Add native webhook configuration to skip certificate verification. (#1128)

Author: nfalco79

src/main/java/com/cloudbees/jenkins/plugins/bitbucket/client/repository/BitbucketCloudWebhook.java

@@ -24,22 +24,20 @@
 package com.cloudbees.jenkins.plugins.bitbucket.client.repository;
 
 import com.cloudbees.jenkins.plugins.bitbucket.api.BitbucketWebHook;
+import com.fasterxml.jackson.annotation.JsonProperty;
 import java.util.ArrayList;
 import java.util.List;
 import org.apache.commons.lang3.ObjectUtils;
 
 public class BitbucketCloudWebhook implements BitbucketWebHook {
 
     private String uuid;
-
     private String description;
-
     private String url;
-
     private String secret;
-
     private boolean active;
-
+    @JsonProperty("skip_cert_verification")
+    private boolean skipCertVerification;
     private List<String> events = new ArrayList<>();
 
     @Override
@@ -96,4 +94,12 @@ public void setSecret(String secret) {
         this.secret = secret;
     }
 
+    public boolean isSkipCertVerification() {
+        return skipCertVerification;
+    }
+
+    public void setSkipCertVerification(boolean skipCertVerification) {
+        this.skipCertVerification = skipCertVerification;
+    }
+
 }

src/main/java/com/cloudbees/jenkins/plugins/bitbucket/impl/webhook/AbstractBitbucketWebhookConfiguration.java

@@ -85,6 +85,11 @@ public abstract class AbstractBitbucketWebhookConfiguration implements Bitbucket
      */
     private String endpointJenkinsRootURL;
 
+    /**
+     * Allow send webhook to untrusted or self-signed certificates Jenkins host.
+     */
+    private boolean skipCertVerification = false;
+
     private boolean enableCache = false;
 
     /**
@@ -170,6 +175,15 @@ public void setWebhooksCacheDuration(Integer webhooksCacheDuration) {
         this.webhooksCacheDuration = webhooksCacheDuration == null || webhooksCacheDuration < 0 ? Integer.valueOf(180) : webhooksCacheDuration;
     }
 
+    public boolean isSkipCertVerification() {
+        return skipCertVerification;
+    }
+
+    @DataBoundSetter
+    public void setSkipCertVerification(boolean skipCertVerification) {
+        this.skipCertVerification = skipCertVerification;
+    }
+
     public abstract static class AbstractBitbucketWebhookDescriptorImpl extends BitbucketWebhookDescriptor {
         protected abstract void clearCaches();
         protected abstract List<String> getStats();

src/main/java/com/cloudbees/jenkins/plugins/bitbucket/impl/webhook/cloud/CloudWebhookManager.java

@@ -169,6 +169,7 @@ private BitbucketCloudWebhook buildPayload() {
         hook.setActive(true);
         hook.setDescription("Jenkins hook");
         hook.setUrl(callbackURL);
+        hook.setSkipCertVerification(configuration.isSkipCertVerification());
         if (configuration.isEnableHookSignature()) {
             String signatureCredentialsId = configuration.getHookSignatureCredentialsId();
             StringCredentials signatureSecret = BitbucketCredentialsUtils.lookupCredentials(Jenkins.get(), BitbucketCloudEndpoint.SERVER_URL, signatureCredentialsId, StringCredentials.class);
@@ -203,6 +204,12 @@ private boolean shouldUpdate(@NonNull BitbucketCloudWebhook current, @NonNull Bi
             update = true;
         }
 
+        if (current.isSkipCertVerification() != expected.isSkipCertVerification()) {
+            current.setSkipCertVerification(expected.isSkipCertVerification());
+            logger.info(() -> "Update skipCertVerification to " + expected.isSkipCertVerification());
+            update = true;
+        }
+
         List<String> events = current.getEvents();
         List<String> expectedEvents = expected.getEvents();
         if (!events.containsAll(expectedEvents)) {

src/main/java/com/cloudbees/jenkins/plugins/bitbucket/impl/webhook/server/ServerWebhookManager.java

@@ -168,6 +168,7 @@ private BitbucketServerWebhook buildPayload() {
         hook.setDescription("Jenkins hook");
         hook.setEvents(NATIVE_SERVER_EVENTS);
         hook.setUrl(callbackURL);
+        hook.setSslVerificationRequired(!configuration.isSkipCertVerification());
         if (configuration.isEnableHookSignature()) {
             String signatureCredentialsId = configuration.getHookSignatureCredentialsId();
             StringCredentials signatureSecret = BitbucketCredentialsUtils.lookupCredentials(Jenkins.get(), serverURL, signatureCredentialsId, StringCredentials.class);
@@ -202,6 +203,12 @@ private boolean shouldUpdate(@NonNull BitbucketServerWebhook current, @NonNull B
             update = true;
         }
 
+        if (current.isSslVerificationRequired() != expected.isSslVerificationRequired()) {
+            current.setSslVerificationRequired(expected.isSslVerificationRequired());
+            logger.info(() -> "Update webhook sslVerificationRequired " + expected.isSslVerificationRequired());
+            update = true;
+        }
+
         List<String> events = current.getEvents();
         List<String> expectedEvents = expected.getEvents();
         if (!events.containsAll(expectedEvents)) {

src/main/java/com/cloudbees/jenkins/plugins/bitbucket/server/client/repository/BitbucketServerWebhook.java

@@ -40,6 +40,7 @@ public class BitbucketServerWebhook implements BitbucketWebHook {
     private String url;
     private List<String> events = new ArrayList<>();
     private boolean active;
+    private boolean sslVerificationRequired = true;
     @JsonProperty("configuration")
     private Map<String, String> configuration = new HashMap<>();
 
@@ -97,4 +98,12 @@ public void setSecret(String secret) {
         configuration.put("secret", secret);
     }
 
+    public boolean isSslVerificationRequired() {
+        return sslVerificationRequired;
+    }
+
+    public void setSslVerificationRequired(boolean sslVerificationRequired) {
+        this.sslVerificationRequired = sslVerificationRequired;
+    }
+
 }

src/main/resources/com/cloudbees/jenkins/plugins/bitbucket/impl/webhook/AbstractBitbucketWebhookConfiguration/config.jelly

@@ -39,6 +39,10 @@ THE SOFTWARE.
         </f:entry>
     </f:optionalBlock>
 
+    <f:entry title="${%Skip certificate verification}" field="skipCertVerification">
+        <f:checkbox default="false" />
+    </f:entry>
+
     <f:optionalBlock title="${%Enable cache}" field="enableCache" inline="true">
         <f:entry title="${%How long to cache webhook requests, in minutes}" field="webhooksCacheDuration">
             <f:number default="180" />

src/main/resources/com/cloudbees/jenkins/plugins/bitbucket/impl/webhook/AbstractBitbucketWebhookConfiguration/help-skipCertVerification.html

@@ -0,0 +1,12 @@
+<div>
+    <p>
+        If you're using a self-signed certificate and want to disable certificate verification, select Skip certificate
+        verification.
+    </p>
+    <p>
+        <b>Note</b> We recommend that you don't disable certificate verification because self-signed certificates are
+        inherently not secure. Read the next section for more information about why you would or wouldn't use
+        self-signed
+        certificates.
+    </p>
+</div>