Provide auto-configuration for authenticating with Couchbase using a client certificate

[davidjlynn]

Hello,

I am currently using Spring Boot 3.3.1, and particularly using the starter org.springframework.boot:spring-boot-starter-data-couchbase.

This starter support auto configuration and secure communication using SSL Bundles. However, couchbase also supports authentication via certificate: Couchbase: Authenticating the Java Client by Certificate

Unfortunately the starter does not support this, and only supports username/password authentication (a sensible default): CouchbaseAutoConfiguration

The request here would be to allow setup of using certificate based authentication through spring autoconfiguration.

As a workaround, currently the cluster creation code must be rewritten in the client configuration to support this certificate based authentication:

  @Bean
  public Authenticator authenticator() {
    return CertificateAuthenticator.fromKeyStore(
        Path.of(CERTIFICATE_PATH),
        CERTIFICATE_PASSWORD, 
        Optional.of(ALGORITHM));
  }

  @Bean(destroyMethod = "disconnect")
  @ConditionalOnBean(Authenticator.class)
  public Cluster couchbaseCluster(
      ClusterEnvironment couchbaseClusterEnvironment,
      CouchbaseConnectionDetails connectionDetails,
      Authenticator authenticator) {
    ClusterOptions options = ClusterOptions
        .clusterOptions(authenticator)
        .environment(couchbaseClusterEnvironment);
    return Cluster.connect(connectionDetails.getConnectionString(), options);
  }

Thanks

[wilkinsona]

Thanks for the suggestion. CertificateAuthenticator has methods for creating an instance from a KeyStore or KeyManagerFactory. On the face of it, it looks to be a good fit for integrating with SSL bundles for client auth.