Package io.envoyproxy.envoy.extensions.transport_sockets.tls.v3

Class UpstreamTlsContext.Builder

  • All Implemented Interfaces:
    com.google.protobuf.Message.Builder, com.google.protobuf.MessageLite.Builder, com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder, UpstreamTlsContextOrBuilder, java.lang.Cloneable
    Enclosing class:
    UpstreamTlsContext
    public static final class UpstreamTlsContext.Builder
extends com.google.protobuf.GeneratedMessage.Builder<UpstreamTlsContext.Builder>
implements UpstreamTlsContextOrBuilder
     [#next-free-field: 6]
    Protobuf type envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext

    • Field Detail

      • bitField0_

        private int bitField0_

      • sni_

        private java.lang.Object sni_

      • allowRenegotiation_

        private boolean allowRenegotiation_

      • maxSessionKeys_

        private com.google.protobuf.UInt32Value maxSessionKeys_

      • maxSessionKeysBuilder_

        private com.google.protobuf.SingleFieldBuilder<com.google.protobuf.UInt32Value,​com.google.protobuf.UInt32Value.Builder,​com.google.protobuf.UInt32ValueOrBuilder> maxSessionKeysBuilder_

      • enforceRsaKeyUsage_

        private com.google.protobuf.BoolValue enforceRsaKeyUsage_

      • enforceRsaKeyUsageBuilder_

        private com.google.protobuf.SingleFieldBuilder<com.google.protobuf.BoolValue,​com.google.protobuf.BoolValue.Builder,​com.google.protobuf.BoolValueOrBuilder> enforceRsaKeyUsageBuilder_

    • Constructor Detail

      • Builder

        private Builder()

      • Builder

        private Builder​(com.google.protobuf.AbstractMessage.BuilderParent parent)

    • Method Detail

      • getDescriptor

        public static final com.google.protobuf.Descriptors.Descriptor getDescriptor()

      • internalGetFieldAccessorTable

        protected com.google.protobuf.GeneratedMessage.FieldAccessorTable internalGetFieldAccessorTable()
        Specified by:
        internalGetFieldAccessorTable in class com.google.protobuf.GeneratedMessage.Builder<UpstreamTlsContext.Builder>

      • maybeForceBuilderInitialization

        private void maybeForceBuilderInitialization()

      • clear

        public UpstreamTlsContext.Builder clear()
        Specified by:
        clear in interface com.google.protobuf.Message.Builder
        Specified by:
        clear in interface com.google.protobuf.MessageLite.Builder
        Overrides:
        clear in class com.google.protobuf.GeneratedMessage.Builder<UpstreamTlsContext.Builder>

      • getDescriptorForType

        public com.google.protobuf.Descriptors.Descriptor getDescriptorForType()
        Specified by:
        getDescriptorForType in interface com.google.protobuf.Message.Builder
        Specified by:
        getDescriptorForType in interface com.google.protobuf.MessageOrBuilder
        Overrides:
        getDescriptorForType in class com.google.protobuf.GeneratedMessage.Builder<UpstreamTlsContext.Builder>

      • getDefaultInstanceForType

        public UpstreamTlsContext getDefaultInstanceForType()
        Specified by:
        getDefaultInstanceForType in interface com.google.protobuf.MessageLiteOrBuilder
        Specified by:
        getDefaultInstanceForType in interface com.google.protobuf.MessageOrBuilder

      • build

        public UpstreamTlsContext build()
        Specified by:
        build in interface com.google.protobuf.Message.Builder
        Specified by:
        build in interface com.google.protobuf.MessageLite.Builder

      • buildPartial

        public UpstreamTlsContext buildPartial()
        Specified by:
        buildPartial in interface com.google.protobuf.Message.Builder
        Specified by:
        buildPartial in interface com.google.protobuf.MessageLite.Builder

      • mergeFrom

        public UpstreamTlsContext.Builder mergeFrom​(com.google.protobuf.Message other)
        Specified by:
        mergeFrom in interface com.google.protobuf.Message.Builder
        Overrides:
        mergeFrom in class com.google.protobuf.AbstractMessage.Builder<UpstreamTlsContext.Builder>

      • isInitialized

        public final boolean isInitialized()
        Specified by:
        isInitialized in interface com.google.protobuf.MessageLiteOrBuilder
        Overrides:
        isInitialized in class com.google.protobuf.GeneratedMessage.Builder<UpstreamTlsContext.Builder>

      • mergeFrom

        public UpstreamTlsContext.Builder mergeFrom​(com.google.protobuf.CodedInputStream input,
                                            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                                     throws java.io.IOException
        Specified by:
        mergeFrom in interface com.google.protobuf.Message.Builder
        Specified by:
        mergeFrom in interface com.google.protobuf.MessageLite.Builder
        Overrides:
        mergeFrom in class com.google.protobuf.AbstractMessage.Builder<UpstreamTlsContext.Builder>
        Throws:
        java.io.IOException

      • hasCommonTlsContext

        public boolean hasCommonTlsContext()
         Common TLS context settings.

 .. attention::

 Server certificate verification is not enabled by default. Configure
 :ref:`trusted_ca<envoy_v3_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.trusted_ca>` to enable
 verification.
        .envoy.extensions.transport_sockets.tls.v3.CommonTlsContext common_tls_context = 1;
        Specified by:
        hasCommonTlsContext in interface UpstreamTlsContextOrBuilder
        Returns:
        Whether the commonTlsContext field is set.

      • getCommonTlsContext

        public CommonTlsContext getCommonTlsContext()
         Common TLS context settings.

 .. attention::

 Server certificate verification is not enabled by default. Configure
 :ref:`trusted_ca<envoy_v3_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.trusted_ca>` to enable
 verification.
        .envoy.extensions.transport_sockets.tls.v3.CommonTlsContext common_tls_context = 1;
        Specified by:
        getCommonTlsContext in interface UpstreamTlsContextOrBuilder
        Returns:
        The commonTlsContext.

      • setCommonTlsContext

        public UpstreamTlsContext.Builder setCommonTlsContext​(CommonTlsContext value)
         Common TLS context settings.

 .. attention::

 Server certificate verification is not enabled by default. Configure
 :ref:`trusted_ca<envoy_v3_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.trusted_ca>` to enable
 verification.
        .envoy.extensions.transport_sockets.tls.v3.CommonTlsContext common_tls_context = 1;

      • setCommonTlsContext

        public UpstreamTlsContext.Builder setCommonTlsContext​(CommonTlsContext.Builder builderForValue)
         Common TLS context settings.

 .. attention::

 Server certificate verification is not enabled by default. Configure
 :ref:`trusted_ca<envoy_v3_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.trusted_ca>` to enable
 verification.
        .envoy.extensions.transport_sockets.tls.v3.CommonTlsContext common_tls_context = 1;

      • mergeCommonTlsContext

        public UpstreamTlsContext.Builder mergeCommonTlsContext​(CommonTlsContext value)
         Common TLS context settings.

 .. attention::

 Server certificate verification is not enabled by default. Configure
 :ref:`trusted_ca<envoy_v3_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.trusted_ca>` to enable
 verification.
        .envoy.extensions.transport_sockets.tls.v3.CommonTlsContext common_tls_context = 1;

      • clearCommonTlsContext

        public UpstreamTlsContext.Builder clearCommonTlsContext()
         Common TLS context settings.

 .. attention::

 Server certificate verification is not enabled by default. Configure
 :ref:`trusted_ca<envoy_v3_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.trusted_ca>` to enable
 verification.
        .envoy.extensions.transport_sockets.tls.v3.CommonTlsContext common_tls_context = 1;

      • getCommonTlsContextBuilder

        public CommonTlsContext.Builder getCommonTlsContextBuilder()
         Common TLS context settings.

 .. attention::

 Server certificate verification is not enabled by default. Configure
 :ref:`trusted_ca<envoy_v3_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.trusted_ca>` to enable
 verification.
        .envoy.extensions.transport_sockets.tls.v3.CommonTlsContext common_tls_context = 1;

      • getCommonTlsContextOrBuilder

        public CommonTlsContextOrBuilder getCommonTlsContextOrBuilder()
         Common TLS context settings.

 .. attention::

 Server certificate verification is not enabled by default. Configure
 :ref:`trusted_ca<envoy_v3_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.trusted_ca>` to enable
 verification.
        .envoy.extensions.transport_sockets.tls.v3.CommonTlsContext common_tls_context = 1;
        Specified by:
        getCommonTlsContextOrBuilder in interface UpstreamTlsContextOrBuilder

      • getCommonTlsContextFieldBuilder

        private com.google.protobuf.SingleFieldBuilder<CommonTlsContext,​CommonTlsContext.Builder,​CommonTlsContextOrBuilder> getCommonTlsContextFieldBuilder()
         Common TLS context settings.

 .. attention::

 Server certificate verification is not enabled by default. Configure
 :ref:`trusted_ca<envoy_v3_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.trusted_ca>` to enable
 verification.
        .envoy.extensions.transport_sockets.tls.v3.CommonTlsContext common_tls_context = 1;

      • getSni

        public java.lang.String getSni()
         SNI string to use when creating TLS backend connections.
        string sni = 2 [(.validate.rules) = { ... }
        Specified by:
        getSni in interface UpstreamTlsContextOrBuilder
        Returns:
        The sni.

      • getSniBytes

        public com.google.protobuf.ByteString getSniBytes()
         SNI string to use when creating TLS backend connections.
        string sni = 2 [(.validate.rules) = { ... }
        Specified by:
        getSniBytes in interface UpstreamTlsContextOrBuilder
        Returns:
        The bytes for sni.

      • setSni

        public UpstreamTlsContext.Builder setSni​(java.lang.String value)
         SNI string to use when creating TLS backend connections.
        string sni = 2 [(.validate.rules) = { ... }
        Parameters:
        value - The sni to set.
        Returns:
        This builder for chaining.

      • clearSni

        public UpstreamTlsContext.Builder clearSni()
         SNI string to use when creating TLS backend connections.
        string sni = 2 [(.validate.rules) = { ... }
        Returns:
        This builder for chaining.

      • setSniBytes

        public UpstreamTlsContext.Builder setSniBytes​(com.google.protobuf.ByteString value)
         SNI string to use when creating TLS backend connections.
        string sni = 2 [(.validate.rules) = { ... }
        Parameters:
        value - The bytes for sni to set.
        Returns:
        This builder for chaining.

      • getAllowRenegotiation

        public boolean getAllowRenegotiation()
         If true, server-initiated TLS renegotiation will be allowed.

 .. attention::

 TLS renegotiation is considered insecure and shouldn't be used unless absolutely necessary.
        bool allow_renegotiation = 3;
        Specified by:
        getAllowRenegotiation in interface UpstreamTlsContextOrBuilder
        Returns:
        The allowRenegotiation.

      • setAllowRenegotiation

        public UpstreamTlsContext.Builder setAllowRenegotiation​(boolean value)
         If true, server-initiated TLS renegotiation will be allowed.

 .. attention::

 TLS renegotiation is considered insecure and shouldn't be used unless absolutely necessary.
        bool allow_renegotiation = 3;
        Parameters:
        value - The allowRenegotiation to set.
        Returns:
        This builder for chaining.

      • clearAllowRenegotiation

        public UpstreamTlsContext.Builder clearAllowRenegotiation()
         If true, server-initiated TLS renegotiation will be allowed.

 .. attention::

 TLS renegotiation is considered insecure and shouldn't be used unless absolutely necessary.
        bool allow_renegotiation = 3;
        Returns:
        This builder for chaining.

      • hasMaxSessionKeys

        public boolean hasMaxSessionKeys()
         Maximum number of session keys (Pre-Shared Keys for TLSv1.3+, Session IDs and Session Tickets
 for TLSv1.2 and older) to store for the purpose of session resumption.

 Defaults to 1, setting this to 0 disables session resumption.
        .google.protobuf.UInt32Value max_session_keys = 4;
        Specified by:
        hasMaxSessionKeys in interface UpstreamTlsContextOrBuilder
        Returns:
        Whether the maxSessionKeys field is set.

      • getMaxSessionKeys

        public com.google.protobuf.UInt32Value getMaxSessionKeys()
         Maximum number of session keys (Pre-Shared Keys for TLSv1.3+, Session IDs and Session Tickets
 for TLSv1.2 and older) to store for the purpose of session resumption.

 Defaults to 1, setting this to 0 disables session resumption.
        .google.protobuf.UInt32Value max_session_keys = 4;
        Specified by:
        getMaxSessionKeys in interface UpstreamTlsContextOrBuilder
        Returns:
        The maxSessionKeys.

      • setMaxSessionKeys

        public UpstreamTlsContext.Builder setMaxSessionKeys​(com.google.protobuf.UInt32Value value)
         Maximum number of session keys (Pre-Shared Keys for TLSv1.3+, Session IDs and Session Tickets
 for TLSv1.2 and older) to store for the purpose of session resumption.

 Defaults to 1, setting this to 0 disables session resumption.
        .google.protobuf.UInt32Value max_session_keys = 4;

      • setMaxSessionKeys

        public UpstreamTlsContext.Builder setMaxSessionKeys​(com.google.protobuf.UInt32Value.Builder builderForValue)
         Maximum number of session keys (Pre-Shared Keys for TLSv1.3+, Session IDs and Session Tickets
 for TLSv1.2 and older) to store for the purpose of session resumption.

 Defaults to 1, setting this to 0 disables session resumption.
        .google.protobuf.UInt32Value max_session_keys = 4;

      • mergeMaxSessionKeys

        public UpstreamTlsContext.Builder mergeMaxSessionKeys​(com.google.protobuf.UInt32Value value)
         Maximum number of session keys (Pre-Shared Keys for TLSv1.3+, Session IDs and Session Tickets
 for TLSv1.2 and older) to store for the purpose of session resumption.

 Defaults to 1, setting this to 0 disables session resumption.
        .google.protobuf.UInt32Value max_session_keys = 4;

      • clearMaxSessionKeys

        public UpstreamTlsContext.Builder clearMaxSessionKeys()
         Maximum number of session keys (Pre-Shared Keys for TLSv1.3+, Session IDs and Session Tickets
 for TLSv1.2 and older) to store for the purpose of session resumption.

 Defaults to 1, setting this to 0 disables session resumption.
        .google.protobuf.UInt32Value max_session_keys = 4;

      • getMaxSessionKeysBuilder

        public com.google.protobuf.UInt32Value.Builder getMaxSessionKeysBuilder()
         Maximum number of session keys (Pre-Shared Keys for TLSv1.3+, Session IDs and Session Tickets
 for TLSv1.2 and older) to store for the purpose of session resumption.

 Defaults to 1, setting this to 0 disables session resumption.
        .google.protobuf.UInt32Value max_session_keys = 4;

      • getMaxSessionKeysOrBuilder

        public com.google.protobuf.UInt32ValueOrBuilder getMaxSessionKeysOrBuilder()
         Maximum number of session keys (Pre-Shared Keys for TLSv1.3+, Session IDs and Session Tickets
 for TLSv1.2 and older) to store for the purpose of session resumption.

 Defaults to 1, setting this to 0 disables session resumption.
        .google.protobuf.UInt32Value max_session_keys = 4;
        Specified by:
        getMaxSessionKeysOrBuilder in interface UpstreamTlsContextOrBuilder

      • getMaxSessionKeysFieldBuilder

        private com.google.protobuf.SingleFieldBuilder<com.google.protobuf.UInt32Value,​com.google.protobuf.UInt32Value.Builder,​com.google.protobuf.UInt32ValueOrBuilder> getMaxSessionKeysFieldBuilder()
         Maximum number of session keys (Pre-Shared Keys for TLSv1.3+, Session IDs and Session Tickets
 for TLSv1.2 and older) to store for the purpose of session resumption.

 Defaults to 1, setting this to 0 disables session resumption.
        .google.protobuf.UInt32Value max_session_keys = 4;

      • hasEnforceRsaKeyUsage

        public boolean hasEnforceRsaKeyUsage()
         This field is used to control the enforcement, whereby the handshake will fail if the keyUsage extension
 is present and incompatible with the TLS usage. Currently, the default value is false (i.e., enforcement off)
 but it is expected to be changed to true by default in a future release.
 ``ssl.was_key_usage_invalid`` in :ref:`listener metrics <config_listener_stats>` will be set for certificate
 configurations that would fail if this option were set to true.
        .google.protobuf.BoolValue enforce_rsa_key_usage = 5;
        Specified by:
        hasEnforceRsaKeyUsage in interface UpstreamTlsContextOrBuilder
        Returns:
        Whether the enforceRsaKeyUsage field is set.

      • getEnforceRsaKeyUsage

        public com.google.protobuf.BoolValue getEnforceRsaKeyUsage()
         This field is used to control the enforcement, whereby the handshake will fail if the keyUsage extension
 is present and incompatible with the TLS usage. Currently, the default value is false (i.e., enforcement off)
 but it is expected to be changed to true by default in a future release.
 ``ssl.was_key_usage_invalid`` in :ref:`listener metrics <config_listener_stats>` will be set for certificate
 configurations that would fail if this option were set to true.
        .google.protobuf.BoolValue enforce_rsa_key_usage = 5;
        Specified by:
        getEnforceRsaKeyUsage in interface UpstreamTlsContextOrBuilder
        Returns:
        The enforceRsaKeyUsage.

      • setEnforceRsaKeyUsage

        public UpstreamTlsContext.Builder setEnforceRsaKeyUsage​(com.google.protobuf.BoolValue value)
         This field is used to control the enforcement, whereby the handshake will fail if the keyUsage extension
 is present and incompatible with the TLS usage. Currently, the default value is false (i.e., enforcement off)
 but it is expected to be changed to true by default in a future release.
 ``ssl.was_key_usage_invalid`` in :ref:`listener metrics <config_listener_stats>` will be set for certificate
 configurations that would fail if this option were set to true.
        .google.protobuf.BoolValue enforce_rsa_key_usage = 5;

      • setEnforceRsaKeyUsage

        public UpstreamTlsContext.Builder setEnforceRsaKeyUsage​(com.google.protobuf.BoolValue.Builder builderForValue)
         This field is used to control the enforcement, whereby the handshake will fail if the keyUsage extension
 is present and incompatible with the TLS usage. Currently, the default value is false (i.e., enforcement off)
 but it is expected to be changed to true by default in a future release.
 ``ssl.was_key_usage_invalid`` in :ref:`listener metrics <config_listener_stats>` will be set for certificate
 configurations that would fail if this option were set to true.
        .google.protobuf.BoolValue enforce_rsa_key_usage = 5;

      • mergeEnforceRsaKeyUsage

        public UpstreamTlsContext.Builder mergeEnforceRsaKeyUsage​(com.google.protobuf.BoolValue value)
         This field is used to control the enforcement, whereby the handshake will fail if the keyUsage extension
 is present and incompatible with the TLS usage. Currently, the default value is false (i.e., enforcement off)
 but it is expected to be changed to true by default in a future release.
 ``ssl.was_key_usage_invalid`` in :ref:`listener metrics <config_listener_stats>` will be set for certificate
 configurations that would fail if this option were set to true.
        .google.protobuf.BoolValue enforce_rsa_key_usage = 5;

      • clearEnforceRsaKeyUsage

        public UpstreamTlsContext.Builder clearEnforceRsaKeyUsage()
         This field is used to control the enforcement, whereby the handshake will fail if the keyUsage extension
 is present and incompatible with the TLS usage. Currently, the default value is false (i.e., enforcement off)
 but it is expected to be changed to true by default in a future release.
 ``ssl.was_key_usage_invalid`` in :ref:`listener metrics <config_listener_stats>` will be set for certificate
 configurations that would fail if this option were set to true.
        .google.protobuf.BoolValue enforce_rsa_key_usage = 5;

      • getEnforceRsaKeyUsageBuilder

        public com.google.protobuf.BoolValue.Builder getEnforceRsaKeyUsageBuilder()
         This field is used to control the enforcement, whereby the handshake will fail if the keyUsage extension
 is present and incompatible with the TLS usage. Currently, the default value is false (i.e., enforcement off)
 but it is expected to be changed to true by default in a future release.
 ``ssl.was_key_usage_invalid`` in :ref:`listener metrics <config_listener_stats>` will be set for certificate
 configurations that would fail if this option were set to true.
        .google.protobuf.BoolValue enforce_rsa_key_usage = 5;

      • getEnforceRsaKeyUsageOrBuilder

        public com.google.protobuf.BoolValueOrBuilder getEnforceRsaKeyUsageOrBuilder()
         This field is used to control the enforcement, whereby the handshake will fail if the keyUsage extension
 is present and incompatible with the TLS usage. Currently, the default value is false (i.e., enforcement off)
 but it is expected to be changed to true by default in a future release.
 ``ssl.was_key_usage_invalid`` in :ref:`listener metrics <config_listener_stats>` will be set for certificate
 configurations that would fail if this option were set to true.
        .google.protobuf.BoolValue enforce_rsa_key_usage = 5;
        Specified by:
        getEnforceRsaKeyUsageOrBuilder in interface UpstreamTlsContextOrBuilder

      • getEnforceRsaKeyUsageFieldBuilder

        private com.google.protobuf.SingleFieldBuilder<com.google.protobuf.BoolValue,​com.google.protobuf.BoolValue.Builder,​com.google.protobuf.BoolValueOrBuilder> getEnforceRsaKeyUsageFieldBuilder()
         This field is used to control the enforcement, whereby the handshake will fail if the keyUsage extension
 is present and incompatible with the TLS usage. Currently, the default value is false (i.e., enforcement off)
 but it is expected to be changed to true by default in a future release.
 ``ssl.was_key_usage_invalid`` in :ref:`listener metrics <config_listener_stats>` will be set for certificate
 configurations that would fail if this option were set to true.
        .google.protobuf.BoolValue enforce_rsa_key_usage = 5;