[FIXED JENKINS-40286] - Delegate JnlpMac computation to SlaveComputer…

…s if possible (#2658) [FIXED JENKINS-40286] - Delegate JnlpMac computation to SlaveComputers if possible
jenkinsci · Dec 15, 2016 · 37806a5 · 37806a5
1 parent f042bf2
commit 37806a5
Showing 1 changed file with 13 additions and 4 deletions.
diff --git a/core/src/main/java/jenkins/slaves/EncryptedSlaveAgentJnlpFile.java b/core/src/main/java/jenkins/slaves/EncryptedSlaveAgentJnlpFile.java
@@ -4,6 +4,7 @@
 import hudson.security.Permission;
 import hudson.slaves.SlaveComputer;
 import hudson.util.Secret;
+import hudson.Util;
 import org.kohsuke.stapler.HttpResponse;
 import org.kohsuke.stapler.ResponseImpl;
 import org.kohsuke.stapler.StaplerRequest;
@@ -36,17 +37,20 @@
 public class EncryptedSlaveAgentJnlpFile implements HttpResponse {
     /**
      * The object that owns the Jelly view that renders JNLP file.
-     * For example {@link SlaveComputer}.
+     * This is typically a {@link SlaveComputer} and if so we'll use {@link SlaveComputer#getJnlpMac()}
+     * to determine the secret HMAC code.
      */
     private final AccessControlled it;
     /**
      * Name of the view that renders JNLP file that belongs to {@link #it}.
      */
     private final String viewName;
     /**
-     * Name of the agent, which is used to determine secret HMAC code.
+     * Name of the agent, which is used to determine secret HMAC code if {@link #it}
+     * is not a {@link SlaveComputer}.
      */
     private final String slaveName;
+
     /**
      * Permission that allows plain text access. Checked against {@link #it}.
      */
@@ -55,8 +59,8 @@ public class EncryptedSlaveAgentJnlpFile implements HttpResponse {
     public EncryptedSlaveAgentJnlpFile(AccessControlled it, String viewName, String slaveName, Permission connectPermission) {
         this.it = it;
         this.viewName = viewName;
-        this.slaveName = slaveName;
         this.connectPermission = connectPermission;
+        this.slaveName = slaveName;
     }
 
     @Override
@@ -77,7 +81,12 @@ public void generateResponse(StaplerRequest req, StaplerResponse res, Object nod
             byte[] iv = new byte[128/8];
             new SecureRandom().nextBytes(iv);
 
-            byte[] jnlpMac = JnlpSlaveAgentProtocol.SLAVE_SECRET.mac(slaveName.getBytes("UTF-8"));
+            byte[] jnlpMac;
+            if(it instanceof SlaveComputer) {
+                jnlpMac = Util.fromHexString(((SlaveComputer)it).getJnlpMac());
+            } else {
+                jnlpMac = JnlpSlaveAgentProtocol.SLAVE_SECRET.mac(slaveName.getBytes("UTF-8"));
+            }
             SecretKey key = new SecretKeySpec(jnlpMac, 0, /* export restrictions */ 128 / 8, "AES");
             byte[] encrypted;
             try {