Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[JENKINS-73335] add support for PEM encoded certificate (and key) #543

Merged
merged 9 commits into from
Jul 12, 2024
Merged

[JENKINS-73335] add support for PEM encoded certificate (and key) #543

merged 9 commits into from
Jul 12, 2024

Conversation

jtnord
Copy link
Member

@jtnord jtnord commented Jun 24, 2024
edited
Loading

https://issues.jenkins.io/browse/JENKINS-73335

Testing done

Tested in a FIPS configured environment (e2e running Jenkins.war) and with mvn hpi:run in a regular dev environment.

tested both valid and invalid keys / password combinations and valid but not FIPS compliant keys.
FormValidation was working except https://issues.jenkins.io/browse/JENKINS-65616 and when regular textAreas where used for the secret (before switching to SecretTextArea for which https://issues.jenkins.io/browse/JENKINS-73404 has been raised)

introduced a new test to cover a happy case path usign the UI to enter a password protected key and cert.

Submitter checklist

  • Make sure you are opening from a topic/feature/bugfix branch (right side) and not your main branch!
  • Ensure that the pull request title represents the desired changelog entry
  • Please describe what you did
  • Link to relevant issues in GitHub or Jira
  • Link to relevant pull requests, esp. upstream and downstream changes
  • Ensure you have provided tests - that demonstrates feature works or fixes the issue

jtnord
jtnord commented Jun 24, 2024
View reviewed changes
pom.xml Outdated Show resolved Hide resolved
@jtnord jtnord mentioned this pull request Jul 4, 2024
Merged
6 tasks
@jtnord
[JENKINS-73335] add support for certificates that are not PKCS12 form…
462e240 
…atted

Provides an alternative method for entering Certificate credentials,
required when running in FIPS as we can not use PKCS12
@jtnord
Switch from file upload to user entry
44569cb 
As PEMs are not binary files but tet encoding it makes more sense to
have users enter them.

Additionally feedback is that user normally manage the certificate chain
and keys separately
@jtnord
switch to the exepcted SecretTextArea
a6e3457 
Now that formvalidation has been manually tested swap back to
SecretTextArea

The formValidation won't work pending JENKINS-73404 (and to some extent
JENKINS-65616) but once they are fixed will magically start working
@jtnord
pick up release of bouncycastle-api
a43b0b7
@jtnord jtnord marked this pull request as ready for review July 5, 2024 16:07
@jtnord jtnord requested a review from a team as a code owner July 5, 2024 16:07
jtnord
jtnord commented Jul 5, 2024
View reviewed changes
...bees/plugins/credentials/impl/CertificateCredentialsImpl/UploadedKeyStoreSource/config.jelly
@@ -55,6 +55,11 @@
uploadedCertFileInput.onchange = fileOnChange.bind(uploadedCertFileInput);
}
function fileOnChange() {
// only trigger validation if the PKCS12 upload is selected
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

as there is more than one option, only trigger this validation if this descriptor is chosen.

src/main/java/com/cloudbees/plugins/credentials/impl/CertificateCredentialsImpl.java Outdated Show resolved Hide resolved
src/main/java/com/cloudbees/plugins/credentials/impl/CertificateCredentialsImpl.java Outdated Show resolved Hide resolved
src/main/java/com/cloudbees/plugins/credentials/impl/CertificateCredentialsImpl.java Outdated Show resolved Hide resolved
src/main/java/com/cloudbees/plugins/credentials/impl/CertificateCredentialsImpl.java Outdated Show resolved Hide resolved
src/main/java/com/cloudbees/plugins/credentials/impl/CertificateCredentialsImpl.java Outdated Show resolved Hide resolved
src/main/java/com/cloudbees/plugins/credentials/impl/CertificateCredentialsImpl.java Outdated Show resolved Hide resolved
src/main/java/com/cloudbees/plugins/credentials/impl/CertificateCredentialsImpl.java Outdated Show resolved Hide resolved
src/main/java/com/cloudbees/plugins/credentials/impl/CertificateCredentialsImpl.java Outdated Show resolved Hide resolved
src/main/java/com/cloudbees/plugins/credentials/impl/CertificateCredentialsImpl.java Outdated Show resolved Hide resolved
@jtnord jtnord marked this pull request as draft July 5, 2024 16:15
jtnord added a commit to jtnord/bom that referenced this pull request Jul 8, 2024
@jtnord
precheck jenkinsci/credentials-plugin#543
57ac942
This was referenced Jul 8, 2024
Merged
Merged
jtnord added a commit to jtnord/pipeline-model-definition-plugin that referenced this pull request Jul 8, 2024
@jtnord
use valid password for test code
ddcd2cd 
amends jenkinsci#723 that was working as the KeyStore was not validated.

However jenkinsci/credentials-plugin#543 now
validates the keystore and hence this test started failing as the
password did not match
@jtnord jtnord mentioned this pull request Jul 8, 2024
Merged
@jtnord jtnord marked this pull request as ready for review July 12, 2024 13:16
@jtnord jtnord merged commit fee6b09 into jenkinsci:master Jul 12, 2024
15 checks passed
@jtnord jtnord deleted the JENKINS-73335 branch July 12, 2024 15:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@jtnord