/** * @param file * the root certificate file * @return a new SSL configuration with the specified root certificate file */ public final SSL rootCert(final File file) { return new SSL(mode, Optional.ofNullable(file)); }
return optCfg.map(cfg -> { final SslContextBuilder ctxBuilder = SslContextBuilder.forClient(); if ((cfg.mode() == Mode.VERIFY_CA) || (cfg.mode() == Mode.VERIFY_FULL)) cfg.rootCert().map(ctxBuilder::trustManager).orElseGet(() -> { try { final TrustManagerFactory tmf = TrustManagerFactory if (cfg.mode() == Mode.VERIFY_FULL) { final SSLParameters sslParams = sslEngine.getSSLParameters(); sslParams.setEndpointIdentificationAlgorithm("HTTPS");
public final Exchange<Optional<Config.SSL>> apply(final Optional<Config.SSL> optCfg) { return optCfg.map(cfg -> { if (cfg.mode() == Config.SSL.Mode.DISABLE) return disabled; else return Exchange.send(marshallers.sslRequest, sslRequest) .then(Exchange.receive(unmarshallers.sslResponse).flatMap(r -> { if (r.enabled) return Exchange.value(Optional.of(cfg)); else if (cfg.mode() != Mode.PREFER) return Exchange.fail("Database doesn't accept SSL connections."); else return disabled; })).onFailure(ex -> Exchange.CLOSE); }).orElse(disabled); } }
/** * Creates a new SSL configuration with a root certificate file * * @param mode * the SSL mode * @param rootCert * file with the root certificate * @return the SSL configuration */ public static final SSL create(final Mode mode, final File rootCert) { return new SSL(mode, Optional.of(rootCert)); }
/** * Creates a new SSL configuration without a root certificate file * * @param mode * the SSL mode * @return the SSL configuration */ public static final SSL create(final Mode mode) { return new SSL(mode, Optional.empty()); }