IBM Support

IV27931: SIGNATURE CLASS DOES NOT IMPLEMENT DELAYED PROVIDER SELECTION ME CHANISM PROPERLY

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Error Message: If an application calls the initialization method
    in java.security.Signature class with a Key object supported by
    a particular provider, then it does not re-look for the right
    provider that supports the specific Key.  Instead it uses the
    default provider that is already identified when the instance of
    Signature class is created and as a result we get
    InvalidKeyException when a key used is from a provider that is
    other than the default provider.  Signature class does not
    implement the Delayed provider selection properly.
    As per the Delayed provider selection,
    If an application calls the initialization method multiple times
    (each time with a different key, for example), the proper
    provider for the given key is selected each time.  In other
    words, a     different provider may be selected for each
    initialization call.
    .
    Stack Trace: java.security.InvalidKeyException: not a RSA
    private key: RSAPrivateKey <OSB>size=1024 bits, type=Exchange,
    container={cc346
    59f-bcaf-4bb3-8030-c356131a0fe0}<CSB>
            at com.ibm.crypto.provider.tc.engineInitSign(Unknown
    Source)
            at
    java.security.Signature$Delegate.engineInitSign(Signature.java:1
    138)
            at java.security.Signature.initSign(Signature.java:522)
            at
    TestSigProvider.testSignatureWithRSA(TestSigProvider.java:43)
            at TestSigProvider.main(TestSigProvider.java:75)
    .
    

Local fix

Problem summary

  • The problem is caused because the java.security.Signature class
    re-used the default provider even though the initialization
    methods were invoked with Key Objects suported by different
    provider.
    

Problem conclusion

  • This defect will be fixed in:
    7.0.0 SR3
    .
    java.security.Signature class has been updated to ensure that
    the right provider gets selected whenever initialization methods
    are called based on the Key object passed.
    

Temporary fix

Comments

APAR Information

  • APAR number

    IV27931

  • Reported component name

    JAVA CLASS LIBS

  • Reported component ID

    620700130

  • Reported release

    700

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2012-09-13

  • Closed date

    2012-09-13

  • Last modified date

    2012-09-13

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    JAVA CLASS LIBS

  • Fixed component ID

    620700130

Applicable component levels

  • R700 PSY

       UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.0","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]

Document Information

Modified date:
21 February 2022