8 년 전 · 74638c378d
--- a/ambari-server/docs/configuration/index.md
+++ b/ambari-server/docs/configuration/index.md
@@ -190,6 +190,7 @@ The following are the properties which can be used to configure Ambari.
 
				 | security.server.one_way_ssl.port | The port that the Ambari Agents will use to communicate with the Ambari Server over SSL. |`8440` | 
			
 
				 | security.server.passphrase | The password to the Ambari Server to supply to new Ambari Agent hosts being bootstrapped. |`AMBARI_PASSPHRASE` | 
			
 
				 | security.server.passphrase_env_var | An environment variable which can be used to supply the Ambari Server password when bootstrapping new Ambari Agents. |`AMBARI_PASSPHRASE` | 
			
 
				+| security.server.tls.ephemeral_dh_key_size | The Ephemeral TLS Diffie-Hellman (DH) key size. Supported from Java 8. |`2048` | 
			
 
				 | security.server.truststore_name | The name of the truststore file ambari uses to store trusted certificates. Located in `security.server.keys_dir` |`keystore.p12` | 
			
 
				 | security.server.truststore_type | The type of the truststore file specified in `security.server.truststore_name`. Self-signed certificates can be `PKCS12` while CA signed certificates are `JKS` |`PKCS12` | 
			
 
				 | security.server.two_way_ssl | Determines whether two-way SSL should be used between Ambari Server and Ambari Agents so that the agents must also use SSL. |`false` | 
			
--- a/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
@@ -2644,6 +2644,14 @@ public class Configuration {
 
				   public static final ConfigurationProperty<Integer> SERVER_STARTUP_WEB_TIMEOUT = new ConfigurationProperty<>(
			
 
				     "server.startup.web.timeout", 50);
			
 
				 
			
 
				+  /**
			
 
				+   * The Ephemeral TLS Diffie-Hellman (DH) key size.
			
 
				+   * Supported from Java 8.
			
 
				+   */
			
 
				+  @Markdown(description = "The Ephemeral TLS Diffie-Hellman (DH) key size. Supported from Java 8.")
			
 
				+  public static final ConfigurationProperty<Integer> TLS_EPHEMERAL_DH_KEY_SIZE = new ConfigurationProperty<>(
			
 
				+    "security.server.tls.ephemeral_dh_key_size", 2048);
			
 
				+
			
 
				   private static final Logger LOG = LoggerFactory.getLogger(
			
 
				     Configuration.class);
			
 
				 
			
@@ -2961,6 +2969,7 @@ public class Configuration {
 
				     configsMap.put(KDC_PORT.getKey(), getProperty(KDC_PORT));
			
 
				     configsMap.put(AGENT_PACKAGE_PARALLEL_COMMANDS_LIMIT.getKey(), getProperty(AGENT_PACKAGE_PARALLEL_COMMANDS_LIMIT));
			
 
				     configsMap.put(PROXY_ALLOWED_HOST_PORTS.getKey(), getProperty(PROXY_ALLOWED_HOST_PORTS));
			
 
				+    configsMap.put(TLS_EPHEMERAL_DH_KEY_SIZE.getKey(), getProperty(TLS_EPHEMERAL_DH_KEY_SIZE));
			
 
				 
			
 
				     File passFile = new File(
			
 
				         configsMap.get(SRVR_KSTR_DIR.getKey()) + File.separator
			
@@ -5449,6 +5458,17 @@ public class Configuration {
 
				     return NumberUtils.toInt(getProperty(LOGSEARCH_METADATA_CACHE_EXPIRE_TIMEOUT));
			
 
				   }
			
 
				 
			
 
				+  /**
			
 
				+   * @return Ephemeral TLS DH key size
			
 
				+   */
			
 
				+  public int getTlsEphemeralDhKeySize() {
			
 
				+    int keySize = NumberUtils.toInt(getProperty(TLS_EPHEMERAL_DH_KEY_SIZE));
			
 
				+    if (keySize == 0) {
			
 
				+      throw new IllegalArgumentException("Invalid " + TLS_EPHEMERAL_DH_KEY_SIZE + " " + getProperty(TLS_EPHEMERAL_DH_KEY_SIZE));
			
 
				+    }
			
 
				+    return keySize;
			
 
				+  }
			
 
				+
			
 
				   /**
			
 
				    * Generates a markdown table which includes:
			
 
				    * <ul>
			
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
@@ -287,6 +287,9 @@ public class AmbariServer {
 
				   static void setSystemProperties(Configuration configs) {
			
 
				     // modify location of temporary dir to avoid using default /tmp dir
			
 
				     System.setProperty("java.io.tmpdir", configs.getServerTempDir());
			
 
				+    if (configs.getJavaVersion() >= 8) {
			
 
				+      System.setProperty("jdk.tls.ephemeralDHKeySize", String.valueOf(configs.getTlsEphemeralDhKeySize()));
			
 
				+    }
			
 
				   }
			
 
				 
			
 
				   public static AmbariManagementController getController() {
			
--- a/ambari-server/src/test/java/org/apache/ambari/server/configuration/ConfigurationTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/configuration/ConfigurationTest.java
@@ -1052,4 +1052,26 @@ public class ConfigurationTest {
 
				 
			
 
				     new Configuration(properties);
			
 
				   }
			
 
				+
			
 
				+
			
 
				+  @Test(expected = IllegalArgumentException.class)
			
 
				+  public void testRejectsInvalidDtKeySize() {
			
 
				+    Properties properties = new Properties();
			
 
				+    properties.put(Configuration.TLS_EPHEMERAL_DH_KEY_SIZE.getKey(), "invalid");
			
 
				+    new Configuration(properties).getTlsEphemeralDhKeySize();
			
 
				+  }
			
 
				+
			
 
				+  @Test
			
 
				+  public void testDefaultDhKeySizeIs2048() {
			
 
				+    Properties properties = new Properties();
			
 
				+    Assert.assertEquals(2048, new Configuration(properties).getTlsEphemeralDhKeySize());
			
 
				+  }
			
 
				+
			
 
				+  @Test
			
 
				+  public void testOverridingDhtKeySize() {
			
 
				+    Properties properties = new Properties();
			
 
				+    properties.put(Configuration.TLS_EPHEMERAL_DH_KEY_SIZE.getKey(), "1024");
			
 
				+    Assert.assertEquals(1024, new Configuration(properties).getTlsEphemeralDhKeySize());
			
 
				+  }
			
 
				+
			
 
				 }