ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hernan Fernandez (JIRA)" <j...@apache.org>
Subject [jira] [Created] (RANGER-2112) Ranger KMS broken with JDK 8 update 171
Date Tue, 22 May 2018 14:24:00 GMT
Hernan Fernandez created RANGER-2112:
----------------------------------------

             Summary: Ranger KMS broken with JDK 8 update 171
                 Key: RANGER-2112
                 URL: https://issues.apache.org/jira/browse/RANGER-2112
             Project: Ranger
          Issue Type: Bug
          Components: kms
    Affects Versions: 0.7.0
            Reporter: Hernan Fernandez


After update to JDK 8 update 171 Ranger KMS UI

1) Ranger KMS UI > Encryption: will show the key list as the following.

keyname (empty)
Cipher (empty)
Version 0
Attributes (empty)
Create (empty)

 

!image-2018-05-22-10-19-13-599.png!

 

2) hadoop key -list -metadata

Listing keys for KeyProvider: org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider@7d322cad

testkey1 : null 

 

 *ROOT CAUSE*

 This may be related to
{code:java}
New Features 
security-libs/javax.crypto  
Enhanced KeyStore Mechanisms
A new security property named jceks.key.serialFilter has been introduced. If this filter
is configured, the JCEKS KeyStore uses it during the deserialization of the encrypted Key
object stored inside a SecretKeyEntry. If it is not configured or if the filter result is
UNDECIDED (for example, none of the patterns match), then the filter configured by jdk.serialFilter is
consulted. If the system property jceks.key.serialFilter is also supplied, it supersedes
the security property value defined here. The filter pattern uses the same format as jdk.serialFilter.
The default pattern allows java.lang.Enum, java.security.KeyRep, java.security.KeyRep$Type,
and javax.crypto.spec.SecretKeySpec but rejects all the others. Customers storing a SecretKey
that does not serialize to the above types must modify the filter to make the key extractable.
{code}
http://www.oracle.com/technetwork/java/javase/8u171-relnotes-4308888.html

 b) second option this is related to 3DES disabled on java.security (to be tested)

 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message