Merge pull request #25234 from sberyozkin/oidc_keystore_provider_prop

Add OIDC TLS key store provider property

extensions/oidc-common/runtime/src/main/java/io/quarkus/oidc/common/runtime/OidcCommonConfig.java

@@ -439,6 +439,14 @@ public enum Verification {
         @ConfigItem
         public Optional<String> keyStoreFileType = Optional.empty();
 
+        /**
+         * An optional parameter to specify a provider of the key store file. If not given, the provider is automatically
+         * detected
+         * based on the key store file type.
+         */
+        @ConfigItem
+        public Optional<String> keyStoreProvider;
+
         /**
          * A parameter to specify the password of the key store file. If not given, the default ("password") is used.
          */
@@ -484,6 +492,14 @@ public enum Verification {
         @ConfigItem
         public Optional<String> trustStoreFileType = Optional.empty();
 
+        /**
+         * An optional parameter to specify a provider of the trust store file. If not given, the provider is automatically
+         * detected
+         * based on the trust store file type.
+         */
+        @ConfigItem
+        public Optional<String> trustStoreProvider;
+
         public Optional<Verification> getVerification() {
             return verification;
         }
@@ -516,6 +532,22 @@ public void setTrustStoreCertAlias(String trustStoreCertAlias) {
             this.trustStoreCertAlias = Optional.of(trustStoreCertAlias);
         }
 
+        public Optional<String> getKeyStoreProvider() {
+            return keyStoreProvider;
+        }
+
+        public void setKeyStoreProvider(String keyStoreProvider) {
+            this.keyStoreProvider = Optional.of(keyStoreProvider);
+        }
+
+        public Optional<String> getTrustStoreProvider() {
+            return trustStoreProvider;
+        }
+
+        public void setTrustStoreProvider(String trustStoreProvider) {
+            this.trustStoreProvider = Optional.of(trustStoreProvider);
+        }
+
     }
 
     @ConfigGroup

extensions/oidc-common/runtime/src/main/java/io/quarkus/oidc/common/runtime/OidcCommonUtils.java

@@ -131,7 +131,8 @@ public static void setHttpClientOptions(OidcCommonConfig oidcConfig, TlsConfig t
                         .setPassword(oidcConfig.tls.getTrustStorePassword().orElse("password"))
                         .setAlias(oidcConfig.tls.getTrustStoreCertAlias().orElse(null))
                         .setValue(io.vertx.core.buffer.Buffer.buffer(trustStoreData))
-                        .setType(getStoreType(oidcConfig.tls.trustStoreFileType, oidcConfig.tls.trustStoreFile.get()));
+                        .setType(getStoreType(oidcConfig.tls.trustStoreFileType, oidcConfig.tls.trustStoreFile.get()))
+                        .setProvider(oidcConfig.tls.trustStoreProvider.orElse(null));
                 options.setTrustOptions(trustStoreOptions);
                 if (Verification.CERTIFICATE_VALIDATION == oidcConfig.tls.verification.orElse(Verification.REQUIRED)) {
                     options.setVerifyHost(false);
@@ -150,7 +151,8 @@ public static void setHttpClientOptions(OidcCommonConfig oidcConfig, TlsConfig t
                         .setAlias(oidcConfig.tls.keyStoreKeyAlias.orElse(null))
                         .setAliasPassword(oidcConfig.tls.keyStoreKeyPassword.orElse(null))
                         .setValue(io.vertx.core.buffer.Buffer.buffer(keyStoreData))
-                        .setType(getStoreType(oidcConfig.tls.keyStoreFileType, oidcConfig.tls.keyStoreFile.get()));
+                        .setType(getStoreType(oidcConfig.tls.keyStoreFileType, oidcConfig.tls.keyStoreFile.get()))
+                        .setProvider(oidcConfig.tls.keyStoreProvider.orElse(null));
                 options.setKeyCertOptions(keyStoreOptions);
 
             } catch (IOException ex) {