[ENKINS-36923] This seems like a better way to access the keys

9743db3c · Stephen Connolly · 931df26d · 9743db3c · 9743db3c · 9743db3c
3 changed file
--- a/core/src/main/java/hudson/TcpSlaveAgentListener.java
+++ b/core/src/main/java/hudson/TcpSlaveAgentListener.java
@@ -116,9 +116,7 @@ public final class TcpSlaveAgentListener extends Thread {
     */
    @Nullable
    public String getIdentityPublicKey() {
-        InstanceIdentityProvider<RSAPublicKey, RSAPrivateKey> provider =
-                InstanceIdentityProvider.get(InstanceIdentityProvider.RSA);
-        RSAPublicKey key = provider == null ? null : provider.getPublicKey();
+        RSAPublicKey key = InstanceIdentityProvider.RSA.getPublicKey();
        return key == null ? null : new String(Base64.encodeBase64(key.getEncoded()), Charset.forName("UTF-8"));
    }


--- a/core/src/main/java/jenkins/model/identity/IdentityRootAction.java
+++ b/core/src/main/java/jenkins/model/identity/IdentityRootAction.java
@@ -39,8 +39,7 @@ public class IdentityRootAction implements UnprotectedRootAction {
     */
    @Override
    public String getUrlName() {
-        return InstanceIdentityProvider.get(InstanceIdentityProvider.RSA) == null
-                ? null : "instance-identity";
+        return InstanceIdentityProvider.RSA.getKeyPair() == null ? null : "instance-identity";
    }

    /**
@@ -49,9 +48,7 @@ public class IdentityRootAction implements UnprotectedRootAction {
     * @return the PEM encoded public key.
     */
    public String getPublicKey() {
-        InstanceIdentityProvider<RSAPublicKey, RSAPrivateKey> provider =
-                InstanceIdentityProvider.get(InstanceIdentityProvider.RSA);
-        RSAPublicKey key = provider == null ? null : provider.getPublicKey();
+        RSAPublicKey key = InstanceIdentityProvider.RSA.getPublicKey();
        if (key == null) {
            return null;
        }
@@ -75,9 +72,7 @@ public class IdentityRootAction implements UnprotectedRootAction {
     * @return the fingerprint of the public key.
     */
    public String getFingerprint() {
-        InstanceIdentityProvider<RSAPublicKey, RSAPrivateKey> provider =
-                InstanceIdentityProvider.get(InstanceIdentityProvider.RSA);
-        RSAPublicKey key = provider == null ? null : provider.getPublicKey();
+        RSAPublicKey key = InstanceIdentityProvider.RSA.getPublicKey();
        if (key == null) {
            return null;
        }

--- a/core/src/main/java/jenkins/model/identity/InstanceIdentityProvider.java
+++ b/core/src/main/java/jenkins/model/identity/InstanceIdentityProvider.java
@@ -78,6 +78,7 @@ public abstract class InstanceIdentityProvider<PUB extends PublicKey, PRIV exten
     *
     * @return the public key. {@code null} if {@link #getKeyPair()} is {@code null}.
     */
+    @SuppressWarnings("unchecked")
    @CheckForNull
    public PUB getPublicKey() {
        KeyPair keyPair = getKeyPair();
@@ -89,6 +90,7 @@ public abstract class InstanceIdentityProvider<PUB extends PublicKey, PRIV exten
     *
     * @return the private key. {@code null} if {@link #getKeyPair()} is {@code null}.
     */
+    @SuppressWarnings("unchecked")
    @CheckForNull
    public PRIV getPrivateKey() {
        KeyPair keyPair = getKeyPair();
@@ -104,29 +106,6 @@ public abstract class InstanceIdentityProvider<PUB extends PublicKey, PRIV exten
    @CheckForNull
    public abstract X509Certificate getCertificate();

-    /**
-     * Gets the provider of the required identity type.
-     *
-     * @param type   the type of keys.
-     * @param <PUB>  the type of public key.
-     * @param <PRIV> the type of private key.
-     * @return the provider or {@code null} if no provider of the specified type is available.
-     */
-    @CheckForNull
-    @SuppressWarnings("unchecked")
-    public static <PUB extends PublicKey, PRIV extends PrivateKey> InstanceIdentityProvider<PUB, PRIV> get(
-            @Nonnull KeyTypes<PUB, PRIV> type) {
-        for (InstanceIdentityProvider provider : ExtensionList.lookup(InstanceIdentityProvider.class)) {
-            KeyPair keyPair = provider.getKeyPair();
-            if (keyPair != null
-                    && type.pubKeyType.isInstance(keyPair.getPublic())
-                    && type.privKeyType.isInstance(keyPair.getPrivate())) {
-                return (InstanceIdentityProvider<PUB, PRIV>) provider;
-            }
-        }
-        return null;
-    }
-
    /**
     * Holds information about the paired keytypes that can be used to form the various identity keys.
     *
@@ -154,6 +133,29 @@ public abstract class InstanceIdentityProvider<PUB extends PublicKey, PRIV exten
            this.privKeyType = privKeyType;
        }

+        /**
+         * Gets the provider of the required identity type.
+         *
+         * @param type   the type of keys.
+         * @param <PUB>  the type of public key.
+         * @param <PRIV> the type of private key.
+         * @return the provider or {@code null} if no provider of the specified type is available.
+         */
+        @CheckForNull
+        @SuppressWarnings("unchecked")
+        private static <PUB extends PublicKey, PRIV extends PrivateKey> InstanceIdentityProvider<PUB, PRIV> get(
+                @Nonnull KeyTypes<PUB, PRIV> type) {
+            for (InstanceIdentityProvider provider : ExtensionList.lookup(InstanceIdentityProvider.class)) {
+                KeyPair keyPair = provider.getKeyPair();
+                if (keyPair != null
+                        && type.pubKeyType.isInstance(keyPair.getPublic())
+                        && type.privKeyType.isInstance(keyPair.getPrivate())) {
+                    return (InstanceIdentityProvider<PUB, PRIV>) provider;
+                }
+            }
+            return null;
+        }
+
        /**
         * Gets the interface for the public key.
         *
@@ -171,6 +173,54 @@ public abstract class InstanceIdentityProvider<PUB extends PublicKey, PRIV exten
        public Class<PRIV> getPrivateKeyClass() {
            return privKeyType;
        }
+
+        /**
+         * Gets the {@link KeyPair} that comprises the instance identity.
+         *
+         * @return the {@link KeyPair} that comprises the instance identity. {@code null} could technically be
+         * returned in
+         * the event that a keypair could not be generated, for example if the specific key type of this provider
+         * is not permitted at the required length by the JCA policy.
+         */
+        @CheckForNull
+        public KeyPair getKeyPair() {
+            InstanceIdentityProvider<PUB, PRIV> provider = get(this);
+            return provider == null ? null : provider.getKeyPair();
+        }
+
+        /**
+         * Shortcut to {@link KeyPair#getPublic()}.
+         *
+         * @return the public key. {@code null} if {@link #getKeyPair()} is {@code null}.
+         */
+        @CheckForNull
+        public PUB getPublicKey() {
+            InstanceIdentityProvider<PUB, PRIV> provider = get(this);
+            return provider == null ? null : provider.getPublicKey();
+        }
+
+        /**
+         * Shortcut to {@link KeyPair#getPrivate()}.
+         *
+         * @return the private key. {@code null} if {@link #getKeyPair()} is {@code null}.
+         */
+        @CheckForNull
+        public PRIV getPrivateKey() {
+            InstanceIdentityProvider<PUB, PRIV> provider = get(this);
+            return provider == null ? null : provider.getPrivateKey();
+        }
+
+        /**
+         * Gets the self-signed {@link X509Certificate} that is associated with this identity. The certificate
+         * will must be currently valid. Repeated calls to this method may result in new certificates being generated.
+         *
+         * @return the certificate. {@code null} if {@link #getKeyPair()} is {@code null}.
+         */
+        @CheckForNull
+        public X509Certificate getCertificate() {
+            InstanceIdentityProvider<PUB, PRIV> provider = get(this);
+            return provider == null ? null : provider.getCertificate();
+        }
    }

 }