added validation of FIPS password length

jenkinsci · Nov 15, 2023 · b7c61de · b7c61de
1 parent dd04e33
commit b7c61de
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 0 deletions.
diff --git a/core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java b/core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java
@@ -452,6 +452,11 @@ private SignupInfo validateAccountCreationForm(StaplerRequest req, boolean valid
             si.errors.put("password1", Messages.HudsonPrivateSecurityRealm_CreateAccount_PasswordRequired());
         }
 
+        if (FIPS140.useCompliantAlgorithms()) {
+            if (si.password1.length() < 14) {
+                si.errors.put("password1", Messages.HudsonPrivateSecurityRealm_CreateAccount_FIPS_PasswordLengthInvalid());
+            }
+        }
         if (si.fullname == null || si.fullname.isEmpty()) {
             si.fullname = si.username;
         }

diff --git a/core/src/main/resources/hudson/security/Messages.properties b/core/src/main/resources/hudson/security/Messages.properties
@@ -36,6 +36,7 @@ HudsonPrivateSecurityRealm.ManageUserLinks.Description=Create/delete/modify user
 
 HudsonPrivateSecurityRealm.CreateAccount.TextNotMatchWordInImage=Text didn''t match the word shown in the image
 HudsonPrivateSecurityRealm.CreateAccount.PasswordNotMatch=Password didn''t match
+HudsonPrivateSecurityRealm.CreateAccount.FIPS.PasswordLengthInvalid=Password should be atleast 112 bits(14 Characters in FIPS mode)
 HudsonPrivateSecurityRealm.CreateAccount.PasswordRequired=Password is required
 HudsonPrivateSecurityRealm.CreateAccount.UserNameRequired=User name is required
 HudsonPrivateSecurityRealm.CreateAccount.UserNameInvalidCharacters=User name must only contain alphanumeric characters, underscore and dash