Class TlsSessionTicketKeys
- java.lang.Object
-
- com.google.protobuf.AbstractMessageLite
-
- com.google.protobuf.AbstractMessage
-
- com.google.protobuf.GeneratedMessage
-
- io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.TlsSessionTicketKeys
-
- All Implemented Interfaces:
com.google.protobuf.Message
,com.google.protobuf.MessageLite
,com.google.protobuf.MessageLiteOrBuilder
,com.google.protobuf.MessageOrBuilder
,TlsSessionTicketKeysOrBuilder
,java.io.Serializable
public final class TlsSessionTicketKeys extends com.google.protobuf.GeneratedMessage implements TlsSessionTicketKeysOrBuilder
Protobuf typeenvoy.extensions.transport_sockets.tls.v3.TlsSessionTicketKeys
- See Also:
- Serialized Form
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
TlsSessionTicketKeys.Builder
Protobuf typeenvoy.extensions.transport_sockets.tls.v3.TlsSessionTicketKeys
-
Nested classes/interfaces inherited from class com.google.protobuf.GeneratedMessage
com.google.protobuf.GeneratedMessage.ExtendableBuilder<MessageT extends com.google.protobuf.GeneratedMessage.ExtendableMessage<MessageT>,BuilderT extends com.google.protobuf.GeneratedMessage.ExtendableBuilder<MessageT,BuilderT>>, com.google.protobuf.GeneratedMessage.ExtendableMessage<MessageT extends com.google.protobuf.GeneratedMessage.ExtendableMessage<MessageT>>, com.google.protobuf.GeneratedMessage.ExtendableMessageOrBuilder<MessageT extends com.google.protobuf.GeneratedMessage.ExtendableMessage<MessageT>>, com.google.protobuf.GeneratedMessage.FieldAccessorTable, com.google.protobuf.GeneratedMessage.GeneratedExtension<ContainingT extends com.google.protobuf.Message,T extends java.lang.Object>, com.google.protobuf.GeneratedMessage.UnusedPrivateParameter
-
-
Field Summary
Fields Modifier and Type Field Description private static TlsSessionTicketKeys
DEFAULT_INSTANCE
private java.util.List<DataSource>
keys_
static int
KEYS_FIELD_NUMBER
private byte
memoizedIsInitialized
private static com.google.protobuf.Parser<TlsSessionTicketKeys>
PARSER
private static long
serialVersionUID
-
Constructor Summary
Constructors Modifier Constructor Description private
TlsSessionTicketKeys()
private
TlsSessionTicketKeys(com.google.protobuf.GeneratedMessage.Builder<?> builder)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description boolean
equals(java.lang.Object obj)
static TlsSessionTicketKeys
getDefaultInstance()
TlsSessionTicketKeys
getDefaultInstanceForType()
static com.google.protobuf.Descriptors.Descriptor
getDescriptor()
DataSource
getKeys(int index)
Keys for encrypting and decrypting TLS session tickets.int
getKeysCount()
Keys for encrypting and decrypting TLS session tickets.java.util.List<DataSource>
getKeysList()
Keys for encrypting and decrypting TLS session tickets.DataSourceOrBuilder
getKeysOrBuilder(int index)
Keys for encrypting and decrypting TLS session tickets.java.util.List<? extends DataSourceOrBuilder>
getKeysOrBuilderList()
Keys for encrypting and decrypting TLS session tickets.com.google.protobuf.Parser<TlsSessionTicketKeys>
getParserForType()
int
getSerializedSize()
int
hashCode()
protected com.google.protobuf.GeneratedMessage.FieldAccessorTable
internalGetFieldAccessorTable()
boolean
isInitialized()
static TlsSessionTicketKeys.Builder
newBuilder()
static TlsSessionTicketKeys.Builder
newBuilder(TlsSessionTicketKeys prototype)
TlsSessionTicketKeys.Builder
newBuilderForType()
protected TlsSessionTicketKeys.Builder
newBuilderForType(com.google.protobuf.AbstractMessage.BuilderParent parent)
static TlsSessionTicketKeys
parseDelimitedFrom(java.io.InputStream input)
static TlsSessionTicketKeys
parseDelimitedFrom(java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
static TlsSessionTicketKeys
parseFrom(byte[] data)
static TlsSessionTicketKeys
parseFrom(byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
static TlsSessionTicketKeys
parseFrom(com.google.protobuf.ByteString data)
static TlsSessionTicketKeys
parseFrom(com.google.protobuf.ByteString data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
static TlsSessionTicketKeys
parseFrom(com.google.protobuf.CodedInputStream input)
static TlsSessionTicketKeys
parseFrom(com.google.protobuf.CodedInputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
static TlsSessionTicketKeys
parseFrom(java.io.InputStream input)
static TlsSessionTicketKeys
parseFrom(java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
static TlsSessionTicketKeys
parseFrom(java.nio.ByteBuffer data)
static TlsSessionTicketKeys
parseFrom(java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
static com.google.protobuf.Parser<TlsSessionTicketKeys>
parser()
TlsSessionTicketKeys.Builder
toBuilder()
void
writeTo(com.google.protobuf.CodedOutputStream output)
-
Methods inherited from class com.google.protobuf.GeneratedMessage
canUseUnsafe, computeStringSize, computeStringSizeNoTag, emptyBooleanList, emptyDoubleList, emptyFloatList, emptyIntList, emptyList, emptyLongList, getAllFields, getDescriptorForType, getField, getOneofFieldDescriptor, getRepeatedField, getRepeatedFieldCount, getUnknownFields, hasField, hasOneof, internalGetMapField, internalGetMapFieldReflection, isStringEmpty, makeMutableCopy, makeMutableCopy, mergeFromAndMakeImmutableInternal, newFileScopedGeneratedExtension, newInstance, newMessageScopedGeneratedExtension, parseDelimitedWithIOException, parseDelimitedWithIOException, parseUnknownField, parseUnknownFieldProto3, parseWithIOException, parseWithIOException, parseWithIOException, parseWithIOException, serializeBooleanMapTo, serializeIntegerMapTo, serializeLongMapTo, serializeStringMapTo, writeReplace, writeString, writeStringNoTag
-
Methods inherited from class com.google.protobuf.AbstractMessage
findInitializationErrors, getInitializationErrorString, hashFields, toString
-
Methods inherited from class com.google.protobuf.AbstractMessageLite
addAll, checkByteStringIsUtf8, toByteArray, toByteString, writeDelimitedTo, writeTo
-
Methods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, wait, wait, wait
-
-
-
-
Field Detail
-
serialVersionUID
private static final long serialVersionUID
- See Also:
- Constant Field Values
-
KEYS_FIELD_NUMBER
public static final int KEYS_FIELD_NUMBER
- See Also:
- Constant Field Values
-
keys_
private java.util.List<DataSource> keys_
-
memoizedIsInitialized
private byte memoizedIsInitialized
-
DEFAULT_INSTANCE
private static final TlsSessionTicketKeys DEFAULT_INSTANCE
-
PARSER
private static final com.google.protobuf.Parser<TlsSessionTicketKeys> PARSER
-
-
Method Detail
-
getDescriptor
public static final com.google.protobuf.Descriptors.Descriptor getDescriptor()
-
internalGetFieldAccessorTable
protected com.google.protobuf.GeneratedMessage.FieldAccessorTable internalGetFieldAccessorTable()
- Specified by:
internalGetFieldAccessorTable
in classcom.google.protobuf.GeneratedMessage
-
getKeysList
public java.util.List<DataSource> getKeysList()
Keys for encrypting and decrypting TLS session tickets. The first key in the array contains the key to encrypt all new sessions created by this context. All keys are candidates for decrypting received tickets. This allows for easy rotation of keys by, for example, putting the new key first, and the previous key second. If :ref:`session_ticket_keys <envoy_v3_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.session_ticket_keys>` is not specified, the TLS library will still support resuming sessions via tickets, but it will use an internally-generated and managed key, so sessions cannot be resumed across hot restarts or on different hosts. Each key must contain exactly 80 bytes of cryptographically-secure random data. For example, the output of ``openssl rand 80``. .. attention:: Using this feature has serious security considerations and risks. Improper handling of keys may result in loss of secrecy in connections, even if ciphers supporting perfect forward secrecy are used. See https://www.imperialviolet.org/2013/06/27/botchingpfs.html for some discussion. To minimize the risk, you must: * Keep the session ticket keys at least as secure as your TLS certificate private keys * Rotate session ticket keys at least daily, and preferably hourly * Always generate keys using a cryptographically-secure random data source
repeated .envoy.config.core.v3.DataSource keys = 1 [(.validate.rules) = { ... }
- Specified by:
getKeysList
in interfaceTlsSessionTicketKeysOrBuilder
-
getKeysOrBuilderList
public java.util.List<? extends DataSourceOrBuilder> getKeysOrBuilderList()
Keys for encrypting and decrypting TLS session tickets. The first key in the array contains the key to encrypt all new sessions created by this context. All keys are candidates for decrypting received tickets. This allows for easy rotation of keys by, for example, putting the new key first, and the previous key second. If :ref:`session_ticket_keys <envoy_v3_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.session_ticket_keys>` is not specified, the TLS library will still support resuming sessions via tickets, but it will use an internally-generated and managed key, so sessions cannot be resumed across hot restarts or on different hosts. Each key must contain exactly 80 bytes of cryptographically-secure random data. For example, the output of ``openssl rand 80``. .. attention:: Using this feature has serious security considerations and risks. Improper handling of keys may result in loss of secrecy in connections, even if ciphers supporting perfect forward secrecy are used. See https://www.imperialviolet.org/2013/06/27/botchingpfs.html for some discussion. To minimize the risk, you must: * Keep the session ticket keys at least as secure as your TLS certificate private keys * Rotate session ticket keys at least daily, and preferably hourly * Always generate keys using a cryptographically-secure random data source
repeated .envoy.config.core.v3.DataSource keys = 1 [(.validate.rules) = { ... }
- Specified by:
getKeysOrBuilderList
in interfaceTlsSessionTicketKeysOrBuilder
-
getKeysCount
public int getKeysCount()
Keys for encrypting and decrypting TLS session tickets. The first key in the array contains the key to encrypt all new sessions created by this context. All keys are candidates for decrypting received tickets. This allows for easy rotation of keys by, for example, putting the new key first, and the previous key second. If :ref:`session_ticket_keys <envoy_v3_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.session_ticket_keys>` is not specified, the TLS library will still support resuming sessions via tickets, but it will use an internally-generated and managed key, so sessions cannot be resumed across hot restarts or on different hosts. Each key must contain exactly 80 bytes of cryptographically-secure random data. For example, the output of ``openssl rand 80``. .. attention:: Using this feature has serious security considerations and risks. Improper handling of keys may result in loss of secrecy in connections, even if ciphers supporting perfect forward secrecy are used. See https://www.imperialviolet.org/2013/06/27/botchingpfs.html for some discussion. To minimize the risk, you must: * Keep the session ticket keys at least as secure as your TLS certificate private keys * Rotate session ticket keys at least daily, and preferably hourly * Always generate keys using a cryptographically-secure random data source
repeated .envoy.config.core.v3.DataSource keys = 1 [(.validate.rules) = { ... }
- Specified by:
getKeysCount
in interfaceTlsSessionTicketKeysOrBuilder
-
getKeys
public DataSource getKeys(int index)
Keys for encrypting and decrypting TLS session tickets. The first key in the array contains the key to encrypt all new sessions created by this context. All keys are candidates for decrypting received tickets. This allows for easy rotation of keys by, for example, putting the new key first, and the previous key second. If :ref:`session_ticket_keys <envoy_v3_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.session_ticket_keys>` is not specified, the TLS library will still support resuming sessions via tickets, but it will use an internally-generated and managed key, so sessions cannot be resumed across hot restarts or on different hosts. Each key must contain exactly 80 bytes of cryptographically-secure random data. For example, the output of ``openssl rand 80``. .. attention:: Using this feature has serious security considerations and risks. Improper handling of keys may result in loss of secrecy in connections, even if ciphers supporting perfect forward secrecy are used. See https://www.imperialviolet.org/2013/06/27/botchingpfs.html for some discussion. To minimize the risk, you must: * Keep the session ticket keys at least as secure as your TLS certificate private keys * Rotate session ticket keys at least daily, and preferably hourly * Always generate keys using a cryptographically-secure random data source
repeated .envoy.config.core.v3.DataSource keys = 1 [(.validate.rules) = { ... }
- Specified by:
getKeys
in interfaceTlsSessionTicketKeysOrBuilder
-
getKeysOrBuilder
public DataSourceOrBuilder getKeysOrBuilder(int index)
Keys for encrypting and decrypting TLS session tickets. The first key in the array contains the key to encrypt all new sessions created by this context. All keys are candidates for decrypting received tickets. This allows for easy rotation of keys by, for example, putting the new key first, and the previous key second. If :ref:`session_ticket_keys <envoy_v3_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.session_ticket_keys>` is not specified, the TLS library will still support resuming sessions via tickets, but it will use an internally-generated and managed key, so sessions cannot be resumed across hot restarts or on different hosts. Each key must contain exactly 80 bytes of cryptographically-secure random data. For example, the output of ``openssl rand 80``. .. attention:: Using this feature has serious security considerations and risks. Improper handling of keys may result in loss of secrecy in connections, even if ciphers supporting perfect forward secrecy are used. See https://www.imperialviolet.org/2013/06/27/botchingpfs.html for some discussion. To minimize the risk, you must: * Keep the session ticket keys at least as secure as your TLS certificate private keys * Rotate session ticket keys at least daily, and preferably hourly * Always generate keys using a cryptographically-secure random data source
repeated .envoy.config.core.v3.DataSource keys = 1 [(.validate.rules) = { ... }
- Specified by:
getKeysOrBuilder
in interfaceTlsSessionTicketKeysOrBuilder
-
isInitialized
public final boolean isInitialized()
- Specified by:
isInitialized
in interfacecom.google.protobuf.MessageLiteOrBuilder
- Overrides:
isInitialized
in classcom.google.protobuf.GeneratedMessage
-
writeTo
public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException
- Specified by:
writeTo
in interfacecom.google.protobuf.MessageLite
- Overrides:
writeTo
in classcom.google.protobuf.GeneratedMessage
- Throws:
java.io.IOException
-
getSerializedSize
public int getSerializedSize()
- Specified by:
getSerializedSize
in interfacecom.google.protobuf.MessageLite
- Overrides:
getSerializedSize
in classcom.google.protobuf.GeneratedMessage
-
equals
public boolean equals(java.lang.Object obj)
- Specified by:
equals
in interfacecom.google.protobuf.Message
- Overrides:
equals
in classcom.google.protobuf.AbstractMessage
-
hashCode
public int hashCode()
- Specified by:
hashCode
in interfacecom.google.protobuf.Message
- Overrides:
hashCode
in classcom.google.protobuf.AbstractMessage
-
parseFrom
public static TlsSessionTicketKeys parseFrom(java.nio.ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException
- Throws:
com.google.protobuf.InvalidProtocolBufferException
-
parseFrom
public static TlsSessionTicketKeys parseFrom(java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws com.google.protobuf.InvalidProtocolBufferException
- Throws:
com.google.protobuf.InvalidProtocolBufferException
-
parseFrom
public static TlsSessionTicketKeys parseFrom(com.google.protobuf.ByteString data) throws com.google.protobuf.InvalidProtocolBufferException
- Throws:
com.google.protobuf.InvalidProtocolBufferException
-
parseFrom
public static TlsSessionTicketKeys parseFrom(com.google.protobuf.ByteString data, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws com.google.protobuf.InvalidProtocolBufferException
- Throws:
com.google.protobuf.InvalidProtocolBufferException
-
parseFrom
public static TlsSessionTicketKeys parseFrom(byte[] data) throws com.google.protobuf.InvalidProtocolBufferException
- Throws:
com.google.protobuf.InvalidProtocolBufferException
-
parseFrom
public static TlsSessionTicketKeys parseFrom(byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws com.google.protobuf.InvalidProtocolBufferException
- Throws:
com.google.protobuf.InvalidProtocolBufferException
-
parseFrom
public static TlsSessionTicketKeys parseFrom(java.io.InputStream input) throws java.io.IOException
- Throws:
java.io.IOException
-
parseFrom
public static TlsSessionTicketKeys parseFrom(java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws java.io.IOException
- Throws:
java.io.IOException
-
parseDelimitedFrom
public static TlsSessionTicketKeys parseDelimitedFrom(java.io.InputStream input) throws java.io.IOException
- Throws:
java.io.IOException
-
parseDelimitedFrom
public static TlsSessionTicketKeys parseDelimitedFrom(java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws java.io.IOException
- Throws:
java.io.IOException
-
parseFrom
public static TlsSessionTicketKeys parseFrom(com.google.protobuf.CodedInputStream input) throws java.io.IOException
- Throws:
java.io.IOException
-
parseFrom
public static TlsSessionTicketKeys parseFrom(com.google.protobuf.CodedInputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws java.io.IOException
- Throws:
java.io.IOException
-
newBuilderForType
public TlsSessionTicketKeys.Builder newBuilderForType()
- Specified by:
newBuilderForType
in interfacecom.google.protobuf.Message
- Specified by:
newBuilderForType
in interfacecom.google.protobuf.MessageLite
-
newBuilder
public static TlsSessionTicketKeys.Builder newBuilder()
-
newBuilder
public static TlsSessionTicketKeys.Builder newBuilder(TlsSessionTicketKeys prototype)
-
toBuilder
public TlsSessionTicketKeys.Builder toBuilder()
- Specified by:
toBuilder
in interfacecom.google.protobuf.Message
- Specified by:
toBuilder
in interfacecom.google.protobuf.MessageLite
-
newBuilderForType
protected TlsSessionTicketKeys.Builder newBuilderForType(com.google.protobuf.AbstractMessage.BuilderParent parent)
- Overrides:
newBuilderForType
in classcom.google.protobuf.AbstractMessage
-
getDefaultInstance
public static TlsSessionTicketKeys getDefaultInstance()
-
parser
public static com.google.protobuf.Parser<TlsSessionTicketKeys> parser()
-
getParserForType
public com.google.protobuf.Parser<TlsSessionTicketKeys> getParserForType()
- Specified by:
getParserForType
in interfacecom.google.protobuf.Message
- Specified by:
getParserForType
in interfacecom.google.protobuf.MessageLite
- Overrides:
getParserForType
in classcom.google.protobuf.GeneratedMessage
-
getDefaultInstanceForType
public TlsSessionTicketKeys getDefaultInstanceForType()
- Specified by:
getDefaultInstanceForType
in interfacecom.google.protobuf.MessageLiteOrBuilder
- Specified by:
getDefaultInstanceForType
in interfacecom.google.protobuf.MessageOrBuilder
-
-