如何使 Weblogic 11gR2 (10.3.3) FIPS-140 兼容

【问题标题】:How to make Weblogic 11gR2 (10.3.3) FIPS-140 compliant如何使 Weblogic 11gR2 (10.3.3) FIPS-140 兼容
【发布时间】:2016-10-03 19:16:26
【问题描述】:

我们的 Ear 应用程序托管在 Weblogic 10.3.3 服务器上。

此应用正在与 BO 4.1 交互,我们现在尝试连接它时遇到此错误:

    com.tranme.guide.commonservices.report.InteractionBOException: com.crystaldecisions.sdk.exception.SDKException$ConfidentialChannelFailed: Impossible d'굡blir un canal confidentiel. (FWM 02119)
cause:com.businessobjects.bcm.exception.FIPSError: Cryptographic library is not FIPS-140-compliant.
detail:Impossible d'굡blir un canal confidentiel. (FWM 02119) Cryptographic library is not FIPS-140-compliant.
  at com.tranme.guide.commonservices.report.CrystalReportHelper.getReportInfoObjectsByReportName(CrystalReportHelper.java:515)
  at com.tranme.guide.notificationmgt.manager.reports.util.ReportManagementTools.getReportInstanceStatuses(ReportManagementTools.java:81)
  at com.tranme.guide.notificationmgt.manager.reports.util.ReportManagementTools.getGenerationStatusResults(ReportManagementTools.java:51)
  at com.tranme.guide.notificationmgt.manager.BaseNotificationManager.updateReportGenerationStatus(BaseNotificationManager.java:217)
  at com.tranme.guide.notificationmgt.business.ejb.impl.NotificationManagementFacadeBeanImpl.updateReportGenerationStatus(NotificationManagementFacadeBeanImpl.java:123)
  at com.tranme.guide.notificationmgt.business.ejb.impl.NotificationManagementFacadeBeanImpl_z3lp9c_EOImpl.updateReportGenerationStatus(NotificationManagementFacadeBeanImpl_z3lp9c_EOImpl.java:140)
  at com.tranme.guide.notificationmgt.business.ejb.impl.NotificationManagementFacadeBeanImpl_z3lp9c_EOImpl_WLSkel.invoke(Unknown Source)
  at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:589)
  at weblogic.rmi.cluster.ClusterableServerRef.invoke(ClusterableServerRef.java:230)
  at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:477)
  at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
  at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:147)
  at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:473)
  at weblogic.rmi.internal.wls.WLSExecuteRequest.run(WLSExecuteRequest.java:118)
  at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
  at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
Caused by: com.crystaldecisions.sdk.exception.SDKException$ConfidentialChannelFailed: Impossible d'굡blir un canal confidentiel. (FWM 02119)
cause:com.businessobjects.bcm.exception.FIPSError: Cryptographic library is not FIPS-140-compliant.
detail:Impossible d'굡blir un canal confidentiel. (FWM 02119) Cryptographic library is not FIPS-140-compliant.
  at com.crystaldecisions.sdk.occa.security.internal.ConfidentialChannelService.establishConfidentialChannel(ConfidentialChannelService.java:199)
  at com.crystaldecisions.sdk.occa.security.internal.ConfidentialChannelService.createConfidentialChannel(ConfidentialChannelService.java:145)
  at com.crystaldecisions.sdk.occa.security.internal.CCMap.locateCCItem(CCMap.java:63)
  at com.crystaldecisions.sdk.occa.security.internal.LogonService.doUserLogon(LogonService.java:845)
  at com.crystaldecisions.sdk.occa.security.internal.LogonService.doUserLogon(LogonService.java:805)
  at com.crystaldecisions.sdk.occa.security.internal.LogonService.userLogon(LogonService.java:210)
  at com.crystaldecisions.sdk.occa.security.internal.SecurityMgr.userLogon(SecurityMgr.java:166)
  at com.crystaldecisions.sdk.framework.internal.SessionMgr.logon_aroundBody0(SessionMgr.java:454)
  at com.crystaldecisions.sdk.framework.internal.SessionMgr.logon_aroundBody1$advice(SessionMgr.java:512)
  at com.crystaldecisions.sdk.framework.internal.SessionMgr.logon(SessionMgr.java:1)
  at com.tranme.guide.commonservices.report.CrystalReportHelper.getSession(CrystalReportHelper.java:156)
  at com.tranme.guide.commonservices.report.CrystalReportHelper.getReportInfoObjectsByReportName(CrystalReportHelper.java:502)
  ... 15 more
Caused by: com.businessobjects.bcm.exception.FIPSError: Cryptographic library is not FIPS-140-compliant.
  at com.businessobjects.bcm.internal.BcmRsaLib.CheckStartupErrors(BcmRsaLib.java:28)
  at com.businessobjects.bcm.internal.DHKeyAgreeImpl.<init>(DHKeyAgreeImpl.java:22)
  at com.businessobjects.bcm.BCM.createKeyAgreement(BCM.java:1080)
  at com.crystaldecisions.sdk.occa.security.internal.ConfidentialChannelService.establishConfidentialChannel(ConfidentialChannelService.java:175)
  ... 26 more

BO SDK 库位于 weblogic 类路径中(这是我之前的开发人员决定实现它们的方式)。

我已经尝试过 SAP 论坛提出的解决方案,但没有任何运气。

【问题讨论】:

    标签: java weblogic business-objects fips


    【解决方案1】:

    WLS 11G 需要为FIPS-compliant SSL connections 配置这些东西:

    • cryptojFIPS.jar 被添加到 PRE_CLASSPATH 变量中(这与 SAP 论坛 suggested 的作用类似)
    • 指定了命令行参数-Dweblogic.security.SSL.nojce=true
    • JVM 有无限强度的 JCE(更多细节在这里 for WLS12C 但步骤类似)。这可能已经设置好了。

    【讨论】:

    • 应该在哪个脚本中设置类路径?命令行参数与 java_options 一起传递?去年我为另一个案例将 JVM 更新为无限强度,因此涵盖了这一点
    • 这是一个环境变量。您可以在 shell 中设置它,或者如果您愿意,可以将其隐藏在 setWlsEnv.sh 中。
    猜你喜欢
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 2013-09-08
    • 2020-10-15
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode