APAR status
Closed as program error.
Error description
Description: When com.ibm.security.keystoreutil.KeyStoreUtil.importCertificate(s) is used to import certificate to a keystore with a hybrid IBM JVM on Solaris/HP-UX, java.lang.ClassCastException will be thrown with the message "sun.security.x509.X500Name cannot be cast to com.ibm.security.x509.X500Name". This is because the Sun provider will be chosen to generate the x509 certificate instead of IBMJCE. The X500Name obtained from the certificate will be sun.security.x509.X500Name, which make it fail to cast to com.ibm.security.x509.X500Name. Affected class: com.ibm.security.keystoreutil.KeyStoreUtil in ibmkeycert.jar Affected JVM: 5.0, 6.0, 6.26, 7.0
Local fix
N/A
Problem summary
Error "sun.security.x509.X500Name cannot be cast to com.ibm.security.x509.X500Name" while importing a certificate with "KeyStoreUtil.importCertificate" When com.ibm.security.keystoreutil.KeyStoreUtil.importCertificate(s) is used to import certificate to a keystore with a hybrid IBM JVM on Solaris/HP-UX, java.lang.ClassCastException will be thrown with the message "sun.security.x509.X500Name cannot be cast to com.ibm.security.x509.X500Name". This is because the Sun provider will be chosen to generate the x509 certificate instead of IBMJCE. The X500Name obtained from the certificate will be sun.security.x509.X500Name, which make it fail to cast to com.ibm.security.x509.X500Name.
Problem conclusion
Hardcode KeyStoreUtil.importCertificate to always use the IBMJCE provider. Availability: ibmkeycert.jar dated 20120430 142sr13 FP13, 50sr14, 60sr11, 6.26sr3 and 7.0sr3 Hursley Defect 191179 Austin Defect 112792
Temporary fix
Comments
APAR Information
APAR number
IV20285
Reported component name
TIVOLI JAVA PKC
Reported component ID
TIVSECPKC
Reported release
100
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2012-04-27
Closed date
2012-04-30
Last modified date
2012-09-05
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
TIVOLI JAVA PKC
Fixed component ID
TIVSECPKC
Applicable component levels
R100 PSY
UP
[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSCZL45","label":"PKCS"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"100","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
05 September 2012