class VertxTrustOptions
(source)
Vert.x TrustOptions for fingerprinting clients and servers.
This class depends upon the Vert.X library being available on the classpath, along with its dependencies. See https://vertx.io/download/. Vert.X can be included using the gradle dependency 'io.vertx:vertx-core'.
static fun recordClientFingerprints(knownClientsFile: Path): TrustOptions static fun recordClientFingerprints(repository: FingerprintRepository): TrustOptions static fun recordClientFingerprints(knownClientsFile: Path, tmf: TrustManagerFactory): TrustOptions static fun recordClientFingerprints(repository: FingerprintRepository, tmf: TrustManagerFactory): TrustOptions
Accept all client certificates, recording certificate fingerprints for those that are not CA-signed. Excepting when a client presents a CA-signed certificate, the certificate common name and fingerprint will be written to Important: this provides no security as it is vulnerable to man-in-the-middle attacks. static fun recordClientFingerprints(knownClientsFile: Path, skipCASigned: Boolean): TrustOptions static fun recordClientFingerprints(repository: FingerprintRepository, skipCASigned: Boolean): TrustOptions
Accept all client certificates, recording certificate fingerprints. For all connections, the common name and fingerprint of the presented certificate will be written to Important: this provides no security as it is vulnerable to man-in-the-middle attacks. |
|
static fun recordServerFingerprints(knownServersFile: Path): TrustOptions static fun recordServerFingerprints(repository: FingerprintRepository): TrustOptions static fun recordServerFingerprints(knownServersFile: Path, tmf: TrustManagerFactory): TrustOptions static fun recordServerFingerprints(repository: FingerprintRepository, tmf: TrustManagerFactory): TrustOptions
Accept all server certificates, recording certificate fingerprints for those that are not CA-signed. Excepting when a server presents a CA-signed certificate, the server host+port and the certificate fingerprint will be written to Important: this provides no security as it is vulnerable to man-in-the-middle attacks. static fun recordServerFingerprints(knownServersFile: Path, skipCASigned: Boolean): TrustOptions static fun recordServerFingerprints(repository: FingerprintRepository, skipCASigned: Boolean): TrustOptions
Accept all server certificates, recording certificate fingerprints. For all connections, the server host+port and the fingerprint of the presented certificate will be written to Important: this provides no security as it is vulnerable to man-in-the-middle attacks. |
|
static fun trustClientOnFirstAccess(knownClientsFile: Path): TrustOptions static fun trustClientOnFirstAccess(repository: FingerprintRepository): TrustOptions
Accept CA-signed client certificates, and otherwise trust client certificates on first access. Except when a client presents a CA-signed certificate, on first connection to this server the common name and fingerprint of the presented certificate will be recorded. On subsequent connections, the client will be rejected if the fingerprint has changed. Note: unlike the seemingly equivalent static fun trustClientOnFirstAccess(knownClientsFile: Path, acceptCASigned: Boolean): TrustOptions static fun trustClientOnFirstAccess(repository: FingerprintRepository, acceptCASigned: Boolean): TrustOptions
Trust client certificates on first access. On first connection to this server the common name and fingerprint of the presented certificate will be recorded. On subsequent connections, the client will be rejected if the fingerprint has changed. Note: unlike the seemingly equivalent static fun trustClientOnFirstAccess(knownClientsFile: Path, tmf: TrustManagerFactory): TrustOptions static fun trustClientOnFirstAccess(repository: FingerprintRepository, tmf: TrustManagerFactory): TrustOptions
Accept CA-signed certificates, and otherwise trust client certificates on first access. Except when a client presents a CA-signed certificate, on first connection to this server the common name and fingerprint of the presented certificate will be recorded. On subsequent connections, the client will be rejected if the fingerprint has changed. Note: unlike the seemingly equivalent |
|
static fun trustServerOnFirstUse(knownServersFile: Path): TrustOptions static fun trustServerOnFirstUse(repository: FingerprintRepository): TrustOptions static fun trustServerOnFirstUse(knownServersFile: Path, tmf: TrustManagerFactory): TrustOptions static fun trustServerOnFirstUse(repository: FingerprintRepository, tmf: TrustManagerFactory): TrustOptions
Accept CA-signed certificates, and otherwise trust server certificates on first use. Except when a server presents a CA-signed certificate, on first connection to a server (identified by host+port) the fingerprint of the presented certificate will be recorded. On subsequent connections, the presented certificate will be matched to the stored fingerprint to ensure it has not changed. static fun trustServerOnFirstUse(knownServersFile: Path, acceptCASigned: Boolean): TrustOptions static fun trustServerOnFirstUse(repository: FingerprintRepository, acceptCASigned: Boolean): TrustOptions
Trust server certificates on first use. On first connection to a server (identified by host+port) the fingerprint of the presented certificate will be recorded. On subsequent connections, the presented certificate will be matched to the stored fingerprint to ensure it has not changed. |
|
static fun whitelistClients(knownClientsFile: Path): TrustOptions static fun whitelistClients(repository: FingerprintRepository): TrustOptions static fun whitelistClients(knownClientsFile: Path, tmf: TrustManagerFactory): TrustOptions static fun whitelistClients(repository: FingerprintRepository, tmf: TrustManagerFactory): TrustOptions
Require clients to present known certificates, or CA-signed certificates. If a certificate is not CA-signed, then its common name and fingerprint must be present in the static fun whitelistClients(knownClientsFile: Path, acceptCASigned: Boolean): TrustOptions static fun whitelistClients(repository: FingerprintRepository, acceptCASigned: Boolean): TrustOptions
Require clients to present known certificates. The common name and fingerprint for a client certificate must be present in |
|
static fun whitelistServers(knownServersFile: Path): TrustOptions static fun whitelistServers(repository: FingerprintRepository): TrustOptions static fun whitelistServers(knownServersFile: Path, tmf: TrustManagerFactory): TrustOptions static fun whitelistServers(repository: FingerprintRepository, tmf: TrustManagerFactory): TrustOptions
Require servers to present known certificates, or CA-signed certificates. If a certificate is not CA-signed, then its fingerprint must be present in the known servers file, associated with the server (identified by host+port). static fun whitelistServers(knownServersFile: Path, acceptCASigned: Boolean): TrustOptions static fun whitelistServers(repository: FingerprintRepository, acceptCASigned: Boolean): TrustOptions
Require servers to present known certificates. The fingerprint for a server certificate must be present in the known servers file, associated with the server (identified by host+port). |