[jira] [Resolved] (RANGER-5169) Error while migrating Masterkey from older format to external key store

Fri, 11 Apr 2025 10:25:22 -0700 


     [ 
https://issues.apache.org/jira/browse/RANGER-5169?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Vikas Kumar resolved RANGER-5169.
---------------------------------
    Fix Version/s: 3.0.0
       Resolution: Fixed

PR got merged: [https://jira.cloudera.com/browse/CDPD-81687]

Hence marking it Resolved.

> Error while migrating Masterkey from older format to external key store
> -----------------------------------------------------------------------
>
>                 Key: RANGER-5169
>                 URL: https://issues.apache.org/jira/browse/RANGER-5169
>             Project: Ranger
>          Issue Type: Bug
>          Components: kms
>            Reporter: Vikas Kumar
>            Assignee: Vikas Kumar
>            Priority: Major
>             Fix For: 3.0.0
>
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> *Error:*
> While migrating master key to Luna HSM (for example), it first gets the 
> Masterkey from DB, decrypts it and then send it to Luna. It works perfectly 
> fine if master key is of the latest format where it contains the metdata in 
> the master_key column.
> But in older older cluster, it only contains the master key material and 
> other metdata like encryption algorithm, message digest algorithm etc needs 
> to initialised with default values.
> {code:java}
> Connected to DB : trueGetting Master KeyException in thread "main" 
> java.lang.RuntimeException: Unable to import Master key from Ranger DB to HSM
> at 
> org.apache.hadoop.crypto.key.DB2HSMMKUtil.doExportMKToHSM(DB2HSMMKUtil.java:93)
> at org.apache.hadoop.crypto.key.DB2HSMMKUtil.main(DB2HSMMKUtil.java:58)
> Caused by: java.lang.NullPointerException
> at java.security.Provider$ServiceKey.<init>(Provider.java:872)
> at java.security.Provider$ServiceKey.<init>(Provider.java:865)
> at java.security.Provider.getService(Provider.java:1039)
> at sun.security.jca.ProviderList.getService(ProviderList.java:332)
> at sun.security.jca.GetInstance.getInstance(GetInstance.java:157)
> at java.security.Security.getImpl(Security.java:775)
> at java.security.MessageDigest.getInstance(MessageDigest.java:170)
> at 
> org.apache.hadoop.crypto.key.RangerMasterKey.getPBEParameterSpec(RangerMasterKey.java:449)
> at 
> org.apache.hadoop.crypto.key.RangerMasterKey.decryptMasterKey(RangerMasterKey.java:255)
>  {code}
> *RCA:* These metadata part needs to be initialised explicitly for older key 
> format.
> I know the fix and will raise PR



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to