Added validation of FIPS password length (#8694)

Co-authored-by: Daniel Beck <1831569+daniel-beck@users.noreply.github.com>

core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java

@@ -114,6 +114,7 @@ import org.springframework.security.crypto.password.PasswordEncoder;
  * @author Kohsuke Kawaguchi
  */
 public class HudsonPrivateSecurityRealm extends AbstractPasswordBasedSecurityRealm implements ModelObject, AccessControlled {
+    private static final int FIPS_PASSWORD_LENGTH = 14;
     private static /* not final */ String ID_REGEX = System.getProperty(HudsonPrivateSecurityRealm.class.getName() + ".ID_REGEX");
 
     /**
@@ -452,6 +453,11 @@ public class HudsonPrivateSecurityRealm extends AbstractPasswordBasedSecurityRea
             si.errors.put("password1", Messages.HudsonPrivateSecurityRealm_CreateAccount_PasswordRequired());
         }
 
+        if (FIPS140.useCompliantAlgorithms()) {
+            if (si.password1.length() < FIPS_PASSWORD_LENGTH) {
+                si.errors.put("password1", Messages.HudsonPrivateSecurityRealm_CreateAccount_FIPS_PasswordLengthInvalid());
+            }
+        }
         if (si.fullname == null || si.fullname.isEmpty()) {
             si.fullname = si.username;
         }

core/src/main/resources/hudson/security/Messages.properties

@@ -36,6 +36,7 @@ HudsonPrivateSecurityRealm.ManageUserLinks.Description=Create/delete/modify user
 
 HudsonPrivateSecurityRealm.CreateAccount.TextNotMatchWordInImage=Text didn''t match the word shown in the image
 HudsonPrivateSecurityRealm.CreateAccount.PasswordNotMatch=Password didn''t match
+HudsonPrivateSecurityRealm.CreateAccount.FIPS.PasswordLengthInvalid=Password must be at least 14 characters long
 HudsonPrivateSecurityRealm.CreateAccount.PasswordRequired=Password is required
 HudsonPrivateSecurityRealm.CreateAccount.UserNameRequired=User name is required
 HudsonPrivateSecurityRealm.CreateAccount.UserNameInvalidCharacters=User name must only contain alphanumeric characters, underscore and dash