[ 
https://issues.apache.org/jira/browse/RANGER-5169?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Vikas Kumar updated RANGER-5169:
--------------------------------
    Description: 
*Error:*

While migrating master key to Luna HSM (for example), it first gets the 
Masterkey from DB, decrypts it and then send it to Luna. It works perfectly 
fine if master key is of the latest format where it contains the metdata in the 
master_key column.

But in older older cluster, it only contains the master key material and other 
metdata like encryption algorithm, message digest algorithm etc needs to 
initialised with default values.
{code:java}
Connected to DB : trueGetting Master KeyException in thread "main" 
java.lang.RuntimeException: Unable to import Master key from Ranger DB to HSM
at 
org.apache.hadoop.crypto.key.DB2HSMMKUtil.doExportMKToHSM(DB2HSMMKUtil.java:93)
at org.apache.hadoop.crypto.key.DB2HSMMKUtil.main(DB2HSMMKUtil.java:58)
Caused by: java.lang.NullPointerException
at java.security.Provider$ServiceKey.<init>(Provider.java:872)
at java.security.Provider$ServiceKey.<init>(Provider.java:865)
at java.security.Provider.getService(Provider.java:1039)
at sun.security.jca.ProviderList.getService(ProviderList.java:332)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:157)
at java.security.Security.getImpl(Security.java:775)
at java.security.MessageDigest.getInstance(MessageDigest.java:170)
at 
org.apache.hadoop.crypto.key.RangerMasterKey.getPBEParameterSpec(RangerMasterKey.java:449)
at 
org.apache.hadoop.crypto.key.RangerMasterKey.decryptMasterKey(RangerMasterKey.java:255)
 {code}
*RCA:* These metadata part needs to be initialised explicitly for older key 
format.

I know the fix and will raise PR

  was:
*Error:*

While migrating master key to Luna HSM (for example), it first gets the 
Masterkey from DB, decrypts it and then send it to Luna. It works perfectly 
fine if master key is of the latest format where it contains the metdata in the 
master_key column.

But in older HDP cluster, it only contains the master key material and other 
metdata like encryption algorithm, message digest algorithm etc needs to 
initialised with default values.
{code:java}
Connected to DB : trueGetting Master KeyException in thread "main" 
java.lang.RuntimeException: Unable to import Master key from Ranger DB to HSM
at 
org.apache.hadoop.crypto.key.DB2HSMMKUtil.doExportMKToHSM(DB2HSMMKUtil.java:93)
at org.apache.hadoop.crypto.key.DB2HSMMKUtil.main(DB2HSMMKUtil.java:58)
Caused by: java.lang.NullPointerException
at java.security.Provider$ServiceKey.<init>(Provider.java:872)
at java.security.Provider$ServiceKey.<init>(Provider.java:865)
at java.security.Provider.getService(Provider.java:1039)
at sun.security.jca.ProviderList.getService(ProviderList.java:332)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:157)
at java.security.Security.getImpl(Security.java:775)
at java.security.MessageDigest.getInstance(MessageDigest.java:170)
at 
org.apache.hadoop.crypto.key.RangerMasterKey.getPBEParameterSpec(RangerMasterKey.java:449)
at 
org.apache.hadoop.crypto.key.RangerMasterKey.decryptMasterKey(RangerMasterKey.java:255)
 {code}
*RCA:* These metadata part needs to be initialised explicitly for older key 
format.

I know the fix and will raise PR


> Error while migrating Masterkey from older format to external key store
> -----------------------------------------------------------------------
>
>                 Key: RANGER-5169
>                 URL: https://issues.apache.org/jira/browse/RANGER-5169
>             Project: Ranger
>          Issue Type: Bug
>          Components: kms
>            Reporter: Vikas Kumar
>            Assignee: Vikas Kumar
>            Priority: Major
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> *Error:*
> While migrating master key to Luna HSM (for example), it first gets the 
> Masterkey from DB, decrypts it and then send it to Luna. It works perfectly 
> fine if master key is of the latest format where it contains the metdata in 
> the master_key column.
> But in older older cluster, it only contains the master key material and 
> other metdata like encryption algorithm, message digest algorithm etc needs 
> to initialised with default values.
> {code:java}
> Connected to DB : trueGetting Master KeyException in thread "main" 
> java.lang.RuntimeException: Unable to import Master key from Ranger DB to HSM
> at 
> org.apache.hadoop.crypto.key.DB2HSMMKUtil.doExportMKToHSM(DB2HSMMKUtil.java:93)
> at org.apache.hadoop.crypto.key.DB2HSMMKUtil.main(DB2HSMMKUtil.java:58)
> Caused by: java.lang.NullPointerException
> at java.security.Provider$ServiceKey.<init>(Provider.java:872)
> at java.security.Provider$ServiceKey.<init>(Provider.java:865)
> at java.security.Provider.getService(Provider.java:1039)
> at sun.security.jca.ProviderList.getService(ProviderList.java:332)
> at sun.security.jca.GetInstance.getInstance(GetInstance.java:157)
> at java.security.Security.getImpl(Security.java:775)
> at java.security.MessageDigest.getInstance(MessageDigest.java:170)
> at 
> org.apache.hadoop.crypto.key.RangerMasterKey.getPBEParameterSpec(RangerMasterKey.java:449)
> at 
> org.apache.hadoop.crypto.key.RangerMasterKey.decryptMasterKey(RangerMasterKey.java:255)
>  {code}
> *RCA:* These metadata part needs to be initialised explicitly for older key 
> format.
> I know the fix and will raise PR



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to