IBM Support

IV64563: SECURITYEXCEPTION THROWN WHEN IBMPKCS11IMPL BEFORE IBMJCE

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • Error Message: java.lang.SecurityException: Cannot set up certs
    for trusted CAs
    .
    Stack Trace: Exception in thread "main"
    java.lang.ExceptionInInitializerErrorat
    java.lang.J9VMInternals.ensureError(J9VMInternals.java:167)at
    java.lang.J9VMInternals.recordInitializationFailure(J9VMInternal
    s.java:156)at javax.crypto.Cipher.getInstance(Unknown
    Source)Caused by: java.lang.SecurityException: Cannot set up
    certs for trusted CAsat
    javax.crypto.JceSecurity.<clinit>(Unknown Source)... 3
    moreCaused by: com.ibm.pkcs11.PKCS11Exception: Session handle is
    invalidat com.ibm.pkcs11.nat.NativePKCS11Session.close(Native
    Method)at
    com.ibm.crypto.pkcs11impl.provider.Session.close(Session.java:47
    8)at
    com.ibm.crypto.pkcs11impl.provider.SessionManager.closeSession(S
    essionManager.java:384)at
    com.ibm.crypto.pkcs11impl.provider.Hash.engineUpdate(Hash.java:1
    41)at
    com.ibm.crypto.pkcs11impl.provider.GeneralHashing.engineUpdate(G
    eneralHashing.java:152)at
    com.ibm.crypto.pkcs11impl.provider.GeneralHashing.engineUpdate(G
    eneralHashing.java:143)at
    java.security.MessageDigest$Delegate.engineUpdate(MessageDigest.
    java:575)at
    java.security.MessageDigest.update(MessageDigest.java:302)at
    javax.crypto.JceSecurity.getSystemEntropy(Unknown Source)at
    javax.crypto.JceSecurity.testSignatures(Unknown Source)at
    javax.crypto.JceSecurity.access$500(Unknown Source)at
    javax.crypto.JceSecurity$1.run(Unknown Source)at
    java.security.AccessController.doPrivileged(AccessController.jav
    a:330)... 4 more
    .
    When IBMPKCS11Impl provider was put before IBMJCE, usage of
    security functions like Cipher.getInstance() may fail.
    

Local fix

  • Put IBMJCE before IBMPKCS11Impl
    

Problem summary

  • JCE framework verification may fail when IBMPKCS11impl provider
    is put before IBMJCE.
    

Problem conclusion

  • A fix is made to IBM JCE frameworkThe associated Hursley RTC
    Problem Report is 71544The associated Austin CMVC defect is
    115858JVMs affected: Java 5.0, Java 6.0, Java 626, Java 7.0 and
    Java 727The fix was delivered for Java 5.0 SR16FP8, Java 6.0
    SR16FP2, Java 626 SR8FP2, Java 7.0 SR8 and Java 727 SR2The
    affected jar is "ibmjcefw.jar".The build level of this jar for
    the affected releases is "20140826"
    .
    This APAR will be fixed in the following Java Releases:
       7 R1 SR2       (7.1.2.0)
       7    SR8       (7.0.8.0)
       6    SR16 FP2  (6.0.16.2)
       6 R1 SR8 FP2   (6.1.8.2)
       5.0  SR16 FP8  (5.0.16.8)
    .
    Contact your IBM Product's Service Team for these Service
    Refreshes and Fix Packs.
    For those running stand-alone, Java maintenance is available
    from:
               https://www.ibm.com/developerworks/java/jdk/
    

Temporary fix

Comments

APAR Information

  • APAR number

    IV64563

  • Reported component name

    JAVA 5 SECURITY

  • Reported component ID

    620500125

  • Reported release

    500

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2014-09-03

  • Closed date

    2014-09-03

  • Last modified date

    2014-09-03

  • APAR is sysrouted FROM one or more of the following:

    IV64562

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    JAVA 5 SECURITY

  • Fixed component ID

    620500125

Applicable component levels

  • R500 PSY

       UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.0","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]

Document Information

Modified date:
07 December 2020