Merge pull request entagen#40 from conceptboard/upstream-feature/supp…

…ort-self-signed-certs

support for self signed certs

* conceptboard/upstream-feature/support-self-signed-certs:
  fixed bug for post call in JenkinsApi
  fixed wrong type for boolean property
  added shortopt to allow-selfsigned-ssl-certs
  adding support for self signed certificates

build.gradle

@@ -28,12 +28,17 @@ idea {
     }
 }
 
+test {
+    ['jenkinsUrl'].each {
+        if (System.getProperty(it)) systemProperty it, System.getProperty(it)
+    }
+}
 
 task syncWithRepo(dependsOn: 'classes', type: JavaExec) {
     main = 'com.entagen.jenkins.Main'
     classpath = sourceSets.main.runtimeClasspath
     // pass through specified system properties to the call to main
-    ['help', 'jenkinsUrl', 'jenkinsUser', 'jenkinsPassword', 'gitUrl', 'templateJobPrefix', 'templateBranchName', 'branchNameRegex', 'nestedView', 'viewRegex', 'printConfig', 'dryRun', 'startOnCreate', 'noViews', 'noDelete'].each {
+    ['help', 'jenkinsUrl', 'jenkinsUser', 'jenkinsPassword', 'gitUrl', 'templateJobPrefix', 'templateBranchName', 'branchNameRegex', 'nestedView', 'viewRegex', 'printConfig', 'dryRun', 'startOnCreate', 'noViews', 'noDelete', 'allowSelfsignedSslCerts'].each {
         if (System.getProperty(it)) systemProperty it, System.getProperty(it)
     }
 

src/main/groovy/com/entagen/jenkins/JenkinsApi.groovy

@@ -9,11 +9,17 @@ import org.apache.http.HttpStatus
 import org.apache.http.HttpRequestInterceptor
 import org.apache.http.protocol.HttpContext
 import org.apache.http.HttpRequest
+import org.apache.http.conn.ssl.SSLSocketFactory
+import org.apache.http.conn.scheme.Scheme
+import org.apache.http.conn.ssl.TrustSelfSignedStrategy
+
+
 
 class JenkinsApi {
     String jenkinsServerUrl
     RESTClient restClient
     HttpRequestInterceptor requestInterceptor
+    SSLSocketFactory socketFactory
     boolean findCrumb = true
     def crumbInfo
 
@@ -36,6 +42,12 @@ class JenkinsApi {
         this.restClient.client.addRequestInterceptor(this.requestInterceptor)
     }
 
+    public void allowSelfsignedSslCerts(){
+        this.socketFactory = new SSLSocketFactory(new TrustSelfSignedStrategy())
+        this.socketFactory.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER)
+        this.restClient.client.connectionManager.schemeRegistry.register(new Scheme("https", this.socketFactory, 443))
+    }
+
     List<String> getJobNames(String prefix = null) {
         println "getting project names from " + jenkinsServerUrl + "api/json"
         def response = get(path: 'api/json')
@@ -49,7 +61,6 @@ class JenkinsApi {
                 headers: [Accept: 'application/xml'])
         response.data.text
     }
-
     void cloneJobForBranch(ConcreteJob missingJob, List<TemplateJob> templateJobs) {
         String missingJobConfig = configForMissingJob(missingJob, templateJobs)
         TemplateJob templateJob = missingJob.templateJob
@@ -211,6 +222,9 @@ class JenkinsApi {
         if (requestInterceptor) {
             http.client.addRequestInterceptor(this.requestInterceptor)
         }
+        if (this.socketFactory){
+            http.client.connectionManager.schemeRegistry.register(new Scheme("https", this.socketFactory, 443))
+        }
 
         Integer status = HttpStatus.SC_EXPECTATION_FAILED
 

src/main/groovy/com/entagen/jenkins/JenkinsJobManager.groovy

@@ -11,6 +11,7 @@ class JenkinsJobManager {
     String jenkinsUser
     String jenkinsPassword
     String startOnCreate
+    Boolean allowSelfsignedSslCerts = false
 
     Boolean dryRun = false
     Boolean noViews = false
@@ -151,6 +152,7 @@ class JenkinsJobManager {
             }
 
             if (jenkinsUser || jenkinsPassword) this.jenkinsApi.addBasicAuth(jenkinsUser, jenkinsPassword)
+            if (allowSelfsignedSslCerts) this.jenkinsApi.allowSelfsignedSslCerts()
         }
 
         return this.jenkinsApi

src/main/groovy/com/entagen/jenkins/Main.groovy

@@ -20,7 +20,8 @@ class Main {
             k: [longOpt: 'no-delete', required: false, args: 0, argName: 'noDelete', description: "Do not delete (keep) branches and views - gradle flag -DnoDelete=true"],
             f: [longOpt: 'filter-branch-names', required: false, args:  1, argName:  'branchNameRegex', description: "Only branches matching the regex will be accepted - gradle flag: -DbranchNameRegex=<regex>"],
             usr: [longOpt: 'jenkins-user',  required: false, args: 1, argName: 'jenkinsUser', description: "Jenkins username - gradle flag -DjenkinsUser=<jenkinsUser>"],
-            pwd: [longOpt: 'jenkins-password',  required: false, args: 1, argName: 'jenkinsPassword', description: "Jenkins password - gradle flag -DjenkinsPassword=<jenkinsPassword>"]
+            pwd: [longOpt: 'jenkins-password',  required: false, args: 1, argName: 'jenkinsPassword', description: "Jenkins password - gradle flag -DjenkinsPassword=<jenkinsPassword>"],
+            selfsigned: [longOpt: 'allow-selfsigned-ssl-certs', required:false, args: 0, argName:'allowSelfsignedSslCerts', description: "Allow self signed ssl certificats for Jenkins API calls"]
     ]
 
     public static void main(String[] args) {

src/test/groovy/com/entagen/jenkins/JenkinsApiSSLTest.groovy

@@ -0,0 +1,31 @@
+package com.entagen.jenkins
+
+import org.junit.Test
+import groovy.mock.interceptor.MockFor
+import org.apache.http.client.HttpResponseException
+import groovyx.net.http.RESTClient
+import net.sf.json.JSON
+import net.sf.json.JSONObject
+
+class JenkinsApiSSLTest extends GroovyTestCase {
+
+    private String getJenkinsServerUrl(){
+        return System.getProperty("jenkinsUrl") ?: "http://localhost:9090/jenkins"
+    }
+
+    @Test public void testGetJobNames() {
+        JenkinsApi api = new JenkinsApi(jenkinsServerUrl: getJenkinsServerUrl())
+        api.allowSelfsignedSslCerts()
+        api.getJobNames()
+    }
+
+    @Test public void testGetJobNamesWithoutSelfsignedSslCerts() {
+        JenkinsApi api = new JenkinsApi(jenkinsServerUrl: getJenkinsServerUrl())
+        if(jenkinsServerUrl.startsWith("https")){
+            assert "peer not authenticated" == shouldFail {
+                api.getJobNames("myproj")
+            }
+        }
+    }
+}
+