Skip to content

Commit 3cd9aa6

Browse files
cwperkscwperks
authored
Update logic in FipsBuildParams.isInFipsApprovedOnlyMode to check for env param instead of org.bouncycastle.fips.approved_only (#21366)
Signed-off-by: Craig Perkins <cwperx@amazon.com>
1 parent 9bcf4f0 commit 3cd9aa6

2 files changed

Lines changed: 27 additions & 1 deletion

File tree

buildSrc/src/main/java/org/opensearch/gradle/info/FipsBuildParams.java

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,7 @@
99
package org.opensearch.gradle.info;
1010

1111
import java.util.function.Function;
12+
import java.util.function.Supplier;
1213

1314
public class FipsBuildParams {
1415

@@ -18,6 +19,7 @@ public class FipsBuildParams {
1819
public static final String DEFAULT_FIPS_MODE = "FIPS-140-3";
1920

2021
private static String fipsMode;
22+
static Supplier<String> fipsModeEnvSupplier = () -> System.getenv("OPENSEARCH_FIPS_MODE");
2123

2224
public static void init(Function<String, Object> fipsValue) {
2325
var fipsBuildParamForTests = Boolean.parseBoolean((String) fipsValue.apply(FIPS_BUILD_PARAM_FOR_TESTS));
@@ -37,7 +39,7 @@ public static boolean isInFipsMode() {
3739
}
3840

3941
public static boolean isInFipsApprovedOnlyMode() {
40-
return isInFipsMode() && "true".equals(System.getProperty("org.bouncycastle.fips.approved_only"));
42+
return isInFipsMode() && "true".equalsIgnoreCase(fipsModeEnvSupplier.get());
4143
}
4244

4345
public static String getFipsMode() {

buildSrc/src/test/java/org/opensearch/gradle/info/FipsBuildParamsTests.java

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,30 @@
1414

1515
public class FipsBuildParamsTests extends GradleUnitTestCase {
1616

17+
public void testIsInFipsApprovedOnlyMode() {
18+
FipsBuildParams.init(cryptoEntryFnWithStringParam);
19+
20+
FipsBuildParams.fipsModeEnvSupplier = () -> "true";
21+
assertTrue(FipsBuildParams.isInFipsApprovedOnlyMode());
22+
23+
FipsBuildParams.fipsModeEnvSupplier = () -> "TRUE";
24+
assertTrue(FipsBuildParams.isInFipsApprovedOnlyMode());
25+
26+
FipsBuildParams.fipsModeEnvSupplier = () -> "false";
27+
assertFalse(FipsBuildParams.isInFipsApprovedOnlyMode());
28+
29+
FipsBuildParams.fipsModeEnvSupplier = () -> null;
30+
assertFalse(FipsBuildParams.isInFipsApprovedOnlyMode());
31+
32+
// Not in FIPS mode — should always be false regardless of env var
33+
FipsBuildParams.init(param -> null);
34+
FipsBuildParams.fipsModeEnvSupplier = () -> "true";
35+
assertFalse(FipsBuildParams.isInFipsApprovedOnlyMode());
36+
37+
// Reset
38+
FipsBuildParams.fipsModeEnvSupplier = () -> System.getenv("OPENSEARCH_FIPS_MODE");
39+
}
40+
1741
public void testIsInFipsMode() {
1842
FipsBuildParams.init(cryptoEntryFnWithStringParam);
1943
assertTrue(FipsBuildParams.isInFipsMode());

0 commit comments

Comments
 (0)