Module org.neo4j.driver
Package org.neo4j.driver

Class Config.TrustStrategy

java.lang.Object
org.neo4j.driver.Config.TrustStrategy
All Implemented Interfaces:
Serializable
Enclosing class:
Config
public static final class Config.TrustStrategy extends Object implements Serializable
Control how the driver determines if it can trust the encryption certificates provided by the Neo4j instance it is connected to.
See Also:

  • Method Details

    • strategy

      public Config.TrustStrategy.Strategy strategy()
      Return the strategy type desired.
      Returns:
      the strategy we should use

    • certFile

      @Deprecated public File certFile()
      Deprecated.
      superseded by certFiles()
      Return the configured certificate file.
      Returns:
      configured certificate or null if trust strategy does not require a certificate.

    • certFiles

      public List<File> certFiles()
      Return the configured certificate files.
      Returns:
      configured certificate files or empty list if trust strategy does not require certificates.

    • isHostnameVerificationEnabled

      public boolean isHostnameVerificationEnabled()
      Check if hostname verification is enabled for this trust strategy.
      Returns:
      true if hostname verification has been enabled via withHostnameVerification(), false otherwise.

    • withHostnameVerification

      public Config.TrustStrategy withHostnameVerification()
      Enable hostname verification for this trust strategy.
      Returns:
      the current trust strategy.

    • withoutHostnameVerification

      public Config.TrustStrategy withoutHostnameVerification()
      Disable hostname verification for this trust strategy.
      Returns:
      the current trust strategy.

    • trustCustomCertificateSignedBy

      public static Config.TrustStrategy trustCustomCertificateSignedBy(File... certFiles)
      Only encrypted connections to Neo4j instances with certificates signed by a trusted certificate will be accepted. The file(s) specified should contain one or more trusted X.509 certificates.

      The certificate(s) in the file(s) must be encoded using PEM encoding, meaning the certificates in the file(s) should be encoded using Base64, and each certificate is bounded at the beginning by "-----BEGIN CERTIFICATE-----", and bounded at the end by "-----END CERTIFICATE-----".

      Parameters:
      certFiles - the trusted certificate files, it must not be null or empty
      Returns:
      an authentication config

    • trustSystemCertificates

      public static Config.TrustStrategy trustSystemCertificates()
      Trust strategy for certificates that can be verified through the local system store.
      Returns:
      an authentication config

    • trustAllCertificates

      public static Config.TrustStrategy trustAllCertificates()
      Trust strategy for certificates that trust all certificates blindly. Suggested to only use this in tests.

      This trust strategy comes with hostname verification turned off by default since driver version 5.0.

      Returns:
      an authentication config
      Since:
      1.1

    • revocationCheckingStrategy

      public RevocationCheckingStrategy revocationCheckingStrategy()
      The revocation strategy used for verifying certificates.
      Returns:
      this Config.TrustStrategy's revocation strategy

    • withoutCertificateRevocationChecks

      public Config.TrustStrategy withoutCertificateRevocationChecks()
      Configures the Config.TrustStrategy to not carry out OCSP revocation checks on certificates. This is the option that is configured by default.
      Returns:
      the current trust strategy

    • withVerifyIfPresentRevocationChecks

      public Config.TrustStrategy withVerifyIfPresentRevocationChecks()
      Configures the Config.TrustStrategy to carry out OCSP revocation checks when the revocation status is stapled to the certificate. If no stapled response is found, then certificate verification continues (and does not fail verification). This setting also requires the server to be configured to enable OCSP stapling.
      Returns:
      the current trust strategy

    • withStrictRevocationChecks

      public Config.TrustStrategy withStrictRevocationChecks()
      Configures the Config.TrustStrategy to carry out strict OCSP revocation checks for revocation status that are stapled to the certificate. If no stapled response is found, then the driver will fail certificate verification and not connect to the server. This setting also requires the server to be configured to enable OCSP stapling.

      Note: enabling this setting will prevent the driver connecting to the server when the server is unable to reach the certificate's configured OCSP responder URL.

      Returns:
      the current trust strategy