From ed371a1fd82be70c6a0be7572698172f83ff144a Mon Sep 17 00:00:00 2001 From: cstdev Date: Fri, 18 Oct 2019 12:39:35 +0000 Subject: [PATCH] Enable setting of truststore path, type and password --- .../vertx/http/runtime/CertificateConfig.java | 19 ++++++ .../vertx/http/runtime/VertxHttpRecorder.java | 60 ++++++++++++++++--- 2 files changed, 72 insertions(+), 7 deletions(-) diff --git a/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/CertificateConfig.java b/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/CertificateConfig.java index b98701ae253301..a465eef97e34e6 100644 --- a/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/CertificateConfig.java +++ b/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/CertificateConfig.java @@ -41,4 +41,23 @@ public class CertificateConfig { */ @ConfigItem(defaultValue = "password") public String keyStorePassword; + + /** + * An optional trust store which holds the certificate information of the certificates to trust + */ + @ConfigItem + public Optional trustStoreFile; + + /** + * An optional parameter to specify type of the trust store file. If not given, the type is automatically detected + * based on the file name. + */ + @ConfigItem + public Optional trustStoreFileType; + + /** + * A parameter to specify the password of the trust store file. + */ + @ConfigItem + public Optional trustStorePassword; } diff --git a/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/VertxHttpRecorder.java b/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/VertxHttpRecorder.java index 6ac32bb7a5c0f3..c255fd8faae7d9 100644 --- a/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/VertxHttpRecorder.java +++ b/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/VertxHttpRecorder.java @@ -285,6 +285,8 @@ private static HttpServerOptions createSslOptions(HttpConfiguration httpConfigur final Optional keyFile = sslConfig.certificate.keyFile; final Optional keyStoreFile = sslConfig.certificate.keyStoreFile; final String keystorePassword = sslConfig.certificate.keyStorePassword; + final Optional trustStoreFile = sslConfig.certificate.trustStoreFile; + final Optional trustStorePassword = sslConfig.certificate.trustStorePassword; final HttpServerOptions serverOptions = new HttpServerOptions(); serverOptions.setMaxHeaderSize(httpConfiguration.limits.maxHeaderSize.asBigInteger().intValueExact()); @@ -297,13 +299,7 @@ private static HttpServerOptions createSslOptions(HttpConfiguration httpConfigur if (keyStoreFileType.isPresent()) { type = keyStoreFileType.get().toLowerCase(); } else { - final String pathName = keyStorePath.toString(); - if (pathName.endsWith(".p12") || pathName.endsWith(".pkcs12") || pathName.endsWith(".pfx")) { - type = "pkcs12"; - } else { - // assume jks - type = "jks"; - } + type = findKeystoreFileType(keyStorePath); } byte[] data = getFileContent(keyStorePath); @@ -331,6 +327,22 @@ private static HttpServerOptions createSslOptions(HttpConfiguration httpConfigur return null; } + if (trustStoreFile.isPresent()) { + if (!trustStorePassword.isPresent()) { + throw new IllegalArgumentException("No trust store password provided"); + } + final String type; + final Optional trustStoreFileType = sslConfig.certificate.trustStoreFileType; + final Path trustStoreFilePath = trustStoreFile.get(); + if (trustStoreFileType.isPresent()) { + type = trustStoreFileType.get().toLowerCase(); + } else { + type = findKeystoreFileType(trustStoreFilePath); + } + createTrustStoreOptions(trustStoreFilePath, trustStorePassword.get(), type, + serverOptions); + } + for (String cipher : sslConfig.cipherSuites) { if (!cipher.isEmpty()) { serverOptions.addEnabledCipherSuite(cipher); @@ -374,6 +386,40 @@ private static void createPemKeyCertOptions(Path certFile, Path keyFile, serverOptions.setPemKeyCertOptions(pemKeyCertOptions); } + private static void createTrustStoreOptions(Path trustStoreFile, String trustStorePassword, + String trustStoreFileType, HttpServerOptions serverOptions) throws IOException { + byte[] data = getFileContent(trustStoreFile); + switch (trustStoreFileType) { + case "pkcs12": { + PfxOptions options = new PfxOptions() + .setPassword(trustStorePassword) + .setValue(Buffer.buffer(data)); + serverOptions.setPfxTrustOptions(options); + break; + } + case "jks": { + JksOptions options = new JksOptions() + .setPassword(trustStorePassword) + .setValue(Buffer.buffer(data)); + serverOptions.setTrustStoreOptions(options); + break; + } + default: + throw new IllegalArgumentException( + "Unknown truststore type: " + trustStoreFileType + " valid types are jks or pkcs12"); + } + } + + private static String findKeystoreFileType(Path storePath) { + final String pathName = storePath.toString(); + if (pathName.endsWith(".p12") || pathName.endsWith(".pkcs12") || pathName.endsWith(".pfx")) { + return "pkcs12"; + } else { + // assume jks + return "jks"; + } + } + private static byte[] doRead(InputStream is) throws IOException { ByteArrayOutputStream out = new ByteArrayOutputStream(); byte[] buf = new byte[1024];