DEVHIDE
Login Or Sign up

FIPS mode in java11

190 Views Asked by At

Trying to list the bcfips provider getting

    java.util.ServiceConfigurationError: java.security.Provider: Provider org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider could not be instantiated
        at java.base/java.util.ServiceLoader.fail(Unknown Source)
        at java.base/java.util.ServiceLoader$ProviderImpl.newInstance(Unknown Source)
        at java.base/java.util.ServiceLoader$ProviderImpl.get(Unknown Source)
        at java.base/java.util.ServiceLoader$3.next(Unknown Source)
        at java.base/sun.security.jca.ProviderConfig$ProviderLoader.load(Unknown Source)
        at java.base/sun.security.jca.ProviderConfig$3.run(Unknown Source)
        at java.base/sun.security.jca.ProviderConfig$3.run(Unknown Source)
        at java.base/java.security.AccessController.doPrivileged(Native Method)
        at java.base/sun.security.jca.ProviderConfig.doLoadProvider(Unknown Source)
        at java.base/sun.security.jca.ProviderConfig.getProvider(Unknown Source)
        at java.base/sun.security.jca.ProviderList.loadAll(Unknown Source)
        at java.base/sun.security.jca.ProviderList.removeInvalid(Unknown Source)
        at java.base/sun.security.jca.Providers.getFullProviderList(Unknown Source)
        at java.base/java.security.Security.getProviders(Unknown Source)
        at ListSecurityProviders.main(ListSecurityProviders.java:6)
    Caused by: org.bouncycastle.crypto.fips.FipsOperationError: Module checksum failed: unable to calculate
        at org.bouncycastle.fips.core/org.bouncycastle.crypto.fips.FipsStatus.checksumValidate(Unknown Source)
        at org.bouncycastle.fips.core/org.bouncycastle.crypto.fips.FipsStatus.isReady(Unknown Source)
        at org.bouncycastle.fips.core/org.bouncycastle.crypto.CryptoServicesRegistrar.getDefaultMode(Unknown Source)
        at org.bouncycastle.fips.core/org.bouncycastle.crypto.CryptoServicesRegistrar.<clinit>(Unknown Source)
        at org.bouncycastle.fips.core/org.bouncycastle.jcajce.provider.ProvSecureHash$MD5.configure(Unknown Source)
        at org.bouncycastle.fips.core/org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider.<init>(Unknown Source)
        at org.bouncycastle.fips.core/org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider.<init>(Unknown Source)
        at org.bouncycastle.fips.core/org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider.<init>(Unknown Source)
        at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
        at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
        at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
        at java.base/java.lang.reflect.Constructor.newInstance(Unknown Source)
        ... 14 more
    scl:  getPermissions ProtectionDomain  (jrt:/java.security.jgss <no signer certificates>)
    jdk.internal.loader.ClassLoaders$PlatformClassLoader@7f13d6e
    <no principals>
    java.security.Permissions@51cdd8a (
    ("java.lang.RuntimePermission" "accessSystemModules"))

Followed the steps provided in the answer for same question asked earlier.

Created jre using below command

./jlink --no-header-files --no-man-pages --compress=2 --strip-debug --module-path /root/bcjars/ --add-modules java.se,jdk    .unsupported,org.bouncycastle.fips.core --output /tmp/bcjdk/ --ignore-signing-information

jre created with below warning.

WARNING: signed modular JAR /root/bcjars/bc-fips-1.0.2.4.jar is currently not supported

After creating the jre, i can see the module in the --list-modules commnd.

   xx-xxx-xxxx:/tmp/bcjdk/bin # ./java --list-modules
    [email protected]
    [email protected]
    [email protected]
    [email protected]
    [email protected]
    [email protected]
    [email protected]
    [email protected]
    [email protected]
    [email protected]
    [email protected]
    [email protected]
    [email protected]
    [email protected]
    [email protected]
    [email protected]
    [email protected]
    [email protected]
    [email protected]
    [email protected]
    [email protected]
    [email protected]
    org.bouncycastle.fips.core

Program i ran to list the providers.

  import java.security.Provider;
    import java.security.Security;
    
    public class ListSecurityProviders {
        public static void main(String[] args) {
            Provider[] providers = Security.getProviders();
    
            for (Provider provider : providers) {
                System.out.println("Provider: " + provider.getName());
               for (Provider.Service service : provider.getServices()) {
                   System.out.println("  Algorithm: " + service.getAlgorithm());
               }
            }
        }
    }

From the error it looks like it is failing due no signing information but jlink cannot create jre with signing information.

java bouncycastle java-11 fips
Original Q&A
0

There are 0 best solutions below

Related Questions in JAVA

Related Questions in BOUNCYCASTLE

Related Questions in JAVA-11

Related Questions in FIPS

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Popular Questions

.

Copyright © 2021 Jogjafile Inc.