TLS Registry support quarkiverse#1486

ppalaga · Sep 19, 2024 · 195654b · 195654b
1 parent 1daf674
commit 195654b
Show file tree

Hide file tree

Showing 8 changed files with 71 additions and 392 deletions.
diff --git a/bom-test/pom.xml b/bom-test/pom.xml
@@ -51,6 +51,12 @@
                 <type>exe</type>
                 <version>${quarkus-cxf.version}</version>
             </dependency>
+            <dependency>
+                <groupId>io.smallrye.certs</groupId>
+                <artifactId>smallrye-certificate-generator-junit5</artifactId>
+                <version>${smallrye-certificate-generator.version}</version>
+                <scope>test</scope>
+            </dependency>
             <dependency>
                 <groupId>org.apache.cxf</groupId>
                 <artifactId>cxf-rt-transports-http-netty-server</artifactId>

diff --git a/docs/modules/ROOT/examples/mtls/application.properties b/docs/modules/ROOT/examples/mtls/application.properties
@@ -1,15 +1,16 @@
 # pkcs12 and p12 are replaced by maven-resource-plugin filtering based on Maven profile
 keystore.type = pkcs12
+keystore.type.short = p12
 
 # tag::mtls[]
 # Server keystore for Simple TLS
-quarkus.tls.localhost-pkcs12.key-store.p12.path = localhost-keystore.pkcs12
-quarkus.tls.localhost-pkcs12.key-store.p12.password = localhost-keystore-password
+quarkus.tls.localhost-pkcs12.key-store.p12.path = localhost-keystore.p12
+quarkus.tls.localhost-pkcs12.key-store.p12.password = secret
 quarkus.tls.localhost-pkcs12.key-store.p12.alias = localhost
-quarkus.tls.localhost-pkcs12.key-store.p12.alias-password = localhost-keystore-password
+quarkus.tls.localhost-pkcs12.key-store.p12.alias-password = secret
 # Server truststore for Mutual TLS
-quarkus.tls.localhost-pkcs12.trust-store.p12.path = localhost-truststore.pkcs12
-quarkus.tls.localhost-pkcs12.trust-store.p12.password = localhost-truststore-password
+quarkus.tls.localhost-pkcs12.trust-store.p12.path = localhost-server-truststore.p12
+quarkus.tls.localhost-pkcs12.trust-store.p12.password = secret
 # Select localhost-pkcs12 as the TLS configuration for the HTTP server
 quarkus.http.tls-configuration-name = localhost-pkcs12
 
@@ -25,12 +26,12 @@ quarkus.cxf.client.mTls.service-interface = io.quarkiverse.cxf.it.security.polic
 # Set client-pkcs12 as the TLS configuration for the this client
 quarkus.cxf.client.mTls.tls-configuration-name = client-pkcs12
 # Named TLS configuration for the client
-quarkus.tls.client-pkcs12.key-store.p12.path = target/classes/client-keystore.pkcs12
-quarkus.tls.client-pkcs12.key-store.p12.password = client-keystore-password
+quarkus.tls.client-pkcs12.key-store.p12.path = target/classes/localhost-client-keystore.p12
+quarkus.tls.client-pkcs12.key-store.p12.password = secret
 quarkus.tls.client-pkcs12.key-store.p12.alias = client
-quarkus.tls.client-pkcs12.key-store.p12.alias-password = client-keystore-password
-quarkus.tls.client-pkcs12.trust-store.p12.path = target/classes/client-truststore.pkcs12
-quarkus.tls.client-pkcs12.trust-store.p12.password = client-truststore-password
+quarkus.tls.client-pkcs12.key-store.p12.alias-password = secret
+quarkus.tls.client-pkcs12.trust-store.p12.path = target/classes/localhost-truststore.p12
+quarkus.tls.client-pkcs12.trust-store.p12.password = secret
 
 # Include the keystores in the native executable
 quarkus.native.resources.includes = *.pkcs12,*.jks
@@ -39,18 +40,18 @@ quarkus.native.resources.includes = *.pkcs12,*.jks
 # CXF client configured for mTLS in the old way
 quarkus.cxf.client.mTlsOld.client-endpoint-url = https://localhost:${quarkus.http.test-ssl-port}/services/mTls
 quarkus.cxf.client.mTlsOld.service-interface = io.quarkiverse.cxf.it.security.policy.HelloService
-quarkus.cxf.client.mTlsOld.key-store = target/classes/client-keystore.pkcs12
+quarkus.cxf.client.mTlsOld.key-store = target/classes/localhost-client-keystore.p12
 quarkus.cxf.client.mTlsOld.key-store-type = pkcs12
-quarkus.cxf.client.mTlsOld.key-store-password = client-keystore-password
-quarkus.cxf.client.mTlsOld.key-password = client-keystore-password
-quarkus.cxf.client.mTlsOld.trust-store = target/classes/client-truststore.pkcs12
+quarkus.cxf.client.mTlsOld.key-store-password = secret
+quarkus.cxf.client.mTlsOld.key-password = secret
+quarkus.cxf.client.mTlsOld.trust-store = target/classes/localhost-truststore.p12
 quarkus.cxf.client.mTlsOld.trust-store-type = pkcs12
-quarkus.cxf.client.mTlsOld.trust-store-password = client-truststore-password
+quarkus.cxf.client.mTlsOld.trust-store-password = secret
 
 
 # CXF client without keystore (to test the failing case)
 quarkus.cxf.client.noKeystore.client-endpoint-url = https://localhost:${quarkus.http.test-ssl-port}/services/mTls
 quarkus.cxf.client.noKeystore.service-interface = io.quarkiverse.cxf.it.security.policy.HelloService
-quarkus.cxf.client.noKeystore.trust-store = client-truststore.pkcs12
+quarkus.cxf.client.noKeystore.trust-store = localhost-truststore.p12
 quarkus.cxf.client.noKeystore.trust-store-type = pkcs12
-quarkus.cxf.client.noKeystore.trust-store-password = client-truststore-password
+quarkus.cxf.client.noKeystore.trust-store-password = secret
diff --git a/integration-tests/mtls/generate-certs.sh b/integration-tests/mtls/generate-certs.sh