public interface TlsCertificateOrBuilder
extends com.google.protobuf.MessageOrBuilder
| Modifier and Type | Method and Description |
|---|---|
DataSource |
getCertificateChain()
The TLS certificate chain.
|
DataSourceOrBuilder |
getCertificateChainOrBuilder()
The TLS certificate chain.
|
DataSource |
getOcspStaple()
The OCSP response to be stapled with this certificate during the handshake.
|
DataSourceOrBuilder |
getOcspStapleOrBuilder()
The OCSP response to be stapled with this certificate during the handshake.
|
DataSource |
getPassword()
The password to decrypt the TLS private key.
|
DataSourceOrBuilder |
getPasswordOrBuilder()
The password to decrypt the TLS private key.
|
DataSource |
getPrivateKey()
The TLS private key.
|
DataSourceOrBuilder |
getPrivateKeyOrBuilder()
The TLS private key.
|
PrivateKeyProvider |
getPrivateKeyProvider()
BoringSSL private key method provider.
|
PrivateKeyProviderOrBuilder |
getPrivateKeyProviderOrBuilder()
BoringSSL private key method provider.
|
DataSource |
getSignedCertificateTimestamp(int index)
[#not-implemented-hide:]
repeated .envoy.config.core.v3.DataSource signed_certificate_timestamp = 5; |
int |
getSignedCertificateTimestampCount()
[#not-implemented-hide:]
repeated .envoy.config.core.v3.DataSource signed_certificate_timestamp = 5; |
List<DataSource> |
getSignedCertificateTimestampList()
[#not-implemented-hide:]
repeated .envoy.config.core.v3.DataSource signed_certificate_timestamp = 5; |
DataSourceOrBuilder |
getSignedCertificateTimestampOrBuilder(int index)
[#not-implemented-hide:]
repeated .envoy.config.core.v3.DataSource signed_certificate_timestamp = 5; |
List<? extends DataSourceOrBuilder> |
getSignedCertificateTimestampOrBuilderList()
[#not-implemented-hide:]
repeated .envoy.config.core.v3.DataSource signed_certificate_timestamp = 5; |
WatchedDirectory |
getWatchedDirectory()
If specified, updates of file-based *certificate_chain* and *private_key*
sources will be triggered by this watch.
|
WatchedDirectoryOrBuilder |
getWatchedDirectoryOrBuilder()
If specified, updates of file-based *certificate_chain* and *private_key*
sources will be triggered by this watch.
|
boolean |
hasCertificateChain()
The TLS certificate chain.
|
boolean |
hasOcspStaple()
The OCSP response to be stapled with this certificate during the handshake.
|
boolean |
hasPassword()
The password to decrypt the TLS private key.
|
boolean |
hasPrivateKey()
The TLS private key.
|
boolean |
hasPrivateKeyProvider()
BoringSSL private key method provider.
|
boolean |
hasWatchedDirectory()
If specified, updates of file-based *certificate_chain* and *private_key*
sources will be triggered by this watch.
|
findInitializationErrors, getAllFields, getDefaultInstanceForType, getDescriptorForType, getField, getInitializationErrorString, getOneofFieldDescriptor, getRepeatedField, getRepeatedFieldCount, getUnknownFields, hasField, hasOneofboolean hasCertificateChain()
The TLS certificate chain. If *certificate_chain* is a filesystem path, a watch will be added to the parent directory for any file moves to support rotation. This currently only applies to dynamic secrets, when the *TlsCertificate* is delivered via SDS.
.envoy.config.core.v3.DataSource certificate_chain = 1;DataSource getCertificateChain()
The TLS certificate chain. If *certificate_chain* is a filesystem path, a watch will be added to the parent directory for any file moves to support rotation. This currently only applies to dynamic secrets, when the *TlsCertificate* is delivered via SDS.
.envoy.config.core.v3.DataSource certificate_chain = 1;DataSourceOrBuilder getCertificateChainOrBuilder()
The TLS certificate chain. If *certificate_chain* is a filesystem path, a watch will be added to the parent directory for any file moves to support rotation. This currently only applies to dynamic secrets, when the *TlsCertificate* is delivered via SDS.
.envoy.config.core.v3.DataSource certificate_chain = 1;boolean hasPrivateKey()
The TLS private key. If *private_key* is a filesystem path, a watch will be added to the parent directory for any file moves to support rotation. This currently only applies to dynamic secrets, when the *TlsCertificate* is delivered via SDS.
.envoy.config.core.v3.DataSource private_key = 2 [(.udpa.annotations.sensitive) = true];DataSource getPrivateKey()
The TLS private key. If *private_key* is a filesystem path, a watch will be added to the parent directory for any file moves to support rotation. This currently only applies to dynamic secrets, when the *TlsCertificate* is delivered via SDS.
.envoy.config.core.v3.DataSource private_key = 2 [(.udpa.annotations.sensitive) = true];DataSourceOrBuilder getPrivateKeyOrBuilder()
The TLS private key. If *private_key* is a filesystem path, a watch will be added to the parent directory for any file moves to support rotation. This currently only applies to dynamic secrets, when the *TlsCertificate* is delivered via SDS.
.envoy.config.core.v3.DataSource private_key = 2 [(.udpa.annotations.sensitive) = true];boolean hasWatchedDirectory()
If specified, updates of file-based *certificate_chain* and *private_key* sources will be triggered by this watch. The certificate/key pair will be read together and validated for atomic read consistency (i.e. no intervening modification occurred between cert/key read, verified by file hash comparisons). This allows explicit control over the path watched, by default the parent directories of the filesystem paths in *certificate_chain* and *private_key* are watched if this field is not specified. This only applies when a *TlsCertificate* is delivered by SDS with references to filesystem paths. See the :ref:`SDS key rotation <sds_key_rotation>` documentation for further details.
.envoy.config.core.v3.WatchedDirectory watched_directory = 7;WatchedDirectory getWatchedDirectory()
If specified, updates of file-based *certificate_chain* and *private_key* sources will be triggered by this watch. The certificate/key pair will be read together and validated for atomic read consistency (i.e. no intervening modification occurred between cert/key read, verified by file hash comparisons). This allows explicit control over the path watched, by default the parent directories of the filesystem paths in *certificate_chain* and *private_key* are watched if this field is not specified. This only applies when a *TlsCertificate* is delivered by SDS with references to filesystem paths. See the :ref:`SDS key rotation <sds_key_rotation>` documentation for further details.
.envoy.config.core.v3.WatchedDirectory watched_directory = 7;WatchedDirectoryOrBuilder getWatchedDirectoryOrBuilder()
If specified, updates of file-based *certificate_chain* and *private_key* sources will be triggered by this watch. The certificate/key pair will be read together and validated for atomic read consistency (i.e. no intervening modification occurred between cert/key read, verified by file hash comparisons). This allows explicit control over the path watched, by default the parent directories of the filesystem paths in *certificate_chain* and *private_key* are watched if this field is not specified. This only applies when a *TlsCertificate* is delivered by SDS with references to filesystem paths. See the :ref:`SDS key rotation <sds_key_rotation>` documentation for further details.
.envoy.config.core.v3.WatchedDirectory watched_directory = 7;boolean hasPrivateKeyProvider()
BoringSSL private key method provider. This is an alternative to :ref:`private_key <envoy_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>` field. This can't be marked as ``oneof`` due to API compatibility reasons. Setting both :ref:`private_key <envoy_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>` and :ref:`private_key_provider <envoy_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key_provider>` fields will result in an error.
.envoy.extensions.transport_sockets.tls.v3.PrivateKeyProvider private_key_provider = 6;PrivateKeyProvider getPrivateKeyProvider()
BoringSSL private key method provider. This is an alternative to :ref:`private_key <envoy_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>` field. This can't be marked as ``oneof`` due to API compatibility reasons. Setting both :ref:`private_key <envoy_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>` and :ref:`private_key_provider <envoy_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key_provider>` fields will result in an error.
.envoy.extensions.transport_sockets.tls.v3.PrivateKeyProvider private_key_provider = 6;PrivateKeyProviderOrBuilder getPrivateKeyProviderOrBuilder()
BoringSSL private key method provider. This is an alternative to :ref:`private_key <envoy_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>` field. This can't be marked as ``oneof`` due to API compatibility reasons. Setting both :ref:`private_key <envoy_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>` and :ref:`private_key_provider <envoy_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key_provider>` fields will result in an error.
.envoy.extensions.transport_sockets.tls.v3.PrivateKeyProvider private_key_provider = 6;boolean hasPassword()
The password to decrypt the TLS private key. If this field is not set, it is assumed that the TLS private key is not password encrypted.
.envoy.config.core.v3.DataSource password = 3 [(.udpa.annotations.sensitive) = true];DataSource getPassword()
The password to decrypt the TLS private key. If this field is not set, it is assumed that the TLS private key is not password encrypted.
.envoy.config.core.v3.DataSource password = 3 [(.udpa.annotations.sensitive) = true];DataSourceOrBuilder getPasswordOrBuilder()
The password to decrypt the TLS private key. If this field is not set, it is assumed that the TLS private key is not password encrypted.
.envoy.config.core.v3.DataSource password = 3 [(.udpa.annotations.sensitive) = true];boolean hasOcspStaple()
The OCSP response to be stapled with this certificate during the handshake. The response must be DER-encoded and may only be provided via ``filename`` or ``inline_bytes``. The response may pertain to only one certificate.
.envoy.config.core.v3.DataSource ocsp_staple = 4;DataSource getOcspStaple()
The OCSP response to be stapled with this certificate during the handshake. The response must be DER-encoded and may only be provided via ``filename`` or ``inline_bytes``. The response may pertain to only one certificate.
.envoy.config.core.v3.DataSource ocsp_staple = 4;DataSourceOrBuilder getOcspStapleOrBuilder()
The OCSP response to be stapled with this certificate during the handshake. The response must be DER-encoded and may only be provided via ``filename`` or ``inline_bytes``. The response may pertain to only one certificate.
.envoy.config.core.v3.DataSource ocsp_staple = 4;List<DataSource> getSignedCertificateTimestampList()
[#not-implemented-hide:]
repeated .envoy.config.core.v3.DataSource signed_certificate_timestamp = 5;DataSource getSignedCertificateTimestamp(int index)
[#not-implemented-hide:]
repeated .envoy.config.core.v3.DataSource signed_certificate_timestamp = 5;int getSignedCertificateTimestampCount()
[#not-implemented-hide:]
repeated .envoy.config.core.v3.DataSource signed_certificate_timestamp = 5;List<? extends DataSourceOrBuilder> getSignedCertificateTimestampOrBuilderList()
[#not-implemented-hide:]
repeated .envoy.config.core.v3.DataSource signed_certificate_timestamp = 5;DataSourceOrBuilder getSignedCertificateTimestampOrBuilder(int index)
[#not-implemented-hide:]
repeated .envoy.config.core.v3.DataSource signed_certificate_timestamp = 5;Copyright © 2018–2021 The Envoy Project. All rights reserved.