org.neo4j.driver.v1

Class Config.TrustStrategy

java.lang.Object

org.neo4j.driver.v1.Config.TrustStrategy

Enclosing class:

Config

public static class Config.TrustStrategy
extends Object

Control how the driver determines if it can trust the encryption certificates provided by the Neo4j instance it is connected to.

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	Config.TrustStrategy.Strategy The trust strategy that the driver supports

Method Summary

Modifier and Type	Method and Description
File	certFile()
Config.TrustStrategy.Strategy	strategy() Return the strategy type desired.
static Config.TrustStrategy	trustAllCertificates() Trust strategy for certificates that can be verified through the local system store.
static Config.TrustStrategy	trustCustomCertificateSignedBy(File certFile) Only encrypted connections to Neo4j instances with certificates signed by a trusted certificate will be accepted.
static Config.TrustStrategy	trustOnFirstUse(File knownHostsFile) Deprecated. in 1.1 in favour of trustAllCertificates()
static Config.TrustStrategy	trustSignedBy(File certFile) Deprecated.
static Config.TrustStrategy	trustSystemCertificates() Trust strategy for certificates that can be verified through the local system store.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

strategy

public Config.TrustStrategy.Strategy strategy()

Return the strategy type desired.

Returns:

the strategy we should use

certFile

public File certFile()

trustSignedBy

@Deprecated
public static Config.TrustStrategy trustSignedBy(File certFile)

Deprecated.

Use trustCustomCertificateSignedBy(File) instead.

Parameters:

certFile - the trusted certificate file

Returns:

an authentication config

trustCustomCertificateSignedBy

public static Config.TrustStrategy trustCustomCertificateSignedBy(File certFile)

Only encrypted connections to Neo4j instances with certificates signed by a trusted certificate will be accepted. The file specified should contain one or more trusted X.509 certificates.

The certificate(s) in the file must be encoded using PEM encoding, meaning the certificates in the file should be encoded using Base64, and each certificate is bounded at the beginning by "-----BEGIN CERTIFICATE-----", and bounded at the end by "-----END CERTIFICATE-----".

Parameters:

certFile - the trusted certificate file

Returns:

an authentication config

trustSystemCertificates

public static Config.TrustStrategy trustSystemCertificates()

Trust strategy for certificates that can be verified through the local system store.

Returns:

an authentication config

trustAllCertificates

public static Config.TrustStrategy trustAllCertificates()

Trust strategy for certificates that can be verified through the local system store.

Returns:

an authentication config

Since:

1.1

trustOnFirstUse

@Deprecated
public static Config.TrustStrategy trustOnFirstUse(File knownHostsFile)

Deprecated. in 1.1 in favour of trustAllCertificates()

Automatically trust a Neo4j instance the first time we see it - but fail to connect if its encryption certificate ever changes. This is similar to the mechanism used in SSH, and protects against man-in-the-middle attacks that occur after the initial setup of your application.

Known Neo4j hosts are recorded in a file, certFile. Each time we reconnect to a known host, we verify that its certificate remains the same, guarding against attackers intercepting our communication.

Note that this approach is vulnerable to man-in-the-middle attacks the very first time you connect to a new Neo4j instance. If you do not trust the network you are connecting over, consider using trustCustomCertificateSignedBy(File) signed certificates} instead, or manually adding the trusted host line into the specified file.

Parameters:

knownHostsFile - a file where known certificates are stored.

Returns:

an authentication config