juyeong/decrypt_jenkins.rb

## decrypt_jenkins.rb
#!/usr/bin/env ruby

# refer to
# https://github.com/jenkinsci/jenkins/blob/master/core/src/main/java/hudson/util/Secret.java
# https://github.com/jenkinsci/jenkins/blob/master/core/src/main/java/jenkins/security/ApiTokenProperty.java

require 'base64'
require 'digest'
require 'openssl'

MAGIC = '::::MAGIC::::'
ALGORITHM = 'AES-128-ECB'

def try_decrypt(master_key, hudson_secret_key)
  hashed_master_key = Digest::SHA256.digest(master_key)[0..15]

  intermediate = OpenSSL::Cipher.new(ALGORITHM)
  intermediate.decrypt
  intermediate.key = hashed_master_key

  salted_final = intermediate.update(hudson_secret_key) + intermediate.final

  raise 'no magic key in a' unless salted_final.include?(MAGIC)
  salted_final[0..15]
end

def main(filename, input)
  abort "usage: #{filename} <master.key> <hudson.util.Secret> encryptedText" unless input.length == 3

  master_key = File.read(input[0])
  hudson_secret_key = File.read(input[1])
  encrypted_text = Base64.decode64(input[2])

  key = try_decrypt(master_key, hudson_secret_key)
  cipher = OpenSSL::Cipher.new(ALGORITHM)
  cipher.decrypt
  cipher.key = key

  text = cipher.update(encrypted_text) + cipher.final
  text = text[0..(text.length-MAGIC.size-1)]
  # if api token (md5 hash)
  # text = Digest::MD5.new.update(text).hexdigest
  puts text
end

if __FILE__ == $0
  main(__FILE__, ARGV)
end
	#!/usr/bin/env ruby

	# refer to
	# https://github.com/jenkinsci/jenkins/blob/master/core/src/main/java/hudson/util/Secret.java
	# https://github.com/jenkinsci/jenkins/blob/master/core/src/main/java/jenkins/security/ApiTokenProperty.java

	require 'base64'
	require 'digest'
	require 'openssl'

	MAGIC = '::::MAGIC::::'
	ALGORITHM = 'AES-128-ECB'

	def try_decrypt(master_key, hudson_secret_key)
	hashed_master_key = Digest::SHA256.digest(master_key)[0..15]

	intermediate = OpenSSL::Cipher.new(ALGORITHM)
	intermediate.decrypt
	intermediate.key = hashed_master_key

	salted_final = intermediate.update(hudson_secret_key) + intermediate.final

	raise 'no magic key in a' unless salted_final.include?(MAGIC)
	salted_final[0..15]
	end

	def main(filename, input)
	abort "usage: #{filename} <master.key> <hudson.util.Secret> encryptedText" unless input.length == 3

	master_key = File.read(input[0])
	hudson_secret_key = File.read(input[1])
	encrypted_text = Base64.decode64(input[2])

	key = try_decrypt(master_key, hudson_secret_key)
	cipher = OpenSSL::Cipher.new(ALGORITHM)
	cipher.decrypt
	cipher.key = key

	text = cipher.update(encrypted_text) + cipher.final
	text = text[0..(text.length-MAGIC.size-1)]
	# if api token (md5 hash)
	# text = Digest::MD5.new.update(text).hexdigest
	puts text
	end

	if __FILE__ == $0
	main(__FILE__, ARGV)
	end