Migrate to newer Quarkus TLS configuration parameters

ppalaga · Sep 19, 2024 · 7665ed6 · 7665ed6
1 parent 9d85993
commit 7665ed6
Show file tree

Hide file tree

Showing 6 changed files with 107 additions and 99 deletions.
diff --git a/docs/modules/ROOT/examples/mtls/application.properties b/docs/modules/ROOT/examples/mtls/application.properties
@@ -1,15 +1,18 @@
-# The store type can be pkcs12 or jks
-keystore.type = ${keystore.type}
+# pkcs12 and p12 are replaced by maven-resource-plugin filtering based on Maven profile
+keystore.type = pkcs12
 
 # tag::mtls[]
 # Server keystore for Simple TLS
-quarkus.http.ssl.certificate.key-store-file = localhost-keystore.${keystore.type}
-quarkus.http.ssl.certificate.key-store-password = localhost-keystore-password
-quarkus.http.ssl.certificate.key-store-key-alias = localhost
-quarkus.http.ssl.certificate.key-store-key-password = localhost-keystore-password
+quarkus.tls.localhost-pkcs12.key-store.p12.path = localhost-keystore.pkcs12
+quarkus.tls.localhost-pkcs12.key-store.p12.password = localhost-keystore-password
+quarkus.tls.localhost-pkcs12.key-store.p12.alias = localhost
+quarkus.tls.localhost-pkcs12.key-store.p12.alias-password = localhost-keystore-password
 # Server truststore for Mutual TLS
-quarkus.http.ssl.certificate.trust-store-file = localhost-truststore.${keystore.type}
-quarkus.http.ssl.certificate.trust-store-password = localhost-truststore-password
+quarkus.tls.localhost-pkcs12.trust-store.p12.path = localhost-truststore.pkcs12
+quarkus.tls.localhost-pkcs12.trust-store.p12.password = localhost-truststore-password
+# Select localhost-pkcs12 as the TLS configuration for the HTTP server
+quarkus.http.tls-configuration-name = localhost-pkcs12
+
 # Do not allow any clients which do not prove their indentity through an SSL certificate
 quarkus.http.ssl.client-auth = required
 
@@ -19,12 +22,12 @@ quarkus.cxf.endpoint."/mTls".implementor = io.quarkiverse.cxf.it.auth.mtls.MTlsH
 # CXF client with a properly set certificate for mTLS
 quarkus.cxf.client.mTls.client-endpoint-url = https://localhost:${quarkus.http.test-ssl-port}/services/mTls
 quarkus.cxf.client.mTls.service-interface = io.quarkiverse.cxf.it.security.policy.HelloService
-quarkus.cxf.client.mTls.key-store = target/classes/client-keystore.${keystore.type}
-quarkus.cxf.client.mTls.key-store-type = ${keystore.type}
+quarkus.cxf.client.mTls.key-store = target/classes/client-keystore.pkcs12
+quarkus.cxf.client.mTls.key-store-type = pkcs12
 quarkus.cxf.client.mTls.key-store-password = client-keystore-password
 quarkus.cxf.client.mTls.key-password = client-keystore-password
-quarkus.cxf.client.mTls.trust-store = target/classes/client-truststore.${keystore.type}
-quarkus.cxf.client.mTls.trust-store-type = ${keystore.type}
+quarkus.cxf.client.mTls.trust-store = target/classes/client-truststore.pkcs12
+quarkus.cxf.client.mTls.trust-store-type = pkcs12
 quarkus.cxf.client.mTls.trust-store-password = client-truststore-password
 
 # Include the keystores in the native executable
@@ -34,6 +37,6 @@ quarkus.native.resources.includes = *.pkcs12,*.jks
 # CXF client without keystore (to test the failing case)
 quarkus.cxf.client.noKeystore.client-endpoint-url = https://localhost:${quarkus.http.test-ssl-port}/services/mTls
 quarkus.cxf.client.noKeystore.service-interface = io.quarkiverse.cxf.it.security.policy.HelloService
-quarkus.cxf.client.noKeystore.trust-store = client-truststore.${keystore.type}
-quarkus.cxf.client.noKeystore.trust-store-type = ${keystore.type}
+quarkus.cxf.client.noKeystore.trust-store = client-truststore.pkcs12
+quarkus.cxf.client.noKeystore.trust-store-type = pkcs12
 quarkus.cxf.client.noKeystore.trust-store-password = client-truststore-password