From d50536463f1aef705e45718b79b372242c46f7a5 Mon Sep 17 00:00:00 2001 From: Tim Jacomb <21194782+timja@users.noreply.github.com> Date: Sat, 16 Dec 2023 16:07:55 +0000 Subject: [PATCH] Add support for pem certificates (#232) --- .../AzureKeyVaultStep.java | 8 ++++++-- .../AzureKeyVaultUtil.java | 19 +++++++++++++++++++ 2 files changed, 25 insertions(+), 2 deletions(-) diff --git a/src/main/java/org/jenkinsci/plugins/azurekeyvaultplugin/AzureKeyVaultStep.java b/src/main/java/org/jenkinsci/plugins/azurekeyvaultplugin/AzureKeyVaultStep.java index 69a00d2..56b8143 100644 --- a/src/main/java/org/jenkinsci/plugins/azurekeyvaultplugin/AzureKeyVaultStep.java +++ b/src/main/java/org/jenkinsci/plugins/azurekeyvaultplugin/AzureKeyVaultStep.java @@ -211,8 +211,12 @@ private Map getSecretsMap(TokenCredential credential, String key KeyVaultSecret bundle = getSecret(client, secret); if (bundle != null) { try { - FilePath filePath = requireNonNull(getContext().get(FilePath.class)); - String path = AzureKeyVaultUtil.convertAndWritePfxToDisk(filePath, bundle.getValue()); + FilePath filePath = requireNonNull(getContext().get(FilePath.class), "A certificate requires a `node`"); + String path = AzureKeyVaultUtil.saveCertificateToDisk( + bundle.getProperties().getContentType(), + filePath, + bundle.getValue() + ); secrets.put(secret.getEnvVariable(), path); } catch (Exception e) { throw new AzureKeyVaultException(e.getMessage(), e); diff --git a/src/main/java/org/jenkinsci/plugins/azurekeyvaultplugin/AzureKeyVaultUtil.java b/src/main/java/org/jenkinsci/plugins/azurekeyvaultplugin/AzureKeyVaultUtil.java index 08f088c..9c03e0e 100644 --- a/src/main/java/org/jenkinsci/plugins/azurekeyvaultplugin/AzureKeyVaultUtil.java +++ b/src/main/java/org/jenkinsci/plugins/azurekeyvaultplugin/AzureKeyVaultUtil.java @@ -47,6 +47,25 @@ class AzureKeyVaultUtil { private static final char[] EMPTY_CHAR_ARRAY = new char[0]; private static final String PKCS12 = "PKCS12"; + private static final String PEM_CONTENT_TYPE = "application/x-pem-file"; + + static String saveCertificateToDisk(String contentType, FilePath workspace, String secret) + throws IOException, InterruptedException, GeneralSecurityException { + if (PEM_CONTENT_TYPE.equals(contentType)) { + return savePemToDisk(workspace, secret); + } else { + return convertAndWritePfxToDisk(workspace, secret); + } + } + + private static String savePemToDisk(FilePath workspace, String secret) throws IOException, InterruptedException { + // ensure workspace has been created + workspace.mkdirs(); + + FilePath outFile = workspace.createTextTempFile("keyvault-", ".pem", secret); + URI uri = outFile.toURI(); + return uri.getPath(); + } static String convertAndWritePfxToDisk(FilePath workspace, String secret) throws IOException, GeneralSecurityException, InterruptedException {