From bcc3d14039c966397e15e0b2a9ed1f574354a1a1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20Vav=C5=99=C3=ADk?= <mvavrik@redhat.com>
Date: Wed, 4 Sep 2024 12:17:52 +0200
Subject: [PATCH] Migrate gRPC same server TLS test to new API

---
 .../src/main/resources/application.properties | 14 ++---
 http/grpc/src/main/resources/tls/ca.cnf       |  6 --
 http/grpc/src/main/resources/tls/ca.pem       | 21 -------
 http/grpc/src/main/resources/tls/server.key   | 28 ----------
 http/grpc/src/main/resources/tls/server.pem   | 20 -------
 .../ts/http/grpc/GrpcTlsSeparateServerIT.java | 56 +++++++++++++++++++
 .../java/io/quarkus/ts/http/grpc/TLSIT.java   | 48 ----------------
 7 files changed, 63 insertions(+), 130 deletions(-)
 delete mode 100644 http/grpc/src/main/resources/tls/ca.cnf
 delete mode 100644 http/grpc/src/main/resources/tls/ca.pem
 delete mode 100644 http/grpc/src/main/resources/tls/server.key
 delete mode 100644 http/grpc/src/main/resources/tls/server.pem
 create mode 100644 http/grpc/src/test/java/io/quarkus/ts/http/grpc/GrpcTlsSeparateServerIT.java
 delete mode 100644 http/grpc/src/test/java/io/quarkus/ts/http/grpc/TLSIT.java

diff --git a/http/grpc/src/main/resources/application.properties b/http/grpc/src/main/resources/application.properties
index f5b226b12..a0266aecd 100644
--- a/http/grpc/src/main/resources/application.properties
+++ b/http/grpc/src/main/resources/application.properties
@@ -9,13 +9,13 @@ quarkus.grpc.server.enable-reflection-service=true
 quarkus.grpc.clients.reflection-service.port=${quarkus.grpc.clients.plain.port}
 quarkus.grpc.clients.streaming.port=${quarkus.grpc.clients.plain.port}
 
-%ssl.quarkus.grpc.clients.plain.ssl.trust-store=tls/ca.pem
-%ssl.quarkus.grpc.clients.reflection-service.ssl.trust-store=${quarkus.grpc.clients.plain.ssl.trust-store}
-%ssl.quarkus.grpc.clients.streaming.ssl.trust-store=${quarkus.grpc.clients.plain.ssl.trust-store}
+%ssl.quarkus.grpc.clients.plain.ssl.trust-store=${grpc.client.ca-cert}
+%ssl.quarkus.grpc.clients.reflection-service.ssl.trust-store=${grpc.client.ca-cert}
+%ssl.quarkus.grpc.clients.streaming.ssl.trust-store=${grpc.client.ca-cert}
 
 # See https://github.com/quarkusio/quarkus/issues/38965 to learn, why we use these parameters
 %ssl.quarkus.grpc.clients.plain.port=${quarkus.http.ssl-port}
-%ssl.quarkus.http.ssl.certificate.files=tls/server.pem
-%ssl.quarkus.http.ssl.certificate.key-files=tls/server.key
-%ssl.quarkus.grpc.server.ssl.certificate=tls/server.pem
-%ssl.quarkus.grpc.server.ssl.key=tls/server.key
\ No newline at end of file
+%ssl.quarkus.http.ssl.certificate.files=${grpc.server.cert}
+%ssl.quarkus.http.ssl.certificate.key-files=${grpc.server.key}
+%ssl.quarkus.grpc.server.ssl.certificate=${grpc.server.cert}
+%ssl.quarkus.grpc.server.ssl.key=${grpc.server.key}
diff --git a/http/grpc/src/main/resources/tls/ca.cnf b/http/grpc/src/main/resources/tls/ca.cnf
deleted file mode 100644
index 936c6c90f..000000000
--- a/http/grpc/src/main/resources/tls/ca.cnf
+++ /dev/null
@@ -1,6 +0,0 @@
-[req]
-req_extensions = v3_req
-
-[v3_req]
-basicConstraints = CA:true
-keyUsage = critical, keyCertSign
\ No newline at end of file
diff --git a/http/grpc/src/main/resources/tls/ca.pem b/http/grpc/src/main/resources/tls/ca.pem
deleted file mode 100644
index bb2986a4c..000000000
--- a/http/grpc/src/main/resources/tls/ca.pem
+++ /dev/null
@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDbTCCAlWgAwIBAgIUTbmeWmNplPK5ZjMS7M+eSFtN2YkwDQYJKoZIhvcNAQEL
-BQAwUDELMAkGA1UEBhMCQ1oxDDAKBgNVBAgMA0pNSzENMAsGA1UEBwwEQnJubzEP
-MA0GA1UECgwGUmVkSGF0MRMwEQYDVQQLDApRdWFya3VzLVFFMB4XDTI0MDIyNzA4
-MzA1MloXDTM0MDIyNDA4MzA1MlowUDELMAkGA1UEBhMCQ1oxDDAKBgNVBAgMA0pN
-SzENMAsGA1UEBwwEQnJubzEPMA0GA1UECgwGUmVkSGF0MRMwEQYDVQQLDApRdWFy
-a3VzLVFFMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs/0x9/YIoueQ
-ckoItGRuW8CUc9kpdS35wfxcqrlyfQbo2i4idg5V9d4EYU3ONpvVl69O97t3DnXp
-XC90Mt+ActinPXs//ulxVelP5uVWo4nQILk889GHRfoIvsEKe+YZKTBxT92PJEDh
-qs1eDK5OJApX6ZRhHqZRjxVPRgwOhUE47qIHflDE0wX54zDPHGtwdSJtlDWSfbRg
-BLLzni50XAAPoEmHRb557yjYR6A3SfAE/Oaz++kh5HyDTrufGRQpn8R6MR2X8lJG
-FDSMqoCsf9AOtGzrpq8EoJb5hwBC7ko599beXb1A3PuYqQ4XU9gGCtTs3HHx2Am4
-t9fwS5OCmwIDAQABoz8wPTAMBgNVHRMEBTADAQH/MA4GA1UdDwEB/wQEAwICBDAd
-BgNVHQ4EFgQUo9s3q9xO/KVtZ4hiDyCsHmXWI+kwDQYJKoZIhvcNAQELBQADggEB
-AK/G72vu1xyITXJZeoi7pyj0iDk4nn0T6Znl5BaMZ5ukjxVH7EuIAOuCOOeDiYhe
-3WdwWHbxGdaZhJH9SF4CoCKNapVL1567lT0MU9JxfNWot8ipZ1J5WCHpor5HNl1D
-c072uEHQ7lTlErrvMDppPt6xb7dhXSVHneXve+RbyF8spzeKG31yg5DPkSiaIP8p
-qNnGw++J1Il0CQA11hYlH4wUE80atWEugTx04BHiK/HtYLQsbHKVSNw4gj7eFr//
-sQW0fliWPjmXLxAUU2efU/w6vs37LCuHApaN80yxTbK3J5LiPD8kH/OWRkPEcts9
-f2lZYZzQcMQvjbaSJ/cSzM0=
------END CERTIFICATE-----
diff --git a/http/grpc/src/main/resources/tls/server.key b/http/grpc/src/main/resources/tls/server.key
deleted file mode 100644
index 18714e74b..000000000
--- a/http/grpc/src/main/resources/tls/server.key
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCPCYGGsbW0zG6I
-TMvK85BF0jnd0L1U/XovBRCi3+VmrR2JovuazuKpmBwNyThsNLsj2KBLhYL6uwuB
-Kw0BeBW+yOaNB8gE7ef6MrT5qlp53X4XudmsucvdJnCSB01GC3GjElYe9rXrSuRH
-yPzU8QgpBAIJwFpbij/TWFUdynHUZ8oAjatzFlDzW4CoCTgo4NTdXhg5hsMSZvB0
-bkQ/jQF0PUvGCgbVthQGvSt75A69+ns8j2kxfb8DBrm94WpcxY1hMsVXP6/KZOyc
-rHlzVELAXJA0p0mHvokfQuU3xJT/Y5NbLDkq+9sh9sYjT5lw3tf0v99CrEOQgTC6
-jejADT2zAgMBAAECggEACKelGD7ZhVKXX5TyAdpCAQ+K49KVGjbqNT0juA8/JLrV
-3jWn7sKU8XkcPXNPADEin7UkYd12wvAdbpfpxgx7mFs0pBTz8+RnVHrL+41kwxn1
-Xr8mni5x2PRR/GwHr3TSz/C0mFQKRu31qShOsB3ThhPRgcCLVx2i5gliwRY2VAlK
-hZVmbhyC+4qF/BFNpzIIjyqNZsu8yjBP920DzX9TrQ7q0yQ5oE+Pyg5TMJPxUOiN
-dNiqNwVnQ77mz54eKJBDJbx431LS4Anp585AAruMj+7imGc7zbc4ZB4CtZ7x6f45
-3eBbiBhMepZ9wKg/Ym9aBdxxpy3gapZRs40DAJFC3QKBgQDBd1yINEnJ1ZZel/iA
-3rp8j/7rITz/bYIFkRqxihjRMSrdBKzTx3n3dnRKYjOh4B6CkWToaqRP3HPBVhKd
-pHjdz7Oo3PDrXnZcx41FUzYB7B0qkBD6vyqM9/U88da4ERtqNOczWCSHz/AQXfhc
-X5OlYA1Ed4tdLcyVqQL1/0Y7HwKBgQC9RVDFBh8vzMA5nr/gaZOwDee935Dmei7s
-AJqq6rRxkZEqSf7M090DUHaBTeg1jRMtGGNn6Q6LxaGe/jrRUvNTWVtOt1VfG8xZ
-r/3fM71VnhZ/m8D/rCOmNOYekKTITxNlBPGfDV9wUFFATNhyQCWQTbg4XmFzWQG7
-hEdalmk+7QKBgCMHU4+tt/Z9X5588ZeTvDw1bjhwajTtRO9xGF4w3NFzj4k5AXnO
-0jyGDAQzx5l1lNCbNqQGOv3ismq9BN3aG7A9nQ/kARL8pX2i++cja9HpSFaegxSD
-bFbdxl9kgjYNkuMl9P6M5QBaG+M6wG8pNvhobb6JzofudO5cDZcwwyyNAoGAWdtw
-rzlq0Py6PiDaI6a8ERdo8EIVvvY/FJhs1bw8ErbzXkpnB8OF6C7pNBZSqinh8sTj
-XM/OshkP1DYKopppHycLLGHpzA+cgvAE7VTZDK7TK548kKWe/yeaIOS29spkAM/K
-DqMArofTK13QXN2Ld+kODuTwCx00r1vrrFxAdzkCgYACF/hzTzT0BozFDT5Ve4sX
-fQBa4oZEiFOVqJ40ok3ICdqe22/38y5bQEoZ19TNmrK4nz/W+hOCpID26x/fel14
-MegjDjBfH77uwFgoI9O0uJiX4U89ZCOWmMXNH5wqqySJG+C+kF5ACONmGfaYrkPc
-8sjG1e5JXF2K5PxXHlRiIw==
------END PRIVATE KEY-----
diff --git a/http/grpc/src/main/resources/tls/server.pem b/http/grpc/src/main/resources/tls/server.pem
deleted file mode 100644
index 2c7e4694a..000000000
--- a/http/grpc/src/main/resources/tls/server.pem
+++ /dev/null
@@ -1,20 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDOzCCAiMCFH7N97KjoaAbXGiiEZBxz9YkgRvZMA0GCSqGSIb3DQEBCwUAMFAx
-CzAJBgNVBAYTAkNaMQwwCgYDVQQIDANKTUsxDTALBgNVBAcMBEJybm8xDzANBgNV
-BAoMBlJlZEhhdDETMBEGA1UECwwKUXVhcmt1cy1RRTAeFw0yNDAyMjcwODMxMjda
-Fw0zNDAyMjQwODMxMjdaMGQxCzAJBgNVBAYTAkNaMQwwCgYDVQQIDANKTUsxDTAL
-BgNVBAcMBEJybm8xDzANBgNVBAoMBlJlZEhhdDETMBEGA1UECwwKUXVhcmt1cy1R
-RTESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
-CgKCAQEAjwmBhrG1tMxuiEzLyvOQRdI53dC9VP16LwUQot/lZq0diaL7ms7iqZgc
-Dck4bDS7I9igS4WC+rsLgSsNAXgVvsjmjQfIBO3n+jK0+apaed1+F7nZrLnL3SZw
-kgdNRgtxoxJWHva160rkR8j81PEIKQQCCcBaW4o/01hVHcpx1GfKAI2rcxZQ81uA
-qAk4KODU3V4YOYbDEmbwdG5EP40BdD1LxgoG1bYUBr0re+QOvfp7PI9pMX2/Awa5
-veFqXMWNYTLFVz+vymTsnKx5c1RCwFyQNKdJh76JH0LlN8SU/2OTWyw5KvvbIfbG
-I0+ZcN7X9L/fQqxDkIEwuo3owA09swIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCM
-Yl1CFnKqP2LF/zZvdwiLkdaTbvefh4W0C31tLd2OaIGDo18cCr0OWAia2XD9f9f7
-dlTmDJhRT230S96/aR7FzT30OoyGFeuNq+C4M5d7lcwllKlG5zXupLl7D3l30fnf
-tUxUrFWbyh/xVGKRm4J2xP5MtIGOTfXBZsxqaawEN7U2bTmsA+/1vBWXJ+W2yCfs
-IoQPNH125wsDOiCvXDacn2jd+GxxZXtfv4UoZ3LZLGko5Tv4dubu1SwaC6oek2bc
-5trifNC9timIoKM0mqc4hdClB6YDDQ+pRLmy545B/EwP3xMmugnTkRo12miPLtGX
-TayJV9LQkMXHgn5tKTOp
------END CERTIFICATE-----
diff --git a/http/grpc/src/test/java/io/quarkus/ts/http/grpc/GrpcTlsSeparateServerIT.java b/http/grpc/src/test/java/io/quarkus/ts/http/grpc/GrpcTlsSeparateServerIT.java
new file mode 100644
index 000000000..c441be0cd
--- /dev/null
+++ b/http/grpc/src/test/java/io/quarkus/ts/http/grpc/GrpcTlsSeparateServerIT.java
@@ -0,0 +1,56 @@
+package io.quarkus.ts.http.grpc;
+
+import static io.quarkus.test.services.Certificate.Format.PEM;
+
+import io.quarkus.test.bootstrap.CloseableManagedChannel;
+import io.quarkus.test.bootstrap.GrpcService;
+import io.quarkus.test.bootstrap.RestService;
+import io.quarkus.test.scenarios.QuarkusScenario;
+import io.quarkus.test.security.certificate.Certificate.PemCertificate;
+import io.quarkus.test.security.certificate.CertificateBuilder;
+import io.quarkus.test.services.Certificate;
+import io.quarkus.test.services.QuarkusApplication;
+import io.restassured.specification.RequestSpecification;
+
+@QuarkusScenario
+public class GrpcTlsSeparateServerIT implements GRPCIT, StreamingHttpIT, ReflectionHttpIT {
+
+    private static final String CERT_PREFIX = "grpc-tls-separate-server";
+
+    @QuarkusApplication(grpc = true, ssl = true, certificates = @Certificate(prefix = CERT_PREFIX, format = PEM, configureKeystore = true, configureTruststore = true))
+    static final GrpcService app = (GrpcService) new GrpcService()
+            .withProperty("quarkus.profile", "ssl")
+            .withProperty("grpc.client.ca-cert", CertificateBuilder.INSTANCE_KEY, GrpcTlsSeparateServerIT::getClientCaCert)
+            .withProperty("grpc.server.cert", CertificateBuilder.INSTANCE_KEY, GrpcTlsSeparateServerIT::getServerCert)
+            .withProperty("grpc.server.key", CertificateBuilder.INSTANCE_KEY, GrpcTlsSeparateServerIT::getServerKey);
+
+    public CloseableManagedChannel getChannel() {
+        return app.securedGrpcChannel();
+    }
+
+    @Override
+    public RestService app() {
+        return app;
+    }
+
+    @Override
+    public RequestSpecification given() {
+        return app().relaxedHttps().given();
+    }
+
+    private static String getClientCaCert(CertificateBuilder certificateBuilder) {
+        return getPemCertificate(certificateBuilder).truststorePath();
+    }
+
+    private static String getServerCert(CertificateBuilder certificateBuilder) {
+        return getPemCertificate(certificateBuilder).certPath();
+    }
+
+    private static String getServerKey(CertificateBuilder certificateBuilder) {
+        return getPemCertificate(certificateBuilder).keyPath();
+    }
+
+    private static PemCertificate getPemCertificate(CertificateBuilder certificateBuilder) {
+        return (PemCertificate) certificateBuilder.findCertificateByPrefix(CERT_PREFIX);
+    }
+}
diff --git a/http/grpc/src/test/java/io/quarkus/ts/http/grpc/TLSIT.java b/http/grpc/src/test/java/io/quarkus/ts/http/grpc/TLSIT.java
deleted file mode 100644
index 631b397cd..000000000
--- a/http/grpc/src/test/java/io/quarkus/ts/http/grpc/TLSIT.java
+++ /dev/null
@@ -1,48 +0,0 @@
-package io.quarkus.ts.http.grpc;
-
-import java.io.IOException;
-import java.io.InputStream;
-
-import io.grpc.ChannelCredentials;
-import io.grpc.Grpc;
-import io.grpc.TlsChannelCredentials;
-import io.quarkus.test.bootstrap.CloseableManagedChannel;
-import io.quarkus.test.bootstrap.GrpcService;
-import io.quarkus.test.bootstrap.Protocol;
-import io.quarkus.test.bootstrap.RestService;
-import io.quarkus.test.scenarios.QuarkusScenario;
-import io.quarkus.test.services.QuarkusApplication;
-import io.restassured.specification.RequestSpecification;
-
-@QuarkusScenario
-public class TLSIT implements GRPCIT, StreamingHttpIT, ReflectionHttpIT {
-
-    @QuarkusApplication(grpc = true, ssl = true)
-    static final GrpcService app = (GrpcService) new GrpcService()
-            .withProperty("quarkus.profile", "ssl");
-
-    public CloseableManagedChannel getChannel() {
-        try (InputStream caCertificate = app.getClass().getClassLoader().getResourceAsStream("tls/ca.pem")) {
-            ChannelCredentials credentials = TlsChannelCredentials.newBuilder()
-                    .trustManager(caCertificate)
-                    .build();
-            var channel = Grpc.newChannelBuilderForAddress(app().getURI(Protocol.GRPC).getHost(),
-                    app().getURI(Protocol.HTTPS).getPort(), credentials)
-                    .build();
-            return new CloseableManagedChannel(channel);
-        } catch (IOException e) {
-            throw new RuntimeException(e);
-        }
-    }
-
-    @Override
-    public RestService app() {
-        return app;
-    }
-
-    @Override
-    public RequestSpecification given() {
-        return app().relaxedHttps().given();
-    }
-
-}