From d22bd9057e8c501813f117f05e76fcf35cf6501d Mon Sep 17 00:00:00 2001
From: Mate Szalay-Beko <szalay.beko.mate@gmail.com>
Date: Wed, 9 Jun 2021 17:51:45 +0200
Subject: [PATCH] HBASE-25987 Make SSL keystore type configurable for HBase
 ThriftServer (#3367)

Signed-off-by: Wellington Chevreuil <wchevreuil@apache.com>
(cherry picked from commit 7f7a293cb5ce861f7a0275fda684e340545d3a86)
---
 .../main/java/org/apache/hadoop/hbase/thrift/Constants.java   | 4 ++++
 .../java/org/apache/hadoop/hbase/thrift/ThriftServer.java     | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/Constants.java b/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/Constants.java
index 55f2499a692..930dfe45800 100644
--- a/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/Constants.java
+++ b/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/Constants.java
@@ -65,6 +65,10 @@ public final class Constants {
       "hbase.thrift.ssl.exclude.protocols";
   public static final String THRIFT_SSL_INCLUDE_PROTOCOLS_KEY =
       "hbase.thrift.ssl.include.protocols";
+  public static final String THRIFT_SSL_KEYSTORE_TYPE_KEY =
+    "hbase.thrift.ssl.keystore.type";
+  public static final String THRIFT_SSL_KEYSTORE_TYPE_DEFAULT =
+    "jks";
 
 
   public static final String THRIFT_SUPPORT_PROXYUSER_KEY = "hbase.thrift.support.proxyuser";
diff --git a/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServer.java b/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServer.java
index 298ed6b8519..5086d5b9a32 100644
--- a/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServer.java
+++ b/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServer.java
@@ -71,6 +71,8 @@ import static org.apache.hadoop.hbase.thrift.Constants.THRIFT_SSL_INCLUDE_PROTOC
 import static org.apache.hadoop.hbase.thrift.Constants.THRIFT_SSL_KEYSTORE_KEYPASSWORD_KEY;
 import static org.apache.hadoop.hbase.thrift.Constants.THRIFT_SSL_KEYSTORE_PASSWORD_KEY;
 import static org.apache.hadoop.hbase.thrift.Constants.THRIFT_SSL_KEYSTORE_STORE_KEY;
+import static org.apache.hadoop.hbase.thrift.Constants.THRIFT_SSL_KEYSTORE_TYPE_DEFAULT;
+import static org.apache.hadoop.hbase.thrift.Constants.THRIFT_SSL_KEYSTORE_TYPE_KEY;
 import static org.apache.hadoop.hbase.thrift.Constants.THRIFT_SUPPORT_PROXYUSER_KEY;
 import static org.apache.hadoop.hbase.thrift.Constants.USE_HTTP_CONF_KEY;
 
@@ -425,6 +427,8 @@ public class ThriftServer  extends Configured implements Tool {
       sslCtxFactory.setKeyStorePath(keystore);
       sslCtxFactory.setKeyStorePassword(password);
       sslCtxFactory.setKeyManagerPassword(keyPassword);
+      sslCtxFactory.setKeyStoreType(conf.get(
+        THRIFT_SSL_KEYSTORE_TYPE_KEY, THRIFT_SSL_KEYSTORE_TYPE_DEFAULT));
 
       String[] excludeCiphers = conf.getStrings(
           THRIFT_SSL_EXCLUDE_CIPHER_SUITES_KEY, ArrayUtils.EMPTY_STRING_ARRAY);