Merge pull request #10620 from tsegismont/issue/10582

SSL support for reactive DB2 client
quarkusio · Jul 10, 2020 · e5f3777 · e5f3777
2 parents eee4116 + f560686
commit e5f3777
Show file tree

Hide file tree

Showing 4 changed files with 32 additions and 2 deletions.
diff --git a/docs/src/main/asciidoc/native-and-ssl.adoc b/docs/src/main/asciidoc/native-and-ssl.adoc
@@ -79,8 +79,9 @@ As SSL is de facto the standard nowadays, we decided to enable its support autom
  * the Neo4j extension (`quarkus-neo4j`),
  * the OAuth2 extension (`quarkus-elytron-security-oauth2`),
  * the REST client extension (`quarkus-rest-client`),
- * the Reactive client for PostgreSQL extension (`quarkus-reactive-pg-client`).
- * the Reactive client for MySQL extension (`quarkus-reactive-mysql-client`).
+ * the Reactive client for PostgreSQL extension (`quarkus-reactive-pg-client`),
+ * the Reactive client for MySQL extension (`quarkus-reactive-mysql-client`),
+ * the Reactive client for DB2 extension (`quarkus-reactive-db2-client`).
 
 As long as you have one of those extensions in your project, the SSL support will be enabled by default.
 

diff --git a/...t/src/main/java/io/quarkus/reactive/db2/client/deployment/ReactiveDB2ClientProcessor.java b/...t/src/main/java/io/quarkus/reactive/db2/client/deployment/ReactiveDB2ClientProcessor.java
@@ -12,6 +12,7 @@
 import io.quarkus.deployment.annotations.BuildStep;
 import io.quarkus.deployment.annotations.ExecutionTime;
 import io.quarkus.deployment.annotations.Record;
+import io.quarkus.deployment.builditem.ExtensionSslNativeSupportBuildItem;
 import io.quarkus.deployment.builditem.FeatureBuildItem;
 import io.quarkus.deployment.builditem.ServiceStartBuildItem;
 import io.quarkus.deployment.builditem.ShutdownContextBuildItem;
@@ -42,6 +43,7 @@ ServiceStartBuildItem build(BuildProducer<FeatureBuildItem> feature,
             DB2PoolRecorder recorder,
             VertxBuildItem vertx,
             BuildProducer<SyntheticBeanBuildItem> syntheticBeans, ShutdownContextBuildItem shutdown,
+            BuildProducer<ExtensionSslNativeSupportBuildItem> sslNativeSupport,
             DataSourcesBuildTimeConfig dataSourcesBuildTimeConfig, DataSourcesRuntimeConfig dataSourcesRuntimeConfig,
             DataSourceReactiveBuildTimeConfig dataSourceReactiveBuildTimeConfig,
             DataSourceReactiveRuntimeConfig dataSourceReactiveRuntimeConfig,
@@ -71,6 +73,9 @@ ServiceStartBuildItem build(BuildProducer<FeatureBuildItem> feature,
         boolean isDefault = true; // assume always the default pool for now
         vertxPool.produce(new VertxPoolBuildItem(db2PoolValue, DatabaseKind.DB2, isDefault));
 
+        // Enable SSL support by default
+        sslNativeSupport.produce(new ExtensionSslNativeSupportBuildItem(Feature.REACTIVE_DB2_CLIENT));
+
         return serviceStart;
     }
 

diff --git a/...-client/runtime/src/main/java/io/quarkus/reactive/db2/client/runtime/DB2PoolRecorder.java b/...-client/runtime/src/main/java/io/quarkus/reactive/db2/client/runtime/DB2PoolRecorder.java
@@ -2,6 +2,12 @@
 
 import static io.quarkus.credentials.CredentialsProvider.PASSWORD_PROPERTY_NAME;
 import static io.quarkus.credentials.CredentialsProvider.USER_PROPERTY_NAME;
+import static io.quarkus.vertx.core.runtime.SSLConfigHelper.configureJksKeyCertOptions;
+import static io.quarkus.vertx.core.runtime.SSLConfigHelper.configureJksTrustOptions;
+import static io.quarkus.vertx.core.runtime.SSLConfigHelper.configurePemKeyCertOptions;
+import static io.quarkus.vertx.core.runtime.SSLConfigHelper.configurePemTrustOptions;
+import static io.quarkus.vertx.core.runtime.SSLConfigHelper.configurePfxKeyCertOptions;
+import static io.quarkus.vertx.core.runtime.SSLConfigHelper.configurePfxTrustOptions;
 
 import java.util.Map;
 
@@ -114,6 +120,18 @@ private DB2ConnectOptions toConnectOptions(DataSourceRuntimeConfig dataSourceRun
             connectOptions.setCachePreparedStatements(dataSourceReactiveRuntimeConfig.cachePreparedStatements);
         }
 
+        connectOptions.setSsl(dataSourceReactiveDB2Config.ssl);
+
+        connectOptions.setTrustAll(dataSourceReactiveRuntimeConfig.trustAll);
+
+        configurePemTrustOptions(connectOptions, dataSourceReactiveRuntimeConfig.trustCertificatePem);
+        configureJksTrustOptions(connectOptions, dataSourceReactiveRuntimeConfig.trustCertificateJks);
+        configurePfxTrustOptions(connectOptions, dataSourceReactiveRuntimeConfig.trustCertificatePfx);
+
+        configurePemKeyCertOptions(connectOptions, dataSourceReactiveRuntimeConfig.keyCertificatePem);
+        configureJksKeyCertOptions(connectOptions, dataSourceReactiveRuntimeConfig.keyCertificateJks);
+        configurePfxKeyCertOptions(connectOptions, dataSourceReactiveRuntimeConfig.keyCertificatePfx);
+
         return connectOptions;
     }
 }
diff --git a/...ime/src/main/java/io/quarkus/reactive/db2/client/runtime/DataSourceReactiveDB2Config.java b/...ime/src/main/java/io/quarkus/reactive/db2/client/runtime/DataSourceReactiveDB2Config.java
@@ -18,4 +18,10 @@ public class DataSourceReactiveDB2Config {
     @Deprecated
     public Optional<Boolean> cachePreparedStatements;
 
+    /**
+     * Whether SSL/TLS is enabled.
+     */
+    @ConfigItem(defaultValue = "false")
+    public boolean ssl;
+
 }