Quarkus is not able to determine trust store type and requires to configure file type property now

[michalvavrik]

Describe the bug

After #39106 I can't just set the META-INF/resources/server.keystore keystore and let Quarkus determine trust store type. I use

quarkus.http.ssl.certificate.key-store-file=META-INF/resources/server.keystore
quarkus.http.ssl.certificate.key-store-password=password

Expected behavior

Worked before, should work now.

Actual behavior

Exception is thrown and app startup fails

13:30:24,599 INFO  [app] Caused by: java.lang.IllegalArgumentException: Could not determine the trust store type from the file name: META-INF/resources/server.keystore. Configure the file type property.
13:30:24,600 INFO  [app] 	at io.quarkus.vertx.http.runtime.options.TlsUtils.getTypeFromFileName(TlsUtils.java:115)
13:30:24,600 INFO  [app] 	at io.quarkus.vertx.http.runtime.options.TlsUtils.createKeyStoreOptions(TlsUtils.java:127)
13:30:24,601 INFO  [app] 	at io.quarkus.vertx.http.runtime.options.TlsUtils.computeKeyStoreOptions(TlsUtils.java:41)
13:30:24,601 INFO  [app] 	at io.quarkus.vertx.http.runtime.options.HttpServerOptionsUtils.createSslOptions(HttpServerOptionsUtils.java:92)
13:30:24,602 INFO  [app] 	at io.quarkus.vertx.http.runtime.VertxHttpRecorder.initializeMainHttpServer(VertxHttpRecorder.java:670)
13:30:24,602 INFO  [app] 	at io.quarkus.vertx.http.runtime.VertxHttpRecorder.doServerStart(VertxHttpRecorder.java:761)
13:30:24,602 INFO  [app] 	at io.quarkus.vertx.http.runtime.VertxHttpRecorder.startServer(VertxHttpRecorder.java:319)
13:30:24,603 INFO  [app] 	at io.quarkus.deployment.steps.VertxHttpProcessor$openSocket189362710.deploy_0(Unknown Source)
13:30:24,603 INFO  [app] 	at io.quarkus.deployment.steps.VertxHttpProcessor$openSocket189362710.deploy(Unknown Source)

How to Reproduce?

Steps to reproduce the behavior:

1. git clone https://github.com/quarkus-qe/quarkus-test-suite
2. cd quarkus-test-suite/http/http-advanced-reactive
3. mvn clean verify -Dit.test=HttpAdvancedReactiveIT

Output of uname -a or ver

Fedora 38

Output of java -version

21

Quarkus version or git rev

999-SNAPSHOT

Build tool (ie. output of mvnw --version or gradlew --version)

Apache Maven 3.9.3

Additional information

No response

[michalvavrik]

/cc @cescoffier @sberyozkin

[quarkus-bot]

/cc @pedroigor (bearer-token), @sberyozkin (bearer-token,jwt,security)

[cescoffier]

@michalvavrik yes, it's expected - .keystore is slightly annoying as we can't now the format. I suppose it's a JKS file (remember that even Java no longer uses that format as a default)?

We could set the .keystore are JKS file, but looks like a convention from old times.

[cescoffier]

BTW the title says truststore but the description is configuring the keystore. Configuring a truststore with a file using .keystore as extension is confusing.

[cescoffier]

BTW, I explicitly removed the "JKS" by default, as, as I said, this convention comes from old times.

[sberyozkin]

What is the current default store type, P12 ? It should be marked as a breaking change. I agree it is a legacy default type, JKS. May be another option is to deprecate it as a default type as we may have a lot of users still having it in the JKS format

[cescoffier]

no, there is no default anymore. We do an education guess based on the extension (if not set explicitly by the user).

[cescoffier]

We could add .keystore and .trustore as potential match for JKS (and warn the user that these are deprecated)

[michalvavrik]

Alright, I expected to see breaking changes in the https://github.com/quarkusio/quarkus/wiki/Migration-Guide-3.9, but as it is expected, I'll close issue. Thanks

[michalvavrik]

BTW the title says truststore but the description is configuring the keystore. Configuring a truststore with a file using .keystore as extension is confusing.

Description of the io.quarkus.vertx.http.runtime.CertificateConfig#keyStoreFile says keystore but thrown exception speaks about trust store so I got confused java.lang.IllegalArgumentException: Could not determine the trust store type from the file name.

[cescoffier]

let me check the exception and log messages. BTW, I documented the breaking change. Can you check if it makes sense? https://github.com/quarkusio/quarkus/wiki/Migration-Guide-3.9#keystore-and-trust-store-default-format-change

[michalvavrik]

I documented the breaking change. Can you check if it makes sense?

I think it explains change perfectly, thanks.