Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-40286

EncryptedSlaveAgentJnlpFile should use SlaveComputer.getJnlpMac() instead of reimplementing it

    • Icon: Improvement Improvement
    • Resolution: Fixed
    • Icon: Minor Minor
    • core
    • None

      Basically getJnlpMac() does JnlpSlaveAgentProtocol.SLAVE_SECRET.mac(getName()), and EncryptedSlaveAgentJnlpFile.generateResponse does: JnlpSlaveAgentProtocol.SLAVE_SECRET.mac(slaveName.getBytes("UTF-8"))
      I'd like to be able to override getJnlpMac and have the key used consistently.

          [JENKINS-40286] EncryptedSlaveAgentJnlpFile should use SlaveComputer.getJnlpMac() instead of reimplementing it

          Kevin Browder added a comment -

          Specifically i think EncryptedSlaveAgentJnlpFile should change it from being an AccessControlled to being a SlaveComputer and the line with JnlpSlaveAgentProtocol.SLAVE_SECRET.mac(slaveName.getBytes("UTF-8")) should become byte[] jnlpMac = Util.fromHexString(it.getJnlpMac())
          Thus making the SlaveComputer the one-and-only authority on the secret.

          Kevin Browder added a comment - Specifically i think EncryptedSlaveAgentJnlpFile should change it from being an AccessControlled to being a SlaveComputer and the line with JnlpSlaveAgentProtocol.SLAVE_SECRET.mac(slaveName.getBytes("UTF-8")) should become byte[] jnlpMac = Util.fromHexString(it.getJnlpMac()) Thus making the SlaveComputer the one-and-only authority on the secret.

          Kevin Browder added a comment -

          Kevin Browder added a comment - I think https://github.com/jenkinsci/jenkins/pull/2658 should fix this.

          Kevin Browder added a comment -

          I dropped this into the review state, the tests all pass. Thanks in advance for whoever reviews this PR.

          Kevin Browder added a comment - I dropped this into the review state, the tests all pass. Thanks in advance for whoever reviews this PR.

          Code changed in jenkins
          User: kbrowder
          Path:
          core/src/main/java/jenkins/slaves/EncryptedSlaveAgentJnlpFile.java
          http://jenkins-ci.org/commit/jenkins/37806a53c87855cbdd9eda073600ad828ec6f5c0
          Log:
          [FIXED JENKINS-40286] - Delegate JnlpMac computation to SlaveComputers if possible (#2658)

          [FIXED JENKINS-40286] - Delegate JnlpMac computation to SlaveComputers if possible

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: kbrowder Path: core/src/main/java/jenkins/slaves/EncryptedSlaveAgentJnlpFile.java http://jenkins-ci.org/commit/jenkins/37806a53c87855cbdd9eda073600ad828ec6f5c0 Log: [FIXED JENKINS-40286] - Delegate JnlpMac computation to SlaveComputers if possible (#2658) [FIXED JENKINS-40286] - Delegate JnlpMac computation to SlaveComputers if possible

          Oleg Nenashev added a comment - - edited

          Released in jenkins-2.37

          Oleg Nenashev added a comment - - edited Released in jenkins-2.37

            Unassigned Unassigned
            kbrowder Kevin Browder
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: