wiremock
wiremock copied to clipboard
wiremock
wiremock doesn't work on FIPs enabled systems
I've attempted to use a simple pattern:
@Rule public WireMockRule wmr = new WireMockRule(9999);
However, when the class init happens, it fails, with: java.security.KeyManagementException: FIPS mode: only SunJSSE TrustManagers may be used
I also tried passing in a disable flag for https - I have no need for it - and yet it still fails. Why is wiremock messing with trust managers when I'm not even using https?
Can wiremock be updated to properly support being used on a FIPs enabled system?
My particular system is a build platform running https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/assembly_installing-a-rhel-8-system-with-fips-mode-enabled_security-hardening
I've seen a few other mentions to this issue as well. https://github.com/wiremock/wiremock/issues/1679 https://github.com/quarkusio/quarkus/issues/23965
I'm sure your integrated unit tests will show the issue, the gotcha is having a FIPs enabled system to run it on. If you have some extra real hardware around, you can just install redhat 8 with fips enabled.
Unfortunately, you can't just use a docker container, because the fips features follow a kernel flag of the host OS.
You might be able to use something like VirtualBox to run a redhat 8 FIPs enabled image, but I'm not sure.
If you have access to AWS / EC2, you can start up FIPs enabled images. My particular use case involves a Jenkins build server that lives on a AWS for govt hosted env, which requires FIPs to be on.
Unfortunately, I don't think that github actions supports running containers in fips mode, but would be happy to hear otherwise.
FYI This doc gives some background on what happens to the JVM when you install java on redhat with fips mode enabled: https://access.redhat.com/documentation/en-us/openjdk/8/pdf/configuring_openjdk_8_on_rhel_with_fips/openjdk-8-configuring_openjdk_8_on_rhel_with_fips-en-us.pdf