quarkus-bot[bot]
commented
6 months ago /cc @cescoffier (rest-client), @geoand (rest-client), @radcortez (config)
Open leaqui opened 6 months ago
quarkus-bot[bot]
commented
6 months ago /cc @cescoffier (rest-client), @geoand (rest-client), @radcortez (config)
cescoffier
commented
6 months ago The configuration is likely going to change (the current one will still be working) following the TLS config centralization work.
leaqui
commented
6 months ago Hi @cescoffier
But where is the current doc?
mschorsch
commented
6 months ago leaqui
commented
6 months ago but this is for client-side?
mschorsch
commented
6 months ago You are right, my fault.
mschorsch
commented
6 months ago The only documentation I have found is in the MicroProfile Rest Client documentation.
Should probably be configured as follows (https://github.com/quarkusio/quarkus/issues/22293#issuecomment-1087640423 and https://quarkus.io/blog/quarkus-mutual-tls/#configure-microprofile-rest-client-for-mutual-tls):
# truststore config
org.acme.client.mtls.GreetingService/mp-rest/trustStore=classpath:/META-INF/resources/client.truststore.p12
org.acme.client.mtls.GreetingService/mp-rest/trustStoreType=PKCS12 # or JKS
org.acme.client.mtls.GreetingService/mp-rest/trustStorePassword=password
# keystore config
org.acme.client.mtls.GreetingService/mp-rest/keyStore=classpath:/META-INF/resources/client.keystore.p12
org.acme.client.mtls.GreetingService/mp-rest/keyStoreType=PKCS12 # or JKS
org.acme.client.mtls.GreetingService/mp-rest/keyStorePassword=passwordAs an alternative you could use the vert.x web client: https://quarkus.io/guides/vertx#using-vert-x-clients
WebClientOptions options = new WebClientOptions()
.setSsl(true)
.setPemKeyCertOptions(new PemKeyCertOptions()
.addCertPath("path/to/cert.pem")
.setKeyPath("path/to/key.pem"))
.setTrustOptions(new PemTrustOptions()
.addCertPath("path/to/cert.pem"));
WebClient client = WebClient.create(vertx, options);Also, properties are listed at: https://es.quarkus.io/guides/all-config#quarkus-rest-client-config_quarkus-rest-client-config-rest-clients-config
But I think lost MTLS configuration doc (or a link to) at REST client guide is useful.
geoand
commented
6 months ago Do you remember anything from the docs contents so we can look through the git history?
leaqui
commented
6 months ago I'm sure it was at https://quarkus.io/guides/rest-client but I can't find it at history.
I think the section title was something like Mutual - TLS
The section had a configuration block with properties like: quarkus.rest-client.config-key.trust-store quarkus.rest-client.config-key.trust-store-password
quarkus.rest-client.config-key.key-store quarkus.rest-client.config-key.key-store-password
Similar to https://es.quarkus.io/guides/security-openid-connect-client-reference#mutual-tls
geoand
commented
6 months ago I had no luck in locating it unfortunately
leaqui
commented
6 months ago No matter, I think adding something like https://es.quarkus.io/guides/security-openid-connect-client-reference#mutual-tls would be fine.
cescoffier
commented
5 months ago Let's wait until the new mechanism is in place before adding anything, or I will have to change it in a few weeks.
Describe the bug
The documentation for setting up MTLS on REST clients disappeared from rest client guide at https://es.quarkus.io/version/main/guides/rest-client.
Expected behavior
No response
Actual behavior
No response
How to Reproduce?
No response
Output of
uname -aorverNo response
Output of
java -versionNo response
Quarkus version or git rev
No response
Build tool (ie. output of
mvnw --versionorgradlew --version)No response
Additional information
https://stackoverflow.com/questions/78460678/quarkus-rest-client-mtls-configuration-guide