vikaskr22 opened a new pull request, #612: URL: https://github.com/apache/ranger/pull/612
…material into DB ## What changes were proposed in this pull request? A sanity check (kind of assertion) has been added in the RangerMasterKey to make sure re-encrypted material returns the the same old MK key material after decryption process. It is required , if decrypt operation fails due to any runtime error or returns some wrong material, it would be the case of data loss . Since same encrypt/decrypt provider is being used for both MasterKey and Zone keys, I am not adding this check for zone keys. Adding such check for zone keys will impact the performance considering there would be many zone keys. ## How was this patch tested? mvn build Unit Test Manually verified in docker container by configuring the container to support FIPS provider and related configuration. Followed the steps from [](https://issues.apache.org/jira/browse/RANGER-3174) **What was tested:** By default, master key got created using PBEWithMD5AndDES, after configuration for FIPS and restart, Master key got re-encrypted using the configured algorithm PBKDF2WithHmacSHA256 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@ranger.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
