使用NSS(3.11.4)升级到Java 1.7,因为FIPS 140合规性不起作用:
在我们的应用程序中,我们尝试使用以下配置启用FIPS
java.security文件中的配置:
security.provider.1=sun.security.pkcs11.SunPKCS11 D:\\7002FIPS\\Windows\\nss.cfg
security.provider.2=sun.security.rsa.SunRsaSign
security.provider.3=sun.security.ec.SunEC
security.provider.4=com.sun.net.ssl.internal.ssl.Provider SunPKCS11-NSSFIPS
security.provider.5=com.sun.crypto.provider.SunJCE
security.provider.6=sun.security.jgss.SunProvider
security.provider.7=com.sun.security.sasl.Provider
security.provider.8=org.jcp.xml.dsig.internal.dom.XMLDSigRI
security.provider.9=sun.security.smartcardio.SunPCSC
security.provider.10=sun.security.mscapi.SunMSCAPI
security.provider.11=sun.security.provider.Sun
nss.cfg
name=NSSFIPS
nssLibraryDirectory= D:\\7002FIPS\Windows\lib
nssSecmodDirectory= D:\\7002FIPS\Windows\cert
nssDbMode=readWrite
nssModule=fips
在使用上述配置执行示例程序时,我们得到以下异常。它在java 6中运行正常,没有任何问题。
java.security.ProviderException: Initialization failed
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:375)
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:103)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at sun.security.jca.ProviderConfig$2.run(Unknown Source)
at sun.security.jca.ProviderConfig$2.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
sun.security.jca.ProviderConfig.doLoadProvider(Unknown Source)
at sun.security.jca.ProviderConfig.getProvider(Unknown Source)
at sun.security.jca.ProviderList.loadAll(Unknown Source)
at sun.security.jca.ProviderList.removeInvalid(Unknown Source)
at sun.security.jca.Providers.getFullProviderList(Unknown Source)
at java.security.Security.getProviders(Unknown Source)
at FipsTest.main(FipsTest.java:31)
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_ARGUMENTS_BAD
at sun.security.pkcs11.wrapper.PKCS11.C_Initialize(Native Method)
at sun.security.pkcs11.wrapper.PKCS11$SynchronizedPKCS11.C_Initialize(PKCS11.java:1484)
at sun.security.pkcs11.wrapper.PKCS11.getInstance(PKCS11.java:156)
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:330)
.. 15 more
有没有人遇到过jdk1.7版本NSS 3.11.4版本的上述问题?