Class ConfluentKeyProviderCreator

java.lang.Object
io.confluent.kafka.server.plugins.ssl.ConfluentKeyProviderCreator
All Implemented Interfaces:
org.apache.kafka.common.Configurable, org.apache.kafka.common.security.auth.SecurityProviderCreator

public class ConfluentKeyProviderCreator extends Object implements org.apache.kafka.common.security.auth.SecurityProviderCreator
Creates the ConfluentKeyProvider during broker startup and handles dynamic configuration updates.

This class is instantiated via reflection by SecurityUtils.addConfiguredSecurityProviders(). The provider is created once with initial configs. For dynamic config updates, the configure(Map) method is called again, which updates the existing provider's configuration via ConfluentKeyProvider.updateConfigs(Map).

ConfluentKeyProvider registers ConfluentKeyManagerFactory which creates ConfluentKeyManager for selecting client certificates during outbound mTLS connections (when the broker acts as a TLS client).

The provider only updates its configuration when the incoming configs contain client-side dynamic config keys (e.g., confluent.spire.clientside.validation.enabled). This ensures that only legitimate broker configuration updates modify the provider state.

See Also:
  • Constructor Details

    • ConfluentKeyProviderCreator

      public ConfluentKeyProviderCreator()
  • Method Details

    • getProvider

      public Provider getProvider()
      Specified by:
      getProvider in interface org.apache.kafka.common.security.auth.SecurityProviderCreator
    • configure

      public void configure(Map<String,?> configs)
      Specified by:
      configure in interface org.apache.kafka.common.Configurable
      Specified by:
      configure in interface org.apache.kafka.common.security.auth.SecurityProviderCreator