Interface TlsCertificateOrBuilder
- All Superinterfaces:
com.google.protobuf.MessageLiteOrBuilder
,com.google.protobuf.MessageOrBuilder
- All Known Implementing Classes:
TlsCertificate
,TlsCertificate.Builder
public interface TlsCertificateOrBuilder
extends com.google.protobuf.MessageOrBuilder
-
Method Summary
Modifier and TypeMethodDescriptionThe TLS certificate chain.The TLS certificate chain.The OCSP response to be stapled with this certificate during the handshake.The OCSP response to be stapled with this certificate during the handshake.The password to decrypt the TLS private key.The password to decrypt the TLS private key.``Pkcs12`` data containing TLS certificate, chain, and private key.``Pkcs12`` data containing TLS certificate, chain, and private key.The TLS private key.The TLS private key.BoringSSL private key method provider.BoringSSL private key method provider.getSignedCertificateTimestamp
(int index) [#not-implemented-hide:]int
[#not-implemented-hide:][#not-implemented-hide:]getSignedCertificateTimestampOrBuilder
(int index) [#not-implemented-hide:]List
<? extends DataSourceOrBuilder> [#not-implemented-hide:]If specified, updates of file-based ``certificate_chain`` and ``private_key`` sources will be triggered by this watch.If specified, updates of file-based ``certificate_chain`` and ``private_key`` sources will be triggered by this watch.boolean
The TLS certificate chain.boolean
The OCSP response to be stapled with this certificate during the handshake.boolean
The password to decrypt the TLS private key.boolean
``Pkcs12`` data containing TLS certificate, chain, and private key.boolean
The TLS private key.boolean
BoringSSL private key method provider.boolean
If specified, updates of file-based ``certificate_chain`` and ``private_key`` sources will be triggered by this watch.Methods inherited from interface com.google.protobuf.MessageLiteOrBuilder
isInitialized
Methods inherited from interface com.google.protobuf.MessageOrBuilder
findInitializationErrors, getAllFields, getDefaultInstanceForType, getDescriptorForType, getField, getInitializationErrorString, getOneofFieldDescriptor, getRepeatedField, getRepeatedFieldCount, getUnknownFields, hasField, hasOneof
-
Method Details
-
hasCertificateChain
boolean hasCertificateChain()The TLS certificate chain. If ``certificate_chain`` is a filesystem path, a watch will be added to the parent directory for any file moves to support rotation. This currently only applies to dynamic secrets, when the ``TlsCertificate`` is delivered via SDS.
.envoy.config.core.v3.DataSource certificate_chain = 1;
- Returns:
- Whether the certificateChain field is set.
-
getCertificateChain
DataSource getCertificateChain()The TLS certificate chain. If ``certificate_chain`` is a filesystem path, a watch will be added to the parent directory for any file moves to support rotation. This currently only applies to dynamic secrets, when the ``TlsCertificate`` is delivered via SDS.
.envoy.config.core.v3.DataSource certificate_chain = 1;
- Returns:
- The certificateChain.
-
getCertificateChainOrBuilder
DataSourceOrBuilder getCertificateChainOrBuilder()The TLS certificate chain. If ``certificate_chain`` is a filesystem path, a watch will be added to the parent directory for any file moves to support rotation. This currently only applies to dynamic secrets, when the ``TlsCertificate`` is delivered via SDS.
.envoy.config.core.v3.DataSource certificate_chain = 1;
-
hasPrivateKey
boolean hasPrivateKey()The TLS private key. If ``private_key`` is a filesystem path, a watch will be added to the parent directory for any file moves to support rotation. This currently only applies to dynamic secrets, when the ``TlsCertificate`` is delivered via SDS.
.envoy.config.core.v3.DataSource private_key = 2 [(.udpa.annotations.sensitive) = true];
- Returns:
- Whether the privateKey field is set.
-
getPrivateKey
DataSource getPrivateKey()The TLS private key. If ``private_key`` is a filesystem path, a watch will be added to the parent directory for any file moves to support rotation. This currently only applies to dynamic secrets, when the ``TlsCertificate`` is delivered via SDS.
.envoy.config.core.v3.DataSource private_key = 2 [(.udpa.annotations.sensitive) = true];
- Returns:
- The privateKey.
-
getPrivateKeyOrBuilder
DataSourceOrBuilder getPrivateKeyOrBuilder()The TLS private key. If ``private_key`` is a filesystem path, a watch will be added to the parent directory for any file moves to support rotation. This currently only applies to dynamic secrets, when the ``TlsCertificate`` is delivered via SDS.
.envoy.config.core.v3.DataSource private_key = 2 [(.udpa.annotations.sensitive) = true];
-
hasPkcs12
boolean hasPkcs12()``Pkcs12`` data containing TLS certificate, chain, and private key. If ``pkcs12`` is a filesystem path, the file will be read, but no watch will be added to the parent directory, since ``pkcs12`` isn't used by SDS. This field is mutually exclusive with ``certificate_chain``, ``private_key`` and ``private_key_provider``. This can't be marked as ``oneof`` due to API compatibility reasons. Setting both :ref:`private_key <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>`, :ref:`certificate_chain <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.certificate_chain>`, or :ref:`private_key_provider <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key_provider>` and :ref:`pkcs12 <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.pkcs12>` fields will result in an error. Use :ref:`password <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.password>` to specify the password to unprotect the ``PKCS12`` data, if necessary.
.envoy.config.core.v3.DataSource pkcs12 = 8 [(.udpa.annotations.sensitive) = true];
- Returns:
- Whether the pkcs12 field is set.
-
getPkcs12
DataSource getPkcs12()``Pkcs12`` data containing TLS certificate, chain, and private key. If ``pkcs12`` is a filesystem path, the file will be read, but no watch will be added to the parent directory, since ``pkcs12`` isn't used by SDS. This field is mutually exclusive with ``certificate_chain``, ``private_key`` and ``private_key_provider``. This can't be marked as ``oneof`` due to API compatibility reasons. Setting both :ref:`private_key <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>`, :ref:`certificate_chain <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.certificate_chain>`, or :ref:`private_key_provider <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key_provider>` and :ref:`pkcs12 <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.pkcs12>` fields will result in an error. Use :ref:`password <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.password>` to specify the password to unprotect the ``PKCS12`` data, if necessary.
.envoy.config.core.v3.DataSource pkcs12 = 8 [(.udpa.annotations.sensitive) = true];
- Returns:
- The pkcs12.
-
getPkcs12OrBuilder
DataSourceOrBuilder getPkcs12OrBuilder()``Pkcs12`` data containing TLS certificate, chain, and private key. If ``pkcs12`` is a filesystem path, the file will be read, but no watch will be added to the parent directory, since ``pkcs12`` isn't used by SDS. This field is mutually exclusive with ``certificate_chain``, ``private_key`` and ``private_key_provider``. This can't be marked as ``oneof`` due to API compatibility reasons. Setting both :ref:`private_key <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>`, :ref:`certificate_chain <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.certificate_chain>`, or :ref:`private_key_provider <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key_provider>` and :ref:`pkcs12 <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.pkcs12>` fields will result in an error. Use :ref:`password <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.password>` to specify the password to unprotect the ``PKCS12`` data, if necessary.
.envoy.config.core.v3.DataSource pkcs12 = 8 [(.udpa.annotations.sensitive) = true];
-
hasWatchedDirectory
boolean hasWatchedDirectory()If specified, updates of file-based ``certificate_chain`` and ``private_key`` sources will be triggered by this watch. The certificate/key pair will be read together and validated for atomic read consistency (i.e. no intervening modification occurred between cert/key read, verified by file hash comparisons). This allows explicit control over the path watched, by default the parent directories of the filesystem paths in ``certificate_chain`` and ``private_key`` are watched if this field is not specified. This only applies when a ``TlsCertificate`` is delivered by SDS with references to filesystem paths. See the :ref:`SDS key rotation <sds_key_rotation>` documentation for further details.
.envoy.config.core.v3.WatchedDirectory watched_directory = 7;
- Returns:
- Whether the watchedDirectory field is set.
-
getWatchedDirectory
WatchedDirectory getWatchedDirectory()If specified, updates of file-based ``certificate_chain`` and ``private_key`` sources will be triggered by this watch. The certificate/key pair will be read together and validated for atomic read consistency (i.e. no intervening modification occurred between cert/key read, verified by file hash comparisons). This allows explicit control over the path watched, by default the parent directories of the filesystem paths in ``certificate_chain`` and ``private_key`` are watched if this field is not specified. This only applies when a ``TlsCertificate`` is delivered by SDS with references to filesystem paths. See the :ref:`SDS key rotation <sds_key_rotation>` documentation for further details.
.envoy.config.core.v3.WatchedDirectory watched_directory = 7;
- Returns:
- The watchedDirectory.
-
getWatchedDirectoryOrBuilder
WatchedDirectoryOrBuilder getWatchedDirectoryOrBuilder()If specified, updates of file-based ``certificate_chain`` and ``private_key`` sources will be triggered by this watch. The certificate/key pair will be read together and validated for atomic read consistency (i.e. no intervening modification occurred between cert/key read, verified by file hash comparisons). This allows explicit control over the path watched, by default the parent directories of the filesystem paths in ``certificate_chain`` and ``private_key`` are watched if this field is not specified. This only applies when a ``TlsCertificate`` is delivered by SDS with references to filesystem paths. See the :ref:`SDS key rotation <sds_key_rotation>` documentation for further details.
.envoy.config.core.v3.WatchedDirectory watched_directory = 7;
-
hasPrivateKeyProvider
boolean hasPrivateKeyProvider()BoringSSL private key method provider. This is an alternative to :ref:`private_key <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>` field. This can't be marked as ``oneof`` due to API compatibility reasons. Setting both :ref:`private_key <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>` and :ref:`private_key_provider <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key_provider>` fields will result in an error.
.envoy.extensions.transport_sockets.tls.v3.PrivateKeyProvider private_key_provider = 6;
- Returns:
- Whether the privateKeyProvider field is set.
-
getPrivateKeyProvider
PrivateKeyProvider getPrivateKeyProvider()BoringSSL private key method provider. This is an alternative to :ref:`private_key <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>` field. This can't be marked as ``oneof`` due to API compatibility reasons. Setting both :ref:`private_key <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>` and :ref:`private_key_provider <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key_provider>` fields will result in an error.
.envoy.extensions.transport_sockets.tls.v3.PrivateKeyProvider private_key_provider = 6;
- Returns:
- The privateKeyProvider.
-
getPrivateKeyProviderOrBuilder
PrivateKeyProviderOrBuilder getPrivateKeyProviderOrBuilder()BoringSSL private key method provider. This is an alternative to :ref:`private_key <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>` field. This can't be marked as ``oneof`` due to API compatibility reasons. Setting both :ref:`private_key <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>` and :ref:`private_key_provider <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key_provider>` fields will result in an error.
.envoy.extensions.transport_sockets.tls.v3.PrivateKeyProvider private_key_provider = 6;
-
hasPassword
boolean hasPassword()The password to decrypt the TLS private key. If this field is not set, it is assumed that the TLS private key is not password encrypted.
.envoy.config.core.v3.DataSource password = 3 [(.udpa.annotations.sensitive) = true];
- Returns:
- Whether the password field is set.
-
getPassword
DataSource getPassword()The password to decrypt the TLS private key. If this field is not set, it is assumed that the TLS private key is not password encrypted.
.envoy.config.core.v3.DataSource password = 3 [(.udpa.annotations.sensitive) = true];
- Returns:
- The password.
-
getPasswordOrBuilder
DataSourceOrBuilder getPasswordOrBuilder()The password to decrypt the TLS private key. If this field is not set, it is assumed that the TLS private key is not password encrypted.
.envoy.config.core.v3.DataSource password = 3 [(.udpa.annotations.sensitive) = true];
-
hasOcspStaple
boolean hasOcspStaple()The OCSP response to be stapled with this certificate during the handshake. The response must be DER-encoded and may only be provided via ``filename`` or ``inline_bytes``. The response may pertain to only one certificate.
.envoy.config.core.v3.DataSource ocsp_staple = 4;
- Returns:
- Whether the ocspStaple field is set.
-
getOcspStaple
DataSource getOcspStaple()The OCSP response to be stapled with this certificate during the handshake. The response must be DER-encoded and may only be provided via ``filename`` or ``inline_bytes``. The response may pertain to only one certificate.
.envoy.config.core.v3.DataSource ocsp_staple = 4;
- Returns:
- The ocspStaple.
-
getOcspStapleOrBuilder
DataSourceOrBuilder getOcspStapleOrBuilder()The OCSP response to be stapled with this certificate during the handshake. The response must be DER-encoded and may only be provided via ``filename`` or ``inline_bytes``. The response may pertain to only one certificate.
.envoy.config.core.v3.DataSource ocsp_staple = 4;
-
getSignedCertificateTimestampList
List<DataSource> getSignedCertificateTimestampList()[#not-implemented-hide:]
repeated .envoy.config.core.v3.DataSource signed_certificate_timestamp = 5;
-
getSignedCertificateTimestamp
[#not-implemented-hide:]
repeated .envoy.config.core.v3.DataSource signed_certificate_timestamp = 5;
-
getSignedCertificateTimestampCount
int getSignedCertificateTimestampCount()[#not-implemented-hide:]
repeated .envoy.config.core.v3.DataSource signed_certificate_timestamp = 5;
-
getSignedCertificateTimestampOrBuilderList
List<? extends DataSourceOrBuilder> getSignedCertificateTimestampOrBuilderList()[#not-implemented-hide:]
repeated .envoy.config.core.v3.DataSource signed_certificate_timestamp = 5;
-
getSignedCertificateTimestampOrBuilder
[#not-implemented-hide:]
repeated .envoy.config.core.v3.DataSource signed_certificate_timestamp = 5;
-