Provides a SSLSocketFactory that authenticates the remote server against
an explicit pre-shared SSL certificate. This is more secure than using the
NonValidatingFactory as it prevents "man in the middle" attacks. It is also
more secure than relying on a central CA signing your server's certificate
as it pins the server's certificate.
This class requires a single String parameter specified by setting
the connection property sslfactoryarg. The value of this property
is the PEM-encoded remote server's SSL certificate.
Where the certificate is loaded from is based upon the prefix of the
sslfactoryarg
property. The following table lists the valid
set of prefixes.
| Prefix |
Example |
Explanation |
classpath:
|
classpath:ssl/server.crt
|
Loaded from the classpath. |
file:
|
file:/foo/bar/server.crt
|
Loaded from the filesystem. |
env:
|
env:mydb_cert
|
Loaded from string value of the mydb_cert
environment variable. |
sys:
|
sys:mydb_cert
|
Loaded from string value of the mydb_cert
system property. |
-----BEGIN CERTIFICATE------ |
-----BEGIN CERTIFICATE-----
MIIDQzCCAqygAwIBAgIJAOd1tlfiGoEoMA0GCSqGSIb3DQEBBQUAMHUxCzAJBgNV
[... truncated ...]
UCmmYqgiVkAGWRETVo+byOSDZ4swb10=
-----END CERTIFICATE-----
|
Loaded from string value of the argument. |