Skip to content

Commit

Permalink
Merge pull request #55 from jmdesprez/JENKINS-73610
Browse files Browse the repository at this point in the history
  • Loading branch information
Vlatombe authored Aug 14, 2024
2 parents 71b1a82 + 3266d62 commit cf07975
Show file tree
Hide file tree
Showing 8 changed files with 46 additions and 6 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,10 @@ public static String encodeKey(Key key) {
* @throws IllegalArgumentException If the request is invalid
*/
public static void ensureFIPSCompliantURIRequest(URI uri, boolean skipTLSVerify) {
boolean isInsecure = uri.getScheme().equals("http");
boolean isInsecure = false;
if (uri != null) {
isInsecure = "http".equals(uri.getScheme());
}
ensureFIPSCompliant(isInsecure, skipTLSVerify);
}

Expand All @@ -82,7 +85,10 @@ public static void ensureFIPSCompliantURIRequest(URI uri, boolean skipTLSVerify)
* @throws IllegalArgumentException If the request is invalid
*/
public static void ensureFIPSCompliantRequest(String stringRequest, boolean skipTLSVerify) {
boolean isInsecure = stringRequest.startsWith("http://");
boolean isInsecure = false;
if(stringRequest != null) {
isInsecure = stringRequest.startsWith("http://");
}
ensureFIPSCompliant(isInsecure, skipTLSVerify);
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,13 @@ public AbstractHttpClientWithTLSOptionsFactoryFIPSTest(String scheme, boolean sk
@Test
public void testCreateKubernetesAuthConfig() throws URISyntaxException {
try {
HttpClientWithTLSOptionsFactory.getBuilder(new URI(scheme, "localhost", null, null), null, skipTLSVerify);
URI uri;
if (scheme != null) {
uri = new URI(scheme, "localhost", null, null);
} else {
uri = null;
}
HttpClientWithTLSOptionsFactory.getBuilder(uri, null, skipTLSVerify);
if (!shouldPass) {
fail("This test was expected to fail, reason: " + motivation);
}
Expand Down
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package org.jenkinsci.plugins.kubernetes.credentials;

import com.cloudbees.plugins.credentials.CredentialsScope;
import edu.umd.cs.findbugs.annotations.NonNull;
import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.HttpConnectionFactory;
Expand Down Expand Up @@ -56,7 +57,7 @@ public abstract class AbstractOpenShiftBearerTokenCredentialFIPSTest {


public AbstractOpenShiftBearerTokenCredentialFIPSTest(
String scheme, boolean skipTLSVerify, boolean shouldPass, String motivation) {
@NonNull String scheme, boolean skipTLSVerify, boolean shouldPass, String motivation) {
this.scheme = scheme;
this.skipTLSVerify = skipTLSVerify;
this.shouldPass = shouldPass;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -27,9 +27,32 @@ public AbstractUtilsFIPSTest(

@Test
public void ensureFIPSCompliantURIRequest() throws URISyntaxException {
HttpUriRequest request = new HttpGet(new URI(scheme, "localhost", null, null));
try {
Utils.ensureFIPSCompliantURIRequest(request.getURI(), skipTLSVerify);
if(scheme != null) {
HttpUriRequest request = new HttpGet(new URI(scheme, "localhost", null, null));
URI uri = request.getURI();
Utils.ensureFIPSCompliantURIRequest(uri, skipTLSVerify);
} else {
Utils.ensureFIPSCompliantURIRequest(null, skipTLSVerify);
}
if (!shouldPass) {
fail("This test was expected to fail, reason: " + motivation);
}
} catch (IllegalArgumentException e) {
if (shouldPass) {
fail("This test was expected to pass, reason: " + motivation);
}
}
}

@Test
public void ensureFIPSCompliantRequest() {
try {
if(scheme != null) {
Utils.ensureFIPSCompliantRequest(scheme + "://localhost", skipTLSVerify);
} else {
Utils.ensureFIPSCompliantRequest(null, skipTLSVerify);
}
if (!shouldPass) {
fail("This test was expected to fail, reason: " + motivation);
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ public HttpClientWithTLSOptionsFactoryWithFIPSTest(
public static Collection<Object[]> parameters() {
return Arrays.asList(new Object[][] {
// Valid use cases
{null, false, true, "No URL provided and the TLS verification is not skipped, this should be accepted"},
{"https", false, true, "TLS is used and the TLS verification is not skipped, this should be accepted"},
// Invalid use cases
{"https", true, false, "Skip TLS check is not accepted in FIPS mode"},
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ public HttpClientWithTLSOptionsFactoryWithoutFIPSTest(
public static Collection<Object[]> parameters() {
return Arrays.asList(new Object[][] {
// Valid use cases
{null, false, true, "Not in FIPS mode, any combination should be valid"},
{"https", false, true, "Not in FIPS mode, any combination should be valid"},
{"http", false, true, "Not in FIPS mode, any combination should be valid"},
{"http", true, true, "Not in FIPS mode, any combination should be valid"},
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ public UtilsWithFIPSTest(
public static Collection<Object[]> parameters() {
return Arrays.asList(new Object[][] {
// Valid use cases
{null, false, true, "No URL provided and the TLS verification is not skipped, this should be accepted"},
{"https", false, true, "TLS is used and the TLS verification is not skipped, this should be accepted"},
// Invalid use cases
{"https", true, false, "Skip TLS check is not accepted in FIPS mode"},
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ public UtilsWithoutFIPSTest(String scheme, boolean skipTLSVerify, boolean should
@Parameterized.Parameters
public static Collection<Object[]> parameters() {
return Arrays.asList(new Object[][] {
{null, true, true, "Not in FIPS mode, any combination should be valid"},
{"https", true, true, "Not in FIPS mode, any combination should be valid"},
{"https", false, true, "Not in FIPS mode, any combination should be valid"},
{"http", true, true, "Not in FIPS mode, any combination should be valid"},
Expand Down

0 comments on commit cf07975

Please sign in to comment.