Make plugin storage path FIPS-compliant

Signed-off-by: Artem Zatsarynnyi <azatsary@redhat.com>
eclipse-theia · Sep 9, 2020 · 604de71 · 604de71
1 parent f071134
commit 604de71
Showing 1 changed file with 20 additions and 2 deletions.
diff --git a/packages/plugin-ext/src/main/node/paths/plugin-paths-service.ts b/packages/plugin-ext/src/main/node/paths/plugin-paths-service.ts
@@ -84,7 +84,7 @@ export class PluginPathsServiceImpl implements PluginPathsService {
             // if workspace is temporary
             // then let create a storage path for each set of workspace roots
             const rootsStr = rootUris.sort().join(',');
-            return crypto.createHash('md5').update(rootsStr).digest('hex');
+            return this.createHash(rootsStr);
         } else {
             let stat;
             try {
@@ -95,10 +95,28 @@ export class PluginPathsServiceImpl implements PluginPathsService {
                 displayName = displayName.slice(0, displayName.lastIndexOf('.'));
             }
 
-            return crypto.createHash('md5').update(workspaceUri).digest('hex');
+            return this.createHash(workspaceUri);
         }
     }
 
+    /**
+     * Creates a hash digest of the given string.
+     */
+    protected createHash(str: string): string {
+        try {
+            // md5 is not FIPS-approved but we have to continue use it as there're existing storage folders based on it
+            return crypto.createHash('md5').update(str).digest('hex');
+        } catch (e) {
+            if (e.message.indexOf('disabled for FIPS') > -1) {
+                // SHA256 is FIPS-compliant
+                return crypto.createHash('sha256').update(str).digest('hex');
+            } else {
+                throw e;
+            }
+        }
+        // see more details in the issues 8378
+    }
+
     /**
      * Generate time folder name in format: YYYYMMDDTHHMMSS, for example: 20181205T093828
      */