Community Articles
Find and share helpful community-sourced technical articles
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.
Cloudera Employee

Affected versions:

1.4.x

Symptoms:

New recommendations are not displayed in the recommendations tab in the SmartSense view. There is a failure in hst-server.log :

2017-04-20 17:20:11,904 INFO
[RecommendationAutoDownloadTask] GatewayClientHelper:74 - HTTP/1.1 200 OK 2017-04-20 17:20:11,904 INFO
[RecommendationAutoDownloadTask] GatewayClientHelper:75 - OK 2017-04-20 17:20:11,907 ERROR
[RecommendationAutoDownloadTask] ArchiveFileCrypto:240 - Invalid key. Illegal
key size or default parameters 
2017-04-20 17:20:11,907 ERROR [RecommendationAutoDownloadTask] RecommendationAutoDownloadTask:41 - Failed to download recommendations. Illegal key size or default parameters 

com.hortonworks.smartsense.anonymization.crypto.CryptoException: Illegal key size or default parameters 
at com.hortonworks.smartsense.anonymization.crypto.impl.ArchiveFileCrypto.decrypt(ArchiveFileCrypto.java:241)
at com.hortonworks.smartsense.anonymization.crypto.FileDecryptor.decrypt(FileDecryptor.java:69)
at com.hortonworks.support.tools.server.keygen.EncryptionKeyPairManager.decrypt(EncryptionKeyPairManager.java:109)
at com.hortonworks.support.tools.gateway.GatewayClientHelper.getRecommendations(GatewayClientHelper.java:79)
at com.hortonworks.support.tools.server.recommendation.RecommendationGatewayImpl.gatewayDownloadRecommendations(RecommendationGatewayImpl.java:66)
at com.hortonworks.support.tools.server.BaseControllerModule$1.gatewayDownloadRecommendations(BaseControllerModule.java:83)
at com.hortonworks.support.tools.server.recommendation.RecommendationGatewayImpl.download(RecommendationGatewayImpl.java:50)
at com.hortonworks.support.tools.server.recommendation.RecommendationAutoDownloadTask.downloadRecommendations(RecommendationAutoDownloadTask.java:55)
at com.hortonworks.support.tools.server.recommendation.RecommendationAutoDownloadTask.run(RecommendationAutoDownloadTask.java:39)
at java.util.TimerThread.mainLoop(Timer.java:555) 
at java.util.TimerThread.run(Timer.java:505) 
Caused by:
java.security.InvalidKeyException: Illegal key size or default parameters 
at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:1026) 
at javax.crypto.Cipher.implInit(Cipher.java:801) 
at javax.crypto.Cipher.chooseProvider(Cipher.java:864) 
at javax.crypto.Cipher.init(Cipher.java:1249) 
at javax.crypto.Cipher.init(Cipher.java:1186)
at com.hortonworks.smartsense.anonymization.crypto.impl.ArchiveFileCrypto.decrypt(ArchiveFileCrypto.java:233)

Reason:

Hortonworks Datalake uses longer keys to encrypt the recommendations for more secure communication. JCE Unlimited strength is required to decrypt the received recommendations. This above provided exception will typically occur if JCE unlimited strength is not available or used in the HST Server node.

Solution:

Install JCE Unlimited on HST Server for the available JDK version and restart HST Server. If JCE Unlimited is already available, then verify following:

JCE requires these 2 jars in JDK_HOME/jre/lib/security/

1. US_export_policy.jar

2. local_policy.jar

Right way to verify is to download the jars from Oracle site for a given jdk version and verify their checksum. Sometimes, these jars may be available in this dir but they are probably for a different jdk version.

391 Views
Don't have an account?
Coming from Hortonworks? Activate your account here
Version history
Revision #:
1 of 1
Last update:
‎04-28-2017 12:14 AM
Updated by:
 
Contributors
Top Kudoed Authors