[ https://issues.apache.org/jira/browse/RANGER-2112?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Pradeep Agrawal reassigned RANGER-2112: --------------------------------------- Assignee: Pradeep Agrawal > Ranger KMS broken with JDK 8 update 171 > --------------------------------------- > > Key: RANGER-2112 > URL: https://issues.apache.org/jira/browse/RANGER-2112 > Project: Ranger > Issue Type: Bug > Components: kms > Affects Versions: 0.7.0 > Reporter: Hernan Fernandez > Assignee: Pradeep Agrawal > Priority: Major > > After update to JDK 8 update 171 Ranger KMS UI > 1) Ranger KMS UI > Encryption: will show the key list as the following. > keyname (empty) > Cipher (empty) > Version 0 > Attributes (empty) > Create (empty) > > !image-2018-05-22-10-19-13-599.png! > > 2) hadoop key -list -metadata > Listing keys for KeyProvider: > org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider@7d322cad > testkey1 : null > > *ROOT CAUSE* > This may be related to > {code:java} > New Features > security-libs/javax.crypto > Enhanced KeyStore Mechanisms > A new security property named jceks.key.serialFilter has been introduced. If > this filter is configured, the JCEKS KeyStore uses it during the > deserialization of the encrypted Key object stored inside a SecretKeyEntry. > If it is not configured or if the filter result is UNDECIDED (for example, > none of the patterns match), then the filter configured by jdk.serialFilter > is consulted. If the system property jceks.key.serialFilter is also supplied, > it supersedes the security property value defined here. The filter pattern > uses the same format as jdk.serialFilter. The default pattern allows > java.lang.Enum, java.security.KeyRep, java.security.KeyRep$Type, and > javax.crypto.spec.SecretKeySpec but rejects all the others. Customers storing > a SecretKey that does not serialize to the above types must modify the filter > to make the key extractable. > {code} > http://www.oracle.com/technetwork/java/javase/8u171-relnotes-4308888.html > b) second option this is related to 3DES disabled on java.security (to be > tested) > -- This message was sent by Atlassian JIRA (v7.6.3#76005)