Xiaoyu Yao created HDDS-4301:
--------------------------------
Summary: SCM CA certificate does not encode KeyUsage extension
propertly
Key: HDDS-4301
URL: https://issues.apache.org/jira/browse/HDDS-4301
Project: Hadoop Distributed Data Store
Issue Type: Improvement
Components: Security
Affects Versions: 1.0.0
Reporter: Xiaoyu Yao
Assignee: Xiaoyu Yao
This could be problematic with strict security provider such as FIPS. The
default non-FIPS provider such as SunJCE and BC provider work fine though. This
ticket is opened to fix it.
{code:java}
2020-09-30 12:01:52,962 ERROR
org.apache.hadoop.hdds.security.x509.certificate.authority.DefaultCAServer:
Unable to initialize CertificateServer.
org.apache.hadoop.hdds.security.exception.SCMSecurityException:
java.security.cert.CertificateParsingException: cannot construct KeyUsage:
java.lang.IllegalArgumentException: illegal object in getInstance:
com.safelogic.cryptocomply.asn1.DEROctetString
at
org.apache.hadoop.hdds.security.x509.certificate.utils.CertificateCodec.getPEMEncodedString(CertificateCodec.java:105)
at
org.apache.hadoop.hdds.security.x509.certificate.utils.CertificateCodec.writeCertificate(CertificateCodec.java:182)
at
org.apache.hadoop.hdds.security.x509.certificate.authority.DefaultCAServer.generateRootCertificate(DefaultCAServer.java:495)
at
org.apache.hadoop.hdds.security.x509.certificate.authority.DefaultCAServer.generateSelfSignedCA(DefaultCAServer.java:303)
{code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: ozone-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: ozone-issues-h...@hadoop.apache.org
