org.neo4j.driver

Class Config.TrustStrategy

java.lang.Object

org.neo4j.driver.Config.TrustStrategy

All Implemented Interfaces:

Serializable

Enclosing class:

Config

public static class Config.TrustStrategy
extends Object
implements Serializable

Control how the driver determines if it can trust the encryption certificates provided by the Neo4j instance it is connected to.

See Also:

Serialized Form

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	Config.TrustStrategy.Strategy The trust strategy that the driver supports

Method Summary

Modifier and Type	Method and Description
File	certFile() Return the configured certificate file.
boolean	isHostnameVerificationEnabled() Check if hostname verification is enabled for this trust strategy.
org.neo4j.driver.internal.RevocationStrategy	revocationStrategy() The revocation strategy used for verifying certificates.
Config.TrustStrategy.Strategy	strategy() Return the strategy type desired.
static Config.TrustStrategy	trustAllCertificates() Trust strategy for certificates that trust all certificates blindly.
static Config.TrustStrategy	trustCustomCertificateSignedBy(File certFile) Only encrypted connections to Neo4j instances with certificates signed by a trusted certificate will be accepted.
static Config.TrustStrategy	trustSystemCertificates() Trust strategy for certificates that can be verified through the local system store.
Config.TrustStrategy	withHostnameVerification() Enable hostname verification for this trust strategy.
Config.TrustStrategy	withoutCertificateRevocationChecks() Configures the Config.TrustStrategy to not carry out OCSP revocation checks on certificates.
Config.TrustStrategy	withoutHostnameVerification() Disable hostname verification for this trust strategy.
Config.TrustStrategy	withStrictRevocationChecks() Configures the Config.TrustStrategy to carry out strict OCSP revocation checks for revocation status that are stapled to the certificate.
Config.TrustStrategy	withVerifyIfPresentRevocationChecks() Configures the Config.TrustStrategy to carry out OCSP revocation checks when the revocation status is stapled to the certificate.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

strategy

public Config.TrustStrategy.Strategy strategy()

Return the strategy type desired.

Returns:

the strategy we should use

certFile

public File certFile()

Return the configured certificate file.

Returns:

configured certificate or null if trust strategy does not require a certificate.

isHostnameVerificationEnabled

public boolean isHostnameVerificationEnabled()

Check if hostname verification is enabled for this trust strategy.

Returns:

true if hostname verification has been enabled via withHostnameVerification(), false otherwise.

withHostnameVerification

public Config.TrustStrategy withHostnameVerification()

Enable hostname verification for this trust strategy.

Returns:

the current trust strategy.

withoutHostnameVerification

public Config.TrustStrategy withoutHostnameVerification()

Disable hostname verification for this trust strategy.

Returns:

the current trust strategy.

trustCustomCertificateSignedBy

public static Config.TrustStrategy trustCustomCertificateSignedBy(File certFile)

Only encrypted connections to Neo4j instances with certificates signed by a trusted certificate will be accepted. The file specified should contain one or more trusted X.509 certificates.

The certificate(s) in the file must be encoded using PEM encoding, meaning the certificates in the file should be encoded using Base64, and each certificate is bounded at the beginning by "-----BEGIN CERTIFICATE-----", and bounded at the end by "-----END CERTIFICATE-----".

Parameters:

certFile - the trusted certificate file

Returns:

an authentication config

trustSystemCertificates

public static Config.TrustStrategy trustSystemCertificates()

Trust strategy for certificates that can be verified through the local system store.

Returns:

an authentication config

trustAllCertificates

public static Config.TrustStrategy trustAllCertificates()

Trust strategy for certificates that trust all certificates blindly. Suggested to only use this in tests.

Returns:

an authentication config

Since:

1.1

revocationStrategy

public org.neo4j.driver.internal.RevocationStrategy revocationStrategy()

The revocation strategy used for verifying certificates.

Returns:

this Config.TrustStrategy's revocation strategy

withoutCertificateRevocationChecks

public Config.TrustStrategy withoutCertificateRevocationChecks()

Configures the Config.TrustStrategy to not carry out OCSP revocation checks on certificates. This is the option that is configured by default.

Returns:

the current trust strategy

withVerifyIfPresentRevocationChecks

public Config.TrustStrategy withVerifyIfPresentRevocationChecks()

Configures the Config.TrustStrategy to carry out OCSP revocation checks when the revocation status is stapled to the certificate. If no stapled response is found, then certificate verification continues (and does not fail verification). This setting also requires the server to be configured to enable OCSP stapling.

Returns:

the current trust strategy

withStrictRevocationChecks

public Config.TrustStrategy withStrictRevocationChecks()

Configures the Config.TrustStrategy to carry out strict OCSP revocation checks for revocation status that are stapled to the certificate. If no stapled response is found, then the driver will fail certificate verification and not connect to the server. This setting also requires the server to be configured to enable OCSP stapling. Note: enabling this setting will prevent the driver connecting to the server when the server is unable to reach the certificate's configured OCSP responder URL.

Returns:

the current trust strategy