Detect .truststore and .keystore files as JKS

Despite the declining usage of JKS (Java KeyStore) format, many Java guides and articles, such as https://tomcat.apache.org/tomcat-9.0-doc/ssl-howto.html (updated in 2024), still reference it extensively. Traditionally, JKS files are identified by three common extensions: .jks, .keystore, and .truststore.

This commit addresses the recent breaking change where JKS is no longer the default keystore/truststore format. It introduces automatic association of files with extensions .keystore and .truststore to JKS format (in addition to .jks). This approach mitigates potential disruptions for users using these conventions.

extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/options/TlsUtils.java

@@ -114,23 +114,38 @@ static String getTruststoreType(Path singleTrustStoreFile, Optional<String> user
  if (userType.isPresent()) {
  type = userType.get().toLowerCase();
  } else {
- type = getTypeFromFileName("truststore", singleTrustStoreFile);
+ type = getTruststoreTypeFromFileName(singleTrustStoreFile);
  }
  return type;
  }
 
- private static String getTypeFromFileName(String keystoreOrTruststore, Path path) {
+ private static String getKeystoreTypeFromFileName(Path path) {
  String name = path.getFileName().toString().toLowerCase();
  if (name.endsWith(".p12") || name.endsWith(".pkcs12") || name.endsWith(".pfx")) {
  return "pkcs12";
- } else if (name.endsWith(".jks")) {
+ } else if (name.endsWith(".jks") || name.endsWith(".keystore")) {
  return "jks";
  } else if (name.endsWith(".key") || name.endsWith(".crt") || name.endsWith(".pem")) {
  return "pem";
  } else {
- throw new IllegalArgumentException("Could not determine the " + keystoreOrTruststore
- + " type from the file name: " + path
- + ". Configure the `quarkus.http.ssl.certificate.[key-store|trust-store]-file-type` property.");
+ throw new IllegalArgumentException("Could not determine the keystore type from the file name: " + path
+ + ". Configure the `quarkus.http.ssl.certificate.key-store-file-type` property.");
+
+ }
+
+ }
+
+ private static String getTruststoreTypeFromFileName(Path path) {
+ String name = path.getFileName().toString().toLowerCase();
+ if (name.endsWith(".p12") || name.endsWith(".pkcs12") || name.endsWith(".pfx")) {
+ return "pkcs12";
+ } else if (name.endsWith(".jks") || name.endsWith(".truststore")) {
+ return "jks";
+ } else if (name.endsWith(".ca") || name.endsWith(".crt") || name.endsWith(".pem")) {
+ return "pem";
+ } else {
+ throw new IllegalArgumentException("Could not determine the truststore type from the file name: " + path
+ + ". Configure the `quarkus.http.ssl.certificate.trust-store-file-type` property.");
 
  }
 
@@ -154,7 +169,7 @@ static String getKeyStoreType(Path path, Optional<String> fileType) {
  if (fileType.isPresent()) {
  type = fileType.get().toLowerCase();
  } else {
- type = getTypeFromFileName("keystore", path);
+ type = getKeystoreTypeFromFileName(path);
  }
  return type;
  }

extensions/vertx-http/runtime/src/test/java/io/quarkus/vertx/http/runtime/options/TlsUtilsTest.java

@@ -17,7 +17,10 @@ class TlsUtilsTest {
  "server-keystore.jks, jKs, JKS",
  "server-keystore.jks, null, JKS",
  "server-keystore.jks, PKCS12, PKCS12",
- "server.keystore, null, null", // Failure expected
+ "server.foo, null, null", // Failure expected
+ "server.truststore, null, null", // Failure expected
+ "server, null, null", // Failure expected
+ "server.keystore, null, JKS",
  "server-keystore.p12, PKCS12, PKCS12",
  "server-keystore.p12, pKCs12, PKCS12",
  "server-keystore.p12, null, PKCS12",
@@ -29,14 +32,15 @@ class TlsUtilsTest {
  "server.keystore.pem, null, PEM",
  "server.keystore.key, JKS, JKS",
  "server.keystore.pom, PeM, PEM",
+ "server.keystore.ca, null, null", // .ca is a truststore file
  })
  void testKeyStoreTypeDetection(String file, String userType, String expectedType) {
  Path path = new File("target/certs/" + file).toPath();
  Optional<String> type = Optional.ofNullable(userType.equals("null") ? null : userType);
  if (expectedType.equals("null")) {
  String message = assertThrows(IllegalArgumentException.class, () -> TlsUtils.getKeyStoreType(path, type))
  .getMessage();
- assertTrue(message.contains("keystore"));
+ assertTrue(message.contains("keystore") && message.contains("key-store-file-type"));
  } else {
  assertEquals(expectedType.toLowerCase(), TlsUtils.getKeyStoreType(path, type));
  }
@@ -48,26 +52,30 @@ void testKeyStoreTypeDetection(String file, String userType, String expectedType
  "server-truststore.jks, jKs, JKS",
  "server-truststore.jks, null, JKS",
  "server-truststore.jks, PKCS12, PKCS12",
- "server.truststore, null, null", // Failure expected
+ "server.foo, null, null", // Failure expected
+ "server.keystore, null, null", // Failure expected
+ "server, null, null", // Failure expected
+ "server.truststore, null, JKS",
  "server-truststore.p12, PKCS12, PKCS12",
  "server-truststore.p12, pKCs12, PKCS12",
  "server-truststore.p12, null, PKCS12",
  "server-truststore.pfx, null, PKCS12",
  "server-truststore.pkcs12, null, PKCS12",
  "server-truststore.pkcs12, JKS, JKS",
- "server.truststore.key, null, PEM",
  "server.truststore.crt, null, PEM",
  "server.truststore.pem, null, PEM",
  "server.truststore.key, JKS, JKS",
  "server.truststore.pom, PeM, PEM",
+ "server.keystore.ca, null, PEM",
+ "server.keystore.key, null, null", // .key is a key file
  })
  void testTrustStoreTypeDetection(String file, String userType, String expectedType) {
  Path path = new File("target/certs/" + file).toPath();
  Optional<String> type = Optional.ofNullable(userType.equals("null") ? null : userType);
  if (expectedType.equals("null")) {
  String message = assertThrows(IllegalArgumentException.class, () -> TlsUtils.getTruststoreType(path, type))
  .getMessage();
- assertTrue(message.contains("truststore"));
+ assertTrue(message.contains("truststore") && message.contains("trust-store-file-type"));
  } else {
  assertEquals(expectedType.toLowerCase(), TlsUtils.getTruststoreType(path, type));
  }