jira-plugin/src/main/java/hudson/plugins/jira/CredentialsHelper.java at f15c014094b04f6f5e5d933c9f374e9044ee7d1b · jenkinsci/jira-plugin · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
package hudson.plugins.jira;

import com.cloudbees.plugins.credentials.CredentialsMatchers;
import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.CredentialsScope;
import com.cloudbees.plugins.credentials.SystemCredentialsProvider;
import com.cloudbees.plugins.credentials.common.StandardCredentials;
import com.cloudbees.plugins.credentials.common.StandardListBoxModel;
import com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials;
import com.cloudbees.plugins.credentials.common.UsernamePasswordCredentials;
import com.cloudbees.plugins.credentials.domains.URIRequirementBuilder;
import com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl;
import edu.umd.cs.findbugs.annotations.CheckForNull;
import edu.umd.cs.findbugs.annotations.NonNull;
import hudson.model.Descriptor.FormException;
import hudson.model.Item;
import hudson.model.Queue;
import hudson.model.queue.Tasks;
import hudson.security.ACL;
import hudson.util.FormValidation;
import hudson.util.ListBoxModel;
import hudson.util.Secret;
import java.io.IOException;
import java.net.URL;
import java.util.List;
import java.util.Optional;
import java.util.logging.Level;
import java.util.logging.Logger;
import jenkins.model.Jenkins;
import org.apache.commons.lang.StringUtils;

/**
 * Helper class for vary credentials operations.
 *
 * @author Zhenlei Huang
 */
public class CredentialsHelper {
    private static final Logger LOGGER = Logger.getLogger(CredentialsHelper.class.getName());

    @CheckForNull
    protected static StandardUsernamePasswordCredentials lookupSystemCredentials(
            @CheckForNull String credentialsId, @CheckForNull URL url) {
        if (credentialsId == null) {
            return null;
        }
        return CredentialsMatchers.firstOrNull(
                CredentialsProvider.lookupCredentials(
                        StandardUsernamePasswordCredentials.class,
                        Jenkins.get(),
                        ACL.SYSTEM,
                        URIRequirementBuilder.fromUri(url != null ? url.toExternalForm() : null)
                                .build()),
                CredentialsMatchers.withId(credentialsId));
    }

    protected static StandardUsernamePasswordCredentials migrateCredentials(
            @NonNull String username, String password, @CheckForNull URL url) throws FormException {
        List<StandardUsernamePasswordCredentials> credentials = CredentialsMatchers.filter(
                CredentialsProvider.lookupCredentials(
                        StandardUsernamePasswordCredentials.class,
                        Jenkins.get(),
                        ACL.SYSTEM,
                        URIRequirementBuilder.fromUri(url != null ? url.toExternalForm() : null)
                                .build()),
                CredentialsMatchers.withUsername(username));
        for (StandardUsernamePasswordCredentials c : credentials) {
            if (StringUtils.equals(password, Secret.toString(c.getPassword()))) {
                return c; // found
            }
        }

        // Create new credentials with the principal and secret if we couldn't find any existing credentials
        StandardUsernamePasswordCredentials newCredentials = new UsernamePasswordCredentialsImpl(
                CredentialsScope.SYSTEM, null, "Migrated by Jira Plugin", username, password);
        SystemCredentialsProvider.getInstance().getCredentials().add(newCredentials);
        try {
            SystemCredentialsProvider.getInstance().save();
            LOGGER.log(
                    Level.INFO,
                    "Provided username and password were successfully migrated and stored as {0}",
                    newCredentials.getId());
        } catch (IOException e) {
            LOGGER.log(Level.WARNING, "Unable to store migrated credentials", e);
        }

        return newCredentials;
    }

    protected static ListBoxModel doFillCredentialsIdItems(Item item, String credentialsId, String uri) {
        StandardListBoxModel result = new StandardListBoxModel();
        if (item == null) {
            if (!Jenkins.get().hasPermission(Jenkins.ADMINISTER)) {
                return result.includeCurrentValue(credentialsId);
            }
        } else {
            if (!item.hasPermission(Item.EXTENDED_READ) && !item.hasPermission(CredentialsProvider.USE_ITEM)) {
                return result.includeCurrentValue(credentialsId);
            }
        }
        return result.includeEmptyValue()
                .includeMatchingAs(
                        item instanceof Queue.Task ? Tasks.getAuthenticationOf((Queue.Task) item) : ACL.SYSTEM,
                        item,
                        StandardCredentials.class,
                        URIRequirementBuilder.fromUri(uri).build(),
                        CredentialsMatchers.anyOf(
                                CredentialsMatchers.instanceOf(StandardUsernamePasswordCredentials.class),
                                CredentialsMatchers.instanceOf(UsernamePasswordCredentials.class)))
                .includeCurrentValue(credentialsId);
    }

    protected static FormValidation doCheckFillCredentialsId(Item item, String credentialsId, String uri) {
        if (item == null) {
            if (!Jenkins.get().hasPermission(Jenkins.ADMINISTER)) {
                return FormValidation.ok();
            }
        } else {
            if (!item.hasPermission(Item.EXTENDED_READ) && !item.hasPermission(CredentialsProvider.USE_ITEM)) {
                return FormValidation.ok();
            }
        }
        if (StringUtils.isEmpty(credentialsId)) {
            return FormValidation.ok();
        }
        if (!(findCredentials(item, credentialsId, uri).isPresent())) {
            return FormValidation.error("Cannot find currently selected credentials");
        }
        return FormValidation.ok();
    }

    protected static Optional<StandardUsernamePasswordCredentials> findCredentials(
            Item item, String credentialsId, String uri) {
        return Optional.ofNullable(CredentialsMatchers.firstOrNull(
                CredentialsProvider.lookupCredentials(
                        StandardUsernamePasswordCredentials.class,
                        item,
                        item instanceof Queue.Task ? Tasks.getAuthenticationOf((Queue.Task) item) : ACL.SYSTEM,
                        URIRequirementBuilder.fromUri(uri).build()),
                CredentialsMatchers.withId(credentialsId)));
    }
}