simplify with last changes from Mina PR apache/mina-sshd#591

Signed-off-by: Olivier Lamy <olamy@apache.org>
olamy · Oct 3, 2024 · 750cbc6 · 750cbc6
1 parent d820108
commit 750cbc6
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 4 deletions.
diff --git a/...a/io/jenkins/plugins/mina_sshd_api/core/bouncycastle_registar/FIPSRegistarInitPlugin.java b/...a/io/jenkins/plugins/mina_sshd_api/core/bouncycastle_registar/FIPSRegistarInitPlugin.java
@@ -45,7 +45,8 @@ public class FIPSRegistarInitPlugin extends Plugin {
     public void start() throws Exception {
         if(FIPS140.useCompliantAlgorithms() && Security.getProvider("BCFIPS") != null) {
             LOG.info("register FIPSBouncyCastleSecurityProviderRegistar");
-            System.setProperty("org.apache.sshd.security.registrars", "io.jenkins.plugins.mina_sshd_api.core.bouncycastle_registar.FIPSBouncyCastleSecurityProviderRegistar");
+            //System.setProperty("org.apache.sshd.security.registrars", "io.jenkins.plugins.mina_sshd_api.core.bouncycastle_registar.FIPSBouncyCastleSecurityProviderRegistar");
+            System.setProperty("org.apache.sshd.security.fipsEnabled", "true");
             System.setProperty("org.apache.sshd.security.defaultProvider", "BCFIPS");
         } else {
             LOG.config("not needed to register FIPSBouncyCastleSecurityProviderRegistar");

diff --git a/.../java/io/jenkins/plugins/mina_sshd_api/core/bouncycastle_registar/TestBCFIPSRegistar.java b/.../java/io/jenkins/plugins/mina_sshd_api/core/bouncycastle_registar/TestBCFIPSRegistar.java
@@ -10,6 +10,7 @@
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.security.KeyPair;
+import java.security.NoSuchAlgorithmException;
 import java.util.Objects;
 
 import static org.hamcrest.MatcherAssert.assertThat;
@@ -40,9 +41,14 @@ public void BCFIPSRegisteredRejectSSHkeyGen() throws Throwable {
 
         String path = Objects.requireNonNull(Thread.currentThread().getContextClassLoader().getResource("id_rsa-keygen-rsa-2048")).getPath();
         j.then(r -> {
-            Iterable<KeyPair> keyPairs = SecurityUtils.loadKeyPairIdentities(null, null,
-                    Files.newInputStream(Path.of(path)) , FilePasswordProvider.of("theaustraliancricketteamisthebest"));
-            assertThat(keyPairs.iterator().next(), notNullValue());
+            try {
+                Iterable<KeyPair> keyPairs = SecurityUtils.loadKeyPairIdentities(null, null,
+                        Files.newInputStream(Path.of(path)), FilePasswordProvider.of("theaustraliancricketteamisthebest"));
+            } catch (NoSuchAlgorithmException e) {
+                // all good
+                // we cannot use expected = NoSuchAlgorithmException.class
+                // as we get org.jvnet.hudson.test.RealJenkinsRule$StepException
+            }
         });
     }
 }