Enable setting of truststore path, type and password

quarkusio · Oct 18, 2019 · ed371a1 · ed371a1
1 parent 61b16b9
commit ed371a1
Show file tree

Hide file tree

Showing 2 changed files with 72 additions and 7 deletions.
diff --git a/...ons/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/CertificateConfig.java b/...ons/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/CertificateConfig.java
@@ -41,4 +41,23 @@ public class CertificateConfig {
      */
     @ConfigItem(defaultValue = "password")
     public String keyStorePassword;
+
+    /**
+     * An optional trust store which holds the certificate information of the certificates to trust
+     */
+    @ConfigItem
+    public Optional<Path> trustStoreFile;
+
+    /**
+     * An optional parameter to specify type of the trust store file. If not given, the type is automatically detected
+     * based on the file name.
+     */
+    @ConfigItem
+    public Optional<String> trustStoreFileType;
+
+    /**
+     * A parameter to specify the password of the trust store file.
+     */
+    @ConfigItem
+    public Optional<String> trustStorePassword;
 }
diff --git a/...ons/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/VertxHttpRecorder.java b/...ons/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/VertxHttpRecorder.java
@@ -285,6 +285,8 @@ private static HttpServerOptions createSslOptions(HttpConfiguration httpConfigur
         final Optional<Path> keyFile = sslConfig.certificate.keyFile;
         final Optional<Path> keyStoreFile = sslConfig.certificate.keyStoreFile;
         final String keystorePassword = sslConfig.certificate.keyStorePassword;
+        final Optional<Path> trustStoreFile = sslConfig.certificate.trustStoreFile;
+        final Optional<String> trustStorePassword = sslConfig.certificate.trustStorePassword;
         final HttpServerOptions serverOptions = new HttpServerOptions();
         serverOptions.setMaxHeaderSize(httpConfiguration.limits.maxHeaderSize.asBigInteger().intValueExact());
 
@@ -297,13 +299,7 @@ private static HttpServerOptions createSslOptions(HttpConfiguration httpConfigur
             if (keyStoreFileType.isPresent()) {
                 type = keyStoreFileType.get().toLowerCase();
             } else {
-                final String pathName = keyStorePath.toString();
-                if (pathName.endsWith(".p12") || pathName.endsWith(".pkcs12") || pathName.endsWith(".pfx")) {
-                    type = "pkcs12";
-                } else {
-                    // assume jks
-                    type = "jks";
-                }
+                type = findKeystoreFileType(keyStorePath);
             }
 
             byte[] data = getFileContent(keyStorePath);
@@ -331,6 +327,22 @@ private static HttpServerOptions createSslOptions(HttpConfiguration httpConfigur
             return null;
         }
 
+        if (trustStoreFile.isPresent()) {
+            if (!trustStorePassword.isPresent()) {
+                throw new IllegalArgumentException("No trust store password provided");
+            }
+            final String type;
+            final Optional<String> trustStoreFileType = sslConfig.certificate.trustStoreFileType;
+            final Path trustStoreFilePath = trustStoreFile.get();
+            if (trustStoreFileType.isPresent()) {
+                type = trustStoreFileType.get().toLowerCase();
+            } else {
+                type = findKeystoreFileType(trustStoreFilePath);
+            }
+            createTrustStoreOptions(trustStoreFilePath, trustStorePassword.get(), type,
+                    serverOptions);
+        }
+
         for (String cipher : sslConfig.cipherSuites) {
             if (!cipher.isEmpty()) {
                 serverOptions.addEnabledCipherSuite(cipher);
@@ -374,6 +386,40 @@ private static void createPemKeyCertOptions(Path certFile, Path keyFile,
         serverOptions.setPemKeyCertOptions(pemKeyCertOptions);
     }
 
+    private static void createTrustStoreOptions(Path trustStoreFile, String trustStorePassword,
+            String trustStoreFileType, HttpServerOptions serverOptions) throws IOException {
+        byte[] data = getFileContent(trustStoreFile);
+        switch (trustStoreFileType) {
+            case "pkcs12": {
+                PfxOptions options = new PfxOptions()
+                        .setPassword(trustStorePassword)
+                        .setValue(Buffer.buffer(data));
+                serverOptions.setPfxTrustOptions(options);
+                break;
+            }
+            case "jks": {
+                JksOptions options = new JksOptions()
+                        .setPassword(trustStorePassword)
+                        .setValue(Buffer.buffer(data));
+                serverOptions.setTrustStoreOptions(options);
+                break;
+            }
+            default:
+                throw new IllegalArgumentException(
+                        "Unknown truststore type: " + trustStoreFileType + " valid types are jks or pkcs12");
+        }
+    }
+
+    private static String findKeystoreFileType(Path storePath) {
+        final String pathName = storePath.toString();
+        if (pathName.endsWith(".p12") || pathName.endsWith(".pkcs12") || pathName.endsWith(".pfx")) {
+            return "pkcs12";
+        } else {
+            // assume jks
+            return "jks";
+        }
+    }
+
     private static byte[] doRead(InputStream is) throws IOException {
         ByteArrayOutputStream out = new ByteArrayOutputStream();
         byte[] buf = new byte[1024];