IV19948: NULLPOINTEREXCEPTION WILL BE THROWN WHEN VALIDATING THE DIGITAL SIGNATURE AFTER A GERNERALSECURITYEXCEPTION HAS OCCURRED

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

APAR status

  • Closed as program error.

Error description

  • When GerneralSecurityException (such as InvalidKeyExeption) is
    thrown in validation of the digital signature in xml, an
    incorrect instance of signature will be put to the cache for
    future use. When another validation is performed afterward, the
    cached signature object will be reused and NullPointerExeption
    will be thrown. In such situation, the signature object should
    not be cached for reuse.
    
    Affected JVMs:
    
    6.0, 6.26, 7.0
    
    Affected JAR:
    ibmxmlcrypto.jar
    

Local fix

  • Level 3 to update.
    

Problem summary

  •  When GeneralSecurityException (such as InvalidKeyExeption) is
    thrown in validation of the digital signature in xml, an
    incorrect instance of signature will be put to the cache for
    future use. When another validation is performed afterward, the
    cached signature object will be reused and NullPointerExeption
    will be thrown. In such situation, the signature object should
    not be cached for reuse.
    

Problem conclusion

  • Affects ibmxmlcrypto.jar.  Available in 6.0 SR11,  6.0_26 SR 3,
    and 7.0 SR 3
    
    Jar build date: 120425
    

Temporary fix

Comments

APAR Information

  • APAR number

    IV19948

  • Reported component name

    JAVA SPEC REQUE

  • Reported component ID

    TIVOXML00

  • Reported release

    100

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2012-04-23

  • Closed date

    2012-04-25

  • Last modified date

    2012-04-26

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    JAVA SPEC REQUE

  • Fixed component ID

    TIVOXML00

Applicable component levels

  • R100 PSY

       UP



Rate this page:

(0 users)Average rating

Document information


More support for:

Tivoli Components - Java Security

Software version:

100

Reference #:

IV19948

Modified date:

2012-04-26

Translate my page

Machine Translation

Content navigation