From 50c9f040b99a7a9eabc6c8f9a39de45818add6a3 Mon Sep 17 00:00:00 2001 From: Daniel Newport Date: Fri, 17 Jul 2020 09:53:54 -0400 Subject: [PATCH 1/2] allow overriding trust store properties and add an integration test --- extensions/infinispan-client/README.MD | 8 ++++++-- .../runtime/InfinispanClientProducer.java | 9 +++++++++ .../InfinispanClientRuntimeConfig.java | 18 ++++++++++++++++++ .../src/main/resources/application.properties | 5 ++++- .../src/main/resources/server.p12 | Bin 0 -> 2501 bytes .../client/InfinispanServerTestResource.java | 17 ++++++++++++++++- 6 files changed, 53 insertions(+), 4 deletions(-) create mode 100644 integration-tests/infinispan-client/src/main/resources/server.p12 diff --git a/extensions/infinispan-client/README.MD b/extensions/infinispan-client/README.MD index 003bcee55fdeb..93f45a7ca2bc2 100644 --- a/extensions/infinispan-client/README.MD +++ b/extensions/infinispan-client/README.MD @@ -72,12 +72,16 @@ Bounded and Unbounded both work. Exception encountered when protobuf marshalling This is working, but requires some additional steps to get configured. -#### Configure truststore information (optionally keystore) +#### Configure truststore information -This is configured via hotrod-client.properties file located in META-INF. Everything is the same as normal in that +This is configured via the `quarkus.infinispan-client.trust-store-file-name` application property. Everything is the same as normal in that you have to add the certificate from the server to the configured truststore if it already trusted in the default java cacerts file. +#### Configuring keystore information + +The keystore is configured via hotrod-client.properties file located in META-INF. + #### Configure your project to allow security services You (currently) need to enable all security services in Substrate diff --git a/extensions/infinispan-client/runtime/src/main/java/io/quarkus/infinispan/client/runtime/InfinispanClientProducer.java b/extensions/infinispan-client/runtime/src/main/java/io/quarkus/infinispan/client/runtime/InfinispanClientProducer.java index 4fb02ef44d9bf..4edbfc46bb5ed 100644 --- a/extensions/infinispan-client/runtime/src/main/java/io/quarkus/infinispan/client/runtime/InfinispanClientProducer.java +++ b/extensions/infinispan-client/runtime/src/main/java/io/quarkus/infinispan/client/runtime/InfinispanClientProducer.java @@ -187,6 +187,15 @@ private ConfigurationBuilder builderFromProperties(Properties properties) { infinispanClientRuntimeConfig.saslMechanism .ifPresent(v -> properties.put(ConfigurationProperties.SASL_MECHANISM, v)); + infinispanClientRuntimeConfig.trustStoreFileName + .ifPresent(v -> properties.put(ConfigurationProperties.TRUST_STORE_FILE_NAME, v)); + + infinispanClientRuntimeConfig.trustStorePassword + .ifPresent(v -> properties.put(ConfigurationProperties.TRUST_STORE_PASSWORD, v)); + + infinispanClientRuntimeConfig.trustStoreType + .ifPresent(v -> properties.put(ConfigurationProperties.TRUST_STORE_TYPE, v)); + builder.withProperties(properties); return builder; diff --git a/extensions/infinispan-client/runtime/src/main/java/io/quarkus/infinispan/client/runtime/InfinispanClientRuntimeConfig.java b/extensions/infinispan-client/runtime/src/main/java/io/quarkus/infinispan/client/runtime/InfinispanClientRuntimeConfig.java index 108603e6fd9ef..1a0c22fe49dca 100644 --- a/extensions/infinispan-client/runtime/src/main/java/io/quarkus/infinispan/client/runtime/InfinispanClientRuntimeConfig.java +++ b/extensions/infinispan-client/runtime/src/main/java/io/quarkus/infinispan/client/runtime/InfinispanClientRuntimeConfig.java @@ -72,6 +72,24 @@ public class InfinispanClientRuntimeConfig { @ConfigItem Optional saslMechanism; + /** + * Sets the trust store path + */ + @ConfigItem + Optional trustStoreFileName; + + /** + * Sets the trust store password + */ + @ConfigItem + Optional trustStorePassword; + + /** + * Sets the trust store type + */ + @ConfigItem + Optional trustStoreType; + @Override public String toString() { return "InfinispanClientRuntimeConfig{" + diff --git a/integration-tests/infinispan-client/src/main/resources/application.properties b/integration-tests/infinispan-client/src/main/resources/application.properties index 557c1c1dbe3b7..8c60019b4c22c 100644 --- a/integration-tests/infinispan-client/src/main/resources/application.properties +++ b/integration-tests/infinispan-client/src/main/resources/application.properties @@ -1,5 +1,8 @@ quarkus.infinispan-client.server-list=localhost:11232 quarkus.infinispan-client.near-cache-max-entries=3 +quarkus.infinispan-client.trust-store-file-name=src/main/resources/server.p12 +quarkus.infinispan-client.trust-store-password=changeit +quarkus.infinispan-client.trust-store-type=PKCS12 # quarkus.log.level=DEBUG -# quarkus.log.console.level=DEBUG \ No newline at end of file +# quarkus.log.console.level=DEBUG diff --git a/integration-tests/infinispan-client/src/main/resources/server.p12 b/integration-tests/infinispan-client/src/main/resources/server.p12 new file mode 100644 index 0000000000000000000000000000000000000000..a35c19798eec98ac206e3e2d00830e44b60f40ba GIT binary patch literal 2501 zcmY+^X*3iH8wYU17&914sSq{xrA#wLlI@c0Ofe%QhOwm~2_d1eXWz0k_TBB;VlX%R z%{F5z8QGVN!EI#Ao>%9*?|a|(!*iZ<{{M5H56_1mf&gh}1+XCqkVp_jK0-fY2MXW- z(f72i&X?2G?^L%5%gEl_E^DsOL9wO`JIz*=fImxG}`Ph=;iQ-urHpn zG`h7i)03BSmZ|w&Pt~(WIc#!Fx1dLWo~`&{g?~4+9BKlc9IgDOWLP=xXR*t7FK6G? zXPjOau=8?Ka-Iktx8vL2ag)#fsz=7|{n1go1LOZx)*=wRA6SLX=xe_N`#a`t&#;SJ z>O&jXh0L|nYrZczlyO3w8N8OTIZ-do;b=@VQ#zogk6HfNAc%bM^F~d1zEbd!ZTBay zVt=QaXV5&2KyA#1(Yqw`4MVS~*J`ZRI4L(-pgDMKCd#aS1A1URES&1~K1UVQ&B)q_ zmRcO#Oyi%D)aY#3EKI&O9S|1Mv;VHrDca1Q!W>VV)e<(+Hk^Xa#idVPL|(9(SuA<{ zErD!6l=4K`U?{)@nz=)6dqqq^*C#e5$9%yyjz^aRbW~goCac=#Kz1_iH-`=?n}P%F zg(TgHlf{&7uY+BfNMp#b9ps!XZ&$4ycte4_&3gTBWUxb+I#~ibY0}i3O26vt^~L;b z0XkhB$UIczlio3Hrxvn!UW>ZexNkCRjhA)%Ywr8DLPZN-O@y)w;jP)HjJ$;Vr!tE8 zi)yY5CTBf%45;GEQPKEQFw?QP7~+KD+2}yUe>ms%F)J9Ad*_ac*z)&F`aI==SgO?9 zHG+m+h>bB=-%zK~*AU~WwJD!O$53U88s-m}ztOrS+Z15;xQL=f+8Z!(be+B<_a=>T zb84)}Nu{hsU%k`2yFZBuvElETS~V;{|2&m@s&!ymCb93FS|HfGdAik~_I}izmJQE4 zqkrQV(c z77CE?gb4UFDaT3f1`XUHzVPvSC?r{gK62K^#C|*{6lk>5DAbX1F!_e9R5=JjTPsO& z7>$L<6*DWVJx@Cw)B|3 zCd(u~Ec|jNxp5&IsXe@9(G|8`S7mBDkVpQRd7-%%GlE|h z%@l{?5G38J@AUho<1~9SXQX{>se!yB``ly<-~*jqWvwbCCC&JPR23J6bcJ(_X|W3D zb8BX_D#eL(=8FBUOuVavrxBgX44%eRz7>!wkaLe1ySEy1LvsS_bB#nytuxgu=uXKs z(#J*-yePUOIS2x~*8hNzM_|7SB(TFzV)>Ji266p|2TlO%i6hJtKvw=w4Ypru2s#aE zV7u<~|55`;0QMZxMN^1d?bN=+8qpSNi}Pu9vicR&e#`kcXc8`aNn{H(mN>PSD<#I@ z51($xd2>{~h~^8}azZ{wt%&I8y?5UC(<8I(gja+6+?*{!AGJ1j`rp2A9PEJyD%(UI z=VyYS5;6LVcyHO4@cj3C30u7cQ;$d;=f*zs^ELHI{814i#{@rGX?$7HUj=pDp>|Yj z{xo1KP9K`(8tmbXuw`T@?iTMC>ltgrLYwN79f|9pI=i@3>8HMWm;4|5 z$#mExqIGQG^6AR%_d(@7J5#4+Z^xLVE!}K*?~bed;|x{Hg}Jc{FRkhrRU+Q~v&Whx z5}TA6uHblEU?LJjL#U2`Y9}tGjc$dN7Q|{A;wAFA#o>Ku>#XH$9Q(c|g{^I~KV)#I z>J=kND7h@&TD|JUG(`j&XIYbv(>>!4{>qOyw;A9G#T1uZPm2+Od8dp&u`fdjfODmL zJ~%(Y?s))Q75Tck9Tdj!c}rhKy}x}>J|}E= zcQ2?O_P4d1N2Jmv0wexxGHCXzpHebuk^Jqk!S?kFAOrhF?>mjHkuF`SLx|G;fIu!E z6>%<{j^wy0`R9O#*;yVL;h}1HX@+y`SktT8@)<$l7u{WlA;RVHzC1U-lDlPgxd#V% z;M7A}NZ+?ip{9OYx%%24t_y0I@gRC{dd2U#+7S$Qmy|{eNm(_wy)}-{$1^V`d3`kT zh0%ruO187C?GKGh6CV9G*a#i>6ubHw5!xi1w`8f~U$sCQQC}7T6bguYbzq;B6(F?c zWHHt7xq2x>N`PQaa$pKgTTH2-#WJDxa{wKbsb^uj)Vc{!f)$2zKms9Y#r~!m{!EV&ckc4v7-QA<2Ssq zEUE!cM8wCV2RL02=8@Gv!>)0WVXoQU1`MYahDeBx!so`kG1?k;!_AUD7tfecP&cM9 zWrM4R&1`b{8vZF8RS`@K$j%Jk52bu zTd7v5XU`-##8DcB5J-d=0s>;c#KXoa%+3N7@T5lsP4yciyDbz8(I369 start() { new ConfigurationBuilder()); ecm.defineConfiguration("magazine", new ConfigurationBuilder().build()); // Client connects to a non default port - hotRodServer = HotRodTestingUtil.startHotRodServer(ecm, 11232); + final HotRodServerConfigurationBuilder hotRodServerConfigurationBuilder = new HotRodServerConfigurationBuilder(); + hotRodServerConfigurationBuilder + .ssl() + .enabled(true) + .keyStoreFileName("src/main/resources/server.p12") + .keyStorePassword(PASSWORD) + .keyStoreType("PKCS12") + .requireClientAuth(false) + .protocol("TLSv1.2"); + + hotRodServer = HotRodTestingUtil.startHotRodServer(ecm, 11232, hotRodServerConfigurationBuilder); return Collections.emptyMap(); } @@ -34,4 +48,5 @@ public void stop() { hotRodServer.stop(); } } + } From f0c3ea7fb7f34a66a448ad66755ff125a143cb69 Mon Sep 17 00:00:00 2001 From: Daniel Newport Date: Mon, 20 Jul 2020 06:28:53 -0400 Subject: [PATCH 2/2] rename trustStoreFileName to trustStore for consistency with other extensions --- extensions/infinispan-client/README.MD | 2 +- .../infinispan/client/runtime/InfinispanClientProducer.java | 2 +- .../client/runtime/InfinispanClientRuntimeConfig.java | 2 +- .../infinispan-client/src/main/resources/application.properties | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/extensions/infinispan-client/README.MD b/extensions/infinispan-client/README.MD index 93f45a7ca2bc2..fccab46151eaf 100644 --- a/extensions/infinispan-client/README.MD +++ b/extensions/infinispan-client/README.MD @@ -74,7 +74,7 @@ This is working, but requires some additional steps to get configured. #### Configure truststore information -This is configured via the `quarkus.infinispan-client.trust-store-file-name` application property. Everything is the same as normal in that +This is configured via the `quarkus.infinispan-client.trust-store` application property. Everything is the same as normal in that you have to add the certificate from the server to the configured truststore if it already trusted in the default java cacerts file. diff --git a/extensions/infinispan-client/runtime/src/main/java/io/quarkus/infinispan/client/runtime/InfinispanClientProducer.java b/extensions/infinispan-client/runtime/src/main/java/io/quarkus/infinispan/client/runtime/InfinispanClientProducer.java index 4edbfc46bb5ed..7f939bc0c4b45 100644 --- a/extensions/infinispan-client/runtime/src/main/java/io/quarkus/infinispan/client/runtime/InfinispanClientProducer.java +++ b/extensions/infinispan-client/runtime/src/main/java/io/quarkus/infinispan/client/runtime/InfinispanClientProducer.java @@ -187,7 +187,7 @@ private ConfigurationBuilder builderFromProperties(Properties properties) { infinispanClientRuntimeConfig.saslMechanism .ifPresent(v -> properties.put(ConfigurationProperties.SASL_MECHANISM, v)); - infinispanClientRuntimeConfig.trustStoreFileName + infinispanClientRuntimeConfig.trustStore .ifPresent(v -> properties.put(ConfigurationProperties.TRUST_STORE_FILE_NAME, v)); infinispanClientRuntimeConfig.trustStorePassword diff --git a/extensions/infinispan-client/runtime/src/main/java/io/quarkus/infinispan/client/runtime/InfinispanClientRuntimeConfig.java b/extensions/infinispan-client/runtime/src/main/java/io/quarkus/infinispan/client/runtime/InfinispanClientRuntimeConfig.java index 1a0c22fe49dca..b24149963d3de 100644 --- a/extensions/infinispan-client/runtime/src/main/java/io/quarkus/infinispan/client/runtime/InfinispanClientRuntimeConfig.java +++ b/extensions/infinispan-client/runtime/src/main/java/io/quarkus/infinispan/client/runtime/InfinispanClientRuntimeConfig.java @@ -76,7 +76,7 @@ public class InfinispanClientRuntimeConfig { * Sets the trust store path */ @ConfigItem - Optional trustStoreFileName; + Optional trustStore; /** * Sets the trust store password diff --git a/integration-tests/infinispan-client/src/main/resources/application.properties b/integration-tests/infinispan-client/src/main/resources/application.properties index 8c60019b4c22c..d28fd785e1337 100644 --- a/integration-tests/infinispan-client/src/main/resources/application.properties +++ b/integration-tests/infinispan-client/src/main/resources/application.properties @@ -1,6 +1,6 @@ quarkus.infinispan-client.server-list=localhost:11232 quarkus.infinispan-client.near-cache-max-entries=3 -quarkus.infinispan-client.trust-store-file-name=src/main/resources/server.p12 +quarkus.infinispan-client.trust-store=src/main/resources/server.p12 quarkus.infinispan-client.trust-store-password=changeit quarkus.infinispan-client.trust-store-type=PKCS12