You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-issues@hadoop.apache.org by "Gabor Bota (JIRA)" <ji...@apache.org> on 2018/05/23 11:43:00 UTC

[jira] [Comment Edited] (HADOOP-15473) Configure serialFilter to avoid UnrecoverableKeyException caused by JDK-8189997

    [ https://issues.apache.org/jira/browse/HADOOP-15473?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16487116#comment-16487116 ] 

Gabor Bota edited comment on HADOOP-15473 at 5/23/18 11:42 AM:
---------------------------------------------------------------

Good point [~xiaochen], I've added the check for the already set property and documented the behavior in the v5 patch


was (Author: gabor.bota):
Good point [~xiaochen], I've added the check for the already set property and documented the behavior in the v4 patch

> Configure serialFilter to avoid UnrecoverableKeyException caused by JDK-8189997
> -------------------------------------------------------------------------------
>
>                 Key: HADOOP-15473
>                 URL: https://issues.apache.org/jira/browse/HADOOP-15473
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: kms
>    Affects Versions: 2.7.6, 3.0.2
>         Environment: JDK 8u171
>            Reporter: Gabor Bota
>            Assignee: Gabor Bota
>            Priority: Critical
>         Attachments: HADOOP-15473.004.patch, HADOOP-15473.005.patch, HDFS-13494.001.patch, HDFS-13494.002.patch, HDFS-13494.003.patch, org.apache.hadoop.crypto.key.TestKeyProviderFactory.txt
>
>
> There is a new feature in JDK 8u171 called Enhanced KeyStore Mechanisms (http://www.oracle.com/technetwork/java/javase/8u171-relnotes-4308888.html#JDK-8189997).
> This is the cause of the following errors in the TestKeyProviderFactory:
> {noformat}
> Caused by: java.security.UnrecoverableKeyException: Rejected by the jceks.key.serialFilter or jdk.serialFilter property
> 	at com.sun.crypto.provider.KeyProtector.unseal(KeyProtector.java:352)
> 	at com.sun.crypto.provider.JceKeyStore.engineGetKey(JceKeyStore.java:136)
> 	at java.security.KeyStore.getKey(KeyStore.java:1023)
> 	at org.apache.hadoop.crypto.key.JavaKeyStoreProvider.getMetadata(JavaKeyStoreProvider.java:410)
> 	... 28 more
> {noformat}
> This issue causes errors and failures in hbase tests right now (using hdfs) and could affect other products running on this new Java version.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org