-
New Feature
-
Resolution: Unresolved
-
Major
-
Jenkins: 2.249.2
bitbucket-branch-source: 2.9.7
atlassian-bitbucket-server-integration: 2.1.3
Bitbucket Server: 7.8.1
Defined JVM flags:
- javax.net.ssl.keyStore
- javax.net.ssl.keyStorePassword
- javax.net.ssl.keyStoreType: pkcs12
- javax.net.ssl.trustStore
- javax.net.ssl.trustStorePassword
- javax.net.ssl.trustStoreType jksJenkins: 2.249.2 bitbucket-branch-source: 2.9.7 atlassian-bitbucket-server-integration: 2.1.3 Bitbucket Server: 7.8.1 Defined JVM flags: - javax.net.ssl.keyStore - javax.net.ssl.keyStorePassword - javax.net.ssl.keyStoreType: pkcs12 - javax.net.ssl.trustStore - javax.net.ssl.trustStorePassword - javax.net.ssl.trustStoreType jks
Observed
Presently, when compared to bitbucket-branch-source plugin, it seems that the atlassian-bitbucket-server-integration plugin may not be utilizing client certificates for authentication when these are installed in the JVM keystore.
As a result, we receive only receive the following type error in Jenkins when the connection is rejected:
2021-02-24 00:26:55.340+0000 [id=1880] INFO c.a.b.j.i.h.HttpRequestExecutorImpl#handleError: Bitbucket - did not accept the request
Without this we are unable to utilize this plugin in environments with such security constraints.
Reproduce
- Deploy Bitbucket Server with requirement of client certificate auth for HTTP access
- Configure jenkins with client certs and configure the JVM with appropriate flags (e.g. javax.net.ssl.keyStore)
- Install bitbucket-branch-source plugin and confirm communication with Bitbucket succeeds
- Remove bitbucket-branch-source plugin
- Install atlassian-server-integration plugin and confirm that connections to Bitbucket are rejected
Expected
The plugin should utilize the configured client cert when communicating with Bitbucket OR the plugin should provide a way for the user to configure this functionality.
Workaround
None.
Hi A, thanks for the report.
As of right now, the plugin does not have any support for client certs, so I am relabelling this issue as a feature rather than a bug for the purpose of how the work is assigned.
Thanks,
Martin