public class SingleCertValidatingFactory extends WrappedFactory
Provides a SSLSocketFactory that authenticates the remote server against an explicit pre-shared SSL certificate. This is more secure than using the NonValidatingFactory as it prevents "man in the middle" attacks. It is also more secure than relying on a central CA signing your server's certificate as it pins the server's certificate.
This class requires a single String parameter specified by setting the connection property
sslfactoryarg. The value of this property is the PEM-encoded remote server's SSL
certificate.
Where the certificate is loaded from is based upon the prefix of the sslfactoryarg property.
The following table lists the valid set of prefixes.
| Prefix | Example | Explanation |
|---|---|---|
classpath: |
classpath:ssl/server.crt |
Loaded from the classpath. |
file: |
file:/foo/bar/server.crt |
Loaded from the filesystem. |
env: |
env:mydb_cert |
Loaded from string value of the mydb_cert environment variable. |
sys: |
sys:mydb_cert |
Loaded from string value of the mydb_cert system property. |
-----BEGIN CERTIFICATE------ |
-----BEGIN CERTIFICATE-----
MIIDQzCCAqygAwIBAgIJAOd1tlfiGoEoMA0GCSqGSIb3DQEBBQUAMHUxCzAJBgNV
[... truncated ...]
UCmmYqgiVkAGWRETVo+byOSDZ4swb10=
-----END CERTIFICATE-----
|
Loaded from string value of the argument. |
| Modifier and Type | Class and Description |
|---|---|
static class |
SingleCertValidatingFactory.SingleCertTrustManager |
factory| Constructor and Description |
|---|
SingleCertValidatingFactory(String sslFactoryArg) |
createSocket, createSocket, createSocket, createSocket, createSocket, getDefaultCipherSuites, getSupportedCipherSuitescreateSocket, getDefaultcreateSocketpublic SingleCertValidatingFactory(String sslFactoryArg) throws GeneralSecurityException
GeneralSecurityExceptionCopyright © 1997-2020 PostgreSQL Global Development Group. All Rights Reserved.