SolaceProperties.TransportLayerSecurityProperties (Solace PubSub+ Messaging API for Java 1.8.2 API)

Enclosing interface:: SolaceProperties

@ProviderType
public static interface SolaceProperties.TransportLayerSecurityProperties

An interface that defines the configurable transport layer security properties for MessagingService instances. The properties are for use with MessagingServiceClientBuilder.fromProperties(Properties).

Example usage:


     final Properties transportSecProperties = new Properties();
     transportSecProperties.setProperty(TransportLayerSecurityProperties.CERT_VALIDATE_SERVERNAME, "true");
     transportSecProperties.setProperty(TransportLayerSecurityProperties.CERT_VALIDATED, "true");
     transportSecProperties.setProperty(TransportLayerSecurityProperties.CERT_REJECT_EXPIRED, "true");

     final MessagingServiceClientBuilder serviceBuilder = new MessagingServiceClientBuilder(ConfigurationProfile.V1);
     final MessagingService service = serviceBuilder.fromProperties(transportSecProperties).build();

Carefully review of settings is advised for the potential security risks.

Warning: Setting this value to false exposes a client and the data being sent to a high-security risks.

Since:: 1.0
See Also:: MessagingServiceClientBuilder.fromProperties(Properties)

Field Summary

Fields
Modifier and Type	Field and Description
`static String`	`CERT_REJECT_EXPIRED` A property key to specify if the server certificate's expiration date should be validated.
`static String`	`CERT_VALIDATE_SERVERNAME` A property key to specify if the connection to a messaging broker should fail when a certificate with an invalid host is received.
`static String`	`CERT_VALIDATED` A property key to specify if the server certificate's should be validated.
`static String`	`CIPHER_SUITES` Deprecated. Best left unset. Effectively disables TLSv1.3. Use JDK facilities, e.g. the jdk.tls.client.cipherSuites system property instead if necessary.
`static String`	`EXCLUDED_PROTOCOLS` A property key to specify a comma-delimited list of Secure Socket Layer (SSL) protocols not to use.
`static String`	`PROTOCOL_DOWNGRADE_TO` A property key to specify transport protocol that the (Secure Socket Layer SSL) session connection will be downgraded to after client authentication.
`static String`	`TRUST_STORE_PASSWORD` A property key to specify the truststore password.
`static String`	`TRUST_STORE_PATH` A property key to specify location of a truststore file.
`static String`	`TRUST_STORE_TYPE` A property key to specify type of truststore file.
`static String`	`TRUSTED_COMMON_NAME_LIST` This property is used to specify a comma separated list of acceptable common names for matching with server certificates.

- Field Detail
  - CERT_VALIDATED
```
@PropertiesKeyMapping(mappedClass=com.solacesystems.jcsmp.JCSMPProperties.class,
                      mappedFieldName="SSL_VALIDATE_CERTIFICATE",
                      valueType=boolean.class)
static final String CERT_VALIDATED
```
    A property key to specify if the server certificate's should be validated.
    Warning: Setting this value to false exposes a client and the data being sent to a high-security risks.
    
    Since:
    
    1.0
    
    See Also:
    
    Constant Field Values
  - TRUSTED_COMMON_NAME_LIST
```
@PropertiesKeyMapping(mappedClass=com.solacesystems.jcsmp.JCSMPProperties.class,
                      mappedFieldName="SSL_TRUSTED_COMMON_NAME_LIST",
                      valueType=java.lang.String.class)
static final String TRUSTED_COMMON_NAME_LIST
```
    This property is used to specify a comma separated list of acceptable common names for matching with server certificates. The API performs a case insensitive comparison of the common names provided in this property with the common name in the server certificate. Note that leading and trailing whitespaces are considered to be part of the common names and are not ignored. An empty string means accept all common names. No common name validation will be performed (overriding this property) if CERT_VALIDATED is set to false.
    
    Since:
    
    1.0
    
    See Also:
    
    Constant Field Values
  - CERT_REJECT_EXPIRED
```
@PropertiesKeyMapping(mappedClass=com.solacesystems.jcsmp.JCSMPProperties.class,
                      mappedFieldName="SSL_VALIDATE_CERTIFICATE_DATE",
                      valueType=boolean.class)
static final String CERT_REJECT_EXPIRED
```
    A property key to specify if the server certificate's expiration date should be validated.
    Warning: Setting this value to false exposes a client and the data being sent to a high-security risks.
    
    Since:
    
    1.0
    
    See Also:
    
    Constant Field Values
  - EXCLUDED_PROTOCOLS
```
@PropertiesKeyMapping(mappedClass=com.solacesystems.jcsmp.JCSMPProperties.class,
                      mappedFieldName="SSL_EXCLUDED_PROTOCOLS",
                      valueType=java.lang.String.class)
static final String EXCLUDED_PROTOCOLS
```
    A property key to specify a comma-delimited list of Secure Socket Layer (SSL) protocols not to use. Allowed values for this property are TLSv1.1, TLSv1.2, TLSv1.3 or some combination thereof.
    
    Since:
    
    1.0
    
    See Also:
    
    Constant Field Values
  - PROTOCOL_DOWNGRADE_TO
```
@PropertiesKeyMapping(mappedClass=com.solacesystems.jcsmp.JCSMPProperties.class,
                      mappedFieldName="SSL_CONNECTION_DOWNGRADE_TO",
                      valueType=java.lang.String.class)
static final String PROTOCOL_DOWNGRADE_TO
```
    A property key to specify transport protocol that the (Secure Socket Layer SSL) session connection will be downgraded to after client authentication. The supported value SolaceConstants.TransportLayerSecurityConstants.TRANSPORT_SECURITY_DOWNGRADED_TO_PLAIN_TEXT can be used.
    
    Since:
    
    1.0
    
    See Also:
    
    Constant Field Values
  - CIPHER_SUITES
```
@Deprecated
 @PropertiesKeyMapping(mappedClass=com.solacesystems.jcsmp.JCSMPProperties.class,
                      mappedFieldName="SSL_CIPHER_SUITES",
                      valueType=java.lang.String.class)
static final String CIPHER_SUITES
```
    Deprecated. Best left unset. Effectively disables TLSv1.3. Use JDK facilities, e.g. the jdk.tls.client.cipherSuites system property instead if necessary.
    
    Since:
    
    1.0
    
    See Also:
    
    Constant Field Values
  - TRUST_STORE_TYPE
```
@PropertiesKeyMapping(mappedClass=com.solacesystems.jcsmp.JCSMPProperties.class,
                      mappedFieldName="SSL_TRUST_STORE_FORMAT",
                      valueType=java.lang.String.class)
static final String TRUST_STORE_TYPE
```
    A property key to specify type of truststore file. The supported value is jks.
    
    Since:
    
    1.0
    
    See Also:
    
    Constant Field Values
  - TRUST_STORE_PATH
```
@PropertiesKeyMapping(mappedClass=com.solacesystems.jcsmp.JCSMPProperties.class,
                      mappedFieldName="SSL_TRUST_STORE",
                      valueType=java.lang.String.class)
static final String TRUST_STORE_PATH
```
    A property key to specify location of a truststore file.
    
    Since:
    
    1.0
    
    See Also:
    
    Constant Field Values
  - TRUST_STORE_PASSWORD
```
@PropertiesKeyMapping(mappedClass=com.solacesystems.jcsmp.JCSMPProperties.class,
                      mappedFieldName="SSL_TRUST_STORE_PASSWORD",
                      valueType=java.lang.String.class)
static final String TRUST_STORE_PASSWORD
```
    A property key to specify the truststore password.
    
    Since:
    
    1.0
    
    See Also:
    
    Constant Field Values
  - CERT_VALIDATE_SERVERNAME
```
@PropertiesKeyMapping(mappedClass=com.solacesystems.jcsmp.JCSMPProperties.class,
                      mappedFieldName="SSL_VALIDATE_CERTIFICATE_HOST",
                      valueType=boolean.class)
static final String CERT_VALIDATE_SERVERNAME
```
    A property key to specify if the connection to a messaging broker should fail when a certificate with an invalid host is received. When enabled (by default), and connecting to a named host, the certificate Subject Alternative Name must contain a DNS entry that matches the host string. When enabled, and connecting to a host by IP address, the certificate Subject Alternative Name must contain an IP Address that matches. If there is no Subject Alternate Name the certificate common name (CN) must match the named host.
    This property has effect only when SolaceProperties.TransportLayerSecurityProperties.CERT_VALIDATED property is enabled/set to true
    Disabling of this property IS NOT RECOMMENDED
    
    Since:
    
    1.1
    
    See Also:
    
    Constant Field Values

Interface SolaceProperties.TransportLayerSecurityProperties

Field Summary

Field Detail

CERT_VALIDATED

TRUSTED_COMMON_NAME_LIST

CERT_REJECT_EXPIRED

EXCLUDED_PROTOCOLS

PROTOCOL_DOWNGRADE_TO

CIPHER_SUITES

TRUST_STORE_TYPE

TRUST_STORE_PATH

TRUST_STORE_PASSWORD

CERT_VALIDATE_SERVERNAME