[FIXED JENKINS-4000] , [FIXED JENKINS-4002] encrypt proxy password

Proxy password is encrypted in xml config file, and in the UI
jenkinsci · May 21, 2011 · c4d9fe8 · c4d9fe8
1 parent 78c709e
commit c4d9fe8
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 6 deletions.
diff --git a/core/src/main/java/hudson/ProxyConfiguration.java b/core/src/main/java/hudson/ProxyConfiguration.java
@@ -27,6 +27,7 @@
 import hudson.model.Saveable;
 import hudson.model.listeners.SaveableListener;
 import hudson.util.Scrambler;
+import hudson.util.Secret;
 import hudson.util.XStream2;
 
 import java.io.File;
@@ -59,10 +60,17 @@ public final class ProxyConfiguration implements Saveable {
     public final int port;
 
     /**
-     * Possibly null proxy user name and password.
-     * Password is base64 scrambled since this is persisted to disk.
+     * Possibly null proxy user name.
      */
-    private final String userName,password;
+    private final String userName;
+    /**
+     * null
+     */
+    private String password;
+    /**
+     * encrypted password
+     */
+    private Secret secretPassword;
 
     public ProxyConfiguration(String name, int port) {
         this(name,port,null,null);
@@ -72,15 +80,24 @@ public ProxyConfiguration(String name, int port, String userName, String passwor
         this.name = name;
         this.port = port;
         this.userName = userName;
-        this.password = Scrambler.scramble(password);
+        this.secretPassword = Secret.fromString(password);
     }
 
     public String getUserName() {
         return userName;
     }
 
+//    This method is public, if it was public only for jelly, then should make it private (or inline contents)
+//    Have left public, as can't tell if anyone else is using from plugins
+    /**
+     * @return the password in plain text
+     */
     public String getPassword() {
-        return Scrambler.descramble(password);
+        return Secret.toString(secretPassword);
+    }
+
+    public String getEncryptedPassword() {
+        return (secretPassword == null) ? null : secretPassword.getEncryptedValue();
     }
 
     public Proxy createProxy() {
@@ -94,6 +111,13 @@ public void save() throws IOException {
         SaveableListener.fireOnChange(this, config);
     }
 
+    public Object readResolve() {
+        if (secretPassword == null)
+            secretPassword = Secret.fromString(Scrambler.descramble(password));
+        password = null;
+        return this;
+    }
+
     public static XmlFile getXmlFile() {
         return new XmlFile(XSTREAM, new File(Hudson.getInstance().getRootDir(), "proxy.xml"));
     }

diff --git a/core/src/main/resources/hudson/PluginManager/advanced.jelly b/core/src/main/resources/hudson/PluginManager/advanced.jelly
@@ -48,7 +48,7 @@ THE SOFTWARE.
               <f:textbox name="proxy.userName" value="${app.proxy.userName}" />
             </f:entry>
             <f:entry title="${%Password}">
-              <f:password name="proxy.password" value="${app.proxy.password}" />
+              <f:password name="proxy.password" value="${app.proxy.encryptedPassword}" />
             </f:entry>
             <f:block>
               <f:submit value="${%Submit}" />