envoy.api.v2.auth

Class Cert.TlsSessionTicketKeys

java.lang.Object

com.google.protobuf.AbstractMessageLite

com.google.protobuf.AbstractMessage

com.google.protobuf.GeneratedMessageV3

envoy.api.v2.auth.Cert.TlsSessionTicketKeys

All Implemented Interfaces:

com.google.protobuf.Message, com.google.protobuf.MessageLite, com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder, Cert.TlsSessionTicketKeysOrBuilder, Serializable

Enclosing class:

Cert

public static final class Cert.TlsSessionTicketKeys
extends com.google.protobuf.GeneratedMessageV3
implements Cert.TlsSessionTicketKeysOrBuilder

Protobuf type envoy.api.v2.auth.TlsSessionTicketKeys

See Also:

Serialized Form

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	Cert.TlsSessionTicketKeys.Builder Protobuf type envoy.api.v2.auth.TlsSessionTicketKeys

Nested classes/interfaces inherited from class com.google.protobuf.GeneratedMessageV3

com.google.protobuf.GeneratedMessageV3.BuilderParent, com.google.protobuf.GeneratedMessageV3.ExtendableBuilder<MessageType extends com.google.protobuf.GeneratedMessageV3.ExtendableMessage,BuilderType extends com.google.protobuf.GeneratedMessageV3.ExtendableBuilder<MessageType,BuilderType>>, com.google.protobuf.GeneratedMessageV3.ExtendableMessage<MessageType extends com.google.protobuf.GeneratedMessageV3.ExtendableMessage>, com.google.protobuf.GeneratedMessageV3.ExtendableMessageOrBuilder<MessageType extends com.google.protobuf.GeneratedMessageV3.ExtendableMessage>, com.google.protobuf.GeneratedMessageV3.FieldAccessorTable

Field Summary

Fields

Modifier and Type	Field and Description
static int	KEYS_FIELD_NUMBER

Fields inherited from class com.google.protobuf.GeneratedMessageV3

alwaysUseFieldBuilders, unknownFields

Fields inherited from class com.google.protobuf.AbstractMessage

memoizedSize

Fields inherited from class com.google.protobuf.AbstractMessageLite

memoizedHashCode

Method Summary

Modifier and Type	Method and Description
boolean	equals(Object obj)
static Cert.TlsSessionTicketKeys	getDefaultInstance()
Cert.TlsSessionTicketKeys	getDefaultInstanceForType()
static com.google.protobuf.Descriptors.Descriptor	getDescriptor()
Base.DataSource	getKeys(int index) Keys for encrypting and decrypting TLS session tickets.
int	getKeysCount() Keys for encrypting and decrypting TLS session tickets.
List<Base.DataSource>	getKeysList() Keys for encrypting and decrypting TLS session tickets.
Base.DataSourceOrBuilder	getKeysOrBuilder(int index) Keys for encrypting and decrypting TLS session tickets.
List<? extends Base.DataSourceOrBuilder>	getKeysOrBuilderList() Keys for encrypting and decrypting TLS session tickets.
com.google.protobuf.Parser<Cert.TlsSessionTicketKeys>	getParserForType()
int	getSerializedSize()
com.google.protobuf.UnknownFieldSet	getUnknownFields()
int	hashCode()
protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable	internalGetFieldAccessorTable()
boolean	isInitialized()
static Cert.TlsSessionTicketKeys.Builder	newBuilder()
static Cert.TlsSessionTicketKeys.Builder	newBuilder(Cert.TlsSessionTicketKeys prototype)
Cert.TlsSessionTicketKeys.Builder	newBuilderForType()
protected Cert.TlsSessionTicketKeys.Builder	newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent)
static Cert.TlsSessionTicketKeys	parseDelimitedFrom(InputStream input)
static Cert.TlsSessionTicketKeys	parseDelimitedFrom(InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
static Cert.TlsSessionTicketKeys	parseFrom(byte[] data)
static Cert.TlsSessionTicketKeys	parseFrom(byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
static Cert.TlsSessionTicketKeys	parseFrom(ByteBuffer data)
static Cert.TlsSessionTicketKeys	parseFrom(ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
static Cert.TlsSessionTicketKeys	parseFrom(com.google.protobuf.ByteString data)
static Cert.TlsSessionTicketKeys	parseFrom(com.google.protobuf.ByteString data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
static Cert.TlsSessionTicketKeys	parseFrom(com.google.protobuf.CodedInputStream input)
static Cert.TlsSessionTicketKeys	parseFrom(com.google.protobuf.CodedInputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
static Cert.TlsSessionTicketKeys	parseFrom(InputStream input)
static Cert.TlsSessionTicketKeys	parseFrom(InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
static com.google.protobuf.Parser<Cert.TlsSessionTicketKeys>	parser()
Cert.TlsSessionTicketKeys.Builder	toBuilder()
void	writeTo(com.google.protobuf.CodedOutputStream output)

Methods inherited from class com.google.protobuf.GeneratedMessageV3

canUseUnsafe, computeStringSize, computeStringSizeNoTag, getAllFields, getDescriptorForType, getField, getOneofFieldDescriptor, getRepeatedField, getRepeatedFieldCount, hasField, hasOneof, internalGetMapField, makeExtensionsImmutable, newBuilderForType, parseDelimitedWithIOException, parseDelimitedWithIOException, parseUnknownField, parseUnknownFieldProto3, parseWithIOException, parseWithIOException, parseWithIOException, parseWithIOException, serializeBooleanMapTo, serializeIntegerMapTo, serializeLongMapTo, serializeStringMapTo, writeReplace, writeString, writeStringNoTag

Methods inherited from class com.google.protobuf.AbstractMessage

findInitializationErrors, getInitializationErrorString, hashBoolean, hashEnum, hashEnumList, hashFields, hashLong, toString

Methods inherited from class com.google.protobuf.AbstractMessageLite

addAll, addAll, checkByteStringIsUtf8, toByteArray, toByteString, writeDelimitedTo, writeTo

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Methods inherited from interface com.google.protobuf.MessageOrBuilder

findInitializationErrors, getAllFields, getDescriptorForType, getField, getInitializationErrorString, getOneofFieldDescriptor, getRepeatedField, getRepeatedFieldCount, hasField, hasOneof

Methods inherited from interface com.google.protobuf.MessageLite

toByteArray, toByteString, writeDelimitedTo, writeTo

Field Detail

KEYS_FIELD_NUMBER

public static final int KEYS_FIELD_NUMBER

See Also:

Constant Field Values

Method Detail

getUnknownFields

public final com.google.protobuf.UnknownFieldSet getUnknownFields()

Specified by:

getUnknownFields in interface com.google.protobuf.MessageOrBuilder

Overrides:

getUnknownFields in class com.google.protobuf.GeneratedMessageV3

getDescriptor

public static final com.google.protobuf.Descriptors.Descriptor getDescriptor()

internalGetFieldAccessorTable

protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()

Specified by:

internalGetFieldAccessorTable in class com.google.protobuf.GeneratedMessageV3

getKeysList

public List<Base.DataSource> getKeysList()

 Keys for encrypting and decrypting TLS session tickets. The
 first key in the array contains the key to encrypt all new sessions created by this context.
 All keys are candidates for decrypting received tickets. This allows for easy rotation of keys
 by, for example, putting the new key first, and the previous key second.
 If :ref:`session_ticket_keys <envoy_api_field_auth.DownstreamTlsContext.session_ticket_keys>`
 is not specified, the TLS library will still support resuming sessions via tickets, but it will
 use an internally-generated and managed key, so sessions cannot be resumed across hot restarts
 or on different hosts.
 Each key must contain exactly 80 bytes of cryptographically-secure random data. For
 example, the output of ``openssl rand 80``.
 .. attention::
   Using this feature has serious security considerations and risks. Improper handling of keys
   may result in loss of secrecy in connections, even if ciphers supporting perfect forward
   secrecy are used. See https://www.imperialviolet.org/2013/06/27/botchingpfs.html for some
   discussion. To minimize the risk, you must:
   * Keep the session ticket keys at least as secure as your TLS certificate private keys
   * Rotate session ticket keys at least daily, and preferably hourly
   * Always generate keys using a cryptographically-secure random data source
 

repeated .envoy.api.v2.core.DataSource keys = 1 [(.validate.rules) = { ... }

Specified by:

getKeysList in interface Cert.TlsSessionTicketKeysOrBuilder

getKeysOrBuilderList

public List<? extends Base.DataSourceOrBuilder> getKeysOrBuilderList()

 Keys for encrypting and decrypting TLS session tickets. The
 first key in the array contains the key to encrypt all new sessions created by this context.
 All keys are candidates for decrypting received tickets. This allows for easy rotation of keys
 by, for example, putting the new key first, and the previous key second.
 If :ref:`session_ticket_keys <envoy_api_field_auth.DownstreamTlsContext.session_ticket_keys>`
 is not specified, the TLS library will still support resuming sessions via tickets, but it will
 use an internally-generated and managed key, so sessions cannot be resumed across hot restarts
 or on different hosts.
 Each key must contain exactly 80 bytes of cryptographically-secure random data. For
 example, the output of ``openssl rand 80``.
 .. attention::
   Using this feature has serious security considerations and risks. Improper handling of keys
   may result in loss of secrecy in connections, even if ciphers supporting perfect forward
   secrecy are used. See https://www.imperialviolet.org/2013/06/27/botchingpfs.html for some
   discussion. To minimize the risk, you must:
   * Keep the session ticket keys at least as secure as your TLS certificate private keys
   * Rotate session ticket keys at least daily, and preferably hourly
   * Always generate keys using a cryptographically-secure random data source
 

repeated .envoy.api.v2.core.DataSource keys = 1 [(.validate.rules) = { ... }

Specified by:

getKeysOrBuilderList in interface Cert.TlsSessionTicketKeysOrBuilder

getKeysCount

public int getKeysCount()

 Keys for encrypting and decrypting TLS session tickets. The
 first key in the array contains the key to encrypt all new sessions created by this context.
 All keys are candidates for decrypting received tickets. This allows for easy rotation of keys
 by, for example, putting the new key first, and the previous key second.
 If :ref:`session_ticket_keys <envoy_api_field_auth.DownstreamTlsContext.session_ticket_keys>`
 is not specified, the TLS library will still support resuming sessions via tickets, but it will
 use an internally-generated and managed key, so sessions cannot be resumed across hot restarts
 or on different hosts.
 Each key must contain exactly 80 bytes of cryptographically-secure random data. For
 example, the output of ``openssl rand 80``.
 .. attention::
   Using this feature has serious security considerations and risks. Improper handling of keys
   may result in loss of secrecy in connections, even if ciphers supporting perfect forward
   secrecy are used. See https://www.imperialviolet.org/2013/06/27/botchingpfs.html for some
   discussion. To minimize the risk, you must:
   * Keep the session ticket keys at least as secure as your TLS certificate private keys
   * Rotate session ticket keys at least daily, and preferably hourly
   * Always generate keys using a cryptographically-secure random data source
 

repeated .envoy.api.v2.core.DataSource keys = 1 [(.validate.rules) = { ... }

Specified by:

getKeysCount in interface Cert.TlsSessionTicketKeysOrBuilder

getKeys

public Base.DataSource getKeys(int index)

 Keys for encrypting and decrypting TLS session tickets. The
 first key in the array contains the key to encrypt all new sessions created by this context.
 All keys are candidates for decrypting received tickets. This allows for easy rotation of keys
 by, for example, putting the new key first, and the previous key second.
 If :ref:`session_ticket_keys <envoy_api_field_auth.DownstreamTlsContext.session_ticket_keys>`
 is not specified, the TLS library will still support resuming sessions via tickets, but it will
 use an internally-generated and managed key, so sessions cannot be resumed across hot restarts
 or on different hosts.
 Each key must contain exactly 80 bytes of cryptographically-secure random data. For
 example, the output of ``openssl rand 80``.
 .. attention::
   Using this feature has serious security considerations and risks. Improper handling of keys
   may result in loss of secrecy in connections, even if ciphers supporting perfect forward
   secrecy are used. See https://www.imperialviolet.org/2013/06/27/botchingpfs.html for some
   discussion. To minimize the risk, you must:
   * Keep the session ticket keys at least as secure as your TLS certificate private keys
   * Rotate session ticket keys at least daily, and preferably hourly
   * Always generate keys using a cryptographically-secure random data source
 

repeated .envoy.api.v2.core.DataSource keys = 1 [(.validate.rules) = { ... }

Specified by:

getKeys in interface Cert.TlsSessionTicketKeysOrBuilder

getKeysOrBuilder

public Base.DataSourceOrBuilder getKeysOrBuilder(int index)

 Keys for encrypting and decrypting TLS session tickets. The
 first key in the array contains the key to encrypt all new sessions created by this context.
 All keys are candidates for decrypting received tickets. This allows for easy rotation of keys
 by, for example, putting the new key first, and the previous key second.
 If :ref:`session_ticket_keys <envoy_api_field_auth.DownstreamTlsContext.session_ticket_keys>`
 is not specified, the TLS library will still support resuming sessions via tickets, but it will
 use an internally-generated and managed key, so sessions cannot be resumed across hot restarts
 or on different hosts.
 Each key must contain exactly 80 bytes of cryptographically-secure random data. For
 example, the output of ``openssl rand 80``.
 .. attention::
   Using this feature has serious security considerations and risks. Improper handling of keys
   may result in loss of secrecy in connections, even if ciphers supporting perfect forward
   secrecy are used. See https://www.imperialviolet.org/2013/06/27/botchingpfs.html for some
   discussion. To minimize the risk, you must:
   * Keep the session ticket keys at least as secure as your TLS certificate private keys
   * Rotate session ticket keys at least daily, and preferably hourly
   * Always generate keys using a cryptographically-secure random data source
 

repeated .envoy.api.v2.core.DataSource keys = 1 [(.validate.rules) = { ... }

Specified by:

getKeysOrBuilder in interface Cert.TlsSessionTicketKeysOrBuilder

isInitialized

public final boolean isInitialized()

Specified by:

isInitialized in interface com.google.protobuf.MessageLiteOrBuilder

Overrides:

isInitialized in class com.google.protobuf.GeneratedMessageV3

writeTo

public void writeTo(com.google.protobuf.CodedOutputStream output)
             throws IOException

Specified by:

writeTo in interface com.google.protobuf.MessageLite

Overrides:

writeTo in class com.google.protobuf.GeneratedMessageV3

Throws:

IOException

getSerializedSize

public int getSerializedSize()

Specified by:

getSerializedSize in interface com.google.protobuf.MessageLite

Overrides:

getSerializedSize in class com.google.protobuf.GeneratedMessageV3

equals

public boolean equals(Object obj)

Specified by:

equals in interface com.google.protobuf.Message

Overrides:

equals in class com.google.protobuf.AbstractMessage

hashCode

public int hashCode()

Specified by:

hashCode in interface com.google.protobuf.Message

Overrides:

hashCode in class com.google.protobuf.AbstractMessage

parseFrom

public static Cert.TlsSessionTicketKeys parseFrom(ByteBuffer data)
                                           throws com.google.protobuf.InvalidProtocolBufferException

Throws:

com.google.protobuf.InvalidProtocolBufferException

parseFrom

public static Cert.TlsSessionTicketKeys parseFrom(ByteBuffer data,
                                                  com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                                           throws com.google.protobuf.InvalidProtocolBufferException

Throws:

com.google.protobuf.InvalidProtocolBufferException

parseFrom

public static Cert.TlsSessionTicketKeys parseFrom(com.google.protobuf.ByteString data)
                                           throws com.google.protobuf.InvalidProtocolBufferException

Throws:

com.google.protobuf.InvalidProtocolBufferException

parseFrom

public static Cert.TlsSessionTicketKeys parseFrom(com.google.protobuf.ByteString data,
                                                  com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                                           throws com.google.protobuf.InvalidProtocolBufferException

Throws:

com.google.protobuf.InvalidProtocolBufferException

parseFrom

public static Cert.TlsSessionTicketKeys parseFrom(byte[] data)
                                           throws com.google.protobuf.InvalidProtocolBufferException

Throws:

com.google.protobuf.InvalidProtocolBufferException

parseFrom

public static Cert.TlsSessionTicketKeys parseFrom(byte[] data,
                                                  com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                                           throws com.google.protobuf.InvalidProtocolBufferException

Throws:

com.google.protobuf.InvalidProtocolBufferException

parseFrom

public static Cert.TlsSessionTicketKeys parseFrom(InputStream input)
                                           throws IOException

Throws:

IOException

parseFrom

public static Cert.TlsSessionTicketKeys parseFrom(InputStream input,
                                                  com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                                           throws IOException

Throws:

IOException

parseDelimitedFrom

public static Cert.TlsSessionTicketKeys parseDelimitedFrom(InputStream input)
                                                    throws IOException

Throws:

IOException

parseDelimitedFrom

public static Cert.TlsSessionTicketKeys parseDelimitedFrom(InputStream input,
                                                           com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                                                    throws IOException

Throws:

IOException

parseFrom

public static Cert.TlsSessionTicketKeys parseFrom(com.google.protobuf.CodedInputStream input)
                                           throws IOException

Throws:

IOException

parseFrom

public static Cert.TlsSessionTicketKeys parseFrom(com.google.protobuf.CodedInputStream input,
                                                  com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                                           throws IOException

Throws:

IOException

newBuilderForType

public Cert.TlsSessionTicketKeys.Builder newBuilderForType()

Specified by:

newBuilderForType in interface com.google.protobuf.Message

Specified by:

newBuilderForType in interface com.google.protobuf.MessageLite

newBuilder

public static Cert.TlsSessionTicketKeys.Builder newBuilder()

newBuilder

public static Cert.TlsSessionTicketKeys.Builder newBuilder(Cert.TlsSessionTicketKeys prototype)

toBuilder

public Cert.TlsSessionTicketKeys.Builder toBuilder()

Specified by:

toBuilder in interface com.google.protobuf.Message

Specified by:

toBuilder in interface com.google.protobuf.MessageLite

newBuilderForType

protected Cert.TlsSessionTicketKeys.Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent)

Specified by:

newBuilderForType in class com.google.protobuf.GeneratedMessageV3

getDefaultInstance

public static Cert.TlsSessionTicketKeys getDefaultInstance()

parser

public static com.google.protobuf.Parser<Cert.TlsSessionTicketKeys> parser()

getParserForType

public com.google.protobuf.Parser<Cert.TlsSessionTicketKeys> getParserForType()

Specified by:

getParserForType in interface com.google.protobuf.Message

Specified by:

getParserForType in interface com.google.protobuf.MessageLite

Overrides:

getParserForType in class com.google.protobuf.GeneratedMessageV3

getDefaultInstanceForType

public Cert.TlsSessionTicketKeys getDefaultInstanceForType()

Specified by:

getDefaultInstanceForType in interface com.google.protobuf.MessageLiteOrBuilder

Specified by:

getDefaultInstanceForType in interface com.google.protobuf.MessageOrBuilder