org.postgresql.jdbc.SslMode Maven / Gradle / Ivy
/*
* Copyright (c) 2018, PostgreSQL Global Development Group
* See the LICENSE file in the project root for more information.
*/
package org.postgresql.jdbc;
import org.postgresql.PGProperty;
import org.postgresql.util.GT;
import org.postgresql.util.PSQLException;
import org.postgresql.util.PSQLState;
import java.util.Properties;
public enum SslMode {
/**
* Do not use encrypted connections.
*/
DISABLE("disable"),
/**
* Start with non-encrypted connection, then try encrypted one.
*/
ALLOW("allow"),
/**
* Start with encrypted connection, fallback to non-encrypted (default).
*/
PREFER("prefer"),
/**
* Ensure connection is encrypted.
*/
REQUIRE("require"),
/**
* Ensure connection is encrypted, and client trusts server certificate.
*/
VERIFY_CA("verify-ca"),
/**
* Ensure connection is encrypted, client trusts server certificate, and server hostname matches
* the one listed in the server certificate.
*/
VERIFY_FULL("verify-full"),
;
public static final SslMode[] VALUES = values();
public final String value;
SslMode(String value) {
this.value = value;
}
public boolean requireEncryption() {
return this.compareTo(REQUIRE) >= 0;
}
public boolean verifyCertificate() {
return this == VERIFY_CA || this == VERIFY_FULL;
}
public boolean verifyPeerName() {
return this == VERIFY_FULL;
}
public static SslMode of(Properties info) throws PSQLException {
String sslmode = PGProperty.SSL_MODE.get(info);
// If sslmode is not set, fallback to ssl parameter
if (sslmode == null) {
if (PGProperty.SSL.getBoolean(info) || "".equals(PGProperty.SSL.get(info))) {
return VERIFY_FULL;
}
return PREFER;
}
for (SslMode sslMode : VALUES) {
if (sslMode.value.equalsIgnoreCase(sslmode)) {
return sslMode;
}
}
throw new PSQLException(GT.tr("Invalid sslmode value: {0}", sslmode),
PSQLState.CONNECTION_UNABLE_TO_CONNECT);
}
}