New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: fedramp issues #10092
Merged
Merged
fix: fedramp issues #10092
Changes from 2 commits
Commits
Show all changes
9 commits
Select commit
Hold shift + click to select a range
ff4a861
fix: fix fedramp issues
aliehsaeedii ef47865
fix: remove log files
aliehsaeedii cbc8700
fix: update docs
aliehsaeedii 3cd316d
fix: add bcfks supprt
aliehsaeedii 40207a0
fix: add configs to both server and client side
aliehsaeedii ba9d0e8
fix: add security providers
aliehsaeedii 4fc7c7d
fix: remove log files
aliehsaeedii a34d2ba
fix:add providers in appropriate place
aliehsaeedii 7307fe3
fix: remove key pass for trust store
aliehsaeedii File filter
Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -220,15 +220,9 @@ private static void validateCipherSuites( | |
final FipsValidator fipsValidator, final KsqlRestConfig restConfig) { | ||
final Map<String, List<String>> fipsTlsMap = new HashMap<>(); | ||
final List<String> cipherSuites = restConfig.getList(KsqlRestConfig.SSL_CIPHER_SUITES_CONFIG); | ||
if (cipherSuites.isEmpty()) { | ||
final String errorMsg = "No cipher suites " | ||
+ "('" | ||
+ KsqlRestConfig.SSL_CIPHER_SUITES_CONFIG | ||
+ "') is specified."; | ||
log.error(errorMsg); | ||
throw new SecurityException(errorMsg); | ||
Comment on lines
-223
to
-229
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Why did you remove this? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Based on info form CP team, |
||
if (!cipherSuites.isEmpty()) { | ||
fipsTlsMap.put(KsqlRestConfig.SSL_CIPHER_SUITES_CONFIG, cipherSuites); | ||
} | ||
fipsTlsMap.put(KsqlRestConfig.SSL_CIPHER_SUITES_CONFIG, cipherSuites); | ||
fipsTlsMap.put(KsqlRestConfig.SSL_ENABLED_PROTOCOLS_CONFIG, | ||
restConfig.getList(KsqlRestConfig.SSL_ENABLED_PROTOCOLS_CONFIG)); | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Isn't there a unit test you need to adapt?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For the other two we don't have any.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OK
I think you need to adapt
SSL_KEYSTORE_TYPE_DOC
andSSL_TRUSTSTORE_TYPE_DOC
, though.