You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Dhaval Shah <dh...@gmail.com> on 2019/10/24 13:52:20 UTC
Re: Review Request 71656: RANGER-2378 : KeySecure HSM Integration is
not compatible with Java9
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71656/
-----------------------------------------------------------
(Updated Oct. 24, 2019, 1:52 p.m.)
Review request for ranger, Ankita Sinha, Gautam Borad, Mehul Parikh, and Pradeep Agrawal.
Bugs: RANGER-2378
https://issues.apache.org/jira/browse/RANGER-2378
Repository: ranger
Description
-------
While Configuring Ranger KMS with Safenet KeySecure HSM we used sun.security.pkcs11.SunPKCS11 class, unfortunately this class changed between Java 8 and 9, so the code no longer compiles on Java9+.
The Java8 way of doing is:
Provider p = new sun.security.pkcs11.SunPKCS11(configName);
Security.addProvider(p);
However, in Java 9, sun.security.pkcs11.SunPKCS11 doesn't have a constructor with a String parameter, and the documentation suggests suggest to use:
Provider p = Security.getProvider("SunPKCS11");
p = p.configure(configName); // this gives compile time issue in Java 8. It's not backward compatible.
Security.addProvider(p);
Hence, in order to support java 8 and java 9+ during compile time and runtime.
1.) Detect java version
2.) If java 8 then
Provider p = new sun.security.pkcs11.SunPKCS11(configName);
Security.addProvider(p);
3.) If java 9 or 10 0r 11 then
Used this reflection to invoke configure method of class Provider.
Diffs
-----
kms/config/kms-webapp/dbks-site.xml e9cafbc
kms/src/main/java/org/apache/hadoop/crypto/key/RangerSafenetKeySecure.java 12afe33
Diff: https://reviews.apache.org/r/71656/diff/1/
Testing
-------
Testing Done:
1.) Successfully created master key for java 8 and java 11 on Safenet Key secure instance.
2.) Successfully created EZkeys using master key on java 8 and 11.
Thanks,
Dhaval Shah
Re: Review Request 71656: RANGER-2378 : KeySecure HSM Integration is
not compatible with Java9
Posted by Velmurugan Periasamy <vp...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71656/#review218455
-----------------------------------------------------------
Ship it!
Ship It!
- Velmurugan Periasamy
On Oct. 24, 2019, 1:52 p.m., Dhaval Shah wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71656/
> -----------------------------------------------------------
>
> (Updated Oct. 24, 2019, 1:52 p.m.)
>
>
> Review request for ranger, Ankita Sinha, Gautam Borad, Mehul Parikh, and Pradeep Agrawal.
>
>
> Bugs: RANGER-2378
> https://issues.apache.org/jira/browse/RANGER-2378
>
>
> Repository: ranger
>
>
> Description
> -------
>
> While Configuring Ranger KMS with Safenet KeySecure HSM we used sun.security.pkcs11.SunPKCS11 class, unfortunately this class changed between Java 8 and 9, so the code no longer compiles on Java9+.
>
> The Java8 way of doing is:
>
> Provider p = new sun.security.pkcs11.SunPKCS11(configName);
> Security.addProvider(p);
>
>
> However, in Java 9, sun.security.pkcs11.SunPKCS11 doesn't have a constructor with a String parameter, and the documentation suggests suggest to use:
>
> Provider p = Security.getProvider("SunPKCS11");
> p = p.configure(configName); // this gives compile time issue in Java 8. It's not backward compatible.
> Security.addProvider(p);
>
>
> Hence, in order to support java 8 and java 9+ during compile time and runtime.
> 1.) Detect java version
> 2.) If java 8 then
> Provider p = new sun.security.pkcs11.SunPKCS11(configName);
> Security.addProvider(p);
> 3.) If java 9 or 10 0r 11 then
> Used this reflection to invoke configure method of class Provider.
>
>
> Diffs
> -----
>
> kms/config/kms-webapp/dbks-site.xml e9cafbc
> kms/src/main/java/org/apache/hadoop/crypto/key/RangerSafenetKeySecure.java 12afe33
>
>
> Diff: https://reviews.apache.org/r/71656/diff/1/
>
>
> Testing
> -------
>
> Testing Done:
> 1.) Successfully created master key for java 8 and java 11 on Safenet Key secure instance.
> 2.) Successfully created EZkeys using master key on java 8 and 11.
>
>
> Thanks,
>
> Dhaval Shah
>
>