removing deprecated AESCounterInetRNGs, fixes #22014 (#22015)

akka-remote/src/main/resources/reference.conf

@@ -619,14 +619,9 @@ akka {
         # "SHA1PRNG" => Can be slow because of blocking issues on Linux
         # "AES128CounterSecureRNG" => fastest startup and based on AES encryption
         # algorithm
-        # "AES256CounterSecureRNG"
+        # "AES256CounterSecureRNG" (Install JCE Unlimited Strength Jurisdiction
-        #
-        # The following are deprecated in Akka 2.4. They use one of 3 possible
-        # seed sources, depending on availability: /dev/random, random.org and
-        # SecureRandom (provided by Java)
-        # "AES128CounterInetRNG"
-        # "AES256CounterInetRNG" (Install JCE Unlimited Strength Jurisdiction
         # Policy Files first)
+        #
         # Setting a value here may require you to supply the appropriate cipher
         # suite (see enabled-algorithms section above)
         random-number-generator = ""

akka-remote/src/main/scala/akka/remote/security/provider/AES128CounterInetRNG.scala

@@ -1,42 +0,0 @@
-/**
- * Copyright (C) 2009-2016 Lightbend Inc. <http://www.lightbend.com>
- */
-package akka.remote.security.provider
-
-import org.uncommons.maths.random.{ AESCounterRNG }
-import SeedSize.Seed128
-
-/**
- * INTERNAL API
- * This class is a wrapper around the 128-bit AESCounterRNG algorithm provided by http://maths.uncommons.org/
- * It uses the default seed generator which uses one of the following 3 random seed sources:
- * Depending on availability: random.org, /dev/random, and SecureRandom (provided by Java)
- * The only method used by netty ssl is engineNextBytes(bytes)
- */
-@deprecated("Use AES128CounterSecureRNG instead", "2.4")
-class AES128CounterInetRNG extends java.security.SecureRandomSpi {
-  private val rng = new AESCounterRNG(engineGenerateSeed(Seed128))
-
-  /**
-   * This is managed internally by AESCounterRNG
-   */
-  override protected def engineSetSeed(seed: Array[Byte]): Unit = ()
-
-  /**
-   * Generates a user-specified number of random bytes.
-   *
-   * @param bytes the array to be filled in with random bytes.
-   */
-  override protected def engineNextBytes(bytes: Array[Byte]): Unit = rng.nextBytes(bytes)
-
-  /**
-   * Unused method
-   * Returns the given number of seed bytes.  This call may be used to
-   * seed other random number generators.
-   *
-   * @param numBytes the number of seed bytes to generate.
-   * @return the seed bytes.
-   */
-  override protected def engineGenerateSeed(numBytes: Int): Array[Byte] = InternetSeedGenerator.getInstance.generateSeed(numBytes)
-}
-

akka-remote/src/main/scala/akka/remote/security/provider/AES256CounterInetRNG.scala

@@ -1,42 +0,0 @@
-/**
- * Copyright (C) 2009-2016 Lightbend Inc. <http://www.lightbend.com>
- */
-package akka.remote.security.provider
-
-import org.uncommons.maths.random.{ AESCounterRNG }
-import SeedSize.Seed256
-
-/**
- * INTERNAL API
- * This class is a wrapper around the 256-bit AESCounterRNG algorithm provided by http://maths.uncommons.org/
- * It uses the default seed generator which uses one of the following 3 random seed sources:
- * Depending on availability: random.org, /dev/random, and SecureRandom (provided by Java)
- * The only method used by netty ssl is engineNextBytes(bytes)
- */
-@deprecated("Use AES256CounterSecureRNG instead", "2.4")
-class AES256CounterInetRNG extends java.security.SecureRandomSpi {
-  private val rng = new AESCounterRNG(engineGenerateSeed(Seed256))
-
-  /**
-   * This is managed internally by AESCounterRNG
-   */
-  override protected def engineSetSeed(seed: Array[Byte]): Unit = ()
-
-  /**
-   * Generates a user-specified number of random bytes.
-   *
-   * @param bytes the array to be filled in with random bytes.
-   */
-  override protected def engineNextBytes(bytes: Array[Byte]): Unit = rng.nextBytes(bytes)
-
-  /**
-   * Unused method
-   * Returns the given number of seed bytes.  This call may be used to
-   * seed other random number generators.
-   *
-   * @param numBytes the number of seed bytes to generate.
-   * @return the seed bytes.
-   */
-  override protected def engineGenerateSeed(numBytes: Int): Array[Byte] = InternetSeedGenerator.getInstance.generateSeed(numBytes)
-}
-

akka-remote/src/main/scala/akka/remote/security/provider/AkkaProvider.scala

@@ -14,14 +14,10 @@ object AkkaProvider extends Provider("Akka", 1.0, "Akka provider 1.0 that implem
       //SecureRandom
       put("SecureRandom.AES128CounterSecureRNG", classOf[AES128CounterSecureRNG].getName)
       put("SecureRandom.AES256CounterSecureRNG", classOf[AES256CounterSecureRNG].getName)
-      put("SecureRandom.AES128CounterInetRNG", classOf[AES128CounterInetRNG].getName)
-      put("SecureRandom.AES256CounterInetRNG", classOf[AES256CounterInetRNG].getName)
 
       //Implementation type: software or hardware
       put("SecureRandom.AES128CounterSecureRNG ImplementedIn", "Software")
       put("SecureRandom.AES256CounterSecureRNG ImplementedIn", "Software")
-      put("SecureRandom.AES128CounterInetRNG ImplementedIn", "Software")
-      put("SecureRandom.AES256CounterInetRNG ImplementedIn", "Software")
       null //Magic null is magic
     }
   })

akka-remote/src/main/scala/akka/remote/security/provider/InternetSeedGenerator.scala

@@ -1,56 +0,0 @@
-// ============================================================================
-//   Copyright 2006-2010 Daniel W. Dyer
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
-// ============================================================================
-package akka.remote.security.provider
-
-import org.uncommons.maths.random.{ SeedGenerator, SeedException, SecureRandomSeedGenerator, RandomDotOrgSeedGenerator }
-import scala.collection.immutable
-
-/**
- * INTERNAL API
- * Seed generator that maintains multiple strategies for seed
- * generation and will delegate to the best one available for the
- * current operating environment.
- * @author Daniel Dyer
- */
-@deprecated("Use another seed generator instead", "2.4")
-object InternetSeedGenerator {
-  /**
-   * @return The singleton instance of this class.
-   */
-  def getInstance: InternetSeedGenerator = Instance
-
-  /**Singleton instance. */
-  private final val Instance: InternetSeedGenerator = new InternetSeedGenerator
-  /**Delegate generators. */
-  private final val Generators: immutable.Seq[SeedGenerator] =
-    List(
-      new RandomDotOrgSeedGenerator, // first try the Internet seed generator
-      new SecureRandomSeedGenerator) // this is last because it always works
-}
-
-final class InternetSeedGenerator extends SeedGenerator {
-  /**
-   * Generates a seed by trying each of the available strategies in
-   * turn until one succeeds.  Tries the most suitable strategy first
-   * and eventually degrades to the least suitable (but guaranteed to
-   * work) strategy.
-   * @param length The length (in bytes) of the seed.
-   * @return A random seed of the requested length.
-   */
-  def generateSeed(length: Int): Array[Byte] = InternetSeedGenerator.Generators.view.flatMap(
-    g ⇒ try Option(g.generateSeed(length)) catch { case _: SeedException ⇒ None }).headOption.getOrElse(throw new IllegalStateException("All available seed generation strategies failed."))
-}
-

akka-remote/src/main/scala/akka/remote/transport/netty/NettySSLSupport.scala

@@ -85,10 +85,6 @@ private[akka] class SSLSettings(config: Config) {
       case r @ ("AES128CounterSecureRNG" | "AES256CounterSecureRNG") ⇒
         log.debug("SSL random number generator set to: {}", r)
         SecureRandom.getInstance(r, AkkaProvider)
-      case r @ ("AES128CounterInetRNG" | "AES256CounterInetRNG") ⇒
-        log.warning(LogMarker.Security, "SSL random number generator {} is deprecated, " +
-          "use AES128CounterSecureRNG or AES256CounterSecureRNG instead", r)
-        SecureRandom.getInstance(r, AkkaProvider)
       case s @ ("SHA1PRNG" | "NativePRNG") ⇒
         log.debug("SSL random number generator set to: {}", s)
         // SHA1PRNG needs /dev/urandom to be the source on Linux to prevent problems with /dev/random blocking

akka-remote/src/test/scala/akka/remote/Ticket1978CommunicationSpec.scala

@@ -91,31 +91,6 @@ class Ticket1978AES128CounterSecureRNGSpec extends Ticket1978CommunicationSpec(g
 
 class Ticket1978AES256CounterSecureRNGSpec extends Ticket1978CommunicationSpec(getCipherConfig("AES256CounterSecureRNG", "TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_256_CBC_SHA"))
 
-/**
- * Both of the `Inet` variants require access to the Internet to access random.org.
- */
-class Ticket1978AES128CounterInetRNGSpec extends Ticket1978CommunicationSpec(getCipherConfig("AES128CounterInetRNG", "TLS_RSA_WITH_AES_128_CBC_SHA"))
-  with InetRNGSpec
-
-/**
- * Both of the `Inet` variants require access to the Internet to access random.org.
- */
-class Ticket1978AES256CounterInetRNGSpec extends Ticket1978CommunicationSpec(getCipherConfig("AES256CounterInetRNG", "TLS_RSA_WITH_AES_256_CBC_SHA"))
-  with InetRNGSpec
-
-trait InetRNGSpec { this: Ticket1978CommunicationSpec ⇒
-  override def preCondition = try {
-    (new RandomDotOrgSeedGenerator).generateSeed(128)
-    true
-  } catch {
-    case NonFatal(e) ⇒
-      log.warning("random.org not available: {}", e.getMessage())
-      false
-  }
-
-  override implicit val timeout: Timeout = Timeout(90.seconds)
-}
-
 class Ticket1978DefaultRNGSecureSpec extends Ticket1978CommunicationSpec(getCipherConfig("", "TLS_RSA_WITH_AES_128_CBC_SHA"))
 
 class Ticket1978CrappyRSAWithMD5OnlyHereToMakeSureThingsWorkSpec extends Ticket1978CommunicationSpec(getCipherConfig("", "SSL_RSA_WITH_NULL_MD5"))

project/MiMa.scala

@@ -119,7 +119,7 @@ object MiMa extends AutoPlugin {
       ProblemFilters.exclude[MissingClassProblem]("akka.stream.stage.StatefulStage$Stay$"),
       // object akka.stream.stage.StatefulStage#Finish does not have a correspondent in current version
       ProblemFilters.exclude[MissingClassProblem]("akka.stream.stage.StatefulStage$Finish$"),
-      
+
       // #21423 removal of deprecated `PersistentView` (in 2.5.x)
       ProblemFilters.exclude[MissingClassProblem]("akka.persistence.Update"),
       ProblemFilters.exclude[MissingClassProblem]("akka.persistence.Update$"),
@@ -129,7 +129,13 @@ object MiMa extends AutoPlugin {
       ProblemFilters.exclude[MissingClassProblem]("akka.persistence.AbstractPersistentView"),
       ProblemFilters.exclude[MissingClassProblem]("akka.persistence.UntypedPersistentView"),
       ProblemFilters.exclude[MissingClassProblem]("akka.persistence.PersistentView$ScheduledUpdate$"),
-      ProblemFilters.exclude[MissingClassProblem]("akka.persistence.PersistentView$State")
+      ProblemFilters.exclude[MissingClassProblem]("akka.persistence.PersistentView$State"),
+
+      // #22015 removal of deprecated AESCounterSecureInetRNGs
+      ProblemFilters.exclude[MissingClassProblem]("akka.remote.security.provider.AES128CounterInetRNG"),
+      ProblemFilters.exclude[MissingClassProblem]("akka.remote.security.provider.AES256CounterInetRNG"),
+      ProblemFilters.exclude[MissingClassProblem]("akka.remote.security.provider.InternetSeedGenerator"),
+      ProblemFilters.exclude[MissingClassProblem]("akka.remote.security.provider.InternetSeedGenerator$")
     )
 
     Map(