Class DownstreamTlsContext.Builder
java.lang.Object
com.google.protobuf.AbstractMessageLite.Builder
com.google.protobuf.AbstractMessage.Builder<DownstreamTlsContext.Builder>
com.google.protobuf.GeneratedMessage.Builder<DownstreamTlsContext.Builder>
io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext.Builder
- All Implemented Interfaces:
com.google.protobuf.Message.Builder
,com.google.protobuf.MessageLite.Builder
,com.google.protobuf.MessageLiteOrBuilder
,com.google.protobuf.MessageOrBuilder
,DownstreamTlsContextOrBuilder
,Cloneable
- Enclosing class:
DownstreamTlsContext
public static final class DownstreamTlsContext.Builder
extends com.google.protobuf.GeneratedMessage.Builder<DownstreamTlsContext.Builder>
implements DownstreamTlsContextOrBuilder
[#next-free-field: 11]Protobuf type
envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext
-
Field Summary
FieldsModifier and TypeFieldDescriptionprivate int
private CommonTlsContext
private com.google.protobuf.SingleFieldBuilder
<CommonTlsContext, CommonTlsContext.Builder, CommonTlsContextOrBuilder> private boolean
private com.google.protobuf.BoolValue
private com.google.protobuf.SingleFieldBuilder
<com.google.protobuf.BoolValue, com.google.protobuf.BoolValue.Builder, com.google.protobuf.BoolValueOrBuilder> private int
private com.google.protobuf.BoolValue
private com.google.protobuf.SingleFieldBuilder
<com.google.protobuf.BoolValue, com.google.protobuf.BoolValue.Builder, com.google.protobuf.BoolValueOrBuilder> private com.google.protobuf.BoolValue
private com.google.protobuf.SingleFieldBuilder
<com.google.protobuf.BoolValue, com.google.protobuf.BoolValue.Builder, com.google.protobuf.BoolValueOrBuilder> private com.google.protobuf.SingleFieldBuilder
<TlsSessionTicketKeys, TlsSessionTicketKeys.Builder, TlsSessionTicketKeysOrBuilder> private com.google.protobuf.SingleFieldBuilder
<SdsSecretConfig, SdsSecretConfig.Builder, SdsSecretConfigOrBuilder> private Object
private int
private com.google.protobuf.Duration
private com.google.protobuf.SingleFieldBuilder
<com.google.protobuf.Duration, com.google.protobuf.Duration.Builder, com.google.protobuf.DurationOrBuilder> -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionbuild()
private void
buildPartial0
(DownstreamTlsContext result) private void
clear()
Common TLS context settings.If set to true, the TLS server will not maintain a session cache of TLS sessions.Config for controlling stateless TLS session resumption: setting this to true will cause the TLS server to not issue TLS session tickets for the purposes of stateless TLS session resumption.Multiple certificates are allowed in Downstream transport socket to serve different SNI.Config for whether to use certificates if they do not have an accompanying OCSP response or if the response expires at runtime.If specified, Envoy will reject connections without a valid client certificate.If specified, Envoy will reject connections without a valid and matching SNI.TLS session ticket key settings.Config for fetching TLS session ticket keys via SDS API.If specified, ``session_timeout`` will change the maximum lifetime (in seconds) of the TLS session.Common TLS context settings.Common TLS context settings.private com.google.protobuf.SingleFieldBuilder
<CommonTlsContext, CommonTlsContext.Builder, CommonTlsContextOrBuilder> Common TLS context settings.Common TLS context settings.static final com.google.protobuf.Descriptors.Descriptor
com.google.protobuf.Descriptors.Descriptor
boolean
If set to true, the TLS server will not maintain a session cache of TLS sessions.boolean
Config for controlling stateless TLS session resumption: setting this to true will cause the TLS server to not issue TLS session tickets for the purposes of stateless TLS session resumption.com.google.protobuf.BoolValue
Multiple certificates are allowed in Downstream transport socket to serve different SNI.com.google.protobuf.BoolValue.Builder
Multiple certificates are allowed in Downstream transport socket to serve different SNI.private com.google.protobuf.SingleFieldBuilder
<com.google.protobuf.BoolValue, com.google.protobuf.BoolValue.Builder, com.google.protobuf.BoolValueOrBuilder> Multiple certificates are allowed in Downstream transport socket to serve different SNI.com.google.protobuf.BoolValueOrBuilder
Multiple certificates are allowed in Downstream transport socket to serve different SNI.Config for whether to use certificates if they do not have an accompanying OCSP response or if the response expires at runtime.int
Config for whether to use certificates if they do not have an accompanying OCSP response or if the response expires at runtime.com.google.protobuf.BoolValue
If specified, Envoy will reject connections without a valid client certificate.com.google.protobuf.BoolValue.Builder
If specified, Envoy will reject connections without a valid client certificate.private com.google.protobuf.SingleFieldBuilder
<com.google.protobuf.BoolValue, com.google.protobuf.BoolValue.Builder, com.google.protobuf.BoolValueOrBuilder> If specified, Envoy will reject connections without a valid client certificate.com.google.protobuf.BoolValueOrBuilder
If specified, Envoy will reject connections without a valid client certificate.com.google.protobuf.BoolValue
If specified, Envoy will reject connections without a valid and matching SNI.com.google.protobuf.BoolValue.Builder
If specified, Envoy will reject connections without a valid and matching SNI.private com.google.protobuf.SingleFieldBuilder
<com.google.protobuf.BoolValue, com.google.protobuf.BoolValue.Builder, com.google.protobuf.BoolValueOrBuilder> If specified, Envoy will reject connections without a valid and matching SNI.com.google.protobuf.BoolValueOrBuilder
If specified, Envoy will reject connections without a valid and matching SNI.TLS session ticket key settings.TLS session ticket key settings.private com.google.protobuf.SingleFieldBuilder
<TlsSessionTicketKeys, TlsSessionTicketKeys.Builder, TlsSessionTicketKeysOrBuilder> TLS session ticket key settings.TLS session ticket key settings.Config for fetching TLS session ticket keys via SDS API.Config for fetching TLS session ticket keys via SDS API.private com.google.protobuf.SingleFieldBuilder
<SdsSecretConfig, SdsSecretConfig.Builder, SdsSecretConfigOrBuilder> Config for fetching TLS session ticket keys via SDS API.Config for fetching TLS session ticket keys via SDS API.com.google.protobuf.Duration
If specified, ``session_timeout`` will change the maximum lifetime (in seconds) of the TLS session.com.google.protobuf.Duration.Builder
If specified, ``session_timeout`` will change the maximum lifetime (in seconds) of the TLS session.private com.google.protobuf.SingleFieldBuilder
<com.google.protobuf.Duration, com.google.protobuf.Duration.Builder, com.google.protobuf.DurationOrBuilder> If specified, ``session_timeout`` will change the maximum lifetime (in seconds) of the TLS session.com.google.protobuf.DurationOrBuilder
If specified, ``session_timeout`` will change the maximum lifetime (in seconds) of the TLS session.boolean
Common TLS context settings.boolean
Config for controlling stateless TLS session resumption: setting this to true will cause the TLS server to not issue TLS session tickets for the purposes of stateless TLS session resumption.boolean
Multiple certificates are allowed in Downstream transport socket to serve different SNI.boolean
If specified, Envoy will reject connections without a valid client certificate.boolean
If specified, Envoy will reject connections without a valid and matching SNI.boolean
TLS session ticket key settings.boolean
Config for fetching TLS session ticket keys via SDS API.boolean
If specified, ``session_timeout`` will change the maximum lifetime (in seconds) of the TLS session.protected com.google.protobuf.GeneratedMessage.FieldAccessorTable
final boolean
private void
Common TLS context settings.mergeFrom
(com.google.protobuf.CodedInputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry) mergeFrom
(com.google.protobuf.Message other) mergeFrom
(DownstreamTlsContext other) mergeFullScanCertsOnSniMismatch
(com.google.protobuf.BoolValue value) Multiple certificates are allowed in Downstream transport socket to serve different SNI.mergeRequireClientCertificate
(com.google.protobuf.BoolValue value) If specified, Envoy will reject connections without a valid client certificate.mergeRequireSni
(com.google.protobuf.BoolValue value) If specified, Envoy will reject connections without a valid and matching SNI.TLS session ticket key settings.Config for fetching TLS session ticket keys via SDS API.mergeSessionTimeout
(com.google.protobuf.Duration value) If specified, ``session_timeout`` will change the maximum lifetime (in seconds) of the TLS session.Common TLS context settings.setCommonTlsContext
(CommonTlsContext.Builder builderForValue) Common TLS context settings.setDisableStatefulSessionResumption
(boolean value) If set to true, the TLS server will not maintain a session cache of TLS sessions.setDisableStatelessSessionResumption
(boolean value) Config for controlling stateless TLS session resumption: setting this to true will cause the TLS server to not issue TLS session tickets for the purposes of stateless TLS session resumption.setFullScanCertsOnSniMismatch
(com.google.protobuf.BoolValue value) Multiple certificates are allowed in Downstream transport socket to serve different SNI.setFullScanCertsOnSniMismatch
(com.google.protobuf.BoolValue.Builder builderForValue) Multiple certificates are allowed in Downstream transport socket to serve different SNI.Config for whether to use certificates if they do not have an accompanying OCSP response or if the response expires at runtime.setOcspStaplePolicyValue
(int value) Config for whether to use certificates if they do not have an accompanying OCSP response or if the response expires at runtime.setRequireClientCertificate
(com.google.protobuf.BoolValue value) If specified, Envoy will reject connections without a valid client certificate.setRequireClientCertificate
(com.google.protobuf.BoolValue.Builder builderForValue) If specified, Envoy will reject connections without a valid client certificate.setRequireSni
(com.google.protobuf.BoolValue value) If specified, Envoy will reject connections without a valid and matching SNI.setRequireSni
(com.google.protobuf.BoolValue.Builder builderForValue) If specified, Envoy will reject connections without a valid and matching SNI.TLS session ticket key settings.setSessionTicketKeys
(TlsSessionTicketKeys.Builder builderForValue) TLS session ticket key settings.Config for fetching TLS session ticket keys via SDS API.setSessionTicketKeysSdsSecretConfig
(SdsSecretConfig.Builder builderForValue) Config for fetching TLS session ticket keys via SDS API.setSessionTimeout
(com.google.protobuf.Duration value) If specified, ``session_timeout`` will change the maximum lifetime (in seconds) of the TLS session.setSessionTimeout
(com.google.protobuf.Duration.Builder builderForValue) If specified, ``session_timeout`` will change the maximum lifetime (in seconds) of the TLS session.Methods inherited from class com.google.protobuf.GeneratedMessage.Builder
addRepeatedField, clearField, clearOneof, clone, getAllFields, getField, getFieldBuilder, getOneofFieldDescriptor, getParentForChildren, getRepeatedField, getRepeatedFieldBuilder, getRepeatedFieldCount, getUnknownFields, getUnknownFieldSetBuilder, hasField, hasOneof, internalGetMapField, internalGetMapFieldReflection, internalGetMutableMapField, internalGetMutableMapFieldReflection, isClean, markClean, mergeUnknownFields, mergeUnknownLengthDelimitedField, mergeUnknownVarintField, newBuilderForField, onBuilt, onChanged, parseUnknownField, setField, setRepeatedField, setUnknownFields, setUnknownFieldSetBuilder, setUnknownFieldsProto3
Methods inherited from class com.google.protobuf.AbstractMessage.Builder
findInitializationErrors, getInitializationErrorString, internalMergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, newUninitializedMessageException, toString
Methods inherited from class com.google.protobuf.AbstractMessageLite.Builder
addAll, addAll, mergeDelimitedFrom, mergeDelimitedFrom, mergeFrom, newUninitializedMessageException
Methods inherited from class java.lang.Object
equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
Methods inherited from interface com.google.protobuf.Message.Builder
mergeDelimitedFrom, mergeDelimitedFrom
Methods inherited from interface com.google.protobuf.MessageLite.Builder
mergeFrom
Methods inherited from interface com.google.protobuf.MessageOrBuilder
findInitializationErrors, getAllFields, getField, getInitializationErrorString, getOneofFieldDescriptor, getRepeatedField, getRepeatedFieldCount, getUnknownFields, hasField, hasOneof
-
Field Details
-
sessionTicketKeysTypeCase_
private int sessionTicketKeysTypeCase_ -
sessionTicketKeysType_
-
bitField0_
private int bitField0_ -
commonTlsContext_
-
commonTlsContextBuilder_
private com.google.protobuf.SingleFieldBuilder<CommonTlsContext,CommonTlsContext.Builder, commonTlsContextBuilder_CommonTlsContextOrBuilder> -
requireClientCertificate_
private com.google.protobuf.BoolValue requireClientCertificate_ -
requireClientCertificateBuilder_
private com.google.protobuf.SingleFieldBuilder<com.google.protobuf.BoolValue,com.google.protobuf.BoolValue.Builder, requireClientCertificateBuilder_com.google.protobuf.BoolValueOrBuilder> -
requireSni_
private com.google.protobuf.BoolValue requireSni_ -
requireSniBuilder_
private com.google.protobuf.SingleFieldBuilder<com.google.protobuf.BoolValue,com.google.protobuf.BoolValue.Builder, requireSniBuilder_com.google.protobuf.BoolValueOrBuilder> -
sessionTicketKeysBuilder_
private com.google.protobuf.SingleFieldBuilder<TlsSessionTicketKeys,TlsSessionTicketKeys.Builder, sessionTicketKeysBuilder_TlsSessionTicketKeysOrBuilder> -
sessionTicketKeysSdsSecretConfigBuilder_
private com.google.protobuf.SingleFieldBuilder<SdsSecretConfig,SdsSecretConfig.Builder, sessionTicketKeysSdsSecretConfigBuilder_SdsSecretConfigOrBuilder> -
disableStatefulSessionResumption_
private boolean disableStatefulSessionResumption_ -
sessionTimeout_
private com.google.protobuf.Duration sessionTimeout_ -
sessionTimeoutBuilder_
private com.google.protobuf.SingleFieldBuilder<com.google.protobuf.Duration,com.google.protobuf.Duration.Builder, sessionTimeoutBuilder_com.google.protobuf.DurationOrBuilder> -
ocspStaplePolicy_
private int ocspStaplePolicy_ -
fullScanCertsOnSniMismatch_
private com.google.protobuf.BoolValue fullScanCertsOnSniMismatch_ -
fullScanCertsOnSniMismatchBuilder_
private com.google.protobuf.SingleFieldBuilder<com.google.protobuf.BoolValue,com.google.protobuf.BoolValue.Builder, fullScanCertsOnSniMismatchBuilder_com.google.protobuf.BoolValueOrBuilder>
-
-
Constructor Details
-
Builder
private Builder() -
Builder
private Builder(com.google.protobuf.AbstractMessage.BuilderParent parent)
-
-
Method Details
-
getDescriptor
public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() -
internalGetFieldAccessorTable
protected com.google.protobuf.GeneratedMessage.FieldAccessorTable internalGetFieldAccessorTable()- Specified by:
internalGetFieldAccessorTable
in classcom.google.protobuf.GeneratedMessage.Builder<DownstreamTlsContext.Builder>
-
maybeForceBuilderInitialization
private void maybeForceBuilderInitialization() -
clear
- Specified by:
clear
in interfacecom.google.protobuf.Message.Builder
- Specified by:
clear
in interfacecom.google.protobuf.MessageLite.Builder
- Overrides:
clear
in classcom.google.protobuf.GeneratedMessage.Builder<DownstreamTlsContext.Builder>
-
getDescriptorForType
public com.google.protobuf.Descriptors.Descriptor getDescriptorForType()- Specified by:
getDescriptorForType
in interfacecom.google.protobuf.Message.Builder
- Specified by:
getDescriptorForType
in interfacecom.google.protobuf.MessageOrBuilder
- Overrides:
getDescriptorForType
in classcom.google.protobuf.GeneratedMessage.Builder<DownstreamTlsContext.Builder>
-
getDefaultInstanceForType
- Specified by:
getDefaultInstanceForType
in interfacecom.google.protobuf.MessageLiteOrBuilder
- Specified by:
getDefaultInstanceForType
in interfacecom.google.protobuf.MessageOrBuilder
-
build
- Specified by:
build
in interfacecom.google.protobuf.Message.Builder
- Specified by:
build
in interfacecom.google.protobuf.MessageLite.Builder
-
buildPartial
- Specified by:
buildPartial
in interfacecom.google.protobuf.Message.Builder
- Specified by:
buildPartial
in interfacecom.google.protobuf.MessageLite.Builder
-
buildPartial0
-
buildPartialOneofs
-
mergeFrom
- Specified by:
mergeFrom
in interfacecom.google.protobuf.Message.Builder
- Overrides:
mergeFrom
in classcom.google.protobuf.AbstractMessage.Builder<DownstreamTlsContext.Builder>
-
mergeFrom
-
isInitialized
public final boolean isInitialized()- Specified by:
isInitialized
in interfacecom.google.protobuf.MessageLiteOrBuilder
- Overrides:
isInitialized
in classcom.google.protobuf.GeneratedMessage.Builder<DownstreamTlsContext.Builder>
-
mergeFrom
public DownstreamTlsContext.Builder mergeFrom(com.google.protobuf.CodedInputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws IOException - Specified by:
mergeFrom
in interfacecom.google.protobuf.Message.Builder
- Specified by:
mergeFrom
in interfacecom.google.protobuf.MessageLite.Builder
- Overrides:
mergeFrom
in classcom.google.protobuf.AbstractMessage.Builder<DownstreamTlsContext.Builder>
- Throws:
IOException
-
getSessionTicketKeysTypeCase
- Specified by:
getSessionTicketKeysTypeCase
in interfaceDownstreamTlsContextOrBuilder
-
clearSessionTicketKeysType
-
hasCommonTlsContext
public boolean hasCommonTlsContext()Common TLS context settings.
.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext common_tls_context = 1;
- Specified by:
hasCommonTlsContext
in interfaceDownstreamTlsContextOrBuilder
- Returns:
- Whether the commonTlsContext field is set.
-
getCommonTlsContext
Common TLS context settings.
.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext common_tls_context = 1;
- Specified by:
getCommonTlsContext
in interfaceDownstreamTlsContextOrBuilder
- Returns:
- The commonTlsContext.
-
setCommonTlsContext
Common TLS context settings.
.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext common_tls_context = 1;
-
setCommonTlsContext
Common TLS context settings.
.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext common_tls_context = 1;
-
mergeCommonTlsContext
Common TLS context settings.
.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext common_tls_context = 1;
-
clearCommonTlsContext
Common TLS context settings.
.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext common_tls_context = 1;
-
getCommonTlsContextBuilder
Common TLS context settings.
.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext common_tls_context = 1;
-
getCommonTlsContextOrBuilder
Common TLS context settings.
.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext common_tls_context = 1;
- Specified by:
getCommonTlsContextOrBuilder
in interfaceDownstreamTlsContextOrBuilder
-
getCommonTlsContextFieldBuilder
private com.google.protobuf.SingleFieldBuilder<CommonTlsContext,CommonTlsContext.Builder, getCommonTlsContextFieldBuilder()CommonTlsContextOrBuilder> Common TLS context settings.
.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext common_tls_context = 1;
-
hasRequireClientCertificate
public boolean hasRequireClientCertificate()If specified, Envoy will reject connections without a valid client certificate.
.google.protobuf.BoolValue require_client_certificate = 2;
- Specified by:
hasRequireClientCertificate
in interfaceDownstreamTlsContextOrBuilder
- Returns:
- Whether the requireClientCertificate field is set.
-
getRequireClientCertificate
public com.google.protobuf.BoolValue getRequireClientCertificate()If specified, Envoy will reject connections without a valid client certificate.
.google.protobuf.BoolValue require_client_certificate = 2;
- Specified by:
getRequireClientCertificate
in interfaceDownstreamTlsContextOrBuilder
- Returns:
- The requireClientCertificate.
-
setRequireClientCertificate
public DownstreamTlsContext.Builder setRequireClientCertificate(com.google.protobuf.BoolValue value) If specified, Envoy will reject connections without a valid client certificate.
.google.protobuf.BoolValue require_client_certificate = 2;
-
setRequireClientCertificate
public DownstreamTlsContext.Builder setRequireClientCertificate(com.google.protobuf.BoolValue.Builder builderForValue) If specified, Envoy will reject connections without a valid client certificate.
.google.protobuf.BoolValue require_client_certificate = 2;
-
mergeRequireClientCertificate
public DownstreamTlsContext.Builder mergeRequireClientCertificate(com.google.protobuf.BoolValue value) If specified, Envoy will reject connections without a valid client certificate.
.google.protobuf.BoolValue require_client_certificate = 2;
-
clearRequireClientCertificate
If specified, Envoy will reject connections without a valid client certificate.
.google.protobuf.BoolValue require_client_certificate = 2;
-
getRequireClientCertificateBuilder
public com.google.protobuf.BoolValue.Builder getRequireClientCertificateBuilder()If specified, Envoy will reject connections without a valid client certificate.
.google.protobuf.BoolValue require_client_certificate = 2;
-
getRequireClientCertificateOrBuilder
public com.google.protobuf.BoolValueOrBuilder getRequireClientCertificateOrBuilder()If specified, Envoy will reject connections without a valid client certificate.
.google.protobuf.BoolValue require_client_certificate = 2;
- Specified by:
getRequireClientCertificateOrBuilder
in interfaceDownstreamTlsContextOrBuilder
-
getRequireClientCertificateFieldBuilder
private com.google.protobuf.SingleFieldBuilder<com.google.protobuf.BoolValue,com.google.protobuf.BoolValue.Builder, getRequireClientCertificateFieldBuilder()com.google.protobuf.BoolValueOrBuilder> If specified, Envoy will reject connections without a valid client certificate.
.google.protobuf.BoolValue require_client_certificate = 2;
-
hasRequireSni
public boolean hasRequireSni()If specified, Envoy will reject connections without a valid and matching SNI. [#not-implemented-hide:]
.google.protobuf.BoolValue require_sni = 3;
- Specified by:
hasRequireSni
in interfaceDownstreamTlsContextOrBuilder
- Returns:
- Whether the requireSni field is set.
-
getRequireSni
public com.google.protobuf.BoolValue getRequireSni()If specified, Envoy will reject connections without a valid and matching SNI. [#not-implemented-hide:]
.google.protobuf.BoolValue require_sni = 3;
- Specified by:
getRequireSni
in interfaceDownstreamTlsContextOrBuilder
- Returns:
- The requireSni.
-
setRequireSni
If specified, Envoy will reject connections without a valid and matching SNI. [#not-implemented-hide:]
.google.protobuf.BoolValue require_sni = 3;
-
setRequireSni
public DownstreamTlsContext.Builder setRequireSni(com.google.protobuf.BoolValue.Builder builderForValue) If specified, Envoy will reject connections without a valid and matching SNI. [#not-implemented-hide:]
.google.protobuf.BoolValue require_sni = 3;
-
mergeRequireSni
If specified, Envoy will reject connections without a valid and matching SNI. [#not-implemented-hide:]
.google.protobuf.BoolValue require_sni = 3;
-
clearRequireSni
If specified, Envoy will reject connections without a valid and matching SNI. [#not-implemented-hide:]
.google.protobuf.BoolValue require_sni = 3;
-
getRequireSniBuilder
public com.google.protobuf.BoolValue.Builder getRequireSniBuilder()If specified, Envoy will reject connections without a valid and matching SNI. [#not-implemented-hide:]
.google.protobuf.BoolValue require_sni = 3;
-
getRequireSniOrBuilder
public com.google.protobuf.BoolValueOrBuilder getRequireSniOrBuilder()If specified, Envoy will reject connections without a valid and matching SNI. [#not-implemented-hide:]
.google.protobuf.BoolValue require_sni = 3;
- Specified by:
getRequireSniOrBuilder
in interfaceDownstreamTlsContextOrBuilder
-
getRequireSniFieldBuilder
private com.google.protobuf.SingleFieldBuilder<com.google.protobuf.BoolValue,com.google.protobuf.BoolValue.Builder, getRequireSniFieldBuilder()com.google.protobuf.BoolValueOrBuilder> If specified, Envoy will reject connections without a valid and matching SNI. [#not-implemented-hide:]
.google.protobuf.BoolValue require_sni = 3;
-
hasSessionTicketKeys
public boolean hasSessionTicketKeys()TLS session ticket key settings.
.envoy.extensions.transport_sockets.tls.v3.TlsSessionTicketKeys session_ticket_keys = 4;
- Specified by:
hasSessionTicketKeys
in interfaceDownstreamTlsContextOrBuilder
- Returns:
- Whether the sessionTicketKeys field is set.
-
getSessionTicketKeys
TLS session ticket key settings.
.envoy.extensions.transport_sockets.tls.v3.TlsSessionTicketKeys session_ticket_keys = 4;
- Specified by:
getSessionTicketKeys
in interfaceDownstreamTlsContextOrBuilder
- Returns:
- The sessionTicketKeys.
-
setSessionTicketKeys
TLS session ticket key settings.
.envoy.extensions.transport_sockets.tls.v3.TlsSessionTicketKeys session_ticket_keys = 4;
-
setSessionTicketKeys
public DownstreamTlsContext.Builder setSessionTicketKeys(TlsSessionTicketKeys.Builder builderForValue) TLS session ticket key settings.
.envoy.extensions.transport_sockets.tls.v3.TlsSessionTicketKeys session_ticket_keys = 4;
-
mergeSessionTicketKeys
TLS session ticket key settings.
.envoy.extensions.transport_sockets.tls.v3.TlsSessionTicketKeys session_ticket_keys = 4;
-
clearSessionTicketKeys
TLS session ticket key settings.
.envoy.extensions.transport_sockets.tls.v3.TlsSessionTicketKeys session_ticket_keys = 4;
-
getSessionTicketKeysBuilder
TLS session ticket key settings.
.envoy.extensions.transport_sockets.tls.v3.TlsSessionTicketKeys session_ticket_keys = 4;
-
getSessionTicketKeysOrBuilder
TLS session ticket key settings.
.envoy.extensions.transport_sockets.tls.v3.TlsSessionTicketKeys session_ticket_keys = 4;
- Specified by:
getSessionTicketKeysOrBuilder
in interfaceDownstreamTlsContextOrBuilder
-
getSessionTicketKeysFieldBuilder
private com.google.protobuf.SingleFieldBuilder<TlsSessionTicketKeys,TlsSessionTicketKeys.Builder, getSessionTicketKeysFieldBuilder()TlsSessionTicketKeysOrBuilder> TLS session ticket key settings.
.envoy.extensions.transport_sockets.tls.v3.TlsSessionTicketKeys session_ticket_keys = 4;
-
hasSessionTicketKeysSdsSecretConfig
public boolean hasSessionTicketKeysSdsSecretConfig()Config for fetching TLS session ticket keys via SDS API.
.envoy.extensions.transport_sockets.tls.v3.SdsSecretConfig session_ticket_keys_sds_secret_config = 5;
- Specified by:
hasSessionTicketKeysSdsSecretConfig
in interfaceDownstreamTlsContextOrBuilder
- Returns:
- Whether the sessionTicketKeysSdsSecretConfig field is set.
-
getSessionTicketKeysSdsSecretConfig
Config for fetching TLS session ticket keys via SDS API.
.envoy.extensions.transport_sockets.tls.v3.SdsSecretConfig session_ticket_keys_sds_secret_config = 5;
- Specified by:
getSessionTicketKeysSdsSecretConfig
in interfaceDownstreamTlsContextOrBuilder
- Returns:
- The sessionTicketKeysSdsSecretConfig.
-
setSessionTicketKeysSdsSecretConfig
Config for fetching TLS session ticket keys via SDS API.
.envoy.extensions.transport_sockets.tls.v3.SdsSecretConfig session_ticket_keys_sds_secret_config = 5;
-
setSessionTicketKeysSdsSecretConfig
public DownstreamTlsContext.Builder setSessionTicketKeysSdsSecretConfig(SdsSecretConfig.Builder builderForValue) Config for fetching TLS session ticket keys via SDS API.
.envoy.extensions.transport_sockets.tls.v3.SdsSecretConfig session_ticket_keys_sds_secret_config = 5;
-
mergeSessionTicketKeysSdsSecretConfig
Config for fetching TLS session ticket keys via SDS API.
.envoy.extensions.transport_sockets.tls.v3.SdsSecretConfig session_ticket_keys_sds_secret_config = 5;
-
clearSessionTicketKeysSdsSecretConfig
Config for fetching TLS session ticket keys via SDS API.
.envoy.extensions.transport_sockets.tls.v3.SdsSecretConfig session_ticket_keys_sds_secret_config = 5;
-
getSessionTicketKeysSdsSecretConfigBuilder
Config for fetching TLS session ticket keys via SDS API.
.envoy.extensions.transport_sockets.tls.v3.SdsSecretConfig session_ticket_keys_sds_secret_config = 5;
-
getSessionTicketKeysSdsSecretConfigOrBuilder
Config for fetching TLS session ticket keys via SDS API.
.envoy.extensions.transport_sockets.tls.v3.SdsSecretConfig session_ticket_keys_sds_secret_config = 5;
- Specified by:
getSessionTicketKeysSdsSecretConfigOrBuilder
in interfaceDownstreamTlsContextOrBuilder
-
getSessionTicketKeysSdsSecretConfigFieldBuilder
private com.google.protobuf.SingleFieldBuilder<SdsSecretConfig,SdsSecretConfig.Builder, getSessionTicketKeysSdsSecretConfigFieldBuilder()SdsSecretConfigOrBuilder> Config for fetching TLS session ticket keys via SDS API.
.envoy.extensions.transport_sockets.tls.v3.SdsSecretConfig session_ticket_keys_sds_secret_config = 5;
-
hasDisableStatelessSessionResumption
public boolean hasDisableStatelessSessionResumption()Config for controlling stateless TLS session resumption: setting this to true will cause the TLS server to not issue TLS session tickets for the purposes of stateless TLS session resumption. If set to false, the TLS server will issue TLS session tickets and encrypt/decrypt them using the keys specified through either :ref:`session_ticket_keys <envoy_v3_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.session_ticket_keys>` or :ref:`session_ticket_keys_sds_secret_config <envoy_v3_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.session_ticket_keys_sds_secret_config>`. If this config is set to false and no keys are explicitly configured, the TLS server will issue TLS session tickets and encrypt/decrypt them using an internally-generated and managed key, with the implication that sessions cannot be resumed across hot restarts or on different hosts.
bool disable_stateless_session_resumption = 7;
- Specified by:
hasDisableStatelessSessionResumption
in interfaceDownstreamTlsContextOrBuilder
- Returns:
- Whether the disableStatelessSessionResumption field is set.
-
getDisableStatelessSessionResumption
public boolean getDisableStatelessSessionResumption()Config for controlling stateless TLS session resumption: setting this to true will cause the TLS server to not issue TLS session tickets for the purposes of stateless TLS session resumption. If set to false, the TLS server will issue TLS session tickets and encrypt/decrypt them using the keys specified through either :ref:`session_ticket_keys <envoy_v3_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.session_ticket_keys>` or :ref:`session_ticket_keys_sds_secret_config <envoy_v3_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.session_ticket_keys_sds_secret_config>`. If this config is set to false and no keys are explicitly configured, the TLS server will issue TLS session tickets and encrypt/decrypt them using an internally-generated and managed key, with the implication that sessions cannot be resumed across hot restarts or on different hosts.
bool disable_stateless_session_resumption = 7;
- Specified by:
getDisableStatelessSessionResumption
in interfaceDownstreamTlsContextOrBuilder
- Returns:
- The disableStatelessSessionResumption.
-
setDisableStatelessSessionResumption
Config for controlling stateless TLS session resumption: setting this to true will cause the TLS server to not issue TLS session tickets for the purposes of stateless TLS session resumption. If set to false, the TLS server will issue TLS session tickets and encrypt/decrypt them using the keys specified through either :ref:`session_ticket_keys <envoy_v3_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.session_ticket_keys>` or :ref:`session_ticket_keys_sds_secret_config <envoy_v3_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.session_ticket_keys_sds_secret_config>`. If this config is set to false and no keys are explicitly configured, the TLS server will issue TLS session tickets and encrypt/decrypt them using an internally-generated and managed key, with the implication that sessions cannot be resumed across hot restarts or on different hosts.
bool disable_stateless_session_resumption = 7;
- Parameters:
value
- The disableStatelessSessionResumption to set.- Returns:
- This builder for chaining.
-
clearDisableStatelessSessionResumption
Config for controlling stateless TLS session resumption: setting this to true will cause the TLS server to not issue TLS session tickets for the purposes of stateless TLS session resumption. If set to false, the TLS server will issue TLS session tickets and encrypt/decrypt them using the keys specified through either :ref:`session_ticket_keys <envoy_v3_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.session_ticket_keys>` or :ref:`session_ticket_keys_sds_secret_config <envoy_v3_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.session_ticket_keys_sds_secret_config>`. If this config is set to false and no keys are explicitly configured, the TLS server will issue TLS session tickets and encrypt/decrypt them using an internally-generated and managed key, with the implication that sessions cannot be resumed across hot restarts or on different hosts.
bool disable_stateless_session_resumption = 7;
- Returns:
- This builder for chaining.
-
getDisableStatefulSessionResumption
public boolean getDisableStatefulSessionResumption()If set to true, the TLS server will not maintain a session cache of TLS sessions. (This is relevant only for TLSv1.2 and earlier.)
bool disable_stateful_session_resumption = 10;
- Specified by:
getDisableStatefulSessionResumption
in interfaceDownstreamTlsContextOrBuilder
- Returns:
- The disableStatefulSessionResumption.
-
setDisableStatefulSessionResumption
If set to true, the TLS server will not maintain a session cache of TLS sessions. (This is relevant only for TLSv1.2 and earlier.)
bool disable_stateful_session_resumption = 10;
- Parameters:
value
- The disableStatefulSessionResumption to set.- Returns:
- This builder for chaining.
-
clearDisableStatefulSessionResumption
If set to true, the TLS server will not maintain a session cache of TLS sessions. (This is relevant only for TLSv1.2 and earlier.)
bool disable_stateful_session_resumption = 10;
- Returns:
- This builder for chaining.
-
hasSessionTimeout
public boolean hasSessionTimeout()If specified, ``session_timeout`` will change the maximum lifetime (in seconds) of the TLS session. Currently this value is used as a hint for the `TLS session ticket lifetime (for TLSv1.2) <https://tools.ietf.org/html/rfc5077#section-5.6>`_. Only seconds can be specified (fractional seconds are ignored).
.google.protobuf.Duration session_timeout = 6 [(.validate.rules) = { ... }
- Specified by:
hasSessionTimeout
in interfaceDownstreamTlsContextOrBuilder
- Returns:
- Whether the sessionTimeout field is set.
-
getSessionTimeout
public com.google.protobuf.Duration getSessionTimeout()If specified, ``session_timeout`` will change the maximum lifetime (in seconds) of the TLS session. Currently this value is used as a hint for the `TLS session ticket lifetime (for TLSv1.2) <https://tools.ietf.org/html/rfc5077#section-5.6>`_. Only seconds can be specified (fractional seconds are ignored).
.google.protobuf.Duration session_timeout = 6 [(.validate.rules) = { ... }
- Specified by:
getSessionTimeout
in interfaceDownstreamTlsContextOrBuilder
- Returns:
- The sessionTimeout.
-
setSessionTimeout
If specified, ``session_timeout`` will change the maximum lifetime (in seconds) of the TLS session. Currently this value is used as a hint for the `TLS session ticket lifetime (for TLSv1.2) <https://tools.ietf.org/html/rfc5077#section-5.6>`_. Only seconds can be specified (fractional seconds are ignored).
.google.protobuf.Duration session_timeout = 6 [(.validate.rules) = { ... }
-
setSessionTimeout
public DownstreamTlsContext.Builder setSessionTimeout(com.google.protobuf.Duration.Builder builderForValue) If specified, ``session_timeout`` will change the maximum lifetime (in seconds) of the TLS session. Currently this value is used as a hint for the `TLS session ticket lifetime (for TLSv1.2) <https://tools.ietf.org/html/rfc5077#section-5.6>`_. Only seconds can be specified (fractional seconds are ignored).
.google.protobuf.Duration session_timeout = 6 [(.validate.rules) = { ... }
-
mergeSessionTimeout
If specified, ``session_timeout`` will change the maximum lifetime (in seconds) of the TLS session. Currently this value is used as a hint for the `TLS session ticket lifetime (for TLSv1.2) <https://tools.ietf.org/html/rfc5077#section-5.6>`_. Only seconds can be specified (fractional seconds are ignored).
.google.protobuf.Duration session_timeout = 6 [(.validate.rules) = { ... }
-
clearSessionTimeout
If specified, ``session_timeout`` will change the maximum lifetime (in seconds) of the TLS session. Currently this value is used as a hint for the `TLS session ticket lifetime (for TLSv1.2) <https://tools.ietf.org/html/rfc5077#section-5.6>`_. Only seconds can be specified (fractional seconds are ignored).
.google.protobuf.Duration session_timeout = 6 [(.validate.rules) = { ... }
-
getSessionTimeoutBuilder
public com.google.protobuf.Duration.Builder getSessionTimeoutBuilder()If specified, ``session_timeout`` will change the maximum lifetime (in seconds) of the TLS session. Currently this value is used as a hint for the `TLS session ticket lifetime (for TLSv1.2) <https://tools.ietf.org/html/rfc5077#section-5.6>`_. Only seconds can be specified (fractional seconds are ignored).
.google.protobuf.Duration session_timeout = 6 [(.validate.rules) = { ... }
-
getSessionTimeoutOrBuilder
public com.google.protobuf.DurationOrBuilder getSessionTimeoutOrBuilder()If specified, ``session_timeout`` will change the maximum lifetime (in seconds) of the TLS session. Currently this value is used as a hint for the `TLS session ticket lifetime (for TLSv1.2) <https://tools.ietf.org/html/rfc5077#section-5.6>`_. Only seconds can be specified (fractional seconds are ignored).
.google.protobuf.Duration session_timeout = 6 [(.validate.rules) = { ... }
- Specified by:
getSessionTimeoutOrBuilder
in interfaceDownstreamTlsContextOrBuilder
-
getSessionTimeoutFieldBuilder
private com.google.protobuf.SingleFieldBuilder<com.google.protobuf.Duration,com.google.protobuf.Duration.Builder, getSessionTimeoutFieldBuilder()com.google.protobuf.DurationOrBuilder> If specified, ``session_timeout`` will change the maximum lifetime (in seconds) of the TLS session. Currently this value is used as a hint for the `TLS session ticket lifetime (for TLSv1.2) <https://tools.ietf.org/html/rfc5077#section-5.6>`_. Only seconds can be specified (fractional seconds are ignored).
.google.protobuf.Duration session_timeout = 6 [(.validate.rules) = { ... }
-
getOcspStaplePolicyValue
public int getOcspStaplePolicyValue()Config for whether to use certificates if they do not have an accompanying OCSP response or if the response expires at runtime. Defaults to LENIENT_STAPLING
.envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext.OcspStaplePolicy ocsp_staple_policy = 8 [(.validate.rules) = { ... }
- Specified by:
getOcspStaplePolicyValue
in interfaceDownstreamTlsContextOrBuilder
- Returns:
- The enum numeric value on the wire for ocspStaplePolicy.
-
setOcspStaplePolicyValue
Config for whether to use certificates if they do not have an accompanying OCSP response or if the response expires at runtime. Defaults to LENIENT_STAPLING
.envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext.OcspStaplePolicy ocsp_staple_policy = 8 [(.validate.rules) = { ... }
- Parameters:
value
- The enum numeric value on the wire for ocspStaplePolicy to set.- Returns:
- This builder for chaining.
-
getOcspStaplePolicy
Config for whether to use certificates if they do not have an accompanying OCSP response or if the response expires at runtime. Defaults to LENIENT_STAPLING
.envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext.OcspStaplePolicy ocsp_staple_policy = 8 [(.validate.rules) = { ... }
- Specified by:
getOcspStaplePolicy
in interfaceDownstreamTlsContextOrBuilder
- Returns:
- The ocspStaplePolicy.
-
setOcspStaplePolicy
public DownstreamTlsContext.Builder setOcspStaplePolicy(DownstreamTlsContext.OcspStaplePolicy value) Config for whether to use certificates if they do not have an accompanying OCSP response or if the response expires at runtime. Defaults to LENIENT_STAPLING
.envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext.OcspStaplePolicy ocsp_staple_policy = 8 [(.validate.rules) = { ... }
- Parameters:
value
- The ocspStaplePolicy to set.- Returns:
- This builder for chaining.
-
clearOcspStaplePolicy
Config for whether to use certificates if they do not have an accompanying OCSP response or if the response expires at runtime. Defaults to LENIENT_STAPLING
.envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext.OcspStaplePolicy ocsp_staple_policy = 8 [(.validate.rules) = { ... }
- Returns:
- This builder for chaining.
-
hasFullScanCertsOnSniMismatch
public boolean hasFullScanCertsOnSniMismatch()Multiple certificates are allowed in Downstream transport socket to serve different SNI. If the client provides SNI but no such cert matched, it will decide to full scan certificates or not based on this config. Defaults to false. See more details in :ref:`Multiple TLS certificates <arch_overview_ssl_cert_select>`.
.google.protobuf.BoolValue full_scan_certs_on_sni_mismatch = 9;
- Specified by:
hasFullScanCertsOnSniMismatch
in interfaceDownstreamTlsContextOrBuilder
- Returns:
- Whether the fullScanCertsOnSniMismatch field is set.
-
getFullScanCertsOnSniMismatch
public com.google.protobuf.BoolValue getFullScanCertsOnSniMismatch()Multiple certificates are allowed in Downstream transport socket to serve different SNI. If the client provides SNI but no such cert matched, it will decide to full scan certificates or not based on this config. Defaults to false. See more details in :ref:`Multiple TLS certificates <arch_overview_ssl_cert_select>`.
.google.protobuf.BoolValue full_scan_certs_on_sni_mismatch = 9;
- Specified by:
getFullScanCertsOnSniMismatch
in interfaceDownstreamTlsContextOrBuilder
- Returns:
- The fullScanCertsOnSniMismatch.
-
setFullScanCertsOnSniMismatch
public DownstreamTlsContext.Builder setFullScanCertsOnSniMismatch(com.google.protobuf.BoolValue value) Multiple certificates are allowed in Downstream transport socket to serve different SNI. If the client provides SNI but no such cert matched, it will decide to full scan certificates or not based on this config. Defaults to false. See more details in :ref:`Multiple TLS certificates <arch_overview_ssl_cert_select>`.
.google.protobuf.BoolValue full_scan_certs_on_sni_mismatch = 9;
-
setFullScanCertsOnSniMismatch
public DownstreamTlsContext.Builder setFullScanCertsOnSniMismatch(com.google.protobuf.BoolValue.Builder builderForValue) Multiple certificates are allowed in Downstream transport socket to serve different SNI. If the client provides SNI but no such cert matched, it will decide to full scan certificates or not based on this config. Defaults to false. See more details in :ref:`Multiple TLS certificates <arch_overview_ssl_cert_select>`.
.google.protobuf.BoolValue full_scan_certs_on_sni_mismatch = 9;
-
mergeFullScanCertsOnSniMismatch
public DownstreamTlsContext.Builder mergeFullScanCertsOnSniMismatch(com.google.protobuf.BoolValue value) Multiple certificates are allowed in Downstream transport socket to serve different SNI. If the client provides SNI but no such cert matched, it will decide to full scan certificates or not based on this config. Defaults to false. See more details in :ref:`Multiple TLS certificates <arch_overview_ssl_cert_select>`.
.google.protobuf.BoolValue full_scan_certs_on_sni_mismatch = 9;
-
clearFullScanCertsOnSniMismatch
Multiple certificates are allowed in Downstream transport socket to serve different SNI. If the client provides SNI but no such cert matched, it will decide to full scan certificates or not based on this config. Defaults to false. See more details in :ref:`Multiple TLS certificates <arch_overview_ssl_cert_select>`.
.google.protobuf.BoolValue full_scan_certs_on_sni_mismatch = 9;
-
getFullScanCertsOnSniMismatchBuilder
public com.google.protobuf.BoolValue.Builder getFullScanCertsOnSniMismatchBuilder()Multiple certificates are allowed in Downstream transport socket to serve different SNI. If the client provides SNI but no such cert matched, it will decide to full scan certificates or not based on this config. Defaults to false. See more details in :ref:`Multiple TLS certificates <arch_overview_ssl_cert_select>`.
.google.protobuf.BoolValue full_scan_certs_on_sni_mismatch = 9;
-
getFullScanCertsOnSniMismatchOrBuilder
public com.google.protobuf.BoolValueOrBuilder getFullScanCertsOnSniMismatchOrBuilder()Multiple certificates are allowed in Downstream transport socket to serve different SNI. If the client provides SNI but no such cert matched, it will decide to full scan certificates or not based on this config. Defaults to false. See more details in :ref:`Multiple TLS certificates <arch_overview_ssl_cert_select>`.
.google.protobuf.BoolValue full_scan_certs_on_sni_mismatch = 9;
- Specified by:
getFullScanCertsOnSniMismatchOrBuilder
in interfaceDownstreamTlsContextOrBuilder
-
getFullScanCertsOnSniMismatchFieldBuilder
private com.google.protobuf.SingleFieldBuilder<com.google.protobuf.BoolValue,com.google.protobuf.BoolValue.Builder, getFullScanCertsOnSniMismatchFieldBuilder()com.google.protobuf.BoolValueOrBuilder> Multiple certificates are allowed in Downstream transport socket to serve different SNI. If the client provides SNI but no such cert matched, it will decide to full scan certificates or not based on this config. Defaults to false. See more details in :ref:`Multiple TLS certificates <arch_overview_ssl_cert_select>`.
.google.protobuf.BoolValue full_scan_certs_on_sni_mismatch = 9;
-