Interface TlsCertificateOrBuilder

  • All Superinterfaces:
    com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder
    All Known Implementing Classes:
    TlsCertificate, TlsCertificate.Builder

    public interface TlsCertificateOrBuilder
    extends com.google.protobuf.MessageOrBuilder
    • Method Detail

      • hasCertificateChain

        boolean hasCertificateChain()
         The TLS certificate chain.
        
         If ``certificate_chain`` is a filesystem path, a watch will be added to the
         parent directory for any file moves to support rotation. This currently
         only applies to dynamic secrets, when the ``TlsCertificate`` is delivered via
         SDS.
         
        .envoy.config.core.v3.DataSource certificate_chain = 1;
        Returns:
        Whether the certificateChain field is set.
      • getCertificateChain

        DataSource getCertificateChain()
         The TLS certificate chain.
        
         If ``certificate_chain`` is a filesystem path, a watch will be added to the
         parent directory for any file moves to support rotation. This currently
         only applies to dynamic secrets, when the ``TlsCertificate`` is delivered via
         SDS.
         
        .envoy.config.core.v3.DataSource certificate_chain = 1;
        Returns:
        The certificateChain.
      • getCertificateChainOrBuilder

        DataSourceOrBuilder getCertificateChainOrBuilder()
         The TLS certificate chain.
        
         If ``certificate_chain`` is a filesystem path, a watch will be added to the
         parent directory for any file moves to support rotation. This currently
         only applies to dynamic secrets, when the ``TlsCertificate`` is delivered via
         SDS.
         
        .envoy.config.core.v3.DataSource certificate_chain = 1;
      • hasPrivateKey

        boolean hasPrivateKey()
         The TLS private key.
        
         If ``private_key`` is a filesystem path, a watch will be added to the parent
         directory for any file moves to support rotation. This currently only
         applies to dynamic secrets, when the ``TlsCertificate`` is delivered via SDS.
         
        .envoy.config.core.v3.DataSource private_key = 2 [(.udpa.annotations.sensitive) = true];
        Returns:
        Whether the privateKey field is set.
      • getPrivateKey

        DataSource getPrivateKey()
         The TLS private key.
        
         If ``private_key`` is a filesystem path, a watch will be added to the parent
         directory for any file moves to support rotation. This currently only
         applies to dynamic secrets, when the ``TlsCertificate`` is delivered via SDS.
         
        .envoy.config.core.v3.DataSource private_key = 2 [(.udpa.annotations.sensitive) = true];
        Returns:
        The privateKey.
      • getPrivateKeyOrBuilder

        DataSourceOrBuilder getPrivateKeyOrBuilder()
         The TLS private key.
        
         If ``private_key`` is a filesystem path, a watch will be added to the parent
         directory for any file moves to support rotation. This currently only
         applies to dynamic secrets, when the ``TlsCertificate`` is delivered via SDS.
         
        .envoy.config.core.v3.DataSource private_key = 2 [(.udpa.annotations.sensitive) = true];
      • hasPkcs12

        boolean hasPkcs12()
         ``Pkcs12`` data containing TLS certificate, chain, and private key.
        
         If ``pkcs12`` is a filesystem path, the file will be read, but no watch will
         be added to the parent directory, since ``pkcs12`` isn't used by SDS.
         This field is mutually exclusive with ``certificate_chain``, ``private_key`` and ``private_key_provider``.
         This can't be marked as ``oneof`` due to API compatibility reasons. Setting
         both :ref:`private_key <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>`,
         :ref:`certificate_chain <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.certificate_chain>`,
         or :ref:`private_key_provider <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key_provider>`
         and :ref:`pkcs12 <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.pkcs12>`
         fields will result in an error. Use :ref:`password
         <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.password>`
         to specify the password to unprotect the ``PKCS12`` data, if necessary.
         
        .envoy.config.core.v3.DataSource pkcs12 = 8 [(.udpa.annotations.sensitive) = true];
        Returns:
        Whether the pkcs12 field is set.
      • getPkcs12

        DataSource getPkcs12()
         ``Pkcs12`` data containing TLS certificate, chain, and private key.
        
         If ``pkcs12`` is a filesystem path, the file will be read, but no watch will
         be added to the parent directory, since ``pkcs12`` isn't used by SDS.
         This field is mutually exclusive with ``certificate_chain``, ``private_key`` and ``private_key_provider``.
         This can't be marked as ``oneof`` due to API compatibility reasons. Setting
         both :ref:`private_key <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>`,
         :ref:`certificate_chain <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.certificate_chain>`,
         or :ref:`private_key_provider <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key_provider>`
         and :ref:`pkcs12 <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.pkcs12>`
         fields will result in an error. Use :ref:`password
         <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.password>`
         to specify the password to unprotect the ``PKCS12`` data, if necessary.
         
        .envoy.config.core.v3.DataSource pkcs12 = 8 [(.udpa.annotations.sensitive) = true];
        Returns:
        The pkcs12.
      • getPkcs12OrBuilder

        DataSourceOrBuilder getPkcs12OrBuilder()
         ``Pkcs12`` data containing TLS certificate, chain, and private key.
        
         If ``pkcs12`` is a filesystem path, the file will be read, but no watch will
         be added to the parent directory, since ``pkcs12`` isn't used by SDS.
         This field is mutually exclusive with ``certificate_chain``, ``private_key`` and ``private_key_provider``.
         This can't be marked as ``oneof`` due to API compatibility reasons. Setting
         both :ref:`private_key <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>`,
         :ref:`certificate_chain <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.certificate_chain>`,
         or :ref:`private_key_provider <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key_provider>`
         and :ref:`pkcs12 <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.pkcs12>`
         fields will result in an error. Use :ref:`password
         <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.password>`
         to specify the password to unprotect the ``PKCS12`` data, if necessary.
         
        .envoy.config.core.v3.DataSource pkcs12 = 8 [(.udpa.annotations.sensitive) = true];
      • hasWatchedDirectory

        boolean hasWatchedDirectory()
         If specified, updates of file-based ``certificate_chain`` and ``private_key``
         sources will be triggered by this watch. The certificate/key pair will be
         read together and validated for atomic read consistency (i.e. no
         intervening modification occurred between cert/key read, verified by file
         hash comparisons). This allows explicit control over the path watched, by
         default the parent directories of the filesystem paths in
         ``certificate_chain`` and ``private_key`` are watched if this field is not
         specified. This only applies when a ``TlsCertificate`` is delivered by SDS
         with references to filesystem paths. See the :ref:`SDS key rotation
         <sds_key_rotation>` documentation for further details.
         
        .envoy.config.core.v3.WatchedDirectory watched_directory = 7;
        Returns:
        Whether the watchedDirectory field is set.
      • getWatchedDirectory

        WatchedDirectory getWatchedDirectory()
         If specified, updates of file-based ``certificate_chain`` and ``private_key``
         sources will be triggered by this watch. The certificate/key pair will be
         read together and validated for atomic read consistency (i.e. no
         intervening modification occurred between cert/key read, verified by file
         hash comparisons). This allows explicit control over the path watched, by
         default the parent directories of the filesystem paths in
         ``certificate_chain`` and ``private_key`` are watched if this field is not
         specified. This only applies when a ``TlsCertificate`` is delivered by SDS
         with references to filesystem paths. See the :ref:`SDS key rotation
         <sds_key_rotation>` documentation for further details.
         
        .envoy.config.core.v3.WatchedDirectory watched_directory = 7;
        Returns:
        The watchedDirectory.
      • getWatchedDirectoryOrBuilder

        WatchedDirectoryOrBuilder getWatchedDirectoryOrBuilder()
         If specified, updates of file-based ``certificate_chain`` and ``private_key``
         sources will be triggered by this watch. The certificate/key pair will be
         read together and validated for atomic read consistency (i.e. no
         intervening modification occurred between cert/key read, verified by file
         hash comparisons). This allows explicit control over the path watched, by
         default the parent directories of the filesystem paths in
         ``certificate_chain`` and ``private_key`` are watched if this field is not
         specified. This only applies when a ``TlsCertificate`` is delivered by SDS
         with references to filesystem paths. See the :ref:`SDS key rotation
         <sds_key_rotation>` documentation for further details.
         
        .envoy.config.core.v3.WatchedDirectory watched_directory = 7;
      • hasPrivateKeyProvider

        boolean hasPrivateKeyProvider()
         BoringSSL private key method provider. This is an alternative to :ref:`private_key
         <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>` field. This can't be
         marked as ``oneof`` due to API compatibility reasons. Setting both :ref:`private_key
         <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>` and
         :ref:`private_key_provider
         <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key_provider>` fields will result in an
         error.
         
        .envoy.extensions.transport_sockets.tls.v3.PrivateKeyProvider private_key_provider = 6;
        Returns:
        Whether the privateKeyProvider field is set.
      • getPrivateKeyProvider

        PrivateKeyProvider getPrivateKeyProvider()
         BoringSSL private key method provider. This is an alternative to :ref:`private_key
         <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>` field. This can't be
         marked as ``oneof`` due to API compatibility reasons. Setting both :ref:`private_key
         <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>` and
         :ref:`private_key_provider
         <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key_provider>` fields will result in an
         error.
         
        .envoy.extensions.transport_sockets.tls.v3.PrivateKeyProvider private_key_provider = 6;
        Returns:
        The privateKeyProvider.
      • getPrivateKeyProviderOrBuilder

        PrivateKeyProviderOrBuilder getPrivateKeyProviderOrBuilder()
         BoringSSL private key method provider. This is an alternative to :ref:`private_key
         <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>` field. This can't be
         marked as ``oneof`` due to API compatibility reasons. Setting both :ref:`private_key
         <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>` and
         :ref:`private_key_provider
         <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key_provider>` fields will result in an
         error.
         
        .envoy.extensions.transport_sockets.tls.v3.PrivateKeyProvider private_key_provider = 6;
      • hasPassword

        boolean hasPassword()
         The password to decrypt the TLS private key. If this field is not set, it is assumed that the
         TLS private key is not password encrypted.
         
        .envoy.config.core.v3.DataSource password = 3 [(.udpa.annotations.sensitive) = true];
        Returns:
        Whether the password field is set.
      • getPassword

        DataSource getPassword()
         The password to decrypt the TLS private key. If this field is not set, it is assumed that the
         TLS private key is not password encrypted.
         
        .envoy.config.core.v3.DataSource password = 3 [(.udpa.annotations.sensitive) = true];
        Returns:
        The password.
      • getPasswordOrBuilder

        DataSourceOrBuilder getPasswordOrBuilder()
         The password to decrypt the TLS private key. If this field is not set, it is assumed that the
         TLS private key is not password encrypted.
         
        .envoy.config.core.v3.DataSource password = 3 [(.udpa.annotations.sensitive) = true];
      • hasOcspStaple

        boolean hasOcspStaple()
         The OCSP response to be stapled with this certificate during the handshake.
         The response must be DER-encoded and may only be  provided via ``filename`` or
         ``inline_bytes``. The response may pertain to only one certificate.
         
        .envoy.config.core.v3.DataSource ocsp_staple = 4;
        Returns:
        Whether the ocspStaple field is set.
      • getOcspStaple

        DataSource getOcspStaple()
         The OCSP response to be stapled with this certificate during the handshake.
         The response must be DER-encoded and may only be  provided via ``filename`` or
         ``inline_bytes``. The response may pertain to only one certificate.
         
        .envoy.config.core.v3.DataSource ocsp_staple = 4;
        Returns:
        The ocspStaple.
      • getOcspStapleOrBuilder

        DataSourceOrBuilder getOcspStapleOrBuilder()
         The OCSP response to be stapled with this certificate during the handshake.
         The response must be DER-encoded and may only be  provided via ``filename`` or
         ``inline_bytes``. The response may pertain to only one certificate.
         
        .envoy.config.core.v3.DataSource ocsp_staple = 4;
      • getSignedCertificateTimestampList

        java.util.List<DataSource> getSignedCertificateTimestampList()
         [#not-implemented-hide:]
         
        repeated .envoy.config.core.v3.DataSource signed_certificate_timestamp = 5;
      • getSignedCertificateTimestamp

        DataSource getSignedCertificateTimestamp​(int index)
         [#not-implemented-hide:]
         
        repeated .envoy.config.core.v3.DataSource signed_certificate_timestamp = 5;
      • getSignedCertificateTimestampCount

        int getSignedCertificateTimestampCount()
         [#not-implemented-hide:]
         
        repeated .envoy.config.core.v3.DataSource signed_certificate_timestamp = 5;
      • getSignedCertificateTimestampOrBuilderList

        java.util.List<? extends DataSourceOrBuilder> getSignedCertificateTimestampOrBuilderList()
         [#not-implemented-hide:]
         
        repeated .envoy.config.core.v3.DataSource signed_certificate_timestamp = 5;
      • getSignedCertificateTimestampOrBuilder

        DataSourceOrBuilder getSignedCertificateTimestampOrBuilder​(int index)
         [#not-implemented-hide:]
         
        repeated .envoy.config.core.v3.DataSource signed_certificate_timestamp = 5;