Module com.couchbase.columnar.client.java

Package com.couchbase.columnar.client.java

Class SecurityOptions

java.lang.Object

com.couchbase.columnar.client.java.SecurityOptions

public final class SecurityOptions
extends Object

Method Summary

Modifier and Type	Method	Description
SecurityOptions	cipherSuites(List<String> cipherSuites)
SecurityOptions	disableServerCertificateVerification(boolean disable)	Deprecated. Not really deprecated, but disabling verification is almost always a bad idea.
SecurityOptions	trustOnlyCapella()	Clears any existing trust settings, and tells the SDK to trust only the Capella CA certificates bundled with this SDK.
SecurityOptions	trustOnlyCertificates(List<X509Certificate> certificates)	Clears any existing trust settings, and tells the SDK to trust only the specified certificates.
SecurityOptions	trustOnlyFactory(TrustManagerFactory factory)	Clears any existing trust settings, and tells the SDK to use the specified factory to verify server certificates.
SecurityOptions	trustOnlyJvm()	Clears any existing trust settings, and tells the SDK to trust only the certificates trusted by the Java runtime environment.
SecurityOptions	trustOnlyPemFile(Path pemFile)	Clears any existing trust settings, and tells the SDK to trust only the certificates in the specified PEM file.
SecurityOptions	trustOnlyPemString(String pemEncodedCertificates)	Clears any existing trust settings, and tells the SDK to trust only the PEM-encoded certificates contained in the given string.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details

cipherSuites

public SecurityOptions cipherSuites(List<String> cipherSuites)

Parameters:

cipherSuites - Names of the cipher suites to allow for TLS, or empty list to allow any suite supported by the runtime environment.

trustOnlyCapella

public SecurityOptions trustOnlyCapella()

Clears any existing trust settings, and tells the SDK to trust only the Capella CA certificates bundled with this SDK.

This is the default trust setting.

trustOnlyPemFile

public SecurityOptions trustOnlyPemFile(Path pemFile)

Clears any existing trust settings, and tells the SDK to trust only the certificates in the specified PEM file.

trustOnlyPemString

public SecurityOptions trustOnlyPemString(String pemEncodedCertificates)

Clears any existing trust settings, and tells the SDK to trust only the PEM-encoded certificates contained in the given string.

trustOnlyCertificates

public SecurityOptions trustOnlyCertificates(List<X509Certificate> certificates)

Clears any existing trust settings, and tells the SDK to trust only the specified certificates.

trustOnlyJvm

public SecurityOptions trustOnlyJvm()

Clears any existing trust settings, and tells the SDK to trust only the certificates trusted by the Java runtime environment.

trustOnlyFactory

public SecurityOptions trustOnlyFactory(TrustManagerFactory factory)

Clears any existing trust settings, and tells the SDK to use the specified factory to verify server certificates.

For advanced use cases only.

See Also:

• trustOnlyPemFile(Path)

disableServerCertificateVerification

@Deprecated
public SecurityOptions disableServerCertificateVerification(boolean disable)

Deprecated.

Not really deprecated, but disabling verification is almost always a bad idea.

Server certification verification is enabled by default. You can disable it by passing true to this method, but you almost certainly shouldn't. Instead, call one of the trust methods to tell the SDK which certificates it should trust.

IMPORTANT: Disabling verification is insecure because it exposes you to on-path attacks. Never do this in production. In fact, you probably shouldn't do it anywhere.

Parameters:

disable - If true, the SDK does not verify the certificate presented by the server.

See Also:

• trustOnlyPemFile(Path)
• trustOnlyPemString(String)
• trustOnlyCertificates(List)
• trustOnlyFactory(TrustManagerFactory)