Unable to list contents of a Bouncy Castle Keystore using keytool, keytool error: java.lang.Exception: Provider "org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider" not found
Article ID: 429722
Updated On:
Products
Issue/Introduction
When listing a bouncy castle keystore, keytool command errors out even with correct reference and permissions to the bc-fips.jar and the provider BouncyCastleFipsProvider
/opt/CA/WorkloadAutomationAE/jre/bin/keytool -keystore /opt/CA/WorkloadAutomationAE/wcc/data/config/.keystore -storepass ####### -list -v -providerclass org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider -providerpath /opt/CA/WorkloadAutomationAE/wcc/bin/lib/bc-fips.jar -storetype BCFKS
keytool error: java.lang.Exception: Provider "org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider" not found
java.lang.Exception: Provider "org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider" not found
at java.base/sun.security.tools.keytool.Main.doCommands(Unknown Source)
at java.base/sun.security.tools.keytool.Main.run(Unknown Source)
at java.base/sun.security.tools.keytool.Main.main(Unknown Source)
Caused by: java.lang.reflect.InvocationTargetException
at java.base/jdk.internal.reflect.DirectConstructorHandleAccessor.newInstance(Unknown Source)
at java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Unknown Source)
at java.base/java.lang.reflect.Constructor.newInstance(Unknown Source)
at java.base/sun.security.tools.KeyStoreUtil.loadProviderByClass(Unknown Source)
... 3 more
Caused by: java.lang.UnsatisfiedLinkError: /tmp/bc-fips-jni_35392258865587/libbc-probe.so: /tmp/bc-fips-jni_35392258865587/libbc-probe.so: failed to map segment from shared object
at java.base/jdk.internal.loader.NativeLibraries.load(Native Method)
at java.base/jdk.internal.loader.NativeLibraries$NativeLibraryImpl.open(Unknown Source)
at java.base/jdk.internal.loader.NativeLibraries.loadLibrary(Unknown Source)
at java.base/jdk.internal.loader.NativeLibraries.loadLibrary(Unknown Source)
at java.base/java.lang.ClassLoader.loadLibrary(Unknown Source)
at java.base/java.lang.Runtime.load0(Unknown Source)
at java.base/java.lang.System.load(Unknown Source)
at org.bouncycastle.crypto.fips.NativeLoader$1.run(Unknown Source)
at java.base/java.security.AccessController.doPrivileged(Unknown Source)
at org.bouncycastle.crypto.fips.NativeLoader.loadDriver(Unknown Source)
at org.bouncycastle.crypto.fips.FipsStatus.isReady(Unknown Source)
at org.bouncycastle.crypto.CryptoServicesRegistrar.getDefaultMode(Unknown Source)
at org.bouncycastle.crypto.CryptoServicesRegistrar.<clinit>(Unknown Source)
at org.bouncycastle.jcajce.provider.ProvSecureHash$MD5.configure(Unknown Source)
at org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider.<init>(Unknown Source)
at org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider.<init>(Unknown Source)
at org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider.<init>(Unknown Source)
... 7 more
Environment
AutoSys 24.1.x
Cause
/tmp is set with NOEXEC privileges
Resolution
Remount /tmp with execute bit ON, or provide keytool with a tmp directory reference which has execute bit on it and re-run the command again
/opt/CA/WorkloadAutomationAE/jre/bin/keytool -keystore /opt/CA/WorkloadAutomationAE/wcc/data/config/.keystore -storepass ##### -list -v -providerclass org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider -providerpath /opt/CA/WorkloadAutomationAE/wcc/bin/lib/bc-fips.jar -storetype BCFKS -J-Djava.io.tmpdir=/home/autosys
Additional Information
There are no spaces between -J and -D
-J-Djava.io.tmpdir=/home/autosys
Feedback
