Configurable SSLEngineProvider in classic remoting, #23732

akka-remote/src/test/scala/akka/remote/Ticket1978CommunicationSpec.scala

@@ -14,11 +14,13 @@ import akka.remote.transport.netty.{ NettySSLSupport, SSLSettings }
 import akka.testkit._
 import akka.util.Timeout
 import com.typesafe.config._
-
 import scala.concurrent.{ Await, Future }
 import scala.concurrent.duration._
 import scala.reflect.classTag
 
+import akka.event.Logging
+import akka.remote.transport.netty.ConfigSSLEngineProvider
+
 object Configuration {
   // set this in your JAVA_OPTS to see all ssl debug info: "-Djavax.net.debug=ssl,keymanager"
   // The certificate will expire in 2109
@@ -63,14 +65,15 @@ object Configuration {
       val fullConfig = config.withFallback(AkkaSpec.testConf).withFallback(ConfigFactory.load).getConfig("akka.remote.netty.ssl.security")
       val settings = new SSLSettings(fullConfig)
 
-      val rng = settings.createSecureRandom(NoMarkerLogging)
+      val sslEngineProvider = new ConfigSSLEngineProvider(NoMarkerLogging, settings)
+      val rng = sslEngineProvider.createSecureRandom()
 
       rng.nextInt() // Has to work
       val sRng = settings.SSLRandomNumberGenerator
       if (rng.getAlgorithm != sRng && sRng != "")
         throw new NoSuchAlgorithmException(sRng)
 
-      val engine = NettySSLSupport(settings, NoMarkerLogging, isClient = true).getEngine
+      val engine = sslEngineProvider.createClientSSLEngine()
       val gotAllSupported = enabled.toSet diff engine.getSupportedCipherSuites.toSet
       val gotAllEnabled = enabled.toSet diff engine.getEnabledCipherSuites.toSet
       gotAllSupported.isEmpty || (throw new IllegalArgumentException("Cipher Suite not supported: " + gotAllSupported))

akka-remote/src/test/scala/akka/remote/artery/ArteryMultiNodeSpec.scala

@@ -4,6 +4,8 @@
 
 package akka.remote.artery
 
+import akka.actor.BootstrapSetup
+import akka.actor.setup.ActorSystemSetup
 import akka.actor.{ ActorSystem, RootActorPath }
 import akka.remote.RARP
 import akka.testkit.AkkaSpec
@@ -33,15 +35,23 @@ abstract class ArteryMultiNodeSpec(config: Config) extends AkkaSpec(config.withF
    * @return A new actor system configured with artery enabled. The system will
    *         automatically be terminated after test is completed to avoid leaks.
    */
-  def newRemoteSystem(extraConfig: Option[String] = None, name: Option[String] = None): ActorSystem = {
+  def newRemoteSystem(
+    extraConfig: Option[String]           = None,
+    name:        Option[String]           = None,
+    setup:       Option[ActorSystemSetup] = None): ActorSystem = {
     val config =
       ArterySpecSupport.newFlightRecorderConfig.withFallback(extraConfig.fold(
         localSystem.settings.config
       )(
           str ⇒ ConfigFactory.parseString(str).withFallback(localSystem.settings.config)
         ))
+    val sysName = name.getOrElse(nextGeneratedSystemName)
+
+    val remoteSystem = setup match {
+      case None    ⇒ ActorSystem(sysName, config)
+      case Some(s) ⇒ ActorSystem(sysName, s.and(BootstrapSetup.apply(config)))
+    }
 
-    val remoteSystem = ActorSystem(name.getOrElse(nextGeneratedSystemName), config)
     remoteSystems = remoteSystems :+ remoteSystem
 
     remoteSystem

akka-remote/src/test/scala/akka/remote/artery/tcp/TlsTcpSpec.scala

@@ -15,10 +15,13 @@ import akka.actor.ActorIdentity
 import akka.actor.ExtendedActorSystem
 import akka.actor.Identify
 import akka.actor.RootActorPath
+import akka.actor.setup.ActorSystemSetup
 import akka.testkit.ImplicitSender
 import akka.testkit.TestActors
+import akka.testkit.TestProbe
 import com.typesafe.config.Config
 import com.typesafe.config.ConfigFactory
+import javax.net.ssl.SSLEngine
 
 class TlsTcpWithDefaultConfigSpec extends TlsTcpSpec(ConfigFactory.empty())
 
@@ -170,3 +173,40 @@ class TlsTcpWithHostnameVerificationSpec extends ArteryMultiNodeSpec(
     }
   }
 }
+
+class TlsTcpWithActorSystemSetupSpec
+  extends ArteryMultiNodeSpec(TlsTcpSpec.config) with ImplicitSender {
+
+  val sslProviderServerProbe = TestProbe()
+  val sslProviderClientProbe = TestProbe()
+  val sslProviderSetup = SSLEngineProviderSetup(sys ⇒ new ConfigSSLEngineProvider(sys) {
+    override def createServerSSLEngine(hostname: String, port: Int): SSLEngine = {
+      sslProviderServerProbe.ref ! "createServerSSLEngine"
+      super.createServerSSLEngine(hostname, port)
+    }
+
+    override def createClientSSLEngine(hostname: String, port: Int): SSLEngine = {
+      sslProviderClientProbe.ref ! "createClientSSLEngine"
+      super.createClientSSLEngine(hostname, port)
+    }
+
+  })
+
+  val systemB = newRemoteSystem(name = Some("systemB"), setup = Some(ActorSystemSetup(sslProviderSetup)))
+  val addressB = address(systemB)
+  val rootB = RootActorPath(addressB)
+
+  "Artery with TLS/TCP with SSLEngineProvider defined via Setup" must {
+    "use the right SSLEngineProvider" in {
+      systemB.actorOf(TestActors.echoActorProps, "echo")
+      val path = rootB / "user" / "echo"
+      system.actorSelection(path) ! Identify(path.name)
+      val echoRef = expectMsgType[ActorIdentity].ref.get
+      echoRef ! "ping-1"
+      expectMsg("ping-1")
+
+      sslProviderServerProbe.expectMsg("createServerSSLEngine")
+      sslProviderClientProbe.expectMsg("createClientSSLEngine")
+    }
+  }
+}