From 3e960559c9b72151cb92b8afc7a7d7f071a4f7f5 Mon Sep 17 00:00:00 2001 From: Katia Aresti Date: Thu, 12 Oct 2023 14:49:38 +0200 Subject: [PATCH] Updates to Infinispan 14.0.19.Final * Adds sniHostName and sslHostNameValidation properties --- bom/application/pom.xml | 2 +- .../InfinispanConfigurationSetupTest.java | 2 ++ .../resources/cache-config-application.properties | 3 +++ .../client/runtime/InfinispanClientProducer.java | 9 +++++++++ .../runtime/InfinispanClientRuntimeConfig.java | 13 +++++++++++++ 5 files changed, 28 insertions(+), 1 deletion(-) diff --git a/bom/application/pom.xml b/bom/application/pom.xml index c6451afb5719b..e02aeaf2089e5 100644 --- a/bom/application/pom.xml +++ b/bom/application/pom.xml @@ -139,7 +139,7 @@ 5.3.0 5.10.0 1.5.0 - 14.0.17.Final + 14.0.19.Final 4.6.5.Final 3.1.5 4.1.100.Final diff --git a/extensions/infinispan-client/deployment/src/test/java/org/quarkus/infinispan/client/deployment/InfinispanConfigurationSetupTest.java b/extensions/infinispan-client/deployment/src/test/java/org/quarkus/infinispan/client/deployment/InfinispanConfigurationSetupTest.java index 0690a1fbc23c3..53f90e5ad105e 100644 --- a/extensions/infinispan-client/deployment/src/test/java/org/quarkus/infinispan/client/deployment/InfinispanConfigurationSetupTest.java +++ b/extensions/infinispan-client/deployment/src/test/java/org/quarkus/infinispan/client/deployment/InfinispanConfigurationSetupTest.java @@ -43,6 +43,8 @@ public void infinispanConnectionConfiguration() { assertThat(configuration.security().ssl().provider()).isEqualTo("SSL_prov"); assertThat(configuration.security().ssl().protocol()).isEqualTo("SSL_protocol"); assertThat(configuration.security().ssl().ciphers()).containsExactlyInAnyOrder("SSL_cipher1", "SSL_cipher2"); + assertThat(configuration.security().ssl().hostnameValidation()).isTrue(); + assertThat(configuration.security().ssl().sniHostName()).isEqualTo("sniHostName"); assertThat(configuration.clusters()).extracting("clusterName", "clientIntelligence") .containsExactly(tuple("bsite", ClientIntelligence.BASIC)); assertThat(configuration.clusters()).hasSize(1); diff --git a/extensions/infinispan-client/deployment/src/test/resources/cache-config-application.properties b/extensions/infinispan-client/deployment/src/test/resources/cache-config-application.properties index 54c95974449c3..2c2add6b4dcea 100644 --- a/extensions/infinispan-client/deployment/src/test/resources/cache-config-application.properties +++ b/extensions/infinispan-client/deployment/src/test/resources/cache-config-application.properties @@ -16,6 +16,9 @@ quarkus.infinispan-client.trust-store-type=JCEKS quarkus.infinispan-client.ssl-provider=SSL_prov quarkus.infinispan-client.ssl-protocol=SSL_protocol quarkus.infinispan-client.ssl-ciphers=SSL_cipher1,SSL_cipher2 +quarkus.infinispan-client.ssl-host-name-validation=true +quarkus.infinispan-client.sni-host-name=sniHostName + quarkus.infinispan-client.backup-cluster.bsite.hosts=bsite1:32111 quarkus.infinispan-client.backup-cluster.bsite.client-intelligence=BASIC diff --git a/extensions/infinispan-client/runtime/src/main/java/io/quarkus/infinispan/client/runtime/InfinispanClientProducer.java b/extensions/infinispan-client/runtime/src/main/java/io/quarkus/infinispan/client/runtime/InfinispanClientProducer.java index 1b24793b36ccf..c0e5b827db897 100644 --- a/extensions/infinispan-client/runtime/src/main/java/io/quarkus/infinispan/client/runtime/InfinispanClientProducer.java +++ b/extensions/infinispan-client/runtime/src/main/java/io/quarkus/infinispan/client/runtime/InfinispanClientProducer.java @@ -224,6 +224,15 @@ private ConfigurationBuilder builderFromProperties(String infinispanClientName, infinispanClientRuntimeConfig.sslCiphers.get().stream().collect(Collectors.joining(" "))); } + if (infinispanClientRuntimeConfig.sslHostNameValidation.isPresent()) { + properties.put(ConfigurationProperties.SSL_HOSTNAME_VALIDATION, + infinispanClientRuntimeConfig.sslHostNameValidation.get()); + } + + if (infinispanClientRuntimeConfig.sniHostName.isPresent()) { + properties.put(ConfigurationProperties.SNI_HOST_NAME, infinispanClientRuntimeConfig.sniHostName.get()); + } + builder.withProperties(properties); if (infinispanClientRuntimeConfig.tracingPropagationEnabled.isPresent()) { diff --git a/extensions/infinispan-client/runtime/src/main/java/io/quarkus/infinispan/client/runtime/InfinispanClientRuntimeConfig.java b/extensions/infinispan-client/runtime/src/main/java/io/quarkus/infinispan/client/runtime/InfinispanClientRuntimeConfig.java index 971d1a54dd26c..1d341a35a4894 100644 --- a/extensions/infinispan-client/runtime/src/main/java/io/quarkus/infinispan/client/runtime/InfinispanClientRuntimeConfig.java +++ b/extensions/infinispan-client/runtime/src/main/java/io/quarkus/infinispan/client/runtime/InfinispanClientRuntimeConfig.java @@ -166,6 +166,19 @@ public class InfinispanClientRuntimeConfig { @ConfigItem Optional> sslCiphers; + /** + * Do SSL hostname validation. + * Defaults to true. + */ + @ConfigItem + Optional sslHostNameValidation; + + /** + * SNI host name. Mandatory when SSL is enabled and host name validation is true. + */ + @ConfigItem + Optional sniHostName; + /** * Whether a tracing propagation is enabled in case the Opentelemetry extension is present. * By default the propagation of the context is propagated from the client to the Infinispan Server.