Fixed problems handling passive connections in Remoting #2878
- Fixed potential race in EndpointWrite when TakeOff is processed - Reenabled accidentally disabled gremlin due to changed defaults - Fixed EndpointRegistry incorrectly handling passive connections
This commit is contained in:
Endre Sándor Varga
parent
d983104a7f
commit
b08c331577
14 changed files with 45 additions and 1502 deletions
|
|
@ -13,12 +13,12 @@ import scala.reflect.classTag
|
|||
import akka.pattern.ask
|
||||
import java.io.File
|
||||
import java.security.{ NoSuchAlgorithmException, SecureRandom, PrivilegedAction, AccessController }
|
||||
import akka.remote.netty.{ NettySettings, NettySSLSupport }
|
||||
import javax.net.ssl.SSLException
|
||||
import akka.util.Timeout
|
||||
import scala.concurrent.Await
|
||||
import scala.concurrent.duration._
|
||||
import akka.event.{ Logging, NoLogging, LoggingAdapter }
|
||||
import akka.remote.transport.netty.{ SSLSettings, NettySSLSupport }
|
||||
|
||||
object Configuration {
|
||||
// set this in your JAVA_OPTS to see all ssl debug info: "-Djavax.net.debug=ssl,keymanager"
|
||||
|
|
@ -33,21 +33,26 @@ object Configuration {
|
|||
filter-leeway = 10s
|
||||
default-timeout = 10s
|
||||
}
|
||||
remote.transport = "akka.remote.netty.NettyRemoteTransport"
|
||||
remote.netty {
|
||||
|
||||
remoting.enabled-transports = ["ssl"]
|
||||
|
||||
remoting.transports.ssl {
|
||||
hostname = localhost
|
||||
port = %d
|
||||
ssl {
|
||||
enable = on
|
||||
trust-store = "%s"
|
||||
key-store = "%s"
|
||||
key-store-password = "changeme"
|
||||
trust-store-password = "changeme"
|
||||
protocol = "TLSv1"
|
||||
random-number-generator = "%s"
|
||||
enabled-algorithms = [%s]
|
||||
sha1prng-random-source = "/dev/./urandom"
|
||||
}
|
||||
}
|
||||
}
|
||||
"""
|
||||
"""
|
||||
|
||||
case class CipherConfig(runTest: Boolean, config: Config, cipher: String, localPort: Int, remotePort: Int)
|
||||
|
||||
|
|
@ -57,24 +62,24 @@ object Configuration {
|
|||
//if (true) throw new IllegalArgumentException("Ticket1978*Spec isn't enabled")
|
||||
|
||||
val config = ConfigFactory.parseString(conf.format(localPort, trustStore, keyStore, cipher, enabled.mkString(", ")))
|
||||
val fullConfig = config.withFallback(AkkaSpec.testConf).withFallback(ConfigFactory.load).getConfig("akka.remote.netty")
|
||||
val settings = new NettySettings(fullConfig, "placeholder")
|
||||
val fullConfig = config.withFallback(AkkaSpec.testConf).withFallback(ConfigFactory.load).getConfig("akka.remoting.transports.ssl.ssl")
|
||||
val settings = new SSLSettings(fullConfig)
|
||||
|
||||
val rng = NettySSLSupport.initializeCustomSecureRandom(settings.SslSettings.SSLRandomNumberGenerator,
|
||||
settings.SslSettings.SSLRandomSource, NoLogging)
|
||||
val rng = NettySSLSupport.initializeCustomSecureRandom(settings.SSLRandomNumberGenerator,
|
||||
settings.SSLRandomSource, NoLogging)
|
||||
|
||||
rng.nextInt() // Has to work
|
||||
settings.SslSettings.SSLRandomNumberGenerator foreach {
|
||||
settings.SSLRandomNumberGenerator foreach {
|
||||
sRng ⇒ rng.getAlgorithm == sRng || (throw new NoSuchAlgorithmException(sRng))
|
||||
}
|
||||
|
||||
val engine = NettySSLSupport.initializeClientSSL(settings.SslSettings, NoLogging).getEngine
|
||||
val engine = NettySSLSupport.initializeClientSSL(settings, NoLogging).getEngine
|
||||
val gotAllSupported = enabled.toSet -- engine.getSupportedCipherSuites.toSet
|
||||
val gotAllEnabled = enabled.toSet -- engine.getEnabledCipherSuites.toSet
|
||||
gotAllSupported.isEmpty || (throw new IllegalArgumentException("Cipher Suite not supported: " + gotAllSupported))
|
||||
gotAllEnabled.isEmpty || (throw new IllegalArgumentException("Cipher Suite not enabled: " + gotAllEnabled))
|
||||
engine.getSupportedProtocols.contains(settings.SslSettings.SSLProtocol.get) ||
|
||||
(throw new IllegalArgumentException("Protocol not supported: " + settings.SslSettings.SSLProtocol.get))
|
||||
engine.getSupportedProtocols.contains(settings.SSLProtocol.get) ||
|
||||
(throw new IllegalArgumentException("Protocol not supported: " + settings.SSLProtocol.get))
|
||||
|
||||
CipherConfig(true, config, cipher, localPort, remotePort)
|
||||
} catch {
|
||||
|
|
@ -119,11 +124,9 @@ abstract class Ticket1978CommunicationSpec(val cipherConfig: CipherConfig) exten
|
|||
|
||||
implicit val timeout: Timeout = Timeout(10 seconds)
|
||||
|
||||
import RemoteCommunicationSpec._
|
||||
|
||||
lazy val other: ActorSystem = ActorSystem(
|
||||
"remote-sys",
|
||||
ConfigFactory.parseString("akka.remote.netty.port=" + cipherConfig.remotePort).withFallback(system.settings.config))
|
||||
ConfigFactory.parseString("akka.remoting.transports.ssl.port = " + cipherConfig.remotePort).withFallback(system.settings.config))
|
||||
|
||||
override def afterTermination() {
|
||||
if (cipherConfig.runTest) {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue