Unify two entrypoints (#677)

docs/inbound-agent.md

@@ -78,12 +78,13 @@ This mechanism requires a download of the `agent.jar`, as described for "Downloa
 
 Once all the prerequisite files and data have been obtained, the agent can be launched with a command like this
 ```
-java -cp agent.jar hudson.remoting.jnlp.Main \
+java -jar agent.jar \
   -workDir <work directory> \
   -direct <HOST:PORT> \
   -protocols JNLP4-connect \
   -instanceIdentity <instance identity> \
-  <secretString> <agentName>
+  -secret <secretString> \
+  -name <agentName>
 ```
 The "-protocols" parameter is optional, but is useful to limit the agent to protocols the server supports. 
 The only currently supported and recommended protocol is "JNLP4-connect".
@@ -102,7 +103,7 @@ Additional descriptions of configuring this mechanism are located at [Installing
 
 There are a number of different launch parameters that control how the agent connects and behaves. 
 The parameters available and the default behavior may vary depending upon the entry point. 
-You can obtain usage information by executing `java -cp agent.jar hudson.remoting.jnlp.Main` or `java -jar agent.jar --help`. 
+You can obtain usage information by executing `java -jar agent.jar --help`. 
 Not all parameters work together and some parameters require the use of others.
 
 There are also system or environment variables that control some advanced behaviors documented at [Remoting Configuration](https://github.com/jenkinsci/remoting/blob/master/docs/configuration.md). 

src/main/java/hudson/remoting/Engine.java

@@ -94,6 +94,8 @@
 import org.jenkinsci.remoting.protocol.impl.ConnectionRefusalException;
 import org.jenkinsci.remoting.util.KeyUtils;
 import org.jenkinsci.remoting.util.VersionNumber;
+import org.kohsuke.accmod.Restricted;
+import org.kohsuke.accmod.restrictions.NoExternalUse;
 
 /**
  * Agent engine that proactively connects to Jenkins controller.
@@ -166,10 +168,10 @@ public Thread newThread(@NonNull final Runnable r) {
     private Map<String, String> webSocketHeaders;
     private String credentials;
     private String protocolName;
-    private String proxyCredentials = System.getProperty("proxyCredentials");
+    private String proxyCredentials;
 
     /**
-     * See {@link hudson.remoting.jnlp.Main#tunnel} for the documentation.
+     * See {@link Launcher#tunnel} for the documentation.
      */
     @CheckForNull
     private String tunnel;
@@ -885,7 +887,7 @@ private JnlpEndpointResolver createEndpointResolver(List<String> jenkinsUrls) {
         if (directConnection == null) {
             SSLSocketFactory sslSocketFactory = null;
             try {
-                sslSocketFactory = getSSLSocketFactory();
+                sslSocketFactory = getSSLSocketFactory(candidateCertificates);
             } catch (Exception e) {
                 events.error(e);
             }
@@ -1034,16 +1036,18 @@ private static FileInputStream getFileInputStream(final File file) throws Privil
         });
     }
 
-    private SSLSocketFactory getSSLSocketFactory()
+    @CheckForNull
+    @Restricted(NoExternalUse.class)
+    static SSLSocketFactory getSSLSocketFactory(List<X509Certificate> x509Certificates)
             throws PrivilegedActionException, KeyStoreException, NoSuchProviderException, CertificateException,
             NoSuchAlgorithmException, IOException, KeyManagementException {
         SSLSocketFactory sslSocketFactory = null;
-        if (candidateCertificates != null && !candidateCertificates.isEmpty()) {
+        if (x509Certificates != null && !x509Certificates.isEmpty()) {
             KeyStore keyStore = getCacertsKeyStore();
             // load the keystore
             keyStore.load(null, null);
             int i = 0;
-            for (X509Certificate c : candidateCertificates) {
+            for (X509Certificate c : x509Certificates) {
                 keyStore.setCertificateEntry(String.format("alias-%d", i++), c);
             }
             // prepare the trust manager