ActiveMQ以FIPS模式运行

时间:2017-09-17 15:28:15

标签: java spring activemq bouncycastle fips

我正在使用ActiveMQ 5.14,我的ssl配置是:

<sslContext>
        <sslContext keyStore="file:${activemq.base}/conf/keystore/activemq/activemq.bcfks" keyStorePassword="password" keyStoreType="BCFKS" 
              trustStore="file:${activemq.base}/conf/keystore/activemq/cacerts.bcfks" trustStorePassword="password" trustStoreType="BCFKS" />
    </sslContext>

我们的JVM配置为FIPS模式:

security.provider.4=com.safelogic.cryptocomply.jcajce.provider.CryptoComplyFipsProvider
security.provider.5=com.sun.net.ssl.internal.ssl.Provider CCJ

如果启用FIPS模式,则ActiveMQ无法以ERROR:

启动
Error creating bean with name 'org.apache.activemq.xbean.XBeanBrokerService#0' defined in class path resource [activemq.xml]: Invocation of init method failed; nested exception is java.io.IOException: Transport Connector could not be registered in JMX: java.io.IOException: FIPS mode: SecureRandom must be from provider CCJ | org.apache.activemq.xbean.XBeanBrokerFactory$1 | main

我尝试使用Spring spel来使用secureRandom: secureRandom="#{T(java.security.SecureRandom).getInstance('DEFAULT','CCJ')}" -

secureRandom="CCJ"
它没有工作!!! 如何强制secureRandom提供程序来自类型&#39; CCJ&#39;

谢谢,

1 个答案:

答案 0 :(得分:0)

当与AMJ 5.15.0和CCJ一起使用时,activemq.xml中的以下配置对我有用:

<sslContext>
   <sslContext 
        keyStore="file:${activemq.conf}/broker.ks" 
        keyStorePassword="123456" 
        keyStoreType="BCFKS" 
        trustStore="file:${activemq.conf}/broker.ts" 
        trustStorePassword="123456" 
        trustStoreType="BCFKS" 
        secureRandomAlgorithm="DEFAULT" />
</sslContext>

当我向sslContext中添加带有CCJ值的XML属性“ provider”时,它也对我有用:

<sslContext>
   <sslContext 
        keyStore="file:${activemq.conf}/broker.ks" 
        keyStorePassword="123456" 
        keyStoreType="BCFKS" 
        trustStore="file:${activemq.conf}/broker.ts" 
        trustStorePassword="123456" 
        trustStoreType="BCFKS" 
        secureRandomAlgorithm="DEFAULT" 
        **provider="CCJ"**/>
</sslContext>