Branch: refs/heads/master
Home: https://github.com/jenkinsci/bouncycastle-api-plugin
Commit: cc39bf515aab4764c9f07ed3abc1a3bbee86eb65
https://github.com/jenkinsci/bouncycastle-api-plugin/commit/cc39bf515aab4764c9f07ed3abc1a3bbee86eb65
Author: James Nord <[email protected]>
Date: 2021-07-21 (Wed, 21 Jul 2021)
Changed paths:
M pom.xml
A src/main/java/jenkins/bouncycastle/api/BouncyCastlePlugin.java
M src/main/java/jenkins/bouncycastle/api/InstallBouncyCastleJCAProvider.java
M src/main/java/jenkins/bouncycastle/api/SecurityProviderInitializer.java
Log Message:
-----------
[JENKINS-66180] be tollerant of the presence of the BouncyCastle FIPS provider
The most common way of running a JVM based app in FIPS compliance mode
is to use the Bouncy Castle FIPS provider.
This provider uses the same package structure as the regular one, but
lacks support for some algorithms and some classes are different).
Because of this if we just try and register the BouncyCastle PRovider as
normal we will end up
1. subverting the FIPS compliance of the JVM
2. likely failing due to invalid class / incompatable classes causing
plugin initialisation errors, causing dependent plugins to also not
initialise.
Dependant plugins can often (but not always) be adapted to use either
the FIPS apis or the regular ones (mostly this in an excersize in not
using deprecated APIs!) but also ensuring that no alrorithm is asked for
that is not FIPS compliant. In either case this would need changes in
those plugins, but for the plugins that need no changes they should
function regardless, so now we do not unconditionally register any
provider in either the controller or the agent.
The first thing we do is check for the prescence of the BouncyCastle
FIPS provider (using the BCFIPS provider string), if that is present
then this plugin effectively becomes a no-op plugin with the exception
of the PEM helper class.
if the FIPS provider is not present then the plugin dynamically updates
the classpath to inject the regualr bouncycastle libraries.
for plugins that depend on this plugin no changes should be needed as
long as everything is running in non FIPS mode.
For the plugin to also work in the presence of the FIPS provider they
need to
1. not use any non fips approved algorithms
2. use defaults (for keystore end factories) etc rather than hard coding
vvalues
3. not use deprecated API
4. self check at runtime that things are still working as ecpected.
Commit: 78a15758d840c6eb450431db1f10f6191f7fefb5
https://github.com/jenkinsci/bouncycastle-api-plugin/commit/78a15758d840c6eb450431db1f10f6191f7fefb5
Author: James Nord <[email protected]>
Date: 2021-07-21 (Wed, 21 Jul 2021)
Changed paths:
M pom.xml
M src/main/java/jenkins/bouncycastle/api/BouncyCastlePlugin.java
A src/main/resources/index.jelly
Log Message:
-----------
[JENKINS-66180] dynamically load the BC APIs
THis allows the plugin to expose the BouncyCastle APIs at build time to
regular users, but if the plugin is running in a JVM configured for FIPS
we would not insert the BC jars so there would be no conflict with BC
FIPS
Commit: 6edbcf1f6baaa2b30126da40f62b464783946b6b
https://github.com/jenkinsci/bouncycastle-api-plugin/commit/6edbcf1f6baaa2b30126da40f62b464783946b6b
Author: James Nord <[email protected]>
Date: 2021-07-22 (Thu, 22 Jul 2021)
Changed paths:
M src/main/java/jenkins/bouncycastle/api/BouncyCastlePlugin.java
M src/main/resources/index.jelly
Log Message:
-----------
Apply suggestions from code review
Logging and typo fixes from review
Co-authored-by: Jesse Glick <[email protected]>
Commit: 6766e158d9cd9c357da84de4824baabdb1cfb2c4
https://github.com/jenkinsci/bouncycastle-api-plugin/commit/6766e158d9cd9c357da84de4824baabdb1cfb2c4
Author: imonteroperez <[email protected]>
Date: 2021-08-03 (Tue, 03 Aug 2021)
Changed paths:
M src/main/java/jenkins/bouncycastle/api/PEMEncodable.java
Log Message:
-----------
Avoid use of hardcoded providers
Commit: 2628943a0d917f8b6621a7ee830b2fe5590893ec
https://github.com/jenkinsci/bouncycastle-api-plugin/commit/2628943a0d917f8b6621a7ee830b2fe5590893ec
Author: Ildefonso Montero <[email protected]>
Date: 2021-08-03 (Tue, 03 Aug 2021)
Changed paths:
M src/main/java/jenkins/bouncycastle/api/PEMEncodable.java
Log Message:
-----------
Update src/main/java/jenkins/bouncycastle/api/PEMEncodable.java
Co-authored-by: James Nord <[email protected]>
Commit: 52ffc8beb0992a7ad807af88ee01e9ab6c416411
https://github.com/jenkinsci/bouncycastle-api-plugin/commit/52ffc8beb0992a7ad807af88ee01e9ab6c416411
Author: Ildefonso Montero <[email protected]>
Date: 2021-08-03 (Tue, 03 Aug 2021)
Changed paths:
M src/main/java/jenkins/bouncycastle/api/PEMEncodable.java
Log Message:
-----------
Update src/main/java/jenkins/bouncycastle/api/PEMEncodable.java
Co-authored-by: James Nord <[email protected]>
Commit: 8368d0d95016188596160bc897e1a45f4d842fbb
https://github.com/jenkinsci/bouncycastle-api-plugin/commit/8368d0d95016188596160bc897e1a45f4d842fbb
Author: James Nord <[email protected]>
Date: 2021-08-03 (Tue, 03 Aug 2021)
Changed paths:
M src/main/java/jenkins/bouncycastle/api/PEMEncodable.java
Log Message:
-----------
Update src/main/java/jenkins/bouncycastle/api/PEMEncodable.java
Commit: 20050991acd68ffcec8b2763e4d8666d89190e08
https://github.com/jenkinsci/bouncycastle-api-plugin/commit/20050991acd68ffcec8b2763e4d8666d89190e08
Author: James Nord <[email protected]>
Date: 2021-08-04 (Wed, 04 Aug 2021)
Changed paths:
M src/main/java/jenkins/bouncycastle/api/PEMEncodable.java
Log Message:
-----------
Merge pull request #1 from imonteroperez/PEMEncodable-JENKINS-66180
Avoid use of hardcoded providers
Commit: ca87605c0fe67e0408274fef79ae73c064f3bccf
https://github.com/jenkinsci/bouncycastle-api-plugin/commit/ca87605c0fe67e0408274fef79ae73c064f3bccf
Author: James Nord <[email protected]>
Date: 2021-08-12 (Thu, 12 Aug 2021)
Changed paths:
M src/main/java/jenkins/bouncycastle/api/BouncyCastlePlugin.java
M src/main/java/jenkins/bouncycastle/api/InstallBouncyCastleJCAProvider.java
Log Message:
-----------
Apply suggestions from code review
Co-authored-by: Devin Nusbaum <[email protected]>
Commit: a88004b07592939b752ac139fa2f863a73bddc4c
https://github.com/jenkinsci/bouncycastle-api-plugin/commit/a88004b07592939b752ac139fa2f863a73bddc4c
Author: James Nord <[email protected]>
Date: 2021-08-13 (Fri, 13 Aug 2021)
Changed paths:
M pom.xml
A src/main/java/jenkins/bouncycastle/api/BouncyCastlePlugin.java
M src/main/java/jenkins/bouncycastle/api/InstallBouncyCastleJCAProvider.java
M src/main/java/jenkins/bouncycastle/api/PEMEncodable.java
M src/main/java/jenkins/bouncycastle/api/SecurityProviderInitializer.java
A src/main/resources/index.jelly
Log Message:
-----------
Merge pull request #46 from jtnord/JENKINS-66180
[JENKINS-66180] be tolerant in the presence of the BouncyCastle FIPS provider
Compare:
https://github.com/jenkinsci/bouncycastle-api-plugin/compare/806da326b4bc...a88004b07592
--
You received this message because you are subscribed to the Google Groups
"Jenkins Commits" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/jenkinsci-commits/jenkinsci/bouncycastle-api-plugin/push/refs/heads/master/806da3-a88004%40github.com.
