[
https://issues.apache.org/jira/browse/KNOX-3306?focusedWorklogId=1016994&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-1016994
]
ASF GitHub Bot logged work on KNOX-3306:
----------------------------------------
Author: ASF GitHub Bot
Created on: 23/Apr/26 08:31
Start Date: 23/Apr/26 08:31
Worklog Time Spent: 10m
Work Description: hanicz commented on code in PR #1212:
URL: https://github.com/apache/knox/pull/1212#discussion_r3129429848
##########
gateway-server/src/main/java/org/apache/knox/gateway/services/security/impl/DefaultCryptoService.java:
##########
@@ -57,11 +58,18 @@ public void setAliasService(AliasService as) {
@Override
public void init(GatewayConfig config, Map<String, String> options)
- throws ServiceLifecycleException {
+ throws ServiceLifecycleException {
this.config = config;
- if (aliasService == null) {
+ if (aliasService == null) {
throw new ServiceLifecycleException("Alias service is not set");
}
+ if (FipsUtils.isFipsEnabledWithBCProvider()) {
+ //invoking the following getters will throw IllegalArgumentException in
case a forbidden algorithm is set
+ //so we can use them as a validation at service initialization time
+ config.getCredentialStoreAlgorithm();
+ config.getAlgorithm();
+ config.getPBEAlgorithm();
Review Comment:
Moved them into FipsUtils
Issue Time Tracking
-------------------
Worklog Id: (was: 1016994)
Time Spent: 40m (was: 0.5h)
> Make server startup fail if a forbidden security algorithm is configured for
> Knox in a FIPS environment
> -------------------------------------------------------------------------------------------------------
>
> Key: KNOX-3306
> URL: https://issues.apache.org/jira/browse/KNOX-3306
> Project: Apache Knox
> Issue Type: Improvement
> Components: Server
> Affects Versions: 2.1.0
> Reporter: Tamás Hanicz
> Assignee: Tamás Hanicz
> Priority: Major
> Time Spent: 40m
> Remaining Estimate: 0h
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
