Migrate to newer Quarkus TLS configuration parameters

quarkiverse · Sep 19, 2024 · 3aa255c · 3aa255c
1 parent 9d85993
commit 3aa255c
Show file tree

Hide file tree

Showing 6 changed files with 37 additions and 22 deletions.
diff --git a/docs/modules/ROOT/examples/mtls/application.properties b/docs/modules/ROOT/examples/mtls/application.properties
@@ -1,18 +1,22 @@
-# The store type can be pkcs12 or jks
+# The store type can be p12 or jks
 keystore.type = ${keystore.type}
 
 # tag::mtls[]
 # Server keystore for Simple TLS
-quarkus.http.ssl.certificate.key-store-file = localhost-keystore.${keystore.type}
-quarkus.http.ssl.certificate.key-store-password = localhost-keystore-password
-quarkus.http.ssl.certificate.key-store-key-alias = localhost
-quarkus.http.ssl.certificate.key-store-key-password = localhost-keystore-password
+quarkus.tls.localhost-${keystore.type}.key-store.${keystore.type}.path = localhost-keystore.${keystore.type}
+quarkus.tls.localhost-${keystore.type}.key-store.${keystore.type}.password = localhost-keystore-password
+quarkus.tls.localhost-${keystore.type}.key-store.${keystore.type}.alias = localhost
+quarkus.tls.localhost-${keystore.type}.key-store.${keystore.type}.alias-password = localhost-keystore-password
 # Server truststore for Mutual TLS
-quarkus.http.ssl.certificate.trust-store-file = localhost-truststore.${keystore.type}
-quarkus.http.ssl.certificate.trust-store-password = localhost-truststore-password
+quarkus.tls.localhost-${keystore.type}.trust-store.${keystore.type}.path = localhost-truststore.${keystore.type}
+quarkus.tls.localhost-${keystore.type}.trust-store.${keystore.type}.password = localhost-truststore-password
+#
+quarkus.http.tls-configuration-name=localhost-${keystore.type}
+
 # Do not allow any clients which do not prove their indentity through an SSL certificate
 quarkus.http.ssl.client-auth = required
 
+
 # CXF service
 quarkus.cxf.endpoint."/mTls".implementor = io.quarkiverse.cxf.it.auth.mtls.MTlsHelloServiceImpl
 

diff --git a/docs/modules/ROOT/examples/ws-security-policy/application.properties b/docs/modules/ROOT/examples/ws-security-policy/application.properties
@@ -3,17 +3,18 @@
 # Server side SSL
 # tag::server-key-store[]
 # <1>
-quarkus.http.ssl.certificate.key-store-file = localhost-keystore.${keystore.type}
-quarkus.http.ssl.certificate.key-store-password = localhost-keystore-password
-quarkus.http.ssl.certificate.key-store-key-alias = localhost
-quarkus.http.ssl.certificate.key-store-key-password = localhost-keystore-password
+quarkus.tls.key-store.${keystore.type.short}.path = localhost-keystore.${keystore.type}
+quarkus.tls.key-store.${keystore.type.short}.password = localhost-keystore-password
+quarkus.tls.key-store.${keystore.type.short}.alias = localhost
+quarkus.tls.key-store.${keystore.type.short}.alias-password = localhost-keystore-password
 # end::server-key-store[]
 
 # tag::quarkus-cxf-rt-ws-security.adoc-service[]
 # A service with encrypt-sign-policy.xml set
 quarkus.cxf.endpoint."/helloEncryptSign".implementor = io.quarkiverse.cxf.it.security.policy.EncryptSignPolicyHelloServiceImpl
 # can be jks or pkcs12 - set from Maven profiles in this test
 keystore.type = ${keystore.type}
+keystore.type.short = ${keystore.type.short}
 # Signature settings
 quarkus.cxf.endpoint."/helloEncryptSign".security.signature.username = bob
 quarkus.cxf.endpoint."/helloEncryptSign".security.signature.password = bob-keystore-password

diff --git a/integration-tests/mtls/pom.xml b/integration-tests/mtls/pom.xml
@@ -71,6 +71,7 @@
                 </property>
             </activation>
             <properties>
+                <keystore.type.short>p12</keystore.type.short>
                 <keystore.type>pkcs12</keystore.type>
             </properties>
             <build>
@@ -131,6 +132,7 @@
                 </property>
             </activation>
             <properties>
+                <keystore.type.short>jks</keystore.type.short>
                 <keystore.type>jks</keystore.type>
             </properties>
             <build>

diff --git a/integration-tests/mtls/src/main/resources/application.properties b/integration-tests/mtls/src/main/resources/application.properties
@@ -1,18 +1,23 @@
-# The store type can be pkcs12 or jks
+# The store type can be p12 or jks
 keystore.type = ${keystore.type}
+keystore.type.short = ${keystore.type.short}
 
 # tag::mtls[]
 # Server keystore for Simple TLS
-quarkus.http.ssl.certificate.key-store-file = localhost-keystore.${keystore.type}
-quarkus.http.ssl.certificate.key-store-password = localhost-keystore-password
-quarkus.http.ssl.certificate.key-store-key-alias = localhost
-quarkus.http.ssl.certificate.key-store-key-password = localhost-keystore-password
+quarkus.tls.localhost-${keystore.type}.key-store.${keystore.type.short}.path = localhost-keystore.${keystore.type}
+quarkus.tls.localhost-${keystore.type}.key-store.${keystore.type.short}.password = localhost-keystore-password
+quarkus.tls.localhost-${keystore.type}.key-store.${keystore.type.short}.alias = localhost
+quarkus.tls.localhost-${keystore.type}.key-store.${keystore.type.short}.alias-password = localhost-keystore-password
 # Server truststore for Mutual TLS
-quarkus.http.ssl.certificate.trust-store-file = localhost-truststore.${keystore.type}
-quarkus.http.ssl.certificate.trust-store-password = localhost-truststore-password
+quarkus.tls.localhost-${keystore.type}.trust-store.${keystore.type.short}.path = localhost-truststore.${keystore.type}
+quarkus.tls.localhost-${keystore.type}.trust-store.${keystore.type.short}.password = localhost-truststore-password
+#
+quarkus.http.tls-configuration-name=localhost-${keystore.type}
+
 # Do not allow any clients which do not prove their indentity through an SSL certificate
 quarkus.http.ssl.client-auth = required
 
+
 # CXF service
 quarkus.cxf.endpoint."/mTls".implementor = io.quarkiverse.cxf.it.auth.mtls.MTlsHelloServiceImpl
 

diff --git a/integration-tests/ws-security-policy/pom.xml b/integration-tests/ws-security-policy/pom.xml
@@ -116,6 +116,7 @@
                 </property>
             </activation>
             <properties>
+                <keystore.type.short>p12</keystore.type.short>
                 <keystore.type>pkcs12</keystore.type>
             </properties>
             <dependencies>
@@ -156,6 +157,7 @@
                 </property>
             </activation>
             <properties>
+                <keystore.type.short>jks</keystore.type.short>
                 <keystore.type>jks</keystore.type>
             </properties>
             <dependencies>

diff --git a/integration-tests/ws-security-policy/src/main/resources/application.properties b/integration-tests/ws-security-policy/src/main/resources/application.properties
@@ -3,17 +3,18 @@
 # Server side SSL
 # tag::server-key-store[]
 # <1>
-quarkus.http.ssl.certificate.key-store-file = localhost-keystore.${keystore.type}
-quarkus.http.ssl.certificate.key-store-password = localhost-keystore-password
-quarkus.http.ssl.certificate.key-store-key-alias = localhost
-quarkus.http.ssl.certificate.key-store-key-password = localhost-keystore-password
+quarkus.tls.key-store.${keystore.type.short}.path = localhost-keystore.${keystore.type}
+quarkus.tls.key-store.${keystore.type.short}.password = localhost-keystore-password
+quarkus.tls.key-store.${keystore.type.short}.alias = localhost
+quarkus.tls.key-store.${keystore.type.short}.alias-password = localhost-keystore-password
 # end::server-key-store[]
 
 # tag::quarkus-cxf-rt-ws-security.adoc-service[]
 # A service with encrypt-sign-policy.xml set
 quarkus.cxf.endpoint."/helloEncryptSign".implementor = io.quarkiverse.cxf.it.security.policy.EncryptSignPolicyHelloServiceImpl
 # can be jks or pkcs12 - set from Maven profiles in this test
 keystore.type = ${keystore.type}
+keystore.type.short = ${keystore.type.short}
 # Signature settings
 quarkus.cxf.endpoint."/helloEncryptSign".security.signature.username = bob
 quarkus.cxf.endpoint."/helloEncryptSign".security.signature.password = bob-keystore-password