Configure TLS in CouchDBClient

12 views
Skip to first unread message

Hernan Pepe Petersen

unread,
Jan 29, 2018, 10:20:53 AM1/29/18
to LightCouch
Hi, 

Is it possible to configure a custom SSL socket factory for the CouchDBClient. I need to configure it with loadKeyMaterial and my own keystore. because I'm using a wrapper for my CouchDB instance which uses mutual TLS Auth. I've tried to extend the existing clients but it looks like it's no possible since most of the methods are private to the package. Can you point me to the right way of doing this? With Ektorp I was using this code, but I had an issue with how it's handling the secure connections so I'm looking for alternatives.


        private KeyStore loadKeyStore() throws IOException, KeyStoreException, NoSuchAlgorithmException, CertificateException {

KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());

InputStream instream = this.keyStoreResource.getInputStream();

keyStore.load(instream, keyStorePassword.toCharArray());

instream.close();

return keyStore;

}

@PostConstruct

private void init() throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, KeyManagementException, UnrecoverableKeyException {

SSLContext sslContext = new SSLContextBuilder()

.loadKeyMaterial(

this.loadKeyStore(),

keyStorePassword.toCharArray()

).build();

SSLSocketFactory socketFactory = 

new SSLSocketFactory(sslContext);


HttpClient authenticatedHttpClient = new StdHttpClient.Builder()

                .url(dbUrl)

                .username(dbUser)

                .password(dbPassword)

                .enableSSL(true)

                .sslSocketFactory(socketFactory)

                .socketTimeout(dbTimeout)

                .build();


CouchDbInstance dbInstance = new StdCouchDbInstance(authenticatedHttpClient);

this.db = new StdCouchDbConnector("tc-user", dbInstance);

db.createDatabaseIfNotExists();

}


Thanks in advance, Hernan.

LightCouch

unread,
Jan 30, 2018, 12:39:33 PM1/30/18
to LightCouch
Hi,

You are correct - currently there is no way to achieve that..
There is a new release coming up should address the limitation, to allow setting a custom SSLContext, perhaps through org.lightcouch.CouchDbProperties

Cheers
Reply all
Reply to author
Forward
0 new messages