Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-15473

Configure serialFilter in KeyProvider to avoid UnrecoverableKeyException caused by JDK-8189997

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Critical
    • Resolution: Fixed
    • 2.7.6, 3.0.2
    • 2.10.0, 3.2.0, 3.1.1, 2.9.2, 3.0.3, 2.7.7, 2.8.5
    • kms
    • None

    • JDK 8u171

    • Reviewed

    Description

      There is a new feature in JDK 8u171 called Enhanced KeyStore Mechanisms (http://www.oracle.com/technetwork/java/javase/8u171-relnotes-4308888.html#JDK-8189997).
      This is the cause of the following errors in the TestKeyProviderFactory:

      Caused by: java.security.UnrecoverableKeyException: Rejected by the jceks.key.serialFilter or jdk.serialFilter property
	at com.sun.crypto.provider.KeyProtector.unseal(KeyProtector.java:352)
	at com.sun.crypto.provider.JceKeyStore.engineGetKey(JceKeyStore.java:136)
	at java.security.KeyStore.getKey(KeyStore.java:1023)
	at org.apache.hadoop.crypto.key.JavaKeyStoreProvider.getMetadata(JavaKeyStoreProvider.java:410)
	... 28 more

      This issue causes errors and failures in hbase tests right now (using hdfs) and could affect other products running on this new Java version.

      Attachments

        1. HADOOP-15473.004.patch
          5 kB
          Gabor Bota
        2. HADOOP-15473.005.patch
          5 kB
          Gabor Bota
        3. HADOOP-15473.006.patch
          5 kB
          Gabor Bota
        4. HDFS-13494.001.patch
          1 kB
          Gabor Bota
        5. HDFS-13494.002.patch
          1 kB
          Gabor Bota
        6. HDFS-13494.003.patch
          4 kB
          Gabor Bota
        7. org.apache.hadoop.crypto.key.TestKeyProviderFactory.txt
          6 kB
          Gabor Bota

        Issue Links

          breaks

          Bug - A problem which impairs or prevents the functions of the product. HBASE-20535 Check the UT TestSaslFanOutOneBlockAsyncDFSOutput which is always flaky

          • Major - Major loss of function.
          • Resolved
          is depended upon by

          Task - A task that needs to be done. HADOOP-15509 Release Hadoop 2.7.7

          • Major - Major loss of function.
          • Resolved
          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. HADOOP-15445 TestCryptoAdminCLI test failure when upgrading to JDK8 patch 171.

          • Major - Major loss of function.
          • Open

          Bug - A problem which impairs or prevents the functions of the product. HADOOP-15519 KMS fails to read the existing key metadata after upgrading to JDK 1.8u171

          • Critical - Crashes, loss of data, severe memory leak.
          • Resolved
          is related to

          Bug - A problem which impairs or prevents the functions of the product. HBASE-20538 Upgrade our hadoop versions to 2.7.7 and 3.0.3

          • Critical - Crashes, loss of data, severe memory leak.
          • Resolved
          mentioned in

          Page Loading...

          Activity

            People

              gabor.bota Gabor Bota
              gabor.bota Gabor Bota
              Votes:
              0 Vote for this issue
              Watchers:
              13 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: