Interface SslEngineFactory

All Superinterfaces:
AutoCloseable, Closeable, Configurable

public interface SslEngineFactory extends Configurable, Closeable
Plugin interface for allowing creation of SSLEngine object in a custom way. For example, you can use this to customize loading your key material and trust material needed for SSLContext. This is complementary to the existing Java Security Provider mechanism which allows the entire provider to be replaced with a custom provider. In scenarios where only the configuration mechanism for SSL engines need to be updated, this interface provides a convenient method for overriding the default implementation.
  • Method Details

    • createClientSslEngine

      SSLEngine createClientSslEngine(String peerHost, int peerPort, String endpointIdentification)
      Creates a new SSLEngine object to be used by the client.
      Parameters:
      peerHost - The peer host to use. This is used in client mode if endpoint validation is enabled.
      peerPort - The peer port to use. This is a hint and not used for validation.
      endpointIdentification - Endpoint identification algorithm for client mode.
      Returns:
      The new SSLEngine.
    • createServerSslEngine

      SSLEngine createServerSslEngine(String peerHost, int peerPort)
      Creates a new SSLEngine object to be used by the server.
      Parameters:
      peerHost - The peer host to use. This is a hint and not used for validation.
      peerPort - The peer port to use. This is a hint and not used for validation.
      Returns:
      The new SSLEngine.
    • shouldBeRebuilt

      boolean shouldBeRebuilt(Map<String,Object> nextConfigs)
      Returns true if SSLEngine needs to be rebuilt. This method will be called when reconfiguration is triggered on the SslFactory used to create SSL engines. Based on the new configs provided in nextConfigs, this method will decide whether underlying SSLEngine object needs to be rebuilt. If this method returns true, the SslFactory will create a new instance of this object with nextConfigs and run other checks before deciding to use the new object for new incoming connection requests. Existing connections are not impacted by this and will not see any changes done as part of reconfiguration.

      For example, if the implementation depends on file-based key material, it can check if the file was updated compared to the previous/last-loaded timestamp and return true.

      Parameters:
      nextConfigs - The new configuration we want to use.
      Returns:
      True only if the underlying SSLEngine object should be rebuilt.
    • reconfigurableConfigs

      Set<String> reconfigurableConfigs()
      Returns the names of configs that may be reconfigured.
      Returns:
      Names of configuration options that are dynamically reconfigurable.
    • keystore

      KeyStore keystore()
      Returns keystore configured for this factory.
      Returns:
      The keystore for this factory or null if a keystore is not configured.
    • truststore

      KeyStore truststore()
      Returns truststore configured for this factory.
      Returns:
      The truststore for this factory or null if a truststore is not configured.