com.couchbase.client.core.env

Class SecurityConfig.Builder

java.lang.Object

com.couchbase.client.core.env.SecurityConfig.Builder

Enclosing class:

SecurityConfig

public static class SecurityConfig.Builder
extends Object

This builder allows to customize the default security configuration.

Constructor Summary

Constructors

Constructor and Description
Builder()

Method Summary

Modifier and Type	Method and Description
SecurityConfig	build() Builds the SecurityConfig out of this builder.
SecurityConfig.Builder	ciphers(List<String> ciphers) Allows to customize the list of ciphers that is negotiated with the cluster.
SecurityConfig.Builder	enableHostnameVerification(boolean hostnameVerificationEnabled) Allows to enable or disable hostname verification (enabled by default).
SecurityConfig.Builder	enableNativeTls(boolean nativeTlsEnabled) Enables/disables native TLS (enabled by default).
SecurityConfig.Builder	enableTls(boolean tlsEnabled) Enables TLS for all client/server communication (disabled by default).
SecurityConfig.Builder	trustCertificate(Path certificatePath) Loads a X.509 trust certificate from the given path and uses it.
SecurityConfig.Builder	trustCertificates(List<X509Certificate> certificates) Loads the given list of X.509 certificates into the trust store.
SecurityConfig.Builder	trustManagerFactory(TrustManagerFactory trustManagerFactory) Allows to provide a trust manager factory directly for maximum flexibility.
SecurityConfig.Builder	trustStore(KeyStore trustStore) Initializes the TrustManagerFactory with the given trust store.
SecurityConfig.Builder	trustStore(Path trustStorePath, String trustStorePassword, Optional<String> trustStoreType) Loads a trust store from a file path and password and initializes the TrustManagerFactory.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

Builder

public Builder()

Method Detail

build

public SecurityConfig build()

Builds the SecurityConfig out of this builder.

Returns:

the built security config.

enableTls

public SecurityConfig.Builder enableTls(boolean tlsEnabled)

Enables TLS for all client/server communication (disabled by default).

Parameters:

tlsEnabled - true if enabled, false otherwise.

Returns:

this SecurityConfig.Builder for chaining purposes.

enableHostnameVerification

public SecurityConfig.Builder enableHostnameVerification(boolean hostnameVerificationEnabled)

Allows to enable or disable hostname verification (enabled by default).

Note that disabling hostname verification will cause the TLS connection to not verify that the hostname/ip is actually part of the certificate and as a result not detect certain kinds of attacks. Only disable if you understand the impact and risks!

Parameters:

hostnameVerificationEnabled - set to true if it should be enabled, false for disabled.

Returns:

this SecurityConfig.Builder for chaining purposes.

enableNativeTls

public SecurityConfig.Builder enableNativeTls(boolean nativeTlsEnabled)

Enables/disables native TLS (enabled by default).

Parameters:

nativeTlsEnabled - true if it should be enabled, false otherwise.

Returns:

this SecurityConfig.Builder for chaining purposes.

trustCertificates

public SecurityConfig.Builder trustCertificates(List<X509Certificate> certificates)

Loads the given list of X.509 certificates into the trust store.

Parameters:

certificates - the list of certificates to load.

Returns:

this SecurityConfig.Builder for chaining purposes.

trustCertificate

public SecurityConfig.Builder trustCertificate(Path certificatePath)

Loads a X.509 trust certificate from the given path and uses it.

Parameters:

certificatePath - the path to load the certificate from.

Returns:

this SecurityConfig.Builder for chaining purposes.

trustManagerFactory

public SecurityConfig.Builder trustManagerFactory(TrustManagerFactory trustManagerFactory)

Allows to provide a trust manager factory directly for maximum flexibility.

While providing the most flexibility, most users will find the other overloads more convenient, like passing in a trustStore(KeyStore) directly or via filepath trustStore(Path, String, Optional).

Parameters:

trustManagerFactory - the trust manager factory to use.

Returns:

this SecurityConfig.Builder for chaining purposes.

trustStore

public SecurityConfig.Builder trustStore(KeyStore trustStore)

Initializes the TrustManagerFactory with the given trust store.

Parameters:

trustStore - the loaded trust store to use.

Returns:

this SecurityConfig.Builder for chaining purposes.

trustStore

public SecurityConfig.Builder trustStore(Path trustStorePath,
                                         String trustStorePassword,
                                         Optional<String> trustStoreType)

Loads a trust store from a file path and password and initializes the TrustManagerFactory.

Parameters:

trustStorePath - the path to the truststore.

trustStorePassword - the password (can be null if not password protected).

trustStoreType - the type of the trust store. If empty, the KeyStore.getDefaultType() will be used.

Returns:

this SecurityConfig.Builder for chaining purposes.

ciphers

public SecurityConfig.Builder ciphers(List<String> ciphers)

Allows to customize the list of ciphers that is negotiated with the cluster.

Note that this method is considered advanced API, please only customize the cipher list if you know what you are doing (for example if you want to shrink the cipher list down to a very specific subset for security or compliance reasons).

If no custom ciphers are configured, the default set will be used.

If you wish to add additional ciphers instead of providing an exclusive list, you can use the static SecurityConfig.defaultCiphers(boolean) method to load the default list first, add your own ciphers and then pass it into this method.

Parameters:

ciphers - the custom list of ciphers to use.

Returns:

this SecurityConfig.Builder for chaining purposes.