log.warn("Using TLS Policy TRUST_FIRST_CERTIFICATE");
return new TrustFirstCertificateTlsPolicy(new KeystoreCertificateRepository(sslKeystore));
}
else { // !requireTrustedCertificate && (verifyHostname || !verifyHostname)
log.warn("Using TLS Policy TRUST_FIRST_INSECURE");
return new InsecureTlsPolicy();
}
}
else if( tlsPolicyName.equals("TRUST_CA_VERIFY_HOSTNAME") ) {
log.info("TLS Policy: TRUST_CA_VERIFY_HOSTNAME");
return new TrustCaAndVerifyHostnameTlsPolicy(new KeystoreCertificateRepository(sslKeystore));
}
else if( tlsPolicyName.equals("TRUST_FIRST_CERTIFICATE") ) {
log.info("TLS Policy: TRUST_FIRST_CERTIFICATE");
return new TrustFirstCertificateTlsPolicy(new KeystoreCertificateRepository(sslKeystore));
}
else if( tlsPolicyName.equals("TRUST_KNOWN_CERTIFICATE") ) {
log.info("TLS Policy: TRUST_KNOWN_CERTIFICATE");
return new TrustKnownCertificateTlsPolicy(new KeystoreCertificateRepository(sslKeystore));
}
else if( tlsPolicyName.equals("INSECURE") ) {
log.warn("TLS Policy: INSECURE");
return new InsecureTlsPolicy();
}
else {
// unrecognized 1.1 policy defined, so use a secure default
log.error("Unknown TLS Policy Name: {}", tlsPolicyName);
return new TrustCaAndVerifyHostnameTlsPolicy(new KeystoreCertificateRepository(sslKeystore));