safebox/guacamole-client
4
0
Fork 0
mirror of https://github.com/gyurix1968/guacamole-client.git synced 2025-09-06 05:07:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

GUACAMOLE-2004: Fix KSM integration for RHEL systems with FIPS mode enabled.

Browse Source
This commit is contained in:
eugen-keeper
2024-12-13 16:58:41 +00:00
parent b3e21b7c70
commit 7a716b765c
1 changed files with 12 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
extensions/guacamole-vault/modules/guacamole-vault-ksm/src/main/java/org/apache/guacamole/vault/ksm/KsmAuthenticationProviderModule.java
View File

@@ -19,6 +19,8 @@
package org.apache.guacamole.vault.ksm;
import java.security.Security;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.vault.VaultAuthenticationProviderModule;
import org.apache.guacamole.vault.ksm.conf.KsmAttributeService;
@@ -36,6 +38,8 @@ import org.apache.guacamole.vault.ksm.secret.KsmRecordService;
import org.apache.guacamole.vault.secret.VaultSecretService;
import org.apache.guacamole.vault.user.VaultDirectoryService;
import org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider;
import com.google.inject.assistedinject.FactoryModuleBuilder;
/**
@@ -53,7 +57,14 @@ public class KsmAuthenticationProviderModule
* @throws GuacamoleException
* If configuration details in guacamole.properties cannot be parsed.
*/
public KsmAuthenticationProviderModule() throws GuacamoleException {}
public KsmAuthenticationProviderModule() throws GuacamoleException {
// KSM recommends using BouncyCastleFipsProvider to avoid potential
// issues (for example with FIPS enabled RHEL).
// https://docs.keeper.io/en/secrets-manager/secrets-manager/developer-sdk-library/java-sdk
// The addProvider method checks for duplications internally,
// so it is safe to add the same provider multiple times.
Security.addProvider(new BouncyCastleFipsProvider());
}
@Override
protected void configureVault() {