- Клиенты Java, использующие поставщик BouncyCastle FIPS и поставщик BouncyCastleJSSE
- Клиенты C++, использующие libcurl (бэкэнд OpenSSL) с использованием поставщика OpenSSL fips.
Зависимости Jar:
- log4j-core-2.17.1.jar log4j-api-2.17.1.jar
jackson-annotations-2.13.4.jar jackson-core-2.13.4.jar
jackson-databind-2.13.4.2.jar bc-fips-2.1.0.jar
bcpkix-fips-2.1.10.jar bctls-fips-2.1.22.jar bcutil-fips-2.1.5.jar
log4j-jul-2.25.3.jar
Код: Выделить всё
System.setProperty("org.bouncycastle.fips.approved_only", Boolean.TRUE.toString());
System.setProperty("jdk.tls.trustNameService", Boolean.TRUE.toString());
System.setProperty("java.util.logging.manager", "org.apache.logging.log4j.jul.LogManager");
Код: Выделить всё
if( Security.getProvider(FIPS_PROVIDER_NAME) == null)
{
Class bcFipsClass = Class.forName("org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider");
Provider bcFipsObj = (Provider)bcFipsClass.getDeclaredConstructor().newInstance();
Security.insertProviderAt(bcFipsObj, 1);
}
if( Security.getProvider(FIPS_JSSE_PROVIDER_NAME) == null)
{
Class bcJsseClass = Class.forName("org.bouncycastle.jsse.provider.BouncyCastleJsseProvider");
Constructor bcJsseClassConstructor = bcJsseClass.getConstructor(String.class);
Provider bcJsseObj = (Provider)bcJsseClassConstructor.newInstance("fips:BCFIPS");
Security.insertProviderAt(bcJsseObj, 2);
}
String type = (Security.getProvider("BCJSSE") != null) ? "BCFKS" : "PKCS12";
..
// generate truststore from ca pem file
KeyStore trustStore = null;
if ( caPemFile != null && !caPemFile.isBlank() )
{
try ( final InputStream inputStream = new FileInputStream(caPemFile) )
{
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
Collection
Подробнее здесь: [url]https://stackoverflow.com/questions/79900413/client-strict-fips-compliant-fips-140-3[/url]