IJ48740: KEYTOOL ERROR WHEN A KEYSTORE IS CREATED WITH "-EXT EXTENDEDKEYUSAGE=SERVERAUTH"

APAR status

Closed as program error.

Error description

keytool error (likely untranslated):
java.lang.IllegalArgumentException: java.util.Vector
incompatible with [Ljava.lang.Object;

Stack Trace, if applicable:

java.lang.ClassCastException: java.util.Vector incompatible with
[Ljava.lang.Object;
at java.lang.reflect.Array.getLength(Array.java:255)
at com.ibm.security.x509.ExtKeyUsageExtension.<init>(ExtKeyUsag
eExtension.java:227)
at com.ibm.crypto.tools.KeyTool.a(Bytecode PC: 1662)
at com.ibm.crypto.tools.KeyTool.a(Bytecode PC: 434)
at com.ibm.crypto.tools.KeyTool.a(Bytecode PC: 4337)
at com.ibm.crypto.tools.KeyTool.a(Bytecode PC: 14)
at com.ibm.crypto.tools.KeyTool.main(Bytecode PC: 13)

Other Error Information, as reported by customer: This problem
happens with IBM Java SDK 8.0.8.10, but not happen with IBM Java
SDK 8.0.8.6.

Workaround: none

Local fix

Problem summary

Keytool error when a keystore is created with "-ext
ExtendedKeyUsage=serverAuth"

ERROR DESCRIPTION:

When a keystore is created by the keytool command with "-ext
ExtendedKeyUsage=serverAuth", it fails with the following error.

keytool error (likely untranslated):
java.lang.IllegalArgumentException: java.util.Vector
incompatible with [Ljava.lang.Object;

The stack trace is:

java.lang.ClassCastException: java.util.Vector incompatible with
[Ljava.lang.Object;

at java.lang.reflect.Array.getLength(Array.java:255)

at
com.ibm.security.x509.ExtKeyUsageExtension.<init>(ExtKeyUsageExt
ension.java:227)

at com.ibm.crypto.tools.KeyTool.a(Bytecode PC: 1662)

at com.ibm.crypto.tools.KeyTool.a(Bytecode PC: 434)

at com.ibm.crypto.tools.KeyTool.a(Bytecode PC: 4337)

at com.ibm.crypto.tools.KeyTool.a(Bytecode PC: 14)

at com.ibm.crypto.tools.KeyTool.main(Bytecode PC: 13)

This problem happens with IBM Java SDK 8.0.8.10, but not happens
with IBM Java SDK 8.0.8.6.

Problem conclusion

This problem was caused by a missing constructor. 

A fix is made to ibmjceprovider.jar and ibmpkcs.jar.

The associated Hursley RTC Problem Report is 149956.

The associated Austin APAR is IJ48740.

IBMJCE Git issue# is 217.

IBMPKCS Git issue# is 166.

JVMs affected: Java 8.

The fix was delivered for Java 8 SR8 FP15 (CR23_04).

The affected jar is "ibmjceprovider.jar" and "ibmpkcs.jar".

The build level of this jar for the affected releases is
build_20230926-32 for ibmjceprovider.jar and build_20230926-35
for ibmpkcs.jar.

Temporary fix

Comments

APAR Information

APAR number
IJ48740
Reported component name
TIV JAVA CRYPTO
Reported component ID
TIVSECJCE
Reported release
600
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2023-09-27
Closed date
2023-09-28
Last modified date
2023-09-28

APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name
TIV JAVA CRYPTO
Fixed component ID
TIVSECJCE

Applicable component levels

[{"Business Unit":{"code":"BU008","label":"Security"},"Product":{"code":"SSWKFH","label":"Tivoli Components - Java Security"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"600"}]

Document Information

Modified date:
29 September 2023

Tips

IJ48740: KEYTOOL ERROR WHEN A KEYSTORE IS CREATED WITH "-EXT EXTENDEDKEYUSAGE=SERVERAUTH"

Subscribe to this APAR

APAR status

Closed as program error.

Error description

Local fix

Problem summary

Problem conclusion

Temporary fix

Comments

APAR Information

APAR number

Reported component name

Reported component ID

Reported release

Status

PE

HIPER

Special Attention

Submitted date

Closed date

Last modified date

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name

Fixed component ID

Applicable component levels

Document Information

Share your feedback

Need support?