SslEngineBuilder

SslEngineBuilder is used to create a SSLEngine (for SslFactory that adds a reconfiguration layer atop).

SslEngineBuilder is created when SslFactory is requested to configure and reconfigure (indirectly via createNewSslEngineBuilder).

Tip	Enable `ALL` logging level for `org.apache.kafka.common.security.ssl.SslEngineBuilder` logger to see what happens inside. Add the following line to `config/log4j.properties`: `log4j.logger.org.apache.kafka.common.security.ssl.SslEngineBuilder=ALL` Refer to Logging.

Creating SslEngineBuilder Instance

SslEngineBuilder takes the following to be created:

Configuration properties

SslEngineBuilder initializes the internal properties.

SSL Key Store — `keystore` Internal Property

SecurityStore keystore

keystore is created (alongside SslEngineBuilder) based on the following configuration properties:

keystore is used…FIXME

SSL Trust Store — `truststore` Internal Property

SecurityStore truststore

Used when…FIXME

Creating SSLEngine — `createSslEngine` Method

SSLEngine createSslEngine(
  Mode mode,
  String peerHost,
  int peerPort,
  String endpointIdentification)

createSslEngine requests the SSLContext to create a new Java SSLEngine (for the advisory peer information, i.e. peerHost and peerPort) that is configured using…FIXME

If enabled cipher suites and enabled protocol versions are configured, createSslEngine requests the SSLEngine to use them.

For SERVER mode, createSslEngine requests the SSLEngine to be in the server mode and configures it for client authentication based on the SslClientAuth:

REQUIRED for client authentication required
REQUESTED for client authentication requested (optional client authentication)
NONE for no client authentication

For CLIENT mode, createSslEngine requests the SSLEngine to be in the client mode and sets the endpoint identification algorithm (to prevent man-in-the-middle attacks) based on the given endpointIdentification.

Note	`createSslEngine` is used when: `SslFactory` is requested to createSslEngine `SslEngineValidator` is requested to `createSslEngineForValidation`

`createKeystore` Internal Utility

SecurityStore createKeystore(
  String type,
  String path,
  Password password,
  Password keyPassword)

createKeystore…FIXME

Note	`createKeystore` is used when `SslEngineBuilder` is created.

`createTruststore` Internal Utility

SecurityStore createTruststore(
  String type,
  String path,
  Password password)

createTruststore…FIXME

Note	`createTruststore` is used when `SslEngineBuilder` is created.

`createSSLContext` Internal Method

SSLContext createSSLContext()

createSSLContext…FIXME

Note	`createSSLContext` is used when `SslEngineBuilder` is created.

Internal Properties

Name Description

Name	Description
`cipherSuites`	Enabled cipher suites to use on a SSLEngine.
`enabledProtocols`	Enabled protocol versions to use on a SSLEngine.
`sslClientAuth`	Client authentication (`SslClientAuth`)
`sslContext`	Java’s SSLContext

cipherSuites

Enabled cipher suites to use on a SSLEngine.

enabledProtocols

Enabled protocol versions to use on a SSLEngine.

sslClientAuth

Client authentication (SslClientAuth)

sslContext

Java’s SSLContext

SslEngineBuilder