From ded243fb1690eca9d675907c6f9e2b0ce5c09597 Mon Sep 17 00:00:00 2001 From: Roshin Rajan Panackal Date: Thu, 28 May 2026 11:01:56 +0200 Subject: [PATCH 1/5] Change all JKS usage to PKCS12 --- .../cloud/sdk/cloudplatform/connectivity/KeyStoreReader.java | 4 ++-- .../sdk/cloudplatform/connectivity/KeyStoreReaderTest.java | 2 +- .../cloudplatform/connectivity/ZeroTrustIdentityService.java | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/cloudplatform/cloudplatform-connectivity/src/main/java/com/sap/cloud/sdk/cloudplatform/connectivity/KeyStoreReader.java b/cloudplatform/cloudplatform-connectivity/src/main/java/com/sap/cloud/sdk/cloudplatform/connectivity/KeyStoreReader.java index 618f9ab282..cbb09cbf00 100644 --- a/cloudplatform/cloudplatform-connectivity/src/main/java/com/sap/cloud/sdk/cloudplatform/connectivity/KeyStoreReader.java +++ b/cloudplatform/cloudplatform-connectivity/src/main/java/com/sap/cloud/sdk/cloudplatform/connectivity/KeyStoreReader.java @@ -53,7 +53,7 @@ static KeyStore createKeyStore( Try.of(() -> loadCertificates(certReader)).getOrElseThrow(e -> new DestinationAccessException(MSG_CERT, e)); final PrivateKey privateKey = Try.of(() -> loadKey(keyReader, password)).getOrElseThrow(e -> new DestinationAccessException(MSG_KEY, e)); - final KeyStore keyStore = KeyStore.getInstance("JKS"); + final KeyStore keyStore = KeyStore.getInstance("PKCS12"); keyStore.load(null); keyStore.setKeyEntry(alias, privateKey, password, clientCertificates); return keyStore; @@ -65,7 +65,7 @@ static Certificate[] loadCertificates( @Nonnull final Reader certReader ) IOException { final List certs = new ArrayList<>(); - final CertificateFactory factory = CertificateFactory.getInstance("X509"); + final CertificateFactory factory = CertificateFactory.getInstance("X.509"); try( PEMParser pemParser = new PEMParser(certReader) ) { PemObject object; diff --git a/cloudplatform/connectivity-apache-httpclient4/src/test/java/com/sap/cloud/sdk/cloudplatform/connectivity/KeyStoreReaderTest.java b/cloudplatform/connectivity-apache-httpclient4/src/test/java/com/sap/cloud/sdk/cloudplatform/connectivity/KeyStoreReaderTest.java index 20629e6869..40bc216726 100644 --- a/cloudplatform/connectivity-apache-httpclient4/src/test/java/com/sap/cloud/sdk/cloudplatform/connectivity/KeyStoreReaderTest.java +++ b/cloudplatform/connectivity-apache-httpclient4/src/test/java/com/sap/cloud/sdk/cloudplatform/connectivity/KeyStoreReaderTest.java @@ -31,7 +31,7 @@ void testPem() final FileReader certs = new FileReader(CRT_PATH), key = new FileReader(KEY_PATH); final KeyStore createdKeystore = createKeyStore(ALIAS, PASS, certs, key); - assertThat(createdKeystore.getType()).isEqualTo("JKS"); + assertThat(createdKeystore.getType()).isEqualTo("PKCS12"); assertThat(createdKeystore.getProvider()).isNotNull(); assertThat(createdKeystore.getCertificateChain(ALIAS)).hasSize(1); diff --git a/cloudplatform/connectivity-ztis/src/main/java/com/sap/cloud/sdk/cloudplatform/connectivity/ZeroTrustIdentityService.java b/cloudplatform/connectivity-ztis/src/main/java/com/sap/cloud/sdk/cloudplatform/connectivity/ZeroTrustIdentityService.java index b9433549d1..eba892e88d 100644 --- a/cloudplatform/connectivity-ztis/src/main/java/com/sap/cloud/sdk/cloudplatform/connectivity/ZeroTrustIdentityService.java +++ b/cloudplatform/connectivity-ztis/src/main/java/com/sap/cloud/sdk/cloudplatform/connectivity/ZeroTrustIdentityService.java @@ -209,7 +209,7 @@ KeyStore loadKeyStore( @Nonnull final X509Svid svid ) final KeyStore.Entry privateKeyEntry = new PrivateKeyEntry(svid.getPrivateKey(), svid.getChainArray()); final KeyStore keyStore; try { - keyStore = KeyStore.getInstance("JKS"); + keyStore = KeyStore.getInstance("PKCS12"); keyStore.load(null); keyStore.setEntry("spiffe", privateKeyEntry, new KeyStore.PasswordProtection(new char[0])); } From 127b3536b5e7f87a13a6824ced1a0d34c9cc12fd Mon Sep 17 00:00:00 2001 From: Roshin Rajan Panackal Date: Wed, 3 Jun 2026 13:43:39 +0200 Subject: [PATCH 2/5] Switch to defaultType() from harcoded pkcs12 --- .../cloud/sdk/cloudplatform/connectivity/KeyStoreReader.java | 2 +- .../sdk/cloudplatform/connectivity/KeyStoreReaderTest.java | 2 +- .../cloudplatform/connectivity/ZeroTrustIdentityService.java | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/cloudplatform/cloudplatform-connectivity/src/main/java/com/sap/cloud/sdk/cloudplatform/connectivity/KeyStoreReader.java b/cloudplatform/cloudplatform-connectivity/src/main/java/com/sap/cloud/sdk/cloudplatform/connectivity/KeyStoreReader.java index cbb09cbf00..55965736f4 100644 --- a/cloudplatform/cloudplatform-connectivity/src/main/java/com/sap/cloud/sdk/cloudplatform/connectivity/KeyStoreReader.java +++ b/cloudplatform/cloudplatform-connectivity/src/main/java/com/sap/cloud/sdk/cloudplatform/connectivity/KeyStoreReader.java @@ -53,7 +53,7 @@ static KeyStore createKeyStore( Try.of(() -> loadCertificates(certReader)).getOrElseThrow(e -> new DestinationAccessException(MSG_CERT, e)); final PrivateKey privateKey = Try.of(() -> loadKey(keyReader, password)).getOrElseThrow(e -> new DestinationAccessException(MSG_KEY, e)); - final KeyStore keyStore = KeyStore.getInstance("PKCS12"); + final KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); keyStore.load(null); keyStore.setKeyEntry(alias, privateKey, password, clientCertificates); return keyStore; diff --git a/cloudplatform/connectivity-apache-httpclient4/src/test/java/com/sap/cloud/sdk/cloudplatform/connectivity/KeyStoreReaderTest.java b/cloudplatform/connectivity-apache-httpclient4/src/test/java/com/sap/cloud/sdk/cloudplatform/connectivity/KeyStoreReaderTest.java index 40bc216726..9059e31e28 100644 --- a/cloudplatform/connectivity-apache-httpclient4/src/test/java/com/sap/cloud/sdk/cloudplatform/connectivity/KeyStoreReaderTest.java +++ b/cloudplatform/connectivity-apache-httpclient4/src/test/java/com/sap/cloud/sdk/cloudplatform/connectivity/KeyStoreReaderTest.java @@ -31,7 +31,7 @@ void testPem() final FileReader certs = new FileReader(CRT_PATH), key = new FileReader(KEY_PATH); final KeyStore createdKeystore = createKeyStore(ALIAS, PASS, certs, key); - assertThat(createdKeystore.getType()).isEqualTo("PKCS12"); + assertThat(createdKeystore.getType()).isEqualTo(KeyStore.getDefaultType()); assertThat(createdKeystore.getProvider()).isNotNull(); assertThat(createdKeystore.getCertificateChain(ALIAS)).hasSize(1); diff --git a/cloudplatform/connectivity-ztis/src/main/java/com/sap/cloud/sdk/cloudplatform/connectivity/ZeroTrustIdentityService.java b/cloudplatform/connectivity-ztis/src/main/java/com/sap/cloud/sdk/cloudplatform/connectivity/ZeroTrustIdentityService.java index eba892e88d..842b49cba2 100644 --- a/cloudplatform/connectivity-ztis/src/main/java/com/sap/cloud/sdk/cloudplatform/connectivity/ZeroTrustIdentityService.java +++ b/cloudplatform/connectivity-ztis/src/main/java/com/sap/cloud/sdk/cloudplatform/connectivity/ZeroTrustIdentityService.java @@ -209,7 +209,7 @@ KeyStore loadKeyStore( @Nonnull final X509Svid svid ) final KeyStore.Entry privateKeyEntry = new PrivateKeyEntry(svid.getPrivateKey(), svid.getChainArray()); final KeyStore keyStore; try { - keyStore = KeyStore.getInstance("PKCS12"); + keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); keyStore.load(null); keyStore.setEntry("spiffe", privateKeyEntry, new KeyStore.PasswordProtection(new char[0])); } From a32f57ed9fcb02e6d6cc35197621d166aa5eb10d Mon Sep 17 00:00:00 2001 From: Roshin Rajan Panackal Date: Mon, 8 Jun 2026 13:24:24 +0200 Subject: [PATCH 3/5] Change JKS usage in test code as well except DestinationKeyStoreExrtractor --- .../connectivity/DefaultHttpDestinationTest.java | 6 +++--- .../ClientCertificateAuthenticationLocalTest.java | 8 ++++---- .../connectivity/HttpClient5OAuth2TokenServiceTest.java | 2 +- .../cloudplatform/connectivity/OAuth2IntegrationTest.java | 2 +- .../sdk/cloudplatform/connectivity/OAuth2ServiceTest.java | 6 +++--- 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/cloudplatform/cloudplatform-connectivity/src/test/java/com/sap/cloud/sdk/cloudplatform/connectivity/DefaultHttpDestinationTest.java b/cloudplatform/cloudplatform-connectivity/src/test/java/com/sap/cloud/sdk/cloudplatform/connectivity/DefaultHttpDestinationTest.java index 1170421fda..f4f8d93e0c 100644 --- a/cloudplatform/cloudplatform-connectivity/src/test/java/com/sap/cloud/sdk/cloudplatform/connectivity/DefaultHttpDestinationTest.java +++ b/cloudplatform/cloudplatform-connectivity/src/test/java/com/sap/cloud/sdk/cloudplatform/connectivity/DefaultHttpDestinationTest.java @@ -155,11 +155,11 @@ void testEqualsWithKeyStore() final KeyPair keyPair = DestinationKeyStoreComparatorTest.generateKeyPair(); final Certificate cert = DestinationKeyStoreComparatorTest.generateCertificate(keyPair, "a"); - final KeyStore keystore1 = KeyStore.getInstance("JKS"); + final KeyStore keystore1 = KeyStore.getInstance(KeyStore.getDefaultType()); keystore1.load(null); keystore1.setKeyEntry("a", keyPair.getPrivate(), new char[0], new Certificate[] { cert }); - final KeyStore keystore2 = KeyStore.getInstance("JKS"); + final KeyStore keystore2 = KeyStore.getInstance(KeyStore.getDefaultType()); keystore2.load(null); keystore2.setKeyEntry("a", keyPair.getPrivate(), new char[0], new Certificate[] { cert }); @@ -171,7 +171,7 @@ void testEqualsWithKeyStore() assertThat(dest1).hasSameHashCodeAs(dest2); // check for destination with empty key-store - final KeyStore keystore3 = KeyStore.getInstance("JKS"); + final KeyStore keystore3 = KeyStore.getInstance(KeyStore.getDefaultType()); keystore3.load(null); final DefaultHttpDestination dest3 = DefaultHttpDestination.builder(VALID_URI).keyStore(keystore3).build(); diff --git a/cloudplatform/connectivity-apache-httpclient4/src/test/java/com/sap/cloud/sdk/cloudplatform/connectivity/ClientCertificateAuthenticationLocalTest.java b/cloudplatform/connectivity-apache-httpclient4/src/test/java/com/sap/cloud/sdk/cloudplatform/connectivity/ClientCertificateAuthenticationLocalTest.java index e418c79f8d..f2f34c5e95 100644 --- a/cloudplatform/connectivity-apache-httpclient4/src/test/java/com/sap/cloud/sdk/cloudplatform/connectivity/ClientCertificateAuthenticationLocalTest.java +++ b/cloudplatform/connectivity-apache-httpclient4/src/test/java/com/sap/cloud/sdk/cloudplatform/connectivity/ClientCertificateAuthenticationLocalTest.java @@ -39,7 +39,7 @@ class ClientCertificateAuthenticationLocalTest { private static final String CCA_PASSWORD = "cca-password"; - private static final String JKS_PATH = + private static final String PKCS_PATH = "src/test/resources/" + ClientCertificateAuthenticationLocalTest.class.getSimpleName() + "/client-cert.pkcs12"; @BeforeEach @@ -127,9 +127,9 @@ private static WireMockConfiguration buildWireMockConfiguration() .httpDisabled(true) .dynamicHttpsPort() .needClientAuth(true) - .trustStorePath(JKS_PATH) + .trustStorePath(PKCS_PATH) .trustStorePassword(CCA_PASSWORD) - .trustStoreType("JKS"); + .trustStoreType("PKCS12"); } private static KeyStore getClientKeyStore() @@ -139,7 +139,7 @@ private static KeyStore getClientKeyStore() NoSuchAlgorithmException { final KeyStore keyStore = KeyStore.getInstance("PKCS12"); - keyStore.load(new FileInputStream(JKS_PATH), CCA_PASSWORD.toCharArray()); + keyStore.load(new FileInputStream(PKCS_PATH), CCA_PASSWORD.toCharArray()); return keyStore; } } diff --git a/cloudplatform/connectivity-oauth/src/test/java/com/sap/cloud/sdk/cloudplatform/connectivity/HttpClient5OAuth2TokenServiceTest.java b/cloudplatform/connectivity-oauth/src/test/java/com/sap/cloud/sdk/cloudplatform/connectivity/HttpClient5OAuth2TokenServiceTest.java index dcb5fb00da..bb8eff2f43 100644 --- a/cloudplatform/connectivity-oauth/src/test/java/com/sap/cloud/sdk/cloudplatform/connectivity/HttpClient5OAuth2TokenServiceTest.java +++ b/cloudplatform/connectivity-oauth/src/test/java/com/sap/cloud/sdk/cloudplatform/connectivity/HttpClient5OAuth2TokenServiceTest.java @@ -658,7 +658,7 @@ private static HttpClientResponseHandler anyHttpClientResponseHandler() private static KeyStore createEmptyKeyStore() throws Exception { - final KeyStore keyStore = KeyStore.getInstance("JKS"); + final KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); keyStore.load(null, null); return keyStore; } diff --git a/cloudplatform/connectivity-oauth/src/test/java/com/sap/cloud/sdk/cloudplatform/connectivity/OAuth2IntegrationTest.java b/cloudplatform/connectivity-oauth/src/test/java/com/sap/cloud/sdk/cloudplatform/connectivity/OAuth2IntegrationTest.java index ab77ebeb89..242b1e0f8f 100644 --- a/cloudplatform/connectivity-oauth/src/test/java/com/sap/cloud/sdk/cloudplatform/connectivity/OAuth2IntegrationTest.java +++ b/cloudplatform/connectivity-oauth/src/test/java/com/sap/cloud/sdk/cloudplatform/connectivity/OAuth2IntegrationTest.java @@ -177,7 +177,7 @@ void testIasFlowWithZeroTrustAndSubscriberTenant() IOException, NoSuchAlgorithmException { - final KeyStore ks = KeyStore.getInstance("JKS"); + final KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); ks.load(null, null); final ClientIdentity identity = new SecurityLibWorkarounds.ZtisClientIdentity("myClientId", () -> ks); diff --git a/cloudplatform/connectivity-oauth/src/test/java/com/sap/cloud/sdk/cloudplatform/connectivity/OAuth2ServiceTest.java b/cloudplatform/connectivity-oauth/src/test/java/com/sap/cloud/sdk/cloudplatform/connectivity/OAuth2ServiceTest.java index 63aa47ddf8..ae7031392f 100644 --- a/cloudplatform/connectivity-oauth/src/test/java/com/sap/cloud/sdk/cloudplatform/connectivity/OAuth2ServiceTest.java +++ b/cloudplatform/connectivity-oauth/src/test/java/com/sap/cloud/sdk/cloudplatform/connectivity/OAuth2ServiceTest.java @@ -407,7 +407,7 @@ void testZeroTrustClientIdentity() IOException, NoSuchAlgorithmException { - final KeyStore ks = KeyStore.getInstance("JKS"); + final KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); ks.load(null, null); ClientIdentity identity = new ZtisClientIdentity("id", () -> ks); OAuth2Service service = OAuth2Service.builder().withTokenUri(SERVER_1.baseUrl()).withIdentity(identity).build(); @@ -426,8 +426,8 @@ void testZeroTrustClientIdentity() void testZeroTrustCertificateRotationCausesCacheMiss() { // we need to use actual KeyStores here because the code will build an HTTP Client and mocks don't suffice - final KeyStore ks1 = KeyStore.getInstance("JKS"); - final KeyStore ks2 = KeyStore.getInstance("JKS"); + final KeyStore ks1 = KeyStore.getInstance(KeyStore.getDefaultType()); + final KeyStore ks2 = KeyStore.getInstance(KeyStore.getDefaultType()); ks1.load(null, null); ks2.load(null, null); From ee6633c8488c42aa4d5fb6aafc8c49ff2b7600cb Mon Sep 17 00:00:00 2001 From: Roshin Rajan Panackal <36329474+rpanackal@users.noreply.github.com> Date: Mon, 8 Jun 2026 16:12:16 +0200 Subject: [PATCH 4/5] test: FIPS sample module (#1196) --- .../connectivity-fips-sample/pom.xml | 144 ++++++++++++++++++ .../connectivity/FipsProviderTest.java | 78 ++++++++++ .../src/test/resources/README.md | 18 +++ .../resources/certificates/client-cert.crt | 19 +++ .../resources/certificates/client-cert.key | 28 ++++ cloudplatform/pom.xml | 12 ++ module-inventory.json | 11 ++ pom.xml | 1 + 8 files changed, 311 insertions(+) create mode 100644 cloudplatform/connectivity-fips-sample/pom.xml create mode 100644 cloudplatform/connectivity-fips-sample/src/test/java/com/sap/cloud/sdk/cloudplatform/connectivity/FipsProviderTest.java create mode 100644 cloudplatform/connectivity-fips-sample/src/test/resources/README.md create mode 100644 cloudplatform/connectivity-fips-sample/src/test/resources/certificates/client-cert.crt create mode 100644 cloudplatform/connectivity-fips-sample/src/test/resources/certificates/client-cert.key diff --git a/cloudplatform/connectivity-fips-sample/pom.xml b/cloudplatform/connectivity-fips-sample/pom.xml new file mode 100644 index 0000000000..ce01294850 --- /dev/null +++ b/cloudplatform/connectivity-fips-sample/pom.xml @@ -0,0 +1,144 @@ + + + 4.0.0 + + com.sap.cloud.sdk.cloudplatform + cloudplatform-parent + 5.31.0-SNAPSHOT + + connectivity-fips-sample + Connectivity - FIPS Sample + Non-released sample module that runs connectivity tests under the FIPS-approved Bouncy Castle provider. + https://sap.github.io/cloud-sdk/docs/java/getting-started + + SAP SE + https://www.sap.com + + + + The Apache Software License, Version 2.0 + https://www.apache.org/licenses/LICENSE-2.0.txt + + + + + SAP + cloudsdk@sap.com + SAP SE + https://www.sap.com + + + + 2.1.2 + 2.1.9 + + + + com.sap.cloud.sdk.cloudplatform + cloudplatform-connectivity + + + org.bouncycastle + bcprov-jdk18on + + + org.bouncycastle + bcpkix-jdk18on + + + test + + + org.bouncycastle + bc-fips + ${bc-fips.version} + test + + + org.bouncycastle + bcpkix-fips + ${bcpkix-fips.version} + test + + + org.projectlombok + lombok + provided + + + org.junit.jupiter + junit-jupiter-api + test + + + org.assertj + assertj-core + test + + + + + + org.apache.maven.plugins + maven-surefire-plugin + + ${argLine} -Dorg.bouncycastle.fips.approved_only=true + + + + + org.apache.maven.plugins + maven-dependency-plugin + + + org.bouncycastle:bc-fips + org.bouncycastle:bcpkix-fips + com.sap.cloud.sdk.cloudplatform:cloudplatform-connectivity + + + + + org.apache.maven.plugins + maven-checkstyle-plugin + true + + + org.apache.maven.plugins + maven-pmd-plugin + true + + + org.apache.maven.plugins + maven-javadoc-plugin + true + + + org.jacoco + jacoco-maven-plugin + true + + + + + + release + + release + + + + + org.sonatype.central + central-publishing-maven-plugin + + + injected-central-publishing + + + + + + + + + diff --git a/cloudplatform/connectivity-fips-sample/src/test/java/com/sap/cloud/sdk/cloudplatform/connectivity/FipsProviderTest.java b/cloudplatform/connectivity-fips-sample/src/test/java/com/sap/cloud/sdk/cloudplatform/connectivity/FipsProviderTest.java new file mode 100644 index 0000000000..5db11d399e --- /dev/null +++ b/cloudplatform/connectivity-fips-sample/src/test/java/com/sap/cloud/sdk/cloudplatform/connectivity/FipsProviderTest.java @@ -0,0 +1,78 @@ +package com.sap.cloud.sdk.cloudplatform.connectivity; + +import static org.assertj.core.api.Assertions.assertThat; +import static org.assertj.core.api.Assertions.assertThatThrownBy; + +import java.io.FileReader; +import java.security.KeyStore; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; +import java.security.Security; + +import org.bouncycastle.crypto.CryptoServicesRegistrar; +import org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider; +import org.junit.jupiter.api.AfterAll; +import org.junit.jupiter.api.BeforeAll; +import org.junit.jupiter.api.Test; + +import lombok.SneakyThrows; + +/** + * Tests the behavior of {@link KeyStoreReader} when operating in FIPS-approved mode with BouncyCastle FIPS provider. + */ +class FipsProviderTest +{ + private static final String RES = "src/test/resources/certificates"; + private static final String CRT_PATH = RES + "/client-cert.crt"; + private static final String KEY_PATH = RES + "/client-cert.key"; + private static final String ALIAS = "client-cert"; + private static final char[] EMPTY_PASSWORD = new char[0]; + + @AfterAll + static void removeBouncyCastleFips() + { + Security.removeProvider("BCFIPS"); + } + + @BeforeAll + static void registerBouncyCastleFips() + { + Security.insertProviderAt(new BouncyCastleFipsProvider(), 1); + + assertThat(Security.getProvider("BCFIPS")) + .describedAs("BC FIPS provider must be registered as a JCA provider") + .isNotNull(); + + assertThat(CryptoServicesRegistrar.isInApprovedOnlyMode()) + .describedAs("BC FIPS must be in approved-only mode. ") + .isTrue(); + } + + @Test + @SneakyThrows + void testDefaultKeystoreTypeIsP12() + { + final KeyStore keyStore = + KeyStoreReader.createKeyStore(ALIAS, EMPTY_PASSWORD, new FileReader(CRT_PATH), new FileReader(KEY_PATH)); + + assertThat(keyStore.getType()).isEqualToIgnoringCase("PKCS12"); + } + + @Test + @SneakyThrows + void testKeystoreTypeOverrideToBCFKS() + { + Security.setProperty("keystore.type", "BCFKS"); + + final KeyStore keyStore = KeyStore.getInstance("BCFKS"); + assertThat(keyStore.getType()).isEqualTo("BCFKS"); + } + + @Test + void testMD5IsRejectedInApprovedOnlyMode() + { + assertThatThrownBy(() -> MessageDigest.getInstance("MD5", "BCFIPS")) + .isInstanceOf(NoSuchAlgorithmException.class); + + } +} diff --git a/cloudplatform/connectivity-fips-sample/src/test/resources/README.md b/cloudplatform/connectivity-fips-sample/src/test/resources/README.md new file mode 100644 index 0000000000..53c46526d8 --- /dev/null +++ b/cloudplatform/connectivity-fips-sample/src/test/resources/README.md @@ -0,0 +1,18 @@ +# Credentials + +The credential files are required for running the FIPS provider tests. + +## Generate Client Credentials + +Run the following commands from `cloudplatform/connectivity-fips-sample/src/test/resources/`: + +```bash +# Create the directory +mkdir -p certificates + +# Generate the key and certificate using Docker (alpine/openssl) +docker run --rm -v "$(pwd)/certificates:/certs" alpine/openssl \ + req -x509 -newkey rsa:2048 -nodes \ + -keyout /certs/client-cert.key \ + -out /certs/client-cert.crt \ + -days 3650 -subj "/CN=localhost" \ No newline at end of file diff --git a/cloudplatform/connectivity-fips-sample/src/test/resources/certificates/client-cert.crt b/cloudplatform/connectivity-fips-sample/src/test/resources/certificates/client-cert.crt new file mode 100644 index 0000000000..677aec0372 --- /dev/null +++ b/cloudplatform/connectivity-fips-sample/src/test/resources/certificates/client-cert.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDCTCCAfGgAwIBAgIUBERZ7w9qG2je5O6o+Nn+ssaZYOQwDQYJKoZIhvcNAQEL +BQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTI2MDYwODEzMjQzNVoXDTM2MDYw +NTEzMjQzNVowFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAsXImnalCNo7Jk4EyD1aqWJgrzVXYALVKm8kq5E+azFpv +3XB8QQBUXfJJNdkY1uNni6cd+twTzAhdBK+ygTsBkDbMz/r0oniLlLmGTG7L5aCW +asYVa+HTesi0EunlGDzFbRSuwy/IdfvK2uaU0VeGoyt7Zr0OWg72mPwGPQRvPcEI +ZljEkgajhiHeEGM9hlCTZnpx9Aye3C/4yek4734QK+ZYqvW/1mYJ08EwDudQUy8n +rrXhAg7/ppS9v2480fAGI7WonRt4y+sAlaET8YkxNXCRPygwTDaGfQ/yjvXfK37B +yiEl8qDMFU/WVjEBlet8wLT2/A7qxzjow0UWtsPWWQIDAQABo1MwUTAdBgNVHQ4E +FgQUEfT0MvVXq56A21bschMDKdUqg7UwHwYDVR0jBBgwFoAUEfT0MvVXq56A21bs +chMDKdUqg7UwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAQI0R +I+x9f2zfQThxkRsF5NoQCqgtaGckcsqk1ADcDLqQWck/j9CE3xMLPYcDKgwURG5s +/yHUJhv+9/S2uQ/0Xl32GF8fl45av3yUz1aPW6T1JsHWD6/thUtoxvuZr5W1rn/1 +UdYvVnNutLGp1PQWbjxmdH2sZwmDZ/2ovKNCEwnmzOi3Jft7xnu94SyTZqVYnJt0 +rQw5NwrjxspPsJQx/2Rd7EEeg4b/LQEQrEIhchNPzGyLK14mF4nk/ImZ5unkNePt +kgy6ysoQWHBf+N+184c9B3+qFZAItWOGvBx9z0jS9eQELWT7MBsJ4s2Lufku73kn +V2gbQ/izbQlQpKduuw== +-----END CERTIFICATE----- diff --git a/cloudplatform/connectivity-fips-sample/src/test/resources/certificates/client-cert.key b/cloudplatform/connectivity-fips-sample/src/test/resources/certificates/client-cert.key new file mode 100644 index 0000000000..20800e1d69 --- /dev/null +++ b/cloudplatform/connectivity-fips-sample/src/test/resources/certificates/client-cert.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCxciadqUI2jsmT +gTIPVqpYmCvNVdgAtUqbySrkT5rMWm/dcHxBAFRd8kk12RjW42eLpx363BPMCF0E +r7KBOwGQNszP+vSieIuUuYZMbsvloJZqxhVr4dN6yLQS6eUYPMVtFK7DL8h1+8ra +5pTRV4ajK3tmvQ5aDvaY/AY9BG89wQhmWMSSBqOGId4QYz2GUJNmenH0DJ7cL/jJ +6TjvfhAr5liq9b/WZgnTwTAO51BTLyeuteECDv+mlL2/bjzR8AYjtaidG3jL6wCV +oRPxiTE1cJE/KDBMNoZ9D/KO9d8rfsHKISXyoMwVT9ZWMQGV63zAtPb8DurHOOjD +RRa2w9ZZAgMBAAECggEAA0Y7+C97YqOtNzpBwOQJ2KtWLj/Qmz1n1wrAmTNELqks +j0WCxXWgGOuzoM6/ape0/XAOruZeEdHFsE8drXd38T/8SjTd9sbgAdU6k9vSNLaL +Oq/VDVyUGRvtrBECLTmnMFAauXdUQk5se9rtZr+FYyrA6DBs518x+w4Lf2y+22uA +lj5MD+rXxwGPz3doVmNNfX3pxrswuwD3yAu4E9A3vFSth1OF/4Li4Y2rFVLUELtw +8halPQAlBu2lmawCD8J68cUCIzlVu9OBPtinrjGxuAvj6lhEmkuakwvkSxFeOZwB +ZvtC0RIGM6mOzwqTWy1dJ35Le3f2qLYT3tO7zIguUQKBgQDdyV8nyu3Y1odRA/Rd +y36Xidm7YySwnyF/GZMVM0Cm2iKFGoo0Ym0gK6HdLPr5dxQlziXwJXh2dROt43// +ABuHRQLyRAi79aGJS7Zehk0NSqxzNcPevXNELGI9TQkm0T0UQZu2Mbq0ciQGKBxu +WNvsshzzr2UQ8RVRJdZA1De3BwKBgQDM0bWqtCK8Lp1XfF6LhY0kDiXOs/uFD0FB +ToBzbbZPPII7tpVRy9jLXO2DXEwCj3AsdIwhxAWYWUy75J9EpI41JmY+D4SQRzTq +y6GiwHcmFr0RtYZpSdmnpWVPTbWwqoH1KCJEyA8sKrOd0BSh06EiFKM8yYjxHs2q +VYsRqmJPnwKBgQDFwlpDvDHLCLdN6Q3LWLk/XF62NRgxGSOgFmjNHY9Hd/gR4XFc +dmtBpUZGVmZPbPudHi077d11Gr36boHiGfFx83pGFZ4II2TvbIBn1q777BrK/CT0 +Bs+x+TV73aYMY8RnvHygv8TwQ1qV1sxLJJatfsBMFZgzvBQ68FcUJWasnwKBgQCk +An2lfu+dnvoxdw7CTKQzrfyKY8dRymBnqjPjuoPVOU/T/yXcxQ4J8pTiroLTPgcG +IiGgXDZaw49VmgILVnXli6UtpwFxAwQVzA/XoqUGZAjsaF6EazWWMDRK56BJIpBE +PuoKB+VWaa9A/MG4wB10i/AXGg7FffQUpMFi2Pw2YwKBgHRt+tnkw3gvUSWQ4E/z +/g525QMFP3xTadIT7qzif+LSMqtip3vVbC+sBAJQ+GChNq8MFnr72H/siOwmODS2 +hWaN/7EQCuxo6bzs9QYIgMa5qkBaQIO5RQWsbj8jcUGKXuGTxbWNkR2+tHzLYxeG +p/Hb2ZSw9PU5Q7fHpaU9wjEo +-----END PRIVATE KEY----- diff --git a/cloudplatform/pom.xml b/cloudplatform/pom.xml index 93565fd994..b0f1bd2ff0 100644 --- a/cloudplatform/pom.xml +++ b/cloudplatform/pom.xml @@ -42,6 +42,7 @@ connectivity-oauth connectivity-apache-httpclient4 connectivity-apache-httpclient5 + connectivity-fips-sample resilience resilience-api resilience4j @@ -59,6 +60,17 @@ ${project.basedir}/../../ + + non-release + + + !release + + + + connectivity-fips-sample + + release diff --git a/module-inventory.json b/module-inventory.json index 71f993b182..348da66b0a 100644 --- a/module-inventory.json +++ b/module-inventory.json @@ -120,6 +120,17 @@ "parentArtifactId": "cloudplatform-parent", "excludeFromBlackDuckScan": false }, + { + "groupId": "com.sap.cloud.sdk.cloudplatform", + "artifactId": "connectivity-fips-sample", + "packaging": "jar", + "releaseAudience": "None", + "releaseMaturity": "Stable", + "pomFile": "cloudplatform/connectivity-fips-sample/pom.xml", + "parentGroupId": "com.sap.cloud.sdk.cloudplatform", + "parentArtifactId": "cloudplatform-parent", + "excludeFromBlackDuckScan": true + }, { "groupId": "com.sap.cloud.sdk.cloudplatform", "artifactId": "connectivity-oauth", diff --git a/pom.xml b/pom.xml index a2172a42bb..cf80eb76e9 100644 --- a/pom.xml +++ b/pom.xml @@ -705,6 +705,7 @@ com.sap.cloud.sdk.datamodel:odata-v4-api-sample com.sap.cloud.sdk.datamodel:openapi-api-sample com.sap.cloud.sdk.datamodel:openapi-api-apache-sample + com.sap.cloud.sdk.cloudplatform:connectivity-fips-sample From 1a1f21e00a2557afa3fd11e4a435407520631804 Mon Sep 17 00:00:00 2001 From: Roshin Rajan Panackal Date: Tue, 9 Jun 2026 11:40:32 +0200 Subject: [PATCH 5/5] Remove module addition --- cloudplatform/pom.xml | 1 - 1 file changed, 1 deletion(-) diff --git a/cloudplatform/pom.xml b/cloudplatform/pom.xml index b0f1bd2ff0..90d2403511 100644 --- a/cloudplatform/pom.xml +++ b/cloudplatform/pom.xml @@ -42,7 +42,6 @@ connectivity-oauth connectivity-apache-httpclient4 connectivity-apache-httpclient5 - connectivity-fips-sample resilience resilience-api resilience4j