Merge pull request #560 from tejasdrolia/BEE-52993

Added validation for useHttp flag to fix the non FIPS compliant TLS usage.

src/main/java/io/jenkins/plugins/artifact_manager_jclouds/s3/S3BlobStoreConfig.java

@@ -57,8 +57,10 @@
 import io.jenkins.plugins.aws.global_configuration.CredentialsAwsGlobalConfiguration;
 
 import jenkins.model.Jenkins;
+import jenkins.security.FIPS140;
 import org.jenkinsci.Symbol;
 
+
 /**
  * Store the S3BlobStore configuration to save it on a separate file. This make that
  * the change of container does not affected to the Artifact functionality, you could change the container
@@ -199,7 +201,8 @@ public boolean getUseHttp() {
     }
 
     @DataBoundSetter
-    public void setUseHttp(boolean useHttp){
+    public void setUseHttp(boolean useHttp)  {
+        checkValue(doCheckUseHttp(useHttp));
         this.useHttp = useHttp;
         save();
     }
@@ -356,6 +359,14 @@ public FormValidation doCheckCustomEndpoint(@QueryParameter String customEndpoin
         return ret;
     }
 
+    public FormValidation doCheckUseHttp(@QueryParameter boolean useHttp) {
+        Jenkins.get().checkPermission(Jenkins.ADMINISTER);
+        if (FIPS140.useCompliantAlgorithms() && useHttp) {
+            return FormValidation.error("Cannot use HTTP in FIPS mode.");
+        }
+        return FormValidation.ok();
+    }
+
     /**
      * create an S3 Bucket.
      * @param name name of the S3 Bucket.
@@ -409,8 +420,11 @@ public FormValidation doValidateS3BucketConfig(
             @QueryParameter String customEndpoint,
             @QueryParameter String customSigningRegion) {
         Jenkins.get().checkPermission(Jenkins.ADMINISTER);
+
+        if (FIPS140.useCompliantAlgorithms() && useHttp) {
+            return FormValidation.warning("Validation failed as \"use Insecure Http\" flag is enabled while in FIPS mode");
+        }
         FormValidation ret = FormValidation.ok("success");
-
         S3BlobStore provider = new S3BlobStoreTester(container, prefix, 
                 useHttp, useTransferAcceleration,usePathStyleUrl,
                 disableSessionToken, customEndpoint, customSigningRegion);

src/test/java/io/jenkins/plugins/artifact_manager_jclouds/s3/S3BlobStoreConfigFipsEnabledTest.java

@@ -0,0 +1,27 @@
+package io.jenkins.plugins.artifact_manager_jclouds.s3;
+
+import org.junit.ClassRule;
+import org.junit.Rule;
+import org.junit.Test;
+import org.jvnet.hudson.test.FlagRule;
+import org.jvnet.hudson.test.JenkinsRule;
+import hudson.util.FormValidation;
+import static org.junit.Assert.assertEquals;
+import jenkins.security.FIPS140;
+
+
+public class S3BlobStoreConfigFipsEnabledTest {
+
+    @ClassRule
+    public static FlagRule<String> fipsFlag = FlagRule.systemProperty(FIPS140.class.getName() + ".COMPLIANCE", "true");
+
+    @Rule
+    public JenkinsRule j = new JenkinsRule();
+
+    @Test
+    public void checkValidationUseHttpsWithFipsEnabled() {
+        S3BlobStoreConfig descriptor = S3BlobStoreConfig.get();
+        assertEquals(descriptor.doCheckUseHttp(true).kind , FormValidation.Kind.ERROR);
+        assertEquals(descriptor.doCheckUseHttp(false).kind , FormValidation.Kind.OK);
+    }
+}

src/test/java/io/jenkins/plugins/artifact_manager_jclouds/s3/S3BlobStoreConfigTest.java

@@ -128,4 +128,10 @@ public void checkValidationCustomSigningRegion() {
         assertTrue(descriptor.doCheckCustomSigningRegion("").getMessage().contains("us-east-1"));
     }
 
+    @Test
+    public void checkValidationUseHttpsWithFipsDisabled() {
+        S3BlobStoreConfig descriptor = S3BlobStoreConfig.get();
+        assertEquals(descriptor.doCheckUseHttp(true).kind , FormValidation.Kind.OK);
+        assertEquals(descriptor.doCheckUseHttp(false).kind , FormValidation.Kind.OK);
+    }
 }