@Override public void run() throws IOException, InterruptedException { try { DataOutputStream out = new DataOutputStream(socket.getOutputStream()); out.writeUTF("Welcome"); // perform coin-toss and come up with a session key to encrypt data Connection c = new Connection(socket); byte[] secret = c.diffieHellman(true).generateSecret(); SecretKey sessionKey = new SecretKeySpec(Connection.fold(secret,128/8),"AES"); c = c.encryptConnection(sessionKey,"AES/CFB8/NoPadding"); try { // HACK: TODO: move the transport support into modules Class<?> cls = Jenkins.getActiveInstance().pluginManager.uberClassLoader.loadClass("org.jenkinsci.main.modules.instance_identity.InstanceIdentity"); Object iid = cls.getDeclaredMethod("get").invoke(null); PrivateKey instanceId = (PrivateKey)cls.getDeclaredMethod("getPrivate").invoke(iid); // send a signature to prove our identity Signature signer = Signature.getInstance("SHA1withRSA"); signer.initSign(instanceId); signer.update(secret); c.writeByteArray(signer.sign()); } catch (ClassNotFoundException | IllegalAccessException | InvocationTargetException | NoSuchMethodException e) { throw new Error(e); } runCli(c); } catch (GeneralSecurityException e) { throw new IOException("Failed to encrypt the CLI channel",e); } } }
byte[] secret = c.diffieHellman(false).generateSecret(); SecretKey sessionKey = new SecretKeySpec(Connection.fold(secret,128/8),"AES"); c = c.encryptConnection(sessionKey,"AES/CFB8/NoPadding");
@Override public void run() throws IOException, InterruptedException { try { DataOutputStream out = new DataOutputStream(socket.getOutputStream()); out.writeUTF("Welcome"); // perform coin-toss and come up with a session key to encrypt data Connection c = new Connection(socket); byte[] secret = c.diffieHellman(true).generateSecret(); SecretKey sessionKey = new SecretKeySpec(Connection.fold(secret,128/8),"AES"); c = c.encryptConnection(sessionKey,"AES/CFB8/NoPadding"); try { // HACK: TODO: move the transport support into modules Class<?> cls = Jenkins.getActiveInstance().pluginManager.uberClassLoader.loadClass("org.jenkinsci.main.modules.instance_identity.InstanceIdentity"); Object iid = cls.getDeclaredMethod("get").invoke(null); PrivateKey instanceId = (PrivateKey)cls.getDeclaredMethod("getPrivate").invoke(iid); // send a signature to prove our identity Signature signer = Signature.getInstance("SHA1withRSA"); signer.initSign(instanceId); signer.update(secret); c.writeByteArray(signer.sign()); } catch (ClassNotFoundException | IllegalAccessException | InvocationTargetException | NoSuchMethodException e) { throw new Error(e); } runCli(c); } catch (GeneralSecurityException e) { throw new IOException("Failed to encrypt the CLI channel",e); } } }