Class SecurityOptions
java.lang.Object
com.couchbase.analytics.client.java.SecurityOptions
-
Method Summary
Modifier and TypeMethodDescriptioncipherSuites(List<String> cipherSuites) disableServerCertificateVerification(boolean disable) Deprecated.Not really deprecated, but disabling verification is almost always a bad idea.Clears any existing trust settings, and tells the SDK to trust only the Capella CA certificates bundled with this SDK.trustOnlyCertificates(List<X509Certificate> certificates) Clears any existing trust settings, and tells the SDK to trust only the specified certificates.trustOnlyFactory(TrustManagerFactory factory) Clears any existing trust settings, and tells the SDK to use the specified factory to verify server certificates.Clears any existing trust settings, and tells the SDK to trust only the certificates trusted by the Java runtime environment.Clears any existing trust settings, and tells the SDK to trust only the certificates trusted by the Java runtime environment plus the Capella CA certificates bundled with this SDK.trustOnlyPemFile(Path pemFile) Clears any existing trust settings, and tells the SDK to trust only the certificates in the specified PEM file.trustOnlyPemString(String pemEncodedCertificates) Clears any existing trust settings, and tells the SDK to trust only the PEM-encoded certificates contained in the given string.
-
Method Details
-
cipherSuites
- Parameters:
cipherSuites- Java names of the cipher suites to allow for TLS. The default value is unspecified and may change as the security landscape evolves.
-
trustOnlyCapella
Clears any existing trust settings, and tells the SDK to trust only the Capella CA certificates bundled with this SDK. -
trustOnlyPemFile
Clears any existing trust settings, and tells the SDK to trust only the certificates in the specified PEM file. -
trustOnlyPemString
Clears any existing trust settings, and tells the SDK to trust only the PEM-encoded certificates contained in the given string. -
trustOnlyCertificates
Clears any existing trust settings, and tells the SDK to trust only the specified certificates. -
trustOnlyJvm
Clears any existing trust settings, and tells the SDK to trust only the certificates trusted by the Java runtime environment. -
trustOnlyJvmAndCapella
Clears any existing trust settings, and tells the SDK to trust only the certificates trusted by the Java runtime environment plus the Capella CA certificates bundled with this SDK.This is the default trust setting.
-
trustOnlyFactory
Clears any existing trust settings, and tells the SDK to use the specified factory to verify server certificates.For advanced use cases only.
- See Also:
-
disableServerCertificateVerification
Deprecated.Not really deprecated, but disabling verification is almost always a bad idea.Server certification verification is enabled by default. You can disable it by passing true to this method, but you almost certainly shouldn't. Instead, call one of thetrustmethods to tell the SDK which certificates it should trust.IMPORTANT: Disabling verification is insecure because it exposes you to on-path attacks. Never do this in production. In fact, you probably shouldn't do it anywhere.
- Parameters:
disable- If true, the SDK does not verify the certificate presented by the server.- See Also:
-