Package io.envoyproxy.envoy.extensions.transport_sockets.tls.v3

Class DownstreamTlsContext

  • All Implemented Interfaces:
    com.google.protobuf.Message, com.google.protobuf.MessageLite, com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder, DownstreamTlsContextOrBuilder, Serializable
    public final class DownstreamTlsContext
extends com.google.protobuf.GeneratedMessageV3
implements DownstreamTlsContextOrBuilder
     [#next-free-field: 9]
    Protobuf type envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext
    See Also:
    Serialized Form

    • Field Detail

      • COMMON_TLS_CONTEXT_FIELD_NUMBER

        public static final int COMMON_TLS_CONTEXT_FIELD_NUMBER
        See Also:
        Constant Field Values

      • REQUIRE_CLIENT_CERTIFICATE_FIELD_NUMBER

        public static final int REQUIRE_CLIENT_CERTIFICATE_FIELD_NUMBER
        See Also:
        Constant Field Values

      • REQUIRE_SNI_FIELD_NUMBER

        public static final int REQUIRE_SNI_FIELD_NUMBER
        See Also:
        Constant Field Values

      • SESSION_TICKET_KEYS_FIELD_NUMBER

        public static final int SESSION_TICKET_KEYS_FIELD_NUMBER
        See Also:
        Constant Field Values

      • SESSION_TICKET_KEYS_SDS_SECRET_CONFIG_FIELD_NUMBER

        public static final int SESSION_TICKET_KEYS_SDS_SECRET_CONFIG_FIELD_NUMBER
        See Also:
        Constant Field Values

      • DISABLE_STATELESS_SESSION_RESUMPTION_FIELD_NUMBER

        public static final int DISABLE_STATELESS_SESSION_RESUMPTION_FIELD_NUMBER
        See Also:
        Constant Field Values

      • SESSION_TIMEOUT_FIELD_NUMBER

        public static final int SESSION_TIMEOUT_FIELD_NUMBER
        See Also:
        Constant Field Values

      • OCSP_STAPLE_POLICY_FIELD_NUMBER

        public static final int OCSP_STAPLE_POLICY_FIELD_NUMBER
        See Also:
        Constant Field Values

    • Method Detail

      • newInstance

        protected Object newInstance​(com.google.protobuf.GeneratedMessageV3.UnusedPrivateParameter unused)
        Overrides:
        newInstance in class com.google.protobuf.GeneratedMessageV3

      • getUnknownFields

        public final com.google.protobuf.UnknownFieldSet getUnknownFields()
        Specified by:
        getUnknownFields in interface com.google.protobuf.MessageOrBuilder
        Overrides:
        getUnknownFields in class com.google.protobuf.GeneratedMessageV3

      • getDescriptor

        public static final com.google.protobuf.Descriptors.Descriptor getDescriptor()

      • internalGetFieldAccessorTable

        protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()
        Specified by:
        internalGetFieldAccessorTable in class com.google.protobuf.GeneratedMessageV3

      • hasCommonTlsContext

        public boolean hasCommonTlsContext()
         Common TLS context settings.
        .envoy.extensions.transport_sockets.tls.v3.CommonTlsContext common_tls_context = 1;
        Specified by:
        hasCommonTlsContext in interface DownstreamTlsContextOrBuilder
        Returns:
        Whether the commonTlsContext field is set.

      • hasRequireClientCertificate

        public boolean hasRequireClientCertificate()
         If specified, Envoy will reject connections without a valid client
 certificate.
        .google.protobuf.BoolValue require_client_certificate = 2;
        Specified by:
        hasRequireClientCertificate in interface DownstreamTlsContextOrBuilder
        Returns:
        Whether the requireClientCertificate field is set.

      • getRequireClientCertificate

        public com.google.protobuf.BoolValue getRequireClientCertificate()
         If specified, Envoy will reject connections without a valid client
 certificate.
        .google.protobuf.BoolValue require_client_certificate = 2;
        Specified by:
        getRequireClientCertificate in interface DownstreamTlsContextOrBuilder
        Returns:
        The requireClientCertificate.

      • getRequireClientCertificateOrBuilder

        public com.google.protobuf.BoolValueOrBuilder getRequireClientCertificateOrBuilder()
         If specified, Envoy will reject connections without a valid client
 certificate.
        .google.protobuf.BoolValue require_client_certificate = 2;
        Specified by:
        getRequireClientCertificateOrBuilder in interface DownstreamTlsContextOrBuilder

      • hasRequireSni

        public boolean hasRequireSni()
         If specified, Envoy will reject connections without a valid and matching SNI.
 [#not-implemented-hide:]
        .google.protobuf.BoolValue require_sni = 3;
        Specified by:
        hasRequireSni in interface DownstreamTlsContextOrBuilder
        Returns:
        Whether the requireSni field is set.

      • getRequireSni

        public com.google.protobuf.BoolValue getRequireSni()
         If specified, Envoy will reject connections without a valid and matching SNI.
 [#not-implemented-hide:]
        .google.protobuf.BoolValue require_sni = 3;
        Specified by:
        getRequireSni in interface DownstreamTlsContextOrBuilder
        Returns:
        The requireSni.

      • getRequireSniOrBuilder

        public com.google.protobuf.BoolValueOrBuilder getRequireSniOrBuilder()
         If specified, Envoy will reject connections without a valid and matching SNI.
 [#not-implemented-hide:]
        .google.protobuf.BoolValue require_sni = 3;
        Specified by:
        getRequireSniOrBuilder in interface DownstreamTlsContextOrBuilder

      • hasSessionTicketKeys

        public boolean hasSessionTicketKeys()
         TLS session ticket key settings.
        .envoy.extensions.transport_sockets.tls.v3.TlsSessionTicketKeys session_ticket_keys = 4;
        Specified by:
        hasSessionTicketKeys in interface DownstreamTlsContextOrBuilder
        Returns:
        Whether the sessionTicketKeys field is set.

      • hasSessionTicketKeysSdsSecretConfig

        public boolean hasSessionTicketKeysSdsSecretConfig()
         Config for fetching TLS session ticket keys via SDS API.
        .envoy.extensions.transport_sockets.tls.v3.SdsSecretConfig session_ticket_keys_sds_secret_config = 5;
        Specified by:
        hasSessionTicketKeysSdsSecretConfig in interface DownstreamTlsContextOrBuilder
        Returns:
        Whether the sessionTicketKeysSdsSecretConfig field is set.

      • getSessionTicketKeysSdsSecretConfig

        public SdsSecretConfig getSessionTicketKeysSdsSecretConfig()
         Config for fetching TLS session ticket keys via SDS API.
        .envoy.extensions.transport_sockets.tls.v3.SdsSecretConfig session_ticket_keys_sds_secret_config = 5;
        Specified by:
        getSessionTicketKeysSdsSecretConfig in interface DownstreamTlsContextOrBuilder
        Returns:
        The sessionTicketKeysSdsSecretConfig.

      • hasDisableStatelessSessionResumption

        public boolean hasDisableStatelessSessionResumption()
         Config for controlling stateless TLS session resumption: setting this to true will cause the TLS
 server to not issue TLS session tickets for the purposes of stateless TLS session resumption.
 If set to false, the TLS server will issue TLS session tickets and encrypt/decrypt them using
 the keys specified through either :ref:`session_ticket_keys <envoy_v3_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.session_ticket_keys>`
 or :ref:`session_ticket_keys_sds_secret_config <envoy_v3_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.session_ticket_keys_sds_secret_config>`.
 If this config is set to false and no keys are explicitly configured, the TLS server will issue
 TLS session tickets and encrypt/decrypt them using an internally-generated and managed key, with the
 implication that sessions cannot be resumed across hot restarts or on different hosts.
        bool disable_stateless_session_resumption = 7;
        Specified by:
        hasDisableStatelessSessionResumption in interface DownstreamTlsContextOrBuilder
        Returns:
        Whether the disableStatelessSessionResumption field is set.

      • getDisableStatelessSessionResumption

        public boolean getDisableStatelessSessionResumption()
         Config for controlling stateless TLS session resumption: setting this to true will cause the TLS
 server to not issue TLS session tickets for the purposes of stateless TLS session resumption.
 If set to false, the TLS server will issue TLS session tickets and encrypt/decrypt them using
 the keys specified through either :ref:`session_ticket_keys <envoy_v3_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.session_ticket_keys>`
 or :ref:`session_ticket_keys_sds_secret_config <envoy_v3_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.session_ticket_keys_sds_secret_config>`.
 If this config is set to false and no keys are explicitly configured, the TLS server will issue
 TLS session tickets and encrypt/decrypt them using an internally-generated and managed key, with the
 implication that sessions cannot be resumed across hot restarts or on different hosts.
        bool disable_stateless_session_resumption = 7;
        Specified by:
        getDisableStatelessSessionResumption in interface DownstreamTlsContextOrBuilder
        Returns:
        The disableStatelessSessionResumption.

      • hasSessionTimeout

        public boolean hasSessionTimeout()
         If specified, ``session_timeout`` will change the maximum lifetime (in seconds) of the TLS session.
 Currently this value is used as a hint for the `TLS session ticket lifetime (for TLSv1.2) <https://tools.ietf.org/html/rfc5077#section-5.6>`_.
 Only seconds can be specified (fractional seconds are ignored).
        .google.protobuf.Duration session_timeout = 6 [(.validate.rules) = { ... }
        Specified by:
        hasSessionTimeout in interface DownstreamTlsContextOrBuilder
        Returns:
        Whether the sessionTimeout field is set.

      • getSessionTimeout

        public com.google.protobuf.Duration getSessionTimeout()
         If specified, ``session_timeout`` will change the maximum lifetime (in seconds) of the TLS session.
 Currently this value is used as a hint for the `TLS session ticket lifetime (for TLSv1.2) <https://tools.ietf.org/html/rfc5077#section-5.6>`_.
 Only seconds can be specified (fractional seconds are ignored).
        .google.protobuf.Duration session_timeout = 6 [(.validate.rules) = { ... }
        Specified by:
        getSessionTimeout in interface DownstreamTlsContextOrBuilder
        Returns:
        The sessionTimeout.

      • getSessionTimeoutOrBuilder

        public com.google.protobuf.DurationOrBuilder getSessionTimeoutOrBuilder()
         If specified, ``session_timeout`` will change the maximum lifetime (in seconds) of the TLS session.
 Currently this value is used as a hint for the `TLS session ticket lifetime (for TLSv1.2) <https://tools.ietf.org/html/rfc5077#section-5.6>`_.
 Only seconds can be specified (fractional seconds are ignored).
        .google.protobuf.Duration session_timeout = 6 [(.validate.rules) = { ... }
        Specified by:
        getSessionTimeoutOrBuilder in interface DownstreamTlsContextOrBuilder

      • getOcspStaplePolicyValue

        public int getOcspStaplePolicyValue()
         Config for whether to use certificates if they do not have
 an accompanying OCSP response or if the response expires at runtime.
 Defaults to LENIENT_STAPLING
        .envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext.OcspStaplePolicy ocsp_staple_policy = 8 [(.validate.rules) = { ... }
        Specified by:
        getOcspStaplePolicyValue in interface DownstreamTlsContextOrBuilder
        Returns:
        The enum numeric value on the wire for ocspStaplePolicy.

      • getOcspStaplePolicy

        public DownstreamTlsContext.OcspStaplePolicy getOcspStaplePolicy()
         Config for whether to use certificates if they do not have
 an accompanying OCSP response or if the response expires at runtime.
 Defaults to LENIENT_STAPLING
        .envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext.OcspStaplePolicy ocsp_staple_policy = 8 [(.validate.rules) = { ... }
        Specified by:
        getOcspStaplePolicy in interface DownstreamTlsContextOrBuilder
        Returns:
        The ocspStaplePolicy.

      • isInitialized

        public final boolean isInitialized()
        Specified by:
        isInitialized in interface com.google.protobuf.MessageLiteOrBuilder
        Overrides:
        isInitialized in class com.google.protobuf.GeneratedMessageV3

      • writeTo

        public void writeTo​(com.google.protobuf.CodedOutputStream output)
             throws IOException
        Specified by:
        writeTo in interface com.google.protobuf.MessageLite
        Overrides:
        writeTo in class com.google.protobuf.GeneratedMessageV3
        Throws:
        IOException

      • getSerializedSize

        public int getSerializedSize()
        Specified by:
        getSerializedSize in interface com.google.protobuf.MessageLite
        Overrides:
        getSerializedSize in class com.google.protobuf.GeneratedMessageV3

      • equals

        public boolean equals​(Object obj)
        Specified by:
        equals in interface com.google.protobuf.Message
        Overrides:
        equals in class com.google.protobuf.AbstractMessage

      • hashCode

        public int hashCode()
        Specified by:
        hashCode in interface com.google.protobuf.Message
        Overrides:
        hashCode in class com.google.protobuf.AbstractMessage

      • parseFrom

        public static DownstreamTlsContext parseFrom​(ByteBuffer data)
                                      throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static DownstreamTlsContext parseFrom​(ByteBuffer data,
                                             com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                                      throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static DownstreamTlsContext parseFrom​(com.google.protobuf.ByteString data)
                                      throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static DownstreamTlsContext parseFrom​(com.google.protobuf.ByteString data,
                                             com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                                      throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static DownstreamTlsContext parseFrom​(byte[] data)
                                      throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static DownstreamTlsContext parseFrom​(byte[] data,
                                             com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                                      throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • newBuilderForType

        public DownstreamTlsContext.Builder newBuilderForType()
        Specified by:
        newBuilderForType in interface com.google.protobuf.Message
        Specified by:
        newBuilderForType in interface com.google.protobuf.MessageLite

      • toBuilder

        public DownstreamTlsContext.Builder toBuilder()
        Specified by:
        toBuilder in interface com.google.protobuf.Message
        Specified by:
        toBuilder in interface com.google.protobuf.MessageLite

      • newBuilderForType

        protected DownstreamTlsContext.Builder newBuilderForType​(com.google.protobuf.GeneratedMessageV3.BuilderParent parent)
        Specified by:
        newBuilderForType in class com.google.protobuf.GeneratedMessageV3

      • getParserForType

        public com.google.protobuf.Parser<DownstreamTlsContext> getParserForType()
        Specified by:
        getParserForType in interface com.google.protobuf.Message
        Specified by:
        getParserForType in interface com.google.protobuf.MessageLite
        Overrides:
        getParserForType in class com.google.protobuf.GeneratedMessageV3

      • getDefaultInstanceForType

        public DownstreamTlsContext getDefaultInstanceForType()
        Specified by:
        getDefaultInstanceForType in interface com.google.protobuf.MessageLiteOrBuilder
        Specified by:
        getDefaultInstanceForType in interface com.google.protobuf.MessageOrBuilder