Package jenkins.security.apitoken

Class ApiTokenStore

  • @Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class)
public class ApiTokenStore
extends Object

    • Constructor Detail

      • ApiTokenStore

        public ApiTokenStore()

    • Method Detail

      • reconfigure

        public void reconfigure​(@NonNull
                        Map<String,​net.sf.json.JSONObject> tokenStoreDataMap)
        Defensive approach to avoid involuntary change since the UUIDs are generated at startup only for UI and so between restart they change

      • regenerateTokenFromLegacy

        public void regenerateTokenFromLegacy​(@NonNull
                                      Secret newLegacyApiToken)
        Remove the legacy token present and generate a new one using the given secret.

      • regenerateTokenFromLegacyIfRequired

        public void regenerateTokenFromLegacyIfRequired​(@NonNull
                                                Secret newLegacyApiToken)
        Same as regenerateTokenFromLegacy(Secret) but only applied if there is an existing legacy token.

        Otherwise, no effect.

      • getLegacyToken

        @Nullable
public ApiTokenStore.HashedToken getLegacyToken()
        Returns:
        null iff there is no legacy token in the store, otherwise the legacy token is returned

      • generateNewToken

        @NonNull
public TokenUuidAndPlainValue generateNewToken​(@NonNull
                                               String name)
        Create a new token with the given name and return it id and secret value. Result meant to be sent / displayed and then discarded.

      • addFixedNewToken

        @NonNull
public String addFixedNewToken​(@NonNull
                               String name,
                               @NonNull
                               String tokenPlainValue)
        Be careful with this method. Depending on how the tokenPlainValue was stored/sent to this method, it could be a good idea to generate a new token randomly and revoke this one.

      • findMatchingToken

        @CheckForNull
public ApiTokenStore.HashedToken findMatchingToken​(@NonNull
                                                   String token)
        Search in the store if there is a token with the same secret as the one given
        Returns:
        null iff there is no matching token

      • revokeToken

        @CheckForNull
public ApiTokenStore.HashedToken revokeToken​(@NonNull
                                             String tokenUuid)
        Remove a token given its identifier. Effectively make it unusable for future connection.
        Parameters:
        tokenUuid - The identifier of the token, could be retrieved directly from the ApiTokenStore.HashedToken.getUuid()
        Returns:
        the revoked token corresponding to the given tokenUuid if one was found, otherwise null

      • revokeAllTokens

        public void revokeAllTokens()

      • revokeAllTokensExcept

        public void revokeAllTokensExcept​(@NonNull
                                  String tokenUuid)

      • renameToken

        public boolean renameToken​(@NonNull
                           String tokenUuid,
                           @NonNull
                           String newName)
        Given a token identifier and a name, the system will try to find a corresponding token and rename it
        Returns:
        true iff the token was found and the rename was successful