Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
xxadev
jenkins
提交
3080573a
J
jenkins
项目概览
xxadev
/
jenkins
与 Fork 源项目一致
从无法访问的项目Fork
通知
3
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
J
jenkins
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
3080573a
编写于
4月 28, 2015
作者:
K
Kohsuke Kawaguchi
浏览文件
操作
浏览文件
下载
差异文件
Merge pull request #1671 from jenkinsci/rsa-credential-store
Define additional ConfidentialStore around RSA key pair
上级
656d0d01
aa50f169
变更
4
显示空白变更内容
内联
并排
Showing
4 changed file
with
276 addition
and
0 deletion
+276
-0
core/src/main/java/jenkins/security/RSAConfidentialKey.java
core/src/main/java/jenkins/security/RSAConfidentialKey.java
+111
-0
core/src/main/java/jenkins/security/RSADigitalSignatureConfidentialKey.java
.../jenkins/security/RSADigitalSignatureConfidentialKey.java
+63
-0
core/src/test/groovy/jenkins/security/RSAConfidentialKeyTest.groovy
...est/groovy/jenkins/security/RSAConfidentialKeyTest.groovy
+48
-0
core/src/test/groovy/jenkins/security/RSADigitalSignatureConfidentialKeyTest.groovy
...ns/security/RSADigitalSignatureConfidentialKeyTest.groovy
+54
-0
未找到文件。
core/src/main/java/jenkins/security/RSAConfidentialKey.java
0 → 100644
浏览文件 @
3080573a
/*
* The MIT License
*
* Copyright (c) 2015, CloudBees, Inc.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
package
jenkins.security
;
import
org.apache.commons.codec.binary.Base64
;
import
java.io.IOException
;
import
java.security.GeneralSecurityException
;
import
java.security.KeyFactory
;
import
java.security.KeyPair
;
import
java.security.KeyPairGenerator
;
import
java.security.PrivateKey
;
import
java.security.SecureRandom
;
import
java.security.interfaces.RSAPrivateCrtKey
;
import
java.security.interfaces.RSAPrivateKey
;
import
java.security.interfaces.RSAPublicKey
;
import
java.security.spec.PKCS8EncodedKeySpec
;
import
java.security.spec.RSAPublicKeySpec
;
/**
* RSA public/private key pair as {@link ConfidentialKey}.
*
* <p>
* As per the design principle of {@link ConfidentialKey}, not exposing {@link PrivateKey} directly.
* Define subtypes for different use cases.
*
* @author Kohsuke Kawaguchi
*/
public
abstract
class
RSAConfidentialKey
extends
ConfidentialKey
{
private
RSAPrivateKey
priv
;
private
RSAPublicKey
pub
;
public
RSAConfidentialKey
(
String
id
)
{
super
(
id
);
}
public
RSAConfidentialKey
(
Class
owner
,
String
shortName
)
{
this
(
owner
.
getName
()
+
'.'
+
shortName
);
}
/**
* Obtains the private key (lazily.)
* <p>
* This method is not publicly exposed as per the design principle of {@link ConfidentialKey}.
* Instead of exposing private key, define methods that use them in specific way, such as
* {@link RSADigitalSignatureConfidentialKey}.
*
* @throws Error
* If key cannot be loaded for some reasons, we fail.
*/
protected
synchronized
RSAPrivateKey
getPrivateKey
()
{
try
{
if
(
priv
==
null
)
{
byte
[]
payload
=
load
();
if
(
payload
==
null
)
{
KeyPairGenerator
gen
=
KeyPairGenerator
.
getInstance
(
"RSA"
);
gen
.
initialize
(
2048
,
new
SecureRandom
());
// going beyond 2048 requires crypto extension
KeyPair
keys
=
gen
.
generateKeyPair
();
priv
=
(
RSAPrivateKey
)
keys
.
getPrivate
();
pub
=
(
RSAPublicKey
)
keys
.
getPublic
();
store
(
priv
.
getEncoded
());
}
else
{
KeyFactory
keyFactory
=
KeyFactory
.
getInstance
(
"RSA"
);
priv
=
(
RSAPrivateKey
)
keyFactory
.
generatePrivate
(
new
PKCS8EncodedKeySpec
(
payload
));
RSAPrivateCrtKey
pks
=
(
RSAPrivateCrtKey
)
priv
;
pub
=
(
RSAPublicKey
)
keyFactory
.
generatePublic
(
new
RSAPublicKeySpec
(
pks
.
getModulus
(),
pks
.
getPublicExponent
()));
}
}
return
priv
;
}
catch
(
IOException
e
)
{
throw
new
Error
(
"Failed to load the key: "
+
getId
(),
e
);
}
catch
(
GeneralSecurityException
e
)
{
throw
new
Error
(
"Failed to load the key: "
+
getId
(),
e
);
}
}
public
RSAPublicKey
getPublicKey
()
{
getPrivateKey
();
return
pub
;
}
/**
* Gets base64-encoded public key.
*/
public
String
getEncodedPublicKey
()
{
return
new
String
(
Base64
.
encodeBase64
(
getPublicKey
().
getEncoded
()));
}
}
core/src/main/java/jenkins/security/RSADigitalSignatureConfidentialKey.java
0 → 100644
浏览文件 @
3080573a
/*
* The MIT License
*
* Copyright (c) 2015, CloudBees, Inc.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
package
jenkins.security
;
import
java.io.UnsupportedEncodingException
;
import
java.security.GeneralSecurityException
;
import
java.security.Signature
;
import
java.security.interfaces.RSAPrivateKey
;
/**
* RSA digital signature as {@link ConfidentialKey} to prevent accidental leak of private key.
*
* @author Kohsuke Kawaguchi
*/
public
class
RSADigitalSignatureConfidentialKey
extends
RSAConfidentialKey
{
public
RSADigitalSignatureConfidentialKey
(
String
id
)
{
super
(
id
);
}
public
RSADigitalSignatureConfidentialKey
(
Class
owner
,
String
shortName
)
{
super
(
owner
,
shortName
);
}
/**
* Sign a message and base64 encode the signature.
*/
public
String
sign
(
String
msg
)
{
try
{
RSAPrivateKey
key
=
getPrivateKey
();
Signature
sig
=
Signature
.
getInstance
(
SIGNING_ALGORITHM
+
"with"
+
key
.
getAlgorithm
());
sig
.
initSign
(
key
);
sig
.
update
(
msg
.
getBytes
(
"UTF-8"
));
return
hudson
.
remoting
.
Base64
.
encode
(
sig
.
sign
());
}
catch
(
GeneralSecurityException
e
)
{
throw
new
SecurityException
(
e
);
}
catch
(
UnsupportedEncodingException
e
)
{
throw
new
AssertionError
(
e
);
// UTF-8 is mandatory
}
}
static
final
String
SIGNING_ALGORITHM
=
"SHA256"
;
}
core/src/test/groovy/jenkins/security/RSAConfidentialKeyTest.groovy
0 → 100644
浏览文件 @
3080573a
/*
* The MIT License
*
* Copyright (c) 2015, CloudBees, Inc.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
package
jenkins.security
import
org.junit.Rule
import
org.junit.Test
/**
*
*
* @author Kohsuke Kawaguchi
*/
class
RSAConfidentialKeyTest
{
@Rule
public
ConfidentialStoreRule
store
=
new
ConfidentialStoreRule
()
def
key
=
new
RSAConfidentialKey
(
"test"
)
{}
@Test
void
loadingExistingKey
()
{
// this second key of the same ID will cause it to load the key from the disk
def
key2
=
new
RSAConfidentialKey
(
"test"
)
{}
assert
key
.
privateKey
==
key2
.
privateKey
;
assert
key
.
publicKey
==
key2
.
publicKey
;
}
}
core/src/test/groovy/jenkins/security/RSADigitalSignatureConfidentialKeyTest.groovy
0 → 100644
浏览文件 @
3080573a
/*
* The MIT License
*
* Copyright (c) 2015, CloudBees, Inc.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
package
jenkins.security
import
hudson.remoting.Base64
import
org.junit.Rule
import
org.junit.Test
import
java.security.Signature
/**
*
*
* @author Kohsuke Kawaguchi
*/
class
RSADigitalSignatureConfidentialKeyTest
{
@Rule
public
ConfidentialStoreRule
store
=
new
ConfidentialStoreRule
()
def
key
=
new
RSADigitalSignatureConfidentialKey
(
"test"
);
@Test
void
dsigSignAndVerify
()
{
def
msg
=
key
.
sign
(
"Hello world"
);
println
msg
;
def
sig
=
Signature
.
getInstance
(
"SHA256withRSA"
);
sig
.
initVerify
(
key
.
publicKey
);
sig
.
update
(
msg
.
getBytes
(
"UTF-8"
));
assert
sig
.
verify
(
Base64
.
decode
(
msg
))
}
}
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录