1// Code generated by protoc-gen-go. DO NOT EDIT. 2// versions: 3// protoc-gen-go v1.25.0 4// protoc v3.14.0 5// source: envoy/api/v2/auth/common.proto 6 7package envoy_api_v2_auth 8 9import ( 10 _ "github.com/cncf/xds/go/udpa/annotations" 11 core "github.com/envoyproxy/go-control-plane/envoy/api/v2/core" 12 matcher "github.com/envoyproxy/go-control-plane/envoy/type/matcher" 13 _ "github.com/envoyproxy/protoc-gen-validate/validate" 14 proto "github.com/golang/protobuf/proto" 15 any "github.com/golang/protobuf/ptypes/any" 16 _struct "github.com/golang/protobuf/ptypes/struct" 17 wrappers "github.com/golang/protobuf/ptypes/wrappers" 18 protoreflect "google.golang.org/protobuf/reflect/protoreflect" 19 protoimpl "google.golang.org/protobuf/runtime/protoimpl" 20 reflect "reflect" 21 sync "sync" 22) 23 24const ( 25 // Verify that this generated code is sufficiently up-to-date. 26 _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) 27 // Verify that runtime/protoimpl is sufficiently up-to-date. 28 _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) 29) 30 31// This is a compile-time assertion that a sufficiently up-to-date version 32// of the legacy proto package is being used. 33const _ = proto.ProtoPackageIsVersion4 34 35type TlsParameters_TlsProtocol int32 36 37const ( 38 // Envoy will choose the optimal TLS version. 39 TlsParameters_TLS_AUTO TlsParameters_TlsProtocol = 0 40 // TLS 1.0 41 TlsParameters_TLSv1_0 TlsParameters_TlsProtocol = 1 42 // TLS 1.1 43 TlsParameters_TLSv1_1 TlsParameters_TlsProtocol = 2 44 // TLS 1.2 45 TlsParameters_TLSv1_2 TlsParameters_TlsProtocol = 3 46 // TLS 1.3 47 TlsParameters_TLSv1_3 TlsParameters_TlsProtocol = 4 48) 49 50// Enum value maps for TlsParameters_TlsProtocol. 51var ( 52 TlsParameters_TlsProtocol_name = map[int32]string{ 53 0: "TLS_AUTO", 54 1: "TLSv1_0", 55 2: "TLSv1_1", 56 3: "TLSv1_2", 57 4: "TLSv1_3", 58 } 59 TlsParameters_TlsProtocol_value = map[string]int32{ 60 "TLS_AUTO": 0, 61 "TLSv1_0": 1, 62 "TLSv1_1": 2, 63 "TLSv1_2": 3, 64 "TLSv1_3": 4, 65 } 66) 67 68func (x TlsParameters_TlsProtocol) Enum() *TlsParameters_TlsProtocol { 69 p := new(TlsParameters_TlsProtocol) 70 *p = x 71 return p 72} 73 74func (x TlsParameters_TlsProtocol) String() string { 75 return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) 76} 77 78func (TlsParameters_TlsProtocol) Descriptor() protoreflect.EnumDescriptor { 79 return file_envoy_api_v2_auth_common_proto_enumTypes[0].Descriptor() 80} 81 82func (TlsParameters_TlsProtocol) Type() protoreflect.EnumType { 83 return &file_envoy_api_v2_auth_common_proto_enumTypes[0] 84} 85 86func (x TlsParameters_TlsProtocol) Number() protoreflect.EnumNumber { 87 return protoreflect.EnumNumber(x) 88} 89 90// Deprecated: Use TlsParameters_TlsProtocol.Descriptor instead. 91func (TlsParameters_TlsProtocol) EnumDescriptor() ([]byte, []int) { 92 return file_envoy_api_v2_auth_common_proto_rawDescGZIP(), []int{0, 0} 93} 94 95// Peer certificate verification mode. 96type CertificateValidationContext_TrustChainVerification int32 97 98const ( 99 // Perform default certificate verification (e.g., against CA / verification lists) 100 CertificateValidationContext_VERIFY_TRUST_CHAIN CertificateValidationContext_TrustChainVerification = 0 101 // Connections where the certificate fails verification will be permitted. 102 // For HTTP connections, the result of certificate verification can be used in route matching. ( 103 // see :ref:`validated <envoy_api_field_route.RouteMatch.TlsContextMatchOptions.validated>` ). 104 CertificateValidationContext_ACCEPT_UNTRUSTED CertificateValidationContext_TrustChainVerification = 1 105) 106 107// Enum value maps for CertificateValidationContext_TrustChainVerification. 108var ( 109 CertificateValidationContext_TrustChainVerification_name = map[int32]string{ 110 0: "VERIFY_TRUST_CHAIN", 111 1: "ACCEPT_UNTRUSTED", 112 } 113 CertificateValidationContext_TrustChainVerification_value = map[string]int32{ 114 "VERIFY_TRUST_CHAIN": 0, 115 "ACCEPT_UNTRUSTED": 1, 116 } 117) 118 119func (x CertificateValidationContext_TrustChainVerification) Enum() *CertificateValidationContext_TrustChainVerification { 120 p := new(CertificateValidationContext_TrustChainVerification) 121 *p = x 122 return p 123} 124 125func (x CertificateValidationContext_TrustChainVerification) String() string { 126 return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) 127} 128 129func (CertificateValidationContext_TrustChainVerification) Descriptor() protoreflect.EnumDescriptor { 130 return file_envoy_api_v2_auth_common_proto_enumTypes[1].Descriptor() 131} 132 133func (CertificateValidationContext_TrustChainVerification) Type() protoreflect.EnumType { 134 return &file_envoy_api_v2_auth_common_proto_enumTypes[1] 135} 136 137func (x CertificateValidationContext_TrustChainVerification) Number() protoreflect.EnumNumber { 138 return protoreflect.EnumNumber(x) 139} 140 141// Deprecated: Use CertificateValidationContext_TrustChainVerification.Descriptor instead. 142func (CertificateValidationContext_TrustChainVerification) EnumDescriptor() ([]byte, []int) { 143 return file_envoy_api_v2_auth_common_proto_rawDescGZIP(), []int{4, 0} 144} 145 146type TlsParameters struct { 147 state protoimpl.MessageState 148 sizeCache protoimpl.SizeCache 149 unknownFields protoimpl.UnknownFields 150 151 // Minimum TLS protocol version. By default, it's ``TLSv1_2`` for clients and ``TLSv1_0`` for 152 // servers. 153 TlsMinimumProtocolVersion TlsParameters_TlsProtocol `protobuf:"varint,1,opt,name=tls_minimum_protocol_version,json=tlsMinimumProtocolVersion,proto3,enum=envoy.api.v2.auth.TlsParameters_TlsProtocol" json:"tls_minimum_protocol_version,omitempty"` 154 // Maximum TLS protocol version. By default, it's ``TLSv1_2`` for clients and ``TLSv1_3`` for 155 // servers. 156 TlsMaximumProtocolVersion TlsParameters_TlsProtocol `protobuf:"varint,2,opt,name=tls_maximum_protocol_version,json=tlsMaximumProtocolVersion,proto3,enum=envoy.api.v2.auth.TlsParameters_TlsProtocol" json:"tls_maximum_protocol_version,omitempty"` 157 // If specified, the TLS listener will only support the specified `cipher list 158 // <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_ 159 // when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3). If not 160 // specified, the default list will be used. 161 // 162 // In non-FIPS builds, the default cipher list is: 163 // 164 // .. code-block:: none 165 // 166 // [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305] 167 // [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305] 168 // ECDHE-ECDSA-AES128-SHA 169 // ECDHE-RSA-AES128-SHA 170 // AES128-GCM-SHA256 171 // AES128-SHA 172 // ECDHE-ECDSA-AES256-GCM-SHA384 173 // ECDHE-RSA-AES256-GCM-SHA384 174 // ECDHE-ECDSA-AES256-SHA 175 // ECDHE-RSA-AES256-SHA 176 // AES256-GCM-SHA384 177 // AES256-SHA 178 // 179 // In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default cipher list is: 180 // 181 // .. code-block:: none 182 // 183 // ECDHE-ECDSA-AES128-GCM-SHA256 184 // ECDHE-RSA-AES128-GCM-SHA256 185 // ECDHE-ECDSA-AES128-SHA 186 // ECDHE-RSA-AES128-SHA 187 // AES128-GCM-SHA256 188 // AES128-SHA 189 // ECDHE-ECDSA-AES256-GCM-SHA384 190 // ECDHE-RSA-AES256-GCM-SHA384 191 // ECDHE-ECDSA-AES256-SHA 192 // ECDHE-RSA-AES256-SHA 193 // AES256-GCM-SHA384 194 // AES256-SHA 195 CipherSuites []string `protobuf:"bytes,3,rep,name=cipher_suites,json=cipherSuites,proto3" json:"cipher_suites,omitempty"` 196 // If specified, the TLS connection will only support the specified ECDH 197 // curves. If not specified, the default curves will be used. 198 // 199 // In non-FIPS builds, the default curves are: 200 // 201 // .. code-block:: none 202 // 203 // X25519 204 // P-256 205 // 206 // In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default curve is: 207 // 208 // .. code-block:: none 209 // 210 // P-256 211 EcdhCurves []string `protobuf:"bytes,4,rep,name=ecdh_curves,json=ecdhCurves,proto3" json:"ecdh_curves,omitempty"` 212} 213 214func (x *TlsParameters) Reset() { 215 *x = TlsParameters{} 216 if protoimpl.UnsafeEnabled { 217 mi := &file_envoy_api_v2_auth_common_proto_msgTypes[0] 218 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 219 ms.StoreMessageInfo(mi) 220 } 221} 222 223func (x *TlsParameters) String() string { 224 return protoimpl.X.MessageStringOf(x) 225} 226 227func (*TlsParameters) ProtoMessage() {} 228 229func (x *TlsParameters) ProtoReflect() protoreflect.Message { 230 mi := &file_envoy_api_v2_auth_common_proto_msgTypes[0] 231 if protoimpl.UnsafeEnabled && x != nil { 232 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 233 if ms.LoadMessageInfo() == nil { 234 ms.StoreMessageInfo(mi) 235 } 236 return ms 237 } 238 return mi.MessageOf(x) 239} 240 241// Deprecated: Use TlsParameters.ProtoReflect.Descriptor instead. 242func (*TlsParameters) Descriptor() ([]byte, []int) { 243 return file_envoy_api_v2_auth_common_proto_rawDescGZIP(), []int{0} 244} 245 246func (x *TlsParameters) GetTlsMinimumProtocolVersion() TlsParameters_TlsProtocol { 247 if x != nil { 248 return x.TlsMinimumProtocolVersion 249 } 250 return TlsParameters_TLS_AUTO 251} 252 253func (x *TlsParameters) GetTlsMaximumProtocolVersion() TlsParameters_TlsProtocol { 254 if x != nil { 255 return x.TlsMaximumProtocolVersion 256 } 257 return TlsParameters_TLS_AUTO 258} 259 260func (x *TlsParameters) GetCipherSuites() []string { 261 if x != nil { 262 return x.CipherSuites 263 } 264 return nil 265} 266 267func (x *TlsParameters) GetEcdhCurves() []string { 268 if x != nil { 269 return x.EcdhCurves 270 } 271 return nil 272} 273 274// BoringSSL private key method configuration. The private key methods are used for external 275// (potentially asynchronous) signing and decryption operations. Some use cases for private key 276// methods would be TPM support and TLS acceleration. 277type PrivateKeyProvider struct { 278 state protoimpl.MessageState 279 sizeCache protoimpl.SizeCache 280 unknownFields protoimpl.UnknownFields 281 282 // Private key method provider name. The name must match a 283 // supported private key method provider type. 284 ProviderName string `protobuf:"bytes,1,opt,name=provider_name,json=providerName,proto3" json:"provider_name,omitempty"` 285 // Private key method provider specific configuration. 286 // 287 // Types that are assignable to ConfigType: 288 // *PrivateKeyProvider_Config 289 // *PrivateKeyProvider_TypedConfig 290 ConfigType isPrivateKeyProvider_ConfigType `protobuf_oneof:"config_type"` 291} 292 293func (x *PrivateKeyProvider) Reset() { 294 *x = PrivateKeyProvider{} 295 if protoimpl.UnsafeEnabled { 296 mi := &file_envoy_api_v2_auth_common_proto_msgTypes[1] 297 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 298 ms.StoreMessageInfo(mi) 299 } 300} 301 302func (x *PrivateKeyProvider) String() string { 303 return protoimpl.X.MessageStringOf(x) 304} 305 306func (*PrivateKeyProvider) ProtoMessage() {} 307 308func (x *PrivateKeyProvider) ProtoReflect() protoreflect.Message { 309 mi := &file_envoy_api_v2_auth_common_proto_msgTypes[1] 310 if protoimpl.UnsafeEnabled && x != nil { 311 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 312 if ms.LoadMessageInfo() == nil { 313 ms.StoreMessageInfo(mi) 314 } 315 return ms 316 } 317 return mi.MessageOf(x) 318} 319 320// Deprecated: Use PrivateKeyProvider.ProtoReflect.Descriptor instead. 321func (*PrivateKeyProvider) Descriptor() ([]byte, []int) { 322 return file_envoy_api_v2_auth_common_proto_rawDescGZIP(), []int{1} 323} 324 325func (x *PrivateKeyProvider) GetProviderName() string { 326 if x != nil { 327 return x.ProviderName 328 } 329 return "" 330} 331 332func (m *PrivateKeyProvider) GetConfigType() isPrivateKeyProvider_ConfigType { 333 if m != nil { 334 return m.ConfigType 335 } 336 return nil 337} 338 339// Deprecated: Do not use. 340func (x *PrivateKeyProvider) GetConfig() *_struct.Struct { 341 if x, ok := x.GetConfigType().(*PrivateKeyProvider_Config); ok { 342 return x.Config 343 } 344 return nil 345} 346 347func (x *PrivateKeyProvider) GetTypedConfig() *any.Any { 348 if x, ok := x.GetConfigType().(*PrivateKeyProvider_TypedConfig); ok { 349 return x.TypedConfig 350 } 351 return nil 352} 353 354type isPrivateKeyProvider_ConfigType interface { 355 isPrivateKeyProvider_ConfigType() 356} 357 358type PrivateKeyProvider_Config struct { 359 // Deprecated: Do not use. 360 Config *_struct.Struct `protobuf:"bytes,2,opt,name=config,proto3,oneof"` 361} 362 363type PrivateKeyProvider_TypedConfig struct { 364 TypedConfig *any.Any `protobuf:"bytes,3,opt,name=typed_config,json=typedConfig,proto3,oneof"` 365} 366 367func (*PrivateKeyProvider_Config) isPrivateKeyProvider_ConfigType() {} 368 369func (*PrivateKeyProvider_TypedConfig) isPrivateKeyProvider_ConfigType() {} 370 371// [#next-free-field: 7] 372type TlsCertificate struct { 373 state protoimpl.MessageState 374 sizeCache protoimpl.SizeCache 375 unknownFields protoimpl.UnknownFields 376 377 // The TLS certificate chain. 378 CertificateChain *core.DataSource `protobuf:"bytes,1,opt,name=certificate_chain,json=certificateChain,proto3" json:"certificate_chain,omitempty"` 379 // The TLS private key. 380 PrivateKey *core.DataSource `protobuf:"bytes,2,opt,name=private_key,json=privateKey,proto3" json:"private_key,omitempty"` 381 // BoringSSL private key method provider. This is an alternative to :ref:`private_key 382 // <envoy_api_field_auth.TlsCertificate.private_key>` field. This can't be 383 // marked as ``oneof`` due to API compatibility reasons. Setting both :ref:`private_key 384 // <envoy_api_field_auth.TlsCertificate.private_key>` and 385 // :ref:`private_key_provider 386 // <envoy_api_field_auth.TlsCertificate.private_key_provider>` fields will result in an 387 // error. 388 PrivateKeyProvider *PrivateKeyProvider `protobuf:"bytes,6,opt,name=private_key_provider,json=privateKeyProvider,proto3" json:"private_key_provider,omitempty"` 389 // The password to decrypt the TLS private key. If this field is not set, it is assumed that the 390 // TLS private key is not password encrypted. 391 Password *core.DataSource `protobuf:"bytes,3,opt,name=password,proto3" json:"password,omitempty"` 392 // [#not-implemented-hide:] 393 OcspStaple *core.DataSource `protobuf:"bytes,4,opt,name=ocsp_staple,json=ocspStaple,proto3" json:"ocsp_staple,omitempty"` 394 // [#not-implemented-hide:] 395 SignedCertificateTimestamp []*core.DataSource `protobuf:"bytes,5,rep,name=signed_certificate_timestamp,json=signedCertificateTimestamp,proto3" json:"signed_certificate_timestamp,omitempty"` 396} 397 398func (x *TlsCertificate) Reset() { 399 *x = TlsCertificate{} 400 if protoimpl.UnsafeEnabled { 401 mi := &file_envoy_api_v2_auth_common_proto_msgTypes[2] 402 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 403 ms.StoreMessageInfo(mi) 404 } 405} 406 407func (x *TlsCertificate) String() string { 408 return protoimpl.X.MessageStringOf(x) 409} 410 411func (*TlsCertificate) ProtoMessage() {} 412 413func (x *TlsCertificate) ProtoReflect() protoreflect.Message { 414 mi := &file_envoy_api_v2_auth_common_proto_msgTypes[2] 415 if protoimpl.UnsafeEnabled && x != nil { 416 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 417 if ms.LoadMessageInfo() == nil { 418 ms.StoreMessageInfo(mi) 419 } 420 return ms 421 } 422 return mi.MessageOf(x) 423} 424 425// Deprecated: Use TlsCertificate.ProtoReflect.Descriptor instead. 426func (*TlsCertificate) Descriptor() ([]byte, []int) { 427 return file_envoy_api_v2_auth_common_proto_rawDescGZIP(), []int{2} 428} 429 430func (x *TlsCertificate) GetCertificateChain() *core.DataSource { 431 if x != nil { 432 return x.CertificateChain 433 } 434 return nil 435} 436 437func (x *TlsCertificate) GetPrivateKey() *core.DataSource { 438 if x != nil { 439 return x.PrivateKey 440 } 441 return nil 442} 443 444func (x *TlsCertificate) GetPrivateKeyProvider() *PrivateKeyProvider { 445 if x != nil { 446 return x.PrivateKeyProvider 447 } 448 return nil 449} 450 451func (x *TlsCertificate) GetPassword() *core.DataSource { 452 if x != nil { 453 return x.Password 454 } 455 return nil 456} 457 458func (x *TlsCertificate) GetOcspStaple() *core.DataSource { 459 if x != nil { 460 return x.OcspStaple 461 } 462 return nil 463} 464 465func (x *TlsCertificate) GetSignedCertificateTimestamp() []*core.DataSource { 466 if x != nil { 467 return x.SignedCertificateTimestamp 468 } 469 return nil 470} 471 472type TlsSessionTicketKeys struct { 473 state protoimpl.MessageState 474 sizeCache protoimpl.SizeCache 475 unknownFields protoimpl.UnknownFields 476 477 // Keys for encrypting and decrypting TLS session tickets. The 478 // first key in the array contains the key to encrypt all new sessions created by this context. 479 // All keys are candidates for decrypting received tickets. This allows for easy rotation of keys 480 // by, for example, putting the new key first, and the previous key second. 481 // 482 // If :ref:`session_ticket_keys <envoy_api_field_auth.DownstreamTlsContext.session_ticket_keys>` 483 // is not specified, the TLS library will still support resuming sessions via tickets, but it will 484 // use an internally-generated and managed key, so sessions cannot be resumed across hot restarts 485 // or on different hosts. 486 // 487 // Each key must contain exactly 80 bytes of cryptographically-secure random data. For 488 // example, the output of ``openssl rand 80``. 489 // 490 // .. attention:: 491 // 492 // Using this feature has serious security considerations and risks. Improper handling of keys 493 // may result in loss of secrecy in connections, even if ciphers supporting perfect forward 494 // secrecy are used. See https://www.imperialviolet.org/2013/06/27/botchingpfs.html for some 495 // discussion. To minimize the risk, you must: 496 // 497 // * Keep the session ticket keys at least as secure as your TLS certificate private keys 498 // * Rotate session ticket keys at least daily, and preferably hourly 499 // * Always generate keys using a cryptographically-secure random data source 500 Keys []*core.DataSource `protobuf:"bytes,1,rep,name=keys,proto3" json:"keys,omitempty"` 501} 502 503func (x *TlsSessionTicketKeys) Reset() { 504 *x = TlsSessionTicketKeys{} 505 if protoimpl.UnsafeEnabled { 506 mi := &file_envoy_api_v2_auth_common_proto_msgTypes[3] 507 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 508 ms.StoreMessageInfo(mi) 509 } 510} 511 512func (x *TlsSessionTicketKeys) String() string { 513 return protoimpl.X.MessageStringOf(x) 514} 515 516func (*TlsSessionTicketKeys) ProtoMessage() {} 517 518func (x *TlsSessionTicketKeys) ProtoReflect() protoreflect.Message { 519 mi := &file_envoy_api_v2_auth_common_proto_msgTypes[3] 520 if protoimpl.UnsafeEnabled && x != nil { 521 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 522 if ms.LoadMessageInfo() == nil { 523 ms.StoreMessageInfo(mi) 524 } 525 return ms 526 } 527 return mi.MessageOf(x) 528} 529 530// Deprecated: Use TlsSessionTicketKeys.ProtoReflect.Descriptor instead. 531func (*TlsSessionTicketKeys) Descriptor() ([]byte, []int) { 532 return file_envoy_api_v2_auth_common_proto_rawDescGZIP(), []int{3} 533} 534 535func (x *TlsSessionTicketKeys) GetKeys() []*core.DataSource { 536 if x != nil { 537 return x.Keys 538 } 539 return nil 540} 541 542// [#next-free-field: 11] 543type CertificateValidationContext struct { 544 state protoimpl.MessageState 545 sizeCache protoimpl.SizeCache 546 unknownFields protoimpl.UnknownFields 547 548 // TLS certificate data containing certificate authority certificates to use in verifying 549 // a presented peer certificate (e.g. server certificate for clusters or client certificate 550 // for listeners). If not specified and a peer certificate is presented it will not be 551 // verified. By default, a client certificate is optional, unless one of the additional 552 // options (:ref:`require_client_certificate 553 // <envoy_api_field_auth.DownstreamTlsContext.require_client_certificate>`, 554 // :ref:`verify_certificate_spki 555 // <envoy_api_field_auth.CertificateValidationContext.verify_certificate_spki>`, 556 // :ref:`verify_certificate_hash 557 // <envoy_api_field_auth.CertificateValidationContext.verify_certificate_hash>`, or 558 // :ref:`match_subject_alt_names 559 // <envoy_api_field_auth.CertificateValidationContext.match_subject_alt_names>`) is also 560 // specified. 561 // 562 // It can optionally contain certificate revocation lists, in which case Envoy will verify 563 // that the presented peer certificate has not been revoked by one of the included CRLs. 564 // 565 // See :ref:`the TLS overview <arch_overview_ssl_enabling_verification>` for a list of common 566 // system CA locations. 567 TrustedCa *core.DataSource `protobuf:"bytes,1,opt,name=trusted_ca,json=trustedCa,proto3" json:"trusted_ca,omitempty"` 568 // An optional list of base64-encoded SHA-256 hashes. If specified, Envoy will verify that the 569 // SHA-256 of the DER-encoded Subject Public Key Information (SPKI) of the presented certificate 570 // matches one of the specified values. 571 // 572 // A base64-encoded SHA-256 of the Subject Public Key Information (SPKI) of the certificate 573 // can be generated with the following command: 574 // 575 // .. code-block:: bash 576 // 577 // $ openssl x509 -in path/to/client.crt -noout -pubkey 578 // | openssl pkey -pubin -outform DER 579 // | openssl dgst -sha256 -binary 580 // | openssl enc -base64 581 // NvqYIYSbgK2vCJpQhObf77vv+bQWtc5ek5RIOwPiC9A= 582 // 583 // This is the format used in HTTP Public Key Pinning. 584 // 585 // When both: 586 // :ref:`verify_certificate_hash 587 // <envoy_api_field_auth.CertificateValidationContext.verify_certificate_hash>` and 588 // :ref:`verify_certificate_spki 589 // <envoy_api_field_auth.CertificateValidationContext.verify_certificate_spki>` are specified, 590 // a hash matching value from either of the lists will result in the certificate being accepted. 591 // 592 // .. attention:: 593 // 594 // This option is preferred over :ref:`verify_certificate_hash 595 // <envoy_api_field_auth.CertificateValidationContext.verify_certificate_hash>`, 596 // because SPKI is tied to a private key, so it doesn't change when the certificate 597 // is renewed using the same private key. 598 VerifyCertificateSpki []string `protobuf:"bytes,3,rep,name=verify_certificate_spki,json=verifyCertificateSpki,proto3" json:"verify_certificate_spki,omitempty"` 599 // An optional list of hex-encoded SHA-256 hashes. If specified, Envoy will verify that 600 // the SHA-256 of the DER-encoded presented certificate matches one of the specified values. 601 // 602 // A hex-encoded SHA-256 of the certificate can be generated with the following command: 603 // 604 // .. code-block:: bash 605 // 606 // $ openssl x509 -in path/to/client.crt -outform DER | openssl dgst -sha256 | cut -d" " -f2 607 // df6ff72fe9116521268f6f2dd4966f51df479883fe7037b39f75916ac3049d1a 608 // 609 // A long hex-encoded and colon-separated SHA-256 (a.k.a. "fingerprint") of the certificate 610 // can be generated with the following command: 611 // 612 // .. code-block:: bash 613 // 614 // $ openssl x509 -in path/to/client.crt -noout -fingerprint -sha256 | cut -d"=" -f2 615 // DF:6F:F7:2F:E9:11:65:21:26:8F:6F:2D:D4:96:6F:51:DF:47:98:83:FE:70:37:B3:9F:75:91:6A:C3:04:9D:1A 616 // 617 // Both of those formats are acceptable. 618 // 619 // When both: 620 // :ref:`verify_certificate_hash 621 // <envoy_api_field_auth.CertificateValidationContext.verify_certificate_hash>` and 622 // :ref:`verify_certificate_spki 623 // <envoy_api_field_auth.CertificateValidationContext.verify_certificate_spki>` are specified, 624 // a hash matching value from either of the lists will result in the certificate being accepted. 625 VerifyCertificateHash []string `protobuf:"bytes,2,rep,name=verify_certificate_hash,json=verifyCertificateHash,proto3" json:"verify_certificate_hash,omitempty"` 626 // An optional list of Subject Alternative Names. If specified, Envoy will verify that the 627 // Subject Alternative Name of the presented certificate matches one of the specified values. 628 // 629 // .. attention:: 630 // 631 // Subject Alternative Names are easily spoofable and verifying only them is insecure, 632 // therefore this option must be used together with :ref:`trusted_ca 633 // <envoy_api_field_auth.CertificateValidationContext.trusted_ca>`. 634 // 635 // Deprecated: Do not use. 636 VerifySubjectAltName []string `protobuf:"bytes,4,rep,name=verify_subject_alt_name,json=verifySubjectAltName,proto3" json:"verify_subject_alt_name,omitempty"` 637 // An optional list of Subject Alternative name matchers. Envoy will verify that the 638 // Subject Alternative Name of the presented certificate matches one of the specified matches. 639 // 640 // When a certificate has wildcard DNS SAN entries, to match a specific client, it should be 641 // configured with exact match type in the :ref:`string matcher <envoy_api_msg_type.matcher.StringMatcher>`. 642 // For example if the certificate has "\*.example.com" as DNS SAN entry, to allow only "api.example.com", 643 // it should be configured as shown below. 644 // 645 // .. code-block:: yaml 646 // 647 // match_subject_alt_names: 648 // exact: "api.example.com" 649 // 650 // .. attention:: 651 // 652 // Subject Alternative Names are easily spoofable and verifying only them is insecure, 653 // therefore this option must be used together with :ref:`trusted_ca 654 // <envoy_api_field_auth.CertificateValidationContext.trusted_ca>`. 655 MatchSubjectAltNames []*matcher.StringMatcher `protobuf:"bytes,9,rep,name=match_subject_alt_names,json=matchSubjectAltNames,proto3" json:"match_subject_alt_names,omitempty"` 656 // [#not-implemented-hide:] Must present a signed time-stamped OCSP response. 657 RequireOcspStaple *wrappers.BoolValue `protobuf:"bytes,5,opt,name=require_ocsp_staple,json=requireOcspStaple,proto3" json:"require_ocsp_staple,omitempty"` 658 // [#not-implemented-hide:] Must present signed certificate time-stamp. 659 RequireSignedCertificateTimestamp *wrappers.BoolValue `protobuf:"bytes,6,opt,name=require_signed_certificate_timestamp,json=requireSignedCertificateTimestamp,proto3" json:"require_signed_certificate_timestamp,omitempty"` 660 // An optional `certificate revocation list 661 // <https://en.wikipedia.org/wiki/Certificate_revocation_list>`_ 662 // (in PEM format). If specified, Envoy will verify that the presented peer 663 // certificate has not been revoked by this CRL. If this DataSource contains 664 // multiple CRLs, all of them will be used. 665 Crl *core.DataSource `protobuf:"bytes,7,opt,name=crl,proto3" json:"crl,omitempty"` 666 // If specified, Envoy will not reject expired certificates. 667 AllowExpiredCertificate bool `protobuf:"varint,8,opt,name=allow_expired_certificate,json=allowExpiredCertificate,proto3" json:"allow_expired_certificate,omitempty"` 668 // Certificate trust chain verification mode. 669 TrustChainVerification CertificateValidationContext_TrustChainVerification `protobuf:"varint,10,opt,name=trust_chain_verification,json=trustChainVerification,proto3,enum=envoy.api.v2.auth.CertificateValidationContext_TrustChainVerification" json:"trust_chain_verification,omitempty"` 670} 671 672func (x *CertificateValidationContext) Reset() { 673 *x = CertificateValidationContext{} 674 if protoimpl.UnsafeEnabled { 675 mi := &file_envoy_api_v2_auth_common_proto_msgTypes[4] 676 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 677 ms.StoreMessageInfo(mi) 678 } 679} 680 681func (x *CertificateValidationContext) String() string { 682 return protoimpl.X.MessageStringOf(x) 683} 684 685func (*CertificateValidationContext) ProtoMessage() {} 686 687func (x *CertificateValidationContext) ProtoReflect() protoreflect.Message { 688 mi := &file_envoy_api_v2_auth_common_proto_msgTypes[4] 689 if protoimpl.UnsafeEnabled && x != nil { 690 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 691 if ms.LoadMessageInfo() == nil { 692 ms.StoreMessageInfo(mi) 693 } 694 return ms 695 } 696 return mi.MessageOf(x) 697} 698 699// Deprecated: Use CertificateValidationContext.ProtoReflect.Descriptor instead. 700func (*CertificateValidationContext) Descriptor() ([]byte, []int) { 701 return file_envoy_api_v2_auth_common_proto_rawDescGZIP(), []int{4} 702} 703 704func (x *CertificateValidationContext) GetTrustedCa() *core.DataSource { 705 if x != nil { 706 return x.TrustedCa 707 } 708 return nil 709} 710 711func (x *CertificateValidationContext) GetVerifyCertificateSpki() []string { 712 if x != nil { 713 return x.VerifyCertificateSpki 714 } 715 return nil 716} 717 718func (x *CertificateValidationContext) GetVerifyCertificateHash() []string { 719 if x != nil { 720 return x.VerifyCertificateHash 721 } 722 return nil 723} 724 725// Deprecated: Do not use. 726func (x *CertificateValidationContext) GetVerifySubjectAltName() []string { 727 if x != nil { 728 return x.VerifySubjectAltName 729 } 730 return nil 731} 732 733func (x *CertificateValidationContext) GetMatchSubjectAltNames() []*matcher.StringMatcher { 734 if x != nil { 735 return x.MatchSubjectAltNames 736 } 737 return nil 738} 739 740func (x *CertificateValidationContext) GetRequireOcspStaple() *wrappers.BoolValue { 741 if x != nil { 742 return x.RequireOcspStaple 743 } 744 return nil 745} 746 747func (x *CertificateValidationContext) GetRequireSignedCertificateTimestamp() *wrappers.BoolValue { 748 if x != nil { 749 return x.RequireSignedCertificateTimestamp 750 } 751 return nil 752} 753 754func (x *CertificateValidationContext) GetCrl() *core.DataSource { 755 if x != nil { 756 return x.Crl 757 } 758 return nil 759} 760 761func (x *CertificateValidationContext) GetAllowExpiredCertificate() bool { 762 if x != nil { 763 return x.AllowExpiredCertificate 764 } 765 return false 766} 767 768func (x *CertificateValidationContext) GetTrustChainVerification() CertificateValidationContext_TrustChainVerification { 769 if x != nil { 770 return x.TrustChainVerification 771 } 772 return CertificateValidationContext_VERIFY_TRUST_CHAIN 773} 774 775var File_envoy_api_v2_auth_common_proto protoreflect.FileDescriptor 776 777var file_envoy_api_v2_auth_common_proto_rawDesc = []byte{ 778 0x0a, 0x1e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x32, 0x2f, 0x61, 779 0x75, 0x74, 0x68, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 780 0x12, 0x11, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x61, 781 0x75, 0x74, 0x68, 0x1a, 0x1c, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 782 0x32, 0x2f, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x62, 0x61, 0x73, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 783 0x6f, 0x1a, 0x1f, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2f, 0x74, 0x79, 0x70, 0x65, 0x2f, 0x6d, 0x61, 784 0x74, 0x63, 0x68, 0x65, 0x72, 0x2f, 0x73, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x70, 0x72, 0x6f, 785 0x74, 0x6f, 0x1a, 0x19, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 786 0x62, 0x75, 0x66, 0x2f, 0x61, 0x6e, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1c, 0x67, 787 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x73, 788 0x74, 0x72, 0x75, 0x63, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1e, 0x67, 0x6f, 0x6f, 789 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x77, 0x72, 0x61, 790 0x70, 0x70, 0x65, 0x72, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1e, 0x75, 0x64, 0x70, 791 0x61, 0x2f, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x6d, 0x69, 792 0x67, 0x72, 0x61, 0x74, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x20, 0x75, 0x64, 0x70, 793 0x61, 0x2f, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x73, 0x65, 794 0x6e, 0x73, 0x69, 0x74, 0x69, 0x76, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1d, 0x75, 795 0x64, 0x70, 0x61, 0x2f, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 796 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x17, 0x76, 0x61, 797 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x2f, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x2e, 798 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x98, 0x03, 0x0a, 0x0d, 0x54, 0x6c, 0x73, 0x50, 0x61, 0x72, 799 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x12, 0x77, 0x0a, 0x1c, 0x74, 0x6c, 0x73, 0x5f, 0x6d, 800 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x5f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x5f, 801 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2c, 0x2e, 802 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x61, 0x75, 0x74, 803 0x68, 0x2e, 0x54, 0x6c, 0x73, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x2e, 804 0x54, 0x6c, 0x73, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x42, 0x08, 0xfa, 0x42, 0x05, 805 0x82, 0x01, 0x02, 0x10, 0x01, 0x52, 0x19, 0x74, 0x6c, 0x73, 0x4d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 806 0x6d, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 807 0x12, 0x77, 0x0a, 0x1c, 0x74, 0x6c, 0x73, 0x5f, 0x6d, 0x61, 0x78, 0x69, 0x6d, 0x75, 0x6d, 0x5f, 808 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 809 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2c, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x61, 810 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x2e, 0x54, 0x6c, 0x73, 0x50, 0x61, 811 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x2e, 0x54, 0x6c, 0x73, 0x50, 0x72, 0x6f, 0x74, 812 0x6f, 0x63, 0x6f, 0x6c, 0x42, 0x08, 0xfa, 0x42, 0x05, 0x82, 0x01, 0x02, 0x10, 0x01, 0x52, 0x19, 813 0x74, 0x6c, 0x73, 0x4d, 0x61, 0x78, 0x69, 0x6d, 0x75, 0x6d, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 814 0x6f, 0x6c, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x23, 0x0a, 0x0d, 0x63, 0x69, 0x70, 815 0x68, 0x65, 0x72, 0x5f, 0x73, 0x75, 0x69, 0x74, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 816 0x52, 0x0c, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x53, 0x75, 0x69, 0x74, 0x65, 0x73, 0x12, 0x1f, 817 0x0a, 0x0b, 0x65, 0x63, 0x64, 0x68, 0x5f, 0x63, 0x75, 0x72, 0x76, 0x65, 0x73, 0x18, 0x04, 0x20, 818 0x03, 0x28, 0x09, 0x52, 0x0a, 0x65, 0x63, 0x64, 0x68, 0x43, 0x75, 0x72, 0x76, 0x65, 0x73, 0x22, 819 0x4f, 0x0a, 0x0b, 0x54, 0x6c, 0x73, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x0c, 820 0x0a, 0x08, 0x54, 0x4c, 0x53, 0x5f, 0x41, 0x55, 0x54, 0x4f, 0x10, 0x00, 0x12, 0x0b, 0x0a, 0x07, 821 0x54, 0x4c, 0x53, 0x76, 0x31, 0x5f, 0x30, 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x54, 0x4c, 0x53, 822 0x76, 0x31, 0x5f, 0x31, 0x10, 0x02, 0x12, 0x0b, 0x0a, 0x07, 0x54, 0x4c, 0x53, 0x76, 0x31, 0x5f, 823 0x32, 0x10, 0x03, 0x12, 0x0b, 0x0a, 0x07, 0x54, 0x4c, 0x53, 0x76, 0x31, 0x5f, 0x33, 0x10, 0x04, 824 0x22, 0xd1, 0x01, 0x0a, 0x12, 0x50, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x50, 825 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x12, 0x2c, 0x0a, 0x0d, 0x70, 0x72, 0x6f, 0x76, 0x69, 826 0x64, 0x65, 0x72, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x07, 827 0xfa, 0x42, 0x04, 0x72, 0x02, 0x20, 0x01, 0x52, 0x0c, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 828 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x3b, 0x0a, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 829 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 830 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, 0x42, 0x08, 831 0x18, 0x01, 0xb8, 0xb7, 0x8b, 0xa4, 0x02, 0x01, 0x48, 0x00, 0x52, 0x06, 0x63, 0x6f, 0x6e, 0x66, 832 0x69, 0x67, 0x12, 0x41, 0x0a, 0x0c, 0x74, 0x79, 0x70, 0x65, 0x64, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 833 0x69, 0x67, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 834 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x41, 0x6e, 0x79, 0x42, 0x06, 835 0xb8, 0xb7, 0x8b, 0xa4, 0x02, 0x01, 0x48, 0x00, 0x52, 0x0b, 0x74, 0x79, 0x70, 0x65, 0x64, 0x43, 836 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x42, 0x0d, 0x0a, 0x0b, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x5f, 837 0x74, 0x79, 0x70, 0x65, 0x22, 0xe1, 0x03, 0x0a, 0x0e, 0x54, 0x6c, 0x73, 0x43, 0x65, 0x72, 0x74, 838 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x4a, 0x0a, 0x11, 0x63, 0x65, 0x72, 0x74, 0x69, 839 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x01, 840 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 841 0x32, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x44, 0x61, 0x74, 0x61, 0x53, 0x6f, 0x75, 0x72, 0x63, 842 0x65, 0x52, 0x10, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x43, 0x68, 843 0x61, 0x69, 0x6e, 0x12, 0x46, 0x0a, 0x0b, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x5f, 0x6b, 844 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 845 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x44, 0x61, 0x74, 846 0x61, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x42, 0x06, 0xb8, 0xb7, 0x8b, 0xa4, 0x02, 0x01, 0x52, 847 0x0a, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x12, 0x57, 0x0a, 0x14, 0x70, 848 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x70, 0x72, 0x6f, 0x76, 0x69, 849 0x64, 0x65, 0x72, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 850 0x79, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x2e, 0x50, 0x72, 851 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 852 0x52, 0x12, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x50, 0x72, 0x6f, 0x76, 853 0x69, 0x64, 0x65, 0x72, 0x12, 0x41, 0x0a, 0x08, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 854 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x61, 855 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x44, 0x61, 0x74, 0x61, 0x53, 856 0x6f, 0x75, 0x72, 0x63, 0x65, 0x42, 0x06, 0xb8, 0xb7, 0x8b, 0xa4, 0x02, 0x01, 0x52, 0x08, 0x70, 857 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x12, 0x3e, 0x0a, 0x0b, 0x6f, 0x63, 0x73, 0x70, 0x5f, 858 0x73, 0x74, 0x61, 0x70, 0x6c, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x65, 859 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x63, 0x6f, 0x72, 0x65, 860 0x2e, 0x44, 0x61, 0x74, 0x61, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x0a, 0x6f, 0x63, 0x73, 861 0x70, 0x53, 0x74, 0x61, 0x70, 0x6c, 0x65, 0x12, 0x5f, 0x0a, 0x1c, 0x73, 0x69, 0x67, 0x6e, 0x65, 862 0x64, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x74, 0x69, 863 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 864 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x63, 0x6f, 0x72, 865 0x65, 0x2e, 0x44, 0x61, 0x74, 0x61, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x1a, 0x73, 0x69, 866 0x67, 0x6e, 0x65, 0x64, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x54, 867 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x22, 0x59, 0x0a, 0x14, 0x54, 0x6c, 0x73, 0x53, 868 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x54, 0x69, 0x63, 0x6b, 0x65, 0x74, 0x4b, 0x65, 0x79, 0x73, 869 0x12, 0x41, 0x0a, 0x04, 0x6b, 0x65, 0x79, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1d, 870 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x63, 0x6f, 871 0x72, 0x65, 0x2e, 0x44, 0x61, 0x74, 0x61, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x42, 0x0e, 0xfa, 872 0x42, 0x05, 0x92, 0x01, 0x02, 0x08, 0x01, 0xb8, 0xb7, 0x8b, 0xa4, 0x02, 0x01, 0x52, 0x04, 0x6b, 873 0x65, 0x79, 0x73, 0x22, 0xfc, 0x06, 0x0a, 0x1c, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 874 0x61, 0x74, 0x65, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 875 0x74, 0x65, 0x78, 0x74, 0x12, 0x3c, 0x0a, 0x0a, 0x74, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x5f, 876 0x63, 0x61, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 877 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x44, 0x61, 0x74, 878 0x61, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x09, 0x74, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 879 0x43, 0x61, 0x12, 0x46, 0x0a, 0x17, 0x76, 0x65, 0x72, 0x69, 0x66, 0x79, 0x5f, 0x63, 0x65, 0x72, 880 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x73, 0x70, 0x6b, 0x69, 0x18, 0x03, 0x20, 881 0x03, 0x28, 0x09, 0x42, 0x0e, 0xfa, 0x42, 0x0b, 0x92, 0x01, 0x08, 0x22, 0x06, 0x72, 0x04, 0x20, 882 0x2c, 0x28, 0x2c, 0x52, 0x15, 0x76, 0x65, 0x72, 0x69, 0x66, 0x79, 0x43, 0x65, 0x72, 0x74, 0x69, 883 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x53, 0x70, 0x6b, 0x69, 0x12, 0x46, 0x0a, 0x17, 0x76, 0x65, 884 0x72, 0x69, 0x66, 0x79, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 885 0x5f, 0x68, 0x61, 0x73, 0x68, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x42, 0x0e, 0xfa, 0x42, 0x0b, 886 0x92, 0x01, 0x08, 0x22, 0x06, 0x72, 0x04, 0x20, 0x40, 0x28, 0x5f, 0x52, 0x15, 0x76, 0x65, 0x72, 887 0x69, 0x66, 0x79, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x48, 0x61, 888 0x73, 0x68, 0x12, 0x39, 0x0a, 0x17, 0x76, 0x65, 0x72, 0x69, 0x66, 0x79, 0x5f, 0x73, 0x75, 0x62, 889 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x61, 0x6c, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x04, 0x20, 890 0x03, 0x28, 0x09, 0x42, 0x02, 0x18, 0x01, 0x52, 0x14, 0x76, 0x65, 0x72, 0x69, 0x66, 0x79, 0x53, 891 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x41, 0x6c, 0x74, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x58, 0x0a, 892 0x17, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x5f, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x61, 893 0x6c, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x18, 0x09, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x21, 894 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x2e, 0x6d, 0x61, 0x74, 0x63, 895 0x68, 0x65, 0x72, 0x2e, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 896 0x72, 0x52, 0x14, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x41, 897 0x6c, 0x74, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x4a, 0x0a, 0x13, 0x72, 0x65, 0x71, 0x75, 0x69, 898 0x72, 0x65, 0x5f, 0x6f, 0x63, 0x73, 0x70, 0x5f, 0x73, 0x74, 0x61, 0x70, 0x6c, 0x65, 0x18, 0x05, 899 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 900 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 901 0x52, 0x11, 0x72, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x4f, 0x63, 0x73, 0x70, 0x53, 0x74, 0x61, 902 0x70, 0x6c, 0x65, 0x12, 0x6b, 0x0a, 0x24, 0x72, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x5f, 0x73, 903 0x69, 0x67, 0x6e, 0x65, 0x64, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 904 0x65, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x18, 0x06, 0x20, 0x01, 0x28, 905 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 906 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x21, 0x72, 907 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x53, 0x69, 0x67, 0x6e, 0x65, 0x64, 0x43, 0x65, 0x72, 0x74, 908 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 909 0x12, 0x2f, 0x0a, 0x03, 0x63, 0x72, 0x6c, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 910 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x63, 0x6f, 0x72, 911 0x65, 0x2e, 0x44, 0x61, 0x74, 0x61, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x03, 0x63, 0x72, 912 0x6c, 0x12, 0x3a, 0x0a, 0x19, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x5f, 0x65, 0x78, 0x70, 0x69, 0x72, 913 0x65, 0x64, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x18, 0x08, 914 0x20, 0x01, 0x28, 0x08, 0x52, 0x17, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x45, 0x78, 0x70, 0x69, 0x72, 915 0x65, 0x64, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x8a, 0x01, 916 0x0a, 0x18, 0x74, 0x72, 0x75, 0x73, 0x74, 0x5f, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x5f, 0x76, 0x65, 917 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0e, 918 0x32, 0x46, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 919 0x61, 0x75, 0x74, 0x68, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 920 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 921 0x74, 0x2e, 0x54, 0x72, 0x75, 0x73, 0x74, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x56, 0x65, 0x72, 0x69, 922 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x08, 0xfa, 0x42, 0x05, 0x82, 0x01, 0x02, 923 0x10, 0x01, 0x52, 0x16, 0x74, 0x72, 0x75, 0x73, 0x74, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x56, 0x65, 924 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x46, 0x0a, 0x16, 0x54, 0x72, 925 0x75, 0x73, 0x74, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 926 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x16, 0x0a, 0x12, 0x56, 0x45, 0x52, 0x49, 0x46, 0x59, 0x5f, 0x54, 927 0x52, 0x55, 0x53, 0x54, 0x5f, 0x43, 0x48, 0x41, 0x49, 0x4e, 0x10, 0x00, 0x12, 0x14, 0x0a, 0x10, 928 0x41, 0x43, 0x43, 0x45, 0x50, 0x54, 0x5f, 0x55, 0x4e, 0x54, 0x52, 0x55, 0x53, 0x54, 0x45, 0x44, 929 0x10, 0x01, 0x42, 0x69, 0x0a, 0x1f, 0x69, 0x6f, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x70, 0x72, 930 0x6f, 0x78, 0x79, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 931 0x2e, 0x61, 0x75, 0x74, 0x68, 0x42, 0x0b, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 932 0x74, 0x6f, 0x50, 0x01, 0xf2, 0x98, 0xfe, 0x8f, 0x05, 0x2b, 0x12, 0x29, 0x65, 0x6e, 0x76, 0x6f, 933 0x79, 0x2e, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x74, 0x72, 0x61, 934 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x73, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x73, 0x2e, 0x74, 935 0x6c, 0x73, 0x2e, 0x76, 0x33, 0xba, 0x80, 0xc8, 0xd1, 0x06, 0x02, 0x10, 0x01, 0x62, 0x06, 0x70, 936 0x72, 0x6f, 0x74, 0x6f, 0x33, 937} 938 939var ( 940 file_envoy_api_v2_auth_common_proto_rawDescOnce sync.Once 941 file_envoy_api_v2_auth_common_proto_rawDescData = file_envoy_api_v2_auth_common_proto_rawDesc 942) 943 944func file_envoy_api_v2_auth_common_proto_rawDescGZIP() []byte { 945 file_envoy_api_v2_auth_common_proto_rawDescOnce.Do(func() { 946 file_envoy_api_v2_auth_common_proto_rawDescData = protoimpl.X.CompressGZIP(file_envoy_api_v2_auth_common_proto_rawDescData) 947 }) 948 return file_envoy_api_v2_auth_common_proto_rawDescData 949} 950 951var file_envoy_api_v2_auth_common_proto_enumTypes = make([]protoimpl.EnumInfo, 2) 952var file_envoy_api_v2_auth_common_proto_msgTypes = make([]protoimpl.MessageInfo, 5) 953var file_envoy_api_v2_auth_common_proto_goTypes = []interface{}{ 954 (TlsParameters_TlsProtocol)(0), // 0: envoy.api.v2.auth.TlsParameters.TlsProtocol 955 (CertificateValidationContext_TrustChainVerification)(0), // 1: envoy.api.v2.auth.CertificateValidationContext.TrustChainVerification 956 (*TlsParameters)(nil), // 2: envoy.api.v2.auth.TlsParameters 957 (*PrivateKeyProvider)(nil), // 3: envoy.api.v2.auth.PrivateKeyProvider 958 (*TlsCertificate)(nil), // 4: envoy.api.v2.auth.TlsCertificate 959 (*TlsSessionTicketKeys)(nil), // 5: envoy.api.v2.auth.TlsSessionTicketKeys 960 (*CertificateValidationContext)(nil), // 6: envoy.api.v2.auth.CertificateValidationContext 961 (*_struct.Struct)(nil), // 7: google.protobuf.Struct 962 (*any.Any)(nil), // 8: google.protobuf.Any 963 (*core.DataSource)(nil), // 9: envoy.api.v2.core.DataSource 964 (*matcher.StringMatcher)(nil), // 10: envoy.type.matcher.StringMatcher 965 (*wrappers.BoolValue)(nil), // 11: google.protobuf.BoolValue 966} 967var file_envoy_api_v2_auth_common_proto_depIdxs = []int32{ 968 0, // 0: envoy.api.v2.auth.TlsParameters.tls_minimum_protocol_version:type_name -> envoy.api.v2.auth.TlsParameters.TlsProtocol 969 0, // 1: envoy.api.v2.auth.TlsParameters.tls_maximum_protocol_version:type_name -> envoy.api.v2.auth.TlsParameters.TlsProtocol 970 7, // 2: envoy.api.v2.auth.PrivateKeyProvider.config:type_name -> google.protobuf.Struct 971 8, // 3: envoy.api.v2.auth.PrivateKeyProvider.typed_config:type_name -> google.protobuf.Any 972 9, // 4: envoy.api.v2.auth.TlsCertificate.certificate_chain:type_name -> envoy.api.v2.core.DataSource 973 9, // 5: envoy.api.v2.auth.TlsCertificate.private_key:type_name -> envoy.api.v2.core.DataSource 974 3, // 6: envoy.api.v2.auth.TlsCertificate.private_key_provider:type_name -> envoy.api.v2.auth.PrivateKeyProvider 975 9, // 7: envoy.api.v2.auth.TlsCertificate.password:type_name -> envoy.api.v2.core.DataSource 976 9, // 8: envoy.api.v2.auth.TlsCertificate.ocsp_staple:type_name -> envoy.api.v2.core.DataSource 977 9, // 9: envoy.api.v2.auth.TlsCertificate.signed_certificate_timestamp:type_name -> envoy.api.v2.core.DataSource 978 9, // 10: envoy.api.v2.auth.TlsSessionTicketKeys.keys:type_name -> envoy.api.v2.core.DataSource 979 9, // 11: envoy.api.v2.auth.CertificateValidationContext.trusted_ca:type_name -> envoy.api.v2.core.DataSource 980 10, // 12: envoy.api.v2.auth.CertificateValidationContext.match_subject_alt_names:type_name -> envoy.type.matcher.StringMatcher 981 11, // 13: envoy.api.v2.auth.CertificateValidationContext.require_ocsp_staple:type_name -> google.protobuf.BoolValue 982 11, // 14: envoy.api.v2.auth.CertificateValidationContext.require_signed_certificate_timestamp:type_name -> google.protobuf.BoolValue 983 9, // 15: envoy.api.v2.auth.CertificateValidationContext.crl:type_name -> envoy.api.v2.core.DataSource 984 1, // 16: envoy.api.v2.auth.CertificateValidationContext.trust_chain_verification:type_name -> envoy.api.v2.auth.CertificateValidationContext.TrustChainVerification 985 17, // [17:17] is the sub-list for method output_type 986 17, // [17:17] is the sub-list for method input_type 987 17, // [17:17] is the sub-list for extension type_name 988 17, // [17:17] is the sub-list for extension extendee 989 0, // [0:17] is the sub-list for field type_name 990} 991 992func init() { file_envoy_api_v2_auth_common_proto_init() } 993func file_envoy_api_v2_auth_common_proto_init() { 994 if File_envoy_api_v2_auth_common_proto != nil { 995 return 996 } 997 if !protoimpl.UnsafeEnabled { 998 file_envoy_api_v2_auth_common_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { 999 switch v := v.(*TlsParameters); i { 1000 case 0: 1001 return &v.state 1002 case 1: 1003 return &v.sizeCache 1004 case 2: 1005 return &v.unknownFields 1006 default: 1007 return nil 1008 } 1009 } 1010 file_envoy_api_v2_auth_common_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { 1011 switch v := v.(*PrivateKeyProvider); i { 1012 case 0: 1013 return &v.state 1014 case 1: 1015 return &v.sizeCache 1016 case 2: 1017 return &v.unknownFields 1018 default: 1019 return nil 1020 } 1021 } 1022 file_envoy_api_v2_auth_common_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { 1023 switch v := v.(*TlsCertificate); i { 1024 case 0: 1025 return &v.state 1026 case 1: 1027 return &v.sizeCache 1028 case 2: 1029 return &v.unknownFields 1030 default: 1031 return nil 1032 } 1033 } 1034 file_envoy_api_v2_auth_common_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { 1035 switch v := v.(*TlsSessionTicketKeys); i { 1036 case 0: 1037 return &v.state 1038 case 1: 1039 return &v.sizeCache 1040 case 2: 1041 return &v.unknownFields 1042 default: 1043 return nil 1044 } 1045 } 1046 file_envoy_api_v2_auth_common_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { 1047 switch v := v.(*CertificateValidationContext); i { 1048 case 0: 1049 return &v.state 1050 case 1: 1051 return &v.sizeCache 1052 case 2: 1053 return &v.unknownFields 1054 default: 1055 return nil 1056 } 1057 } 1058 } 1059 file_envoy_api_v2_auth_common_proto_msgTypes[1].OneofWrappers = []interface{}{ 1060 (*PrivateKeyProvider_Config)(nil), 1061 (*PrivateKeyProvider_TypedConfig)(nil), 1062 } 1063 type x struct{} 1064 out := protoimpl.TypeBuilder{ 1065 File: protoimpl.DescBuilder{ 1066 GoPackagePath: reflect.TypeOf(x{}).PkgPath(), 1067 RawDescriptor: file_envoy_api_v2_auth_common_proto_rawDesc, 1068 NumEnums: 2, 1069 NumMessages: 5, 1070 NumExtensions: 0, 1071 NumServices: 0, 1072 }, 1073 GoTypes: file_envoy_api_v2_auth_common_proto_goTypes, 1074 DependencyIndexes: file_envoy_api_v2_auth_common_proto_depIdxs, 1075 EnumInfos: file_envoy_api_v2_auth_common_proto_enumTypes, 1076 MessageInfos: file_envoy_api_v2_auth_common_proto_msgTypes, 1077 }.Build() 1078 File_envoy_api_v2_auth_common_proto = out.File 1079 file_envoy_api_v2_auth_common_proto_rawDesc = nil 1080 file_envoy_api_v2_auth_common_proto_goTypes = nil 1081 file_envoy_api_v2_auth_common_proto_depIdxs = nil 1082} 1083