Uploaded image for project: 'Red Hat Fuse'
  1. Red Hat Fuse
  2. ENTESB-20847

[Karaf] Jasypt encryption problem JDK 17 and RHEL8-FIPS

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Blocker Blocker
    • fuse-7.12-GA
    • fuse-7.12-GA
    • Karaf
    • None
    • Very Likely

      fuse-karaf-7.12.0.fuse-7_12_0-00007-redhat-00001 configuration changes:

      org.apache.karaf.features.cfg:
      property: featuresBoot
      add jasypt-encryption
      
      org.ops4j.pax.url.mvn.cfg:
      org.ops4j.pax.url.mvn.repositories = \
        https://repo1.maven.org/maven2@id=maven.central.repo, \
        https://maven.repository.redhat.com/ga@id=redhat.ga.repo, \
        https://maven.repository.redhat.com/earlyaccess/all@id=redhat.ea.repo, \
        https://repository.jboss.org/nexus/content/groups/ea@id=fuseearlyaccess, \
        http://nexus.fuse-qe.eng.rdu2.redhat.com/repository/fuse-all
      
      users.properties:
      admin=redhat,admin,ssh

      Start fuse and run:

      fuse-karaf-7.12.0.fuse-7_12_0-00007-redhat-00001/bin/fuse
      
      jasypt:encrypt -a PBEWITHMD2ANDDES --password  s0m3R@nD0mP@ssW0rD  "A password-cracker walks into a bar. Orders a beer. Then a Beer. Then a BEER. beer. b33r. BeeR. Be3r. bEeR. bE3R. BeEr"

       

      When started on RHEL8 with FIPS enabled using JDK 17 there is an exception

      org.jasypt.exceptions.EncryptionInitializationException: java.security.NoSuchAlgorithmException: SHA1PRNG SecureRandom not available 

      With JDK 11 (or any other tested) all works fine. Fuse log attached, exact java version is at the beginning of the log.

      Openstack image used for test:

      fuseqe-20221202-RHEL-8.7.0-x86_64-ga-latest-fips (665ede17-2d8a-4b60-b136-680b5f0d9535) 

        1. fuse-jdk11.log
          79 kB
          Petr Pinkas
        2. fuse-jdk17.log
          89 kB
          Petr Pinkas

              ggrzybek Grzegorz Grzybek
              rhn-support-ppinkas Petr Pinkas
              Petr Pinkas Petr Pinkas
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: