fix: disable HTTP/2 clear text when quarkus.http.http2 is false

Signed-off-by: Michael Edgar <[email protected]>

Author: MikeEdgar

extensions/vertx-http/deployment/src/test/java/io/quarkus/vertx/http/http2/Http2DisabledTest.java

@@ -0,0 +1,98 @@
+package io.quarkus.vertx.http.http2;
+
+import java.io.File;
+import java.net.URL;
+import java.util.concurrent.CompletableFuture;
+import java.util.concurrent.ExecutionException;
+
+import jakarta.enterprise.context.ApplicationScoped;
+import jakarta.enterprise.event.Observes;
+
+import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.RegisterExtension;
+
+import io.quarkus.test.QuarkusUnitTest;
+import io.quarkus.test.common.http.TestHTTPResource;
+import io.quarkus.vertx.core.runtime.VertxCoreRecorder;
+import io.smallrye.certs.Format;
+import io.smallrye.certs.junit5.Certificate;
+import io.smallrye.certs.junit5.Certificates;
+import io.vertx.core.buffer.Buffer;
+import io.vertx.core.http.HttpVersion;
+import io.vertx.core.net.JksOptions;
+import io.vertx.ext.web.Router;
+import io.vertx.ext.web.client.HttpResponse;
+import io.vertx.ext.web.client.WebClient;
+import io.vertx.ext.web.client.WebClientOptions;
+
+@Certificates(baseDir = "target/certs", certificates = @Certificate(name = "ssl-test", password = "secret", formats = {
+        Format.JKS, Format.PKCS12, Format.PEM }))
+class Http2DisabledTest {
+
+    protected static final String PING_DATA = "12345678";
+
+    @TestHTTPResource(value = "/ping", tls = true)
+    URL sslUrl;
+
+    @TestHTTPResource(value = "/ping")
+    URL plainUrl;
+
+    @RegisterExtension
+    static final QuarkusUnitTest config = new QuarkusUnitTest()
+            .withApplicationRoot(jar -> jar
+                    .addClasses(MyBean.class)
+                    .addAsResource(new File("target/certs/ssl-test-keystore.jks"), "server-keystore.jks"))
+            .overrideConfigKey("quarkus.http.ssl.certificate.key-store-file", "server-keystore.jks")
+            .overrideConfigKey("quarkus.http.ssl.certificate.key-store-password", "secret")
+            .overrideConfigKey("quarkus.http.http2", "false");
+
+    @Test
+    void testHttp2EnabledSsl() throws ExecutionException, InterruptedException {
+        WebClientOptions options = new WebClientOptions()
+                .setUseAlpn(true)
+                .setProtocolVersion(HttpVersion.HTTP_2)
+                .setSsl(true)
+                .setTrustOptions(new JksOptions().setPath("target/certs/ssl-test-truststore.jks").setPassword("secret"));
+        WebClient client = WebClient.create(VertxCoreRecorder.getVertx().get(), options);
+        int port = sslUrl.getPort();
+
+        runTest(client, port);
+    }
+
+    @Test
+    void testHttp2EnabledPlain() throws ExecutionException, InterruptedException {
+        WebClientOptions options = new WebClientOptions()
+                .setProtocolVersion(HttpVersion.HTTP_2)
+                .setHttp2ClearTextUpgrade(true);
+        WebClient client = WebClient.create(VertxCoreRecorder.getVertx().get(), options);
+        runTest(client, plainUrl.getPort());
+    }
+
+    private void runTest(WebClient client, int port) throws InterruptedException, ExecutionException {
+        CompletableFuture<HttpResponse<Buffer>> result = new CompletableFuture<>();
+
+        client
+                .get(port, "localhost", "/ping")
+                .send(ar -> {
+                    if (ar.succeeded()) {
+                        result.complete(ar.result());
+                    } else {
+                        result.completeExceptionally(ar.cause());
+                    }
+                });
+
+        HttpResponse<Buffer> response = result.get();
+        Assertions.assertNotEquals(HttpVersion.HTTP_2, response.version());
+        Assertions.assertEquals(PING_DATA, response.bodyAsString());
+    }
+
+    @ApplicationScoped
+    static class MyBean {
+        public void register(@Observes Router router) {
+            router.get("/ping").handler(rc -> {
+                rc.response().end(PING_DATA);
+            });
+        }
+    }
+}

extensions/vertx-http/deployment/src/test/java/io/quarkus/vertx/http/http2/Http2Test.java

@@ -30,26 +30,26 @@
 
 @Certificates(baseDir = "target/certs", certificates = @Certificate(name = "ssl-test", password = "secret", formats = {
         Format.JKS, Format.PKCS12, Format.PEM }))
-public class Http2Test {
+class Http2Test {
 
     protected static final String PING_DATA = "12345678";
 
-    @TestHTTPResource(value = "/ping", ssl = true)
+    @TestHTTPResource(value = "/ping", tls = true)
     URL sslUrl;
 
     @TestHTTPResource(value = "/ping")
     URL plainUrl;
 
     @RegisterExtension
     static final QuarkusUnitTest config = new QuarkusUnitTest()
-            .withApplicationRoot((jar) -> jar
+            .withApplicationRoot(jar -> jar
                     .addClasses(MyBean.class)
                     .addAsResource(new File("target/certs/ssl-test-keystore.jks"), "server-keystore.jks"))
             .overrideConfigKey("quarkus.http.ssl.certificate.key-store-file", "server-keystore.jks")
             .overrideConfigKey("quarkus.http.ssl.certificate.key-store-password", "secret");
 
     @Test
-    public void testHttp2EnabledSsl() throws ExecutionException, InterruptedException {
+    void testHttp2EnabledSsl() throws ExecutionException, InterruptedException {
         WebClientOptions options = new WebClientOptions()
                 .setUseAlpn(true)
                 .setProtocolVersion(HttpVersion.HTTP_2)
@@ -62,7 +62,7 @@ public void testHttp2EnabledSsl() throws ExecutionException, InterruptedExceptio
     }
 
     @Test
-    public void testHttp2EnabledPlain() throws ExecutionException, InterruptedException {
+    void testHttp2EnabledPlain() throws ExecutionException, InterruptedException {
         WebClientOptions options = new WebClientOptions()
                 .setProtocolVersion(HttpVersion.HTTP_2)
                 .setHttp2ClearTextUpgrade(true);
@@ -71,19 +71,22 @@ public void testHttp2EnabledPlain() throws ExecutionException, InterruptedExcept
     }
 
     private void runTest(WebClient client, int port) throws InterruptedException, ExecutionException {
-        CompletableFuture<String> result = new CompletableFuture<>();
+        CompletableFuture<HttpResponse<Buffer>> result = new CompletableFuture<>();
+
         client
                 .get(port, "localhost", "/ping")
                 .send(ar -> {
                     if (ar.succeeded()) {
                         // Obtain response
-                        HttpResponse<Buffer> response = ar.result();
-                        result.complete(response.bodyAsString());
+                        result.complete(ar.result());
                     } else {
                         result.completeExceptionally(ar.cause());
                     }
                 });
-        Assertions.assertEquals(PING_DATA, result.get());
+
+        HttpResponse<Buffer> response = result.get();
+        Assertions.assertEquals(HttpVersion.HTTP_2, response.version());
+        Assertions.assertEquals(PING_DATA, response.bodyAsString());
     }
 
     @ApplicationScoped

extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/options/HttpServerOptionsUtils.java

@@ -368,7 +368,8 @@ public static void applyCommonOptions(
                         (int) httpConfig.limits().rstFloodWindowDuration().get().toSeconds());
                 httpServerOptions.setHttp2RstFloodWindowDurationTimeUnit(TimeUnit.SECONDS);
             }
-
+        } else {
+            httpServerOptions.setHttp2ClearTextEnabled(false);
         }
 
         httpServerOptions.setUseProxyProtocol(httpConfig.proxy().useProxyProtocol());