[hbase] branch branch-2 updated: HBASE-25987 Make SSL keystore type configurable for HBase ThriftServer (#3367)

[wchevreuil]

This is an automated email from the ASF dual-hosted git repository.

wchevreuil pushed a commit to branch branch-2
in repository https://gitbox.apache.org/repos/asf/hbase.git


The following commit(s) were added to refs/heads/branch-2 by this push:
     new d22bd90  HBASE-25987 Make SSL keystore type configurable for HBase 
ThriftServer (#3367)
d22bd90 is described below

commit d22bd9057e8c501813f117f05e76fcf35cf6501d
Author: Mate Szalay-Beko <szalay.beko.m...@gmail.com>
AuthorDate: Wed Jun 9 17:51:45 2021 +0200

    HBASE-25987 Make SSL keystore type configurable for HBase ThriftServer 
(#3367)
    
    Signed-off-by: Wellington Chevreuil <wchevre...@apache.com>
    (cherry picked from commit 7f7a293cb5ce861f7a0275fda684e340545d3a86)
---
 .../src/main/java/org/apache/hadoop/hbase/thrift/Constants.java       | 4 ++++
 .../src/main/java/org/apache/hadoop/hbase/thrift/ThriftServer.java    | 4 ++++
 2 files changed, 8 insertions(+)

diff --git 
a/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/Constants.java 
b/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/Constants.java
index 55f2499..930dfe4 100644
--- a/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/Constants.java
+++ b/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/Constants.java
@@ -65,6 +65,10 @@ public final class Constants {
       "hbase.thrift.ssl.exclude.protocols";
   public static final String THRIFT_SSL_INCLUDE_PROTOCOLS_KEY =
       "hbase.thrift.ssl.include.protocols";
+  public static final String THRIFT_SSL_KEYSTORE_TYPE_KEY =
+    "hbase.thrift.ssl.keystore.type";
+  public static final String THRIFT_SSL_KEYSTORE_TYPE_DEFAULT =
+    "jks";
 
 
   public static final String THRIFT_SUPPORT_PROXYUSER_KEY = 
"hbase.thrift.support.proxyuser";
diff --git 
a/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServer.java 
b/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServer.java
index 298ed6b..5086d5b 100644
--- 
a/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServer.java
+++ 
b/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServer.java
@@ -71,6 +71,8 @@ import static 
org.apache.hadoop.hbase.thrift.Constants.THRIFT_SSL_INCLUDE_PROTOC
 import static 
org.apache.hadoop.hbase.thrift.Constants.THRIFT_SSL_KEYSTORE_KEYPASSWORD_KEY;
 import static 
org.apache.hadoop.hbase.thrift.Constants.THRIFT_SSL_KEYSTORE_PASSWORD_KEY;
 import static 
org.apache.hadoop.hbase.thrift.Constants.THRIFT_SSL_KEYSTORE_STORE_KEY;
+import static 
org.apache.hadoop.hbase.thrift.Constants.THRIFT_SSL_KEYSTORE_TYPE_DEFAULT;
+import static 
org.apache.hadoop.hbase.thrift.Constants.THRIFT_SSL_KEYSTORE_TYPE_KEY;
 import static 
org.apache.hadoop.hbase.thrift.Constants.THRIFT_SUPPORT_PROXYUSER_KEY;
 import static org.apache.hadoop.hbase.thrift.Constants.USE_HTTP_CONF_KEY;
 
@@ -425,6 +427,8 @@ public class ThriftServer  extends Configured implements 
Tool {
       sslCtxFactory.setKeyStorePath(keystore);
       sslCtxFactory.setKeyStorePassword(password);
       sslCtxFactory.setKeyManagerPassword(keyPassword);
+      sslCtxFactory.setKeyStoreType(conf.get(
+        THRIFT_SSL_KEYSTORE_TYPE_KEY, THRIFT_SSL_KEYSTORE_TYPE_DEFAULT));
 
       String[] excludeCiphers = conf.getStrings(
           THRIFT_SSL_EXCLUDE_CIPHER_SUITES_KEY, ArrayUtils.EMPTY_STRING_ARRAY);