[ https://issues.apache.org/jira/browse/RANGER-5169?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Vikas Kumar updated RANGER-5169: -------------------------------- Description: *Error:* While migrating master key to Luna HSM (for example), it first gets the Masterkey from DB, decrypts it and then send it to Luna. It works perfectly fine if master key is of the latest format where it contains the metdata in the master_key column. But in older older cluster, it only contains the master key material and other metdata like encryption algorithm, message digest algorithm etc needs to initialised with default values. {code:java} Connected to DB : trueGetting Master KeyException in thread "main" java.lang.RuntimeException: Unable to import Master key from Ranger DB to HSM at org.apache.hadoop.crypto.key.DB2HSMMKUtil.doExportMKToHSM(DB2HSMMKUtil.java:93) at org.apache.hadoop.crypto.key.DB2HSMMKUtil.main(DB2HSMMKUtil.java:58) Caused by: java.lang.NullPointerException at java.security.Provider$ServiceKey.<init>(Provider.java:872) at java.security.Provider$ServiceKey.<init>(Provider.java:865) at java.security.Provider.getService(Provider.java:1039) at sun.security.jca.ProviderList.getService(ProviderList.java:332) at sun.security.jca.GetInstance.getInstance(GetInstance.java:157) at java.security.Security.getImpl(Security.java:775) at java.security.MessageDigest.getInstance(MessageDigest.java:170) at org.apache.hadoop.crypto.key.RangerMasterKey.getPBEParameterSpec(RangerMasterKey.java:449) at org.apache.hadoop.crypto.key.RangerMasterKey.decryptMasterKey(RangerMasterKey.java:255) {code} *RCA:* These metadata part needs to be initialised explicitly for older key format. I know the fix and will raise PR was: *Error:* While migrating master key to Luna HSM (for example), it first gets the Masterkey from DB, decrypts it and then send it to Luna. It works perfectly fine if master key is of the latest format where it contains the metdata in the master_key column. But in older HDP cluster, it only contains the master key material and other metdata like encryption algorithm, message digest algorithm etc needs to initialised with default values. {code:java} Connected to DB : trueGetting Master KeyException in thread "main" java.lang.RuntimeException: Unable to import Master key from Ranger DB to HSM at org.apache.hadoop.crypto.key.DB2HSMMKUtil.doExportMKToHSM(DB2HSMMKUtil.java:93) at org.apache.hadoop.crypto.key.DB2HSMMKUtil.main(DB2HSMMKUtil.java:58) Caused by: java.lang.NullPointerException at java.security.Provider$ServiceKey.<init>(Provider.java:872) at java.security.Provider$ServiceKey.<init>(Provider.java:865) at java.security.Provider.getService(Provider.java:1039) at sun.security.jca.ProviderList.getService(ProviderList.java:332) at sun.security.jca.GetInstance.getInstance(GetInstance.java:157) at java.security.Security.getImpl(Security.java:775) at java.security.MessageDigest.getInstance(MessageDigest.java:170) at org.apache.hadoop.crypto.key.RangerMasterKey.getPBEParameterSpec(RangerMasterKey.java:449) at org.apache.hadoop.crypto.key.RangerMasterKey.decryptMasterKey(RangerMasterKey.java:255) {code} *RCA:* These metadata part needs to be initialised explicitly for older key format. I know the fix and will raise PR > Error while migrating Masterkey from older format to external key store > ----------------------------------------------------------------------- > > Key: RANGER-5169 > URL: https://issues.apache.org/jira/browse/RANGER-5169 > Project: Ranger > Issue Type: Bug > Components: kms > Reporter: Vikas Kumar > Assignee: Vikas Kumar > Priority: Major > Time Spent: 10m > Remaining Estimate: 0h > > *Error:* > While migrating master key to Luna HSM (for example), it first gets the > Masterkey from DB, decrypts it and then send it to Luna. It works perfectly > fine if master key is of the latest format where it contains the metdata in > the master_key column. > But in older older cluster, it only contains the master key material and > other metdata like encryption algorithm, message digest algorithm etc needs > to initialised with default values. > {code:java} > Connected to DB : trueGetting Master KeyException in thread "main" > java.lang.RuntimeException: Unable to import Master key from Ranger DB to HSM > at > org.apache.hadoop.crypto.key.DB2HSMMKUtil.doExportMKToHSM(DB2HSMMKUtil.java:93) > at org.apache.hadoop.crypto.key.DB2HSMMKUtil.main(DB2HSMMKUtil.java:58) > Caused by: java.lang.NullPointerException > at java.security.Provider$ServiceKey.<init>(Provider.java:872) > at java.security.Provider$ServiceKey.<init>(Provider.java:865) > at java.security.Provider.getService(Provider.java:1039) > at sun.security.jca.ProviderList.getService(ProviderList.java:332) > at sun.security.jca.GetInstance.getInstance(GetInstance.java:157) > at java.security.Security.getImpl(Security.java:775) > at java.security.MessageDigest.getInstance(MessageDigest.java:170) > at > org.apache.hadoop.crypto.key.RangerMasterKey.getPBEParameterSpec(RangerMasterKey.java:449) > at > org.apache.hadoop.crypto.key.RangerMasterKey.decryptMasterKey(RangerMasterKey.java:255) > {code} > *RCA:* These metadata part needs to be initialised explicitly for older key > format. > I know the fix and will raise PR -- This message was sent by Atlassian Jira (v8.20.10#820010)