Package com.couchbase.client.core.env
Class SecurityConfig
- java.lang.Object
-
- com.couchbase.client.core.env.SecurityConfig
-
public class SecurityConfig extends Object
TheSecurityConfigallows to enable transport encryption between the client and the servers.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static classSecurityConfig.BuilderThis builder allows to customize the default security configuration.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description static SecurityConfig.Builderbuilder()Creates a builder to customize theSecurityConfigconfiguration.static SecurityConfigcreate()Creates aSecurityConfigwith the default configuration.static List<X509Certificate>decodeCertificates(List<String> certificates)Helper method to decode string-encoded certificates into their x.509 format.static SecurityConfig.BuilderenableNativeTls(boolean nativeTlsEnabled)Enables/disables native TLS (enabled by default).static SecurityConfig.BuilderenableTls(boolean tlsEnabled)Enables TLS for all client/server communication (disabled by default).booleannativeTlsEnabled()Returns whether native TLS is enabled.booleantlsEnabled()True if TLS is enabled, false otherwise.static SecurityConfig.BuildertrustCertificate(Path certificatePath)Loads a X.509 trust certificate from the given path and uses it.List<X509Certificate>trustCertificates()The list of trust certificates that should be used, if present.static SecurityConfig.BuildertrustCertificates(List<X509Certificate> certificates)Loads the given list of X.509 certificates into the trust store.TrustManagerFactorytrustManagerFactory()The currently configured trust manager factory, if present.static SecurityConfig.BuildertrustManagerFactory(TrustManagerFactory trustManagerFactory)Allows to provide a trust manager factory directly for maximum flexibility.static SecurityConfig.BuildertrustStore(Path trustStorePath, String trustStorePassword, Optional<String> trustStoreType)Loads a trust store from a file path and password and initializes theTrustManagerFactory.static SecurityConfig.BuildertrustStore(KeyStore trustStore)Initializes theTrustManagerFactorywith the given trust store.
-
-
-
Method Detail
-
builder
public static SecurityConfig.Builder builder()
Creates a builder to customize theSecurityConfigconfiguration.- Returns:
- the builder to customize.
-
create
public static SecurityConfig create()
Creates aSecurityConfigwith the default configuration.- Returns:
- the default security config.
-
enableTls
public static SecurityConfig.Builder enableTls(boolean tlsEnabled)
Enables TLS for all client/server communication (disabled by default).- Parameters:
tlsEnabled- true if enabled, false otherwise.- Returns:
- this
SecurityConfig.Builderfor chaining purposes.
-
enableNativeTls
public static SecurityConfig.Builder enableNativeTls(boolean nativeTlsEnabled)
Enables/disables native TLS (enabled by default).- Parameters:
nativeTlsEnabled- true if it should be enabled, false otherwise.- Returns:
- this
SecurityConfig.Builderfor chaining purposes.
-
trustCertificates
public static SecurityConfig.Builder trustCertificates(List<X509Certificate> certificates)
Loads the given list of X.509 certificates into the trust store.- Parameters:
certificates- the list of certificates to load.- Returns:
- this
SecurityConfig.Builderfor chaining purposes.
-
trustCertificate
public static SecurityConfig.Builder trustCertificate(Path certificatePath)
Loads a X.509 trust certificate from the given path and uses it.- Parameters:
certificatePath- the path to load the certificate from.- Returns:
- this
SecurityConfig.Builderfor chaining purposes.
-
trustStore
public static SecurityConfig.Builder trustStore(KeyStore trustStore)
Initializes theTrustManagerFactorywith the given trust store.- Parameters:
trustStore- the loaded trust store to use.- Returns:
- this
SecurityConfig.Builderfor chaining purposes.
-
trustStore
public static SecurityConfig.Builder trustStore(Path trustStorePath, String trustStorePassword, Optional<String> trustStoreType)
Loads a trust store from a file path and password and initializes theTrustManagerFactory.- Parameters:
trustStorePath- the path to the truststore.trustStorePassword- the password (can be null if not password protected).trustStoreType- the type of the trust store. If empty, theKeyStore.getDefaultType()will be used.- Returns:
- this
SecurityConfig.Builderfor chaining purposes.
-
trustManagerFactory
public static SecurityConfig.Builder trustManagerFactory(TrustManagerFactory trustManagerFactory)
Allows to provide a trust manager factory directly for maximum flexibility.While providing the most flexibility, most users will find the other overloads more convenient, like passing in a
trustStore(KeyStore)directly or via filepathtrustStore(Path, String, Optional).- Parameters:
trustManagerFactory- the trust manager factory to use.- Returns:
- this
SecurityConfig.Builderfor chaining purposes.
-
tlsEnabled
public boolean tlsEnabled()
True if TLS is enabled, false otherwise.- Returns:
- a boolean if tls/transport encryption is enabled.
-
trustCertificates
public List<X509Certificate> trustCertificates()
The list of trust certificates that should be used, if present.- Returns:
- the list of certificates.
-
trustManagerFactory
public TrustManagerFactory trustManagerFactory()
The currently configured trust manager factory, if present.- Returns:
- the trust manager factory.
-
nativeTlsEnabled
public boolean nativeTlsEnabled()
Returns whether native TLS is enabled.- Returns:
- true if enabled, false otherwise.
-
decodeCertificates
public static List<X509Certificate> decodeCertificates(List<String> certificates)
Helper method to decode string-encoded certificates into their x.509 format.- Parameters:
certificates- the string-encoded certificates.- Returns:
- the decoded certs in x.509 format.
-
-