Interface SslEngineFactory
- All Superinterfaces:
AutoCloseable
,Closeable
,Configurable
public interface SslEngineFactory extends Configurable, Closeable
Plugin interface for allowing creation of
SSLEngine
object in a custom way.
For example, you can use this to customize loading your key material and trust material needed for SSLContext
.
This is complementary to the existing Java Security Provider mechanism which allows the entire provider
to be replaced with a custom provider. In scenarios where only the configuration mechanism for SSL engines
need to be updated, this interface provides a convenient method for overriding the default implementation.-
Method Summary
Modifier and Type Method Description SSLEngine
createClientSslEngine(String peerHost, int peerPort, String endpointIdentification)
Creates a newSSLEngine
object to be used by the client.SSLEngine
createServerSslEngine(String peerHost, int peerPort)
Creates a newSSLEngine
object to be used by the server.KeyStore
keystore()
Returns keystore configured for this factory.Set<String>
reconfigurableConfigs()
Returns the names of configs that may be reconfigured.boolean
shouldBeRebuilt(Map<String,Object> nextConfigs)
Returns true ifSSLEngine
needs to be rebuilt.KeyStore
truststore()
Returns truststore configured for this factory.Methods inherited from interface org.apache.kafka.common.Configurable
configure
-
Method Details
-
createClientSslEngine
Creates a newSSLEngine
object to be used by the client.- Parameters:
peerHost
- The peer host to use. This is used in client mode if endpoint validation is enabled.peerPort
- The peer port to use. This is a hint and not used for validation.endpointIdentification
- Endpoint identification algorithm for client mode.- Returns:
- The new
SSLEngine
.
-
createServerSslEngine
Creates a newSSLEngine
object to be used by the server.- Parameters:
peerHost
- The peer host to use. This is a hint and not used for validation.peerPort
- The peer port to use. This is a hint and not used for validation.- Returns:
- The new
SSLEngine
.
-
shouldBeRebuilt
Returns true ifSSLEngine
needs to be rebuilt. This method will be called when reconfiguration is triggered on theSslFactory
used to create SSL engines. Based on the new configs provided in nextConfigs, this method will decide whether underlyingSSLEngine
object needs to be rebuilt. If this method returns true, theSslFactory
will create a new instance of this object with nextConfigs and run other checks before deciding to use the new object for new incoming connection requests. Existing connections are not impacted by this and will not see any changes done as part of reconfiguration.For example, if the implementation depends on file-based key material, it can check if the file was updated compared to the previous/last-loaded timestamp and return true.
- Parameters:
nextConfigs
- The new configuration we want to use.- Returns:
- True only if the underlying
SSLEngine
object should be rebuilt.
-
reconfigurableConfigs
Returns the names of configs that may be reconfigured.- Returns:
- Names of configuration options that are dynamically reconfigurable.
-
keystore
KeyStore keystore()Returns keystore configured for this factory.- Returns:
- The keystore for this factory or null if a keystore is not configured.
-
truststore
KeyStore truststore()Returns truststore configured for this factory.- Returns:
- The truststore for this factory or null if a truststore is not configured.
-