Package io.grpc.util

Enum Class AdvancedTlsX509TrustManager.Verification

java.lang.Object
java.lang.Enum<AdvancedTlsX509TrustManager.Verification>
io.grpc.util.AdvancedTlsX509TrustManager.Verification
All Implemented Interfaces:
Serializable, Comparable<AdvancedTlsX509TrustManager.Verification>, Constable
Enclosing class:
AdvancedTlsX509TrustManager
public static enum AdvancedTlsX509TrustManager.Verification extends Enum<AdvancedTlsX509TrustManager.Verification>
The verification mode when authenticating the peer certificate.

  • Enum Constant Details

    • CERTIFICATE_AND_HOST_NAME_VERIFICATION

      public static final AdvancedTlsX509TrustManager.Verification CERTIFICATE_AND_HOST_NAME_VERIFICATION
      This is the DEFAULT and RECOMMENDED mode for most applications. Setting this on the client side performs both certificate and hostname verification, while setting it on the server side only performs certificate verification.

    • CERTIFICATE_ONLY_VERIFICATION

      public static final AdvancedTlsX509TrustManager.Verification CERTIFICATE_ONLY_VERIFICATION
      DANGEROUS: Use trusted credentials to verify the certificate, but clients will not verify the certificate is for the expected host. This setting is only appropriate when accompanied by proper additional peer identity checks set through SslSocketAndEnginePeerVerifier. Failing to do so will leave your applications vulnerable to MITM attacks. This setting has the same behavior on server-side as CERTIFICATE_AND_HOST_NAME_VERIFICATION.

    • INSECURELY_SKIP_ALL_VERIFICATION

      public static final AdvancedTlsX509TrustManager.Verification INSECURELY_SKIP_ALL_VERIFICATION
      DANGEROUS: This SHOULD be used by advanced user intended to implement the entire verification logic themselves AdvancedTlsX509TrustManager.SslSocketAndEnginePeerVerifier) themselves. This includes:
      1. Proper verification of the peer certificate chain
      2. Proper checks of the identity of the peer certificate
      Failing to do so will leave your application without any TLS-related protection. Keep in mind that any loaded trust certificates will be ignored when using this mode.

  • Method Details

    • values

      public static AdvancedTlsX509TrustManager.Verification[] values()
      Returns an array containing the constants of this enum class, in the order they are declared.
      Returns:
      an array containing the constants of this enum class, in the order they are declared

    • valueOf

      public static AdvancedTlsX509TrustManager.Verification valueOf(String name)
      Returns the enum constant of this class with the specified name. The string must match exactly an identifier used to declare an enum constant in this class. (Extraneous whitespace characters are not permitted.)
      Parameters:
      name - the name of the enum constant to be returned.
      Returns:
      the enum constant with the specified name
      Throws:
      IllegalArgumentException - if this enum class has no constant with the specified name
      NullPointerException - if the argument is null