HBASE-25987 Make SSL keystore type configurable for HBase ThriftServer (#3367)

Signed-off-by: Wellington Chevreuil <wchevreuil@apache.com>
This commit is contained in:
Mate Szalay-Beko 2021-06-09 17:51:45 +02:00 committed by GitHub
parent 471e8159f0
commit 7f7a293cb5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 8 additions and 0 deletions

View File

@ -65,6 +65,10 @@ public final class Constants {
"hbase.thrift.ssl.exclude.protocols";
public static final String THRIFT_SSL_INCLUDE_PROTOCOLS_KEY =
"hbase.thrift.ssl.include.protocols";
public static final String THRIFT_SSL_KEYSTORE_TYPE_KEY =
"hbase.thrift.ssl.keystore.type";
public static final String THRIFT_SSL_KEYSTORE_TYPE_DEFAULT =
"jks";
public static final String THRIFT_SUPPORT_PROXYUSER_KEY = "hbase.thrift.support.proxyuser";

View File

@ -71,6 +71,8 @@ import static org.apache.hadoop.hbase.thrift.Constants.THRIFT_SSL_INCLUDE_PROTOC
import static org.apache.hadoop.hbase.thrift.Constants.THRIFT_SSL_KEYSTORE_KEYPASSWORD_KEY;
import static org.apache.hadoop.hbase.thrift.Constants.THRIFT_SSL_KEYSTORE_PASSWORD_KEY;
import static org.apache.hadoop.hbase.thrift.Constants.THRIFT_SSL_KEYSTORE_STORE_KEY;
import static org.apache.hadoop.hbase.thrift.Constants.THRIFT_SSL_KEYSTORE_TYPE_DEFAULT;
import static org.apache.hadoop.hbase.thrift.Constants.THRIFT_SSL_KEYSTORE_TYPE_KEY;
import static org.apache.hadoop.hbase.thrift.Constants.THRIFT_SUPPORT_PROXYUSER_KEY;
import static org.apache.hadoop.hbase.thrift.Constants.USE_HTTP_CONF_KEY;
@ -425,6 +427,8 @@ public class ThriftServer extends Configured implements Tool {
sslCtxFactory.setKeyStorePath(keystore);
sslCtxFactory.setKeyStorePassword(password);
sslCtxFactory.setKeyManagerPassword(keyPassword);
sslCtxFactory.setKeyStoreType(conf.get(
THRIFT_SSL_KEYSTORE_TYPE_KEY, THRIFT_SSL_KEYSTORE_TYPE_DEFAULT));
String[] excludeCiphers = conf.getStrings(
THRIFT_SSL_EXCLUDE_CIPHER_SUITES_KEY, ArrayUtils.EMPTY_STRING_ARRAY);