[I] Cannot use Mina SSH client in a FIPS constrained environment [mina-sshd]

Fri, 30 Aug 2024 19:54:04 -0700 


olamy opened a new issue, #590:
URL: https://github.com/apache/mina-sshd/issues/590

   ### Version
   
   2.13.2
   
   ### Bug description
   
   When using using registar created for BCFIPS (which means any BC classes are 
available within the class path).
   
   I got
   
   ```
   java.lang.IllegalArgumentException: BouncyCastle not registered
     at PluginClassLoader for 
mina-sshd-api-common//org.apache.sshd.common.util.ValidateUtils.createFormattedException(ValidateUtils.java:213)
     at PluginClassLoader for 
mina-sshd-api-common//org.apache.sshd.common.util.ValidateUtils.throwIllegalArgumentException(ValidateUtils.java:179)
     at PluginClassLoader for 
mina-sshd-api-common//org.apache.sshd.common.util.ValidateUtils.checkTrue(ValidateUtils.java:156)
     at PluginClassLoader for 
mina-sshd-api-common//org.apache.sshd.common.util.security.SecurityUtils.getBouncycastleEncryptedPrivateKeyInfoDecryptor(SecurityUtils.java:553)
     at PluginClassLoader for 
mina-sshd-api-common//org.apache.sshd.common.config.keys.loader.pem.PKCS8PEMResourceKeyPairParser.decryptKeyPairs(PKCS8PEMResourceKeyPairParser.java:107)
   ```
   
   I tried to "trick" it :) using the name BC here 
https://github.com/jenkinsci/mina-sshd-api-plugin/pull/114/files#diff-5440105bdcdf53b86acce84166b9884f497eb6908da1d68b82ec974aa0fd83e1R45
   
   But turns into:
   
   ```
     Caused: java.lang.NoClassDefFoundError: 
org/bouncycastle/crypto/prng/RandomGenerator
     at PluginClassLoader for 
mina-sshd-api-common//org.apache.sshd.common.util.security.bouncycastle.BouncyCastleRandomFactory.create(BouncyCastleRandomFactory.java:43)
     at PluginClassLoader for 
mina-sshd-api-common//org.apache.sshd.common.util.security.bouncycastle.BouncyCastleRandomFactory.create(BouncyCastleRandomFactory.java:28)
     at PluginClassLoader for 
mina-sshd-api-common//org.apache.sshd.common.random.SingletonRandomFactory.<init>(SingletonRandomFactory.java:38)
   with BCFIPS (classic BC class not available in the classpth) this is this 
class 
https://javadoc.io/doc/org.bouncycastle/bc-fips/latest/org/bouncycastle/crypto/fips/FipsSecureRandom.html
   ```
   But the idea is to make this random factory more configurable.
   
   ### Actual behavior
   
   see bug description
   
   ### Expected behavior
   
   Able to use BouncyCastle FIPS
   
   ### Relevant log output
   
   _No response_
   
   ### Other information
   
   _No response_


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org

Reply via email to