[MWRAPPER-153] only-mvnw.cmd fails when FIPS mode is enabled on Windows hosts #318
Description
Zafer Balkan opened MWRAPPER-153 and commented
Problem
When only-mvnw.cmd is used to initiate the wrapper, the script fails due to MD5.
Exception calling "Create" with "0" argument(s): "This implementation is not part of the Windows Platform FIPS
validated cryptographic algorithms."
At line:1 char:1
+ $MAVEN_HOME_NAME = ([System.Security.Cryptography.MD5]::Create().Comp ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : InvalidOperationException Since the hashes are used within the script, it is easier to replace the line below
$MAVEN_HOME_NAME = ([System.Security.Cryptography.MD5]::Create().ComputeHash([byte[]][char[]]$distributionUrl) | ForEach-Object {$_.ToString("x2")}) -join '' with
$MAVEN_HOME_NAME = ([System.Security.Cryptography.SHA256]::Create().ComputeHash([byte[]][char[]]$distributionUrl) | ForEach-Object {$_.ToString("x2")}) -join '' Steps to reproduce
- Under
{}Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy{}, setEnabledto{}1{}. Run only-mvnw.cmd
Caveat
The FIPS check works with Powershell 5, not Powershell 7. It looks like the new PowerShell does not respect the OS configuration as well. So if the script is run within the new PowerShell, it would succeed due to –or thanks to– this problem.
I created an issue on their repository for this problem: PowerShell/PowerShell#24502
Remote Links: