You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by Dhaval Shah <dh...@gmail.com> on 2019/10/24 13:52:20 UTC

Re: Review Request 71656: RANGER-2378 : KeySecure HSM Integration is not compatible with Java9

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71656/
-----------------------------------------------------------

(Updated Oct. 24, 2019, 1:52 p.m.)


Review request for ranger, Ankita Sinha, Gautam Borad, Mehul Parikh, and Pradeep Agrawal.


Bugs: RANGER-2378
    https://issues.apache.org/jira/browse/RANGER-2378


Repository: ranger


Description
-------

While Configuring Ranger KMS with Safenet KeySecure HSM we used sun.security.pkcs11.SunPKCS11 class, unfortunately this class changed between Java 8 and 9, so the code no longer compiles on Java9+.

The Java8 way of doing is:

Provider p = new sun.security.pkcs11.SunPKCS11(configName);
Security.addProvider(p);


However, in Java 9, sun.security.pkcs11.SunPKCS11 doesn't have a constructor with a String parameter, and the documentation suggests suggest to use:

Provider p = Security.getProvider("SunPKCS11");
p = p.configure(configName); // this gives compile time issue in Java 8. It's not backward compatible.
Security.addProvider(p); 


Hence, in order to support java 8 and java 9+ during compile time and runtime.
1.) Detect java version 
2.) If java 8 then
Provider p = new sun.security.pkcs11.SunPKCS11(configName);
Security.addProvider(p);
3.) If java 9 or 10 0r 11 then
Used this reflection to invoke configure method of class Provider.


Diffs
-----

  kms/config/kms-webapp/dbks-site.xml e9cafbc 
  kms/src/main/java/org/apache/hadoop/crypto/key/RangerSafenetKeySecure.java 12afe33 


Diff: https://reviews.apache.org/r/71656/diff/1/


Testing
-------

Testing Done:
1.) Successfully created master key for java 8 and java 11 on Safenet Key secure instance.
2.) Successfully created EZkeys using master key on java 8 and 11.


Thanks,

Dhaval Shah

Re: Review Request 71656: RANGER-2378 : KeySecure HSM Integration is not compatible with Java9

Posted by Velmurugan Periasamy <vp...@hortonworks.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71656/#review218455
-----------------------------------------------------------


Ship it!




Ship It!

- Velmurugan Periasamy


On Oct. 24, 2019, 1:52 p.m., Dhaval Shah wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71656/
> -----------------------------------------------------------
> 
> (Updated Oct. 24, 2019, 1:52 p.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Gautam Borad, Mehul Parikh, and Pradeep Agrawal.
> 
> 
> Bugs: RANGER-2378
>     https://issues.apache.org/jira/browse/RANGER-2378
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> While Configuring Ranger KMS with Safenet KeySecure HSM we used sun.security.pkcs11.SunPKCS11 class, unfortunately this class changed between Java 8 and 9, so the code no longer compiles on Java9+.
> 
> The Java8 way of doing is:
> 
> Provider p = new sun.security.pkcs11.SunPKCS11(configName);
> Security.addProvider(p);
> 
> 
> However, in Java 9, sun.security.pkcs11.SunPKCS11 doesn't have a constructor with a String parameter, and the documentation suggests suggest to use:
> 
> Provider p = Security.getProvider("SunPKCS11");
> p = p.configure(configName); // this gives compile time issue in Java 8. It's not backward compatible.
> Security.addProvider(p); 
> 
> 
> Hence, in order to support java 8 and java 9+ during compile time and runtime.
> 1.) Detect java version 
> 2.) If java 8 then
> Provider p = new sun.security.pkcs11.SunPKCS11(configName);
> Security.addProvider(p);
> 3.) If java 9 or 10 0r 11 then
> Used this reflection to invoke configure method of class Provider.
> 
> 
> Diffs
> -----
> 
>   kms/config/kms-webapp/dbks-site.xml e9cafbc 
>   kms/src/main/java/org/apache/hadoop/crypto/key/RangerSafenetKeySecure.java 12afe33 
> 
> 
> Diff: https://reviews.apache.org/r/71656/diff/1/
> 
> 
> Testing
> -------
> 
> Testing Done:
> 1.) Successfully created master key for java 8 and java 11 on Safenet Key secure instance.
> 2.) Successfully created EZkeys using master key on java 8 and 11.
> 
> 
> Thanks,
> 
> Dhaval Shah
> 
>