Got exception when new BouncyCastleJsseProvider("FIPS:BCFIPS");

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Got exception when new BouncyCastleJsseProvider("FIPS:BCFIPS");

Jeff Huang
Hello,

I downloaded latest fips jars from BC. After compiled code and run it, I got the following exception:

Provider provider1 = new BouncyCastleJsseProvider("FIPS:BCFIPS");

Exception in thread "main" java.lang.IllegalArgumentException: unable to find Provider/TlsCrypto class: BCFIPS
at org.bouncycastle.jsse.provider.BouncyCastleJsseProvider.createCryptoProvider(BouncyCastleJsseProvider.java:130)


Jeff.
Reply | Threaded
Open this post in threaded view
|

Re: Got exception when new BouncyCastleJsseProvider("FIPS:BCFIPS");

David Hook-3

It's not clear that the BCFIPS provider is installed. Which provider are
you using "BC" or "BCFIPS"?

Regards,

David
On 28/8/19 7:23 am, Jeff Huang wrote:

> Hello,
>
> I downloaded latest fips jars from BC. After compiled code and run it,
> I got the following exception:
>
> Provider provider1 = new BouncyCastleJsseProvider("FIPS:BCFIPS");
>
> Exception in thread "main" java.lang.IllegalArgumentException: unable
> to find Provider/TlsCrypto class: BCFIPS
> at
> org.bouncycastle.jsse.provider.BouncyCastleJsseProvider.createCryptoProvider(BouncyCastleJsseProvider.java:130)
>
>
> Jeff.



Reply | Threaded
Open this post in threaded view
|

Re: Got exception when new BouncyCastleJsseProvider("FIPS:BCFIPS");

Jeff Huang
I am using the BCFIPS provider(version 1.0.9). I have downloaded bc-fips-1.0.2.jar and bctls-fips-1.0.9.jar.  I am trying to install BCFIPS provider at RUNTIME that means I do NOT modify java.security file to statically add BCFIPS provider.  

I did following to install BCFIPS provider at runtime based on page 7 in BC-FJA-(D)TLSUserGuide-1.0.9.pdf
...
Security.addProvider(new BouncyCastleJsseProvider("FIPS:BCFIPS"));    
...

Above call get following exceptions:
Exception in thread "main" java.lang.IllegalArgumentException: unable to find Provider/TlsCrypto class: BCFIPS
at org.bouncycastle.jsse.provider.BouncyCastleJsseProvider.createCryptoProvider(BouncyCastleJsseProvider.java:130)
at org.bouncycastle.jsse.provider.BouncyCastleJsseProvider.<init>(BouncyCastleJsseProvider.java:72)


I read the source code org.bouncycastle.jsse.provider.BouncyCastleJsseProvider.java, following is execution sequence:
1. I passed "FIPS:BCFIPS" to constructor of BouncyCastleJsseProvider  LINE 50
2. After parsing String  "FIPS:BCFIPS", second part String is cryptoName = "BCFIPS" .  LINE 66
3. Called createCryptoProvider(cryptoName);   LINE 72, then LINE 95
4. Because I do not statically install BCFIPS provider, so LINE 103 return null,  LINE 104 to LINE 107 will be skipped, so code go to LINE 111 
Class<?> cryptoProviderClass = Class.forName(cryptoName);   // here  cryptoName =  "BCFIPS"
Above code throw exception due to we know that there is no Java class BCFIPS, so then LINE 130 exception.

It seems there is a bug? 

I played around, there are two work arounds:
1. Passing "FIPS:org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCryptoProvider" will work. Actually also make sense  JcaTlsCryptoProvider is Java class. 
2. Modify java.security and add following entry:
security.provider.15=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider FIPS:BCFIPS
Above mean statically install BCFIPS provider first, then call  Security.addProvider(new BouncyCastleJsseProvider("FIPS:BCFIPS"));     will work. 
But the issue is we want to install BCFIPS provider at runtime without need modify java.security file.

Please advise this.

Thanks!

Jeff.



 

On Wed, Aug 28, 2019 at 3:38 AM David Hook <[hidden email]> wrote:

It's not clear that the BCFIPS provider is installed. Which provider are
you using "BC" or "BCFIPS"?

Regards,

David
On 28/8/19 7:23 am, Jeff Huang wrote:
> Hello,
>
> I downloaded latest fips jars from BC. After compiled code and run it,
> I got the following exception:
>
> Provider provider1 = new BouncyCastleJsseProvider("FIPS:BCFIPS");
>
> Exception in thread "main" java.lang.IllegalArgumentException: unable
> to find Provider/TlsCrypto class: BCFIPS
> at
> org.bouncycastle.jsse.provider.BouncyCastleJsseProvider.createCryptoProvider(BouncyCastleJsseProvider.java:130)
>
>
> Jeff.



Reply | Threaded
Open this post in threaded view
|

Re: Got exception when new BouncyCastleJsseProvider("FIPS:BCFIPS");

David Hook-3

Try doing:

Security.addProvider(new BouncyCastleFipsProvider());

first.

Regards,

David

On 29/8/19 2:12 am, Jeff Huang wrote:
I am using the BCFIPS provider(version 1.0.9). I have downloaded bc-fips-1.0.2.jar and bctls-fips-1.0.9.jar.  I am trying to install BCFIPS provider at RUNTIME that means I do NOT modify java.security file to statically add BCFIPS provider.  

I did following to install BCFIPS provider at runtime based on page 7 in BC-FJA-(D)TLSUserGuide-1.0.9.pdf
...
Security.addProvider(new BouncyCastleJsseProvider("FIPS:BCFIPS"));    
...

Above call get following exceptions:
Exception in thread "main" java.lang.IllegalArgumentException: unable to find Provider/TlsCrypto class: BCFIPS
at org.bouncycastle.jsse.provider.BouncyCastleJsseProvider.createCryptoProvider(BouncyCastleJsseProvider.java:130)
at org.bouncycastle.jsse.provider.BouncyCastleJsseProvider.<init>(BouncyCastleJsseProvider.java:72)


I read the source code org.bouncycastle.jsse.provider.BouncyCastleJsseProvider.java, following is execution sequence:
1. I passed "FIPS:BCFIPS" to constructor of BouncyCastleJsseProvider  LINE 50
2. After parsing String  "FIPS:BCFIPS", second part String is cryptoName = "BCFIPS" .  LINE 66
3. Called createCryptoProvider(cryptoName);   LINE 72, then LINE 95
4. Because I do not statically install BCFIPS provider, so LINE 103 return null,  LINE 104 to LINE 107 will be skipped, so code go to LINE 111 
Class<?> cryptoProviderClass = Class.forName(cryptoName);   // here  cryptoName =  "BCFIPS"
Above code throw exception due to we know that there is no Java class BCFIPS, so then LINE 130 exception.

It seems there is a bug? 

I played around, there are two work arounds:
1. Passing "FIPS:org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCryptoProvider" will work. Actually also make sense  JcaTlsCryptoProvider is Java class. 
2. Modify java.security and add following entry:
security.provider.15=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider FIPS:BCFIPS
Above mean statically install BCFIPS provider first, then call  Security.addProvider(new BouncyCastleJsseProvider("FIPS:BCFIPS"));     will work. 
But the issue is we want to install BCFIPS provider at runtime without need modify java.security file.

Please advise this.

Thanks!

Jeff.



 

On Wed, Aug 28, 2019 at 3:38 AM David Hook <[hidden email]> wrote:

It's not clear that the BCFIPS provider is installed. Which provider are
you using "BC" or "BCFIPS"?

Regards,

David
On 28/8/19 7:23 am, Jeff Huang wrote:
> Hello,
>
> I downloaded latest fips jars from BC. After compiled code and run it,
> I got the following exception:
>
> Provider provider1 = new BouncyCastleJsseProvider("FIPS:BCFIPS");
>
> Exception in thread "main" java.lang.IllegalArgumentException: unable
> to find Provider/TlsCrypto class: BCFIPS
> at
> org.bouncycastle.jsse.provider.BouncyCastleJsseProvider.createCryptoProvider(BouncyCastleJsseProvider.java:130)
>
>
> Jeff.




Reply | Threaded
Open this post in threaded view
|

Re: Got exception when new BouncyCastleJsseProvider("FIPS:BCFIPS");

Jeff Huang
That works! I got now.  BouncyCastleJsseProvider use BouncyCastleFipsProvider as BCFIPS provider.


thanks lot!

Jeff.

On Wed, Aug 28, 2019 at 6:35 PM David Hook <[hidden email]> wrote:

Try doing:

Security.addProvider(new BouncyCastleFipsProvider());

first.

Regards,

David

On 29/8/19 2:12 am, Jeff Huang wrote:
I am using the BCFIPS provider(version 1.0.9). I have downloaded bc-fips-1.0.2.jar and bctls-fips-1.0.9.jar.  I am trying to install BCFIPS provider at RUNTIME that means I do NOT modify java.security file to statically add BCFIPS provider.  

I did following to install BCFIPS provider at runtime based on page 7 in BC-FJA-(D)TLSUserGuide-1.0.9.pdf
...
Security.addProvider(new BouncyCastleJsseProvider("FIPS:BCFIPS"));    
...

Above call get following exceptions:
Exception in thread "main" java.lang.IllegalArgumentException: unable to find Provider/TlsCrypto class: BCFIPS
at org.bouncycastle.jsse.provider.BouncyCastleJsseProvider.createCryptoProvider(BouncyCastleJsseProvider.java:130)
at org.bouncycastle.jsse.provider.BouncyCastleJsseProvider.<init>(BouncyCastleJsseProvider.java:72)


I read the source code org.bouncycastle.jsse.provider.BouncyCastleJsseProvider.java, following is execution sequence:
1. I passed "FIPS:BCFIPS" to constructor of BouncyCastleJsseProvider  LINE 50
2. After parsing String  "FIPS:BCFIPS", second part String is cryptoName = "BCFIPS" .  LINE 66
3. Called createCryptoProvider(cryptoName);   LINE 72, then LINE 95
4. Because I do not statically install BCFIPS provider, so LINE 103 return null,  LINE 104 to LINE 107 will be skipped, so code go to LINE 111 
Class<?> cryptoProviderClass = Class.forName(cryptoName);   // here  cryptoName =  "BCFIPS"
Above code throw exception due to we know that there is no Java class BCFIPS, so then LINE 130 exception.

It seems there is a bug? 

I played around, there are two work arounds:
1. Passing "FIPS:org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCryptoProvider" will work. Actually also make sense  JcaTlsCryptoProvider is Java class. 
2. Modify java.security and add following entry:
security.provider.15=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider FIPS:BCFIPS
Above mean statically install BCFIPS provider first, then call  Security.addProvider(new BouncyCastleJsseProvider("FIPS:BCFIPS"));     will work. 
But the issue is we want to install BCFIPS provider at runtime without need modify java.security file.

Please advise this.

Thanks!

Jeff.



 

On Wed, Aug 28, 2019 at 3:38 AM David Hook <[hidden email]> wrote:

It's not clear that the BCFIPS provider is installed. Which provider are
you using "BC" or "BCFIPS"?

Regards,

David
On 28/8/19 7:23 am, Jeff Huang wrote:
> Hello,
>
> I downloaded latest fips jars from BC. After compiled code and run it,
> I got the following exception:
>
> Provider provider1 = new BouncyCastleJsseProvider("FIPS:BCFIPS");
>
> Exception in thread "main" java.lang.IllegalArgumentException: unable
> to find Provider/TlsCrypto class: BCFIPS
> at
> org.bouncycastle.jsse.provider.BouncyCastleJsseProvider.createCryptoProvider(BouncyCastleJsseProvider.java:130)
>
>
> Jeff.