Skip to content

Commit

Permalink
Extract skip TLS error message
Browse files Browse the repository at this point in the history
  • Loading branch information
@jmdesprez
jmdesprez committed Jul 31, 2024
1 parent 490e86b commit 13db16d
Show file tree
Hide file tree
Showing 3 changed files with 9 additions and 3 deletions.
3 changes: 2 additions & 1 deletion src/main/java/org/jenkinsci/plugins/kubernetes/auth/KubernetesAuthConfig.java
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package org.jenkinsci.plugins.kubernetes.auth;

import jenkins.security.FIPS140;
import org.jenkinsci.plugins.kubernetes.credentials.Utils;

/**
* Configuration object for {@link KubernetesAuth} operations.
Expand All @@ -21,7 +22,7 @@ public class KubernetesAuthConfig {

public KubernetesAuthConfig(String serverUrl, String caCertificate, boolean skipTlsVerify) {
if (FIPS140.useCompliantAlgorithms() && skipTlsVerify && serverUrl.startsWith("https://")) {
throw new IllegalArgumentException("Skipping TLS verification is not accepted in FIPS mode.");
throw new IllegalArgumentException(Utils.FIPS140_SKIP_TLS_ERROR_MESSAGE);
}
this.serverUrl = serverUrl;
this.caCertificate = caCertificate;
Expand Down
2 changes: 1 addition & 1 deletion ...in/java/org/jenkinsci/plugins/kubernetes/credentials/HttpClientWithTLSOptionsFactory.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -85,7 +85,7 @@ public static HttpClientBuilder getBuilder(URI uri, String caCertData, boolean s
try {
if (skipTLSVerify) {
if (FIPS140.useCompliantAlgorithms() && uri.getScheme().equals("https")) {
throw new IllegalArgumentException("Skipping TLS verification is not accepted in FIPS mode.");
throw new IllegalArgumentException(Utils.FIPS140_SKIP_TLS_ERROR_MESSAGE);
}
builder.setSSLSocketFactory(getAlwaysTrustSSLFactory());
} else if (caCertData != null) {
Expand Down
7 changes: 6 additions & 1 deletion src/main/java/org/jenkinsci/plugins/kubernetes/credentials/Utils.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,11 @@

public abstract class Utils {

/**
* Error message used to indicate that skipping TLS verification is not accepted in FIPS mode.
*/
public static String FIPS140_SKIP_TLS_ERROR_MESSAGE = "Skipping TLS verification is not accepted in FIPS mode.";

Check warning on line 19 in src/main/java/org/jenkinsci/plugins/kubernetes/credentials/Utils.java

View check run for this annotation

ci.jenkins.io / SpotBugs

MS_SHOULD_BE_FINAL 

HIGH:
org.jenkinsci.plugins.kubernetes.credentials.Utils.FIPS140_SKIP_TLS_ERROR_MESSAGE isn't final but should be
Raw output 
<p> This static field public but not final, and could be changed by malicious code or by accident from another package. The field could be made final to avoid this vulnerability.</p>

public static String wrapWithMarker(String begin, String end, String encodedBody) {
return new StringBuilder(begin).append("\n")
.append(encodedBody).append("\n")
Expand Down Expand Up @@ -68,7 +73,7 @@ public static void ensureFIPSCompliantURIRequest(HttpUriRequest uriRequest, bool
throw new IllegalArgumentException("Non-TLS connection is not accepted in FIPS mode when a credential is present.");
}
if (isHttps && skipTLSVerify) {
throw new IllegalArgumentException("Skipping TLS verification is not accepted in FIPS mode.");
throw new IllegalArgumentException(Utils.FIPS140_SKIP_TLS_ERROR_MESSAGE);
}
}
}
Expand Down

0 comments on commit 13db16d

Please sign in to comment.