@Nonnull @Restricted(NoExternalUse.class) /*package*/ String getApiTokenInsecure() { if(apiToken == null){ return Messages.ApiTokenProperty_NoLegacyToken(); } String p = apiToken.getPlainText(); if (p.equals(Util.getDigestOf(Jenkins.getInstance().getSecretKey()+":"+user.getId()))) { // if the current token is the initial value created by pre SECURITY-49 Jenkins, we can't use that. // force using the newer value apiToken = Secret.fromString(p=API_KEY_SEED.mac(user.getId())); } return Util.getDigestOf(p); }
/** * @return the password in plain text */ public String getPassword() { return Secret.toString(secretPassword); }
private String tryRewrite(String s) throws IOException, InvalidKeyException { if (s.length()<24) return s; // Encrypting "" in Secret produces 24-letter characters, so this must be the minimum length if (!isBase64(s)) return s; // decode throws IOException if the input is not base64, and this is also a very quick way to filter byte[] in; try { in = Base64.decode(s.toCharArray()); } catch (IOException e) { return s; // not a valid base64 } cipher.init(Cipher.DECRYPT_MODE, key); Secret sec = HistoricalSecrets.tryDecrypt(cipher, in); if(sec!=null) // matched return sec.getEncryptedValue(); // replace by the new encrypted value else // not encrypted with the legacy key. leave it unmodified return s; }
private Credentials createCredentials(String userName, String password) { if (userName.indexOf('\\') >= 0){ final String domain = userName.substring(0, userName.indexOf('\\')); final String user = userName.substring(userName.indexOf('\\') + 1); return new NTCredentials(user, Secret.fromString(password).getPlainText(), "", domain); } else { return new UsernamePasswordCredentials(userName, Secret.fromString(password).getPlainText()); } } }
return Jenkins.ANONYMOUS; Secret oldSecret = Secret.decrypt(val); if (oldSecret != null) { LOGGER.log(Level.FINE, "Ignoring insecure stored CLI authentication for {0}", oldSecret.getPlainText()); return Jenkins.ANONYMOUS;
@DataBoundConstructor public ProxyConfiguration(String name, int port, String userName, String password, String noProxyHost, String testUrl) { this.name = Util.fixEmptyAndTrim(name); this.port = port; this.userName = Util.fixEmptyAndTrim(userName); this.secretPassword = Secret.fromString(password); this.noProxyHost = Util.fixEmptyAndTrim(noProxyHost); this.testUrl = Util.fixEmptyAndTrim(testUrl); this.authenticator = newAuthenticator(); }
@Initializer(after = InitMilestone.PLUGINS_STARTED) public static void migrate() throws IOException { GitLabConnectionConfig descriptor = (GitLabConnectionConfig) Jenkins.getInstance().getDescriptor(GitLabConnectionConfig.class); for (GitLabConnection connection : descriptor.getConnections()) { if (connection.apiTokenId == null && connection.apiToken != null) { for (CredentialsStore credentialsStore : CredentialsProvider.lookupStores(Jenkins.getInstance())) { if (credentialsStore instanceof SystemCredentialsProvider.StoreImpl) { List<Domain> domains = credentialsStore.getDomains(); connection.apiTokenId = UUID.randomUUID().toString(); credentialsStore.addCredentials(domains.get(0), new GitLabApiTokenImpl(CredentialsScope.SYSTEM, connection.apiTokenId, "GitLab API Token", Secret.fromString(connection.apiToken))); } } } } descriptor.save(); } }
static String createAuthorization(final StandardUsernamePasswordCredentials credentials) { final String username = credentials.getUsername(); final Secret secretPassword = credentials.getPassword(); final String password = secretPassword.getPlainText(); final String credPair = username + ":" + password; final byte[] credBytes = credPair.getBytes(MediaType.UTF_8); final String base64enc = DatatypeConverter.printBase64Binary(credBytes); final String result = "Basic " + base64enc; return result; }
/** * Submits the Oracle account username/password. */ @RequirePOST public HttpResponse doPostCredential(@QueryParameter String username, @QueryParameter String password) throws IOException, ServletException { Jenkins.getInstance().checkPermission(Jenkins.ADMINISTER); this.username = username; this.password = Secret.fromString(password); save(); return HttpResponses.redirectTo("credentialOK"); } }
@DataBoundConstructor public OicSecurityRealm(String clientId, String clientSecret, String tokenServerUrl, String authorizationServerUrl, String usernameField, String tokenFieldToCheckKey, String tokenFieldToCheckValue, String fullNameFieldName, String emailFieldName, String scopes) throws IOException { this.clientId = clientId; this.clientSecret = Secret.fromString(clientSecret); this.tokenServerUrl = tokenServerUrl; this.authorizationServerUrl = authorizationServerUrl; this.userNameField = Util.fixEmpty(usernameField) == null ? "sub" : usernameField; this.tokenFieldToCheckKey = Util.fixEmpty(tokenFieldToCheckKey); this.tokenFieldToCheckValue = Util.fixEmpty(tokenFieldToCheckValue); this.fullNameFieldName = Util.fixEmpty(fullNameFieldName); this.emailFieldName = Util.fixEmpty(emailFieldName); this.scopes = Util.fixEmpty(usernameField) == null ? "openid email" : scopes; }
public String[] promptKeyboardInteractive(String destination, String name, String instruction, String[] prompt, boolean[] echo) { // most SSH servers just use keyboard interactive to prompt for the password // match "assword" is safer than "password"... you don't *want* to know why! return prompt != null && prompt.length > 0 && prompt[0].toLowerCase().contains("assword") ? new String[]{getUser().getPassword().getPlainText()} : new String[0]; } }
public static Authentication getAuthenticationData(String credentialsId) { if (StringUtils.isBlank(credentialsId) ) { return null; } Authentication authData = null; final StandardCredentials credentials = CredentialsMatchers.firstOrNull( CredentialsProvider.lookupCredentials(StandardCredentials.class, Jenkins.getInstance(), ACL.SYSTEM, Collections.<DomainRequirement>emptyList() ), CredentialsMatchers.withId(credentialsId) ); if (credentials instanceof TokenCredentialsImpl) { TokenCredentialsImpl tokenCredentials = (TokenCredentialsImpl)credentials; authData = new TokenAuthentication(tokenCredentials.getSecret().getPlainText() ); } else if (credentials instanceof UsernamePasswordCredentials) { UsernamePasswordCredentials userPw = (UsernamePasswordCredentials)credentials; authData = new UserAndPasswordAuthentication(userPw.getUsername(), userPw.getPassword().getPlainText() ); } return authData; }
/** * Helper to convert a {@link Secret} password into a {@code char[]} * * @param password the password. * @return a {@code char[]} containing the password or {@code null} */ @CheckForNull private static char[] toCharArray(@NonNull Secret password) { String plainText = Util.fixEmpty(password.getPlainText()); return plainText == null ? null : plainText.toCharArray(); }
/** * Computes the key that identifies this Hudson among other Hudsons that the user has a credential for. */ @VisibleForTesting String getPropertyKey() { String url = Jenkins.getActiveInstance().getRootUrl(); if (url!=null) return url; return Secret.fromString("key").getEncryptedValue(); }
public void setDefaultValue(String defaultValue) { this.defaultValue = Secret.fromString(defaultValue); }
public String getSecretToken() { return secretToken == null ? null : secretToken.getPlainText(); }
public PasswordCredential(String userName, String password) { this.userName = userName; this.password = Secret.fromString(Scrambler.scramble(password)); }
private String getProxyPasswordDecrypted(ProxyConfiguration p) { String passwordEncrypted = p.getPassword(); String password = null; if (passwordEncrypted != null) { Secret secret = Secret.fromString(passwordEncrypted); password = Secret.toString(secret); } return password; }
@DataBoundConstructor public AWSCredentialsImpl(@CheckForNull CredentialsScope scope, @CheckForNull String id, @CheckForNull String accessKey, @CheckForNull String secretKey, @CheckForNull String description, @CheckForNull String iamRoleArn, @CheckForNull String iamMfaSerialNumber) { super(scope, id, description); this.accessKey = Util.fixNull(accessKey); this.secretKey = Secret.fromString(secretKey); this.iamRoleArn = Util.fixNull(iamRoleArn); this.iamMfaSerialNumber = Util.fixNull(iamMfaSerialNumber); }
/** * Persists the specified authentication. */ public void set(Authentication a) throws IOException, InterruptedException { Hudson h = Hudson.getInstance(); // make sure that this security realm is capable of retrieving the authentication by name, // as it's not required. UserDetails u = h.getSecurityRealm().loadUserByUsername(a.getName()); props.setProperty(getPropertyKey(), Secret.fromString(u.getUsername()).getEncryptedValue()); save(); }