[
https://issues.apache.org/jira/browse/HADOOP-15473?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Xiao Chen updated HADOOP-15473:
-------------------------------
Resolution: Fixed
Hadoop Flags: Reviewed
Fix Version/s: 2.8.5
2.7.7
3.0.3
2.9.2
3.1.1
3.2.0
2.10.0
Status: Resolved (was: Patch Available)
Committed to trunk through branch-2.7.
Thanks Gabor for the reporting and fixing the issue, and all others for
comments!
There were some minor conflicts in branch-2.9, and then branch-2.7. {{mvn clean
test -Dtest=TestKeyProviderFactory}}'ed before pushing. Another thing I noticed
is my env actually have envvar {{HADOOP_KEYSTORE_PASSWORD}} set, which failed
{{TestKeyProviderFactory}}. We should improve the test to be independent of
this, but that's clearly a separate jira.
> Configure serialFilter in KeyProvider to avoid UnrecoverableKeyException
> caused by JDK-8189997
> ----------------------------------------------------------------------------------------------
>
> Key: HADOOP-15473
> URL: https://issues.apache.org/jira/browse/HADOOP-15473
> Project: Hadoop Common
> Issue Type: Bug
> Components: kms
> Affects Versions: 2.7.6, 3.0.2
> Environment: JDK 8u171
> Reporter: Gabor Bota
> Assignee: Gabor Bota
> Priority: Critical
> Fix For: 2.10.0, 3.2.0, 3.1.1, 2.9.2, 3.0.3, 2.7.7, 2.8.5
>
> Attachments: HADOOP-15473.004.patch, HADOOP-15473.005.patch,
> HADOOP-15473.006.patch, HDFS-13494.001.patch, HDFS-13494.002.patch,
> HDFS-13494.003.patch, org.apache.hadoop.crypto.key.TestKeyProviderFactory.txt
>
>
> There is a new feature in JDK 8u171 called Enhanced KeyStore Mechanisms
> (http://www.oracle.com/technetwork/java/javase/8u171-relnotes-4308888.html#JDK-8189997).
> This is the cause of the following errors in the TestKeyProviderFactory:
> {noformat}
> Caused by: java.security.UnrecoverableKeyException: Rejected by the
> jceks.key.serialFilter or jdk.serialFilter property
> at com.sun.crypto.provider.KeyProtector.unseal(KeyProtector.java:352)
> at
> com.sun.crypto.provider.JceKeyStore.engineGetKey(JceKeyStore.java:136)
> at java.security.KeyStore.getKey(KeyStore.java:1023)
> at
> org.apache.hadoop.crypto.key.JavaKeyStoreProvider.getMetadata(JavaKeyStoreProvider.java:410)
> ... 28 more
> {noformat}
> This issue causes errors and failures in hbase tests right now (using hdfs)
> and could affect other products running on this new Java version.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
