0

I am trying to use bc-fips-1.0.1 for a small java application but I am consistently met with the following warning when I run the program:

WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider$CoreSecureRandom (file:/home/****/IdeaProjects/java-projects/test-project/lib/bc-fips-1.0.1.jar) to method sun.security.jca.Providers.getSunProvider()
WARNING: Please consider reporting this to the maintainers of org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider$CoreSecureRandom
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release

Having added the correct entry for the library into the "java.security" file and added the jar file as a global library in Intellij I am getting the warning from the key initalization line in the following code:

public static void main(String[] args){
    try{
        KeyPairGenerator kp = KeyPairGenerator.getInstance("RSA", "BCFIPS");
        kp.initialize(2048);
    }catch(GeneralSecurityException  e){
        System.out.println(e.getMessage());
    } 
}

I have tried using the bcfips recommended key initialization syntax:

        keyPairGenerator.initialize(new RSAKeyGenParameterSpec(3072, RSAKeyGenParameterSpec.F4));

I have also tried switching my JDK from 11.0.2 to 11.0.5. Researching reflection gave me no further insight into what the issue could be. I have also tried adding the provider dynamically but this does not change the warning.

Mark Rotteveel
  • 100,966
  • 191
  • 140
  • 197
nrmad
  • 422
  • 9
  • 19
  • See also [JDK9: An illegal reflective access operation has occurred. org.python.core.PySystemState](https://stackoverflow.com/questions/46230413/jdk9-an-illegal-reflective-access-operation-has-occurred-org-python-core-pysys), and others. The problem is not with your configuration, this library is using functionality through reflection in a way that will be disallowed in future Java versions. You need to check if there is a newer version of this library that fixed this, or report a problem with the maintainer of this library. – Mark Rotteveel Jan 06 '20 at 17:47
  • I found the solution as this question was marked as answered already I will put it here. First I added the bc-fips library as a global library to the project instead of a module, the warning went away when I added a requires statement for bc.fips and added the global library to the new module. In its place I got a different error which can be solved by Configuring the Default SecureRandom outlined in example 3 at https://www.bouncycastle.org/fips-java/BCFipsIn100.pdf – nrmad Jan 06 '20 at 18:34

0 Answers0