-
Notifications
You must be signed in to change notification settings - Fork 623
Expand file tree
/
Copy pathSSLMode.java
More file actions
62 lines (56 loc) · 2.17 KB
/
Copy pathSSLMode.java
File metadata and controls
62 lines (56 loc) · 2.17 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
package com.clickhouse.client.api.enums;
/**
* Defines how strictly the client verifies a server identity when a secure protocol is used.
*
* <p>The mode affects only connections that are already using a secure transport (for example,
* an {@code https://} endpoint). It does <b>not</b> enable encryption for plain protocols - an
* {@code http://} endpoint stays unencrypted whatever the mode is.</p>
*
* <p>Modes from the least to the most strict:</p>
* <ul>
* <li>{@link #Disabled} - SSL is not used. Plain protocols only.</li>
* <li>{@link #Trust} - encryption is used, but the server certificate chain is not validated
* and the hostname is not verified. Susceptible to MITM attacks - use only for testing or in
* fully trusted environments.</li>
* <li>{@link #VerifyCa} - the server certificate chain is validated against the trust material
* (default JVM trust store, configured trust store, or a CA certificate), but the hostname is
* not checked against the certificate.</li>
* <li>{@link #Strict} - full verification (default): certificate chain is validated and the
* hostname must match the certificate.</li>
* </ul>
*/
public enum SSLMode {
/**
* SSL is not used. Connection is not encrypted.
*/
Disabled,
/**
* Encryption without verification: any server certificate is accepted and
* the hostname is not verified.
*/
Trust,
/**
* Server certificate chain is validated, but the hostname is not verified.
*/
VerifyCa,
/**
* Full verification: certificate chain is validated and the hostname must match
* the certificate. Default mode.
*/
Strict;
/**
* Case-insensitive variant of {@link #valueOf(String)}.
*
* @param value mode name in any case
* @return matching mode
* @throws IllegalArgumentException when the value does not match any mode
*/
public static SSLMode fromValue(String value) {
for (SSLMode mode : values()) {
if (mode.name().equalsIgnoreCase(value)) {
return mode;
}
}
throw new IllegalArgumentException("Unknown SSL mode '" + value + "'");
}
}