Package hudson.plugins.ec2.util

Class FIPS140Utils

java.lang.Object
hudson.plugins.ec2.util.FIPS140Utils
public class FIPS140Utils extends Object
FIPS related utility methods (check Private and Public keys, ...)

  • Constructor Details

    • FIPS140Utils

      public FIPS140Utils()

  • Method Details

    • ensureKeyInFipsMode

      public static void ensureKeyInFipsMode(Key key)
      Checks if the key is allowed when FIPS mode is requested. Allowed key with the following algorithms and sizes:
      • DSA with key size >= 2048
      • RSA with key size >= 2048
      • Elliptic curve (ED25519) with field size >= 224
      If the key is valid and allowed or not in FIPS mode method will just exit. If not it will throw an IllegalArgumentException.
      Parameters:
      key - The key to check.

    • ensureNoPasswordLeak

      public static void ensureNoPasswordLeak(URL url, String password)
      Password leak prevention when FIPS mode is requested. If FIPS mode is not requested, this method does nothing. Otherwise, ensure that no password can be leaked
      Parameters:
      url - the requested URL
      password - the password used
      Throws:
      IllegalArgumentException - if there is a risk that the password will leak

    • ensureNoPasswordLeak

      public static void ensureNoPasswordLeak(boolean useHTTPS, String password)
      Password leak prevention when FIPS mode is requested. If FIPS mode is not requested, this method does nothing. Otherwise, ensure that no password can be leaked.
      Parameters:
      useHTTPS - is TLS used or not
      password - the password used
      Throws:
      IllegalArgumentException - if there is a risk that the password will leak

    • ensureNoPasswordLeak

      public static void ensureNoPasswordLeak(boolean useHTTPS, boolean usePassword)
      Password leak prevention when FIPS mode is requested. If FIPS mode is not requested, this method does nothing. Otherwise, ensure that no password can be leaked.
      Parameters:
      useHTTPS - is TLS used or not
      usePassword - is a password used
      Throws:
      IllegalArgumentException - if there is a risk that the password will leak

    • ensurePasswordLength

      public static void ensurePasswordLength(String password)
      Password length check chen FIPS mode is requested. If FIPS mode is not requested, this method does nothing. Otherwise, ensure that the password length is at least 14 char long.
      Parameters:
      password - the password to check
      Throws:
      IllegalArgumentException - if FIPS mode is requested and the password is too short

    • ensureNoSelfSignedCertificate

      public static void ensureNoSelfSignedCertificate(boolean allowSelfSignedCertificate)
      Password leak prevention when FIPS mode is requested. If FIPS mode is not requested, this method does nothing. Otherwise, ensure that no password can be leaked.
      Parameters:
      allowSelfSignedCertificate - is self-signed certificate allowed
      Throws:
      IllegalArgumentException - if FIPS mode is requested and a self-signed certificate is allowed

    • ensurePrivateKeyInFipsMode

      public static void ensurePrivateKeyInFipsMode(String privateKeyString)
      Checks if the private key is allowed when FIPS mode is requested. Allowed private key with the following algorithms and sizes:
      • DSA with key size >= 2048
      • RSA with key size >= 2048
      • Elliptic curve (ED25519) with field size >= 224
      If the private key is valid and allowed or not in FIPS mode method will just exit. If not it will throw an IllegalArgumentException.
      Parameters:
      privateKeyString - String containing the private key PEM.

    • ensurePublicKeyInFipsMode

      public static void ensurePublicKeyInFipsMode(@NonNull String algorithm, @NonNull byte[] key)