From 3b54f03b474f93f28af835dc9247818d336a7762 Mon Sep 17 00:00:00 2001
From: Stephen Shank <stephenshank@google.com>
Date: Thu, 4 Apr 2019 17:25:07 -0700
Subject: [PATCH 01/17] Use DataboundSetter throughout except for final field
 emailAddress for p12 keys.

---
 .../GoogleRobotPrivateKeyCredentials.java     |  3 +-
 .../oauth/JsonServiceAccountConfig.java       | 75 +++++++++++-------
 .../oauth/P12ServiceAccountConfig.java        | 77 +++++++++++++------
 .../GoogleRobotPrivateKeyCredentialsTest.java | 15 ++--
 .../oauth/JsonServiceAccountConfigTest.java   | 51 ++++++------
 .../oauth/P12ServiceAccountConfigTest.java    | 50 ++++++------
 6 files changed, 160 insertions(+), 111 deletions(-)

diff --git a/src/main/java/com/google/jenkins/plugins/credentials/oauth/GoogleRobotPrivateKeyCredentials.java b/src/main/java/com/google/jenkins/plugins/credentials/oauth/GoogleRobotPrivateKeyCredentials.java
index f037ea7..557ed3e 100644
--- a/src/main/java/com/google/jenkins/plugins/credentials/oauth/GoogleRobotPrivateKeyCredentials.java
+++ b/src/main/java/com/google/jenkins/plugins/credentials/oauth/GoogleRobotPrivateKeyCredentials.java
@@ -73,8 +73,7 @@ public GoogleRobotPrivateKeyCredentials(String projectId,
   public Object readResolve() {
     if (serviceAccountConfig == null) {
       String clientEmail = getClientEmailFromSecretsFileAndLogErrors();
-      serviceAccountConfig = new P12ServiceAccountConfig(clientEmail, null,
-              p12File);
+      serviceAccountConfig = new P12ServiceAccountConfig(clientEmail, p12File);
     }
     return this;
   }
diff --git a/src/main/java/com/google/jenkins/plugins/credentials/oauth/JsonServiceAccountConfig.java b/src/main/java/com/google/jenkins/plugins/credentials/oauth/JsonServiceAccountConfig.java
index 0b06583..4afb1b7 100644
--- a/src/main/java/com/google/jenkins/plugins/credentials/oauth/JsonServiceAccountConfig.java
+++ b/src/main/java/com/google/jenkins/plugins/credentials/oauth/JsonServiceAccountConfig.java
@@ -15,6 +15,8 @@
  */
 package com.google.jenkins.plugins.credentials.oauth;
 
+import com.google.api.client.util.Strings;
+import com.google.common.annotations.VisibleForTesting;
 import java.io.ByteArrayInputStream;
 import java.io.File;
 import java.io.IOException;
@@ -42,6 +44,7 @@
 import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import hudson.Extension;
 import jenkins.model.Jenkins;
+import org.kohsuke.stapler.DataBoundSetter;
 
 /**
  * Provides authentication mechanism for a service account by setting a .json
@@ -67,44 +70,53 @@ public class JsonServiceAccountConfig extends ServiceAccountConfig {
   private SecretBytes secretJsonKey;
   @Deprecated   // for migration purpose
   @CheckForNull
-  private transient String jsonKeyFile;
+  private transient String prevJsonKeyFile;
   private transient JsonKey jsonKey;
 
-  /**
-   * @param jsonKeyFile uploaded json key file
-   * @param filename
-   *     previous json key file name.
-   *     used if jsonKeyFile is not provided.
-   * @param secretJsonKey
-   *     previous json key file content.
-   *     used if jsonKeyFile is not provided.
-   * @since 0.7
-   */
   @DataBoundConstructor
-  public JsonServiceAccountConfig(FileItem jsonKeyFile,
-      String filename, SecretBytes secretJsonKey) {
+  public JsonServiceAccountConfig() {}
+
+  /**@param jsonKeyFile uploaded json key file */
+  @DataBoundSetter // Called on form submission, only used when key file is uploaded
+  public void setJsonKeyFile(FileItem jsonKeyFile) {
     if (jsonKeyFile != null && jsonKeyFile.getSize() > 0) {
       try {
         JsonKey jsonKey = JsonKey.load(new JacksonFactory(),
-                jsonKeyFile.getInputStream());
+            jsonKeyFile.getInputStream());
         if (jsonKey.getClientEmail() != null &&
-                jsonKey.getPrivateKey() != null) {
+            jsonKey.getPrivateKey() != null) {
           this.filename = extractFilename(jsonKeyFile.getName());
           this.secretJsonKey = SecretBytes.fromBytes(jsonKeyFile.get());
         }
       } catch (IOException e) {
         LOGGER.log(Level.SEVERE, "Failed to read json key from file", e);
       }
-    } else {
-      this.filename = extractFilename(filename);
+    }
+  }
+
+  /** @param filename json key file name.*/
+  @DataBoundSetter
+  public void setFilename(String filename) {
+    String newFilename = extractFilename(filename);
+    if (!Strings.isNullOrEmpty(newFilename)) {
+      this.filename = newFilename;
+    }
+  }
+
+  /** @param secretJsonKey json key file content.*/
+  @DataBoundSetter
+  public void setSecretJsonKey(SecretBytes secretJsonKey) {
+    if (secretJsonKey != null && secretJsonKey.getPlainData().length > 0) {
       this.secretJsonKey = secretJsonKey;
     }
   }
 
+
   @Deprecated
-  public JsonServiceAccountConfig(FileItem jsonKeyFile,
-      String prevJsonKeyFile) {
-    this(null, prevJsonKeyFile, getSecretBytesFromFile(prevJsonKeyFile));
+  // Used for JsonServiceAccountConfig
+  public JsonServiceAccountConfig(String prevJsonKeyFile) {
+    this.filename = extractFilename(prevJsonKeyFile);
+    this.secretJsonKey = getSecretBytesFromFile(prevJsonKeyFile);
   }
 
   @Deprecated   // used only for compatibility purpose
@@ -139,8 +151,7 @@ private Object readResolve() {
     if (secretJsonKey == null) {
       // google-oauth-plugin < 0.7
       return new JsonServiceAccountConfig(
-        null,
-        getJsonKeyFile()
+        getPrevJsonKeyFile()
       );
     }
     return this;
@@ -168,8 +179,18 @@ public SecretBytes getSecretJsonKey() {
   }
 
   @Deprecated
-  public String getJsonKeyFile() {
-    return jsonKeyFile;
+  public String getPrevJsonKeyFile() {
+    return prevJsonKeyFile;
+  }
+
+  /**
+   * For use in UI, do not use.
+   * @return The uploaded json key file
+   */
+  @Deprecated
+  @Restricted(DoNotUse.class) // Required by stapler to call setJsonKeyFile above.
+  public FileItem getJsonKeyFile() {
+    return null;
   }
 
   @Override
@@ -193,11 +214,7 @@ public PrivateKey getPrivateKey() {
           PKCS8EncodedKeySpec keySpec =
               new PKCS8EncodedKeySpec(section.getBase64DecodedBytes());
           return KeyFactory.getInstance("RSA").generatePrivate(keySpec);
-        } catch (IOException e) {
-          LOGGER.log(Level.SEVERE, "Failed to read private key", e);
-        } catch (InvalidKeySpecException e) {
-          LOGGER.log(Level.SEVERE, "Failed to read private key", e);
-        } catch (NoSuchAlgorithmException e) {
+        } catch (IOException | InvalidKeySpecException | NoSuchAlgorithmException e) {
           LOGGER.log(Level.SEVERE, "Failed to read private key", e);
         }
       }
diff --git a/src/main/java/com/google/jenkins/plugins/credentials/oauth/P12ServiceAccountConfig.java b/src/main/java/com/google/jenkins/plugins/credentials/oauth/P12ServiceAccountConfig.java
index 2401b50..a40b1b2 100644
--- a/src/main/java/com/google/jenkins/plugins/credentials/oauth/P12ServiceAccountConfig.java
+++ b/src/main/java/com/google/jenkins/plugins/credentials/oauth/P12ServiceAccountConfig.java
@@ -15,6 +15,7 @@
  */
 package com.google.jenkins.plugins.credentials.oauth;
 
+import com.google.api.client.util.Strings;
 import java.io.ByteArrayInputStream;
 import java.io.File;
 import java.io.IOException;
@@ -42,6 +43,8 @@
 import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import hudson.Extension;
 import jenkins.model.Jenkins;
+import org.kohsuke.stapler.DataBoundSetter;
+import org.kohsuke.stapler.QueryParameter;
 
 /**
  * provides authentication mechanism for a service account by setting a service
@@ -60,37 +63,52 @@ public class P12ServiceAccountConfig extends ServiceAccountConfig {
   private SecretBytes secretP12Key;
   @Deprecated   // for migration purpose
   @CheckForNull
-  private transient String p12KeyFile;
+  private transient String prevP12KeyFile;
 
   /**
    * @param emailAddress email address
-   * @param p12KeyFile uploaded p12 key file
-   * @param filename
-   *     previous json key file name.
-   *     used if p12KeyFile is not provided.
-   * @param secretP12Key
-   *     previous p12 key file content.
-   *     used if p12KeyFile is not provided.
    * @since 0.7
    */
   @DataBoundConstructor
-  public P12ServiceAccountConfig(String emailAddress, FileItem p12KeyFile,
-                                 String filename, SecretBytes secretP12Key) {
+  public P12ServiceAccountConfig(String emailAddress) {
     this.emailAddress = emailAddress;
+  }
+
+  /**
+   * @param emailAddress email address
+   * @param prevP12KeyFile The path of the previous p12 key file
+   */
+  @Deprecated
+  public P12ServiceAccountConfig(String emailAddress, String prevP12KeyFile) {
+    this(emailAddress);
+    this.setFilename(prevP12KeyFile);
+    this.setSecretP12Key(getSecretBytesFromFile(prevP12KeyFile));
+  }
+
+  /** @param p12KeyFile uploaded p12 key file */
+  @Deprecated
+  @DataBoundSetter // Called on form submission, only used when credentials are uploaded.
+  public void setP12KeyFile(FileItem p12KeyFile) {
     if (p12KeyFile != null && p12KeyFile.getSize() > 0) {
       this.filename = extractFilename(p12KeyFile.getName());
       this.secretP12Key = SecretBytes.fromBytes(p12KeyFile.get());
-    } else {
+    }
+  }
+
+  /** @param filename previous json key file name. */
+  @DataBoundSetter
+  public void setFilename(String filename) {
+    if (!Strings.isNullOrEmpty(filename)) {
       this.filename = extractFilename(filename);
-      this.secretP12Key = secretP12Key;
     }
   }
 
-  @Deprecated
-  public P12ServiceAccountConfig(String emailAddress, FileItem p12KeyFile,
-                                 String prevP12KeyFile) {
-    this(emailAddress, p12KeyFile,
-        prevP12KeyFile, getSecretBytesFromFile(prevP12KeyFile));
+  /** @param secretP12Key previous p12 key file content.*/
+  @DataBoundSetter
+  public void setSecretP12Key(SecretBytes secretP12Key) {
+    if (secretP12Key != null && secretP12Key.getPlainData().length > 0) {
+      this.secretP12Key = secretP12Key;
+    }
   }
 
   @Deprecated   // used only for compatibility purpose
@@ -126,8 +144,7 @@ private Object readResolve() {
       // google-oauth-plugin < 0.7
       return new P12ServiceAccountConfig(
         getEmailAddress(),
-        null,
-        getP12KeyFile()
+        getPrevP12KeyFile()
       );
     }
     return this;
@@ -152,15 +169,31 @@ public String getFilename() {
     return filename;
   }
 
-  @Restricted(DoNotUse.class)   // for UI purpose only
+  /**
+   * Do not use, required for UI.
+   *
+   * @return secretP12Key
+   */
+  @Restricted(DoNotUse.class) // Required by stapler for being able to call setSecretP12Key
   @CheckForNull
   public SecretBytes getSecretP12Key() {
     return secretP12Key;
   }
 
+  /** @return the path of the previous p12 key file. */
   @Deprecated
-  public String getP12KeyFile() {
-    return p12KeyFile;
+  public String getPrevP12KeyFile() {
+    return prevP12KeyFile;
+  }
+
+  /**
+   * Do not use, required for UI.
+   * @return The uploaded p12 key file
+   */
+  @Deprecated
+  @Restricted(DoNotUse.class) // Required by stapler for being able to call setP12KeyFile.
+  public FileItem getP12KeyFile() {
+    return null;
   }
 
   @Override
diff --git a/src/test/java/com/google/jenkins/plugins/credentials/oauth/GoogleRobotPrivateKeyCredentialsTest.java b/src/test/java/com/google/jenkins/plugins/credentials/oauth/GoogleRobotPrivateKeyCredentialsTest.java
index 0bbbf12..acda82e 100644
--- a/src/test/java/com/google/jenkins/plugins/credentials/oauth/GoogleRobotPrivateKeyCredentialsTest.java
+++ b/src/test/java/com/google/jenkins/plugins/credentials/oauth/GoogleRobotPrivateKeyCredentialsTest.java
@@ -118,10 +118,10 @@ public void testCreatePrivateKeyCredentialsWithJsonKeyType()
             .thenReturn(new FileInputStream(jsonKeyPath));
     when(mockFileItem.get())
             .thenReturn(FileUtils.readFileToByteArray(new File(jsonKeyPath)));
+    JsonServiceAccountConfig jsonServiceAccountConfig = new JsonServiceAccountConfig();
+    jsonServiceAccountConfig.setJsonKeyFile(mockFileItem);
     GoogleRobotPrivateKeyCredentials credentials =
-            new GoogleRobotPrivateKeyCredentials(PROJECT_ID,
-                    new JsonServiceAccountConfig(
-                            mockFileItem, null, null), module);
+            new GoogleRobotPrivateKeyCredentials(PROJECT_ID, jsonServiceAccountConfig, module);
 
     assertEquals(CredentialsScope.GLOBAL, credentials.getScope());
     assertEquals(SERVICE_ACCOUNT_EMAIL_ADDRESS, credentials.getUsername());
@@ -153,7 +153,8 @@ public void testCreatePrivateKeyCredentialsWithP12KeyType() throws Exception {
     when(mockFileItem.get())
             .thenReturn(FileUtils.readFileToByteArray(new File(p12KeyPath)));
     P12ServiceAccountConfig keyType = new P12ServiceAccountConfig(
-            SERVICE_ACCOUNT_EMAIL_ADDRESS, mockFileItem, null, null);
+            SERVICE_ACCOUNT_EMAIL_ADDRESS);
+    keyType.setP12KeyFile(mockFileItem);
     GoogleRobotPrivateKeyCredentials credentials =
             new GoogleRobotPrivateKeyCredentials(PROJECT_ID, keyType, module);
 
@@ -390,10 +391,10 @@ public void testGetById() throws Exception {
             .thenReturn(new FileInputStream(jsonKeyPath));
     when(mockFileItem.get())
             .thenReturn(FileUtils.readFileToByteArray(new File(jsonKeyPath)));
+    JsonServiceAccountConfig jsonServiceAccountConfig = new JsonServiceAccountConfig();
+    jsonServiceAccountConfig.setJsonKeyFile(mockFileItem);
     GoogleRobotPrivateKeyCredentials credentials =
-            new GoogleRobotPrivateKeyCredentials(PROJECT_ID,
-                    new JsonServiceAccountConfig(
-                            mockFileItem, null, null), null);
+        new GoogleRobotPrivateKeyCredentials(PROJECT_ID, jsonServiceAccountConfig, null);
 
     SystemCredentialsProvider.getInstance().getCredentials().add(credentials);
 
diff --git a/src/test/java/com/google/jenkins/plugins/credentials/oauth/JsonServiceAccountConfigTest.java b/src/test/java/com/google/jenkins/plugins/credentials/oauth/JsonServiceAccountConfigTest.java
index d6a738a..ac90a58 100644
--- a/src/test/java/com/google/jenkins/plugins/credentials/oauth/JsonServiceAccountConfigTest.java
+++ b/src/test/java/com/google/jenkins/plugins/credentials/oauth/JsonServiceAccountConfigTest.java
@@ -41,8 +41,7 @@
  * Tests for {@link JsonServiceAccountConfig}.
  */
 public class JsonServiceAccountConfigTest {
-  private static final String SERVICE_ACCOUNT_EMAIL_ADDRESS =
-      "service@account.com";
+  private static final String SERVICE_ACCOUNT_EMAIL_ADDRESS = "service@account.com";
   private static PrivateKey privateKey;
   private static String jsonKeyPath;
   @Rule
@@ -58,7 +57,7 @@ public static void preparePrivateKey() throws Exception {
   }
 
   @Before
-  public void setUp() throws Exception {
+  public void setUp() {
     MockitoAnnotations.initMocks(this);
   }
 
@@ -70,17 +69,16 @@ public void testCreateJsonKeyTypeWithNewJsonKeyFile() throws Exception {
     when(mockFileItem.getName()).thenReturn(jsonKeyPath);
     when(mockFileItem.get())
         .thenReturn(FileUtils.readFileToByteArray(new File(jsonKeyPath)));
-    JsonServiceAccountConfig jsonKeyType =
-        new JsonServiceAccountConfig(mockFileItem, null, null);
+    JsonServiceAccountConfig jsonKeyType = new JsonServiceAccountConfig();
+    jsonKeyType.setJsonKeyFile(mockFileItem);
 
     assertEquals(SERVICE_ACCOUNT_EMAIL_ADDRESS, jsonKeyType.getAccountId());
     assertEquals(privateKey, jsonKeyType.getPrivateKey());
   }
 
   @Test
-  public void testCreateJsonKeyTypeWithNullParameters() throws Exception {
-    JsonServiceAccountConfig jsonServiceAccountConfig =
-        new JsonServiceAccountConfig(null, null, null);
+  public void testCreateJsonKeyTypeWithNullParameters() {
+    JsonServiceAccountConfig jsonServiceAccountConfig = new JsonServiceAccountConfig();
 
     assertNull(jsonServiceAccountConfig.getAccountId());
     assertNull(jsonServiceAccountConfig.getPrivateKey());
@@ -89,10 +87,10 @@ public void testCreateJsonKeyTypeWithNullParameters() throws Exception {
   @Test
   public void testCreateJsonKeyTypeWithEmptyJsonKeyFile() throws Exception {
     when(mockFileItem.getSize()).thenReturn(0L);
-    JsonServiceAccountConfig jsonKeyType = new JsonServiceAccountConfig
-        (mockFileItem, null);
+    JsonServiceAccountConfig jsonKeyType = new JsonServiceAccountConfig(null);
+    jsonKeyType.setJsonKeyFile(mockFileItem);
 
-    assertNull(jsonKeyType.getJsonKeyFile());
+    assertNull(jsonKeyType.getPrevJsonKeyFile());
     assertNull(jsonKeyType.getAccountId());
     assertNull(jsonKeyType.getPrivateKey());
   }
@@ -107,17 +105,16 @@ public void testCreateJsonKeyTypeWithInvalidJsonKeyFile() throws Exception {
     when(mockFileItem.get())
         .thenReturn(bytes);
     JsonServiceAccountConfig jsonServiceAccountConfig =
-        new JsonServiceAccountConfig(mockFileItem, null, null);
+        new JsonServiceAccountConfig();
+    jsonServiceAccountConfig.setJsonKeyFile(mockFileItem);
 
     assertNull(jsonServiceAccountConfig.getAccountId());
     assertNull(jsonServiceAccountConfig.getPrivateKey());
   }
 
   @Test
-  public void testCreateJsonKeyTypeWithPrevJsonKeyFileForCompatibility()
-      throws Exception {
-    JsonServiceAccountConfig jsonServiceAccountConfig =
-        new JsonServiceAccountConfig(null, jsonKeyPath);
+  public void testCreateJsonKeyTypeWithPrevJsonKeyFileForCompatibility() {
+    JsonServiceAccountConfig jsonServiceAccountConfig = new JsonServiceAccountConfig(jsonKeyPath);
 
     assertEquals(SERVICE_ACCOUNT_EMAIL_ADDRESS,
         jsonServiceAccountConfig.getAccountId());
@@ -128,8 +125,9 @@ public void testCreateJsonKeyTypeWithPrevJsonKeyFileForCompatibility()
   public void testCreateJsonKeyTypeWithPrevJsonKeyFile() throws Exception {
     SecretBytes prev = SecretBytes
             .fromBytes(FileUtils.readFileToByteArray(new File(jsonKeyPath)));
-    JsonServiceAccountConfig jsonServiceAccountConfig =
-        new JsonServiceAccountConfig(null, jsonKeyPath, prev);
+    JsonServiceAccountConfig jsonServiceAccountConfig = new JsonServiceAccountConfig();
+    jsonServiceAccountConfig.setFilename(jsonKeyPath);
+    jsonServiceAccountConfig.setSecretJsonKey(prev);
 
     assertEquals(SERVICE_ACCOUNT_EMAIL_ADDRESS,
         jsonServiceAccountConfig.getAccountId());
@@ -137,21 +135,20 @@ public void testCreateJsonKeyTypeWithPrevJsonKeyFile() throws Exception {
   }
 
   @Test
-  public void testCreateJsonKeyTypeWithEmptyPrevJsonKeyFile() throws Exception {
+  public void testCreateJsonKeyTypeWithEmptyPrevJsonKeyFile() {
     SecretBytes prev = SecretBytes.fromString("");
-    JsonServiceAccountConfig jsonServiceAccountConfig =
-        new JsonServiceAccountConfig(null, "", prev);
+    JsonServiceAccountConfig jsonServiceAccountConfig = new JsonServiceAccountConfig();
+    jsonServiceAccountConfig.setFilename("");
+    jsonServiceAccountConfig.setSecretJsonKey(prev);
 
     assertNull(jsonServiceAccountConfig.getAccountId());
     assertNull(jsonServiceAccountConfig.getPrivateKey());
   }
 
   @Test
-  public void testCreateJsonKeyTypeWithInvalidPrevJsonKeyFile()
-      throws Exception {
-    String invalidPrevJsonKeyFile = "invalidPrevJsonKeyFile.json";
+  public void testCreateJsonKeyTypeWithInvalidPrevJsonKeyFile() {
     JsonServiceAccountConfig jsonServiceAccountConfig =
-        new JsonServiceAccountConfig(null, invalidPrevJsonKeyFile, null);
+        new JsonServiceAccountConfig("invalidPrevJsonKeyFile.json");
 
     assertNull(jsonServiceAccountConfig.getAccountId());
     assertNull(jsonServiceAccountConfig.getPrivateKey());
@@ -165,8 +162,8 @@ public void testSerialization() throws Exception {
         .thenReturn(new FileInputStream(jsonKeyPath));
     when(mockFileItem.get())
         .thenReturn(FileUtils.readFileToByteArray(new File(jsonKeyPath)));
-    JsonServiceAccountConfig jsonServiceAccountConfig =
-        new JsonServiceAccountConfig(mockFileItem, null, null);
+    JsonServiceAccountConfig jsonServiceAccountConfig = new JsonServiceAccountConfig();
+    jsonServiceAccountConfig.setJsonKeyFile(mockFileItem);
 
     ByteArrayOutputStream out = new ByteArrayOutputStream();
     SerializationUtil.serialize(jsonServiceAccountConfig, out);
diff --git a/src/test/java/com/google/jenkins/plugins/credentials/oauth/P12ServiceAccountConfigTest.java b/src/test/java/com/google/jenkins/plugins/credentials/oauth/P12ServiceAccountConfigTest.java
index e30f844..581cb1e 100644
--- a/src/test/java/com/google/jenkins/plugins/credentials/oauth/P12ServiceAccountConfigTest.java
+++ b/src/test/java/com/google/jenkins/plugins/credentials/oauth/P12ServiceAccountConfigTest.java
@@ -68,8 +68,8 @@ public void testCreateWithNewP12KeyFile() throws Exception {
     when(mockFileItem.get())
         .thenReturn(FileUtils.readFileToByteArray(new File(p12KeyPath)));
     P12ServiceAccountConfig p12ServiceAccountConfig =
-        new P12ServiceAccountConfig(SERVICE_ACCOUNT_EMAIL_ADDRESS,
-            mockFileItem, null, null);
+        new P12ServiceAccountConfig(SERVICE_ACCOUNT_EMAIL_ADDRESS);
+    p12ServiceAccountConfig.setP12KeyFile(mockFileItem);
 
     assertEquals(SERVICE_ACCOUNT_EMAIL_ADDRESS, p12ServiceAccountConfig
         .getAccountId());
@@ -81,7 +81,9 @@ public void testCreateWithNullAccountId() throws Exception {
     SecretBytes prev = SecretBytes.fromBytes(
         FileUtils.readFileToByteArray(new File(p12KeyPath)));
     P12ServiceAccountConfig p12ServiceAccountConfig =
-        new P12ServiceAccountConfig(null, null, p12KeyPath, prev);
+        new P12ServiceAccountConfig(null);
+    p12ServiceAccountConfig.setFilename(p12KeyPath);
+    p12ServiceAccountConfig.setSecretP12Key(prev);
 
     assertNull(p12ServiceAccountConfig.getAccountId());
     assertEquals(keyPair.getPrivate(), p12ServiceAccountConfig.getPrivateKey());
@@ -89,10 +91,9 @@ public void testCreateWithNullAccountId() throws Exception {
 
   @Test
   @WithoutJenkins
-  public void testCreateWithNullP12KeyFile() throws Exception {
+  public void testCreateWithNullP12KeyFile() {
     P12ServiceAccountConfig p12ServiceAccountConfig =
-        new P12ServiceAccountConfig(SERVICE_ACCOUNT_EMAIL_ADDRESS, null,
-            null, null);
+        new P12ServiceAccountConfig(SERVICE_ACCOUNT_EMAIL_ADDRESS);
 
     assertEquals(SERVICE_ACCOUNT_EMAIL_ADDRESS,
         p12ServiceAccountConfig.getAccountId());
@@ -105,8 +106,8 @@ public void testCreateWithEmptyP12KeyFile() throws Exception {
     when(mockFileItem.getSize()).thenReturn(0L);
     when(mockFileItem.get()).thenReturn(new byte[]{});
     P12ServiceAccountConfig p12ServiceAccountConfig =
-        new P12ServiceAccountConfig(SERVICE_ACCOUNT_EMAIL_ADDRESS,
-            mockFileItem, null, null);
+        new P12ServiceAccountConfig(SERVICE_ACCOUNT_EMAIL_ADDRESS);
+    p12ServiceAccountConfig.setP12KeyFile(mockFileItem);
 
     assertEquals(SERVICE_ACCOUNT_EMAIL_ADDRESS,
             p12ServiceAccountConfig.getAccountId());
@@ -114,15 +115,15 @@ public void testCreateWithEmptyP12KeyFile() throws Exception {
   }
 
   @Test
-  public void testCreateWithInvalidP12KeyFile() throws Exception {
+  public void testCreateWithInvalidP12KeyFile() {
     byte[] bytes = "invalidP12KeyFile".getBytes();
     when(mockFileItem.getSize()).thenReturn((long) bytes.length);
     when(mockFileItem.getName()).thenReturn("invalidP12KeyFile");
     when(mockFileItem.get())
         .thenReturn(bytes);
     P12ServiceAccountConfig p12ServiceAccountConfig =
-        new P12ServiceAccountConfig(SERVICE_ACCOUNT_EMAIL_ADDRESS,
-            mockFileItem, null, null);
+        new P12ServiceAccountConfig(SERVICE_ACCOUNT_EMAIL_ADDRESS);
+    p12ServiceAccountConfig.setP12KeyFile(mockFileItem);
 
     assertEquals(SERVICE_ACCOUNT_EMAIL_ADDRESS,
         p12ServiceAccountConfig.getAccountId());
@@ -130,10 +131,9 @@ public void testCreateWithInvalidP12KeyFile() throws Exception {
   }
 
   @Test
-  public void testCreateWithPrevP12KeyFileForCompatibility() throws Exception {
+  public void testCreateWithPrevP12KeyFileForCompatibility() {
     P12ServiceAccountConfig p12ServiceAccountConfig =
-        new P12ServiceAccountConfig(SERVICE_ACCOUNT_EMAIL_ADDRESS, null,
-            p12KeyPath);
+        new P12ServiceAccountConfig(SERVICE_ACCOUNT_EMAIL_ADDRESS, p12KeyPath);
 
     assertEquals(SERVICE_ACCOUNT_EMAIL_ADDRESS,
         p12ServiceAccountConfig.getAccountId());
@@ -145,8 +145,9 @@ public void testCreateWithPrevP12KeyFile() throws Exception {
     SecretBytes prev = SecretBytes.fromBytes(
             FileUtils.readFileToByteArray(new File(p12KeyPath)));
     P12ServiceAccountConfig p12ServiceAccountConfig =
-        new P12ServiceAccountConfig(SERVICE_ACCOUNT_EMAIL_ADDRESS, null,
-            p12KeyPath, prev);
+        new P12ServiceAccountConfig(SERVICE_ACCOUNT_EMAIL_ADDRESS);
+    p12ServiceAccountConfig.setFilename(p12KeyPath);
+    p12ServiceAccountConfig.setSecretP12Key(prev);
 
     assertEquals(SERVICE_ACCOUNT_EMAIL_ADDRESS,
         p12ServiceAccountConfig.getAccountId());
@@ -154,11 +155,12 @@ public void testCreateWithPrevP12KeyFile() throws Exception {
   }
 
   @Test
-  public void testCreateWithEmptyPrevP12KeyFile() throws Exception {
+  public void testCreateWithEmptyPrevP12KeyFile() {
     SecretBytes prev = SecretBytes.fromString("");
     P12ServiceAccountConfig p12ServiceAccountConfig =
-        new P12ServiceAccountConfig(SERVICE_ACCOUNT_EMAIL_ADDRESS, null,
-            "", prev);
+        new P12ServiceAccountConfig(SERVICE_ACCOUNT_EMAIL_ADDRESS);
+    p12ServiceAccountConfig.setFilename("");
+    p12ServiceAccountConfig.setSecretP12Key(prev);
 
     assertEquals(SERVICE_ACCOUNT_EMAIL_ADDRESS,
         p12ServiceAccountConfig.getAccountId());
@@ -167,10 +169,10 @@ public void testCreateWithEmptyPrevP12KeyFile() throws Exception {
 
   @Test
   @WithoutJenkins
-  public void testCreateWithInvalidPrevP12KeyFile() throws Exception {
+  public void testCreateWithInvalidPrevP12KeyFile() {
     P12ServiceAccountConfig p12ServiceAccountConfig =
-        new P12ServiceAccountConfig(SERVICE_ACCOUNT_EMAIL_ADDRESS, null,
-            "invalidPrevP12KeyFile.p12", null);
+        new P12ServiceAccountConfig(SERVICE_ACCOUNT_EMAIL_ADDRESS);
+    p12ServiceAccountConfig.setFilename("invalidPrevP12KeyFile.p12");
 
     assertEquals(SERVICE_ACCOUNT_EMAIL_ADDRESS,
         p12ServiceAccountConfig.getAccountId());
@@ -184,8 +186,8 @@ public void testSerialization() throws Exception {
     when(mockFileItem.get())
         .thenReturn(FileUtils.readFileToByteArray(new File(p12KeyPath)));
     P12ServiceAccountConfig p12ServiceAccountConfig =
-        new P12ServiceAccountConfig(SERVICE_ACCOUNT_EMAIL_ADDRESS,
-            mockFileItem, null, null);
+        new P12ServiceAccountConfig(SERVICE_ACCOUNT_EMAIL_ADDRESS);
+    p12ServiceAccountConfig.setP12KeyFile(mockFileItem);
 
     ByteArrayOutputStream out = new ByteArrayOutputStream();
     SerializationUtil.serialize(p12ServiceAccountConfig, out);

From 17d8275c0e805821a0c1dcc0ff5a3b3cf14eb36c Mon Sep 17 00:00:00 2001
From: Stephen Shank <stephenshank@google.com>
Date: Thu, 4 Apr 2019 21:57:49 -0700
Subject: [PATCH 02/17] Update dependencies required for using JCasC plugin in
 tests.

---
 pom.xml | 42 ++++++++++++++++++++++++++++++++++++------
 1 file changed, 36 insertions(+), 6 deletions(-)

diff --git a/pom.xml b/pom.xml
index 6e1adf6..8b5ee1a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -18,7 +18,7 @@
   <parent>
     <groupId>org.jenkins-ci.plugins</groupId>
     <artifactId>plugin</artifactId>
-    <version>3.8</version>
+    <version>3.36</version>
   </parent>
 
   <!--
@@ -110,6 +110,7 @@
 	    <format>html</format>
 	    <format>xml</format>
 	  </formats>
+    <check/>
 	</configuration>
       </plugin>
     </plugins>
@@ -120,19 +121,20 @@
       <plugin>
         <groupId>org.apache.maven.plugins</groupId>
         <artifactId>maven-javadoc-plugin</artifactId>
-        <version>2.9</version>
+        <version>2.10.4</version>
       </plugin>
     </plugins>
   </reporting>
 
   <!-- Bring some sanity to version numbering... -->
   <properties>
-    <jenkins.version>1.653</jenkins.version>
+    <jenkins.version>2.60.3</jenkins.version>
     <google.api.version>1.24.1</google.api.version>
-    <java.level>7</java.level>
+    <java.level>8</java.level>
     <findbugs.excludeFilterFile>findbugs-exclude.xml</findbugs.excludeFilterFile>
     <findbugs.effort>Max</findbugs.effort>
     <findbugs.threshold>Medium</findbugs.threshold>
+    <configuration-as-code.version>1.9</configuration-as-code.version>
   </properties>
 
   <dependencies>
@@ -176,6 +178,25 @@
       <version>1.8.4</version>
       <scope>test</scope>
     </dependency>
+    <dependency>
+      <groupId>io.jenkins</groupId>
+      <artifactId>configuration-as-code</artifactId>
+      <version>${configuration-as-code.version}</version>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>io.jenkins</groupId>
+      <artifactId>configuration-as-code</artifactId>
+      <version>${configuration-as-code.version}</version>
+      <classifier>tests</classifier>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>io.jenkins.configuration-as-code</groupId>
+      <artifactId>configuration-as-code-support</artifactId>
+      <version>${configuration-as-code.version}</version>
+      <scope>test</scope>
+    </dependency>
 
     <!-- OAuth Credentials dependency -->
     <dependency>
@@ -212,11 +233,20 @@
     </dependency>
 
     <!-- plugin dependencies -->
+    <dependency>
+      <groupId>org.jenkins-ci.plugins</groupId>
+      <artifactId>plain-credentials</artifactId>
+      <version>1.5</version>
+    </dependency>
+    <dependency>
+      <groupId>org.jenkins-ci.plugins</groupId>
+      <artifactId>ssh-credentials</artifactId>
+      <version>1.13</version>
+    </dependency>
     <dependency>
       <groupId>org.jenkins-ci.plugins</groupId>
       <artifactId>credentials</artifactId>
-      <version>2.1.12</version>
-      <scope>compile</scope>
+      <version>2.1.16</version>
     </dependency>
     <dependency>
       <!-- Required to run P12ServiceAccountConfigTestUtil-dependent tests against newer Jenkins core versions.

From 6e4af90c5ebca094c5fb8c190d250e64313ba1d6 Mon Sep 17 00:00:00 2001
From: Stephen Shank <stephenshank@google.com>
Date: Thu, 4 Apr 2019 21:59:15 -0700
Subject: [PATCH 03/17] Remove unneeded imports.

---
 .../plugins/credentials/oauth/JsonServiceAccountConfig.java      | 1 -
 .../plugins/credentials/oauth/P12ServiceAccountConfig.java       | 1 -
 2 files changed, 2 deletions(-)

diff --git a/src/main/java/com/google/jenkins/plugins/credentials/oauth/JsonServiceAccountConfig.java b/src/main/java/com/google/jenkins/plugins/credentials/oauth/JsonServiceAccountConfig.java
index 4afb1b7..100fbdf 100644
--- a/src/main/java/com/google/jenkins/plugins/credentials/oauth/JsonServiceAccountConfig.java
+++ b/src/main/java/com/google/jenkins/plugins/credentials/oauth/JsonServiceAccountConfig.java
@@ -16,7 +16,6 @@
 package com.google.jenkins.plugins.credentials.oauth;
 
 import com.google.api.client.util.Strings;
-import com.google.common.annotations.VisibleForTesting;
 import java.io.ByteArrayInputStream;
 import java.io.File;
 import java.io.IOException;
diff --git a/src/main/java/com/google/jenkins/plugins/credentials/oauth/P12ServiceAccountConfig.java b/src/main/java/com/google/jenkins/plugins/credentials/oauth/P12ServiceAccountConfig.java
index a40b1b2..5c03698 100644
--- a/src/main/java/com/google/jenkins/plugins/credentials/oauth/P12ServiceAccountConfig.java
+++ b/src/main/java/com/google/jenkins/plugins/credentials/oauth/P12ServiceAccountConfig.java
@@ -44,7 +44,6 @@
 import hudson.Extension;
 import jenkins.model.Jenkins;
 import org.kohsuke.stapler.DataBoundSetter;
-import org.kohsuke.stapler.QueryParameter;
 
 /**
  * provides authentication mechanism for a service account by setting a service

From d7c5901be5c17bd86da88f378926f8c76294b970 Mon Sep 17 00:00:00 2001
From: Stephen Shank <stephenshank@google.com>
Date: Thu, 4 Apr 2019 22:01:26 -0700
Subject: [PATCH 04/17] Add test to verify Configuration as Code behavior,
 along with associated resources.

---
 .../oauth/ConfigurationAsCodeTest.java        |  78 ++++++++++++++++++
 .../oauth/json-service-account-config.yml     |  12 +++
 .../oauth/p12-service-account-config.yml      |  13 +++
 .../plugins/credentials/oauth/test-key.json   |  12 +++
 .../plugins/credentials/oauth/test-key.p12    | Bin 0 -> 2479 bytes
 5 files changed, 115 insertions(+)
 create mode 100644 src/test/java/com/google/jenkins/plugins/credentials/oauth/ConfigurationAsCodeTest.java
 create mode 100644 src/test/resources/com/google/jenkins/plugins/credentials/oauth/json-service-account-config.yml
 create mode 100644 src/test/resources/com/google/jenkins/plugins/credentials/oauth/p12-service-account-config.yml
 create mode 100644 src/test/resources/com/google/jenkins/plugins/credentials/oauth/test-key.json
 create mode 100644 src/test/resources/com/google/jenkins/plugins/credentials/oauth/test-key.p12

diff --git a/src/test/java/com/google/jenkins/plugins/credentials/oauth/ConfigurationAsCodeTest.java b/src/test/java/com/google/jenkins/plugins/credentials/oauth/ConfigurationAsCodeTest.java
new file mode 100644
index 0000000..fca8a56
--- /dev/null
+++ b/src/test/java/com/google/jenkins/plugins/credentials/oauth/ConfigurationAsCodeTest.java
@@ -0,0 +1,78 @@
+/*
+ * Copyright 2019 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+
+package com.google.jenkins.plugins.credentials.oauth;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+import com.cloudbees.plugins.credentials.CredentialsProvider;
+import com.cloudbees.plugins.credentials.SecretBytes;
+import io.jenkins.plugins.casc.misc.ConfiguredWithCode;
+import io.jenkins.plugins.casc.misc.JenkinsConfiguredWithCodeRule;
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+import java.util.List;
+import org.apache.commons.io.IOUtils;
+import org.junit.Rule;
+import org.junit.Test;
+
+public class ConfigurationAsCodeTest {
+
+  @Rule public JenkinsConfiguredWithCodeRule r = new JenkinsConfiguredWithCodeRule();
+
+
+  @Test
+  @ConfiguredWithCode("json-service-account-config.yml")
+  public void supportsConfigurationWithJsonServiceAccountConfig() throws IOException {
+    List<GoogleRobotPrivateKeyCredentials> credentialsList = CredentialsProvider.lookupCredentials(GoogleRobotPrivateKeyCredentials.class);
+    assertNotNull(credentialsList);
+    assertEquals("No credentials created", 1, credentialsList.size());
+    GoogleRobotPrivateKeyCredentials credentials = credentialsList.get(0);
+    assertNotNull(credentials);
+    JsonServiceAccountConfig config = (JsonServiceAccountConfig) credentials.getServiceAccountConfig();
+    assertNotNull(config);
+    assertNull(config.getFilename());
+    assertNull(config.getPrevJsonKeyFile());
+    assertNull(config.getJsonKeyFile());
+    assertNotNull(config.getPrivateKey());
+    SecretBytes bytes = config.getSecretJsonKey();
+    assertEquals("casc-test@jenkins-g-oauth-plugin.iam.gserviceaccount.com", config.getAccountId());
+    String actualBytes = new String(bytes.getPlainData(), StandardCharsets.UTF_8);
+    String expectedBytes = IOUtils.toString(this.getClass().getResourceAsStream("test-key.json"));
+    assertEquals("Failed to configure secretJsonKey correctly.", expectedBytes, actualBytes);
+  }
+
+  @Test
+  @ConfiguredWithCode("p12-service-account-config.yml")
+  public void supportsConfigurationWithP12ServiceAccountConfig() throws IOException {
+    List<GoogleRobotPrivateKeyCredentials> credentialsList = CredentialsProvider.lookupCredentials(GoogleRobotPrivateKeyCredentials.class);
+    assertNotNull(credentialsList);
+    assertEquals("No credentials created", 1, credentialsList.size());
+    GoogleRobotPrivateKeyCredentials credentials = credentialsList.get(0);
+    assertNotNull(credentials);
+    P12ServiceAccountConfig config = (P12ServiceAccountConfig) credentials.getServiceAccountConfig();
+    assertNotNull(config);
+    assertNull(config.getFilename());
+    assertNull(config.getP12KeyFile());
+    assertNull(config.getPrevP12KeyFile());
+    assertNotNull(config.getPrivateKey());
+    assertEquals("casc-test@jenkins-g-oauth-plugin.iam.gserviceaccount.com", config.getEmailAddress());
+    assertEquals(config.getEmailAddress(), config.getAccountId());
+    SecretBytes bytes = config.getSecretP12Key();
+    String actualBytes = new String(bytes.getPlainData(), StandardCharsets.UTF_8);
+    String expectedBytes = IOUtils.toString(this.getClass().getResourceAsStream("test-key.p12"));
+    assertEquals("Failed to configure secretP12Key correctly", expectedBytes, actualBytes);
+  }
+}
diff --git a/src/test/resources/com/google/jenkins/plugins/credentials/oauth/json-service-account-config.yml b/src/test/resources/com/google/jenkins/plugins/credentials/oauth/json-service-account-config.yml
new file mode 100644
index 0000000..93324dd
--- /dev/null
+++ b/src/test/resources/com/google/jenkins/plugins/credentials/oauth/json-service-account-config.yml
@@ -0,0 +1,12 @@
+jenkins:
+  systemMessage: Testing
+
+credentials:
+  system:
+    domainCredentials:
+      - credentials:
+          - googleRobotPrivateKey:
+              projectId: 'jenkins-g-oauth-plugin'
+              serviceAccountConfig:
+                json:
+                  secretJsonKey: 'ewogICJ0eXBlIjogInNlcnZpY2VfYWNjb3VudCIsCiAgInByb2plY3RfaWQiOiAiamVua2lucy1n LW9hdXRoLXBsdWdpbiIsCiAgInByaXZhdGVfa2V5X2lkIjogImI1YmRlODIwYzY2ZmZjNDU2ZGVl ZWNhNmM3YTM2YjcwZjkzN2YwNTMiLAogICJwcml2YXRlX2tleSI6ICItLS0tLUJFR0lOIFBSSVZB VEUgS0VZLS0tLS1cbk1JSUV2QUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktZd2dnU2lBZ0VB QW9JQkFRQ2tRcVBZYlRWeEI4SHdcbk5TcGZJSjVrKzhCNVk1THk1alcraGlyT1h3U09qSjM4QmF3 MXFRUEFEV2MyVTZHa0toWm15UXNjQUpnSXZGVldcbnZmTnJERFFnS29sVnI0R0dmMDltOXZZbHVz bkNQcUZrc0w4TC9xZDkyd2kwc1lNczVkTnRtL09mVzJ6YXQxZkRcbklYdENtOXpnbGt3WktobG4z cDAxRTNIQjN4MUlEdFpvWnNJcXhtK0ltWHN2RndBRE10OHVUQjFIcTFuNFl1Rm1cbkZ1MlVtOENQ SHI1OWVWN1JFQUVRYzk0OEFjaVlYR2VJSlR4VXJXTFhMSnFrNXpaZ2t0Wm1Xb1NoTVczVUtsL2tc blA4dk5vUU9zdVI2c0ovZ2NsZDdFSFNjUXRVMjIrRk5yRkV1RTZSSE84bndqTitRcU5qaDBNUjdE UXhab0hNQXdcbjFJRTgzdXN4QWdNQkFBRUNnZ0VBQTJUQTlwR2lickRiSFJvY2ZSREplbzVFMmRo ZStTbERLVDB3YXFrNUlvQzBcbkVQaUxpQ1A1cGFKdnA0Wk5jdS84WEtVZHQycURCbVF0ZjBiQTBT YmhIaHlDRUFBWnVDNEJ6eXhrY29YQTNrcW9cbjZKZ0R0Z2FOd2NEcC9BNUw1cWtXTGpsMnJGOUpN cERpZWsvSmZ1Z2Uvd1FqR2N0TEN0T3gvd1RMc21OQ0NBa2ZcblRWSmg5SmpGSDU5c3RQSkc4ajR5 angwTCtFS2R3UXlUS1RhaFhyUm00cmNjakR3aHZBN1Q3UlNxbWJqaER1Mitcblg5bGpQMFVjaC91 ZExZR0V0K1NucGNWSnVKVEoraXZtRzh6dktYNVlQbmRDNmhmWTEzZU1YeHRSTVl1WVFPdWZcbkEw cm5uaERMTVFQaDVmZzJlYVhSTkk3TjRzTkxtZ1lzcC9tR1dzZnRtUUtCZ1FEbjdybmxFQm5jSkhK V1JKQi9cbmxVWjV0b0dERTRuTytOOWtramUySzJabHluNWd3T21uYWthRnlWVGJDanpTd3lhdE9U eFd5QXNxVkxMYjhkWFFcbjU5bStBM1laM1FZTllnZ044V2drSG50MUVXQjU2RWJFVUZYMFhhV2Nj WUJDKzRHMzdWNDRGWGVibFZ6TFFJZkZcbit1aUpNcXAyaHNZRW1nc24zNWp6eVdWWFdRS0JnUUMx VGpTZlVhNFpRczBBdVR5MEE1NU1wbWsxbDRaSzREZHhcbi92ZlFNYlRuclJlVlo3Qy9uU3ZvRHk0 OGhNekVtTWJ1TWlpdms3am5rRnZ4N002TGlOUGhFcXFvSjVZNW1CY2Fcbk52bm5ONFRja3VKZEF0 a255Z0JvZ0dHczEzeXB0MUthQTRGZXRNVDRJV3Fzb0ZJK2c2WjdhKzdweG5ISGRtamJcbkdrNUo4 anVQbVFLQmdEZDNUdnVwMnhWYm5nQmxpMDBIclFBRWxucDdYTFNqcmdFR09zNlZHSHIxYnozQ1JO NmxcbnV0SFo4VElsQTZDL3pPc1dTZ2pTOUdDZU90d0F2TXFsOTl2S1JoOHZUWGc3M29NL0hWR3Qv SVpscm5YWkI3dUJcbkh0MCszQkZLejRxMVRUTm9UK1VIdFQvKysxOGNRcHdsUWlFMWZiQzAwSHhm UHBXOWtuMlN4MnFaQW9HQVZheXNcbkR6RXczUDBGRkxkejZQamd3QVhQSjZUL3I3ZytXeDhLQ1pi RGpzcnJudzFOcDI1bEJoYk9XWWpEbm84M1NlM25cbjdmZ1hZMDJETlZJYTFETUhOSTkybDFtRmtw ZTlLd1VabUZwUzdVeDNyVTRnUWI0aDdUL2xhQ0MzNXhjYThHNkJcbm5yZzdiNm1TMkJvMll4WWhB S2VqVVZNV0J4UjhQalV6RTV4azZ0a0NnWUI5WnFSRDBjeUNJcGhPZHpBTTlsMVBcbkRJWnRlc2py YVhES1pFaVdKSnEweU9FNXFDbnFGMHBBVkZTWkYzcFZKMGdudXJ6am01dFB4NnhSUzhxamJ1MVhc bjJkdXgwNmU3dUJRMXFWZGRQOWJ1ZjNMbUREVERjVmNCWXM0ZEFUQXkrRDhicGROZ25RZ3gwa29v MGJLTlFTcjZcbnBTcHZiLzdQaVlUUjdMcW1qbjNSeEE9PVxuLS0tLS1FTkQgUFJJVkFURSBLRVkt LS0tLVxuIiwKICAiY2xpZW50X2VtYWlsIjogImNhc2MtdGVzdEBqZW5raW5zLWctb2F1dGgtcGx1 Z2luLmlhbS5nc2VydmljZWFjY291bnQuY29tIiwKICAiY2xpZW50X2lkIjogIjExNDM0Mjc2NTcz MDc1NjM4NjM4NiIsCiAgImF1dGhfdXJpIjogImh0dHBzOi8vYWNjb3VudHMuZ29vZ2xlLmNvbS9v L29hdXRoMi9hdXRoIiwKICAidG9rZW5fdXJpIjogImh0dHBzOi8vb2F1dGgyLmdvb2dsZWFwaXMu Y29tL3Rva2VuIiwKICAiYXV0aF9wcm92aWRlcl94NTA5X2NlcnRfdXJsIjogImh0dHBzOi8vd3d3 Lmdvb2dsZWFwaXMuY29tL29hdXRoMi92MS9jZXJ0cyIsCiAgImNsaWVudF94NTA5X2NlcnRfdXJs IjogImh0dHBzOi8vd3d3Lmdvb2dsZWFwaXMuY29tL3JvYm90L3YxL21ldGFkYXRhL3g1MDkvY2Fz Yy10ZXN0JTQwamVua2lucy1nLW9hdXRoLXBsdWdpbi5pYW0uZ3NlcnZpY2VhY2NvdW50LmNvbSIK fQ=='
diff --git a/src/test/resources/com/google/jenkins/plugins/credentials/oauth/p12-service-account-config.yml b/src/test/resources/com/google/jenkins/plugins/credentials/oauth/p12-service-account-config.yml
new file mode 100644
index 0000000..d610d06
--- /dev/null
+++ b/src/test/resources/com/google/jenkins/plugins/credentials/oauth/p12-service-account-config.yml
@@ -0,0 +1,13 @@
+jenkins:
+  systemMessage: Testing
+
+credentials:
+  system:
+    domainCredentials:
+      - credentials:
+          - googleRobotPrivateKey:
+              projectId: 'jenkins-g-oauth-plugin'
+              serviceAccountConfig:
+                p12:
+                  emailAddress: 'casc-test@jenkins-g-oauth-plugin.iam.gserviceaccount.com'
+                  secretP12Key: 'MIIJqwIBAzCCCWQGCSqGSIb3DQEHAaCCCVUEgglRMIIJTTCCBXEGCSqGSIb3DQEHAaCCBWIEggVe MIIFWjCCBVYGCyqGSIb3DQEMCgECoIIE+zCCBPcwKQYKKoZIhvcNAQwBAzAbBBSJ+TUI3ITBhDEs cDueqcpf2jeaKgIDAMNQBIIEyO776DlTTKyVy+yck3tuz+phzBuB7vVUuuBS7+8Zz68bzj7XXtPz ta9ZAkh8soNoCb6QTuyFejBji/3PaKemzSdY3lknB2HpHR65Qj4abTUr/gxoKoGjwSen0W54re1p J0yF3SOiw8v/LOPGqPBX5RiH3kzop2E3lx4BB4vL8yWSckhYbyP52/eTShTyrdLkgSnQLF9au0vg jNp9j8yH7O/o4eNMgGnZBYZ3LaTAbXSTz16KLEIAJTnIzf0nRHmLuSUzEY8PUXJcYfKopUIpeQue iki5QuFDJpJWvpkEnLOm/fcQfnH4ofO6SgeyToT7LOISZmpkuy+UQAra77m7v4lUUN1mKziJH0Fk W9ufxwKclYI609QRQ7vh1f/METerknySnzg+uythVcIUmSgO996Obu9shxXbRtkAPEgd1CiwoCJ/ iusQhcYwHmbxuxelUIXciSVgm2Vq/2l7eldYSQ/kLrRaJfKb4gbECUcqPVh8q4k60dp5xJWkr3FP RaTDrvcP5LpeVNqEsomB7RsnVjGgWmcAT6wDQqy5AkW2osCtYjaoxFLDHZddVk9+g/Vtl3YoGJCI +kTFDittQYdgoke4EDVn6q4ATR99N6rGUHKXAqdD4Pfi5pCPiaPT+MNKnsXtlVkkk1e6K+Kmz0Tr 6cSDsV4hxl9hE9kDQxNQRXTJTxi1wecC53sIntH700bpOI3pgg2Ou+Mlt34As6TdvY8/Wpg5ucpu s5HuV4cm5X9aA6EB107KDAkwnbNCPyp6aLhEgOM4/X5Pc790cDatlv7vEPnDdblwzAb/5Ge2yt2H dkpbu5B5ifbxM1c/cxYWdJdgH2gdcFpCmE7P2Uhe0BWQPyBaWmls9CNiaFvpEIqQpmU3EbxA7IV5 ZCKFP5jGiwUECO8qL03prkTAL8Tj1TGu6ZZ767VyXpb+sbg7+Ammm6q2f5+tqxJ2Xko4oG6E9cX6 iNeDzJ+KObzjHliim2HxTnpruhD0TtcW3amLdiiQ2h91B7fUFfr/lDagwKhsoavnqPTH6VQEVVga C28gw0P2pQn/AXWVfIbkCc1g9o2nccxc0sLJ6e+k3gNi4Zvnpxo7D9y4O/WbkKcbNYjWWZn2g1Up nU5KCuiSqDqBHWA5QC0v0RcFFL8NaNsrH9ZCnXnplPY51cummEe8TroGlNOqldXj1yVbicweFRi9 MYDhS8ZXvSfqh6mTm1Q09P2RQJ7drUL4wklTJrBzlnJfoK4ASLjn2H9wSis6ifB3dgI4gyFZp5bw DdmhhPH2KBk3kX+RFV2/Qxh1la++POdD/QHuoSaVmbo2QtYg65N/jY3v+ZvJKxh1qxA/Dl7L/S1f rINGjU8t96Ql9rARWg6o1/GlqHdrJVz3FnPZyovhBNaQvxvbuSWK81M3hgbIw6iboG3LHIs8XeSR qb+Ggifg9TPt5lY0W2AYwfTfoP9DzTIjGO3N/p+bbLgEizWD6/iJWRCfVZK24TQdr0REX8KOUrNx 3h3iJBqxDa3jHEasS27C3URUgq19fKkYb7DHV+pIHElF73Pd1b7fhk6OKfcoWaft4hb7coRs/Nlk SBx0R06nf3eMW07VLxkAdY487J/lhmf/6I27y2+EES7+VJMnApDTfxIb7oSCEzFIMCMGCSqGSIb3 DQEJFDEWHhQAcAByAGkAdgBhAHQAZQBrAGUAeTAhBgkqhkiG9w0BCRUxFAQSVGltZSAxNTU0NDM2 OTk1NzA0MIID1AYJKoZIhvcNAQcGoIIDxTCCA8ECAQAwggO6BgkqhkiG9w0BBwEwKQYKKoZIhvcN AQwBBjAbBBSBMAA4r569nEdNRmvktGl994cHkwIDAMNQgIIDgBBHjs6mF7fovu2Hcx8xzzHo7l00 vkOxiQHUvDL3c1BSdVJnXdNygj/KyUW6PQM/kaNk1smRoB2QaeIlldC2WhjW2iDOrU0UOPz2P8Bu qIRECgUsfaCvGr8heaNfa2TUHkUXhanVs4sm/X5j9RFmdAfgyoDWqxgLeL64bv9leIczxNACxHgR 0hMUmZWu+YE66Q04x3IVLTme/73q512BzHndxNIOtrWGnLT7JLH8WqA5piYQ3mlXDbwO7Sl5tr7G JDBPSEJ+39IJmKucXT2UaTM6usHVP71Zne3HsbkxdO6NdA3MW18v/qODY2p9hdBN4/0y7GaABrAe 69xMWdHX8fIDLz+3KVuNjuzMRauwCFQivOJwknKsUZb9zmSzZlmlj0dvegpd3q9Wug/rTwVaAgEI NYDNCt5iBLa0nBlkK5MUhvkKyHMCumV0bifJ6BN92e2CNGyXihRneBqxDHah9OmdJ58sW9WiJEYY gUzq4xVgFJgSNkexKMOH+D6pHIicSztMuk7BmUClyHu5smS+nL4ZdeOmqHXa/5kxscw3jNJtTv5z FpLv6rZTVVB9n7857A7HdEtjJ7qnlCAwyYA0qqM9X3eJl8z+P/5GU6LYZ4dVzGNm5Xrw6mPQmOkz eGf/SE8S0tHBYmSytZZN654RbgMHU8yhTTSwPs2t9DuWN0BylJYj9q2dljXfpe5JSuhlgzFy+wdA xy9AgA8wDb+XeQkxjVu7XCzsVnS60wxK4B3csD8PRQCec7cbtPqtZAmY26dunwvS1kkMUI6pqZ+e vFIlxDPYsSKHumtDrrbPmmvhpwVvrsQcDZo9GvppH9CLZUek2Dp+1Rc35abyxp/6Hwbkxzvpad19 PPw5wUjcXINYkaaaz0q8hdOa5kGHrYct0gMt1uAdBt8swEMo91J//Yx2SBvCn9iwn5Z5v6y4AD4Z 8itm9+IoA5r+muK4LAv5IXDQJrx3ktODoZeCGb40qKnAJQjP5X7vgLs8Ji5r+nQ/3g5ZCeGhcIe6 P7gp93BU8ZjEhmAD2DTDZ9VQvggJbOeZYf184i+dhnaz0pVaEnLuQVr4rRSargn1sGgUFFAVhjAu dR/u2b58bjkeSnPaAdBZEzAhXqkINubo02vdqmGCggJ1Gp0PD4/3S0C6/B90oereQ2KLNbVm4hIz HUy9JwLBjUbzQv/iRUVl2pIyOmt5MD4wITAJBgUrDgMCGgUABBTG6ySKdktlbELDjl2DWV/OFPz+ 5AQUKOSmcDIbfunS+Wpvj27Fh30shNICAwGGoA=='
diff --git a/src/test/resources/com/google/jenkins/plugins/credentials/oauth/test-key.json b/src/test/resources/com/google/jenkins/plugins/credentials/oauth/test-key.json
new file mode 100644
index 0000000..7d9e4af
--- /dev/null
+++ b/src/test/resources/com/google/jenkins/plugins/credentials/oauth/test-key.json
@@ -0,0 +1,12 @@
+{
+  "type": "service_account",
+  "project_id": "jenkins-g-oauth-plugin",
+  "private_key_id": "b5bde820c66ffc456deeeca6c7a36b70f937f053",
+  "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCkQqPYbTVxB8Hw\nNSpfIJ5k+8B5Y5Ly5jW+hirOXwSOjJ38Baw1qQPADWc2U6GkKhZmyQscAJgIvFVW\nvfNrDDQgKolVr4GGf09m9vYlusnCPqFksL8L/qd92wi0sYMs5dNtm/OfW2zat1fD\nIXtCm9zglkwZKhln3p01E3HB3x1IDtZoZsIqxm+ImXsvFwADMt8uTB1Hq1n4YuFm\nFu2Um8CPHr59eV7REAEQc948AciYXGeIJTxUrWLXLJqk5zZgktZmWoShMW3UKl/k\nP8vNoQOsuR6sJ/gcld7EHScQtU22+FNrFEuE6RHO8nwjN+QqNjh0MR7DQxZoHMAw\n1IE83usxAgMBAAECggEAA2TA9pGibrDbHRocfRDJeo5E2dhe+SlDKT0waqk5IoC0\nEPiLiCP5paJvp4ZNcu/8XKUdt2qDBmQtf0bA0SbhHhyCEAAZuC4BzyxkcoXA3kqo\n6JgDtgaNwcDp/A5L5qkWLjl2rF9JMpDiek/Jfuge/wQjGctLCtOx/wTLsmNCCAkf\nTVJh9JjFH59stPJG8j4yjx0L+EKdwQyTKTahXrRm4rccjDwhvA7T7RSqmbjhDu2+\nX9ljP0Uch/udLYGEt+SnpcVJuJTJ+ivmG8zvKX5YPndC6hfY13eMXxtRMYuYQOuf\nA0rnnhDLMQPh5fg2eaXRNI7N4sNLmgYsp/mGWsftmQKBgQDn7rnlEBncJHJWRJB/\nlUZ5toGDE4nO+N9kkje2K2Zlyn5gwOmnakaFyVTbCjzSwyatOTxWyAsqVLLb8dXQ\n59m+A3YZ3QYNYggN8WgkHnt1EWB56EbEUFX0XaWccYBC+4G37V44FXeblVzLQIfF\n+uiJMqp2hsYEmgsn35jzyWVXWQKBgQC1TjSfUa4ZQs0AuTy0A55Mpmk1l4ZK4Ddx\n/vfQMbTnrReVZ7C/nSvoDy48hMzEmMbuMiivk7jnkFvx7M6LiNPhEqqoJ5Y5mBca\nNvnnN4TckuJdAtknygBogGGs13ypt1KaA4FetMT4IWqsoFI+g6Z7a+7pxnHHdmjb\nGk5J8juPmQKBgDd3Tvup2xVbngBli00HrQAElnp7XLSjrgEGOs6VGHr1bz3CRN6l\nutHZ8TIlA6C/zOsWSgjS9GCeOtwAvMql99vKRh8vTXg73oM/HVGt/IZlrnXZB7uB\nHt0+3BFKz4q1TTNoT+UHtT/++18cQpwlQiE1fbC00HxfPpW9kn2Sx2qZAoGAVays\nDzEw3P0FFLdz6PjgwAXPJ6T/r7g+Wx8KCZbDjsrrnw1Np25lBhbOWYjDno83Se3n\n7fgXY02DNVIa1DMHNI92l1mFkpe9KwUZmFpS7Ux3rU4gQb4h7T/laCC35xca8G6B\nnrg7b6mS2Bo2YxYhAKejUVMWBxR8PjUzE5xk6tkCgYB9ZqRD0cyCIphOdzAM9l1P\nDIZtesjraXDKZEiWJJq0yOE5qCnqF0pAVFSZF3pVJ0gnurzjm5tPx6xRS8qjbu1X\n2dux06e7uBQ1qVddP9buf3LmDDTDcVcBYs4dATAy+D8bpdNgnQgx0koo0bKNQSr6\npSpvb/7PiYTR7Lqmjn3RxA==\n-----END PRIVATE KEY-----\n",
+  "client_email": "casc-test@jenkins-g-oauth-plugin.iam.gserviceaccount.com",
+  "client_id": "114342765730756386386",
+  "auth_uri": "https://accounts.google.com/o/oauth2/auth",
+  "token_uri": "https://oauth2.googleapis.com/token",
+  "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
+  "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/casc-test%40jenkins-g-oauth-plugin.iam.gserviceaccount.com"
+}
\ No newline at end of file
diff --git a/src/test/resources/com/google/jenkins/plugins/credentials/oauth/test-key.p12 b/src/test/resources/com/google/jenkins/plugins/credentials/oauth/test-key.p12
new file mode 100644
index 0000000000000000000000000000000000000000..edfe8725ecb4bdd44e54071f134e69ed2d3d41af
GIT binary patch
literal 2479
zcmY+EX*3iJ8-{1IjIuUl38`!$GubI4>ts*Xku_`97)n_OGa>uF&M0e)B_+ll5k^Fa
zB3m)m6vh%>-*>+6eb4*jInO!QeLv673yy_WfPi2)7V1O~y^KTQXv{zcAQ1~SgJ7Yz
zPOt$SOLzZY5uGChOJ{q6(I;b0f9ii%r<s5tA{KH0$3kduaeAiz<CEun5LnEf9OKuh
zjwpnruS!9ApWUQF&Sel7&}j_8Lf)?*EGgaAuT1Y>%}agkJ-F;Z;fq+`HYLxPY;5oh
zR`Y#O9k(6%{kqx;gbIEc=>~00GF***1iu@1IOtYdG9YR>Z6(U!K;;)`R9EHol9M<(
z?RGihd537}NAHKEHFr_{=&6g(I{S|$=ex^(T72imPwOw0Iw)ic02$)?e+#Ghp)7qa
z?tP)9>cW1Jh8H5lha~OLO?op=Cqoh`_|=W2*?IkN_X#@O1F52RFHGv7ZLFj^Kv?Ph
zz@eySP+X(140|H$Ex$Vszsic$#e+^2#G)G2XEj7p%v-Y|d37a+G`7(DyM@2Wx(qK3
zqYfnJI9%>IHA$zbF->kXHnqi=8c(@MD8>lhaI*eF=mF)WW0glfv1>HVjviCk6)IAK
zQwWNxO%e`fZ(-SDEVSta?+s5p=NIh>z%>;AC$Sphg|OHaw&-rSfXimn*<$19uQ9^*
zxz6{F-5)=)u)N8-aOD+R_*d>6eHT>c@^#DLiWudOlR;hSMb-C>w2C^bXsiolThqy?
zmoX7*e4^$EBH9&TR0&qEYy@f5KWisB%9nMSbn<7~m>Y#gZhK`0ig71B+1Gr>BH?ud
zZ~siEflbbJxe8z)7^3i^+t@D?RH`vUoBNTJ81sB&w^O&^-CDZUrBn;D#9Yas<_fhd
zves6p+s@(41X$yYu@<J+i2HTNB53h3W5LIR5pAksJQd5F&@?anCKOOtG}V%bL}w{A
z_IcMOuUp_nzK5Z~g}`yczSB^6ew{k<@*}qf&G31}!%!ptHjJ-4DdT8^ZLc$+(U(Gh
zyx>~jH-!(>wQfoZirLweu|WEBabYs;1>N|4(dt=-gA*v*A<iV^c{JMHbL*m`n>Cd!
zHmSr}fxTI6H9E-YLNqd~JB|**xN%w9fLf*5F5NXhim0MyJYIS2XPa?U+n}-wEy;aR
zA4VWma0J@wDiXb;w%_eP8IPn8VwIZb1uUQCI&2y~@*uNq8IE&JmB$5&B~1zjFueK1
zxqqA{Pi!yqEUZ{8+v=g3Ld-0APx+kh)YvJ89s>i?gK-Pc0sEc!()*M<!*6@38%5J#
z$JyM)QeG9-uMH~Oxk;sba!<yrvUeiQ#PbbxnU+$@lq2}<mDHr9Kc1z7wK2PWkq{hH
z&kv%e?I?}*mt^TQ8<OeMMqZ?k&W{UQ$4~?~xmyt7vwGbYEuzc#^3+^Y*{#E5wSp;<
z`tIACw?%6FGyLp`RRC1O;^#15T?yrwpAP~-ijhKAr5Qh&CkmrBcf@!UlEacYZQ3-r
z1JbKouPtgE0@n*g(zD6(>SO0uQp4ioH}-OSCAb4B*pMu?{fAO^m66)<MpCpQ;hh?G
zG)vj|W^vgA58*pBF8_(XxLL?pQXAiwM&a1sw-s>o?>ozKiC+EZ;;z{&B$v10u%a{D
zGHXA~Wv%VGJGQ<Nk2MCaUgTaII3nbFHbCO!B3E`}tk?)<DfP3m{MDM8c5f3*>h4eT
z&t2lJWhTv^)2`I>emkXUiY0{vmvj5n^jIvT&fV17@ShrO{f0A45T}V*m9EWk9r#6g
z{+Vz>ox|uDmWDleYHc_w%>xKXxVB38j&nU;if`)oiDJKUWSS}pN*W2{;9HNvo<X4C
z7yniz6o%jufB}2~egJnsAix2D0XPFZP9_L0^iPQs0fTUux_ddFN65*^%F4(qDak3o
zW#L%xr@u=K^h7N9-3jUd0RbnA{7(Y>mucz$W7-HfK(V@@B~Qmd+hgICdk78BkosTK
zhGW6uY&r=aO3uDnYF)$o3nB&)OY1hWts1p4z)#IrY5vA00Vb|CBYs$9U#}MVIvAP!
z+-a;gnaH2yJ|~<$RFCE!n>_!4WB^nAvx98+E{oD+qLU0ER`a$A1wFU(aQY;mbvC+u
zv@TBMF!b&=y9<V4rZ0S~g8S6N)&}om=ZAQit|3s@L-ye_u<Z1zy$EG0vto}Qr<78`
zam(_eO#~%qs%w~~{xvS|)xo9OKWL&-i3r=Yy9IMI%bIvleQWn6xDiS{^xH5rt0K?l
zdYZe8GPz?E*<zKy)>GSvz^un(m?_qF(nrrD@7@cE9x|9eyt?WVPG2Li@>SpJ<M`$;
zur%_GxOIHODn+ZJhSBsw^PF#rU*)Zg!w*h%E>^{fIzEq>Y^JNt$*e0zbZ8KeQ7(Ld
zY1$D||0<8iNg@@7+hcm~4<b8byhVGL&V)>?VP!otV_~ijd23Gx7H(1VMG2DDqt7mB
zb4Tbe&vV+tvN+^*YQ;M7yQ<~qp5*DN=#vdQvek;;KW=>K)SB1I6EI&=7BG37ji{w4
zJRSBjJo4vC*;uZ>ZDt%oXj58c>A~pT6(yIZorm{^%f5Ji-R?n5Cgliuq<#C@XIH!#
z<*v*3M?aVE4rNhg9=aZ*j5vlrb~rk{e4SyiQo!yFX1Gl$G?1-P9UyI~WGJZlrDa^)
zA?0VteJftSsk`JHiSRpMQ0tLa3ulEhw`B%F5%JbdcO+NMG31fcx-<M=Ymls3fCB$F
ze6RLNPSC6`rQU>7!(%s38z+>P6AGG5gu7%u*IvMrJv6H72Xj1TOX+;7y3R4@T<6_)
z7aWRn)+zd|96EYd;d{xiZo<AG{X&ll)qN`D+8?D3)Ym(amdPbKgSySpBRM~A;7NF?
zVX)NL3_txh$#xAfnn~E<(?As8Tf*lWLPk(qWdlH!=a+;FZB7iFbCfgJAbDy}$ahGj
z`9aD^WML+jr&YGByj_@a@O$V+c+)kJD<1n8<TQ&FbhgkJPewL~(|k=gv$}Bh;Loz1
zuA|1Sj8M<TY=^_(Iq7^{VBK&!n!|7X26~qS%c+8H*SNu8#+*3#l>ou@iPm6mB>`Rk
zN#Kyx8Mu&bIiviKr4f&*7Y<k~D1bMgl{Jy3r$+uGh$&p2)^LoId+jpEA;YiVA`0q=
z*Z!@3Jg24QJehJ;*&_(93KxPy>FFd`z#v{a00h>(aw#@Y&)HMGGr=a(%I*W~&(Q(|
eCbm%GdzCMgI=pw!C(-*IK14EV7z765h<^cU#+dN{

literal 0
HcmV?d00001


From d20b6aa79c8d179901a906874bde88f79682f442 Mon Sep 17 00:00:00 2001
From: Stephen Shank <stephenshank@google.com>
Date: Thu, 4 Apr 2019 22:32:01 -0700
Subject: [PATCH 05/17] Temporarily use old format for license header for
 checkStyle, because this is based on master and not develop.

---
 .../oauth/ConfigurationAsCodeTest.java           | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/src/test/java/com/google/jenkins/plugins/credentials/oauth/ConfigurationAsCodeTest.java b/src/test/java/com/google/jenkins/plugins/credentials/oauth/ConfigurationAsCodeTest.java
index fca8a56..4cacf56 100644
--- a/src/test/java/com/google/jenkins/plugins/credentials/oauth/ConfigurationAsCodeTest.java
+++ b/src/test/java/com/google/jenkins/plugins/credentials/oauth/ConfigurationAsCodeTest.java
@@ -1,15 +1,17 @@
 /*
  * Copyright 2019 Google LLC
  *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
- * in compliance with the License. You may obtain a copy of the License at
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
  *
- *     https://www.apache.org/licenses/LICENSE-2.0
+ *     http://www.apache.org/licenses/LICENSE-2.0
  *
- * Unless required by applicable law or agreed to in writing, software distributed under the License
- * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- * or implied. See the License for the specific language governing permissions and limitations under
- * the License.
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
  */
 
 package com.google.jenkins.plugins.credentials.oauth;

From e5c75d52013f3c85d857905866ed5c6eb6d05f15 Mon Sep 17 00:00:00 2001
From: Stephen Shank <stephenshank@google.com>
Date: Fri, 5 Apr 2019 18:33:05 -0700
Subject: [PATCH 06/17] Preserve backwards compatibility of json keys.

---
 .../oauth/JsonServiceAccountConfig.java       | 51 +++++++++++--------
 .../JsonServiceAccountConfig/config.jelly     |  4 +-
 ...yFile.html => help-jsonKeyFileUpload.html} |  0
 .../oauth/ConfigurationAsCodeTest.java        |  3 +-
 .../GoogleRobotPrivateKeyCredentialsTest.java |  4 +-
 .../oauth/JsonServiceAccountConfigTest.java   | 16 +++---
 6 files changed, 44 insertions(+), 34 deletions(-)
 rename src/main/resources/com/google/jenkins/plugins/credentials/oauth/JsonServiceAccountConfig/{help-jsonKeyFile.html => help-jsonKeyFileUpload.html} (100%)

diff --git a/src/main/java/com/google/jenkins/plugins/credentials/oauth/JsonServiceAccountConfig.java b/src/main/java/com/google/jenkins/plugins/credentials/oauth/JsonServiceAccountConfig.java
index 100fbdf..6b44431 100644
--- a/src/main/java/com/google/jenkins/plugins/credentials/oauth/JsonServiceAccountConfig.java
+++ b/src/main/java/com/google/jenkins/plugins/credentials/oauth/JsonServiceAccountConfig.java
@@ -69,23 +69,41 @@ public class JsonServiceAccountConfig extends ServiceAccountConfig {
   private SecretBytes secretJsonKey;
   @Deprecated   // for migration purpose
   @CheckForNull
-  private transient String prevJsonKeyFile;
+  private transient String jsonKeyFile;
   private transient JsonKey jsonKey;
 
+  /** @since 0.8 */
   @DataBoundConstructor
   public JsonServiceAccountConfig() {}
 
-  /**@param jsonKeyFile uploaded json key file */
+  /**
+   * For being able to load credentials created with versions < 0.8
+   * and backwards compatibility with external callers.
+   *
+   * @param jsonKeyFile The uploaded json key file
+   * @param prevJsonKeyFile The path of the previous json key file
+   * @since 0.3
+   */
+  @Deprecated
+  public JsonServiceAccountConfig(FileItem jsonKeyFile, String prevJsonKeyFile) {
+    this.setJsonKeyFileUpload(jsonKeyFile);
+    if (filename == null && prevJsonKeyFile != null) {
+      this.filename = extractFilename(prevJsonKeyFile);
+      this.secretJsonKey = getSecretBytesFromFile(prevJsonKeyFile);
+    }
+  }
+
+  /**@param jsonKeyFileUpload uploaded json key file */
   @DataBoundSetter // Called on form submission, only used when key file is uploaded
-  public void setJsonKeyFile(FileItem jsonKeyFile) {
-    if (jsonKeyFile != null && jsonKeyFile.getSize() > 0) {
+  public void setJsonKeyFileUpload(FileItem jsonKeyFileUpload) {
+    if (jsonKeyFileUpload != null && jsonKeyFileUpload.getSize() > 0) {
       try {
         JsonKey jsonKey = JsonKey.load(new JacksonFactory(),
-            jsonKeyFile.getInputStream());
+            jsonKeyFileUpload.getInputStream());
         if (jsonKey.getClientEmail() != null &&
             jsonKey.getPrivateKey() != null) {
-          this.filename = extractFilename(jsonKeyFile.getName());
-          this.secretJsonKey = SecretBytes.fromBytes(jsonKeyFile.get());
+          this.filename = extractFilename(jsonKeyFileUpload.getName());
+          this.secretJsonKey = SecretBytes.fromBytes(jsonKeyFileUpload.get());
         }
       } catch (IOException e) {
         LOGGER.log(Level.SEVERE, "Failed to read json key from file", e);
@@ -110,14 +128,6 @@ public void setSecretJsonKey(SecretBytes secretJsonKey) {
     }
   }
 
-
-  @Deprecated
-  // Used for JsonServiceAccountConfig
-  public JsonServiceAccountConfig(String prevJsonKeyFile) {
-    this.filename = extractFilename(prevJsonKeyFile);
-    this.secretJsonKey = getSecretBytesFromFile(prevJsonKeyFile);
-  }
-
   @Deprecated   // used only for compatibility purpose
   @CheckForNull
   private static SecretBytes getSecretBytesFromFile(
@@ -150,7 +160,8 @@ private Object readResolve() {
     if (secretJsonKey == null) {
       // google-oauth-plugin < 0.7
       return new JsonServiceAccountConfig(
-        getPrevJsonKeyFile()
+          null,
+        getJsonKeyFile()
       );
     }
     return this;
@@ -178,8 +189,8 @@ public SecretBytes getSecretJsonKey() {
   }
 
   @Deprecated
-  public String getPrevJsonKeyFile() {
-    return prevJsonKeyFile;
+  public String getJsonKeyFile() {
+    return jsonKeyFile;
   }
 
   /**
@@ -187,8 +198,8 @@ public String getPrevJsonKeyFile() {
    * @return The uploaded json key file
    */
   @Deprecated
-  @Restricted(DoNotUse.class) // Required by stapler to call setJsonKeyFile above.
-  public FileItem getJsonKeyFile() {
+  @Restricted(DoNotUse.class) // Required by stapler to call setJsonKeyFileUpload above.
+  public FileItem getJsonKeyFileUpload() {
     return null;
   }
 
diff --git a/src/main/resources/com/google/jenkins/plugins/credentials/oauth/JsonServiceAccountConfig/config.jelly b/src/main/resources/com/google/jenkins/plugins/credentials/oauth/JsonServiceAccountConfig/config.jelly
index cddb115..f287f8e 100644
--- a/src/main/resources/com/google/jenkins/plugins/credentials/oauth/JsonServiceAccountConfig/config.jelly
+++ b/src/main/resources/com/google/jenkins/plugins/credentials/oauth/JsonServiceAccountConfig/config.jelly
@@ -1,10 +1,10 @@
 <?jelly escape-by-default='true'?>
 <j:jelly xmlns:j="jelly:core"
          xmlns:f="/lib/form">
-  <f:entry field="jsonKeyFile"
+  <f:entry field="jsonKeyFileUpload"
            title="${%JSON key File}">
     <input jsonAware="yes"
-           name="jsonKeyFile"
+           name="jsonKeyFileUpload"
            type="file"/>
     <j:if test="${instance.secretJsonKey != null}">
       <label class="attach-previous">
diff --git a/src/main/resources/com/google/jenkins/plugins/credentials/oauth/JsonServiceAccountConfig/help-jsonKeyFile.html b/src/main/resources/com/google/jenkins/plugins/credentials/oauth/JsonServiceAccountConfig/help-jsonKeyFileUpload.html
similarity index 100%
rename from src/main/resources/com/google/jenkins/plugins/credentials/oauth/JsonServiceAccountConfig/help-jsonKeyFile.html
rename to src/main/resources/com/google/jenkins/plugins/credentials/oauth/JsonServiceAccountConfig/help-jsonKeyFileUpload.html
diff --git a/src/test/java/com/google/jenkins/plugins/credentials/oauth/ConfigurationAsCodeTest.java b/src/test/java/com/google/jenkins/plugins/credentials/oauth/ConfigurationAsCodeTest.java
index 4cacf56..7fa2707 100644
--- a/src/test/java/com/google/jenkins/plugins/credentials/oauth/ConfigurationAsCodeTest.java
+++ b/src/test/java/com/google/jenkins/plugins/credentials/oauth/ConfigurationAsCodeTest.java
@@ -34,7 +34,6 @@ public class ConfigurationAsCodeTest {
 
   @Rule public JenkinsConfiguredWithCodeRule r = new JenkinsConfiguredWithCodeRule();
 
-
   @Test
   @ConfiguredWithCode("json-service-account-config.yml")
   public void supportsConfigurationWithJsonServiceAccountConfig() throws IOException {
@@ -46,8 +45,8 @@ public void supportsConfigurationWithJsonServiceAccountConfig() throws IOExcepti
     JsonServiceAccountConfig config = (JsonServiceAccountConfig) credentials.getServiceAccountConfig();
     assertNotNull(config);
     assertNull(config.getFilename());
-    assertNull(config.getPrevJsonKeyFile());
     assertNull(config.getJsonKeyFile());
+    assertNull(config.getJsonKeyFileUpload());
     assertNotNull(config.getPrivateKey());
     SecretBytes bytes = config.getSecretJsonKey();
     assertEquals("casc-test@jenkins-g-oauth-plugin.iam.gserviceaccount.com", config.getAccountId());
diff --git a/src/test/java/com/google/jenkins/plugins/credentials/oauth/GoogleRobotPrivateKeyCredentialsTest.java b/src/test/java/com/google/jenkins/plugins/credentials/oauth/GoogleRobotPrivateKeyCredentialsTest.java
index acda82e..a9e1454 100644
--- a/src/test/java/com/google/jenkins/plugins/credentials/oauth/GoogleRobotPrivateKeyCredentialsTest.java
+++ b/src/test/java/com/google/jenkins/plugins/credentials/oauth/GoogleRobotPrivateKeyCredentialsTest.java
@@ -119,7 +119,7 @@ public void testCreatePrivateKeyCredentialsWithJsonKeyType()
     when(mockFileItem.get())
             .thenReturn(FileUtils.readFileToByteArray(new File(jsonKeyPath)));
     JsonServiceAccountConfig jsonServiceAccountConfig = new JsonServiceAccountConfig();
-    jsonServiceAccountConfig.setJsonKeyFile(mockFileItem);
+    jsonServiceAccountConfig.setJsonKeyFileUpload(mockFileItem);
     GoogleRobotPrivateKeyCredentials credentials =
             new GoogleRobotPrivateKeyCredentials(PROJECT_ID, jsonServiceAccountConfig, module);
 
@@ -392,7 +392,7 @@ public void testGetById() throws Exception {
     when(mockFileItem.get())
             .thenReturn(FileUtils.readFileToByteArray(new File(jsonKeyPath)));
     JsonServiceAccountConfig jsonServiceAccountConfig = new JsonServiceAccountConfig();
-    jsonServiceAccountConfig.setJsonKeyFile(mockFileItem);
+    jsonServiceAccountConfig.setJsonKeyFileUpload(mockFileItem);
     GoogleRobotPrivateKeyCredentials credentials =
         new GoogleRobotPrivateKeyCredentials(PROJECT_ID, jsonServiceAccountConfig, null);
 
diff --git a/src/test/java/com/google/jenkins/plugins/credentials/oauth/JsonServiceAccountConfigTest.java b/src/test/java/com/google/jenkins/plugins/credentials/oauth/JsonServiceAccountConfigTest.java
index ac90a58..1346f4c 100644
--- a/src/test/java/com/google/jenkins/plugins/credentials/oauth/JsonServiceAccountConfigTest.java
+++ b/src/test/java/com/google/jenkins/plugins/credentials/oauth/JsonServiceAccountConfigTest.java
@@ -70,7 +70,7 @@ public void testCreateJsonKeyTypeWithNewJsonKeyFile() throws Exception {
     when(mockFileItem.get())
         .thenReturn(FileUtils.readFileToByteArray(new File(jsonKeyPath)));
     JsonServiceAccountConfig jsonKeyType = new JsonServiceAccountConfig();
-    jsonKeyType.setJsonKeyFile(mockFileItem);
+    jsonKeyType.setJsonKeyFileUpload(mockFileItem);
 
     assertEquals(SERVICE_ACCOUNT_EMAIL_ADDRESS, jsonKeyType.getAccountId());
     assertEquals(privateKey, jsonKeyType.getPrivateKey());
@@ -87,10 +87,10 @@ public void testCreateJsonKeyTypeWithNullParameters() {
   @Test
   public void testCreateJsonKeyTypeWithEmptyJsonKeyFile() throws Exception {
     when(mockFileItem.getSize()).thenReturn(0L);
-    JsonServiceAccountConfig jsonKeyType = new JsonServiceAccountConfig(null);
-    jsonKeyType.setJsonKeyFile(mockFileItem);
+    JsonServiceAccountConfig jsonKeyType = new JsonServiceAccountConfig();
+    jsonKeyType.setJsonKeyFileUpload(mockFileItem);
 
-    assertNull(jsonKeyType.getPrevJsonKeyFile());
+    assertNull(jsonKeyType.getJsonKeyFile());
     assertNull(jsonKeyType.getAccountId());
     assertNull(jsonKeyType.getPrivateKey());
   }
@@ -106,7 +106,7 @@ public void testCreateJsonKeyTypeWithInvalidJsonKeyFile() throws Exception {
         .thenReturn(bytes);
     JsonServiceAccountConfig jsonServiceAccountConfig =
         new JsonServiceAccountConfig();
-    jsonServiceAccountConfig.setJsonKeyFile(mockFileItem);
+    jsonServiceAccountConfig.setJsonKeyFileUpload(mockFileItem);
 
     assertNull(jsonServiceAccountConfig.getAccountId());
     assertNull(jsonServiceAccountConfig.getPrivateKey());
@@ -114,7 +114,7 @@ public void testCreateJsonKeyTypeWithInvalidJsonKeyFile() throws Exception {
 
   @Test
   public void testCreateJsonKeyTypeWithPrevJsonKeyFileForCompatibility() {
-    JsonServiceAccountConfig jsonServiceAccountConfig = new JsonServiceAccountConfig(jsonKeyPath);
+    JsonServiceAccountConfig jsonServiceAccountConfig = new JsonServiceAccountConfig(null, jsonKeyPath);
 
     assertEquals(SERVICE_ACCOUNT_EMAIL_ADDRESS,
         jsonServiceAccountConfig.getAccountId());
@@ -148,7 +148,7 @@ public void testCreateJsonKeyTypeWithEmptyPrevJsonKeyFile() {
   @Test
   public void testCreateJsonKeyTypeWithInvalidPrevJsonKeyFile() {
     JsonServiceAccountConfig jsonServiceAccountConfig =
-        new JsonServiceAccountConfig("invalidPrevJsonKeyFile.json");
+        new JsonServiceAccountConfig(null, "invalidPrevJsonKeyFile.json");
 
     assertNull(jsonServiceAccountConfig.getAccountId());
     assertNull(jsonServiceAccountConfig.getPrivateKey());
@@ -163,7 +163,7 @@ public void testSerialization() throws Exception {
     when(mockFileItem.get())
         .thenReturn(FileUtils.readFileToByteArray(new File(jsonKeyPath)));
     JsonServiceAccountConfig jsonServiceAccountConfig = new JsonServiceAccountConfig();
-    jsonServiceAccountConfig.setJsonKeyFile(mockFileItem);
+    jsonServiceAccountConfig.setJsonKeyFileUpload(mockFileItem);
 
     ByteArrayOutputStream out = new ByteArrayOutputStream();
     SerializationUtil.serialize(jsonServiceAccountConfig, out);

From 5aed40861a568c863a1a05ffc94f3999dcb9c502 Mon Sep 17 00:00:00 2001
From: Stephen Shank <stephenshank@google.com>
Date: Fri, 5 Apr 2019 19:36:51 -0700
Subject: [PATCH 07/17] Preverse compatibility of P12 keys.

---
 .../GoogleRobotPrivateKeyCredentials.java     |  2 +-
 .../oauth/P12ServiceAccountConfig.java        | 31 ++++++++++++-------
 .../P12ServiceAccountConfig/config.jelly      |  4 +--
 ...eyFile.html => help-p12KeyFileUpload.html} |  0
 .../oauth/ConfigurationAsCodeTest.java        |  2 +-
 .../GoogleRobotPrivateKeyCredentialsTest.java |  2 +-
 .../oauth/P12ServiceAccountConfigTest.java    | 10 +++---
 7 files changed, 30 insertions(+), 21 deletions(-)
 rename src/main/resources/com/google/jenkins/plugins/credentials/oauth/P12ServiceAccountConfig/{help-p12KeyFile.html => help-p12KeyFileUpload.html} (100%)

diff --git a/src/main/java/com/google/jenkins/plugins/credentials/oauth/GoogleRobotPrivateKeyCredentials.java b/src/main/java/com/google/jenkins/plugins/credentials/oauth/GoogleRobotPrivateKeyCredentials.java
index 557ed3e..a55b1b7 100644
--- a/src/main/java/com/google/jenkins/plugins/credentials/oauth/GoogleRobotPrivateKeyCredentials.java
+++ b/src/main/java/com/google/jenkins/plugins/credentials/oauth/GoogleRobotPrivateKeyCredentials.java
@@ -73,7 +73,7 @@ public GoogleRobotPrivateKeyCredentials(String projectId,
   public Object readResolve() {
     if (serviceAccountConfig == null) {
       String clientEmail = getClientEmailFromSecretsFileAndLogErrors();
-      serviceAccountConfig = new P12ServiceAccountConfig(clientEmail, p12File);
+      serviceAccountConfig = new P12ServiceAccountConfig(clientEmail, null, p12File);
     }
     return this;
   }
diff --git a/src/main/java/com/google/jenkins/plugins/credentials/oauth/P12ServiceAccountConfig.java b/src/main/java/com/google/jenkins/plugins/credentials/oauth/P12ServiceAccountConfig.java
index 5c03698..5e18dce 100644
--- a/src/main/java/com/google/jenkins/plugins/credentials/oauth/P12ServiceAccountConfig.java
+++ b/src/main/java/com/google/jenkins/plugins/credentials/oauth/P12ServiceAccountConfig.java
@@ -62,11 +62,11 @@ public class P12ServiceAccountConfig extends ServiceAccountConfig {
   private SecretBytes secretP12Key;
   @Deprecated   // for migration purpose
   @CheckForNull
-  private transient String prevP12KeyFile;
+  private transient String p12KeyFile;
 
   /**
    * @param emailAddress email address
-   * @since 0.7
+   * @since 0.8
    */
   @DataBoundConstructor
   public P12ServiceAccountConfig(String emailAddress) {
@@ -74,20 +74,28 @@ public P12ServiceAccountConfig(String emailAddress) {
   }
 
   /**
+   * For being able to load credentials created with versions < 0.8
+   * and backwards compatibility with external callers.
+   *
    * @param emailAddress email address
+   * @param p12KeyFileUpload The uploaded p12 key file.
    * @param prevP12KeyFile The path of the previous p12 key file
+   * @since 0.3
    */
   @Deprecated
-  public P12ServiceAccountConfig(String emailAddress, String prevP12KeyFile) {
+  public P12ServiceAccountConfig(String emailAddress, FileItem p12KeyFileUpload, String prevP12KeyFile) {
     this(emailAddress);
-    this.setFilename(prevP12KeyFile);
-    this.setSecretP12Key(getSecretBytesFromFile(prevP12KeyFile));
+    this.setP12KeyFileUpload(p12KeyFileUpload);
+    if (filename == null && prevP12KeyFile != null) {
+      this.setFilename(prevP12KeyFile);
+      this.setSecretP12Key(getSecretBytesFromFile(prevP12KeyFile));
+    }
   }
 
   /** @param p12KeyFile uploaded p12 key file */
   @Deprecated
   @DataBoundSetter // Called on form submission, only used when credentials are uploaded.
-  public void setP12KeyFile(FileItem p12KeyFile) {
+  public void setP12KeyFileUpload(FileItem p12KeyFile) {
     if (p12KeyFile != null && p12KeyFile.getSize() > 0) {
       this.filename = extractFilename(p12KeyFile.getName());
       this.secretP12Key = SecretBytes.fromBytes(p12KeyFile.get());
@@ -143,7 +151,8 @@ private Object readResolve() {
       // google-oauth-plugin < 0.7
       return new P12ServiceAccountConfig(
         getEmailAddress(),
-        getPrevP12KeyFile()
+        null, // p12KeyFileUpload
+        getP12KeyFile()
       );
     }
     return this;
@@ -181,8 +190,8 @@ public SecretBytes getSecretP12Key() {
 
   /** @return the path of the previous p12 key file. */
   @Deprecated
-  public String getPrevP12KeyFile() {
-    return prevP12KeyFile;
+  public String getP12KeyFile() {
+    return p12KeyFile;
   }
 
   /**
@@ -190,8 +199,8 @@ public String getPrevP12KeyFile() {
    * @return The uploaded p12 key file
    */
   @Deprecated
-  @Restricted(DoNotUse.class) // Required by stapler for being able to call setP12KeyFile.
-  public FileItem getP12KeyFile() {
+  @Restricted(DoNotUse.class) // Required by stapler for being able to call setP12KeyFileUpload.
+  public FileItem getP12KeyFileUpload() {
     return null;
   }
 
diff --git a/src/main/resources/com/google/jenkins/plugins/credentials/oauth/P12ServiceAccountConfig/config.jelly b/src/main/resources/com/google/jenkins/plugins/credentials/oauth/P12ServiceAccountConfig/config.jelly
index e55d0f0..ab66e8c 100644
--- a/src/main/resources/com/google/jenkins/plugins/credentials/oauth/P12ServiceAccountConfig/config.jelly
+++ b/src/main/resources/com/google/jenkins/plugins/credentials/oauth/P12ServiceAccountConfig/config.jelly
@@ -5,10 +5,10 @@
            title="${%E-Mail Address}">
     <f:textbox />
   </f:entry>
-  <f:entry field="p12KeyFile"
+  <f:entry field="p12KeyFileUpload"
            title="${%P12 key File}">
     <input jsonAware="yes"
-           name="p12KeyFile"
+           name="p12KeyFileUpload"
            type="file"/>
     <j:if test="${instance.secretP12Key != null}">
       <label class="attach-previous">
diff --git a/src/main/resources/com/google/jenkins/plugins/credentials/oauth/P12ServiceAccountConfig/help-p12KeyFile.html b/src/main/resources/com/google/jenkins/plugins/credentials/oauth/P12ServiceAccountConfig/help-p12KeyFileUpload.html
similarity index 100%
rename from src/main/resources/com/google/jenkins/plugins/credentials/oauth/P12ServiceAccountConfig/help-p12KeyFile.html
rename to src/main/resources/com/google/jenkins/plugins/credentials/oauth/P12ServiceAccountConfig/help-p12KeyFileUpload.html
diff --git a/src/test/java/com/google/jenkins/plugins/credentials/oauth/ConfigurationAsCodeTest.java b/src/test/java/com/google/jenkins/plugins/credentials/oauth/ConfigurationAsCodeTest.java
index 7fa2707..fa363dc 100644
--- a/src/test/java/com/google/jenkins/plugins/credentials/oauth/ConfigurationAsCodeTest.java
+++ b/src/test/java/com/google/jenkins/plugins/credentials/oauth/ConfigurationAsCodeTest.java
@@ -67,7 +67,7 @@ public void supportsConfigurationWithP12ServiceAccountConfig() throws IOExceptio
     assertNotNull(config);
     assertNull(config.getFilename());
     assertNull(config.getP12KeyFile());
-    assertNull(config.getPrevP12KeyFile());
+    assertNull(config.getP12KeyFileUpload());
     assertNotNull(config.getPrivateKey());
     assertEquals("casc-test@jenkins-g-oauth-plugin.iam.gserviceaccount.com", config.getEmailAddress());
     assertEquals(config.getEmailAddress(), config.getAccountId());
diff --git a/src/test/java/com/google/jenkins/plugins/credentials/oauth/GoogleRobotPrivateKeyCredentialsTest.java b/src/test/java/com/google/jenkins/plugins/credentials/oauth/GoogleRobotPrivateKeyCredentialsTest.java
index a9e1454..312c11a 100644
--- a/src/test/java/com/google/jenkins/plugins/credentials/oauth/GoogleRobotPrivateKeyCredentialsTest.java
+++ b/src/test/java/com/google/jenkins/plugins/credentials/oauth/GoogleRobotPrivateKeyCredentialsTest.java
@@ -154,7 +154,7 @@ public void testCreatePrivateKeyCredentialsWithP12KeyType() throws Exception {
             .thenReturn(FileUtils.readFileToByteArray(new File(p12KeyPath)));
     P12ServiceAccountConfig keyType = new P12ServiceAccountConfig(
             SERVICE_ACCOUNT_EMAIL_ADDRESS);
-    keyType.setP12KeyFile(mockFileItem);
+    keyType.setP12KeyFileUpload(mockFileItem);
     GoogleRobotPrivateKeyCredentials credentials =
             new GoogleRobotPrivateKeyCredentials(PROJECT_ID, keyType, module);
 
diff --git a/src/test/java/com/google/jenkins/plugins/credentials/oauth/P12ServiceAccountConfigTest.java b/src/test/java/com/google/jenkins/plugins/credentials/oauth/P12ServiceAccountConfigTest.java
index 581cb1e..41c41ea 100644
--- a/src/test/java/com/google/jenkins/plugins/credentials/oauth/P12ServiceAccountConfigTest.java
+++ b/src/test/java/com/google/jenkins/plugins/credentials/oauth/P12ServiceAccountConfigTest.java
@@ -69,7 +69,7 @@ public void testCreateWithNewP12KeyFile() throws Exception {
         .thenReturn(FileUtils.readFileToByteArray(new File(p12KeyPath)));
     P12ServiceAccountConfig p12ServiceAccountConfig =
         new P12ServiceAccountConfig(SERVICE_ACCOUNT_EMAIL_ADDRESS);
-    p12ServiceAccountConfig.setP12KeyFile(mockFileItem);
+    p12ServiceAccountConfig.setP12KeyFileUpload(mockFileItem);
 
     assertEquals(SERVICE_ACCOUNT_EMAIL_ADDRESS, p12ServiceAccountConfig
         .getAccountId());
@@ -107,7 +107,7 @@ public void testCreateWithEmptyP12KeyFile() throws Exception {
     when(mockFileItem.get()).thenReturn(new byte[]{});
     P12ServiceAccountConfig p12ServiceAccountConfig =
         new P12ServiceAccountConfig(SERVICE_ACCOUNT_EMAIL_ADDRESS);
-    p12ServiceAccountConfig.setP12KeyFile(mockFileItem);
+    p12ServiceAccountConfig.setP12KeyFileUpload(mockFileItem);
 
     assertEquals(SERVICE_ACCOUNT_EMAIL_ADDRESS,
             p12ServiceAccountConfig.getAccountId());
@@ -123,7 +123,7 @@ public void testCreateWithInvalidP12KeyFile() {
         .thenReturn(bytes);
     P12ServiceAccountConfig p12ServiceAccountConfig =
         new P12ServiceAccountConfig(SERVICE_ACCOUNT_EMAIL_ADDRESS);
-    p12ServiceAccountConfig.setP12KeyFile(mockFileItem);
+    p12ServiceAccountConfig.setP12KeyFileUpload(mockFileItem);
 
     assertEquals(SERVICE_ACCOUNT_EMAIL_ADDRESS,
         p12ServiceAccountConfig.getAccountId());
@@ -133,7 +133,7 @@ public void testCreateWithInvalidP12KeyFile() {
   @Test
   public void testCreateWithPrevP12KeyFileForCompatibility() {
     P12ServiceAccountConfig p12ServiceAccountConfig =
-        new P12ServiceAccountConfig(SERVICE_ACCOUNT_EMAIL_ADDRESS, p12KeyPath);
+        new P12ServiceAccountConfig(SERVICE_ACCOUNT_EMAIL_ADDRESS, null, p12KeyPath);
 
     assertEquals(SERVICE_ACCOUNT_EMAIL_ADDRESS,
         p12ServiceAccountConfig.getAccountId());
@@ -187,7 +187,7 @@ public void testSerialization() throws Exception {
         .thenReturn(FileUtils.readFileToByteArray(new File(p12KeyPath)));
     P12ServiceAccountConfig p12ServiceAccountConfig =
         new P12ServiceAccountConfig(SERVICE_ACCOUNT_EMAIL_ADDRESS);
-    p12ServiceAccountConfig.setP12KeyFile(mockFileItem);
+    p12ServiceAccountConfig.setP12KeyFileUpload(mockFileItem);
 
     ByteArrayOutputStream out = new ByteArrayOutputStream();
     SerializationUtil.serialize(p12ServiceAccountConfig, out);

From e803dbd8624018cae21d8f12dd017816ff795a55 Mon Sep 17 00:00:00 2001
From: Stephen Shank <stephenshank@google.com>
Date: Fri, 5 Apr 2019 20:12:12 -0700
Subject: [PATCH 08/17] Avoid using real keys in any form during JCasC tests.

---
 .../oauth/JsonServiceAccountConfig.java          |  10 +++++++---
 .../oauth/ConfigurationAsCodeTest.java           |  12 ++++++------
 .../oauth/json-service-account-config.yml        |   5 +++--
 .../oauth/p12-service-account-config.yml         |   7 ++++---
 .../plugins/credentials/oauth/test-key.json      |  12 ++++++------
 .../plugins/credentials/oauth/test-key.p12       | Bin 2479 -> 0 bytes
 6 files changed, 26 insertions(+), 20 deletions(-)
 delete mode 100644 src/test/resources/com/google/jenkins/plugins/credentials/oauth/test-key.p12

diff --git a/src/main/java/com/google/jenkins/plugins/credentials/oauth/JsonServiceAccountConfig.java b/src/main/java/com/google/jenkins/plugins/credentials/oauth/JsonServiceAccountConfig.java
index 6b44431..1600335 100644
--- a/src/main/java/com/google/jenkins/plugins/credentials/oauth/JsonServiceAccountConfig.java
+++ b/src/main/java/com/google/jenkins/plugins/credentials/oauth/JsonServiceAccountConfig.java
@@ -221,9 +221,13 @@ public PrivateKey getPrivateKey() {
         PemReader pemReader = new PemReader(new StringReader(privateKey));
         try {
           PemReader.Section section = pemReader.readNextSection();
-          PKCS8EncodedKeySpec keySpec =
-              new PKCS8EncodedKeySpec(section.getBase64DecodedBytes());
-          return KeyFactory.getInstance("RSA").generatePrivate(keySpec);
+          if (section != null) {
+            PKCS8EncodedKeySpec keySpec =
+                new PKCS8EncodedKeySpec(section.getBase64DecodedBytes());
+            return KeyFactory.getInstance("RSA").generatePrivate(keySpec);
+          } else {
+            LOGGER.severe("The provided private key is malformed.");
+          }
         } catch (IOException | InvalidKeySpecException | NoSuchAlgorithmException e) {
           LOGGER.log(Level.SEVERE, "Failed to read private key", e);
         }
diff --git a/src/test/java/com/google/jenkins/plugins/credentials/oauth/ConfigurationAsCodeTest.java b/src/test/java/com/google/jenkins/plugins/credentials/oauth/ConfigurationAsCodeTest.java
index fa363dc..bac139a 100644
--- a/src/test/java/com/google/jenkins/plugins/credentials/oauth/ConfigurationAsCodeTest.java
+++ b/src/test/java/com/google/jenkins/plugins/credentials/oauth/ConfigurationAsCodeTest.java
@@ -47,9 +47,9 @@ public void supportsConfigurationWithJsonServiceAccountConfig() throws IOExcepti
     assertNull(config.getFilename());
     assertNull(config.getJsonKeyFile());
     assertNull(config.getJsonKeyFileUpload());
-    assertNotNull(config.getPrivateKey());
+    assertNull(config.getPrivateKey()); // Because private_key is not valid.
     SecretBytes bytes = config.getSecretJsonKey();
-    assertEquals("casc-test@jenkins-g-oauth-plugin.iam.gserviceaccount.com", config.getAccountId());
+    assertEquals("test-account@test-project.iam.gserviceaccount.com", config.getAccountId());
     String actualBytes = new String(bytes.getPlainData(), StandardCharsets.UTF_8);
     String expectedBytes = IOUtils.toString(this.getClass().getResourceAsStream("test-key.json"));
     assertEquals("Failed to configure secretJsonKey correctly.", expectedBytes, actualBytes);
@@ -57,7 +57,7 @@ public void supportsConfigurationWithJsonServiceAccountConfig() throws IOExcepti
 
   @Test
   @ConfiguredWithCode("p12-service-account-config.yml")
-  public void supportsConfigurationWithP12ServiceAccountConfig() throws IOException {
+  public void supportsConfigurationWithP12ServiceAccountConfig() {
     List<GoogleRobotPrivateKeyCredentials> credentialsList = CredentialsProvider.lookupCredentials(GoogleRobotPrivateKeyCredentials.class);
     assertNotNull(credentialsList);
     assertEquals("No credentials created", 1, credentialsList.size());
@@ -68,12 +68,12 @@ public void supportsConfigurationWithP12ServiceAccountConfig() throws IOExceptio
     assertNull(config.getFilename());
     assertNull(config.getP12KeyFile());
     assertNull(config.getP12KeyFileUpload());
-    assertNotNull(config.getPrivateKey());
-    assertEquals("casc-test@jenkins-g-oauth-plugin.iam.gserviceaccount.com", config.getEmailAddress());
+    assertNull(config.getPrivateKey()); // Because the bytes do not form a valid p12 key file.
+    assertEquals("test-account@test-project.iam.gserviceaccount.com", config.getEmailAddress());
     assertEquals(config.getEmailAddress(), config.getAccountId());
     SecretBytes bytes = config.getSecretP12Key();
     String actualBytes = new String(bytes.getPlainData(), StandardCharsets.UTF_8);
-    String expectedBytes = IOUtils.toString(this.getClass().getResourceAsStream("test-key.p12"));
+    String expectedBytes = "test-p12-key";
     assertEquals("Failed to configure secretP12Key correctly", expectedBytes, actualBytes);
   }
 }
diff --git a/src/test/resources/com/google/jenkins/plugins/credentials/oauth/json-service-account-config.yml b/src/test/resources/com/google/jenkins/plugins/credentials/oauth/json-service-account-config.yml
index 93324dd..bb96bb5 100644
--- a/src/test/resources/com/google/jenkins/plugins/credentials/oauth/json-service-account-config.yml
+++ b/src/test/resources/com/google/jenkins/plugins/credentials/oauth/json-service-account-config.yml
@@ -6,7 +6,8 @@ credentials:
     domainCredentials:
       - credentials:
           - googleRobotPrivateKey:
-              projectId: 'jenkins-g-oauth-plugin'
+              projectId: 'test-project'
               serviceAccountConfig:
                 json:
-                  secretJsonKey: 'ewogICJ0eXBlIjogInNlcnZpY2VfYWNjb3VudCIsCiAgInByb2plY3RfaWQiOiAiamVua2lucy1n LW9hdXRoLXBsdWdpbiIsCiAgInByaXZhdGVfa2V5X2lkIjogImI1YmRlODIwYzY2ZmZjNDU2ZGVl ZWNhNmM3YTM2YjcwZjkzN2YwNTMiLAogICJwcml2YXRlX2tleSI6ICItLS0tLUJFR0lOIFBSSVZB VEUgS0VZLS0tLS1cbk1JSUV2QUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktZd2dnU2lBZ0VB QW9JQkFRQ2tRcVBZYlRWeEI4SHdcbk5TcGZJSjVrKzhCNVk1THk1alcraGlyT1h3U09qSjM4QmF3 MXFRUEFEV2MyVTZHa0toWm15UXNjQUpnSXZGVldcbnZmTnJERFFnS29sVnI0R0dmMDltOXZZbHVz bkNQcUZrc0w4TC9xZDkyd2kwc1lNczVkTnRtL09mVzJ6YXQxZkRcbklYdENtOXpnbGt3WktobG4z cDAxRTNIQjN4MUlEdFpvWnNJcXhtK0ltWHN2RndBRE10OHVUQjFIcTFuNFl1Rm1cbkZ1MlVtOENQ SHI1OWVWN1JFQUVRYzk0OEFjaVlYR2VJSlR4VXJXTFhMSnFrNXpaZ2t0Wm1Xb1NoTVczVUtsL2tc blA4dk5vUU9zdVI2c0ovZ2NsZDdFSFNjUXRVMjIrRk5yRkV1RTZSSE84bndqTitRcU5qaDBNUjdE UXhab0hNQXdcbjFJRTgzdXN4QWdNQkFBRUNnZ0VBQTJUQTlwR2lickRiSFJvY2ZSREplbzVFMmRo ZStTbERLVDB3YXFrNUlvQzBcbkVQaUxpQ1A1cGFKdnA0Wk5jdS84WEtVZHQycURCbVF0ZjBiQTBT YmhIaHlDRUFBWnVDNEJ6eXhrY29YQTNrcW9cbjZKZ0R0Z2FOd2NEcC9BNUw1cWtXTGpsMnJGOUpN cERpZWsvSmZ1Z2Uvd1FqR2N0TEN0T3gvd1RMc21OQ0NBa2ZcblRWSmg5SmpGSDU5c3RQSkc4ajR5 angwTCtFS2R3UXlUS1RhaFhyUm00cmNjakR3aHZBN1Q3UlNxbWJqaER1Mitcblg5bGpQMFVjaC91 ZExZR0V0K1NucGNWSnVKVEoraXZtRzh6dktYNVlQbmRDNmhmWTEzZU1YeHRSTVl1WVFPdWZcbkEw cm5uaERMTVFQaDVmZzJlYVhSTkk3TjRzTkxtZ1lzcC9tR1dzZnRtUUtCZ1FEbjdybmxFQm5jSkhK V1JKQi9cbmxVWjV0b0dERTRuTytOOWtramUySzJabHluNWd3T21uYWthRnlWVGJDanpTd3lhdE9U eFd5QXNxVkxMYjhkWFFcbjU5bStBM1laM1FZTllnZ044V2drSG50MUVXQjU2RWJFVUZYMFhhV2Nj WUJDKzRHMzdWNDRGWGVibFZ6TFFJZkZcbit1aUpNcXAyaHNZRW1nc24zNWp6eVdWWFdRS0JnUUMx VGpTZlVhNFpRczBBdVR5MEE1NU1wbWsxbDRaSzREZHhcbi92ZlFNYlRuclJlVlo3Qy9uU3ZvRHk0 OGhNekVtTWJ1TWlpdms3am5rRnZ4N002TGlOUGhFcXFvSjVZNW1CY2Fcbk52bm5ONFRja3VKZEF0 a255Z0JvZ0dHczEzeXB0MUthQTRGZXRNVDRJV3Fzb0ZJK2c2WjdhKzdweG5ISGRtamJcbkdrNUo4 anVQbVFLQmdEZDNUdnVwMnhWYm5nQmxpMDBIclFBRWxucDdYTFNqcmdFR09zNlZHSHIxYnozQ1JO NmxcbnV0SFo4VElsQTZDL3pPc1dTZ2pTOUdDZU90d0F2TXFsOTl2S1JoOHZUWGc3M29NL0hWR3Qv SVpscm5YWkI3dUJcbkh0MCszQkZLejRxMVRUTm9UK1VIdFQvKysxOGNRcHdsUWlFMWZiQzAwSHhm UHBXOWtuMlN4MnFaQW9HQVZheXNcbkR6RXczUDBGRkxkejZQamd3QVhQSjZUL3I3ZytXeDhLQ1pi RGpzcnJudzFOcDI1bEJoYk9XWWpEbm84M1NlM25cbjdmZ1hZMDJETlZJYTFETUhOSTkybDFtRmtw ZTlLd1VabUZwUzdVeDNyVTRnUWI0aDdUL2xhQ0MzNXhjYThHNkJcbm5yZzdiNm1TMkJvMll4WWhB S2VqVVZNV0J4UjhQalV6RTV4azZ0a0NnWUI5WnFSRDBjeUNJcGhPZHpBTTlsMVBcbkRJWnRlc2py YVhES1pFaVdKSnEweU9FNXFDbnFGMHBBVkZTWkYzcFZKMGdudXJ6am01dFB4NnhSUzhxamJ1MVhc bjJkdXgwNmU3dUJRMXFWZGRQOWJ1ZjNMbUREVERjVmNCWXM0ZEFUQXkrRDhicGROZ25RZ3gwa29v MGJLTlFTcjZcbnBTcHZiLzdQaVlUUjdMcW1qbjNSeEE9PVxuLS0tLS1FTkQgUFJJVkFURSBLRVkt LS0tLVxuIiwKICAiY2xpZW50X2VtYWlsIjogImNhc2MtdGVzdEBqZW5raW5zLWctb2F1dGgtcGx1 Z2luLmlhbS5nc2VydmljZWFjY291bnQuY29tIiwKICAiY2xpZW50X2lkIjogIjExNDM0Mjc2NTcz MDc1NjM4NjM4NiIsCiAgImF1dGhfdXJpIjogImh0dHBzOi8vYWNjb3VudHMuZ29vZ2xlLmNvbS9v L29hdXRoMi9hdXRoIiwKICAidG9rZW5fdXJpIjogImh0dHBzOi8vb2F1dGgyLmdvb2dsZWFwaXMu Y29tL3Rva2VuIiwKICAiYXV0aF9wcm92aWRlcl94NTA5X2NlcnRfdXJsIjogImh0dHBzOi8vd3d3 Lmdvb2dsZWFwaXMuY29tL29hdXRoMi92MS9jZXJ0cyIsCiAgImNsaWVudF94NTA5X2NlcnRfdXJs IjogImh0dHBzOi8vd3d3Lmdvb2dsZWFwaXMuY29tL3JvYm90L3YxL21ldGFkYXRhL3g1MDkvY2Fz Yy10ZXN0JTQwamVua2lucy1nLW9hdXRoLXBsdWdpbi5pYW0uZ3NlcnZpY2VhY2NvdW50LmNvbSIK fQ=='
+                  # Tbe contents of test-key.json in base64
+                  secretJsonKey: 'ewogICJ0eXBlIjogInNlcnZpY2VfYWNjb3VudCIsCiAgInByb2plY3RfaWQiOiAidGVzdC1wcm9q ZWN0IiwKICAicHJpdmF0ZV9rZXlfaWQiOiAidGVzdC1wcml2YXRlLWtleS1pZCIsCiAgInByaXZh dGVfa2V5IjogInRlc3QtcHJpdmF0ZS1rZXkiLAogICJjbGllbnRfZW1haWwiOiAidGVzdC1hY2Nv dW50QHRlc3QtcHJvamVjdC5pYW0uZ3NlcnZpY2VhY2NvdW50LmNvbSIsCiAgImNsaWVudF9pZCI6 ICJ0ZXN0LWNsaWVudC1pZCIsCiAgImF1dGhfdXJpIjogImh0dHBzOi8vYWNjb3VudHMuZ29vZ2xl LmNvbS9vL29hdXRoMi9hdXRoIiwKICAidG9rZW5fdXJpIjogImh0dHBzOi8vb2F1dGgyLmdvb2ds ZWFwaXMuY29tL3Rva2VuIiwKICAiYXV0aF9wcm92aWRlcl94NTA5X2NlcnRfdXJsIjogImh0dHBz Oi8vd3d3Lmdvb2dsZWFwaXMuY29tL29hdXRoMi92MS9jZXJ0cyIsCiAgImNsaWVudF94NTA5X2Nl cnRfdXJsIjogImh0dHBzOi8vd3d3Lmdvb2dsZWFwaXMuY29tL3JvYm90L3YxL21ldGFkYXRhL3g1 MDkvdGVzdC1hY2NvdW50JTQwdGVzdC1wcm9qZWN0LmlhbS5nc2VydmljZWFjY291bnQuY29tIgp9'
diff --git a/src/test/resources/com/google/jenkins/plugins/credentials/oauth/p12-service-account-config.yml b/src/test/resources/com/google/jenkins/plugins/credentials/oauth/p12-service-account-config.yml
index d610d06..b7978a1 100644
--- a/src/test/resources/com/google/jenkins/plugins/credentials/oauth/p12-service-account-config.yml
+++ b/src/test/resources/com/google/jenkins/plugins/credentials/oauth/p12-service-account-config.yml
@@ -6,8 +6,9 @@ credentials:
     domainCredentials:
       - credentials:
           - googleRobotPrivateKey:
-              projectId: 'jenkins-g-oauth-plugin'
+              projectId: 'test-project'
               serviceAccountConfig:
                 p12:
-                  emailAddress: 'casc-test@jenkins-g-oauth-plugin.iam.gserviceaccount.com'
-                  secretP12Key: 'MIIJqwIBAzCCCWQGCSqGSIb3DQEHAaCCCVUEgglRMIIJTTCCBXEGCSqGSIb3DQEHAaCCBWIEggVe MIIFWjCCBVYGCyqGSIb3DQEMCgECoIIE+zCCBPcwKQYKKoZIhvcNAQwBAzAbBBSJ+TUI3ITBhDEs cDueqcpf2jeaKgIDAMNQBIIEyO776DlTTKyVy+yck3tuz+phzBuB7vVUuuBS7+8Zz68bzj7XXtPz ta9ZAkh8soNoCb6QTuyFejBji/3PaKemzSdY3lknB2HpHR65Qj4abTUr/gxoKoGjwSen0W54re1p J0yF3SOiw8v/LOPGqPBX5RiH3kzop2E3lx4BB4vL8yWSckhYbyP52/eTShTyrdLkgSnQLF9au0vg jNp9j8yH7O/o4eNMgGnZBYZ3LaTAbXSTz16KLEIAJTnIzf0nRHmLuSUzEY8PUXJcYfKopUIpeQue iki5QuFDJpJWvpkEnLOm/fcQfnH4ofO6SgeyToT7LOISZmpkuy+UQAra77m7v4lUUN1mKziJH0Fk W9ufxwKclYI609QRQ7vh1f/METerknySnzg+uythVcIUmSgO996Obu9shxXbRtkAPEgd1CiwoCJ/ iusQhcYwHmbxuxelUIXciSVgm2Vq/2l7eldYSQ/kLrRaJfKb4gbECUcqPVh8q4k60dp5xJWkr3FP RaTDrvcP5LpeVNqEsomB7RsnVjGgWmcAT6wDQqy5AkW2osCtYjaoxFLDHZddVk9+g/Vtl3YoGJCI +kTFDittQYdgoke4EDVn6q4ATR99N6rGUHKXAqdD4Pfi5pCPiaPT+MNKnsXtlVkkk1e6K+Kmz0Tr 6cSDsV4hxl9hE9kDQxNQRXTJTxi1wecC53sIntH700bpOI3pgg2Ou+Mlt34As6TdvY8/Wpg5ucpu s5HuV4cm5X9aA6EB107KDAkwnbNCPyp6aLhEgOM4/X5Pc790cDatlv7vEPnDdblwzAb/5Ge2yt2H dkpbu5B5ifbxM1c/cxYWdJdgH2gdcFpCmE7P2Uhe0BWQPyBaWmls9CNiaFvpEIqQpmU3EbxA7IV5 ZCKFP5jGiwUECO8qL03prkTAL8Tj1TGu6ZZ767VyXpb+sbg7+Ammm6q2f5+tqxJ2Xko4oG6E9cX6 iNeDzJ+KObzjHliim2HxTnpruhD0TtcW3amLdiiQ2h91B7fUFfr/lDagwKhsoavnqPTH6VQEVVga C28gw0P2pQn/AXWVfIbkCc1g9o2nccxc0sLJ6e+k3gNi4Zvnpxo7D9y4O/WbkKcbNYjWWZn2g1Up nU5KCuiSqDqBHWA5QC0v0RcFFL8NaNsrH9ZCnXnplPY51cummEe8TroGlNOqldXj1yVbicweFRi9 MYDhS8ZXvSfqh6mTm1Q09P2RQJ7drUL4wklTJrBzlnJfoK4ASLjn2H9wSis6ifB3dgI4gyFZp5bw DdmhhPH2KBk3kX+RFV2/Qxh1la++POdD/QHuoSaVmbo2QtYg65N/jY3v+ZvJKxh1qxA/Dl7L/S1f rINGjU8t96Ql9rARWg6o1/GlqHdrJVz3FnPZyovhBNaQvxvbuSWK81M3hgbIw6iboG3LHIs8XeSR qb+Ggifg9TPt5lY0W2AYwfTfoP9DzTIjGO3N/p+bbLgEizWD6/iJWRCfVZK24TQdr0REX8KOUrNx 3h3iJBqxDa3jHEasS27C3URUgq19fKkYb7DHV+pIHElF73Pd1b7fhk6OKfcoWaft4hb7coRs/Nlk SBx0R06nf3eMW07VLxkAdY487J/lhmf/6I27y2+EES7+VJMnApDTfxIb7oSCEzFIMCMGCSqGSIb3 DQEJFDEWHhQAcAByAGkAdgBhAHQAZQBrAGUAeTAhBgkqhkiG9w0BCRUxFAQSVGltZSAxNTU0NDM2 OTk1NzA0MIID1AYJKoZIhvcNAQcGoIIDxTCCA8ECAQAwggO6BgkqhkiG9w0BBwEwKQYKKoZIhvcN AQwBBjAbBBSBMAA4r569nEdNRmvktGl994cHkwIDAMNQgIIDgBBHjs6mF7fovu2Hcx8xzzHo7l00 vkOxiQHUvDL3c1BSdVJnXdNygj/KyUW6PQM/kaNk1smRoB2QaeIlldC2WhjW2iDOrU0UOPz2P8Bu qIRECgUsfaCvGr8heaNfa2TUHkUXhanVs4sm/X5j9RFmdAfgyoDWqxgLeL64bv9leIczxNACxHgR 0hMUmZWu+YE66Q04x3IVLTme/73q512BzHndxNIOtrWGnLT7JLH8WqA5piYQ3mlXDbwO7Sl5tr7G JDBPSEJ+39IJmKucXT2UaTM6usHVP71Zne3HsbkxdO6NdA3MW18v/qODY2p9hdBN4/0y7GaABrAe 69xMWdHX8fIDLz+3KVuNjuzMRauwCFQivOJwknKsUZb9zmSzZlmlj0dvegpd3q9Wug/rTwVaAgEI NYDNCt5iBLa0nBlkK5MUhvkKyHMCumV0bifJ6BN92e2CNGyXihRneBqxDHah9OmdJ58sW9WiJEYY gUzq4xVgFJgSNkexKMOH+D6pHIicSztMuk7BmUClyHu5smS+nL4ZdeOmqHXa/5kxscw3jNJtTv5z FpLv6rZTVVB9n7857A7HdEtjJ7qnlCAwyYA0qqM9X3eJl8z+P/5GU6LYZ4dVzGNm5Xrw6mPQmOkz eGf/SE8S0tHBYmSytZZN654RbgMHU8yhTTSwPs2t9DuWN0BylJYj9q2dljXfpe5JSuhlgzFy+wdA xy9AgA8wDb+XeQkxjVu7XCzsVnS60wxK4B3csD8PRQCec7cbtPqtZAmY26dunwvS1kkMUI6pqZ+e vFIlxDPYsSKHumtDrrbPmmvhpwVvrsQcDZo9GvppH9CLZUek2Dp+1Rc35abyxp/6Hwbkxzvpad19 PPw5wUjcXINYkaaaz0q8hdOa5kGHrYct0gMt1uAdBt8swEMo91J//Yx2SBvCn9iwn5Z5v6y4AD4Z 8itm9+IoA5r+muK4LAv5IXDQJrx3ktODoZeCGb40qKnAJQjP5X7vgLs8Ji5r+nQ/3g5ZCeGhcIe6 P7gp93BU8ZjEhmAD2DTDZ9VQvggJbOeZYf184i+dhnaz0pVaEnLuQVr4rRSargn1sGgUFFAVhjAu dR/u2b58bjkeSnPaAdBZEzAhXqkINubo02vdqmGCggJ1Gp0PD4/3S0C6/B90oereQ2KLNbVm4hIz HUy9JwLBjUbzQv/iRUVl2pIyOmt5MD4wITAJBgUrDgMCGgUABBTG6ySKdktlbELDjl2DWV/OFPz+ 5AQUKOSmcDIbfunS+Wpvj27Fh30shNICAwGGoA=='
+                  emailAddress: 'test-account@test-project.iam.gserviceaccount.com'
+                  # 'test-p12-key' in base 64
+                  secretP12Key: 'dGVzdC1wMTIta2V5'
diff --git a/src/test/resources/com/google/jenkins/plugins/credentials/oauth/test-key.json b/src/test/resources/com/google/jenkins/plugins/credentials/oauth/test-key.json
index 7d9e4af..e0d8aba 100644
--- a/src/test/resources/com/google/jenkins/plugins/credentials/oauth/test-key.json
+++ b/src/test/resources/com/google/jenkins/plugins/credentials/oauth/test-key.json
@@ -1,12 +1,12 @@
 {
   "type": "service_account",
-  "project_id": "jenkins-g-oauth-plugin",
-  "private_key_id": "b5bde820c66ffc456deeeca6c7a36b70f937f053",
-  "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCkQqPYbTVxB8Hw\nNSpfIJ5k+8B5Y5Ly5jW+hirOXwSOjJ38Baw1qQPADWc2U6GkKhZmyQscAJgIvFVW\nvfNrDDQgKolVr4GGf09m9vYlusnCPqFksL8L/qd92wi0sYMs5dNtm/OfW2zat1fD\nIXtCm9zglkwZKhln3p01E3HB3x1IDtZoZsIqxm+ImXsvFwADMt8uTB1Hq1n4YuFm\nFu2Um8CPHr59eV7REAEQc948AciYXGeIJTxUrWLXLJqk5zZgktZmWoShMW3UKl/k\nP8vNoQOsuR6sJ/gcld7EHScQtU22+FNrFEuE6RHO8nwjN+QqNjh0MR7DQxZoHMAw\n1IE83usxAgMBAAECggEAA2TA9pGibrDbHRocfRDJeo5E2dhe+SlDKT0waqk5IoC0\nEPiLiCP5paJvp4ZNcu/8XKUdt2qDBmQtf0bA0SbhHhyCEAAZuC4BzyxkcoXA3kqo\n6JgDtgaNwcDp/A5L5qkWLjl2rF9JMpDiek/Jfuge/wQjGctLCtOx/wTLsmNCCAkf\nTVJh9JjFH59stPJG8j4yjx0L+EKdwQyTKTahXrRm4rccjDwhvA7T7RSqmbjhDu2+\nX9ljP0Uch/udLYGEt+SnpcVJuJTJ+ivmG8zvKX5YPndC6hfY13eMXxtRMYuYQOuf\nA0rnnhDLMQPh5fg2eaXRNI7N4sNLmgYsp/mGWsftmQKBgQDn7rnlEBncJHJWRJB/\nlUZ5toGDE4nO+N9kkje2K2Zlyn5gwOmnakaFyVTbCjzSwyatOTxWyAsqVLLb8dXQ\n59m+A3YZ3QYNYggN8WgkHnt1EWB56EbEUFX0XaWccYBC+4G37V44FXeblVzLQIfF\n+uiJMqp2hsYEmgsn35jzyWVXWQKBgQC1TjSfUa4ZQs0AuTy0A55Mpmk1l4ZK4Ddx\n/vfQMbTnrReVZ7C/nSvoDy48hMzEmMbuMiivk7jnkFvx7M6LiNPhEqqoJ5Y5mBca\nNvnnN4TckuJdAtknygBogGGs13ypt1KaA4FetMT4IWqsoFI+g6Z7a+7pxnHHdmjb\nGk5J8juPmQKBgDd3Tvup2xVbngBli00HrQAElnp7XLSjrgEGOs6VGHr1bz3CRN6l\nutHZ8TIlA6C/zOsWSgjS9GCeOtwAvMql99vKRh8vTXg73oM/HVGt/IZlrnXZB7uB\nHt0+3BFKz4q1TTNoT+UHtT/++18cQpwlQiE1fbC00HxfPpW9kn2Sx2qZAoGAVays\nDzEw3P0FFLdz6PjgwAXPJ6T/r7g+Wx8KCZbDjsrrnw1Np25lBhbOWYjDno83Se3n\n7fgXY02DNVIa1DMHNI92l1mFkpe9KwUZmFpS7Ux3rU4gQb4h7T/laCC35xca8G6B\nnrg7b6mS2Bo2YxYhAKejUVMWBxR8PjUzE5xk6tkCgYB9ZqRD0cyCIphOdzAM9l1P\nDIZtesjraXDKZEiWJJq0yOE5qCnqF0pAVFSZF3pVJ0gnurzjm5tPx6xRS8qjbu1X\n2dux06e7uBQ1qVddP9buf3LmDDTDcVcBYs4dATAy+D8bpdNgnQgx0koo0bKNQSr6\npSpvb/7PiYTR7Lqmjn3RxA==\n-----END PRIVATE KEY-----\n",
-  "client_email": "casc-test@jenkins-g-oauth-plugin.iam.gserviceaccount.com",
-  "client_id": "114342765730756386386",
+  "project_id": "test-project",
+  "private_key_id": "test-private-key-id",
+  "private_key": "test-private-key",
+  "client_email": "test-account@test-project.iam.gserviceaccount.com",
+  "client_id": "test-client-id",
   "auth_uri": "https://accounts.google.com/o/oauth2/auth",
   "token_uri": "https://oauth2.googleapis.com/token",
   "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
-  "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/casc-test%40jenkins-g-oauth-plugin.iam.gserviceaccount.com"
+  "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/test-account%40test-project.iam.gserviceaccount.com"
 }
\ No newline at end of file
diff --git a/src/test/resources/com/google/jenkins/plugins/credentials/oauth/test-key.p12 b/src/test/resources/com/google/jenkins/plugins/credentials/oauth/test-key.p12
deleted file mode 100644
index edfe8725ecb4bdd44e54071f134e69ed2d3d41af..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 2479
zcmY+EX*3iJ8-{1IjIuUl38`!$GubI4>ts*Xku_`97)n_OGa>uF&M0e)B_+ll5k^Fa
zB3m)m6vh%>-*>+6eb4*jInO!QeLv673yy_WfPi2)7V1O~y^KTQXv{zcAQ1~SgJ7Yz
zPOt$SOLzZY5uGChOJ{q6(I;b0f9ii%r<s5tA{KH0$3kduaeAiz<CEun5LnEf9OKuh
zjwpnruS!9ApWUQF&Sel7&}j_8Lf)?*EGgaAuT1Y>%}agkJ-F;Z;fq+`HYLxPY;5oh
zR`Y#O9k(6%{kqx;gbIEc=>~00GF***1iu@1IOtYdG9YR>Z6(U!K;;)`R9EHol9M<(
z?RGihd537}NAHKEHFr_{=&6g(I{S|$=ex^(T72imPwOw0Iw)ic02$)?e+#Ghp)7qa
z?tP)9>cW1Jh8H5lha~OLO?op=Cqoh`_|=W2*?IkN_X#@O1F52RFHGv7ZLFj^Kv?Ph
zz@eySP+X(140|H$Ex$Vszsic$#e+^2#G)G2XEj7p%v-Y|d37a+G`7(DyM@2Wx(qK3
zqYfnJI9%>IHA$zbF->kXHnqi=8c(@MD8>lhaI*eF=mF)WW0glfv1>HVjviCk6)IAK
zQwWNxO%e`fZ(-SDEVSta?+s5p=NIh>z%>;AC$Sphg|OHaw&-rSfXimn*<$19uQ9^*
zxz6{F-5)=)u)N8-aOD+R_*d>6eHT>c@^#DLiWudOlR;hSMb-C>w2C^bXsiolThqy?
zmoX7*e4^$EBH9&TR0&qEYy@f5KWisB%9nMSbn<7~m>Y#gZhK`0ig71B+1Gr>BH?ud
zZ~siEflbbJxe8z)7^3i^+t@D?RH`vUoBNTJ81sB&w^O&^-CDZUrBn;D#9Yas<_fhd
zves6p+s@(41X$yYu@<J+i2HTNB53h3W5LIR5pAksJQd5F&@?anCKOOtG}V%bL}w{A
z_IcMOuUp_nzK5Z~g}`yczSB^6ew{k<@*}qf&G31}!%!ptHjJ-4DdT8^ZLc$+(U(Gh
zyx>~jH-!(>wQfoZirLweu|WEBabYs;1>N|4(dt=-gA*v*A<iV^c{JMHbL*m`n>Cd!
zHmSr}fxTI6H9E-YLNqd~JB|**xN%w9fLf*5F5NXhim0MyJYIS2XPa?U+n}-wEy;aR
zA4VWma0J@wDiXb;w%_eP8IPn8VwIZb1uUQCI&2y~@*uNq8IE&JmB$5&B~1zjFueK1
zxqqA{Pi!yqEUZ{8+v=g3Ld-0APx+kh)YvJ89s>i?gK-Pc0sEc!()*M<!*6@38%5J#
z$JyM)QeG9-uMH~Oxk;sba!<yrvUeiQ#PbbxnU+$@lq2}<mDHr9Kc1z7wK2PWkq{hH
z&kv%e?I?}*mt^TQ8<OeMMqZ?k&W{UQ$4~?~xmyt7vwGbYEuzc#^3+^Y*{#E5wSp;<
z`tIACw?%6FGyLp`RRC1O;^#15T?yrwpAP~-ijhKAr5Qh&CkmrBcf@!UlEacYZQ3-r
z1JbKouPtgE0@n*g(zD6(>SO0uQp4ioH}-OSCAb4B*pMu?{fAO^m66)<MpCpQ;hh?G
zG)vj|W^vgA58*pBF8_(XxLL?pQXAiwM&a1sw-s>o?>ozKiC+EZ;;z{&B$v10u%a{D
zGHXA~Wv%VGJGQ<Nk2MCaUgTaII3nbFHbCO!B3E`}tk?)<DfP3m{MDM8c5f3*>h4eT
z&t2lJWhTv^)2`I>emkXUiY0{vmvj5n^jIvT&fV17@ShrO{f0A45T}V*m9EWk9r#6g
z{+Vz>ox|uDmWDleYHc_w%>xKXxVB38j&nU;if`)oiDJKUWSS}pN*W2{;9HNvo<X4C
z7yniz6o%jufB}2~egJnsAix2D0XPFZP9_L0^iPQs0fTUux_ddFN65*^%F4(qDak3o
zW#L%xr@u=K^h7N9-3jUd0RbnA{7(Y>mucz$W7-HfK(V@@B~Qmd+hgICdk78BkosTK
zhGW6uY&r=aO3uDnYF)$o3nB&)OY1hWts1p4z)#IrY5vA00Vb|CBYs$9U#}MVIvAP!
z+-a;gnaH2yJ|~<$RFCE!n>_!4WB^nAvx98+E{oD+qLU0ER`a$A1wFU(aQY;mbvC+u
zv@TBMF!b&=y9<V4rZ0S~g8S6N)&}om=ZAQit|3s@L-ye_u<Z1zy$EG0vto}Qr<78`
zam(_eO#~%qs%w~~{xvS|)xo9OKWL&-i3r=Yy9IMI%bIvleQWn6xDiS{^xH5rt0K?l
zdYZe8GPz?E*<zKy)>GSvz^un(m?_qF(nrrD@7@cE9x|9eyt?WVPG2Li@>SpJ<M`$;
zur%_GxOIHODn+ZJhSBsw^PF#rU*)Zg!w*h%E>^{fIzEq>Y^JNt$*e0zbZ8KeQ7(Ld
zY1$D||0<8iNg@@7+hcm~4<b8byhVGL&V)>?VP!otV_~ijd23Gx7H(1VMG2DDqt7mB
zb4Tbe&vV+tvN+^*YQ;M7yQ<~qp5*DN=#vdQvek;;KW=>K)SB1I6EI&=7BG37ji{w4
zJRSBjJo4vC*;uZ>ZDt%oXj58c>A~pT6(yIZorm{^%f5Ji-R?n5Cgliuq<#C@XIH!#
z<*v*3M?aVE4rNhg9=aZ*j5vlrb~rk{e4SyiQo!yFX1Gl$G?1-P9UyI~WGJZlrDa^)
zA?0VteJftSsk`JHiSRpMQ0tLa3ulEhw`B%F5%JbdcO+NMG31fcx-<M=Ymls3fCB$F
ze6RLNPSC6`rQU>7!(%s38z+>P6AGG5gu7%u*IvMrJv6H72Xj1TOX+;7y3R4@T<6_)
z7aWRn)+zd|96EYd;d{xiZo<AG{X&ll)qN`D+8?D3)Ym(amdPbKgSySpBRM~A;7NF?
zVX)NL3_txh$#xAfnn~E<(?As8Tf*lWLPk(qWdlH!=a+;FZB7iFbCfgJAbDy}$ahGj
z`9aD^WML+jr&YGByj_@a@O$V+c+)kJD<1n8<TQ&FbhgkJPewL~(|k=gv$}Bh;Loz1
zuA|1Sj8M<TY=^_(Iq7^{VBK&!n!|7X26~qS%c+8H*SNu8#+*3#l>ou@iPm6mB>`Rk
zN#Kyx8Mu&bIiviKr4f&*7Y<k~D1bMgl{Jy3r$+uGh$&p2)^LoId+jpEA;YiVA`0q=
z*Z!@3Jg24QJehJ;*&_(93KxPy>FFd`z#v{a00h>(aw#@Y&)HMGGr=a(%I*W~&(Q(|
eCbm%GdzCMgI=pw!C(-*IK14EV7z765h<^cU#+dN{


From 0138cbb95448a9274194c3c803137cbd91a35c7d Mon Sep 17 00:00:00 2001
From: Stephen Shank <stephenshank@google.com>
Date: Fri, 5 Apr 2019 21:50:33 -0700
Subject: [PATCH 09/17] Address checkstyle failures.

---
 checkstyleJavaHeader                          |  2 +-
 .../GoogleRobotPrivateKeyCredentials.java     |  3 +-
 .../oauth/JsonServiceAccountConfig.java       | 17 +++--
 .../oauth/P12ServiceAccountConfig.java        | 15 +++--
 .../oauth/ConfigurationAsCodeTest.java        | 67 +++++++++++++------
 .../GoogleRobotPrivateKeyCredentialsTest.java | 12 ++--
 .../oauth/JsonServiceAccountConfigTest.java   | 18 +++--
 .../oauth/P12ServiceAccountConfigTest.java    |  3 +-
 8 files changed, 91 insertions(+), 46 deletions(-)

diff --git a/checkstyleJavaHeader b/checkstyleJavaHeader
index bb145d5..a8a4539 100644
--- a/checkstyleJavaHeader
+++ b/checkstyleJavaHeader
@@ -1,5 +1,5 @@
 ^/\*$
-^ \* Copyright 201(3|4|5|6|7|8) .*$
+^ \* Copyright 201(3|4|5|6|7|8|9) .*$
 ^ \*$
 ^ \* Licensed under the Apache License, Version 2\.0 \(the \"License\"\);$
 ^ \* you may not use this file except in compliance with the License\.$
diff --git a/src/main/java/com/google/jenkins/plugins/credentials/oauth/GoogleRobotPrivateKeyCredentials.java b/src/main/java/com/google/jenkins/plugins/credentials/oauth/GoogleRobotPrivateKeyCredentials.java
index a55b1b7..50aa0a4 100644
--- a/src/main/java/com/google/jenkins/plugins/credentials/oauth/GoogleRobotPrivateKeyCredentials.java
+++ b/src/main/java/com/google/jenkins/plugins/credentials/oauth/GoogleRobotPrivateKeyCredentials.java
@@ -73,7 +73,8 @@ public GoogleRobotPrivateKeyCredentials(String projectId,
   public Object readResolve() {
     if (serviceAccountConfig == null) {
       String clientEmail = getClientEmailFromSecretsFileAndLogErrors();
-      serviceAccountConfig = new P12ServiceAccountConfig(clientEmail, null, p12File);
+      serviceAccountConfig =
+          new P12ServiceAccountConfig(clientEmail, null, p12File);
     }
     return this;
   }
diff --git a/src/main/java/com/google/jenkins/plugins/credentials/oauth/JsonServiceAccountConfig.java b/src/main/java/com/google/jenkins/plugins/credentials/oauth/JsonServiceAccountConfig.java
index 1600335..6c0a7d2 100644
--- a/src/main/java/com/google/jenkins/plugins/credentials/oauth/JsonServiceAccountConfig.java
+++ b/src/main/java/com/google/jenkins/plugins/credentials/oauth/JsonServiceAccountConfig.java
@@ -15,7 +15,6 @@
  */
 package com.google.jenkins.plugins.credentials.oauth;
 
-import com.google.api.client.util.Strings;
 import java.io.ByteArrayInputStream;
 import java.io.File;
 import java.io.IOException;
@@ -35,15 +34,16 @@
 import org.kohsuke.accmod.Restricted;
 import org.kohsuke.accmod.restrictions.DoNotUse;
 import org.kohsuke.stapler.DataBoundConstructor;
+import org.kohsuke.stapler.DataBoundSetter;
 
 import com.cloudbees.plugins.credentials.SecretBytes;
 import com.google.api.client.json.jackson.JacksonFactory;
 import com.google.api.client.util.PemReader;
+import com.google.api.client.util.Strings;
 
 import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import hudson.Extension;
 import jenkins.model.Jenkins;
-import org.kohsuke.stapler.DataBoundSetter;
 
 /**
  * Provides authentication mechanism for a service account by setting a .json
@@ -85,7 +85,8 @@ public JsonServiceAccountConfig() {}
    * @since 0.3
    */
   @Deprecated
-  public JsonServiceAccountConfig(FileItem jsonKeyFile, String prevJsonKeyFile) {
+  public JsonServiceAccountConfig(
+      FileItem jsonKeyFile, String prevJsonKeyFile) {
     this.setJsonKeyFileUpload(jsonKeyFile);
     if (filename == null && prevJsonKeyFile != null) {
       this.filename = extractFilename(prevJsonKeyFile);
@@ -94,7 +95,7 @@ public JsonServiceAccountConfig(FileItem jsonKeyFile, String prevJsonKeyFile) {
   }
 
   /**@param jsonKeyFileUpload uploaded json key file */
-  @DataBoundSetter // Called on form submission, only used when key file is uploaded
+  @DataBoundSetter // Called on form submit, only used when key file is uploaded
   public void setJsonKeyFileUpload(FileItem jsonKeyFileUpload) {
     if (jsonKeyFileUpload != null && jsonKeyFileUpload.getSize() > 0) {
       try {
@@ -182,7 +183,7 @@ public String getFilename() {
     return filename;
   }
 
-  @Restricted(DoNotUse.class)   // for UI purpose only
+  @Restricted(DoNotUse.class) // UI: Required for stapler call of setter.
   @CheckForNull
   public SecretBytes getSecretJsonKey() {
     return secretJsonKey;
@@ -198,7 +199,7 @@ public String getJsonKeyFile() {
    * @return The uploaded json key file
    */
   @Deprecated
-  @Restricted(DoNotUse.class) // Required by stapler to call setJsonKeyFileUpload above.
+  @Restricted(DoNotUse.class) // UI: Required for stapler call of setter.
   public FileItem getJsonKeyFileUpload() {
     return null;
   }
@@ -228,7 +229,9 @@ public PrivateKey getPrivateKey() {
           } else {
             LOGGER.severe("The provided private key is malformed.");
           }
-        } catch (IOException | InvalidKeySpecException | NoSuchAlgorithmException e) {
+        } catch (IOException
+            | InvalidKeySpecException
+            | NoSuchAlgorithmException e) {
           LOGGER.log(Level.SEVERE, "Failed to read private key", e);
         }
       }
diff --git a/src/main/java/com/google/jenkins/plugins/credentials/oauth/P12ServiceAccountConfig.java b/src/main/java/com/google/jenkins/plugins/credentials/oauth/P12ServiceAccountConfig.java
index 5e18dce..9ced4e1 100644
--- a/src/main/java/com/google/jenkins/plugins/credentials/oauth/P12ServiceAccountConfig.java
+++ b/src/main/java/com/google/jenkins/plugins/credentials/oauth/P12ServiceAccountConfig.java
@@ -15,7 +15,6 @@
  */
 package com.google.jenkins.plugins.credentials.oauth;
 
-import com.google.api.client.util.Strings;
 import java.io.ByteArrayInputStream;
 import java.io.File;
 import java.io.IOException;
@@ -37,13 +36,14 @@
 import org.kohsuke.accmod.Restricted;
 import org.kohsuke.accmod.restrictions.DoNotUse;
 import org.kohsuke.stapler.DataBoundConstructor;
+import org.kohsuke.stapler.DataBoundSetter;
 
 import com.cloudbees.plugins.credentials.SecretBytes;
+import com.google.api.client.util.Strings;
 
 import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import hudson.Extension;
 import jenkins.model.Jenkins;
-import org.kohsuke.stapler.DataBoundSetter;
 
 /**
  * provides authentication mechanism for a service account by setting a service
@@ -83,7 +83,10 @@ public P12ServiceAccountConfig(String emailAddress) {
    * @since 0.3
    */
   @Deprecated
-  public P12ServiceAccountConfig(String emailAddress, FileItem p12KeyFileUpload, String prevP12KeyFile) {
+  public P12ServiceAccountConfig(
+      String emailAddress,
+      FileItem p12KeyFileUpload,
+      String prevP12KeyFile) {
     this(emailAddress);
     this.setP12KeyFileUpload(p12KeyFileUpload);
     if (filename == null && prevP12KeyFile != null) {
@@ -94,7 +97,7 @@ public P12ServiceAccountConfig(String emailAddress, FileItem p12KeyFileUpload, S
 
   /** @param p12KeyFile uploaded p12 key file */
   @Deprecated
-  @DataBoundSetter // Called on form submission, only used when credentials are uploaded.
+  @DataBoundSetter // Called on form submit, only used when key file is uploaded
   public void setP12KeyFileUpload(FileItem p12KeyFile) {
     if (p12KeyFile != null && p12KeyFile.getSize() > 0) {
       this.filename = extractFilename(p12KeyFile.getName());
@@ -182,7 +185,7 @@ public String getFilename() {
    *
    * @return secretP12Key
    */
-  @Restricted(DoNotUse.class) // Required by stapler for being able to call setSecretP12Key
+  @Restricted(DoNotUse.class) // UI:  Required for stapler call of setter.
   @CheckForNull
   public SecretBytes getSecretP12Key() {
     return secretP12Key;
@@ -199,7 +202,7 @@ public String getP12KeyFile() {
    * @return The uploaded p12 key file
    */
   @Deprecated
-  @Restricted(DoNotUse.class) // Required by stapler for being able to call setP12KeyFileUpload.
+  @Restricted(DoNotUse.class) // UI: Required for stapler call of setter.
   public FileItem getP12KeyFileUpload() {
     return null;
   }
diff --git a/src/test/java/com/google/jenkins/plugins/credentials/oauth/ConfigurationAsCodeTest.java b/src/test/java/com/google/jenkins/plugins/credentials/oauth/ConfigurationAsCodeTest.java
index bac139a..0d1eaf4 100644
--- a/src/test/java/com/google/jenkins/plugins/credentials/oauth/ConfigurationAsCodeTest.java
+++ b/src/test/java/com/google/jenkins/plugins/credentials/oauth/ConfigurationAsCodeTest.java
@@ -16,64 +16,91 @@
 
 package com.google.jenkins.plugins.credentials.oauth;
 
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+import java.util.List;
+
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertNull;
+import org.apache.commons.io.IOUtils;
+import org.junit.Rule;
+import org.junit.Test;
+
 import com.cloudbees.plugins.credentials.CredentialsProvider;
 import com.cloudbees.plugins.credentials.SecretBytes;
+
 import io.jenkins.plugins.casc.misc.ConfiguredWithCode;
 import io.jenkins.plugins.casc.misc.JenkinsConfiguredWithCodeRule;
-import java.io.IOException;
-import java.nio.charset.StandardCharsets;
-import java.util.List;
-import org.apache.commons.io.IOUtils;
-import org.junit.Rule;
-import org.junit.Test;
 
+/**
+ * Tests that the credentials are correctly processed by the Configuration as
+ * Code plugin
+ */
 public class ConfigurationAsCodeTest {
 
-  @Rule public JenkinsConfiguredWithCodeRule r = new JenkinsConfiguredWithCodeRule();
+  @Rule
+  public JenkinsConfiguredWithCodeRule r = new JenkinsConfiguredWithCodeRule();
 
   @Test
   @ConfiguredWithCode("json-service-account-config.yml")
-  public void supportsConfigurationWithJsonServiceAccountConfig() throws IOException {
-    List<GoogleRobotPrivateKeyCredentials> credentialsList = CredentialsProvider.lookupCredentials(GoogleRobotPrivateKeyCredentials.class);
+  public void supportsConfigurationWithJsonServiceAccountConfig()
+      throws IOException {
+    List<GoogleRobotPrivateKeyCredentials> credentialsList =
+        CredentialsProvider
+            .lookupCredentials(GoogleRobotPrivateKeyCredentials.class);
     assertNotNull(credentialsList);
     assertEquals("No credentials created", 1, credentialsList.size());
     GoogleRobotPrivateKeyCredentials credentials = credentialsList.get(0);
     assertNotNull(credentials);
-    JsonServiceAccountConfig config = (JsonServiceAccountConfig) credentials.getServiceAccountConfig();
+    JsonServiceAccountConfig config =
+        (JsonServiceAccountConfig) credentials.getServiceAccountConfig();
     assertNotNull(config);
     assertNull(config.getFilename());
     assertNull(config.getJsonKeyFile());
     assertNull(config.getJsonKeyFileUpload());
     assertNull(config.getPrivateKey()); // Because private_key is not valid.
     SecretBytes bytes = config.getSecretJsonKey();
-    assertEquals("test-account@test-project.iam.gserviceaccount.com", config.getAccountId());
-    String actualBytes = new String(bytes.getPlainData(), StandardCharsets.UTF_8);
-    String expectedBytes = IOUtils.toString(this.getClass().getResourceAsStream("test-key.json"));
-    assertEquals("Failed to configure secretJsonKey correctly.", expectedBytes, actualBytes);
+    assertEquals(
+        "test-account@test-project.iam.gserviceaccount.com",
+        config.getAccountId());
+    String actualBytes =
+        new String(bytes.getPlainData(), StandardCharsets.UTF_8);
+    String expectedBytes = IOUtils.toString(
+        this.getClass().getResourceAsStream("test-key.json"));
+    assertEquals(
+        "Failed to configure secretJsonKey correctly.",
+        expectedBytes, actualBytes);
   }
 
   @Test
   @ConfiguredWithCode("p12-service-account-config.yml")
   public void supportsConfigurationWithP12ServiceAccountConfig() {
-    List<GoogleRobotPrivateKeyCredentials> credentialsList = CredentialsProvider.lookupCredentials(GoogleRobotPrivateKeyCredentials.class);
+    List<GoogleRobotPrivateKeyCredentials> credentialsList =
+        CredentialsProvider.
+            lookupCredentials(GoogleRobotPrivateKeyCredentials.class);
     assertNotNull(credentialsList);
     assertEquals("No credentials created", 1, credentialsList.size());
     GoogleRobotPrivateKeyCredentials credentials = credentialsList.get(0);
     assertNotNull(credentials);
-    P12ServiceAccountConfig config = (P12ServiceAccountConfig) credentials.getServiceAccountConfig();
+    P12ServiceAccountConfig config =
+        (P12ServiceAccountConfig) credentials.getServiceAccountConfig();
     assertNotNull(config);
     assertNull(config.getFilename());
     assertNull(config.getP12KeyFile());
     assertNull(config.getP12KeyFileUpload());
-    assertNull(config.getPrivateKey()); // Because the bytes do not form a valid p12 key file.
-    assertEquals("test-account@test-project.iam.gserviceaccount.com", config.getEmailAddress());
+    // Because the bytes do not form a valid p12 key file.
+    assertNull(config.getPrivateKey());
+    assertEquals(
+        "test-account@test-project.iam.gserviceaccount.com",
+        config.getEmailAddress());
     assertEquals(config.getEmailAddress(), config.getAccountId());
     SecretBytes bytes = config.getSecretP12Key();
-    String actualBytes = new String(bytes.getPlainData(), StandardCharsets.UTF_8);
+    String actualBytes =
+        new String(bytes.getPlainData(), StandardCharsets.UTF_8);
     String expectedBytes = "test-p12-key";
-    assertEquals("Failed to configure secretP12Key correctly", expectedBytes, actualBytes);
+    assertEquals(
+        "Failed to configure secretP12Key correctly",
+        expectedBytes, actualBytes);
   }
 }
diff --git a/src/test/java/com/google/jenkins/plugins/credentials/oauth/GoogleRobotPrivateKeyCredentialsTest.java b/src/test/java/com/google/jenkins/plugins/credentials/oauth/GoogleRobotPrivateKeyCredentialsTest.java
index 312c11a..b14a1cd 100644
--- a/src/test/java/com/google/jenkins/plugins/credentials/oauth/GoogleRobotPrivateKeyCredentialsTest.java
+++ b/src/test/java/com/google/jenkins/plugins/credentials/oauth/GoogleRobotPrivateKeyCredentialsTest.java
@@ -118,10 +118,12 @@ public void testCreatePrivateKeyCredentialsWithJsonKeyType()
             .thenReturn(new FileInputStream(jsonKeyPath));
     when(mockFileItem.get())
             .thenReturn(FileUtils.readFileToByteArray(new File(jsonKeyPath)));
-    JsonServiceAccountConfig jsonServiceAccountConfig = new JsonServiceAccountConfig();
+    JsonServiceAccountConfig jsonServiceAccountConfig =
+        new JsonServiceAccountConfig();
     jsonServiceAccountConfig.setJsonKeyFileUpload(mockFileItem);
     GoogleRobotPrivateKeyCredentials credentials =
-            new GoogleRobotPrivateKeyCredentials(PROJECT_ID, jsonServiceAccountConfig, module);
+        new GoogleRobotPrivateKeyCredentials(
+            PROJECT_ID, jsonServiceAccountConfig, module);
 
     assertEquals(CredentialsScope.GLOBAL, credentials.getScope());
     assertEquals(SERVICE_ACCOUNT_EMAIL_ADDRESS, credentials.getUsername());
@@ -391,10 +393,12 @@ public void testGetById() throws Exception {
             .thenReturn(new FileInputStream(jsonKeyPath));
     when(mockFileItem.get())
             .thenReturn(FileUtils.readFileToByteArray(new File(jsonKeyPath)));
-    JsonServiceAccountConfig jsonServiceAccountConfig = new JsonServiceAccountConfig();
+    JsonServiceAccountConfig jsonServiceAccountConfig =
+        new JsonServiceAccountConfig();
     jsonServiceAccountConfig.setJsonKeyFileUpload(mockFileItem);
     GoogleRobotPrivateKeyCredentials credentials =
-        new GoogleRobotPrivateKeyCredentials(PROJECT_ID, jsonServiceAccountConfig, null);
+        new GoogleRobotPrivateKeyCredentials(
+            PROJECT_ID, jsonServiceAccountConfig, null);
 
     SystemCredentialsProvider.getInstance().getCredentials().add(credentials);
 
diff --git a/src/test/java/com/google/jenkins/plugins/credentials/oauth/JsonServiceAccountConfigTest.java b/src/test/java/com/google/jenkins/plugins/credentials/oauth/JsonServiceAccountConfigTest.java
index 1346f4c..d00d60a 100644
--- a/src/test/java/com/google/jenkins/plugins/credentials/oauth/JsonServiceAccountConfigTest.java
+++ b/src/test/java/com/google/jenkins/plugins/credentials/oauth/JsonServiceAccountConfigTest.java
@@ -41,7 +41,8 @@
  * Tests for {@link JsonServiceAccountConfig}.
  */
 public class JsonServiceAccountConfigTest {
-  private static final String SERVICE_ACCOUNT_EMAIL_ADDRESS = "service@account.com";
+  private static final String SERVICE_ACCOUNT_EMAIL_ADDRESS =
+      "service@account.com";
   private static PrivateKey privateKey;
   private static String jsonKeyPath;
   @Rule
@@ -78,7 +79,8 @@ public void testCreateJsonKeyTypeWithNewJsonKeyFile() throws Exception {
 
   @Test
   public void testCreateJsonKeyTypeWithNullParameters() {
-    JsonServiceAccountConfig jsonServiceAccountConfig = new JsonServiceAccountConfig();
+    JsonServiceAccountConfig jsonServiceAccountConfig =
+        new JsonServiceAccountConfig();
 
     assertNull(jsonServiceAccountConfig.getAccountId());
     assertNull(jsonServiceAccountConfig.getPrivateKey());
@@ -114,7 +116,8 @@ public void testCreateJsonKeyTypeWithInvalidJsonKeyFile() throws Exception {
 
   @Test
   public void testCreateJsonKeyTypeWithPrevJsonKeyFileForCompatibility() {
-    JsonServiceAccountConfig jsonServiceAccountConfig = new JsonServiceAccountConfig(null, jsonKeyPath);
+    JsonServiceAccountConfig jsonServiceAccountConfig =
+        new JsonServiceAccountConfig(null, jsonKeyPath);
 
     assertEquals(SERVICE_ACCOUNT_EMAIL_ADDRESS,
         jsonServiceAccountConfig.getAccountId());
@@ -125,7 +128,8 @@ public void testCreateJsonKeyTypeWithPrevJsonKeyFileForCompatibility() {
   public void testCreateJsonKeyTypeWithPrevJsonKeyFile() throws Exception {
     SecretBytes prev = SecretBytes
             .fromBytes(FileUtils.readFileToByteArray(new File(jsonKeyPath)));
-    JsonServiceAccountConfig jsonServiceAccountConfig = new JsonServiceAccountConfig();
+    JsonServiceAccountConfig jsonServiceAccountConfig =
+        new JsonServiceAccountConfig();
     jsonServiceAccountConfig.setFilename(jsonKeyPath);
     jsonServiceAccountConfig.setSecretJsonKey(prev);
 
@@ -137,7 +141,8 @@ public void testCreateJsonKeyTypeWithPrevJsonKeyFile() throws Exception {
   @Test
   public void testCreateJsonKeyTypeWithEmptyPrevJsonKeyFile() {
     SecretBytes prev = SecretBytes.fromString("");
-    JsonServiceAccountConfig jsonServiceAccountConfig = new JsonServiceAccountConfig();
+    JsonServiceAccountConfig jsonServiceAccountConfig =
+        new JsonServiceAccountConfig();
     jsonServiceAccountConfig.setFilename("");
     jsonServiceAccountConfig.setSecretJsonKey(prev);
 
@@ -162,7 +167,8 @@ public void testSerialization() throws Exception {
         .thenReturn(new FileInputStream(jsonKeyPath));
     when(mockFileItem.get())
         .thenReturn(FileUtils.readFileToByteArray(new File(jsonKeyPath)));
-    JsonServiceAccountConfig jsonServiceAccountConfig = new JsonServiceAccountConfig();
+    JsonServiceAccountConfig jsonServiceAccountConfig =
+        new JsonServiceAccountConfig();
     jsonServiceAccountConfig.setJsonKeyFileUpload(mockFileItem);
 
     ByteArrayOutputStream out = new ByteArrayOutputStream();
diff --git a/src/test/java/com/google/jenkins/plugins/credentials/oauth/P12ServiceAccountConfigTest.java b/src/test/java/com/google/jenkins/plugins/credentials/oauth/P12ServiceAccountConfigTest.java
index 41c41ea..6a1f77b 100644
--- a/src/test/java/com/google/jenkins/plugins/credentials/oauth/P12ServiceAccountConfigTest.java
+++ b/src/test/java/com/google/jenkins/plugins/credentials/oauth/P12ServiceAccountConfigTest.java
@@ -133,7 +133,8 @@ public void testCreateWithInvalidP12KeyFile() {
   @Test
   public void testCreateWithPrevP12KeyFileForCompatibility() {
     P12ServiceAccountConfig p12ServiceAccountConfig =
-        new P12ServiceAccountConfig(SERVICE_ACCOUNT_EMAIL_ADDRESS, null, p12KeyPath);
+        new P12ServiceAccountConfig(
+            SERVICE_ACCOUNT_EMAIL_ADDRESS, null, p12KeyPath);
 
     assertEquals(SERVICE_ACCOUNT_EMAIL_ADDRESS,
         p12ServiceAccountConfig.getAccountId());

From da226051dd043a9b5250c0b834143a8d96bc36e2 Mon Sep 17 00:00:00 2001
From: Stephen Shank <stephenshank@google.com>
Date: Tue, 9 Apr 2019 11:08:36 -0700
Subject: [PATCH 10/17] Fix indentation misalignment. Mark dependencies only
 required for CasC tests as optional so that they are not included when using
 hpi to package or run.

---
 pom.xml | 49 +++++++++++++++++++++++++++++--------------------
 1 file changed, 29 insertions(+), 20 deletions(-)

diff --git a/pom.xml b/pom.xml
index 8b5ee1a..fa03c41 100644
--- a/pom.xml
+++ b/pom.xml
@@ -101,15 +101,15 @@
 	<artifactId>cobertura-maven-plugin</artifactId>
 	<version>2.5.2</version>
 	<configuration>
-          <instrumentation>
-            <excludes>
-              <exclude>com/google/jenkins/plugins/**/Messages.class</exclude>
-            </excludes>
-          </instrumentation>
-	  <formats>
+    <instrumentation>
+      <excludes>
+        <exclude>com/google/jenkins/plugins/**/Messages.class</exclude>
+      </excludes>
+    </instrumentation>
+    <formats>
 	    <format>html</format>
-	    <format>xml</format>
-	  </formats>
+      <format>xml</format>
+    </formats>
     <check/>
 	</configuration>
       </plugin>
@@ -130,11 +130,12 @@
   <properties>
     <jenkins.version>2.60.3</jenkins.version>
     <google.api.version>1.24.1</google.api.version>
+    <configuration-as-code.version>1.9</configuration-as-code.version>
+    <credentials.version>2.1.16</credentials.version>
     <java.level>8</java.level>
     <findbugs.excludeFilterFile>findbugs-exclude.xml</findbugs.excludeFilterFile>
     <findbugs.effort>Max</findbugs.effort>
     <findbugs.threshold>Medium</findbugs.threshold>
-    <configuration-as-code.version>1.9</configuration-as-code.version>
   </properties>
 
   <dependencies>
@@ -183,6 +184,8 @@
       <artifactId>configuration-as-code</artifactId>
       <version>${configuration-as-code.version}</version>
       <scope>test</scope>
+      <!--Marked as optional so hpi:run does not include it. -->
+      <optional>true</optional>
     </dependency>
     <dependency>
       <groupId>io.jenkins</groupId>
@@ -190,12 +193,28 @@
       <version>${configuration-as-code.version}</version>
       <classifier>tests</classifier>
       <scope>test</scope>
+      <optional>true</optional>
     </dependency>
     <dependency>
       <groupId>io.jenkins.configuration-as-code</groupId>
       <artifactId>configuration-as-code-support</artifactId>
       <version>${configuration-as-code.version}</version>
       <scope>test</scope>
+      <optional>true</optional>
+    </dependency>
+    <dependency>
+      <groupId>org.jenkins-ci.plugins</groupId>
+      <artifactId>plain-credentials</artifactId>
+      <version>1.5</version>
+      <scope>test</scope>
+      <optional>true</optional>
+    </dependency>
+    <dependency>
+      <groupId>org.jenkins-ci.plugins</groupId>
+      <artifactId>ssh-credentials</artifactId>
+      <version>1.13</version>
+      <scope>test</scope>
+      <optional>true</optional>
     </dependency>
 
     <!-- OAuth Credentials dependency -->
@@ -233,20 +252,10 @@
     </dependency>
 
     <!-- plugin dependencies -->
-    <dependency>
-      <groupId>org.jenkins-ci.plugins</groupId>
-      <artifactId>plain-credentials</artifactId>
-      <version>1.5</version>
-    </dependency>
-    <dependency>
-      <groupId>org.jenkins-ci.plugins</groupId>
-      <artifactId>ssh-credentials</artifactId>
-      <version>1.13</version>
-    </dependency>
     <dependency>
       <groupId>org.jenkins-ci.plugins</groupId>
       <artifactId>credentials</artifactId>
-      <version>2.1.16</version>
+      <version>${credentials.version}</version>
     </dependency>
     <dependency>
       <!-- Required to run P12ServiceAccountConfigTestUtil-dependent tests against newer Jenkins core versions.

From f8de1ae9065d7caffa48e8d605134a941bb5557d Mon Sep 17 00:00:00 2001
From: Stephen Shank <stephenshank@google.com>
Date: Wed, 10 Apr 2019 10:54:37 -0700
Subject: [PATCH 11/17] Remove findbugs dependency. Uses spotbugs from the
 parent pom since switching to the version that uses spotbugs instead of
 findbugs is required to use CasC.

---
 pom.xml | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/pom.xml b/pom.xml
index fa03c41..7057a9c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -139,11 +139,6 @@
   </properties>
 
   <dependencies>
-    <dependency>
-      <groupId>net.sourceforge.findbugs</groupId>
-      <artifactId>jsr305</artifactId>
-      <version>1.3.2</version>
-    </dependency>
     <!-- com.google.guava -->
     <dependency>
       <groupId>com.google.guava</groupId>

From 499364358ddf71ebe6d47590a57b57f9d69ad3a4 Mon Sep 17 00:00:00 2001
From: Stephen Shank <stephenshank@google.com>
Date: Wed, 10 Apr 2019 10:55:27 -0700
Subject: [PATCH 12/17] Add eof new line to test-key.json

---
 .../com/google/jenkins/plugins/credentials/oauth/test-key.json  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/test/resources/com/google/jenkins/plugins/credentials/oauth/test-key.json b/src/test/resources/com/google/jenkins/plugins/credentials/oauth/test-key.json
index e0d8aba..569108f 100644
--- a/src/test/resources/com/google/jenkins/plugins/credentials/oauth/test-key.json
+++ b/src/test/resources/com/google/jenkins/plugins/credentials/oauth/test-key.json
@@ -9,4 +9,4 @@
   "token_uri": "https://oauth2.googleapis.com/token",
   "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
   "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/test-account%40test-project.iam.gserviceaccount.com"
-}
\ No newline at end of file
+}

From c02b5621e55a9202388a83baec7adda326f83a55 Mon Sep 17 00:00:00 2001
From: Stephen Shank <stephenshank@google.com>
Date: Wed, 10 Apr 2019 11:27:00 -0700
Subject: [PATCH 13/17] Add missing javadoc on JsonServiceAccountConfig. Use
 correct capitalization and punctuation in javadoc.

---
 .../oauth/JsonServiceAccountConfig.java       | 27 +++++++++++++------
 .../oauth/P12ServiceAccountConfig.java        | 27 ++++++++++---------
 .../oauth/ConfigurationAsCodeTest.java        |  2 +-
 3 files changed, 34 insertions(+), 22 deletions(-)

diff --git a/src/main/java/com/google/jenkins/plugins/credentials/oauth/JsonServiceAccountConfig.java b/src/main/java/com/google/jenkins/plugins/credentials/oauth/JsonServiceAccountConfig.java
index 6c0a7d2..9307079 100644
--- a/src/main/java/com/google/jenkins/plugins/credentials/oauth/JsonServiceAccountConfig.java
+++ b/src/main/java/com/google/jenkins/plugins/credentials/oauth/JsonServiceAccountConfig.java
@@ -80,8 +80,8 @@ public JsonServiceAccountConfig() {}
    * For being able to load credentials created with versions < 0.8
    * and backwards compatibility with external callers.
    *
-   * @param jsonKeyFile The uploaded json key file
-   * @param prevJsonKeyFile The path of the previous json key file
+   * @param jsonKeyFile The uploaded json key file.
+   * @param prevJsonKeyFile The path of the previous json key file.
    * @since 0.3
    */
   @Deprecated
@@ -94,7 +94,7 @@ public JsonServiceAccountConfig(
     }
   }
 
-  /**@param jsonKeyFileUpload uploaded json key file */
+  /** @param jsonKeyFileUpload The uploaded json key file. */
   @DataBoundSetter // Called on form submit, only used when key file is uploaded
   public void setJsonKeyFileUpload(FileItem jsonKeyFileUpload) {
     if (jsonKeyFileUpload != null && jsonKeyFileUpload.getSize() > 0) {
@@ -112,7 +112,7 @@ public void setJsonKeyFileUpload(FileItem jsonKeyFileUpload) {
     }
   }
 
-  /** @param filename json key file name.*/
+  /** @param filename The json key file name. */
   @DataBoundSetter
   public void setFilename(String filename) {
     String newFilename = extractFilename(filename);
@@ -121,7 +121,7 @@ public void setFilename(String filename) {
     }
   }
 
-  /** @param secretJsonKey json key file content.*/
+  /** @param secretJsonKey The json key file content. */
   @DataBoundSetter
   public void setSecretJsonKey(SecretBytes secretJsonKey) {
     if (secretJsonKey != null && secretJsonKey.getPlainData().length > 0) {
@@ -175,7 +175,7 @@ public DescriptorImpl getDescriptor() {
   }
 
   /**
-   * @return Original uploaded file name
+   * @return Original uploaded file name.
    * @since 0.7
    */
   @CheckForNull
@@ -196,7 +196,7 @@ public String getJsonKeyFile() {
 
   /**
    * For use in UI, do not use.
-   * @return The uploaded json key file
+   * @return The uploaded json key file.
    */
   @Deprecated
   @Restricted(DoNotUse.class) // UI: Required for stapler call of setter.
@@ -204,6 +204,13 @@ public FileItem getJsonKeyFileUpload() {
     return null;
   }
 
+  /**
+   * In this context the service account id is represented by the email address
+   * for that service account, which should be contained in the json key.
+   *
+   * @return The service account identifier. Null if no json key has been
+   *    provided.
+   */
   @Override
   public String getAccountId() {
     JsonKey jsonKey = getJsonKey();
@@ -213,6 +220,10 @@ public String getAccountId() {
     return null;
   }
 
+  /**
+   * @return The {@link PrivateKey} that comes from the secret json key. Null if
+   *    this service account config contains no key or if the key is malformed.
+   */
   @Override
   public PrivateKey getPrivateKey() {
     JsonKey jsonKey = getJsonKey();
@@ -252,7 +263,7 @@ private JsonKey getJsonKey() {
   }
 
   /**
-   * descriptor for .json service account authentication
+   * Descriptor for .json service account authentication.
    */
   @Extension
   public static final class DescriptorImpl extends Descriptor {
diff --git a/src/main/java/com/google/jenkins/plugins/credentials/oauth/P12ServiceAccountConfig.java b/src/main/java/com/google/jenkins/plugins/credentials/oauth/P12ServiceAccountConfig.java
index 9ced4e1..0c04d63 100644
--- a/src/main/java/com/google/jenkins/plugins/credentials/oauth/P12ServiceAccountConfig.java
+++ b/src/main/java/com/google/jenkins/plugins/credentials/oauth/P12ServiceAccountConfig.java
@@ -46,8 +46,8 @@
 import jenkins.model.Jenkins;
 
 /**
- * provides authentication mechanism for a service account by setting a service
- * account email address and .p12 private key file
+ * Provides authentication mechanism for a service account by setting a service
+ * account email address and .p12 private key file.
  */
 public class P12ServiceAccountConfig extends ServiceAccountConfig {
   private static final long serialVersionUID = 8706353638974721795L;
@@ -65,7 +65,7 @@ public class P12ServiceAccountConfig extends ServiceAccountConfig {
   private transient String p12KeyFile;
 
   /**
-   * @param emailAddress email address
+   * @param emailAddress The service account email address.
    * @since 0.8
    */
   @DataBoundConstructor
@@ -77,9 +77,9 @@ public P12ServiceAccountConfig(String emailAddress) {
    * For being able to load credentials created with versions < 0.8
    * and backwards compatibility with external callers.
    *
-   * @param emailAddress email address
+   * @param emailAddress The service account email address.
    * @param p12KeyFileUpload The uploaded p12 key file.
-   * @param prevP12KeyFile The path of the previous p12 key file
+   * @param prevP12KeyFile The path of the previous p12 key file.
    * @since 0.3
    */
   @Deprecated
@@ -95,7 +95,7 @@ public P12ServiceAccountConfig(
     }
   }
 
-  /** @param p12KeyFile uploaded p12 key file */
+  /** @param p12KeyFile The uploaded p12 key file. */
   @Deprecated
   @DataBoundSetter // Called on form submit, only used when key file is uploaded
   public void setP12KeyFileUpload(FileItem p12KeyFile) {
@@ -105,7 +105,7 @@ public void setP12KeyFileUpload(FileItem p12KeyFile) {
     }
   }
 
-  /** @param filename previous json key file name. */
+  /** @param filename The previous p12 key file name. */
   @DataBoundSetter
   public void setFilename(String filename) {
     if (!Strings.isNullOrEmpty(filename)) {
@@ -113,7 +113,7 @@ public void setFilename(String filename) {
     }
   }
 
-  /** @param secretP12Key previous p12 key file content.*/
+  /** @param secretP12Key The previous p12 key file content. */
   @DataBoundSetter
   public void setSecretP12Key(SecretBytes secretP12Key) {
     if (secretP12Key != null && secretP12Key.getPlainData().length > 0) {
@@ -172,7 +172,7 @@ public String getEmailAddress() {
   }
 
   /**
-   * @return Original uploaded file name
+   * @return Original uploaded file name.
    * @since 0.7
    */
   @CheckForNull
@@ -183,7 +183,7 @@ public String getFilename() {
   /**
    * Do not use, required for UI.
    *
-   * @return secretP12Key
+   * @return The secret p12 key.
    */
   @Restricted(DoNotUse.class) // UI:  Required for stapler call of setter.
   @CheckForNull
@@ -191,7 +191,7 @@ public SecretBytes getSecretP12Key() {
     return secretP12Key;
   }
 
-  /** @return the path of the previous p12 key file. */
+  /** @return The path of the previous p12 key file. */
   @Deprecated
   public String getP12KeyFile() {
     return p12KeyFile;
@@ -199,7 +199,8 @@ public String getP12KeyFile() {
 
   /**
    * Do not use, required for UI.
-   * @return The uploaded p12 key file
+   *
+   * @return The uploaded p12 key file.
    */
   @Deprecated
   @Restricted(DoNotUse.class) // UI: Required for stapler call of setter.
@@ -247,7 +248,7 @@ private KeyStore getP12KeyStore() throws KeyStoreException,
   }
 
   /**
-   * descriptor for .p12 service account authentication
+   * Descriptor for .p12 service account authentication.
    */
   @Extension
   public static final class DescriptorImpl extends Descriptor {
diff --git a/src/test/java/com/google/jenkins/plugins/credentials/oauth/ConfigurationAsCodeTest.java b/src/test/java/com/google/jenkins/plugins/credentials/oauth/ConfigurationAsCodeTest.java
index 0d1eaf4..ffb3287 100644
--- a/src/test/java/com/google/jenkins/plugins/credentials/oauth/ConfigurationAsCodeTest.java
+++ b/src/test/java/com/google/jenkins/plugins/credentials/oauth/ConfigurationAsCodeTest.java
@@ -35,7 +35,7 @@
 
 /**
  * Tests that the credentials are correctly processed by the Configuration as
- * Code plugin
+ * Code plugin.
  */
 public class ConfigurationAsCodeTest {
 

From 6b24344469929c08ae7877d6da92ac0778b0afac Mon Sep 17 00:00:00 2001
From: Stephen Shank <stephenshank@google.com>
Date: Wed, 10 Apr 2019 11:32:03 -0700
Subject: [PATCH 14/17] Add TODO tracking issue #50 for deduplication.

---
 .../plugins/credentials/oauth/JsonServiceAccountConfig.java  | 5 +++++
 .../plugins/credentials/oauth/P12ServiceAccountConfig.java   | 5 +++++
 2 files changed, 10 insertions(+)

diff --git a/src/main/java/com/google/jenkins/plugins/credentials/oauth/JsonServiceAccountConfig.java b/src/main/java/com/google/jenkins/plugins/credentials/oauth/JsonServiceAccountConfig.java
index 9307079..c86987d 100644
--- a/src/main/java/com/google/jenkins/plugins/credentials/oauth/JsonServiceAccountConfig.java
+++ b/src/main/java/com/google/jenkins/plugins/credentials/oauth/JsonServiceAccountConfig.java
@@ -60,6 +60,11 @@
  * </code>
  */
 public class JsonServiceAccountConfig extends ServiceAccountConfig {
+  /*
+   * TODO(jenkinsci/google-oauth-plugin#50): Dedupe shared functionality in
+   *    google-auth-library.
+   */
+
   private static final long serialVersionUID = 6818111194672325387L;
   private static final Logger LOGGER =
       Logger.getLogger(JsonServiceAccountConfig.class.getSimpleName());
diff --git a/src/main/java/com/google/jenkins/plugins/credentials/oauth/P12ServiceAccountConfig.java b/src/main/java/com/google/jenkins/plugins/credentials/oauth/P12ServiceAccountConfig.java
index 0c04d63..42e124a 100644
--- a/src/main/java/com/google/jenkins/plugins/credentials/oauth/P12ServiceAccountConfig.java
+++ b/src/main/java/com/google/jenkins/plugins/credentials/oauth/P12ServiceAccountConfig.java
@@ -50,6 +50,11 @@
  * account email address and .p12 private key file.
  */
 public class P12ServiceAccountConfig extends ServiceAccountConfig {
+  /*
+   * TODO(jenkinsci/google-oauth-plugin#50): Dedupe shared functionality in
+   *    google-auth-library.
+   */
+
   private static final long serialVersionUID = 8706353638974721795L;
   private static final Logger LOGGER =
           Logger.getLogger(P12ServiceAccountConfig.class.getSimpleName());

From 5972c00f3968a5ffa7a22a1c1b7e803e4f214537 Mon Sep 17 00:00:00 2001
From: Stephen Shank <stephenshank@google.com>
Date: Wed, 10 Apr 2019 12:31:58 -0700
Subject: [PATCH 15/17] Fix secret bytes to account for newline in file.

---
 .../plugins/credentials/oauth/json-service-account-config.yml   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/test/resources/com/google/jenkins/plugins/credentials/oauth/json-service-account-config.yml b/src/test/resources/com/google/jenkins/plugins/credentials/oauth/json-service-account-config.yml
index bb96bb5..0cada0d 100644
--- a/src/test/resources/com/google/jenkins/plugins/credentials/oauth/json-service-account-config.yml
+++ b/src/test/resources/com/google/jenkins/plugins/credentials/oauth/json-service-account-config.yml
@@ -10,4 +10,4 @@ credentials:
               serviceAccountConfig:
                 json:
                   # Tbe contents of test-key.json in base64
-                  secretJsonKey: 'ewogICJ0eXBlIjogInNlcnZpY2VfYWNjb3VudCIsCiAgInByb2plY3RfaWQiOiAidGVzdC1wcm9q ZWN0IiwKICAicHJpdmF0ZV9rZXlfaWQiOiAidGVzdC1wcml2YXRlLWtleS1pZCIsCiAgInByaXZh dGVfa2V5IjogInRlc3QtcHJpdmF0ZS1rZXkiLAogICJjbGllbnRfZW1haWwiOiAidGVzdC1hY2Nv dW50QHRlc3QtcHJvamVjdC5pYW0uZ3NlcnZpY2VhY2NvdW50LmNvbSIsCiAgImNsaWVudF9pZCI6 ICJ0ZXN0LWNsaWVudC1pZCIsCiAgImF1dGhfdXJpIjogImh0dHBzOi8vYWNjb3VudHMuZ29vZ2xl LmNvbS9vL29hdXRoMi9hdXRoIiwKICAidG9rZW5fdXJpIjogImh0dHBzOi8vb2F1dGgyLmdvb2ds ZWFwaXMuY29tL3Rva2VuIiwKICAiYXV0aF9wcm92aWRlcl94NTA5X2NlcnRfdXJsIjogImh0dHBz Oi8vd3d3Lmdvb2dsZWFwaXMuY29tL29hdXRoMi92MS9jZXJ0cyIsCiAgImNsaWVudF94NTA5X2Nl cnRfdXJsIjogImh0dHBzOi8vd3d3Lmdvb2dsZWFwaXMuY29tL3JvYm90L3YxL21ldGFkYXRhL3g1 MDkvdGVzdC1hY2NvdW50JTQwdGVzdC1wcm9qZWN0LmlhbS5nc2VydmljZWFjY291bnQuY29tIgp9'
+                  secretJsonKey: 'ewogICJ0eXBlIjogInNlcnZpY2VfYWNjb3VudCIsCiAgInByb2plY3RfaWQiOiAidGVzdC1wcm9q ZWN0IiwKICAicHJpdmF0ZV9rZXlfaWQiOiAidGVzdC1wcml2YXRlLWtleS1pZCIsCiAgInByaXZh dGVfa2V5IjogInRlc3QtcHJpdmF0ZS1rZXkiLAogICJjbGllbnRfZW1haWwiOiAidGVzdC1hY2Nv dW50QHRlc3QtcHJvamVjdC5pYW0uZ3NlcnZpY2VhY2NvdW50LmNvbSIsCiAgImNsaWVudF9pZCI6 ICJ0ZXN0LWNsaWVudC1pZCIsCiAgImF1dGhfdXJpIjogImh0dHBzOi8vYWNjb3VudHMuZ29vZ2xl LmNvbS9vL29hdXRoMi9hdXRoIiwKICAidG9rZW5fdXJpIjogImh0dHBzOi8vb2F1dGgyLmdvb2ds ZWFwaXMuY29tL3Rva2VuIiwKICAiYXV0aF9wcm92aWRlcl94NTA5X2NlcnRfdXJsIjogImh0dHBz Oi8vd3d3Lmdvb2dsZWFwaXMuY29tL29hdXRoMi92MS9jZXJ0cyIsCiAgImNsaWVudF94NTA5X2Nl cnRfdXJsIjogImh0dHBzOi8vd3d3Lmdvb2dsZWFwaXMuY29tL3JvYm90L3YxL21ldGFkYXRhL3g1 MDkvdGVzdC1hY2NvdW50JTQwdGVzdC1wcm9qZWN0LmlhbS5nc2VydmljZWFjY291bnQuY29tIgp9 Cg== -'

From dd9bc3c2b9e0ea1d18534ac56df6c5800005c4d7 Mon Sep 17 00:00:00 2001
From: Stephen Shank <stephenshank@google.com>
Date: Mon, 15 Apr 2019 13:56:19 -0700
Subject: [PATCH 16/17] Incorporate PR feedback.

---
 .../oauth/JsonServiceAccountConfig.java       | 26 +++++++++----------
 .../oauth/P12ServiceAccountConfig.java        |  8 +++---
 2 files changed, 16 insertions(+), 18 deletions(-)

diff --git a/src/main/java/com/google/jenkins/plugins/credentials/oauth/JsonServiceAccountConfig.java b/src/main/java/com/google/jenkins/plugins/credentials/oauth/JsonServiceAccountConfig.java
index c86987d..048b7c9 100644
--- a/src/main/java/com/google/jenkins/plugins/credentials/oauth/JsonServiceAccountConfig.java
+++ b/src/main/java/com/google/jenkins/plugins/credentials/oauth/JsonServiceAccountConfig.java
@@ -46,8 +46,8 @@
 import jenkins.model.Jenkins;
 
 /**
- * Provides authentication mechanism for a service account by setting a .json
- * private key file. The .json file structure needs to be:
+ * Provides authentication mechanism for a service account by setting a JSON
+ * private key file. The JSON file structure needs to be:
  * <p>
  * <code>
  *     {
@@ -85,8 +85,8 @@ public JsonServiceAccountConfig() {}
    * For being able to load credentials created with versions < 0.8
    * and backwards compatibility with external callers.
    *
-   * @param jsonKeyFile The uploaded json key file.
-   * @param prevJsonKeyFile The path of the previous json key file.
+   * @param jsonKeyFile The uploaded JSON key file.
+   * @param prevJsonKeyFile The path of the previous JSON key file.
    * @since 0.3
    */
   @Deprecated
@@ -99,7 +99,7 @@ public JsonServiceAccountConfig(
     }
   }
 
-  /** @param jsonKeyFileUpload The uploaded json key file. */
+  /** @param jsonKeyFileUpload The uploaded JSON key file. */
   @DataBoundSetter // Called on form submit, only used when key file is uploaded
   public void setJsonKeyFileUpload(FileItem jsonKeyFileUpload) {
     if (jsonKeyFileUpload != null && jsonKeyFileUpload.getSize() > 0) {
@@ -112,12 +112,12 @@ public void setJsonKeyFileUpload(FileItem jsonKeyFileUpload) {
           this.secretJsonKey = SecretBytes.fromBytes(jsonKeyFileUpload.get());
         }
       } catch (IOException e) {
-        LOGGER.log(Level.SEVERE, "Failed to read json key from file", e);
+        LOGGER.log(Level.SEVERE, "Failed to read JSON key from file", e);
       }
     }
   }
 
-  /** @param filename The json key file name. */
+  /** @param filename The JSON key file name. */
   @DataBoundSetter
   public void setFilename(String filename) {
     String newFilename = extractFilename(filename);
@@ -126,7 +126,7 @@ public void setFilename(String filename) {
     }
   }
 
-  /** @param secretJsonKey The json key file content. */
+  /** @param secretJsonKey The JSON key file content. */
   @DataBoundSetter
   public void setSecretJsonKey(SecretBytes secretJsonKey) {
     if (secretJsonKey != null && secretJsonKey.getPlainData().length > 0) {
@@ -201,7 +201,7 @@ public String getJsonKeyFile() {
 
   /**
    * For use in UI, do not use.
-   * @return The uploaded json key file.
+   * @return The uploaded JSON key file.
    */
   @Deprecated
   @Restricted(DoNotUse.class) // UI: Required for stapler call of setter.
@@ -211,9 +211,9 @@ public FileItem getJsonKeyFileUpload() {
 
   /**
    * In this context the service account id is represented by the email address
-   * for that service account, which should be contained in the json key.
+   * for that service account, which should be contained in the JSON key.
    *
-   * @return The service account identifier. Null if no json key has been
+   * @return The service account identifier. Null if no JSON key has been
    *    provided.
    */
   @Override
@@ -226,7 +226,7 @@ public String getAccountId() {
   }
 
   /**
-   * @return The {@link PrivateKey} that comes from the secret json key. Null if
+   * @return The {@link PrivateKey} that comes from the secret JSON key. Null if
    *    this service account config contains no key or if the key is malformed.
    */
   @Override
@@ -268,7 +268,7 @@ private JsonKey getJsonKey() {
   }
 
   /**
-   * Descriptor for .json service account authentication.
+   * Descriptor for JSON service account authentication.
    */
   @Extension
   public static final class DescriptorImpl extends Descriptor {
diff --git a/src/main/java/com/google/jenkins/plugins/credentials/oauth/P12ServiceAccountConfig.java b/src/main/java/com/google/jenkins/plugins/credentials/oauth/P12ServiceAccountConfig.java
index 42e124a..250821a 100644
--- a/src/main/java/com/google/jenkins/plugins/credentials/oauth/P12ServiceAccountConfig.java
+++ b/src/main/java/com/google/jenkins/plugins/credentials/oauth/P12ServiceAccountConfig.java
@@ -47,7 +47,7 @@
 
 /**
  * Provides authentication mechanism for a service account by setting a service
- * account email address and .p12 private key file.
+ * account email address and P12 private key file.
  */
 public class P12ServiceAccountConfig extends ServiceAccountConfig {
   /*
@@ -227,9 +227,7 @@ public PrivateKey getPrivateKey() {
       }
       return (PrivateKey) p12KeyStore.getKey(DEFAULT_P12_ALIAS,
               DEFAULT_P12_SECRET.toCharArray());
-    } catch (IOException e) {
-      LOGGER.log(Level.SEVERE, "Failed to read private key", e);
-    } catch (GeneralSecurityException e) {
+    } catch (IOException | GeneralSecurityException e) {
       LOGGER.log(Level.SEVERE, "Failed to read private key", e);
     }
     return null;
@@ -253,7 +251,7 @@ private KeyStore getP12KeyStore() throws KeyStoreException,
   }
 
   /**
-   * Descriptor for .p12 service account authentication.
+   * Descriptor for P12 service account authentication.
    */
   @Extension
   public static final class DescriptorImpl extends Descriptor {

From db6e79f2acb7a88ee103ae006362ceb3e28934e1 Mon Sep 17 00:00:00 2001
From: Stephen Shank <stephenshank@google.com>
Date: Mon, 15 Apr 2019 13:56:42 -0700
Subject: [PATCH 17/17] Fix typos in yml comments.

---
 .../plugins/credentials/oauth/json-service-account-config.yml   | 2 +-
 .../plugins/credentials/oauth/p12-service-account-config.yml    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/test/resources/com/google/jenkins/plugins/credentials/oauth/json-service-account-config.yml b/src/test/resources/com/google/jenkins/plugins/credentials/oauth/json-service-account-config.yml
index 0cada0d..4226bfd 100644
--- a/src/test/resources/com/google/jenkins/plugins/credentials/oauth/json-service-account-config.yml
+++ b/src/test/resources/com/google/jenkins/plugins/credentials/oauth/json-service-account-config.yml
@@ -9,5 +9,5 @@ credentials:
               projectId: 'test-project'
               serviceAccountConfig:
                 json:
-                  # Tbe contents of test-key.json in base64
+                  # The contents of test-key.json in base 64.
                   secretJsonKey: 'ewogICJ0eXBlIjogInNlcnZpY2VfYWNjb3VudCIsCiAgInByb2plY3RfaWQiOiAidGVzdC1wcm9q ZWN0IiwKICAicHJpdmF0ZV9rZXlfaWQiOiAidGVzdC1wcml2YXRlLWtleS1pZCIsCiAgInByaXZh dGVfa2V5IjogInRlc3QtcHJpdmF0ZS1rZXkiLAogICJjbGllbnRfZW1haWwiOiAidGVzdC1hY2Nv dW50QHRlc3QtcHJvamVjdC5pYW0uZ3NlcnZpY2VhY2NvdW50LmNvbSIsCiAgImNsaWVudF9pZCI6 ICJ0ZXN0LWNsaWVudC1pZCIsCiAgImF1dGhfdXJpIjogImh0dHBzOi8vYWNjb3VudHMuZ29vZ2xl LmNvbS9vL29hdXRoMi9hdXRoIiwKICAidG9rZW5fdXJpIjogImh0dHBzOi8vb2F1dGgyLmdvb2ds ZWFwaXMuY29tL3Rva2VuIiwKICAiYXV0aF9wcm92aWRlcl94NTA5X2NlcnRfdXJsIjogImh0dHBz Oi8vd3d3Lmdvb2dsZWFwaXMuY29tL29hdXRoMi92MS9jZXJ0cyIsCiAgImNsaWVudF94NTA5X2Nl cnRfdXJsIjogImh0dHBzOi8vd3d3Lmdvb2dsZWFwaXMuY29tL3JvYm90L3YxL21ldGFkYXRhL3g1 MDkvdGVzdC1hY2NvdW50JTQwdGVzdC1wcm9qZWN0LmlhbS5nc2VydmljZWFjY291bnQuY29tIgp9 Cg== -'
diff --git a/src/test/resources/com/google/jenkins/plugins/credentials/oauth/p12-service-account-config.yml b/src/test/resources/com/google/jenkins/plugins/credentials/oauth/p12-service-account-config.yml
index b7978a1..419c844 100644
--- a/src/test/resources/com/google/jenkins/plugins/credentials/oauth/p12-service-account-config.yml
+++ b/src/test/resources/com/google/jenkins/plugins/credentials/oauth/p12-service-account-config.yml
@@ -10,5 +10,5 @@ credentials:
               serviceAccountConfig:
                 p12:
                   emailAddress: 'test-account@test-project.iam.gserviceaccount.com'
-                  # 'test-p12-key' in base 64
+                  # 'test-p12-key' in base 64.
                   secretP12Key: 'dGVzdC1wMTIta2V5'