org.postgresql.ssl
Class SingleCertValidatingFactory
java.lang.Object
javax.net.SocketFactory
javax.net.ssl.SSLSocketFactory
org.postgresql.ssl.WrappedFactory
org.postgresql.ssl.SingleCertValidatingFactory
public class SingleCertValidatingFactory
- extends WrappedFactory
Provides a SSLSocketFactory that authenticates the remote server against
an explicit pre-shared SSL certificate. This is more secure than using the
NonValidatingFactory as it prevents "man in the middle" attacks. It is also
more secure than relying on a central CA signing your server's certificate
as it pins the server's certificate.
This class requires a single String parameter specified by setting
the connection property sslfactoryarg. The value of this property
is the PEM-encoded remote server's SSL certificate.
Where the certificate is loaded from is based upon the prefix of the
sslfactoryarg
property. The following table lists the valid
set of prefixes.
| Prefix |
Example |
Explanation |
classpath:
|
classpath:ssl/server.crt
|
Loaded from the classpath. |
file:
|
file:/foo/bar/server.crt
|
Loaded from the filesystem. |
env:
|
env:mydb_cert
|
Loaded from string value of the mydb_cert
environment variable. |
sys:
|
sys:mydb_cert
|
Loaded from string value of the mydb_cert
system property. |
-----BEGIN CERTIFICATE------ |
-----BEGIN CERTIFICATE-----
MIIDQzCCAqygAwIBAgIJAOd1tlfiGoEoMA0GCSqGSIb3DQEBBQUAMHUxCzAJBgNV
[... truncated ...]
UCmmYqgiVkAGWRETVo+byOSDZ4swb10=
-----END CERTIFICATE-----
|
Loaded from string value of the argument. |
| Methods inherited from class javax.net.ssl.SSLSocketFactory |
getDefault |
| Methods inherited from class javax.net.SocketFactory |
createSocket |
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
SingleCertValidatingFactory
public SingleCertValidatingFactory(java.lang.String sslFactoryArg)
throws java.security.GeneralSecurityException
- Throws:
java.security.GeneralSecurityException