fix: set bc in approved only#375
Conversation
|
Important Review skippedDraft detected. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces FipsProviderVerificationTest.java to verify that the FIPS security provider configuration is correctly loaded. A review comment points out that the system property org.bouncycastle.fips.approved_only is not configured in the fips profile in sdk/pom.xml, which would cause the test to be silently skipped, and provides a configuration fix.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
| * under the fips Maven profile. Without this check, a misconfigured argLine would silently run | ||
| * all other tests against the default (non-FIPS) provider stack. | ||
| */ | ||
| @EnabledIfSystemProperty(named = "org.bouncycastle.fips.approved_only", matches = "true") |
There was a problem hiding this comment.
The system property org.bouncycastle.fips.approved_only is not configured in the fips profile within sdk/pom.xml. Consequently, this test will be silently skipped during test execution, and BouncyCastle FIPS will not run in approved-only mode as intended by the PR title.
To resolve this, please update the fips profile in sdk/pom.xml to include the system property:
<java.security.properties.test>-Djava.security.properties=${project.basedir}/src/test/resources/java.security.fips.test -Dorg.bouncycastle.fips.approved_only=true</java.security.properties.test>
Switch AsymEncryption from ENCRYPT_MODE+doFinal to WRAP_MODE+wrap, and AsymDecryption from DECRYPT_MODE+doFinal to UNWRAP_MODE+unwrap, treating the key material as AES SecretKeySpec for FIPS compatibility. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
1 participant
add a test to make sure that we are actually running with the correct providers