forked from quarkusio/quarkus
-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Implementation of the internal TLS registry
- Loading branch information
1 parent
8a69770
commit 168b80b
Showing
130 changed files
with
7,573 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,89 @@ | ||
<?xml version="1.0" encoding="UTF-8"?> | ||
<project xmlns="http://maven.apache.org/POM/4.0.0" | ||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | ||
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd"> | ||
<parent> | ||
<artifactId>quarkus-tls-registry-parent</artifactId> | ||
<groupId>io.quarkus</groupId> | ||
<version>999-SNAPSHOT</version> | ||
</parent> | ||
<modelVersion>4.0.0</modelVersion> | ||
|
||
<artifactId>quarkus-tls-registry-deployment</artifactId> | ||
<name>Quarkus - TLS Registry - Deployment</name> | ||
|
||
|
||
<dependencies> | ||
<dependency> | ||
<groupId>io.quarkus</groupId> | ||
<artifactId>quarkus-vertx-deployment</artifactId> | ||
</dependency> | ||
<dependency> | ||
<groupId>io.quarkus</groupId> | ||
<artifactId>quarkus-arc-deployment</artifactId> | ||
</dependency> | ||
<dependency> | ||
<groupId>io.quarkus</groupId> | ||
<artifactId>quarkus-credentials-deployment</artifactId> | ||
</dependency> | ||
<dependency> | ||
<groupId>io.quarkus</groupId> | ||
<artifactId>quarkus-tls-registry</artifactId> | ||
</dependency> | ||
|
||
<!-- Tests --> | ||
<dependency> | ||
<groupId>io.quarkus</groupId> | ||
<artifactId>quarkus-junit5-internal</artifactId> | ||
<scope>test</scope> | ||
</dependency> | ||
<dependency> | ||
<groupId>io.quarkus</groupId> | ||
<artifactId>quarkus-junit5</artifactId> | ||
<scope>test</scope> | ||
</dependency> | ||
<dependency> | ||
<groupId>io.rest-assured</groupId> | ||
<artifactId>rest-assured</artifactId> | ||
<scope>test</scope> | ||
</dependency> | ||
<dependency> | ||
<groupId>org.awaitility</groupId> | ||
<artifactId>awaitility</artifactId> | ||
<scope>test</scope> | ||
</dependency> | ||
<dependency> | ||
<groupId>org.assertj</groupId> | ||
<artifactId>assertj-core</artifactId> | ||
<scope>test</scope> | ||
</dependency> | ||
<dependency> | ||
<groupId>io.vertx</groupId> | ||
<artifactId>vertx-web-client</artifactId> | ||
<scope>test</scope> | ||
</dependency> | ||
|
||
<dependency> | ||
<groupId>me.escoffier.certs</groupId> | ||
<artifactId>certificate-generator-junit5</artifactId> | ||
<scope>test</scope> | ||
</dependency> | ||
</dependencies> | ||
|
||
<build> | ||
<plugins> | ||
<plugin> | ||
<artifactId>maven-compiler-plugin</artifactId> | ||
<configuration> | ||
<annotationProcessorPaths> | ||
<path> | ||
<groupId>io.quarkus</groupId> | ||
<artifactId>quarkus-extension-processor</artifactId> | ||
<version>${project.version}</version> | ||
</path> | ||
</annotationProcessorPaths> | ||
</configuration> | ||
</plugin> | ||
</plugins> | ||
</build> | ||
</project> |
39 changes: 39 additions & 0 deletions
39
extensions/tls-registry/deployment/src/main/java/io/quarkus/tls/CertificatesProcessor.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
package io.quarkus.tls; | ||
|
||
import java.util.List; | ||
|
||
import jakarta.enterprise.context.ApplicationScoped; | ||
|
||
import io.quarkus.arc.deployment.SyntheticBeanBuildItem; | ||
import io.quarkus.deployment.annotations.BuildProducer; | ||
import io.quarkus.deployment.annotations.BuildStep; | ||
import io.quarkus.deployment.annotations.ExecutionTime; | ||
import io.quarkus.deployment.annotations.Record; | ||
import io.quarkus.tls.runtime.CertificateRecorder; | ||
import io.quarkus.tls.runtime.config.TlsConfig; | ||
import io.quarkus.vertx.deployment.VertxBuildItem; | ||
|
||
public class CertificatesProcessor { | ||
|
||
@BuildStep | ||
@Record(ExecutionTime.RUNTIME_INIT) | ||
public void initializeCertificate( | ||
TlsConfig config, VertxBuildItem vertx, CertificateRecorder recorder, | ||
BuildProducer<SyntheticBeanBuildItem> syntheticBeans, | ||
List<TlsCertificateBuildItem> otherCertificates) { | ||
recorder.validateCertificates(config, vertx.getVertx()); | ||
for (TlsCertificateBuildItem certificate : otherCertificates) { | ||
recorder.register(certificate.name, certificate.supplier); | ||
} | ||
|
||
SyntheticBeanBuildItem.ExtendedBeanConfigurator configurator = SyntheticBeanBuildItem | ||
.configure(Registry.class) | ||
.supplier(recorder.getSupplier()) | ||
.scope(ApplicationScoped.class) | ||
.unremovable() | ||
.setRuntimeInit(); | ||
|
||
syntheticBeans.produce(configurator.done()); | ||
} | ||
|
||
} |
18 changes: 18 additions & 0 deletions
18
extensions/tls-registry/deployment/src/main/java/io/quarkus/tls/TlsCertificateBuildItem.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
package io.quarkus.tls; | ||
|
||
import java.util.function.Supplier; | ||
|
||
import io.quarkus.builder.item.MultiBuildItem; | ||
|
||
public final class TlsCertificateBuildItem extends MultiBuildItem { | ||
|
||
public final String name; | ||
|
||
public final Supplier<Registry.TlsConfiguration> supplier; | ||
|
||
public TlsCertificateBuildItem(String name, Supplier<Registry.TlsConfiguration> supplier) { | ||
this.name = name; | ||
this.supplier = supplier; | ||
} | ||
|
||
} |
136 changes: 136 additions & 0 deletions
136
...sions/tls-registry/deployment/src/test/java/io/quarkus/tls/BuildTimeRegistrationTest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,136 @@ | ||
package io.quarkus.tls; | ||
|
||
import static org.assertj.core.api.Assertions.assertThat; | ||
|
||
import java.security.KeyStore; | ||
import java.util.Optional; | ||
import java.util.function.Consumer; | ||
import java.util.function.Supplier; | ||
|
||
import javax.net.ssl.SSLContext; | ||
|
||
import jakarta.inject.Inject; | ||
|
||
import org.jboss.shrinkwrap.api.ShrinkWrap; | ||
import org.jboss.shrinkwrap.api.asset.StringAsset; | ||
import org.jboss.shrinkwrap.api.spec.JavaArchive; | ||
import org.junit.jupiter.api.Test; | ||
import org.junit.jupiter.api.extension.RegisterExtension; | ||
|
||
import io.quarkus.builder.BuildChainBuilder; | ||
import io.quarkus.builder.BuildContext; | ||
import io.quarkus.builder.BuildStep; | ||
import io.quarkus.test.QuarkusUnitTest; | ||
import io.vertx.core.net.KeyCertOptions; | ||
import io.vertx.core.net.SSLOptions; | ||
import io.vertx.core.net.TrustOptions; | ||
import me.escoffier.certs.Format; | ||
import me.escoffier.certs.junit5.Certificate; | ||
import me.escoffier.certs.junit5.Certificates; | ||
|
||
@Certificates(baseDir = "target/certs", certificates = { | ||
@Certificate(name = "test-registration", password = "password", formats = Format.PKCS12) | ||
}) | ||
public class BuildTimeRegistrationTest { | ||
|
||
private static final String configuration = """ | ||
# no configuration by default | ||
"""; | ||
|
||
@RegisterExtension | ||
static final QuarkusUnitTest config = new QuarkusUnitTest().setArchiveProducer( | ||
() -> ShrinkWrap.create(JavaArchive.class) | ||
.add(new StringAsset(configuration), "application.properties")) | ||
.addBuildChainCustomizer(buildCustomizer());; | ||
|
||
@Inject | ||
Registry registry; | ||
|
||
@Test | ||
void testBuildTimeRegistration() { | ||
Registry.TlsConfiguration conf = registry.get("named").orElseThrow(); | ||
assertThat(conf.getKeyStore()).isNotNull(); | ||
assertThat(conf.getTrustStore()).isNotNull(); | ||
} | ||
|
||
static Consumer<BuildChainBuilder> buildCustomizer() { | ||
return new Consumer<BuildChainBuilder>() { | ||
@Override | ||
public void accept(BuildChainBuilder builder) { | ||
builder.addBuildStep(new BuildStep() { | ||
@Override | ||
public void execute(BuildContext context) { | ||
TlsCertificateBuildItem item = new TlsCertificateBuildItem("named", new MyCertificateSupplier()); | ||
context.produce(item); | ||
} | ||
}) | ||
.produces(TlsCertificateBuildItem.class) | ||
.build(); | ||
} | ||
}; | ||
} | ||
|
||
public static class MyCertificateSupplier implements Supplier<Registry.TlsConfiguration> { | ||
|
||
@Override | ||
public Registry.TlsConfiguration get() { | ||
try { | ||
KeyStore ks = KeyStore.getInstance("PKCS12"); | ||
ks.load(getClass().getResourceAsStream("target/certs/test-registration-keystore.p12"), | ||
"password".toCharArray()); | ||
KeyStore ts = KeyStore.getInstance("PKCS12"); | ||
ts.load(getClass().getResourceAsStream("target/certs/test-registration-truststore.p12"), | ||
"password".toCharArray()); | ||
return new Registry.TlsConfiguration() { | ||
@Override | ||
public KeyStore getKeyStore() { | ||
return ks; | ||
} | ||
|
||
@Override | ||
public KeyCertOptions getKeyStoreOptions() { | ||
return null; | ||
} | ||
|
||
@Override | ||
public KeyStore getTrustStore() { | ||
return ts; | ||
} | ||
|
||
@Override | ||
public TrustOptions getTrustStoreOptions() { | ||
return null; | ||
} | ||
|
||
@Override | ||
public SSLOptions getSSLOptions() { | ||
return null; | ||
} | ||
|
||
@Override | ||
public SSLContext createSSLContext() throws Exception { | ||
return null; | ||
} | ||
|
||
@Override | ||
public Optional<String> getHostnameVerificationAlgorithm() { | ||
return Optional.of("HTTPS"); | ||
} | ||
|
||
@Override | ||
public boolean usesSni() { | ||
return false; | ||
} | ||
|
||
@Override | ||
public boolean reload() { | ||
return false; | ||
} | ||
}; | ||
} catch (Exception e) { | ||
throw new RuntimeException(e); | ||
} | ||
} | ||
} | ||
|
||
} |
38 changes: 38 additions & 0 deletions
38
...s/tls-registry/deployment/src/test/java/io/quarkus/tls/CertificateRevocationListTest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
package io.quarkus.tls; | ||
|
||
import static org.assertj.core.api.Assertions.assertThat; | ||
|
||
import jakarta.inject.Inject; | ||
|
||
import org.jboss.shrinkwrap.api.ShrinkWrap; | ||
import org.jboss.shrinkwrap.api.asset.StringAsset; | ||
import org.jboss.shrinkwrap.api.spec.JavaArchive; | ||
import org.junit.jupiter.api.Test; | ||
import org.junit.jupiter.api.extension.RegisterExtension; | ||
|
||
import io.quarkus.test.QuarkusUnitTest; | ||
|
||
public class CertificateRevocationListTest { | ||
|
||
private static final String configuration = """ | ||
quarkus.tls.certificate-revocation-list=src/test/resources/revocations/revoked-cert.der | ||
quarkus.tls.foo.certificate-revocation-list=src/test/resources/revocations/revoked-cert.der | ||
"""; | ||
|
||
@RegisterExtension | ||
static final QuarkusUnitTest config = new QuarkusUnitTest().setArchiveProducer( | ||
() -> ShrinkWrap.create(JavaArchive.class) | ||
.add(new StringAsset(configuration), "application.properties")); | ||
|
||
@Inject | ||
Registry certificates; | ||
|
||
@Test | ||
void test() { | ||
Registry.TlsConfiguration def = certificates.getDefault().orElseThrow(); | ||
Registry.TlsConfiguration foo = certificates.get("foo").orElseThrow(); | ||
assertThat(def.getSSLOptions().getCrlValues()).hasSize(1); | ||
assertThat(foo.getSSLOptions().getCrlValues()).hasSize(1); | ||
} | ||
|
||
} |
Oops, something went wrong.