Interface TlsCertificateOrBuilder

All Superinterfaces:
com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder
All Known Implementing Classes:
TlsCertificate, TlsCertificate.Builder

public interface TlsCertificateOrBuilder extends com.google.protobuf.MessageOrBuilder
  • Method Details

    • hasCertificateChain

      boolean hasCertificateChain()
       The TLS certificate chain.
      
       If ``certificate_chain`` is a filesystem path, a watch will be added to the
       parent directory for any file moves to support rotation. This currently
       only applies to dynamic secrets, when the ``TlsCertificate`` is delivered via
       SDS.
       
      .envoy.config.core.v3.DataSource certificate_chain = 1;
      Returns:
      Whether the certificateChain field is set.
    • getCertificateChain

      DataSource getCertificateChain()
       The TLS certificate chain.
      
       If ``certificate_chain`` is a filesystem path, a watch will be added to the
       parent directory for any file moves to support rotation. This currently
       only applies to dynamic secrets, when the ``TlsCertificate`` is delivered via
       SDS.
       
      .envoy.config.core.v3.DataSource certificate_chain = 1;
      Returns:
      The certificateChain.
    • getCertificateChainOrBuilder

      DataSourceOrBuilder getCertificateChainOrBuilder()
       The TLS certificate chain.
      
       If ``certificate_chain`` is a filesystem path, a watch will be added to the
       parent directory for any file moves to support rotation. This currently
       only applies to dynamic secrets, when the ``TlsCertificate`` is delivered via
       SDS.
       
      .envoy.config.core.v3.DataSource certificate_chain = 1;
    • hasPrivateKey

      boolean hasPrivateKey()
       The TLS private key.
      
       If ``private_key`` is a filesystem path, a watch will be added to the parent
       directory for any file moves to support rotation. This currently only
       applies to dynamic secrets, when the ``TlsCertificate`` is delivered via SDS.
       
      .envoy.config.core.v3.DataSource private_key = 2 [(.udpa.annotations.sensitive) = true];
      Returns:
      Whether the privateKey field is set.
    • getPrivateKey

      DataSource getPrivateKey()
       The TLS private key.
      
       If ``private_key`` is a filesystem path, a watch will be added to the parent
       directory for any file moves to support rotation. This currently only
       applies to dynamic secrets, when the ``TlsCertificate`` is delivered via SDS.
       
      .envoy.config.core.v3.DataSource private_key = 2 [(.udpa.annotations.sensitive) = true];
      Returns:
      The privateKey.
    • getPrivateKeyOrBuilder

      DataSourceOrBuilder getPrivateKeyOrBuilder()
       The TLS private key.
      
       If ``private_key`` is a filesystem path, a watch will be added to the parent
       directory for any file moves to support rotation. This currently only
       applies to dynamic secrets, when the ``TlsCertificate`` is delivered via SDS.
       
      .envoy.config.core.v3.DataSource private_key = 2 [(.udpa.annotations.sensitive) = true];
    • hasPkcs12

      boolean hasPkcs12()
       ``Pkcs12`` data containing TLS certificate, chain, and private key.
      
       If ``pkcs12`` is a filesystem path, the file will be read, but no watch will
       be added to the parent directory, since ``pkcs12`` isn't used by SDS.
       This field is mutually exclusive with ``certificate_chain``, ``private_key`` and ``private_key_provider``.
       This can't be marked as ``oneof`` due to API compatibility reasons. Setting
       both :ref:`private_key <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>`,
       :ref:`certificate_chain <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.certificate_chain>`,
       or :ref:`private_key_provider <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key_provider>`
       and :ref:`pkcs12 <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.pkcs12>`
       fields will result in an error. Use :ref:`password
       <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.password>`
       to specify the password to unprotect the ``PKCS12`` data, if necessary.
       
      .envoy.config.core.v3.DataSource pkcs12 = 8 [(.udpa.annotations.sensitive) = true];
      Returns:
      Whether the pkcs12 field is set.
    • getPkcs12

      DataSource getPkcs12()
       ``Pkcs12`` data containing TLS certificate, chain, and private key.
      
       If ``pkcs12`` is a filesystem path, the file will be read, but no watch will
       be added to the parent directory, since ``pkcs12`` isn't used by SDS.
       This field is mutually exclusive with ``certificate_chain``, ``private_key`` and ``private_key_provider``.
       This can't be marked as ``oneof`` due to API compatibility reasons. Setting
       both :ref:`private_key <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>`,
       :ref:`certificate_chain <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.certificate_chain>`,
       or :ref:`private_key_provider <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key_provider>`
       and :ref:`pkcs12 <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.pkcs12>`
       fields will result in an error. Use :ref:`password
       <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.password>`
       to specify the password to unprotect the ``PKCS12`` data, if necessary.
       
      .envoy.config.core.v3.DataSource pkcs12 = 8 [(.udpa.annotations.sensitive) = true];
      Returns:
      The pkcs12.
    • getPkcs12OrBuilder

      DataSourceOrBuilder getPkcs12OrBuilder()
       ``Pkcs12`` data containing TLS certificate, chain, and private key.
      
       If ``pkcs12`` is a filesystem path, the file will be read, but no watch will
       be added to the parent directory, since ``pkcs12`` isn't used by SDS.
       This field is mutually exclusive with ``certificate_chain``, ``private_key`` and ``private_key_provider``.
       This can't be marked as ``oneof`` due to API compatibility reasons. Setting
       both :ref:`private_key <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>`,
       :ref:`certificate_chain <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.certificate_chain>`,
       or :ref:`private_key_provider <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key_provider>`
       and :ref:`pkcs12 <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.pkcs12>`
       fields will result in an error. Use :ref:`password
       <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.password>`
       to specify the password to unprotect the ``PKCS12`` data, if necessary.
       
      .envoy.config.core.v3.DataSource pkcs12 = 8 [(.udpa.annotations.sensitive) = true];
    • hasWatchedDirectory

      boolean hasWatchedDirectory()
       If specified, updates of file-based ``certificate_chain`` and ``private_key``
       sources will be triggered by this watch. The certificate/key pair will be
       read together and validated for atomic read consistency (i.e. no
       intervening modification occurred between cert/key read, verified by file
       hash comparisons). This allows explicit control over the path watched, by
       default the parent directories of the filesystem paths in
       ``certificate_chain`` and ``private_key`` are watched if this field is not
       specified. This only applies when a ``TlsCertificate`` is delivered by SDS
       with references to filesystem paths. See the :ref:`SDS key rotation
       <sds_key_rotation>` documentation for further details.
       
      .envoy.config.core.v3.WatchedDirectory watched_directory = 7;
      Returns:
      Whether the watchedDirectory field is set.
    • getWatchedDirectory

      WatchedDirectory getWatchedDirectory()
       If specified, updates of file-based ``certificate_chain`` and ``private_key``
       sources will be triggered by this watch. The certificate/key pair will be
       read together and validated for atomic read consistency (i.e. no
       intervening modification occurred between cert/key read, verified by file
       hash comparisons). This allows explicit control over the path watched, by
       default the parent directories of the filesystem paths in
       ``certificate_chain`` and ``private_key`` are watched if this field is not
       specified. This only applies when a ``TlsCertificate`` is delivered by SDS
       with references to filesystem paths. See the :ref:`SDS key rotation
       <sds_key_rotation>` documentation for further details.
       
      .envoy.config.core.v3.WatchedDirectory watched_directory = 7;
      Returns:
      The watchedDirectory.
    • getWatchedDirectoryOrBuilder

      WatchedDirectoryOrBuilder getWatchedDirectoryOrBuilder()
       If specified, updates of file-based ``certificate_chain`` and ``private_key``
       sources will be triggered by this watch. The certificate/key pair will be
       read together and validated for atomic read consistency (i.e. no
       intervening modification occurred between cert/key read, verified by file
       hash comparisons). This allows explicit control over the path watched, by
       default the parent directories of the filesystem paths in
       ``certificate_chain`` and ``private_key`` are watched if this field is not
       specified. This only applies when a ``TlsCertificate`` is delivered by SDS
       with references to filesystem paths. See the :ref:`SDS key rotation
       <sds_key_rotation>` documentation for further details.
       
      .envoy.config.core.v3.WatchedDirectory watched_directory = 7;
    • hasPrivateKeyProvider

      boolean hasPrivateKeyProvider()
       BoringSSL private key method provider. This is an alternative to :ref:`private_key
       <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>` field. This can't be
       marked as ``oneof`` due to API compatibility reasons. Setting both :ref:`private_key
       <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>` and
       :ref:`private_key_provider
       <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key_provider>` fields will result in an
       error.
       
      .envoy.extensions.transport_sockets.tls.v3.PrivateKeyProvider private_key_provider = 6;
      Returns:
      Whether the privateKeyProvider field is set.
    • getPrivateKeyProvider

      PrivateKeyProvider getPrivateKeyProvider()
       BoringSSL private key method provider. This is an alternative to :ref:`private_key
       <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>` field. This can't be
       marked as ``oneof`` due to API compatibility reasons. Setting both :ref:`private_key
       <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>` and
       :ref:`private_key_provider
       <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key_provider>` fields will result in an
       error.
       
      .envoy.extensions.transport_sockets.tls.v3.PrivateKeyProvider private_key_provider = 6;
      Returns:
      The privateKeyProvider.
    • getPrivateKeyProviderOrBuilder

      PrivateKeyProviderOrBuilder getPrivateKeyProviderOrBuilder()
       BoringSSL private key method provider. This is an alternative to :ref:`private_key
       <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>` field. This can't be
       marked as ``oneof`` due to API compatibility reasons. Setting both :ref:`private_key
       <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>` and
       :ref:`private_key_provider
       <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key_provider>` fields will result in an
       error.
       
      .envoy.extensions.transport_sockets.tls.v3.PrivateKeyProvider private_key_provider = 6;
    • hasPassword

      boolean hasPassword()
       The password to decrypt the TLS private key. If this field is not set, it is assumed that the
       TLS private key is not password encrypted.
       
      .envoy.config.core.v3.DataSource password = 3 [(.udpa.annotations.sensitive) = true];
      Returns:
      Whether the password field is set.
    • getPassword

      DataSource getPassword()
       The password to decrypt the TLS private key. If this field is not set, it is assumed that the
       TLS private key is not password encrypted.
       
      .envoy.config.core.v3.DataSource password = 3 [(.udpa.annotations.sensitive) = true];
      Returns:
      The password.
    • getPasswordOrBuilder

      DataSourceOrBuilder getPasswordOrBuilder()
       The password to decrypt the TLS private key. If this field is not set, it is assumed that the
       TLS private key is not password encrypted.
       
      .envoy.config.core.v3.DataSource password = 3 [(.udpa.annotations.sensitive) = true];
    • hasOcspStaple

      boolean hasOcspStaple()
       The OCSP response to be stapled with this certificate during the handshake.
       The response must be DER-encoded and may only be  provided via ``filename`` or
       ``inline_bytes``. The response may pertain to only one certificate.
       
      .envoy.config.core.v3.DataSource ocsp_staple = 4;
      Returns:
      Whether the ocspStaple field is set.
    • getOcspStaple

      DataSource getOcspStaple()
       The OCSP response to be stapled with this certificate during the handshake.
       The response must be DER-encoded and may only be  provided via ``filename`` or
       ``inline_bytes``. The response may pertain to only one certificate.
       
      .envoy.config.core.v3.DataSource ocsp_staple = 4;
      Returns:
      The ocspStaple.
    • getOcspStapleOrBuilder

      DataSourceOrBuilder getOcspStapleOrBuilder()
       The OCSP response to be stapled with this certificate during the handshake.
       The response must be DER-encoded and may only be  provided via ``filename`` or
       ``inline_bytes``. The response may pertain to only one certificate.
       
      .envoy.config.core.v3.DataSource ocsp_staple = 4;
    • getSignedCertificateTimestampList

      List<DataSource> getSignedCertificateTimestampList()
       [#not-implemented-hide:]
       
      repeated .envoy.config.core.v3.DataSource signed_certificate_timestamp = 5;
    • getSignedCertificateTimestamp

      DataSource getSignedCertificateTimestamp(int index)
       [#not-implemented-hide:]
       
      repeated .envoy.config.core.v3.DataSource signed_certificate_timestamp = 5;
    • getSignedCertificateTimestampCount

      int getSignedCertificateTimestampCount()
       [#not-implemented-hide:]
       
      repeated .envoy.config.core.v3.DataSource signed_certificate_timestamp = 5;
    • getSignedCertificateTimestampOrBuilderList

      List<? extends DataSourceOrBuilder> getSignedCertificateTimestampOrBuilderList()
       [#not-implemented-hide:]
       
      repeated .envoy.config.core.v3.DataSource signed_certificate_timestamp = 5;
    • getSignedCertificateTimestampOrBuilder

      DataSourceOrBuilder getSignedCertificateTimestampOrBuilder(int index)
       [#not-implemented-hide:]
       
      repeated .envoy.config.core.v3.DataSource signed_certificate_timestamp = 5;