Adding profile for using SunPKCS11-NSS-FIPS provider (apache#6773)

jboss-fuse · Nov 13, 2024 · acb0d83 · acb0d83
1 parent 17df274
commit acb0d83
Show file tree

Hide file tree

Showing 4 changed files with 31 additions and 7 deletions.
diff --git a/integration-tests/crypto/README.adoc b/integration-tests/crypto/README.adoc
@@ -1,8 +1,13 @@
 == FIPS
 
-Please utilize the fips profile when executing tests within a FIPS-enabled environment. The tests must employ the BouncyCastle-FIPS dependency instead of the standard BouncyCastle library.
+Please utilize the fips profile when executing tests within a FIPS-enabled environment.
+There are two profiles:
+
+* Use `bcfips` profile to employ the BouncyCastle-FIPS security provider.
+* Use `fips` profile to employ the SunPKCS11-NSS-FIPS security provider.
+
 
 Example of usage:
 ```
-mvn clean test -Dfips
+mvn clean test -Dfips or mvn clean test -Dbcfips
 ```
diff --git a/integration-tests/crypto/pom.xml b/integration-tests/crypto/pom.xml
@@ -90,10 +90,10 @@
 
     <profiles>
         <profile>
-            <id>fips</id>
+            <id>bcfips</id>
             <activation>
                 <property>
-                    <name>fips</name>
+                    <name>bcfips</name>
                 </property>
             </activation>
             <properties>
@@ -110,6 +110,23 @@
                 </dependency>
             </dependencies>
         </profile>
+        <profile>
+            <id>fips</id>
+            <activation>
+                <property>
+                    <name>fips</name>
+                </property>
+            </activation>
+            <properties>
+                <cq-security-provider>quarkus.security.security-providers=SunPKCS11-NSS-FIPS</cq-security-provider>
+            </properties>
+            <dependencies>
+                <dependency>
+                    <groupId>io.quarkus</groupId>
+                    <artifactId>quarkus-security</artifactId>
+                </dependency>
+            </dependencies>
+        </profile>
         <profile>
             <id>native</id>
             <activation>

diff --git a/...tests/crypto/src/main/java/org/apache/camel/quarkus/component/crypto/it/CryptoRoutes.java b/...tests/crypto/src/main/java/org/apache/camel/quarkus/component/crypto/it/CryptoRoutes.java
@@ -63,7 +63,10 @@ public void configure() throws Exception {
 
     private CryptoDataFormat getCryptoDataFormat() throws NoSuchAlgorithmException {
         KeyGenerator generator = KeyGenerator.getInstance("DES");
-        return new CryptoDataFormat("DES", generator.generateKey());
+        CryptoDataFormat cdf = new CryptoDataFormat("DES", generator.generateKey());
+        //workaround for SunPKCS11-NSS-FIPS
+        cdf.setShouldAppendHMAC(false);
+        return cdf;
     }
 
 }
diff --git a/integration-tests/crypto/src/main/resources/application.properties b/integration-tests/crypto/src/main/resources/application.properties
@@ -16,6 +16,5 @@
 ## ---------------------------------------------------------------------------
 quarkus.native.resources.includes=*.jks
 
-#FIPS profile adds BCFIPS provider
+#profile adds SunPKCS11-NSS-FIPS or BCFIPS provider
 ${cq-security-provider}
-