From ff35cc80d7868f9c71dbbee3f802145a058ebae0 Mon Sep 17 00:00:00 2001
From: Scott Frederick <sfrederick@vmware.com>
Date: Mon, 24 Apr 2023 14:51:58 -0500
Subject: [PATCH] Allow Couchbase SSL to be enabled without custom trust
 material

Closes gh-35147
---
 .../couchbase/CouchbaseAutoConfiguration.java        | 12 +++++++++---
 .../couchbase/CouchbaseAutoConfigurationTests.java   |  9 +++++++++
 2 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/couchbase/CouchbaseAutoConfiguration.java b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/couchbase/CouchbaseAutoConfiguration.java
index f4e99d186cd..15bd883fef5 100644
--- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/couchbase/CouchbaseAutoConfiguration.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/couchbase/CouchbaseAutoConfiguration.java
@@ -125,8 +125,14 @@ public class CouchbaseAutoConfiguration {
 	}
 
 	private void configureSsl(Builder builder, SslBundles sslBundles) {
-		builder.securityConfig((config) -> config.enableTls(true)
-			.trustManagerFactory(getTrustManagerFactory(this.properties.getEnv().getSsl(), sslBundles)));
+		builder.securityConfig((config) -> {
+			config.enableTls(true);
+			TrustManagerFactory trustManagerFactory = getTrustManagerFactory(this.properties.getEnv().getSsl(),
+					sslBundles);
+			if (trustManagerFactory != null) {
+				config.trustManagerFactory(trustManagerFactory);
+			}
+		});
 	}
 
 	@SuppressWarnings("removal")
@@ -138,7 +144,7 @@ public class CouchbaseAutoConfiguration {
 			SslBundle bundle = sslBundles.getBundle(ssl.getBundle());
 			return bundle.getManagers().getTrustManagerFactory();
 		}
-		throw new IllegalStateException("A key store or bundle must be configured when SSL is enabled");
+		return null;
 	}
 
 	@SuppressWarnings("removal")
diff --git a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/couchbase/CouchbaseAutoConfigurationTests.java b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/couchbase/CouchbaseAutoConfigurationTests.java
index c6db5efff8b..3dc81e27767 100644
--- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/couchbase/CouchbaseAutoConfigurationTests.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/couchbase/CouchbaseAutoConfigurationTests.java
@@ -180,6 +180,15 @@ class CouchbaseAutoConfigurationTests {
 				"spring.couchbase.env.timeouts.analytics=6s", "spring.couchbase.env.timeouts.management=7s");
 	}
 
+	@Test
+	void enableSsl() {
+		testClusterEnvironment((env) -> {
+			SecurityConfig securityConfig = env.securityConfig();
+			assertThat(securityConfig.tlsEnabled()).isTrue();
+			assertThat(securityConfig.trustManagerFactory()).isNull();
+		}, "spring.couchbase.env.ssl.enabled=true");
+	}
+
 	@Test
 	void enableSslWithKeyStore() {
 		testClusterEnvironment((env) -> {