Merge branch 'master' into JENKINS-74964

pom.xml

@@ -124,12 +124,6 @@
         </exclusion>
       </exclusions>
     </dependency>
-    <dependency>
-      <groupId>org.kohsuke.metainf-services</groupId>
-      <artifactId>metainf-services</artifactId>
-      <version>1.11</version>
-      <scope>provided</scope>
-    </dependency>
     <dependency>
       <groupId>org.xmlunit</groupId>
       <artifactId>xmlunit-matchers</artifactId>

src/main/java/com/cloudbees/plugins/credentials/cli/CredentialsStoreOptionHandler.java

@@ -25,7 +25,7 @@
 
 import com.cloudbees.plugins.credentials.CredentialsSelectHelper;
 import com.cloudbees.plugins.credentials.CredentialsStore;
-import org.kohsuke.MetaInfServices;
+import hudson.cli.declarative.OptionHandlerExtension;
 import org.kohsuke.args4j.CmdLineException;
 import org.kohsuke.args4j.CmdLineParser;
 import org.kohsuke.args4j.OptionDef;
@@ -38,7 +38,7 @@
  *
  * @since 2.1.1
  */
-@MetaInfServices(OptionHandler.class)
+@OptionHandlerExtension
 public class CredentialsStoreOptionHandler extends OptionHandler<CredentialsStore> {
     /**
      * {@inheritDoc}

src/main/java/com/cloudbees/plugins/credentials/impl/CertificateCredentialsImpl.java

@@ -150,12 +150,10 @@ public CertificateCredentialsImpl(@CheckForNull CredentialsScope scope,
      * Helper to convert a {@link Secret} password into a {@code char[]}
      *
      * @param password the password.
-     * @return a {@code char[]} containing the password or {@code null}
+     * @return a {@code char[]} containing the password
      */
-    @CheckForNull
     private static char[] toCharArray(@NonNull Secret password) {
-        String plainText = Util.fixEmpty(password.getPlainText());
-        return plainText == null ? null : plainText.toCharArray();
+        return password.getPlainText().toCharArray();
     }
 
     /**
@@ -251,7 +249,7 @@ public FormValidation doCheckPassword(@QueryParameter String value) {
                 return FormValidation.error(Messages.CertificateCredentialsImpl_ShortPasswordFIPS());
             }
             if (pw.isEmpty()) {
-                return FormValidation.warning(Messages.CertificateCredentialsImpl_NoPassword());
+                return FormValidation.ok(Messages.CertificateCredentialsImpl_NoPassword());
             }
             if (pw.length() < 14) {
                 return FormValidation.warning(Messages.CertificateCredentialsImpl_ShortPassword());
@@ -627,9 +625,7 @@ protected static FormValidation validateCertificateKeystore(byte[] keystoreBytes
                 } catch (KeyStoreException | CertificateException | NoSuchAlgorithmException | IOException e) {
                     return FormValidation.warning(e, Messages.CertificateCredentialsImpl_LoadKeystoreFailed());
                 } finally {
-                    if (passwordChars != null) {
-                        Arrays.fill(passwordChars, ' ');
-                    }
+                    Arrays.fill(passwordChars, ' ');
                 }
             }
 
@@ -742,6 +738,9 @@ public FormValidation doCheckCertChain(@QueryParameter String value) {
                     List<PEMEncodable> pemEncodables = PEMEncodable.decodeAll(pemCerts, null);
                     long count = pemEncodables.stream().map(PEMEncodable::toCertificate).filter(Objects::nonNull).count();
                     if (count < 1) {
+                        if (Util.fixEmpty(value) == null) {
+                            return FormValidation.ok();
+                        }
                         return FormValidation.error(Messages.CertificateCredentialsImpl_PEMNoCertificates());
                     }
                     // ensure only certs are provided.
@@ -774,6 +773,9 @@ public FormValidation doCheckPrivateKey(@QueryParameter String value,
                     List<PEMEncodable> pemEncodables = PEMEncodable.decodeAll(key, toCharArray(Secret.fromString(password)));
                     long count = pemEncodables.stream().map(PEMEncodable::toPrivateKey).filter(Objects::nonNull).count();
                     if (count == 0) {
+                        if (Util.fixEmpty(value) == null) {
+                            return FormValidation.ok();
+                        }
                         return FormValidation.error(Messages.CertificateCredentialsImpl_PEMNoKeys());
                     }
                     if (count > 1) {

src/main/resources/com/cloudbees/plugins/credentials/impl/Messages.properties

@@ -24,8 +24,8 @@
 UsernamePasswordCredentialsImpl.DisplayName=Username with password
 CertificateCredentialsImpl.DisplayName=Certificate
 CertificateCredentialsImpl.EmptyKeystore=Empty keystore
-CertificateCredentialsImpl.LoadKeyFailed=Could retrieve key "{0}"
-CertificateCredentialsImpl.LoadKeyFailedQueryEmptyPassword=Could retrieve key "{0}". You may need to provide a password
+CertificateCredentialsImpl.LoadKeyFailed=Couldn''t retrieve key for alias "{0}"
+CertificateCredentialsImpl.LoadKeyFailedQueryEmptyPassword=Couldn''t retrieve key for alias "{0}". You may need to provide a password
 CertificateCredentialsImpl.LoadKeystoreFailed=Could not load keystore
 CertificateCredentialsImpl.NoCertificateUploaded=No certificate uploaded
 CertificateCredentialsImpl.UploadedKeyStoreSourceDisplayName=Upload PKCS#12 certificate and key

src/test/java/com/cloudbees/plugins/credentials/impl/CertificateCredentialsImplTest.java

@@ -32,6 +32,7 @@
 import com.cloudbees.plugins.credentials.SecretBytes;
 import com.cloudbees.plugins.credentials.common.CertificateCredentials;
 import com.cloudbees.plugins.credentials.common.StandardCertificateCredentials;
+import hudson.util.FormValidation;
 import org.htmlunit.FormEncodingType;
 import org.htmlunit.HttpMethod;
 import org.htmlunit.Page;
@@ -128,14 +129,6 @@ public void doCheckUploadedKeystore_uploadedFileValid_encryptedPassword() throws
         assertThat(content, containsString(EXPECTED_DISPLAY_NAME));
     }
 
-    @Test
-    @Issue("JENKINS-64542")
-    public void doCheckUploadedKeystore_uploadedFileValid_butMissingPassword() throws Exception {
-        String content = getContentFrom_doCheckUploadedKeystore("", getValidP12_base64(), "");
-        assertThat(content, containsString("warning"));
-        assertThat(content, containsString(Util.escape(Messages.CertificateCredentialsImpl_LoadKeyFailedQueryEmptyPassword("1"))));
-    }
-
     @Test
     @Issue("JENKINS-64542")
     public void doCheckUploadedKeystore_uploadedFileValid_butInvalidPassword() throws Exception {
@@ -193,10 +186,11 @@ public void doCheckUploadedKeystore_keyStoreValid_encryptedPassword() throws Exc
 
     @Test
     @Issue("JENKINS-64542")
-    public void doCheckUploadedKeystore_keyStoreValid_butMissingPassword() throws Exception {
-        String content = getContentFrom_doCheckUploadedKeystore(getValidP12_secretBytes(), "", "");
-        assertThat(content, containsString("warning"));
-        assertThat(content, containsString(Util.escape(Messages.CertificateCredentialsImpl_LoadKeyFailedQueryEmptyPassword("1"))));
+    public void doCheckPassword_missing() {
+        CertificateCredentialsImpl.DescriptorImpl descriptor = r.jenkins.getDescriptorByType(CertificateCredentialsImpl.DescriptorImpl.class);
+        FormValidation formValidation = descriptor.doCheckPassword("");
+        assertThat(formValidation.kind, is(FormValidation.Kind.OK));
+        assertThat(formValidation.getMessage(), is(Messages.CertificateCredentialsImpl_NoPassword()));
     }
 
     @Test