Merge pull request #166 from jglick/FilePathPickle-JENKINS-75679

[JENKINS-75679] `KeyMaterial` variant passing `VirtualChannel` to `close`

Author: jglick

src/main/java/org/jenkinsci/plugins/docker/commons/credentials/KeyMaterial.java

@@ -24,6 +24,8 @@
 package org.jenkinsci.plugins.docker.commons.credentials;
 
 import hudson.EnvVars;
+import hudson.FilePath;
+import hudson.remoting.VirtualChannel;
 
 import java.io.Closeable;
 import java.io.IOException;
@@ -40,7 +42,9 @@
  * @author Kohsuke Kawaguchi
  * @see DockerServerEndpoint#newKeyMaterialFactory(hudson.model.AbstractBuild)
  * @see DockerRegistryEndpoint#newKeyMaterialFactory(hudson.model.AbstractBuild)
+ * @deprecated use {@link KeyMaterial2}
  */
+@Deprecated
 public abstract class KeyMaterial implements Closeable, Serializable {
 
     /**
@@ -88,4 +92,41 @@ private Object readResolve() {
             return NULL;
         }
     }
+
+    static KeyMaterial fromKeyMaterial2(KeyMaterial2 material, FilePath baseDir) {
+        return new KeyMaterialFromKeyMaterial2(material, baseDir);
+    }
+    private static final class KeyMaterialFromKeyMaterial2 extends KeyMaterial {
+        private static final long serialVersionUID = 1L;
+        private final KeyMaterial2 delegate;
+        private final FilePath baseDir;
+        KeyMaterialFromKeyMaterial2(KeyMaterial2 delegate, FilePath baseDir) {
+            super(delegate.env());
+            this.delegate = delegate;
+            this.baseDir = baseDir;
+        }
+        @Override public void close() throws IOException {
+            try {
+                delegate.close(baseDir != null ? baseDir.getChannel() : FilePath.localChannel);
+            } catch (InterruptedException x) {
+                throw new IOException(x);
+            }
+        }
+    }
+
+
+    KeyMaterial2 toKeyMaterial2() {
+        return new KeyMaterial2FromKeyMaterial(this);
+    }
+    private static final class KeyMaterial2FromKeyMaterial extends KeyMaterial2 {
+        private static final long serialVersionUID = 1L;
+        private final KeyMaterial delegate;
+        KeyMaterial2FromKeyMaterial(KeyMaterial delegate) {
+            super(delegate.env());
+            this.delegate = delegate;
+        }
+        @Override public void close(VirtualChannel channel) throws IOException {
+            delegate.close();
+        }
+    }
 }

src/main/java/org/jenkinsci/plugins/docker/commons/credentials/KeyMaterial2.java

@@ -0,0 +1,89 @@
+/*
+ * The MIT License
+ *
+ * Copyright (c) 2015, CloudBees, Inc.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+package org.jenkinsci.plugins.docker.commons.credentials;
+
+import hudson.EnvVars;
+import hudson.remoting.VirtualChannel;
+
+import java.io.IOException;
+import java.io.Serializable;
+
+/**
+ * Represents a locally extracted credentials information.
+ *
+ * <p>
+ * Implementations of this class are created by their corresponding {@link KeyMaterialFactory}
+ * implementations. Be sure to call {@link #close} when finished.
+ *
+ * @author Kohsuke Kawaguchi
+ */
+public abstract class KeyMaterial2 implements Serializable {
+
+    /**
+     * Standardize serialization
+     */
+    private static final long serialVersionUID = 1L;
+
+    /**
+     * {@link KeyMaterial} that does nothing.
+     */
+    public static final KeyMaterial2 NULL = new NullKeyMaterial();
+
+    /**
+     * The environment variables
+     */
+    private final EnvVars envVars;
+
+    protected KeyMaterial2(EnvVars envVars) {
+        this.envVars = envVars;
+    }
+
+    /**
+     * Get the environment variables needed to be passed when docker runs, to access
+     * {@link DockerServerCredentials} that this object was created from.
+     */
+    public final EnvVars env() {
+        return envVars;
+    }
+
+    /**
+     * Deletes the key materials from the file system. As key materials are copied into files
+     * every time {@link KeyMaterialFactory} is created, it must be also cleaned up each time.
+     * @param channel to restore pathnames
+     */
+    public abstract void close(VirtualChannel channel) throws IOException, InterruptedException;
+
+    private static final class NullKeyMaterial extends KeyMaterial2 {
+        private static final long serialVersionUID = 1L;
+        protected NullKeyMaterial() {
+            super(new EnvVars());
+        }
+        @Override
+        public void close(VirtualChannel channel) {
+        }
+        private Object readResolve() {
+            return NULL;
+        }
+    }
+}

src/main/java/org/jenkinsci/plugins/docker/commons/credentials/KeyMaterialContext.java

@@ -34,6 +34,7 @@
  *
  * @author Stephen Connolly
  */
+// TODO why is this marked Serializable? It does not in fact seem to be serialized.
 public class KeyMaterialContext implements Serializable {
     private static final long serialVersionUID = 1L;
 

src/main/java/org/jenkinsci/plugins/docker/commons/credentials/KeyMaterialFactory.java

@@ -23,17 +23,19 @@
  */
 package org.jenkinsci.plugins.docker.commons.credentials;
 
+import edu.umd.cs.findbugs.annotations.CheckForNull;
 import edu.umd.cs.findbugs.annotations.NonNull;
 import edu.umd.cs.findbugs.annotations.Nullable;
 import hudson.FilePath;
+import hudson.Util;
 import hudson.model.AbstractBuild;
-import org.jenkinsci.plugins.docker.commons.impl.CompositeKeyMaterialFactory;
-import org.jenkinsci.plugins.docker.commons.impl.NullKeyMaterialFactory;
-
+import hudson.remoting.VirtualChannel;
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.UUID;
+import org.jenkinsci.plugins.docker.commons.impl.CompositeKeyMaterialFactory;
+import org.jenkinsci.plugins.docker.commons.impl.NullKeyMaterialFactory;
 
 /**
  * Represents a locally extracted credentials information.
@@ -78,15 +80,40 @@ protected synchronized KeyMaterialContext getContext() {
         return context;
     }
 
+    @NonNull
+    protected final synchronized VirtualChannel getChannel() {
+        return context != null ? context.getBaseDir().getChannel() : FilePath.localChannel;
+    }
+
+    /** @deprecated use {@link #materialize2} */
+    @Deprecated
+    public KeyMaterial materialize() throws IOException, InterruptedException {
+        if (Util.isOverridden(KeyMaterialFactory.class, getClass(), "materialize2")) {
+            FilePath baseDir;
+            synchronized (this) {
+                baseDir = context != null ? context.getBaseDir() : null;
+            }
+            return KeyMaterial.fromKeyMaterial2(materialize2(), baseDir);
+        } else {
+            throw new AbstractMethodError("Override KeyMaterialFactory.materialize2 from " + getClass());
+        }
+    }
+
     /**
      * Builds the key material environment variables needed to be passed when docker runs, to access
      * {@link DockerServerCredentials} that this object was created from.
-     * 
+     *
      * <p>
-     * When you are done using the credentials, call {@link KeyMaterial#close()} to allow sensitive 
+     * When you are done using the credentials, call {@link KeyMaterial2#close} to allow sensitive
      * information to be removed from the disk.
      */
-    public abstract KeyMaterial materialize() throws IOException, InterruptedException;
+    public KeyMaterial2 materialize2() throws IOException, InterruptedException {
+        if (Util.isOverridden(KeyMaterialFactory.class, getClass(), "materialize")) {
+            return materialize().toKeyMaterial2();
+        } else {
+            throw new AbstractMethodError("Override KeyMaterialFactory.materialize2 from " + getClass());
+        }
+    }
 
     /**
      * Creates a read-protected directory inside {@link KeyMaterialContext#getBaseDir} suitable for storing secret files.

src/main/java/org/jenkinsci/plugins/docker/commons/impl/CompositeKeyMaterialFactory.java

@@ -23,8 +23,11 @@
  */
 package org.jenkinsci.plugins.docker.commons.impl;
 
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import hudson.EnvVars;
+import hudson.remoting.VirtualChannel;
 import org.jenkinsci.plugins.docker.commons.credentials.KeyMaterial;
+import org.jenkinsci.plugins.docker.commons.credentials.KeyMaterial2;
 import org.jenkinsci.plugins.docker.commons.credentials.KeyMaterialContext;
 import org.jenkinsci.plugins.docker.commons.credentials.KeyMaterialFactory;
 import org.kohsuke.accmod.Restricted;
@@ -60,52 +63,92 @@ public synchronized KeyMaterialFactory contextualize(@NonNull KeyMaterialContext
     }
 
     @Override
-    public KeyMaterial materialize() throws IOException, InterruptedException {
+    public KeyMaterial2 materialize2() throws IOException, InterruptedException {
 
-        KeyMaterial[] keyMaterials = new KeyMaterial[factories.length];
+        KeyMaterial2[] keyMaterials = new KeyMaterial2[factories.length];
         EnvVars env = new EnvVars();
         try {
             for (int index = 0; index < factories.length; index++) {
-                keyMaterials[index] = factories[index].materialize();
+                keyMaterials[index] = factories[index].materialize2();
                 env.putAll(keyMaterials[index].env());
             }
-            return new CompositeKeyMaterial(env, keyMaterials);
+            return new CompositeKeyMaterial2(env, keyMaterials);
         } catch (Throwable e) {
             for (int index = keyMaterials.length - 1; index >= 0; index--) {
                 try {
                     if (keyMaterials[index] != null) {
-                        keyMaterials[index].close();
+                        keyMaterials[index].close(getChannel());
                     }
-                } catch (IOException ioe) {
-                    // ignore as we want to try and close them all and we are reporting the original exception
                 } catch (Throwable t) {
-                    // ignore as we want to try and close them all and we are reporting the original exception
+                    e.addSuppressed(t);
                 }
             }
-            // TODO Java 7+ use chained exceptions
-            if (e instanceof IOException) {
-                throw (IOException) e;
-            } else if (e instanceof InterruptedException) {
-                throw (InterruptedException) e;
-            } else if (e instanceof RuntimeException) {
-                throw (RuntimeException) e;
+            if (e instanceof IOException ioe) {
+                throw ioe;
+            } else if (e instanceof InterruptedException ie) {
+                throw ie;
+            } else if (e instanceof RuntimeException re) {
+                throw re;
             } else {
                 throw new IOException("Error materializing credentials.", e);
             }
         }
     }
 
-    private static final class CompositeKeyMaterial extends KeyMaterial implements Serializable {
+    private static final class CompositeKeyMaterial2 extends KeyMaterial2 implements Serializable {
 
         private static final long serialVersionUID = 1L;
 
-        private final KeyMaterial[] keyMaterials;
+        private final KeyMaterial2[] keyMaterials;
 
-        protected CompositeKeyMaterial(EnvVars envVars, KeyMaterial... keyMaterials) {
+        CompositeKeyMaterial2(EnvVars envVars, KeyMaterial2... keyMaterials) {
             super(envVars);
             this.keyMaterials = keyMaterials;
         }
 
+        @Override
+        public void close(VirtualChannel channel) throws IOException, InterruptedException {
+            Throwable first = null;
+            for (int index = keyMaterials.length - 1; index >= 0; index--) {
+                try {
+                    if (keyMaterials[index] != null) {
+                        keyMaterials[index].close(channel);
+                    }
+                } catch (Throwable e) {
+                    if (first == null) {
+                        first = e;
+                    } else {
+                        first.addSuppressed(e);
+                    }
+                }
+            }
+            if (first != null) {
+                if (first instanceof IOException ioe) {
+                    throw ioe;
+                } else if (first instanceof InterruptedException ie) {
+                    throw ie;
+                } else if (first instanceof RuntimeException re) {
+                    throw re;
+                } else {
+                    throw new IOException("Error closing credentials.", first);
+                }
+            }
+        }
+    }
+
+    @SuppressFBWarnings(value = {"NP_UNWRITTEN_FIELD", "UWF_NULL_FIELD"})
+    @Deprecated
+    private static final class CompositeKeyMaterial extends KeyMaterial implements Serializable {
+
+        private static final long serialVersionUID = 1L;
+
+        private final KeyMaterial[] keyMaterials = null;
+
+        private CompositeKeyMaterial() {
+            super(null);
+            assert false : "only deserialized";
+        }
+
         @Override
         public void close() throws IOException {
             Throwable first = null;

src/main/java/org/jenkinsci/plugins/docker/commons/impl/NullKeyMaterialFactory.java

@@ -24,26 +24,26 @@
 package org.jenkinsci.plugins.docker.commons.impl;
 
 import edu.umd.cs.findbugs.annotations.NonNull;
-import org.jenkinsci.plugins.docker.commons.credentials.KeyMaterial;
 import org.jenkinsci.plugins.docker.commons.credentials.KeyMaterialContext;
 import org.jenkinsci.plugins.docker.commons.credentials.KeyMaterialFactory;
 import org.kohsuke.accmod.Restricted;
 import org.kohsuke.accmod.restrictions.NoExternalUse;
 
 import java.io.IOException;
+import org.jenkinsci.plugins.docker.commons.credentials.KeyMaterial2;
 
 /**
  * {@link org.jenkinsci.plugins.docker.commons.credentials.KeyMaterialFactory} that does nothing.
  *
- * @see org.jenkinsci.plugins.docker.commons.credentials.KeyMaterial#NULL
+ * @see org.jenkinsci.plugins.docker.commons.credentials.KeyMaterial2#NULL
  * @author Kohsuke Kawaguchi
  */
 @Restricted(NoExternalUse.class)
 public final class NullKeyMaterialFactory extends KeyMaterialFactory {
 
     @Override
-    public KeyMaterial materialize() throws IOException, InterruptedException {
-        return KeyMaterial.NULL;
+    public KeyMaterial2 materialize2() throws IOException, InterruptedException {
+        return KeyMaterial2.NULL;
     }
 
     @Override