivateKeys()), From 31bfdf937c08ba5199654dd65788acfed2f6a26f Mon Sep 17 00:00:00 2001 From: Jesse Glick Date: Fri, 24 Jun 2022 10:41:53 -0400 Subject: [PATCH 4/5] Revert gratuitous diff hunks Co-authored-by: Joseph Petersen --- .../plugins/sshcredentials/impl/BasicSSHUserPrivateKey.java | 3 --- 1 file changed, 3 deletions(-) diff --git a/src/main/java/com/cloudbees/jenkins/plugins/sshcredentials/impl/BasicSSHUserPrivateKey.java b/src/main/java/com/cloudbees/jenkins/plugins/sshcredentials/impl/BasicSSHUserPrivateKey.java index c2c4567..5598a27 100644 --- a/src/main/java/com/cloudbees/jenkins/plugins/sshcredentials/impl/BasicSSHUserPrivateKey.java +++ b/src/main/java/com/cloudbees/jenkins/plugins/sshcredentials/impl/BasicSSHUserPrivateKey.java @@ -25,8 +25,6 @@ import com.cloudbees.jenkins.plugins.sshcredentials.SSHUserPrivateKey; import com.cloudbees.plugins.credentials.CredentialsScope; -import com.cloudbees.plugins.credentials.CredentialsSnapshotTaker; - import edu.umd.cs.findbugs.annotations.CheckForNull; import edu.umd.cs.findbugs.annotations.NonNull; import hudson.DescriptorExtensionList; @@ -533,5 +531,4 @@ private Object readResolve() { // the critical field allow the permission check to make the XML read to fail completely in case of violation Items.XSTREAM2.addCriticalField(BasicSSHUserPrivateKey.class, "privateKeySource"); } - } From 2e1ade3c8afdee4c9424a82ed08837b308f0f519 Mon Sep 17 00:00:00 2001 From: jamesrobson-secondmind <43956559+jamesrobson-secondmind@users.noreply.github.com> Date: Wed, 29 Jun 2022 17:09:57 +0100 Subject: [PATCH 5/5] Add defence to the snapshot taker Co-authored-by: Jesse Glick --- .../sshcredentials/impl/SSHUserPrivateKeySnapshotTaker.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/com/cloudbees/jenkins/plugins/sshcredentials/impl/SSHUserPrivateKeySnapshotTaker.java b/src/main/java/com/cloudbees/jenkins/plugins/sshcredentials/impl/SSHUserPrivateKeySnapshotTaker.java index e3df5be..23b6322 100644 --- a/src/main/java/com/cloudbees/jenkins/plugins/sshcredentials/impl/SSHUserPrivateKeySnapshotTaker.java +++ b/src/main/java/com/cloudbees/jenkins/plugins/sshcredentials/impl/SSHUserPrivateKeySnapshotTaker.java @@ -22,7 +22,7 @@ public Class type() { */ @Override public SSHUserPrivateKey snapshot(SSHUserPrivateKey credentials) { - if (credentials instanceof BasicSSHUserPrivateKey) { + if (credentials instanceof BasicSSHUserPrivateKey && ((BasicSSHUserPrivateKey) credentials).getPrivateKeySource() instanceof DirectEntryPrivateKeySource) { return credentials; } final Secret passphrase = credentials.getPassphrase();