Merge pull request #4 from jenkinsci/fix_skip_ssl

Fix skipping SSL
jenkinsci · Feb 15, 2022 · 5aefbd8 · 5aefbd8
2 parents 7c7c575 + 146ff0a
commit 5aefbd8
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 11 deletions.
diff --git a/src/main/java/io/jenkins/plugins/ksm/KsmQuery.java b/src/main/java/io/jenkins/plugins/ksm/KsmQuery.java
@@ -29,9 +29,8 @@ private static String handleException(Exception e) {
         return msg;
     }
 
-    public static LocalConfigStorage redeemToken(String token, String hostname) throws Exception {
-
-        logger.log(Level.FINE, "Setting up the secrets manager options");
+    public static LocalConfigStorage redeemToken(String token, String hostname,
+                                                 boolean allowUnverifiedCertificate) throws Exception {
 
         // New style has the hostname prepended to the token, joined with a ":"
         // TODO: Let the SDK handle this, however it's not working now.
@@ -51,12 +50,14 @@ public static LocalConfigStorage redeemToken(String token, String hostname) thro
             }
         }
 
-        logger.log(Level.FINE, "Redeem token " + token +" from host " + hostname);
+        logger.log(Level.FINE, "Redeem token " + token +" from host " + hostname + "; Skip SSL = " +
+                allowUnverifiedCertificate);
 
         LocalConfigStorage storage = new LocalConfigStorage();
         try {
             SecretsManager.initializeStorage(storage, token, getHostname(hostname));
-            SecretsManagerOptions options = new SecretsManagerOptions(storage);
+            SecretsManagerOptions options = new SecretsManagerOptions(storage, null,
+                    allowUnverifiedCertificate);
             KeeperSecrets secrets = SecretsManager.getSecrets(options);
             List<KeeperRecord> records = secrets.getRecords();
             logger.log(Level.FINE, "Found " + records.size() + " records with token redemption.");
@@ -79,7 +80,6 @@ public static SecretsManagerOptions getOptions(String clientId, String privateKe
         storage.saveString("appKey", appKey.trim());
         storage.saveString("hostname", hostname.trim());
 
-        logger.log(Level.FINE, "Setting up the secrets manager options");
         if (allowUnverifiedCertificate) {
             logger.log(Level.INFO, "Keeper Secrets Manager credential is skipping SSL certification verification. "
                     + "If you want to verify the SSL certification uncheck the skip checkbox in the Jenkins's "
@@ -92,13 +92,11 @@ public static SecretsManagerOptions getOptions(String clientId, String privateKe
     public static String testCredentials(String clientId, String privateKey, String appKey, String hostname,
                                          boolean allowUnverifiedCertificate) {
 
-        logger.log(Level.FINE, "Testing credentials");
+        logger.log(Level.FINE, "Testing credentials; SSL Skip = " + allowUnverifiedCertificate);
 
         try {
             SecretsManagerOptions options = getOptions(clientId, privateKey, appKey, getHostname(hostname),
                     allowUnverifiedCertificate);
-
-            logger.log(Level.FINE, options.toString());
             KeeperSecrets secrets = SecretsManager.getSecrets(options);
             List<KeeperRecord> records = secrets.getRecords();
             logger.log(Level.FINE, "Found " + records.size() + " records");

diff --git a/src/main/java/io/jenkins/plugins/ksm/credential/KsmCredential.java b/src/main/java/io/jenkins/plugins/ksm/credential/KsmCredential.java
@@ -46,7 +46,7 @@ public KsmCredential(CredentialsScope scope, String id, String description,
         // If the token is not blank, or already an error, redeem the token.
         if (!token.trim().equals("") && (!token.trim().startsWith(KsmCredential.tokenErrorPrefix))){
             try {
-                LocalConfigStorage storage = KsmQuery.redeemToken(token, hostname);
+                LocalConfigStorage storage = KsmQuery.redeemToken(token, hostname, skipSslVerification);
                 clientId = Secret.fromString(storage.getString("clientId"));
                 appKey = Secret.fromString(storage.getString("appKey"));
                 privateKey = Secret.fromString(storage.getString("privateKey"));

diff --git a/src/main/resources/io/jenkins/plugins/ksm/credential/KsmCredential/config.jelly b/src/main/resources/io/jenkins/plugins/ksm/credential/KsmCredential/config.jelly
@@ -26,7 +26,7 @@
             </f:entry>
             <f:validateButton
                     title="${%ValidateCredential}" progress="${%ValidateCredentialProgress}"
-                    method="testCredential" with="hostname,clientId,privateKey,appKey,useSkipSslVerification"/>
+                    method="testCredential" with="hostname,clientId,privateKey,appKey,skipSslVerification"/>
             <f:entry title="${%AllowConfigInject}" field="allowConfigInject">
                 <f:checkbox/>
             </f:entry>