IBM Support

IV46429: JDK-8016916 : UNSTRUCTUREDNAME SHOULD SUPPORT DIRECTORYSTRING

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Error Message: keytool error: java.io.IOException:
    UnstructuredName has an invalid tag 19 at element 0.
    .
    Stack Trace: java.io.IOException: UnstructuredName has an
    invalid tag 19 at element 0.
     at
    com.ibm.security.pkcs9.PKCS9DerObject.decode(PKCS9DerObject.java
    :272)
     at
    com.ibm.security.pkcs9.UnstructuredName.decode(UnstructuredName.
    java:402)
     at
    com.ibm.security.pkcsutil.PKCSDerObject.decode(PKCSDerObject.jav
    a:252)
     at
    com.ibm.security.pkcs9.PKCS9DerObject.<init>(PKCS9DerObject.java
    :79)
     at
    com.ibm.security.pkcs9.UnstructuredName.<init>(UnstructuredName.
    java:78)
     at
    com.ibm.security.pkcs9.PKCS9.getPKCS9Attribute(PKCS9.java:317)
     at
    com.ibm.security.pkcs9.PKCS9.getPKCS9Attribute(PKCS9.java:284)
     at
    com.ibm.security.pkcsutil.PKCSAttribute.decode(PKCSAttribute.jav
    a:562)
     at
    com.ibm.security.pkcsutil.PKCSDerObject.decode(PKCSDerObject.jav
    a:252)
     at
    com.ibm.security.pkcsutil.PKCSDerObject.<init>(PKCSDerObject.jav
    a:105)
     at
    com.ibm.security.pkcsutil.PKCSAttribute.<init>(PKCSAttribute.jav
    a:113)
     at
    com.ibm.security.pkcsutil.PKCSAttributes.<init>(PKCSAttributes.j
    ava:153)
     at
    com.ibm.security.pkcs10.CertificationRequestInfo.decode(Certific
    ationRequestInfo.java:588)
     at
    com.ibm.security.pkcsutil.PKCSDerObject.decode(PKCSDerObject.jav
    a:252)
     at
    com.ibm.security.pkcsutil.PKCSDerObject.<init>(PKCSDerObject.jav
    a:105)
     at
    com.ibm.security.pkcs10.CertificationRequestInfo.<init>(Certific
    ationRequestInfo.java:114)
     at
    com.ibm.security.pkcs10.CertificationRequest.decode(Certificatio
    nRequest.java:835)
     at
    com.ibm.security.pkcsutil.PKCSDerObject.decode(PKCSDerObject.jav
    a:252)
     at
    com.ibm.security.pkcsutil.PKCSDerObject.<init>(PKCSDerObject.jav
    a:84)
     at
    com.ibm.security.pkcs10.CertificationRequest.<init>(Certificatio
    nRequest.java:93)
     at com.ibm.crypto.tools.KeyTool.a(Unknown Source)
     at com.ibm.crypto.tools.KeyTool.a(Unknown Source)
     at com.ibm.crypto.tools.KeyTool.a(Unknown Source)
     at com.ibm.crypto.tools.KeyTool.main(Unknown Source)
    .
    Executing keytool -printcertreq on a CSR which has requested
    extension X509v3 Subject Alternative Name of type
    PrintableString leads to the above error.
    According to the RFC 2985, unstructuredName is of type
    PKCS9String, which can be any either IA5String (supported by
    keytool) or DirectoryString (which includes PrintableString)
    

Local fix

  • N/A
    

Problem summary

  • The problem happens because PKCS9DerObject did not recognize
    valid unstructuredName encoded with PrintableString
    

Problem conclusion

  • This defect will be fixed in:
    7.0.0 SR6
    6.0.1 SR7
    6.0.0 SR15
    5.0.0 SR16FP4
    .
    A fix is made to IBMPKCS to accept unstructoredName encoded with
    PrintableString. The keytool is also updated to print
    unstructoredName properly.
    The associated Hursley CMVC defect is 199382
    The associated Austin CMVC defect is 114298
    JVMs affected: Java 5.0, Java 6.0, Java 626, and Java 7.0.
    The fix was delivered for Java 5.0 SR16FP4, Java 6.0 SR15, Java
    626 SR7, and Java 7.0 SR6.
    The affected jar is "ibmpkcs.jar" and "ibmjceprovider.jar".
    The build level of "ibmpkcs.jar" for the affected releases is
    "20130729_2".
    The build level of "ibmjceprovider.jar" for the affected
    releases is "130730".
    

Temporary fix

Comments

APAR Information

  • APAR number

    IV46429

  • Reported component name

    JAVA 5 SECURITY

  • Reported component ID

    620500125

  • Reported release

    500

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2013-07-31

  • Closed date

    2013-08-07

  • Last modified date

    2013-08-07

  • APAR is sysrouted FROM one or more of the following:

    IV46428

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    JAVA 5 SECURITY

  • Fixed component ID

    620500125

Applicable component levels

  • R500 PSY

       UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.0","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]

Document Information

Modified date:
07 December 2020