Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[JENKINS-73904] Enable FIPS restrictions in the JWK signing algorithm for Token verification #428

Merged
merged 1 commit into from
Oct 11, 2024
Merged

[JENKINS-73904] Enable FIPS restrictions in the JWK signing algorithm for Token verification #428

merged 1 commit into from
Oct 11, 2024

Conversation

fcojfernandez
Copy link
Member

Based on #424 as there seems to be issues to push commits

(merits for @pankajy-dev)

See JENKINS-73904 -> When Jenkins is running on FIPS mode then the algorithms are filtered. Non accepted algorithms are not used.

Testing done

Submitter checklist

  • Make sure you are opening from a topic/feature/bugfix branch (right side) and not your main branch!
  • Ensure that the pull request title represents the desired changelog entry
  • Please describe what you did
  • Link to relevant issues in GitHub or Jira
  • Link to relevant pull requests, esp. upstream and downstream changes
  • Ensure you have provided tests - that demonstrates feature works or fixes the issue

@fcojfernandez fcojfernandez requested a review from a team as a code owner October 11, 2024 17:22
PereBueno
PereBueno approved these changes Oct 11, 2024
View reviewed changes
Copy link
Contributor

@PereBueno PereBueno left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@fcojfernandez fcojfernandez merged commit a67b9d1 into jenkinsci:master Oct 11, 2024
18 of 19 checks passed
@codecov Codecov
Copy link

codecov bot commented Oct 11, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 76.72414% with 27 lines in your changes missing coverage. Please review.

Project coverage is 72.01%. Comparing base (c98df34) to head (f1b33c3).
Report is 18 commits behind head on master.

Files with missing lines Patch % Lines
...va/org/jenkinsci/plugins/oic/OicSecurityRealm.java 75.28% 3 Missing and 19 partials ⚠️
...nsci/plugins/oic/OicServerManualConfiguration.java 25.00% 2 Missing and 1 partial ⚠️
...nsci/plugins/oic/OicAlgorithmValidatorFIPS140.java 95.45% 1 Missing ⚠️
...i/plugins/oic/OicServerWellKnownConfiguration.java 0.00% 1 Missing ⚠️
Additional details and impacted files 
@@             Coverage Diff              @@
##             master     #428      +/-   ##
============================================
+ Coverage     71.88%   72.01%   +0.12%     
- Complexity      206      221      +15     
============================================
  Files            16       17       +1     
  Lines           900     1022     +122     
  Branches        126      144      +18     
============================================
+ Hits            647      736      +89     
- Misses          186      198      +12     
- Partials         67       88      +21

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

jtnord
jtnord requested changes Oct 11, 2024
View reviewed changes
src/main/java/org/jenkinsci/plugins/oic/OicAlgorithmValidatorFIPS140.java
JWESupportedAlgorithms.addAll(RSACryptoProvider.SUPPORTED_ALGORITHMS);
// RSA1_5 is deprecated and not a compliant algorithm.
JWESupportedAlgorithms.remove(JWEAlgorithm.RSA1_5);
JWESupportedAlgorithms.addAll(ECDHCryptoProvider.SUPPORTED_ALGORITHMS);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#424 (comment)

@jtnord jtnord mentioned this pull request Oct 11, 2024
Closed
6 tasks
@jtnord jtnord changed the title [JENKINS-73904] Enable FIPS restrictions in the JWK signing algorithm for SSL verification [JENKINS-73904] Enable FIPS restrictions in the JWK signing algorithm for Token verification Oct 11, 2024
This was referenced Oct 14, 2024
Closed
Merged
@fcojfernandez fcojfernandez deleted the JENKINS-73904 branch October 14, 2024 09:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jtnord jtnord jtnord requested changes

@PereBueno PereBueno PereBueno approved these changes

Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@fcojfernandez @jtnord @PereBueno @olamy