Package io.envoyproxy.envoy.extensions.transport_sockets.tls.v3

Class TlsCertificate.Builder

  • All Implemented Interfaces:
    com.google.protobuf.Message.Builder, com.google.protobuf.MessageLite.Builder, com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder, TlsCertificateOrBuilder, Cloneable
    Enclosing class:
    TlsCertificate
    public static final class TlsCertificate.Builder
extends com.google.protobuf.GeneratedMessageV3.Builder<TlsCertificate.Builder>
implements TlsCertificateOrBuilder
     [#next-free-field: 9]
    Protobuf type envoy.extensions.transport_sockets.tls.v3.TlsCertificate

    • Method Detail

      • getDescriptor

        public static final com.google.protobuf.Descriptors.Descriptor getDescriptor()

      • internalGetFieldAccessorTable

        protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()
        Specified by:
        internalGetFieldAccessorTable in class com.google.protobuf.GeneratedMessageV3.Builder<TlsCertificate.Builder>

      • clear

        public TlsCertificate.Builder clear()
        Specified by:
        clear in interface com.google.protobuf.Message.Builder
        Specified by:
        clear in interface com.google.protobuf.MessageLite.Builder
        Overrides:
        clear in class com.google.protobuf.GeneratedMessageV3.Builder<TlsCertificate.Builder>

      • getDescriptorForType

        public com.google.protobuf.Descriptors.Descriptor getDescriptorForType()
        Specified by:
        getDescriptorForType in interface com.google.protobuf.Message.Builder
        Specified by:
        getDescriptorForType in interface com.google.protobuf.MessageOrBuilder
        Overrides:
        getDescriptorForType in class com.google.protobuf.GeneratedMessageV3.Builder<TlsCertificate.Builder>

      • getDefaultInstanceForType

        public TlsCertificate getDefaultInstanceForType()
        Specified by:
        getDefaultInstanceForType in interface com.google.protobuf.MessageLiteOrBuilder
        Specified by:
        getDefaultInstanceForType in interface com.google.protobuf.MessageOrBuilder

      • build

        public TlsCertificate build()
        Specified by:
        build in interface com.google.protobuf.Message.Builder
        Specified by:
        build in interface com.google.protobuf.MessageLite.Builder

      • buildPartial

        public TlsCertificate buildPartial()
        Specified by:
        buildPartial in interface com.google.protobuf.Message.Builder
        Specified by:
        buildPartial in interface com.google.protobuf.MessageLite.Builder

      • clone

        public TlsCertificate.Builder clone()
        Specified by:
        clone in interface com.google.protobuf.Message.Builder
        Specified by:
        clone in interface com.google.protobuf.MessageLite.Builder
        Overrides:
        clone in class com.google.protobuf.GeneratedMessageV3.Builder<TlsCertificate.Builder>

      • setField

        public TlsCertificate.Builder setField​(com.google.protobuf.Descriptors.FieldDescriptor field,
                                       Object value)
        Specified by:
        setField in interface com.google.protobuf.Message.Builder
        Overrides:
        setField in class com.google.protobuf.GeneratedMessageV3.Builder<TlsCertificate.Builder>

      • clearField

        public TlsCertificate.Builder clearField​(com.google.protobuf.Descriptors.FieldDescriptor field)
        Specified by:
        clearField in interface com.google.protobuf.Message.Builder
        Overrides:
        clearField in class com.google.protobuf.GeneratedMessageV3.Builder<TlsCertificate.Builder>

      • clearOneof

        public TlsCertificate.Builder clearOneof​(com.google.protobuf.Descriptors.OneofDescriptor oneof)
        Specified by:
        clearOneof in interface com.google.protobuf.Message.Builder
        Overrides:
        clearOneof in class com.google.protobuf.GeneratedMessageV3.Builder<TlsCertificate.Builder>

      • setRepeatedField

        public TlsCertificate.Builder setRepeatedField​(com.google.protobuf.Descriptors.FieldDescriptor field,
                                               int index,
                                               Object value)
        Specified by:
        setRepeatedField in interface com.google.protobuf.Message.Builder
        Overrides:
        setRepeatedField in class com.google.protobuf.GeneratedMessageV3.Builder<TlsCertificate.Builder>

      • addRepeatedField

        public TlsCertificate.Builder addRepeatedField​(com.google.protobuf.Descriptors.FieldDescriptor field,
                                               Object value)
        Specified by:
        addRepeatedField in interface com.google.protobuf.Message.Builder
        Overrides:
        addRepeatedField in class com.google.protobuf.GeneratedMessageV3.Builder<TlsCertificate.Builder>

      • mergeFrom

        public TlsCertificate.Builder mergeFrom​(com.google.protobuf.Message other)
        Specified by:
        mergeFrom in interface com.google.protobuf.Message.Builder
        Overrides:
        mergeFrom in class com.google.protobuf.AbstractMessage.Builder<TlsCertificate.Builder>

      • isInitialized

        public final boolean isInitialized()
        Specified by:
        isInitialized in interface com.google.protobuf.MessageLiteOrBuilder
        Overrides:
        isInitialized in class com.google.protobuf.GeneratedMessageV3.Builder<TlsCertificate.Builder>

      • mergeFrom

        public TlsCertificate.Builder mergeFrom​(com.google.protobuf.CodedInputStream input,
                                        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                                 throws IOException
        Specified by:
        mergeFrom in interface com.google.protobuf.Message.Builder
        Specified by:
        mergeFrom in interface com.google.protobuf.MessageLite.Builder
        Overrides:
        mergeFrom in class com.google.protobuf.AbstractMessage.Builder<TlsCertificate.Builder>
        Throws:
        IOException

      • hasCertificateChain

        public boolean hasCertificateChain()
         The TLS certificate chain.
 If ``certificate_chain`` is a filesystem path, a watch will be added to the
 parent directory for any file moves to support rotation. This currently
 only applies to dynamic secrets, when the ``TlsCertificate`` is delivered via
 SDS.
        .envoy.config.core.v3.DataSource certificate_chain = 1;
        Specified by:
        hasCertificateChain in interface TlsCertificateOrBuilder
        Returns:
        Whether the certificateChain field is set.

      • getCertificateChain

        public DataSource getCertificateChain()
         The TLS certificate chain.
 If ``certificate_chain`` is a filesystem path, a watch will be added to the
 parent directory for any file moves to support rotation. This currently
 only applies to dynamic secrets, when the ``TlsCertificate`` is delivered via
 SDS.
        .envoy.config.core.v3.DataSource certificate_chain = 1;
        Specified by:
        getCertificateChain in interface TlsCertificateOrBuilder
        Returns:
        The certificateChain.

      • setCertificateChain

        public TlsCertificate.Builder setCertificateChain​(DataSource value)
         The TLS certificate chain.
 If ``certificate_chain`` is a filesystem path, a watch will be added to the
 parent directory for any file moves to support rotation. This currently
 only applies to dynamic secrets, when the ``TlsCertificate`` is delivered via
 SDS.
        .envoy.config.core.v3.DataSource certificate_chain = 1;

      • setCertificateChain

        public TlsCertificate.Builder setCertificateChain​(DataSource.Builder builderForValue)
         The TLS certificate chain.
 If ``certificate_chain`` is a filesystem path, a watch will be added to the
 parent directory for any file moves to support rotation. This currently
 only applies to dynamic secrets, when the ``TlsCertificate`` is delivered via
 SDS.
        .envoy.config.core.v3.DataSource certificate_chain = 1;

      • mergeCertificateChain

        public TlsCertificate.Builder mergeCertificateChain​(DataSource value)
         The TLS certificate chain.
 If ``certificate_chain`` is a filesystem path, a watch will be added to the
 parent directory for any file moves to support rotation. This currently
 only applies to dynamic secrets, when the ``TlsCertificate`` is delivered via
 SDS.
        .envoy.config.core.v3.DataSource certificate_chain = 1;

      • clearCertificateChain

        public TlsCertificate.Builder clearCertificateChain()
         The TLS certificate chain.
 If ``certificate_chain`` is a filesystem path, a watch will be added to the
 parent directory for any file moves to support rotation. This currently
 only applies to dynamic secrets, when the ``TlsCertificate`` is delivered via
 SDS.
        .envoy.config.core.v3.DataSource certificate_chain = 1;

      • getCertificateChainBuilder

        public DataSource.Builder getCertificateChainBuilder()
         The TLS certificate chain.
 If ``certificate_chain`` is a filesystem path, a watch will be added to the
 parent directory for any file moves to support rotation. This currently
 only applies to dynamic secrets, when the ``TlsCertificate`` is delivered via
 SDS.
        .envoy.config.core.v3.DataSource certificate_chain = 1;

      • getCertificateChainOrBuilder

        public DataSourceOrBuilder getCertificateChainOrBuilder()
         The TLS certificate chain.
 If ``certificate_chain`` is a filesystem path, a watch will be added to the
 parent directory for any file moves to support rotation. This currently
 only applies to dynamic secrets, when the ``TlsCertificate`` is delivered via
 SDS.
        .envoy.config.core.v3.DataSource certificate_chain = 1;
        Specified by:
        getCertificateChainOrBuilder in interface TlsCertificateOrBuilder

      • hasPrivateKey

        public boolean hasPrivateKey()
         The TLS private key.
 If ``private_key`` is a filesystem path, a watch will be added to the parent
 directory for any file moves to support rotation. This currently only
 applies to dynamic secrets, when the ``TlsCertificate`` is delivered via SDS.
        .envoy.config.core.v3.DataSource private_key = 2 [(.udpa.annotations.sensitive) = true];
        Specified by:
        hasPrivateKey in interface TlsCertificateOrBuilder
        Returns:
        Whether the privateKey field is set.

      • getPrivateKey

        public DataSource getPrivateKey()
         The TLS private key.
 If ``private_key`` is a filesystem path, a watch will be added to the parent
 directory for any file moves to support rotation. This currently only
 applies to dynamic secrets, when the ``TlsCertificate`` is delivered via SDS.
        .envoy.config.core.v3.DataSource private_key = 2 [(.udpa.annotations.sensitive) = true];
        Specified by:
        getPrivateKey in interface TlsCertificateOrBuilder
        Returns:
        The privateKey.

      • setPrivateKey

        public TlsCertificate.Builder setPrivateKey​(DataSource value)
         The TLS private key.
 If ``private_key`` is a filesystem path, a watch will be added to the parent
 directory for any file moves to support rotation. This currently only
 applies to dynamic secrets, when the ``TlsCertificate`` is delivered via SDS.
        .envoy.config.core.v3.DataSource private_key = 2 [(.udpa.annotations.sensitive) = true];

      • setPrivateKey

        public TlsCertificate.Builder setPrivateKey​(DataSource.Builder builderForValue)
         The TLS private key.
 If ``private_key`` is a filesystem path, a watch will be added to the parent
 directory for any file moves to support rotation. This currently only
 applies to dynamic secrets, when the ``TlsCertificate`` is delivered via SDS.
        .envoy.config.core.v3.DataSource private_key = 2 [(.udpa.annotations.sensitive) = true];

      • mergePrivateKey

        public TlsCertificate.Builder mergePrivateKey​(DataSource value)
         The TLS private key.
 If ``private_key`` is a filesystem path, a watch will be added to the parent
 directory for any file moves to support rotation. This currently only
 applies to dynamic secrets, when the ``TlsCertificate`` is delivered via SDS.
        .envoy.config.core.v3.DataSource private_key = 2 [(.udpa.annotations.sensitive) = true];

      • clearPrivateKey

        public TlsCertificate.Builder clearPrivateKey()
         The TLS private key.
 If ``private_key`` is a filesystem path, a watch will be added to the parent
 directory for any file moves to support rotation. This currently only
 applies to dynamic secrets, when the ``TlsCertificate`` is delivered via SDS.
        .envoy.config.core.v3.DataSource private_key = 2 [(.udpa.annotations.sensitive) = true];

      • getPrivateKeyBuilder

        public DataSource.Builder getPrivateKeyBuilder()
         The TLS private key.
 If ``private_key`` is a filesystem path, a watch will be added to the parent
 directory for any file moves to support rotation. This currently only
 applies to dynamic secrets, when the ``TlsCertificate`` is delivered via SDS.
        .envoy.config.core.v3.DataSource private_key = 2 [(.udpa.annotations.sensitive) = true];

      • getPrivateKeyOrBuilder

        public DataSourceOrBuilder getPrivateKeyOrBuilder()
         The TLS private key.
 If ``private_key`` is a filesystem path, a watch will be added to the parent
 directory for any file moves to support rotation. This currently only
 applies to dynamic secrets, when the ``TlsCertificate`` is delivered via SDS.
        .envoy.config.core.v3.DataSource private_key = 2 [(.udpa.annotations.sensitive) = true];
        Specified by:
        getPrivateKeyOrBuilder in interface TlsCertificateOrBuilder

      • hasPkcs12

        public boolean hasPkcs12()
         ``Pkcs12`` data containing TLS certificate, chain, and private key.
 If ``pkcs12`` is a filesystem path, the file will be read, but no watch will
 be added to the parent directory, since ``pkcs12`` isn't used by SDS.
 This field is mutually exclusive with ``certificate_chain``, ``private_key`` and ``private_key_provider``.
 This can't be marked as ``oneof`` due to API compatibility reasons. Setting
 both :ref:`private_key <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>`,
 :ref:`certificate_chain <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.certificate_chain>`,
 or :ref:`private_key_provider <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key_provider>`
 and :ref:`pkcs12 <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.pkcs12>`
 fields will result in an error. Use :ref:`password
 <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.password>`
 to specify the password to unprotect the ``PKCS12`` data, if necessary.
        .envoy.config.core.v3.DataSource pkcs12 = 8 [(.udpa.annotations.sensitive) = true];
        Specified by:
        hasPkcs12 in interface TlsCertificateOrBuilder
        Returns:
        Whether the pkcs12 field is set.

      • getPkcs12

        public DataSource getPkcs12()
         ``Pkcs12`` data containing TLS certificate, chain, and private key.
 If ``pkcs12`` is a filesystem path, the file will be read, but no watch will
 be added to the parent directory, since ``pkcs12`` isn't used by SDS.
 This field is mutually exclusive with ``certificate_chain``, ``private_key`` and ``private_key_provider``.
 This can't be marked as ``oneof`` due to API compatibility reasons. Setting
 both :ref:`private_key <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>`,
 :ref:`certificate_chain <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.certificate_chain>`,
 or :ref:`private_key_provider <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key_provider>`
 and :ref:`pkcs12 <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.pkcs12>`
 fields will result in an error. Use :ref:`password
 <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.password>`
 to specify the password to unprotect the ``PKCS12`` data, if necessary.
        .envoy.config.core.v3.DataSource pkcs12 = 8 [(.udpa.annotations.sensitive) = true];
        Specified by:
        getPkcs12 in interface TlsCertificateOrBuilder
        Returns:
        The pkcs12.

      • setPkcs12

        public TlsCertificate.Builder setPkcs12​(DataSource value)
         ``Pkcs12`` data containing TLS certificate, chain, and private key.
 If ``pkcs12`` is a filesystem path, the file will be read, but no watch will
 be added to the parent directory, since ``pkcs12`` isn't used by SDS.
 This field is mutually exclusive with ``certificate_chain``, ``private_key`` and ``private_key_provider``.
 This can't be marked as ``oneof`` due to API compatibility reasons. Setting
 both :ref:`private_key <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>`,
 :ref:`certificate_chain <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.certificate_chain>`,
 or :ref:`private_key_provider <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key_provider>`
 and :ref:`pkcs12 <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.pkcs12>`
 fields will result in an error. Use :ref:`password
 <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.password>`
 to specify the password to unprotect the ``PKCS12`` data, if necessary.
        .envoy.config.core.v3.DataSource pkcs12 = 8 [(.udpa.annotations.sensitive) = true];

      • setPkcs12

        public TlsCertificate.Builder setPkcs12​(DataSource.Builder builderForValue)
         ``Pkcs12`` data containing TLS certificate, chain, and private key.
 If ``pkcs12`` is a filesystem path, the file will be read, but no watch will
 be added to the parent directory, since ``pkcs12`` isn't used by SDS.
 This field is mutually exclusive with ``certificate_chain``, ``private_key`` and ``private_key_provider``.
 This can't be marked as ``oneof`` due to API compatibility reasons. Setting
 both :ref:`private_key <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>`,
 :ref:`certificate_chain <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.certificate_chain>`,
 or :ref:`private_key_provider <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key_provider>`
 and :ref:`pkcs12 <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.pkcs12>`
 fields will result in an error. Use :ref:`password
 <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.password>`
 to specify the password to unprotect the ``PKCS12`` data, if necessary.
        .envoy.config.core.v3.DataSource pkcs12 = 8 [(.udpa.annotations.sensitive) = true];

      • mergePkcs12

        public TlsCertificate.Builder mergePkcs12​(DataSource value)
         ``Pkcs12`` data containing TLS certificate, chain, and private key.
 If ``pkcs12`` is a filesystem path, the file will be read, but no watch will
 be added to the parent directory, since ``pkcs12`` isn't used by SDS.
 This field is mutually exclusive with ``certificate_chain``, ``private_key`` and ``private_key_provider``.
 This can't be marked as ``oneof`` due to API compatibility reasons. Setting
 both :ref:`private_key <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>`,
 :ref:`certificate_chain <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.certificate_chain>`,
 or :ref:`private_key_provider <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key_provider>`
 and :ref:`pkcs12 <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.pkcs12>`
 fields will result in an error. Use :ref:`password
 <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.password>`
 to specify the password to unprotect the ``PKCS12`` data, if necessary.
        .envoy.config.core.v3.DataSource pkcs12 = 8 [(.udpa.annotations.sensitive) = true];

      • clearPkcs12

        public TlsCertificate.Builder clearPkcs12()
         ``Pkcs12`` data containing TLS certificate, chain, and private key.
 If ``pkcs12`` is a filesystem path, the file will be read, but no watch will
 be added to the parent directory, since ``pkcs12`` isn't used by SDS.
 This field is mutually exclusive with ``certificate_chain``, ``private_key`` and ``private_key_provider``.
 This can't be marked as ``oneof`` due to API compatibility reasons. Setting
 both :ref:`private_key <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>`,
 :ref:`certificate_chain <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.certificate_chain>`,
 or :ref:`private_key_provider <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key_provider>`
 and :ref:`pkcs12 <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.pkcs12>`
 fields will result in an error. Use :ref:`password
 <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.password>`
 to specify the password to unprotect the ``PKCS12`` data, if necessary.
        .envoy.config.core.v3.DataSource pkcs12 = 8 [(.udpa.annotations.sensitive) = true];

      • getPkcs12Builder

        public DataSource.Builder getPkcs12Builder()
         ``Pkcs12`` data containing TLS certificate, chain, and private key.
 If ``pkcs12`` is a filesystem path, the file will be read, but no watch will
 be added to the parent directory, since ``pkcs12`` isn't used by SDS.
 This field is mutually exclusive with ``certificate_chain``, ``private_key`` and ``private_key_provider``.
 This can't be marked as ``oneof`` due to API compatibility reasons. Setting
 both :ref:`private_key <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>`,
 :ref:`certificate_chain <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.certificate_chain>`,
 or :ref:`private_key_provider <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key_provider>`
 and :ref:`pkcs12 <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.pkcs12>`
 fields will result in an error. Use :ref:`password
 <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.password>`
 to specify the password to unprotect the ``PKCS12`` data, if necessary.
        .envoy.config.core.v3.DataSource pkcs12 = 8 [(.udpa.annotations.sensitive) = true];

      • getPkcs12OrBuilder

        public DataSourceOrBuilder getPkcs12OrBuilder()
         ``Pkcs12`` data containing TLS certificate, chain, and private key.
 If ``pkcs12`` is a filesystem path, the file will be read, but no watch will
 be added to the parent directory, since ``pkcs12`` isn't used by SDS.
 This field is mutually exclusive with ``certificate_chain``, ``private_key`` and ``private_key_provider``.
 This can't be marked as ``oneof`` due to API compatibility reasons. Setting
 both :ref:`private_key <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>`,
 :ref:`certificate_chain <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.certificate_chain>`,
 or :ref:`private_key_provider <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key_provider>`
 and :ref:`pkcs12 <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.pkcs12>`
 fields will result in an error. Use :ref:`password
 <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.password>`
 to specify the password to unprotect the ``PKCS12`` data, if necessary.
        .envoy.config.core.v3.DataSource pkcs12 = 8 [(.udpa.annotations.sensitive) = true];
        Specified by:
        getPkcs12OrBuilder in interface TlsCertificateOrBuilder

      • hasWatchedDirectory

        public boolean hasWatchedDirectory()
         If specified, updates of file-based ``certificate_chain`` and ``private_key``
 sources will be triggered by this watch. The certificate/key pair will be
 read together and validated for atomic read consistency (i.e. no
 intervening modification occurred between cert/key read, verified by file
 hash comparisons). This allows explicit control over the path watched, by
 default the parent directories of the filesystem paths in
 ``certificate_chain`` and ``private_key`` are watched if this field is not
 specified. This only applies when a ``TlsCertificate`` is delivered by SDS
 with references to filesystem paths. See the :ref:`SDS key rotation
 <sds_key_rotation>` documentation for further details.
        .envoy.config.core.v3.WatchedDirectory watched_directory = 7;
        Specified by:
        hasWatchedDirectory in interface TlsCertificateOrBuilder
        Returns:
        Whether the watchedDirectory field is set.

      • getWatchedDirectory

        public WatchedDirectory getWatchedDirectory()
         If specified, updates of file-based ``certificate_chain`` and ``private_key``
 sources will be triggered by this watch. The certificate/key pair will be
 read together and validated for atomic read consistency (i.e. no
 intervening modification occurred between cert/key read, verified by file
 hash comparisons). This allows explicit control over the path watched, by
 default the parent directories of the filesystem paths in
 ``certificate_chain`` and ``private_key`` are watched if this field is not
 specified. This only applies when a ``TlsCertificate`` is delivered by SDS
 with references to filesystem paths. See the :ref:`SDS key rotation
 <sds_key_rotation>` documentation for further details.
        .envoy.config.core.v3.WatchedDirectory watched_directory = 7;
        Specified by:
        getWatchedDirectory in interface TlsCertificateOrBuilder
        Returns:
        The watchedDirectory.

      • setWatchedDirectory

        public TlsCertificate.Builder setWatchedDirectory​(WatchedDirectory value)
         If specified, updates of file-based ``certificate_chain`` and ``private_key``
 sources will be triggered by this watch. The certificate/key pair will be
 read together and validated for atomic read consistency (i.e. no
 intervening modification occurred between cert/key read, verified by file
 hash comparisons). This allows explicit control over the path watched, by
 default the parent directories of the filesystem paths in
 ``certificate_chain`` and ``private_key`` are watched if this field is not
 specified. This only applies when a ``TlsCertificate`` is delivered by SDS
 with references to filesystem paths. See the :ref:`SDS key rotation
 <sds_key_rotation>` documentation for further details.
        .envoy.config.core.v3.WatchedDirectory watched_directory = 7;

      • setWatchedDirectory

        public TlsCertificate.Builder setWatchedDirectory​(WatchedDirectory.Builder builderForValue)
         If specified, updates of file-based ``certificate_chain`` and ``private_key``
 sources will be triggered by this watch. The certificate/key pair will be
 read together and validated for atomic read consistency (i.e. no
 intervening modification occurred between cert/key read, verified by file
 hash comparisons). This allows explicit control over the path watched, by
 default the parent directories of the filesystem paths in
 ``certificate_chain`` and ``private_key`` are watched if this field is not
 specified. This only applies when a ``TlsCertificate`` is delivered by SDS
 with references to filesystem paths. See the :ref:`SDS key rotation
 <sds_key_rotation>` documentation for further details.
        .envoy.config.core.v3.WatchedDirectory watched_directory = 7;

      • mergeWatchedDirectory

        public TlsCertificate.Builder mergeWatchedDirectory​(WatchedDirectory value)
         If specified, updates of file-based ``certificate_chain`` and ``private_key``
 sources will be triggered by this watch. The certificate/key pair will be
 read together and validated for atomic read consistency (i.e. no
 intervening modification occurred between cert/key read, verified by file
 hash comparisons). This allows explicit control over the path watched, by
 default the parent directories of the filesystem paths in
 ``certificate_chain`` and ``private_key`` are watched if this field is not
 specified. This only applies when a ``TlsCertificate`` is delivered by SDS
 with references to filesystem paths. See the :ref:`SDS key rotation
 <sds_key_rotation>` documentation for further details.
        .envoy.config.core.v3.WatchedDirectory watched_directory = 7;

      • clearWatchedDirectory

        public TlsCertificate.Builder clearWatchedDirectory()
         If specified, updates of file-based ``certificate_chain`` and ``private_key``
 sources will be triggered by this watch. The certificate/key pair will be
 read together and validated for atomic read consistency (i.e. no
 intervening modification occurred between cert/key read, verified by file
 hash comparisons). This allows explicit control over the path watched, by
 default the parent directories of the filesystem paths in
 ``certificate_chain`` and ``private_key`` are watched if this field is not
 specified. This only applies when a ``TlsCertificate`` is delivered by SDS
 with references to filesystem paths. See the :ref:`SDS key rotation
 <sds_key_rotation>` documentation for further details.
        .envoy.config.core.v3.WatchedDirectory watched_directory = 7;

      • getWatchedDirectoryBuilder

        public WatchedDirectory.Builder getWatchedDirectoryBuilder()
         If specified, updates of file-based ``certificate_chain`` and ``private_key``
 sources will be triggered by this watch. The certificate/key pair will be
 read together and validated for atomic read consistency (i.e. no
 intervening modification occurred between cert/key read, verified by file
 hash comparisons). This allows explicit control over the path watched, by
 default the parent directories of the filesystem paths in
 ``certificate_chain`` and ``private_key`` are watched if this field is not
 specified. This only applies when a ``TlsCertificate`` is delivered by SDS
 with references to filesystem paths. See the :ref:`SDS key rotation
 <sds_key_rotation>` documentation for further details.
        .envoy.config.core.v3.WatchedDirectory watched_directory = 7;

      • getWatchedDirectoryOrBuilder

        public WatchedDirectoryOrBuilder getWatchedDirectoryOrBuilder()
         If specified, updates of file-based ``certificate_chain`` and ``private_key``
 sources will be triggered by this watch. The certificate/key pair will be
 read together and validated for atomic read consistency (i.e. no
 intervening modification occurred between cert/key read, verified by file
 hash comparisons). This allows explicit control over the path watched, by
 default the parent directories of the filesystem paths in
 ``certificate_chain`` and ``private_key`` are watched if this field is not
 specified. This only applies when a ``TlsCertificate`` is delivered by SDS
 with references to filesystem paths. See the :ref:`SDS key rotation
 <sds_key_rotation>` documentation for further details.
        .envoy.config.core.v3.WatchedDirectory watched_directory = 7;
        Specified by:
        getWatchedDirectoryOrBuilder in interface TlsCertificateOrBuilder

      • hasPrivateKeyProvider

        public boolean hasPrivateKeyProvider()
         BoringSSL private key method provider. This is an alternative to :ref:`private_key
 <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>` field. This can't be
 marked as ``oneof`` due to API compatibility reasons. Setting both :ref:`private_key
 <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>` and
 :ref:`private_key_provider
 <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key_provider>` fields will result in an
 error.
        .envoy.extensions.transport_sockets.tls.v3.PrivateKeyProvider private_key_provider = 6;
        Specified by:
        hasPrivateKeyProvider in interface TlsCertificateOrBuilder
        Returns:
        Whether the privateKeyProvider field is set.

      • getPrivateKeyProvider

        public PrivateKeyProvider getPrivateKeyProvider()
         BoringSSL private key method provider. This is an alternative to :ref:`private_key
 <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>` field. This can't be
 marked as ``oneof`` due to API compatibility reasons. Setting both :ref:`private_key
 <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>` and
 :ref:`private_key_provider
 <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key_provider>` fields will result in an
 error.
        .envoy.extensions.transport_sockets.tls.v3.PrivateKeyProvider private_key_provider = 6;
        Specified by:
        getPrivateKeyProvider in interface TlsCertificateOrBuilder
        Returns:
        The privateKeyProvider.

      • setPrivateKeyProvider

        public TlsCertificate.Builder setPrivateKeyProvider​(PrivateKeyProvider value)
         BoringSSL private key method provider. This is an alternative to :ref:`private_key
 <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>` field. This can't be
 marked as ``oneof`` due to API compatibility reasons. Setting both :ref:`private_key
 <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>` and
 :ref:`private_key_provider
 <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key_provider>` fields will result in an
 error.
        .envoy.extensions.transport_sockets.tls.v3.PrivateKeyProvider private_key_provider = 6;

      • setPrivateKeyProvider

        public TlsCertificate.Builder setPrivateKeyProvider​(PrivateKeyProvider.Builder builderForValue)
         BoringSSL private key method provider. This is an alternative to :ref:`private_key
 <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>` field. This can't be
 marked as ``oneof`` due to API compatibility reasons. Setting both :ref:`private_key
 <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>` and
 :ref:`private_key_provider
 <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key_provider>` fields will result in an
 error.
        .envoy.extensions.transport_sockets.tls.v3.PrivateKeyProvider private_key_provider = 6;

      • mergePrivateKeyProvider

        public TlsCertificate.Builder mergePrivateKeyProvider​(PrivateKeyProvider value)
         BoringSSL private key method provider. This is an alternative to :ref:`private_key
 <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>` field. This can't be
 marked as ``oneof`` due to API compatibility reasons. Setting both :ref:`private_key
 <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>` and
 :ref:`private_key_provider
 <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key_provider>` fields will result in an
 error.
        .envoy.extensions.transport_sockets.tls.v3.PrivateKeyProvider private_key_provider = 6;

      • clearPrivateKeyProvider

        public TlsCertificate.Builder clearPrivateKeyProvider()
         BoringSSL private key method provider. This is an alternative to :ref:`private_key
 <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>` field. This can't be
 marked as ``oneof`` due to API compatibility reasons. Setting both :ref:`private_key
 <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>` and
 :ref:`private_key_provider
 <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key_provider>` fields will result in an
 error.
        .envoy.extensions.transport_sockets.tls.v3.PrivateKeyProvider private_key_provider = 6;

      • getPrivateKeyProviderBuilder

        public PrivateKeyProvider.Builder getPrivateKeyProviderBuilder()
         BoringSSL private key method provider. This is an alternative to :ref:`private_key
 <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>` field. This can't be
 marked as ``oneof`` due to API compatibility reasons. Setting both :ref:`private_key
 <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>` and
 :ref:`private_key_provider
 <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key_provider>` fields will result in an
 error.
        .envoy.extensions.transport_sockets.tls.v3.PrivateKeyProvider private_key_provider = 6;

      • getPrivateKeyProviderOrBuilder

        public PrivateKeyProviderOrBuilder getPrivateKeyProviderOrBuilder()
         BoringSSL private key method provider. This is an alternative to :ref:`private_key
 <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>` field. This can't be
 marked as ``oneof`` due to API compatibility reasons. Setting both :ref:`private_key
 <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>` and
 :ref:`private_key_provider
 <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key_provider>` fields will result in an
 error.
        .envoy.extensions.transport_sockets.tls.v3.PrivateKeyProvider private_key_provider = 6;
        Specified by:
        getPrivateKeyProviderOrBuilder in interface TlsCertificateOrBuilder

      • hasPassword

        public boolean hasPassword()
         The password to decrypt the TLS private key. If this field is not set, it is assumed that the
 TLS private key is not password encrypted.
        .envoy.config.core.v3.DataSource password = 3 [(.udpa.annotations.sensitive) = true];
        Specified by:
        hasPassword in interface TlsCertificateOrBuilder
        Returns:
        Whether the password field is set.

      • getPassword

        public DataSource getPassword()
         The password to decrypt the TLS private key. If this field is not set, it is assumed that the
 TLS private key is not password encrypted.
        .envoy.config.core.v3.DataSource password = 3 [(.udpa.annotations.sensitive) = true];
        Specified by:
        getPassword in interface TlsCertificateOrBuilder
        Returns:
        The password.

      • setPassword

        public TlsCertificate.Builder setPassword​(DataSource value)
         The password to decrypt the TLS private key. If this field is not set, it is assumed that the
 TLS private key is not password encrypted.
        .envoy.config.core.v3.DataSource password = 3 [(.udpa.annotations.sensitive) = true];

      • setPassword

        public TlsCertificate.Builder setPassword​(DataSource.Builder builderForValue)
         The password to decrypt the TLS private key. If this field is not set, it is assumed that the
 TLS private key is not password encrypted.
        .envoy.config.core.v3.DataSource password = 3 [(.udpa.annotations.sensitive) = true];

      • mergePassword

        public TlsCertificate.Builder mergePassword​(DataSource value)
         The password to decrypt the TLS private key. If this field is not set, it is assumed that the
 TLS private key is not password encrypted.
        .envoy.config.core.v3.DataSource password = 3 [(.udpa.annotations.sensitive) = true];

      • clearPassword

        public TlsCertificate.Builder clearPassword()
         The password to decrypt the TLS private key. If this field is not set, it is assumed that the
 TLS private key is not password encrypted.
        .envoy.config.core.v3.DataSource password = 3 [(.udpa.annotations.sensitive) = true];

      • getPasswordBuilder

        public DataSource.Builder getPasswordBuilder()
         The password to decrypt the TLS private key. If this field is not set, it is assumed that the
 TLS private key is not password encrypted.
        .envoy.config.core.v3.DataSource password = 3 [(.udpa.annotations.sensitive) = true];

      • getPasswordOrBuilder

        public DataSourceOrBuilder getPasswordOrBuilder()
         The password to decrypt the TLS private key. If this field is not set, it is assumed that the
 TLS private key is not password encrypted.
        .envoy.config.core.v3.DataSource password = 3 [(.udpa.annotations.sensitive) = true];
        Specified by:
        getPasswordOrBuilder in interface TlsCertificateOrBuilder

      • hasOcspStaple

        public boolean hasOcspStaple()
         The OCSP response to be stapled with this certificate during the handshake.
 The response must be DER-encoded and may only be  provided via ``filename`` or
 ``inline_bytes``. The response may pertain to only one certificate.
        .envoy.config.core.v3.DataSource ocsp_staple = 4;
        Specified by:
        hasOcspStaple in interface TlsCertificateOrBuilder
        Returns:
        Whether the ocspStaple field is set.

      • getOcspStaple

        public DataSource getOcspStaple()
         The OCSP response to be stapled with this certificate during the handshake.
 The response must be DER-encoded and may only be  provided via ``filename`` or
 ``inline_bytes``. The response may pertain to only one certificate.
        .envoy.config.core.v3.DataSource ocsp_staple = 4;
        Specified by:
        getOcspStaple in interface TlsCertificateOrBuilder
        Returns:
        The ocspStaple.

      • setOcspStaple

        public TlsCertificate.Builder setOcspStaple​(DataSource value)
         The OCSP response to be stapled with this certificate during the handshake.
 The response must be DER-encoded and may only be  provided via ``filename`` or
 ``inline_bytes``. The response may pertain to only one certificate.
        .envoy.config.core.v3.DataSource ocsp_staple = 4;

      • setOcspStaple

        public TlsCertificate.Builder setOcspStaple​(DataSource.Builder builderForValue)
         The OCSP response to be stapled with this certificate during the handshake.
 The response must be DER-encoded and may only be  provided via ``filename`` or
 ``inline_bytes``. The response may pertain to only one certificate.
        .envoy.config.core.v3.DataSource ocsp_staple = 4;

      • mergeOcspStaple

        public TlsCertificate.Builder mergeOcspStaple​(DataSource value)
         The OCSP response to be stapled with this certificate during the handshake.
 The response must be DER-encoded and may only be  provided via ``filename`` or
 ``inline_bytes``. The response may pertain to only one certificate.
        .envoy.config.core.v3.DataSource ocsp_staple = 4;

      • clearOcspStaple

        public TlsCertificate.Builder clearOcspStaple()
         The OCSP response to be stapled with this certificate during the handshake.
 The response must be DER-encoded and may only be  provided via ``filename`` or
 ``inline_bytes``. The response may pertain to only one certificate.
        .envoy.config.core.v3.DataSource ocsp_staple = 4;

      • getOcspStapleBuilder

        public DataSource.Builder getOcspStapleBuilder()
         The OCSP response to be stapled with this certificate during the handshake.
 The response must be DER-encoded and may only be  provided via ``filename`` or
 ``inline_bytes``. The response may pertain to only one certificate.
        .envoy.config.core.v3.DataSource ocsp_staple = 4;

      • getOcspStapleOrBuilder

        public DataSourceOrBuilder getOcspStapleOrBuilder()
         The OCSP response to be stapled with this certificate during the handshake.
 The response must be DER-encoded and may only be  provided via ``filename`` or
 ``inline_bytes``. The response may pertain to only one certificate.
        .envoy.config.core.v3.DataSource ocsp_staple = 4;
        Specified by:
        getOcspStapleOrBuilder in interface TlsCertificateOrBuilder

      • setSignedCertificateTimestamp

        public TlsCertificate.Builder setSignedCertificateTimestamp​(int index,
                                                            DataSource value)
         [#not-implemented-hide:]
        repeated .envoy.config.core.v3.DataSource signed_certificate_timestamp = 5;

      • setSignedCertificateTimestamp

        public TlsCertificate.Builder setSignedCertificateTimestamp​(int index,
                                                            DataSource.Builder builderForValue)
         [#not-implemented-hide:]
        repeated .envoy.config.core.v3.DataSource signed_certificate_timestamp = 5;

      • addSignedCertificateTimestamp

        public TlsCertificate.Builder addSignedCertificateTimestamp​(DataSource value)
         [#not-implemented-hide:]
        repeated .envoy.config.core.v3.DataSource signed_certificate_timestamp = 5;

      • addSignedCertificateTimestamp

        public TlsCertificate.Builder addSignedCertificateTimestamp​(int index,
                                                            DataSource value)
         [#not-implemented-hide:]
        repeated .envoy.config.core.v3.DataSource signed_certificate_timestamp = 5;

      • addSignedCertificateTimestamp

        public TlsCertificate.Builder addSignedCertificateTimestamp​(DataSource.Builder builderForValue)
         [#not-implemented-hide:]
        repeated .envoy.config.core.v3.DataSource signed_certificate_timestamp = 5;

      • addSignedCertificateTimestamp

        public TlsCertificate.Builder addSignedCertificateTimestamp​(int index,
                                                            DataSource.Builder builderForValue)
         [#not-implemented-hide:]
        repeated .envoy.config.core.v3.DataSource signed_certificate_timestamp = 5;

      • addAllSignedCertificateTimestamp

        public TlsCertificate.Builder addAllSignedCertificateTimestamp​(Iterable<? extends DataSource> values)
         [#not-implemented-hide:]
        repeated .envoy.config.core.v3.DataSource signed_certificate_timestamp = 5;

      • clearSignedCertificateTimestamp

        public TlsCertificate.Builder clearSignedCertificateTimestamp()
         [#not-implemented-hide:]
        repeated .envoy.config.core.v3.DataSource signed_certificate_timestamp = 5;

      • removeSignedCertificateTimestamp

        public TlsCertificate.Builder removeSignedCertificateTimestamp​(int index)
         [#not-implemented-hide:]
        repeated .envoy.config.core.v3.DataSource signed_certificate_timestamp = 5;

      • getSignedCertificateTimestampBuilder

        public DataSource.Builder getSignedCertificateTimestampBuilder​(int index)
         [#not-implemented-hide:]
        repeated .envoy.config.core.v3.DataSource signed_certificate_timestamp = 5;

      • addSignedCertificateTimestampBuilder

        public DataSource.Builder addSignedCertificateTimestampBuilder()
         [#not-implemented-hide:]
        repeated .envoy.config.core.v3.DataSource signed_certificate_timestamp = 5;

      • addSignedCertificateTimestampBuilder

        public DataSource.Builder addSignedCertificateTimestampBuilder​(int index)
         [#not-implemented-hide:]
        repeated .envoy.config.core.v3.DataSource signed_certificate_timestamp = 5;

      • getSignedCertificateTimestampBuilderList

        public List<DataSource.Builder> getSignedCertificateTimestampBuilderList()
         [#not-implemented-hide:]
        repeated .envoy.config.core.v3.DataSource signed_certificate_timestamp = 5;

      • setUnknownFields

        public final TlsCertificate.Builder setUnknownFields​(com.google.protobuf.UnknownFieldSet unknownFields)
        Specified by:
        setUnknownFields in interface com.google.protobuf.Message.Builder
        Overrides:
        setUnknownFields in class com.google.protobuf.GeneratedMessageV3.Builder<TlsCertificate.Builder>

      • mergeUnknownFields

        public final TlsCertificate.Builder mergeUnknownFields​(com.google.protobuf.UnknownFieldSet unknownFields)
        Specified by:
        mergeUnknownFields in interface com.google.protobuf.Message.Builder
        Overrides:
        mergeUnknownFields in class com.google.protobuf.GeneratedMessageV3.Builder<TlsCertificate.Builder>