io.confluent.security.auth.mtls

Class DefaultMTlsTruststoreManager

java.lang.Object

io.confluent.security.auth.mtls.DefaultMTlsTruststoreManager

All Implemented Interfaces:

Closeable, AutoCloseable, org.apache.kafka.common.Configurable, org.apache.kafka.common.security.mtls.MTlsTruststoreManager, org.apache.kafka.common.utils.FileWatchService.Listener

public class DefaultMTlsTruststoreManager
extends Object
implements org.apache.kafka.common.security.mtls.MTlsTruststoreManager, org.apache.kafka.common.utils.FileWatchService.Listener

Default implementation of MTlsTruststoreManager that manages CA certificates in a truststore file.

This can also remove expired certificates from the truststore file to keep the truststore clean.

Field Summary

Fields

Modifier and Type	Field and Description
static String	ALIAS_SEPARATOR

Constructor Summary

Constructors

Constructor and Description
DefaultMTlsTruststoreManager()

Method Summary

Modifier and Type	Method and Description
void	addCertificates(String orgId, String providerId, X509Certificate[] certificates)
void	close()
void	configure(Map<String,?> configs)
File	file()
static String	generateUniqueAlias(X509Certificate certificate, String providerId, String orgId)
void	onInit()
void	onUpdate()
void	removeCertificates(String organizationId, String providerId)
void	removeCertificates(String orgId, String providerId, X509Certificate[] certificates)
void	setAdminSupplierAndCreateClient(Supplier<org.apache.kafka.clients.admin.AdminClient> adminClientSupplier) When using this class in a Kafka broker, the AdminClient instance is required to update the broker's dynamic SSL truststore configuration.

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

ALIAS_SEPARATOR

public static final String ALIAS_SEPARATOR

Constructor Detail

DefaultMTlsTruststoreManager

public DefaultMTlsTruststoreManager()

Method Detail

configure

public void configure(Map<String,?> configs)

Specified by:

configure in interface org.apache.kafka.common.Configurable

Specified by:

configure in interface org.apache.kafka.common.security.mtls.MTlsTruststoreManager

addCertificates

public void addCertificates(String orgId,
                            String providerId,
                            X509Certificate[] certificates)

Specified by:

addCertificates in interface org.apache.kafka.common.security.mtls.MTlsTruststoreManager

removeCertificates

public void removeCertificates(String orgId,
                               String providerId,
                               X509Certificate[] certificates)

Specified by:

removeCertificates in interface org.apache.kafka.common.security.mtls.MTlsTruststoreManager

removeCertificates

public void removeCertificates(String organizationId,
                               String providerId)

Specified by:

removeCertificates in interface org.apache.kafka.common.security.mtls.MTlsTruststoreManager

close

public void close()
           throws IOException

Specified by:

close in interface Closeable

Specified by:

close in interface AutoCloseable

Specified by:

close in interface org.apache.kafka.common.security.mtls.MTlsTruststoreManager

Throws:

IOException

setAdminSupplierAndCreateClient

public void setAdminSupplierAndCreateClient(Supplier<org.apache.kafka.clients.admin.AdminClient> adminClientSupplier)

When using this class in a Kafka broker, the AdminClient instance is required to update the broker's dynamic SSL truststore configuration. This method allows setting a supplier for creating the AdminClient on demand.

file

public File file()

Specified by:

file in interface org.apache.kafka.common.utils.FileWatchService.Listener

onInit

public void onInit()

Specified by:

onInit in interface org.apache.kafka.common.utils.FileWatchService.Listener

onUpdate

public void onUpdate()

Specified by:

onUpdate in interface org.apache.kafka.common.utils.FileWatchService.Listener

generateUniqueAlias

public static String generateUniqueAlias(X509Certificate certificate,
                                         String providerId,
                                         String orgId)