com.couchbase.client.core.env

Class SecurityConfig

java.lang.Object

com.couchbase.client.core.env.SecurityConfig

public class SecurityConfig
extends Object

The SecurityConfig allows to enable transport encryption between the client and the servers.

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	SecurityConfig.Builder This builder allows to customize the default security configuration.

Method Summary

Modifier and Type	Method and Description
static SecurityConfig.Builder	builder() Creates a builder to customize the SecurityConfig configuration.
static SecurityConfig	create() Creates a SecurityConfig with the default configuration.
static List<X509Certificate>	decodeCertificates(List<String> certificates) Helper method to decode string-encoded certificates into their x.509 format.
static SecurityConfig.Builder	enableNativeTls(boolean nativeTlsEnabled) Enables/disables native TLS (enabled by default).
static SecurityConfig.Builder	enableTls(boolean tlsEnabled) Enables TLS for all client/server communication (disabled by default).
boolean	nativeTlsEnabled() Returns whether native TLS is enabled.
boolean	tlsEnabled() True if TLS is enabled, false otherwise.
static SecurityConfig.Builder	trustCertificate(Path certificatePath) Loads a X.509 trust certificate from the given path and uses it.
List<X509Certificate>	trustCertificates() The list of trust certificates that should be used, if present.
static SecurityConfig.Builder	trustCertificates(List<X509Certificate> certificates) Loads the given list of X.509 certificates into the trust store.
TrustManagerFactory	trustManagerFactory() The currently configured trust manager factory, if present.
static SecurityConfig.Builder	trustManagerFactory(TrustManagerFactory trustManagerFactory) Allows to provide a trust manager factory directly for maximum flexibility.
static SecurityConfig.Builder	trustStore(KeyStore trustStore) Initializes the TrustManagerFactory with the given trust store.
static SecurityConfig.Builder	trustStore(Path trustStorePath, String trustStorePassword, Optional<String> trustStoreType) Loads a trust store from a file path and password and initializes the TrustManagerFactory.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

builder

public static SecurityConfig.Builder builder()

Creates a builder to customize the SecurityConfig configuration.

Returns:

the builder to customize.

create

public static SecurityConfig create()

Creates a SecurityConfig with the default configuration.

Returns:

the default security config.

enableTls

public static SecurityConfig.Builder enableTls(boolean tlsEnabled)

Enables TLS for all client/server communication (disabled by default).

Parameters:

tlsEnabled - true if enabled, false otherwise.

Returns:

this SecurityConfig.Builder for chaining purposes.

enableNativeTls

public static SecurityConfig.Builder enableNativeTls(boolean nativeTlsEnabled)

Enables/disables native TLS (enabled by default).

Parameters:

nativeTlsEnabled - true if it should be enabled, false otherwise.

Returns:

this SecurityConfig.Builder for chaining purposes.

trustCertificates

public static SecurityConfig.Builder trustCertificates(List<X509Certificate> certificates)

Loads the given list of X.509 certificates into the trust store.

Parameters:

certificates - the list of certificates to load.

Returns:

this SecurityConfig.Builder for chaining purposes.

trustCertificate

public static SecurityConfig.Builder trustCertificate(Path certificatePath)

Loads a X.509 trust certificate from the given path and uses it.

Parameters:

certificatePath - the path to load the certificate from.

Returns:

this SecurityConfig.Builder for chaining purposes.

trustStore

public static SecurityConfig.Builder trustStore(KeyStore trustStore)

Initializes the TrustManagerFactory with the given trust store.

Parameters:

trustStore - the loaded trust store to use.

Returns:

this SecurityConfig.Builder for chaining purposes.

trustStore

public static SecurityConfig.Builder trustStore(Path trustStorePath,
                                                String trustStorePassword,
                                                Optional<String> trustStoreType)

Loads a trust store from a file path and password and initializes the TrustManagerFactory.

Parameters:

trustStorePath - the path to the truststore.

trustStorePassword - the password (can be null if not password protected).

trustStoreType - the type of the trust store. If empty, the KeyStore.getDefaultType() will be used.

Returns:

this SecurityConfig.Builder for chaining purposes.

trustManagerFactory

public static SecurityConfig.Builder trustManagerFactory(TrustManagerFactory trustManagerFactory)

Allows to provide a trust manager factory directly for maximum flexibility.

While providing the most flexibility, most users will find the other overloads more convenient, like passing in a trustStore(KeyStore) directly or via filepath trustStore(Path, String, Optional).

Parameters:

trustManagerFactory - the trust manager factory to use.

Returns:

this SecurityConfig.Builder for chaining purposes.

tlsEnabled

public boolean tlsEnabled()

True if TLS is enabled, false otherwise.

Returns:

a boolean if tls/transport encryption is enabled.

trustCertificates

public List<X509Certificate> trustCertificates()

The list of trust certificates that should be used, if present.

Returns:

the list of certificates.

trustManagerFactory

public TrustManagerFactory trustManagerFactory()

The currently configured trust manager factory, if present.

Returns:

the trust manager factory.

nativeTlsEnabled

public boolean nativeTlsEnabled()

Returns whether native TLS is enabled.

Returns:

true if enabled, false otherwise.

decodeCertificates

public static List<X509Certificate> decodeCertificates(List<String> certificates)

Helper method to decode string-encoded certificates into their x.509 format.

Parameters:

certificates - the string-encoded certificates.

Returns:

the decoded certs in x.509 format.