[jira] [Commented] (RANGER-5169) Error while migrating Masterkey from older format to external key store

Tue, 29 Apr 2025 14:44:01 -0700 


    [ 
https://issues.apache.org/jira/browse/RANGER-5169?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17948288#comment-17948288
 ] 

Madhan Neethiraj commented on RANGER-5169:
------------------------------------------

* master 
branch:[https://github.com/apache/ranger/commit/1b8482a02de45cc32cf8c5c675d7c59e339e153f]
  
 * ranger-2.7 branch: 
[https://github.com/apache/ranger/commit/31546fde6cbc91a5b011f9a046dec0fc11db8a50]
 

> Error while migrating Masterkey from older format to external key store
> -----------------------------------------------------------------------
>
>                 Key: RANGER-5169
>                 URL: https://issues.apache.org/jira/browse/RANGER-5169
>             Project: Ranger
>          Issue Type: Bug
>          Components: kms
>            Reporter: Vikas Kumar
>            Assignee: Vikas Kumar
>            Priority: Major
>             Fix For: 3.0.0, 2.7.0
>
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> *Error:*
> While migrating master key to Luna HSM (for example), it first gets the 
> Masterkey from DB, decrypts it and then send it to Luna. It works perfectly 
> fine if master key is of the latest format where it contains the metdata in 
> the master_key column.
> But in older older cluster, it only contains the master key material and 
> other metdata like encryption algorithm, message digest algorithm etc needs 
> to initialised with default values.
> {code:java}
> Connected to DB : trueGetting Master KeyException in thread "main" 
> java.lang.RuntimeException: Unable to import Master key from Ranger DB to HSM
> at 
> org.apache.hadoop.crypto.key.DB2HSMMKUtil.doExportMKToHSM(DB2HSMMKUtil.java:93)
> at org.apache.hadoop.crypto.key.DB2HSMMKUtil.main(DB2HSMMKUtil.java:58)
> Caused by: java.lang.NullPointerException
> at java.security.Provider$ServiceKey.<init>(Provider.java:872)
> at java.security.Provider$ServiceKey.<init>(Provider.java:865)
> at java.security.Provider.getService(Provider.java:1039)
> at sun.security.jca.ProviderList.getService(ProviderList.java:332)
> at sun.security.jca.GetInstance.getInstance(GetInstance.java:157)
> at java.security.Security.getImpl(Security.java:775)
> at java.security.MessageDigest.getInstance(MessageDigest.java:170)
> at 
> org.apache.hadoop.crypto.key.RangerMasterKey.getPBEParameterSpec(RangerMasterKey.java:449)
> at 
> org.apache.hadoop.crypto.key.RangerMasterKey.decryptMasterKey(RangerMasterKey.java:255)
>  {code}
> *RCA:* These metadata part needs to be initialised explicitly for older key 
> format.
> I know the fix and will raise PR



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to