Usage of Oracle 19c database driver in EAP gives PKCS11Exception: CKR_ATTRIBUTE_SENSITIVE with PKCS11 and FIPS
Issue
-
Oracle 19c is giving the following error when EAP is configured to use SunPKCS11 and FIPS.
Caused by: java.security.ProviderException: Could not derive key at sun.security.pkcs11.P11KeyAgreement.engineGenerateSecret(P11KeyAgreement.java:238) at javax.crypto.KeyAgreement.generateSecret(KeyAgreement.java:586) at oracle.net.aso.v.f(Unknown Source) at oracle.net.ano.DataIntegrityService.g(Unknown Source) at oracle.net.ano.Ano.negotiation(Unknown Source) at oracle.net.ns.NSProtocol.connect(NSProtocol.java:368) at oracle.jdbc.driver.T4CConnection.connect(T4CConnection.java:1596) at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:588) at oracle.jdbc.driver.PhysicalConnection.connect(PhysicalConnection.java:793) at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:57) at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:747) at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:562) at org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.createLocalManagedConnection(LocalManagedConnectionFactory.java:321) ... 61 more Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_ATTRIBUTE_SENSITIVE at sun.security.pkcs11.wrapper.PKCS11.C_GetAttributeValue(Native Method) at sun.security.pkcs11.P11KeyAgreement.engineGenerateSecret(P11KeyAgreement.java:218)
Environment
- Red Hat JBoss Enterprise Application Platform 7
- PKCS11 security provider using NSS and FIPS
- Oracle 19c JDBC database driver
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.