From 7665ed696548260e41f6d1d74e2f11298ebc1484 Mon Sep 17 00:00:00 2001
From: Peter Palaga <ppalaga@redhat.com>
Date: Thu, 19 Sep 2024 00:19:39 +0200
Subject: [PATCH] Migrate to newer Quarkus TLS configuration parameters

---
 .../ROOT/examples/mtls/application.properties | 31 ++++----
 .../ws-security-policy/application.properties | 69 +++++++++---------
 integration-tests/mtls/pom.xml                |  4 +-
 .../src/main/resources/application.properties | 17 +++--
 integration-tests/ws-security-policy/pom.xml  | 72 ++++++++++---------
 .../src/main/resources/application.properties | 13 ++--
 6 files changed, 107 insertions(+), 99 deletions(-)

diff --git a/docs/modules/ROOT/examples/mtls/application.properties b/docs/modules/ROOT/examples/mtls/application.properties
index cc5791c63..23a0b6757 100644
--- a/docs/modules/ROOT/examples/mtls/application.properties
+++ b/docs/modules/ROOT/examples/mtls/application.properties
@@ -1,15 +1,18 @@
-# The store type can be pkcs12 or jks
-keystore.type = ${keystore.type}
+# pkcs12 and p12 are replaced by maven-resource-plugin filtering based on Maven profile
+keystore.type = pkcs12
 
 # tag::mtls[]
 # Server keystore for Simple TLS
-quarkus.http.ssl.certificate.key-store-file = localhost-keystore.${keystore.type}
-quarkus.http.ssl.certificate.key-store-password = localhost-keystore-password
-quarkus.http.ssl.certificate.key-store-key-alias = localhost
-quarkus.http.ssl.certificate.key-store-key-password = localhost-keystore-password
+quarkus.tls.localhost-pkcs12.key-store.p12.path = localhost-keystore.pkcs12
+quarkus.tls.localhost-pkcs12.key-store.p12.password = localhost-keystore-password
+quarkus.tls.localhost-pkcs12.key-store.p12.alias = localhost
+quarkus.tls.localhost-pkcs12.key-store.p12.alias-password = localhost-keystore-password
 # Server truststore for Mutual TLS
-quarkus.http.ssl.certificate.trust-store-file = localhost-truststore.${keystore.type}
-quarkus.http.ssl.certificate.trust-store-password = localhost-truststore-password
+quarkus.tls.localhost-pkcs12.trust-store.p12.path = localhost-truststore.pkcs12
+quarkus.tls.localhost-pkcs12.trust-store.p12.password = localhost-truststore-password
+# Select localhost-pkcs12 as the TLS configuration for the HTTP server
+quarkus.http.tls-configuration-name = localhost-pkcs12
+
 # Do not allow any clients which do not prove their indentity through an SSL certificate
 quarkus.http.ssl.client-auth = required
 
@@ -19,12 +22,12 @@ quarkus.cxf.endpoint."/mTls".implementor = io.quarkiverse.cxf.it.auth.mtls.MTlsH
 # CXF client with a properly set certificate for mTLS
 quarkus.cxf.client.mTls.client-endpoint-url = https://localhost:${quarkus.http.test-ssl-port}/services/mTls
 quarkus.cxf.client.mTls.service-interface = io.quarkiverse.cxf.it.security.policy.HelloService
-quarkus.cxf.client.mTls.key-store = target/classes/client-keystore.${keystore.type}
-quarkus.cxf.client.mTls.key-store-type = ${keystore.type}
+quarkus.cxf.client.mTls.key-store = target/classes/client-keystore.pkcs12
+quarkus.cxf.client.mTls.key-store-type = pkcs12
 quarkus.cxf.client.mTls.key-store-password = client-keystore-password
 quarkus.cxf.client.mTls.key-password = client-keystore-password
-quarkus.cxf.client.mTls.trust-store = target/classes/client-truststore.${keystore.type}
-quarkus.cxf.client.mTls.trust-store-type = ${keystore.type}
+quarkus.cxf.client.mTls.trust-store = target/classes/client-truststore.pkcs12
+quarkus.cxf.client.mTls.trust-store-type = pkcs12
 quarkus.cxf.client.mTls.trust-store-password = client-truststore-password
 
 # Include the keystores in the native executable
@@ -34,6 +37,6 @@ quarkus.native.resources.includes = *.pkcs12,*.jks
 # CXF client without keystore (to test the failing case)
 quarkus.cxf.client.noKeystore.client-endpoint-url = https://localhost:${quarkus.http.test-ssl-port}/services/mTls
 quarkus.cxf.client.noKeystore.service-interface = io.quarkiverse.cxf.it.security.policy.HelloService
-quarkus.cxf.client.noKeystore.trust-store = client-truststore.${keystore.type}
-quarkus.cxf.client.noKeystore.trust-store-type = ${keystore.type}
+quarkus.cxf.client.noKeystore.trust-store = client-truststore.pkcs12
+quarkus.cxf.client.noKeystore.trust-store-type = pkcs12
 quarkus.cxf.client.noKeystore.trust-store-password = client-truststore-password
diff --git a/docs/modules/ROOT/examples/ws-security-policy/application.properties b/docs/modules/ROOT/examples/ws-security-policy/application.properties
index 269073b24..4e706f345 100644
--- a/docs/modules/ROOT/examples/ws-security-policy/application.properties
+++ b/docs/modules/ROOT/examples/ws-security-policy/application.properties
@@ -1,34 +1,33 @@
-
+# pkcs12 and p12 are replaced by maven-resource-plugin filtering
+keystore.type = pkcs12
 
 # Server side SSL
 # tag::server-key-store[]
 # <1>
-quarkus.http.ssl.certificate.key-store-file = localhost-keystore.${keystore.type}
-quarkus.http.ssl.certificate.key-store-password = localhost-keystore-password
-quarkus.http.ssl.certificate.key-store-key-alias = localhost
-quarkus.http.ssl.certificate.key-store-key-password = localhost-keystore-password
+quarkus.tls.key-store.p12.path = localhost-keystore.pkcs12
+quarkus.tls.key-store.p12.password = localhost-keystore-password
+quarkus.tls.key-store.p12.alias = localhost
+quarkus.tls.key-store.p12.alias-password = localhost-keystore-password
 # end::server-key-store[]
 
 # tag::quarkus-cxf-rt-ws-security.adoc-service[]
 # A service with encrypt-sign-policy.xml set
 quarkus.cxf.endpoint."/helloEncryptSign".implementor = io.quarkiverse.cxf.it.security.policy.EncryptSignPolicyHelloServiceImpl
-# can be jks or pkcs12 - set from Maven profiles in this test
-keystore.type = ${keystore.type}
 # Signature settings
 quarkus.cxf.endpoint."/helloEncryptSign".security.signature.username = bob
 quarkus.cxf.endpoint."/helloEncryptSign".security.signature.password = bob-keystore-password
 quarkus.cxf.endpoint."/helloEncryptSign".security.signature.properties."org.apache.ws.security.crypto.provider" = org.apache.ws.security.components.crypto.Merlin
-quarkus.cxf.endpoint."/helloEncryptSign".security.signature.properties."org.apache.ws.security.crypto.merlin.keystore.type" = ${keystore.type}
+quarkus.cxf.endpoint."/helloEncryptSign".security.signature.properties."org.apache.ws.security.crypto.merlin.keystore.type" = pkcs12
 quarkus.cxf.endpoint."/helloEncryptSign".security.signature.properties."org.apache.ws.security.crypto.merlin.keystore.password" = bob-keystore-password
 quarkus.cxf.endpoint."/helloEncryptSign".security.signature.properties."org.apache.ws.security.crypto.merlin.keystore.alias" = bob
-quarkus.cxf.endpoint."/helloEncryptSign".security.signature.properties."org.apache.ws.security.crypto.merlin.file" = bob-keystore.${keystore.type}
+quarkus.cxf.endpoint."/helloEncryptSign".security.signature.properties."org.apache.ws.security.crypto.merlin.file" = bob-keystore.pkcs12
 # Encryption settings
 quarkus.cxf.endpoint."/helloEncryptSign".security.encryption.username = alice
 quarkus.cxf.endpoint."/helloEncryptSign".security.encryption.properties."org.apache.ws.security.crypto.provider" = org.apache.ws.security.components.crypto.Merlin
-quarkus.cxf.endpoint."/helloEncryptSign".security.encryption.properties."org.apache.ws.security.crypto.merlin.keystore.type" = ${keystore.type}
+quarkus.cxf.endpoint."/helloEncryptSign".security.encryption.properties."org.apache.ws.security.crypto.merlin.keystore.type" = pkcs12
 quarkus.cxf.endpoint."/helloEncryptSign".security.encryption.properties."org.apache.ws.security.crypto.merlin.keystore.password" = bob-keystore-password
 quarkus.cxf.endpoint."/helloEncryptSign".security.encryption.properties."org.apache.ws.security.crypto.merlin.keystore.alias" = bob
-quarkus.cxf.endpoint."/helloEncryptSign".security.encryption.properties."org.apache.ws.security.crypto.merlin.file" = bob-keystore.${keystore.type}
+quarkus.cxf.endpoint."/helloEncryptSign".security.encryption.properties."org.apache.ws.security.crypto.merlin.file" = bob-keystore.pkcs12
 # end::quarkus-cxf-rt-ws-security.adoc-service[]
 
 # This is only to be able to assert some specific error messages in tests
@@ -41,7 +40,7 @@ quarkus.cxf.client.helloEncryptSign.client-endpoint-url = https://localhost:${qu
 quarkus.cxf.client.helloEncryptSign.service-interface = io.quarkiverse.cxf.it.security.policy.EncryptSignPolicyHelloService
 quarkus.cxf.client.helloEncryptSign.features = #messageCollector
 # The client-endpoint-url above is HTTPS, so we have to setup the server's SSL certificates
-quarkus.cxf.client.helloEncryptSign.trust-store = client-truststore.${keystore.type}
+quarkus.cxf.client.helloEncryptSign.trust-store = client-truststore.pkcs12
 quarkus.cxf.client.helloEncryptSign.trust-store-password = client-truststore-password
 # Signature settings
 quarkus.cxf.client.helloEncryptSign.security.signature.username = alice
@@ -50,14 +49,14 @@ quarkus.cxf.client.helloEncryptSign.security.signature.properties."org.apache.ws
 quarkus.cxf.client.helloEncryptSign.security.signature.properties."org.apache.ws.security.crypto.merlin.keystore.type" = pkcs12
 quarkus.cxf.client.helloEncryptSign.security.signature.properties."org.apache.ws.security.crypto.merlin.keystore.password" = alice-keystore-password
 quarkus.cxf.client.helloEncryptSign.security.signature.properties."org.apache.ws.security.crypto.merlin.keystore.alias" = alice
-quarkus.cxf.client.helloEncryptSign.security.signature.properties."org.apache.ws.security.crypto.merlin.file" = alice-keystore.${keystore.type}
+quarkus.cxf.client.helloEncryptSign.security.signature.properties."org.apache.ws.security.crypto.merlin.file" = alice-keystore.pkcs12
 # Encryption settings
 quarkus.cxf.client.helloEncryptSign.security.encryption.username = bob
 quarkus.cxf.client.helloEncryptSign.security.encryption.properties."org.apache.ws.security.crypto.provider" = org.apache.ws.security.components.crypto.Merlin
 quarkus.cxf.client.helloEncryptSign.security.encryption.properties."org.apache.ws.security.crypto.merlin.keystore.type" = pkcs12
 quarkus.cxf.client.helloEncryptSign.security.encryption.properties."org.apache.ws.security.crypto.merlin.keystore.password" = alice-keystore-password
 quarkus.cxf.client.helloEncryptSign.security.encryption.properties."org.apache.ws.security.crypto.merlin.keystore.alias" = alice
-quarkus.cxf.client.helloEncryptSign.security.encryption.properties."org.apache.ws.security.crypto.merlin.file" = alice-keystore.${keystore.type}
+quarkus.cxf.client.helloEncryptSign.security.encryption.properties."org.apache.ws.security.crypto.merlin.file" = alice-keystore.pkcs12
 # end::quarkus-cxf-rt-ws-security.adoc-client[]
 
 quarkus.native.resources.includes = *.xml,*.pkcs12
@@ -97,7 +96,7 @@ quarkus.cxf.endpoint."/helloEncryptSignCrypto".security.encryption.crypto = #bob
 quarkus.cxf.client.helloEncryptSignCrypto.client-endpoint-url = https://localhost:${quarkus.http.test-ssl-port}/services/helloEncryptSignCrypto
 quarkus.cxf.client.helloEncryptSignCrypto.service-interface = io.quarkiverse.cxf.it.security.policy.EncryptSignPolicyHelloService
 quarkus.cxf.client.helloEncryptSignCrypto.features = #messageCollector
-quarkus.cxf.client.helloEncryptSignCrypto.trust-store = client-truststore.${keystore.type}
+quarkus.cxf.client.helloEncryptSignCrypto.trust-store = client-truststore.pkcs12
 quarkus.cxf.client.helloEncryptSignCrypto.trust-store-password = client-truststore-password
 quarkus.cxf.client.helloEncryptSignCrypto.security.signature.username = alice
 quarkus.cxf.client.helloEncryptSignCrypto.security.signature.password = alice-keystore-password
@@ -114,7 +113,7 @@ quarkus.cxf.endpoint."/helloSaml1".security.signature.properties."org.apache.ws.
 quarkus.cxf.endpoint."/helloSaml1".security.signature.properties."org.apache.ws.security.crypto.merlin.keystore.type" = pkcs12
 quarkus.cxf.endpoint."/helloSaml1".security.signature.properties."org.apache.ws.security.crypto.merlin.keystore.password" = bob-keystore-password
 quarkus.cxf.endpoint."/helloSaml1".security.signature.properties."org.apache.ws.security.crypto.merlin.keystore.alias" = bob
-quarkus.cxf.endpoint."/helloSaml1".security.signature.properties."org.apache.ws.security.crypto.merlin.file" = bob-keystore.${keystore.type}
+quarkus.cxf.endpoint."/helloSaml1".security.signature.properties."org.apache.ws.security.crypto.merlin.file" = bob-keystore.pkcs12
 quarkus.cxf.endpoint."/helloSaml1".security.saml-callback-handler = #saml1CallbackHandler
 
 
@@ -126,55 +125,55 @@ quarkus.cxf.endpoint."/helloSaml2".security.signature.properties."org.apache.ws.
 quarkus.cxf.endpoint."/helloSaml2".security.signature.properties."org.apache.ws.security.crypto.merlin.keystore.type" = pkcs12
 quarkus.cxf.endpoint."/helloSaml2".security.signature.properties."org.apache.ws.security.crypto.merlin.keystore.password" = bob-keystore-password
 quarkus.cxf.endpoint."/helloSaml2".security.signature.properties."org.apache.ws.security.crypto.merlin.keystore.alias" = bob
-quarkus.cxf.endpoint."/helloSaml2".security.signature.properties."org.apache.ws.security.crypto.merlin.file" = bob-keystore.${keystore.type}
+quarkus.cxf.endpoint."/helloSaml2".security.signature.properties."org.apache.ws.security.crypto.merlin.file" = bob-keystore.pkcs12
 quarkus.cxf.endpoint."/helloSaml2".security.saml-callback-handler = #saml2CallbackHandler
 # Clients
 # tag::client-trust-store[]
 quarkus.cxf.client.hello.client-endpoint-url = https://localhost:${quarkus.http.test-ssl-port}/services/hello
 quarkus.cxf.client.hello.service-interface = io.quarkiverse.cxf.it.security.policy.HelloService
-quarkus.cxf.client.hello.trust-store-type = ${keystore.type}
+quarkus.cxf.client.hello.trust-store-type = pkcs12
 # <2>
-quarkus.cxf.client.hello.trust-store = client-truststore.${keystore.type}
+quarkus.cxf.client.hello.trust-store = client-truststore.pkcs12
 quarkus.cxf.client.hello.trust-store-password = client-truststore-password
 # end::client-trust-store[]
 
 quarkus.cxf.client.helloAllowAll.client-endpoint-url = https://127.0.0.1:${quarkus.http.test-ssl-port}/services/hello
 quarkus.cxf.client.helloAllowAll.service-interface = io.quarkiverse.cxf.it.security.policy.HelloService
-quarkus.cxf.client.helloAllowAll.trust-store = client-truststore.${keystore.type}
+quarkus.cxf.client.helloAllowAll.trust-store = client-truststore.pkcs12
 quarkus.cxf.client.helloAllowAll.trust-store-password = client-truststore-password
 quarkus.cxf.client.helloAllowAll.hostname-verifier = AllowAllHostnameVerifier
 
 quarkus.cxf.client.helloCustomHostnameVerifier.client-endpoint-url = https://127.0.0.1:${quarkus.http.test-ssl-port}/services/hello
 quarkus.cxf.client.helloCustomHostnameVerifier.service-interface = io.quarkiverse.cxf.it.security.policy.HelloService
-quarkus.cxf.client.helloCustomHostnameVerifier.trust-store = client-truststore.${keystore.type}
+quarkus.cxf.client.helloCustomHostnameVerifier.trust-store = client-truststore.pkcs12
 quarkus.cxf.client.helloCustomHostnameVerifier.trust-store-password = client-truststore-password
 quarkus.cxf.client.helloCustomHostnameVerifier.hostname-verifier = io.quarkiverse.cxf.it.security.policy.NoopHostnameVerifier
 
 quarkus.cxf.client.helloIp.client-endpoint-url = https://127.0.0.1:${quarkus.http.test-ssl-port}/services/hello
 quarkus.cxf.client.helloIp.service-interface = io.quarkiverse.cxf.it.security.policy.HelloService
-quarkus.cxf.client.helloIp.trust-store = client-truststore.${keystore.type}
+quarkus.cxf.client.helloIp.trust-store = client-truststore.pkcs12
 quarkus.cxf.client.helloIp.trust-store-password = client-truststore-password
 
 quarkus.cxf.client.helloHttps.client-endpoint-url = https://localhost:${quarkus.http.test-ssl-port}/services/helloHttps
 quarkus.cxf.client.helloHttps.service-interface = io.quarkiverse.cxf.it.security.policy.HttpsPolicyHelloService
-quarkus.cxf.client.helloHttps.trust-store = client-truststore.${keystore.type}
+quarkus.cxf.client.helloHttps.trust-store = client-truststore.pkcs12
 quarkus.cxf.client.helloHttps.trust-store-password = client-truststore-password
 quarkus.cxf.client.helloHttps.features = #messageCollector
 
 quarkus.cxf.client.helloHttpsPkcs12.client-endpoint-url = https://localhost:${quarkus.http.test-ssl-port}/services/helloHttps
 quarkus.cxf.client.helloHttpsPkcs12.service-interface = io.quarkiverse.cxf.it.security.policy.HttpsPolicyHelloService
-quarkus.cxf.client.helloHttpsPkcs12.trust-store = client-truststore.${keystore.type}
+quarkus.cxf.client.helloHttpsPkcs12.trust-store = client-truststore.pkcs12
 quarkus.cxf.client.helloHttpsPkcs12.trust-store-type = PKCS12
 quarkus.cxf.client.helloHttpsPkcs12.trust-store-password = client-truststore-password
 
 quarkus.cxf.client.helloHttp.client-endpoint-url = http://localhost:${quarkus.http.test-port}/services/helloHttps
 quarkus.cxf.client.helloHttp.service-interface = io.quarkiverse.cxf.it.security.policy.HelloService
-quarkus.cxf.client.helloHttp.trust-store = client-truststore.${keystore.type}
+quarkus.cxf.client.helloHttp.trust-store = client-truststore.pkcs12
 quarkus.cxf.client.helloHttp.trust-store-password = client-truststore-password
 
 quarkus.cxf.client.helloUsernameToken.client-endpoint-url = https://localhost:${quarkus.http.test-ssl-port}/services/helloUsernameToken
 quarkus.cxf.client.helloUsernameToken.service-interface = io.quarkiverse.cxf.it.security.policy.UsernameTokenPolicyHelloService
-quarkus.cxf.client.helloUsernameToken.trust-store = client-truststore.${keystore.type}
+quarkus.cxf.client.helloUsernameToken.trust-store = client-truststore.pkcs12
 quarkus.cxf.client.helloUsernameToken.trust-store-password = client-truststore-password
 quarkus.cxf.client.helloUsernameToken.security.username = ${wss.user}
 quarkus.cxf.client.helloUsernameToken.security.callback-handler = #usernameTokenPasswordCallback
@@ -182,7 +181,7 @@ quarkus.cxf.client.helloUsernameToken.features = #messageCollector
 
 quarkus.cxf.client.helloUsernameTokenAlt.client-endpoint-url = https://localhost:${quarkus.http.test-ssl-port}/services/helloUsernameTokenAlt
 quarkus.cxf.client.helloUsernameTokenAlt.service-interface = io.quarkiverse.cxf.it.security.policy.UsernameTokenPolicyHelloService
-quarkus.cxf.client.helloUsernameTokenAlt.trust-store = client-truststore.${keystore.type}
+quarkus.cxf.client.helloUsernameTokenAlt.trust-store = client-truststore.pkcs12
 quarkus.cxf.client.helloUsernameTokenAlt.trust-store-password = client-truststore-password
 quarkus.cxf.client.helloUsernameTokenAlt.security.username = ${wss.user}
 quarkus.cxf.client.helloUsernameTokenAlt.security.password = ${wss.password}
@@ -190,7 +189,7 @@ quarkus.cxf.client.helloUsernameTokenAlt.features = #messageCollector
 
 quarkus.cxf.client.helloUsernameTokenNoMustUnderstand.client-endpoint-url = https://localhost:${quarkus.http.test-ssl-port}/services/helloUsernameToken
 quarkus.cxf.client.helloUsernameTokenNoMustUnderstand.service-interface = io.quarkiverse.cxf.it.security.policy.UsernameTokenPolicyHelloService
-quarkus.cxf.client.helloUsernameTokenNoMustUnderstand.trust-store = client-truststore.${keystore.type}
+quarkus.cxf.client.helloUsernameTokenNoMustUnderstand.trust-store = client-truststore.pkcs12
 quarkus.cxf.client.helloUsernameTokenNoMustUnderstand.trust-store-password = client-truststore-password
 quarkus.cxf.client.helloUsernameTokenNoMustUnderstand.security.username = ${wss.user}
 quarkus.cxf.client.helloUsernameTokenNoMustUnderstand.security.callback-handler = #usernameTokenPasswordCallback
@@ -200,14 +199,14 @@ quarkus.cxf.client.helloUsernameTokenNoMustUnderstand.features = #messageCollect
 # HelloService has no policy configured
 quarkus.cxf.client.helloNoUsernameToken.client-endpoint-url = https://localhost:${quarkus.http.test-ssl-port}/services/helloUsernameToken
 quarkus.cxf.client.helloNoUsernameToken.service-interface = io.quarkiverse.cxf.it.security.policy.HelloService
-quarkus.cxf.client.helloNoUsernameToken.trust-store = client-truststore.${keystore.type}
+quarkus.cxf.client.helloNoUsernameToken.trust-store = client-truststore.pkcs12
 quarkus.cxf.client.helloNoUsernameToken.trust-store-password = client-truststore-password
 quarkus.cxf.client.helloNoUsernameToken.security.username = ${wss.user}
 quarkus.cxf.client.helloNoUsernameToken.security.password = ${wss.password}
 
 quarkus.cxf.client.helloSaml1.service-interface = io.quarkiverse.cxf.it.security.policy.Saml1PolicyHelloService
 quarkus.cxf.client.helloSaml1.client-endpoint-url = https://localhost:${quarkus.http.test-ssl-port}/services/helloSaml1
-quarkus.cxf.client.helloSaml1.trust-store = client-truststore.${keystore.type}
+quarkus.cxf.client.helloSaml1.trust-store = client-truststore.pkcs12
 quarkus.cxf.client.helloSaml1.trust-store-password = client-truststore-password
 quarkus.cxf.client.helloSaml1.features = #messageCollector
 quarkus.cxf.client.helloSaml1.security.signature.username = alice
@@ -217,7 +216,7 @@ quarkus.cxf.client.helloSaml1.security.saml-callback-handler = #saml1CallbackHan
 
 quarkus.cxf.client.helloSaml2.client-endpoint-url = https://localhost:${quarkus.http.test-ssl-port}/services/helloSaml2
 quarkus.cxf.client.helloSaml2.service-interface = io.quarkiverse.cxf.it.security.policy.Saml2PolicyHelloService
-quarkus.cxf.client.helloSaml2.trust-store = client-truststore.${keystore.type}
+quarkus.cxf.client.helloSaml2.trust-store = client-truststore.pkcs12
 quarkus.cxf.client.helloSaml2.trust-store-password = client-truststore-password
 quarkus.cxf.client.helloSaml2.features = #messageCollector
 quarkus.cxf.client.helloSaml2.security.signature.username = alice
@@ -238,7 +237,7 @@ quarkus.cxf.endpoint."/helloCustomEncryptSign".security.encryption.crypto = #bob
 
 quarkus.cxf.client.helloCustomEncryptSign.client-endpoint-url = https://localhost:${quarkus.http.test-ssl-port}/services/helloCustomEncryptSign
 quarkus.cxf.client.helloCustomEncryptSign.service-interface = io.quarkiverse.cxf.it.security.policy.CustomEncryptSignPolicyHelloService
-quarkus.cxf.client.helloCustomEncryptSign.trust-store = client-truststore.${keystore.type}
+quarkus.cxf.client.helloCustomEncryptSign.trust-store = client-truststore.pkcs12
 quarkus.cxf.client.helloCustomEncryptSign.trust-store-password = client-truststore-password
 quarkus.cxf.client.helloCustomEncryptSign.security.signature.username = alice
 quarkus.cxf.client.helloCustomEncryptSign.security.signature.password = alice-keystore-password
@@ -262,7 +261,7 @@ quarkus.cxf.endpoint."/helloCustomizedEncryptSign".security.custom.signature.key
 
 quarkus.cxf.client.helloCustomizedEncryptSign.client-endpoint-url = https://localhost:${quarkus.http.test-ssl-port}/services/helloCustomizedEncryptSign
 quarkus.cxf.client.helloCustomizedEncryptSign.service-interface = io.quarkiverse.cxf.it.security.policy.CustomEncryptSignPolicyHelloService
-quarkus.cxf.client.helloCustomizedEncryptSign.trust-store = client-truststore.${keystore.type}
+quarkus.cxf.client.helloCustomizedEncryptSign.trust-store = client-truststore.pkcs12
 quarkus.cxf.client.helloCustomizedEncryptSign.trust-store-password = client-truststore-password
 quarkus.cxf.client.helloCustomizedEncryptSign.security.signature.username = alice
 quarkus.cxf.client.helloCustomizedEncryptSign.security.signature.password = alice-keystore-password
@@ -290,7 +289,7 @@ quarkus.cxf.endpoint."/helloCustomEncryptSignWrong1".security.custom.signature.k
 
 quarkus.cxf.client.helloCustomEncryptSignWrong1.client-endpoint-url = https://localhost:${quarkus.http.test-ssl-port}/services/helloCustomEncryptSignWrong1
 quarkus.cxf.client.helloCustomEncryptSignWrong1.service-interface = io.quarkiverse.cxf.it.security.policy.CustomEncryptSignWrong1PolicyHelloService
-quarkus.cxf.client.helloCustomEncryptSignWrong1.trust-store = client-truststore.${keystore.type}
+quarkus.cxf.client.helloCustomEncryptSignWrong1.trust-store = client-truststore.pkcs12
 quarkus.cxf.client.helloCustomEncryptSignWrong1.trust-store-password = client-truststore-password
 quarkus.cxf.client.helloCustomEncryptSignWrong1.security.signature.username = alice
 quarkus.cxf.client.helloCustomEncryptSignWrong1.security.signature.password = alice-keystore-password
@@ -308,7 +307,7 @@ quarkus.cxf.endpoint."/helloCustomEncryptSignWrong2".security.encryption.crypto
 
 quarkus.cxf.client.helloCustomEncryptSignWrong2.client-endpoint-url = https://localhost:${quarkus.http.test-ssl-port}/services/helloCustomEncryptSignWrong2
 quarkus.cxf.client.helloCustomEncryptSignWrong2.service-interface = io.quarkiverse.cxf.it.security.policy.CustomEncryptSignWrong2PolicyHelloService
-quarkus.cxf.client.helloCustomEncryptSignWrong2.trust-store = client-truststore.${keystore.type}
+quarkus.cxf.client.helloCustomEncryptSignWrong2.trust-store = client-truststore.pkcs12
 quarkus.cxf.client.helloCustomEncryptSignWrong2.trust-store-password = client-truststore-password
 quarkus.cxf.client.helloCustomEncryptSignWrong2.security.signature.username = alice
 quarkus.cxf.client.helloCustomEncryptSignWrong2.security.signature.password = alice-keystore-password
diff --git a/integration-tests/mtls/pom.xml b/integration-tests/mtls/pom.xml
index f5ac5ffc2..48b801d05 100644
--- a/integration-tests/mtls/pom.xml
+++ b/integration-tests/mtls/pom.xml
@@ -71,6 +71,7 @@
                 </property>
             </activation>
             <properties>
+                <keystore.type.short>p12</keystore.type.short>
                 <keystore.type>pkcs12</keystore.type>
             </properties>
             <build>
@@ -110,7 +111,7 @@
                                         ${maven.multiModuleProjectDirectory}/docs/modules/ROOT/examples/mtls</outputDirectory>
                                     <resources>
                                         <resource>
-                                            <directory>src/main/resources</directory>
+                                            <directory>target/classes</directory>
                                             <includes>
                                                 <include>application.properties</include>
                                             </includes>
@@ -131,6 +132,7 @@
                 </property>
             </activation>
             <properties>
+                <keystore.type.short>jks</keystore.type.short>
                 <keystore.type>jks</keystore.type>
             </properties>
             <build>
diff --git a/integration-tests/mtls/src/main/resources/application.properties b/integration-tests/mtls/src/main/resources/application.properties
index cc5791c63..ca30c8471 100644
--- a/integration-tests/mtls/src/main/resources/application.properties
+++ b/integration-tests/mtls/src/main/resources/application.properties
@@ -1,15 +1,18 @@
-# The store type can be pkcs12 or jks
+# ${keystore.type} and ${keystore.type.short} are replaced by maven-resource-plugin filtering based on Maven profile
 keystore.type = ${keystore.type}
 
 # tag::mtls[]
 # Server keystore for Simple TLS
-quarkus.http.ssl.certificate.key-store-file = localhost-keystore.${keystore.type}
-quarkus.http.ssl.certificate.key-store-password = localhost-keystore-password
-quarkus.http.ssl.certificate.key-store-key-alias = localhost
-quarkus.http.ssl.certificate.key-store-key-password = localhost-keystore-password
+quarkus.tls.localhost-${keystore.type}.key-store.${keystore.type.short}.path = localhost-keystore.${keystore.type}
+quarkus.tls.localhost-${keystore.type}.key-store.${keystore.type.short}.password = localhost-keystore-password
+quarkus.tls.localhost-${keystore.type}.key-store.${keystore.type.short}.alias = localhost
+quarkus.tls.localhost-${keystore.type}.key-store.${keystore.type.short}.alias-password = localhost-keystore-password
 # Server truststore for Mutual TLS
-quarkus.http.ssl.certificate.trust-store-file = localhost-truststore.${keystore.type}
-quarkus.http.ssl.certificate.trust-store-password = localhost-truststore-password
+quarkus.tls.localhost-${keystore.type}.trust-store.${keystore.type.short}.path = localhost-truststore.${keystore.type}
+quarkus.tls.localhost-${keystore.type}.trust-store.${keystore.type.short}.password = localhost-truststore-password
+# Select localhost-${keystore.type} as the TLS configuration for the HTTP server
+quarkus.http.tls-configuration-name = localhost-${keystore.type}
+
 # Do not allow any clients which do not prove their indentity through an SSL certificate
 quarkus.http.ssl.client-auth = required
 
diff --git a/integration-tests/ws-security-policy/pom.xml b/integration-tests/ws-security-policy/pom.xml
index f6d16d186..376e224eb 100644
--- a/integration-tests/ws-security-policy/pom.xml
+++ b/integration-tests/ws-security-policy/pom.xml
@@ -69,41 +69,6 @@
                     </execution>
                 </executions>
             </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-resources-plugin</artifactId>
-                <executions>
-                    <execution>
-                        <!-- Copy the sample code to docs module where Antora can see it -->
-                        <id>copy-resources-for-antora</id>
-                        <phase>compile</phase><!-- after source formatting -->
-                        <goals>
-                            <goal>copy-resources</goal>
-                        </goals>
-                        <configuration>
-                            <outputDirectory>
-                                ${maven.multiModuleProjectDirectory}/docs/modules/ROOT/examples/ws-security-policy</outputDirectory>
-                            <resources>
-                                <resource>
-                                    <directory>src/main/resources</directory>
-                                    <includes>
-                                        <include>application.properties</include>
-                                        <include>https-policy.xml</include>
-                                        <include>encrypt-sign-policy.xml</include>
-                                    </includes>
-                                </resource>
-                                <resource>
-                                    <directory>src/main/java/io/quarkiverse/cxf/it/security/policy</directory>
-                                    <includes>
-                                        <include>HttpsPolicyHelloService.java</include>
-                                        <include>EncryptSignPolicyHelloService.java</include>
-                                    </includes>
-                                </resource>
-                            </resources>
-                        </configuration>
-                    </execution>
-                </executions>
-            </plugin>
         </plugins>
     </build>
 
@@ -116,6 +81,7 @@
                 </property>
             </activation>
             <properties>
+                <keystore.type.short>p12</keystore.type.short>
                 <keystore.type>pkcs12</keystore.type>
             </properties>
             <dependencies>
@@ -145,6 +111,41 @@
                             </execution>
                         </executions>
                     </plugin>
+                    <plugin>
+                        <groupId>org.apache.maven.plugins</groupId>
+                        <artifactId>maven-resources-plugin</artifactId>
+                        <executions>
+                            <execution>
+                                <!-- Copy the sample code to docs module where Antora can see it -->
+                                <id>copy-resources-for-antora</id>
+                                <phase>compile</phase><!-- after source formatting -->
+                                <goals>
+                                    <goal>copy-resources</goal>
+                                </goals>
+                                <configuration>
+                                    <outputDirectory>
+                                        ${maven.multiModuleProjectDirectory}/docs/modules/ROOT/examples/ws-security-policy</outputDirectory>
+                                    <resources>
+                                        <resource>
+                                            <directory>target/classes</directory>
+                                            <includes>
+                                                <include>application.properties</include>
+                                                <include>https-policy.xml</include>
+                                                <include>encrypt-sign-policy.xml</include>
+                                            </includes>
+                                        </resource>
+                                        <resource>
+                                            <directory>src/main/java/io/quarkiverse/cxf/it/security/policy</directory>
+                                            <includes>
+                                                <include>HttpsPolicyHelloService.java</include>
+                                                <include>EncryptSignPolicyHelloService.java</include>
+                                            </includes>
+                                        </resource>
+                                    </resources>
+                                </configuration>
+                            </execution>
+                        </executions>
+                    </plugin>
                 </plugins>
             </build>
         </profile>
@@ -156,6 +157,7 @@
                 </property>
             </activation>
             <properties>
+                <keystore.type.short>jks</keystore.type.short>
                 <keystore.type>jks</keystore.type>
             </properties>
             <dependencies>
diff --git a/integration-tests/ws-security-policy/src/main/resources/application.properties b/integration-tests/ws-security-policy/src/main/resources/application.properties
index 269073b24..7d2f6b580 100644
--- a/integration-tests/ws-security-policy/src/main/resources/application.properties
+++ b/integration-tests/ws-security-policy/src/main/resources/application.properties
@@ -1,19 +1,18 @@
-
+# ${keystore.type} and ${keystore.type.short} are replaced by maven-resource-plugin filtering
+keystore.type = ${keystore.type}
 
 # Server side SSL
 # tag::server-key-store[]
 # <1>
-quarkus.http.ssl.certificate.key-store-file = localhost-keystore.${keystore.type}
-quarkus.http.ssl.certificate.key-store-password = localhost-keystore-password
-quarkus.http.ssl.certificate.key-store-key-alias = localhost
-quarkus.http.ssl.certificate.key-store-key-password = localhost-keystore-password
+quarkus.tls.key-store.${keystore.type.short}.path = localhost-keystore.${keystore.type}
+quarkus.tls.key-store.${keystore.type.short}.password = localhost-keystore-password
+quarkus.tls.key-store.${keystore.type.short}.alias = localhost
+quarkus.tls.key-store.${keystore.type.short}.alias-password = localhost-keystore-password
 # end::server-key-store[]
 
 # tag::quarkus-cxf-rt-ws-security.adoc-service[]
 # A service with encrypt-sign-policy.xml set
 quarkus.cxf.endpoint."/helloEncryptSign".implementor = io.quarkiverse.cxf.it.security.policy.EncryptSignPolicyHelloServiceImpl
-# can be jks or pkcs12 - set from Maven profiles in this test
-keystore.type = ${keystore.type}
 # Signature settings
 quarkus.cxf.endpoint."/helloEncryptSign".security.signature.username = bob
 quarkus.cxf.endpoint."/helloEncryptSign".security.signature.password = bob-keystore-password