Package org.apache.kafka.common.security.auth

Interface SslEngineFactory

All Superinterfaces:

AutoCloseable, Closeable, Configurable

public interface SslEngineFactory
extends Configurable, Closeable

Plugin interface for allowing creation of SSLEngine object in a custom way. For example, you can use this to customize loading your key material and trust material needed for SSLContext. This is complementary to the existing Java Security Provider mechanism which allows the entire provider to be replaced with a custom provider. In scenarios where only the configuration mechanism for SSL engines need to be updated, this interface provides a convenient method for overriding the default implementation.

Method Summary

Modifier and Type	Method	Description
SSLEngine	createClientSslEngine(String peerHost, int peerPort, String endpointIdentification)	Creates a new SSLEngine object to be used by the client.
SSLEngine	createServerSslEngine(String peerHost, int peerPort)	Creates a new SSLEngine object to be used by the server.
KeyStore	keystore()	Returns keystore configured for this factory.
Set<String>	reconfigurableConfigs()	Returns the names of configs that may be reconfigured.
boolean	shouldBeRebuilt(Map<String,Object> nextConfigs)	Returns true if SSLEngine needs to be rebuilt.
KeyStore	truststore()	Returns truststore configured for this factory.

Methods inherited from interface java.io.Closeable

close

Methods inherited from interface org.apache.kafka.common.Configurable

configure

Method Details

createClientSslEngine

SSLEngine createClientSslEngine(String peerHost,
 int peerPort,
 String endpointIdentification)

Creates a new SSLEngine object to be used by the client.

Parameters:

peerHost - The peer host to use. This is used in client mode if endpoint validation is enabled.

peerPort - The peer port to use. This is a hint and not used for validation.

endpointIdentification - Endpoint identification algorithm for client mode.

Returns:

The new SSLEngine.

createServerSslEngine

SSLEngine createServerSslEngine(String peerHost,
 int peerPort)

Creates a new SSLEngine object to be used by the server.

Parameters:

peerHost - The peer host to use. This is a hint and not used for validation.

peerPort - The peer port to use. This is a hint and not used for validation.

Returns:

The new SSLEngine.

shouldBeRebuilt

boolean shouldBeRebuilt(Map<String,Object> nextConfigs)

Returns true if SSLEngine needs to be rebuilt. This method will be called when reconfiguration is triggered on the SslFactory used to create SSL engines. Based on the new configs provided in nextConfigs, this method will decide whether underlying SSLEngine object needs to be rebuilt. If this method returns true, the SslFactory will create a new instance of this object with nextConfigs and run other checks before deciding to use the new object for new incoming connection requests. Existing connections are not impacted by this and will not see any changes done as part of reconfiguration.

For example, if the implementation depends on file-based key material, it can check if the file was updated compared to the previous/last-loaded timestamp and return true.

Parameters:

nextConfigs - The new configuration we want to use.

Returns:

True only if the underlying SSLEngine object should be rebuilt.

reconfigurableConfigs

Set<String> reconfigurableConfigs()

Returns the names of configs that may be reconfigured.

Returns:

Names of configuration options that are dynamically reconfigurable.

keystore

KeyStore keystore()

Returns keystore configured for this factory.

Returns:

The keystore for this factory or null if a keystore is not configured.

truststore

KeyStore truststore()

Returns truststore configured for this factory.

Returns:

The truststore for this factory or null if a truststore is not configured.