Uploaded image for project: 'Couchbase Java Client'
  1. Couchbase Java Client
  2. JCBC-1593

certPath param in sdk 3 vs sdk 2

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Incomplete
    • None
    • None
    • None
    • None

    Description

      The certpath seems to be quite different from the previous version. It seems that the certpath needs to be a directing containing pem files, and the pem files must have the name given in the cluster.bucket(...) call (which would normally be the bucketname, but it doesn't seem to matter, as long as the pem file with that name exists)
      connecting-ssl.js 
      // Require Couchbase Module
      var couchbase = require('couchbase');

      // Require Couchbase Module
      var couchbase = require('couchbase');

      /*

      • Put Self-Signed Cluster Certificate from the cluster
      • $ curl http://localhost:8091/pools/default/certificate -o /tmp/junk.pem
        */

        // Setup Cluster Connection Object - must include the bucket name
        // incorrect bucket name here will get you BUCKET_NOT_FOUND

        var connString = 'couchbases://127.0.0.1/travel-sample?certpath=/tmp';

        // Setup Cluster Connection Object

        const options = {username: 'Administrator', password: 'password'}

        ;
        var cluster = new couchbase.Cluster(connString,options);

        // Setup Bucket object to be reused within the code
        //
        // specify bucket again. Actually this does appear to be used for the
        // name of the bucket. It must be the name of the pem file withing
        // the certpath directory.
        // Mess that up and you will get a generic SSL ERROR
        //
        const bucket = cluster.bucket("junk.pem"); // specify bucket (again)
        const collection = bucket.defaultCollection();
        const docKey='airport_1254';

        try {
        res= collection.get(docKey,

        {timeout:10}

        ,
        (err,res)=>

        { if(res)console.log("================== res: "+JSON.stringify(res)); if(err)console.log("================== err: "+err); }

        ).catch((e)=>

        {done=true; console.log(e)}

        );
        }catch(e)

        { e.printStackTrace(); }

        console.log(" ***************** press control-c to exit ***************");
        var http = require('http');
        http.createServer(function (req, res) {
        res.writeHead(200,

        {'Content-Type': 'text/plain'}

        );
        res.write('Hello World!');
        res.end();
        }).listen(8080);
         

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          michael.reiche Michael Reiche added a comment - - edited

          A similar issue exists for the connecting-cert-auth.js example.

          This code from connection.js sheds some light on the issue.  Whatever is given as the bucketname in  cluster.bucket(<bucketname>) is appended on to the connStr - so it had better complete the last query param.

          In this case, leaving the 'client.key' off of the keypath, and specifying a bucketname of "client.key" allows it to work.

          couchbases://127.0.0.1/travel-sample?truststorepath=/Users/michaelreiche/git/docs-sdk-nodejs/modules/devguide/examples/nodejs/../etc/x509-cert/SSLCA/clientdir/trust.pem&certpath=/Users/michaelreiche/git/docs-sdk-nodejs/modules/devguide/examples/nodejs/../etc/x509-cert/SSLCA/clientdir/client.pem&keypath=/Users/michaelreiche/git/docs-sdk-nodejs/modules/devguide/examples/nodejs/../etc/x509-cert/SSLCA/clientdir//client.key

          53     var connType = binding.LCB_TYPE_CLUSTER;
          54     var connStr = opts.connStr;
          55     if (opts.bucketName)

          { 56       connType = binding.LCB_TYPE_BUCKET; 57       connStr += '/' + opts.bucketName; 58     }

          I suspect that code should put the bucketName at the beginning of the url-context (if it is not already there).

          I don't know what the case is for not having a bucketname (i.e. connType = LCB_TYPE_CLUSTER)

           

          michael.reiche Michael Reiche added a comment - - edited A similar issue exists for the connecting-cert-auth.js example. This code from connection.js sheds some light on the issue.  Whatever is given as the bucketname in  cluster.bucket(<bucketname>) is appended on to the connStr - so it had better complete the last query param. In this case, leaving the 'client.key' off of the keypath, and specifying a bucketname of "client.key" allows it to work. couchbases://127.0.0.1/travel-sample?truststorepath=/Users/michaelreiche/git/docs-sdk-nodejs/modules/devguide/examples/nodejs/../etc/x509-cert/SSLCA/clientdir/trust.pem&certpath=/Users/michaelreiche/git/docs-sdk-nodejs/modules/devguide/examples/nodejs/../etc/x509-cert/SSLCA/clientdir/client.pem&keypath=/Users/michaelreiche/git/docs-sdk-nodejs/modules/devguide/examples/nodejs/../etc/x509-cert/SSLCA/clientdir//client.key 53     var connType = binding.LCB_TYPE_CLUSTER; 54     var connStr = opts.connStr; 55     if (opts.bucketName) { 56       connType = binding.LCB_TYPE_BUCKET; 57       connStr += '/' + opts.bucketName; 58     } I suspect that code should put the bucketName at the beginning of the url-context (if it is not already there). I don't know what the case is for not having a bucketname (i.e. connType = LCB_TYPE_CLUSTER)  
          michael.reiche Michael Reiche added a comment - Replaced this bug with  https://issues.couchbase.com/browse/JSCBC-684   

          People

            daschl Michael Nitschinger
            michael.reiche Michael Reiche
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes

                PagerDuty