Hernan Fernandez created RANGER-2112:
----------------------------------------
Summary: Ranger KMS broken with JDK 8 update 171
Key: RANGER-2112
URL: https://issues.apache.org/jira/browse/RANGER-2112
Project: Ranger
Issue Type: Bug
Components: kms
Affects Versions: 0.7.0
Reporter: Hernan Fernandez
After update to JDK 8 update 171 Ranger KMS UI
1) Ranger KMS UI > Encryption: will show the key list as the following.
keyname (empty)
Cipher (empty)
Version 0
Attributes (empty)
Create (empty)
!image-2018-05-22-10-19-13-599.png!
2) hadoop key -list -metadata
Listing keys for KeyProvider:
org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider@7d322cad
testkey1 : null
*ROOT CAUSE*
This may be related to
{code:java}
New Features
security-libs/javax.crypto
Enhanced KeyStore Mechanisms
A new security property named jceks.key.serialFilter has been introduced. If
this filter is configured, the JCEKS KeyStore uses it during the
deserialization of the encrypted Key object stored inside a SecretKeyEntry. If
it is not configured or if the filter result is UNDECIDED (for example, none of
the patterns match), then the filter configured by jdk.serialFilter is
consulted. If the system property jceks.key.serialFilter is also supplied, it
supersedes the security property value defined here. The filter pattern uses
the same format as jdk.serialFilter. The default pattern allows java.lang.Enum,
java.security.KeyRep, java.security.KeyRep$Type, and
javax.crypto.spec.SecretKeySpec but rejects all the others. Customers storing a
SecretKey that does not serialize to the above types must modify the filter to
make the key extractable.
{code}
http://www.oracle.com/technetwork/java/javase/8u171-relnotes-4308888.html
b) second option this is related to 3DES disabled on java.security (to be
tested)
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
