raboof/pekko
1
0
Fork 0
Code Issues Pull requests Projects Releases 6 Packages Wiki Activity Actions 11

#3204 - Adding keypass to SSL configuration

Browse source
This commit is contained in:
Viktor Klang 2013-04-11 13:14:48 +02:00
parent fdf6df7254
commit ad2e3c5e37
9 changed files with 27 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

1
akka-docs/rst/java/remoting.rst
View file

@ -329,6 +329,7 @@ An example of setting up the default Netty based SSL driver as default::
key-store = "mykeystore" key-store = "mykeystore"
trust-store = "mytruststore" trust-store = "mytruststore"
key-store-password = "changeme" key-store-password = "changeme"
key-password = "changeme"
trust-store-password = "changeme" trust-store-password = "changeme"
protocol = "TLSv1" protocol = "TLSv1"
random-number-generator = "AES128CounterSecureRNG" random-number-generator = "AES128CounterSecureRNG"

1
akka-docs/rst/scala/remoting.rst
View file

@ -331,6 +331,7 @@ An example of setting up the default Netty based SSL driver as default::
key-store = "mykeystore" key-store = "mykeystore"
trust-store = "mytruststore" trust-store = "mytruststore"
key-store-password = "changeme" key-store-password = "changeme"
key-password = "changeme"
trust-store-password = "changeme" trust-store-password = "changeme"
protocol = "TLSv1" protocol = "TLSv1"
random-number-generator = "AES128CounterSecureRNG" random-number-generator = "AES128CounterSecureRNG"

3
akka-remote/src/main/resources/reference.conf
View file

@ -323,6 +323,9 @@ akka {
# This password is used for decrypting the key store # This password is used for decrypting the key store
key-store-password = "changeme" key-store-password = "changeme"
# This password is used for decrypting the key
key-password = "changeme"
# This is the Java Key Store used by the client connection # This is the Java Key Store used by the client connection
trust-store = "truststore" trust-store = "truststore"

2
akka-remote/src/main/scala/akka/remote/RemoteDaemon.scala
View file

@ -135,7 +135,7 @@ private[akka] class RemoteSystemDaemon(
case Identify(messageId) sender ! ActorIdentity(messageId, Some(this)) case Identify(messageId) sender ! ActorIdentity(messageId, Some(this))
case t: Terminated case t: Terminated
case TerminationHook case TerminationHook
terminating.switchOn { terminating.switchOn {

29
akka-remote/src/main/scala/akka/remote/transport/netty/NettySSLSupport.scala
View file

@ -23,17 +23,20 @@ private[akka] class SSLSettings(config: Config) {
import config._ import config._
val SSLKeyStore = Option(getString("key-store")).filter(_.length > 0) private def emptyIsNone(s: String): Option[String] = Option(s).filter(_.length > 0)
val SSLTrustStore = Option(getString("trust-store")).filter(_.length > 0)
val SSLKeyStorePassword = Option(getString("key-store-password")).filter(_.length > 0)
val SSLTrustStorePassword = Option(getString("trust-store-password")).filter(_.length > 0) val SSLKeyStore = emptyIsNone(getString("key-store"))
val SSLTrustStore = emptyIsNone(getString("trust-store"))
val SSLKeyStorePassword = emptyIsNone(getString("key-store-password"))
val SSLKeyPassword = emptyIsNone(getString("key-password"))
val SSLTrustStorePassword = emptyIsNone(getString("trust-store-password"))
val SSLEnabledAlgorithms = immutableSeq(getStringList("enabled-algorithms")).to[Set] val SSLEnabledAlgorithms = immutableSeq(getStringList("enabled-algorithms")).to[Set]
val SSLProtocol = Option(getString("protocol")).filter(_.length > 0) val SSLProtocol = emptyIsNone(getString("protocol"))
val SSLRandomNumberGenerator = Option(getString("random-number-generator")).filter(_.length > 0) val SSLRandomNumberGenerator = emptyIsNone(getString("random-number-generator"))
// FIXME: Change messages to reflect new configuration // FIXME: Change messages to reflect new configuration
if (SSLProtocol.isEmpty) throw new ConfigurationException( if (SSLProtocol.isEmpty) throw new ConfigurationException(
@ -42,6 +45,8 @@ private[akka] class SSLSettings(config: Config) {
"Configuration option 'akka.remote.netty.ssl.enable-ssl is turned on but no key/trust store is defined in 'akka.remote.netty.ssl.security.key-store' / 'akka.remote.netty.ssl.security.trust-store'.") "Configuration option 'akka.remote.netty.ssl.enable-ssl is turned on but no key/trust store is defined in 'akka.remote.netty.ssl.security.key-store' / 'akka.remote.netty.ssl.security.trust-store'.")
if (SSLKeyStore.isDefined && SSLKeyStorePassword.isEmpty) throw new ConfigurationException( if (SSLKeyStore.isDefined && SSLKeyStorePassword.isEmpty) throw new ConfigurationException(
"Configuration option 'akka.remote.netty.ssl.security.key-store' is defined but no key-store password is defined in 'akka.remote.netty.ssl.security.key-store-password'.") "Configuration option 'akka.remote.netty.ssl.security.key-store' is defined but no key-store password is defined in 'akka.remote.netty.ssl.security.key-store-password'.")
if (SSLKeyStore.isDefined && SSLKeyPassword.isEmpty) throw new ConfigurationException(
"Configuration option 'akka.remote.netty.ssl.security.key-store' is defined but no key password is defined in 'akka.remote.netty.ssl.security.key-password'.")
if (SSLTrustStore.isDefined && SSLTrustStorePassword.isEmpty) throw new ConfigurationException( if (SSLTrustStore.isDefined && SSLTrustStorePassword.isEmpty) throw new ConfigurationException(
"Configuration option 'akka.remote.netty.ssl.security.trust-store' is defined but no trust-store password is defined in 'akka.remote.netty.ssl.security.trust-store-password'.") "Configuration option 'akka.remote.netty.ssl.security.trust-store' is defined but no trust-store password is defined in 'akka.remote.netty.ssl.security.trust-store-password'.")
} }
@ -134,7 +139,7 @@ private[akka] object NettySSLSupport {
def initializeServerSSL(settings: SSLSettings, log: LoggingAdapter): SslHandler = { def initializeServerSSL(settings: SSLSettings, log: LoggingAdapter): SslHandler = {
log.debug("Server SSL is enabled, initialising ...") log.debug("Server SSL is enabled, initialising ...")
def constructServerContext(settings: SSLSettings, log: LoggingAdapter, keyStorePath: String, keyStorePassword: String, protocol: String): Option[SSLContext] = def constructServerContext(settings: SSLSettings, log: LoggingAdapter, keyStorePath: String, keyStorePassword: String, keyPassword: String, protocol: String): Option[SSLContext] =
try { try {
val rng = initializeCustomSecureRandom(settings.SSLRandomNumberGenerator, log) val rng = initializeCustomSecureRandom(settings.SSLRandomNumberGenerator, log)
val factory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm) val factory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm)
@ -143,7 +148,7 @@ private[akka] object NettySSLSupport {
val fin = new FileInputStream(keyStorePath) val fin = new FileInputStream(keyStorePath)
try keyStore.load(fin, keyStorePassword.toCharArray) finally Try(fin.close()) try keyStore.load(fin, keyStorePassword.toCharArray) finally Try(fin.close())
keyStore keyStore
}, keyStorePassword.toCharArray) }, keyPassword.toCharArray)
val trustManagers: Option[Array[TrustManager]] = settings.SSLTrustStore map { val trustManagers: Option[Array[TrustManager]] = settings.SSLTrustStore map {
path path
@ -164,10 +169,10 @@ private[akka] object NettySSLSupport {
case e: GeneralSecurityException throw new RemoteTransportException("Server SSL connection could not be established because SSL context could not be constructed", e) case e: GeneralSecurityException throw new RemoteTransportException("Server SSL connection could not be established because SSL context could not be constructed", e)
} }
((settings.SSLKeyStore, settings.SSLKeyStorePassword, settings.SSLProtocol) match { ((settings.SSLKeyStore, settings.SSLKeyStorePassword, settings.SSLKeyPassword, settings.SSLProtocol) match {
case (Some(keyStore), Some(password), Some(protocol)) constructServerContext(settings, log, keyStore, password, protocol) case (Some(keyStore), Some(storePassword), Some(keyPassword), Some(protocol)) constructServerContext(settings, log, keyStore, storePassword, keyPassword, protocol)
case (keyStore, password, protocol) throw new GeneralSecurityException( case (keyStore, storePassword, keyPassword, protocol) throw new GeneralSecurityException(
"SSL key store settings went missing. [key-store: %s] [key-store-password: %s] [protocol: %s]".format(keyStore, password, protocol)) s"SSL key store settings went missing. [key-store: $keyStore] [key-store-password: $storePassword] [key-password: $keyPassword] [protocol: $protocol]")
}) match { }) match {
case Some(context) case Some(context)
log.debug("Using server SSL context to create SSLEngine ...") log.debug("Using server SSL context to create SSLEngine ...")

1
akka-remote/src/test/scala/akka/remote/RemoteConfigSpec.scala
View file

@ -91,6 +91,7 @@ class RemoteConfigSpec extends AkkaSpec(
val sslSettings = new SSLSettings(system.settings.config.getConfig("akka.remote.netty.ssl.security")) val sslSettings = new SSLSettings(system.settings.config.getConfig("akka.remote.netty.ssl.security"))
sslSettings.SSLKeyStore must be(Some("keystore")) sslSettings.SSLKeyStore must be(Some("keystore"))
sslSettings.SSLKeyStorePassword must be(Some("changeme")) sslSettings.SSLKeyStorePassword must be(Some("changeme"))
sslSettings.SSLKeyPassword must be(Some("changeme"))
sslSettings.SSLTrustStore must be(Some("truststore")) sslSettings.SSLTrustStore must be(Some("truststore"))
sslSettings.SSLTrustStorePassword must be(Some("changeme")) sslSettings.SSLTrustStorePassword must be(Some("changeme"))
sslSettings.SSLProtocol must be(Some("TLSv1")) sslSettings.SSLProtocol must be(Some("TLSv1"))

1
akka-remote/src/test/scala/akka/remote/RemotingSpec.scala
View file

@ -61,6 +61,7 @@ object RemotingSpec {
key-store = "${getClass.getClassLoader.getResource("keystore").getPath}" key-store = "${getClass.getClassLoader.getResource("keystore").getPath}"
trust-store = "${getClass.getClassLoader.getResource("truststore").getPath}" trust-store = "${getClass.getClassLoader.getResource("truststore").getPath}"
key-store-password = "changeme" key-store-password = "changeme"
key-password = "changeme"
trust-store-password = "changeme" trust-store-password = "changeme"
protocol = "TLSv1" protocol = "TLSv1"
random-number-generator = "AES128CounterSecureRNG" random-number-generator = "AES128CounterSecureRNG"

1
akka-remote/src/test/scala/akka/remote/Ticket1978CommunicationSpec.scala
View file

@ -44,6 +44,7 @@ object Configuration {
trust-store = "%s" trust-store = "%s"
key-store = "%s" key-store = "%s"
key-store-password = "changeme" key-store-password = "changeme"
key-password = "changeme"
trust-store-password = "changeme" trust-store-password = "changeme"
protocol = "TLSv1" protocol = "TLSv1"
random-number-generator = "%s" random-number-generator = "%s"

1
akka-remote/src/test/scala/akka/remote/Ticket1978ConfigSpec.scala
View file

@ -20,6 +20,7 @@ class Ticket1978ConfigSpec extends AkkaSpec("""
settings.SSLKeyStore must be(Some("keystore")) settings.SSLKeyStore must be(Some("keystore"))
settings.SSLKeyStorePassword must be(Some("changeme")) settings.SSLKeyStorePassword must be(Some("changeme"))
settings.SSLKeyPassword must be(Some("changeme"))
settings.SSLTrustStore must be(Some("truststore")) settings.SSLTrustStore must be(Some("truststore"))
settings.SSLTrustStorePassword must be(Some("changeme")) settings.SSLTrustStorePassword must be(Some("changeme"))
settings.SSLProtocol must be(Some("TLSv1")) settings.SSLProtocol must be(Some("TLSv1"))