Merge pull request quarkusio#48118 from emattheis/tls-config-in-connector

Add support for setting the TLS configuration name from client connectors in WebSockets Next

Author: mkouba

docs/src/main/asciidoc/websockets-next-reference.adoc

@@ -1465,16 +1465,41 @@ class MyBean {
 
 === Configuring SSL/TLS
 
-To establish a TLS connection, you need to configure a _named_ configuration using the xref:./tls-registry-reference.adoc[TLS registry]:
+To establish a TLS connection, you need to configure a _named_ configuration using the xref:./tls-registry-reference.adoc[TLS registry]. This is typically done via configuration:
 
 [source, properties]
 ----
 quarkus.tls.my-ws-client.trust-store.p12.path=server-truststore.p12
 quarkus.tls.my-ws-client.trust-store.p12.password=secret
+----
+
+With a _named_ TLS configuration established, you can then configure the client to use it:
+
+[source, properties]
+----
+quarkus.websockets-next.client.tls-configuration-name=my-ws-client
+----
+
+Alternatively, you can supply the configuration name using the <<client-connectors,connector>>:
+
+[source, java]
+----
+@Singleton
+public class MyBean {
+
+    @Inject
+    WebSocketConnector<MyEndpoint> connector;
 
-quarkus.websockets-next.client.tls-configuration-name=my-ws-client # Reference the named configuration
+    public void connect() {
+        connector
+            .tlsConfigurationName("my-ws-client")
+            .connectAndAwait();
+    }
+}
 ----
 
+A name supplied to the connector will override any statically configured name. This can be useful for establishing a default configuration which can be overridden at runtime as necessary.
+
 WARNING: When using the WebSocket client, using a _named_ configuration is required to avoid conflicts with other TLS configurations.
 The client will not use the default TLS configuration.
 

extensions/websockets-next/deployment/src/test/java/io/quarkus/websockets/next/test/client/TlsBasicConnectorMissingTlsConfigurationTest.java

@@ -0,0 +1,60 @@
+package io.quarkus.websockets.next.test.client;
+
+import static org.junit.jupiter.api.Assertions.assertThrows;
+
+import java.io.File;
+import java.net.URI;
+
+import jakarta.inject.Inject;
+
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.RegisterExtension;
+
+import io.quarkus.test.QuarkusUnitTest;
+import io.quarkus.test.common.http.TestHTTPResource;
+import io.quarkus.websockets.next.BasicWebSocketConnector;
+import io.quarkus.websockets.next.OnOpen;
+import io.quarkus.websockets.next.WebSocket;
+import io.smallrye.certs.Format;
+import io.smallrye.certs.junit5.Certificate;
+import io.smallrye.certs.junit5.Certificates;
+
+@Certificates(baseDir = "target/certs", certificates = @Certificate(name = "ssl-test", password = "secret", formats = {
+        Format.JKS, Format.PKCS12, Format.PEM }))
+public class TlsBasicConnectorMissingTlsConfigurationTest {
+
+    @RegisterExtension
+    public static final QuarkusUnitTest test = new QuarkusUnitTest()
+            .withApplicationRoot(jar -> jar
+                    .addClasses(ServerEndpoint.class)
+                    .addAsResource(new File("target/certs/ssl-test-keystore.jks"), "keystore.jks")
+                    .addAsResource(new File("target/certs/ssl-test-truststore.jks"), "truststore.jks"))
+            .overrideConfigKey("quarkus.tls.key-store.jks.path", "keystore.jks")
+            .overrideConfigKey("quarkus.tls.key-store.jks.password", "secret")
+            .overrideConfigKey("quarkus.websockets-next.client.tls-configuration-name", "ws-client");
+
+    @Inject
+    BasicWebSocketConnector connector;
+
+    @TestHTTPResource(value = "/end", tls = true)
+    URI uri;
+
+    @Test
+    void testClient() {
+        assertThrows(IllegalStateException.class, () -> connector
+                .baseUri(uri)
+                .path("/{name}")
+                .pathParam("name", "Lu")
+                .connectAndAwait());
+    }
+
+    @WebSocket(path = "/end/{name}")
+    public static class ServerEndpoint {
+
+        @OnOpen
+        void open() {
+        }
+
+    }
+
+}

extensions/websockets-next/deployment/src/test/java/io/quarkus/websockets/next/test/client/TlsBasicConnectorRuntimeTlsConfigurationTest.java

@@ -0,0 +1,77 @@
+package io.quarkus.websockets.next.test.client;
+
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import java.io.File;
+import java.net.URI;
+
+import jakarta.inject.Inject;
+
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.RegisterExtension;
+
+import io.quarkus.test.QuarkusUnitTest;
+import io.quarkus.test.common.http.TestHTTPResource;
+import io.quarkus.tls.BaseTlsConfiguration;
+import io.quarkus.tls.TlsConfigurationRegistry;
+import io.quarkus.websockets.next.BasicWebSocketConnector;
+import io.quarkus.websockets.next.OnOpen;
+import io.quarkus.websockets.next.WebSocket;
+import io.quarkus.websockets.next.WebSocketClientConnection;
+import io.smallrye.certs.Format;
+import io.smallrye.certs.junit5.Certificate;
+import io.smallrye.certs.junit5.Certificates;
+import io.vertx.core.net.JksOptions;
+import io.vertx.core.net.TrustOptions;
+
+@Certificates(baseDir = "target/certs", certificates = @Certificate(name = "ssl-test", password = "secret", formats = {
+        Format.JKS, Format.PKCS12, Format.PEM }))
+public class TlsBasicConnectorRuntimeTlsConfigurationTest {
+
+    @RegisterExtension
+    public static final QuarkusUnitTest test = new QuarkusUnitTest()
+            .withApplicationRoot(jar -> jar
+                    .addClasses(ServerEndpoint.class)
+                    .addAsResource(new File("target/certs/ssl-test-keystore.jks"), "keystore.jks")
+                    .addAsResource(new File("target/certs/ssl-test-truststore.jks"), "truststore.jks"))
+            .overrideConfigKey("quarkus.tls.key-store.jks.path", "keystore.jks")
+            .overrideConfigKey("quarkus.tls.key-store.jks.password", "secret");
+
+    @Inject
+    BasicWebSocketConnector connector;
+
+    @Inject
+    TlsConfigurationRegistry tlsRegistry;
+
+    @TestHTTPResource(value = "/end", tls = true)
+    URI uri;
+
+    @Test
+    void testClient() {
+        tlsRegistry.register("ws-client", new BaseTlsConfiguration() {
+            @Override
+            public TrustOptions getTrustStoreOptions() {
+                return new JksOptions().setPath("truststore.jks").setPassword("secret");
+            }
+        });
+        WebSocketClientConnection connection = connector
+                .tlsConfigurationName("ws-client")
+                .baseUri(uri)
+                .path("/{name}")
+                .pathParam("name", "Lu")
+                .connectAndAwait();
+        assertTrue(connection.isOpen());
+        assertTrue(connection.isSecure());
+        connection.closeAndAwait();
+    }
+
+    @WebSocket(path = "/end/{name}")
+    public static class ServerEndpoint {
+
+        @OnOpen
+        void open() {
+        }
+
+    }
+
+}

extensions/websockets-next/deployment/src/test/java/io/quarkus/websockets/next/test/client/TlsBasicConnectorTest.java

@@ -0,0 +1,74 @@
+package io.quarkus.websockets.next.test.client;
+
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import java.io.File;
+import java.net.URI;
+import java.net.URISyntaxException;
+
+import jakarta.inject.Inject;
+
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.RegisterExtension;
+
+import io.quarkus.test.QuarkusUnitTest;
+import io.quarkus.test.common.http.TestHTTPResource;
+import io.quarkus.websockets.next.BasicWebSocketConnector;
+import io.quarkus.websockets.next.OnOpen;
+import io.quarkus.websockets.next.WebSocket;
+import io.quarkus.websockets.next.WebSocketClientConnection;
+import io.smallrye.certs.Format;
+import io.smallrye.certs.junit5.Certificate;
+import io.smallrye.certs.junit5.Certificates;
+
+@Certificates(baseDir = "target/certs", certificates = @Certificate(name = "ssl-test", password = "secret", formats = {
+        Format.JKS, Format.PKCS12, Format.PEM }))
+public class TlsBasicConnectorTest {
+
+    @RegisterExtension
+    public static final QuarkusUnitTest test = new QuarkusUnitTest()
+            .withApplicationRoot(jar -> jar
+                    .addClasses(ServerEndpoint.class)
+                    .addAsResource(new File("target/certs/ssl-test-keystore.jks"), "keystore.jks")
+                    .addAsResource(new File("target/certs/ssl-test-truststore.jks"), "truststore.jks"))
+            .overrideConfigKey("quarkus.tls.key-store.jks.path", "keystore.jks")
+            .overrideConfigKey("quarkus.tls.key-store.jks.password", "secret")
+            .overrideConfigKey("quarkus.tls.ws-client.trust-store.jks.path", "truststore.jks")
+            .overrideConfigKey("quarkus.tls.ws-client.trust-store.jks.password", "secret")
+            .overrideConfigKey("quarkus.websockets-next.client.tls-configuration-name", "ws-client");
+
+    @Inject
+    BasicWebSocketConnector connector;
+
+    @TestHTTPResource(value = "/end", tls = true)
+    URI uri;
+
+    @Test
+    void testClient() throws URISyntaxException {
+        assertClient(uri);
+        URI wssUri = new URI("wss", uri.getUserInfo(), uri.getHost(), uri.getPort(), uri.getPath(), uri.getQuery(),
+                uri.getFragment());
+        assertClient(wssUri);
+    }
+
+    void assertClient(URI uri) {
+        WebSocketClientConnection connection = connector
+                .baseUri(uri)
+                .path("/{name}")
+                .pathParam("name", "Lu")
+                .connectAndAwait();
+        assertTrue(connection.isOpen());
+        assertTrue(connection.isSecure());
+        connection.closeAndAwait();
+    }
+
+    @WebSocket(path = "/end/{name}")
+    public static class ServerEndpoint {
+
+        @OnOpen
+        void open() {
+        }
+
+    }
+
+}

extensions/websockets-next/deployment/src/test/java/io/quarkus/websockets/next/test/client/TlsClientEndpointMissingTlsConfigurationTest.java

@@ -0,0 +1,68 @@
+package io.quarkus.websockets.next.test.client;
+
+import static org.junit.jupiter.api.Assertions.assertThrows;
+
+import java.io.File;
+import java.net.URI;
+
+import jakarta.inject.Inject;
+
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.RegisterExtension;
+
+import io.quarkus.test.QuarkusUnitTest;
+import io.quarkus.test.common.http.TestHTTPResource;
+import io.quarkus.websockets.next.OnOpen;
+import io.quarkus.websockets.next.WebSocket;
+import io.quarkus.websockets.next.WebSocketClient;
+import io.quarkus.websockets.next.WebSocketConnector;
+import io.smallrye.certs.Format;
+import io.smallrye.certs.junit5.Certificate;
+import io.smallrye.certs.junit5.Certificates;
+
+@Certificates(baseDir = "target/certs", certificates = @Certificate(name = "ssl-test", password = "secret", formats = {
+        Format.JKS, Format.PKCS12, Format.PEM }))
+public class TlsClientEndpointMissingTlsConfigurationTest {
+
+    @RegisterExtension
+    static final QuarkusUnitTest config = new QuarkusUnitTest()
+            .withApplicationRoot((jar) -> jar
+                    .addClasses(ServerEndpoint.class, ClientEndpoint.class)
+                    .addAsResource(new File("target/certs/ssl-test-keystore.jks"), "keystore.jks")
+                    .addAsResource(new File("target/certs/ssl-test-truststore.jks"), "truststore.jks"))
+            .overrideConfigKey("quarkus.tls.key-store.jks.path", "keystore.jks")
+            .overrideConfigKey("quarkus.tls.key-store.jks.password", "secret")
+            .overrideConfigKey("quarkus.websockets-next.client.tls-configuration-name", "ws-client");
+
+    @Inject
+    WebSocketConnector<ClientEndpoint> connector;
+
+    @TestHTTPResource(value = "/", tls = true)
+    URI uri;
+
+    @Test
+    void testClient() {
+        assertThrows(IllegalStateException.class, () -> connector
+                .baseUri(uri)
+                .pathParam("name", "Lu=")
+                .connectAndAwait());
+    }
+
+    @WebSocket(path = "/endpoint/{name}")
+    public static class ServerEndpoint {
+
+        @OnOpen
+        void open() {
+        }
+
+    }
+
+    @WebSocketClient(path = "/endpoint/{name}")
+    public static class ClientEndpoint {
+
+        @OnOpen
+        void open() {
+        }
+
+    }
+}