Page History

    public static final String SSL_ENGINE_FACTORY_CLASS_CONFIG = "ssl.engine.factory.class";
    public static final String DEFAULT_SSL_ENGINE_FACTORY_CLASS = "org.apache.kafka.common.security.ssl.DefaultSslEngineFactory.class.getCanonicalName();
    public static final String SSL_ENGINE_FACTORY_CLASS_DOC = "The class of type org.apache.kafka.common.security.auth.SslEngineFactory to provide SSLEngine objects. Default value is " + DEFAULT_SSL_ENGINE_FACTORY_CLASS;

package org.apache.kafka.common.security.sslauth;

import org.apache.kafka.common.network.ModeConfigurable;

import javax.net.ssl.SSLEngine;
import java.io.Closeable;
import java.security.KeyStore;
import java.util.Map;
import java.util.Set;

public interface SslEngineFactory {

    /**
     * Create a new SSLEngine object.
     *
     * @param mode                   Whether to use client or server mode.
/**
 * Plugin interface for allowing creation of SSLEngine object in a custom way.
 * Example: You want to use custom way to load your key material and trust material needed for SSLContext.
 * However, keep in mind that this is complementary to the existing Java Security Provider's mechanism and not a competing
 * solution.
 */
public interface SslEngineFactory extends Configurable, Closeable {

    /**
     * Create a new SSLEngine object to be used by the client.
     *
     * @param peerHost               The peer host to use. This is used in client mode if endpoint validation is enabled.
     * @param peerPort               The peer port to use. This is a hint and not used for validation.
     * @param endpointIdentification Endpoint identification algorithm for client mode.
     * @return The new SSLEngine.
     */
    SSLEngine createSslEnginecreateClientSslEngine(Mode mode, String peerHost, int peerPort, String endpointIdentification);

    /**
     * ReturnsCreate truea ifnew SSLEngine needsobject to be rebuiltused by the server.
     *
     * @param nextConfigs peerHost               The configurationpeer we wanthost to use. This is used in client mode if endpoint validation is enabled.
     * @return @param peerPort               The peer port to use. This is a hint and not used for validation.
  True only if the* SSLEngine@return shouldThe benew rebuiltSSLEngine.
     */
    booleanSSLEngine shouldBeRebuiltcreateServerSslEngine(Map<StringString peerHost, Object>int nextConfigspeerPort);

    /**
     * Returns the names of configs that may be reconfigured true if SSLEngine needs to be rebuilt.
     *
     * @param nextConfigs       The configuration we want to use.
     * @return                  True only if this builder should be rebuilt.
     */
    Set<String>boolean reconfigurableConfigs(shouldBeRebuilt(Map<String, Object> nextConfigs);

    /**
     * Returns existing configuration the names of configs that may be reconfigured.
     */
    Map<String, Object> configsSet<String> reconfigurableConfigs();

    /**
     * Returns keystore.
     * @return
     */
    KeyStore keystore();

    /**
     * Returns truststore.
     * @return
     */
    KeyStore truststore();
}

public class SslFactory implement Reconfigurable {
...
...
     private SslEngineFactory instantiateSslEngineFactory(Map<String, Object> configs) {
        @SuppressWarnings("unchecked")
        Class<? extends SslEngineFactory> sslEngineFactoryClass.getDeclaredConstructor(Map.class).newInstance(configs); =
                (Class<? extends SslEngineFactory>) configs.get(SslConfigs.SSL_ENGINE_FACTORY_CLASS_CONFIG);
        SslEngineFactory sslEngineFactory = Utils.newInstance(sslEngineFactoryClass);
        sslEngineFactory.configure(configs);
        this.sslEngineFactoryConfig = configs;
        return sslEngineFactory;
    }
...
}