我试图通过将BC FIPS设置为默认提供程序来为jboss启用BC FIPS模式。
Security.insertProviderAt(new BouncyCastleFipsProvider(), 1);
一切似乎都正常,但是在启动过程中jboss / wildfly挂断了。我只是转储了一个jstack,然后看到它卡在了:
"MSC service thread 1-6" #22 prio=5 os_prio=0 tid=0x00007f0848001800 nid=0x4493 runnable [0x00007f0898864000]
java.lang.Thread.State: RUNNABLE
at java.io.FileInputStream.readBytes(Native Method)
at java.io.FileInputStream.read(FileInputStream.java:255)
at sun.security.provider.SeedGenerator$URLSeedGenerator.getSeedBytes(SeedGenerator.java:539)
at sun.security.provider.SeedGenerator.generateSeed(SeedGenerator.java:144)
at sun.security.provider.SecureRandom.engineGenerateSeed(SecureRandom.java:139)
at java.security.SecureRandom.generateSeed(SecureRandom.java:533)
at org.bouncycastle.crypto.util.BasicEntropySourceProvider$1.getEntropy(Unknown Source)
at org.bouncycastle.crypto.fips.ContinuousTestingEntropySource.getEntropy(Unknown Source)
- locked <0x00000000a44ac4e0> (a org.bouncycastle.crypto.fips.ContinuousTestingEntropySource)
at org.bouncycastle.crypto.fips.HashSP800DRBG.getEntropy(Unknown Source)
at org.bouncycastle.crypto.fips.HashSP800DRBG.init(Unknown Source)
at org.bouncycastle.crypto.fips.HashSP800DRBG.<init>(Unknown Source)
at org.bouncycastle.crypto.fips.FipsDRBG$HashDRBGProvider.get(Unknown Source)
at org.bouncycastle.crypto.fips.DRBGPseudoRandom.lazyInitDRBG(Unknown Source)
at org.bouncycastle.crypto.fips.DRBGPseudoRandom.getSecurityStrength(Unknown Source)
- locked <0x00000000a44ac600> (a org.bouncycastle.crypto.fips.DRBGPseudoRandom)
at org.bouncycastle.crypto.fips.FipsSecureRandom.getSecurityStrength(Unknown Source)
at org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider.getDefaultSecureRandom(Unknown Source)
- locked <0x00000000a44ac670> (a org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider)
at org.bouncycastle.jcajce.provider.ProvRandom$1.createInstance(Unknown Source)
at org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider$BcService.newInstance(Unknown Source)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:236)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:164)
at java.security.SecureRandom.getInstance(SecureRandom.java:288)
at java.security.SecureRandom.getDefaultPRNG(SecureRandom.java:205)
at java.security.SecureRandom.<init>(SecureRandom.java:162)
at io.undertow.server.session.SecureRandomSessionIdGenerator.<init>(SecureRandomSessionIdGenerator.java:35)
at io.undertow.servlet.api.DeploymentInfo.<init>(DeploymentInfo.java:181)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService.createServletConfig(UndertowDeploymentInfoService.java:570)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService.start(UndertowDeploymentInfoService.java:284)
- locked <0x00000000a44ac8d8> (a org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService)
at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1948)
at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1881)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)