ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jai...@apache.org
Subject [57/64] [abbrv] ambari git commit: AMBARI-20583. Allow for larger Ephemeral DH Keys in Ambari server running on JVM versions 1.8 and above (Attila Magyar via sandor_magyari)
Date Tue, 28 Mar 2017 22:15:34 GMT
AMBARI-20583. Allow for larger Ephemeral DH Keys in Ambari server running on JVM versions 1.8
and above (Attila Magyar via sandor_magyari)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/165ec700
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/165ec700
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/165ec700

Branch: refs/heads/ambari-rest-api-explorer
Commit: 165ec700f0f4e5c83a30bb7591df0fa1a8cfec9a
Parents: 8842be0
Author: Attila Magyar <amagyar@hortonworks.com>
Authored: Tue Mar 28 19:10:40 2017 +0200
Committer: Sandor Magyari <smagyari@hortonworks.com>
Committed: Tue Mar 28 19:10:40 2017 +0200

----------------------------------------------------------------------
 ambari-server/docs/configuration/index.md       |  1 +
 .../server/configuration/Configuration.java     | 20 +++++++++++++++++++
 .../ambari/server/controller/AmbariServer.java  |  3 +++
 .../server/configuration/ConfigurationTest.java | 21 ++++++++++++++++++++
 4 files changed, 45 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/165ec700/ambari-server/docs/configuration/index.md
----------------------------------------------------------------------
diff --git a/ambari-server/docs/configuration/index.md b/ambari-server/docs/configuration/index.md
index 90865b6..ff9ce54 100644
--- a/ambari-server/docs/configuration/index.md
+++ b/ambari-server/docs/configuration/index.md
@@ -195,6 +195,7 @@ The following are the properties which can be used to configure Ambari.
 | security.server.one_way_ssl.port | The port that the Ambari Agents will use to communicate
with the Ambari Server over SSL. |`8440` | 
 | security.server.passphrase | The password to the Ambari Server to supply to new Ambari
Agent hosts being bootstrapped. |`AMBARI_PASSPHRASE` | 
 | security.server.passphrase_env_var | An environment variable which can be used to supply
the Ambari Server password when bootstrapping new Ambari Agents. |`AMBARI_PASSPHRASE` | 
+| security.server.tls.ephemeral_dh_key_size | The Ephemeral TLS Diffie-Hellman (DH) key size.
Supported from Java 8. |`2048` | 
 | security.server.truststore_name | The name of the truststore file ambari uses to store
trusted certificates. Located in `security.server.keys_dir` |`keystore.p12` | 
 | security.server.truststore_type | The type of the truststore file specified in `security.server.truststore_name`.
Self-signed certificates can be `PKCS12` while CA signed certificates are `JKS` |`PKCS12`
| 
 | security.server.two_way_ssl | Determines whether two-way SSL should be used between Ambari
Server and Ambari Agents so that the agents must also use SSL. |`false` | 

http://git-wip-us.apache.org/repos/asf/ambari/blob/165ec700/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
b/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
index 93ebd9a..537b993 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
@@ -2687,6 +2687,14 @@ public class Configuration {
   public static final ConfigurationProperty<Integer> SERVER_STARTUP_WEB_TIMEOUT = new
ConfigurationProperty<>(
     "server.startup.web.timeout", 50);
 
+  /**
+   * The Ephemeral TLS Diffie-Hellman (DH) key size.
+   * Supported from Java 8.
+   */
+  @Markdown(description = "The Ephemeral TLS Diffie-Hellman (DH) key size. Supported from
Java 8.")
+  public static final ConfigurationProperty<Integer> TLS_EPHEMERAL_DH_KEY_SIZE = new
ConfigurationProperty<>(
+    "security.server.tls.ephemeral_dh_key_size", 2048);
+
   private static final Logger LOG = LoggerFactory.getLogger(
     Configuration.class);
 
@@ -2874,6 +2882,7 @@ public class Configuration {
     configsMap.put(KDC_PORT.getKey(), getProperty(KDC_PORT));
     configsMap.put(AGENT_PACKAGE_PARALLEL_COMMANDS_LIMIT.getKey(), getProperty(AGENT_PACKAGE_PARALLEL_COMMANDS_LIMIT));
     configsMap.put(PROXY_ALLOWED_HOST_PORTS.getKey(), getProperty(PROXY_ALLOWED_HOST_PORTS));
+    configsMap.put(TLS_EPHEMERAL_DH_KEY_SIZE.getKey(), getProperty(TLS_EPHEMERAL_DH_KEY_SIZE));
 
     File passFile = new File(
         configsMap.get(SRVR_KSTR_DIR.getKey()) + File.separator
@@ -5559,6 +5568,17 @@ public class Configuration {
   }
 
   /**
+   * @return Ephemeral TLS DH key size
+   */
+  public int getTlsEphemeralDhKeySize() {
+    int keySize = NumberUtils.toInt(getProperty(TLS_EPHEMERAL_DH_KEY_SIZE));
+    if (keySize == 0) {
+      throw new IllegalArgumentException("Invalid " + TLS_EPHEMERAL_DH_KEY_SIZE + " " + getProperty(TLS_EPHEMERAL_DH_KEY_SIZE));
+    }
+    return keySize;
+  }
+
+  /**
    * Generates a markdown table which includes:
    * <ul>
    * <li>Property key name</li>

http://git-wip-us.apache.org/repos/asf/ambari/blob/165ec700/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
index 1f1689a..4e7af0c 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
@@ -292,6 +292,9 @@ public class AmbariServer {
   static void setSystemProperties(Configuration configs) {
     // modify location of temporary dir to avoid using default /tmp dir
     System.setProperty("java.io.tmpdir", configs.getServerTempDir());
+    if (configs.getJavaVersion() >= 8) {
+      System.setProperty("jdk.tls.ephemeralDHKeySize", String.valueOf(configs.getTlsEphemeralDhKeySize()));
+    }
   }
 
   public static AmbariManagementController getController() {

http://git-wip-us.apache.org/repos/asf/ambari/blob/165ec700/ambari-server/src/test/java/org/apache/ambari/server/configuration/ConfigurationTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/configuration/ConfigurationTest.java
b/ambari-server/src/test/java/org/apache/ambari/server/configuration/ConfigurationTest.java
index 7d2ebb5..1b8de79 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/configuration/ConfigurationTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/configuration/ConfigurationTest.java
@@ -1063,4 +1063,25 @@ public class ConfigurationTest {
           StringUtils.isEmpty(markdown.description()));
     }
   }
+
+  @Test(expected = IllegalArgumentException.class)
+  public void testRejectsInvalidDtKeySize() {
+    Properties properties = new Properties();
+    properties.put(Configuration.TLS_EPHEMERAL_DH_KEY_SIZE.getKey(), "invalid");
+    new Configuration(properties).getTlsEphemeralDhKeySize();
+  }
+
+  @Test
+  public void testDefaultDhKeySizeIs2048() {
+    Properties properties = new Properties();
+    Assert.assertEquals(2048, new Configuration(properties).getTlsEphemeralDhKeySize());
+  }
+
+  @Test
+  public void testOverridingDhtKeySize() {
+    Properties properties = new Properties();
+    properties.put(Configuration.TLS_EPHEMERAL_DH_KEY_SIZE.getKey(), "1024");
+    Assert.assertEquals(1024, new Configuration(properties).getTlsEphemeralDhKeySize());
+  }
+
 }


Mime
View raw message