java.lang.Object
- javax.net.SocketFactory
- - javax.net.ssl.SSLSocketFactory
  - - org.postgresql.ssl.WrappedFactory
    - - org.postgresql.ssl.SingleCertValidatingFactory

public class SingleCertValidatingFactory
extends WrappedFactory

Provides a SSLSocketFactory that authenticates the remote server against an explicit pre-shared SSL certificate. This is more secure than using the NonValidatingFactory as it prevents "man in the middle" attacks. It is also more secure than relying on a central CA signing your server's certificate as it pins the server's certificate.

This class requires a single String parameter specified by setting the connection property sslfactoryarg. The value of this property is the PEM-encoded remote server's SSL certificate.

Where the certificate is loaded from is based upon the prefix of the sslfactoryarg property. The following table lists the valid set of prefixes.

Valid prefixes for sslfactoryarg
Prefix	Example	Explanation
`classpath:`	`classpath:ssl/server.crt`	Loaded from the classpath.
`file:`	`file:/foo/bar/server.crt`	Loaded from the filesystem.
`env:`	`env:mydb_cert`	Loaded from string value of the `mydb_cert` environment variable.
`sys:`	`sys:mydb_cert`	Loaded from string value of the `mydb_cert` system property.
-----BEGIN CERTIFICATE------	-----BEGIN CERTIFICATE----- MIIDQzCCAqygAwIBAgIJAOd1tlfiGoEoMA0GCSqGSIb3DQEBBQUAMHUxCzAJBgNV [... truncated ...] UCmmYqgiVkAGWRETVo+byOSDZ4swb10= -----END CERTIFICATE-----	Loaded from string value of the argument.

Nested Class Summary

Nested Classes
Modifier and Type Class Description

static class SingleCertValidatingFactory.SingleCertTrustManager

Field Summary

Fields
Modifier and Type	Field	Description
`private static java.lang.String`	`CLASSPATH_PREFIX`
`private static java.lang.String`	`ENV_PREFIX`
`private static java.lang.String`	`FILE_PREFIX`
`private static java.lang.String`	`SYS_PROP_PREFIX`

Fields inherited from class org.postgresql.ssl.WrappedFactory
factory

Constructor Summary

Constructors
Constructor Description

SingleCertValidatingFactory(java.lang.String sslFactoryArg)

Method Summary
- Methods inherited from class org.postgresql.ssl.WrappedFactory
  createSocket, createSocket, createSocket, createSocket, createSocket, getDefaultCipherSuites, getSupportedCipherSuites
- Methods inherited from class javax.net.ssl.SSLSocketFactory
  createSocket, getDefault
- Methods inherited from class javax.net.SocketFactory
  createSocket
- Methods inherited from class java.lang.Object
  clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

FILE_PREFIX

private static final java.lang.String FILE_PREFIX

See Also:: Constant Field Values

CLASSPATH_PREFIX

private static final java.lang.String CLASSPATH_PREFIX

See Also:: Constant Field Values

ENV_PREFIX

private static final java.lang.String ENV_PREFIX

See Also:: Constant Field Values

SYS_PROP_PREFIX

private static final java.lang.String SYS_PROP_PREFIX

See Also:: Constant Field Values

Constructor Detail

SingleCertValidatingFactory

public SingleCertValidatingFactory(java.lang.String sslFactoryArg)
                            throws java.security.GeneralSecurityException

Throws:: java.security.GeneralSecurityException

Class SingleCertValidatingFactory

Nested Class Summary

Field Summary

Fields inherited from class org.postgresql.ssl.WrappedFactory

Constructor Summary

Method Summary

Methods inherited from class org.postgresql.ssl.WrappedFactory

Methods inherited from class javax.net.ssl.SSLSocketFactory

Methods inherited from class javax.net.SocketFactory