Fix PEM certificate generation & OCP mounting

quarkus-test-core/src/main/java/io/quarkus/test/security/certificate/Certificate.java

@@ -36,6 +36,8 @@
 
 public interface Certificate {
 
+    String prefix();
+
     String format();
 
     String password();
@@ -50,16 +52,27 @@ public interface Certificate {
 
     Collection<ClientCertificate> clientCertificates();
 
+    interface PemCertificate extends Certificate {
+
+        String keyPath();
+
+        String certPath();
+
+    }
+
     static Certificate of(String prefix, io.quarkus.test.services.Certificate.Format format, String password) {
         return of(prefix, format, password, false, false, false, new io.quarkus.test.services.Certificate.ClientCertificate[0]);
     }
 
     static Certificate of(String prefix, io.quarkus.test.services.Certificate.Format format, String password,
             boolean keystoreProps, boolean truststoreProps, boolean keystoreManagementInterfaceProps,
             io.quarkus.test.services.Certificate.ClientCertificate[] clientCertificates) {
+        Map<String, String> props = new HashMap<>();
         CertificateGenerator generator = new CertificateGenerator(createCertsTempDir(prefix), false);
         String serverTrustStoreLocation = null;
         String serverKeyStoreLocation = null;
+        String keyLocation = null;
+        String certLocation = null;
         List<ClientCertificate> generatedClientCerts = new ArrayList<>();
         String[] cnAttrs = collectCommonNames(clientCertificates);
         var unknownClientCn = getUnknownClientCnAttr(clientCertificates, cnAttrs);
@@ -81,7 +94,21 @@ static Certificate of(String prefix, io.quarkus.test.services.Certificate.Format
                     serverTrustStoreLocation = getPathOrNull(pkcs12CertFile.trustStoreFile());
                 }
             } else if (certFile instanceof PemCertificateFiles pemCertsFile) {
-                serverTrustStoreLocation = getPathOrNull(pemCertsFile.serverTrustFile());
+                keyLocation = getPathOrNull(pemCertsFile.keyFile());
+                certLocation = getPathOrNull(pemCertsFile.certFile());
+                if (isOpenshiftPlatform() || isKubernetesPlatform()) {
+                    if (certLocation != null) {
+                        certLocation = makeFileMountPathUnique(prefix, certLocation);
+                        // mount certificate to the pod
+                        props.put(getRandomPropKey("crt"), toSecretProperty(certLocation));
+                    }
+
+                    if (keyLocation != null) {
+                        keyLocation = makeFileMountPathUnique(prefix, keyLocation);
+                        // mount private key to the pod
+                        props.put(getRandomPropKey("key"), toSecretProperty(keyLocation));
+                    }
+                }
             } else if (certFile instanceof JksCertificateFiles jksCertFile) {
                 serverKeyStoreLocation = getPathOrNull(jksCertFile.keyStoreFile());
                 if (withClientCerts) {
@@ -122,7 +149,6 @@ static Certificate of(String prefix, io.quarkus.test.services.Certificate.Format
         }
 
         // 3. PREPARE QUARKUS APPLICATION CONFIGURATION PROPERTIES
-        Map<String, String> props = new HashMap<>();
         if (serverTrustStoreLocation != null) {
             if (isOpenshiftPlatform() || isKubernetesPlatform()) {
                 // mount truststore to the pod
@@ -153,7 +179,7 @@ static Certificate of(String prefix, io.quarkus.test.services.Certificate.Format
         }
 
         return new CertificateImpl(serverKeyStoreLocation, serverTrustStoreLocation, Map.copyOf(props),
-                List.copyOf(generatedClientCerts), password, format.toString());
+                List.copyOf(generatedClientCerts), password, format.toString(), keyLocation, certLocation, prefix);
     }
 
     private static String getUnknownClientCnAttr(io.quarkus.test.services.Certificate.ClientCertificate[] clientCertificates,

quarkus-test-core/src/main/java/io/quarkus/test/security/certificate/CertificateBuilder.java

@@ -11,6 +11,8 @@ public interface CertificateBuilder {
 
     List<Certificate> certificates();
 
+    Certificate findCertificateByPrefix(String prefix);
+
     static CertificateBuilder of(io.quarkus.test.services.Certificate[] certificates) {
         if (certificates == null || certificates.length == 0) {
             return null;

quarkus-test-core/src/main/java/io/quarkus/test/security/certificate/CertificateBuilderImp.java

@@ -1,6 +1,12 @@
 package io.quarkus.test.security.certificate;
 
 import java.util.List;
+import java.util.Objects;
 
 record CertificateBuilderImp(List<Certificate> certificates) implements CertificateBuilder {
+    @Override
+    public Certificate findCertificateByPrefix(String prefix) {
+        Objects.requireNonNull(prefix);
+        return certificates.stream().filter(c -> prefix.equals(c.prefix())).findFirst().orElse(null);
+    }
 }

quarkus-test-core/src/main/java/io/quarkus/test/security/certificate/CertificateImpl.java

@@ -5,7 +5,8 @@
 import java.util.Objects;
 
 record CertificateImpl(String keystorePath, String truststorePath, Map<String, String> configProperties,
-        Collection<ClientCertificate> clientCertificates, String password, String format) implements Certificate {
+        Collection<ClientCertificate> clientCertificates, String password, String format, String keyPath, String certPath,
+        String prefix) implements Certificate.PemCertificate {
 
     @Override
     public ClientCertificate getClientCertificateByCn(String cn) {