This is an automated email from the ASF dual-hosted git repository.
adoroszlai pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ozone.git
The following commit(s) were added to refs/heads/master by this push:
new a67e43469c HDDS-10746. Make ssl.server.keystore.type and
ssl.server.truststore.type configurable (#6595)
a67e43469c is described below
commit a67e43469c2249530a661cceb0a9d6d6bfa46953
Author: Galsza <[email protected]>
AuthorDate: Mon Apr 29 12:56:32 2024 +0200
HDDS-10746. Make ssl.server.keystore.type and ssl.server.truststore.type
configurable (#6595)
---
.../main/java/org/apache/hadoop/hdds/HddsConfigKeys.java | 5 +++++
hadoop-hdds/common/src/main/resources/ozone-default.xml | 16 ++++++++++++++++
.../apache/hadoop/hdds/server/http/BaseHttpServer.java | 6 ++++--
3 files changed, 25 insertions(+), 2 deletions(-)
diff --git
a/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/HddsConfigKeys.java
b/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/HddsConfigKeys.java
index d0c31bf288..609baeeaf7 100644
---
a/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/HddsConfigKeys.java
+++
b/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/HddsConfigKeys.java
@@ -152,6 +152,11 @@ public final class HddsConfigKeys {
+ ".name";
public static final String HDDS_PUBLIC_KEY_FILE_NAME_DEFAULT = "public.pem";
+ public static final String HDDS_HTTP_SERVER_KEYSTORE_TYPE =
"ssl.server.keystore.type";
+ public static final String HDDS_HTTP_SERVER_KEYSTORE_TYPE_DEFAULT = "jks";
+ public static final String HDDS_HTTP_SERVER_TRUSTSTORE_TYPE =
"ssl.server.truststore.type";
+ public static final String HDDS_HTTP_SERVER_TRUSTSTORE_TYPE_DEFAULT = "jks";
+
public static final String HDDS_BLOCK_TOKEN_EXPIRY_TIME =
"hdds.block.token.expiry.time";
public static final String HDDS_BLOCK_TOKEN_EXPIRY_TIME_DEFAULT = "1d";
diff --git a/hadoop-hdds/common/src/main/resources/ozone-default.xml
b/hadoop-hdds/common/src/main/resources/ozone-default.xml
index c36b61e809..61cd415b97 100644
--- a/hadoop-hdds/common/src/main/resources/ozone-default.xml
+++ b/hadoop-hdds/common/src/main/resources/ozone-default.xml
@@ -2252,6 +2252,22 @@
principal if SPNEGO is enabled for om http server.
</description>
</property>
+ <property>
+ <name>ssl.server.keystore.type</name>
+ <value>jks</value>
+ <tag>OZONE, SECURITY, CRYPTO_COMPLIANCE</tag>
+ <description>
+ The keystore type for HTTP Servers used in ozone.
+ </description>
+ </property>
+ <property>
+ <name>ssl.server.truststore.type</name>
+ <value>jks</value>
+ <tag>OZONE, SECURITY, CRYPTO_COMPLIANCE</tag>
+ <description>
+ The truststore type for HTTP Servers used in ozone.
+ </description>
+ </property>
<property>
<name>hdds.key.len</name>
<value>2048</value>
diff --git
a/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/server/http/BaseHttpServer.java
b/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/server/http/BaseHttpServer.java
index 5d65634b44..44c1823154 100644
---
a/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/server/http/BaseHttpServer.java
+++
b/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/server/http/BaseHttpServer.java
@@ -372,10 +372,12 @@ public abstract class BaseHttpServer {
.keyPassword(getPassword(sslConf, OZONE_SERVER_HTTPS_KEYPASSWORD_KEY))
.keyStore(sslConf.get("ssl.server.keystore.location"),
getPassword(sslConf, OZONE_SERVER_HTTPS_KEYSTORE_PASSWORD_KEY),
- sslConf.get("ssl.server.keystore.type", "jks"))
+ sslConf.get(HddsConfigKeys.HDDS_HTTP_SERVER_KEYSTORE_TYPE,
+ HddsConfigKeys.HDDS_HTTP_SERVER_KEYSTORE_TYPE_DEFAULT))
.trustStore(sslConf.get("ssl.server.truststore.location"),
getPassword(sslConf, OZONE_SERVER_HTTPS_TRUSTSTORE_PASSWORD_KEY),
- sslConf.get("ssl.server.truststore.type", "jks"))
+ sslConf.get(HddsConfigKeys.HDDS_HTTP_SERVER_TRUSTSTORE_TYPE,
+ HddsConfigKeys.HDDS_HTTP_SERVER_TRUSTSTORE_TYPE_DEFAULT))
.excludeCiphers(
sslConf.get("ssl.server.exclude.cipher.list"));
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
