Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Investigate support for Quarkus TLS Registry #6393

Open
jamesnetherton opened this issue Aug 28, 2024 · 3 comments
Open

Investigate support for Quarkus TLS Registry #6393

jamesnetherton opened this issue Aug 28, 2024 · 3 comments

Comments

@jamesnetherton
Copy link
Contributor

Not sure if it's feasible since Camel already has SSLContextParameters etc. But might be worth investigating if it can be used to improve the general UX for TLS setup.

https://quarkus.io/guides/tls-registry-reference
@zhfeng
Copy link
Contributor

zhfeng commented Sep 3, 2024

I take a look at our extensions which depends on quarkus-vertx-http which has been added support for quarkus-tls-registry. There are some codes to check sslEnabled

camel-quarkus/extensions/vertx-websocket/runtime/src/main/java/org/apache/camel/quarkus/component/vertx/websocket/VertxWebsocketRecorder.java

Lines 58 to 70 in f2e6f05

ServerSslConfig ssl = httpConfig.ssl;
if (ssl != null) {
CertificateConfig certificate = ssl.certificate;
if (certificate != null) {
if (certificate.files.isPresent() && certificate.keyFiles.isPresent()) {
sslEnabled = true;
}
if (certificate.keyStoreFile.isPresent() && certificate.keyStorePassword.isPresent()) {
sslEnabled = true;
}
}
}

If it uses such quarkus.tls.* to config TLS, there is a potential issue? @jamesnetherton

@jamesnetherton
Copy link
Contributor Author

jamesnetherton commented Sep 3, 2024
edited
Loading

If it uses such quarkus.tls.* to config TLS, there is a potential issue? @jamesnetherton

Yes possibly if quarkus.http.insecure-requests=disabled since there'd be no plain HTTP for the component to fall back on.

@jamesnetherton
Copy link
Contributor Author

Yes possibly if quarkus.http.insecure-requests=disabled since there'd be no plain HTTP for the component to fall back on.

Actually after a quick test, it can work with the sever secured by quarkus.tls.*. What fails is the ability to do this check correctly:

camel-quarkus/extensions/vertx-websocket/runtime/src/main/java/org/apache/camel/quarkus/component/vertx/websocket/VertxWebsocketRecorder.java

Lines 89 to 94 in f2e6f05

if (!hostKey.getHost().equals(HOST) || hostKey.getPort() != PORT) {
String message = String.format(
"Invalid host/port %s:%d. The host/port can only be configured as %s:%d",
hostKey.getHost(), hostKey.getPort(), HOST, PORT);
throw new IllegalArgumentException(message);
}

Not a huge issue because we discourage explicit host / port configuration on the consumer. But I can see if I can improve things in this area.

@jamesnetherton jamesnetherton mentioned this issue Sep 4, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@zhfeng @jamesnetherton