ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dhaval Shah <dhavalshah9...@gmail.com>
Subject Re: Review Request 71656: RANGER-2378 : KeySecure HSM Integration is not compatible with Java9
Date Thu, 24 Oct 2019 13:52:20 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71656/
-----------------------------------------------------------

(Updated Oct. 24, 2019, 1:52 p.m.)


Review request for ranger, Ankita Sinha, Gautam Borad, Mehul Parikh, and Pradeep Agrawal.


Bugs: RANGER-2378
    https://issues.apache.org/jira/browse/RANGER-2378


Repository: ranger


Description
-------

While Configuring Ranger KMS with Safenet KeySecure HSM we used sun.security.pkcs11.SunPKCS11
class, unfortunately this class changed between Java 8 and 9, so the code no longer compiles
on Java9+.

The Java8 way of doing is:

Provider p = new sun.security.pkcs11.SunPKCS11(configName);
Security.addProvider(p);


However, in Java 9, sun.security.pkcs11.SunPKCS11 doesn't have a constructor with a String
parameter, and the documentation suggests suggest to use:

Provider p = Security.getProvider("SunPKCS11");
p = p.configure(configName); // this gives compile time issue in Java 8. It's not backward
compatible.
Security.addProvider(p); 


Hence, in order to support java 8 and java 9+ during compile time and runtime.
1.) Detect java version 
2.) If java 8 then
Provider p = new sun.security.pkcs11.SunPKCS11(configName);
Security.addProvider(p);
3.) If java 9 or 10 0r 11 then
Used this reflection to invoke configure method of class Provider.


Diffs
-----

  kms/config/kms-webapp/dbks-site.xml e9cafbc 
  kms/src/main/java/org/apache/hadoop/crypto/key/RangerSafenetKeySecure.java 12afe33 


Diff: https://reviews.apache.org/r/71656/diff/1/


Testing
-------

Testing Done:
1.) Successfully created master key for java 8 and java 11 on Safenet Key secure instance.
2.) Successfully created EZkeys using master key on java 8 and 11.


Thanks,

Dhaval Shah


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message