io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext.scala Maven / Gradle / Ivy
// Generated by the Scala Plugin for the Protocol Buffer Compiler.
// Do not edit!
//
// Protofile syntax: PROTO3
package io.envoyproxy.envoy.api.v2.auth
/** [#next-free-field: 11]
*
* @param trustedCa
* TLS certificate data containing certificate authority certificates to use in verifying
* a presented peer certificate (e.g. server certificate for clusters or client certificate
* for listeners). If not specified and a peer certificate is presented it will not be
* verified. By default, a client certificate is optional, unless one of the additional
* options (:ref:`require_client_certificate
* <envoy_api_field_auth.DownstreamTlsContext.require_client_certificate>`,
* :ref:`verify_certificate_spki
* <envoy_api_field_auth.CertificateValidationContext.verify_certificate_spki>`,
* :ref:`verify_certificate_hash
* <envoy_api_field_auth.CertificateValidationContext.verify_certificate_hash>`, or
* :ref:`match_subject_alt_names
* <envoy_api_field_auth.CertificateValidationContext.match_subject_alt_names>`) is also
* specified.
*
* It can optionally contain certificate revocation lists, in which case Envoy will verify
* that the presented peer certificate has not been revoked by one of the included CRLs.
*
* See :ref:`the TLS overview <arch_overview_ssl_enabling_verification>` for a list of common
* system CA locations.
* @param verifyCertificateSpki
* An optional list of base64-encoded SHA-256 hashes. If specified, Envoy will verify that the
* SHA-256 of the DER-encoded Subject Public Key Information (SPKI) of the presented certificate
* matches one of the specified values.
*
* A base64-encoded SHA-256 of the Subject Public Key Information (SPKI) of the certificate
* can be generated with the following command:
*
* .. code-block:: bash
*
* $ openssl x509 -in path/to/client.crt -noout -pubkey
* | openssl pkey -pubin -outform DER
* | openssl dgst -sha256 -binary
* | openssl enc -base64
* NvqYIYSbgK2vCJpQhObf77vv+bQWtc5ek5RIOwPiC9A=
*
* This is the format used in HTTP Public Key Pinning.
*
* When both:
* :ref:`verify_certificate_hash
* <envoy_api_field_auth.CertificateValidationContext.verify_certificate_hash>` and
* :ref:`verify_certificate_spki
* <envoy_api_field_auth.CertificateValidationContext.verify_certificate_spki>` are specified,
* a hash matching value from either of the lists will result in the certificate being accepted.
*
* .. attention::
*
* This option is preferred over :ref:`verify_certificate_hash
* <envoy_api_field_auth.CertificateValidationContext.verify_certificate_hash>`,
* because SPKI is tied to a private key, so it doesn't change when the certificate
* is renewed using the same private key.
* @param verifyCertificateHash
* An optional list of hex-encoded SHA-256 hashes. If specified, Envoy will verify that
* the SHA-256 of the DER-encoded presented certificate matches one of the specified values.
*
* A hex-encoded SHA-256 of the certificate can be generated with the following command:
*
* .. code-block:: bash
*
* $ openssl x509 -in path/to/client.crt -outform DER | openssl dgst -sha256 | cut -d" " -f2
* df6ff72fe9116521268f6f2dd4966f51df479883fe7037b39f75916ac3049d1a
*
* A long hex-encoded and colon-separated SHA-256 (a.k.a. "fingerprint") of the certificate
* can be generated with the following command:
*
* .. code-block:: bash
*
* $ openssl x509 -in path/to/client.crt -noout -fingerprint -sha256 | cut -d"=" -f2
* DF:6F:F7:2F:E9:11:65:21:26:8F:6F:2D:D4:96:6F:51:DF:47:98:83:FE:70:37:B3:9F:75:91:6A:C3:04:9D:1A
*
* Both of those formats are acceptable.
*
* When both:
* :ref:`verify_certificate_hash
* <envoy_api_field_auth.CertificateValidationContext.verify_certificate_hash>` and
* :ref:`verify_certificate_spki
* <envoy_api_field_auth.CertificateValidationContext.verify_certificate_spki>` are specified,
* a hash matching value from either of the lists will result in the certificate being accepted.
* @param verifySubjectAltName
* An optional list of Subject Alternative Names. If specified, Envoy will verify that the
* Subject Alternative Name of the presented certificate matches one of the specified values.
*
* .. attention::
*
* Subject Alternative Names are easily spoofable and verifying only them is insecure,
* therefore this option must be used together with :ref:`trusted_ca
* <envoy_api_field_auth.CertificateValidationContext.trusted_ca>`.
* @param matchSubjectAltNames
* An optional list of Subject Alternative name matchers. Envoy will verify that the
* Subject Alternative Name of the presented certificate matches one of the specified matches.
*
* When a certificate has wildcard DNS SAN entries, to match a specific client, it should be
* configured with exact match type in the :ref:`string matcher <envoy_api_msg_type.matcher.StringMatcher>`.
* For example if the certificate has "&92;*.example.com" as DNS SAN entry, to allow only "api.example.com",
* it should be configured as shown below.
*
* .. code-block:: yaml
*
* match_subject_alt_names:
* exact: "api.example.com"
*
* .. attention::
*
* Subject Alternative Names are easily spoofable and verifying only them is insecure,
* therefore this option must be used together with :ref:`trusted_ca
* <envoy_api_field_auth.CertificateValidationContext.trusted_ca>`.
* @param requireOcspStaple
* [#not-implemented-hide:] Must present a signed time-stamped OCSP response.
* @param requireSignedCertificateTimestamp
* [#not-implemented-hide:] Must present signed certificate time-stamp.
* @param crl
* An optional `certificate revocation list
* <https://en.wikipedia.org/wiki/Certificate_revocation_list>`_
* (in PEM format). If specified, Envoy will verify that the presented peer
* certificate has not been revoked by this CRL. If this DataSource contains
* multiple CRLs, all of them will be used.
* @param allowExpiredCertificate
* If specified, Envoy will not reject expired certificates.
* @param trustChainVerification
* Certificate trust chain verification mode.
*/
@SerialVersionUID(0L)
final case class CertificateValidationContext(
trustedCa: _root_.scala.Option[io.envoyproxy.envoy.api.v2.core.DataSource] = _root_.scala.None,
verifyCertificateSpki: _root_.scala.Seq[_root_.scala.Predef.String] = _root_.scala.Seq.empty,
verifyCertificateHash: _root_.scala.Seq[_root_.scala.Predef.String] = _root_.scala.Seq.empty,
@scala.deprecated(message="Marked as deprecated in proto file", "") verifySubjectAltName: _root_.scala.Seq[_root_.scala.Predef.String] = _root_.scala.Seq.empty,
matchSubjectAltNames: _root_.scala.Seq[io.envoyproxy.envoy.`type`.matcher.StringMatcher] = _root_.scala.Seq.empty,
requireOcspStaple: _root_.scala.Option[_root_.scala.Boolean] = _root_.scala.None,
requireSignedCertificateTimestamp: _root_.scala.Option[_root_.scala.Boolean] = _root_.scala.None,
crl: _root_.scala.Option[io.envoyproxy.envoy.api.v2.core.DataSource] = _root_.scala.None,
allowExpiredCertificate: _root_.scala.Boolean = false,
trustChainVerification: io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext.TrustChainVerification = io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext.TrustChainVerification.VERIFY_TRUST_CHAIN,
unknownFields: _root_.scalapb.UnknownFieldSet = _root_.scalapb.UnknownFieldSet.empty
) extends scalapb.GeneratedMessage with scalapb.lenses.Updatable[CertificateValidationContext] {
@transient
private[this] var __serializedSizeMemoized: _root_.scala.Int = 0
private[this] def __computeSerializedSize(): _root_.scala.Int = {
var __size = 0
if (trustedCa.isDefined) {
val __value = trustedCa.get
__size += 1 + _root_.com.google.protobuf.CodedOutputStream.computeUInt32SizeNoTag(__value.serializedSize) + __value.serializedSize
};
verifyCertificateSpki.foreach { __item =>
val __value = __item
__size += _root_.com.google.protobuf.CodedOutputStream.computeStringSize(3, __value)
}
verifyCertificateHash.foreach { __item =>
val __value = __item
__size += _root_.com.google.protobuf.CodedOutputStream.computeStringSize(2, __value)
}
verifySubjectAltName.foreach { __item =>
val __value = __item
__size += _root_.com.google.protobuf.CodedOutputStream.computeStringSize(4, __value)
}
matchSubjectAltNames.foreach { __item =>
val __value = __item
__size += 1 + _root_.com.google.protobuf.CodedOutputStream.computeUInt32SizeNoTag(__value.serializedSize) + __value.serializedSize
}
if (requireOcspStaple.isDefined) {
val __value = io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext._typemapper_requireOcspStaple.toBase(requireOcspStaple.get)
__size += 1 + _root_.com.google.protobuf.CodedOutputStream.computeUInt32SizeNoTag(__value.serializedSize) + __value.serializedSize
};
if (requireSignedCertificateTimestamp.isDefined) {
val __value = io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext._typemapper_requireSignedCertificateTimestamp.toBase(requireSignedCertificateTimestamp.get)
__size += 1 + _root_.com.google.protobuf.CodedOutputStream.computeUInt32SizeNoTag(__value.serializedSize) + __value.serializedSize
};
if (crl.isDefined) {
val __value = crl.get
__size += 1 + _root_.com.google.protobuf.CodedOutputStream.computeUInt32SizeNoTag(__value.serializedSize) + __value.serializedSize
};
{
val __value = allowExpiredCertificate
if (__value != false) {
__size += _root_.com.google.protobuf.CodedOutputStream.computeBoolSize(8, __value)
}
};
{
val __value = trustChainVerification.value
if (__value != 0) {
__size += _root_.com.google.protobuf.CodedOutputStream.computeEnumSize(10, __value)
}
};
__size += unknownFields.serializedSize
__size
}
override def serializedSize: _root_.scala.Int = {
var __size = __serializedSizeMemoized
if (__size == 0) {
__size = __computeSerializedSize() + 1
__serializedSizeMemoized = __size
}
__size - 1
}
def writeTo(`_output__`: _root_.com.google.protobuf.CodedOutputStream): _root_.scala.Unit = {
trustedCa.foreach { __v =>
val __m = __v
_output__.writeTag(1, 2)
_output__.writeUInt32NoTag(__m.serializedSize)
__m.writeTo(_output__)
};
verifyCertificateHash.foreach { __v =>
val __m = __v
_output__.writeString(2, __m)
};
verifyCertificateSpki.foreach { __v =>
val __m = __v
_output__.writeString(3, __m)
};
verifySubjectAltName.foreach { __v =>
val __m = __v
_output__.writeString(4, __m)
};
requireOcspStaple.foreach { __v =>
val __m = io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext._typemapper_requireOcspStaple.toBase(__v)
_output__.writeTag(5, 2)
_output__.writeUInt32NoTag(__m.serializedSize)
__m.writeTo(_output__)
};
requireSignedCertificateTimestamp.foreach { __v =>
val __m = io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext._typemapper_requireSignedCertificateTimestamp.toBase(__v)
_output__.writeTag(6, 2)
_output__.writeUInt32NoTag(__m.serializedSize)
__m.writeTo(_output__)
};
crl.foreach { __v =>
val __m = __v
_output__.writeTag(7, 2)
_output__.writeUInt32NoTag(__m.serializedSize)
__m.writeTo(_output__)
};
{
val __v = allowExpiredCertificate
if (__v != false) {
_output__.writeBool(8, __v)
}
};
matchSubjectAltNames.foreach { __v =>
val __m = __v
_output__.writeTag(9, 2)
_output__.writeUInt32NoTag(__m.serializedSize)
__m.writeTo(_output__)
};
{
val __v = trustChainVerification.value
if (__v != 0) {
_output__.writeEnum(10, __v)
}
};
unknownFields.writeTo(_output__)
}
def getTrustedCa: io.envoyproxy.envoy.api.v2.core.DataSource = trustedCa.getOrElse(io.envoyproxy.envoy.api.v2.core.DataSource.defaultInstance)
def clearTrustedCa: CertificateValidationContext = copy(trustedCa = _root_.scala.None)
def withTrustedCa(__v: io.envoyproxy.envoy.api.v2.core.DataSource): CertificateValidationContext = copy(trustedCa = Option(__v))
def clearVerifyCertificateSpki = copy(verifyCertificateSpki = _root_.scala.Seq.empty)
def addVerifyCertificateSpki(__vs: _root_.scala.Predef.String *): CertificateValidationContext = addAllVerifyCertificateSpki(__vs)
def addAllVerifyCertificateSpki(__vs: Iterable[_root_.scala.Predef.String]): CertificateValidationContext = copy(verifyCertificateSpki = verifyCertificateSpki ++ __vs)
def withVerifyCertificateSpki(__v: _root_.scala.Seq[_root_.scala.Predef.String]): CertificateValidationContext = copy(verifyCertificateSpki = __v)
def clearVerifyCertificateHash = copy(verifyCertificateHash = _root_.scala.Seq.empty)
def addVerifyCertificateHash(__vs: _root_.scala.Predef.String *): CertificateValidationContext = addAllVerifyCertificateHash(__vs)
def addAllVerifyCertificateHash(__vs: Iterable[_root_.scala.Predef.String]): CertificateValidationContext = copy(verifyCertificateHash = verifyCertificateHash ++ __vs)
def withVerifyCertificateHash(__v: _root_.scala.Seq[_root_.scala.Predef.String]): CertificateValidationContext = copy(verifyCertificateHash = __v)
def clearVerifySubjectAltName = copy(verifySubjectAltName = _root_.scala.Seq.empty)
def addVerifySubjectAltName(__vs: _root_.scala.Predef.String *): CertificateValidationContext = addAllVerifySubjectAltName(__vs)
def addAllVerifySubjectAltName(__vs: Iterable[_root_.scala.Predef.String]): CertificateValidationContext = copy(verifySubjectAltName = verifySubjectAltName ++ __vs)
def withVerifySubjectAltName(__v: _root_.scala.Seq[_root_.scala.Predef.String]): CertificateValidationContext = copy(verifySubjectAltName = __v)
def clearMatchSubjectAltNames = copy(matchSubjectAltNames = _root_.scala.Seq.empty)
def addMatchSubjectAltNames(__vs: io.envoyproxy.envoy.`type`.matcher.StringMatcher *): CertificateValidationContext = addAllMatchSubjectAltNames(__vs)
def addAllMatchSubjectAltNames(__vs: Iterable[io.envoyproxy.envoy.`type`.matcher.StringMatcher]): CertificateValidationContext = copy(matchSubjectAltNames = matchSubjectAltNames ++ __vs)
def withMatchSubjectAltNames(__v: _root_.scala.Seq[io.envoyproxy.envoy.`type`.matcher.StringMatcher]): CertificateValidationContext = copy(matchSubjectAltNames = __v)
def getRequireOcspStaple: _root_.scala.Boolean = requireOcspStaple.getOrElse(io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext._typemapper_requireOcspStaple.toCustom(com.google.protobuf.wrappers.BoolValue.defaultInstance))
def clearRequireOcspStaple: CertificateValidationContext = copy(requireOcspStaple = _root_.scala.None)
def withRequireOcspStaple(__v: _root_.scala.Boolean): CertificateValidationContext = copy(requireOcspStaple = Option(__v))
def getRequireSignedCertificateTimestamp: _root_.scala.Boolean = requireSignedCertificateTimestamp.getOrElse(io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext._typemapper_requireSignedCertificateTimestamp.toCustom(com.google.protobuf.wrappers.BoolValue.defaultInstance))
def clearRequireSignedCertificateTimestamp: CertificateValidationContext = copy(requireSignedCertificateTimestamp = _root_.scala.None)
def withRequireSignedCertificateTimestamp(__v: _root_.scala.Boolean): CertificateValidationContext = copy(requireSignedCertificateTimestamp = Option(__v))
def getCrl: io.envoyproxy.envoy.api.v2.core.DataSource = crl.getOrElse(io.envoyproxy.envoy.api.v2.core.DataSource.defaultInstance)
def clearCrl: CertificateValidationContext = copy(crl = _root_.scala.None)
def withCrl(__v: io.envoyproxy.envoy.api.v2.core.DataSource): CertificateValidationContext = copy(crl = Option(__v))
def withAllowExpiredCertificate(__v: _root_.scala.Boolean): CertificateValidationContext = copy(allowExpiredCertificate = __v)
def withTrustChainVerification(__v: io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext.TrustChainVerification): CertificateValidationContext = copy(trustChainVerification = __v)
def withUnknownFields(__v: _root_.scalapb.UnknownFieldSet) = copy(unknownFields = __v)
def discardUnknownFields = copy(unknownFields = _root_.scalapb.UnknownFieldSet.empty)
def getFieldByNumber(__fieldNumber: _root_.scala.Int): _root_.scala.Any = {
(__fieldNumber: @_root_.scala.unchecked) match {
case 1 => trustedCa.orNull
case 3 => verifyCertificateSpki
case 2 => verifyCertificateHash
case 4 => verifySubjectAltName
case 9 => matchSubjectAltNames
case 5 => requireOcspStaple.map(io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext._typemapper_requireOcspStaple.toBase(_)).orNull
case 6 => requireSignedCertificateTimestamp.map(io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext._typemapper_requireSignedCertificateTimestamp.toBase(_)).orNull
case 7 => crl.orNull
case 8 => {
val __t = allowExpiredCertificate
if (__t != false) __t else null
}
case 10 => {
val __t = trustChainVerification.javaValueDescriptor
if (__t.getNumber() != 0) __t else null
}
}
}
def getField(__field: _root_.scalapb.descriptors.FieldDescriptor): _root_.scalapb.descriptors.PValue = {
_root_.scala.Predef.require(__field.containingMessage eq companion.scalaDescriptor)
(__field.number: @_root_.scala.unchecked) match {
case 1 => trustedCa.map(_.toPMessage).getOrElse(_root_.scalapb.descriptors.PEmpty)
case 3 => _root_.scalapb.descriptors.PRepeated(verifyCertificateSpki.iterator.map(_root_.scalapb.descriptors.PString(_)).toVector)
case 2 => _root_.scalapb.descriptors.PRepeated(verifyCertificateHash.iterator.map(_root_.scalapb.descriptors.PString(_)).toVector)
case 4 => _root_.scalapb.descriptors.PRepeated(verifySubjectAltName.iterator.map(_root_.scalapb.descriptors.PString(_)).toVector)
case 9 => _root_.scalapb.descriptors.PRepeated(matchSubjectAltNames.iterator.map(_.toPMessage).toVector)
case 5 => requireOcspStaple.map(io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext._typemapper_requireOcspStaple.toBase(_).toPMessage).getOrElse(_root_.scalapb.descriptors.PEmpty)
case 6 => requireSignedCertificateTimestamp.map(io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext._typemapper_requireSignedCertificateTimestamp.toBase(_).toPMessage).getOrElse(_root_.scalapb.descriptors.PEmpty)
case 7 => crl.map(_.toPMessage).getOrElse(_root_.scalapb.descriptors.PEmpty)
case 8 => _root_.scalapb.descriptors.PBoolean(allowExpiredCertificate)
case 10 => _root_.scalapb.descriptors.PEnum(trustChainVerification.scalaValueDescriptor)
}
}
def toProtoString: _root_.scala.Predef.String = _root_.scalapb.TextFormat.printToUnicodeString(this)
def companion: io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext.type = io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext
// @@protoc_insertion_point(GeneratedMessage[envoy.api.v2.auth.CertificateValidationContext])
}
object CertificateValidationContext extends scalapb.GeneratedMessageCompanion[io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext] {
implicit def messageCompanion: scalapb.GeneratedMessageCompanion[io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext] = this
def parseFrom(`_input__`: _root_.com.google.protobuf.CodedInputStream): io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext = {
var __trustedCa: _root_.scala.Option[io.envoyproxy.envoy.api.v2.core.DataSource] = _root_.scala.None
val __verifyCertificateSpki: _root_.scala.collection.immutable.VectorBuilder[_root_.scala.Predef.String] = new _root_.scala.collection.immutable.VectorBuilder[_root_.scala.Predef.String]
val __verifyCertificateHash: _root_.scala.collection.immutable.VectorBuilder[_root_.scala.Predef.String] = new _root_.scala.collection.immutable.VectorBuilder[_root_.scala.Predef.String]
val __verifySubjectAltName: _root_.scala.collection.immutable.VectorBuilder[_root_.scala.Predef.String] = new _root_.scala.collection.immutable.VectorBuilder[_root_.scala.Predef.String]
val __matchSubjectAltNames: _root_.scala.collection.immutable.VectorBuilder[io.envoyproxy.envoy.`type`.matcher.StringMatcher] = new _root_.scala.collection.immutable.VectorBuilder[io.envoyproxy.envoy.`type`.matcher.StringMatcher]
var __requireOcspStaple: _root_.scala.Option[_root_.scala.Boolean] = _root_.scala.None
var __requireSignedCertificateTimestamp: _root_.scala.Option[_root_.scala.Boolean] = _root_.scala.None
var __crl: _root_.scala.Option[io.envoyproxy.envoy.api.v2.core.DataSource] = _root_.scala.None
var __allowExpiredCertificate: _root_.scala.Boolean = false
var __trustChainVerification: io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext.TrustChainVerification = io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext.TrustChainVerification.VERIFY_TRUST_CHAIN
var `_unknownFields__`: _root_.scalapb.UnknownFieldSet.Builder = null
var _done__ = false
while (!_done__) {
val _tag__ = _input__.readTag()
_tag__ match {
case 0 => _done__ = true
case 10 =>
__trustedCa = Option(__trustedCa.fold(_root_.scalapb.LiteParser.readMessage[io.envoyproxy.envoy.api.v2.core.DataSource](_input__))(_root_.scalapb.LiteParser.readMessage(_input__, _)))
case 26 =>
__verifyCertificateSpki += _input__.readStringRequireUtf8()
case 18 =>
__verifyCertificateHash += _input__.readStringRequireUtf8()
case 34 =>
__verifySubjectAltName += _input__.readStringRequireUtf8()
case 74 =>
__matchSubjectAltNames += _root_.scalapb.LiteParser.readMessage[io.envoyproxy.envoy.`type`.matcher.StringMatcher](_input__)
case 42 =>
__requireOcspStaple = Option(io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext._typemapper_requireOcspStaple.toCustom(__requireOcspStaple.map(io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext._typemapper_requireOcspStaple.toBase(_)).fold(_root_.scalapb.LiteParser.readMessage[com.google.protobuf.wrappers.BoolValue](_input__))(_root_.scalapb.LiteParser.readMessage(_input__, _))))
case 50 =>
__requireSignedCertificateTimestamp = Option(io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext._typemapper_requireSignedCertificateTimestamp.toCustom(__requireSignedCertificateTimestamp.map(io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext._typemapper_requireSignedCertificateTimestamp.toBase(_)).fold(_root_.scalapb.LiteParser.readMessage[com.google.protobuf.wrappers.BoolValue](_input__))(_root_.scalapb.LiteParser.readMessage(_input__, _))))
case 58 =>
__crl = Option(__crl.fold(_root_.scalapb.LiteParser.readMessage[io.envoyproxy.envoy.api.v2.core.DataSource](_input__))(_root_.scalapb.LiteParser.readMessage(_input__, _)))
case 64 =>
__allowExpiredCertificate = _input__.readBool()
case 80 =>
__trustChainVerification = io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext.TrustChainVerification.fromValue(_input__.readEnum())
case tag =>
if (_unknownFields__ == null) {
_unknownFields__ = new _root_.scalapb.UnknownFieldSet.Builder()
}
_unknownFields__.parseField(tag, _input__)
}
}
io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext(
trustedCa = __trustedCa,
verifyCertificateSpki = __verifyCertificateSpki.result(),
verifyCertificateHash = __verifyCertificateHash.result(),
verifySubjectAltName = __verifySubjectAltName.result(),
matchSubjectAltNames = __matchSubjectAltNames.result(),
requireOcspStaple = __requireOcspStaple,
requireSignedCertificateTimestamp = __requireSignedCertificateTimestamp,
crl = __crl,
allowExpiredCertificate = __allowExpiredCertificate,
trustChainVerification = __trustChainVerification,
unknownFields = if (_unknownFields__ == null) _root_.scalapb.UnknownFieldSet.empty else _unknownFields__.result()
)
}
implicit def messageReads: _root_.scalapb.descriptors.Reads[io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext] = _root_.scalapb.descriptors.Reads{
case _root_.scalapb.descriptors.PMessage(__fieldsMap) =>
_root_.scala.Predef.require(__fieldsMap.keys.forall(_.containingMessage eq scalaDescriptor), "FieldDescriptor does not match message type.")
io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext(
trustedCa = __fieldsMap.get(scalaDescriptor.findFieldByNumber(1).get).flatMap(_.as[_root_.scala.Option[io.envoyproxy.envoy.api.v2.core.DataSource]]),
verifyCertificateSpki = __fieldsMap.get(scalaDescriptor.findFieldByNumber(3).get).map(_.as[_root_.scala.Seq[_root_.scala.Predef.String]]).getOrElse(_root_.scala.Seq.empty),
verifyCertificateHash = __fieldsMap.get(scalaDescriptor.findFieldByNumber(2).get).map(_.as[_root_.scala.Seq[_root_.scala.Predef.String]]).getOrElse(_root_.scala.Seq.empty),
verifySubjectAltName = __fieldsMap.get(scalaDescriptor.findFieldByNumber(4).get).map(_.as[_root_.scala.Seq[_root_.scala.Predef.String]]).getOrElse(_root_.scala.Seq.empty),
matchSubjectAltNames = __fieldsMap.get(scalaDescriptor.findFieldByNumber(9).get).map(_.as[_root_.scala.Seq[io.envoyproxy.envoy.`type`.matcher.StringMatcher]]).getOrElse(_root_.scala.Seq.empty),
requireOcspStaple = __fieldsMap.get(scalaDescriptor.findFieldByNumber(5).get).flatMap(_.as[_root_.scala.Option[com.google.protobuf.wrappers.BoolValue]]).map(io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext._typemapper_requireOcspStaple.toCustom(_)),
requireSignedCertificateTimestamp = __fieldsMap.get(scalaDescriptor.findFieldByNumber(6).get).flatMap(_.as[_root_.scala.Option[com.google.protobuf.wrappers.BoolValue]]).map(io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext._typemapper_requireSignedCertificateTimestamp.toCustom(_)),
crl = __fieldsMap.get(scalaDescriptor.findFieldByNumber(7).get).flatMap(_.as[_root_.scala.Option[io.envoyproxy.envoy.api.v2.core.DataSource]]),
allowExpiredCertificate = __fieldsMap.get(scalaDescriptor.findFieldByNumber(8).get).map(_.as[_root_.scala.Boolean]).getOrElse(false),
trustChainVerification = io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext.TrustChainVerification.fromValue(__fieldsMap.get(scalaDescriptor.findFieldByNumber(10).get).map(_.as[_root_.scalapb.descriptors.EnumValueDescriptor]).getOrElse(io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext.TrustChainVerification.VERIFY_TRUST_CHAIN.scalaValueDescriptor).number)
)
case _ => throw new RuntimeException("Expected PMessage")
}
def javaDescriptor: _root_.com.google.protobuf.Descriptors.Descriptor = CommonProto.javaDescriptor.getMessageTypes().get(4)
def scalaDescriptor: _root_.scalapb.descriptors.Descriptor = CommonProto.scalaDescriptor.messages(4)
def messageCompanionForFieldNumber(__number: _root_.scala.Int): _root_.scalapb.GeneratedMessageCompanion[_] = {
var __out: _root_.scalapb.GeneratedMessageCompanion[_] = null
(__number: @_root_.scala.unchecked) match {
case 1 => __out = io.envoyproxy.envoy.api.v2.core.DataSource
case 9 => __out = io.envoyproxy.envoy.`type`.matcher.StringMatcher
case 5 => __out = com.google.protobuf.wrappers.BoolValue
case 6 => __out = com.google.protobuf.wrappers.BoolValue
case 7 => __out = io.envoyproxy.envoy.api.v2.core.DataSource
}
__out
}
lazy val nestedMessagesCompanions: Seq[_root_.scalapb.GeneratedMessageCompanion[_ <: _root_.scalapb.GeneratedMessage]] = Seq.empty
def enumCompanionForFieldNumber(__fieldNumber: _root_.scala.Int): _root_.scalapb.GeneratedEnumCompanion[_] = {
(__fieldNumber: @_root_.scala.unchecked) match {
case 10 => io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext.TrustChainVerification
}
}
lazy val defaultInstance = io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext(
trustedCa = _root_.scala.None,
verifyCertificateSpki = _root_.scala.Seq.empty,
verifyCertificateHash = _root_.scala.Seq.empty,
verifySubjectAltName = _root_.scala.Seq.empty,
matchSubjectAltNames = _root_.scala.Seq.empty,
requireOcspStaple = _root_.scala.None,
requireSignedCertificateTimestamp = _root_.scala.None,
crl = _root_.scala.None,
allowExpiredCertificate = false,
trustChainVerification = io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext.TrustChainVerification.VERIFY_TRUST_CHAIN
)
/** Peer certificate verification mode.
*/
sealed abstract class TrustChainVerification(val value: _root_.scala.Int) extends _root_.scalapb.GeneratedEnum {
type EnumType = TrustChainVerification
def isVerifyTrustChain: _root_.scala.Boolean = false
def isAcceptUntrusted: _root_.scala.Boolean = false
def companion: _root_.scalapb.GeneratedEnumCompanion[TrustChainVerification] = io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext.TrustChainVerification
final def asRecognized: _root_.scala.Option[io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext.TrustChainVerification.Recognized] = if (isUnrecognized) _root_.scala.None else _root_.scala.Some(this.asInstanceOf[io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext.TrustChainVerification.Recognized])
}
object TrustChainVerification extends _root_.scalapb.GeneratedEnumCompanion[TrustChainVerification] {
sealed trait Recognized extends TrustChainVerification
implicit def enumCompanion: _root_.scalapb.GeneratedEnumCompanion[TrustChainVerification] = this
/** Perform default certificate verification (e.g., against CA / verification lists)
*/
@SerialVersionUID(0L)
case object VERIFY_TRUST_CHAIN extends TrustChainVerification(0) with TrustChainVerification.Recognized {
val index = 0
val name = "VERIFY_TRUST_CHAIN"
override def isVerifyTrustChain: _root_.scala.Boolean = true
}
/** Connections where the certificate fails verification will be permitted.
* For HTTP connections, the result of certificate verification can be used in route matching. (
* see :ref:`validated <envoy_api_field_route.RouteMatch.TlsContextMatchOptions.validated>` ).
*/
@SerialVersionUID(0L)
case object ACCEPT_UNTRUSTED extends TrustChainVerification(1) with TrustChainVerification.Recognized {
val index = 1
val name = "ACCEPT_UNTRUSTED"
override def isAcceptUntrusted: _root_.scala.Boolean = true
}
@SerialVersionUID(0L)
final case class Unrecognized(unrecognizedValue: _root_.scala.Int) extends TrustChainVerification(unrecognizedValue) with _root_.scalapb.UnrecognizedEnum
lazy val values = scala.collection.immutable.Seq(VERIFY_TRUST_CHAIN, ACCEPT_UNTRUSTED)
def fromValue(__value: _root_.scala.Int): TrustChainVerification = __value match {
case 0 => VERIFY_TRUST_CHAIN
case 1 => ACCEPT_UNTRUSTED
case __other => Unrecognized(__other)
}
def javaDescriptor: _root_.com.google.protobuf.Descriptors.EnumDescriptor = io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext.javaDescriptor.getEnumTypes().get(0)
def scalaDescriptor: _root_.scalapb.descriptors.EnumDescriptor = io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext.scalaDescriptor.enums(0)
}
implicit class CertificateValidationContextLens[UpperPB](_l: _root_.scalapb.lenses.Lens[UpperPB, io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext]) extends _root_.scalapb.lenses.ObjectLens[UpperPB, io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext](_l) {
def trustedCa: _root_.scalapb.lenses.Lens[UpperPB, io.envoyproxy.envoy.api.v2.core.DataSource] = field(_.getTrustedCa)((c_, f_) => c_.copy(trustedCa = Option(f_)))
def optionalTrustedCa: _root_.scalapb.lenses.Lens[UpperPB, _root_.scala.Option[io.envoyproxy.envoy.api.v2.core.DataSource]] = field(_.trustedCa)((c_, f_) => c_.copy(trustedCa = f_))
def verifyCertificateSpki: _root_.scalapb.lenses.Lens[UpperPB, _root_.scala.Seq[_root_.scala.Predef.String]] = field(_.verifyCertificateSpki)((c_, f_) => c_.copy(verifyCertificateSpki = f_))
def verifyCertificateHash: _root_.scalapb.lenses.Lens[UpperPB, _root_.scala.Seq[_root_.scala.Predef.String]] = field(_.verifyCertificateHash)((c_, f_) => c_.copy(verifyCertificateHash = f_))
def verifySubjectAltName: _root_.scalapb.lenses.Lens[UpperPB, _root_.scala.Seq[_root_.scala.Predef.String]] = field(_.verifySubjectAltName)((c_, f_) => c_.copy(verifySubjectAltName = f_))
def matchSubjectAltNames: _root_.scalapb.lenses.Lens[UpperPB, _root_.scala.Seq[io.envoyproxy.envoy.`type`.matcher.StringMatcher]] = field(_.matchSubjectAltNames)((c_, f_) => c_.copy(matchSubjectAltNames = f_))
def requireOcspStaple: _root_.scalapb.lenses.Lens[UpperPB, _root_.scala.Boolean] = field(_.getRequireOcspStaple)((c_, f_) => c_.copy(requireOcspStaple = Option(f_)))
def optionalRequireOcspStaple: _root_.scalapb.lenses.Lens[UpperPB, _root_.scala.Option[_root_.scala.Boolean]] = field(_.requireOcspStaple)((c_, f_) => c_.copy(requireOcspStaple = f_))
def requireSignedCertificateTimestamp: _root_.scalapb.lenses.Lens[UpperPB, _root_.scala.Boolean] = field(_.getRequireSignedCertificateTimestamp)((c_, f_) => c_.copy(requireSignedCertificateTimestamp = Option(f_)))
def optionalRequireSignedCertificateTimestamp: _root_.scalapb.lenses.Lens[UpperPB, _root_.scala.Option[_root_.scala.Boolean]] = field(_.requireSignedCertificateTimestamp)((c_, f_) => c_.copy(requireSignedCertificateTimestamp = f_))
def crl: _root_.scalapb.lenses.Lens[UpperPB, io.envoyproxy.envoy.api.v2.core.DataSource] = field(_.getCrl)((c_, f_) => c_.copy(crl = Option(f_)))
def optionalCrl: _root_.scalapb.lenses.Lens[UpperPB, _root_.scala.Option[io.envoyproxy.envoy.api.v2.core.DataSource]] = field(_.crl)((c_, f_) => c_.copy(crl = f_))
def allowExpiredCertificate: _root_.scalapb.lenses.Lens[UpperPB, _root_.scala.Boolean] = field(_.allowExpiredCertificate)((c_, f_) => c_.copy(allowExpiredCertificate = f_))
def trustChainVerification: _root_.scalapb.lenses.Lens[UpperPB, io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext.TrustChainVerification] = field(_.trustChainVerification)((c_, f_) => c_.copy(trustChainVerification = f_))
}
final val TRUSTED_CA_FIELD_NUMBER = 1
final val VERIFY_CERTIFICATE_SPKI_FIELD_NUMBER = 3
final val VERIFY_CERTIFICATE_HASH_FIELD_NUMBER = 2
final val VERIFY_SUBJECT_ALT_NAME_FIELD_NUMBER = 4
final val MATCH_SUBJECT_ALT_NAMES_FIELD_NUMBER = 9
final val REQUIRE_OCSP_STAPLE_FIELD_NUMBER = 5
final val REQUIRE_SIGNED_CERTIFICATE_TIMESTAMP_FIELD_NUMBER = 6
final val CRL_FIELD_NUMBER = 7
final val ALLOW_EXPIRED_CERTIFICATE_FIELD_NUMBER = 8
final val TRUST_CHAIN_VERIFICATION_FIELD_NUMBER = 10
@transient
private[auth] val _typemapper_requireOcspStaple: _root_.scalapb.TypeMapper[com.google.protobuf.wrappers.BoolValue, _root_.scala.Boolean] = implicitly[_root_.scalapb.TypeMapper[com.google.protobuf.wrappers.BoolValue, _root_.scala.Boolean]]
@transient
private[auth] val _typemapper_requireSignedCertificateTimestamp: _root_.scalapb.TypeMapper[com.google.protobuf.wrappers.BoolValue, _root_.scala.Boolean] = implicitly[_root_.scalapb.TypeMapper[com.google.protobuf.wrappers.BoolValue, _root_.scala.Boolean]]
def of(
trustedCa: _root_.scala.Option[io.envoyproxy.envoy.api.v2.core.DataSource],
verifyCertificateSpki: _root_.scala.Seq[_root_.scala.Predef.String],
verifyCertificateHash: _root_.scala.Seq[_root_.scala.Predef.String],
verifySubjectAltName: _root_.scala.Seq[_root_.scala.Predef.String],
matchSubjectAltNames: _root_.scala.Seq[io.envoyproxy.envoy.`type`.matcher.StringMatcher],
requireOcspStaple: _root_.scala.Option[_root_.scala.Boolean],
requireSignedCertificateTimestamp: _root_.scala.Option[_root_.scala.Boolean],
crl: _root_.scala.Option[io.envoyproxy.envoy.api.v2.core.DataSource],
allowExpiredCertificate: _root_.scala.Boolean,
trustChainVerification: io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext.TrustChainVerification
): _root_.io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext = _root_.io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext(
trustedCa,
verifyCertificateSpki,
verifyCertificateHash,
verifySubjectAltName,
matchSubjectAltNames,
requireOcspStaple,
requireSignedCertificateTimestamp,
crl,
allowExpiredCertificate,
trustChainVerification
)
// @@protoc_insertion_point(GeneratedMessageCompanion[envoy.api.v2.auth.CertificateValidationContext])
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy