From df6e4dd27019ab62cdd086569588501fc6debdd0 Mon Sep 17 00:00:00 2001
From: Olivier Lamy <olamy@apache.org>
Date: Thu, 10 Oct 2024 10:04:22 +1000
Subject: [PATCH] prefer IllegalArgumentException when escapeHatchEnabled in
 FIPS mode

Signed-off-by: Olivier Lamy <olamy@apache.org>
---
 .../java/org/jenkinsci/plugins/oic/OicSecurityRealm.java  | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/main/java/org/jenkinsci/plugins/oic/OicSecurityRealm.java b/src/main/java/org/jenkinsci/plugins/oic/OicSecurityRealm.java
index 61d533ce..cbf9a8f6 100644
--- a/src/main/java/org/jenkinsci/plugins/oic/OicSecurityRealm.java
+++ b/src/main/java/org/jenkinsci/plugins/oic/OicSecurityRealm.java
@@ -320,9 +320,15 @@ protected Object readResolve() throws ObjectStreamException {
         this.setTokenFieldToCheckKey(this.tokenFieldToCheckKey);
         // ensure escapeHatchSecret is encrypted
         this.setEscapeHatchSecret(this.escapeHatchSecret);
+
+        // validate this option in FIPS env or not
         try {
-            // validate this option in FIPS env or not
             this.setEscapeHatchEnabled(this.escapeHatchEnabled);
+        } catch (FormException e) {
+            throw new IllegalArgumentException(e);
+        }
+
+        try {
             if (automanualconfigure != null) {
                 if ("auto".equals(automanualconfigure)) {
                     OicServerWellKnownConfiguration conf =