Thanks for the very clear issue description. I can duplicate it.
The git plugin only supports username / password credentials for HTTPS repository URLs. The git plugin only supports private key credentials (RSA, ED-25519, ECDSA() for SSH repository URLs. The incorrect behavior may be (partly?) because the git plugin does not support certificate credentials.
When I use "Manage Jenkins" -> "Credentials" to create a certificate credential with an invalid PEM encoded certificate, a stack trace exception is shown on the screen (the "Jenkins devil") and the Jenkins log shows that an illegal argument exception was thrown while trying to construct the certificate credential. The exception in the stack trace is:
2024-12-06 13:27:22.467+0000 [id=284663] WARNING o.e.j.e.n.ContextHandler$APIContext#log: Error while serving http:e.net/createCredentials
java.io.IOException: expected one key but got 0
at PluginClassLoader for credentials at PluginClassLoader for credentials at PluginClassLoader for credentialsCaused: java.lang.IllegalArgumentException: KeyStore is not valid.
at PluginClassLoader for credentials at java.base/jdk.internal.reflect.DirectConstructorHandleAccessor.newInstance(Unknown Source)
at java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Unknown Source)
at java.base/java.lang.reflect.Constructor.newInstance(Unknown Source)
at org.kohsuke.stapler.RequestImpl.invokeConstructor(RequestImpl.java:673)
at org.kohsuke.stapler.RequestImpl.instantiate(RequestImpl.java:990)
at org.kohsuke.stapler.RequestImpl$TypePair.convertJSON(RequestImpl.java:861)
Caused: java.lang.IllegalArgumentException: Failed to instantiate class com.cloudbees.plugins.credentials.impl.CertificateCredentialsImpl from {"scope":"GLOBAL","keyStoreSource":{"value":"0","certChain":"[val
ue redacted]","$redact":["certChain","privateKey"],"privateKey":"[value redacted]","stapler-class<span class="code-quote">":"com.cloudbees.plugins.credentials.impl.CertificateCredentialsImpl$PEMEntryKeyStoreSource","$class<span class="code-quote">":"com.cloudbees.plugins.credentials.impl.CertificateCredentialsImpl$PEMEntryKeyStoreSource"},"password":"[value redacted]","$redact":"password","id":"invalied-pem-certificate","description":"Invalid pem certiticate","stapler-class<span class="code-quote">":"com.cloudbees.plugins.credentials.impl.CertificateCredentialsImpl","$class<span class="code-quote">":"com.cloudbees.plugins.credentials.impl.CertificateCredentialsImpl"}
at org.kohsuke.stapler.RequestImpl$TypePair.convertJSON(RequestImpl.java:865)
at org.kohsuke.stapler.RequestImpl.bindJSON(RequestImpl.java:620)
at org.kohsuke.stapler.RequestImpl.bindJSON(RequestImpl.java:615)
at hudson.model.Descriptor.bindJSON(Descriptor.java:656)
at hudson.model.Descriptor.newInstanceImpl(Descriptor.java:614)
I think that both behaviors are a poor user experience. In the git plugin context within a job definition, it would be best to only allow the user to create credential types that are valid for use with the git plugin. In the "Manage Jenkins" -> "Credentials" context it would be better to show the user a clear message instead of the Jenkins stack trace ID page and a stack trace in the Jenkins log.
Thanks for the very clear issue description. I can duplicate it.
The git plugin only supports username / password credentials for HTTPS repository URLs. The git plugin only supports private key credentials (RSA, ED-25519, ECDSA() for SSH repository URLs. The incorrect behavior may be (partly?) because the git plugin does not support certificate credentials.
When I use "Manage Jenkins" -> "Credentials" to create a certificate credential with an invalid PEM encoded certificate, a stack trace exception is shown on the screen (the "Jenkins devil") and the Jenkins log shows that an illegal argument exception was thrown while trying to construct the certificate credential. The exception in the stack trace is:
I think that both behaviors are a poor user experience. In the git plugin context within a job definition, it would be best to only allow the user to create credential types that are valid for use with the git plugin. In the "Manage Jenkins" -> "Credentials" context it would be better to show the user a clear message instead of the Jenkins stack trace ID page and a stack trace in the Jenkins log.