Package org.postgresql.ssl
Class SingleCertValidatingFactory
- java.lang.Object
-
- javax.net.SocketFactory
-
- javax.net.ssl.SSLSocketFactory
-
- org.postgresql.ssl.WrappedFactory
-
- org.postgresql.ssl.SingleCertValidatingFactory
-
public class SingleCertValidatingFactory extends WrappedFactory
Provides a SSLSocketFactory that authenticates the remote server against an explicit pre-shared SSL certificate. This is more secure than using the NonValidatingFactory as it prevents "man in the middle" attacks. It is also more secure than relying on a central CA signing your server's certificate as it pins the server's certificate.This class requires a single String parameter specified by setting the connection property
sslfactoryarg
. The value of this property is the PEM-encoded remote server's SSL certificate.Where the certificate is loaded from is based upon the prefix of the
sslfactoryarg
Prefix Example Explanation classpath:
classpath:ssl/server.crt
Loaded from the classpath. file:
file:/foo/bar/server.crt
Loaded from the filesystem. env:
env:mydb_cert
Loaded from string value of the mydb_cert
sys:
sys:mydb_cert
Loaded from string value of the mydb_cert
-----BEGIN CERTIFICATE------
-----BEGIN CERTIFICATE----- MIIDQzCCAqygAwIBAgIJAOd1tlfiGoEoMA0GCSqGSIb3DQEBBQUAMHUxCzAJBgNV [... truncated ...] UCmmYqgiVkAGWRETVo+byOSDZ4swb10= -----END CERTIFICATE-----
Loaded from string value of the argument.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description class
SingleCertValidatingFactory.SingleCertTrustManager
-
Field Summary
-
Fields inherited from class org.postgresql.ssl.WrappedFactory
_factory
-
-
Constructor Summary
Constructors Constructor Description SingleCertValidatingFactory(java.lang.String sslFactoryArg)
-
Method Summary
-
Methods inherited from class org.postgresql.ssl.WrappedFactory
createSocket, createSocket, createSocket, createSocket, createSocket, getDefaultCipherSuites, getSupportedCipherSuites
-
-