Merge pull request #92 from tomasbjerre/feature/ignore-ssl

Allowing SSL certificates to be ignored #90

Author: tomasbjerre

CHANGELOG.md

@@ -2,6 +2,10 @@
 
 Changelog of Pull Request Notifier for Bitbucket.
 
+## 2.13
+* Allowing SSL certificates to be ignored.
+* Adding settings to configure custom keystore.
+
 ## 2.12
 * Fixing PULL_REQUEST_URL-bug correctly with getSlug.
 
@@ -46,9 +50,10 @@ These can be used to, for example, show a trigger button only if there are non-z
 * Bugfix: Adding Basic Auth headers to injection url request.
 
 ## 2.0
-* Migrated from Stash 3 to Bitbucket 4.
- * The release of Bitbucket 4.0 (2015-09-22) broke all backwards compatibility and made it more ore less impossible to maintain a version that is compatible with both Stash 3.x and Bitbucket 4.x. That is why this plugin changed name and started over with a 1.0 release.
- * Changed name from Pull Request Notifier for Stash to Pull Request Notifier for Bitbucket
+* Migrated from Stash 3 to Bitbucket Server 4.
+ * The release of Bitbucket Server 4.0 (2015-09-22) broke all backwards compatibility and made it more or less impossible to maintain a version that is compatible with both Stash 3.x and Bitbucket Server 4.x. That is why this plugin changed name in 2.0 release.
+ * Changed name from Pull Request Notifier for Stash to Pull Request Notifier for Bitbucket.
+ * 1.x is compatible with Stash 3 and 2.x is compatible with Bitbucket Server 4.
 
 ## 1.28
 * Can enable trigger

README.md

@@ -28,6 +28,8 @@ The Pull Request Notifier for Bitbucket can:
 * Be configured to only trigger if the pull request mathches a filter. A filter text is constructed with any combination of the variables and then a regexp is constructed to match that text.
 * Add buttons to pull request view in Bitbucket. And map those buttons to URL invocations. This can be done by setting the filter string to ${BUTTON_TRIGGER_TITLE} and the filter regexp to title of button.
 * Authenticate with HTTP basic authentication.
+* Optionally allow any SSL certificate.
+* Use custom SSL key store, type and password.
 * Send custom HTTP headers
 * Can optionally use proxy to connect
 * Can let users and/or admins do configuration. Or restrict configuration to just system admins. A user will have to browse to the configuration page at `http://domain/bitbucket/plugins/servlet/prnfb/admin`.

pom.xml

@@ -88,6 +88,11 @@
             <artifactId>gson</artifactId>
             <scope>provided</scope>
         </dependency>
+        <dependency>
+            <groupId>org.apache.httpcomponents</groupId>
+            <artifactId>httpclient</artifactId>
+            <scope>provided</scope>
+        </dependency>
 
         <!-- TEST //-->
         <dependency>
@@ -108,6 +113,18 @@
             <version>1.19</version>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>org.assertj</groupId>
+            <artifactId>assertj-core</artifactId>
+            <version>3.3.0</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>commons-logging</groupId>
+            <artifactId>commons-logging</artifactId>
+            <version>1.2</version>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
     <build>
         <plugins>

src/main/java/se/bjurr/prnfb/ManualResource.java

@@ -31,6 +31,7 @@
 
 import se.bjurr.prnfb.admin.AdminFormValues;
 import se.bjurr.prnfb.admin.AdminFormValues.BUTTON_VISIBILITY;
+import se.bjurr.prnfb.http.ClientKeyStore;
 import se.bjurr.prnfb.listener.PrnfbPullRequestAction;
 import se.bjurr.prnfb.listener.PrnfbPullRequestEventListener;
 import se.bjurr.prnfb.listener.PrnfbRenderer;
@@ -94,25 +95,27 @@ public Response get(@Context HttpServletRequest request, @QueryParam("repository
   }
   List<PrnfbButton> buttons = newArrayList();
   final PrnfbSettings settings = getSettings();
+  ClientKeyStore clientKeyStore = new ClientKeyStore(settings);
   for (PrnfbButton candidate : settings.getButtons()) {
    UserKey userKey = userManager.getRemoteUserKey();
    PrnfbPullRequestAction pullRequestAction = PrnfbPullRequestAction.valueOf(BUTTON_TRIGGER);
    final PullRequest pullRequest = pullRequestService.getById(repositoryId, pullRequestId);
    Map<PrnfbVariable, Supplier<String>> variables = getVariables(settings, candidate.getFormIdentifier());
    if (allowedUseButton(candidate, userManager.isAdmin(userKey), userManager.isSystemAdmin(userKey))
-     && triggeredByAction(settings, pullRequestAction, pullRequest, variables, request)) {
+     && triggeredByAction(clientKeyStore, settings, pullRequestAction, pullRequest, variables, request)) {
     buttons.add(candidate);
    }
   }
   return ok(gson.toJson(buttons), APPLICATION_JSON).build();
  }
 
- private boolean triggeredByAction(PrnfbSettings settings, PrnfbPullRequestAction pullRequestAction,
-   PullRequest pullRequest, Map<PrnfbVariable, Supplier<String>> variables, HttpServletRequest request) {
+ private boolean triggeredByAction(ClientKeyStore clientKeyStore, PrnfbSettings settings,
+   PrnfbPullRequestAction pullRequestAction, PullRequest pullRequest, Map<PrnfbVariable, Supplier<String>> variables,
+   HttpServletRequest request) {
   for (PrnfbNotification prnfbNotification : settings.getNotifications()) {
    PrnfbRenderer renderer = getRenderer(pullRequest, prnfbNotification, pullRequestAction, variables, request);
    if (prnfbPullRequestEventListener.notificationTriggeredByAction(prnfbNotification, pullRequestAction, renderer,
-     pullRequest)) {
+     pullRequest, clientKeyStore, settings.shouldAcceptAnyCertificate())) {
     return TRUE;
    }
   }
@@ -130,14 +133,16 @@ public Response post(@Context HttpServletRequest request, @QueryParam("repositor
   }
 
   final PrnfbSettings settings = getSettings();
+  ClientKeyStore clientKeyStore = new ClientKeyStore(settings);
   for (PrnfbNotification prnfbNotification : settings.getNotifications()) {
    PrnfbPullRequestAction pullRequestAction = PrnfbPullRequestAction.valueOf(BUTTON_TRIGGER);
    final PullRequest pullRequest = pullRequestService.getById(repositoryId, pullRequestId);
    Map<PrnfbVariable, Supplier<String>> variables = getVariables(settings, formIdentifier);
    PrnfbRenderer renderer = getRenderer(pullRequest, prnfbNotification, pullRequestAction, variables, request);
    if (prnfbPullRequestEventListener.notificationTriggeredByAction(prnfbNotification, pullRequestAction, renderer,
-     pullRequest)) {
-    prnfbPullRequestEventListener.notify(prnfbNotification, pullRequestAction, pullRequest, variables, renderer);
+     pullRequest, clientKeyStore, settings.shouldAcceptAnyCertificate())) {
+    prnfbPullRequestEventListener.notify(prnfbNotification, pullRequestAction, pullRequest, variables, renderer,
+      clientKeyStore, settings.shouldAcceptAnyCertificate());
    }
   }
   return status(OK).build();

src/main/java/se/bjurr/prnfb/admin/AdminFormError.java

@@ -25,4 +25,9 @@ public String getField() {
  public String getValue() {
   return error;
  }
+
+ @Override
+ public String toString() {
+  return field + " " + error;
+ }
 }

src/main/java/se/bjurr/prnfb/admin/AdminFormValues.java

@@ -53,6 +53,10 @@ public enum FIELDS {
   injection_url, //
   injection_url_regexp, //
   trigger_if_isconflicting, //
-  trigger_ignore_state//
+  trigger_ignore_state, //
+  accept_any_certificate, //
+  key_store, //
+  key_store_type, //
+  key_store_password;
  }
 }

src/main/java/se/bjurr/prnfb/http/ClientKeyStore.java

@@ -0,0 +1,57 @@
+package se.bjurr.prnfb.http;
+
+import static com.google.common.base.Optional.fromNullable;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+
+import se.bjurr.prnfb.settings.PrnfbSettings;
+
+import com.google.common.base.Optional;
+
+/**
+ * A keystore based on the definition from the application properties.<br>
+ * <br>
+ * Inspired by:<br>
+ * Philip Dodds (pdodds) https://github.com/pdodds
+ */
+public class ClientKeyStore {
+
+ private KeyStore keyStore = null;
+ private char[] password = null;
+
+ public ClientKeyStore(PrnfbSettings settings) {
+  if (settings.getKeyStore().isPresent()) {
+   File keyStoreFile = new File(settings.getKeyStore().get());
+   try {
+    keyStore = getKeyStore(settings.getKeyStoreType());
+
+    if (settings.getKeyStorePassword().isPresent()) {
+     password = settings.getKeyStorePassword().get().toCharArray();
+    }
+
+    keyStore.load(new FileInputStream(keyStoreFile), password);
+   } catch (Exception e) {
+    throw new RuntimeException("Unable to build keystore from " + keyStoreFile.getAbsolutePath(), e);
+   }
+  }
+ }
+
+ public Optional<KeyStore> getKeyStore() {
+  return fromNullable(keyStore);
+ }
+
+ public char[] getPassword() {
+  return password;
+ }
+
+ private KeyStore getKeyStore(String keyStoreType) throws KeyStoreException {
+  if (keyStoreType != null) {
+   return KeyStore.getInstance(keyStoreType);
+  } else {
+   return KeyStore.getInstance(KeyStore.getDefaultType());
+  }
+ }
+}

src/main/java/se/bjurr/prnfb/listener/Invoker.java renamed to src/main/java/se/bjurr/prnfb/http/Invoker.java

@@ -1,4 +1,5 @@
-package se.bjurr.prnfb.listener;
+package se.bjurr.prnfb.http;
+
 
 public interface Invoker {
  void invoke(UrlInvoker urlInvoker);