...
Current state: VOTING
Voting thread: https://www.mail-archive.com/dev@kafka.apache.org/msg104580.html
Discussion thread: https://www.mail-archive.com/dev@kafka.apache.org/msg101011.html
...
Default value will be as mentioned below.
Code Block |
---|
public static final String SSL_ENGINE_FACTORY_CLASS_CONFIG = "ssl.engine.factory.class"; public static final String DEFAULT_SSL_ENGINE_FACTORY_CLASS = "org.apache.kafka.common.security.ssl.DefaultSslEngineFactory.class.getCanonicalName(); public static final String SSL_ENGINE_FACTORY_CLASS_DOC = "The class of type org.apache.kafka.common.security.auth.SslEngineFactory to provide SSLEngine objects. Default value is " + DEFAULT_SSL_ENGINE_FACTORY_CLASS; |
Interface for SslEngineFactory
...
Code Block |
---|
package org.apache.kafka.common.security.sslauth; import org.apache.kafka.common.network.ModeConfigurable; import javax.net.ssl.SSLEngine; import java.io.Closeable; import java.security.KeyStore; import java.util.Map; import java.util.Set; public interface SslEngineFactory { /** * Create a new SSLEngine object. * * @param mode Whether to use client or server mode. /** * Plugin interface for allowing creation of SSLEngine object in a custom way. * Example: You want to use custom way to load your key material and trust material needed for SSLContext. * However, keep in mind that this is complementary to the existing Java Security Provider's mechanism and not a competing * solution. */ public interface SslEngineFactory extends Configurable, Closeable { /** * Create a new SSLEngine object to be used by the client. * * @param peerHost The peer host to use. This is used in client mode if endpoint validation is enabled. * @param peerPort The peer port to use. This is a hint and not used for validation. * @param endpointIdentification Endpoint identification algorithm for client mode. * @return The new SSLEngine. */ SSLEngine createSslEnginecreateClientSslEngine(Mode mode, String peerHost, int peerPort, String endpointIdentification); /** * ReturnsCreate truea ifnew SSLEngine needsobject to be rebuiltused by the server. * * @param nextConfigs peerHost The configurationpeer we wanthost to use. This is used in client mode if endpoint validation is enabled. * @return @param peerPort The peer port to use. This is a hint and not used for validation. True only if the* SSLEngine@return shouldThe benew rebuiltSSLEngine. */ booleanSSLEngine shouldBeRebuiltcreateServerSslEngine(Map<StringString peerHost, Object>int nextConfigspeerPort); /** * Returns the names of configs that may be reconfigured true if SSLEngine needs to be rebuilt. * * @param nextConfigs The configuration we want to use. * @return True only if this builder should be rebuilt. */ Set<String>boolean reconfigurableConfigs(shouldBeRebuilt(Map<String, Object> nextConfigs); /** * Returns existing configuration the names of configs that may be reconfigured. */ Map<String, Object> configsSet<String> reconfigurableConfigs(); /** * Returns keystore. * @return */ KeyStore keystore(); /** * Returns truststore. * @return */ KeyStore truststore(); } |
...
The configuration of Map will be passed to the implementation class via the constructorconfigure() method. See below example,
Code Block |
---|
public DefaultSslEngineFactory implements SslEngineFactory { ... ... /* Default empty argument constructor */ /* implement configure() method */ @Override public void configure(Map<String, ?> configs) { ... } ... ... } |
These configuration will be passed from SslFactory to the implementation of the SslEngineFactory interface via reflection like below
Code Block |
---|
public class SslFactory implement Reconfigurable { ... ... private SslEngineFactory instantiateSslEngineFactory(Map<String, Object> configs) { @SuppressWarnings("unchecked") Class<? extends SslEngineFactory> sslEngineFactoryClass.getDeclaredConstructor(Map.class).newInstance(configs); = (Class<? extends SslEngineFactory>) configs.get(SslConfigs.SSL_ENGINE_FACTORY_CLASS_CONFIG); SslEngineFactory sslEngineFactory = Utils.newInstance(sslEngineFactoryClass); sslEngineFactory.configure(configs); this.sslEngineFactoryConfig = configs; return sslEngineFactory; } ... } |
Support for reconfiguration of custom configs
...