add client certificate authentication mechanism

Author: Anirudh Bagri

src/main/java/se/bjurr/violations/comments/bitbucketserver/lib/BitbucketServerCommentsProvider.java

@@ -76,6 +76,8 @@ public BitbucketServerCommentsProvider(
     final Integer proxyHostPort = violationCommentsToBitbucketApi.getProxyHostPort();
     final String proxyUser = violationCommentsToBitbucketApi.getProxyUser();
     final String proxyPassword = violationCommentsToBitbucketApi.getProxyPassword();
+    final String keyStorePath = violationCommentsToBitbucketApi.getPropKeyStorePath();
+    final String keyStorePass = violationCommentsToBitbucketApi.getPropKeyStorePass();
     this.client =
         new BitbucketServerClient(
             violationsLogger,
@@ -86,6 +88,8 @@ public BitbucketServerCommentsProvider(
             bitbucketServerUser,
             bitbucketServerPassword,
             bitbucketPersonalAccessToken,
+            keyStorePath,
+            keyStorePass,
             proxyHostNameOrIp,
             proxyHostPort,
             proxyUser,

src/main/java/se/bjurr/violations/comments/bitbucketserver/lib/ViolationCommentsToBitbucketServerApi.java

@@ -19,6 +19,8 @@ public class ViolationCommentsToBitbucketServerApi {
   public static final String DEFAULT_PROP_VIOLATIONS_PASSWORD = "VIOLATIONS_PASSWORD";
   public static final String DEFAULT_PROP_VIOLATIONS_USERNAME = "VIOLATIONS_USERNAME";
   public static final String DEFAULT_PROP_PERSONAL_ACCESS_TOKEN = "VIOLATIONS_PAT";
+  public static final String DEFAULT_PROP_KEYSTORE_PATH = "VIOLATIONS_KEYSTORE_PATH";
+  public static final String DEFAULT_PROP_KEYSTORE_PASS = "VIOLATIONS_KEYSTORE_PASS";
 
   public static ViolationCommentsToBitbucketServerApi violationCommentsToBitbucketServerApi() {
     return new ViolationCommentsToBitbucketServerApi();
@@ -33,6 +35,8 @@ public static ViolationCommentsToBitbucketServerApi violationCommentsToBitbucket
   private String propPassword = DEFAULT_PROP_VIOLATIONS_PASSWORD;
   private String propUsername = DEFAULT_PROP_VIOLATIONS_USERNAME;
   private String propPersonalAccessToken = DEFAULT_PROP_PERSONAL_ACCESS_TOKEN;
+  private String propKeyStorePath = DEFAULT_PROP_KEYSTORE_PATH;
+  private String propKeyStorePass = DEFAULT_PROP_KEYSTORE_PASS;
   private int pullRequestId;
   private String repoSlug;
   private String username;
@@ -67,9 +71,10 @@ private ViolationCommentsToBitbucketServerApi() {}
   private void checkState() {
     final boolean noUsername = isNullOrEmpty(this.username) || isNullOrEmpty(this.password);
     final boolean noPat = isNullOrEmpty(this.personalAccessToken);
-    if (noUsername && noPat) {
+    final boolean noCert = isNullOrEmpty(this.propKeyStorePath);
+    if (noUsername && noPat && noCert) {
       throw new IllegalStateException(
-          "User and Password, or personal access token, must be set! They can be set with the API or by setting properties.\n"
+          "User and Password, or personal access token, or keystore path and keystore pass, must be set! They can be set with the API or by setting properties.\n"
               + //
               "Username/password:\n"
               + //
@@ -83,7 +88,14 @@ private void checkState() {
               + //
               "-D"
               + DEFAULT_PROP_PERSONAL_ACCESS_TOKEN
-              + "=asdasd");
+              + "=asdasd"
+              + "\n\nKeystore path and pass"
+              + //
+              "-D"
+              + DEFAULT_PROP_KEYSTORE_PATH
+              + "=keystorepath -D"
+              + DEFAULT_PROP_KEYSTORE_PASS
+              + "=keystorepass");
     }
     checkNotNull(this.bitbucketServerUrl, "BitbucketServerURL");
     checkNotNull(this.pullRequestId, "PullRequestId");
@@ -177,6 +189,14 @@ public String getProxyPassword() {
     return this.proxyPassword;
   }
 
+  public String getPropKeyStorePath() {
+    return this.propKeyStorePath;
+  }
+
+  public String getPropKeyStorePass() {
+    return this.propKeyStorePass;
+  }
+
   private void populateFromEnvironmentVariables() {
     if (System.getProperty(this.propUsername) != null) {
       this.username = firstNonNull(this.username, System.getProperty(this.propUsername));
@@ -188,6 +208,14 @@ private void populateFromEnvironmentVariables() {
       this.personalAccessToken =
           firstNonNull(this.personalAccessToken, System.getProperty(this.propPersonalAccessToken));
     }
+    if (System.getProperty(this.propKeyStorePath) != null) {
+      this.propKeyStorePath =
+              firstNonNull(this.propKeyStorePath, System.getProperty(this.propKeyStorePath));
+    }
+    if (System.getProperty(this.propKeyStorePass) != null) {
+      this.propKeyStorePass =
+              firstNonNull(this.propKeyStorePass, System.getProperty(this.propKeyStorePass));
+    }
   }
 
   public void toPullRequest() throws Exception {
@@ -322,6 +350,17 @@ public ViolationCommentsToBitbucketServerApi withCommentTemplate(final String co
     return this;
   }
 
+  public ViolationCommentsToBitbucketServerApi withKeyStorePath(final String keyStorePath) {
+    this.propKeyStorePath = keyStorePath;
+    return this;
+  }
+
+  public ViolationCommentsToBitbucketServerApi withKeyStorePass(final String keyStorePass) {
+    this.propKeyStorePass = keyStorePass;
+    return this;
+  }
+
+
   public Optional<String> findCommentTemplate() {
     return ofNullable(this.commentTemplate);
   }

src/main/java/se/bjurr/violations/comments/bitbucketserver/lib/client/BitbucketServerClient.java

@@ -41,6 +41,7 @@ public static void setBitbucketServerInvoker(
   private final String bitbucketServerUser;
   private final String bitbucketPersonalAccessToken;
   private final ProxyConfig proxyInformation;
+  private CertificateConfig certificateConfig = null;
 
   public BitbucketServerClient(
       final ViolationsLogger violationsLogger,
@@ -51,6 +52,8 @@ public BitbucketServerClient(
       final String bitbucketServerUser,
       final String bitbucketServerPassword,
       final String bitbucketPersonalAccessToken,
+      final String keyStorePath,
+      final String keyStorePass,
       final String proxyHostNameOrIp,
       final Integer proxyHostPort,
       final String proxyUser,
@@ -68,6 +71,9 @@ public BitbucketServerClient(
     this.bitbucketServerUser = bitbucketServerUser;
     this.bitbucketServerPassword = bitbucketServerPassword;
     this.bitbucketPersonalAccessToken = bitbucketPersonalAccessToken;
+    if(!isNullOrEmpty(keyStorePath) && !isNullOrEmpty(keyStorePass)) {
+      this.certificateConfig = new CertificateConfig(keyStorePath, keyStorePass);
+    }
     this.proxyInformation =
         new ProxyConfig(proxyHostNameOrIp, proxyHostPort, proxyUser, proxyPassword);
   }
@@ -131,7 +137,16 @@ public void pullRequestComment(final String message) {
   }
 
   private String doInvokeUrl(final String url, final Method method, final String postContent) {
-    if (isNullOrEmpty(this.bitbucketServerUser) || isNullOrEmpty(this.bitbucketServerPassword)) {
+
+    if (this.certificateConfig != null) {
+      return bitbucketServerInvoker.invokeUrl(
+              this.violationsLogger,
+              url,
+              method,
+              postContent,
+              this.certificateConfig,
+              this.proxyInformation);
+    } else if (isNullOrEmpty(this.bitbucketServerUser) || isNullOrEmpty(this.bitbucketServerPassword)) {
       return bitbucketServerInvoker.invokeUrl(
           this.violationsLogger,
           url,

src/main/java/se/bjurr/violations/comments/bitbucketserver/lib/client/BitbucketServerInvoker.java

@@ -32,6 +32,8 @@ public enum Method {
     POST
   }
 
+  private CertificateConfig certificateConfig = null;
+
   public String invokeUrl(
       final ViolationsLogger violationsLogger,
       final String url,
@@ -64,6 +66,19 @@ public String invokeUrl(
         violationsLogger, url, method, postContent, authorizationValue, proxyConfig);
   }
 
+  public String invokeUrl(
+          final ViolationsLogger violationsLogger,
+          final String url,
+          final Method method,
+          final String postContent,
+          final CertificateConfig certificateConfig,
+          final ProxyConfig proxyConfig) {
+
+    this.certificateConfig = certificateConfig;
+    return this.doInvokeUrl(
+            violationsLogger, url, method, postContent, "", proxyConfig);
+  }
+
   private String doInvokeUrl(
       final ViolationsLogger violationsLogger,
       final String url,
@@ -106,6 +121,10 @@ private String doInvokeUrl(
 
       final HttpClientBuilder httpClientBuilder = HttpClientBuilder.create();
       proxyConfig.addTo(httpClientBuilder);
+      if(certificateConfig != null){
+        certificateConfig.addTo(httpClientBuilder);
+      }
+
       final HttpClient httpClient = httpClientBuilder.build();
 
       // Execute the request and get the response

src/main/java/se/bjurr/violations/comments/bitbucketserver/lib/client/CertificateConfig.java

@@ -0,0 +1,35 @@
+package se.bjurr.violations.comments.bitbucketserver.lib.client;
+
+import org.apache.http.impl.client.HttpClientBuilder;
+import org.apache.http.ssl.SSLContexts;
+
+import javax.net.ssl.SSLContext;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.security.*;
+import java.security.cert.CertificateException;
+
+
+public class CertificateConfig {
+    private final String keyStorePath;
+    private final String keyStorePass;
+
+    public CertificateConfig(String keyStorePath, String keyStorePass) {
+        this.keyStorePath = keyStorePath;
+        this.keyStorePass = keyStorePass;
+    }
+
+    public HttpClientBuilder addTo(HttpClientBuilder builder) throws KeyStoreException,
+            NoSuchAlgorithmException, CertificateException,
+            IOException, UnrecoverableKeyException, KeyManagementException {
+        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
+        keyStore.load(new FileInputStream(this.keyStorePath),
+                null);
+
+        SSLContext sslContext = SSLContexts.custom()
+                .loadKeyMaterial(keyStore, keyStorePass.toCharArray())
+                .build();
+        builder.setSSLContext(sslContext);
+        return builder;
+    }
+}