Class ConfluentKeyManagerFactory
java.lang.Object
javax.net.ssl.KeyManagerFactorySpi
io.confluent.kafka.server.plugins.ssl.ConfluentKeyManagerFactory
Factory for creating
ConfluentKeyManager instances with support for dynamic
configuration updates.
This factory reads configuration from ConfluentKeyProvider at KeyManager
creation time (in engineGetKeyManagers()) rather than at factory construction
time. This "lazy loading" design enables dynamic configuration support:
- When dynamic configs (e.g.,
confluent.mtls.use.server.cert.for.client.auth.clientside.enabled) are updated,ConfluentKeyProvider.updateConfigs(Map)stores the new values - When a new KeyManager is needed (e.g., during SSL certificate reload),
engineGetKeyManagers()reads the latest configs from the provider - The new
ConfluentKeyManagerinstance is created with the updated config values
Why not read configs in constructor?
If we read configs only at construction time, any dynamic config updates made after
the factory is created would not be picked up. By reading in engineGetKeyManagers(),
we ensure each new KeyManager gets the latest configuration.
- See Also:
-
Constructor Summary
Constructors -
Method Summary
-
Constructor Details
-
ConfluentKeyManagerFactory
public ConfluentKeyManagerFactory()
-