Rework client SSL configuration in hashicorp-vault tests

Fixes #6528
apache · Sep 30, 2024 · 2d79c72 · 2d79c72
1 parent 89bb107
commit 2d79c72
Show file tree

Hide file tree

Showing 3 changed files with 67 additions and 17 deletions.
diff --git a/...n/java/org/apache/camel/quarkus/component/hashicorp/vault/it/HashicorpVaultClientSSL.java b/...n/java/org/apache/camel/quarkus/component/hashicorp/vault/it/HashicorpVaultClientSSL.java
@@ -0,0 +1,66 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.quarkus.component.hashicorp.vault.it;
+
+import java.io.InputStream;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+import java.security.KeyStore;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManagerFactory;
+
+import io.quarkus.runtime.ShutdownEvent;
+import io.quarkus.runtime.StartupEvent;
+import jakarta.enterprise.context.ApplicationScoped;
+import jakarta.enterprise.event.Observes;
+
+@ApplicationScoped
+public class HashicorpVaultClientSSL {
+    SSLContext originalContext;
+
+    void init(@Observes StartupEvent event) {
+        try (InputStream stream = Files.newInputStream(Paths.get("target/certs/hashicorp-vault-ca.crt"))) {
+            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
+            X509Certificate vaultCertificate = (X509Certificate) certificateFactory.generateCertificate(stream);
+
+            KeyStore vaultKeyStore = KeyStore.getInstance(KeyStore.getDefaultType());
+            vaultKeyStore.load(null, null);
+            vaultKeyStore.setCertificateEntry("hashicorp-vault", vaultCertificate);
+
+            TrustManagerFactory vaultTrustManagerFactory = TrustManagerFactory
+                    .getInstance(TrustManagerFactory.getDefaultAlgorithm());
+            vaultTrustManagerFactory.init(vaultKeyStore);
+
+            SSLContext sslContext = SSLContext.getInstance("TLS");
+            sslContext.init(null, vaultTrustManagerFactory.getTrustManagers(), null);
+
+            originalContext = SSLContext.getDefault();
+            SSLContext.setDefault(sslContext);
+        } catch (Exception e) {
+            throw new RuntimeException(e);
+        }
+    }
+
+    void destroy(@Observes ShutdownEvent event) {
+        if (originalContext != null) {
+            SSLContext.setDefault(originalContext);
+        }
+    }
+}
diff --git a/...in/java/org/apache/camel/quarkus/component/hashicorp/vault/it/HashicorpVaultResource.java b/...in/java/org/apache/camel/quarkus/component/hashicorp/vault/it/HashicorpVaultResource.java
@@ -21,10 +21,7 @@
 import java.util.List;
 import java.util.Map;
 
-import io.quarkus.runtime.ShutdownEvent;
-import io.quarkus.runtime.StartupEvent;
 import jakarta.enterprise.context.ApplicationScoped;
-import jakarta.enterprise.event.Observes;
 import jakarta.inject.Inject;
 import jakarta.ws.rs.DELETE;
 import jakarta.ws.rs.GET;
@@ -46,19 +43,6 @@ public class HashicorpVaultResource {
     @Inject
     ProducerTemplate producerTemplate;
 
-    void init(@Observes StartupEvent event) {
-        // spring-vault defaults to using HttpURLConnection as its 'client' so we have to configure SSL with system properties
-        System.setProperty("javax.net.ssl.trustStoreType", "PKCS12");
-        System.setProperty("javax.net.ssl.trustStore", "target/certs/hashicorp-vault-truststore.p12");
-        System.setProperty("javax.net.ssl.trustStorePassword", "v431t");
-    }
-
-    void destroy(@Observes ShutdownEvent event) {
-        System.clearProperty("javax.net.ssl.trustStoreType");
-        System.clearProperty("javax.net.ssl.trustStore");
-        System.clearProperty("javax.net.ssl.trustStorePassword");
-    }
-
     @Path("/secret")
     @POST
     public Response createSecret(

diff --git a/...c/test/java/org/apache/camel/quarkus/component/hashicorp/vault/it/HashicorpVaultTest.java b/...c/test/java/org/apache/camel/quarkus/component/hashicorp/vault/it/HashicorpVaultTest.java
@@ -31,7 +31,7 @@
 import static org.hamcrest.Matchers.is;
 
 @TestCertificates(certificates = {
-        @Certificate(name = "hashicorp-vault", formats = { Format.PEM, Format.PKCS12 }, password = "v431t")
+        @Certificate(name = "hashicorp-vault", formats = { Format.PEM }, password = "v431t")
 }, docker = true)
 @QuarkusTest
 @QuarkusTestResource(HashicorpVaultTestResource.class)