IBM Support

IV20285: ERROR WHILE IMPORTING A CERTIFICATE TO A KEYSTORE WITH A HYBRID IBM JVM ON SOLARIS/HP-UX, JAVA.LANG.CLASSCASTEXCEPTION MESSAGE

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • Description:

When
com.ibm.security.keystoreutil.KeyStoreUtil.importCertificate(s)
is used to import certificate to a keystore with a hybrid IBM
JVM on Solaris/HP-UX, java.lang.ClassCastException will be
thrown with the message "sun.security.x509.X500Name cannot be
cast to com.ibm.security.x509.X500Name". This is because the Sun
provider will be chosen to generate the x509 certificate instead
of IBMJCE. The X500Name obtained from the certificate will be
sun.security.x509.X500Name, which make it fail to cast to
com.ibm.security.x509.X500Name.

Affected class:
com.ibm.security.keystoreutil.KeyStoreUtil in ibmkeycert.jar

Affected JVM:
5.0, 6.0, 6.26, 7.0

Local fix

  • N/A

Problem summary

  • Error "sun.security.x509.X500Name cannot be cast to
com.ibm.security.x509.X500Name" while importing a certificate
with "KeyStoreUtil.importCertificate"

When
com.ibm.security.keystoreutil.KeyStoreUtil.importCertificate(s)
is used to import certificate to a keystore with a hybrid IBM
JVM on Solaris/HP-UX, java.lang.ClassCastException will be
thrown with the message "sun.security.x509.X500Name cannot be
cast to com.ibm.security.x509.X500Name". This is because the Sun
provider will be chosen to generate the x509 certificate instead
of IBMJCE. The X500Name obtained from the certificate will be
sun.security.x509.X500Name, which make it fail to cast to
com.ibm.security.x509.X500Name.

Problem conclusion

  • Hardcode KeyStoreUtil.importCertificate to always use the IBMJCE
provider.
Availability:
ibmkeycert.jar dated 20120430
142sr13 FP13, 50sr14, 60sr11, 6.26sr3 and 7.0sr3
Hursley Defect 191179
Austin Defect 112792

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IV20285
    • 

  • Reported component name
    TIVOLI JAVA PKC
    • 

  • Reported component ID
    TIVSECPKC
    • 

  • Reported release
    100
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt
    • 

  • Submitted date
    2012-04-27
    • 

  • Closed date
    2012-04-30
    • 

  • Last modified date
    2012-09-05
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    TIVOLI JAVA PKC
    • 

  • Fixed component ID
    TIVSECPKC
    • 



Applicable component levels


    

  • R100  PSY
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSCZL45","label":"PKCS"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"100","Edition":"","Line of Business":{"code":"","label":""}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            05 September 2012
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback