From 7e81c8047ca9a3f51c2a7af167520e638cff1ffb Mon Sep 17 00:00:00 2001 From: Katia Aresti Date: Thu, 22 Aug 2024 13:26:39 +0200 Subject: [PATCH] Updates to Infinispan 15.0.8.Final * SSL config validation is avoided by not starting the client * Adds keyStore missing configuration * Adds a property to disable client start if needed --- bom/application/pom.xml | 4 +-- .../InfinispanConfigurationSetupTest.java | 6 ++++- .../cache-config-application.properties | 8 +++++- .../runtime/InfinispanClientProducer.java | 23 +++++++++++++--- .../InfinispanClientRuntimeConfig.java | 27 +++++++++++++++++++ .../InfinispanClientsRuntimeConfig.java | 6 +++++ 6 files changed, 66 insertions(+), 8 deletions(-) diff --git a/bom/application/pom.xml b/bom/application/pom.xml index 03b8dcd23d3dd..21fafe6a3d8d7 100644 --- a/bom/application/pom.xml +++ b/bom/application/pom.xml @@ -132,8 +132,8 @@ 1.2.6 2.2 5.10.3 - 15.0.6.Final - 5.0.7.Final + 15.0.8.Final + 5.0.8.Final 3.1.5 4.1.111.Final 1.16.0 diff --git a/extensions/infinispan-client/deployment/src/test/java/org/quarkus/infinispan/client/deployment/InfinispanConfigurationSetupTest.java b/extensions/infinispan-client/deployment/src/test/java/org/quarkus/infinispan/client/deployment/InfinispanConfigurationSetupTest.java index b5051f83b5c94..53035f5885e7b 100644 --- a/extensions/infinispan-client/deployment/src/test/java/org/quarkus/infinispan/client/deployment/InfinispanConfigurationSetupTest.java +++ b/extensions/infinispan-client/deployment/src/test/java/org/quarkus/infinispan/client/deployment/InfinispanConfigurationSetupTest.java @@ -38,8 +38,12 @@ public void infinispanConnectionConfiguration() { assertThat(configuration.security().authentication().serverName()).isEqualTo("custom-server-name"); assertThat(configuration.security().ssl().enabled()).isTrue(); assertThat(configuration.security().ssl().trustStorePassword()).isEqualTo("trust-pass".toCharArray()); - assertThat(configuration.security().ssl().trustStoreFileName()).isEqualTo("custom-trust-store"); + assertThat(configuration.security().ssl().trustStoreFileName()).isEqualTo("trustFileName.pfx"); assertThat(configuration.security().ssl().trustStoreType()).isEqualTo("JCEKS"); + assertThat(configuration.security().ssl().keyStoreFileName()).isEqualTo("keyStoreFile.pfx"); + assertThat(configuration.security().ssl().keyStoreType()).isEqualTo("PKCS12"); + assertThat(configuration.security().ssl().keyStorePassword()).isEqualTo("key-pass".toCharArray()); + assertThat(configuration.security().ssl().keyAlias()).isEqualTo("keyAlias"); assertThat(configuration.security().ssl().provider()).isEqualTo("SSL_prov"); assertThat(configuration.security().ssl().protocol()).isEqualTo("SSL_protocol"); assertThat(configuration.security().ssl().ciphers()).containsExactlyInAnyOrder("SSL_cipher1", "SSL_cipher2"); diff --git a/extensions/infinispan-client/deployment/src/test/resources/cache-config-application.properties b/extensions/infinispan-client/deployment/src/test/resources/cache-config-application.properties index b0e8b172ad8dd..e6f35bd91c22b 100644 --- a/extensions/infinispan-client/deployment/src/test/resources/cache-config-application.properties +++ b/extensions/infinispan-client/deployment/src/test/resources/cache-config-application.properties @@ -1,6 +1,8 @@ # don't run any server with test containers. this config is used to test the configuration mapping quarkus.infinispan-client.devservices.enabled=false quarkus.infinispan-client.use-schema-registration=false +# don't start the client, we are only testing the configuration only +quarkus.infinispan-client.start-client=false quarkus.infinispan-client.hosts=cluster1:31000 quarkus.infinispan-client.username=infinispan @@ -10,7 +12,11 @@ quarkus.infinispan-client.client-intelligence=BASIC quarkus.infinispan-client.sasl-mechanism=BASIC quarkus.infinispan-client.auth-realm=infiniRealm quarkus.infinispan-client.auth-server-name=custom-server-name -quarkus.infinispan-client.trust-store=custom-trust-store +quarkus.infinispan-client.key-store=keyStoreFile.pfx +quarkus.infinispan-client.key-store-type=PKCS12 +quarkus.infinispan-client.key-store-password=key-pass +quarkus.infinispan-client.key-alias=keyAlias +quarkus.infinispan-client.trust-store=trustFileName.pfx quarkus.infinispan-client.trust-store-password=trust-pass quarkus.infinispan-client.trust-store-type=JCEKS quarkus.infinispan-client.ssl-provider=SSL_prov diff --git a/extensions/infinispan-client/runtime/src/main/java/io/quarkus/infinispan/client/runtime/InfinispanClientProducer.java b/extensions/infinispan-client/runtime/src/main/java/io/quarkus/infinispan/client/runtime/InfinispanClientProducer.java index 068a67d97bd64..b1b170bc91465 100644 --- a/extensions/infinispan-client/runtime/src/main/java/io/quarkus/infinispan/client/runtime/InfinispanClientProducer.java +++ b/extensions/infinispan-client/runtime/src/main/java/io/quarkus/infinispan/client/runtime/InfinispanClientProducer.java @@ -146,11 +146,12 @@ private void initialize(String infinispanConfigName, Map pro return; } // Build de cache manager if the server list is present - RemoteCacheManager cacheManager = new RemoteCacheManager(conf.build()); - remoteCacheManagers.put(infinispanConfigName, cacheManager); - InfinispanClientsRuntimeConfig infinispanClientsRuntimeConfig = this.infinispanClientsRuntimeConfigHandle.get(); + RemoteCacheManager cacheManager = new RemoteCacheManager(conf.build(), + infinispanClientsRuntimeConfig.startClient.orElse(Boolean.TRUE)); + remoteCacheManagers.put(infinispanConfigName, cacheManager); + if (infinispanClientsRuntimeConfig.useSchemaRegistration.orElse(Boolean.TRUE)) { registerSchemaInServer(infinispanConfigName, properties, cacheManager); } @@ -239,7 +240,21 @@ private ConfigurationBuilder builderFromProperties(String infinispanClientName, if (infinispanClientRuntimeConfig.saslMechanism.isPresent()) { properties.put(ConfigurationProperties.SASL_MECHANISM, infinispanClientRuntimeConfig.saslMechanism.get()); } - + if (infinispanClientRuntimeConfig.keyStore.isPresent()) { + properties.put(ConfigurationProperties.KEY_STORE_FILE_NAME, infinispanClientRuntimeConfig.keyStore.get()); + } + if (infinispanClientRuntimeConfig.keyStorePassword.isPresent()) { + properties.put(ConfigurationProperties.KEY_STORE_PASSWORD, + infinispanClientRuntimeConfig.keyStorePassword.get()); + } + if (infinispanClientRuntimeConfig.keyStoreType.isPresent()) { + properties.put(ConfigurationProperties.KEY_STORE_TYPE, + infinispanClientRuntimeConfig.keyStoreType.get()); + } + if (infinispanClientRuntimeConfig.keyAlias.isPresent()) { + properties.put(ConfigurationProperties.KEY_ALIAS, + infinispanClientRuntimeConfig.keyAlias.get()); + } if (infinispanClientRuntimeConfig.trustStore.isPresent()) { properties.put(ConfigurationProperties.TRUST_STORE_FILE_NAME, infinispanClientRuntimeConfig.trustStore.get()); } diff --git a/extensions/infinispan-client/runtime/src/main/java/io/quarkus/infinispan/client/runtime/InfinispanClientRuntimeConfig.java b/extensions/infinispan-client/runtime/src/main/java/io/quarkus/infinispan/client/runtime/InfinispanClientRuntimeConfig.java index 0699cb40a142a..c16d708f3bb6a 100644 --- a/extensions/infinispan-client/runtime/src/main/java/io/quarkus/infinispan/client/runtime/InfinispanClientRuntimeConfig.java +++ b/extensions/infinispan-client/runtime/src/main/java/io/quarkus/infinispan/client/runtime/InfinispanClientRuntimeConfig.java @@ -124,6 +124,33 @@ public class InfinispanClientRuntimeConfig { @ConfigItem(defaultValue = "DIGEST-MD5") Optional saslMechanism; + /** + * Specifies the filename of a keystore to use to create the {@link SSLContext}. + * You also need to specify a keyStorePassword. + * Setting this property implicitly enables SSL/TLS. + */ + @ConfigItem + Optional keyStore; + + /** + * Specifies the password needed to open the keystore. You also need to specify a keyStore. + * Setting this property implicitly enables SSL/TLS. + */ + @ConfigItem + Optional keyStorePassword; + + /** + * Specifies the type of the keyStore, such as PKCS12. + */ + @ConfigItem + Optional keyStoreType; + + /** + * Sets the unique name used to identify a specific key pair in a keystore for secure connections. + */ + @ConfigItem + Optional keyAlias; + /** * Specifies the filename of a truststore to use to create the {@link SSLContext}. * You also need to specify a trustStorePassword. diff --git a/extensions/infinispan-client/runtime/src/main/java/io/quarkus/infinispan/client/runtime/InfinispanClientsRuntimeConfig.java b/extensions/infinispan-client/runtime/src/main/java/io/quarkus/infinispan/client/runtime/InfinispanClientsRuntimeConfig.java index a11558a6b6ce8..751d39db83f13 100644 --- a/extensions/infinispan-client/runtime/src/main/java/io/quarkus/infinispan/client/runtime/InfinispanClientsRuntimeConfig.java +++ b/extensions/infinispan-client/runtime/src/main/java/io/quarkus/infinispan/client/runtime/InfinispanClientsRuntimeConfig.java @@ -37,6 +37,12 @@ public class InfinispanClientsRuntimeConfig { @ConfigItem(defaultValue = "true") Optional useSchemaRegistration; + /** + * Starts the client and connects to the server. If set to false, you'll need to start it yourself. + */ + @ConfigItem(defaultValue = "true") + public Optional startClient; + public InfinispanClientRuntimeConfig getInfinispanClientRuntimeConfig(String infinispanClientName) { if (InfinispanClientUtil.isDefault(infinispanClientName)) { return defaultInfinispanClient;