org.apache.kafka.common.security.auth

Interface SslEngineFactory

All Superinterfaces:

AutoCloseable, Closeable, Configurable

public interface SslEngineFactory
extends Configurable, Closeable

Plugin interface for allowing creation of SSLEngine object in a custom way. Example: You want to use custom way to load your key material and trust material needed for SSLContext. However, keep in mind that this is complementary to the existing Java Security Provider's mechanism and not a competing solution.

Method Summary

Modifier and Type	Method and Description
SSLEngine	createClientSslEngine(String peerHost, int peerPort, String endpointIdentification) Create a new SSLEngine object to be used by the client.
SSLEngine	createServerSslEngine(String peerHost, int peerPort) Create a new SSLEngine object to be used by the server.
KeyStore	keystore() Returns keystore.
Set<String>	reconfigurableConfigs() Returns the names of configs that may be reconfigured.
boolean	shouldBeRebuilt(Map<String,Object> nextConfigs) Returns true if SSLEngine needs to be rebuilt.
KeyStore	truststore() Returns truststore.

Methods inherited from interface org.apache.kafka.common.Configurable

configure

Methods inherited from interface java.io.Closeable

close

Method Detail

createClientSslEngine

SSLEngine createClientSslEngine(String peerHost,
                                int peerPort,
                                String endpointIdentification)

Create a new SSLEngine object to be used by the client.

Parameters:

peerHost - The peer host to use. This is used in client mode if endpoint validation is enabled.

peerPort - The peer port to use. This is a hint and not used for validation.

endpointIdentification - Endpoint identification algorithm for client mode.

Returns:

The new SSLEngine.

createServerSslEngine

SSLEngine createServerSslEngine(String peerHost,
                                int peerPort)

Create a new SSLEngine object to be used by the server.

Parameters:

peerHost - The peer host to use. This is a hint and not used for validation.

peerPort - The peer port to use. This is a hint and not used for validation.

Returns:

The new SSLEngine.

shouldBeRebuilt

boolean shouldBeRebuilt(Map<String,Object> nextConfigs)

Returns true if SSLEngine needs to be rebuilt. This method will be called when reconfiguration is triggered on org.apache.kafka.common.security.ssl.SslFactory. Based on the nextConfigs, this method will decide whether underlying SSLEngine object needs to be rebuilt. If this method returns true, the org.apache.kafka.common.security.ssl.SslFactory will re-create instance of this object and run other checks before deciding to use the new object for the new incoming connection requests.The existing connections are not impacted by this and will not see any changes done as part of reconfiguration.

     Example: If the implementation depends on the file based key material it can check if the file is updated
     compared to the previous/last-loaded timestamp and return true.

Parameters:

nextConfigs - The configuration we want to use.

Returns:

True only if the underlying SSLEngine object should be rebuilt.

reconfigurableConfigs

Set<String> reconfigurableConfigs()

Returns the names of configs that may be reconfigured.

keystore

KeyStore keystore()

Returns keystore.

Returns:

truststore

KeyStore truststore()

Returns truststore.

Returns: