Package io.envoyproxy.envoy.extensions.transport_sockets.tls.v3

Class UpstreamTlsContext.Builder

java.lang.Object
com.google.protobuf.AbstractMessageLite.Builder
com.google.protobuf.AbstractMessage.Builder<UpstreamTlsContext.Builder>
com.google.protobuf.GeneratedMessage.Builder<UpstreamTlsContext.Builder>
io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext.Builder
All Implemented Interfaces:
com.google.protobuf.Message.Builder, com.google.protobuf.MessageLite.Builder, com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder, UpstreamTlsContextOrBuilder, Cloneable
Enclosing class:
UpstreamTlsContext
public static final class UpstreamTlsContext.Builder extends com.google.protobuf.GeneratedMessage.Builder<UpstreamTlsContext.Builder> implements UpstreamTlsContextOrBuilder
 [#next-free-field: 6]
Protobuf type envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext

  • Field Details

    • bitField0_

      private int bitField0_

    • commonTlsContext_

      private CommonTlsContext commonTlsContext_

    • commonTlsContextBuilder_

      private com.google.protobuf.SingleFieldBuilder<CommonTlsContext,CommonTlsContext.Builder,CommonTlsContextOrBuilder> commonTlsContextBuilder_

    • sni_

      private Object sni_

    • allowRenegotiation_

      private boolean allowRenegotiation_

    • maxSessionKeys_

      private com.google.protobuf.UInt32Value maxSessionKeys_

    • maxSessionKeysBuilder_

      private com.google.protobuf.SingleFieldBuilder<com.google.protobuf.UInt32Value,com.google.protobuf.UInt32Value.Builder,com.google.protobuf.UInt32ValueOrBuilder> maxSessionKeysBuilder_

    • enforceRsaKeyUsage_

      private com.google.protobuf.BoolValue enforceRsaKeyUsage_

    • enforceRsaKeyUsageBuilder_

      private com.google.protobuf.SingleFieldBuilder<com.google.protobuf.BoolValue,com.google.protobuf.BoolValue.Builder,com.google.protobuf.BoolValueOrBuilder> enforceRsaKeyUsageBuilder_

  • Constructor Details

    • Builder

      private Builder()

    • Builder

      private Builder(com.google.protobuf.AbstractMessage.BuilderParent parent)

  • Method Details

    • getDescriptor

      public static final com.google.protobuf.Descriptors.Descriptor getDescriptor()

    • internalGetFieldAccessorTable

      protected com.google.protobuf.GeneratedMessage.FieldAccessorTable internalGetFieldAccessorTable()
      Specified by:
      internalGetFieldAccessorTable in class com.google.protobuf.GeneratedMessage.Builder<UpstreamTlsContext.Builder>

    • maybeForceBuilderInitialization

      private void maybeForceBuilderInitialization()

    • clear

      public UpstreamTlsContext.Builder clear()
      Specified by:
      clear in interface com.google.protobuf.Message.Builder
      Specified by:
      clear in interface com.google.protobuf.MessageLite.Builder
      Overrides:
      clear in class com.google.protobuf.GeneratedMessage.Builder<UpstreamTlsContext.Builder>

    • getDescriptorForType

      public com.google.protobuf.Descriptors.Descriptor getDescriptorForType()
      Specified by:
      getDescriptorForType in interface com.google.protobuf.Message.Builder
      Specified by:
      getDescriptorForType in interface com.google.protobuf.MessageOrBuilder
      Overrides:
      getDescriptorForType in class com.google.protobuf.GeneratedMessage.Builder<UpstreamTlsContext.Builder>

    • getDefaultInstanceForType

      public UpstreamTlsContext getDefaultInstanceForType()
      Specified by:
      getDefaultInstanceForType in interface com.google.protobuf.MessageLiteOrBuilder
      Specified by:
      getDefaultInstanceForType in interface com.google.protobuf.MessageOrBuilder

    • build

      public UpstreamTlsContext build()
      Specified by:
      build in interface com.google.protobuf.Message.Builder
      Specified by:
      build in interface com.google.protobuf.MessageLite.Builder

    • buildPartial

      public UpstreamTlsContext buildPartial()
      Specified by:
      buildPartial in interface com.google.protobuf.Message.Builder
      Specified by:
      buildPartial in interface com.google.protobuf.MessageLite.Builder

    • buildPartial0

      private void buildPartial0(UpstreamTlsContext result)

    • mergeFrom

      public UpstreamTlsContext.Builder mergeFrom(com.google.protobuf.Message other)
      Specified by:
      mergeFrom in interface com.google.protobuf.Message.Builder
      Overrides:
      mergeFrom in class com.google.protobuf.AbstractMessage.Builder<UpstreamTlsContext.Builder>

    • mergeFrom

      public UpstreamTlsContext.Builder mergeFrom(UpstreamTlsContext other)

    • isInitialized

      public final boolean isInitialized()
      Specified by:
      isInitialized in interface com.google.protobuf.MessageLiteOrBuilder
      Overrides:
      isInitialized in class com.google.protobuf.GeneratedMessage.Builder<UpstreamTlsContext.Builder>

    • mergeFrom

      public UpstreamTlsContext.Builder mergeFrom(com.google.protobuf.CodedInputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws IOException
      Specified by:
      mergeFrom in interface com.google.protobuf.Message.Builder
      Specified by:
      mergeFrom in interface com.google.protobuf.MessageLite.Builder
      Overrides:
      mergeFrom in class com.google.protobuf.AbstractMessage.Builder<UpstreamTlsContext.Builder>
      Throws:
      IOException

    • hasCommonTlsContext

      public boolean hasCommonTlsContext()
       Common TLS context settings.

 .. attention::

 Server certificate verification is not enabled by default. Configure
 :ref:`trusted_ca<envoy_v3_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.trusted_ca>` to enable
 verification.
      .envoy.extensions.transport_sockets.tls.v3.CommonTlsContext common_tls_context = 1;
      Specified by:
      hasCommonTlsContext in interface UpstreamTlsContextOrBuilder
      Returns:
      Whether the commonTlsContext field is set.

    • getCommonTlsContext

      public CommonTlsContext getCommonTlsContext()
       Common TLS context settings.

 .. attention::

 Server certificate verification is not enabled by default. Configure
 :ref:`trusted_ca<envoy_v3_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.trusted_ca>` to enable
 verification.
      .envoy.extensions.transport_sockets.tls.v3.CommonTlsContext common_tls_context = 1;
      Specified by:
      getCommonTlsContext in interface UpstreamTlsContextOrBuilder
      Returns:
      The commonTlsContext.

    • setCommonTlsContext

      public UpstreamTlsContext.Builder setCommonTlsContext(CommonTlsContext value)
       Common TLS context settings.

 .. attention::

 Server certificate verification is not enabled by default. Configure
 :ref:`trusted_ca<envoy_v3_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.trusted_ca>` to enable
 verification.
      .envoy.extensions.transport_sockets.tls.v3.CommonTlsContext common_tls_context = 1;

    • setCommonTlsContext

      public UpstreamTlsContext.Builder setCommonTlsContext(CommonTlsContext.Builder builderForValue)
       Common TLS context settings.

 .. attention::

 Server certificate verification is not enabled by default. Configure
 :ref:`trusted_ca<envoy_v3_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.trusted_ca>` to enable
 verification.
      .envoy.extensions.transport_sockets.tls.v3.CommonTlsContext common_tls_context = 1;

    • mergeCommonTlsContext

      public UpstreamTlsContext.Builder mergeCommonTlsContext(CommonTlsContext value)
       Common TLS context settings.

 .. attention::

 Server certificate verification is not enabled by default. Configure
 :ref:`trusted_ca<envoy_v3_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.trusted_ca>` to enable
 verification.
      .envoy.extensions.transport_sockets.tls.v3.CommonTlsContext common_tls_context = 1;

    • clearCommonTlsContext

      public UpstreamTlsContext.Builder clearCommonTlsContext()
       Common TLS context settings.

 .. attention::

 Server certificate verification is not enabled by default. Configure
 :ref:`trusted_ca<envoy_v3_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.trusted_ca>` to enable
 verification.
      .envoy.extensions.transport_sockets.tls.v3.CommonTlsContext common_tls_context = 1;

    • getCommonTlsContextBuilder

      public CommonTlsContext.Builder getCommonTlsContextBuilder()
       Common TLS context settings.

 .. attention::

 Server certificate verification is not enabled by default. Configure
 :ref:`trusted_ca<envoy_v3_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.trusted_ca>` to enable
 verification.
      .envoy.extensions.transport_sockets.tls.v3.CommonTlsContext common_tls_context = 1;

    • getCommonTlsContextOrBuilder

      public CommonTlsContextOrBuilder getCommonTlsContextOrBuilder()
       Common TLS context settings.

 .. attention::

 Server certificate verification is not enabled by default. Configure
 :ref:`trusted_ca<envoy_v3_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.trusted_ca>` to enable
 verification.
      .envoy.extensions.transport_sockets.tls.v3.CommonTlsContext common_tls_context = 1;
      Specified by:
      getCommonTlsContextOrBuilder in interface UpstreamTlsContextOrBuilder

    • internalGetCommonTlsContextFieldBuilder

      private com.google.protobuf.SingleFieldBuilder<CommonTlsContext,CommonTlsContext.Builder,CommonTlsContextOrBuilder> internalGetCommonTlsContextFieldBuilder()
       Common TLS context settings.

 .. attention::

 Server certificate verification is not enabled by default. Configure
 :ref:`trusted_ca<envoy_v3_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.trusted_ca>` to enable
 verification.
      .envoy.extensions.transport_sockets.tls.v3.CommonTlsContext common_tls_context = 1;

    • getSni

      public String getSni()
       SNI string to use when creating TLS backend connections.
      string sni = 2 [(.validate.rules) = { ... }
      Specified by:
      getSni in interface UpstreamTlsContextOrBuilder
      Returns:
      The sni.

    • getSniBytes

      public com.google.protobuf.ByteString getSniBytes()
       SNI string to use when creating TLS backend connections.
      string sni = 2 [(.validate.rules) = { ... }
      Specified by:
      getSniBytes in interface UpstreamTlsContextOrBuilder
      Returns:
      The bytes for sni.

    • setSni

      public UpstreamTlsContext.Builder setSni(String value)
       SNI string to use when creating TLS backend connections.
      string sni = 2 [(.validate.rules) = { ... }
      Parameters:
      value - The sni to set.
      Returns:
      This builder for chaining.

    • clearSni

      public UpstreamTlsContext.Builder clearSni()
       SNI string to use when creating TLS backend connections.
      string sni = 2 [(.validate.rules) = { ... }
      Returns:
      This builder for chaining.

    • setSniBytes

      public UpstreamTlsContext.Builder setSniBytes(com.google.protobuf.ByteString value)
       SNI string to use when creating TLS backend connections.
      string sni = 2 [(.validate.rules) = { ... }
      Parameters:
      value - The bytes for sni to set.
      Returns:
      This builder for chaining.

    • getAllowRenegotiation

      public boolean getAllowRenegotiation()
       If true, server-initiated TLS renegotiation will be allowed.

 .. attention::

 TLS renegotiation is considered insecure and shouldn't be used unless absolutely necessary.
      bool allow_renegotiation = 3;
      Specified by:
      getAllowRenegotiation in interface UpstreamTlsContextOrBuilder
      Returns:
      The allowRenegotiation.

    • setAllowRenegotiation

      public UpstreamTlsContext.Builder setAllowRenegotiation(boolean value)
       If true, server-initiated TLS renegotiation will be allowed.

 .. attention::

 TLS renegotiation is considered insecure and shouldn't be used unless absolutely necessary.
      bool allow_renegotiation = 3;
      Parameters:
      value - The allowRenegotiation to set.
      Returns:
      This builder for chaining.

    • clearAllowRenegotiation

      public UpstreamTlsContext.Builder clearAllowRenegotiation()
       If true, server-initiated TLS renegotiation will be allowed.

 .. attention::

 TLS renegotiation is considered insecure and shouldn't be used unless absolutely necessary.
      bool allow_renegotiation = 3;
      Returns:
      This builder for chaining.

    • hasMaxSessionKeys

      public boolean hasMaxSessionKeys()
       Maximum number of session keys (Pre-Shared Keys for TLSv1.3+, Session IDs and Session Tickets
 for TLSv1.2 and older) to store for the purpose of session resumption.

 Defaults to 1, setting this to 0 disables session resumption.
      .google.protobuf.UInt32Value max_session_keys = 4;
      Specified by:
      hasMaxSessionKeys in interface UpstreamTlsContextOrBuilder
      Returns:
      Whether the maxSessionKeys field is set.

    • getMaxSessionKeys

      public com.google.protobuf.UInt32Value getMaxSessionKeys()
       Maximum number of session keys (Pre-Shared Keys for TLSv1.3+, Session IDs and Session Tickets
 for TLSv1.2 and older) to store for the purpose of session resumption.

 Defaults to 1, setting this to 0 disables session resumption.
      .google.protobuf.UInt32Value max_session_keys = 4;
      Specified by:
      getMaxSessionKeys in interface UpstreamTlsContextOrBuilder
      Returns:
      The maxSessionKeys.

    • setMaxSessionKeys

      public UpstreamTlsContext.Builder setMaxSessionKeys(com.google.protobuf.UInt32Value value)
       Maximum number of session keys (Pre-Shared Keys for TLSv1.3+, Session IDs and Session Tickets
 for TLSv1.2 and older) to store for the purpose of session resumption.

 Defaults to 1, setting this to 0 disables session resumption.
      .google.protobuf.UInt32Value max_session_keys = 4;

    • setMaxSessionKeys

      public UpstreamTlsContext.Builder setMaxSessionKeys(com.google.protobuf.UInt32Value.Builder builderForValue)
       Maximum number of session keys (Pre-Shared Keys for TLSv1.3+, Session IDs and Session Tickets
 for TLSv1.2 and older) to store for the purpose of session resumption.

 Defaults to 1, setting this to 0 disables session resumption.
      .google.protobuf.UInt32Value max_session_keys = 4;

    • mergeMaxSessionKeys

      public UpstreamTlsContext.Builder mergeMaxSessionKeys(com.google.protobuf.UInt32Value value)
       Maximum number of session keys (Pre-Shared Keys for TLSv1.3+, Session IDs and Session Tickets
 for TLSv1.2 and older) to store for the purpose of session resumption.

 Defaults to 1, setting this to 0 disables session resumption.
      .google.protobuf.UInt32Value max_session_keys = 4;

    • clearMaxSessionKeys

      public UpstreamTlsContext.Builder clearMaxSessionKeys()
       Maximum number of session keys (Pre-Shared Keys for TLSv1.3+, Session IDs and Session Tickets
 for TLSv1.2 and older) to store for the purpose of session resumption.

 Defaults to 1, setting this to 0 disables session resumption.
      .google.protobuf.UInt32Value max_session_keys = 4;

    • getMaxSessionKeysBuilder

      public com.google.protobuf.UInt32Value.Builder getMaxSessionKeysBuilder()
       Maximum number of session keys (Pre-Shared Keys for TLSv1.3+, Session IDs and Session Tickets
 for TLSv1.2 and older) to store for the purpose of session resumption.

 Defaults to 1, setting this to 0 disables session resumption.
      .google.protobuf.UInt32Value max_session_keys = 4;

    • getMaxSessionKeysOrBuilder

      public com.google.protobuf.UInt32ValueOrBuilder getMaxSessionKeysOrBuilder()
       Maximum number of session keys (Pre-Shared Keys for TLSv1.3+, Session IDs and Session Tickets
 for TLSv1.2 and older) to store for the purpose of session resumption.

 Defaults to 1, setting this to 0 disables session resumption.
      .google.protobuf.UInt32Value max_session_keys = 4;
      Specified by:
      getMaxSessionKeysOrBuilder in interface UpstreamTlsContextOrBuilder

    • internalGetMaxSessionKeysFieldBuilder

      private com.google.protobuf.SingleFieldBuilder<com.google.protobuf.UInt32Value,com.google.protobuf.UInt32Value.Builder,com.google.protobuf.UInt32ValueOrBuilder> internalGetMaxSessionKeysFieldBuilder()
       Maximum number of session keys (Pre-Shared Keys for TLSv1.3+, Session IDs and Session Tickets
 for TLSv1.2 and older) to store for the purpose of session resumption.

 Defaults to 1, setting this to 0 disables session resumption.
      .google.protobuf.UInt32Value max_session_keys = 4;

    • hasEnforceRsaKeyUsage

      public boolean hasEnforceRsaKeyUsage()
       This field is used to control the enforcement, whereby the handshake will fail if the keyUsage extension
 is present and incompatible with the TLS usage. Currently, the default value is false (i.e., enforcement off)
 but it is expected to be changed to true by default in a future release.
 ``ssl.was_key_usage_invalid`` in :ref:`listener metrics <config_listener_stats>` will be set for certificate
 configurations that would fail if this option were set to true.
      .google.protobuf.BoolValue enforce_rsa_key_usage = 5;
      Specified by:
      hasEnforceRsaKeyUsage in interface UpstreamTlsContextOrBuilder
      Returns:
      Whether the enforceRsaKeyUsage field is set.

    • getEnforceRsaKeyUsage

      public com.google.protobuf.BoolValue getEnforceRsaKeyUsage()
       This field is used to control the enforcement, whereby the handshake will fail if the keyUsage extension
 is present and incompatible with the TLS usage. Currently, the default value is false (i.e., enforcement off)
 but it is expected to be changed to true by default in a future release.
 ``ssl.was_key_usage_invalid`` in :ref:`listener metrics <config_listener_stats>` will be set for certificate
 configurations that would fail if this option were set to true.
      .google.protobuf.BoolValue enforce_rsa_key_usage = 5;
      Specified by:
      getEnforceRsaKeyUsage in interface UpstreamTlsContextOrBuilder
      Returns:
      The enforceRsaKeyUsage.

    • setEnforceRsaKeyUsage

      public UpstreamTlsContext.Builder setEnforceRsaKeyUsage(com.google.protobuf.BoolValue value)
       This field is used to control the enforcement, whereby the handshake will fail if the keyUsage extension
 is present and incompatible with the TLS usage. Currently, the default value is false (i.e., enforcement off)
 but it is expected to be changed to true by default in a future release.
 ``ssl.was_key_usage_invalid`` in :ref:`listener metrics <config_listener_stats>` will be set for certificate
 configurations that would fail if this option were set to true.
      .google.protobuf.BoolValue enforce_rsa_key_usage = 5;

    • setEnforceRsaKeyUsage

      public UpstreamTlsContext.Builder setEnforceRsaKeyUsage(com.google.protobuf.BoolValue.Builder builderForValue)
       This field is used to control the enforcement, whereby the handshake will fail if the keyUsage extension
 is present and incompatible with the TLS usage. Currently, the default value is false (i.e., enforcement off)
 but it is expected to be changed to true by default in a future release.
 ``ssl.was_key_usage_invalid`` in :ref:`listener metrics <config_listener_stats>` will be set for certificate
 configurations that would fail if this option were set to true.
      .google.protobuf.BoolValue enforce_rsa_key_usage = 5;

    • mergeEnforceRsaKeyUsage

      public UpstreamTlsContext.Builder mergeEnforceRsaKeyUsage(com.google.protobuf.BoolValue value)
       This field is used to control the enforcement, whereby the handshake will fail if the keyUsage extension
 is present and incompatible with the TLS usage. Currently, the default value is false (i.e., enforcement off)
 but it is expected to be changed to true by default in a future release.
 ``ssl.was_key_usage_invalid`` in :ref:`listener metrics <config_listener_stats>` will be set for certificate
 configurations that would fail if this option were set to true.
      .google.protobuf.BoolValue enforce_rsa_key_usage = 5;

    • clearEnforceRsaKeyUsage

      public UpstreamTlsContext.Builder clearEnforceRsaKeyUsage()
       This field is used to control the enforcement, whereby the handshake will fail if the keyUsage extension
 is present and incompatible with the TLS usage. Currently, the default value is false (i.e., enforcement off)
 but it is expected to be changed to true by default in a future release.
 ``ssl.was_key_usage_invalid`` in :ref:`listener metrics <config_listener_stats>` will be set for certificate
 configurations that would fail if this option were set to true.
      .google.protobuf.BoolValue enforce_rsa_key_usage = 5;

    • getEnforceRsaKeyUsageBuilder

      public com.google.protobuf.BoolValue.Builder getEnforceRsaKeyUsageBuilder()
       This field is used to control the enforcement, whereby the handshake will fail if the keyUsage extension
 is present and incompatible with the TLS usage. Currently, the default value is false (i.e., enforcement off)
 but it is expected to be changed to true by default in a future release.
 ``ssl.was_key_usage_invalid`` in :ref:`listener metrics <config_listener_stats>` will be set for certificate
 configurations that would fail if this option were set to true.
      .google.protobuf.BoolValue enforce_rsa_key_usage = 5;

    • getEnforceRsaKeyUsageOrBuilder

      public com.google.protobuf.BoolValueOrBuilder getEnforceRsaKeyUsageOrBuilder()
       This field is used to control the enforcement, whereby the handshake will fail if the keyUsage extension
 is present and incompatible with the TLS usage. Currently, the default value is false (i.e., enforcement off)
 but it is expected to be changed to true by default in a future release.
 ``ssl.was_key_usage_invalid`` in :ref:`listener metrics <config_listener_stats>` will be set for certificate
 configurations that would fail if this option were set to true.
      .google.protobuf.BoolValue enforce_rsa_key_usage = 5;
      Specified by:
      getEnforceRsaKeyUsageOrBuilder in interface UpstreamTlsContextOrBuilder

    • internalGetEnforceRsaKeyUsageFieldBuilder

      private com.google.protobuf.SingleFieldBuilder<com.google.protobuf.BoolValue,com.google.protobuf.BoolValue.Builder,com.google.protobuf.BoolValueOrBuilder> internalGetEnforceRsaKeyUsageFieldBuilder()
       This field is used to control the enforcement, whereby the handshake will fail if the keyUsage extension
 is present and incompatible with the TLS usage. Currently, the default value is false (i.e., enforcement off)
 but it is expected to be changed to true by default in a future release.
 ``ssl.was_key_usage_invalid`` in :ref:`listener metrics <config_listener_stats>` will be set for certificate
 configurations that would fail if this option were set to true.
      .google.protobuf.BoolValue enforce_rsa_key_usage = 5;