APAR status
Closed as program error.
Error description
Error Message: N/A . Stack Trace: N/A . XML signed by Java before IV52954 fix cannot be verified by Java after IV52954 fix when javax.xml.crypto.dsig.cacheReference was enabled
Local fix
Disable javax.xml.crypto.dsig.cacheReference when verify the xml signature.
Problem summary
The problem happens because redundant name space was added to C14n canonicalized xml, which result in different digest.
Problem conclusion
A fix is made to IBMXMLCRYPTO providerThe associated Hursley RTC Problem Report is 87610The associated Austin CMVC defect is 116463The associated Austin APAR is IV71008JVMs affected: Java 6.0, Java 626, Java 7.0, Java 727 and Java 8The fix was delivered for Java 6.0 SR16FP4, Java 626 SR8FP4, Java 7.0 SR9, Java 727 SR3 Java 8 SR1The affected jar is "ibmxmlcrypto.jar".The build level of this jar for the affected releases is "20150316" . This APAR will be fixed in the following Java Releases: 7 SR9 (7.0.9.0) 7 R1 SR3 (7.1.3.0) 6 R1 SR8 FP4 (6.1.8.4) 8 SR1 (8.0.1.0) 6 SR16 FP4 (6.0.16.4) . Contact your IBM Product's Service Team for these Service Refreshes and Fix Packs. For those running stand-alone, information about the available Service Refreshes and Fix Packs can be found at: https://www.ibm.com/developerworks/java/jdk/
Temporary fix
Comments
APAR Information
APAR number
IV71772
Reported component name
SECURITY
Reported component ID
620700125
Reported release
260
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2015-04-01
Closed date
2015-04-01
Last modified date
2015-04-01
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
SECURITY
Fixed component ID
620700125
Applicable component levels
R260 PSY
UP
R270 PSY
UP
R600 PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"260","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]
Document Information
Modified date:
01 April 2015