public enum SniValidationMode extends Enum<SniValidationMode>
optional_validation: v3 network architecture clusters: - If a clusterId-prefixed SNI is supplied, we do validation - Otherwise, no validation of the SNI host name is done
allow_legacy_bootstrap: v4 network architecture with legacy bootstrap (before all customers have changed bootstrap configs): - require SNI for broker path - allow bootstrap hostname start with `pkc` and validate the ones that start with `lkc`
strict: v4 network architecture new clusters: - require SNI always for both bootstrap and broker path
This mode can be configured through the jaas config for #OAuthBearerValidatorCallbackHandler
and
#FileBasedPlainSaslAuthenticator
Enum Constant and Description |
---|
ALLOW_LEGACY_BOOTSTRAP |
OPTIONAL_VALIDATION |
STRICT |
Modifier and Type | Field and Description |
---|---|
static String |
SNI_HOST_NAME_VALIDATION_MODE_KEY |
Modifier and Type | Method and Description |
---|---|
static SniValidationMode |
fromString(String text) |
String |
getText() |
abstract boolean |
sniHostNameMatches(String expectedLogicalClusterId,
Optional<String> suppliedClusterId,
Optional<org.apache.kafka.common.security.authenticator.PathAwareSniHostName> sniHostName)
Validate if the supplied cluster Id matches with the ground truth.
|
static SniValidationMode |
valueOf(String name)
Returns the enum constant of this type with the specified name.
|
static SniValidationMode[] |
values()
Returns an array containing the constants of this enum type, in
the order they are declared.
|
public static final SniValidationMode OPTIONAL_VALIDATION
public static final SniValidationMode ALLOW_LEGACY_BOOTSTRAP
public static final SniValidationMode STRICT
public static final String SNI_HOST_NAME_VALIDATION_MODE_KEY
public static SniValidationMode[] values()
for (SniValidationMode c : SniValidationMode.values()) System.out.println(c);
public static SniValidationMode valueOf(String name)
name
- the name of the enum constant to be returned.IllegalArgumentException
- if this enum type has no constant with the specified nameNullPointerException
- if the argument is nullpublic static SniValidationMode fromString(String text)
public String getText()
public abstract boolean sniHostNameMatches(String expectedLogicalClusterId, Optional<String> suppliedClusterId, Optional<org.apache.kafka.common.security.authenticator.PathAwareSniHostName> sniHostName)
expectedLogicalClusterId
- The expected cluster Id, i.e. ground truth.suppliedClusterId
- The supplied cluster Id as parsed from SNI host name, so it will always start with `lkc-`.sniHostName
- The SNI host name supplied by the clients.