VOOZH about

URL: https://www.ibm.com/support/pages/apar/IJ23018

⇱ IJ23018: NULLPOINTEREXCEPTION THROWN FROM X509CERTIMPL.GETISSUERKEYIDENTIFIER

IJ23018: NULLPOINTEREXCEPTION THROWN FROM X509CERTIMPL.GETISSUERKEYIDENTIFIER

APAR status

  • Closed as program error.

Error description

  • Error Message: java.lang.NullPointerException during keystore
load
.
Stack Trace: java.lang.NullPointerException
at
com.ibm.security.x509.X509CertImpl.getIssuerKeyIdentifier(X509Ce
rtImpl.java:2950)
at com.ibm.crypto.provider.PKCS12KeyStoreOracle.a(Unknown
Source)
at
com.ibm.crypto.provider.PKCS12KeyStoreOracle.engineLoad(Unknown
Source)
at java.security.KeyStore.load(KeyStore.java:1456)
.

Local fix

  • Only use certificates with AKI extension that contains a
KeyIdentifier (not name and serial number).

Problem summary

  • A NullPointerException is thrown when loading a keystore which
contains an X509Certificate with an Authority Key Identifier
extension which does not contain a Key Identifier.

Problem conclusion

  • The code has been modified to prevent the NullPointerException.
This fix corrects the way an Authority Key Identifier (AKID)
X.509 certificate extension is
handled. Two forms of AKID are permitted: hash-based and
name/serial number based.
This fix corrects that check to handle the rare case when a
certificate contains
a non-hash-based AKID.
A fix is made to ibmpkcs.jar
The associated Hursley RTC Problem Report is 143179
The associated Austin defect PKCS Issue#42 NullPointerException
thrown from X509CertImpl.getIssuerKeyIdentifier
The associated Austin APAR is IJ22676
JVMs affected: Java 8
The fix was delivered for Java 8 SR6FP7
The affected jar is "ibmpkcs.jar" build level: 20200214-184
.
This APAR will be fixed in the following Java Releases:
 8 SR6 FP7 (8.0.6.7)
.
Contact your IBM Product's Service Team for these Service
Refreshes and Fix Packs.
For those running stand-alone, information about the available
Service Refreshes and Fix Packs can be found at:
 https://www.ibm.com/developerworks/java/jdk/

Temporary fix



Comments


    



APAR Information




    

  • APAR number
    IJ23018
    • 

  • Reported component name
    SECURITY
    • 

  • Reported component ID
    620700125
    • 

  • Reported release
    270
    • 

  • Status
    CLOSED PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2020-02-26
    • 

  • Closed date
    2020-02-26
    • 

  • Last modified date
    2020-04-06
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    SECURITY
    • 

  • Fixed component ID
    620700125
    • 



Applicable component levels







 
 
 
 

 [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"270","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]
 

 

 
 
 

 

 

 

 

 

 
Document Information


 

 

 Modified date:
 

 07 December 2020