HBASE-25987 Make SSL keystore type configurable for HBase ThriftServer (#3367)
Signed-off-by: Wellington Chevreuil <wchevreuil@apache.com>
This commit is contained in:
parent
471e8159f0
commit
7f7a293cb5
|
@ -65,6 +65,10 @@ public final class Constants {
|
|||
"hbase.thrift.ssl.exclude.protocols";
|
||||
public static final String THRIFT_SSL_INCLUDE_PROTOCOLS_KEY =
|
||||
"hbase.thrift.ssl.include.protocols";
|
||||
public static final String THRIFT_SSL_KEYSTORE_TYPE_KEY =
|
||||
"hbase.thrift.ssl.keystore.type";
|
||||
public static final String THRIFT_SSL_KEYSTORE_TYPE_DEFAULT =
|
||||
"jks";
|
||||
|
||||
|
||||
public static final String THRIFT_SUPPORT_PROXYUSER_KEY = "hbase.thrift.support.proxyuser";
|
||||
|
|
|
@ -71,6 +71,8 @@ import static org.apache.hadoop.hbase.thrift.Constants.THRIFT_SSL_INCLUDE_PROTOC
|
|||
import static org.apache.hadoop.hbase.thrift.Constants.THRIFT_SSL_KEYSTORE_KEYPASSWORD_KEY;
|
||||
import static org.apache.hadoop.hbase.thrift.Constants.THRIFT_SSL_KEYSTORE_PASSWORD_KEY;
|
||||
import static org.apache.hadoop.hbase.thrift.Constants.THRIFT_SSL_KEYSTORE_STORE_KEY;
|
||||
import static org.apache.hadoop.hbase.thrift.Constants.THRIFT_SSL_KEYSTORE_TYPE_DEFAULT;
|
||||
import static org.apache.hadoop.hbase.thrift.Constants.THRIFT_SSL_KEYSTORE_TYPE_KEY;
|
||||
import static org.apache.hadoop.hbase.thrift.Constants.THRIFT_SUPPORT_PROXYUSER_KEY;
|
||||
import static org.apache.hadoop.hbase.thrift.Constants.USE_HTTP_CONF_KEY;
|
||||
|
||||
|
@ -425,6 +427,8 @@ public class ThriftServer extends Configured implements Tool {
|
|||
sslCtxFactory.setKeyStorePath(keystore);
|
||||
sslCtxFactory.setKeyStorePassword(password);
|
||||
sslCtxFactory.setKeyManagerPassword(keyPassword);
|
||||
sslCtxFactory.setKeyStoreType(conf.get(
|
||||
THRIFT_SSL_KEYSTORE_TYPE_KEY, THRIFT_SSL_KEYSTORE_TYPE_DEFAULT));
|
||||
|
||||
String[] excludeCiphers = conf.getStrings(
|
||||
THRIFT_SSL_EXCLUDE_CIPHER_SUITES_KEY, ArrayUtils.EMPTY_STRING_ARRAY);
|
||||
|
|
Loading…
Reference in New Issue