Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
435
Views
0
Helpful
1
Replies

JTAPIProperties.setSecurityPropertyForInstance - corrupted keystores

Ladislava Frckova
Level 1
Level 1

‎02-21-2023 04:15 AM

Hi,
I am trying to update our app for CUCM 14.0.1.12900-161 (SU2). We are not FIPS compliant, so according to developers guide only change in libraries on classpath is needed: https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/jtapi_dev/14_0_1/cucm_b_cisco-unified-jtapi-developers-guide-14/cucm_b_cisco-unified-jtapi-developers-guide-1251_chapter_010.html#CUCM_TP_F254F96C_00

Currently I use bc-fips, bcpkix-fips and bctls-fips instead of previous bcprov-jdk15on and bcpkix-jdk15on. I get some warnings, but I am able to download 3 files: CTLFile.tlv.sgn, JtapiServerKeyStore-* and JtapiClientKeyStore-*-*. The keystores seems corrupted.

The keystores has different type then before, it is BCFIPS now. When I try to list the certificates using BouncyCastleFipsProvider. I get:

 

java.io.IOException: BCFKS KeyStore corrupted: MAC calculation failed.

 

I use keytool for listing certificates:

keytool -list -v -keystore /path/to/certs/JtapiClientKeyStore-callrec-sec-callrecsec -storetype bcfks -provider org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider -providerpath /path/to/libs/bc-fips-1.0.2.3.jar -providername BCFIPS

 I am not sure, if the warnings during certificates download are relevant. But here they are:

Feb 21, 2023 1:10:56 PM org.bouncycastle.jsse.provider.PropertyUtils getStringSecurityProperty
INFO: Found string security property [jdk.tls.disabledAlgorithms]: SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, include jdk.disabled.namedCurves
Feb 21, 2023 1:10:56 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
WARNING: Ignoring unsupported entry in 'jdk.tls.disabledAlgorithms': include jdk.disabled.namedCurves
Feb 21, 2023 1:10:56 PM org.bouncycastle.jsse.provider.PropertyUtils getStringSecurityProperty
INFO: Found string security property [jdk.certpath.disabledAlgorithms]: MD2, MD5, SHA1 jdkCA & usage TLSServer, RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224, include jdk.disabled.namedCurves
Feb 21, 2023 1:10:56 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
WARNING: Ignoring unsupported entry in 'jdk.certpath.disabledAlgorithms': SHA1 jdkCA & usage TLSServer
Feb 21, 2023 1:10:56 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
WARNING: Ignoring unsupported entry in 'jdk.certpath.disabledAlgorithms': include jdk.disabled.namedCurves
Feb 21, 2023 1:10:56 PM org.bouncycastle.jsse.provider.PropertyUtils getBooleanSecurityProperty
INFO: Found boolean security property [keystore.type.compat]: true
numberof certs=1certLength=937

 

1 person had this problem
Labels:
0 Helpful
1 Reply 1

Ladislava Frckova
Level 1
Level 1

‎02-21-2023 08:05 AM

Does anybody have similar problem? Or does anyone have any suggestion, how to solve this?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents