[ https://issues.apache.org/jira/browse/HDFS-13494?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16474055#comment-16474055 ]
Gabor Bota commented on HDFS-13494: ----------------------------------- I've created a configurable parameter "hadoop.security.crypto.jceks.key.serialfilter" in core.xml, and provided a patch with it. > Configure serialFilter to avoid UnrecoverableKeyException caused by > JDK-8189997 > ------------------------------------------------------------------------------- > > Key: HDFS-13494 > URL: https://issues.apache.org/jira/browse/HDFS-13494 > Project: Hadoop HDFS > Issue Type: Bug > Components: kms > Affects Versions: 2.7.6, 3.0.2 > Environment: JDK 8u171 > Reporter: Gabor Bota > Assignee: Gabor Bota > Priority: Critical > Attachments: HDFS-13494.001.patch, HDFS-13494.002.patch, > HDFS-13494.003.patch, org.apache.hadoop.crypto.key.TestKeyProviderFactory.txt > > > There is a new feature in JDK 8u171 called Enhanced KeyStore Mechanisms > (http://www.oracle.com/technetwork/java/javase/8u171-relnotes-4308888.html#JDK-8189997). > This could be the cause the following errors in the TestKeyProviderFactory: > {noformat} > Caused by: java.security.UnrecoverableKeyException: Rejected by the > jceks.key.serialFilter or jdk.serialFilter property > at com.sun.crypto.provider.KeyProtector.unseal(KeyProtector.java:352) > at > com.sun.crypto.provider.JceKeyStore.engineGetKey(JceKeyStore.java:136) > at java.security.KeyStore.getKey(KeyStore.java:1023) > at > org.apache.hadoop.crypto.key.JavaKeyStoreProvider.getMetadata(JavaKeyStoreProvider.java:410) > ... 28 more > {noformat} > This issue causes errors and failures in hbase tests right now (using hdfs) > and could affect other products running on this new Java version. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org