Use encrypted credentials when running job as different user on Windows

Current Situation

• If a job executed with a JS7 Agent for Windows should be running for a different user account, then the Agent will read credentials from the Windows Credential Manager and will start the job for the targeted user account.
• Users are requesting JS7 capabilities to manage such credentials without use of the Windows Credential Manager.

Desired Behavior

• JOC Cockpit offers management of Windows job credentials from its GUI and API, see JOC-2007.
  • User account, password, certificate and path to private key file are stored to variables in individual Job Resources, see windows-job-credentials-job-resource.png:
    • account: the variable holds the targeted Windows user account
    • password: the variable holds the targeted account's encrypted password.
    • encipherment_certificate: the variable holds the certificate in PEM format.
    • encipherment_private_key_path: the variable holds the path to the private key file used for decryption.
  • The password is encrypted using JS7 - Encryption and Decryption.
  • The job is assigned the Job Resource as an alternative to assignment of a Windows Credentials Key.
• Integration with Agent
  • A static class is offered for decryption of Windows job credentials that will be used by the Agent.
  • The Agent specifies the encrypted password and the path to the private key file for decryption. The values are available from the Job Resource specified for the job's Windows job credentials.
  • The static class will return the decrypted password.