raboof/pekko
1
0
Fork 0
Code Issues Pull requests Projects Releases 6 Packages Wiki Activity Actions 11

Add flag to enable mutual certificate authentication for old Akka Remote SSL transport (#21748)

Browse source 
* =rem #13874 further cleanup of SSLSettings / NettySSLSupport

* +rem #13874 allow requiring mutual authentication for old akka remote ssl transport
This commit is contained in:
Johannes Rudolph 2016-10-28 17:03:07 +02:00 committed by Konrad Malawski
parent 783d961142
commit 5d03902c5e
3 changed files with 101 additions and 122 deletions
Download patch file Download diff file Expand all files Collapse all files

27
akka-remote/src/test/scala/akka/remote/Ticket1978CommunicationSpec.scala
View file

@ -3,24 +3,21 @@
*/
package akka.remote
import akka.testkit._
import akka.actor._
import com.typesafe.config._
import scala.concurrent.Future
import scala.reflect.classTag
import akka.pattern.ask
import java.security.NoSuchAlgorithmException
import akka.util.Timeout
import scala.concurrent.Await
import scala.concurrent.duration._
import akka.event.{ NoLogging, NoMarkerLogging }
import akka.actor._
import akka.event.NoMarkerLogging
import akka.pattern.ask
import akka.remote.Configuration.{ CipherConfig, getCipherConfig }
import akka.remote.transport.netty.{ NettySSLSupport, SSLSettings }
import Configuration.{ CipherConfig, getCipherConfig }
import akka.testkit._
import akka.util.Timeout
import com.typesafe.config._
import org.uncommons.maths.random.RandomDotOrgSeedGenerator
import scala.concurrent.{ Await, Future }
import scala.concurrent.duration._
import scala.reflect.classTag
import scala.util.control.NonFatal
object Configuration {
@ -67,13 +64,13 @@ object Configuration {
val fullConfig = config.withFallback(AkkaSpec.testConf).withFallback(ConfigFactory.load).getConfig("akka.remote.netty.ssl.security")
val settings = new SSLSettings(fullConfig)
val rng = NettySSLSupport.initializeCustomSecureRandom(settings.SSLRandomNumberGenerator, NoMarkerLogging)
val rng = settings.createSecureRandom(NoMarkerLogging)
rng.nextInt() // Has to work
val sRng = settings.SSLRandomNumberGenerator
rng.getAlgorithm == sRng || (throw new NoSuchAlgorithmException(sRng))
val engine = NettySSLSupport.initializeClientSSL(settings, NoMarkerLogging).getEngine
val engine = NettySSLSupport(settings, NoMarkerLogging, isClient = true).getEngine
val gotAllSupported = enabled.toSet diff engine.getSupportedCipherSuites.toSet
val gotAllEnabled = enabled.toSet diff engine.getEnabledCipherSuites.toSet
gotAllSupported.isEmpty || (throw new IllegalArgumentException("Cipher Suite not supported: " + gotAllSupported))