diff --git a/akka-docs/rst/java/remoting.rst b/akka-docs/rst/java/remoting.rst index 8092383184..17286eb4ee 100644 --- a/akka-docs/rst/java/remoting.rst +++ b/akka-docs/rst/java/remoting.rst @@ -329,6 +329,7 @@ An example of setting up the default Netty based SSL driver as default:: key-store = "mykeystore" trust-store = "mytruststore" key-store-password = "changeme" + key-password = "changeme" trust-store-password = "changeme" protocol = "TLSv1" random-number-generator = "AES128CounterSecureRNG" diff --git a/akka-docs/rst/scala/remoting.rst b/akka-docs/rst/scala/remoting.rst index 3f4a584a63..72811f531d 100644 --- a/akka-docs/rst/scala/remoting.rst +++ b/akka-docs/rst/scala/remoting.rst @@ -331,6 +331,7 @@ An example of setting up the default Netty based SSL driver as default:: key-store = "mykeystore" trust-store = "mytruststore" key-store-password = "changeme" + key-password = "changeme" trust-store-password = "changeme" protocol = "TLSv1" random-number-generator = "AES128CounterSecureRNG" diff --git a/akka-remote/src/main/resources/reference.conf b/akka-remote/src/main/resources/reference.conf index 26deb8aa89..91730759a6 100644 --- a/akka-remote/src/main/resources/reference.conf +++ b/akka-remote/src/main/resources/reference.conf @@ -323,6 +323,9 @@ akka { # This password is used for decrypting the key store key-store-password = "changeme" + # This password is used for decrypting the key + key-password = "changeme" + # This is the Java Key Store used by the client connection trust-store = "truststore" diff --git a/akka-remote/src/main/scala/akka/remote/RemoteDaemon.scala b/akka-remote/src/main/scala/akka/remote/RemoteDaemon.scala index c7844b5350..072d4f2bd8 100644 --- a/akka-remote/src/main/scala/akka/remote/RemoteDaemon.scala +++ b/akka-remote/src/main/scala/akka/remote/RemoteDaemon.scala @@ -135,7 +135,7 @@ private[akka] class RemoteSystemDaemon( case Identify(messageId) ⇒ sender ! ActorIdentity(messageId, Some(this)) - case t: Terminated ⇒ + case t: Terminated ⇒ case TerminationHook ⇒ terminating.switchOn { diff --git a/akka-remote/src/main/scala/akka/remote/transport/netty/NettySSLSupport.scala b/akka-remote/src/main/scala/akka/remote/transport/netty/NettySSLSupport.scala index d117c65924..81366cce2c 100644 --- a/akka-remote/src/main/scala/akka/remote/transport/netty/NettySSLSupport.scala +++ b/akka-remote/src/main/scala/akka/remote/transport/netty/NettySSLSupport.scala @@ -23,17 +23,20 @@ private[akka] class SSLSettings(config: Config) { import config._ - val SSLKeyStore = Option(getString("key-store")).filter(_.length > 0) - val SSLTrustStore = Option(getString("trust-store")).filter(_.length > 0) - val SSLKeyStorePassword = Option(getString("key-store-password")).filter(_.length > 0) + private def emptyIsNone(s: String): Option[String] = Option(s).filter(_.length > 0) - val SSLTrustStorePassword = Option(getString("trust-store-password")).filter(_.length > 0) + val SSLKeyStore = emptyIsNone(getString("key-store")) + val SSLTrustStore = emptyIsNone(getString("trust-store")) + val SSLKeyStorePassword = emptyIsNone(getString("key-store-password")) + val SSLKeyPassword = emptyIsNone(getString("key-password")) + + val SSLTrustStorePassword = emptyIsNone(getString("trust-store-password")) val SSLEnabledAlgorithms = immutableSeq(getStringList("enabled-algorithms")).to[Set] - val SSLProtocol = Option(getString("protocol")).filter(_.length > 0) + val SSLProtocol = emptyIsNone(getString("protocol")) - val SSLRandomNumberGenerator = Option(getString("random-number-generator")).filter(_.length > 0) + val SSLRandomNumberGenerator = emptyIsNone(getString("random-number-generator")) // FIXME: Change messages to reflect new configuration if (SSLProtocol.isEmpty) throw new ConfigurationException( @@ -42,6 +45,8 @@ private[akka] class SSLSettings(config: Config) { "Configuration option 'akka.remote.netty.ssl.enable-ssl is turned on but no key/trust store is defined in 'akka.remote.netty.ssl.security.key-store' / 'akka.remote.netty.ssl.security.trust-store'.") if (SSLKeyStore.isDefined && SSLKeyStorePassword.isEmpty) throw new ConfigurationException( "Configuration option 'akka.remote.netty.ssl.security.key-store' is defined but no key-store password is defined in 'akka.remote.netty.ssl.security.key-store-password'.") + if (SSLKeyStore.isDefined && SSLKeyPassword.isEmpty) throw new ConfigurationException( + "Configuration option 'akka.remote.netty.ssl.security.key-store' is defined but no key password is defined in 'akka.remote.netty.ssl.security.key-password'.") if (SSLTrustStore.isDefined && SSLTrustStorePassword.isEmpty) throw new ConfigurationException( "Configuration option 'akka.remote.netty.ssl.security.trust-store' is defined but no trust-store password is defined in 'akka.remote.netty.ssl.security.trust-store-password'.") } @@ -134,7 +139,7 @@ private[akka] object NettySSLSupport { def initializeServerSSL(settings: SSLSettings, log: LoggingAdapter): SslHandler = { log.debug("Server SSL is enabled, initialising ...") - def constructServerContext(settings: SSLSettings, log: LoggingAdapter, keyStorePath: String, keyStorePassword: String, protocol: String): Option[SSLContext] = + def constructServerContext(settings: SSLSettings, log: LoggingAdapter, keyStorePath: String, keyStorePassword: String, keyPassword: String, protocol: String): Option[SSLContext] = try { val rng = initializeCustomSecureRandom(settings.SSLRandomNumberGenerator, log) val factory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm) @@ -143,7 +148,7 @@ private[akka] object NettySSLSupport { val fin = new FileInputStream(keyStorePath) try keyStore.load(fin, keyStorePassword.toCharArray) finally Try(fin.close()) keyStore - }, keyStorePassword.toCharArray) + }, keyPassword.toCharArray) val trustManagers: Option[Array[TrustManager]] = settings.SSLTrustStore map { path ⇒ @@ -164,10 +169,10 @@ private[akka] object NettySSLSupport { case e: GeneralSecurityException ⇒ throw new RemoteTransportException("Server SSL connection could not be established because SSL context could not be constructed", e) } - ((settings.SSLKeyStore, settings.SSLKeyStorePassword, settings.SSLProtocol) match { - case (Some(keyStore), Some(password), Some(protocol)) ⇒ constructServerContext(settings, log, keyStore, password, protocol) - case (keyStore, password, protocol) ⇒ throw new GeneralSecurityException( - "SSL key store settings went missing. [key-store: %s] [key-store-password: %s] [protocol: %s]".format(keyStore, password, protocol)) + ((settings.SSLKeyStore, settings.SSLKeyStorePassword, settings.SSLKeyPassword, settings.SSLProtocol) match { + case (Some(keyStore), Some(storePassword), Some(keyPassword), Some(protocol)) ⇒ constructServerContext(settings, log, keyStore, storePassword, keyPassword, protocol) + case (keyStore, storePassword, keyPassword, protocol) ⇒ throw new GeneralSecurityException( + s"SSL key store settings went missing. [key-store: $keyStore] [key-store-password: $storePassword] [key-password: $keyPassword] [protocol: $protocol]") }) match { case Some(context) ⇒ log.debug("Using server SSL context to create SSLEngine ...") diff --git a/akka-remote/src/test/scala/akka/remote/RemoteConfigSpec.scala b/akka-remote/src/test/scala/akka/remote/RemoteConfigSpec.scala index 87b19886a7..7458b25b8b 100644 --- a/akka-remote/src/test/scala/akka/remote/RemoteConfigSpec.scala +++ b/akka-remote/src/test/scala/akka/remote/RemoteConfigSpec.scala @@ -91,6 +91,7 @@ class RemoteConfigSpec extends AkkaSpec( val sslSettings = new SSLSettings(system.settings.config.getConfig("akka.remote.netty.ssl.security")) sslSettings.SSLKeyStore must be(Some("keystore")) sslSettings.SSLKeyStorePassword must be(Some("changeme")) + sslSettings.SSLKeyPassword must be(Some("changeme")) sslSettings.SSLTrustStore must be(Some("truststore")) sslSettings.SSLTrustStorePassword must be(Some("changeme")) sslSettings.SSLProtocol must be(Some("TLSv1")) diff --git a/akka-remote/src/test/scala/akka/remote/RemotingSpec.scala b/akka-remote/src/test/scala/akka/remote/RemotingSpec.scala index 5455d08424..beaa1d9cf4 100644 --- a/akka-remote/src/test/scala/akka/remote/RemotingSpec.scala +++ b/akka-remote/src/test/scala/akka/remote/RemotingSpec.scala @@ -61,6 +61,7 @@ object RemotingSpec { key-store = "${getClass.getClassLoader.getResource("keystore").getPath}" trust-store = "${getClass.getClassLoader.getResource("truststore").getPath}" key-store-password = "changeme" + key-password = "changeme" trust-store-password = "changeme" protocol = "TLSv1" random-number-generator = "AES128CounterSecureRNG" diff --git a/akka-remote/src/test/scala/akka/remote/Ticket1978CommunicationSpec.scala b/akka-remote/src/test/scala/akka/remote/Ticket1978CommunicationSpec.scala index e0e76f2d8d..6d70f2bcd5 100644 --- a/akka-remote/src/test/scala/akka/remote/Ticket1978CommunicationSpec.scala +++ b/akka-remote/src/test/scala/akka/remote/Ticket1978CommunicationSpec.scala @@ -44,6 +44,7 @@ object Configuration { trust-store = "%s" key-store = "%s" key-store-password = "changeme" + key-password = "changeme" trust-store-password = "changeme" protocol = "TLSv1" random-number-generator = "%s" diff --git a/akka-remote/src/test/scala/akka/remote/Ticket1978ConfigSpec.scala b/akka-remote/src/test/scala/akka/remote/Ticket1978ConfigSpec.scala index be4cf6fce5..4bf3ca1680 100644 --- a/akka-remote/src/test/scala/akka/remote/Ticket1978ConfigSpec.scala +++ b/akka-remote/src/test/scala/akka/remote/Ticket1978ConfigSpec.scala @@ -20,6 +20,7 @@ class Ticket1978ConfigSpec extends AkkaSpec(""" settings.SSLKeyStore must be(Some("keystore")) settings.SSLKeyStorePassword must be(Some("changeme")) + settings.SSLKeyPassword must be(Some("changeme")) settings.SSLTrustStore must be(Some("truststore")) settings.SSLTrustStorePassword must be(Some("changeme")) settings.SSLProtocol must be(Some("TLSv1"))