-
New Feature
-
Resolution: Unresolved
-
Major
-
Jenkins: 2.249.2
bitbucket-branch-source: 2.9.7
atlassian-bitbucket-server-integration: 2.1.3
Bitbucket Server: 7.8.1
Defined JVM flags:
- javax.net.ssl.keyStore
- javax.net.ssl.keyStorePassword
- javax.net.ssl.keyStoreType: pkcs12
- javax.net.ssl.trustStore
- javax.net.ssl.trustStorePassword
- javax.net.ssl.trustStoreType jksJenkins: 2.249.2 bitbucket-branch-source: 2.9.7 atlassian-bitbucket-server-integration: 2.1.3 Bitbucket Server: 7.8.1 Defined JVM flags: - javax.net.ssl.keyStore - javax.net.ssl.keyStorePassword - javax.net.ssl.keyStoreType: pkcs12 - javax.net.ssl.trustStore - javax.net.ssl.trustStorePassword - javax.net.ssl.trustStoreType jks
Observed
Presently, when compared to bitbucket-branch-source plugin, it seems that the atlassian-bitbucket-server-integration plugin may not be utilizing client certificates for authentication when these are installed in the JVM keystore.
As a result, we receive only receive the following type error in Jenkins when the connection is rejected:
2021-02-24 00:26:55.340+0000 [id=1880] INFO c.a.b.j.i.h.HttpRequestExecutorImpl#handleError: Bitbucket - did not accept the request
Without this we are unable to utilize this plugin in environments with such security constraints.
Reproduce
- Deploy Bitbucket Server with requirement of client certificate auth for HTTP access
- Configure jenkins with client certs and configure the JVM with appropriate flags (e.g. javax.net.ssl.keyStore)
- Install bitbucket-branch-source plugin and confirm communication with Bitbucket succeeds
- Remove bitbucket-branch-source plugin
- Install atlassian-server-integration plugin and confirm that connections to Bitbucket are rejected
Expected
The plugin should utilize the configured client cert when communicating with Bitbucket OR the plugin should provide a way for the user to configure this functionality.
Workaround
None.