Store encrypted password

Now password for SSH authentication file is stored as plain text. This patch fixes it. Already stored password would be replaced to encrypted ones if config is saved once. Fix for JENKINS-23165
jenkinsci · May 27, 2014 · 7d6bcae · 7d6bcae
1 parent 4775bce
commit 7d6bcae
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 8 deletions.
diff --git a/src/main/java/com/sonyericsson/hudson/plugins/gerrit/trigger/config/Config.java b/src/main/java/com/sonyericsson/hudson/plugins/gerrit/trigger/config/Config.java
@@ -141,7 +141,7 @@ public class Config implements IGerritHudsonTriggerConfig {
     private String gerritUserName;
     private String gerritEMail;
     private File gerritAuthKeyFile;
-    private String gerritAuthKeyFilePassword;
+    private Secret gerritAuthKeyFilePassword;
     private boolean useRestApi;
     private String gerritHttpUserName;
     private Secret gerritHttpPassword;
@@ -199,7 +199,7 @@ public Config(IGerritHudsonTriggerConfig config) {
         gerritEMail = config.getGerritEMail();
         notificationLevel = config.getNotificationLevel();
         gerritAuthKeyFile = new File(config.getGerritAuthKeyFile().getPath());
-        gerritAuthKeyFilePassword = config.getGerritAuthKeyFilePassword();
+        gerritAuthKeyFilePassword = Secret.fromString(config.getGerritAuthKeyFilePassword());
         useRestApi = config.isUseRestApi();
         gerritHttpUserName = config.getGerritHttpUserName();
         gerritHttpPassword = Secret.fromString(config.getGerritHttpPassword());
@@ -254,11 +254,11 @@ public void setValues(JSONObject formData) {
         } else {
             gerritAuthKeyFile = DEFAULT_GERRIT_AUTH_KEY_FILE;
         }
-        gerritAuthKeyFilePassword = formData.optString(
+        gerritAuthKeyFilePassword = Secret.fromString(formData.optString(
                 "gerritAuthKeyFilePassword",
-                DEFAULT_GERRIT_AUTH_KEY_FILE_PASSWORD);
+                DEFAULT_GERRIT_AUTH_KEY_FILE_PASSWORD));
 
-        if (gerritAuthKeyFilePassword != null && gerritAuthKeyFilePassword.length() <= 0) {
+        if (gerritAuthKeyFilePassword != null && gerritAuthKeyFilePassword.getPlainText().length() <= 0) {
             gerritAuthKeyFilePassword = null;
         }
         gerritBuildCurrentPatchesOnly = formData.optBoolean(
@@ -477,7 +477,11 @@ public void setGerritAuthKeyFile(File gerritAuthKeyFile) {
 
     @Override
     public String getGerritAuthKeyFilePassword() {
-        return gerritAuthKeyFilePassword;
+        if (gerritAuthKeyFilePassword == null) {
+            return "";
+        } else {
+            return gerritAuthKeyFilePassword.getPlainText();
+        }
     }
 
     /**
@@ -487,7 +491,7 @@ public String getGerritAuthKeyFilePassword() {
      * @see #getGerritAuthKeyFilePassword()
      */
     public void setGerritAuthKeyFilePassword(String gerritAuthKeyFilePassword) {
-        this.gerritAuthKeyFilePassword = gerritAuthKeyFilePassword;
+        this.gerritAuthKeyFilePassword = Secret.fromString(gerritAuthKeyFilePassword);
     }
 
     /**
@@ -874,7 +878,14 @@ public void setEnableManualTrigger(boolean enableManualTrigger) {
 
     @Override
     public Authentication getGerritAuthentication() {
-        return new Authentication(gerritAuthKeyFile, gerritUserName, gerritAuthKeyFilePassword);
+        Authentication authentication;
+        if (gerritAuthKeyFilePassword == null) {
+            authentication = new Authentication(gerritAuthKeyFile, gerritUserName, "");
+        } else {
+            authentication = new Authentication(
+                    gerritAuthKeyFile, gerritUserName, gerritAuthKeyFilePassword.getPlainText());
+        }
+        return authentication;
     }
 
     @Override

diff --git a/src/test/java/com/sonyericsson/hudson/plugins/gerrit/trigger/config/ConfigTest.java b/src/test/java/com/sonyericsson/hudson/plugins/gerrit/trigger/config/ConfigTest.java
@@ -36,6 +36,8 @@
 import org.junit.Test;
 import org.jvnet.hudson.test.JenkinsRule;
 
+import hudson.util.Secret;
+
 import java.io.File;
 
 import static org.junit.Assert.assertEquals;
@@ -253,4 +255,17 @@ public void testGetGerritFrontEndUrlForChangeBasedEventProvider() {
         event.getChange().setUrl(null);
         assertEquals("http://gerrit/1000", config.getGerritFrontEndUrlFor(event));
     }
+
+    /**
+     * Tests {@link Config#getGerritAuthKeyFilePassword()}.
+     * With a encrypted string as password.
+     */
+    @Test
+    public void testGetGerritAuthKeyFilePasswordFromEncryptedString() {
+        Secret pass = Secret.fromString("gerritpass");
+        String formString = "{\"gerritAuthKeyFilePassword\":\"" + pass.getEncryptedValue() + "\"}";
+        JSONObject form = (JSONObject)JSONSerializer.toJSON(formString);
+        Config config = new Config(form);
+        assertEquals("gerritpass", config.getGerritAuthKeyFilePassword());
+    }
 }