Package io.envoyproxy.envoy.api.v2.auth

Interface CommonTlsContextOrBuilder

  • All Superinterfaces:
    com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder
    All Known Implementing Classes:
    CommonTlsContext, CommonTlsContext.Builder
    public interface CommonTlsContextOrBuilder
extends com.google.protobuf.MessageOrBuilder

    • Method Detail

      • hasTlsParams

        boolean hasTlsParams()
         TLS protocol versions, cipher suites etc.
        .envoy.api.v2.auth.TlsParameters tls_params = 1;
        Returns:
        Whether the tlsParams field is set.

      • getTlsParams

        TlsParameters getTlsParams()
         TLS protocol versions, cipher suites etc.
        .envoy.api.v2.auth.TlsParameters tls_params = 1;
        Returns:
        The tlsParams.

      • getTlsParamsOrBuilder

        TlsParametersOrBuilder getTlsParamsOrBuilder()
         TLS protocol versions, cipher suites etc.
        .envoy.api.v2.auth.TlsParameters tls_params = 1;

      • getTlsCertificatesList

        List<TlsCertificate> getTlsCertificatesList()
         :ref:`Multiple TLS certificates <arch_overview_ssl_cert_select>` can be associated with the
 same context to allow both RSA and ECDSA certificates.
 Only a single TLS certificate is supported in client contexts. In server contexts, the first
 RSA certificate is used for clients that only support RSA and the first ECDSA certificate is
 used for clients that support ECDSA.
        repeated .envoy.api.v2.auth.TlsCertificate tls_certificates = 2;

      • getTlsCertificates

        TlsCertificate getTlsCertificates​(int index)
         :ref:`Multiple TLS certificates <arch_overview_ssl_cert_select>` can be associated with the
 same context to allow both RSA and ECDSA certificates.
 Only a single TLS certificate is supported in client contexts. In server contexts, the first
 RSA certificate is used for clients that only support RSA and the first ECDSA certificate is
 used for clients that support ECDSA.
        repeated .envoy.api.v2.auth.TlsCertificate tls_certificates = 2;

      • getTlsCertificatesCount

        int getTlsCertificatesCount()
         :ref:`Multiple TLS certificates <arch_overview_ssl_cert_select>` can be associated with the
 same context to allow both RSA and ECDSA certificates.
 Only a single TLS certificate is supported in client contexts. In server contexts, the first
 RSA certificate is used for clients that only support RSA and the first ECDSA certificate is
 used for clients that support ECDSA.
        repeated .envoy.api.v2.auth.TlsCertificate tls_certificates = 2;

      • getTlsCertificatesOrBuilderList

        List<? extends TlsCertificateOrBuilder> getTlsCertificatesOrBuilderList()
         :ref:`Multiple TLS certificates <arch_overview_ssl_cert_select>` can be associated with the
 same context to allow both RSA and ECDSA certificates.
 Only a single TLS certificate is supported in client contexts. In server contexts, the first
 RSA certificate is used for clients that only support RSA and the first ECDSA certificate is
 used for clients that support ECDSA.
        repeated .envoy.api.v2.auth.TlsCertificate tls_certificates = 2;

      • getTlsCertificatesOrBuilder

        TlsCertificateOrBuilder getTlsCertificatesOrBuilder​(int index)
         :ref:`Multiple TLS certificates <arch_overview_ssl_cert_select>` can be associated with the
 same context to allow both RSA and ECDSA certificates.
 Only a single TLS certificate is supported in client contexts. In server contexts, the first
 RSA certificate is used for clients that only support RSA and the first ECDSA certificate is
 used for clients that support ECDSA.
        repeated .envoy.api.v2.auth.TlsCertificate tls_certificates = 2;

      • getTlsCertificateSdsSecretConfigsList

        List<SdsSecretConfig> getTlsCertificateSdsSecretConfigsList()
         Configs for fetching TLS certificates via SDS API.
        repeated .envoy.api.v2.auth.SdsSecretConfig tls_certificate_sds_secret_configs = 6 [(.validate.rules) = { ... }

      • getTlsCertificateSdsSecretConfigs

        SdsSecretConfig getTlsCertificateSdsSecretConfigs​(int index)
         Configs for fetching TLS certificates via SDS API.
        repeated .envoy.api.v2.auth.SdsSecretConfig tls_certificate_sds_secret_configs = 6 [(.validate.rules) = { ... }

      • getTlsCertificateSdsSecretConfigsCount

        int getTlsCertificateSdsSecretConfigsCount()
         Configs for fetching TLS certificates via SDS API.
        repeated .envoy.api.v2.auth.SdsSecretConfig tls_certificate_sds_secret_configs = 6 [(.validate.rules) = { ... }

      • getTlsCertificateSdsSecretConfigsOrBuilderList

        List<? extends SdsSecretConfigOrBuilder> getTlsCertificateSdsSecretConfigsOrBuilderList()
         Configs for fetching TLS certificates via SDS API.
        repeated .envoy.api.v2.auth.SdsSecretConfig tls_certificate_sds_secret_configs = 6 [(.validate.rules) = { ... }

      • getTlsCertificateSdsSecretConfigsOrBuilder

        SdsSecretConfigOrBuilder getTlsCertificateSdsSecretConfigsOrBuilder​(int index)
         Configs for fetching TLS certificates via SDS API.
        repeated .envoy.api.v2.auth.SdsSecretConfig tls_certificate_sds_secret_configs = 6 [(.validate.rules) = { ... }

      • hasValidationContext

        boolean hasValidationContext()
         How to validate peer certificates.
        .envoy.api.v2.auth.CertificateValidationContext validation_context = 3;
        Returns:
        Whether the validationContext field is set.

      • getValidationContext

        CertificateValidationContext getValidationContext()
         How to validate peer certificates.
        .envoy.api.v2.auth.CertificateValidationContext validation_context = 3;
        Returns:
        The validationContext.

      • getValidationContextOrBuilder

        CertificateValidationContextOrBuilder getValidationContextOrBuilder()
         How to validate peer certificates.
        .envoy.api.v2.auth.CertificateValidationContext validation_context = 3;

      • hasValidationContextSdsSecretConfig

        boolean hasValidationContextSdsSecretConfig()
         Config for fetching validation context via SDS API.
        .envoy.api.v2.auth.SdsSecretConfig validation_context_sds_secret_config = 7;
        Returns:
        Whether the validationContextSdsSecretConfig field is set.

      • getValidationContextSdsSecretConfig

        SdsSecretConfig getValidationContextSdsSecretConfig()
         Config for fetching validation context via SDS API.
        .envoy.api.v2.auth.SdsSecretConfig validation_context_sds_secret_config = 7;
        Returns:
        The validationContextSdsSecretConfig.

      • getValidationContextSdsSecretConfigOrBuilder

        SdsSecretConfigOrBuilder getValidationContextSdsSecretConfigOrBuilder()
         Config for fetching validation context via SDS API.
        .envoy.api.v2.auth.SdsSecretConfig validation_context_sds_secret_config = 7;

      • hasCombinedValidationContext

        boolean hasCombinedValidationContext()
         Combined certificate validation context holds a default CertificateValidationContext
 and SDS config. When SDS server returns dynamic CertificateValidationContext, both dynamic
 and default CertificateValidationContext are merged into a new CertificateValidationContext
 for validation. This merge is done by Message::MergeFrom(), so dynamic
 CertificateValidationContext overwrites singular fields in default
 CertificateValidationContext, and concatenates repeated fields to default
 CertificateValidationContext, and logical OR is applied to boolean fields.
        .envoy.api.v2.auth.CommonTlsContext.CombinedCertificateValidationContext combined_validation_context = 8;
        Returns:
        Whether the combinedValidationContext field is set.

      • getCombinedValidationContext

        CommonTlsContext.CombinedCertificateValidationContext getCombinedValidationContext()
         Combined certificate validation context holds a default CertificateValidationContext
 and SDS config. When SDS server returns dynamic CertificateValidationContext, both dynamic
 and default CertificateValidationContext are merged into a new CertificateValidationContext
 for validation. This merge is done by Message::MergeFrom(), so dynamic
 CertificateValidationContext overwrites singular fields in default
 CertificateValidationContext, and concatenates repeated fields to default
 CertificateValidationContext, and logical OR is applied to boolean fields.
        .envoy.api.v2.auth.CommonTlsContext.CombinedCertificateValidationContext combined_validation_context = 8;
        Returns:
        The combinedValidationContext.

      • getCombinedValidationContextOrBuilder

        CommonTlsContext.CombinedCertificateValidationContextOrBuilder getCombinedValidationContextOrBuilder()
         Combined certificate validation context holds a default CertificateValidationContext
 and SDS config. When SDS server returns dynamic CertificateValidationContext, both dynamic
 and default CertificateValidationContext are merged into a new CertificateValidationContext
 for validation. This merge is done by Message::MergeFrom(), so dynamic
 CertificateValidationContext overwrites singular fields in default
 CertificateValidationContext, and concatenates repeated fields to default
 CertificateValidationContext, and logical OR is applied to boolean fields.
        .envoy.api.v2.auth.CommonTlsContext.CombinedCertificateValidationContext combined_validation_context = 8;

      • getAlpnProtocolsList

        List<String> getAlpnProtocolsList()
         Supplies the list of ALPN protocols that the listener should expose. In
 practice this is likely to be set to one of two values (see the
 :ref:`codec_type
 <envoy_api_field_config.filter.network.http_connection_manager.v2.HttpConnectionManager.codec_type>`
 parameter in the HTTP connection manager for more information):
 * "h2,http/1.1" If the listener is going to support both HTTP/2 and HTTP/1.1.
 * "http/1.1" If the listener is only going to support HTTP/1.1.
 There is no default for this parameter. If empty, Envoy will not expose ALPN.
        repeated string alpn_protocols = 4;
        Returns:
        A list containing the alpnProtocols.

      • getAlpnProtocolsCount

        int getAlpnProtocolsCount()
         Supplies the list of ALPN protocols that the listener should expose. In
 practice this is likely to be set to one of two values (see the
 :ref:`codec_type
 <envoy_api_field_config.filter.network.http_connection_manager.v2.HttpConnectionManager.codec_type>`
 parameter in the HTTP connection manager for more information):
 * "h2,http/1.1" If the listener is going to support both HTTP/2 and HTTP/1.1.
 * "http/1.1" If the listener is only going to support HTTP/1.1.
 There is no default for this parameter. If empty, Envoy will not expose ALPN.
        repeated string alpn_protocols = 4;
        Returns:
        The count of alpnProtocols.

      • getAlpnProtocols

        String getAlpnProtocols​(int index)
         Supplies the list of ALPN protocols that the listener should expose. In
 practice this is likely to be set to one of two values (see the
 :ref:`codec_type
 <envoy_api_field_config.filter.network.http_connection_manager.v2.HttpConnectionManager.codec_type>`
 parameter in the HTTP connection manager for more information):
 * "h2,http/1.1" If the listener is going to support both HTTP/2 and HTTP/1.1.
 * "http/1.1" If the listener is only going to support HTTP/1.1.
 There is no default for this parameter. If empty, Envoy will not expose ALPN.
        repeated string alpn_protocols = 4;
        Parameters:
        index - The index of the element to return.
        Returns:
        The alpnProtocols at the given index.

      • getAlpnProtocolsBytes

        com.google.protobuf.ByteString getAlpnProtocolsBytes​(int index)
         Supplies the list of ALPN protocols that the listener should expose. In
 practice this is likely to be set to one of two values (see the
 :ref:`codec_type
 <envoy_api_field_config.filter.network.http_connection_manager.v2.HttpConnectionManager.codec_type>`
 parameter in the HTTP connection manager for more information):
 * "h2,http/1.1" If the listener is going to support both HTTP/2 and HTTP/1.1.
 * "http/1.1" If the listener is only going to support HTTP/1.1.
 There is no default for this parameter. If empty, Envoy will not expose ALPN.
        repeated string alpn_protocols = 4;
        Parameters:
        index - The index of the value to return.
        Returns:
        The bytes of the alpnProtocols at the given index.