APAR status
Closed as program error.
Error description
Error Message: keytool error (likely untranslated): java.lang.NullPointerException . Stack Trace: if run with -debug option keytool error (likely untranslated): keytool error: java.lang.NullPointerException java.lang.NullPointerException at com.ibm.crypto.tools.KeyTool.a(Unknown Source) at com.ibm.crypto.tools.KeyTool.a(Unknown Source) at com.ibm.crypto.tools.KeyTool.a(Unknown Source) at com.ibm.crypto.tools.KeyTool.main(Unknown Source) If not run with -debug option then no stack trace . Signing certificate does not contain a Subject Key Identifier extension
Local fix
N/A
Problem summary
KeyTool expects a signing certificate to contain an Subject Key Identifier extension as stated in RFC 5280. The signer's SKI is used to populate the Authority Key Identifier extension of the certificate being issued. In this case the signing certificate had no SKI extension and a NullPointerException was thrown.
Problem conclusion
KeyTool was modified to generate a SHA1 hash of the signer's public key if the signing certificate has no AKI extension. The associated RTC PR: 148624 The associated Austin GitHub task is IBMJCE#192 The associated APAR is IJ45142 JVMs affected Java 8.0 The fix was delivered for Java 8.0 SR8 FP0 The affected jar is "ibmjceprovider.jar" The build level of this jar is: Build-Level: 20230131-689 . This APAR will be fixed in the following Releases: . IBM SDK, Java Technology Edition 8 SR8 (8.0.8.0) . Contact your IBM Product's Service Team for these Service Refreshes and Fix Packs. For those running stand-alone, information about the available maintenance can be found at: https://www.ibm.com/support/pages/java-sdk
Temporary fix
Comments
APAR Information
APAR number
IJ45202
Reported component name
SECURITY
Reported component ID
620700125
Reported release
270
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2023-02-02
Closed date
2023-02-02
Last modified date
2023-02-02
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
SECURITY
Fixed component ID
620700125
Applicable component levels
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"270","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]
Document Information
Modified date:
08 February 2023