Package com.couchbase.client.core.env

Class SecurityConfig.Builder

  • Enclosing class:
    SecurityConfig
    public static class SecurityConfig.Builder
extends Object
    This builder allows to customize the default security configuration.

    • Constructor Detail

      • Builder

        public Builder()

    • Method Detail

      • enableTls

        public SecurityConfig.Builder enableTls​(boolean tlsEnabled)
        Enables TLS for all client/server communication (disabled by default).
        Parameters:
        tlsEnabled - true if enabled, false otherwise.
        Returns:
        this SecurityConfig.Builder for chaining purposes.

      • enableHostnameVerification

        public SecurityConfig.Builder enableHostnameVerification​(boolean hostnameVerificationEnabled)
        Allows to enable or disable hostname verification (enabled by default).

        Note that disabling hostname verification will cause the TLS connection to not verify that the hostname/ip is actually part of the certificate and as a result not detect certain kinds of attacks. Only disable if you understand the impact and risks!

        Parameters:
        hostnameVerificationEnabled - set to true if it should be enabled, false for disabled.
        Returns:
        this SecurityConfig.Builder for chaining purposes.

      • enableNativeTls

        public SecurityConfig.Builder enableNativeTls​(boolean nativeTlsEnabled)
        Enables/disables native TLS (enabled by default).
        Parameters:
        nativeTlsEnabled - true if it should be enabled, false otherwise.
        Returns:
        this SecurityConfig.Builder for chaining purposes.

      • trustCertificate

        public SecurityConfig.Builder trustCertificate​(Path certificatePath)
        Loads X.509 certificates from the file at the given path into the trust store.

        TIP: If you have multiple certificate files in PEM format (for example, "cert1.pem" and "cert2.pem"), and you want to create a single PEM file containing all the certificates, concatenate the PEM files using this shell command: 

         $ cat cert1.pem cert2.pem > both-certs.pem
        Then, when configuring the SDK, call this method with the path to `both-certs.pem` as the argument.
        Parameters:
        certificatePath - the file to load the certificates from.
        Returns:
        this SecurityConfig.Builder for chaining purposes.

      • ciphers

        public SecurityConfig.Builder ciphers​(List<String> ciphers)
        Allows to customize the list of ciphers that is negotiated with the cluster.

        Note that this method is considered advanced API, please only customize the cipher list if you know what you are doing (for example if you want to shrink the cipher list down to a very specific subset for security or compliance reasons).

        If no custom ciphers are configured, the default set will be used.

        If you wish to add additional ciphers instead of providing an exclusive list, you can use the static SecurityConfig.defaultCiphers(boolean) method to load the default list first, add your own ciphers and then pass it into this method.

        Parameters:
        ciphers - the custom list of ciphers to use.
        Returns:
        this SecurityConfig.Builder for chaining purposes.