Class ConfluentKeyManagerFactory

java.lang.Object
javax.net.ssl.KeyManagerFactorySpi
io.confluent.kafka.server.plugins.ssl.ConfluentKeyManagerFactory

public class ConfluentKeyManagerFactory extends KeyManagerFactorySpi
Factory for creating ConfluentKeyManager instances with support for dynamic configuration updates.

This factory reads configuration from ConfluentKeyProvider at KeyManager creation time (in engineGetKeyManagers()) rather than at factory construction time. This "lazy loading" design enables dynamic configuration support:

  • When dynamic configs (e.g., confluent.mtls.use.server.cert.for.client.auth.clientside.enabled) are updated, ConfluentKeyProvider.updateConfigs(Map) stores the new values
  • When a new KeyManager is needed (e.g., during SSL certificate reload), engineGetKeyManagers() reads the latest configs from the provider
  • The new ConfluentKeyManager instance is created with the updated config values

Why not read configs in constructor?

If we read configs only at construction time, any dynamic config updates made after the factory is created would not be picked up. By reading in engineGetKeyManagers(), we ensure each new KeyManager gets the latest configuration.

See Also:
  • Constructor Details

    • ConfluentKeyManagerFactory

      public ConfluentKeyManagerFactory()