Class TlsSessionTicketKeys

  • All Implemented Interfaces:
    com.google.protobuf.Message, com.google.protobuf.MessageLite, com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder, TlsSessionTicketKeysOrBuilder, java.io.Serializable

    public final class TlsSessionTicketKeys
    extends com.google.protobuf.GeneratedMessage
    implements TlsSessionTicketKeysOrBuilder
    Protobuf type envoy.extensions.transport_sockets.tls.v3.TlsSessionTicketKeys
    See Also:
    Serialized Form
    • Nested Class Summary

      Nested Classes 
      Modifier and Type Class Description
      static class  TlsSessionTicketKeys.Builder
      Protobuf type envoy.extensions.transport_sockets.tls.v3.TlsSessionTicketKeys
      • Nested classes/interfaces inherited from class com.google.protobuf.GeneratedMessage

        com.google.protobuf.GeneratedMessage.ExtendableBuilder<MessageT extends com.google.protobuf.GeneratedMessage.ExtendableMessage<MessageT>,​BuilderT extends com.google.protobuf.GeneratedMessage.ExtendableBuilder<MessageT,​BuilderT>>, com.google.protobuf.GeneratedMessage.ExtendableMessage<MessageT extends com.google.protobuf.GeneratedMessage.ExtendableMessage<MessageT>>, com.google.protobuf.GeneratedMessage.ExtendableMessageOrBuilder<MessageT extends com.google.protobuf.GeneratedMessage.ExtendableMessage<MessageT>>, com.google.protobuf.GeneratedMessage.FieldAccessorTable, com.google.protobuf.GeneratedMessage.GeneratedExtension<ContainingT extends com.google.protobuf.Message,​T extends java.lang.Object>, com.google.protobuf.GeneratedMessage.UnusedPrivateParameter
      • Nested classes/interfaces inherited from class com.google.protobuf.AbstractMessage

        com.google.protobuf.AbstractMessage.BuilderParent
      • Nested classes/interfaces inherited from class com.google.protobuf.AbstractMessageLite

        com.google.protobuf.AbstractMessageLite.InternalOneOfEnum
    • Constructor Detail

      • TlsSessionTicketKeys

        private TlsSessionTicketKeys​(com.google.protobuf.GeneratedMessage.Builder<?> builder)
      • TlsSessionTicketKeys

        private TlsSessionTicketKeys()
    • Method Detail

      • getDescriptor

        public static final com.google.protobuf.Descriptors.Descriptor getDescriptor()
      • internalGetFieldAccessorTable

        protected com.google.protobuf.GeneratedMessage.FieldAccessorTable internalGetFieldAccessorTable()
        Specified by:
        internalGetFieldAccessorTable in class com.google.protobuf.GeneratedMessage
      • getKeysList

        public java.util.List<DataSource> getKeysList()
         Keys for encrypting and decrypting TLS session tickets. The
         first key in the array contains the key to encrypt all new sessions created by this context.
         All keys are candidates for decrypting received tickets. This allows for easy rotation of keys
         by, for example, putting the new key first, and the previous key second.
        
         If :ref:`session_ticket_keys <envoy_v3_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.session_ticket_keys>`
         is not specified, the TLS library will still support resuming sessions via tickets, but it will
         use an internally-generated and managed key, so sessions cannot be resumed across hot restarts
         or on different hosts.
        
         Each key must contain exactly 80 bytes of cryptographically-secure random data. For
         example, the output of ``openssl rand 80``.
        
         .. attention::
        
         Using this feature has serious security considerations and risks. Improper handling of keys
         may result in loss of secrecy in connections, even if ciphers supporting perfect forward
         secrecy are used. See https://www.imperialviolet.org/2013/06/27/botchingpfs.html for some
         discussion. To minimize the risk, you must:
        
         * Keep the session ticket keys at least as secure as your TLS certificate private keys
         * Rotate session ticket keys at least daily, and preferably hourly
         * Always generate keys using a cryptographically-secure random data source
         
        repeated .envoy.config.core.v3.DataSource keys = 1 [(.validate.rules) = { ... }
        Specified by:
        getKeysList in interface TlsSessionTicketKeysOrBuilder
      • getKeysOrBuilderList

        public java.util.List<? extends DataSourceOrBuilder> getKeysOrBuilderList()
         Keys for encrypting and decrypting TLS session tickets. The
         first key in the array contains the key to encrypt all new sessions created by this context.
         All keys are candidates for decrypting received tickets. This allows for easy rotation of keys
         by, for example, putting the new key first, and the previous key second.
        
         If :ref:`session_ticket_keys <envoy_v3_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.session_ticket_keys>`
         is not specified, the TLS library will still support resuming sessions via tickets, but it will
         use an internally-generated and managed key, so sessions cannot be resumed across hot restarts
         or on different hosts.
        
         Each key must contain exactly 80 bytes of cryptographically-secure random data. For
         example, the output of ``openssl rand 80``.
        
         .. attention::
        
         Using this feature has serious security considerations and risks. Improper handling of keys
         may result in loss of secrecy in connections, even if ciphers supporting perfect forward
         secrecy are used. See https://www.imperialviolet.org/2013/06/27/botchingpfs.html for some
         discussion. To minimize the risk, you must:
        
         * Keep the session ticket keys at least as secure as your TLS certificate private keys
         * Rotate session ticket keys at least daily, and preferably hourly
         * Always generate keys using a cryptographically-secure random data source
         
        repeated .envoy.config.core.v3.DataSource keys = 1 [(.validate.rules) = { ... }
        Specified by:
        getKeysOrBuilderList in interface TlsSessionTicketKeysOrBuilder
      • getKeysCount

        public int getKeysCount()
         Keys for encrypting and decrypting TLS session tickets. The
         first key in the array contains the key to encrypt all new sessions created by this context.
         All keys are candidates for decrypting received tickets. This allows for easy rotation of keys
         by, for example, putting the new key first, and the previous key second.
        
         If :ref:`session_ticket_keys <envoy_v3_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.session_ticket_keys>`
         is not specified, the TLS library will still support resuming sessions via tickets, but it will
         use an internally-generated and managed key, so sessions cannot be resumed across hot restarts
         or on different hosts.
        
         Each key must contain exactly 80 bytes of cryptographically-secure random data. For
         example, the output of ``openssl rand 80``.
        
         .. attention::
        
         Using this feature has serious security considerations and risks. Improper handling of keys
         may result in loss of secrecy in connections, even if ciphers supporting perfect forward
         secrecy are used. See https://www.imperialviolet.org/2013/06/27/botchingpfs.html for some
         discussion. To minimize the risk, you must:
        
         * Keep the session ticket keys at least as secure as your TLS certificate private keys
         * Rotate session ticket keys at least daily, and preferably hourly
         * Always generate keys using a cryptographically-secure random data source
         
        repeated .envoy.config.core.v3.DataSource keys = 1 [(.validate.rules) = { ... }
        Specified by:
        getKeysCount in interface TlsSessionTicketKeysOrBuilder
      • getKeys

        public DataSource getKeys​(int index)
         Keys for encrypting and decrypting TLS session tickets. The
         first key in the array contains the key to encrypt all new sessions created by this context.
         All keys are candidates for decrypting received tickets. This allows for easy rotation of keys
         by, for example, putting the new key first, and the previous key second.
        
         If :ref:`session_ticket_keys <envoy_v3_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.session_ticket_keys>`
         is not specified, the TLS library will still support resuming sessions via tickets, but it will
         use an internally-generated and managed key, so sessions cannot be resumed across hot restarts
         or on different hosts.
        
         Each key must contain exactly 80 bytes of cryptographically-secure random data. For
         example, the output of ``openssl rand 80``.
        
         .. attention::
        
         Using this feature has serious security considerations and risks. Improper handling of keys
         may result in loss of secrecy in connections, even if ciphers supporting perfect forward
         secrecy are used. See https://www.imperialviolet.org/2013/06/27/botchingpfs.html for some
         discussion. To minimize the risk, you must:
        
         * Keep the session ticket keys at least as secure as your TLS certificate private keys
         * Rotate session ticket keys at least daily, and preferably hourly
         * Always generate keys using a cryptographically-secure random data source
         
        repeated .envoy.config.core.v3.DataSource keys = 1 [(.validate.rules) = { ... }
        Specified by:
        getKeys in interface TlsSessionTicketKeysOrBuilder
      • getKeysOrBuilder

        public DataSourceOrBuilder getKeysOrBuilder​(int index)
         Keys for encrypting and decrypting TLS session tickets. The
         first key in the array contains the key to encrypt all new sessions created by this context.
         All keys are candidates for decrypting received tickets. This allows for easy rotation of keys
         by, for example, putting the new key first, and the previous key second.
        
         If :ref:`session_ticket_keys <envoy_v3_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.session_ticket_keys>`
         is not specified, the TLS library will still support resuming sessions via tickets, but it will
         use an internally-generated and managed key, so sessions cannot be resumed across hot restarts
         or on different hosts.
        
         Each key must contain exactly 80 bytes of cryptographically-secure random data. For
         example, the output of ``openssl rand 80``.
        
         .. attention::
        
         Using this feature has serious security considerations and risks. Improper handling of keys
         may result in loss of secrecy in connections, even if ciphers supporting perfect forward
         secrecy are used. See https://www.imperialviolet.org/2013/06/27/botchingpfs.html for some
         discussion. To minimize the risk, you must:
        
         * Keep the session ticket keys at least as secure as your TLS certificate private keys
         * Rotate session ticket keys at least daily, and preferably hourly
         * Always generate keys using a cryptographically-secure random data source
         
        repeated .envoy.config.core.v3.DataSource keys = 1 [(.validate.rules) = { ... }
        Specified by:
        getKeysOrBuilder in interface TlsSessionTicketKeysOrBuilder
      • isInitialized

        public final boolean isInitialized()
        Specified by:
        isInitialized in interface com.google.protobuf.MessageLiteOrBuilder
        Overrides:
        isInitialized in class com.google.protobuf.GeneratedMessage
      • writeTo

        public void writeTo​(com.google.protobuf.CodedOutputStream output)
                     throws java.io.IOException
        Specified by:
        writeTo in interface com.google.protobuf.MessageLite
        Overrides:
        writeTo in class com.google.protobuf.GeneratedMessage
        Throws:
        java.io.IOException
      • getSerializedSize

        public int getSerializedSize()
        Specified by:
        getSerializedSize in interface com.google.protobuf.MessageLite
        Overrides:
        getSerializedSize in class com.google.protobuf.GeneratedMessage
      • equals

        public boolean equals​(java.lang.Object obj)
        Specified by:
        equals in interface com.google.protobuf.Message
        Overrides:
        equals in class com.google.protobuf.AbstractMessage
      • hashCode

        public int hashCode()
        Specified by:
        hashCode in interface com.google.protobuf.Message
        Overrides:
        hashCode in class com.google.protobuf.AbstractMessage
      • parseFrom

        public static TlsSessionTicketKeys parseFrom​(java.nio.ByteBuffer data)
                                              throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException
      • parseFrom

        public static TlsSessionTicketKeys parseFrom​(java.nio.ByteBuffer data,
                                                     com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                                              throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException
      • parseFrom

        public static TlsSessionTicketKeys parseFrom​(com.google.protobuf.ByteString data)
                                              throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException
      • parseFrom

        public static TlsSessionTicketKeys parseFrom​(com.google.protobuf.ByteString data,
                                                     com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                                              throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException
      • parseFrom

        public static TlsSessionTicketKeys parseFrom​(byte[] data)
                                              throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException
      • parseFrom

        public static TlsSessionTicketKeys parseFrom​(byte[] data,
                                                     com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                                              throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException
      • parseFrom

        public static TlsSessionTicketKeys parseFrom​(java.io.InputStream input)
                                              throws java.io.IOException
        Throws:
        java.io.IOException
      • parseFrom

        public static TlsSessionTicketKeys parseFrom​(java.io.InputStream input,
                                                     com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                                              throws java.io.IOException
        Throws:
        java.io.IOException
      • parseDelimitedFrom

        public static TlsSessionTicketKeys parseDelimitedFrom​(java.io.InputStream input)
                                                       throws java.io.IOException
        Throws:
        java.io.IOException
      • parseDelimitedFrom

        public static TlsSessionTicketKeys parseDelimitedFrom​(java.io.InputStream input,
                                                              com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                                                       throws java.io.IOException
        Throws:
        java.io.IOException
      • parseFrom

        public static TlsSessionTicketKeys parseFrom​(com.google.protobuf.CodedInputStream input)
                                              throws java.io.IOException
        Throws:
        java.io.IOException
      • parseFrom

        public static TlsSessionTicketKeys parseFrom​(com.google.protobuf.CodedInputStream input,
                                                     com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                                              throws java.io.IOException
        Throws:
        java.io.IOException
      • newBuilderForType

        public TlsSessionTicketKeys.Builder newBuilderForType()
        Specified by:
        newBuilderForType in interface com.google.protobuf.Message
        Specified by:
        newBuilderForType in interface com.google.protobuf.MessageLite
      • toBuilder

        public TlsSessionTicketKeys.Builder toBuilder()
        Specified by:
        toBuilder in interface com.google.protobuf.Message
        Specified by:
        toBuilder in interface com.google.protobuf.MessageLite
      • newBuilderForType

        protected TlsSessionTicketKeys.Builder newBuilderForType​(com.google.protobuf.AbstractMessage.BuilderParent parent)
        Overrides:
        newBuilderForType in class com.google.protobuf.AbstractMessage
      • getParserForType

        public com.google.protobuf.Parser<TlsSessionTicketKeys> getParserForType()
        Specified by:
        getParserForType in interface com.google.protobuf.Message
        Specified by:
        getParserForType in interface com.google.protobuf.MessageLite
        Overrides:
        getParserForType in class com.google.protobuf.GeneratedMessage
      • getDefaultInstanceForType

        public TlsSessionTicketKeys getDefaultInstanceForType()
        Specified by:
        getDefaultInstanceForType in interface com.google.protobuf.MessageLiteOrBuilder
        Specified by:
        getDefaultInstanceForType in interface com.google.protobuf.MessageOrBuilder