feat: disable TLS in CB client by default (#2167)

Co-authored-by: Yuriy Movchan <Yuriy.Movchan@gmail.com>
JanssenProject · Aug 18, 2022 · 8ec5dd3 · 8ec5dd3
1 parent 30f6e1a
commit 8ec5dd3
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 1 deletion.
diff --git a/.gitignore b/.gitignore
@@ -148,3 +148,7 @@ PyCharm
 .DS_STORE
 tmp
 /.metadata/
+
+# DBeaver
+credentials-config.json
+data-sources.json
diff --git a/jans-auth-server/server/conf/jans-couchbase.properties b/jans-auth-server/server/conf/jans-couchbase.properties
@@ -25,3 +25,5 @@ ssl.trustStore.enable: ${config.couchbase.ssl_enabled}
 ssl.trustStore.file: ${config.couchbase.couchbaseTrustStoreFn}
 ssl.trustStore.pin: ${config.couchbase.encoded_couchbaseTrustStorePass}
 ssl.trustStore.type: pkcs12
+
+tls.enable: false
diff --git a/jans-linux-setup/jans_setup/templates/jans-couchbase.properties b/jans-linux-setup/jans_setup/templates/jans-couchbase.properties
@@ -58,5 +58,7 @@ ssl.trustStore.file: %(couchbaseTrustStoreFn)s
 ssl.trustStore.pin: %(encoded_couchbaseTrustStorePass)s
 ssl.trustStore.type: pkcs12
 
+tls.enable: false
+
 binaryAttributes=objectGUID
 certificateAttributes=userCertificate
diff --git a/...-orm/couchbase/src/main/java/io/jans/orm/couchbase/impl/CouchbaseEntryManagerFactory.java b/...-orm/couchbase/src/main/java/io/jans/orm/couchbase/impl/CouchbaseEntryManagerFactory.java
@@ -24,6 +24,7 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import com.couchbase.client.core.env.SecurityConfig;
 import com.couchbase.client.java.env.ClusterEnvironment;
 
 import io.jans.orm.couchbase.operation.impl.CouchbaseConnectionProvider;
@@ -69,7 +70,14 @@ protected void initInternal() {
             String sslTrustStorePin = couchbaseConnectionProperties.getProperty("ssl.trustStore.pin");
             Optional<String> sslTrustStoreType = Optional.ofNullable(couchbaseConnectionProperties.getProperty("ssl.trustStore.type"));
 
-            clusterEnvironmentBuilder.securityConfig().enableTls(true).trustStore(FileSystems.getDefault().getPath(sslTrustStoreFile), sslTrustStorePin, sslTrustStoreType);
+            SecurityConfig.Builder securityConfigBuilder = clusterEnvironmentBuilder.securityConfig();
+
+            boolean enableTLS = Boolean.valueOf(couchbaseConnectionProperties.getProperty("tls.enable")).booleanValue();
+            if (enableTLS) {
+            	securityConfigBuilder.enableTls(enableTLS);
+            }
+
+            securityConfigBuilder.trustStore(FileSystems.getDefault().getPath(sslTrustStoreFile), sslTrustStorePin, sslTrustStoreType);
         	LOG.info("Configuring builder to enable SSL support");
         } else {
         	clusterEnvironmentBuilder.securityConfig().enableTls(false);