[ https://issues.apache.org/jira/browse/HADOOP-15473?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Xiao Chen updated HADOOP-15473: ------------------------------- Resolution: Fixed Hadoop Flags: Reviewed Fix Version/s: 2.8.5 2.7.7 3.0.3 2.9.2 3.1.1 3.2.0 2.10.0 Status: Resolved (was: Patch Available) Committed to trunk through branch-2.7. Thanks Gabor for the reporting and fixing the issue, and all others for comments! There were some minor conflicts in branch-2.9, and then branch-2.7. {{mvn clean test -Dtest=TestKeyProviderFactory}}'ed before pushing. Another thing I noticed is my env actually have envvar {{HADOOP_KEYSTORE_PASSWORD}} set, which failed {{TestKeyProviderFactory}}. We should improve the test to be independent of this, but that's clearly a separate jira. > Configure serialFilter in KeyProvider to avoid UnrecoverableKeyException > caused by JDK-8189997 > ---------------------------------------------------------------------------------------------- > > Key: HADOOP-15473 > URL: https://issues.apache.org/jira/browse/HADOOP-15473 > Project: Hadoop Common > Issue Type: Bug > Components: kms > Affects Versions: 2.7.6, 3.0.2 > Environment: JDK 8u171 > Reporter: Gabor Bota > Assignee: Gabor Bota > Priority: Critical > Fix For: 2.10.0, 3.2.0, 3.1.1, 2.9.2, 3.0.3, 2.7.7, 2.8.5 > > Attachments: HADOOP-15473.004.patch, HADOOP-15473.005.patch, > HADOOP-15473.006.patch, HDFS-13494.001.patch, HDFS-13494.002.patch, > HDFS-13494.003.patch, org.apache.hadoop.crypto.key.TestKeyProviderFactory.txt > > > There is a new feature in JDK 8u171 called Enhanced KeyStore Mechanisms > (http://www.oracle.com/technetwork/java/javase/8u171-relnotes-4308888.html#JDK-8189997). > This is the cause of the following errors in the TestKeyProviderFactory: > {noformat} > Caused by: java.security.UnrecoverableKeyException: Rejected by the > jceks.key.serialFilter or jdk.serialFilter property > at com.sun.crypto.provider.KeyProtector.unseal(KeyProtector.java:352) > at > com.sun.crypto.provider.JceKeyStore.engineGetKey(JceKeyStore.java:136) > at java.security.KeyStore.getKey(KeyStore.java:1023) > at > org.apache.hadoop.crypto.key.JavaKeyStoreProvider.getMetadata(JavaKeyStoreProvider.java:410) > ... 28 more > {noformat} > This issue causes errors and failures in hbase tests right now (using hdfs) > and could affect other products running on this new Java version. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org