java.lang.Object
org.neo4j.driver.Config.TrustStrategy
- All Implemented Interfaces:
Serializable
- Enclosing class:
- Config
Control how the driver determines if it can trust the encryption certificates provided by the Neo4j instance it is connected to.
- See Also:
-
Nested Class Summary
Modifier and TypeClassDescriptionstatic enum
The trust strategy that the driver supports -
Method Summary
Modifier and TypeMethodDescriptioncertFile()
Deprecated.Return the configured certificate files.boolean
Check if hostname verification is enabled for this trust strategy.The revocation strategy used for verifying certificates.strategy()
Return the strategy type desired.static Config.TrustStrategy
Trust strategy for certificates that trust all certificates blindly.static Config.TrustStrategy
trustCustomCertificateSignedBy
(File... certFiles) Only encrypted connections to Neo4j instances with certificates signed by a trusted certificate will be accepted.static Config.TrustStrategy
Trust strategy for certificates that can be verified through the local system store.Enable hostname verification for this trust strategy.Configures theConfig.TrustStrategy
to not carry out OCSP revocation checks on certificates.Disable hostname verification for this trust strategy.Configures theConfig.TrustStrategy
to carry out strict OCSP revocation checks for revocation status that are stapled to the certificate.Configures theConfig.TrustStrategy
to carry out OCSP revocation checks when the revocation status is stapled to the certificate.
-
Method Details
-
strategy
Return the strategy type desired.- Returns:
- the strategy we should use
-
certFile
Deprecated.superseded bycertFiles()
Return the configured certificate file.- Returns:
- configured certificate or
null
if trust strategy does not require a certificate.
-
certFiles
Return the configured certificate files.- Returns:
- configured certificate files or empty list if trust strategy does not require certificates.
-
isHostnameVerificationEnabled
public boolean isHostnameVerificationEnabled()Check if hostname verification is enabled for this trust strategy.- Returns:
true
if hostname verification has been enabled viawithHostnameVerification()
,false
otherwise.
-
withHostnameVerification
Enable hostname verification for this trust strategy.- Returns:
- the current trust strategy.
-
withoutHostnameVerification
Disable hostname verification for this trust strategy.- Returns:
- the current trust strategy.
-
trustCustomCertificateSignedBy
Only encrypted connections to Neo4j instances with certificates signed by a trusted certificate will be accepted. The file(s) specified should contain one or more trusted X.509 certificates.The certificate(s) in the file(s) must be encoded using PEM encoding, meaning the certificates in the file(s) should be encoded using Base64, and each certificate is bounded at the beginning by "-----BEGIN CERTIFICATE-----", and bounded at the end by "-----END CERTIFICATE-----".
- Parameters:
certFiles
- the trusted certificate files, it must not benull
or empty- Returns:
- an authentication config
-
trustSystemCertificates
Trust strategy for certificates that can be verified through the local system store.- Returns:
- an authentication config
-
trustAllCertificates
Trust strategy for certificates that trust all certificates blindly. Suggested to only use this in tests.This trust strategy comes with hostname verification turned off by default since driver version 5.0.
- Returns:
- an authentication config
- Since:
- 1.1
-
revocationCheckingStrategy
The revocation strategy used for verifying certificates.- Returns:
- this
Config.TrustStrategy
's revocation strategy
-
withoutCertificateRevocationChecks
Configures theConfig.TrustStrategy
to not carry out OCSP revocation checks on certificates. This is the option that is configured by default.- Returns:
- the current trust strategy
-
withVerifyIfPresentRevocationChecks
Configures theConfig.TrustStrategy
to carry out OCSP revocation checks when the revocation status is stapled to the certificate. If no stapled response is found, then certificate verification continues (and does not fail verification). This setting also requires the server to be configured to enable OCSP stapling.- Returns:
- the current trust strategy
-
withStrictRevocationChecks
Configures theConfig.TrustStrategy
to carry out strict OCSP revocation checks for revocation status that are stapled to the certificate. If no stapled response is found, then the driver will fail certificate verification and not connect to the server. This setting also requires the server to be configured to enable OCSP stapling.Note: enabling this setting will prevent the driver connecting to the server when the server is unable to reach the certificate's configured OCSP responder URL.
- Returns:
- the current trust strategy
-
certFiles()