quarkusio · sberyozkin · Nov 20, 2023 · Nov 20, 2023
diff --git a/.../java/io/quarkus/keycloak/admin/client/reactive/KeycloakAdminClientReactiveProcessor.java b/.../java/io/quarkus/keycloak/admin/client/reactive/KeycloakAdminClientReactiveProcessor.java
@@ -25,6 +25,7 @@
 import io.quarkus.keycloak.admin.client.common.KeycloakAdminClientInjectionEnabled;
 import io.quarkus.keycloak.admin.client.reactive.runtime.ResteasyReactiveClientProvider;
 import io.quarkus.keycloak.admin.client.reactive.runtime.ResteasyReactiveKeycloakAdminClientRecorder;
+import io.quarkus.runtime.TlsConfig;
 
 public class KeycloakAdminClientReactiveProcessor {
 
@@ -53,8 +54,8 @@ public void nativeImage(BuildProducer<ServiceProviderBuildItem> serviceProviderP
     @Record(ExecutionTime.STATIC_INIT)
     @Produce(ServiceStartBuildItem.class)
     @BuildStep
-    public void integrate(ResteasyReactiveKeycloakAdminClientRecorder recorder) {
-        recorder.setClientProvider();
+    public void integrate(ResteasyReactiveKeycloakAdminClientRecorder recorder, TlsConfig tlsConfig) {
+        recorder.setClientProvider(tlsConfig.trustAll);
     }
 
     @Record(ExecutionTime.RUNTIME_INIT)

diff --git a/...ava/io/quarkus/keycloak/admin/client/reactive/runtime/ResteasyReactiveClientProvider.java b/...ava/io/quarkus/keycloak/admin/client/reactive/runtime/ResteasyReactiveClientProvider.java
@@ -30,9 +30,15 @@ public class ResteasyReactiveClientProvider implements ResteasyClientProvider {
     private static final List<String> HANDLED_MEDIA_TYPES = List.of(MediaType.APPLICATION_JSON);
     private static final int PROVIDER_PRIORITY = Priorities.USER + 100; // ensures that it will be used first
 
+    private final boolean tlsTrustAll;
+
+    public ResteasyReactiveClientProvider(boolean tlsTrustAll) {
+        this.tlsTrustAll = tlsTrustAll;
+    }
+
     @Override
     public Client newRestEasyClient(Object messageHandler, SSLContext sslContext, boolean disableTrustManager) {
-        ClientBuilderImpl clientBuilder = new ClientBuilderImpl().trustAll(disableTrustManager);
+        ClientBuilderImpl clientBuilder = new ClientBuilderImpl().trustAll(tlsTrustAll || disableTrustManager);
         return registerJacksonProviders(clientBuilder).build();
     }
 

diff --git a/...s/keycloak/admin/client/reactive/runtime/ResteasyReactiveKeycloakAdminClientRecorder.java b/...s/keycloak/admin/client/reactive/runtime/ResteasyReactiveKeycloakAdminClientRecorder.java
@@ -21,8 +21,8 @@ public ResteasyReactiveKeycloakAdminClientRecorder(
         this.keycloakAdminClientConfigRuntimeValue = keycloakAdminClientConfigRuntimeValue;
     }
 
-    public void setClientProvider() {
-        Keycloak.setClientProvider(new ResteasyReactiveClientProvider());
+    public void setClientProvider(boolean tlsTrustAll) {
+        Keycloak.setClientProvider(new ResteasyReactiveClientProvider(tlsTrustAll));
     }
 
     public Supplier<Keycloak> createAdminClient() {

diff --git a/...rc/main/java/io/quarkus/keycloak/adminclient/deployment/KeycloakAdminClientProcessor.java b/...rc/main/java/io/quarkus/keycloak/adminclient/deployment/KeycloakAdminClientProcessor.java
@@ -25,6 +25,7 @@
 import io.quarkus.keycloak.admin.client.common.AutoCloseableDestroyer;
 import io.quarkus.keycloak.admin.client.common.KeycloakAdminClientInjectionEnabled;
 import io.quarkus.keycloak.adminclient.ResteasyKeycloakAdminClientRecorder;
+import io.quarkus.runtime.TlsConfig;
 
 public class KeycloakAdminClientProcessor {
 
@@ -48,8 +49,8 @@ ReflectiveClassBuildItem reflect() {
     @Record(ExecutionTime.STATIC_INIT)
     @Produce(ServiceStartBuildItem.class)
     @BuildStep
-    public void integrate(ResteasyKeycloakAdminClientRecorder recorder) {
-        recorder.setClientProvider();
+    public void integrate(ResteasyKeycloakAdminClientRecorder recorder, TlsConfig tlsConfig) {
+        recorder.setClientProvider(tlsConfig.trustAll);
     }
 
     @Record(ExecutionTime.RUNTIME_INIT)

diff --git a/...me/src/main/java/io/quarkus/keycloak/adminclient/ResteasyKeycloakAdminClientRecorder.java b/...me/src/main/java/io/quarkus/keycloak/adminclient/ResteasyKeycloakAdminClientRecorder.java
@@ -58,13 +58,13 @@ public Keycloak get() {
         };
     }
 
-    public void setClientProvider() {
+    public void setClientProvider(boolean tlsTrustAll) {
         Keycloak.setClientProvider(new ResteasyClientClassicProvider() {
             @Override
             public Client newRestEasyClient(Object customJacksonProvider, SSLContext sslContext, boolean disableTrustManager) {
                 // point here is to use default Quarkus providers rather than org.keycloak.admin.client.JacksonProvider
                 // as it doesn't work properly in native mode
-                return ClientBuilderWrapper.create(sslContext, disableTrustManager).build();
+                return ClientBuilderWrapper.create(sslContext, tlsTrustAll || disableTrustManager).build();
             }
         });
     }