[jira] [Created] (TOREE-532) Toree kernel startup failing in FIPS enable mode.

Mon, 28 Nov 2022 01:02:09 -0800 

SHOBHIT SHUKLA created TOREE-532:
------------------------------------

             Summary: Toree kernel startup failing in FIPS enable mode.
                 Key: TOREE-532
                 URL: https://issues.apache.org/jira/browse/TOREE-532
             Project: TOREE
          Issue Type: Bug
            Reporter: SHOBHIT SHUKLA


Toree kernel startup is failing on FIPS cluster.
We are seeing Toree Scala kernel on FIPS enabled system is not starting, due to 
key type which is configured in Toree is incompatible with IBM Semeru Java 11 
which is FIPS compliant.
Getting below error :
Caused by: java.security.InvalidKeyException: init() failed
        at sun.security.pkcs11.P11Mac.engineInit(P11Mac.java:208) 
~[jdk.crypto.cryptoki:?]
        at javax.crypto.Mac.chooseProvider(Mac.java:366) ~[?:?]
        at javax.crypto.Mac.init(Mac.java:435) ~[?:?]
        at org.apache.toree.communication.security.Hmac.<init>(Hmac.scala:56) 
~[toree-assembly-0.6.0.dev0-incubating-SNAPSHOT.jar:0.6.0.dev0-incubating-SNAPSHOT]
        at org.apache.toree.communication.security.Hmac$.apply(Hmac.scala:38) 
~[toree-assembly-0.6.0.dev0-incubating-SNAPSHOT.jar:0.6.0.dev0-incubating-SNAPSHOT]
        at 
org.apache.toree.communication.security.SignatureManagerActor.<init>(SignatureManagerActor.scala:33)
 
~[toree-assembly-0.6.0.dev0-incubating-SNAPSHOT.jar:0.6.0.dev0-incubating-SNAPSHOT]
        at 
jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) 
~[?:?]
        at 
jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
 ~[?:?]
        at 
jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
 ~[?:?]
        at java.lang.reflect.Constructor.newInstance(Constructor.java:490) 
~[?:?]
        at akka.util.Reflect$.instantiate(Reflect.scala:68) 
~[toree-assembly-0.6.0.dev0-incubating-SNAPSHOT.jar:0.6.0.dev0-incubating-SNAPSHOT]
        at 
akka.actor.ArgsReflectConstructor.produce(IndirectActorProducer.scala:101) 
~[toree-assembly-0.6.0.dev0-incubating-SNAPSHOT.jar:0.6.0.dev0-incubating-SNAPSHOT]
        at akka.actor.Props.newActor(Props.scala:212) 
~[toree-assembly-0.6.0.dev0-incubating-SNAPSHOT.jar:0.6.0.dev0-incubating-SNAPSHOT]
        at akka.actor.ActorCell.newActor(ActorCell.scala:650) 
~[toree-assembly-0.6.0.dev0-incubating-SNAPSHOT.jar:0.6.0.dev0-incubating-SNAPSHOT]
        at akka.actor.ActorCell.create(ActorCell.scala:676) 
~[toree-assembly-0.6.0.dev0-incubating-SNAPSHOT.jar:0.6.0.dev0-incubating-SNAPSHOT]
        ... 9 more
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: 
CKR_KEY_TYPE_INCONSISTENT
        at sun.security.pkcs11.wrapper.PKCS11.C_SignInit(Native Method) 
~[jdk.crypto.cryptoki:?]
        at sun.security.pkcs11.P11Mac.initialize(P11Mac.java:177) 
~[jdk.crypto.cryptoki:?]
        at sun.security.pkcs11.P11Mac.engineInit(P11Mac.java:206) 
~[jdk.crypto.cryptoki:?]
        at javax.crypto.Mac.chooseProvider(Mac.java:366) ~[?:?]
        at javax.crypto.Mac.init(Mac.java:435) ~[?:?]
        at org.apache.toree.communication.security.Hmac.<init>(Hmac.scala:56) 
~[toree-assembly-0.6.0.dev0-incubating-SNAPSHOT.jar:0.6.0.dev0-incubating-SNAPSHOT]
        at org.apache.toree.communication.security.Hmac$.apply(Hmac.scala:38) 
~[toree-assembly-0.6.0.dev0-incubating-SNAPSHOT.jar:0.6.0.dev0-incubating-SNAPSHOT]
        at 
org.apache.toree.communication.security.SignatureManagerActor.<init>(SignatureManagerActor.scala:33)
 
~[toree-assembly-0.6.0.dev0-incubating-SNAPSHOT.jar:0.6.0.dev0-incubating-SNAPSHOT]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to