Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for the TLS registry to the Redis client extension #41000

Closed
cescoffier opened this issue Jun 6, 2024 · 1 comment · Fixed by #41030
Closed

Add support for the TLS registry to the Redis client extension #41000

cescoffier opened this issue Jun 6, 2024 · 1 comment · Fixed by #41030
Assignees
@cescoffier
Labels
area/redis
Milestone
3.12.0.CR1

Comments

@cescoffier
Copy link
Member

cescoffier commented Jun 6, 2024
edited
Loading

Description

With the integrated TLS registry, it should be possible to configure Redis TLS using the TLS registry instead of the specific Redis configuration.

Implementation ideas

This is the code used for the mailer:

 private void configureTLS(String name, MailerRuntimeConfig config, TlsConfigurationRegistry tlsRegistry, MailConfig cfg,
            boolean globalTrustAll) {
        TlsConfiguration configuration = null;

        // Check if we have a named TLS configuration or a default configuration:
        if (config.tlsConfigurationName.isPresent()) {
            Optional<TlsConfiguration> maybeConfiguration = tlsRegistry.get(config.tlsConfigurationName.get());
            if (!maybeConfiguration.isPresent()) {
                throw new IllegalStateException("Unable to find the TLS configuration "
                        + config.tlsConfigurationName.get() + " for the mailer " + name + ".");
            }
            configuration = maybeConfiguration.get();
        } else if (tlsRegistry.getDefault().isPresent() && tlsRegistry.getDefault().get().isTlsEnabled()) {
            configuration = tlsRegistry.getDefault().get();
        }

       // Apply the configuration
        if (configuration != null) {
            // This part is often the same (or close) for every Vert.x client:
            cfg.setSsl(true);

            if (configuration.getTrustStoreOptions() != null) {
                cfg.setTrustOptions(configuration.getTrustStoreOptions());
            }

           // For mTLS:
            if (configuration.getKeyStoreOptions() != null) {
                cfg.setKeyCertOptions(configuration.getKeyStoreOptions());
            }

            if (configuration.isTrustAll()) {
                cfg.setTrustAll(true);
            }
            if (configuration.getHostnameVerificationAlgorithm().isPresent()) {
               // ACHTUNG HERE - this is protocol specific. The HTTP-based protocols should use HTTPS by default. 
                cfg.setHostnameVerificationAlgorithm(configuration.getHostnameVerificationAlgorithm().get());
            }

            SSLOptions sslOptions = configuration.getSSLOptions();
            if (sslOptions != null) {
                cfg.setSslHandshakeTimeout(sslOptions.getSslHandshakeTimeout());
                cfg.setSslHandshakeTimeoutUnit(sslOptions.getSslHandshakeTimeoutUnit());
                for (String suite : sslOptions.getEnabledCipherSuites()) {
                    cfg.addEnabledCipherSuite(suite);
                }
                for (Buffer buffer : sslOptions.getCrlValues()) {
                    cfg.addCrlValue(buffer);
                }
                cfg.setEnabledSecureTransportProtocols(sslOptions.getEnabledSecureTransportProtocols());

            }

        } else {
           // Mailer specific configuration (very incomplete as you can see:
            boolean trustAll = config.trustAll.isPresent() ? config.trustAll.get() : globalTrustAll;
            cfg.setSsl(config.ssl);
            cfg.setTrustAll(trustAll);
            applyTruststore(config, cfg);
        }
    }
@cescoffier cescoffier added the area/housekeeping Issue type for generalized tasks not related to bugs or enhancements label Jun 6, 2024
@quarkus-bot quarkus-bot
Copy link

quarkus-bot bot commented Jun 6, 2024

/cc @Ladicek (redis), @machi1990 (redis)

@cescoffier cescoffier removed the area/housekeeping Issue type for generalized tasks not related to bugs or enhancements label Jun 6, 2024
@cescoffier cescoffier moved this from Todo to In Progress in WG - Enhanced TLS support Jun 6, 2024
@cescoffier cescoffier self-assigned this Jun 6, 2024
@cescoffier cescoffier mentioned this issue Jun 6, 2024
Merged
@github-project-automation github-project-automation bot moved this from In Progress to Done in WG - Enhanced TLS support Jun 7, 2024
@quarkus-bot quarkus-bot bot added this to the 3.12 - main milestone Jun 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@cescoffier cescoffier

Labels
area/redis
Projects
WG - Enhanced TLS support
Status: Done
Milestone
3.12.0.CR1
Development

Successfully merging a pull request may close this issue.

Add TLS registry support to the Redis client extension cescoffier/quarkus
1 participant
@cescoffier