Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unify two entrypoints #677

Merged
merged 6 commits into from
Oct 20, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 4 additions & 3 deletions docs/inbound-agent.md
Original file line number Diff line number Diff line change
Expand Up @@ -78,12 +78,13 @@ This mechanism requires a download of the `agent.jar`, as described for "Downloa

Once all the prerequisite files and data have been obtained, the agent can be launched with a command like this
```
java -cp agent.jar hudson.remoting.jnlp.Main \
java -jar agent.jar \
-workDir <work directory> \
-direct <HOST:PORT> \
-protocols JNLP4-connect \
basil marked this conversation as resolved.
Show resolved Hide resolved
-instanceIdentity <instance identity> \
<secretString> <agentName>
-secret <secretString> \
-name <agentName>
```
The "-protocols" parameter is optional, but is useful to limit the agent to protocols the server supports.
The only currently supported and recommended protocol is "JNLP4-connect".
Expand All @@ -102,7 +103,7 @@ Additional descriptions of configuring this mechanism are located at [Installing

There are a number of different launch parameters that control how the agent connects and behaves.
The parameters available and the default behavior may vary depending upon the entry point.
You can obtain usage information by executing `java -cp agent.jar hudson.remoting.jnlp.Main` or `java -jar agent.jar --help`.
You can obtain usage information by executing `java -jar agent.jar --help`.
Not all parameters work together and some parameters require the use of others.

There are also system or environment variables that control some advanced behaviors documented at [Remoting Configuration](https://github.com/jenkinsci/remoting/blob/master/docs/configuration.md).
Expand Down
16 changes: 10 additions & 6 deletions src/main/java/hudson/remoting/Engine.java
Original file line number Diff line number Diff line change
Expand Up @@ -94,6 +94,8 @@
import org.jenkinsci.remoting.protocol.impl.ConnectionRefusalException;
import org.jenkinsci.remoting.util.KeyUtils;
import org.jenkinsci.remoting.util.VersionNumber;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.NoExternalUse;

/**
* Agent engine that proactively connects to Jenkins controller.
Expand Down Expand Up @@ -166,10 +168,10 @@ public Thread newThread(@NonNull final Runnable r) {
private Map<String, String> webSocketHeaders;
private String credentials;
private String protocolName;
private String proxyCredentials = System.getProperty("proxyCredentials");
private String proxyCredentials;

/**
* See {@link hudson.remoting.jnlp.Main#tunnel} for the documentation.
* See {@link Launcher#tunnel} for the documentation.
*/
@CheckForNull
private String tunnel;
Expand Down Expand Up @@ -885,7 +887,7 @@ private JnlpEndpointResolver createEndpointResolver(List<String> jenkinsUrls) {
if (directConnection == null) {
SSLSocketFactory sslSocketFactory = null;
try {
sslSocketFactory = getSSLSocketFactory();
sslSocketFactory = getSSLSocketFactory(candidateCertificates);
} catch (Exception e) {
events.error(e);
}
Expand Down Expand Up @@ -1034,16 +1036,18 @@ private static FileInputStream getFileInputStream(final File file) throws Privil
});
}

private SSLSocketFactory getSSLSocketFactory()
@CheckForNull
@Restricted(NoExternalUse.class)
static SSLSocketFactory getSSLSocketFactory(List<X509Certificate> x509Certificates)
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Widening the visibility of this method and making static so that it can be reused in another place where this same logic is needed. Also added a @CheckForNull annotation while I was here, since this method can sometimes return null.

throws PrivilegedActionException, KeyStoreException, NoSuchProviderException, CertificateException,
NoSuchAlgorithmException, IOException, KeyManagementException {
SSLSocketFactory sslSocketFactory = null;
if (candidateCertificates != null && !candidateCertificates.isEmpty()) {
if (x509Certificates != null && !x509Certificates.isEmpty()) {
KeyStore keyStore = getCacertsKeyStore();
// load the keystore
keyStore.load(null, null);
int i = 0;
for (X509Certificate c : candidateCertificates) {
for (X509Certificate c : x509Certificates) {
keyStore.setCertificateEntry(String.format("alias-%d", i++), c);
}
// prepare the trust manager
Expand Down
Loading
Loading