APAR status
Closed as program error.
Error description
Error Message: While updating/testing iKeyman and CMSprovider for IBMJCEplus, secret (Symmetric) key commands in iKeyman throws ?ObjectInputFilter REJECTED error as follows:- ikeycmd -keydb -create -db key1.jck -pw jjj ikeycmd -seckey -create -db key1.jck -pw jjj -label key1 -keyalg "aes" -keysize 128 ikeycmd -seckey -list -db key1.jck -pw jjj May 23, 2019 11:33:52 AM java.io.ObjectInputStream filterCheck INFO: ObjectInputFilter REJECTED: class java.security.KeyRep, array length: -1, nRefs: 1, depth: 1, bytes: 138, ex: n/a May 23, 2019 11:33:52 AM java.io.ObjectInputStream filterCheck INFO: ObjectInputFilter REJECTED: class java.security.KeyRep, array length: -1, nRefs: 1, depth: 1, bytes: 138, ex: n/a May 23, 2019 11:33:52 AM java.io.ObjectInputStream filterCheck INFO: ObjectInputFilter REJECTED: class java.security.KeyRep, array length: -1, nRefs: 1, depth: 1, bytes: 138, ex: n/a May 23, 2019 11:33:52 AM java.io.ObjectInputStream filterCheck INFO: ObjectInputFilter REJECTED: class java.security.KeyRep, array length: -1, nRefs: 1, depth: 1, bytes: 138, ex: n/a May 23, 2019 11:33:53 AM java.io.ObjectInputStream filterCheck INFO: ObjectInputFilter REJECTED: class java.security.KeyRep, array length: -1, nRefs: 1, depth: 1, bytes: 138, ex: n/a May 23, 2019 11:33:53 AM java.io.ObjectInputStream filterCheck INFO: ObjectInputFilter REJECTED: class java.security.KeyRep, array length: -1, nRefs: 1, depth: 1, bytes: 138, ex: n/a No secret key was found in the key database. . Stack Trace: N/A .
Local fix
Force KeyGenerator to use IBMJCE instead. Eg: KeyGenerator keyGen = KeyGenerator.getInstance(?AES?, PROVIDER=?IBMJCE?);
Problem summary
java.security.Keystore.getKey returns java.security.UnrecoverableKeyException: Rejected by the jceks.key.serialFilter or jdk.serialFilter property.
Problem conclusion
Update includes 3 new entries ( java.lang.Enum; , java.security.KeyRep;, java.security.KeyRep$Type;) to the ?jceks.key.serialFilter? attribute of the IBM Java 8 java.security file. . This APAR will be fixed in the following Java Releases: 8 SR6 (8.0.6.0) . Contact your IBM Product's Service Team for these Service Refreshes and Fix Packs. For those running stand-alone, information about the available Service Refreshes and Fix Packs can be found at: https://www.ibm.com/developerworks/java/jdk/
Temporary fix
Comments
APAR Information
APAR number
IJ20939
Reported component name
SECURITY
Reported component ID
620700125
Reported release
270
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2019-11-11
Closed date
2019-11-11
Last modified date
2019-11-11
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
SECURITY
Fixed component ID
620700125
Applicable component levels
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"270","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]
Document Information
Modified date:
07 December 2020