Modernize AkkaSpec and Akka.Remote DotNetty transport settings #6854

Arkatufus · 2023-07-26T20:19:16Z

The Akka.Remote code is full of byte rot and needs cleaning.
AkkaSpec failed to inject its internal configuration with its ActorSystemSetup constructor variant

Changes

Makes sure that AkkaSpec injects _akkaSpecConfig into the ActorSystemSetup ctor argument
Modernize DotNettyTransportSettings:
- Change to record
- Use #nullable enable
- Add Setup support.
- Use pattern matching
Add DotNettySslSetup

Checklist

For significant changes, please ensure that the following have been completed (delete if not relevant):

This change follows the Akka.NET API Compatibility Guidelines.
I have reviewed my own pull request.

Arkatufus · 2023-07-26T20:20:52Z

src/core/Akka.Remote/AkkaProtocolSettings.cs

-                HandshakeTimeout = config.GetTimeSpan("akka.remote.dot-netty.tcp.connection-timeout", null);
-            else if (enabledTransports.Contains("akka.remote.dot-netty.ssl"))
-                HandshakeTimeout = config.GetTimeSpan("akka.remote.dot-netty.ssl.connection-timeout", null);
+                HandshakeTimeout = config.GetTimeSpan("akka.remote.dot-netty.tcp.connection-timeout", TimeSpan.FromSeconds(15), allowInfinite:false);


Add default value to config value

Arkatufus · 2023-07-26T20:21:59Z

src/core/Akka.Remote/AkkaProtocolSettings.cs

-            else if (enabledTransports.Contains("akka.remote.dot-netty.ssl"))
-                HandshakeTimeout = config.GetTimeSpan("akka.remote.dot-netty.ssl.connection-timeout", null);


Removed akka.remote.dot-netty.ssl, this HOCON path has not been used since 5 years ago

Arkatufus · 2023-07-26T20:22:22Z

src/core/Akka.Remote/AkkaProtocolSettings.cs

            else
-                HandshakeTimeout = config.GetTimeSpan("akka.remote.handshake-timeout", TimeSpan.FromSeconds(20), allowInfinite:false);
+                HandshakeTimeout = config.GetTimeSpan("akka.remote.handshake-timeout", TimeSpan.FromSeconds(15), allowInfinite:false);


Change default value to 15 to reflect actual HOCON default

Arkatufus · 2023-07-26T20:23:15Z

src/core/Akka.Remote/Configuration/Remote.conf

-	# necessary to keep backwards compatibility
-	helios.tcp.transport-class = "Akka.Remote.Transport.Helios.HeliosTcpTransport, Akka.Remote.Transport.Helios"


Moved to code since this causes bugs

Arkatufus · 2023-07-26T20:23:42Z

src/core/Akka.Remote/Configuration/Remote.conf

+      ssl {
+        certificate {
+          # Valid certificate path required
+          path = ""
+          # Valid certificate password required
+          password = ""
+          # Default key storage flag is "default-key-set"
+          # Available flags include: 
+          #     default-key-set | exportable | machine-key-set | persist-key-set | user-key-set | user-protected
+          # flags = [ "default-key-set" ]
+
+          # To use a Thumbprint instead of a file, set this to true
+          # And specify a thumbprint and it's storage location below
+          use-thumbprint-over-file = false
+
+          # Valid Thumbprint required (if use-thumbprint-over-file is true)
+          # A typical thumbprint is a format similar to: "45df32e258c92a7abf6c112e54912ab15bbb9eb0"
+          # On Windows machines, The thumbprint for an installed certificate can be located
+          # By using certlm.msc and opening the certificate under the 'Details' tab.
+          thumbprint = ""
+
+          # The Store name. Under windows The most common option is "My", which indicates the personal store.
+          # See System.Security.Cryptography.X509Certificates.StoreName for other common values.
+          store-name = ""
+
+          # Valid options : local-machine or current-user
+          # current-user indicates a certificate stored under the user's account
+          # local-machine indicates a certificate stored at an operating system level (potentially shared by users)
+          store-location = "current-user"
+        }
+        suppress-validation = false
+      }


Move the SSL configuration to its proper place

src/core/Akka.Remote/Configuration/Remote.conf

Arkatufus · 2023-07-26T20:25:37Z

src/core/Akka.Remote/Transport/DotNetty/DotNettySslSetup.cs

+public sealed class DotNettySslSetup: Setup
+{
+    public DotNettySslSetup(X509Certificate2 certificate, bool suppressValidation)
+    {
+        Certificate = certificate;
+        SuppressValidation = suppressValidation;
+    }
+
+    public X509Certificate2 Certificate { get; }
+    public bool SuppressValidation { get; }
+
+    internal SslSettings Settings => new SslSettings(Certificate, SuppressValidation);
+}


This Setup class allows users to inject X509Certificate2 instance directly

Arkatufus · 2023-07-26T20:27:01Z

src/core/Akka.Remote/Transport/DotNetty/DotNettyTransport.cs

+                var heliosFallbackConfig = system.Settings.Config.GetConfig("akka.remote.helios.tcp")
+                    .WithFallback("transport-class = \"Akka.Remote.Transport.Helios.HeliosTcpTransport, Akka.Remote.Transport.Helios\"");


Moved the hard coded HOCON settings from pidgeon.conf here, value only get added when necessary

Do we still need to support Helios?

Arkatufus · 2023-07-26T20:27:24Z

src/core/Akka.Remote/Transport/DotNetty/DotNettyTransport.cs

+            var setup = system.Settings.Setup.Get<DotNettySslSetup>();
+            var sslSettings = setup.HasValue ? setup.Value.Settings : null;
+            Settings = DotNettyTransportSettings.Create(config, sslSettings);


Setup class injection

Arkatufus · 2023-07-26T20:28:04Z