Merge pull request #598 from MarkEWaite/passphrase-charset-honor-env-…

…var-2 [JENKINS-63307] Allow zOS encoding of user name, password, and passphrase
jenkinsci · Aug 11, 2020 · 711fcfd · 711fcfd
2 parents 3a2230e + 3c437b8
commit 711fcfd
Show file tree

Hide file tree

Showing 2 changed files with 35 additions and 25 deletions.
diff --git a/README.adoc b/README.adoc
@@ -98,13 +98,6 @@ When `org.jenkinsci.plugins.gitclient.CliGitAPIImpl.checkRemoteURL` is set to `f
 +
 Default is `true` so that repository URL's are rejected if they start with `-` or contain space characters.
 
-credentials.file.encoding::
-When `org.jenkinsci.plugins.gitclient.CliGitAPIImpl.credentials.file.encoding` is set to a non-empty value (like `IBM-1047`) and the agent is running on IBM zOS, the ssh passphrase file is written using that character set.
-The character sets of other credential files are not changed.
-The character sets on other operating systems are not changed.
-+
-Default is empty so that zOS file encoding behaves as it did previously.
-
 forceFetch::
 When `org.jenkinsci.plugins.gitclient.CliGitAPIImpl.forceFetch` is set to `false` it allows command line git versions 2.20 and later to not update tags which have already been fetched into the workspace.
 +
@@ -114,13 +107,6 @@ Command line git 2.20 and later do not update an existing tag if the remote tag
 +
 Default is `true` so that newer command line git versions behave the same as older versions.
 
-password.file.encoding::
-When `org.jenkinsci.plugins.gitclient.CliGitAPIImpl.password.file.encoding` is set to a non-empty value (like `IBM-1047`) and the agent is running on IBM zOS, the password file is written using that character set.
-The character sets of other credential files are not changed.
-The character sets on other operating systems are not changed.
-+
-Default is empty so that zOS file encoding behaves as it did previously.
-
 promptForAuthentication::
 When `org.jenkinsci.plugins.gitclient.CliGitAPIImpl.promptForAuthentication` is set to `true` it allows command line git versions 2.3 and later to prompt the user for authentication.
 Command line git prompting for authentication should be rare, since Jenkins credentials should be managed through the credentials plugin.
@@ -135,6 +121,27 @@ When `org.jenkinsci.plugins.gitclient.CliGitAPIImpl.useCLI` is set to `false`, i
 +
 Default is `true` so that command line git is chosen as the default implementation.
 
+user.name.file.encoding::
+When `org.jenkinsci.plugins.gitclient.CliGitAPIImpl.user.name.file.encoding` is set to a non-empty value (like `IBM-1047`) and the agent is running on IBM zOS, the username credentials file is written using that character set.
+The character sets of other credential files are not changed.
+The character sets on other operating systems are not changed.
++
+Default is empty so that zOS file encoding behaves as it did previously.
+
+user.passphrase.file.encoding::
+When `org.jenkinsci.plugins.gitclient.CliGitAPIImpl.user.passphrase.file.encoding` is set to a non-empty value (like `IBM-1047`) and the agent is running on IBM zOS, the ssh passphrase file is written using that character set.
+The character sets of other credential files are not changed.
+The character sets on other operating systems are not changed.
++
+Default is empty so that zOS file encoding behaves as it did previously.
+
+user.password.file.encoding::
+When `org.jenkinsci.plugins.gitclient.CliGitAPIImpl.user.password.file.encoding` is set to a non-empty value (like `IBM-1047`) and the agent is running on IBM zOS, the password file is written using that character set.
+The character sets of other credential files are not changed.
+The character sets on other operating systems are not changed.
++
+Default is empty so that zOS file encoding behaves as it did previously.
+
 useSETSID::
 When `org.jenkinsci.plugins.gitclient.CliGitAPIImpl.useSETSID` is set to `true` and the `setsid` command is available, the git client process on non-Windows computers will be started with the `setsid` command so that they are detached from any controlling terminal.
 Most agents are run without a controlling terminal and the `useSETSID` setting is not needed.

diff --git a/src/main/java/org/jenkinsci/plugins/gitclient/CliGitAPIImpl.java b/src/main/java/org/jenkinsci/plugins/gitclient/CliGitAPIImpl.java
@@ -2166,11 +2166,7 @@ private File createUnixStandardAskpass(StandardUsernamePasswordCredentials creds
     }
 
     private File createPassphraseFile(SSHUserPrivateKey sshUser) throws IOException {
-        String charset = "UTF-8";
-        if (isZos() && System.getProperty(CliGitAPIImpl.class.getName() + ".credentials.file.encoding") != null) {
-            charset = Charset.forName(System.getProperty(CliGitAPIImpl.class.getName() + ".credentials.file.encoding")).toString();
-	    listener.getLogger().println("Using passphrase charset '" + charset + "'");
-        }
+        String charset = computeCredentialFileCharset("passphrase", "UTF-8");
         File passphraseFile = createTempFile("phrase", ".txt");
         try (PrintWriter w = new PrintWriter(passphraseFile, charset)) {
             w.println(Secret.toString(sshUser.getPassphrase()));
@@ -2179,26 +2175,33 @@ private File createPassphraseFile(SSHUserPrivateKey sshUser) throws IOException
     }
 
     private File createUsernameFile(StandardUsernamePasswordCredentials userPass) throws IOException {
+        String charset = computeCredentialFileCharset("name", "UTF-8");
         File usernameFile = createTempFile("username", ".txt");
-        try (PrintWriter w = new PrintWriter(usernameFile, "UTF-8")) {
+        try (PrintWriter w = new PrintWriter(usernameFile, charset)) {
             w.println(userPass.getUsername());
         }
         return usernameFile;
     }
 
     private File createPasswordFile(StandardUsernamePasswordCredentials userPass) throws IOException {
-        String charset = "UTF-8";
-        if (isZos() && System.getProperty(CliGitAPIImpl.class.getName() + ".password.file.encoding") != null) {
-            charset = Charset.forName(System.getProperty(CliGitAPIImpl.class.getName() + ".credentials.file.encoding")).toString();
-	    listener.getLogger().println("Using password charset '" + charset + "'");
-        }
+        String charset = computeCredentialFileCharset("password", "UTF-8");
         File passwordFile = createTempFile("password", ".txt");
         try (PrintWriter w = new PrintWriter(passwordFile, charset)) {
             w.println(Secret.toString(userPass.getPassword()));
         }
         return passwordFile;
     }
 
+    private String computeCredentialFileCharset(String context, String defaultValue) {
+        String property = CliGitAPIImpl.class.getName() + ".user." + context + ".file.encoding";
+        if (isZos() && System.getProperty(property) != null) {
+            String charset = Charset.forName(property).toString();
+	    listener.getLogger().println("Using " + context + " charset '" + charset + "'");
+            return charset;
+        }
+        return defaultValue;
+    }
+
     private String getPathToExe(String userGitExe) {
         userGitExe = userGitExe.toLowerCase(Locale.ENGLISH); // Avoid the Turkish 'i' conversion