e.cxf.quarkus-cxf-integration-test-mtls.3.17.3.source-code.application.properties Maven / Gradle / Ivy

Go to download
# ${keystore.type} and ${keystore.type.short} are replaced by maven-resource-plugin filtering based on Maven profile
keystore.type = ${keystore.type}
keystore.type.short = ${keystore.type.short}

# tag::mtls[]
# Server keystore for Simple TLS
quarkus.tls.localhost-${keystore.type}.key-store.${keystore.type.short}.path = localhost-keystore.${keystore.type.short}
quarkus.tls.localhost-${keystore.type}.key-store.${keystore.type.short}.password = secret
quarkus.tls.localhost-${keystore.type}.key-store.${keystore.type.short}.alias = localhost
quarkus.tls.localhost-${keystore.type}.key-store.${keystore.type.short}.alias-password = secret
# Server truststore for Mutual TLS
quarkus.tls.localhost-${keystore.type}.trust-store.${keystore.type.short}.path = localhost-server-truststore.${keystore.type.short}
quarkus.tls.localhost-${keystore.type}.trust-store.${keystore.type.short}.password = secret
# Select localhost-${keystore.type} as the TLS configuration for the HTTP server
quarkus.http.tls-configuration-name = localhost-${keystore.type}

# Do not allow any clients which do not prove their indentity through an SSL certificate
quarkus.http.ssl.client-auth = required

# CXF service
quarkus.cxf.endpoint."/mTls".implementor = io.quarkiverse.cxf.it.auth.mtls.MTlsHelloServiceImpl

# CXF client with a properly set certificate for mTLS
quarkus.cxf.client.mTls.client-endpoint-url = https://localhost:${quarkus.http.test-ssl-port}/services/mTls
quarkus.cxf.client.mTls.service-interface = io.quarkiverse.cxf.it.security.policy.HelloService
# Set client-${keystore.type} as the TLS configuration for the this client
quarkus.cxf.client.mTls.tls-configuration-name = client-${keystore.type}
# Named TLS configuration for the client
quarkus.tls.client-${keystore.type}.key-store.${keystore.type.short}.path = target/classes/localhost-client-keystore.${keystore.type.short}
quarkus.tls.client-${keystore.type}.key-store.${keystore.type.short}.password = secret
quarkus.tls.client-${keystore.type}.key-store.${keystore.type.short}.alias = client
quarkus.tls.client-${keystore.type}.key-store.${keystore.type.short}.alias-password = secret
quarkus.tls.client-${keystore.type}.trust-store.${keystore.type.short}.path = target/classes/localhost-truststore.${keystore.type.short}
quarkus.tls.client-${keystore.type}.trust-store.${keystore.type.short}.password = secret

# Include the keystores in the native executable
quarkus.native.resources.includes = *.pkcs12,*.jks
# end::mtls[]

# CXF client configured for mTLS in the old way
quarkus.cxf.client.mTlsOld.client-endpoint-url = https://localhost:${quarkus.http.test-ssl-port}/services/mTls
quarkus.cxf.client.mTlsOld.service-interface = io.quarkiverse.cxf.it.security.policy.HelloService
quarkus.cxf.client.mTlsOld.key-store = target/classes/localhost-client-keystore.${keystore.type.short}
quarkus.cxf.client.mTlsOld.key-store-type = ${keystore.type}
quarkus.cxf.client.mTlsOld.key-store-password = secret
quarkus.cxf.client.mTlsOld.key-password = secret
quarkus.cxf.client.mTlsOld.trust-store = target/classes/localhost-truststore.${keystore.type.short}
quarkus.cxf.client.mTlsOld.trust-store-type = ${keystore.type}
quarkus.cxf.client.mTlsOld.trust-store-password = secret


# CXF client without keystore (to test the failing case)
quarkus.cxf.client.noKeystore.client-endpoint-url = https://localhost:${quarkus.http.test-ssl-port}/services/mTls
quarkus.cxf.client.noKeystore.service-interface = io.quarkiverse.cxf.it.security.policy.HelloService
quarkus.cxf.client.noKeystore.trust-store = localhost-truststore.${keystore.type.short}
quarkus.cxf.client.noKeystore.trust-store-type = ${keystore.type}
quarkus.cxf.client.noKeystore.trust-store-password = secret