APAR status
Closed as program error.
Error description
Error Message: keytool error: java.io.IOException: UnstructuredName has an invalid tag 19 at element 0. . Stack Trace: java.io.IOException: UnstructuredName has an invalid tag 19 at element 0. at com.ibm.security.pkcs9.PKCS9DerObject.decode(PKCS9DerObject.java :272) at com.ibm.security.pkcs9.UnstructuredName.decode(UnstructuredName. java:402) at com.ibm.security.pkcsutil.PKCSDerObject.decode(PKCSDerObject.jav a:252) at com.ibm.security.pkcs9.PKCS9DerObject.<init>(PKCS9DerObject.java :79) at com.ibm.security.pkcs9.UnstructuredName.<init>(UnstructuredName. java:78) at com.ibm.security.pkcs9.PKCS9.getPKCS9Attribute(PKCS9.java:317) at com.ibm.security.pkcs9.PKCS9.getPKCS9Attribute(PKCS9.java:284) at com.ibm.security.pkcsutil.PKCSAttribute.decode(PKCSAttribute.jav a:562) at com.ibm.security.pkcsutil.PKCSDerObject.decode(PKCSDerObject.jav a:252) at com.ibm.security.pkcsutil.PKCSDerObject.<init>(PKCSDerObject.jav a:105) at com.ibm.security.pkcsutil.PKCSAttribute.<init>(PKCSAttribute.jav a:113) at com.ibm.security.pkcsutil.PKCSAttributes.<init>(PKCSAttributes.j ava:153) at com.ibm.security.pkcs10.CertificationRequestInfo.decode(Certific ationRequestInfo.java:588) at com.ibm.security.pkcsutil.PKCSDerObject.decode(PKCSDerObject.jav a:252) at com.ibm.security.pkcsutil.PKCSDerObject.<init>(PKCSDerObject.jav a:105) at com.ibm.security.pkcs10.CertificationRequestInfo.<init>(Certific ationRequestInfo.java:114) at com.ibm.security.pkcs10.CertificationRequest.decode(Certificatio nRequest.java:835) at com.ibm.security.pkcsutil.PKCSDerObject.decode(PKCSDerObject.jav a:252) at com.ibm.security.pkcsutil.PKCSDerObject.<init>(PKCSDerObject.jav a:84) at com.ibm.security.pkcs10.CertificationRequest.<init>(Certificatio nRequest.java:93) at com.ibm.crypto.tools.KeyTool.a(Unknown Source) at com.ibm.crypto.tools.KeyTool.a(Unknown Source) at com.ibm.crypto.tools.KeyTool.a(Unknown Source) at com.ibm.crypto.tools.KeyTool.main(Unknown Source) . Executing keytool -printcertreq on a CSR which has requested extension X509v3 Subject Alternative Name of type PrintableString leads to the above error. According to the RFC 2985, unstructuredName is of type PKCS9String, which can be any either IA5String (supported by keytool) or DirectoryString (which includes PrintableString)
Local fix
N/A
Problem summary
The problem happens because PKCS9DerObject did not recognize valid unstructuredName encoded with PrintableString
Problem conclusion
This defect will be fixed in: 7.0.0 SR6 6.0.1 SR7 6.0.0 SR15 5.0.0 SR16FP4 . A fix is made to IBMPKCS to accept unstructoredName encoded with PrintableString. The keytool is also updated to print unstructoredName properly. The associated Hursley CMVC defect is 199382 The associated Austin CMVC defect is 114298 JVMs affected: Java 5.0, Java 6.0, Java 626, and Java 7.0. The fix was delivered for Java 5.0 SR16FP4, Java 6.0 SR15, Java 626 SR7, and Java 7.0 SR6. The affected jar is "ibmpkcs.jar" and "ibmjceprovider.jar". The build level of "ibmpkcs.jar" for the affected releases is "20130729_2". The build level of "ibmjceprovider.jar" for the affected releases is "130730".
Temporary fix
Comments
APAR Information
APAR number
IV46429
Reported component name
JAVA 5 SECURITY
Reported component ID
620500125
Reported release
500
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2013-07-31
Closed date
2013-08-07
Last modified date
2013-08-07
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
JAVA 5 SECURITY
Fixed component ID
620500125
Applicable component levels
R500 PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.0","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]
Document Information
Modified date:
07 December 2020