Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8214346

java.security.NoSuchAlgorithmException: PKCS11 KeyStore not available when trying to enable FIPS mode with NSS

    XMLWordPrintable

    Details

      Description

      A DESCRIPTION OF THE PROBLEM :
      I'm trying to enable FIPS mode using SUNPKCS11 with NSS in Java 11. I got this exception java.security.NoSuchAlgorithmException: PKCS11 KeyStore not available.

      When I tried to enable FIPS in Java 8 it works fine but doing the same in Java 11 throws the exception.

      The initialization of SUNPKCS11 changed from Java 8 to Java 11.

      In Java 8:

        Provider provider = Security.getProvider("SunPKCS11");
        provider.configure(nssConfigFile);
      Java 11:

        Provider provider = new sun.security.pkcs11.SunPKCS11(nssConfigFile);
        Security.addProvider(nssProvider);
      After the initialization of SUNPKCS11 with config file, I'm trying to get the provider from the keystore as below.
      One more thing is when I initialized the SUNPKCS11, it's Provider.id.info is set to Unconfigured and unusable PKCS11 provider , Does this has some thing to do with?

      KeyStore.getInstance("SUNPKCS11");
      Then here I didn't have the PKCS11 in keystore.

      My config file content look as below:

        name=nss-client
        nssLibraryDirectory=X:\XXX\NSS\lib\
        nssSecmodDirectory=X:\XXX\NSS\db\
        nssModule=fips
      Do I need to change something in the config file contents or is it a bug in Java 11?


        Attachments

          Activity

            People

            • Assignee:
              psonal Pallavi Sonal
              Reporter:
              webbuggrp Webbug Group
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: