/** * Use {@link #trustCustomCertificateSignedBy(File)} instead. * * @param certFile the trusted certificate file * @return an authentication config */ @Deprecated public static TrustStrategy trustSignedBy( File certFile ) { return new TrustStrategy( Strategy.TRUST_SIGNED_CERTIFICATES, certFile ); }
/** * Automatically trust a Neo4j instance the first time we see it - but fail to connect if its encryption certificate ever changes. * This is similar to the mechanism used in SSH, and protects against man-in-the-middle attacks that occur after the initial setup of your application. * <p> * Known Neo4j hosts are recorded in a file, {@code certFile}. * Each time we reconnect to a known host, we verify that its certificate remains the same, guarding against attackers intercepting our communication. * <p> * Note that this approach is vulnerable to man-in-the-middle attacks the very first time you connect to a new Neo4j instance. * If you do not trust the network you are connecting over, consider using {@link #trustCustomCertificateSignedBy(File)} signed certificates} instead, or manually adding the * trusted host line into the specified file. * * @param knownHostsFile a file where known certificates are stored. * @return an authentication config * * @deprecated in 1.1 in favour of {@link #trustAllCertificates()} */ @Deprecated public static TrustStrategy trustOnFirstUse( File knownHostsFile ) { return new TrustStrategy( Strategy.TRUST_ON_FIRST_USE, knownHostsFile ); } }
/** * Only encrypted connections to Neo4j instances with certificates signed by a trusted certificate will be accepted. * The file specified should contain one or more trusted X.509 certificates. * <p> * The certificate(s) in the file must be encoded using PEM encoding, meaning the certificates in the file should be encoded using Base64, * and each certificate is bounded at the beginning by "-----BEGIN CERTIFICATE-----", and bounded at the end by "-----END CERTIFICATE-----". * * @param certFile the trusted certificate file * @return an authentication config */ public static TrustStrategy trustCustomCertificateSignedBy( File certFile ) { return new TrustStrategy( Strategy.TRUST_CUSTOM_CA_SIGNED_CERTIFICATES, certFile ); }
/** * Trust strategy for certificates that can be verified through the local system store. * * @return an authentication config * @since 1.1 */ public static TrustStrategy trustAllCertificates() { return new TrustStrategy( Strategy.TRUST_ALL_CERTIFICATES ); }
/** * Trust strategy for certificates that can be verified through the local system store. * * @return an authentication config */ public static TrustStrategy trustSystemCertificates() { return new TrustStrategy( Strategy.TRUST_SYSTEM_CA_SIGNED_CERTIFICATES ); }