APAR status
Closed as program error.
Error description
Error Message: java.lang.NullPointerException during keystore load . Stack Trace: java.lang.NullPointerException at com.ibm.security.x509.X509CertImpl.getIssuerKeyIdentifier(X509Ce rtImpl.java:2950) at com.ibm.crypto.provider.PKCS12KeyStoreOracle.a(Unknown Source) at com.ibm.crypto.provider.PKCS12KeyStoreOracle.engineLoad(Unknown Source) at java.security.KeyStore.load(KeyStore.java:1456) .
Local fix
Only use certificates with AKI extension that contains a KeyIdentifier (not name and serial number).
Problem summary
A NullPointerException is thrown when loading a keystore which contains an X509Certificate with an Authority Key Identifier extension which does not contain a Key Identifier.
Problem conclusion
The code has been modified to prevent the NullPointerException. This fix corrects the way an Authority Key Identifier (AKID) X.509 certificate extension is handled. Two forms of AKID are permitted: hash-based and name/serial number based. This fix corrects that check to handle the rare case when a certificate contains a non-hash-based AKID. A fix is made to ibmpkcs.jar The associated Hursley RTC Problem Report is 143179 The associated Austin defect PKCS Issue#42 NullPointerException thrown from X509CertImpl.getIssuerKeyIdentifier The associated Austin APAR is IJ22676 JVMs affected: Java 8 The fix was delivered for Java 8 SR6FP7 The affected jar is "ibmpkcs.jar" build level: 20200214-184 . This APAR will be fixed in the following Java Releases: 8 SR6 FP7 (8.0.6.7) . Contact your IBM Product's Service Team for these Service Refreshes and Fix Packs. For those running stand-alone, information about the available Service Refreshes and Fix Packs can be found at: https://www.ibm.com/developerworks/java/jdk/
Temporary fix
Comments
APAR Information
APAR number
IJ23018
Reported component name
SECURITY
Reported component ID
620700125
Reported release
270
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2020-02-26
Closed date
2020-02-26
Last modified date
2020-04-06
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
SECURITY
Fixed component ID
620700125
Applicable component levels
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"270","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]
Document Information
Modified date:
07 December 2020