Add support for pem certificates (#232)

jenkinsci · Dec 16, 2023 · d505364 · d505364
1 parent acb4cc1
commit d505364
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 2 deletions.
diff --git a/src/main/java/org/jenkinsci/plugins/azurekeyvaultplugin/AzureKeyVaultStep.java b/src/main/java/org/jenkinsci/plugins/azurekeyvaultplugin/AzureKeyVaultStep.java
@@ -211,8 +211,12 @@ private Map<String, String> getSecretsMap(TokenCredential credential, String key
                     KeyVaultSecret bundle = getSecret(client, secret);
                     if (bundle != null) {
                         try {
-                            FilePath filePath = requireNonNull(getContext().get(FilePath.class));
-                            String path = AzureKeyVaultUtil.convertAndWritePfxToDisk(filePath, bundle.getValue());
+                            FilePath filePath = requireNonNull(getContext().get(FilePath.class), "A certificate requires a `node`");
+                            String path = AzureKeyVaultUtil.saveCertificateToDisk(
+                                    bundle.getProperties().getContentType(),
+                                    filePath,
+                                    bundle.getValue()
+                            );
                             secrets.put(secret.getEnvVariable(), path);
                         } catch (Exception e) {
                             throw new AzureKeyVaultException(e.getMessage(), e);

diff --git a/src/main/java/org/jenkinsci/plugins/azurekeyvaultplugin/AzureKeyVaultUtil.java b/src/main/java/org/jenkinsci/plugins/azurekeyvaultplugin/AzureKeyVaultUtil.java
@@ -47,6 +47,25 @@ class AzureKeyVaultUtil {
 
     private static final char[] EMPTY_CHAR_ARRAY = new char[0];
     private static final String PKCS12 = "PKCS12";
+    private static final String PEM_CONTENT_TYPE = "application/x-pem-file";
+
+    static String saveCertificateToDisk(String contentType, FilePath workspace, String secret)
+            throws IOException, InterruptedException, GeneralSecurityException {
+        if (PEM_CONTENT_TYPE.equals(contentType)) {
+            return savePemToDisk(workspace, secret);
+        } else {
+            return convertAndWritePfxToDisk(workspace, secret);
+        }
+    }
+
+    private static String savePemToDisk(FilePath workspace, String secret) throws IOException, InterruptedException {
+        // ensure workspace has been created
+        workspace.mkdirs();
+
+        FilePath outFile = workspace.createTextTempFile("keyvault-", ".pem", secret);
+        URI uri = outFile.toURI();
+        return uri.getPath();
+    }
 
     static String convertAndWritePfxToDisk(FilePath workspace, String secret)
             throws IOException, GeneralSecurityException, InterruptedException {