If certificate reloading is enabled, mTLS stop functioning after the reload

[ynojima]

Describe the bug

If certificate reloading is enabled with quarkus.http.ssl.certificate.reload-period option, mTLS stop functioning after the reload even when the certificate file is not updated.

This is caused by mishandling of trustOptions here:

        if (configuration.certificate.trustStoreFile.isPresent()) {
            var opts = ((KeyStoreOptions) copy.getKeyCertOptions());
            opts.setValue(Buffer.buffer(getFileContent(configuration.certificate.trustStoreFile.get())));
            copy.setTrustOptions(opts);
        }

https://github.com/quarkusio/quarkus/blob/3.17.6/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/options/TlsCertificateReloader.java#L214-L218

the opts value should be taken from copy.getTrustOptions() but copy.getKeyCertOptions.
Because of this mishandling, trust store config is overwritten by key store config.

Expected behavior

Even after the reload, mTLS should continue to work.

Actual behavior

mTLS stop functioning

How to Reproduce?

Reproducer:

1. Setup quarkus to serve with mTLS
2. Enable certificate reloading with quarkus.http.ssl.certificate.reload-period=3m option
3. Wait the certificate reload, and access the quarkus server with HTTPS.
4. You will encounter TLS connection issue.

Quarkus version or git rev

3.17.6

[quarkus-bot]

/cc @pedroigor (bearer-token), @sberyozkin (bearer-token,jwt,security)

[geoand]

cc @cescoffier

[geoand]

@ynojima thanks for reporting.

As you seem to have analyzed the situation, would you like to contribute a fix?

[cescoffier]

Ah yes, thanks for reporting this. Fancy a pull request?

[ynojima]

Just created a pull request! Hope the test case meets the requirement! #45578