APAR status
Closed as program error.
Error description
Error Message: java.lang.SecurityException: Cannot set up certs for trusted CAs . Stack Trace: Exception in thread "main" java.lang.ExceptionInInitializerErrorat java.lang.J9VMInternals.ensureError(J9VMInternals.java:167)at java.lang.J9VMInternals.recordInitializationFailure(J9VMInternal s.java:156)at javax.crypto.Cipher.getInstance(Unknown Source)Caused by: java.lang.SecurityException: Cannot set up certs for trusted CAsat javax.crypto.JceSecurity.<clinit>(Unknown Source)... 3 moreCaused by: com.ibm.pkcs11.PKCS11Exception: Session handle is invalidat com.ibm.pkcs11.nat.NativePKCS11Session.close(Native Method)at com.ibm.crypto.pkcs11impl.provider.Session.close(Session.java:47 8)at com.ibm.crypto.pkcs11impl.provider.SessionManager.closeSession(S essionManager.java:384)at com.ibm.crypto.pkcs11impl.provider.Hash.engineUpdate(Hash.java:1 41)at com.ibm.crypto.pkcs11impl.provider.GeneralHashing.engineUpdate(G eneralHashing.java:152)at com.ibm.crypto.pkcs11impl.provider.GeneralHashing.engineUpdate(G eneralHashing.java:143)at java.security.MessageDigest$Delegate.engineUpdate(MessageDigest. java:575)at java.security.MessageDigest.update(MessageDigest.java:302)at javax.crypto.JceSecurity.getSystemEntropy(Unknown Source)at javax.crypto.JceSecurity.testSignatures(Unknown Source)at javax.crypto.JceSecurity.access$500(Unknown Source)at javax.crypto.JceSecurity$1.run(Unknown Source)at java.security.AccessController.doPrivileged(AccessController.jav a:330)... 4 more . When IBMPKCS11Impl provider was put before IBMJCE, usage of security functions like Cipher.getInstance() may fail.
Local fix
Put IBMJCE before IBMPKCS11Impl
Problem summary
JCE framework verification may fail when IBMPKCS11impl provider is put before IBMJCE.
Problem conclusion
A fix is made to IBM JCE frameworkThe associated Hursley RTC Problem Report is 71544The associated Austin CMVC defect is 115858JVMs affected: Java 5.0, Java 6.0, Java 626, Java 7.0 and Java 727The fix was delivered for Java 5.0 SR16FP8, Java 6.0 SR16FP2, Java 626 SR8FP2, Java 7.0 SR8 and Java 727 SR2The affected jar is "ibmjcefw.jar".The build level of this jar for the affected releases is "20140826" . This APAR will be fixed in the following Java Releases: 7 R1 SR2 (7.1.2.0) 7 SR8 (7.0.8.0) 6 SR16 FP2 (6.0.16.2) 6 R1 SR8 FP2 (6.1.8.2) 5.0 SR16 FP8 (5.0.16.8) . Contact your IBM Product's Service Team for these Service Refreshes and Fix Packs. For those running stand-alone, Java maintenance is available from: https://www.ibm.com/developerworks/java/jdk/
Temporary fix
Comments
APAR Information
APAR number
IV64562
Reported component name
SECURITY
Reported component ID
620700125
Reported release
260
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2014-09-03
Closed date
2014-09-03
Last modified date
2014-09-03
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
SECURITY
Fixed component ID
620700125
Applicable component levels
R260 PSY
UP
R600 PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"260","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]
Document Information
Modified date:
07 December 2020