[
https://issues.apache.org/jira/browse/TOREE-532?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17652906#comment-17652906
]
Luciano Resende commented on TOREE-532:
---------------------------------------
See this for possible workarounds as this seems to be an RHEL8 + OpenJDK1.8
issue.
https://stackoverflow.com/questions/72789547/ckr-key-type-inconsistent-when-deriving-signing-key-in-fips-mode-using-sunpkcs1
> Toree kernel startup failing in FIPS enable mode.
> -------------------------------------------------
>
> Key: TOREE-532
> URL: https://issues.apache.org/jira/browse/TOREE-532
> Project: TOREE
> Issue Type: Bug
> Reporter: SHOBHIT SHUKLA
> Priority: Major
>
> Toree kernel startup is failing on FIPS cluster.
> We are seeing Toree Scala kernel on FIPS enabled system is not starting, due
> to key type which is configured in Toree is incompatible with IBM Semeru Java
> 11 which is FIPS compliant.
> Getting below error :
> Caused by: java.security.InvalidKeyException: init() failed
> at sun.security.pkcs11.P11Mac.engineInit(P11Mac.java:208)
> ~[jdk.crypto.cryptoki:?]
> at javax.crypto.Mac.chooseProvider(Mac.java:366) ~[?:?]
> at javax.crypto.Mac.init(Mac.java:435) ~[?:?]
> at org.apache.toree.communication.security.Hmac.<init>(Hmac.scala:56)
> ~[toree-assembly-0.6.0.dev0-incubating-SNAPSHOT.jar:0.6.0.dev0-incubating-SNAPSHOT]
> at org.apache.toree.communication.security.Hmac$.apply(Hmac.scala:38)
> ~[toree-assembly-0.6.0.dev0-incubating-SNAPSHOT.jar:0.6.0.dev0-incubating-SNAPSHOT]
> at
> org.apache.toree.communication.security.SignatureManagerActor.<init>(SignatureManagerActor.scala:33)
>
> ~[toree-assembly-0.6.0.dev0-incubating-SNAPSHOT.jar:0.6.0.dev0-incubating-SNAPSHOT]
> at
> jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native
> Method) ~[?:?]
> at
> jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
> ~[?:?]
> at
> jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
> ~[?:?]
> at java.lang.reflect.Constructor.newInstance(Constructor.java:490)
> ~[?:?]
> at akka.util.Reflect$.instantiate(Reflect.scala:68)
> ~[toree-assembly-0.6.0.dev0-incubating-SNAPSHOT.jar:0.6.0.dev0-incubating-SNAPSHOT]
> at
> akka.actor.ArgsReflectConstructor.produce(IndirectActorProducer.scala:101)
> ~[toree-assembly-0.6.0.dev0-incubating-SNAPSHOT.jar:0.6.0.dev0-incubating-SNAPSHOT]
> at akka.actor.Props.newActor(Props.scala:212)
> ~[toree-assembly-0.6.0.dev0-incubating-SNAPSHOT.jar:0.6.0.dev0-incubating-SNAPSHOT]
> at akka.actor.ActorCell.newActor(ActorCell.scala:650)
> ~[toree-assembly-0.6.0.dev0-incubating-SNAPSHOT.jar:0.6.0.dev0-incubating-SNAPSHOT]
> at akka.actor.ActorCell.create(ActorCell.scala:676)
> ~[toree-assembly-0.6.0.dev0-incubating-SNAPSHOT.jar:0.6.0.dev0-incubating-SNAPSHOT]
> ... 9 more
> Caused by: sun.security.pkcs11.wrapper.PKCS11Exception:
> CKR_KEY_TYPE_INCONSISTENT
> at sun.security.pkcs11.wrapper.PKCS11.C_SignInit(Native Method)
> ~[jdk.crypto.cryptoki:?]
> at sun.security.pkcs11.P11Mac.initialize(P11Mac.java:177)
> ~[jdk.crypto.cryptoki:?]
> at sun.security.pkcs11.P11Mac.engineInit(P11Mac.java:206)
> ~[jdk.crypto.cryptoki:?]
> at javax.crypto.Mac.chooseProvider(Mac.java:366) ~[?:?]
> at javax.crypto.Mac.init(Mac.java:435) ~[?:?]
> at org.apache.toree.communication.security.Hmac.<init>(Hmac.scala:56)
> ~[toree-assembly-0.6.0.dev0-incubating-SNAPSHOT.jar:0.6.0.dev0-incubating-SNAPSHOT]
> at org.apache.toree.communication.security.Hmac$.apply(Hmac.scala:38)
> ~[toree-assembly-0.6.0.dev0-incubating-SNAPSHOT.jar:0.6.0.dev0-incubating-SNAPSHOT]
> at
> org.apache.toree.communication.security.SignatureManagerActor.<init>(SignatureManagerActor.scala:33)
>
> ~[toree-assembly-0.6.0.dev0-incubating-SNAPSHOT.jar:0.6.0.dev0-incubating-SNAPSHOT]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
