Most basic example:
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
public class NoSuchFieldDemo {
public static void main(String[] args) {
JcaContentSignerBuilder builder = new JcaContentSignerBuilder("SHA384withECDSA");
}
}
throws:
Exception in thread "main" java.lang.NoSuchFieldError: qTESLA_I
at org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder.(Unknown Source)
at org.bouncycastle.operator.jcajce.JcaContentSignerBuilder.(Unknown Source)
at NoSuchFieldDemo.main(NoSuchFieldDemo.java:5)
PS #1: The code, including the somewhat "magic" String "SHA384withECDSA", comes from "The Bouncy Castle FIPS Java API in 100 Examples".
PS #2: This persists after adding a BouncyCastleFipsProvider as most-preferred security provider:
// position is 1-based:
final int mostPreferredPosition = 1;
final int actualPosition = Security.insertProviderAt(new BouncyCastleFipsProvider(), mostPreferredPosition);
PS #3: I'm on Ubuntu 18.04 with AdoptOpenJDK 11.0.3+7 in case that's important
I guess it's most obvious, but what am I doing wrong?
I have got bcpkix-jdk15on on my classpath in order to have JcaContentSignerBuilder. @george-stanchev suggested that this might interfere..?
Make sure you don't have non-FIPS jars in your classpath. This can happen if you use non-FIPS bcpkix and FIPS bcprov. The non-FIPS bcpkix statically tries to add those qTESLA algorithms that are defined in bcprov, but the FIPS bcprov does not have those defined hence the exception.