Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
[JENKINS-34745] - Prevent CheckUpdates PeriodicWork death if update s…
…ite cert is missing (#2333)

* [JENKINS-34745] - Prevent CheckUpdates PeriodicWork death in the case of the missing update site signature

* [JENKINS-34745] - Fix typo in the validator

* [JENKINS-34745] - Fix the formatting of the validation message (cc @lanwen)
  • Loading branch information
oleg-nenashev committed May 14, 2016
1 parent 22e9aa0 commit 1e6afba
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 12 deletions.
26 changes: 15 additions & 11 deletions core/src/main/java/hudson/PluginManager.java
Expand Up @@ -1408,20 +1408,24 @@ public HttpResponse doUploadPlugin(StaplerRequest req) throws IOException, Servl
@Restricted(NoExternalUse.class)
@RequirePOST public HttpResponse doCheckUpdatesServer() throws IOException {
Jenkins.getInstance().checkPermission(Jenkins.ADMINISTER);
for (UpdateSite site : Jenkins.getInstance().getUpdateCenter().getSites()) {
FormValidation v = site.updateDirectlyNow(DownloadService.signatureCheck);
if (v.kind != FormValidation.Kind.OK) {
// TODO crude but enough for now
return v;
try {
for (UpdateSite site : Jenkins.getInstance().getUpdateCenter().getSites()) {
FormValidation v = site.updateDirectlyNow(DownloadService.signatureCheck);
if (v.kind != FormValidation.Kind.OK) {
// TODO crude but enough for now
return v;
}
}
}
for (DownloadService.Downloadable d : DownloadService.Downloadable.all()) {
FormValidation v = d.updateNow();
if (v.kind != FormValidation.Kind.OK) {
return v;
for (DownloadService.Downloadable d : DownloadService.Downloadable.all()) {
FormValidation v = d.updateNow();
if (v.kind != FormValidation.Kind.OK) {
return v;
}
}
return HttpResponses.forwardToPreviousPage();
} catch(RuntimeException ex) {
throw new IOException("Unhandled exception during updates server check", ex);
}
return HttpResponses.forwardToPreviousPage();
}

protected String identifyPluginShortName(File t) {
Expand Down
6 changes: 5 additions & 1 deletion core/src/main/java/jenkins/util/JSONSignatureValidator.java
Expand Up @@ -82,7 +82,11 @@ public FormValidation verifySignature(JSONObject o) throws IOException {

// this is for computing a signature
Signature sig = Signature.getInstance("SHA1withRSA");
sig.initVerify(certs.get(0));
if (certs.isEmpty()) {
return FormValidation.error("No certificate found in %s. Cannot verify the signature", name);
} else {
sig.initVerify(certs.get(0));
}
SignatureOutputStream sos = new SignatureOutputStream(sig);

// until JENKINS-11110 fix, UC used to serve invalid digest (and therefore unverifiable signature)
Expand Down

0 comments on commit 1e6afba

Please sign in to comment.