THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
| Table of Contents |
|---|
Status
Current state: [One of "Under Discussion", "Accepted", "Rejected"] Under Discussion
Discussion thread: here [Change the link from the KIP proposal email archive to your own email thread]
JIRA: here [Change the link from KAFKA-1 to your own ticket]8621
Please keep the discussion on the mailing list rather than commenting on the wiki (wiki discussions get unwieldy fast).
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
package org.apache.kafka.common.security.ssl;
import java.security.KeyStore;
public interface TrustStoreLoader {
/**
* This loads the truststore. The truststore password will be fetched by whatever mechanism the implementation of this class chooses.
* Example: It could use current ssl.truststore.password configuration if it chooses.
* @return KeyStore object
*/
public KeyStore load();
/**
* This method checks if the given truststore has been modified based on some criteria, typically last-modified timestamp. The definition of 'modified' is left to the
* implementation.
* @return true - If the truststore was modified as defined by the implementation; false otherwise
*/
public boolean modified();
} |
Why we do not specify key/trust store password as input method arguments in the interfaces?
We NOTE: Notice that we are not specifying the key/trust store passwords in the KeyStoreLoader/TrustStoreLoader load() method. This is because we do not want to mandate the passwords to come from avoid the dependency in the caller class to load the password. This implementation leaves it open to the Loader implementation to read required configuration or use other mechanism for fetching the password. Typically if you have a Key Manager solution you might be using some sort of 'auth-token' in order to access the Key Manager's API and might not require key/trust store password (you will still need password for unlocking the keys though).
...