Package io.dropwizard.jetty
Class HttpsConnectorFactory
- java.lang.Object
-
- io.dropwizard.jetty.HttpConnectorFactory
-
- io.dropwizard.jetty.HttpsConnectorFactory
-
- All Implemented Interfaces:
Discoverable
,ConnectorFactory
- Direct Known Subclasses:
Http2ConnectorFactory
public class HttpsConnectorFactory extends HttpConnectorFactory
Builds HTTPS connectors (HTTP over TLS/SSL). Configuration Parameters:Name Default Description keyStorePath
REQUIRED The path to the Java key store which contains the host certificate and private key. keyStorePassword
REQUIRED The password used to access the key store. keyStoreType
JKS
The type of key store (usually JKS
,PKCS12
,JCEKS
,Windows-MY
, orWindows-ROOT
).keyStoreProvider
(none) The JCE provider to use to access the key store. trustStorePath
(none) The path to the Java key store which contains the CA certificates used to establish trust. trustStorePassword
(none) The password used to access the trust store. trustStoreType
JKS
The type of trust store (usually JKS
,PKCS12
,JCEKS
,Windows-MY
, orWindows-ROOT
).trustStoreProvider
(none) The JCE provider to use to access the trust store. keyManagerPassword
(none) The password, if any, for the key manager. needClientAuth
(none) Whether or not client authentication is required. wantClientAuth
(none) Whether or not client authentication is requested. certAlias
(none) The alias of the certificate to use. crlPath
(none) The path to the file which contains the Certificate Revocation List. enableCRLDP
false Whether or not CRL Distribution Points (CRLDP) support is enabled. enableOCSP
false Whether or not On-Line Certificate Status Protocol (OCSP) support is enabled. maxCertPathLength
(unlimited) The maximum certification path length. ocspResponderUrl
(none) The location of the OCSP responder. jceProvider
(none) The name of the JCE provider to use for cryptographic support. validateCerts
false Whether or not to validate TLS certificates before starting. If enabled, Dropwizard will refuse to start with expired or otherwise invalid certificates. This option will cause unconditional failure in Dropwizard 1.x until a new validation mechanism can be implemented. validatePeers
false Whether or not to validate TLS peer certificates. This option will cause unconditional failure in Dropwizard 1.x until a new validation mechanism can be implemented. supportedProtocols
JVM default A list of protocols (e.g., SSLv3
,TLSv1
) which are supported. All other protocols will be refused.excludedProtocols
["SSL.*", "TLSv1", "TLSv1\.1"] A list of protocols (e.g., SSLv3
,TLSv1
) which are excluded. These protocols will be refused.supportedCipherSuites
JVM default A list of cipher suites (e.g., TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
) which are supported. All other cipher suites will be refused.excludedCipherSuites
Jetty's default A list of cipher suites (e.g., TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
) which are excluded. These cipher suites will be refused.allowRenegotiation
true Whether or not TLS renegotiation is allowed. endpointIdentificationAlgorithm
(none) Which endpoint identification algorithm, if any, to use during the TLS handshake. disableSniHostCheck
false If true, server-side SNI host checking is disabled HttpConnectorFactory
.- See Also:
HttpConnectorFactory
-
-
Constructor Summary
Constructors Constructor Description HttpsConnectorFactory()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description org.eclipse.jetty.server.Connector
build(org.eclipse.jetty.server.Server server, com.codahale.metrics.MetricRegistry metrics, String name, @Nullable org.eclipse.jetty.util.thread.ThreadPool threadPool)
Create a new connector.protected org.eclipse.jetty.server.HttpConfiguration
buildHttpConfiguration()
protected org.eclipse.jetty.util.ssl.SslContextFactory.Server
configureSslContextFactory(org.eclipse.jetty.util.ssl.SslContextFactory sslContextFactory)
boolean
getAllowRenegotiation()
@Nullable String
getCertAlias()
@Nullable File
getCrlPath()
@Nullable Boolean
getEnableCRLDP()
@Nullable Boolean
getEnableOCSP()
@Nullable String
getEndpointIdentificationAlgorithm()
@Nullable List<String>
getExcludedCipherSuites()
@Nullable List<String>
getExcludedProtocols()
@Nullable String
getJceProvider()
@Nullable String
getKeyManagerPassword()
@Nullable String
getKeyStorePassword()
@Nullable String
getKeyStorePath()
@Nullable String
getKeyStoreProvider()
String
getKeyStoreType()
@Nullable Integer
getMaxCertPathLength()
@Nullable Boolean
getNeedClientAuth()
@Nullable URI
getOcspResponderUrl()
@Nullable List<String>
getSupportedCipherSuites()
@Nullable List<String>
getSupportedProtocols()
@Nullable String
getTrustStorePassword()
@Nullable String
getTrustStorePath()
@Nullable String
getTrustStoreProvider()
String
getTrustStoreType()
boolean
getValidatePeers()
@Nullable Boolean
getWantClientAuth()
boolean
isDisableSniHostCheck()
boolean
isValidateCerts()
boolean
isValidKeyStorePassword()
boolean
isValidKeyStorePath()
protected org.eclipse.jetty.util.component.LifeCycle.Listener
logSslParameters(org.eclipse.jetty.util.ssl.SslContextFactory sslContextFactory)
Register a listener that waits until the SSL context factory has started.void
setAllowRenegotiation(boolean allowRenegotiation)
void
setCertAlias(@Nullable String certAlias)
void
setCrlPath(@Nullable File crlPath)
void
setDisableSniHostCheck(boolean disableSniHostCheck)
void
setEnableCRLDP(@Nullable Boolean enableCRLDP)
void
setEnableOCSP(@Nullable Boolean enableOCSP)
void
setEndpointIdentificationAlgorithm(@Nullable String endpointIdentificationAlgorithm)
void
setExcludedCipherSuites(@Nullable List<String> excludedCipherSuites)
void
setExcludedProtocols(@Nullable List<String> excludedProtocols)
void
setJceProvider(@Nullable String jceProvider)
void
setKeyManagerPassword(@Nullable String keyManagerPassword)
void
setKeyStorePassword(@Nullable String keyStorePassword)
void
setKeyStorePath(@Nullable String keyStorePath)
void
setKeyStoreProvider(@Nullable String keyStoreProvider)
void
setKeyStoreType(String keyStoreType)
void
setMaxCertPathLength(@Nullable Integer maxCertPathLength)
void
setNeedClientAuth(@Nullable Boolean needClientAuth)
void
setOcspResponderUrl(@Nullable URI ocspResponderUrl)
void
setSupportedCipherSuites(@Nullable List<String> supportedCipherSuites)
void
setSupportedProtocols(@Nullable List<String> supportedProtocols)
void
setTrustStorePassword(@Nullable String trustStorePassword)
void
setTrustStorePath(@Nullable String trustStorePath)
void
setTrustStoreProvider(@Nullable String trustStoreProvider)
void
setTrustStoreType(String trustStoreType)
void
setValidateCerts(boolean validateCerts)
void
setValidatePeers(boolean validatePeers)
void
setWantClientAuth(@Nullable Boolean wantClientAuth)
-
Methods inherited from class io.dropwizard.jetty.HttpConnectorFactory
admin, application, buildBufferPool, buildConnector, buildHttpConnectionFactory, getAcceptorThreads, getAcceptQueueSize, getBindHost, getBufferPoolIncrement, getHeaderCacheSize, getHttpCompliance, getIdleTimeout, getInputBufferSize, getMaxBufferPoolSize, getMaxRequestHeaderSize, getMaxResponseHeaderSize, getMinBufferPoolSize, getMinRequestDataPerSecond, getMinResponseDataPerSecond, getOutputBufferSize, getPort, getRequestCookieCompliance, getResponseCookieCompliance, getSelectorThreads, getUriCompliance, httpConnections, isInheritChannel, isReuseAddress, isUseDateHeader, isUseForwardedHeaders, isUseProxyProtocol, isUseServerHeader, setAcceptorThreads, setAcceptQueueSize, setBindHost, setBufferPoolIncrement, setHeaderCacheSize, setHttpCompliance, setIdleTimeout, setInheritChannel, setInputBufferSize, setMaxBufferPoolSize, setMaxRequestHeaderSize, setMaxResponseHeaderSize, setMinBufferPoolSize, setMinRequestDataPerSecond, setMinResponseDataPerSecond, setOutputBufferSize, setPort, setRequestCookieCompliance, setResponseCookieCompliance, setReuseAddress, setSelectorThreads, setUriCompliance, setUseDateHeader, setUseForwardedHeaders, setUseProxyProtocol, setUseServerHeader
-
-
-
-
Method Detail
-
getAllowRenegotiation
public boolean getAllowRenegotiation()
-
setAllowRenegotiation
public void setAllowRenegotiation(boolean allowRenegotiation)
-
getEndpointIdentificationAlgorithm
public @Nullable String getEndpointIdentificationAlgorithm()
-
setEndpointIdentificationAlgorithm
public void setEndpointIdentificationAlgorithm(@Nullable String endpointIdentificationAlgorithm)
-
getKeyStorePath
public @Nullable String getKeyStorePath()
-
setKeyStorePath
public void setKeyStorePath(@Nullable String keyStorePath)
-
getKeyStorePassword
public @Nullable String getKeyStorePassword()
-
setKeyStorePassword
public void setKeyStorePassword(@Nullable String keyStorePassword)
-
getKeyStoreType
public String getKeyStoreType()
-
setKeyStoreType
public void setKeyStoreType(String keyStoreType)
-
getKeyStoreProvider
public @Nullable String getKeyStoreProvider()
-
setKeyStoreProvider
public void setKeyStoreProvider(@Nullable String keyStoreProvider)
-
getTrustStoreType
public String getTrustStoreType()
-
setTrustStoreType
public void setTrustStoreType(String trustStoreType)
-
getTrustStoreProvider
public @Nullable String getTrustStoreProvider()
-
setTrustStoreProvider
public void setTrustStoreProvider(@Nullable String trustStoreProvider)
-
getKeyManagerPassword
public @Nullable String getKeyManagerPassword()
-
setKeyManagerPassword
public void setKeyManagerPassword(@Nullable String keyManagerPassword)
-
getTrustStorePath
public @Nullable String getTrustStorePath()
-
setTrustStorePath
public void setTrustStorePath(@Nullable String trustStorePath)
-
getTrustStorePassword
public @Nullable String getTrustStorePassword()
-
setTrustStorePassword
public void setTrustStorePassword(@Nullable String trustStorePassword)
-
getNeedClientAuth
public @Nullable Boolean getNeedClientAuth()
-
setNeedClientAuth
public void setNeedClientAuth(@Nullable Boolean needClientAuth)
-
getWantClientAuth
public @Nullable Boolean getWantClientAuth()
-
setWantClientAuth
public void setWantClientAuth(@Nullable Boolean wantClientAuth)
-
getCertAlias
public @Nullable String getCertAlias()
-
setCertAlias
public void setCertAlias(@Nullable String certAlias)
-
getCrlPath
public @Nullable File getCrlPath()
-
setCrlPath
public void setCrlPath(@Nullable File crlPath)
-
getEnableCRLDP
public @Nullable Boolean getEnableCRLDP()
-
setEnableCRLDP
public void setEnableCRLDP(@Nullable Boolean enableCRLDP)
-
getEnableOCSP
public @Nullable Boolean getEnableOCSP()
-
setEnableOCSP
public void setEnableOCSP(@Nullable Boolean enableOCSP)
-
getMaxCertPathLength
public @Nullable Integer getMaxCertPathLength()
-
setMaxCertPathLength
public void setMaxCertPathLength(@Nullable Integer maxCertPathLength)
-
getOcspResponderUrl
public @Nullable URI getOcspResponderUrl()
-
setOcspResponderUrl
public void setOcspResponderUrl(@Nullable URI ocspResponderUrl)
-
getJceProvider
public @Nullable String getJceProvider()
-
setJceProvider
public void setJceProvider(@Nullable String jceProvider)
-
getValidatePeers
public boolean getValidatePeers()
-
setValidatePeers
public void setValidatePeers(boolean validatePeers)
-
setExcludedCipherSuites
public void setExcludedCipherSuites(@Nullable List<String> excludedCipherSuites)
-
setSupportedCipherSuites
public void setSupportedCipherSuites(@Nullable List<String> supportedCipherSuites)
-
isValidateCerts
public boolean isValidateCerts()
-
setValidateCerts
public void setValidateCerts(boolean validateCerts)
-
isDisableSniHostCheck
public boolean isDisableSniHostCheck()
-
setDisableSniHostCheck
public void setDisableSniHostCheck(boolean disableSniHostCheck)
-
isValidKeyStorePath
@ValidationMethod(message="keyStorePath should not be null") public boolean isValidKeyStorePath()
-
isValidKeyStorePassword
@ValidationMethod(message="keyStorePassword should not be null or empty") public boolean isValidKeyStorePassword()
-
build
public org.eclipse.jetty.server.Connector build(org.eclipse.jetty.server.Server server, com.codahale.metrics.MetricRegistry metrics, String name, @Nullable org.eclipse.jetty.util.thread.ThreadPool threadPool)
Description copied from interface:ConnectorFactory
Create a new connector.- Specified by:
build
in interfaceConnectorFactory
- Overrides:
build
in classHttpConnectorFactory
- Parameters:
server
- the application'sServer
instancemetrics
- the application's metricsname
- the application's namethreadPool
- the application's thread pool- Returns:
- a
Connector
-
buildHttpConfiguration
protected org.eclipse.jetty.server.HttpConfiguration buildHttpConfiguration()
- Overrides:
buildHttpConfiguration
in classHttpConnectorFactory
-
logSslParameters
protected org.eclipse.jetty.util.component.LifeCycle.Listener logSslParameters(org.eclipse.jetty.util.ssl.SslContextFactory sslContextFactory)
Register a listener that waits until the SSL context factory has started. Once it has started we can grab the fully initialized context so we can log the parameters.- Since:
- 2.1.0
-
configureSslContextFactory
protected org.eclipse.jetty.util.ssl.SslContextFactory.Server configureSslContextFactory(org.eclipse.jetty.util.ssl.SslContextFactory sslContextFactory)
-
-