What causes Crypto-J is disabled, a FIPS 140 required self-integrity check failed in JBoss EAP?
Issue
I have webapp which used a RSA library for security.
If I deployed the webapp in exploded form, it works fine but archived webapp failed due the following error
java.lang.SecurityException: Crypto-J is disabled, a FIPS 140 required self-integrity check failed
at com.rsa.jsafe.CryptoJ.a(Unknown Source)
at com.rsa.jsafe.CryptoJ.f(Unknown Source)
at com.rsa.jsafe.JSAFE_SecureRandom.a(Unknown Source)
at com.rsa.jsafe.JSAFE_SecureRandom.getInstance(Unknown Source)
java.lang.SecurityException: JsafeJCE provider self-integrity check failed com.rsa.jsafe.provider.JsafeJCE.<init>(Unknown Source)
Caused by: java.lang.SecurityException: JCE cannot authenticate the provider IngrianProvider
at javax.crypto.Cipher.getInstance(DashoA13*..) [na:1.6]
at javax.crypto.Cipher.getInstance(DashoA13*..) [na:1.6]
...
Caused by: java.util.jar.JarException: Cannot parse jar:file:/path/to/jboss-as/server/profile/deploy/myapplication.ear!/ingrian-nae.jar
at javax.crypto.SunJCE_c.a(DashoA13*..) [na:1.6]
at javax.crypto.SunJCE_b.b(DashoA13*..) [na:1.6]
at javax.crypto.SunJCE_b.a(DashoA13*..) [na:1.6]
... 296 common frames omitted
The same application works for JBoss EAP 4.
I think it is happing due to it being a FIPS 140 cryptographic module, which requires a set of integrity self-tests to be executed on startup. These tests can not be disabled:
http://csrc.nist.gov/publications/fips/fips1401.htm#sec4.11
Environment
- JBoss Enterprise Application Platform (EAP)
- 5.x
- 6.x
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Close
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.