else if( requireTrustedCertificate && !verifyHostname ) {
// two choices: trust first certificate or trust known certificate; we choose trust first certificate as a usability default
// furthermore we assume that the api client keystore is a server-specific keystore (it's a client configured for a specific mt wilson server)
// that either has a server instance ssl cert or a cluster ssl cert. either should work.
log.warn("Using TLS Policy TRUST_FIRST_CERTIFICATE");
return new TrustFirstCertificateTlsPolicy(new KeystoreCertificateRepository(sslKeystore));
}
else { // !requireTrustedCertificate && (verifyHostname || !verifyHostname)
log.warn("Using TLS Policy TRUST_FIRST_INSECURE");
return new InsecureTlsPolicy();
}
}
else if( tlsPolicyName.equals("TRUST_CA_VERIFY_HOSTNAME") ) {
log.info("TLS Policy: TRUST_CA_VERIFY_HOSTNAME");
return new TrustCaAndVerifyHostnameTlsPolicy(new KeystoreCertificateRepository(sslKeystore));
}
else if( tlsPolicyName.equals("TRUST_FIRST_CERTIFICATE") ) {
log.info("TLS Policy: TRUST_FIRST_CERTIFICATE");
return new TrustFirstCertificateTlsPolicy(new KeystoreCertificateRepository(sslKeystore));
}
else if( tlsPolicyName.equals("TRUST_KNOWN_CERTIFICATE") ) {
log.info("TLS Policy: TRUST_KNOWN_CERTIFICATE");
return new TrustKnownCertificateTlsPolicy(new KeystoreCertificateRepository(sslKeystore));
}