public abstract class ConfidentialStore extends Object
ConfidentialKey
s, and the holder
of the master secret.
This class is only relevant for the implementers of ConfidentialKey
s.
Most plugin code should interact with ConfidentialKey
s.
OEM distributions of Jenkins can provide a custom ConfidentialStore
implementation
by writing a subclass, mark it with MetaInfServices
annotation, package it as a Jenkins module,
and bundling it with the war file. This doesn't use Extension
because some plugins
have been found to use Secret
before we get to InitMilestone.PLUGINS_PREPARED
, and
therefore Extension
s aren't loaded yet. (Similarly, it's conceivable that some future
core code might need this early on during the boot sequence.)
Constructor and Description |
---|
ConfidentialStore() |
Modifier and Type | Method and Description |
---|---|
static ConfidentialStore |
get()
Retrieves the currently active singleton instance of
ConfidentialStore . |
protected abstract byte[] |
load(ConfidentialKey key)
Reverse operation of
store(ConfidentialKey, byte[]) |
abstract byte[] |
randomBytes(int size)
Works like
SecureRandom.nextBytes(byte[]) . |
protected abstract void |
store(ConfidentialKey key,
byte[] payload)
Persists the payload of
ConfidentialKey to a persisted storage (such as disk.)
The expectation is that the persisted form is secure. |
protected abstract void store(ConfidentialKey key, byte[] payload) throws IOException
ConfidentialKey
to a persisted storage (such as disk.)
The expectation is that the persisted form is secure.IOException
@CheckForNull protected abstract byte[] load(ConfidentialKey key) throws IOException
store(ConfidentialKey, byte[])
IOException
public abstract byte[] randomBytes(int size)
SecureRandom.nextBytes(byte[])
.
This enables implementations to consult other entropy sources, if it's available.@Nonnull public static ConfidentialStore get()
ConfidentialStore
.Copyright © 2004–2019. All rights reserved.