Package com.couchbase.client.core.env

Class SecurityConfig.Builder

java.lang.Object
com.couchbase.client.core.env.SecurityConfig.Builder
Enclosing class:
SecurityConfig
public static class SecurityConfig.Builder
extends Object
This builder allows to customize the default security configuration.

  • Constructor Details

    • Builder

      public Builder()

  • Method Details

    • build

      public SecurityConfig build()
      Builds the SecurityConfig out of this builder.
      Returns:
      the built security config.

    • enableTls

      public SecurityConfig.Builder enableTls​(boolean tlsEnabled)
      Enables TLS for all client/server communication (disabled by default).
      Parameters:
      tlsEnabled - true if enabled, false otherwise.
      Returns:
      this SecurityConfig.Builder for chaining purposes.

    • enableHostnameVerification

      public SecurityConfig.Builder enableHostnameVerification​(boolean hostnameVerificationEnabled)
      Allows to enable or disable hostname verification (enabled by default).

      Note that disabling hostname verification will cause the TLS connection to not verify that the hostname/ip is actually part of the certificate and as a result not detect certain kinds of attacks. Only disable if you understand the impact and risks!

      Parameters:
      hostnameVerificationEnabled - set to true if it should be enabled, false for disabled.
      Returns:
      this SecurityConfig.Builder for chaining purposes.

    • enableNativeTls

      public SecurityConfig.Builder enableNativeTls​(boolean nativeTlsEnabled)
      Enables/disables native TLS (enabled by default).
      Parameters:
      nativeTlsEnabled - true if it should be enabled, false otherwise.
      Returns:
      this SecurityConfig.Builder for chaining purposes.

    • trustCertificates

      public SecurityConfig.Builder trustCertificates​(List<X509Certificate> certificates)
      Loads the given list of X.509 certificates into the trust store.
      Parameters:
      certificates - the list of certificates to load.
      Returns:
      this SecurityConfig.Builder for chaining purposes.

    • trustCertificate

      public SecurityConfig.Builder trustCertificate​(Path certificatePath)
      Loads a X.509 trust certificate from the given path and uses it.
      Parameters:
      certificatePath - the path to load the certificate from.
      Returns:
      this SecurityConfig.Builder for chaining purposes.

    • trustManagerFactory

      public SecurityConfig.Builder trustManagerFactory​(TrustManagerFactory trustManagerFactory)
      Allows to provide a trust manager factory directly for maximum flexibility.

      While providing the most flexibility, most users will find the other overloads more convenient, like passing in a trustStore(KeyStore) directly or via filepath trustStore(Path, String, Optional).

      Parameters:
      trustManagerFactory - the trust manager factory to use.
      Returns:
      this SecurityConfig.Builder for chaining purposes.

    • trustStore

      public SecurityConfig.Builder trustStore​(KeyStore trustStore)
      Initializes the TrustManagerFactory with the given trust store.
      Parameters:
      trustStore - the loaded trust store to use.
      Returns:
      this SecurityConfig.Builder for chaining purposes.

    • trustStore

      public SecurityConfig.Builder trustStore​(Path trustStorePath, String trustStorePassword, Optional<String> trustStoreType)
      Loads a trust store from a file path and password and initializes the TrustManagerFactory.
      Parameters:
      trustStorePath - the path to the truststore.
      trustStorePassword - the password (can be null if not password protected).
      trustStoreType - the type of the trust store. If empty, the KeyStore.getDefaultType() will be used.
      Returns:
      this SecurityConfig.Builder for chaining purposes.