Vikas Kumar created RANGER-5169:
-----------------------------------
Summary: Error while migrating Masterkey from HDP format to
external key store
Key: RANGER-5169
URL: https://issues.apache.org/jira/browse/RANGER-5169
Project: Ranger
Issue Type: Bug
Components: kms
Reporter: Vikas Kumar
Assignee: Vikas Kumar
*Error:*
While migrating master key to Luna HSM (for example), it first gets the
Masterkey from DB, decrypts it and then send it to Luna. It works perfectly
fine if master key is of the latest format where it contains the metdata in the
master_key column.
But in older HDP cluster, it only contains the master key material and other
metdata like encryption algorithm, message digest algorithm etc needs to
initialised with default values.
{code:java}
Connected to DB : trueGetting Master KeyException in thread "main"
java.lang.RuntimeException: Unable to import Master key from Ranger DB to HSM
at
org.apache.hadoop.crypto.key.DB2HSMMKUtil.doExportMKToHSM(DB2HSMMKUtil.java:93)
at org.apache.hadoop.crypto.key.DB2HSMMKUtil.main(DB2HSMMKUtil.java:58)
Caused by: java.lang.NullPointerException
at java.security.Provider$ServiceKey.<init>(Provider.java:872)
at java.security.Provider$ServiceKey.<init>(Provider.java:865)
at java.security.Provider.getService(Provider.java:1039)
at sun.security.jca.ProviderList.getService(ProviderList.java:332)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:157)
at java.security.Security.getImpl(Security.java:775)
at java.security.MessageDigest.getInstance(MessageDigest.java:170)
at
org.apache.hadoop.crypto.key.RangerMasterKey.getPBEParameterSpec(RangerMasterKey.java:449)
at
org.apache.hadoop.crypto.key.RangerMasterKey.decryptMasterKey(RangerMasterKey.java:255)
{code}
*RCA:* These metadata part needs to be initialised explicitly for older key
format.
I know the fix and will raise PR
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
