[jira] [Updated] (RANGER-5169) Error while migrating Masterkey from older format to external key store

Thu, 10 Apr 2025 05:32:56 -0700 


     [ 
https://issues.apache.org/jira/browse/RANGER-5169?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Vikas Kumar updated RANGER-5169:
--------------------------------
    Summary: Error while migrating Masterkey from older format to external key 
store  (was: Error while migrating Masterkey from HDP format to external key 
store)

> Error while migrating Masterkey from older format to external key store
> -----------------------------------------------------------------------
>
>                 Key: RANGER-5169
>                 URL: https://issues.apache.org/jira/browse/RANGER-5169
>             Project: Ranger
>          Issue Type: Bug
>          Components: kms
>            Reporter: Vikas Kumar
>            Assignee: Vikas Kumar
>            Priority: Major
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> *Error:*
> While migrating master key to Luna HSM (for example), it first gets the 
> Masterkey from DB, decrypts it and then send it to Luna. It works perfectly 
> fine if master key is of the latest format where it contains the metdata in 
> the master_key column.
> But in older HDP cluster, it only contains the master key material and other 
> metdata like encryption algorithm, message digest algorithm etc needs to 
> initialised with default values.
> {code:java}
> Connected to DB : trueGetting Master KeyException in thread "main" 
> java.lang.RuntimeException: Unable to import Master key from Ranger DB to HSM
> at 
> org.apache.hadoop.crypto.key.DB2HSMMKUtil.doExportMKToHSM(DB2HSMMKUtil.java:93)
> at org.apache.hadoop.crypto.key.DB2HSMMKUtil.main(DB2HSMMKUtil.java:58)
> Caused by: java.lang.NullPointerException
> at java.security.Provider$ServiceKey.<init>(Provider.java:872)
> at java.security.Provider$ServiceKey.<init>(Provider.java:865)
> at java.security.Provider.getService(Provider.java:1039)
> at sun.security.jca.ProviderList.getService(ProviderList.java:332)
> at sun.security.jca.GetInstance.getInstance(GetInstance.java:157)
> at java.security.Security.getImpl(Security.java:775)
> at java.security.MessageDigest.getInstance(MessageDigest.java:170)
> at 
> org.apache.hadoop.crypto.key.RangerMasterKey.getPBEParameterSpec(RangerMasterKey.java:449)
> at 
> org.apache.hadoop.crypto.key.RangerMasterKey.decryptMasterKey(RangerMasterKey.java:255)
>  {code}
> *RCA:* These metadata part needs to be initialised explicitly for older key 
> format.
> I know the fix and will raise PR



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to