feat(fips): Add Bouncy Castle FIPS dependencies and initialize FIPS mode in SchedulerApplication

Author: silvestre

src/autoscaler/scheduler/pom.xml

@@ -134,6 +134,17 @@
             <artifactId>assertj-core</artifactId>
             <scope>test</scope>
         </dependency>
+        <!-- Bouncy Castle FIPS for FIPS 140-2 compliance -->
+        <dependency>
+            <groupId>org.bouncycastle</groupId>
+            <artifactId>bc-fips</artifactId>
+            <version>1.0.2.5</version>
+        </dependency>
+        <dependency>
+            <groupId>org.bouncycastle</groupId>
+            <artifactId>bctls-fips</artifactId>
+            <version>1.0.19</version>
+        </dependency>
     </dependencies>
     <build>
         <plugins>

src/autoscaler/scheduler/src/main/java/org/cloudfoundry/autoscaler/scheduler/SchedulerApplication.java

@@ -1,5 +1,8 @@
 package org.cloudfoundry.autoscaler.scheduler;
 
+import java.security.Security;
+import org.bouncycastle.crypto.fips.FipsStatus;
+import org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider;
 import org.cloudfoundry.autoscaler.scheduler.conf.MetricsConfig;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -41,14 +44,51 @@
     })
 public class SchedulerApplication {
 
-  private Logger logger = LoggerFactory.getLogger(this.getClass());
+  private static final Logger logger = LoggerFactory.getLogger(SchedulerApplication.class);
 
   @EventListener
   public void onApplicationReady(ApplicationReadyEvent event) {
     logger.info("Scheduler is ready to start");
   }
 
+  /**
+   * Initializes and validates FIPS mode for the application.
+   * Exits with error code 140 if FIPS mode is not enabled or cannot be initialized.
+   */
+  private static void initializeAndValidateFipsMode() {
+    try {
+      // Register Bouncy Castle FIPS provider as the primary security provider
+      Security.insertProviderAt(new BouncyCastleFipsProvider(), 1);
+
+      // Check if Bouncy Castle FIPS is ready and in approved mode
+      if (!FipsStatus.isReady()) {
+        logger.error("FIPS mode is not ready. Application requires FIPS 140-2 compliance.");
+        System.err.println("ERROR: FIPS mode is not ready. Application requires FIPS 140-2 compliance.");
+        System.exit(140);
+      }
+
+      // Verify that BC-FIPS provider is now installed and available
+      if (Security.getProvider("BCFIPS") == null) {
+        logger.error("Bouncy Castle FIPS provider (BCFIPS) failed to register.");
+        System.err.println("ERROR: Bouncy Castle FIPS provider (BCFIPS) failed to register.");
+        System.exit(140);
+      }
+
+      logger.info("FIPS mode initialization successful - running in FIPS 140-2 compliant mode");
+      logger.info("Active security providers: {}", java.util.Arrays.toString(Security.getProviders()));
+
+    } catch (Exception e) {
+      logger.error("Failed to initialize FIPS mode: {}", e.getMessage(), e);
+      System.err.println("ERROR: Failed to initialize FIPS mode: " + e.getMessage());
+      System.exit(140);
+    }
+  }
+
   public static void main(String[] args) {
+    // Initialize and validate FIPS mode before starting the application
+    initializeAndValidateFipsMode();
+
+    logger.info("Starting Scheduler application with FIPS 140-2 compliance");
     SpringApplication.run(SchedulerApplication.class, args);
   }
 }