public static final class Cert.CertificateValidationContext.Builder extends com.google.protobuf.GeneratedMessageV3.Builder<Cert.CertificateValidationContext.Builder> implements Cert.CertificateValidationContextOrBuilder
envoy.api.v2.auth.CertificateValidationContext| Modifier and Type | Method and Description |
|---|---|
Cert.CertificateValidationContext.Builder |
addAllVerifyCertificateHash(Iterable<String> values)
If specified, Envoy will verify (pin) the hex-encoded SHA-256 fingerprint of
the presented certificate.
|
Cert.CertificateValidationContext.Builder |
addAllVerifySpkiSha256(Iterable<String> values)
If specified, Envoy will verify (pin) base64-encoded SHA-256 hash of
the Subject Public Key Information (SPKI) of the presented certificate.
|
Cert.CertificateValidationContext.Builder |
addAllVerifySubjectAltName(Iterable<String> values)
An optional list of subject alternative names.
|
Cert.CertificateValidationContext.Builder |
addRepeatedField(com.google.protobuf.Descriptors.FieldDescriptor field,
Object value) |
Cert.CertificateValidationContext.Builder |
addVerifyCertificateHash(String value)
If specified, Envoy will verify (pin) the hex-encoded SHA-256 fingerprint of
the presented certificate.
|
Cert.CertificateValidationContext.Builder |
addVerifyCertificateHashBytes(com.google.protobuf.ByteString value)
If specified, Envoy will verify (pin) the hex-encoded SHA-256 fingerprint of
the presented certificate.
|
Cert.CertificateValidationContext.Builder |
addVerifySpkiSha256(String value)
If specified, Envoy will verify (pin) base64-encoded SHA-256 hash of
the Subject Public Key Information (SPKI) of the presented certificate.
|
Cert.CertificateValidationContext.Builder |
addVerifySpkiSha256Bytes(com.google.protobuf.ByteString value)
If specified, Envoy will verify (pin) base64-encoded SHA-256 hash of
the Subject Public Key Information (SPKI) of the presented certificate.
|
Cert.CertificateValidationContext.Builder |
addVerifySubjectAltName(String value)
An optional list of subject alternative names.
|
Cert.CertificateValidationContext.Builder |
addVerifySubjectAltNameBytes(com.google.protobuf.ByteString value)
An optional list of subject alternative names.
|
Cert.CertificateValidationContext |
build() |
Cert.CertificateValidationContext |
buildPartial() |
Cert.CertificateValidationContext.Builder |
clear() |
Cert.CertificateValidationContext.Builder |
clearCrl()
An optional `certificate revocation list
<http://https://en.wikipedia.org/wiki/Certificate_revocation_list>`_
(in PEM format).
|
Cert.CertificateValidationContext.Builder |
clearField(com.google.protobuf.Descriptors.FieldDescriptor field) |
Cert.CertificateValidationContext.Builder |
clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) |
Cert.CertificateValidationContext.Builder |
clearRequireOcspStaple()
[#not-implemented-hide:] Must present a signed time-stamped OCSP response.
|
Cert.CertificateValidationContext.Builder |
clearRequireSignedCertificateTimestamp()
[#not-implemented-hide:] Must present signed certificate time-stamp.
|
Cert.CertificateValidationContext.Builder |
clearTrustedCa()
TLS certificate data containing certificate authority certificates to use in verifying
a presented peer certificate (e.g. server certificate for clusters or client certificate
for listeners).
|
Cert.CertificateValidationContext.Builder |
clearVerifyCertificateHash()
If specified, Envoy will verify (pin) the hex-encoded SHA-256 fingerprint of
the presented certificate.
|
Cert.CertificateValidationContext.Builder |
clearVerifySpkiSha256()
If specified, Envoy will verify (pin) base64-encoded SHA-256 hash of
the Subject Public Key Information (SPKI) of the presented certificate.
|
Cert.CertificateValidationContext.Builder |
clearVerifySubjectAltName()
An optional list of subject alternative names.
|
Cert.CertificateValidationContext.Builder |
clone() |
Base.DataSource |
getCrl()
An optional `certificate revocation list
<http://https://en.wikipedia.org/wiki/Certificate_revocation_list>`_
(in PEM format).
|
Base.DataSource.Builder |
getCrlBuilder()
An optional `certificate revocation list
<http://https://en.wikipedia.org/wiki/Certificate_revocation_list>`_
(in PEM format).
|
Base.DataSourceOrBuilder |
getCrlOrBuilder()
An optional `certificate revocation list
<http://https://en.wikipedia.org/wiki/Certificate_revocation_list>`_
(in PEM format).
|
Cert.CertificateValidationContext |
getDefaultInstanceForType() |
static com.google.protobuf.Descriptors.Descriptor |
getDescriptor() |
com.google.protobuf.Descriptors.Descriptor |
getDescriptorForType() |
com.google.protobuf.BoolValue |
getRequireOcspStaple()
[#not-implemented-hide:] Must present a signed time-stamped OCSP response.
|
com.google.protobuf.BoolValue.Builder |
getRequireOcspStapleBuilder()
[#not-implemented-hide:] Must present a signed time-stamped OCSP response.
|
com.google.protobuf.BoolValueOrBuilder |
getRequireOcspStapleOrBuilder()
[#not-implemented-hide:] Must present a signed time-stamped OCSP response.
|
com.google.protobuf.BoolValue |
getRequireSignedCertificateTimestamp()
[#not-implemented-hide:] Must present signed certificate time-stamp.
|
com.google.protobuf.BoolValue.Builder |
getRequireSignedCertificateTimestampBuilder()
[#not-implemented-hide:] Must present signed certificate time-stamp.
|
com.google.protobuf.BoolValueOrBuilder |
getRequireSignedCertificateTimestampOrBuilder()
[#not-implemented-hide:] Must present signed certificate time-stamp.
|
Base.DataSource |
getTrustedCa()
TLS certificate data containing certificate authority certificates to use in verifying
a presented peer certificate (e.g. server certificate for clusters or client certificate
for listeners).
|
Base.DataSource.Builder |
getTrustedCaBuilder()
TLS certificate data containing certificate authority certificates to use in verifying
a presented peer certificate (e.g. server certificate for clusters or client certificate
for listeners).
|
Base.DataSourceOrBuilder |
getTrustedCaOrBuilder()
TLS certificate data containing certificate authority certificates to use in verifying
a presented peer certificate (e.g. server certificate for clusters or client certificate
for listeners).
|
String |
getVerifyCertificateHash(int index)
If specified, Envoy will verify (pin) the hex-encoded SHA-256 fingerprint of
the presented certificate.
|
com.google.protobuf.ByteString |
getVerifyCertificateHashBytes(int index)
If specified, Envoy will verify (pin) the hex-encoded SHA-256 fingerprint of
the presented certificate.
|
int |
getVerifyCertificateHashCount()
If specified, Envoy will verify (pin) the hex-encoded SHA-256 fingerprint of
the presented certificate.
|
com.google.protobuf.ProtocolStringList |
getVerifyCertificateHashList()
If specified, Envoy will verify (pin) the hex-encoded SHA-256 fingerprint of
the presented certificate.
|
String |
getVerifySpkiSha256(int index)
If specified, Envoy will verify (pin) base64-encoded SHA-256 hash of
the Subject Public Key Information (SPKI) of the presented certificate.
|
com.google.protobuf.ByteString |
getVerifySpkiSha256Bytes(int index)
If specified, Envoy will verify (pin) base64-encoded SHA-256 hash of
the Subject Public Key Information (SPKI) of the presented certificate.
|
int |
getVerifySpkiSha256Count()
If specified, Envoy will verify (pin) base64-encoded SHA-256 hash of
the Subject Public Key Information (SPKI) of the presented certificate.
|
com.google.protobuf.ProtocolStringList |
getVerifySpkiSha256List()
If specified, Envoy will verify (pin) base64-encoded SHA-256 hash of
the Subject Public Key Information (SPKI) of the presented certificate.
|
String |
getVerifySubjectAltName(int index)
An optional list of subject alternative names.
|
com.google.protobuf.ByteString |
getVerifySubjectAltNameBytes(int index)
An optional list of subject alternative names.
|
int |
getVerifySubjectAltNameCount()
An optional list of subject alternative names.
|
com.google.protobuf.ProtocolStringList |
getVerifySubjectAltNameList()
An optional list of subject alternative names.
|
boolean |
hasCrl()
An optional `certificate revocation list
<http://https://en.wikipedia.org/wiki/Certificate_revocation_list>`_
(in PEM format).
|
boolean |
hasRequireOcspStaple()
[#not-implemented-hide:] Must present a signed time-stamped OCSP response.
|
boolean |
hasRequireSignedCertificateTimestamp()
[#not-implemented-hide:] Must present signed certificate time-stamp.
|
boolean |
hasTrustedCa()
TLS certificate data containing certificate authority certificates to use in verifying
a presented peer certificate (e.g. server certificate for clusters or client certificate
for listeners).
|
protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable |
internalGetFieldAccessorTable() |
boolean |
isInitialized() |
Cert.CertificateValidationContext.Builder |
mergeCrl(Base.DataSource value)
An optional `certificate revocation list
<http://https://en.wikipedia.org/wiki/Certificate_revocation_list>`_
(in PEM format).
|
Cert.CertificateValidationContext.Builder |
mergeFrom(Cert.CertificateValidationContext other) |
Cert.CertificateValidationContext.Builder |
mergeFrom(com.google.protobuf.CodedInputStream input,
com.google.protobuf.ExtensionRegistryLite extensionRegistry) |
Cert.CertificateValidationContext.Builder |
mergeFrom(com.google.protobuf.Message other) |
Cert.CertificateValidationContext.Builder |
mergeRequireOcspStaple(com.google.protobuf.BoolValue value)
[#not-implemented-hide:] Must present a signed time-stamped OCSP response.
|
Cert.CertificateValidationContext.Builder |
mergeRequireSignedCertificateTimestamp(com.google.protobuf.BoolValue value)
[#not-implemented-hide:] Must present signed certificate time-stamp.
|
Cert.CertificateValidationContext.Builder |
mergeTrustedCa(Base.DataSource value)
TLS certificate data containing certificate authority certificates to use in verifying
a presented peer certificate (e.g. server certificate for clusters or client certificate
for listeners).
|
Cert.CertificateValidationContext.Builder |
mergeUnknownFields(com.google.protobuf.UnknownFieldSet unknownFields) |
Cert.CertificateValidationContext.Builder |
setCrl(Base.DataSource.Builder builderForValue)
An optional `certificate revocation list
<http://https://en.wikipedia.org/wiki/Certificate_revocation_list>`_
(in PEM format).
|
Cert.CertificateValidationContext.Builder |
setCrl(Base.DataSource value)
An optional `certificate revocation list
<http://https://en.wikipedia.org/wiki/Certificate_revocation_list>`_
(in PEM format).
|
Cert.CertificateValidationContext.Builder |
setField(com.google.protobuf.Descriptors.FieldDescriptor field,
Object value) |
Cert.CertificateValidationContext.Builder |
setRepeatedField(com.google.protobuf.Descriptors.FieldDescriptor field,
int index,
Object value) |
Cert.CertificateValidationContext.Builder |
setRequireOcspStaple(com.google.protobuf.BoolValue.Builder builderForValue)
[#not-implemented-hide:] Must present a signed time-stamped OCSP response.
|
Cert.CertificateValidationContext.Builder |
setRequireOcspStaple(com.google.protobuf.BoolValue value)
[#not-implemented-hide:] Must present a signed time-stamped OCSP response.
|
Cert.CertificateValidationContext.Builder |
setRequireSignedCertificateTimestamp(com.google.protobuf.BoolValue.Builder builderForValue)
[#not-implemented-hide:] Must present signed certificate time-stamp.
|
Cert.CertificateValidationContext.Builder |
setRequireSignedCertificateTimestamp(com.google.protobuf.BoolValue value)
[#not-implemented-hide:] Must present signed certificate time-stamp.
|
Cert.CertificateValidationContext.Builder |
setTrustedCa(Base.DataSource.Builder builderForValue)
TLS certificate data containing certificate authority certificates to use in verifying
a presented peer certificate (e.g. server certificate for clusters or client certificate
for listeners).
|
Cert.CertificateValidationContext.Builder |
setTrustedCa(Base.DataSource value)
TLS certificate data containing certificate authority certificates to use in verifying
a presented peer certificate (e.g. server certificate for clusters or client certificate
for listeners).
|
Cert.CertificateValidationContext.Builder |
setUnknownFields(com.google.protobuf.UnknownFieldSet unknownFields) |
Cert.CertificateValidationContext.Builder |
setVerifyCertificateHash(int index,
String value)
If specified, Envoy will verify (pin) the hex-encoded SHA-256 fingerprint of
the presented certificate.
|
Cert.CertificateValidationContext.Builder |
setVerifySpkiSha256(int index,
String value)
If specified, Envoy will verify (pin) base64-encoded SHA-256 hash of
the Subject Public Key Information (SPKI) of the presented certificate.
|
Cert.CertificateValidationContext.Builder |
setVerifySubjectAltName(int index,
String value)
An optional list of subject alternative names.
|
getAllFields, getField, getFieldBuilder, getOneofFieldDescriptor, getParentForChildren, getRepeatedField, getRepeatedFieldBuilder, getRepeatedFieldCount, getUnknownFields, hasField, hasOneof, internalGetMapField, internalGetMutableMapField, isClean, markClean, newBuilderForField, onBuilt, onChanged, setUnknownFieldsProto3findInitializationErrors, getInitializationErrorString, internalMergeFrom, mergeDelimitedFrom, mergeDelimitedFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, newUninitializedMessageException, toStringaddAll, addAll, mergeFrom, newUninitializedMessageExceptionequals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, waitpublic static final com.google.protobuf.Descriptors.Descriptor getDescriptor()
protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()
internalGetFieldAccessorTable in class com.google.protobuf.GeneratedMessageV3.Builder<Cert.CertificateValidationContext.Builder>public Cert.CertificateValidationContext.Builder clear()
clear in interface com.google.protobuf.Message.Builderclear in interface com.google.protobuf.MessageLite.Builderclear in class com.google.protobuf.GeneratedMessageV3.Builder<Cert.CertificateValidationContext.Builder>public com.google.protobuf.Descriptors.Descriptor getDescriptorForType()
getDescriptorForType in interface com.google.protobuf.Message.BuildergetDescriptorForType in interface com.google.protobuf.MessageOrBuildergetDescriptorForType in class com.google.protobuf.GeneratedMessageV3.Builder<Cert.CertificateValidationContext.Builder>public Cert.CertificateValidationContext getDefaultInstanceForType()
getDefaultInstanceForType in interface com.google.protobuf.MessageLiteOrBuildergetDefaultInstanceForType in interface com.google.protobuf.MessageOrBuilderpublic Cert.CertificateValidationContext build()
build in interface com.google.protobuf.Message.Builderbuild in interface com.google.protobuf.MessageLite.Builderpublic Cert.CertificateValidationContext buildPartial()
buildPartial in interface com.google.protobuf.Message.BuilderbuildPartial in interface com.google.protobuf.MessageLite.Builderpublic Cert.CertificateValidationContext.Builder clone()
clone in interface com.google.protobuf.Message.Builderclone in interface com.google.protobuf.MessageLite.Builderclone in class com.google.protobuf.GeneratedMessageV3.Builder<Cert.CertificateValidationContext.Builder>public Cert.CertificateValidationContext.Builder setField(com.google.protobuf.Descriptors.FieldDescriptor field, Object value)
setField in interface com.google.protobuf.Message.BuildersetField in class com.google.protobuf.GeneratedMessageV3.Builder<Cert.CertificateValidationContext.Builder>public Cert.CertificateValidationContext.Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field)
clearField in interface com.google.protobuf.Message.BuilderclearField in class com.google.protobuf.GeneratedMessageV3.Builder<Cert.CertificateValidationContext.Builder>public Cert.CertificateValidationContext.Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof)
clearOneof in interface com.google.protobuf.Message.BuilderclearOneof in class com.google.protobuf.GeneratedMessageV3.Builder<Cert.CertificateValidationContext.Builder>public Cert.CertificateValidationContext.Builder setRepeatedField(com.google.protobuf.Descriptors.FieldDescriptor field, int index, Object value)
setRepeatedField in interface com.google.protobuf.Message.BuildersetRepeatedField in class com.google.protobuf.GeneratedMessageV3.Builder<Cert.CertificateValidationContext.Builder>public Cert.CertificateValidationContext.Builder addRepeatedField(com.google.protobuf.Descriptors.FieldDescriptor field, Object value)
addRepeatedField in interface com.google.protobuf.Message.BuilderaddRepeatedField in class com.google.protobuf.GeneratedMessageV3.Builder<Cert.CertificateValidationContext.Builder>public Cert.CertificateValidationContext.Builder mergeFrom(com.google.protobuf.Message other)
mergeFrom in interface com.google.protobuf.Message.BuildermergeFrom in class com.google.protobuf.AbstractMessage.Builder<Cert.CertificateValidationContext.Builder>public Cert.CertificateValidationContext.Builder mergeFrom(Cert.CertificateValidationContext other)
public final boolean isInitialized()
isInitialized in interface com.google.protobuf.MessageLiteOrBuilderisInitialized in class com.google.protobuf.GeneratedMessageV3.Builder<Cert.CertificateValidationContext.Builder>public Cert.CertificateValidationContext.Builder mergeFrom(com.google.protobuf.CodedInputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws IOException
mergeFrom in interface com.google.protobuf.Message.BuildermergeFrom in interface com.google.protobuf.MessageLite.BuildermergeFrom in class com.google.protobuf.AbstractMessage.Builder<Cert.CertificateValidationContext.Builder>IOExceptionpublic boolean hasTrustedCa()
TLS certificate data containing certificate authority certificates to use in verifying a presented peer certificate (e.g. server certificate for clusters or client certificate for listeners). If not specified and a peer certificate is presented it will not be verified. By default, a client certificate is optional, unless one of the additional options (:ref:`require_client_certificate <envoy_api_field_auth.DownstreamTlsContext.require_client_certificate>`, :ref:`verify_certificate_hash <envoy_api_field_auth.CertificateValidationContext.verify_certificate_hash>`, or :ref:`verify_subject_alt_name <envoy_api_field_auth.CertificateValidationContext.verify_subject_alt_name>`) is also specified. See :ref:`the TLS overview <arch_overview_ssl_enabling_verification>` for a list of common system CA locations.
.envoy.api.v2.core.DataSource trusted_ca = 1;hasTrustedCa in interface Cert.CertificateValidationContextOrBuilderpublic Base.DataSource getTrustedCa()
TLS certificate data containing certificate authority certificates to use in verifying a presented peer certificate (e.g. server certificate for clusters or client certificate for listeners). If not specified and a peer certificate is presented it will not be verified. By default, a client certificate is optional, unless one of the additional options (:ref:`require_client_certificate <envoy_api_field_auth.DownstreamTlsContext.require_client_certificate>`, :ref:`verify_certificate_hash <envoy_api_field_auth.CertificateValidationContext.verify_certificate_hash>`, or :ref:`verify_subject_alt_name <envoy_api_field_auth.CertificateValidationContext.verify_subject_alt_name>`) is also specified. See :ref:`the TLS overview <arch_overview_ssl_enabling_verification>` for a list of common system CA locations.
.envoy.api.v2.core.DataSource trusted_ca = 1;getTrustedCa in interface Cert.CertificateValidationContextOrBuilderpublic Cert.CertificateValidationContext.Builder setTrustedCa(Base.DataSource value)
TLS certificate data containing certificate authority certificates to use in verifying a presented peer certificate (e.g. server certificate for clusters or client certificate for listeners). If not specified and a peer certificate is presented it will not be verified. By default, a client certificate is optional, unless one of the additional options (:ref:`require_client_certificate <envoy_api_field_auth.DownstreamTlsContext.require_client_certificate>`, :ref:`verify_certificate_hash <envoy_api_field_auth.CertificateValidationContext.verify_certificate_hash>`, or :ref:`verify_subject_alt_name <envoy_api_field_auth.CertificateValidationContext.verify_subject_alt_name>`) is also specified. See :ref:`the TLS overview <arch_overview_ssl_enabling_verification>` for a list of common system CA locations.
.envoy.api.v2.core.DataSource trusted_ca = 1;public Cert.CertificateValidationContext.Builder setTrustedCa(Base.DataSource.Builder builderForValue)
TLS certificate data containing certificate authority certificates to use in verifying a presented peer certificate (e.g. server certificate for clusters or client certificate for listeners). If not specified and a peer certificate is presented it will not be verified. By default, a client certificate is optional, unless one of the additional options (:ref:`require_client_certificate <envoy_api_field_auth.DownstreamTlsContext.require_client_certificate>`, :ref:`verify_certificate_hash <envoy_api_field_auth.CertificateValidationContext.verify_certificate_hash>`, or :ref:`verify_subject_alt_name <envoy_api_field_auth.CertificateValidationContext.verify_subject_alt_name>`) is also specified. See :ref:`the TLS overview <arch_overview_ssl_enabling_verification>` for a list of common system CA locations.
.envoy.api.v2.core.DataSource trusted_ca = 1;public Cert.CertificateValidationContext.Builder mergeTrustedCa(Base.DataSource value)
TLS certificate data containing certificate authority certificates to use in verifying a presented peer certificate (e.g. server certificate for clusters or client certificate for listeners). If not specified and a peer certificate is presented it will not be verified. By default, a client certificate is optional, unless one of the additional options (:ref:`require_client_certificate <envoy_api_field_auth.DownstreamTlsContext.require_client_certificate>`, :ref:`verify_certificate_hash <envoy_api_field_auth.CertificateValidationContext.verify_certificate_hash>`, or :ref:`verify_subject_alt_name <envoy_api_field_auth.CertificateValidationContext.verify_subject_alt_name>`) is also specified. See :ref:`the TLS overview <arch_overview_ssl_enabling_verification>` for a list of common system CA locations.
.envoy.api.v2.core.DataSource trusted_ca = 1;public Cert.CertificateValidationContext.Builder clearTrustedCa()
TLS certificate data containing certificate authority certificates to use in verifying a presented peer certificate (e.g. server certificate for clusters or client certificate for listeners). If not specified and a peer certificate is presented it will not be verified. By default, a client certificate is optional, unless one of the additional options (:ref:`require_client_certificate <envoy_api_field_auth.DownstreamTlsContext.require_client_certificate>`, :ref:`verify_certificate_hash <envoy_api_field_auth.CertificateValidationContext.verify_certificate_hash>`, or :ref:`verify_subject_alt_name <envoy_api_field_auth.CertificateValidationContext.verify_subject_alt_name>`) is also specified. See :ref:`the TLS overview <arch_overview_ssl_enabling_verification>` for a list of common system CA locations.
.envoy.api.v2.core.DataSource trusted_ca = 1;public Base.DataSource.Builder getTrustedCaBuilder()
TLS certificate data containing certificate authority certificates to use in verifying a presented peer certificate (e.g. server certificate for clusters or client certificate for listeners). If not specified and a peer certificate is presented it will not be verified. By default, a client certificate is optional, unless one of the additional options (:ref:`require_client_certificate <envoy_api_field_auth.DownstreamTlsContext.require_client_certificate>`, :ref:`verify_certificate_hash <envoy_api_field_auth.CertificateValidationContext.verify_certificate_hash>`, or :ref:`verify_subject_alt_name <envoy_api_field_auth.CertificateValidationContext.verify_subject_alt_name>`) is also specified. See :ref:`the TLS overview <arch_overview_ssl_enabling_verification>` for a list of common system CA locations.
.envoy.api.v2.core.DataSource trusted_ca = 1;public Base.DataSourceOrBuilder getTrustedCaOrBuilder()
TLS certificate data containing certificate authority certificates to use in verifying a presented peer certificate (e.g. server certificate for clusters or client certificate for listeners). If not specified and a peer certificate is presented it will not be verified. By default, a client certificate is optional, unless one of the additional options (:ref:`require_client_certificate <envoy_api_field_auth.DownstreamTlsContext.require_client_certificate>`, :ref:`verify_certificate_hash <envoy_api_field_auth.CertificateValidationContext.verify_certificate_hash>`, or :ref:`verify_subject_alt_name <envoy_api_field_auth.CertificateValidationContext.verify_subject_alt_name>`) is also specified. See :ref:`the TLS overview <arch_overview_ssl_enabling_verification>` for a list of common system CA locations.
.envoy.api.v2.core.DataSource trusted_ca = 1;getTrustedCaOrBuilder in interface Cert.CertificateValidationContextOrBuilderpublic com.google.protobuf.ProtocolStringList getVerifyCertificateHashList()
If specified, Envoy will verify (pin) the hex-encoded SHA-256 fingerprint of the presented certificate. For example, ``openssl`` can produce a SHA-256 fingerprint of an x509 certificate with the following command: .. code-block:: bash $ openssl x509 -in path/to/client.crt -noout -fingerprint -sha256
repeated string verify_certificate_hash = 2;getVerifyCertificateHashList in interface Cert.CertificateValidationContextOrBuilderpublic int getVerifyCertificateHashCount()
If specified, Envoy will verify (pin) the hex-encoded SHA-256 fingerprint of the presented certificate. For example, ``openssl`` can produce a SHA-256 fingerprint of an x509 certificate with the following command: .. code-block:: bash $ openssl x509 -in path/to/client.crt -noout -fingerprint -sha256
repeated string verify_certificate_hash = 2;getVerifyCertificateHashCount in interface Cert.CertificateValidationContextOrBuilderpublic String getVerifyCertificateHash(int index)
If specified, Envoy will verify (pin) the hex-encoded SHA-256 fingerprint of the presented certificate. For example, ``openssl`` can produce a SHA-256 fingerprint of an x509 certificate with the following command: .. code-block:: bash $ openssl x509 -in path/to/client.crt -noout -fingerprint -sha256
repeated string verify_certificate_hash = 2;getVerifyCertificateHash in interface Cert.CertificateValidationContextOrBuilderpublic com.google.protobuf.ByteString getVerifyCertificateHashBytes(int index)
If specified, Envoy will verify (pin) the hex-encoded SHA-256 fingerprint of the presented certificate. For example, ``openssl`` can produce a SHA-256 fingerprint of an x509 certificate with the following command: .. code-block:: bash $ openssl x509 -in path/to/client.crt -noout -fingerprint -sha256
repeated string verify_certificate_hash = 2;getVerifyCertificateHashBytes in interface Cert.CertificateValidationContextOrBuilderpublic Cert.CertificateValidationContext.Builder setVerifyCertificateHash(int index, String value)
If specified, Envoy will verify (pin) the hex-encoded SHA-256 fingerprint of the presented certificate. For example, ``openssl`` can produce a SHA-256 fingerprint of an x509 certificate with the following command: .. code-block:: bash $ openssl x509 -in path/to/client.crt -noout -fingerprint -sha256
repeated string verify_certificate_hash = 2;public Cert.CertificateValidationContext.Builder addVerifyCertificateHash(String value)
If specified, Envoy will verify (pin) the hex-encoded SHA-256 fingerprint of the presented certificate. For example, ``openssl`` can produce a SHA-256 fingerprint of an x509 certificate with the following command: .. code-block:: bash $ openssl x509 -in path/to/client.crt -noout -fingerprint -sha256
repeated string verify_certificate_hash = 2;public Cert.CertificateValidationContext.Builder addAllVerifyCertificateHash(Iterable<String> values)
If specified, Envoy will verify (pin) the hex-encoded SHA-256 fingerprint of the presented certificate. For example, ``openssl`` can produce a SHA-256 fingerprint of an x509 certificate with the following command: .. code-block:: bash $ openssl x509 -in path/to/client.crt -noout -fingerprint -sha256
repeated string verify_certificate_hash = 2;public Cert.CertificateValidationContext.Builder clearVerifyCertificateHash()
If specified, Envoy will verify (pin) the hex-encoded SHA-256 fingerprint of the presented certificate. For example, ``openssl`` can produce a SHA-256 fingerprint of an x509 certificate with the following command: .. code-block:: bash $ openssl x509 -in path/to/client.crt -noout -fingerprint -sha256
repeated string verify_certificate_hash = 2;public Cert.CertificateValidationContext.Builder addVerifyCertificateHashBytes(com.google.protobuf.ByteString value)
If specified, Envoy will verify (pin) the hex-encoded SHA-256 fingerprint of the presented certificate. For example, ``openssl`` can produce a SHA-256 fingerprint of an x509 certificate with the following command: .. code-block:: bash $ openssl x509 -in path/to/client.crt -noout -fingerprint -sha256
repeated string verify_certificate_hash = 2;public com.google.protobuf.ProtocolStringList getVerifySpkiSha256List()
If specified, Envoy will verify (pin) base64-encoded SHA-256 hash of the Subject Public Key Information (SPKI) of the presented certificate. This is the same format as used in HTTP Public Key Pinning. [#not-implemented-hide:]
repeated string verify_spki_sha256 = 3;getVerifySpkiSha256List in interface Cert.CertificateValidationContextOrBuilderpublic int getVerifySpkiSha256Count()
If specified, Envoy will verify (pin) base64-encoded SHA-256 hash of the Subject Public Key Information (SPKI) of the presented certificate. This is the same format as used in HTTP Public Key Pinning. [#not-implemented-hide:]
repeated string verify_spki_sha256 = 3;getVerifySpkiSha256Count in interface Cert.CertificateValidationContextOrBuilderpublic String getVerifySpkiSha256(int index)
If specified, Envoy will verify (pin) base64-encoded SHA-256 hash of the Subject Public Key Information (SPKI) of the presented certificate. This is the same format as used in HTTP Public Key Pinning. [#not-implemented-hide:]
repeated string verify_spki_sha256 = 3;getVerifySpkiSha256 in interface Cert.CertificateValidationContextOrBuilderpublic com.google.protobuf.ByteString getVerifySpkiSha256Bytes(int index)
If specified, Envoy will verify (pin) base64-encoded SHA-256 hash of the Subject Public Key Information (SPKI) of the presented certificate. This is the same format as used in HTTP Public Key Pinning. [#not-implemented-hide:]
repeated string verify_spki_sha256 = 3;getVerifySpkiSha256Bytes in interface Cert.CertificateValidationContextOrBuilderpublic Cert.CertificateValidationContext.Builder setVerifySpkiSha256(int index, String value)
If specified, Envoy will verify (pin) base64-encoded SHA-256 hash of the Subject Public Key Information (SPKI) of the presented certificate. This is the same format as used in HTTP Public Key Pinning. [#not-implemented-hide:]
repeated string verify_spki_sha256 = 3;public Cert.CertificateValidationContext.Builder addVerifySpkiSha256(String value)
If specified, Envoy will verify (pin) base64-encoded SHA-256 hash of the Subject Public Key Information (SPKI) of the presented certificate. This is the same format as used in HTTP Public Key Pinning. [#not-implemented-hide:]
repeated string verify_spki_sha256 = 3;public Cert.CertificateValidationContext.Builder addAllVerifySpkiSha256(Iterable<String> values)
If specified, Envoy will verify (pin) base64-encoded SHA-256 hash of the Subject Public Key Information (SPKI) of the presented certificate. This is the same format as used in HTTP Public Key Pinning. [#not-implemented-hide:]
repeated string verify_spki_sha256 = 3;public Cert.CertificateValidationContext.Builder clearVerifySpkiSha256()
If specified, Envoy will verify (pin) base64-encoded SHA-256 hash of the Subject Public Key Information (SPKI) of the presented certificate. This is the same format as used in HTTP Public Key Pinning. [#not-implemented-hide:]
repeated string verify_spki_sha256 = 3;public Cert.CertificateValidationContext.Builder addVerifySpkiSha256Bytes(com.google.protobuf.ByteString value)
If specified, Envoy will verify (pin) base64-encoded SHA-256 hash of the Subject Public Key Information (SPKI) of the presented certificate. This is the same format as used in HTTP Public Key Pinning. [#not-implemented-hide:]
repeated string verify_spki_sha256 = 3;public com.google.protobuf.ProtocolStringList getVerifySubjectAltNameList()
An optional list of subject alternative names. If specified, Envoy will verify that the certificate’s subject alternative name matches one of the specified values.
repeated string verify_subject_alt_name = 4;getVerifySubjectAltNameList in interface Cert.CertificateValidationContextOrBuilderpublic int getVerifySubjectAltNameCount()
An optional list of subject alternative names. If specified, Envoy will verify that the certificate’s subject alternative name matches one of the specified values.
repeated string verify_subject_alt_name = 4;getVerifySubjectAltNameCount in interface Cert.CertificateValidationContextOrBuilderpublic String getVerifySubjectAltName(int index)
An optional list of subject alternative names. If specified, Envoy will verify that the certificate’s subject alternative name matches one of the specified values.
repeated string verify_subject_alt_name = 4;getVerifySubjectAltName in interface Cert.CertificateValidationContextOrBuilderpublic com.google.protobuf.ByteString getVerifySubjectAltNameBytes(int index)
An optional list of subject alternative names. If specified, Envoy will verify that the certificate’s subject alternative name matches one of the specified values.
repeated string verify_subject_alt_name = 4;getVerifySubjectAltNameBytes in interface Cert.CertificateValidationContextOrBuilderpublic Cert.CertificateValidationContext.Builder setVerifySubjectAltName(int index, String value)
An optional list of subject alternative names. If specified, Envoy will verify that the certificate’s subject alternative name matches one of the specified values.
repeated string verify_subject_alt_name = 4;public Cert.CertificateValidationContext.Builder addVerifySubjectAltName(String value)
An optional list of subject alternative names. If specified, Envoy will verify that the certificate’s subject alternative name matches one of the specified values.
repeated string verify_subject_alt_name = 4;public Cert.CertificateValidationContext.Builder addAllVerifySubjectAltName(Iterable<String> values)
An optional list of subject alternative names. If specified, Envoy will verify that the certificate’s subject alternative name matches one of the specified values.
repeated string verify_subject_alt_name = 4;public Cert.CertificateValidationContext.Builder clearVerifySubjectAltName()
An optional list of subject alternative names. If specified, Envoy will verify that the certificate’s subject alternative name matches one of the specified values.
repeated string verify_subject_alt_name = 4;public Cert.CertificateValidationContext.Builder addVerifySubjectAltNameBytes(com.google.protobuf.ByteString value)
An optional list of subject alternative names. If specified, Envoy will verify that the certificate’s subject alternative name matches one of the specified values.
repeated string verify_subject_alt_name = 4;public boolean hasRequireOcspStaple()
[#not-implemented-hide:] Must present a signed time-stamped OCSP response.
.google.protobuf.BoolValue require_ocsp_staple = 5;hasRequireOcspStaple in interface Cert.CertificateValidationContextOrBuilderpublic com.google.protobuf.BoolValue getRequireOcspStaple()
[#not-implemented-hide:] Must present a signed time-stamped OCSP response.
.google.protobuf.BoolValue require_ocsp_staple = 5;getRequireOcspStaple in interface Cert.CertificateValidationContextOrBuilderpublic Cert.CertificateValidationContext.Builder setRequireOcspStaple(com.google.protobuf.BoolValue value)
[#not-implemented-hide:] Must present a signed time-stamped OCSP response.
.google.protobuf.BoolValue require_ocsp_staple = 5;public Cert.CertificateValidationContext.Builder setRequireOcspStaple(com.google.protobuf.BoolValue.Builder builderForValue)
[#not-implemented-hide:] Must present a signed time-stamped OCSP response.
.google.protobuf.BoolValue require_ocsp_staple = 5;public Cert.CertificateValidationContext.Builder mergeRequireOcspStaple(com.google.protobuf.BoolValue value)
[#not-implemented-hide:] Must present a signed time-stamped OCSP response.
.google.protobuf.BoolValue require_ocsp_staple = 5;public Cert.CertificateValidationContext.Builder clearRequireOcspStaple()
[#not-implemented-hide:] Must present a signed time-stamped OCSP response.
.google.protobuf.BoolValue require_ocsp_staple = 5;public com.google.protobuf.BoolValue.Builder getRequireOcspStapleBuilder()
[#not-implemented-hide:] Must present a signed time-stamped OCSP response.
.google.protobuf.BoolValue require_ocsp_staple = 5;public com.google.protobuf.BoolValueOrBuilder getRequireOcspStapleOrBuilder()
[#not-implemented-hide:] Must present a signed time-stamped OCSP response.
.google.protobuf.BoolValue require_ocsp_staple = 5;getRequireOcspStapleOrBuilder in interface Cert.CertificateValidationContextOrBuilderpublic boolean hasRequireSignedCertificateTimestamp()
[#not-implemented-hide:] Must present signed certificate time-stamp.
.google.protobuf.BoolValue require_signed_certificate_timestamp = 6;hasRequireSignedCertificateTimestamp in interface Cert.CertificateValidationContextOrBuilderpublic com.google.protobuf.BoolValue getRequireSignedCertificateTimestamp()
[#not-implemented-hide:] Must present signed certificate time-stamp.
.google.protobuf.BoolValue require_signed_certificate_timestamp = 6;getRequireSignedCertificateTimestamp in interface Cert.CertificateValidationContextOrBuilderpublic Cert.CertificateValidationContext.Builder setRequireSignedCertificateTimestamp(com.google.protobuf.BoolValue value)
[#not-implemented-hide:] Must present signed certificate time-stamp.
.google.protobuf.BoolValue require_signed_certificate_timestamp = 6;public Cert.CertificateValidationContext.Builder setRequireSignedCertificateTimestamp(com.google.protobuf.BoolValue.Builder builderForValue)
[#not-implemented-hide:] Must present signed certificate time-stamp.
.google.protobuf.BoolValue require_signed_certificate_timestamp = 6;public Cert.CertificateValidationContext.Builder mergeRequireSignedCertificateTimestamp(com.google.protobuf.BoolValue value)
[#not-implemented-hide:] Must present signed certificate time-stamp.
.google.protobuf.BoolValue require_signed_certificate_timestamp = 6;public Cert.CertificateValidationContext.Builder clearRequireSignedCertificateTimestamp()
[#not-implemented-hide:] Must present signed certificate time-stamp.
.google.protobuf.BoolValue require_signed_certificate_timestamp = 6;public com.google.protobuf.BoolValue.Builder getRequireSignedCertificateTimestampBuilder()
[#not-implemented-hide:] Must present signed certificate time-stamp.
.google.protobuf.BoolValue require_signed_certificate_timestamp = 6;public com.google.protobuf.BoolValueOrBuilder getRequireSignedCertificateTimestampOrBuilder()
[#not-implemented-hide:] Must present signed certificate time-stamp.
.google.protobuf.BoolValue require_signed_certificate_timestamp = 6;getRequireSignedCertificateTimestampOrBuilder in interface Cert.CertificateValidationContextOrBuilderpublic boolean hasCrl()
An optional `certificate revocation list <http://https://en.wikipedia.org/wiki/Certificate_revocation_list>`_ (in PEM format). If specified, Envoy will verify that the presented peer certificate has not been revoked by this CRL. If this DataSource contains multiple CRLs, all of them will be used.
.envoy.api.v2.core.DataSource crl = 7;hasCrl in interface Cert.CertificateValidationContextOrBuilderpublic Base.DataSource getCrl()
An optional `certificate revocation list <http://https://en.wikipedia.org/wiki/Certificate_revocation_list>`_ (in PEM format). If specified, Envoy will verify that the presented peer certificate has not been revoked by this CRL. If this DataSource contains multiple CRLs, all of them will be used.
.envoy.api.v2.core.DataSource crl = 7;getCrl in interface Cert.CertificateValidationContextOrBuilderpublic Cert.CertificateValidationContext.Builder setCrl(Base.DataSource value)
An optional `certificate revocation list <http://https://en.wikipedia.org/wiki/Certificate_revocation_list>`_ (in PEM format). If specified, Envoy will verify that the presented peer certificate has not been revoked by this CRL. If this DataSource contains multiple CRLs, all of them will be used.
.envoy.api.v2.core.DataSource crl = 7;public Cert.CertificateValidationContext.Builder setCrl(Base.DataSource.Builder builderForValue)
An optional `certificate revocation list <http://https://en.wikipedia.org/wiki/Certificate_revocation_list>`_ (in PEM format). If specified, Envoy will verify that the presented peer certificate has not been revoked by this CRL. If this DataSource contains multiple CRLs, all of them will be used.
.envoy.api.v2.core.DataSource crl = 7;public Cert.CertificateValidationContext.Builder mergeCrl(Base.DataSource value)
An optional `certificate revocation list <http://https://en.wikipedia.org/wiki/Certificate_revocation_list>`_ (in PEM format). If specified, Envoy will verify that the presented peer certificate has not been revoked by this CRL. If this DataSource contains multiple CRLs, all of them will be used.
.envoy.api.v2.core.DataSource crl = 7;public Cert.CertificateValidationContext.Builder clearCrl()
An optional `certificate revocation list <http://https://en.wikipedia.org/wiki/Certificate_revocation_list>`_ (in PEM format). If specified, Envoy will verify that the presented peer certificate has not been revoked by this CRL. If this DataSource contains multiple CRLs, all of them will be used.
.envoy.api.v2.core.DataSource crl = 7;public Base.DataSource.Builder getCrlBuilder()
An optional `certificate revocation list <http://https://en.wikipedia.org/wiki/Certificate_revocation_list>`_ (in PEM format). If specified, Envoy will verify that the presented peer certificate has not been revoked by this CRL. If this DataSource contains multiple CRLs, all of them will be used.
.envoy.api.v2.core.DataSource crl = 7;public Base.DataSourceOrBuilder getCrlOrBuilder()
An optional `certificate revocation list <http://https://en.wikipedia.org/wiki/Certificate_revocation_list>`_ (in PEM format). If specified, Envoy will verify that the presented peer certificate has not been revoked by this CRL. If this DataSource contains multiple CRLs, all of them will be used.
.envoy.api.v2.core.DataSource crl = 7;getCrlOrBuilder in interface Cert.CertificateValidationContextOrBuilderpublic final Cert.CertificateValidationContext.Builder setUnknownFields(com.google.protobuf.UnknownFieldSet unknownFields)
setUnknownFields in interface com.google.protobuf.Message.BuildersetUnknownFields in class com.google.protobuf.GeneratedMessageV3.Builder<Cert.CertificateValidationContext.Builder>public final Cert.CertificateValidationContext.Builder mergeUnknownFields(com.google.protobuf.UnknownFieldSet unknownFields)
mergeUnknownFields in interface com.google.protobuf.Message.BuildermergeUnknownFields in class com.google.protobuf.GeneratedMessageV3.Builder<Cert.CertificateValidationContext.Builder>Copyright © 2018 The Envoy Project. All rights reserved.