[3.8.x] jdbc-db2: fails in fips environment #5993

integration-test-groups/jdbc/db2/pom.xml

@@ -99,6 +99,11 @@
             <type>test-jar</type>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>org.apache.camel.quarkus</groupId>
+            <artifactId>camel-quarkus-integration-test-support</artifactId>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
 
 

integration-test-groups/jdbc/db2/src/test/java/org/apache/camel/quarkus/component/jdbc/db2/CamelDb2JdbcTest.java

@@ -21,6 +21,7 @@
 import io.quarkus.test.junit.QuarkusTest;
 import io.restassured.RestAssured;
 import io.restassured.http.ContentType;
+import org.apache.camel.quarkus.test.DisabledIfFipsMode;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.condition.DisabledIfSystemProperty;
 
@@ -35,6 +36,7 @@
 @QuarkusTest
 @DisabledIfSystemProperty(named = "cq.jdbcKind", matches = "derby")
 //https://github.com/quarkusio/quarkus/issues/23083
+@DisabledIfFipsMode //https://github.com/apache/camel-quarkus/issues/5993
 public class CamelDb2JdbcTest {
     String dbKind = "db2";
 

integration-tests-support/test-support/src/main/java/org/apache/camel/quarkus/test/DisabledIfFipsMode.java

@@ -0,0 +1,43 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.quarkus.test;
+
+import java.lang.annotation.Documented;
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+import org.junit.jupiter.api.extension.ExtendWith;
+
+/**
+ * Advertises that a test should be disabled if the JDK has FIPS enabled security providers present.
+ */
+@Target({ ElementType.TYPE, ElementType.METHOD })
+@Retention(RetentionPolicy.RUNTIME)
+@Documented
+@ExtendWith(DisabledIfFipsModeCondition.class)
+public @interface DisabledIfFipsMode {
+    /**
+     * The list of FIPS security provider names to match against for enabling the test.
+     * If no providers are specified, the default behaviour is to try to match any provider that has
+     * FIPS in its name.
+     *
+     * @return The list of security provider names.
+     */
+    String[] providers() default {};
+}

integration-tests-support/test-support/src/main/java/org/apache/camel/quarkus/test/DisabledIfFipsModeCondition.java

@@ -0,0 +1,54 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.quarkus.test;
+
+import java.util.List;
+import java.util.Optional;
+
+import org.junit.jupiter.api.extension.ConditionEvaluationResult;
+import org.junit.jupiter.api.extension.ExtensionContext;
+
+import static org.junit.jupiter.api.extension.ConditionEvaluationResult.disabled;
+import static org.junit.jupiter.api.extension.ConditionEvaluationResult.enabled;
+import static org.junit.platform.commons.util.AnnotationUtils.findAnnotation;
+
+/**
+ * Opposite of EnabledIfInFipsModeCondition.
+ */
+public class DisabledIfFipsModeCondition extends EnabledIfFipsModeCondition {
+    private static final ConditionEvaluationResult ENABLED_BY_DEFAULT = enabled("@DisabledIfFipsMode is not present");
+
+    @Override
+    public ConditionEvaluationResult evaluateExecutionCondition(ExtensionContext context) {
+        return findAnnotation(context.getElement(), DisabledIfFipsMode.class).map(this::map).orElse(ENABLED_BY_DEFAULT);
+    }
+
+    private ConditionEvaluationResult map(DisabledIfFipsMode annotation) {
+        List<String> providersToMatch = List.of(annotation.providers());
+        Optional<String> fipsProviders = findFipsProvider(providersToMatch);
+
+        if (fipsProviders == null) {
+            return enabled("No FIPS security providers were detected");
+        }
+        if (fipsProviders.isEmpty()) {
+            return disabled("Detected FIPS security providers");
+        }
+
+        return disabled("Detected FIPS security provider " + fipsProviders.get());
+    }
+
+}

integration-tests-support/test-support/src/main/java/org/apache/camel/quarkus/test/EnabledIfFipsModeCondition.java

@@ -19,6 +19,7 @@
 import java.security.Provider;
 import java.security.Security;
 import java.util.List;
+import java.util.Optional;
 
 import org.junit.jupiter.api.extension.ConditionEvaluationResult;
 import org.junit.jupiter.api.extension.ExecutionCondition;
@@ -38,21 +39,41 @@ public ConditionEvaluationResult evaluateExecutionCondition(ExtensionContext con
 
     private ConditionEvaluationResult map(EnabledIfFipsMode annotation) {
         List<String> providersToMatch = List.of(annotation.providers());
+        Optional<String> fipsProviders = findFipsProvider(providersToMatch);
+
+        if (fipsProviders == null) {
+            return disabled("No FIPS security providers were detected");
+        }
+        if (fipsProviders.isEmpty()) {
+            return enabled("Detected FIPS security providers");
+        }
+
+        return enabled("Detected FIPS security provider " + fipsProviders.get());
+    }
+
+    /**
+     * Returns null if system is not in fips mode.
+     * Returns Optional.empty if system is in fips mode and there is some provider containing "fips"
+     * Returns Optional.name if system is in fips mode and there is a match with the provided providers
+     * (the last 2 options allows to differentiate reason of the enablement/disablement)
+     */
+    Optional<String> findFipsProvider(List<String> providersToMatch) {
         Provider[] jdkProviders = Security.getProviders();
         int matchCount = 0;
 
         for (Provider provider : jdkProviders) {
             if (providersToMatch.isEmpty() && provider.getName().toLowerCase().contains("fips")) {
-                return enabled("Detected FIPS security provider " + provider.getName());
+                return Optional.of(provider.getName());
             } else if (providersToMatch.contains(provider.getName())) {
                 matchCount++;
             }
         }
 
         if (!providersToMatch.isEmpty() && matchCount == providersToMatch.size()) {
-            return enabled("Detected FIPS security providers");
+            return Optional.empty();
         }
 
-        return disabled("No FIPS security providers were detected");
+        return null;
+
     }
 }

integration-tests/jdbc-grouped/pom.xml

@@ -119,6 +119,11 @@
             <artifactId>awaitility</artifactId>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>org.apache.camel.quarkus</groupId>
+            <artifactId>camel-quarkus-integration-test-support</artifactId>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
 
     <build>