Package io.envoyproxy.envoy.extensions.transport_sockets.tls.v3

Class TlsSessionTicketKeys

java.lang.Object
com.google.protobuf.AbstractMessageLite
com.google.protobuf.AbstractMessage
com.google.protobuf.GeneratedMessage
io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.TlsSessionTicketKeys
All Implemented Interfaces:
com.google.protobuf.Message, com.google.protobuf.MessageLite, com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder, TlsSessionTicketKeysOrBuilder, Serializable
@Generated public final class TlsSessionTicketKeys extends com.google.protobuf.GeneratedMessage implements TlsSessionTicketKeysOrBuilder
Protobuf type envoy.extensions.transport_sockets.tls.v3.TlsSessionTicketKeys
See Also:

  • Nested Class Summary

    Nested Classes
    Modifier and Type
    Class
    Description
    static final class 
    TlsSessionTicketKeys.Builder
    Protobuf type envoy.extensions.transport_sockets.tls.v3.TlsSessionTicketKeys

    Nested classes/interfaces inherited from class com.google.protobuf.GeneratedMessage

    com.google.protobuf.GeneratedMessage.ExtendableBuilder<MessageT extends com.google.protobuf.GeneratedMessage.ExtendableMessage<MessageT>,BuilderT extends com.google.protobuf.GeneratedMessage.ExtendableBuilder<MessageT,BuilderT>>, com.google.protobuf.GeneratedMessage.ExtendableMessage<MessageT extends com.google.protobuf.GeneratedMessage.ExtendableMessage<MessageT>>, com.google.protobuf.GeneratedMessage.ExtendableMessageOrBuilder<MessageT extends com.google.protobuf.GeneratedMessage.ExtendableMessage<MessageT>>, com.google.protobuf.GeneratedMessage.FieldAccessorTable, com.google.protobuf.GeneratedMessage.GeneratedExtension<ContainingT extends com.google.protobuf.Message,T>, com.google.protobuf.GeneratedMessage.UnusedPrivateParameter

    Nested classes/interfaces inherited from class com.google.protobuf.AbstractMessage

    com.google.protobuf.AbstractMessage.BuilderParent

    Nested classes/interfaces inherited from class com.google.protobuf.AbstractMessageLite

    com.google.protobuf.AbstractMessageLite.InternalOneOfEnum

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    private static final TlsSessionTicketKeys
    DEFAULT_INSTANCE
     
    private List<DataSource>
    keys_
     
    static final int
    KEYS_FIELD_NUMBER
     
    private byte
    memoizedIsInitialized
     
    private static final com.google.protobuf.Parser<TlsSessionTicketKeys>
    PARSER
     
    private static final long
    serialVersionUID
     

    Fields inherited from class com.google.protobuf.GeneratedMessage

    alwaysUseFieldBuilders, loggedPre22TypeNames, unknownFields

    Fields inherited from class com.google.protobuf.AbstractMessage

    memoizedSize

    Fields inherited from class com.google.protobuf.AbstractMessageLite

    memoizedHashCode

  • Constructor Summary

    Constructors
    Modifier
    Constructor
    Description
    private
    TlsSessionTicketKeys()
     
    private
    TlsSessionTicketKeys(com.google.protobuf.GeneratedMessage.Builder<?> builder)
     

  • Method Summary

    Modifier and Type
    Method
    Description
    boolean
    equals(Object obj)
     
    static TlsSessionTicketKeys
    getDefaultInstance()
     
    TlsSessionTicketKeys
    getDefaultInstanceForType()
     
    static final com.google.protobuf.Descriptors.Descriptor
    getDescriptor()
     
    com.google.protobuf.Descriptors.Descriptor
    getDescriptorForType()
     
    DataSource
    getKeys(int index)
    Keys for encrypting and decrypting TLS session tickets.
    int
    getKeysCount()
    Keys for encrypting and decrypting TLS session tickets.
    List<DataSource>
    getKeysList()
    Keys for encrypting and decrypting TLS session tickets.
    DataSourceOrBuilder
    getKeysOrBuilder(int index)
    Keys for encrypting and decrypting TLS session tickets.
    List<? extends DataSourceOrBuilder>
    getKeysOrBuilderList()
    Keys for encrypting and decrypting TLS session tickets.
    com.google.protobuf.Parser<TlsSessionTicketKeys>
    getParserForType()
     
    int
    getSerializedSize()
     
    int
    hashCode()
     
    protected com.google.protobuf.GeneratedMessage.FieldAccessorTable
    internalGetFieldAccessorTable()
     
    final boolean
    isInitialized()
     
    static TlsSessionTicketKeys.Builder
    newBuilder()
     
    static TlsSessionTicketKeys.Builder
    newBuilder(TlsSessionTicketKeys prototype)
     
    TlsSessionTicketKeys.Builder
    newBuilderForType()
     
    protected TlsSessionTicketKeys.Builder
    newBuilderForType(com.google.protobuf.AbstractMessage.BuilderParent parent)
     
    static TlsSessionTicketKeys
    parseDelimitedFrom(InputStream input)
     
    static TlsSessionTicketKeys
    parseDelimitedFrom(InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
     
    static TlsSessionTicketKeys
    parseFrom(byte[] data)
     
    static TlsSessionTicketKeys
    parseFrom(byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
     
    static TlsSessionTicketKeys
    parseFrom(com.google.protobuf.ByteString data)
     
    static TlsSessionTicketKeys
    parseFrom(com.google.protobuf.ByteString data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
     
    static TlsSessionTicketKeys
    parseFrom(com.google.protobuf.CodedInputStream input)
     
    static TlsSessionTicketKeys
    parseFrom(com.google.protobuf.CodedInputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
     
    static TlsSessionTicketKeys
    parseFrom(InputStream input)
     
    static TlsSessionTicketKeys
    parseFrom(InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
     
    static TlsSessionTicketKeys
    parseFrom(ByteBuffer data)
     
    static TlsSessionTicketKeys
    parseFrom(ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
     
    static com.google.protobuf.Parser<TlsSessionTicketKeys>
    parser()
     
    TlsSessionTicketKeys.Builder
    toBuilder()
     
    void
    writeTo(com.google.protobuf.CodedOutputStream output)
     

    Methods inherited from class com.google.protobuf.GeneratedMessage

    computeStringSize, computeStringSizeNoTag, emptyBooleanList, emptyDoubleList, emptyFloatList, emptyIntList, emptyList, emptyLongList, getAllFields, getField, getOneofFieldDescriptor, getRepeatedField, getRepeatedFieldCount, getUnknownFields, hasField, hasOneof, internalGetMapField, internalGetMapFieldReflection, isStringEmpty, makeExtensionsImmutable, makeMutableCopy, makeMutableCopy, newFileScopedGeneratedExtension, newInstance, newMessageScopedGeneratedExtension, parseDelimitedWithIOException, parseDelimitedWithIOException, parseUnknownField, parseUnknownFieldProto3, parseWithIOException, parseWithIOException, parseWithIOException, parseWithIOException, serializeBooleanMapTo, serializeIntegerMapTo, serializeLongMapTo, serializeStringMapTo, writeReplace, writeString, writeStringNoTag

    Methods inherited from class com.google.protobuf.AbstractMessage

    findInitializationErrors, getInitializationErrorString, hashFields, toString

    Methods inherited from class com.google.protobuf.AbstractMessageLite

    addAll, checkByteStringIsUtf8, toByteArray, toByteString, writeDelimitedTo, writeTo

    Methods inherited from class java.lang.Object

    clone, finalize, getClass, notify, notifyAll, wait, wait, wait

    Methods inherited from interface com.google.protobuf.MessageLite

    toByteArray, toByteString, writeDelimitedTo, writeTo

    Methods inherited from interface com.google.protobuf.MessageOrBuilder

    findInitializationErrors, getAllFields, getField, getInitializationErrorString, getOneofFieldDescriptor, getRepeatedField, getRepeatedFieldCount, getUnknownFields, hasField, hasOneof

  • Field Details

  • Constructor Details

    • TlsSessionTicketKeys

      private TlsSessionTicketKeys(com.google.protobuf.GeneratedMessage.Builder<?> builder)

    • TlsSessionTicketKeys

      private TlsSessionTicketKeys()

  • Method Details

    • getDescriptor

      public static final com.google.protobuf.Descriptors.Descriptor getDescriptor()

    • getDescriptorForType

      public com.google.protobuf.Descriptors.Descriptor getDescriptorForType()
      Specified by:
      getDescriptorForType in interface com.google.protobuf.MessageOrBuilder
      Overrides:
      getDescriptorForType in class com.google.protobuf.GeneratedMessage

    • internalGetFieldAccessorTable

      protected com.google.protobuf.GeneratedMessage.FieldAccessorTable internalGetFieldAccessorTable()
      Specified by:
      internalGetFieldAccessorTable in class com.google.protobuf.GeneratedMessage

    • getKeysList

      public List<DataSource> getKeysList()
       Keys for encrypting and decrypting TLS session tickets. The
 first key in the array contains the key to encrypt all new sessions created by this context.
 All keys are candidates for decrypting received tickets. This allows for easy rotation of keys
 by, for example, putting the new key first, and the previous key second.

 If :ref:`session_ticket_keys <envoy_v3_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.session_ticket_keys>`
 is not specified, the TLS library will still support resuming sessions via tickets, but it will
 use an internally-generated and managed key, so sessions cannot be resumed across hot restarts
 or on different hosts.

 Each key must contain exactly 80 bytes of cryptographically-secure random data. For
 example, the output of ``openssl rand 80``.

 .. attention::

 Using this feature has serious security considerations and risks. Improper handling of keys
 may result in loss of secrecy in connections, even if ciphers supporting perfect forward
 secrecy are used. See https://www.imperialviolet.org/2013/06/27/botchingpfs.html for some
 discussion. To minimize the risk, you must:

 * Keep the session ticket keys at least as secure as your TLS certificate private keys
 * Rotate session ticket keys at least daily, and preferably hourly
 * Always generate keys using a cryptographically-secure random data source
      repeated .envoy.config.core.v3.DataSource keys = 1 [(.validate.rules) = { ... }
      Specified by:
      getKeysList in interface TlsSessionTicketKeysOrBuilder

    • getKeysOrBuilderList

      public List<? extends DataSourceOrBuilder> getKeysOrBuilderList()
       Keys for encrypting and decrypting TLS session tickets. The
 first key in the array contains the key to encrypt all new sessions created by this context.
 All keys are candidates for decrypting received tickets. This allows for easy rotation of keys
 by, for example, putting the new key first, and the previous key second.

 If :ref:`session_ticket_keys <envoy_v3_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.session_ticket_keys>`
 is not specified, the TLS library will still support resuming sessions via tickets, but it will
 use an internally-generated and managed key, so sessions cannot be resumed across hot restarts
 or on different hosts.

 Each key must contain exactly 80 bytes of cryptographically-secure random data. For
 example, the output of ``openssl rand 80``.

 .. attention::

 Using this feature has serious security considerations and risks. Improper handling of keys
 may result in loss of secrecy in connections, even if ciphers supporting perfect forward
 secrecy are used. See https://www.imperialviolet.org/2013/06/27/botchingpfs.html for some
 discussion. To minimize the risk, you must:

 * Keep the session ticket keys at least as secure as your TLS certificate private keys
 * Rotate session ticket keys at least daily, and preferably hourly
 * Always generate keys using a cryptographically-secure random data source
      repeated .envoy.config.core.v3.DataSource keys = 1 [(.validate.rules) = { ... }
      Specified by:
      getKeysOrBuilderList in interface TlsSessionTicketKeysOrBuilder

    • getKeysCount

      public int getKeysCount()
       Keys for encrypting and decrypting TLS session tickets. The
 first key in the array contains the key to encrypt all new sessions created by this context.
 All keys are candidates for decrypting received tickets. This allows for easy rotation of keys
 by, for example, putting the new key first, and the previous key second.

 If :ref:`session_ticket_keys <envoy_v3_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.session_ticket_keys>`
 is not specified, the TLS library will still support resuming sessions via tickets, but it will
 use an internally-generated and managed key, so sessions cannot be resumed across hot restarts
 or on different hosts.

 Each key must contain exactly 80 bytes of cryptographically-secure random data. For
 example, the output of ``openssl rand 80``.

 .. attention::

 Using this feature has serious security considerations and risks. Improper handling of keys
 may result in loss of secrecy in connections, even if ciphers supporting perfect forward
 secrecy are used. See https://www.imperialviolet.org/2013/06/27/botchingpfs.html for some
 discussion. To minimize the risk, you must:

 * Keep the session ticket keys at least as secure as your TLS certificate private keys
 * Rotate session ticket keys at least daily, and preferably hourly
 * Always generate keys using a cryptographically-secure random data source
      repeated .envoy.config.core.v3.DataSource keys = 1 [(.validate.rules) = { ... }
      Specified by:
      getKeysCount in interface TlsSessionTicketKeysOrBuilder

    • getKeys

      public DataSource getKeys(int index)
       Keys for encrypting and decrypting TLS session tickets. The
 first key in the array contains the key to encrypt all new sessions created by this context.
 All keys are candidates for decrypting received tickets. This allows for easy rotation of keys
 by, for example, putting the new key first, and the previous key second.

 If :ref:`session_ticket_keys <envoy_v3_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.session_ticket_keys>`
 is not specified, the TLS library will still support resuming sessions via tickets, but it will
 use an internally-generated and managed key, so sessions cannot be resumed across hot restarts
 or on different hosts.

 Each key must contain exactly 80 bytes of cryptographically-secure random data. For
 example, the output of ``openssl rand 80``.

 .. attention::

 Using this feature has serious security considerations and risks. Improper handling of keys
 may result in loss of secrecy in connections, even if ciphers supporting perfect forward
 secrecy are used. See https://www.imperialviolet.org/2013/06/27/botchingpfs.html for some
 discussion. To minimize the risk, you must:

 * Keep the session ticket keys at least as secure as your TLS certificate private keys
 * Rotate session ticket keys at least daily, and preferably hourly
 * Always generate keys using a cryptographically-secure random data source
      repeated .envoy.config.core.v3.DataSource keys = 1 [(.validate.rules) = { ... }
      Specified by:
      getKeys in interface TlsSessionTicketKeysOrBuilder

    • getKeysOrBuilder

      public DataSourceOrBuilder getKeysOrBuilder(int index)
       Keys for encrypting and decrypting TLS session tickets. The
 first key in the array contains the key to encrypt all new sessions created by this context.
 All keys are candidates for decrypting received tickets. This allows for easy rotation of keys
 by, for example, putting the new key first, and the previous key second.

 If :ref:`session_ticket_keys <envoy_v3_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.session_ticket_keys>`
 is not specified, the TLS library will still support resuming sessions via tickets, but it will
 use an internally-generated and managed key, so sessions cannot be resumed across hot restarts
 or on different hosts.

 Each key must contain exactly 80 bytes of cryptographically-secure random data. For
 example, the output of ``openssl rand 80``.

 .. attention::

 Using this feature has serious security considerations and risks. Improper handling of keys
 may result in loss of secrecy in connections, even if ciphers supporting perfect forward
 secrecy are used. See https://www.imperialviolet.org/2013/06/27/botchingpfs.html for some
 discussion. To minimize the risk, you must:

 * Keep the session ticket keys at least as secure as your TLS certificate private keys
 * Rotate session ticket keys at least daily, and preferably hourly
 * Always generate keys using a cryptographically-secure random data source
      repeated .envoy.config.core.v3.DataSource keys = 1 [(.validate.rules) = { ... }
      Specified by:
      getKeysOrBuilder in interface TlsSessionTicketKeysOrBuilder

    • isInitialized

      public final boolean isInitialized()
      Specified by:
      isInitialized in interface com.google.protobuf.MessageLiteOrBuilder
      Overrides:
      isInitialized in class com.google.protobuf.GeneratedMessage

    • writeTo

      public void writeTo(com.google.protobuf.CodedOutputStream output) throws IOException
      Specified by:
      writeTo in interface com.google.protobuf.MessageLite
      Overrides:
      writeTo in class com.google.protobuf.GeneratedMessage
      Throws:
      IOException

    • getSerializedSize

      public int getSerializedSize()
      Specified by:
      getSerializedSize in interface com.google.protobuf.MessageLite
      Overrides:
      getSerializedSize in class com.google.protobuf.GeneratedMessage

    • equals

      public boolean equals(Object obj)
      Specified by:
      equals in interface com.google.protobuf.Message
      Overrides:
      equals in class com.google.protobuf.AbstractMessage

    • hashCode

      public int hashCode()
      Specified by:
      hashCode in interface com.google.protobuf.Message
      Overrides:
      hashCode in class com.google.protobuf.AbstractMessage

    • parseFrom

      public static TlsSessionTicketKeys parseFrom(ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException
      Throws:
      com.google.protobuf.InvalidProtocolBufferException

    • parseFrom

      public static TlsSessionTicketKeys parseFrom(ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws com.google.protobuf.InvalidProtocolBufferException
      Throws:
      com.google.protobuf.InvalidProtocolBufferException

    • parseFrom

      public static TlsSessionTicketKeys parseFrom(com.google.protobuf.ByteString data) throws com.google.protobuf.InvalidProtocolBufferException
      Throws:
      com.google.protobuf.InvalidProtocolBufferException

    • parseFrom

      public static TlsSessionTicketKeys parseFrom(com.google.protobuf.ByteString data, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws com.google.protobuf.InvalidProtocolBufferException
      Throws:
      com.google.protobuf.InvalidProtocolBufferException

    • parseFrom

      public static TlsSessionTicketKeys parseFrom(byte[] data) throws com.google.protobuf.InvalidProtocolBufferException
      Throws:
      com.google.protobuf.InvalidProtocolBufferException

    • parseFrom

      public static TlsSessionTicketKeys parseFrom(byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws com.google.protobuf.InvalidProtocolBufferException
      Throws:
      com.google.protobuf.InvalidProtocolBufferException

    • parseFrom

      public static TlsSessionTicketKeys parseFrom(InputStream input) throws IOException
      Throws:
      IOException

    • parseFrom

      public static TlsSessionTicketKeys parseFrom(InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws IOException
      Throws:
      IOException

    • parseDelimitedFrom

      public static TlsSessionTicketKeys parseDelimitedFrom(InputStream input) throws IOException
      Throws:
      IOException

    • parseDelimitedFrom

      public static TlsSessionTicketKeys parseDelimitedFrom(InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws IOException
      Throws:
      IOException

    • parseFrom

      public static TlsSessionTicketKeys parseFrom(com.google.protobuf.CodedInputStream input) throws IOException
      Throws:
      IOException

    • parseFrom

      public static TlsSessionTicketKeys parseFrom(com.google.protobuf.CodedInputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws IOException
      Throws:
      IOException

    • newBuilderForType

      public TlsSessionTicketKeys.Builder newBuilderForType()
      Specified by:
      newBuilderForType in interface com.google.protobuf.Message
      Specified by:
      newBuilderForType in interface com.google.protobuf.MessageLite

    • newBuilder

      public static TlsSessionTicketKeys.Builder newBuilder()

    • newBuilder

      public static TlsSessionTicketKeys.Builder newBuilder(TlsSessionTicketKeys prototype)

    • toBuilder

      public TlsSessionTicketKeys.Builder toBuilder()
      Specified by:
      toBuilder in interface com.google.protobuf.Message
      Specified by:
      toBuilder in interface com.google.protobuf.MessageLite

    • newBuilderForType

      protected TlsSessionTicketKeys.Builder newBuilderForType(com.google.protobuf.AbstractMessage.BuilderParent parent)
      Overrides:
      newBuilderForType in class com.google.protobuf.AbstractMessage

    • getDefaultInstance

      public static TlsSessionTicketKeys getDefaultInstance()

    • parser

      public static com.google.protobuf.Parser<TlsSessionTicketKeys> parser()

    • getParserForType

      public com.google.protobuf.Parser<TlsSessionTicketKeys> getParserForType()
      Specified by:
      getParserForType in interface com.google.protobuf.Message
      Specified by:
      getParserForType in interface com.google.protobuf.MessageLite
      Overrides:
      getParserForType in class com.google.protobuf.GeneratedMessage

    • getDefaultInstanceForType

      public TlsSessionTicketKeys getDefaultInstanceForType()
      Specified by:
      getDefaultInstanceForType in interface com.google.protobuf.MessageLiteOrBuilder
      Specified by:
      getDefaultInstanceForType in interface com.google.protobuf.MessageOrBuilder