> On Feb. 20, 2019, 12:08 p.m., Zsombor Gegesy wrote: > > kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java > > Lines 130 (patched) > > <https://reviews.apache.org/r/69985/diff/2/?file=2125808#file2125808line130> > > > > masterKey is never null, because if rangerMasterKey.getMasterKey(...) > > would return null, the toCharArray call would cause an NPE > > Gautam Borad wrote: > Surrounded it with Try ... Catch
This check is needs to happen earlier, otherwise it's dead code, as if 'masterKey' is null, then a NPE is raised earlier. > On Feb. 20, 2019, 12:08 p.m., Zsombor Gegesy wrote: > > kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java > > Lines 140 (patched) > > <https://reviews.apache.org/r/69985/diff/2/?file=2125808#file2125808line140> > > > > masterKey is never null, because if rangerMasterKey.getMasterKey(...) > > would return null, the toCharArray call would cause an NPE > > Gautam Borad wrote: > Surrounded it with Try ... Catch It's dead code, no need for this check - or this check needs to happen earlier, so the NPE is not raised. > On Feb. 20, 2019, 12:08 p.m., Zsombor Gegesy wrote: > > kms/src/main/java/org/apache/hadoop/crypto/key/RangerSafenetKeySecure.java > > Lines 72 (patched) > > <https://reviews.apache.org/r/69985/diff/2/?file=2125810#file2125810line72> > > > > myStore is never null here - even if KeyStore.getInstance would return > > a null (but it wont do), the myStore.load would trigger an NPE before. > > Gautam Borad wrote: > Added null before myStore.load This check is needs to happen earlier, otherwise it's dead code, as if 'myStore' is null, then a NPE is raised earlier. - Zsombor ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/69985/#review212953 ----------------------------------------------------------- On Feb. 21, 2019, 6:30 a.m., Gautam Borad wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/69985/ > ----------------------------------------------------------- > > (Updated Feb. 21, 2019, 6:30 a.m.) > > > Review request for ranger, Ankita Sinha, Don Bosco Durai, Abhay Kulkarni, > Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja > Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-2331 > https://issues.apache.org/jira/browse/RANGER-2331 > > > Repository: ranger > > > Description > ------- > > User story: As a security admin, I want to manage encryption keys for > securing my Hadoop cluster files in Ranger KMS service with Safenet KeySecure > crypto platform. > > > For Safenet KeySecure overview refer to: > https://safenet.gemalto.com/data-encryption/enterprise-key-management/key-secure/ > > > Acceptance Criteria: > > > 1) Ranger KMS has ability to configure Safenet KeySecure platform to be used > for key offload > > > 2) Ranger KMS provides ability to provide key management functions (create > keys, manage keys, retrieve keys, rollover) using Safenet KeySecure platform > > > 3) Ranger KMS UI panel on Ambari can be used to configure Safenet KeySecure > platform > > > Diffs > ----- > > kms/config/kms-webapp/dbks-site.xml 0e0f2ec > kms/scripts/DBMKTOKEYSECURE.sh PRE-CREATION > kms/scripts/KEYSECUREMKTOKMSDB.sh PRE-CREATION > kms/scripts/install.properties ddc779d > kms/scripts/setup.sh 2db05b8 > kms/src/main/java/org/apache/hadoop/crypto/key/DBToKeySecure.java > PRE-CREATION > kms/src/main/java/org/apache/hadoop/crypto/key/JKS2RangerUtil.java 22dce0f > > kms/src/main/java/org/apache/hadoop/crypto/key/KeySecureToRangerDBMKUtil.java > PRE-CREATION > kms/src/main/java/org/apache/hadoop/crypto/key/Ranger2JKSUtil.java 1abbf8e > kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java > 267fcf0 > kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java 5614c16 > kms/src/main/java/org/apache/hadoop/crypto/key/RangerSafenetKeySecure.java > PRE-CREATION > src/main/assembly/kms.xml fca6a32 > > > Diff: https://reviews.apache.org/r/69985/diff/3/ > > > Testing > ------- > > Verified below scenario: > > > 1) Fresh Installation Of Ranger KMS with Safenet Key Secure (NAE-XML Protocol) > 2) DB to Key Secure (NAE-XML) master key Migration utility > 3) Key Secure (NAE-XML) to DB master key Migration utility > > > Thanks, > > Gautam Borad > >
