ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Velmurugan Periasamy <vperias...@hortonworks.com>
Subject Re: Review Request 71656: RANGER-2378 : KeySecure HSM Integration is not compatible with Java9
Date Wed, 30 Oct 2019 11:42:36 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71656/#review218455
-----------------------------------------------------------


Ship it!




Ship It!

- Velmurugan Periasamy


On Oct. 24, 2019, 1:52 p.m., Dhaval Shah wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71656/
> -----------------------------------------------------------
> 
> (Updated Oct. 24, 2019, 1:52 p.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Gautam Borad, Mehul Parikh, and Pradeep Agrawal.
> 
> 
> Bugs: RANGER-2378
>     https://issues.apache.org/jira/browse/RANGER-2378
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> While Configuring Ranger KMS with Safenet KeySecure HSM we used sun.security.pkcs11.SunPKCS11
class, unfortunately this class changed between Java 8 and 9, so the code no longer compiles
on Java9+.
> 
> The Java8 way of doing is:
> 
> Provider p = new sun.security.pkcs11.SunPKCS11(configName);
> Security.addProvider(p);
> 
> 
> However, in Java 9, sun.security.pkcs11.SunPKCS11 doesn't have a constructor with a String
parameter, and the documentation suggests suggest to use:
> 
> Provider p = Security.getProvider("SunPKCS11");
> p = p.configure(configName); // this gives compile time issue in Java 8. It's not backward
compatible.
> Security.addProvider(p); 
> 
> 
> Hence, in order to support java 8 and java 9+ during compile time and runtime.
> 1.) Detect java version 
> 2.) If java 8 then
> Provider p = new sun.security.pkcs11.SunPKCS11(configName);
> Security.addProvider(p);
> 3.) If java 9 or 10 0r 11 then
> Used this reflection to invoke configure method of class Provider.
> 
> 
> Diffs
> -----
> 
>   kms/config/kms-webapp/dbks-site.xml e9cafbc 
>   kms/src/main/java/org/apache/hadoop/crypto/key/RangerSafenetKeySecure.java 12afe33

> 
> 
> Diff: https://reviews.apache.org/r/71656/diff/1/
> 
> 
> Testing
> -------
> 
> Testing Done:
> 1.) Successfully created master key for java 8 and java 11 on Safenet Key secure instance.
> 2.) Successfully created EZkeys using master key on java 8 and 11.
> 
> 
> Thanks,
> 
> Dhaval Shah
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message