Package org.apache.kafka.common.security.auth

Interface SslEngineFactory

  • All Superinterfaces:
    java.lang.AutoCloseable, java.io.Closeable, Configurable
    public interface SslEngineFactory
extends Configurable, java.io.Closeable
    Plugin interface for allowing creation of SSLEngine object in a custom way. Example: You want to use custom way to load your key material and trust material needed for SSLContext. However, keep in mind that this is complementary to the existing Java Security Provider's mechanism and not a competing solution.

    • Method Summary

      All Methods Instance Methods Abstract Methods 
      Modifier and Type Method Description
      javax.net.ssl.SSLEngine createClientSslEngine​(java.lang.String peerHost, int peerPort, java.lang.String endpointIdentification)
      Create a new SSLEngine object to be used by the client.
      javax.net.ssl.SSLEngine createServerSslEngine​(java.lang.String peerHost, int peerPort)
      Create a new SSLEngine object to be used by the server.
      java.security.KeyStore keystore()
      Returns keystore.
      java.util.Set<java.lang.String> reconfigurableConfigs()
      Returns the names of configs that may be reconfigured.
      boolean shouldBeRebuilt​(java.util.Map<java.lang.String,​java.lang.Object> nextConfigs)
      Returns true if SSLEngine needs to be rebuilt.
      java.security.KeyStore truststore()
      Returns truststore.

      • Methods inherited from interface java.io.Closeable

        close

    • Method Detail

      • createClientSslEngine

        javax.net.ssl.SSLEngine createClientSslEngine​(java.lang.String peerHost,
                                              int peerPort,
                                              java.lang.String endpointIdentification)
        Create a new SSLEngine object to be used by the client.
        Parameters:
        peerHost - The peer host to use. This is used in client mode if endpoint validation is enabled.
        peerPort - The peer port to use. This is a hint and not used for validation.
        endpointIdentification - Endpoint identification algorithm for client mode.
        Returns:
        The new SSLEngine.

      • createServerSslEngine

        javax.net.ssl.SSLEngine createServerSslEngine​(java.lang.String peerHost,
                                              int peerPort)
        Create a new SSLEngine object to be used by the server.
        Parameters:
        peerHost - The peer host to use. This is a hint and not used for validation.
        peerPort - The peer port to use. This is a hint and not used for validation.
        Returns:
        The new SSLEngine.

      • shouldBeRebuilt

        boolean shouldBeRebuilt​(java.util.Map<java.lang.String,​java.lang.Object> nextConfigs)
        Returns true if SSLEngine needs to be rebuilt. This method will be called when reconfiguration is triggered on SslFactory. Based on the nextConfigs, this method will decide whether underlying SSLEngine object needs to be rebuilt. If this method returns true, the SslFactory will re-create instance of this object and run other checks before deciding to use the new object for the new incoming connection requests.The existing connections are not impacted by this and will not see any changes done as part of reconfiguration. 
             Example: If the implementation depends on the file based key material it can check if the file is updated
     compared to the previous/last-loaded timestamp and return true.
        Parameters:
        nextConfigs - The configuration we want to use.
        Returns:
        True only if the underlying SSLEngine object should be rebuilt.

      • reconfigurableConfigs

        java.util.Set<java.lang.String> reconfigurableConfigs()
        Returns the names of configs that may be reconfigured.

      • keystore

        java.security.KeyStore keystore()
        Returns keystore.
        Returns:

      • truststore

        java.security.KeyStore truststore()
        Returns truststore.
        Returns: