Skip to content

Commit

Permalink
Merge pull request #18387 from famod/key-password
Browse files Browse the repository at this point in the history 
TLS: Introduce key-store-key-password
  • Loading branch information
@famod
famod authored Jul 5, 2021
2 parents 552aa8c + fa325a3 commit 25a7611
Show file tree
Hide file tree
Showing 4 changed files with 20 additions and 10 deletions.
6 changes: 6 additions & 0 deletions ...ons/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/CertificateConfig.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,12 @@ public class CertificateConfig {
@ConfigItem
public Optional<String> keyStoreKeyAlias;

/**
* An optional parameter to define the password for the key, in case it's different from {@link #keyStorePassword}.
*/
@ConfigItem
public Optional<String> keyStoreKeyPassword;

/**
* An optional trust store which holds the certificate information of the certificates to trust.
*/
Expand Down
23 changes: 13 additions & 10 deletions ...ons/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/VertxHttpRecorder.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -622,7 +622,8 @@ private static HttpServerOptions createSslOptions(HttpBuildTimeConfig buildTimeC
keystorePassword,
sslConfig.certificate.keyStoreFileType,
sslConfig.certificate.keyStoreProvider,
sslConfig.certificate.keyStoreKeyAlias);
sslConfig.certificate.keyStoreKeyAlias,
sslConfig.certificate.keyStoreKeyPassword);
serverOptions.setKeyCertOptions(options);
} else {
return null;
Expand All @@ -637,7 +638,8 @@ private static HttpServerOptions createSslOptions(HttpBuildTimeConfig buildTimeC
trustStorePassword.get(),
sslConfig.certificate.trustStoreFileType,
sslConfig.certificate.trustStoreProvider,
sslConfig.certificate.trustStoreCertAlias);
sslConfig.certificate.trustStoreCertAlias,
Optional.empty());
serverOptions.setTrustOptions(options);
}

Expand All @@ -664,22 +666,23 @@ private static HttpServerOptions createSslOptions(HttpBuildTimeConfig buildTimeC
return serverOptions;
}

private static KeyStoreOptions createKeyStoreOptions(Path keyStorePath, String password, Optional<String> keyStoreFileType,
Optional<String> keyStoreProvider, Optional<String> keyStoreAlias) throws IOException {
private static KeyStoreOptions createKeyStoreOptions(Path path, String password, Optional<String> fileType,
Optional<String> provider, Optional<String> alias, Optional<String> aliasPassword) throws IOException {
final String type;
if (keyStoreFileType.isPresent()) {
type = keyStoreFileType.get().toLowerCase();
if (fileType.isPresent()) {
type = fileType.get().toLowerCase();
} else {
type = findKeystoreFileType(keyStorePath);
type = findKeystoreFileType(path);
}

byte[] data = getFileContent(keyStorePath);
byte[] data = getFileContent(path);
KeyStoreOptions options = new KeyStoreOptions()
.setPassword(password)
.setValue(Buffer.buffer(data))
.setType(type.toUpperCase())
.setProvider(keyStoreProvider.orElse(null))
.setAlias(keyStoreAlias.orElse(null));
.setProvider(provider.orElse(null))
.setAlias(alias.orElse(null))
.setAliasPassword(aliasPassword.orElse(null));
return options;
}

Expand Down
1 change: 1 addition & 0 deletions integration-tests/vertx-http/src/main/resources/application.properties
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ vertx.event-loops.size=2
quarkus.http.ssl.certificate.key-store-file=server-keystore.jks
quarkus.http.ssl.certificate.key-store-password=password
quarkus.http.ssl.certificate.key-store-key-alias=server
quarkus.http.ssl.certificate.key-store-key-password=serverpw
quarkus.http.ssl.certificate.trust-store-file=server-truststore.jks
quarkus.http.ssl.certificate.trust-store-password=password
quarkus.http.ssl.certificate.trust-store-cert-alias=mykey-1
Expand Down
Binary file modified integration-tests/vertx-http/src/main/resources/server-keystore.jks
View file
Binary file not shown.

0 comments on commit 25a7611

Please sign in to comment.