APAR status
Closed as program error.
Error description
Error Message: Java application uses Java JCE security module to encrypt/decrypt. When Java run with -Dfile.encoding=ISO8859_1 (which is the default encoding), the module works fine. But if Java startup contains -Dfile.encoding=Cp037, the operation fails with java.security.cert.CertificateException . Stack Trace: Caused by: java.lang.ExceptionInInitializerError: null at java.lang.J9VMInternals.ensureError(J9VMInternals.java:146) at java.lang.J9VMInternals.recordInitializationFailure(J9VMInternal s.java:135) at com.ibm.security.cert.UntrustedChecker.check(UntrustedChecker.ja va:67) at java.security.cert.PKIXCertPathChecker.check(PKIXCertPathChecker .java:165) at com.ibm.security.validator.SimpleValidator.engineValidate(Simple Validator.java:142) at com.ibm.security.validator.Validator.validate(Validator.java:257 ) at com.ibm.security.validator.Validator.validate(Validator.java:233 ) at com.ibm.security.validator.Validator.validate(Validator.java:202 ) at javax.crypto.a.a(Unknown Source) at javax.crypto.a.a(Unknown Source) at javax.crypto.a.a(Unknown Source) at javax.crypto.a.a(Unknown Source) at javax.crypto.b.b(Unknown Source) at javax.crypto.b.a(Unknown Source) at javax.crypto.b.b(Unknown Source) at javax.crypto.Cipher.getInstance(Unknown Source) ... Caused by: java.lang.RuntimeException: Incorrect untrusted certificate: digicert-server-cross-to-cybertrust-4C0E636A at sun.security.util.UntrustedCertificates.add(UntrustedCertificate s.java:81) at sun.security.util.UntrustedCertificates.<clinit>(UntrustedCertif icates.java:104) ... 92 common frames omitted Caused by: java.security.cert.CertificateException: Unable to initialize, java.io.IOException: insufficient data at com.ibm.security.x509.X509CertImpl.<init>(X509CertImpl.java:268) at com.ibm.crypto.provider.X509Factory.engineGenerateCertificate(Un known Source) at java.security.cert.CertificateFactory.generateCertificate(Certif icateFactory.java:407) at sun.security.util.UntrustedCertificates.add(UntrustedCertificate s.java:74) ... 93 common frames omitted .
Local fix
Problem summary
When the default encoding was overridden using the file.encoding files shipped with the JVM that contained certificates were not decoded correctly.
Problem conclusion
The code has been modified to read JVM provided certificate files when the default encoding has been overridden. A fix is made to ibmjceprovider.jar The associated Hursley RTC Problem Report is 143914 The associated Austin GIT defect is IBMJCE#73 The associated Austin APAR is IJ25711 JVMs affected: Java 7.0, Java 727 and Java 8 The fix was delivered for Java 7.0 SR10FP70, Java 727 SR4FP70 and Java 8 SR6FP15 The affected jar is "ibmjceprovider.jar". The build level of this jar for the affected releases is 20200629-335 (7.0) and 20200625-332 (8.0) . This APAR will be fixed in the following Java Releases: 8 SR6 FP15 (8.0.6.15) 7 R1 SR4 FP70 (7.1.4.70) 7 SR10 FP70 (7.0.10.70) . Contact your IBM Product's Service Team for these Service Refreshes and Fix Packs. For those running stand-alone, information about the available Service Refreshes and Fix Packs can be found at: https://www.ibm.com/developerworks/java/jdk/
Temporary fix
Comments
APAR Information
APAR number
IJ26017
Reported component name
SECURITY
Reported component ID
620700125
Reported release
270
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2020-07-02
Closed date
2020-07-02
Last modified date
2020-08-26
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
SECURITY
Fixed component ID
620700125
Applicable component levels
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"270","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]
Document Information
Modified date:
27 August 2020