Merge branch 'security-stable-2.7' into security-stable-2.19

a0833ee4 · Jesse Glick · 81f9b0fc · 431140e6 · a0833ee4 · a0833ee4
5 changed file
--- a/core/src/main/java/hudson/console/ConsoleNote.java
+++ b/core/src/main/java/hudson/console/ConsoleNote.java
@@ -192,9 +192,11 @@ public abstract class ConsoleNote<T> implements Serializable, Describable<Consol
        DataOutputStream dos = new DataOutputStream(new Base64OutputStream(buf2,true,-1,null));
        try {
            buf2.write(PREAMBLE);
-            byte[] mac = MAC.mac(buf.toByteArray());
-            dos.writeInt(- mac.length); // negative to differentiate from older form
-            dos.write(mac);
+            if (Jenkins.getInstanceOrNull() != null) { // else we are in another JVM and cannot sign; result will be ignored unless INSECURE
+                byte[] mac = MAC.mac(buf.toByteArray());
+                dos.writeInt(- mac.length); // negative to differentiate from older form
+                dos.write(mac);
+            }
            dos.writeInt(buf.size());
            buf.writeTo(dos);
        } finally {

--- a/core/src/main/java/jenkins/security/ConfidentialStore.java
+++ b/core/src/main/java/jenkins/security/ConfidentialStore.java
@@ -59,9 +59,7 @@ public abstract class ConfidentialStore {
     * Retrieves the currently active singleton instance of {@link ConfidentialStore}.
     */
    public static @Nonnull ConfidentialStore get() {
-        if (TEST != null) {
-            return TEST;
-        }
+        if (TEST!=null) return TEST.get();

        Jenkins j = Jenkins.getInstance();
        Lookup lookup = j.lookup;
@@ -92,7 +90,7 @@ public abstract class ConfidentialStore {
    /**
     * Testing only. Used for testing {@link ConfidentialKey} without {@link Jenkins}
     */
-    /*package*/ static ConfidentialStore TEST = null;
+    /*package*/ static ThreadLocal<ConfidentialStore> TEST = null;

    private static final Logger LOGGER = Logger.getLogger(ConfidentialStore.class.getName());
 }
--- a/core/src/test/java/hudson/model/TaskActionTest.java
+++ b/core/src/test/java/hudson/model/TaskActionTest.java
 package hudson.model;

-import static org.junit.Assert.*;
+import static org.junit.Assert.assertTrue;

 import java.io.ByteArrayOutputStream;

 import hudson.console.AnnotatedLargeText;
 import hudson.security.ACL;
 import hudson.security.Permission;
-import jenkins.security.ConfidentialStoreRule;
 import org.acegisecurity.Authentication;
-import static org.hamcrest.CoreMatchers.startsWith;
-import org.junit.Rule;
 import org.junit.Test;

 /**
@@ -18,9 +15,6 @@ import org.junit.Test;
 */
 public class TaskActionTest {

-    @Rule
-    public ConfidentialStoreRule confidentialStoreRule = new ConfidentialStoreRule();
-
    private static class MyTaskThread extends TaskThread {
        MyTaskThread(TaskAction taskAction) {
            super(taskAction, ListenerAndText.forMemory(taskAction));
@@ -69,6 +63,6 @@ public class TaskActionTest {
        }
        ByteArrayOutputStream os = new ByteArrayOutputStream();
        annotatedText.writeLogTo(0, os);
-        assertThat(os.toString("UTF-8"), startsWith("a linkCompleted"));
+        assertTrue(os.toString("UTF-8").startsWith("a linkCompleted"));
    }
 }
--- a/core/src/test/java/jenkins/security/ConfidentialStoreRule.java
+++ b/core/src/test/java/jenkins/security/ConfidentialStoreRule.java
@@ -14,13 +14,16 @@ public class ConfidentialStoreRule extends ExternalResource {
    @Override
    protected void before() throws Throwable {
        tmp.create();
-        ConfidentialStore.TEST = new DefaultConfidentialStore(tmp.getRoot());
+        ConfidentialStore.TEST.set(new DefaultConfidentialStore(tmp.getRoot()));
    }

    @Override
    protected void after() {
-        ConfidentialStore.TEST = null;
+        ConfidentialStore.TEST.set(null);
        tmp.delete();
    }

+    static {
+        ConfidentialStore.TEST = new ThreadLocal<ConfidentialStore>();
+    }
 }
--- a/core/src/test/java/hudson/console/AnnotatedLargeTextTest.java
+++ b/core/src/test/java/hudson/console/AnnotatedLargeTextTest.java
@@ -29,23 +29,23 @@ import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.io.PrintStream;
 import java.io.StringWriter;
-import jenkins.security.ConfidentialStoreRule;
 import org.apache.commons.io.Charsets;
 import static org.hamcrest.CoreMatchers.*;
 import static org.junit.Assert.*;
+import org.junit.ClassRule;
 import org.junit.Test;
-import org.junit.Rule;
 import org.jvnet.hudson.test.For;
 import org.jvnet.hudson.test.Issue;
+import org.jvnet.hudson.test.JenkinsRule;
 import org.kohsuke.stapler.framework.io.ByteBuffer;

 @For({AnnotatedLargeText.class, ConsoleNote.class, ConsoleAnnotationOutputStream.class, PlainTextConsoleOutputStream.class})
 public class AnnotatedLargeTextTest {

-    @Rule
-    public ConfidentialStoreRule confidentialStoreRule = new ConfidentialStoreRule();
+    @ClassRule
+    public static JenkinsRule r = new JenkinsRule();

-    /* TODO in trunk:
+    /* TODO in master:
    @Rule
    public LoggerRule logging = new LoggerRule().record(ConsoleAnnotationOutputStream.class, Level.FINE).capture(100);
    */