SecureJettyConfiguration (Apache Polygene™ (Java Edition) SDK 3.0.0)

All Superinterfaces:

JettyConfiguration
```
public interface SecureJettyConfiguration
extends JettyConfiguration
```
Configuration for SecureJettyMixin. Only the three keystore related properties are mandatory, all the other ones have sensible defaults.

Method Summary

All Methods Instance Methods Abstract Methods
Modifier and Type	Method and Description
`Property<Boolean>`	`allowRenegotiation()` If SSL/TLS renegotiation is allowed.
`Property<Boolean>`	`cacheSslSessions()` If SSL Session caching is enabled.
`Property<String>`	`certAlias()` Alias of the `SecureJettyService` certificate.
`Property<String>`	`crlFilePath()`
`Property<Boolean>`	`enableCRLDP()`
`Property<Boolean>`	`enableOCSP()`
`Property<String>`	`excludeCipherSuites()`
`Property<String>`	`includeCipherSuites()`
`Property<String>`	`keystorePassword()`
`Property<String>`	`keystorePath()`
`Property<String>`	`keystoreType()`
`Property<Integer>`	`maxCertPathLength()` Maximum number of intermediate certificates in the PKIX path.
`Property<Boolean>`	`needClientAuth()` If the `SecureJettyService` needs client authentication.
`Property<String>`	`ocspResponderURL()`
`Property<String>`	`secureRandomAlgorithm()` The algorithm used by `SecureRandom` for SSL operations.
`Property<String>`	`truststorePassword()`
`Property<String>`	`truststorePath()`
`Property<String>`	`truststoreType()`
`Property<Boolean>`	`validatePeerCerts()` If client certificates PKIX validation MUST use either CRL or OCSP.
`Property<Boolean>`	`validateServerCert()` If the `SecureJettyService` certificate MUST be PKIX validated.
`Property<Boolean>`	`wantClientAuth()` If the `SecureJettyService` wants client authentication.

Methods inherited from interface org.apache.polygene.library.http.JettyConfiguration
contextPath, gracefullShutdownTimeout, hostName, lowResourceMaxIdleTime, maxFormContentSize, maxIdleTime, port, requestHeaderSize, resourcePath, responseBufferSize, responseHeaderSize, sendDateHeader, sendServerVersion, statistics, virtualHosts, welcomeFiles

- Method Detail
  - keystoreType
```
Property<String> keystoreType()
```
    Returns:
    
    Type of the keystore that contains the SecureJettyService certificate.
  - keystorePath
```
Property<String> keystorePath()
```
    Returns:
    
    Path of the keystore that contains the SecureJettyService certificate.
  - keystorePassword
```
@UseDefaults
Property<String> keystorePassword()
```
    Returns:
    
    Password of the keystore that contains the SecureJettyService certificate.
  - certAlias
```
@Optional
Property<String> certAlias()
```
    Alias of the SecureJettyService certificate. If not set, the first certificate found in the keystore is used.
    
    Returns:
    
    Alias of the SecureJettyService certificate.
  - truststoreType
```
@Optional
Property<String> truststoreType()
```
    Returns:
    
    Type of the keystore that contains the certificates trusted by the SecureJettyService.
  - truststorePath
```
@Optional
Property<String> truststorePath()
```
    Returns:
    
    Path of the keystore that contains the certificates trusted by the SecureJettyService.
  - truststorePassword
```
@UseDefaults
Property<String> truststorePassword()
```
    Returns:
    
    Password of the keystore that contains the certificates trusted by the SecureJettyService.
  - wantClientAuth
```
@UseDefaults
Property<Boolean> wantClientAuth()
```
    If the SecureJettyService wants client authentication. Defaults to false. If set to true, the SecureJettyService will expose the fact that it can handle client certificate based authentication.
    
    Returns:
    
    If the SecureJettyService wants client authentication.
  - needClientAuth
```
@UseDefaults
Property<Boolean> needClientAuth()
```
    If the SecureJettyService needs client authentication. Defaults to false. If set to true, only mutually authentified connections will be accepted.
    
    Returns:
    
    If the SecureJettyService needs client authentication.
  - secureRandomAlgorithm
```
@Optional
Property<String> secureRandomAlgorithm()
```
    The algorithm used by SecureRandom for SSL operations. Default JVM algorithm is used if omitted.
    
    Returns:
    
    The algorithm used by SecureRandom for SSL operations.
  - includeCipherSuites
```
@Optional
Property<String> includeCipherSuites()
```
    Returns:
    
    Coma separated list of included cipher suites.
  - excludeCipherSuites
```
@Optional
Property<String> excludeCipherSuites()
```
    Returns:
    
    Coma separated list of excluded cipher suites.
  - cacheSslSessions
```
@Optional
Property<Boolean> cacheSslSessions()
```
    If SSL Session caching is enabled. SSL Session caching is enabled by default.
    
    Returns:
    
    If SSL Session caching is enabled.
  - allowRenegotiation
```
@UseDefaults
Property<Boolean> allowRenegotiation()
```
    If SSL/TLS renegotiation is allowed. Defaults to false. Setting this to true can open vulnerabilities, be sure of what you are doing.
    
    Returns:
    
    If SSL/TLS renegotiation is allowed.
  - maxCertPathLength
```
@Optional
Property<Integer> maxCertPathLength()
```
    Maximum number of intermediate certificates in the PKIX path. Set to -1 for unlimited. Defaulted to -1.
    
    Returns:
    
    Maximum number of intermediate certificates in the PKIX path
  - validateServerCert
```
@UseDefaults
Property<Boolean> validateServerCert()
```
    If the SecureJettyService certificate MUST be PKIX validated.
    IMPORTANT:
    - Server certificate validation do not use the configured truststore but the one of the JVM.
    - Server certificates validation behavior depends on CRL and OCSP related configuration properties.
    Defaults to false.
    Returns:
    
    If the SecureJettyService certificate MUST be PKIX validated.
  - validatePeerCerts
```
@UseDefaults
Property<Boolean> validatePeerCerts()
```
    If client certificates PKIX validation MUST use either CRL or OCSP.
    IMPORTANT:
    - Peer certificates validation use the configured truststore if present, the one of the JVM if not.
    - Peer certificates validation behavior depends on CRL and OCSP related configuration properties.
    Defaults to false.
    Returns:
    
    If client certificates PKIX validation MUST use either CRL or OCSP.
  - crlFilePath
```
@Optional
Property<String> crlFilePath()
```
    Returns:
    
    The path of a local CRL file in PEM or DER format used during PKIX validations.
  - enableCRLDP
```
@UseDefaults
Property<Boolean> enableCRLDP()
```
    Returns:
    
    If PKIX validations use the CRL Distribution Points declared in CA certificates.
  - enableOCSP
```
@UseDefaults
Property<Boolean> enableOCSP()
```
    Returns:
    
    If PKIX validations use the OCSP protocol against responders declared in CA certificates.
  - ocspResponderURL
```
@Optional
Property<String> ocspResponderURL()
```
    Returns:
    
    The URL of an OCSP responder to use during PKIX validations.

Interface SecureJettyConfiguration

Method Summary

Methods inherited from interface org.apache.polygene.library.http.JettyConfiguration

Method Detail

keystoreType

keystorePath

keystorePassword

certAlias

truststoreType

truststorePath

truststorePassword

wantClientAuth

needClientAuth

secureRandomAlgorithm

includeCipherSuites

excludeCipherSuites

cacheSslSessions

allowRenegotiation

maxCertPathLength

validateServerCert

validatePeerCerts

crlFilePath

enableCRLDP

enableOCSP

ocspResponderURL