如何使 Weblogic 11gR2 (10.3.3) 符合 FIPS-140 标准

How to make Weblogic 11gR2 (10.3.3) FIPS-140 compliant

我们的 Ear 应用程序托管在 Weblogic 10.3.3 服务器上。

此应用正在与 BO 4.1 交互,我们现在尝试连接到它时遇到此错误:

    com.tranme.guide.commonservices.report.InteractionBOException: com.crystaldecisions.sdk.exception.SDKException$ConfidentialChannelFailed: Impossible d'굡blir un canal confidentiel. (FWM 02119)
cause:com.businessobjects.bcm.exception.FIPSError: Cryptographic library is not FIPS-140-compliant.
detail:Impossible d'굡blir un canal confidentiel. (FWM 02119) Cryptographic library is not FIPS-140-compliant.
  at com.tranme.guide.commonservices.report.CrystalReportHelper.getReportInfoObjectsByReportName(CrystalReportHelper.java:515)
  at com.tranme.guide.notificationmgt.manager.reports.util.ReportManagementTools.getReportInstanceStatuses(ReportManagementTools.java:81)
  at com.tranme.guide.notificationmgt.manager.reports.util.ReportManagementTools.getGenerationStatusResults(ReportManagementTools.java:51)
  at com.tranme.guide.notificationmgt.manager.BaseNotificationManager.updateReportGenerationStatus(BaseNotificationManager.java:217)
  at com.tranme.guide.notificationmgt.business.ejb.impl.NotificationManagementFacadeBeanImpl.updateReportGenerationStatus(NotificationManagementFacadeBeanImpl.java:123)
  at com.tranme.guide.notificationmgt.business.ejb.impl.NotificationManagementFacadeBeanImpl_z3lp9c_EOImpl.updateReportGenerationStatus(NotificationManagementFacadeBeanImpl_z3lp9c_EOImpl.java:140)
  at com.tranme.guide.notificationmgt.business.ejb.impl.NotificationManagementFacadeBeanImpl_z3lp9c_EOImpl_WLSkel.invoke(Unknown Source)
  at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:589)
  at weblogic.rmi.cluster.ClusterableServerRef.invoke(ClusterableServerRef.java:230)
  at weblogic.rmi.internal.BasicServerRef.run(BasicServerRef.java:477)
  at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
  at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:147)
  at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:473)
  at weblogic.rmi.internal.wls.WLSExecuteRequest.run(WLSExecuteRequest.java:118)
  at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
  at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
Caused by: com.crystaldecisions.sdk.exception.SDKException$ConfidentialChannelFailed: Impossible d'굡blir un canal confidentiel. (FWM 02119)
cause:com.businessobjects.bcm.exception.FIPSError: Cryptographic library is not FIPS-140-compliant.
detail:Impossible d'굡blir un canal confidentiel. (FWM 02119) Cryptographic library is not FIPS-140-compliant.
  at com.crystaldecisions.sdk.occa.security.internal.ConfidentialChannelService.establishConfidentialChannel(ConfidentialChannelService.java:199)
  at com.crystaldecisions.sdk.occa.security.internal.ConfidentialChannelService.createConfidentialChannel(ConfidentialChannelService.java:145)
  at com.crystaldecisions.sdk.occa.security.internal.CCMap.locateCCItem(CCMap.java:63)
  at com.crystaldecisions.sdk.occa.security.internal.LogonService.doUserLogon(LogonService.java:845)
  at com.crystaldecisions.sdk.occa.security.internal.LogonService.doUserLogon(LogonService.java:805)
  at com.crystaldecisions.sdk.occa.security.internal.LogonService.userLogon(LogonService.java:210)
  at com.crystaldecisions.sdk.occa.security.internal.SecurityMgr.userLogon(SecurityMgr.java:166)
  at com.crystaldecisions.sdk.framework.internal.SessionMgr.logon_aroundBody0(SessionMgr.java:454)
  at com.crystaldecisions.sdk.framework.internal.SessionMgr.logon_aroundBody1$advice(SessionMgr.java:512)
  at com.crystaldecisions.sdk.framework.internal.SessionMgr.logon(SessionMgr.java:1)
  at com.tranme.guide.commonservices.report.CrystalReportHelper.getSession(CrystalReportHelper.java:156)
  at com.tranme.guide.commonservices.report.CrystalReportHelper.getReportInfoObjectsByReportName(CrystalReportHelper.java:502)
  ... 15 more
Caused by: com.businessobjects.bcm.exception.FIPSError: Cryptographic library is not FIPS-140-compliant.
  at com.businessobjects.bcm.internal.BcmRsaLib.CheckStartupErrors(BcmRsaLib.java:28)
  at com.businessobjects.bcm.internal.DHKeyAgreeImpl.<init>(DHKeyAgreeImpl.java:22)
  at com.businessobjects.bcm.BCM.createKeyAgreement(BCM.java:1080)
  at com.crystaldecisions.sdk.occa.security.internal.ConfidentialChannelService.establishConfidentialChannel(ConfidentialChannelService.java:175)
  ... 26 more

BO SDK 库在 weblogic 类路径中(这是我之前的开发人员决定实现它们的方式)。

我已经尝试过 SAP 论坛提出的解决方案,但没有成功。

WLS 11G 需要为 FIPS-compliant SSL connections 配置这些东西:

  • cryptojFIPS.jar 添加到 PRE_CLASSPATH 变量(这类似于 SAP 论坛 suggested
  • 指定了命令行参数 -Dweblogic.security.SSL.nojce=true
  • JVM 具有无限强度的 JCE(此处有更多详细信息 for WLS12C,但步骤相似)。这可能已经设置好了。