[jira] [Updated] (HBASE-25267) Make SSL truststore and keystore type configurable in HBase RESTServer

Tue, 10 Nov 2020 14:59:46 -0800 


     [ 
https://issues.apache.org/jira/browse/HBASE-25267?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Mate Szalay-Beko updated HBASE-25267:
-------------------------------------
    Description: 
The keystore configuration of the RESTServer currently relies on the following 
parameters to configure SSL:
 * hbase.rest.ssl.enabled
 * hbase.rest.ssl.keystore.store
 * hbase.rest.ssl.keystore.password
 * hbase.rest.ssl.keystore.keypassword
 * hbase.rest.ssl.exclude.cipher.suites
 * hbase.rest.ssl.include.cipher.suites
 * hbase.rest.ssl.exclude.protocols
 * hbase.rest.ssl.include.protocols

In this patch I want to introduce the following new parameters:
 * {{hbase.rest.ssl.keystore.type}}
 * {{hbase.rest.ssl.truststore.store}}
 * {{hbase.rest.ssl.}}{{truststore}}{{.password}}
 * {{hbase.rest.ssl.}}{{truststore}}{{.type}}

If any of the new the parameter is not provided, then we should fall-back to 
the current behaviour (e.g. assuming JKS keystore/truststore types, or no 
passwords, or no custom trust store file).

  was:
The keystore configuration of the RESTServer currently relies on the following 
parameters to configure SSL:
 * hbase.rest.ssl.enabled
 * hbase.rest.ssl.keystore.store
 * hbase.rest.ssl.keystore.password
 * hbase.rest.ssl.keystore.keypassword
 * hbase.rest.ssl.exclude.cipher.suites
 * hbase.rest.ssl.include.cipher.suites
 * hbase.rest.ssl.exclude.protocols
 * hbase.rest.ssl.include.protocols

In this patch I want to introduce the {{hbase.rest.ssl.keystore.type}} 
parameter, enabling us to customize the keystore type for the REST server. If 
the parameter is not provided, then we should fall-back to the current 
behaviour (which assumes keystore type JKS).

(this is similar how we already do in the InfoServer with theĀ 
\{{ssl.server.keystore.type}} parameter)


> Make SSL truststore and keystore type configurable in HBase RESTServer
> ----------------------------------------------------------------------
>
>                 Key: HBASE-25267
>                 URL: https://issues.apache.org/jira/browse/HBASE-25267
>             Project: HBase
>          Issue Type: Improvement
>          Components: REST
>            Reporter: Mate Szalay-Beko
>            Assignee: Mate Szalay-Beko
>            Priority: Major
>
> The keystore configuration of the RESTServer currently relies on the 
> following parameters to configure SSL:
>  * hbase.rest.ssl.enabled
>  * hbase.rest.ssl.keystore.store
>  * hbase.rest.ssl.keystore.password
>  * hbase.rest.ssl.keystore.keypassword
>  * hbase.rest.ssl.exclude.cipher.suites
>  * hbase.rest.ssl.include.cipher.suites
>  * hbase.rest.ssl.exclude.protocols
>  * hbase.rest.ssl.include.protocols
> In this patch I want to introduce the following new parameters:
>  * {{hbase.rest.ssl.keystore.type}}
>  * {{hbase.rest.ssl.truststore.store}}
>  * {{hbase.rest.ssl.}}{{truststore}}{{.password}}
>  * {{hbase.rest.ssl.}}{{truststore}}{{.type}}
> If any of the new the parameter is not provided, then we should fall-back to 
> the current behaviour (e.g. assuming JKS keystore/truststore types, or no 
> passwords, or no custom trust store file).



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to