2

I have a web-service method which works fine until enabling FIPS mode in tomcat. The code bellow executes fine if FIPS mode is disable:

((X509TrustManager) tm[0]).checkClientTrusted(clientCert, "want");

But when FIPS get enable on tomcat. Same line throws exception as: java.lang.IllegalArgumentException: Invalid authentication type: want.

I gone through java doc, it says method throws IllegalArgumentException if: IllegalArgumentException - if null or zero-length chain is passed in for the chain parameter or if null or zero-length string is passed in for the authType parameter.

But neither of above condition is true in my case.

Not getting why. Please help.

home
  • 12,468
  • 5
  • 46
  • 54
rot
  • 129
  • 11
  • Without any knowledge about the issue, I can read the following from the error message: _Invalid authentication type: want_, so it is not about `null` or empty strings – michael667 Sep 27 '11 at 06:51
  • @michael667 I am passing the string for authType if you look at code. And can you please tell me why it is working then when FIPS is disable. – rot Sep 27 '11 at 07:02
  • 2
    I don't have a concrete answer for you as to why the crypto provider is throwing `IllegalArgumentException` (depends on your JRE and crypto provider), but clearly it's checking whether "want" is a FIPS 140-2 approved algorithm, seeing that it's not, and throwing that exception. If you provide "RSA" instead of "want", it probably won't throw an exception because RSA is FIPS approved. To be clear: when you enable FIPS mode in any software or hardware, you can only use algorithms approved for use by FIPS 140-2. – indiv Oct 10 '11 at 18:09
  • Out of curiosity, is the certificate signed with MD5? For example, `md5WithRSAEncryption` (OID 1.2.840.113549.1.1.4)? – jww Feb 15 '14 at 16:43

0 Answers0