You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-issues@hadoop.apache.org by "Hudson (JIRA)" <ji...@apache.org> on 2018/05/25 16:53:00 UTC

[jira] [Commented] (HADOOP-15473) Configure serialFilter in KeyProvider to avoid UnrecoverableKeyException caused by JDK-8189997

    [ https://issues.apache.org/jira/browse/HADOOP-15473?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16490998#comment-16490998 ] 

Hudson commented on HADOOP-15473:
---------------------------------

SUCCESS: Integrated in Jenkins build Hadoop-trunk-Commit #14290 (See [https://builds.apache.org/job/Hadoop-trunk-Commit/14290/])
HADOOP-15473. Configure serialFilter in KeyProvider to avoid (xiao: rev 02322de3f95ba78a22c057037ef61aa3ab1d3824)
* (edit) hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeysPublic.java
* (edit) hadoop-common-project/hadoop-common/src/main/resources/core-default.xml
* (edit) hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProvider.java


> Configure serialFilter in KeyProvider to avoid UnrecoverableKeyException caused by JDK-8189997
> ----------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-15473
>                 URL: https://issues.apache.org/jira/browse/HADOOP-15473
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: kms
>    Affects Versions: 2.7.6, 3.0.2
>         Environment: JDK 8u171
>            Reporter: Gabor Bota
>            Assignee: Gabor Bota
>            Priority: Critical
>             Fix For: 2.10.0, 3.2.0, 3.1.1, 2.9.2, 3.0.3, 2.7.7, 2.8.5
>
>         Attachments: HADOOP-15473.004.patch, HADOOP-15473.005.patch, HADOOP-15473.006.patch, HDFS-13494.001.patch, HDFS-13494.002.patch, HDFS-13494.003.patch, org.apache.hadoop.crypto.key.TestKeyProviderFactory.txt
>
>
> There is a new feature in JDK 8u171 called Enhanced KeyStore Mechanisms (http://www.oracle.com/technetwork/java/javase/8u171-relnotes-4308888.html#JDK-8189997).
> This is the cause of the following errors in the TestKeyProviderFactory:
> {noformat}
> Caused by: java.security.UnrecoverableKeyException: Rejected by the jceks.key.serialFilter or jdk.serialFilter property
> 	at com.sun.crypto.provider.KeyProtector.unseal(KeyProtector.java:352)
> 	at com.sun.crypto.provider.JceKeyStore.engineGetKey(JceKeyStore.java:136)
> 	at java.security.KeyStore.getKey(KeyStore.java:1023)
> 	at org.apache.hadoop.crypto.key.JavaKeyStoreProvider.getMetadata(JavaKeyStoreProvider.java:410)
> 	... 28 more
> {noformat}
> This issue causes errors and failures in hbase tests right now (using hdfs) and could affect other products running on this new Java version.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org