Interface TlsCertificateOrBuilder
-
- All Superinterfaces:
com.google.protobuf.MessageLiteOrBuilder
,com.google.protobuf.MessageOrBuilder
- All Known Implementing Classes:
TlsCertificate
,TlsCertificate.Builder
public interface TlsCertificateOrBuilder extends com.google.protobuf.MessageOrBuilder
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description DataSource
getCertificateChain()
The TLS certificate chain.DataSourceOrBuilder
getCertificateChainOrBuilder()
The TLS certificate chain.DataSource
getOcspStaple()
The OCSP response to be stapled with this certificate during the handshake.DataSourceOrBuilder
getOcspStapleOrBuilder()
The OCSP response to be stapled with this certificate during the handshake.DataSource
getPassword()
The password to decrypt the TLS private key.DataSourceOrBuilder
getPasswordOrBuilder()
The password to decrypt the TLS private key.DataSource
getPkcs12()
``Pkcs12`` data containing TLS certificate, chain, and private key.DataSourceOrBuilder
getPkcs12OrBuilder()
``Pkcs12`` data containing TLS certificate, chain, and private key.DataSource
getPrivateKey()
The TLS private key.DataSourceOrBuilder
getPrivateKeyOrBuilder()
The TLS private key.PrivateKeyProvider
getPrivateKeyProvider()
BoringSSL private key method provider.PrivateKeyProviderOrBuilder
getPrivateKeyProviderOrBuilder()
BoringSSL private key method provider.DataSource
getSignedCertificateTimestamp(int index)
[#not-implemented-hide:]int
getSignedCertificateTimestampCount()
[#not-implemented-hide:]java.util.List<DataSource>
getSignedCertificateTimestampList()
[#not-implemented-hide:]DataSourceOrBuilder
getSignedCertificateTimestampOrBuilder(int index)
[#not-implemented-hide:]java.util.List<? extends DataSourceOrBuilder>
getSignedCertificateTimestampOrBuilderList()
[#not-implemented-hide:]WatchedDirectory
getWatchedDirectory()
If specified, updates of file-based ``certificate_chain`` and ``private_key`` sources will be triggered by this watch.WatchedDirectoryOrBuilder
getWatchedDirectoryOrBuilder()
If specified, updates of file-based ``certificate_chain`` and ``private_key`` sources will be triggered by this watch.boolean
hasCertificateChain()
The TLS certificate chain.boolean
hasOcspStaple()
The OCSP response to be stapled with this certificate during the handshake.boolean
hasPassword()
The password to decrypt the TLS private key.boolean
hasPkcs12()
``Pkcs12`` data containing TLS certificate, chain, and private key.boolean
hasPrivateKey()
The TLS private key.boolean
hasPrivateKeyProvider()
BoringSSL private key method provider.boolean
hasWatchedDirectory()
If specified, updates of file-based ``certificate_chain`` and ``private_key`` sources will be triggered by this watch.-
Methods inherited from interface com.google.protobuf.MessageOrBuilder
findInitializationErrors, getAllFields, getDefaultInstanceForType, getDescriptorForType, getField, getInitializationErrorString, getOneofFieldDescriptor, getRepeatedField, getRepeatedFieldCount, getUnknownFields, hasField, hasOneof
-
-
-
-
Method Detail
-
hasCertificateChain
boolean hasCertificateChain()
The TLS certificate chain. If ``certificate_chain`` is a filesystem path, a watch will be added to the parent directory for any file moves to support rotation. This currently only applies to dynamic secrets, when the ``TlsCertificate`` is delivered via SDS.
.envoy.config.core.v3.DataSource certificate_chain = 1;
- Returns:
- Whether the certificateChain field is set.
-
getCertificateChain
DataSource getCertificateChain()
The TLS certificate chain. If ``certificate_chain`` is a filesystem path, a watch will be added to the parent directory for any file moves to support rotation. This currently only applies to dynamic secrets, when the ``TlsCertificate`` is delivered via SDS.
.envoy.config.core.v3.DataSource certificate_chain = 1;
- Returns:
- The certificateChain.
-
getCertificateChainOrBuilder
DataSourceOrBuilder getCertificateChainOrBuilder()
The TLS certificate chain. If ``certificate_chain`` is a filesystem path, a watch will be added to the parent directory for any file moves to support rotation. This currently only applies to dynamic secrets, when the ``TlsCertificate`` is delivered via SDS.
.envoy.config.core.v3.DataSource certificate_chain = 1;
-
hasPrivateKey
boolean hasPrivateKey()
The TLS private key. If ``private_key`` is a filesystem path, a watch will be added to the parent directory for any file moves to support rotation. This currently only applies to dynamic secrets, when the ``TlsCertificate`` is delivered via SDS.
.envoy.config.core.v3.DataSource private_key = 2 [(.udpa.annotations.sensitive) = true];
- Returns:
- Whether the privateKey field is set.
-
getPrivateKey
DataSource getPrivateKey()
The TLS private key. If ``private_key`` is a filesystem path, a watch will be added to the parent directory for any file moves to support rotation. This currently only applies to dynamic secrets, when the ``TlsCertificate`` is delivered via SDS.
.envoy.config.core.v3.DataSource private_key = 2 [(.udpa.annotations.sensitive) = true];
- Returns:
- The privateKey.
-
getPrivateKeyOrBuilder
DataSourceOrBuilder getPrivateKeyOrBuilder()
The TLS private key. If ``private_key`` is a filesystem path, a watch will be added to the parent directory for any file moves to support rotation. This currently only applies to dynamic secrets, when the ``TlsCertificate`` is delivered via SDS.
.envoy.config.core.v3.DataSource private_key = 2 [(.udpa.annotations.sensitive) = true];
-
hasPkcs12
boolean hasPkcs12()
``Pkcs12`` data containing TLS certificate, chain, and private key. If ``pkcs12`` is a filesystem path, the file will be read, but no watch will be added to the parent directory, since ``pkcs12`` isn't used by SDS. This field is mutually exclusive with ``certificate_chain``, ``private_key`` and ``private_key_provider``. This can't be marked as ``oneof`` due to API compatibility reasons. Setting both :ref:`private_key <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>`, :ref:`certificate_chain <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.certificate_chain>`, or :ref:`private_key_provider <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key_provider>` and :ref:`pkcs12 <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.pkcs12>` fields will result in an error. Use :ref:`password <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.password>` to specify the password to unprotect the ``PKCS12`` data, if necessary.
.envoy.config.core.v3.DataSource pkcs12 = 8 [(.udpa.annotations.sensitive) = true];
- Returns:
- Whether the pkcs12 field is set.
-
getPkcs12
DataSource getPkcs12()
``Pkcs12`` data containing TLS certificate, chain, and private key. If ``pkcs12`` is a filesystem path, the file will be read, but no watch will be added to the parent directory, since ``pkcs12`` isn't used by SDS. This field is mutually exclusive with ``certificate_chain``, ``private_key`` and ``private_key_provider``. This can't be marked as ``oneof`` due to API compatibility reasons. Setting both :ref:`private_key <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>`, :ref:`certificate_chain <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.certificate_chain>`, or :ref:`private_key_provider <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key_provider>` and :ref:`pkcs12 <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.pkcs12>` fields will result in an error. Use :ref:`password <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.password>` to specify the password to unprotect the ``PKCS12`` data, if necessary.
.envoy.config.core.v3.DataSource pkcs12 = 8 [(.udpa.annotations.sensitive) = true];
- Returns:
- The pkcs12.
-
getPkcs12OrBuilder
DataSourceOrBuilder getPkcs12OrBuilder()
``Pkcs12`` data containing TLS certificate, chain, and private key. If ``pkcs12`` is a filesystem path, the file will be read, but no watch will be added to the parent directory, since ``pkcs12`` isn't used by SDS. This field is mutually exclusive with ``certificate_chain``, ``private_key`` and ``private_key_provider``. This can't be marked as ``oneof`` due to API compatibility reasons. Setting both :ref:`private_key <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>`, :ref:`certificate_chain <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.certificate_chain>`, or :ref:`private_key_provider <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key_provider>` and :ref:`pkcs12 <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.pkcs12>` fields will result in an error. Use :ref:`password <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.password>` to specify the password to unprotect the ``PKCS12`` data, if necessary.
.envoy.config.core.v3.DataSource pkcs12 = 8 [(.udpa.annotations.sensitive) = true];
-
hasWatchedDirectory
boolean hasWatchedDirectory()
If specified, updates of file-based ``certificate_chain`` and ``private_key`` sources will be triggered by this watch. The certificate/key pair will be read together and validated for atomic read consistency (i.e. no intervening modification occurred between cert/key read, verified by file hash comparisons). This allows explicit control over the path watched, by default the parent directories of the filesystem paths in ``certificate_chain`` and ``private_key`` are watched if this field is not specified. This only applies when a ``TlsCertificate`` is delivered by SDS with references to filesystem paths. See the :ref:`SDS key rotation <sds_key_rotation>` documentation for further details.
.envoy.config.core.v3.WatchedDirectory watched_directory = 7;
- Returns:
- Whether the watchedDirectory field is set.
-
getWatchedDirectory
WatchedDirectory getWatchedDirectory()
If specified, updates of file-based ``certificate_chain`` and ``private_key`` sources will be triggered by this watch. The certificate/key pair will be read together and validated for atomic read consistency (i.e. no intervening modification occurred between cert/key read, verified by file hash comparisons). This allows explicit control over the path watched, by default the parent directories of the filesystem paths in ``certificate_chain`` and ``private_key`` are watched if this field is not specified. This only applies when a ``TlsCertificate`` is delivered by SDS with references to filesystem paths. See the :ref:`SDS key rotation <sds_key_rotation>` documentation for further details.
.envoy.config.core.v3.WatchedDirectory watched_directory = 7;
- Returns:
- The watchedDirectory.
-
getWatchedDirectoryOrBuilder
WatchedDirectoryOrBuilder getWatchedDirectoryOrBuilder()
If specified, updates of file-based ``certificate_chain`` and ``private_key`` sources will be triggered by this watch. The certificate/key pair will be read together and validated for atomic read consistency (i.e. no intervening modification occurred between cert/key read, verified by file hash comparisons). This allows explicit control over the path watched, by default the parent directories of the filesystem paths in ``certificate_chain`` and ``private_key`` are watched if this field is not specified. This only applies when a ``TlsCertificate`` is delivered by SDS with references to filesystem paths. See the :ref:`SDS key rotation <sds_key_rotation>` documentation for further details.
.envoy.config.core.v3.WatchedDirectory watched_directory = 7;
-
hasPrivateKeyProvider
boolean hasPrivateKeyProvider()
BoringSSL private key method provider. This is an alternative to :ref:`private_key <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>` field. This can't be marked as ``oneof`` due to API compatibility reasons. Setting both :ref:`private_key <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>` and :ref:`private_key_provider <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key_provider>` fields will result in an error.
.envoy.extensions.transport_sockets.tls.v3.PrivateKeyProvider private_key_provider = 6;
- Returns:
- Whether the privateKeyProvider field is set.
-
getPrivateKeyProvider
PrivateKeyProvider getPrivateKeyProvider()
BoringSSL private key method provider. This is an alternative to :ref:`private_key <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>` field. This can't be marked as ``oneof`` due to API compatibility reasons. Setting both :ref:`private_key <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>` and :ref:`private_key_provider <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key_provider>` fields will result in an error.
.envoy.extensions.transport_sockets.tls.v3.PrivateKeyProvider private_key_provider = 6;
- Returns:
- The privateKeyProvider.
-
getPrivateKeyProviderOrBuilder
PrivateKeyProviderOrBuilder getPrivateKeyProviderOrBuilder()
BoringSSL private key method provider. This is an alternative to :ref:`private_key <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>` field. This can't be marked as ``oneof`` due to API compatibility reasons. Setting both :ref:`private_key <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>` and :ref:`private_key_provider <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key_provider>` fields will result in an error.
.envoy.extensions.transport_sockets.tls.v3.PrivateKeyProvider private_key_provider = 6;
-
hasPassword
boolean hasPassword()
The password to decrypt the TLS private key. If this field is not set, it is assumed that the TLS private key is not password encrypted.
.envoy.config.core.v3.DataSource password = 3 [(.udpa.annotations.sensitive) = true];
- Returns:
- Whether the password field is set.
-
getPassword
DataSource getPassword()
The password to decrypt the TLS private key. If this field is not set, it is assumed that the TLS private key is not password encrypted.
.envoy.config.core.v3.DataSource password = 3 [(.udpa.annotations.sensitive) = true];
- Returns:
- The password.
-
getPasswordOrBuilder
DataSourceOrBuilder getPasswordOrBuilder()
The password to decrypt the TLS private key. If this field is not set, it is assumed that the TLS private key is not password encrypted.
.envoy.config.core.v3.DataSource password = 3 [(.udpa.annotations.sensitive) = true];
-
hasOcspStaple
boolean hasOcspStaple()
The OCSP response to be stapled with this certificate during the handshake. The response must be DER-encoded and may only be provided via ``filename`` or ``inline_bytes``. The response may pertain to only one certificate.
.envoy.config.core.v3.DataSource ocsp_staple = 4;
- Returns:
- Whether the ocspStaple field is set.
-
getOcspStaple
DataSource getOcspStaple()
The OCSP response to be stapled with this certificate during the handshake. The response must be DER-encoded and may only be provided via ``filename`` or ``inline_bytes``. The response may pertain to only one certificate.
.envoy.config.core.v3.DataSource ocsp_staple = 4;
- Returns:
- The ocspStaple.
-
getOcspStapleOrBuilder
DataSourceOrBuilder getOcspStapleOrBuilder()
The OCSP response to be stapled with this certificate during the handshake. The response must be DER-encoded and may only be provided via ``filename`` or ``inline_bytes``. The response may pertain to only one certificate.
.envoy.config.core.v3.DataSource ocsp_staple = 4;
-
getSignedCertificateTimestampList
java.util.List<DataSource> getSignedCertificateTimestampList()
[#not-implemented-hide:]
repeated .envoy.config.core.v3.DataSource signed_certificate_timestamp = 5;
-
getSignedCertificateTimestamp
DataSource getSignedCertificateTimestamp(int index)
[#not-implemented-hide:]
repeated .envoy.config.core.v3.DataSource signed_certificate_timestamp = 5;
-
getSignedCertificateTimestampCount
int getSignedCertificateTimestampCount()
[#not-implemented-hide:]
repeated .envoy.config.core.v3.DataSource signed_certificate_timestamp = 5;
-
getSignedCertificateTimestampOrBuilderList
java.util.List<? extends DataSourceOrBuilder> getSignedCertificateTimestampOrBuilderList()
[#not-implemented-hide:]
repeated .envoy.config.core.v3.DataSource signed_certificate_timestamp = 5;
-
getSignedCertificateTimestampOrBuilder
DataSourceOrBuilder getSignedCertificateTimestampOrBuilder(int index)
[#not-implemented-hide:]
repeated .envoy.config.core.v3.DataSource signed_certificate_timestamp = 5;
-
-