Skip to content
Permalink
Browse files

Merge pull request #139 from duemir/JENKINS-49668

JENKINS-49668 - Root CAs component is fixed.
  • Loading branch information...
Evildethow committed Mar 26, 2018
2 parents bc37791 + 2266af7 commit 7dff4755c4698035810de3ad4139f8ae49603d62
@@ -35,7 +35,11 @@
import hudson.model.Node;
import hudson.security.Permission;
import jenkins.model.Jenkins;
import jenkins.security.MasterToSlaveCallable;

import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import java.io.BufferedWriter;
import java.io.IOException;
import java.io.OutputStream;
@@ -44,19 +48,16 @@
import java.io.StringWriter;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Enumeration;
import java.util.Set;
import java.util.WeakHashMap;
import jenkins.security.MasterToSlaveCallable;

/**
* @author schristou88
*/
@Extension
public class RootCAs extends Component {

private final WeakHashMap<Node, String> certCache = new WeakHashMap<Node, String>();
private final WeakHashMap<Node, String> certCache = new WeakHashMap<>();

@Override
public boolean isSelectedByDefault() {
@@ -104,8 +105,6 @@ public void writeTo(OutputStream os) throws IOException {
out.println(getRootCA(node));
} catch (IOException e) {
SupportLogFormatter.printStackTrace(e, out);
} catch (InterruptedException e) {
SupportLogFormatter.printStackTrace(e, out);
} finally {
out.flush();
}
@@ -114,7 +113,7 @@ public void writeTo(OutputStream os) throws IOException {
);
}

public String getRootCA(Node node) throws IOException, InterruptedException {
public String getRootCA(Node node) throws IOException {
return AsyncResultCache.get(node, certCache, new GetRootCA(), "Root CA info",
"N/A: Either no connection to node, or no cached result");
}
@@ -135,18 +134,30 @@ public String call() {
}

public static void getRootCAList(StringWriter writer) {
KeyStore instance = null;
try {
instance = KeyStore.getInstance(KeyStore.getDefaultType());
Enumeration<String> aliases = instance.aliases();
while (aliases.hasMoreElements()) {
String s = aliases.nextElement();
writer.append("========");
writer.append("Alias: " + s);
writer.append(instance.getCertificate(s).getPublicKey().toString());
writer.append("Trusted certificate: " + instance.isCertificateEntry(s));
// Inspired by:
// https://github.com/jenkinsci/jenkins-scripts/pull/82/files
// https://stackoverflow.com/questions/8884831/listing-certificates-in-jvm-trust-store
final TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init((KeyStore) null);
TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
for (int i = 0; i < trustManagers.length; i++) {
writer.append("===== Trust Manager ").append(String.valueOf(i)).append(" =====\n");
TrustManager trustManager = trustManagers[i];
if (trustManager instanceof X509TrustManager) {
final X509Certificate[] acceptedIssuers = ((X509TrustManager) trustManager).getAcceptedIssuers();
writer.append("It is an X.509 Trust Manager containing ")
.append(String.valueOf(acceptedIssuers.length))
.append(" certificates:\n");
for (X509Certificate x509Certificate : acceptedIssuers) {
writer.append(x509Certificate.getSubjectX500Principal().toString()).append('\n');
}
} else {
writer.append("Skipping as it is not an X.509 Trust Manager.\n");
writer.append("Class Name: ").append(trustManager.getClass().getName()).append('\n');
}
}
} catch (KeyStoreException e) {
} catch (KeyStoreException | NoSuchAlgorithmException e) {
writer.write(Functions.printThrowable(e));
}
}
@@ -0,0 +1,21 @@
package com.cloudbees.jenkins.support.impl;

import org.junit.Test;

import java.io.StringWriter;

import static org.hamcrest.Matchers.startsWith;
import static org.junit.Assert.assertThat;

public class RootCAsTest {

@Test
public void getRootCAList() {
final StringWriter certsWriter = new StringWriter();
RootCAs.getRootCAList(certsWriter);
final String rootCAs = certsWriter.toString();

assertThat("output doesn't start with the Exception",
rootCAs, startsWith("===== Trust Manager 0 =====\n"));
}
}

0 comments on commit 7dff475

Please sign in to comment.
You can’t perform that action at this time.