From 13db16d0d45fb695bd6308fd5dbca4caf0297a25 Mon Sep 17 00:00:00 2001 From: Jean-Marc Desprez Date: Wed, 31 Jul 2024 18:00:56 +0200 Subject: [PATCH] Extract skip TLS error message --- .../plugins/kubernetes/auth/KubernetesAuthConfig.java | 3 ++- .../credentials/HttpClientWithTLSOptionsFactory.java | 2 +- .../jenkinsci/plugins/kubernetes/credentials/Utils.java | 7 ++++++- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/src/main/java/org/jenkinsci/plugins/kubernetes/auth/KubernetesAuthConfig.java b/src/main/java/org/jenkinsci/plugins/kubernetes/auth/KubernetesAuthConfig.java index 7386714..cc0193b 100644 --- a/src/main/java/org/jenkinsci/plugins/kubernetes/auth/KubernetesAuthConfig.java +++ b/src/main/java/org/jenkinsci/plugins/kubernetes/auth/KubernetesAuthConfig.java @@ -1,6 +1,7 @@ package org.jenkinsci.plugins.kubernetes.auth; import jenkins.security.FIPS140; +import org.jenkinsci.plugins.kubernetes.credentials.Utils; /** * Configuration object for {@link KubernetesAuth} operations. @@ -21,7 +22,7 @@ public class KubernetesAuthConfig { public KubernetesAuthConfig(String serverUrl, String caCertificate, boolean skipTlsVerify) { if (FIPS140.useCompliantAlgorithms() && skipTlsVerify && serverUrl.startsWith("https://")) { - throw new IllegalArgumentException("Skipping TLS verification is not accepted in FIPS mode."); + throw new IllegalArgumentException(Utils.FIPS140_SKIP_TLS_ERROR_MESSAGE); } this.serverUrl = serverUrl; this.caCertificate = caCertificate; diff --git a/src/main/java/org/jenkinsci/plugins/kubernetes/credentials/HttpClientWithTLSOptionsFactory.java b/src/main/java/org/jenkinsci/plugins/kubernetes/credentials/HttpClientWithTLSOptionsFactory.java index d87b804..55b7077 100644 --- a/src/main/java/org/jenkinsci/plugins/kubernetes/credentials/HttpClientWithTLSOptionsFactory.java +++ b/src/main/java/org/jenkinsci/plugins/kubernetes/credentials/HttpClientWithTLSOptionsFactory.java @@ -85,7 +85,7 @@ public static HttpClientBuilder getBuilder(URI uri, String caCertData, boolean s try { if (skipTLSVerify) { if (FIPS140.useCompliantAlgorithms() && uri.getScheme().equals("https")) { - throw new IllegalArgumentException("Skipping TLS verification is not accepted in FIPS mode."); + throw new IllegalArgumentException(Utils.FIPS140_SKIP_TLS_ERROR_MESSAGE); } builder.setSSLSocketFactory(getAlwaysTrustSSLFactory()); } else if (caCertData != null) { diff --git a/src/main/java/org/jenkinsci/plugins/kubernetes/credentials/Utils.java b/src/main/java/org/jenkinsci/plugins/kubernetes/credentials/Utils.java index fa73b2b..3b1f441 100644 --- a/src/main/java/org/jenkinsci/plugins/kubernetes/credentials/Utils.java +++ b/src/main/java/org/jenkinsci/plugins/kubernetes/credentials/Utils.java @@ -13,6 +13,11 @@ public abstract class Utils { + /** + * Error message used to indicate that skipping TLS verification is not accepted in FIPS mode. + */ + public static String FIPS140_SKIP_TLS_ERROR_MESSAGE = "Skipping TLS verification is not accepted in FIPS mode."; + public static String wrapWithMarker(String begin, String end, String encodedBody) { return new StringBuilder(begin).append("\n") .append(encodedBody).append("\n") @@ -68,7 +73,7 @@ public static void ensureFIPSCompliantURIRequest(HttpUriRequest uriRequest, bool throw new IllegalArgumentException("Non-TLS connection is not accepted in FIPS mode when a credential is present."); } if (isHttps && skipTLSVerify) { - throw new IllegalArgumentException("Skipping TLS verification is not accepted in FIPS mode."); + throw new IllegalArgumentException(Utils.FIPS140_SKIP_TLS_ERROR_MESSAGE); } } }