fix: fedramp issues

ksqldb-rest-app/src/main/java/io/confluent/ksql/rest/server/KsqlRestConfig.java

@@ -126,10 +126,13 @@ public class KsqlRestConfig extends AbstractConfig {
 
   public static final String SSL_STORE_TYPE_JKS = "JKS";
   public static final String SSL_STORE_TYPE_PKCS12 = "PKCS12";
+  public static final String SSL_STORE_TYPE_BCFKS = "BCFKS";
+
   public static final ConfigDef.ValidString SSL_STORE_TYPE_VALIDATOR =
       ConfigDef.ValidString.in(
           SSL_STORE_TYPE_JKS,
-          SSL_STORE_TYPE_PKCS12
+          SSL_STORE_TYPE_PKCS12,
+          SSL_STORE_TYPE_BCFKS
       );
 
   public static final String SSL_CLIENT_AUTH_CONFIG = "ssl.client.auth";

ksqldb-rest-app/src/main/java/io/confluent/ksql/rest/server/KsqlServerMain.java

@@ -220,15 +220,9 @@ private static void validateCipherSuites(
       final FipsValidator fipsValidator, final KsqlRestConfig restConfig) {
     final Map<String, List<String>> fipsTlsMap = new HashMap<>();
     final List<String> cipherSuites = restConfig.getList(KsqlRestConfig.SSL_CIPHER_SUITES_CONFIG);
-    if (cipherSuites.isEmpty()) {
-      final String errorMsg = "No cipher suites "
-          + "('"
-          + KsqlRestConfig.SSL_CIPHER_SUITES_CONFIG
-          + "') is specified.";
-      log.error(errorMsg);
-      throw new SecurityException(errorMsg);
+    if (!cipherSuites.isEmpty()) {
+      fipsTlsMap.put(KsqlRestConfig.SSL_CIPHER_SUITES_CONFIG, cipherSuites);
     }
-    fipsTlsMap.put(KsqlRestConfig.SSL_CIPHER_SUITES_CONFIG, cipherSuites);
     fipsTlsMap.put(KsqlRestConfig.SSL_ENABLED_PROTOCOLS_CONFIG,
         restConfig.getList(KsqlRestConfig.SSL_ENABLED_PROTOCOLS_CONFIG));
 

ksqldb-rest-app/src/test/java/io/confluent/ksql/rest/server/KsqlServerMainTest.java

@@ -266,30 +266,6 @@ public void shouldFailOnInvalidDefaultValueFormat() {
         "Invalid value for config '" + KsqlConfig.KSQL_DEFAULT_VALUE_FORMAT_CONFIG + "': bad"));
   }
 
-  @Test
-  public void shouldFailOnEmptyCipherSuitesList() {
-    // Given:
-    final KsqlConfig config = configWith(ImmutableMap.of(
-        ConfluentConfigs.ENABLE_FIPS_CONFIG, true
-    ));
-    final KsqlRestConfig restConfig = new KsqlRestConfig(ImmutableMap.<String, Object>builder()
-        .build()
-    );
-
-    // When:
-    final Exception e = assertThrows(
-        SecurityException.class,
-        () -> KsqlServerMain.validateFips(config, restConfig)
-    );
-
-    // Then:
-    assertThat(e.getMessage(), containsString(
-        "No cipher suites "
-            + "('"
-            + KsqlRestConfig.SSL_CIPHER_SUITES_CONFIG
-            + "') is specified."));
-  }
-
   @Test
   public void shouldFailOnInvalidCipherSuitesList() {
     // Given: