[
https://issues.apache.org/jira/browse/RANGER-5169?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Vikas Kumar updated RANGER-5169:
--------------------------------
Description:
*Error:*
While migrating master key to Luna HSM (for example), it first gets the
Masterkey from DB, decrypts it and then send it to Luna. It works perfectly
fine if master key is of the latest format where it contains the metdata in the
master_key column.
But in older older cluster, it only contains the master key material and other
metdata like encryption algorithm, message digest algorithm etc needs to
initialised with default values.
{code:java}
Connected to DB : trueGetting Master KeyException in thread "main"
java.lang.RuntimeException: Unable to import Master key from Ranger DB to HSM
at
org.apache.hadoop.crypto.key.DB2HSMMKUtil.doExportMKToHSM(DB2HSMMKUtil.java:93)
at org.apache.hadoop.crypto.key.DB2HSMMKUtil.main(DB2HSMMKUtil.java:58)
Caused by: java.lang.NullPointerException
at java.security.Provider$ServiceKey.<init>(Provider.java:872)
at java.security.Provider$ServiceKey.<init>(Provider.java:865)
at java.security.Provider.getService(Provider.java:1039)
at sun.security.jca.ProviderList.getService(ProviderList.java:332)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:157)
at java.security.Security.getImpl(Security.java:775)
at java.security.MessageDigest.getInstance(MessageDigest.java:170)
at
org.apache.hadoop.crypto.key.RangerMasterKey.getPBEParameterSpec(RangerMasterKey.java:449)
at
org.apache.hadoop.crypto.key.RangerMasterKey.decryptMasterKey(RangerMasterKey.java:255)
{code}
*RCA:* These metadata part needs to be initialised explicitly for older key
format.
I know the fix and will raise PR
was:
*Error:*
While migrating master key to Luna HSM (for example), it first gets the
Masterkey from DB, decrypts it and then send it to Luna. It works perfectly
fine if master key is of the latest format where it contains the metdata in the
master_key column.
But in older HDP cluster, it only contains the master key material and other
metdata like encryption algorithm, message digest algorithm etc needs to
initialised with default values.
{code:java}
Connected to DB : trueGetting Master KeyException in thread "main"
java.lang.RuntimeException: Unable to import Master key from Ranger DB to HSM
at
org.apache.hadoop.crypto.key.DB2HSMMKUtil.doExportMKToHSM(DB2HSMMKUtil.java:93)
at org.apache.hadoop.crypto.key.DB2HSMMKUtil.main(DB2HSMMKUtil.java:58)
Caused by: java.lang.NullPointerException
at java.security.Provider$ServiceKey.<init>(Provider.java:872)
at java.security.Provider$ServiceKey.<init>(Provider.java:865)
at java.security.Provider.getService(Provider.java:1039)
at sun.security.jca.ProviderList.getService(ProviderList.java:332)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:157)
at java.security.Security.getImpl(Security.java:775)
at java.security.MessageDigest.getInstance(MessageDigest.java:170)
at
org.apache.hadoop.crypto.key.RangerMasterKey.getPBEParameterSpec(RangerMasterKey.java:449)
at
org.apache.hadoop.crypto.key.RangerMasterKey.decryptMasterKey(RangerMasterKey.java:255)
{code}
*RCA:* These metadata part needs to be initialised explicitly for older key
format.
I know the fix and will raise PR
> Error while migrating Masterkey from older format to external key store
> -----------------------------------------------------------------------
>
> Key: RANGER-5169
> URL: https://issues.apache.org/jira/browse/RANGER-5169
> Project: Ranger
> Issue Type: Bug
> Components: kms
> Reporter: Vikas Kumar
> Assignee: Vikas Kumar
> Priority: Major
> Time Spent: 10m
> Remaining Estimate: 0h
>
> *Error:*
> While migrating master key to Luna HSM (for example), it first gets the
> Masterkey from DB, decrypts it and then send it to Luna. It works perfectly
> fine if master key is of the latest format where it contains the metdata in
> the master_key column.
> But in older older cluster, it only contains the master key material and
> other metdata like encryption algorithm, message digest algorithm etc needs
> to initialised with default values.
> {code:java}
> Connected to DB : trueGetting Master KeyException in thread "main"
> java.lang.RuntimeException: Unable to import Master key from Ranger DB to HSM
> at
> org.apache.hadoop.crypto.key.DB2HSMMKUtil.doExportMKToHSM(DB2HSMMKUtil.java:93)
> at org.apache.hadoop.crypto.key.DB2HSMMKUtil.main(DB2HSMMKUtil.java:58)
> Caused by: java.lang.NullPointerException
> at java.security.Provider$ServiceKey.<init>(Provider.java:872)
> at java.security.Provider$ServiceKey.<init>(Provider.java:865)
> at java.security.Provider.getService(Provider.java:1039)
> at sun.security.jca.ProviderList.getService(ProviderList.java:332)
> at sun.security.jca.GetInstance.getInstance(GetInstance.java:157)
> at java.security.Security.getImpl(Security.java:775)
> at java.security.MessageDigest.getInstance(MessageDigest.java:170)
> at
> org.apache.hadoop.crypto.key.RangerMasterKey.getPBEParameterSpec(RangerMasterKey.java:449)
> at
> org.apache.hadoop.crypto.key.RangerMasterKey.decryptMasterKey(RangerMasterKey.java:255)
> {code}
> *RCA:* These metadata part needs to be initialised explicitly for older key
> format.
> I know the fix and will raise PR
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
