Skip to content

Commit

Permalink
Merge pull request #1778 from michalvavrik/feature/fix-https-on-fips
Browse files Browse the repository at this point in the history 
Fix Security/HTTPS module in FIPS-enabled environment
  • Loading branch information
@gtroitsk
gtroitsk authored May 2, 2024
2 parents fdf2daa + 8003e7e commit 3f55565
Show file tree
Hide file tree
Showing 27 changed files with 200 additions and 759 deletions.
6 changes: 0 additions & 6 deletions pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,6 @@
<quarkus.ide.version>3.10.0</quarkus.ide.version>
<quarkus.qe.framework.version>1.5.0.Beta2</quarkus.qe.framework.version>
<quarkus-qpid-jms.version>2.6.1</quarkus-qpid-jms.version>
<apache-httpclient-fluent.version>4.5.14</apache-httpclient-fluent.version>
<confluent.kafka-avro-serializer.version>7.5.1</confluent.kafka-avro-serializer.version>
<formatter-maven-plugin.version>2.23.0</formatter-maven-plugin.version>
<impsort-maven-plugin.version>1.9.0</impsort-maven-plugin.version>
Expand Down Expand Up @@ -95,11 +94,6 @@
<artifactId>kafka-avro-serializer</artifactId>
<version>${confluent.kafka-avro-serializer.version}</version>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>fluent-hc</artifactId>
<version>${apache-httpclient-fluent.version}</version>
</dependency>
<dependency>
<groupId>org.amqphub.quarkus</groupId>
<artifactId>quarkus-qpid-jms</artifactId>
Expand Down
188 changes: 0 additions & 188 deletions security/https/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,193 +23,5 @@
<groupId>io.quarkus</groupId>
<artifactId>quarkus-security</artifactId>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>fluent-hc</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<profiles>
<profile>
<!-- The certificates must be placed in META-INF/resources to work in JVM and Native both -->
<id>generate-certificates</id>
<build>
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>keytool-maven-plugin</artifactId>
<executions>
<execution>
<id>server-keystore</id>
<phase>generate-resources</phase>
<goals>
<goal>generateKeyPair</goal>
</goals>
<configuration>
<keystore>${project.build.directory}/server-keystore.pkcs12</keystore>
<storetype>pkcs12</storetype>
<storepass>server-password</storepass>
<alias>server-key</alias>
<keypass>server-password</keypass>
<dname>CN=test</dname>
<ext>SAN=dns:localhost,dns:0.0.0.0,ip:127.0.0.1</ext>
<sigalg>SHA1withRSA</sigalg>
<validity>100</validity>
<keyalg>RSA</keyalg>
<keysize>2048</keysize>
</configuration>
</execution>
<execution>
<id>server-certificate</id>
<phase>generate-resources</phase>
<goals>
<goal>exportCertificate</goal>
</goals>
<configuration>
<keystore>${project.build.directory}/server-keystore.pkcs12</keystore>
<storetype>pkcs12</storetype>
<storepass>server-password</storepass>
<alias>server-key</alias>
<file>${project.build.directory}/server-cert.cer</file>
</configuration>
</execution>
<execution>
<id>client-truststore</id>
<phase>generate-resources</phase>
<goals>
<goal>importCertificate</goal>
</goals>
<configuration>
<file>${project.build.directory}/server-cert.cer</file>
<keystore>${project.build.directory}/client-truststore.pkcs12</keystore>
<storetype>pkcs12</storetype>
<storepass>client-password</storepass>
<alias>server-cert</alias>
<keypass>client-password</keypass>
<noprompt>true</noprompt>
</configuration>
</execution>
<execution>
<id>client-keystore</id>
<phase>generate-resources</phase>
<goals>
<goal>generateKeyPair</goal>
</goals>
<configuration>
<keystore>${project.build.directory}/client-keystore.pkcs12</keystore>
<storetype>pkcs12</storetype>
<storepass>client-password</storepass>
<alias>client-key</alias>
<keypass>client-password</keypass>
<dname>CN=client</dname>
<sigalg>SHA1withRSA</sigalg>
<validity>100</validity>
<keyalg>RSA</keyalg>
<keysize>2048</keysize>
</configuration>
</execution>
<execution>
<id>client-certificate</id>
<phase>generate-resources</phase>
<goals>
<goal>exportCertificate</goal>
</goals>
<configuration>
<keystore>${project.build.directory}/client-keystore.pkcs12</keystore>
<storetype>pkcs12</storetype>
<storepass>client-password</storepass>
<alias>client-key</alias>
<file>${project.build.directory}/client-cert.cer</file>
</configuration>
</execution>
<execution>
<id>server-truststore</id>
<phase>generate-resources</phase>
<goals>
<goal>importCertificate</goal>
</goals>
<configuration>
<file>${project.build.directory}/client-cert.cer</file>
<keystore>${project.build.directory}/server-truststore.pkcs12</keystore>
<storetype>pkcs12</storetype>
<storepass>server-password</storepass>
<alias>client-cert</alias>
<keypass>server-password</keypass>
<noprompt>true</noprompt>
</configuration>
</execution>
<execution>
<id>guest-client-keystore</id>
<phase>generate-resources</phase>
<goals>
<goal>generateKeyPair</goal>
</goals>
<configuration>
<keystore>${project.build.directory}/guest-client-keystore.pkcs12</keystore>
<storetype>pkcs12</storetype>
<storepass>client-password</storepass>
<alias>guest-client-key</alias>
<keypass>client-password</keypass>
<dname>CN=guest-client</dname>
<sigalg>SHA1withRSA</sigalg>
<validity>100</validity>
<keyalg>RSA</keyalg>
<keysize>2048</keysize>
</configuration>
</execution>
<execution>
<id>guest-client-certificate</id>
<phase>generate-resources</phase>
<goals>
<goal>exportCertificate</goal>
</goals>
<configuration>
<keystore>${project.build.directory}/guest-client-keystore.pkcs12</keystore>
<storetype>pkcs12</storetype>
<storepass>client-password</storepass>
<alias>guest-client-key</alias>
<file>${project.build.directory}/guest-client-cert.cer</file>
</configuration>
</execution>
<execution>
<id>server-truststore-guest-client</id>
<phase>generate-resources</phase>
<goals>
<goal>importCertificate</goal>
</goals>
<configuration>
<file>${project.build.directory}/guest-client-cert.cer</file>
<keystore>${project.build.directory}/server-truststore.pkcs12</keystore>
<storetype>pkcs12</storetype>
<storepass>server-password</storepass>
<alias>guest-client-cert</alias>
<keypass>server-password</keypass>
<noprompt>true</noprompt>
</configuration>
</execution>
<execution>
<id>unknown-client-keystore</id>
<phase>generate-resources</phase>
<goals>
<goal>generateKeyPair</goal>
</goals>
<configuration>
<keystore>${project.build.directory}/unknown-client-keystore.pkcs12</keystore>
<storetype>pkcs12</storetype>
<storepass>client-password</storepass>
<alias>client-key</alias>
<keypass>client-password</keypass>
<dname>CN=unknown-client</dname>
<sigalg>SHA1withRSA</sigalg>
<validity>100</validity>
<keyalg>RSA</keyalg>
<keysize>2048</keysize>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
</profiles>
</project>
Binary file removed security/https/src/main/resources/META-INF/resources/client-cert.cer
View file
Binary file not shown.
Binary file removed security/https/src/main/resources/META-INF/resources/client-keystore.pkcs12
View file
Binary file not shown.
Binary file removed security/https/src/main/resources/META-INF/resources/client-truststore.pkcs12
View file
Binary file not shown.
Binary file removed security/https/src/main/resources/META-INF/resources/guest-client-cert.cer
View file
Binary file not shown.
Binary file removed security/https/src/main/resources/META-INF/resources/guest-client-keystore.pkcs12
View file
Binary file not shown.
Binary file removed security/https/src/main/resources/META-INF/resources/server-cert.cer
View file
Binary file not shown.
Binary file removed security/https/src/main/resources/META-INF/resources/server-keystore.pkcs12
View file
Binary file not shown.
Binary file removed security/https/src/main/resources/META-INF/resources/server-truststore.pkcs12
View file
Binary file not shown.
Binary file removed security/https/src/main/resources/META-INF/resources/unknown-client-keystore.pkcs12
View file
Binary file not shown.
4 changes: 0 additions & 4 deletions security/https/src/main/resources/application.properties
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,3 @@
quarkus.http.ssl.certificate.key-store-file=META-INF/resources/server-keystore.pkcs12
quarkus.http.ssl.certificate.key-store-password=server-password
quarkus.http.ssl.certificate.trust-store-file=META-INF/resources/server-truststore.pkcs12
quarkus.http.ssl.certificate.trust-store-password=server-password
quarkus.http.ssl.client-auth=request
quarkus.ssl.native=true
quarkus.http.auth.policy.users-only.roles-allowed=user
Expand Down
113 changes: 0 additions & 113 deletions .../https/src/test/java/io/quarkus/ts/security/https/enabled/BaseEnabledHttpsSecurityIT.java
View file

This file was deleted.

Loading

0 comments on commit 3f55565

Please sign in to comment.