#!/usr/bin/env python
#
# Script to change user password in Jenkins user config XML file.
#

import sys
import os
import hashlib

from lxml import etree


tree = etree.fromstring(open(sys.argv[1]).read())
hash_tag = tree.xpath("/user/properties/hudson.security.HudsonPrivateSecurityRealm_-Details/passwordHash")[0]
salt, old_hash = hash_tag.text.split(":")

new_passwd = open(sys.argv[2]).read()
h = hashlib.sha256()
h.update("%s{%s}" % (new_passwd, salt))
hash_tag.text = "%s:%s" % (salt, h.hexdigest())
f = open(sys.argv[1] + ".new", "w")
f.write(etree.tostring(tree, xml_declaration=True, encoding='UTF-8'))
f.close()
os.rename(sys.argv[1], sys.argv[1] + ".old")
os.rename(sys.argv[1] + ".new", sys.argv[1])