VOOZH about

URL: https://www.ibm.com/support/pages/apar/IJ03969

⇱ IJ03969: IBMPKCS11IMPL CRYPTO PROVIDER - DEBUG TRACING ERROR IN THE PKCS11KEYSTORE CLASS

IJ03969: IBMPKCS11IMPL CRYPTO PROVIDER - DEBUG TRACING ERROR IN THE PKCS11KEYSTORE CLASS

APAR status

  • Closed as program error.

Error description

  • Error Message: N/A
.
Stack Trace: java.lang.NullPointerException
 at
com.ibm.crypto.pkcs11impl.provider.PKCS11KeyStore.engineSetKeyEn
try(PKCS11KeyStore.java:617)
 at java.security.KeyStore.setKeyEntry(KeyStore.java:1151)
 at
tests.com.ibm.jtc.zosSec.testKeystore.main(testKeystore.java:201
)
.
The customer experienced a NullPointerException with debug
tracing enabled for the IBMPKCS11Impl crypto provider. The
customer's code was calling KeyStore.setKeyEntry( ) with a null
certificate chain. The KeyStore being used was "PKCS11IMPLKS".

Local fix

  • Do not enable debug tracing for the IBMPKCS11Impl provider.
Debug tracing is "enabled" by adding the following java
argument: -Djava.secrity.debug=pkcs11impl"

Problem summary

  • The debug tracing logic within the IBMPKCS11Impl provider's
PKCS11KeyStore class was unprepared to handle a null certificate
chain received on a setKeyEntry() call.

Problem conclusion

  • The debug tracing logic within the IBMPKCS11Impl provider's
PKCS11KeyStore class has been modified to anticipate that a null
certificate chain may be received on a setKeyEntry( ) call.
.
This APAR will be fixed in the following Java Releases:
 8 SR5 FP11 (8.0.5.11)
 6 SR16 FP65 (6.0.16.65)
 7 SR10 FP25 (7.0.10.25)
 7 R1 SR4 FP25 (7.1.4.25)
 6 R1 SR8 FP65 (6.1.8.65)
.
Contact your IBM Product's Service Team for these Service
Refreshes and Fix Packs.
For those running stand-alone, information about the available
Service Refreshes and Fix Packs can be found at:
 https://www.ibm.com/developerworks/java/jdk/

Temporary fix



Comments


    



APAR Information




    

  • APAR number
    IJ03969
    • 

  • Reported component name
    SECURITY
    • 

  • Reported component ID
    620700125
    • 

  • Reported release
    270
    • 

  • Status
    CLOSED PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2018-02-06
    • 

  • Closed date
    2018-02-28
    • 

  • Last modified date
    2018-02-28
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 




    

  • Fixed component name
    SECURITY
    • 

  • Fixed component ID
    620700125
    • 



Applicable component levels







 
 
 
 

 [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"270","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]
 

 

 
 
 

 

 

 

 

 

 
Document Information


 

 

 Modified date:
 

 07 December 2020