Package io.dropwizard.jetty

Class HttpsConnectorFactory

  • All Implemented Interfaces:
    Discoverable, ConnectorFactory
    Direct Known Subclasses:
    Http2ConnectorFactory
    public class HttpsConnectorFactory
extends HttpConnectorFactory
    Builds HTTPS connectors (HTTP over TLS/SSL).

    Configuration Parameters:

    Name Default Description
    keyStorePath REQUIRED The path to the Java key store which contains the host certificate and private key.
    keyStorePassword REQUIRED The password used to access the key store.
    keyStoreType JKS The type of key store (usually JKS, PKCS12, JCEKS, Windows-MY, or Windows-ROOT).
    keyStoreProvider (none) The JCE provider to use to access the key store.
    trustStorePath (none) The path to the Java key store which contains the CA certificates used to establish trust.
    trustStorePassword (none) The password used to access the trust store.
    trustStoreType JKS The type of trust store (usually JKS, PKCS12, JCEKS, Windows-MY, or Windows-ROOT).
    trustStoreProvider (none) The JCE provider to use to access the trust store.
    keyManagerPassword (none) The password, if any, for the key manager.
    needClientAuth (none) Whether or not client authentication is required.
    wantClientAuth (none) Whether or not client authentication is requested.
    certAlias (none) The alias of the certificate to use.
    crlPath (none) The path to the file which contains the Certificate Revocation List.
    enableCRLDP false Whether or not CRL Distribution Points (CRLDP) support is enabled.
    enableOCSP false Whether or not On-Line Certificate Status Protocol (OCSP) support is enabled.
    maxCertPathLength (unlimited) The maximum certification path length.
    ocspResponderUrl (none) The location of the OCSP responder.
    jceProvider (none) The name of the JCE provider to use for cryptographic support.
    validateCerts false Whether or not to validate TLS certificates before starting. If enabled, Dropwizard will refuse to start with expired or otherwise invalid certificates. This option will cause unconditional failure in Dropwizard 1.x until a new validation mechanism can be implemented.
    validatePeers false Whether or not to validate TLS peer certificates. This option will cause unconditional failure in Dropwizard 1.x until a new validation mechanism can be implemented.
    supportedProtocols JVM default A list of protocols (e.g., SSLv3, TLSv1) which are supported. All other protocols will be refused.
    excludedProtocols ["SSL.*", "TLSv1", "TLSv1\.1"] A list of protocols (e.g., SSLv3, TLSv1) which are excluded. These protocols will be refused.
    supportedCipherSuites JVM default A list of cipher suites (e.g., TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256) which are supported. All other cipher suites will be refused.
    excludedCipherSuites Jetty's default A list of cipher suites (e.g., TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256) which are excluded. These cipher suites will be refused.
    allowRenegotiation true Whether or not TLS renegotiation is allowed.
    endpointIdentificationAlgorithm (none) Which endpoint identification algorithm, if any, to use during the TLS handshake.

    For more configuration parameters, see HttpConnectorFactory.

    See Also:
    HttpConnectorFactory

    • Constructor Detail

      • HttpsConnectorFactory

        public HttpsConnectorFactory()

    • Method Detail

      • getAllowRenegotiation

        public boolean getAllowRenegotiation()

      • setAllowRenegotiation

        public void setAllowRenegotiation​(boolean allowRenegotiation)

      • getEndpointIdentificationAlgorithm

        @Nullable
public String getEndpointIdentificationAlgorithm()

      • setEndpointIdentificationAlgorithm

        public void setEndpointIdentificationAlgorithm​(@Nullable
                                               String endpointIdentificationAlgorithm)

      • getKeyStorePath

        @Nullable
public String getKeyStorePath()

      • setKeyStorePath

        public void setKeyStorePath​(@Nullable
                            String keyStorePath)

      • getKeyStorePassword

        @Nullable
public String getKeyStorePassword()

      • setKeyStorePassword

        public void setKeyStorePassword​(@Nullable
                                String keyStorePassword)

      • getKeyStoreType

        public String getKeyStoreType()

      • setKeyStoreType

        public void setKeyStoreType​(String keyStoreType)

      • getKeyStoreProvider

        @Nullable
public String getKeyStoreProvider()

      • setKeyStoreProvider

        public void setKeyStoreProvider​(@Nullable
                                String keyStoreProvider)

      • getTrustStoreType

        public String getTrustStoreType()

      • setTrustStoreType

        public void setTrustStoreType​(String trustStoreType)

      • getTrustStoreProvider

        @Nullable
public String getTrustStoreProvider()

      • setTrustStoreProvider

        public void setTrustStoreProvider​(@Nullable
                                  String trustStoreProvider)

      • getKeyManagerPassword

        @Nullable
public String getKeyManagerPassword()

      • setKeyManagerPassword

        public void setKeyManagerPassword​(@Nullable
                                  String keyManagerPassword)

      • getTrustStorePath

        @Nullable
public String getTrustStorePath()

      • setTrustStorePath

        public void setTrustStorePath​(@Nullable
                              String trustStorePath)

      • getTrustStorePassword

        @Nullable
public String getTrustStorePassword()

      • setTrustStorePassword

        public void setTrustStorePassword​(@Nullable
                                  String trustStorePassword)

      • getNeedClientAuth

        @Nullable
public Boolean getNeedClientAuth()

      • setNeedClientAuth

        public void setNeedClientAuth​(@Nullable
                              Boolean needClientAuth)

      • getWantClientAuth

        @Nullable
public Boolean getWantClientAuth()

      • setWantClientAuth

        public void setWantClientAuth​(@Nullable
                              Boolean wantClientAuth)

      • getCertAlias

        @Nullable
public String getCertAlias()

      • setCertAlias

        public void setCertAlias​(@Nullable
                         String certAlias)

      • getCrlPath

        @Nullable
public File getCrlPath()

      • setCrlPath

        public void setCrlPath​(@Nullable
                       File crlPath)

      • getEnableCRLDP

        @Nullable
public Boolean getEnableCRLDP()

      • setEnableCRLDP

        public void setEnableCRLDP​(@Nullable
                           Boolean enableCRLDP)

      • getEnableOCSP

        @Nullable
public Boolean getEnableOCSP()

      • setEnableOCSP

        public void setEnableOCSP​(@Nullable
                          Boolean enableOCSP)

      • getMaxCertPathLength

        @Nullable
public Integer getMaxCertPathLength()

      • setMaxCertPathLength

        public void setMaxCertPathLength​(@Nullable
                                 Integer maxCertPathLength)

      • getOcspResponderUrl

        @Nullable
public URI getOcspResponderUrl()

      • setOcspResponderUrl

        public void setOcspResponderUrl​(@Nullable
                                URI ocspResponderUrl)

      • getJceProvider

        @Nullable
public String getJceProvider()

      • setJceProvider

        public void setJceProvider​(@Nullable
                           String jceProvider)

      • getValidatePeers

        public boolean getValidatePeers()

      • setValidatePeers

        public void setValidatePeers​(boolean validatePeers)

      • getSupportedProtocols

        @Nullable
public List<String> getSupportedProtocols()

      • setSupportedProtocols

        public void setSupportedProtocols​(@Nullable
                                  List<String> supportedProtocols)

      • getExcludedProtocols

        @Nullable
public List<String> getExcludedProtocols()

      • setExcludedProtocols

        public void setExcludedProtocols​(@Nullable
                                 List<String> excludedProtocols)

      • getSupportedCipherSuites

        @Nullable
public List<String> getSupportedCipherSuites()

      • getExcludedCipherSuites

        @Nullable
public List<String> getExcludedCipherSuites()

      • setExcludedCipherSuites

        public void setExcludedCipherSuites​(@Nullable
                                    List<String> excludedCipherSuites)

      • setSupportedCipherSuites

        public void setSupportedCipherSuites​(@Nullable
                                     List<String> supportedCipherSuites)

      • isValidateCerts

        public boolean isValidateCerts()

      • setValidateCerts

        public void setValidateCerts​(boolean validateCerts)

      • isValidKeyStorePath

        @ValidationMethod(message="keyStorePath should not be null")
public boolean isValidKeyStorePath()

      • isValidKeyStorePassword

        @ValidationMethod(message="keyStorePassword should not be null or empty")
public boolean isValidKeyStorePassword()

      • build

        public org.eclipse.jetty.server.Connector build​(org.eclipse.jetty.server.Server server,
                                                com.codahale.metrics.MetricRegistry metrics,
                                                String name,
                                                @Nullable
                                                org.eclipse.jetty.util.thread.ThreadPool threadPool)
        Description copied from interface: ConnectorFactory
        Create a new connector.
        Specified by:
        build in interface ConnectorFactory
        Overrides:
        build in class HttpConnectorFactory
        Parameters:
        server - the application's Server instance
        metrics - the application's metrics
        name - the application's name
        threadPool - the application's thread pool
        Returns:
        a Connector

      • logSslInfoOnStart

        protected org.eclipse.jetty.util.component.AbstractLifeCycle.AbstractLifeCycleListener logSslInfoOnStart​(org.eclipse.jetty.util.ssl.SslContextFactory sslContextFactory)
        Register a listener that waits until the ssl context factory has started. Once it has started we can grab the fully initialized context so we can log the parameters.

      • configureSslContextFactory

        protected org.eclipse.jetty.util.ssl.SslContextFactory configureSslContextFactory​(org.eclipse.jetty.util.ssl.SslContextFactory factory)