search

tomasbjerre / pull-request-notifier-for-bitbucket

Bitbucket Server plugin that invokes a custom URL when a pull request event is triggered.
Other
186 stars 75 forks source link

Cannot send notifications to internal https server that uses a self-signed certificate #353

Open mrbball17 opened 4 years ago

mrbball17 commented 4 years ago

We are trying to use PR Notifier to send a notification to an internal https server that uses a self-signed certificate, but we are receiving this error in the Bitbucket log:

2019-09-25 14:42:43,115 ERROR [http-nio-8080-exec-11] Gourav.Singla *16FVOE3x882x15594874x4 1ec88op 172.31.192.101,10.153.94.190 "POST /rest/prnfb-admin/1.0/settings/buttons/253f95f3-a613-41e7-bd62-f4e267802442/press/repository/7024/pullrequest/242 HTTP/1.1" se.bjurr.prnfb.http.UrlInvoker 
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.ssl.Alerts.getSSLException(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
    at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
    at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
    at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
    at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
    at sun.security.ssl.Handshaker.processLoop(Unknown Source)
    at sun.security.ssl.Handshaker.process_record(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:396)
    at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:355)
    at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
    at org.apache.http.impl.conn.BasicHttpClientConnectionManager.connect(BasicHttpClientConnectionManager.java:325)
    at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:381)
    at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:237)
    at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185)
    at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
    at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:111)
    at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108)
    at se.bjurr.prnfb.http.UrlInvoker.doInvoke(UrlInvoker.java:376)
    at se.bjurr.prnfb.http.UrlInvoker.invoke(UrlInvoker.java:182)
    at se.bjurr.prnfb.listener.PrnfbPullRequestEventListener$1.invoke(PrnfbPullRequestEventListener.java:100)
    at se.bjurr.prnfb.listener.PrnfbPullRequestEventListener.notify(PrnfbPullRequestEventListener.java:324)
    at se.bjurr.prnfb.service.ButtonsService.doHandlePressed(ButtonsService.java:106)
    at se.bjurr.prnfb.service.ButtonsService.handlePressed(ButtonsService.java:158)
    at se.bjurr.prnfb.presentation.ButtonServlet.press(ButtonServlet.java:176)
    at com.atlassian.applinks.core.rest.context.ContextFilter.doFilter(ContextFilter.java:24)
    at com.atlassian.applinks.core.rest.context.ContextFilter.doFilter(ContextFilter.java:24)
    at com.atlassian.applinks.core.rest.context.ContextFilter.doFilter(ContextFilter.java:24)
    at com.atlassian.applinks.core.rest.context.ContextFilter.doFilter(ContextFilter.java:24)
    at com.atlassian.applinks.core.rest.context.ContextFilter.doFilter(ContextFilter.java:24)
    at com.atlassian.analytics.client.filter.UniversalAnalyticsFilter.doFilter(UniversalAnalyticsFilter.java:92)
    at com.atlassian.analytics.client.filter.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:39)
    at com.atlassian.bitbucket.internal.xcode.web.XcodeUserAgentFilter.doFilter(XcodeUserAgentFilter.java:36)
    at com.atlassian.stash.internal.spring.lifecycle.LifecycleJohnsonServletFilterModuleContainerFilter.doFilter(LifecycleJohnsonServletFilterModuleContainerFilter.java:42)
    at com.atlassian.plugin.connect.plugin.auth.scope.ApiScopingFilter.doFilter(ApiScopingFilter.java:81)
    at com.atlassian.stash.internal.spring.lifecycle.LifecycleJohnsonServletFilterModuleContainerFilter.doFilter(LifecycleJohnsonServletFilterModuleContainerFilter.java:42)
    at com.atlassian.stash.internal.spring.security.StashAuthenticationFilter.doFilter(StashAuthenticationFilter.java:85)
    at com.atlassian.stash.internal.web.auth.BeforeLoginPluginAuthenticationFilter.doInsideSpringSecurityChain(BeforeLoginPluginAuthenticationFilter.java:112)
    at com.atlassian.stash.internal.web.auth.BeforeLoginPluginAuthenticationFilter.doFilter(BeforeLoginPluginAuthenticationFilter.java:75)
    at com.atlassian.security.auth.trustedapps.filter.TrustedApplicationsFilter.doFilter(TrustedApplicationsFilter.java:94)
    at com.atlassian.oauth.serviceprovider.internal.servlet.OAuthFilter.doFilter(OAuthFilter.java:67)
    at com.atlassian.stash.internal.spring.lifecycle.LifecycleJohnsonServletFilterModuleContainerFilter.doFilter(LifecycleJohnsonServletFilterModuleContainerFilter.java:42)
    at com.atlassian.plugin.connect.plugin.auth.oauth2.DefaultSalAuthenticationFilter.doFilter(DefaultSalAuthenticationFilter.java:69)
    at com.atlassian.plugin.connect.plugin.auth.user.ThreeLeggedAuthFilter.doFilter(ThreeLeggedAuthFilter.java:109)
    at com.atlassian.jwt.internal.servlet.JwtAuthFilter.doFilter(JwtAuthFilter.java:32)
    at com.atlassian.analytics.client.filter.DefaultAnalyticsFilter.doFilter(DefaultAnalyticsFilter.java:38)
    at com.atlassian.analytics.client.filter.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:39)
    at com.atlassian.bitbucket.internal.scm.git.lfs.servlet.filter.GitLfsLockingFilter.doFilter(GitLfsLockingFilter.java:50)
    at com.atlassian.stash.internal.spring.lifecycle.LifecycleJohnsonServletFilterModuleContainerFilter.doFilter(LifecycleJohnsonServletFilterModuleContainerFilter.java:42)
    at com.atlassian.stash.internal.web.auth.BeforeLoginPluginAuthenticationFilter.doBeforeBeforeLoginFilters(BeforeLoginPluginAuthenticationFilter.java:90)
    at com.atlassian.stash.internal.web.auth.BeforeLoginPluginAuthenticationFilter.doFilter(BeforeLoginPluginAuthenticationFilter.java:73)
    at com.atlassian.stash.internal.request.DefaultRequestManager.doAsRequest(DefaultRequestManager.java:90)
    at com.atlassian.stash.internal.hazelcast.ConfigurableWebFilter.doFilter(ConfigurableWebFilter.java:38)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
    at java.lang.Thread.run(Unknown Source)
    ... 246 frames trimmed
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
    at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
    at sun.security.validator.Validator.validate(Unknown Source)
    at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
    ... 58 common frames omitted
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source)
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
    at java.security.cert.CertPathBuilder.build(Unknown Source)
    ... 64 common frames omitted

Is it possible to use a self-signed certificate on the destination server?

We are using PR Notifier version 4.1 with Bitbucket 5.16.2

Thanks.

-Kent

tomasbjerre commented 4 years ago

Did you try to check the checkbox: "Accent any certificate" ?

screenshotprn

mrbball17 commented 4 years ago

Thanks for getting back to me.

I was not aware of that setting. After checking the 'Accept any certificate' box in the configuration, we are now seeing a different error:

2019-09-27 02:22:45,079 WARN  [http-nio-8080-exec-69] Gourav.Singla *16FVOE3x142x16516259x1 dap60t 172.31.192.30,10.153.94.190 "POST /rest/prnfb-admin/1.0/settings/buttons/253f95f3-a613-41e7-bd62-f4e267802442/press/repository/7024/pullrequest/242 HTTP/1.1" c.s.j.s.c.servlet.WebComponent A servlet request, to the URI https://stash.veritas.com/rest/prnfb-admin/1.0/settings/buttons/253f95f3-a613-41e7-bd62-f4e267802442/press/repository/7024/pullrequest/242, contains form parameters in the request body but the request body has been consumed by the servlet or a servlet filter accessing the request parameters. Only resource methods using @FormParam will work as expected. Resource methods consuming the request body by other means will not work as expected.
2019-09-27 02:22:46,550 ERROR [http-nio-8080-exec-69] Gourav.Singla *16FVOE3x142x16516259x1 dap60t 172.31.192.30,10.153.94.190 "POST /rest/prnfb-admin/1.0/settings/buttons/253f95f3-a613-41e7-bd62-f4e267802442/press/repository/7024/pullrequest/242 HTTP/1.1" se.bjurr.prnfb.http.UrlInvoker 
javax.net.ssl.SSLPeerUnverifiedException: Certificate for <10.209.246.17> doesn't match any of the subject alternative names: []
        at org.apache.http.conn.ssl.SSLConnectionSocketFactory.verifyHostname(SSLConnectionSocketFactory.java:467)
        at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:397)
        at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:355)
        at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
        at org.apache.http.impl.conn.BasicHttpClientConnectionManager.connect(BasicHttpClientConnectionManager.java:325)
        at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:381)
        at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:237)
        at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185)
        at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
        at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:111)
        at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
        at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
        at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108)
        at se.bjurr.prnfb.http.UrlInvoker.doInvoke(UrlInvoker.java:376)
        at se.bjurr.prnfb.http.UrlInvoker.invoke(UrlInvoker.java:182)
        at se.bjurr.prnfb.listener.PrnfbPullRequestEventListener$1.invoke(PrnfbPullRequestEventListener.java:100)
        at se.bjurr.prnfb.listener.PrnfbPullRequestEventListener.notify(PrnfbPullRequestEventListener.java:324)
        at se.bjurr.prnfb.service.ButtonsService.doHandlePressed(ButtonsService.java:106)
        at se.bjurr.prnfb.service.ButtonsService.handlePressed(ButtonsService.java:158)
        at se.bjurr.prnfb.presentation.ButtonServlet.press(ButtonServlet.java:176)
        at com.atlassian.applinks.core.rest.context.ContextFilter.doFilter(ContextFilter.java:24)
        at com.atlassian.applinks.core.rest.context.ContextFilter.doFilter(ContextFilter.java:24)
        at com.atlassian.applinks.core.rest.context.ContextFilter.doFilter(ContextFilter.java:24)
        at com.atlassian.applinks.core.rest.context.ContextFilter.doFilter(ContextFilter.java:24)
        at com.atlassian.applinks.core.rest.context.ContextFilter.doFilter(ContextFilter.java:24)
        at com.atlassian.analytics.client.filter.UniversalAnalyticsFilter.doFilter(UniversalAnalyticsFilter.java:92)
        at com.atlassian.analytics.client.filter.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:39)
        at com.atlassian.bitbucket.internal.xcode.web.XcodeUserAgentFilter.doFilter(XcodeUserAgentFilter.java:36)
        at com.atlassian.stash.internal.spring.lifecycle.LifecycleJohnsonServletFilterModuleContainerFilter.doFilter(LifecycleJohnsonServletFilterModuleContainerFilter.java:42)
        at com.atlassian.plugin.connect.plugin.auth.scope.ApiScopingFilter.doFilter(ApiScopingFilter.java:81)
        at com.atlassian.stash.internal.spring.lifecycle.LifecycleJohnsonServletFilterModuleContainerFilter.doFilter(LifecycleJohnsonServletFilterModuleContainerFilter.java:42)
        at com.atlassian.stash.internal.spring.security.StashAuthenticationFilter.doFilter(StashAuthenticationFilter.java:85)
        at com.atlassian.stash.internal.web.auth.BeforeLoginPluginAuthenticationFilter.doInsideSpringSecurityChain(BeforeLoginPluginAuthenticationFilter.java:112)
        at com.atlassian.stash.internal.web.auth.BeforeLoginPluginAuthenticationFilter.doFilter(BeforeLoginPluginAuthenticationFilter.java:75)
        at com.atlassian.security.auth.trustedapps.filter.TrustedApplicationsFilter.doFilter(TrustedApplicationsFilter.java:94)
        at com.atlassian.oauth.serviceprovider.internal.servlet.OAuthFilter.doFilter(OAuthFilter.java:67)
        at com.atlassian.stash.internal.spring.lifecycle.LifecycleJohnsonServletFilterModuleContainerFilter.doFilter(LifecycleJohnsonServletFilterModuleContainerFilter.java:42)
        at com.atlassian.plugin.connect.plugin.auth.oauth2.DefaultSalAuthenticationFilter.doFilter(DefaultSalAuthenticationFilter.java:69)
        at com.atlassian.plugin.connect.plugin.auth.user.ThreeLeggedAuthFilter.doFilter(ThreeLeggedAuthFilter.java:109)
        at com.atlassian.jwt.internal.servlet.JwtAuthFilter.doFilter(JwtAuthFilter.java:32)
        at com.atlassian.analytics.client.filter.DefaultAnalyticsFilter.doFilter(DefaultAnalyticsFilter.java:38)
        at com.atlassian.analytics.client.filter.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:39)
        at com.atlassian.bitbucket.internal.scm.git.lfs.servlet.filter.GitLfsLockingFilter.doFilter(GitLfsLockingFilter.java:50)
        at com.atlassian.stash.internal.spring.lifecycle.LifecycleJohnsonServletFilterModuleContainerFilter.doFilter(LifecycleJohnsonServletFilterModuleContainerFilter.java:42)
        at com.atlassian.stash.internal.web.auth.BeforeLoginPluginAuthenticationFilter.doBeforeBeforeLoginFilters(BeforeLoginPluginAuthenticationFilter.java:90)
        at com.atlassian.stash.internal.web.auth.BeforeLoginPluginAuthenticationFilter.doFilter(BeforeLoginPluginAuthenticationFilter.java:73)
        at com.atlassian.stash.internal.request.DefaultRequestManager.doAsRequest(DefaultRequestManager.java:90)
        at com.atlassian.stash.internal.hazelcast.ConfigurableWebFilter.doFilter(ConfigurableWebFilter.java:38)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
        at java.lang.Thread.run(Unknown Source)
        ... 246 frames trimmed
tomasbjerre commented 4 years ago

You can google that: https://lmgtfy.com/?q=%22javax.net.ssl.SSLPeerUnverifiedException%3A+Certificate+for%22+%22doesn%27t+match+any+of+the+subject+alternative+names%3A%22

mrbball17 commented 4 years ago

Yes, I googled that. Unfortunately, that didn't do me much good. I didn't find much (if any) helpful information, at least none that I could interpret. I'm not any kind of an SSL expert, so it wasn't clear to me if I need to do something on my Bitbucket server or not, or if the user needs to configure something on the server receiving the notification.

tomasbjerre commented 4 years ago

Perhaps a change is needed in the plugin. Found this: https://stackoverflow.com/questions/39762760/javax-net-ssl-sslexception-certificate-doesnt-match-any-of-the-subject-alterna