[ https://issues.apache.org/jira/browse/HDFS-13494?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16477649#comment-16477649 ]
Akira Ajisaka commented on HDFS-13494: -------------------------------------- Thanks [~gabor.bota] for updating the patch! Some comments: * Would you add the default value in CommonConfigurationKeysPublic.java as well? That way we don't need comment that default value added to core-default.xml in the source code. * This change is in hadoop-common, so I'll move this issue to Hadoop Common project shortly. Would you update the issue id in the patch? * In the description of the new parameter, would you document how the new parameter work in Apache Hadoop KeyProvider? bq. The default pattern allows java.lang.Enum, java.security.KeyRep, java.security.KeyRep$Type, and javax.crypto.spec.SecretKeySpec but rejects all the others. In this case, "the default pattern" is misunderstanding. It looks to be the default value of the new parameter. > Configure serialFilter to avoid UnrecoverableKeyException caused by > JDK-8189997 > ------------------------------------------------------------------------------- > > Key: HDFS-13494 > URL: https://issues.apache.org/jira/browse/HDFS-13494 > Project: Hadoop HDFS > Issue Type: Bug > Components: kms > Affects Versions: 2.7.6, 3.0.2 > Environment: JDK 8u171 > Reporter: Gabor Bota > Assignee: Gabor Bota > Priority: Critical > Attachments: HDFS-13494.001.patch, HDFS-13494.002.patch, > HDFS-13494.003.patch, org.apache.hadoop.crypto.key.TestKeyProviderFactory.txt > > > There is a new feature in JDK 8u171 called Enhanced KeyStore Mechanisms > (http://www.oracle.com/technetwork/java/javase/8u171-relnotes-4308888.html#JDK-8189997). > This is the cause of the following errors in the TestKeyProviderFactory: > {noformat} > Caused by: java.security.UnrecoverableKeyException: Rejected by the > jceks.key.serialFilter or jdk.serialFilter property > at com.sun.crypto.provider.KeyProtector.unseal(KeyProtector.java:352) > at > com.sun.crypto.provider.JceKeyStore.engineGetKey(JceKeyStore.java:136) > at java.security.KeyStore.getKey(KeyStore.java:1023) > at > org.apache.hadoop.crypto.key.JavaKeyStoreProvider.getMetadata(JavaKeyStoreProvider.java:410) > ... 28 more > {noformat} > This issue causes errors and failures in hbase tests right now (using hdfs) > and could affect other products running on this new Java version. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org