Merge pull request #10835 from newportd/infinispan-client-trust-store

allow overriding trust store properties and add an integration test
quarkusio · Jul 27, 2020 · 517024c · 517024c
2 parents d1a0680 + f0c3ea7
commit 517024c
Show file tree

Hide file tree

Showing 6 changed files with 53 additions and 4 deletions.
diff --git a/extensions/infinispan-client/README.MD b/extensions/infinispan-client/README.MD
@@ -72,12 +72,16 @@ Bounded and Unbounded both work. Exception encountered when protobuf marshalling
 
 This is working, but requires some additional steps to get configured.
 
-#### Configure truststore information (optionally keystore)
+#### Configure truststore information
 
-This is configured via hotrod-client.properties file located in META-INF. Everything is the same as normal in that
+This is configured via the `quarkus.infinispan-client.trust-store` application property. Everything is the same as normal in that
 you have to add the certificate from the server to the configured truststore if it already trusted in the default
 java cacerts file.
 
+#### Configuring keystore information
+
+The keystore is configured via hotrod-client.properties file located in META-INF.
+
 #### Configure your project to allow security services
 
 You (currently) need to enable all security services in Substrate

diff --git a/.../runtime/src/main/java/io/quarkus/infinispan/client/runtime/InfinispanClientProducer.java b/.../runtime/src/main/java/io/quarkus/infinispan/client/runtime/InfinispanClientProducer.java
@@ -187,6 +187,15 @@ private ConfigurationBuilder builderFromProperties(Properties properties) {
         infinispanClientRuntimeConfig.saslMechanism
                 .ifPresent(v -> properties.put(ConfigurationProperties.SASL_MECHANISM, v));
 
+        infinispanClientRuntimeConfig.trustStore
+                .ifPresent(v -> properties.put(ConfigurationProperties.TRUST_STORE_FILE_NAME, v));
+
+        infinispanClientRuntimeConfig.trustStorePassword
+                .ifPresent(v -> properties.put(ConfigurationProperties.TRUST_STORE_PASSWORD, v));
+
+        infinispanClientRuntimeConfig.trustStoreType
+                .ifPresent(v -> properties.put(ConfigurationProperties.TRUST_STORE_TYPE, v));
+
         builder.withProperties(properties);
 
         return builder;

diff --git a/...ime/src/main/java/io/quarkus/infinispan/client/runtime/InfinispanClientRuntimeConfig.java b/...ime/src/main/java/io/quarkus/infinispan/client/runtime/InfinispanClientRuntimeConfig.java
@@ -72,6 +72,24 @@ public class InfinispanClientRuntimeConfig {
     @ConfigItem
     Optional<String> saslMechanism;
 
+    /**
+     * Sets the trust store path
+     */
+    @ConfigItem
+    Optional<String> trustStore;
+
+    /**
+     * Sets the trust store password
+     */
+    @ConfigItem
+    Optional<String> trustStorePassword;
+
+    /**
+     * Sets the trust store type
+     */
+    @ConfigItem
+    Optional<String> trustStoreType;
+
     @Override
     public String toString() {
         return "InfinispanClientRuntimeConfig{" +

diff --git a/integration-tests/infinispan-client/src/main/resources/application.properties b/integration-tests/infinispan-client/src/main/resources/application.properties
@@ -1,5 +1,8 @@
 quarkus.infinispan-client.server-list=localhost:11232
 quarkus.infinispan-client.near-cache-max-entries=3
+quarkus.infinispan-client.trust-store=src/main/resources/server.p12
+quarkus.infinispan-client.trust-store-password=changeit
+quarkus.infinispan-client.trust-store-type=PKCS12
 
 # quarkus.log.level=DEBUG
-# quarkus.log.console.level=DEBUG
+# quarkus.log.console.level=DEBUG
diff --git a/integration-tests/infinispan-client/src/main/resources/server.p12 b/integration-tests/infinispan-client/src/main/resources/server.p12
diff --git a/...an-client/src/test/java/io/quarkus/it/infinispan/client/InfinispanServerTestResource.java b/...an-client/src/test/java/io/quarkus/it/infinispan/client/InfinispanServerTestResource.java
@@ -8,12 +8,16 @@
 import org.infinispan.configuration.global.GlobalConfigurationBuilder;
 import org.infinispan.manager.EmbeddedCacheManager;
 import org.infinispan.server.hotrod.HotRodServer;
+import org.infinispan.server.hotrod.configuration.HotRodServerConfigurationBuilder;
 import org.infinispan.server.hotrod.test.HotRodTestingUtil;
 import org.infinispan.test.fwk.TestCacheManagerFactory;
 
 import io.quarkus.test.common.QuarkusTestResourceLifecycleManager;
 
 public class InfinispanServerTestResource implements QuarkusTestResourceLifecycleManager {
+
+    private static final char[] PASSWORD = "changeit".toCharArray();
+
     private HotRodServer hotRodServer;
 
     @Override
@@ -24,7 +28,17 @@ public Map<String, String> start() {
                 new ConfigurationBuilder());
         ecm.defineConfiguration("magazine", new ConfigurationBuilder().build());
         // Client connects to a non default port
-        hotRodServer = HotRodTestingUtil.startHotRodServer(ecm, 11232);
+        final HotRodServerConfigurationBuilder hotRodServerConfigurationBuilder = new HotRodServerConfigurationBuilder();
+        hotRodServerConfigurationBuilder
+                .ssl()
+                .enabled(true)
+                .keyStoreFileName("src/main/resources/server.p12")
+                .keyStorePassword(PASSWORD)
+                .keyStoreType("PKCS12")
+                .requireClientAuth(false)
+                .protocol("TLSv1.2");
+
+        hotRodServer = HotRodTestingUtil.startHotRodServer(ecm, 11232, hotRodServerConfigurationBuilder);
         return Collections.emptyMap();
     }
 
@@ -34,4 +48,5 @@ public void stop() {
             hotRodServer.stop();
         }
     }
+
 }