Security fix (SECURITY-1615).

pom.xml

@@ -85,6 +85,11 @@
         <groupId>com.googlecode.json-simple</groupId>
         <artifactId>json-simple</artifactId>
         <version>1.1.1</version>
+    </dependency>
+	<dependency>
+        <groupId>org.apache.httpcomponents</groupId>
+        <artifactId>httpclient</artifactId>
+        <version>4.5.10</version>
     </dependency>
   </dependencies>
 

src/main/java/org/jenkinsci/plugins/vmanager/SummaryReportParams.java

@@ -57,6 +57,7 @@ public class SummaryReportParams {
     public String emailType;
     public String emailInputFile; 
     public boolean deleteEmailInputFile;
+    public boolean ignoreSSLError;
 
     public final static String  staticReportParams = "$jenkins_mode\"override\":true,\"sessionsViewName\":\"All_Sessions\",\"linkOutput\":$link_output,\"title\":\"Summary report\",\"includeSessions\":true,\"includeAll\":false$test_view_name$metrics_view_name$vplan_view_name$test_depth";
     public boolean includeTests = true;

src/main/java/org/jenkinsci/plugins/vmanager/dsl/post/DSLPublisher.java

@@ -68,6 +68,7 @@ public class DSLPublisher extends Recorder implements SimpleBuildStep, Serializa
     private String emailInputFile;
     private boolean deleteEmailInputFile;
     private String summaryMode;
+    private boolean ignoreSSLError;
 
 
 
@@ -82,7 +83,7 @@ public class DSLPublisher extends Recorder implements SimpleBuildStep, Serializa
     public DSLPublisher(String vAPIUrl, String vAPIUser, String vAPIPassword, boolean authRequired, boolean advConfig, boolean dynamicUserId, int connTimeout, int readTimeout, boolean advancedFunctions,
             boolean retrieveSummaryReport, boolean runReport, boolean metricsReport, boolean vPlanReport, String testsViewName, String metricsViewName, String vplanViewName, int testsDepth, int metricsDepth,
             int vPlanDepth, String metricsInputType, String metricsAdvanceInput, String vPlanInputType, String vPlanAdvanceInput, String vPlanxFileName, String summaryType, boolean ctxInput,
-            String ctxAdvanceInput, String freeVAPISyntax, boolean deleteReportSyntaxInputFile,String vManagerVersion,boolean sendEmail,String emailList,String emailType, String emailInputFile,boolean deleteEmailInputFile, String summaryMode) {
+            String ctxAdvanceInput, String freeVAPISyntax, boolean deleteReportSyntaxInputFile,String vManagerVersion,boolean sendEmail,String emailList,String emailType, String emailInputFile,boolean deleteEmailInputFile, String summaryMode, boolean ignoreSSLError) {
 
         this.vAPIUrl = vAPIUrl;
         this.authRequired = authRequired;
@@ -121,7 +122,7 @@ public DSLPublisher(String vAPIUrl, String vAPIUser, String vAPIPassword, boolea
         this.emailInputFile = emailInputFile; 
         this.deleteEmailInputFile = deleteEmailInputFile; 
         this.summaryMode = summaryMode;
-
+        this.ignoreSSLError = ignoreSSLError;
 
 
 
@@ -163,6 +164,7 @@ public DSLPublisher(String vAPIUrl, String vAPIUser, String vAPIPassword, boolea
         summaryReportParams.emailInputFile = emailInputFile; 
         summaryReportParams.deleteEmailInputFile = deleteEmailInputFile;
         summaryReportParams.summaryMode = summaryMode;
+        summaryReportParams.ignoreSSLError = ignoreSSLError;
     }
 
 
@@ -182,6 +184,11 @@ public String getEmailInputFile() {
         return emailInputFile;
     }
 
+
+    public boolean isIgnoreSSLError() {
+        return ignoreSSLError;
+    }
+
     public boolean isDeleteEmailInputFile() {
         return deleteEmailInputFile;
     }

src/main/java/org/jenkinsci/plugins/vmanager/dsl/post/VMGRPostLaunchStep.java

@@ -98,6 +98,7 @@ public class VMGRPostLaunchStep extends Step {
     private String emailInputFile;
     private boolean deleteEmailInputFile;
     private String summaryMode;
+    private boolean ignoreSSLError;
 
 
 
@@ -107,7 +108,7 @@ public class VMGRPostLaunchStep extends Step {
     public VMGRPostLaunchStep(String vAPIUrl, String vAPIUser, String vAPIPassword, boolean authRequired, boolean advConfig, boolean dynamicUserId, int connTimeout, int readTimeout, boolean advancedFunctions,
             boolean retrieveSummaryReport, boolean runReport, boolean metricsReport, boolean vPlanReport, String testsViewName, String metricsViewName, String vplanViewName, int testsDepth, int metricsDepth,
             int vPlanDepth, String metricsInputType, String metricsAdvanceInput, String vPlanInputType, String vPlanAdvanceInput, String vPlanxFileName, String summaryType, boolean ctxInput,
-            String ctxAdvanceInput, String freeVAPISyntax, boolean deleteReportSyntaxInputFile,String vManagerVersion,boolean sendEmail,String emailList,String emailType, String emailInputFile,boolean deleteEmailInputFile,String summaryMode) {
+            String ctxAdvanceInput, String freeVAPISyntax, boolean deleteReportSyntaxInputFile,String vManagerVersion,boolean sendEmail,String emailList,String emailType, String emailInputFile,boolean deleteEmailInputFile,String summaryMode, boolean ignoreSSLError) {
 
         this.vAPIUrl = vAPIUrl;
         this.authRequired = authRequired;
@@ -147,6 +148,7 @@ public VMGRPostLaunchStep(String vAPIUrl, String vAPIUser, String vAPIPassword,
         this.emailInputFile = emailInputFile; 
         this.deleteEmailInputFile = deleteEmailInputFile; 
         this.summaryMode = summaryMode;
+        this.ignoreSSLError = ignoreSSLError;
 
 
     }
@@ -167,6 +169,10 @@ public boolean isDeleteEmailInputFile() {
         return deleteEmailInputFile;
     }
 
+    public boolean isIgnoreSSLError() {
+        return ignoreSSLError;
+    }
+
     public String getVManagerVersion() {
         return vManagerVersion;
     }

src/main/java/org/jenkinsci/plugins/vmanager/dsl/post/VMGRPostLaunchStepImpl.java

@@ -38,7 +38,7 @@ protected Void run() throws Exception {
            publisher = new DSLPublisher(step.getVAPIUrl(), step.getVAPIUser(), step.getVAPIPassword(), step.isAuthRequired(), step.isAdvConfig(), step.isDynamicUserId(), step.getConnTimeout(), step.getReadTimeout(), step.isAdvancedFunctions(),
             step.isRetrieveSummaryReport(), step.isRunReport(), step.isMetricsReport(), step.isVPlanReport(), step.getTestsViewName(), step.getMetricsViewName(), step.getVplanViewName(), step.getTestsDepth(), step.getMetricsDepth(),
             step.getVPlanDepth(), step.getMetricsInputType(), step.getMetricsAdvanceInput(), step.getVPlanInputType(), step.getVPlanAdvanceInput(), step.getVPlanxFileName(), step.getSummaryType(), step.isCtxInput(),
-            step.getCtxAdvanceInput(), step.getFreeVAPISyntax(), step.isDeleteReportSyntaxInputFile(),step.getVManagerVersion(), step.isSendEmail(), step.getEmailList(),step.getEmailType(), step.getEmailInputFile(),step.isDeleteEmailInputFile(), step.getSummaryMode());
+            step.getCtxAdvanceInput(), step.getFreeVAPISyntax(), step.isDeleteReportSyntaxInputFile(),step.getVManagerVersion(), step.isSendEmail(), step.getEmailList(),step.getEmailType(), step.getEmailInputFile(),step.isDeleteEmailInputFile(), step.getSummaryMode(), step.isIgnoreSSLError());
 
        } else {
            publisher = new DSLPublisher();

src/main/resources/org/jenkinsci/plugins/vmanager/dsl/post/DSLPublisher/config.jelly

@@ -70,6 +70,7 @@
                                                 <f:entry title="vManager Server version:" field="vManagerVersion" >
                                                     <f:select />
                                                 </f:entry>
+                                                <f:entry title="Ignore SSL/TLS Errors " field="ignoreSSLError" description="If checked, the plugin will also accept self-signed SSL certificate"><f:checkbox name="ignoreSSLError" checked="${it.ignoreSSLError}"/></f:entry>
                                                 <f:radioBlock name="summaryType" value="wizard" title="Retrieve and Present Job Summary Report" checked="${instance.summaryType == 'wizard'}" inline="true">
                                                     <f:block>
                                                         <table style="margin: 0 0 0 30px;">

src/main/resources/org/jenkinsci/plugins/vmanager/dsl/post/DSLPublisher/help-ignoreSSLError.html

@@ -0,0 +1,6 @@
+<div>
+    This option is only relevant if you choose vManager Version < 19.09.<br>
+    If the vManager version is smaller than 19.09, the report is being retrieved by parsing the html web page of the report generated using http connection.<br>
+    Since vManager Web Server is having by default a self-signed certificate, normal http connection will fail to get validated and the connection will get rejected. <br>
+    If you replaced the server certificate with a signed one of your own, you can leave it as default.  Unless, if you are using the default vManager installed self-signed certificate - the only way to overcome its SSL validation is to allow the connection from the Jenkins to the vManager server at the time of the report retrieval only to skip validation.  
+</div>

src/main/resources/org/jenkinsci/plugins/vmanager/dsl/post/VMGRPostLaunchStep/config.jelly

@@ -70,6 +70,7 @@
                                                 <f:entry title="vManager Server version:" field="vManagerVersion" >
                                                     <f:select />
                                                 </f:entry>
+                                                <f:entry title="Ignore SSL/TLS Errors " field="ignoreSSLError" description="If checked, the plugin will also accept self-signed SSL certificate"><f:checkbox name="ignoreSSLError" checked="${it.ignoreSSLError}"/></f:entry>
                                                 <f:radioBlock name="summaryType" value="wizard" title="Retrieve and Present Job Summary Report" checked="${instance.summaryType == 'wizard'}" inline="true">
                                                     <f:block>
                                                         <table style="margin: 0 0 0 30px;">

src/main/resources/org/jenkinsci/plugins/vmanager/dsl/post/VMGRPostLaunchStep/help-ignoreSSLError.html

@@ -0,0 +1,6 @@
+<div>
+    This option is only relevant if you choose vManager Version < 19.09.<br>
+    If the vManager version is smaller than 19.09, the report is being retrieved by parsing the html web page of the report generated using http connection.<br>
+    Since vManager Web Server is having by default a self-signed certificate, normal http connection will fail to get validated and the connection will get rejected. <br>
+    If you replaced the server certificate with a signed one of your own, you can leave it as default.  Unless, if you are using the default vManager installed self-signed certificate - the only way to overcome its SSL validation is to allow the connection from the Jenkins to the vManager server at the time of the report retrieval only to skip validation.  
+</div>