Class DownstreamTlsContext

java.lang.Object
com.google.protobuf.AbstractMessageLite
com.google.protobuf.AbstractMessage
com.google.protobuf.GeneratedMessage
io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext
All Implemented Interfaces:
com.google.protobuf.Message, com.google.protobuf.MessageLite, com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder, DownstreamTlsContextOrBuilder, Serializable

public final class DownstreamTlsContext extends com.google.protobuf.GeneratedMessage implements DownstreamTlsContextOrBuilder
 [#next-free-field: 11]
 
Protobuf type envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext
See Also:
  • Field Details

    • serialVersionUID

      private static final long serialVersionUID
      See Also:
    • bitField0_

      private int bitField0_
    • sessionTicketKeysTypeCase_

      private int sessionTicketKeysTypeCase_
    • sessionTicketKeysType_

      private Object sessionTicketKeysType_
    • COMMON_TLS_CONTEXT_FIELD_NUMBER

      public static final int COMMON_TLS_CONTEXT_FIELD_NUMBER
      See Also:
    • commonTlsContext_

      private CommonTlsContext commonTlsContext_
    • REQUIRE_CLIENT_CERTIFICATE_FIELD_NUMBER

      public static final int REQUIRE_CLIENT_CERTIFICATE_FIELD_NUMBER
      See Also:
    • requireClientCertificate_

      private com.google.protobuf.BoolValue requireClientCertificate_
    • REQUIRE_SNI_FIELD_NUMBER

      public static final int REQUIRE_SNI_FIELD_NUMBER
      See Also:
    • requireSni_

      private com.google.protobuf.BoolValue requireSni_
    • SESSION_TICKET_KEYS_FIELD_NUMBER

      public static final int SESSION_TICKET_KEYS_FIELD_NUMBER
      See Also:
    • SESSION_TICKET_KEYS_SDS_SECRET_CONFIG_FIELD_NUMBER

      public static final int SESSION_TICKET_KEYS_SDS_SECRET_CONFIG_FIELD_NUMBER
      See Also:
    • DISABLE_STATELESS_SESSION_RESUMPTION_FIELD_NUMBER

      public static final int DISABLE_STATELESS_SESSION_RESUMPTION_FIELD_NUMBER
      See Also:
    • DISABLE_STATEFUL_SESSION_RESUMPTION_FIELD_NUMBER

      public static final int DISABLE_STATEFUL_SESSION_RESUMPTION_FIELD_NUMBER
      See Also:
    • disableStatefulSessionResumption_

      private boolean disableStatefulSessionResumption_
    • SESSION_TIMEOUT_FIELD_NUMBER

      public static final int SESSION_TIMEOUT_FIELD_NUMBER
      See Also:
    • sessionTimeout_

      private com.google.protobuf.Duration sessionTimeout_
    • OCSP_STAPLE_POLICY_FIELD_NUMBER

      public static final int OCSP_STAPLE_POLICY_FIELD_NUMBER
      See Also:
    • ocspStaplePolicy_

      private int ocspStaplePolicy_
    • FULL_SCAN_CERTS_ON_SNI_MISMATCH_FIELD_NUMBER

      public static final int FULL_SCAN_CERTS_ON_SNI_MISMATCH_FIELD_NUMBER
      See Also:
    • fullScanCertsOnSniMismatch_

      private com.google.protobuf.BoolValue fullScanCertsOnSniMismatch_
    • memoizedIsInitialized

      private byte memoizedIsInitialized
    • DEFAULT_INSTANCE

      private static final DownstreamTlsContext DEFAULT_INSTANCE
    • PARSER

      private static final com.google.protobuf.Parser<DownstreamTlsContext> PARSER
  • Constructor Details

    • DownstreamTlsContext

      private DownstreamTlsContext(com.google.protobuf.GeneratedMessage.Builder<?> builder)
    • DownstreamTlsContext

      private DownstreamTlsContext()
  • Method Details

    • getDescriptor

      public static final com.google.protobuf.Descriptors.Descriptor getDescriptor()
    • internalGetFieldAccessorTable

      protected com.google.protobuf.GeneratedMessage.FieldAccessorTable internalGetFieldAccessorTable()
      Specified by:
      internalGetFieldAccessorTable in class com.google.protobuf.GeneratedMessage
    • getSessionTicketKeysTypeCase

      public DownstreamTlsContext.SessionTicketKeysTypeCase getSessionTicketKeysTypeCase()
      Specified by:
      getSessionTicketKeysTypeCase in interface DownstreamTlsContextOrBuilder
    • hasCommonTlsContext

      public boolean hasCommonTlsContext()
       Common TLS context settings.
       
      .envoy.extensions.transport_sockets.tls.v3.CommonTlsContext common_tls_context = 1;
      Specified by:
      hasCommonTlsContext in interface DownstreamTlsContextOrBuilder
      Returns:
      Whether the commonTlsContext field is set.
    • getCommonTlsContext

      public CommonTlsContext getCommonTlsContext()
       Common TLS context settings.
       
      .envoy.extensions.transport_sockets.tls.v3.CommonTlsContext common_tls_context = 1;
      Specified by:
      getCommonTlsContext in interface DownstreamTlsContextOrBuilder
      Returns:
      The commonTlsContext.
    • getCommonTlsContextOrBuilder

      public CommonTlsContextOrBuilder getCommonTlsContextOrBuilder()
       Common TLS context settings.
       
      .envoy.extensions.transport_sockets.tls.v3.CommonTlsContext common_tls_context = 1;
      Specified by:
      getCommonTlsContextOrBuilder in interface DownstreamTlsContextOrBuilder
    • hasRequireClientCertificate

      public boolean hasRequireClientCertificate()
       If specified, Envoy will reject connections without a valid client
       certificate.
       
      .google.protobuf.BoolValue require_client_certificate = 2;
      Specified by:
      hasRequireClientCertificate in interface DownstreamTlsContextOrBuilder
      Returns:
      Whether the requireClientCertificate field is set.
    • getRequireClientCertificate

      public com.google.protobuf.BoolValue getRequireClientCertificate()
       If specified, Envoy will reject connections without a valid client
       certificate.
       
      .google.protobuf.BoolValue require_client_certificate = 2;
      Specified by:
      getRequireClientCertificate in interface DownstreamTlsContextOrBuilder
      Returns:
      The requireClientCertificate.
    • getRequireClientCertificateOrBuilder

      public com.google.protobuf.BoolValueOrBuilder getRequireClientCertificateOrBuilder()
       If specified, Envoy will reject connections without a valid client
       certificate.
       
      .google.protobuf.BoolValue require_client_certificate = 2;
      Specified by:
      getRequireClientCertificateOrBuilder in interface DownstreamTlsContextOrBuilder
    • hasRequireSni

      public boolean hasRequireSni()
       If specified, Envoy will reject connections without a valid and matching SNI.
       [#not-implemented-hide:]
       
      .google.protobuf.BoolValue require_sni = 3;
      Specified by:
      hasRequireSni in interface DownstreamTlsContextOrBuilder
      Returns:
      Whether the requireSni field is set.
    • getRequireSni

      public com.google.protobuf.BoolValue getRequireSni()
       If specified, Envoy will reject connections without a valid and matching SNI.
       [#not-implemented-hide:]
       
      .google.protobuf.BoolValue require_sni = 3;
      Specified by:
      getRequireSni in interface DownstreamTlsContextOrBuilder
      Returns:
      The requireSni.
    • getRequireSniOrBuilder

      public com.google.protobuf.BoolValueOrBuilder getRequireSniOrBuilder()
       If specified, Envoy will reject connections without a valid and matching SNI.
       [#not-implemented-hide:]
       
      .google.protobuf.BoolValue require_sni = 3;
      Specified by:
      getRequireSniOrBuilder in interface DownstreamTlsContextOrBuilder
    • hasSessionTicketKeys

      public boolean hasSessionTicketKeys()
       TLS session ticket key settings.
       
      .envoy.extensions.transport_sockets.tls.v3.TlsSessionTicketKeys session_ticket_keys = 4;
      Specified by:
      hasSessionTicketKeys in interface DownstreamTlsContextOrBuilder
      Returns:
      Whether the sessionTicketKeys field is set.
    • getSessionTicketKeys

      public TlsSessionTicketKeys getSessionTicketKeys()
       TLS session ticket key settings.
       
      .envoy.extensions.transport_sockets.tls.v3.TlsSessionTicketKeys session_ticket_keys = 4;
      Specified by:
      getSessionTicketKeys in interface DownstreamTlsContextOrBuilder
      Returns:
      The sessionTicketKeys.
    • getSessionTicketKeysOrBuilder

      public TlsSessionTicketKeysOrBuilder getSessionTicketKeysOrBuilder()
       TLS session ticket key settings.
       
      .envoy.extensions.transport_sockets.tls.v3.TlsSessionTicketKeys session_ticket_keys = 4;
      Specified by:
      getSessionTicketKeysOrBuilder in interface DownstreamTlsContextOrBuilder
    • hasSessionTicketKeysSdsSecretConfig

      public boolean hasSessionTicketKeysSdsSecretConfig()
       Config for fetching TLS session ticket keys via SDS API.
       
      .envoy.extensions.transport_sockets.tls.v3.SdsSecretConfig session_ticket_keys_sds_secret_config = 5;
      Specified by:
      hasSessionTicketKeysSdsSecretConfig in interface DownstreamTlsContextOrBuilder
      Returns:
      Whether the sessionTicketKeysSdsSecretConfig field is set.
    • getSessionTicketKeysSdsSecretConfig

      public SdsSecretConfig getSessionTicketKeysSdsSecretConfig()
       Config for fetching TLS session ticket keys via SDS API.
       
      .envoy.extensions.transport_sockets.tls.v3.SdsSecretConfig session_ticket_keys_sds_secret_config = 5;
      Specified by:
      getSessionTicketKeysSdsSecretConfig in interface DownstreamTlsContextOrBuilder
      Returns:
      The sessionTicketKeysSdsSecretConfig.
    • getSessionTicketKeysSdsSecretConfigOrBuilder

      public SdsSecretConfigOrBuilder getSessionTicketKeysSdsSecretConfigOrBuilder()
       Config for fetching TLS session ticket keys via SDS API.
       
      .envoy.extensions.transport_sockets.tls.v3.SdsSecretConfig session_ticket_keys_sds_secret_config = 5;
      Specified by:
      getSessionTicketKeysSdsSecretConfigOrBuilder in interface DownstreamTlsContextOrBuilder
    • hasDisableStatelessSessionResumption

      public boolean hasDisableStatelessSessionResumption()
       Config for controlling stateless TLS session resumption: setting this to true will cause the TLS
       server to not issue TLS session tickets for the purposes of stateless TLS session resumption.
       If set to false, the TLS server will issue TLS session tickets and encrypt/decrypt them using
       the keys specified through either :ref:`session_ticket_keys <envoy_v3_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.session_ticket_keys>`
       or :ref:`session_ticket_keys_sds_secret_config <envoy_v3_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.session_ticket_keys_sds_secret_config>`.
       If this config is set to false and no keys are explicitly configured, the TLS server will issue
       TLS session tickets and encrypt/decrypt them using an internally-generated and managed key, with the
       implication that sessions cannot be resumed across hot restarts or on different hosts.
       
      bool disable_stateless_session_resumption = 7;
      Specified by:
      hasDisableStatelessSessionResumption in interface DownstreamTlsContextOrBuilder
      Returns:
      Whether the disableStatelessSessionResumption field is set.
    • getDisableStatelessSessionResumption

      public boolean getDisableStatelessSessionResumption()
       Config for controlling stateless TLS session resumption: setting this to true will cause the TLS
       server to not issue TLS session tickets for the purposes of stateless TLS session resumption.
       If set to false, the TLS server will issue TLS session tickets and encrypt/decrypt them using
       the keys specified through either :ref:`session_ticket_keys <envoy_v3_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.session_ticket_keys>`
       or :ref:`session_ticket_keys_sds_secret_config <envoy_v3_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.session_ticket_keys_sds_secret_config>`.
       If this config is set to false and no keys are explicitly configured, the TLS server will issue
       TLS session tickets and encrypt/decrypt them using an internally-generated and managed key, with the
       implication that sessions cannot be resumed across hot restarts or on different hosts.
       
      bool disable_stateless_session_resumption = 7;
      Specified by:
      getDisableStatelessSessionResumption in interface DownstreamTlsContextOrBuilder
      Returns:
      The disableStatelessSessionResumption.
    • getDisableStatefulSessionResumption

      public boolean getDisableStatefulSessionResumption()
       If set to true, the TLS server will not maintain a session cache of TLS sessions. (This is
       relevant only for TLSv1.2 and earlier.)
       
      bool disable_stateful_session_resumption = 10;
      Specified by:
      getDisableStatefulSessionResumption in interface DownstreamTlsContextOrBuilder
      Returns:
      The disableStatefulSessionResumption.
    • hasSessionTimeout

      public boolean hasSessionTimeout()
       If specified, ``session_timeout`` will change the maximum lifetime (in seconds) of the TLS session.
       Currently this value is used as a hint for the `TLS session ticket lifetime (for TLSv1.2) <https://tools.ietf.org/html/rfc5077#section-5.6>`_.
       Only seconds can be specified (fractional seconds are ignored).
       
      .google.protobuf.Duration session_timeout = 6 [(.validate.rules) = { ... }
      Specified by:
      hasSessionTimeout in interface DownstreamTlsContextOrBuilder
      Returns:
      Whether the sessionTimeout field is set.
    • getSessionTimeout

      public com.google.protobuf.Duration getSessionTimeout()
       If specified, ``session_timeout`` will change the maximum lifetime (in seconds) of the TLS session.
       Currently this value is used as a hint for the `TLS session ticket lifetime (for TLSv1.2) <https://tools.ietf.org/html/rfc5077#section-5.6>`_.
       Only seconds can be specified (fractional seconds are ignored).
       
      .google.protobuf.Duration session_timeout = 6 [(.validate.rules) = { ... }
      Specified by:
      getSessionTimeout in interface DownstreamTlsContextOrBuilder
      Returns:
      The sessionTimeout.
    • getSessionTimeoutOrBuilder

      public com.google.protobuf.DurationOrBuilder getSessionTimeoutOrBuilder()
       If specified, ``session_timeout`` will change the maximum lifetime (in seconds) of the TLS session.
       Currently this value is used as a hint for the `TLS session ticket lifetime (for TLSv1.2) <https://tools.ietf.org/html/rfc5077#section-5.6>`_.
       Only seconds can be specified (fractional seconds are ignored).
       
      .google.protobuf.Duration session_timeout = 6 [(.validate.rules) = { ... }
      Specified by:
      getSessionTimeoutOrBuilder in interface DownstreamTlsContextOrBuilder
    • getOcspStaplePolicyValue

      public int getOcspStaplePolicyValue()
       Config for whether to use certificates if they do not have
       an accompanying OCSP response or if the response expires at runtime.
       Defaults to LENIENT_STAPLING
       
      .envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext.OcspStaplePolicy ocsp_staple_policy = 8 [(.validate.rules) = { ... }
      Specified by:
      getOcspStaplePolicyValue in interface DownstreamTlsContextOrBuilder
      Returns:
      The enum numeric value on the wire for ocspStaplePolicy.
    • getOcspStaplePolicy

      public DownstreamTlsContext.OcspStaplePolicy getOcspStaplePolicy()
       Config for whether to use certificates if they do not have
       an accompanying OCSP response or if the response expires at runtime.
       Defaults to LENIENT_STAPLING
       
      .envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext.OcspStaplePolicy ocsp_staple_policy = 8 [(.validate.rules) = { ... }
      Specified by:
      getOcspStaplePolicy in interface DownstreamTlsContextOrBuilder
      Returns:
      The ocspStaplePolicy.
    • hasFullScanCertsOnSniMismatch

      public boolean hasFullScanCertsOnSniMismatch()
       Multiple certificates are allowed in Downstream transport socket to serve different SNI.
       If the client provides SNI but no such cert matched, it will decide to full scan certificates or not based on this config.
       Defaults to false. See more details in :ref:`Multiple TLS certificates <arch_overview_ssl_cert_select>`.
       
      .google.protobuf.BoolValue full_scan_certs_on_sni_mismatch = 9;
      Specified by:
      hasFullScanCertsOnSniMismatch in interface DownstreamTlsContextOrBuilder
      Returns:
      Whether the fullScanCertsOnSniMismatch field is set.
    • getFullScanCertsOnSniMismatch

      public com.google.protobuf.BoolValue getFullScanCertsOnSniMismatch()
       Multiple certificates are allowed in Downstream transport socket to serve different SNI.
       If the client provides SNI but no such cert matched, it will decide to full scan certificates or not based on this config.
       Defaults to false. See more details in :ref:`Multiple TLS certificates <arch_overview_ssl_cert_select>`.
       
      .google.protobuf.BoolValue full_scan_certs_on_sni_mismatch = 9;
      Specified by:
      getFullScanCertsOnSniMismatch in interface DownstreamTlsContextOrBuilder
      Returns:
      The fullScanCertsOnSniMismatch.
    • getFullScanCertsOnSniMismatchOrBuilder

      public com.google.protobuf.BoolValueOrBuilder getFullScanCertsOnSniMismatchOrBuilder()
       Multiple certificates are allowed in Downstream transport socket to serve different SNI.
       If the client provides SNI but no such cert matched, it will decide to full scan certificates or not based on this config.
       Defaults to false. See more details in :ref:`Multiple TLS certificates <arch_overview_ssl_cert_select>`.
       
      .google.protobuf.BoolValue full_scan_certs_on_sni_mismatch = 9;
      Specified by:
      getFullScanCertsOnSniMismatchOrBuilder in interface DownstreamTlsContextOrBuilder
    • isInitialized

      public final boolean isInitialized()
      Specified by:
      isInitialized in interface com.google.protobuf.MessageLiteOrBuilder
      Overrides:
      isInitialized in class com.google.protobuf.GeneratedMessage
    • writeTo

      public void writeTo(com.google.protobuf.CodedOutputStream output) throws IOException
      Specified by:
      writeTo in interface com.google.protobuf.MessageLite
      Overrides:
      writeTo in class com.google.protobuf.GeneratedMessage
      Throws:
      IOException
    • getSerializedSize

      public int getSerializedSize()
      Specified by:
      getSerializedSize in interface com.google.protobuf.MessageLite
      Overrides:
      getSerializedSize in class com.google.protobuf.GeneratedMessage
    • equals

      public boolean equals(Object obj)
      Specified by:
      equals in interface com.google.protobuf.Message
      Overrides:
      equals in class com.google.protobuf.AbstractMessage
    • hashCode

      public int hashCode()
      Specified by:
      hashCode in interface com.google.protobuf.Message
      Overrides:
      hashCode in class com.google.protobuf.AbstractMessage
    • parseFrom

      public static DownstreamTlsContext parseFrom(ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException
      Throws:
      com.google.protobuf.InvalidProtocolBufferException
    • parseFrom

      public static DownstreamTlsContext parseFrom(ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws com.google.protobuf.InvalidProtocolBufferException
      Throws:
      com.google.protobuf.InvalidProtocolBufferException
    • parseFrom

      public static DownstreamTlsContext parseFrom(com.google.protobuf.ByteString data) throws com.google.protobuf.InvalidProtocolBufferException
      Throws:
      com.google.protobuf.InvalidProtocolBufferException
    • parseFrom

      public static DownstreamTlsContext parseFrom(com.google.protobuf.ByteString data, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws com.google.protobuf.InvalidProtocolBufferException
      Throws:
      com.google.protobuf.InvalidProtocolBufferException
    • parseFrom

      public static DownstreamTlsContext parseFrom(byte[] data) throws com.google.protobuf.InvalidProtocolBufferException
      Throws:
      com.google.protobuf.InvalidProtocolBufferException
    • parseFrom

      public static DownstreamTlsContext parseFrom(byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws com.google.protobuf.InvalidProtocolBufferException
      Throws:
      com.google.protobuf.InvalidProtocolBufferException
    • parseFrom

      public static DownstreamTlsContext parseFrom(InputStream input) throws IOException
      Throws:
      IOException
    • parseFrom

      public static DownstreamTlsContext parseFrom(InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws IOException
      Throws:
      IOException
    • parseDelimitedFrom

      public static DownstreamTlsContext parseDelimitedFrom(InputStream input) throws IOException
      Throws:
      IOException
    • parseDelimitedFrom

      public static DownstreamTlsContext parseDelimitedFrom(InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws IOException
      Throws:
      IOException
    • parseFrom

      public static DownstreamTlsContext parseFrom(com.google.protobuf.CodedInputStream input) throws IOException
      Throws:
      IOException
    • parseFrom

      public static DownstreamTlsContext parseFrom(com.google.protobuf.CodedInputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws IOException
      Throws:
      IOException
    • newBuilderForType

      public DownstreamTlsContext.Builder newBuilderForType()
      Specified by:
      newBuilderForType in interface com.google.protobuf.Message
      Specified by:
      newBuilderForType in interface com.google.protobuf.MessageLite
    • newBuilder

      public static DownstreamTlsContext.Builder newBuilder()
    • newBuilder

      public static DownstreamTlsContext.Builder newBuilder(DownstreamTlsContext prototype)
    • toBuilder

      public DownstreamTlsContext.Builder toBuilder()
      Specified by:
      toBuilder in interface com.google.protobuf.Message
      Specified by:
      toBuilder in interface com.google.protobuf.MessageLite
    • newBuilderForType

      protected DownstreamTlsContext.Builder newBuilderForType(com.google.protobuf.AbstractMessage.BuilderParent parent)
      Overrides:
      newBuilderForType in class com.google.protobuf.AbstractMessage
    • getDefaultInstance

      public static DownstreamTlsContext getDefaultInstance()
    • parser

      public static com.google.protobuf.Parser<DownstreamTlsContext> parser()
    • getParserForType

      public com.google.protobuf.Parser<DownstreamTlsContext> getParserForType()
      Specified by:
      getParserForType in interface com.google.protobuf.Message
      Specified by:
      getParserForType in interface com.google.protobuf.MessageLite
      Overrides:
      getParserForType in class com.google.protobuf.GeneratedMessage
    • getDefaultInstanceForType

      public DownstreamTlsContext getDefaultInstanceForType()
      Specified by:
      getDefaultInstanceForType in interface com.google.protobuf.MessageLiteOrBuilder
      Specified by:
      getDefaultInstanceForType in interface com.google.protobuf.MessageOrBuilder