Community Articles

Affected versions:

1.4.x

Symptoms:

New recommendations are not displayed in the recommendations tab in the SmartSense view. There is a failure in hst-server.log :

2017-04-20 17:20:11,904 INFO
[RecommendationAutoDownloadTask] GatewayClientHelper:74 - HTTP/1.1 200 OK 2017-04-20 17:20:11,904 INFO
[RecommendationAutoDownloadTask] GatewayClientHelper:75 - OK 2017-04-20 17:20:11,907 ERROR
[RecommendationAutoDownloadTask] ArchiveFileCrypto:240 - Invalid key. Illegal
key size or default parameters 
2017-04-20 17:20:11,907 ERROR [RecommendationAutoDownloadTask] RecommendationAutoDownloadTask:41 - Failed to download recommendations. Illegal key size or default parameters 

com.hortonworks.smartsense.anonymization.crypto.CryptoException: Illegal key size or default parameters 
at com.hortonworks.smartsense.anonymization.crypto.impl.ArchiveFileCrypto.decrypt(ArchiveFileCrypto.java:241)
at com.hortonworks.smartsense.anonymization.crypto.FileDecryptor.decrypt(FileDecryptor.java:69)
at com.hortonworks.support.tools.server.keygen.EncryptionKeyPairManager.decrypt(EncryptionKeyPairManager.java:109)
at com.hortonworks.support.tools.gateway.GatewayClientHelper.getRecommendations(GatewayClientHelper.java:79)
at com.hortonworks.support.tools.server.recommendation.RecommendationGatewayImpl.gatewayDownloadRecommendations(RecommendationGatewayImpl.java:66)
at com.hortonworks.support.tools.server.BaseControllerModule$1.gatewayDownloadRecommendations(BaseControllerModule.java:83)
at com.hortonworks.support.tools.server.recommendation.RecommendationGatewayImpl.download(RecommendationGatewayImpl.java:50)
at com.hortonworks.support.tools.server.recommendation.RecommendationAutoDownloadTask.downloadRecommendations(RecommendationAutoDownloadTask.java:55)
at com.hortonworks.support.tools.server.recommendation.RecommendationAutoDownloadTask.run(RecommendationAutoDownloadTask.java:39)
at java.util.TimerThread.mainLoop(Timer.java:555) 
at java.util.TimerThread.run(Timer.java:505) 
Caused by:
java.security.InvalidKeyException: Illegal key size or default parameters 
at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:1026) 
at javax.crypto.Cipher.implInit(Cipher.java:801) 
at javax.crypto.Cipher.chooseProvider(Cipher.java:864) 
at javax.crypto.Cipher.init(Cipher.java:1249) 
at javax.crypto.Cipher.init(Cipher.java:1186)
at com.hortonworks.smartsense.anonymization.crypto.impl.ArchiveFileCrypto.decrypt(ArchiveFileCrypto.java:233)

Reason:

Hortonworks Datalake uses longer keys to encrypt the recommendations for more secure communication. JCE Unlimited strength is required to decrypt the received recommendations. This above provided exception will typically occur if JCE unlimited strength is not available or used in the HST Server node.

Solution:

Install JCE Unlimited on HST Server for the available JDK version and restart HST Server. If JCE Unlimited is already available, then verify following:

JCE requires these 2 jars in JDK_HOME/jre/lib/security/

1. US_export_policy.jar

2. local_policy.jar

Right way to verify is to download the jars from Oracle site for a given jdk version and verify their checksum. Sometimes, these jars may be available in this dir but they are probably for a different jdk version.