Package io.dropwizard.jetty

Class HttpsConnectorFactory

  • All Implemented Interfaces:
    Discoverable, ConnectorFactory
    public class HttpsConnectorFactory
extends HttpConnectorFactory
    Builds HTTPS connectors (HTTP over TLS/SSL).

    Configuration Parameters:

    Name Default Description
    keyStorePath REQUIRED The path to the Java key store which contains the host certificate and private key.
    keyStorePassword REQUIRED The password used to access the key store.
    keyStoreType JKS The type of key store (usually JKS, PKCS12, JCEKS, Windows-MY, or Windows-ROOT).
    keyStoreProvider (none) The JCE provider to use to access the key store.
    trustStorePath (none) The path to the Java key store which contains the CA certificates used to establish trust.
    trustStorePassword (none) The password used to access the trust store.
    trustStoreType JKS The type of trust store (usually JKS, PKCS12, JCEKS, Windows-MY, or Windows-ROOT).
    trustStoreProvider (none) The JCE provider to use to access the trust store.
    keyManagerPassword (none) The password, if any, for the key manager.
    needClientAuth (none) Whether or not client authentication is required.
    wantClientAuth (none) Whether or not client authentication is requested.
    certAlias (none) The alias of the certificate to use.
    crlPath (none) The path to the file which contains the Certificate Revocation List.
    enableCRLDP false Whether or not CRL Distribution Points (CRLDP) support is enabled.
    enableOCSP false Whether or not On-Line Certificate Status Protocol (OCSP) support is enabled.
    maxCertPathLength (unlimited) The maximum certification path length.
    ocspResponderUrl (none) The location of the OCSP responder.
    jceProvider (none) The name of the JCE provider to use for cryptographic support.
    validateCerts false Whether or not to validate TLS certificates before starting. If enabled, Dropwizard will refuse to start with expired or otherwise invalid certificates. This option will cause unconditional failure in Dropwizard 1.x until a new validation mechanism can be implemented.
    validatePeers false Whether or not to validate TLS peer certificates. This option will cause unconditional failure in Dropwizard 1.x until a new validation mechanism can be implemented.
    supportedProtocols JVM default A list of protocols (e.g., SSLv3, TLSv1) which are supported. All other protocols will be refused.
    excludedProtocols ["SSL.*", "TLSv1", "TLSv1\.1"] A list of protocols (e.g., SSLv3, TLSv1) which are excluded. These protocols will be refused.
    supportedCipherSuites JVM default A list of cipher suites (e.g., TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256) which are supported. All other cipher suites will be refused.
    excludedCipherSuites Jetty's default A list of cipher suites (e.g., TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256) which are excluded. These cipher suites will be refused.
    allowRenegotiation true Whether or not TLS renegotiation is allowed.
    endpointIdentificationAlgorithm (none) Which endpoint identification algorithm, if any, to use during the TLS handshake.
    disableSniHostCheck false If true, server-side SNI host checking is disabled

    For more configuration parameters, see HttpConnectorFactory.

    See Also:
    HttpConnectorFactory

    • Constructor Detail

      • HttpsConnectorFactory

        public HttpsConnectorFactory()

    • Method Detail

      • getAllowRenegotiation

        public boolean getAllowRenegotiation()

      • setAllowRenegotiation

        public void setAllowRenegotiation​(boolean allowRenegotiation)

      • getEndpointIdentificationAlgorithm

        public @Nullable String getEndpointIdentificationAlgorithm()

      • setEndpointIdentificationAlgorithm

        public void setEndpointIdentificationAlgorithm​(@Nullable String endpointIdentificationAlgorithm)

      • getKeyStorePath

        public @Nullable String getKeyStorePath()

      • setKeyStorePath

        public void setKeyStorePath​(@Nullable String keyStorePath)

      • getKeyStorePassword

        public @Nullable String getKeyStorePassword()

      • setKeyStorePassword

        public void setKeyStorePassword​(@Nullable String keyStorePassword)

      • getKeyStoreType

        public String getKeyStoreType()

      • setKeyStoreType

        public void setKeyStoreType​(String keyStoreType)

      • getKeyStoreProvider

        public @Nullable String getKeyStoreProvider()

      • setKeyStoreProvider

        public void setKeyStoreProvider​(@Nullable String keyStoreProvider)

      • getTrustStoreType

        public String getTrustStoreType()

      • setTrustStoreType

        public void setTrustStoreType​(String trustStoreType)

      • getTrustStoreProvider

        public @Nullable String getTrustStoreProvider()

      • setTrustStoreProvider

        public void setTrustStoreProvider​(@Nullable String trustStoreProvider)

      • getKeyManagerPassword

        public @Nullable String getKeyManagerPassword()

      • setKeyManagerPassword

        public void setKeyManagerPassword​(@Nullable String keyManagerPassword)

      • getTrustStorePath

        public @Nullable String getTrustStorePath()

      • setTrustStorePath

        public void setTrustStorePath​(@Nullable String trustStorePath)

      • getTrustStorePassword

        public @Nullable String getTrustStorePassword()

      • setTrustStorePassword

        public void setTrustStorePassword​(@Nullable String trustStorePassword)

      • getNeedClientAuth

        public @Nullable Boolean getNeedClientAuth()

      • setNeedClientAuth

        public void setNeedClientAuth​(@Nullable Boolean needClientAuth)

      • getWantClientAuth

        public @Nullable Boolean getWantClientAuth()

      • setWantClientAuth

        public void setWantClientAuth​(@Nullable Boolean wantClientAuth)

      • getCertAlias

        public @Nullable String getCertAlias()

      • setCertAlias

        public void setCertAlias​(@Nullable String certAlias)

      • getCrlPath

        public @Nullable File getCrlPath()

      • setCrlPath

        public void setCrlPath​(@Nullable File crlPath)

      • getEnableCRLDP

        public @Nullable Boolean getEnableCRLDP()

      • setEnableCRLDP

        public void setEnableCRLDP​(@Nullable Boolean enableCRLDP)

      • getEnableOCSP

        public @Nullable Boolean getEnableOCSP()

      • setEnableOCSP

        public void setEnableOCSP​(@Nullable Boolean enableOCSP)

      • getMaxCertPathLength

        public @Nullable Integer getMaxCertPathLength()

      • setMaxCertPathLength

        public void setMaxCertPathLength​(@Nullable Integer maxCertPathLength)

      • getOcspResponderUrl

        public @Nullable URI getOcspResponderUrl()

      • setOcspResponderUrl

        public void setOcspResponderUrl​(@Nullable URI ocspResponderUrl)

      • getJceProvider

        public @Nullable String getJceProvider()

      • setJceProvider

        public void setJceProvider​(@Nullable String jceProvider)

      • getValidatePeers

        public boolean getValidatePeers()

      • setValidatePeers

        public void setValidatePeers​(boolean validatePeers)

      • getSupportedProtocols

        public @Nullable List<String> getSupportedProtocols()

      • setSupportedProtocols

        public void setSupportedProtocols​(@Nullable List<String> supportedProtocols)

      • getExcludedProtocols

        public @Nullable List<String> getExcludedProtocols()

      • setExcludedProtocols

        public void setExcludedProtocols​(@Nullable List<String> excludedProtocols)

      • getSupportedCipherSuites

        public @Nullable List<String> getSupportedCipherSuites()

      • getExcludedCipherSuites

        public @Nullable List<String> getExcludedCipherSuites()

      • setExcludedCipherSuites

        public void setExcludedCipherSuites​(@Nullable List<String> excludedCipherSuites)

      • setSupportedCipherSuites

        public void setSupportedCipherSuites​(@Nullable List<String> supportedCipherSuites)

      • isValidateCerts

        public boolean isValidateCerts()

      • setValidateCerts

        public void setValidateCerts​(boolean validateCerts)

      • isDisableSniHostCheck

        public boolean isDisableSniHostCheck()

      • setDisableSniHostCheck

        public void setDisableSniHostCheck​(boolean disableSniHostCheck)

      • isValidKeyStorePath

        @ValidationMethod(message="keyStorePath should not be null")
public boolean isValidKeyStorePath()

      • isValidKeyStorePassword

        @ValidationMethod(message="keyStorePassword should not be null or empty")
public boolean isValidKeyStorePassword()

      • build

        public org.eclipse.jetty.server.Connector build​(org.eclipse.jetty.server.Server server,
                                                com.codahale.metrics.MetricRegistry metrics,
                                                String name,
                                                @Nullable org.eclipse.jetty.util.thread.ThreadPool threadPool)
        Description copied from interface: ConnectorFactory
        Create a new connector.
        Specified by:
        build in interface ConnectorFactory
        Overrides:
        build in class HttpConnectorFactory
        Parameters:
        server - the application's Server instance
        metrics - the application's metrics
        name - the application's name
        threadPool - the application's thread pool
        Returns:
        a Connector

      • logSslParameters

        protected org.eclipse.jetty.util.component.LifeCycle.Listener logSslParameters​(org.eclipse.jetty.util.ssl.SslContextFactory sslContextFactory)
        Register a listener that waits until the SSL context factory has started. Once it has started we can grab the fully initialized context so we can log the parameters.
        Since:
        2.1.0

      • configureSslContextFactory

        protected org.eclipse.jetty.util.ssl.SslContextFactory.Server configureSslContextFactory​(org.eclipse.jetty.util.ssl.SslContextFactory sslContextFactory)