Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Provide auto-configuration for authenticating with Couchbase using a client certificate #41520

Closed
davidjlynn opened this issue Jul 16, 2024 · 1 comment
Closed

Provide auto-configuration for authenticating with Couchbase using a client certificate #41520

davidjlynn opened this issue Jul 16, 2024 · 1 comment
Assignees
@scottfrederick
Labels
theme: ssl Issues related to ssl support type: enhancement A general enhancement
Milestone
3.4.0-M2

Comments

@davidjlynn
Copy link

Hello,

I am currently using Spring Boot 3.3.1, and particularly using the starter org.springframework.boot:spring-boot-starter-data-couchbase.

This starter support auto configuration and secure communication using SSL Bundles.
However, couchbase also supports authentication via certificate: Couchbase: Authenticating the Java Client by Certificate

Unfortunately the starter does not support this, and only supports username/password authentication (a sensible default): CouchbaseAutoConfiguration

The request here would be to allow setup of using certificate based authentication through spring autoconfiguration.

As a workaround, currently the cluster creation code must be rewritten in the client configuration to support this certificate based authentication:

  @Bean
  public Authenticator authenticator() {
    return CertificateAuthenticator.fromKeyStore(
        Path.of(CERTIFICATE_PATH),
        CERTIFICATE_PASSWORD, 
        Optional.of(ALGORITHM));
  }

  @Bean(destroyMethod = "disconnect")
  @ConditionalOnBean(Authenticator.class)
  public Cluster couchbaseCluster(
      ClusterEnvironment couchbaseClusterEnvironment,
      CouchbaseConnectionDetails connectionDetails,
      Authenticator authenticator) {
    ClusterOptions options = ClusterOptions
        .clusterOptions(authenticator)
        .environment(couchbaseClusterEnvironment);
    return Cluster.connect(connectionDetails.getConnectionString(), options);
  }

Thanks
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Jul 16, 2024
@wilkinsona wilkinsona changed the title Allow auto-configure of couchbase to Authenticate via client certificate, instead of username and password Provide auto-configuration for authenticating with Couchbase using a client certificate Jul 16, 2024
@wilkinsona
Copy link
Member

Thanks for the suggestion. CertificateAuthenticator has methods for creating an instance from a KeyStore or KeyManagerFactory. On the face of it, it looks to be a good fit for integrating with SSL bundles for client auth.

@wilkinsona wilkinsona added type: enhancement A general enhancement and removed status: waiting-for-triage An issue we've not yet triaged labels Jul 16, 2024
@wilkinsona wilkinsona added this to the 3.x milestone Jul 16, 2024
@wilkinsona wilkinsona added the theme: ssl Issues related to ssl support label Jul 16, 2024
@scottfrederick scottfrederick added the for: team-attention An issue we'd like other members of the team to review label Aug 2, 2024
@scottfrederick scottfrederick self-assigned this Aug 2, 2024
@philwebb philwebb added for: team-meeting An issue we'd like to discuss as a team to make progress and removed for: team-attention An issue we'd like other members of the team to review labels Aug 12, 2024
@wilkinsona wilkinsona removed the for: team-meeting An issue we'd like to discuss as a team to make progress label Aug 14, 2024
@wilkinsona wilkinsona modified the milestones: 3.x, 3.4.x Aug 14, 2024
@scottfrederick scottfrederick modified the milestones: 3.4.x, 3.4.0-M2 Aug 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@scottfrederick scottfrederick

Labels
theme: ssl Issues related to ssl support type: enhancement A general enhancement
Projects
None yet
Milestone
3.4.0-M2
Development

No branches or pull requests
5 participants
@scottfrederick @philwebb @wilkinsona @davidjlynn @spring-projects-issues