github.com/hxx258456/ccgo@v0.0.5-0.20230213014102-48b35f46f66f/go-control-plane/envoy/extensions/transport_sockets/tls/v3/common.pb.go (about) 1 // Code generated by protoc-gen-go. DO NOT EDIT. 2 // versions: 3 // protoc-gen-go v1.25.0 4 // protoc v3.16.0 5 // source: envoy/extensions/transport_sockets/tls/v3/common.proto 6 7 package envoy_extensions_transport_sockets_tls_v3 8 9 import ( 10 _ "github.com/cncf/xds/go/udpa/annotations" 11 _ "github.com/hxx258456/ccgo/go-control-plane/envoy/annotations" 12 v3 "github.com/hxx258456/ccgo/go-control-plane/envoy/config/core/v3" 13 v31 "github.com/hxx258456/ccgo/go-control-plane/envoy/type/matcher/v3" 14 _ "github.com/envoyproxy/protoc-gen-validate/validate" 15 proto "github.com/golang/protobuf/proto" 16 any "github.com/golang/protobuf/ptypes/any" 17 _struct "github.com/golang/protobuf/ptypes/struct" 18 wrappers "github.com/golang/protobuf/ptypes/wrappers" 19 protoreflect "google.golang.org/protobuf/reflect/protoreflect" 20 protoimpl "google.golang.org/protobuf/runtime/protoimpl" 21 reflect "reflect" 22 sync "sync" 23 ) 24 25 const ( 26 // Verify that this generated code is sufficiently up-to-date. 27 _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) 28 // Verify that runtime/protoimpl is sufficiently up-to-date. 29 _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) 30 ) 31 32 // This is a compile-time assertion that a sufficiently up-to-date version 33 // of the legacy proto package is being used. 34 const _ = proto.ProtoPackageIsVersion4 35 36 type TlsParameters_TlsProtocol int32 37 38 const ( 39 // Envoy will choose the optimal TLS version. 40 TlsParameters_TLS_AUTO TlsParameters_TlsProtocol = 0 41 // TLS 1.0 42 TlsParameters_TLSv1_0 TlsParameters_TlsProtocol = 1 43 // TLS 1.1 44 TlsParameters_TLSv1_1 TlsParameters_TlsProtocol = 2 45 // TLS 1.2 46 TlsParameters_TLSv1_2 TlsParameters_TlsProtocol = 3 47 // TLS 1.3 48 TlsParameters_TLSv1_3 TlsParameters_TlsProtocol = 4 49 ) 50 51 // Enum value maps for TlsParameters_TlsProtocol. 52 var ( 53 TlsParameters_TlsProtocol_name = map[int32]string{ 54 0: "TLS_AUTO", 55 1: "TLSv1_0", 56 2: "TLSv1_1", 57 3: "TLSv1_2", 58 4: "TLSv1_3", 59 } 60 TlsParameters_TlsProtocol_value = map[string]int32{ 61 "TLS_AUTO": 0, 62 "TLSv1_0": 1, 63 "TLSv1_1": 2, 64 "TLSv1_2": 3, 65 "TLSv1_3": 4, 66 } 67 ) 68 69 func (x TlsParameters_TlsProtocol) Enum() *TlsParameters_TlsProtocol { 70 p := new(TlsParameters_TlsProtocol) 71 *p = x 72 return p 73 } 74 75 func (x TlsParameters_TlsProtocol) String() string { 76 return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) 77 } 78 79 func (TlsParameters_TlsProtocol) Descriptor() protoreflect.EnumDescriptor { 80 return file_envoy_extensions_transport_sockets_tls_v3_common_proto_enumTypes[0].Descriptor() 81 } 82 83 func (TlsParameters_TlsProtocol) Type() protoreflect.EnumType { 84 return &file_envoy_extensions_transport_sockets_tls_v3_common_proto_enumTypes[0] 85 } 86 87 func (x TlsParameters_TlsProtocol) Number() protoreflect.EnumNumber { 88 return protoreflect.EnumNumber(x) 89 } 90 91 // Deprecated: Use TlsParameters_TlsProtocol.Descriptor instead. 92 func (TlsParameters_TlsProtocol) EnumDescriptor() ([]byte, []int) { 93 return file_envoy_extensions_transport_sockets_tls_v3_common_proto_rawDescGZIP(), []int{0, 0} 94 } 95 96 // Peer certificate verification mode. 97 type CertificateValidationContext_TrustChainVerification int32 98 99 const ( 100 // Perform default certificate verification (e.g., against CA / verification lists) 101 CertificateValidationContext_VERIFY_TRUST_CHAIN CertificateValidationContext_TrustChainVerification = 0 102 // Connections where the certificate fails verification will be permitted. 103 // For HTTP connections, the result of certificate verification can be used in route matching. ( 104 // see :ref:`validated <envoy_v3_api_field_config.route.v3.RouteMatch.TlsContextMatchOptions.validated>` ). 105 CertificateValidationContext_ACCEPT_UNTRUSTED CertificateValidationContext_TrustChainVerification = 1 106 ) 107 108 // Enum value maps for CertificateValidationContext_TrustChainVerification. 109 var ( 110 CertificateValidationContext_TrustChainVerification_name = map[int32]string{ 111 0: "VERIFY_TRUST_CHAIN", 112 1: "ACCEPT_UNTRUSTED", 113 } 114 CertificateValidationContext_TrustChainVerification_value = map[string]int32{ 115 "VERIFY_TRUST_CHAIN": 0, 116 "ACCEPT_UNTRUSTED": 1, 117 } 118 ) 119 120 func (x CertificateValidationContext_TrustChainVerification) Enum() *CertificateValidationContext_TrustChainVerification { 121 p := new(CertificateValidationContext_TrustChainVerification) 122 *p = x 123 return p 124 } 125 126 func (x CertificateValidationContext_TrustChainVerification) String() string { 127 return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) 128 } 129 130 func (CertificateValidationContext_TrustChainVerification) Descriptor() protoreflect.EnumDescriptor { 131 return file_envoy_extensions_transport_sockets_tls_v3_common_proto_enumTypes[1].Descriptor() 132 } 133 134 func (CertificateValidationContext_TrustChainVerification) Type() protoreflect.EnumType { 135 return &file_envoy_extensions_transport_sockets_tls_v3_common_proto_enumTypes[1] 136 } 137 138 func (x CertificateValidationContext_TrustChainVerification) Number() protoreflect.EnumNumber { 139 return protoreflect.EnumNumber(x) 140 } 141 142 // Deprecated: Use CertificateValidationContext_TrustChainVerification.Descriptor instead. 143 func (CertificateValidationContext_TrustChainVerification) EnumDescriptor() ([]byte, []int) { 144 return file_envoy_extensions_transport_sockets_tls_v3_common_proto_rawDescGZIP(), []int{5, 0} 145 } 146 147 type TlsParameters struct { 148 state protoimpl.MessageState 149 sizeCache protoimpl.SizeCache 150 unknownFields protoimpl.UnknownFields 151 152 // Minimum TLS protocol version. By default, it's ``TLSv1_2`` for clients and ``TLSv1_0`` for 153 // servers. 154 TlsMinimumProtocolVersion TlsParameters_TlsProtocol `protobuf:"varint,1,opt,name=tls_minimum_protocol_version,json=tlsMinimumProtocolVersion,proto3,enum=envoy.extensions.transport_sockets.tls.v3.TlsParameters_TlsProtocol" json:"tls_minimum_protocol_version,omitempty"` 155 // Maximum TLS protocol version. By default, it's ``TLSv1_2`` for clients and ``TLSv1_3`` for 156 // servers. 157 TlsMaximumProtocolVersion TlsParameters_TlsProtocol `protobuf:"varint,2,opt,name=tls_maximum_protocol_version,json=tlsMaximumProtocolVersion,proto3,enum=envoy.extensions.transport_sockets.tls.v3.TlsParameters_TlsProtocol" json:"tls_maximum_protocol_version,omitempty"` 158 // If specified, the TLS listener will only support the specified `cipher list 159 // <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_ 160 // when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3). 161 // 162 // If not specified, a default list will be used. Defaults are different for server (downstream) and 163 // client (upstream) TLS configurations. 164 // 165 // In non-FIPS builds, the default server cipher list is: 166 // 167 // .. code-block:: none 168 // 169 // [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305] 170 // [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305] 171 // ECDHE-ECDSA-AES128-SHA 172 // ECDHE-RSA-AES128-SHA 173 // AES128-GCM-SHA256 174 // AES128-SHA 175 // ECDHE-ECDSA-AES256-GCM-SHA384 176 // ECDHE-RSA-AES256-GCM-SHA384 177 // ECDHE-ECDSA-AES256-SHA 178 // ECDHE-RSA-AES256-SHA 179 // AES256-GCM-SHA384 180 // AES256-SHA 181 // 182 // In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default server cipher list is: 183 // 184 // .. code-block:: none 185 // 186 // ECDHE-ECDSA-AES128-GCM-SHA256 187 // ECDHE-RSA-AES128-GCM-SHA256 188 // ECDHE-ECDSA-AES128-SHA 189 // ECDHE-RSA-AES128-SHA 190 // AES128-GCM-SHA256 191 // AES128-SHA 192 // ECDHE-ECDSA-AES256-GCM-SHA384 193 // ECDHE-RSA-AES256-GCM-SHA384 194 // ECDHE-ECDSA-AES256-SHA 195 // ECDHE-RSA-AES256-SHA 196 // AES256-GCM-SHA384 197 // AES256-SHA 198 // 199 // In non-FIPS builds, the default client cipher list is: 200 // 201 // .. code-block:: none 202 // 203 // [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305] 204 // [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305] 205 // ECDHE-ECDSA-AES256-GCM-SHA384 206 // ECDHE-RSA-AES256-GCM-SHA384 207 // 208 // In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default client cipher list is: 209 // 210 // .. code-block:: none 211 // 212 // ECDHE-ECDSA-AES128-GCM-SHA256 213 // ECDHE-RSA-AES128-GCM-SHA256 214 // ECDHE-ECDSA-AES256-GCM-SHA384 215 // ECDHE-RSA-AES256-GCM-SHA384 216 CipherSuites []string `protobuf:"bytes,3,rep,name=cipher_suites,json=cipherSuites,proto3" json:"cipher_suites,omitempty"` 217 // If specified, the TLS connection will only support the specified ECDH 218 // curves. If not specified, the default curves will be used. 219 // 220 // In non-FIPS builds, the default curves are: 221 // 222 // .. code-block:: none 223 // 224 // X25519 225 // P-256 226 // 227 // In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default curve is: 228 // 229 // .. code-block:: none 230 // 231 // P-256 232 EcdhCurves []string `protobuf:"bytes,4,rep,name=ecdh_curves,json=ecdhCurves,proto3" json:"ecdh_curves,omitempty"` 233 } 234 235 func (x *TlsParameters) Reset() { 236 *x = TlsParameters{} 237 if protoimpl.UnsafeEnabled { 238 mi := &file_envoy_extensions_transport_sockets_tls_v3_common_proto_msgTypes[0] 239 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 240 ms.StoreMessageInfo(mi) 241 } 242 } 243 244 func (x *TlsParameters) String() string { 245 return protoimpl.X.MessageStringOf(x) 246 } 247 248 func (*TlsParameters) ProtoMessage() {} 249 250 func (x *TlsParameters) ProtoReflect() protoreflect.Message { 251 mi := &file_envoy_extensions_transport_sockets_tls_v3_common_proto_msgTypes[0] 252 if protoimpl.UnsafeEnabled && x != nil { 253 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 254 if ms.LoadMessageInfo() == nil { 255 ms.StoreMessageInfo(mi) 256 } 257 return ms 258 } 259 return mi.MessageOf(x) 260 } 261 262 // Deprecated: Use TlsParameters.ProtoReflect.Descriptor instead. 263 func (*TlsParameters) Descriptor() ([]byte, []int) { 264 return file_envoy_extensions_transport_sockets_tls_v3_common_proto_rawDescGZIP(), []int{0} 265 } 266 267 func (x *TlsParameters) GetTlsMinimumProtocolVersion() TlsParameters_TlsProtocol { 268 if x != nil { 269 return x.TlsMinimumProtocolVersion 270 } 271 return TlsParameters_TLS_AUTO 272 } 273 274 func (x *TlsParameters) GetTlsMaximumProtocolVersion() TlsParameters_TlsProtocol { 275 if x != nil { 276 return x.TlsMaximumProtocolVersion 277 } 278 return TlsParameters_TLS_AUTO 279 } 280 281 func (x *TlsParameters) GetCipherSuites() []string { 282 if x != nil { 283 return x.CipherSuites 284 } 285 return nil 286 } 287 288 func (x *TlsParameters) GetEcdhCurves() []string { 289 if x != nil { 290 return x.EcdhCurves 291 } 292 return nil 293 } 294 295 // BoringSSL private key method configuration. The private key methods are used for external 296 // (potentially asynchronous) signing and decryption operations. Some use cases for private key 297 // methods would be TPM support and TLS acceleration. 298 type PrivateKeyProvider struct { 299 state protoimpl.MessageState 300 sizeCache protoimpl.SizeCache 301 unknownFields protoimpl.UnknownFields 302 303 // Private key method provider name. The name must match a 304 // supported private key method provider type. 305 ProviderName string `protobuf:"bytes,1,opt,name=provider_name,json=providerName,proto3" json:"provider_name,omitempty"` 306 // Private key method provider specific configuration. 307 // 308 // Types that are assignable to ConfigType: 309 // *PrivateKeyProvider_TypedConfig 310 // *PrivateKeyProvider_HiddenEnvoyDeprecatedConfig 311 ConfigType isPrivateKeyProvider_ConfigType `protobuf_oneof:"config_type"` 312 } 313 314 func (x *PrivateKeyProvider) Reset() { 315 *x = PrivateKeyProvider{} 316 if protoimpl.UnsafeEnabled { 317 mi := &file_envoy_extensions_transport_sockets_tls_v3_common_proto_msgTypes[1] 318 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 319 ms.StoreMessageInfo(mi) 320 } 321 } 322 323 func (x *PrivateKeyProvider) String() string { 324 return protoimpl.X.MessageStringOf(x) 325 } 326 327 func (*PrivateKeyProvider) ProtoMessage() {} 328 329 func (x *PrivateKeyProvider) ProtoReflect() protoreflect.Message { 330 mi := &file_envoy_extensions_transport_sockets_tls_v3_common_proto_msgTypes[1] 331 if protoimpl.UnsafeEnabled && x != nil { 332 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 333 if ms.LoadMessageInfo() == nil { 334 ms.StoreMessageInfo(mi) 335 } 336 return ms 337 } 338 return mi.MessageOf(x) 339 } 340 341 // Deprecated: Use PrivateKeyProvider.ProtoReflect.Descriptor instead. 342 func (*PrivateKeyProvider) Descriptor() ([]byte, []int) { 343 return file_envoy_extensions_transport_sockets_tls_v3_common_proto_rawDescGZIP(), []int{1} 344 } 345 346 func (x *PrivateKeyProvider) GetProviderName() string { 347 if x != nil { 348 return x.ProviderName 349 } 350 return "" 351 } 352 353 func (m *PrivateKeyProvider) GetConfigType() isPrivateKeyProvider_ConfigType { 354 if m != nil { 355 return m.ConfigType 356 } 357 return nil 358 } 359 360 func (x *PrivateKeyProvider) GetTypedConfig() *any.Any { 361 if x, ok := x.GetConfigType().(*PrivateKeyProvider_TypedConfig); ok { 362 return x.TypedConfig 363 } 364 return nil 365 } 366 367 // Deprecated: Do not use. 368 func (x *PrivateKeyProvider) GetHiddenEnvoyDeprecatedConfig() *_struct.Struct { 369 if x, ok := x.GetConfigType().(*PrivateKeyProvider_HiddenEnvoyDeprecatedConfig); ok { 370 return x.HiddenEnvoyDeprecatedConfig 371 } 372 return nil 373 } 374 375 type isPrivateKeyProvider_ConfigType interface { 376 isPrivateKeyProvider_ConfigType() 377 } 378 379 type PrivateKeyProvider_TypedConfig struct { 380 TypedConfig *any.Any `protobuf:"bytes,3,opt,name=typed_config,json=typedConfig,proto3,oneof"` 381 } 382 383 type PrivateKeyProvider_HiddenEnvoyDeprecatedConfig struct { 384 // Deprecated: Do not use. 385 HiddenEnvoyDeprecatedConfig *_struct.Struct `protobuf:"bytes,2,opt,name=hidden_envoy_deprecated_config,json=hiddenEnvoyDeprecatedConfig,proto3,oneof"` 386 } 387 388 func (*PrivateKeyProvider_TypedConfig) isPrivateKeyProvider_ConfigType() {} 389 390 func (*PrivateKeyProvider_HiddenEnvoyDeprecatedConfig) isPrivateKeyProvider_ConfigType() {} 391 392 // [#next-free-field: 8] 393 type TlsCertificate struct { 394 state protoimpl.MessageState 395 sizeCache protoimpl.SizeCache 396 unknownFields protoimpl.UnknownFields 397 398 // The TLS certificate chain. 399 // 400 // If *certificate_chain* is a filesystem path, a watch will be added to the 401 // parent directory for any file moves to support rotation. This currently 402 // only applies to dynamic secrets, when the *TlsCertificate* is delivered via 403 // SDS. 404 CertificateChain *v3.DataSource `protobuf:"bytes,1,opt,name=certificate_chain,json=certificateChain,proto3" json:"certificate_chain,omitempty"` 405 // The TLS private key. 406 // 407 // If *private_key* is a filesystem path, a watch will be added to the parent 408 // directory for any file moves to support rotation. This currently only 409 // applies to dynamic secrets, when the *TlsCertificate* is delivered via SDS. 410 PrivateKey *v3.DataSource `protobuf:"bytes,2,opt,name=private_key,json=privateKey,proto3" json:"private_key,omitempty"` 411 // If specified, updates of file-based *certificate_chain* and *private_key* 412 // sources will be triggered by this watch. The certificate/key pair will be 413 // read together and validated for atomic read consistency (i.e. no 414 // intervening modification occurred between cert/key read, verified by file 415 // hash comparisons). This allows explicit control over the path watched, by 416 // default the parent directories of the filesystem paths in 417 // *certificate_chain* and *private_key* are watched if this field is not 418 // specified. This only applies when a *TlsCertificate* is delivered by SDS 419 // with references to filesystem paths. See the :ref:`SDS key rotation 420 // <sds_key_rotation>` documentation for further details. 421 WatchedDirectory *v3.WatchedDirectory `protobuf:"bytes,7,opt,name=watched_directory,json=watchedDirectory,proto3" json:"watched_directory,omitempty"` 422 // BoringSSL private key method provider. This is an alternative to :ref:`private_key 423 // <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>` field. This can't be 424 // marked as ``oneof`` due to API compatibility reasons. Setting both :ref:`private_key 425 // <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>` and 426 // :ref:`private_key_provider 427 // <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key_provider>` fields will result in an 428 // error. 429 PrivateKeyProvider *PrivateKeyProvider `protobuf:"bytes,6,opt,name=private_key_provider,json=privateKeyProvider,proto3" json:"private_key_provider,omitempty"` 430 // The password to decrypt the TLS private key. If this field is not set, it is assumed that the 431 // TLS private key is not password encrypted. 432 Password *v3.DataSource `protobuf:"bytes,3,opt,name=password,proto3" json:"password,omitempty"` 433 // The OCSP response to be stapled with this certificate during the handshake. 434 // The response must be DER-encoded and may only be provided via ``filename`` or 435 // ``inline_bytes``. The response may pertain to only one certificate. 436 OcspStaple *v3.DataSource `protobuf:"bytes,4,opt,name=ocsp_staple,json=ocspStaple,proto3" json:"ocsp_staple,omitempty"` 437 // [#not-implemented-hide:] 438 SignedCertificateTimestamp []*v3.DataSource `protobuf:"bytes,5,rep,name=signed_certificate_timestamp,json=signedCertificateTimestamp,proto3" json:"signed_certificate_timestamp,omitempty"` 439 } 440 441 func (x *TlsCertificate) Reset() { 442 *x = TlsCertificate{} 443 if protoimpl.UnsafeEnabled { 444 mi := &file_envoy_extensions_transport_sockets_tls_v3_common_proto_msgTypes[2] 445 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 446 ms.StoreMessageInfo(mi) 447 } 448 } 449 450 func (x *TlsCertificate) String() string { 451 return protoimpl.X.MessageStringOf(x) 452 } 453 454 func (*TlsCertificate) ProtoMessage() {} 455 456 func (x *TlsCertificate) ProtoReflect() protoreflect.Message { 457 mi := &file_envoy_extensions_transport_sockets_tls_v3_common_proto_msgTypes[2] 458 if protoimpl.UnsafeEnabled && x != nil { 459 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 460 if ms.LoadMessageInfo() == nil { 461 ms.StoreMessageInfo(mi) 462 } 463 return ms 464 } 465 return mi.MessageOf(x) 466 } 467 468 // Deprecated: Use TlsCertificate.ProtoReflect.Descriptor instead. 469 func (*TlsCertificate) Descriptor() ([]byte, []int) { 470 return file_envoy_extensions_transport_sockets_tls_v3_common_proto_rawDescGZIP(), []int{2} 471 } 472 473 func (x *TlsCertificate) GetCertificateChain() *v3.DataSource { 474 if x != nil { 475 return x.CertificateChain 476 } 477 return nil 478 } 479 480 func (x *TlsCertificate) GetPrivateKey() *v3.DataSource { 481 if x != nil { 482 return x.PrivateKey 483 } 484 return nil 485 } 486 487 func (x *TlsCertificate) GetWatchedDirectory() *v3.WatchedDirectory { 488 if x != nil { 489 return x.WatchedDirectory 490 } 491 return nil 492 } 493 494 func (x *TlsCertificate) GetPrivateKeyProvider() *PrivateKeyProvider { 495 if x != nil { 496 return x.PrivateKeyProvider 497 } 498 return nil 499 } 500 501 func (x *TlsCertificate) GetPassword() *v3.DataSource { 502 if x != nil { 503 return x.Password 504 } 505 return nil 506 } 507 508 func (x *TlsCertificate) GetOcspStaple() *v3.DataSource { 509 if x != nil { 510 return x.OcspStaple 511 } 512 return nil 513 } 514 515 func (x *TlsCertificate) GetSignedCertificateTimestamp() []*v3.DataSource { 516 if x != nil { 517 return x.SignedCertificateTimestamp 518 } 519 return nil 520 } 521 522 type TlsSessionTicketKeys struct { 523 state protoimpl.MessageState 524 sizeCache protoimpl.SizeCache 525 unknownFields protoimpl.UnknownFields 526 527 // Keys for encrypting and decrypting TLS session tickets. The 528 // first key in the array contains the key to encrypt all new sessions created by this context. 529 // All keys are candidates for decrypting received tickets. This allows for easy rotation of keys 530 // by, for example, putting the new key first, and the previous key second. 531 // 532 // If :ref:`session_ticket_keys <envoy_v3_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.session_ticket_keys>` 533 // is not specified, the TLS library will still support resuming sessions via tickets, but it will 534 // use an internally-generated and managed key, so sessions cannot be resumed across hot restarts 535 // or on different hosts. 536 // 537 // Each key must contain exactly 80 bytes of cryptographically-secure random data. For 538 // example, the output of ``openssl rand 80``. 539 // 540 // .. attention:: 541 // 542 // Using this feature has serious security considerations and risks. Improper handling of keys 543 // may result in loss of secrecy in connections, even if ciphers supporting perfect forward 544 // secrecy are used. See https://www.imperialviolet.org/2013/06/27/botchingpfs.html for some 545 // discussion. To minimize the risk, you must: 546 // 547 // * Keep the session ticket keys at least as secure as your TLS certificate private keys 548 // * Rotate session ticket keys at least daily, and preferably hourly 549 // * Always generate keys using a cryptographically-secure random data source 550 Keys []*v3.DataSource `protobuf:"bytes,1,rep,name=keys,proto3" json:"keys,omitempty"` 551 } 552 553 func (x *TlsSessionTicketKeys) Reset() { 554 *x = TlsSessionTicketKeys{} 555 if protoimpl.UnsafeEnabled { 556 mi := &file_envoy_extensions_transport_sockets_tls_v3_common_proto_msgTypes[3] 557 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 558 ms.StoreMessageInfo(mi) 559 } 560 } 561 562 func (x *TlsSessionTicketKeys) String() string { 563 return protoimpl.X.MessageStringOf(x) 564 } 565 566 func (*TlsSessionTicketKeys) ProtoMessage() {} 567 568 func (x *TlsSessionTicketKeys) ProtoReflect() protoreflect.Message { 569 mi := &file_envoy_extensions_transport_sockets_tls_v3_common_proto_msgTypes[3] 570 if protoimpl.UnsafeEnabled && x != nil { 571 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 572 if ms.LoadMessageInfo() == nil { 573 ms.StoreMessageInfo(mi) 574 } 575 return ms 576 } 577 return mi.MessageOf(x) 578 } 579 580 // Deprecated: Use TlsSessionTicketKeys.ProtoReflect.Descriptor instead. 581 func (*TlsSessionTicketKeys) Descriptor() ([]byte, []int) { 582 return file_envoy_extensions_transport_sockets_tls_v3_common_proto_rawDescGZIP(), []int{3} 583 } 584 585 func (x *TlsSessionTicketKeys) GetKeys() []*v3.DataSource { 586 if x != nil { 587 return x.Keys 588 } 589 return nil 590 } 591 592 // Indicates a certificate to be obtained from a named CertificateProvider plugin instance. 593 // The plugin instances are defined in the client's bootstrap file. 594 // The plugin allows certificates to be fetched/refreshed over the network asynchronously with 595 // respect to the TLS handshake. 596 // [#not-implemented-hide:] 597 type CertificateProviderPluginInstance struct { 598 state protoimpl.MessageState 599 sizeCache protoimpl.SizeCache 600 unknownFields protoimpl.UnknownFields 601 602 // Provider instance name. If not present, defaults to "default". 603 // 604 // Instance names should generally be defined not in terms of the underlying provider 605 // implementation (e.g., "file_watcher") but rather in terms of the function of the 606 // certificates (e.g., "foo_deployment_identity"). 607 InstanceName string `protobuf:"bytes,1,opt,name=instance_name,json=instanceName,proto3" json:"instance_name,omitempty"` 608 // Opaque name used to specify certificate instances or types. For example, "ROOTCA" to specify 609 // a root-certificate (validation context) or "example.com" to specify a certificate for a 610 // particular domain. Not all provider instances will actually use this field, so the value 611 // defaults to the empty string. 612 CertificateName string `protobuf:"bytes,2,opt,name=certificate_name,json=certificateName,proto3" json:"certificate_name,omitempty"` 613 } 614 615 func (x *CertificateProviderPluginInstance) Reset() { 616 *x = CertificateProviderPluginInstance{} 617 if protoimpl.UnsafeEnabled { 618 mi := &file_envoy_extensions_transport_sockets_tls_v3_common_proto_msgTypes[4] 619 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 620 ms.StoreMessageInfo(mi) 621 } 622 } 623 624 func (x *CertificateProviderPluginInstance) String() string { 625 return protoimpl.X.MessageStringOf(x) 626 } 627 628 func (*CertificateProviderPluginInstance) ProtoMessage() {} 629 630 func (x *CertificateProviderPluginInstance) ProtoReflect() protoreflect.Message { 631 mi := &file_envoy_extensions_transport_sockets_tls_v3_common_proto_msgTypes[4] 632 if protoimpl.UnsafeEnabled && x != nil { 633 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 634 if ms.LoadMessageInfo() == nil { 635 ms.StoreMessageInfo(mi) 636 } 637 return ms 638 } 639 return mi.MessageOf(x) 640 } 641 642 // Deprecated: Use CertificateProviderPluginInstance.ProtoReflect.Descriptor instead. 643 func (*CertificateProviderPluginInstance) Descriptor() ([]byte, []int) { 644 return file_envoy_extensions_transport_sockets_tls_v3_common_proto_rawDescGZIP(), []int{4} 645 } 646 647 func (x *CertificateProviderPluginInstance) GetInstanceName() string { 648 if x != nil { 649 return x.InstanceName 650 } 651 return "" 652 } 653 654 func (x *CertificateProviderPluginInstance) GetCertificateName() string { 655 if x != nil { 656 return x.CertificateName 657 } 658 return "" 659 } 660 661 // [#next-free-field: 14] 662 type CertificateValidationContext struct { 663 state protoimpl.MessageState 664 sizeCache protoimpl.SizeCache 665 unknownFields protoimpl.UnknownFields 666 667 // TLS certificate data containing certificate authority certificates to use in verifying 668 // a presented peer certificate (e.g. server certificate for clusters or client certificate 669 // for listeners). If not specified and a peer certificate is presented it will not be 670 // verified. By default, a client certificate is optional, unless one of the additional 671 // options (:ref:`require_client_certificate 672 // <envoy_v3_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.require_client_certificate>`, 673 // :ref:`verify_certificate_spki 674 // <envoy_v3_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.verify_certificate_spki>`, 675 // :ref:`verify_certificate_hash 676 // <envoy_v3_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.verify_certificate_hash>`, or 677 // :ref:`match_subject_alt_names 678 // <envoy_v3_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.match_subject_alt_names>`) is also 679 // specified. 680 // 681 // It can optionally contain certificate revocation lists, in which case Envoy will verify 682 // that the presented peer certificate has not been revoked by one of the included CRLs. Note 683 // that if a CRL is provided for any certificate authority in a trust chain, a CRL must be 684 // provided for all certificate authorities in that chain. Failure to do so will result in 685 // verification failure for both revoked and unrevoked certificates from that chain. 686 // 687 // See :ref:`the TLS overview <arch_overview_ssl_enabling_verification>` for a list of common 688 // system CA locations. 689 // 690 // If *trusted_ca* is a filesystem path, a watch will be added to the parent 691 // directory for any file moves to support rotation. This currently only 692 // applies to dynamic secrets, when the *CertificateValidationContext* is 693 // delivered via SDS. 694 // 695 // Only one of *trusted_ca* and *ca_certificate_provider_instance* may be specified. 696 // 697 // [#next-major-version: This field and watched_directory below should ideally be moved into a 698 // separate sub-message, since there's no point in specifying the latter field without this one.] 699 TrustedCa *v3.DataSource `protobuf:"bytes,1,opt,name=trusted_ca,json=trustedCa,proto3" json:"trusted_ca,omitempty"` 700 // Certificate provider instance for fetching TLS certificates. 701 // 702 // Only one of *trusted_ca* and *ca_certificate_provider_instance* may be specified. 703 // [#not-implemented-hide:] 704 CaCertificateProviderInstance *CertificateProviderPluginInstance `protobuf:"bytes,13,opt,name=ca_certificate_provider_instance,json=caCertificateProviderInstance,proto3" json:"ca_certificate_provider_instance,omitempty"` 705 // If specified, updates of a file-based *trusted_ca* source will be triggered 706 // by this watch. This allows explicit control over the path watched, by 707 // default the parent directory of the filesystem path in *trusted_ca* is 708 // watched if this field is not specified. This only applies when a 709 // *CertificateValidationContext* is delivered by SDS with references to 710 // filesystem paths. See the :ref:`SDS key rotation <sds_key_rotation>` 711 // documentation for further details. 712 WatchedDirectory *v3.WatchedDirectory `protobuf:"bytes,11,opt,name=watched_directory,json=watchedDirectory,proto3" json:"watched_directory,omitempty"` 713 // An optional list of base64-encoded SHA-256 hashes. If specified, Envoy will verify that the 714 // SHA-256 of the DER-encoded Subject Public Key Information (SPKI) of the presented certificate 715 // matches one of the specified values. 716 // 717 // A base64-encoded SHA-256 of the Subject Public Key Information (SPKI) of the certificate 718 // can be generated with the following command: 719 // 720 // .. code-block:: bash 721 // 722 // $ openssl x509 -in path/to/client.crt -noout -pubkey 723 // | openssl pkey -pubin -outform DER 724 // | openssl dgst -sha256 -binary 725 // | openssl enc -base64 726 // NvqYIYSbgK2vCJpQhObf77vv+bQWtc5ek5RIOwPiC9A= 727 // 728 // This is the format used in HTTP Public Key Pinning. 729 // 730 // When both: 731 // :ref:`verify_certificate_hash 732 // <envoy_v3_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.verify_certificate_hash>` and 733 // :ref:`verify_certificate_spki 734 // <envoy_v3_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.verify_certificate_spki>` are specified, 735 // a hash matching value from either of the lists will result in the certificate being accepted. 736 // 737 // .. attention:: 738 // 739 // This option is preferred over :ref:`verify_certificate_hash 740 // <envoy_v3_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.verify_certificate_hash>`, 741 // because SPKI is tied to a private key, so it doesn't change when the certificate 742 // is renewed using the same private key. 743 VerifyCertificateSpki []string `protobuf:"bytes,3,rep,name=verify_certificate_spki,json=verifyCertificateSpki,proto3" json:"verify_certificate_spki,omitempty"` 744 // An optional list of hex-encoded SHA-256 hashes. If specified, Envoy will verify that 745 // the SHA-256 of the DER-encoded presented certificate matches one of the specified values. 746 // 747 // A hex-encoded SHA-256 of the certificate can be generated with the following command: 748 // 749 // .. code-block:: bash 750 // 751 // $ openssl x509 -in path/to/client.crt -outform DER | openssl dgst -sha256 | cut -d" " -f2 752 // df6ff72fe9116521268f6f2dd4966f51df479883fe7037b39f75916ac3049d1a 753 // 754 // A long hex-encoded and colon-separated SHA-256 (a.k.a. "fingerprint") of the certificate 755 // can be generated with the following command: 756 // 757 // .. code-block:: bash 758 // 759 // $ openssl x509 -in path/to/client.crt -noout -fingerprint -sha256 | cut -d"=" -f2 760 // DF:6F:F7:2F:E9:11:65:21:26:8F:6F:2D:D4:96:6F:51:DF:47:98:83:FE:70:37:B3:9F:75:91:6A:C3:04:9D:1A 761 // 762 // Both of those formats are acceptable. 763 // 764 // When both: 765 // :ref:`verify_certificate_hash 766 // <envoy_v3_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.verify_certificate_hash>` and 767 // :ref:`verify_certificate_spki 768 // <envoy_v3_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.verify_certificate_spki>` are specified, 769 // a hash matching value from either of the lists will result in the certificate being accepted. 770 VerifyCertificateHash []string `protobuf:"bytes,2,rep,name=verify_certificate_hash,json=verifyCertificateHash,proto3" json:"verify_certificate_hash,omitempty"` 771 // An optional list of Subject Alternative name matchers. If specified, Envoy will verify that the 772 // Subject Alternative Name of the presented certificate matches one of the specified matchers. 773 // 774 // When a certificate has wildcard DNS SAN entries, to match a specific client, it should be 775 // configured with exact match type in the :ref:`string matcher <envoy_v3_api_msg_type.matcher.v3.StringMatcher>`. 776 // For example if the certificate has "\*.example.com" as DNS SAN entry, to allow only "api.example.com", 777 // it should be configured as shown below. 778 // 779 // .. code-block:: yaml 780 // 781 // match_subject_alt_names: 782 // exact: "api.example.com" 783 // 784 // .. attention:: 785 // 786 // Subject Alternative Names are easily spoofable and verifying only them is insecure, 787 // therefore this option must be used together with :ref:`trusted_ca 788 // <envoy_v3_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.trusted_ca>`. 789 MatchSubjectAltNames []*v31.StringMatcher `protobuf:"bytes,9,rep,name=match_subject_alt_names,json=matchSubjectAltNames,proto3" json:"match_subject_alt_names,omitempty"` 790 // [#not-implemented-hide:] Must present signed certificate time-stamp. 791 RequireSignedCertificateTimestamp *wrappers.BoolValue `protobuf:"bytes,6,opt,name=require_signed_certificate_timestamp,json=requireSignedCertificateTimestamp,proto3" json:"require_signed_certificate_timestamp,omitempty"` 792 // An optional `certificate revocation list 793 // <https://en.wikipedia.org/wiki/Certificate_revocation_list>`_ 794 // (in PEM format). If specified, Envoy will verify that the presented peer 795 // certificate has not been revoked by this CRL. If this DataSource contains 796 // multiple CRLs, all of them will be used. Note that if a CRL is provided 797 // for any certificate authority in a trust chain, a CRL must be provided 798 // for all certificate authorities in that chain. Failure to do so will 799 // result in verification failure for both revoked and unrevoked certificates 800 // from that chain. 801 Crl *v3.DataSource `protobuf:"bytes,7,opt,name=crl,proto3" json:"crl,omitempty"` 802 // If specified, Envoy will not reject expired certificates. 803 AllowExpiredCertificate bool `protobuf:"varint,8,opt,name=allow_expired_certificate,json=allowExpiredCertificate,proto3" json:"allow_expired_certificate,omitempty"` 804 // Certificate trust chain verification mode. 805 TrustChainVerification CertificateValidationContext_TrustChainVerification `protobuf:"varint,10,opt,name=trust_chain_verification,json=trustChainVerification,proto3,enum=envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext_TrustChainVerification" json:"trust_chain_verification,omitempty"` 806 // The configuration of an extension specific certificate validator. 807 // If specified, all validation is done by the specified validator, 808 // and the behavior of all other validation settings is defined by the specified validator (and may be entirely ignored, unused, and unvalidated). 809 // Refer to the documentation for the specified validator. If you do not want a custom validation algorithm, do not set this field. 810 // [#extension-category: envoy.tls.cert_validator] 811 CustomValidatorConfig *v3.TypedExtensionConfig `protobuf:"bytes,12,opt,name=custom_validator_config,json=customValidatorConfig,proto3" json:"custom_validator_config,omitempty"` 812 // Deprecated: Do not use. 813 HiddenEnvoyDeprecatedVerifySubjectAltName []string `protobuf:"bytes,4,rep,name=hidden_envoy_deprecated_verify_subject_alt_name,json=hiddenEnvoyDeprecatedVerifySubjectAltName,proto3" json:"hidden_envoy_deprecated_verify_subject_alt_name,omitempty"` 814 } 815 816 func (x *CertificateValidationContext) Reset() { 817 *x = CertificateValidationContext{} 818 if protoimpl.UnsafeEnabled { 819 mi := &file_envoy_extensions_transport_sockets_tls_v3_common_proto_msgTypes[5] 820 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 821 ms.StoreMessageInfo(mi) 822 } 823 } 824 825 func (x *CertificateValidationContext) String() string { 826 return protoimpl.X.MessageStringOf(x) 827 } 828 829 func (*CertificateValidationContext) ProtoMessage() {} 830 831 func (x *CertificateValidationContext) ProtoReflect() protoreflect.Message { 832 mi := &file_envoy_extensions_transport_sockets_tls_v3_common_proto_msgTypes[5] 833 if protoimpl.UnsafeEnabled && x != nil { 834 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 835 if ms.LoadMessageInfo() == nil { 836 ms.StoreMessageInfo(mi) 837 } 838 return ms 839 } 840 return mi.MessageOf(x) 841 } 842 843 // Deprecated: Use CertificateValidationContext.ProtoReflect.Descriptor instead. 844 func (*CertificateValidationContext) Descriptor() ([]byte, []int) { 845 return file_envoy_extensions_transport_sockets_tls_v3_common_proto_rawDescGZIP(), []int{5} 846 } 847 848 func (x *CertificateValidationContext) GetTrustedCa() *v3.DataSource { 849 if x != nil { 850 return x.TrustedCa 851 } 852 return nil 853 } 854 855 func (x *CertificateValidationContext) GetCaCertificateProviderInstance() *CertificateProviderPluginInstance { 856 if x != nil { 857 return x.CaCertificateProviderInstance 858 } 859 return nil 860 } 861 862 func (x *CertificateValidationContext) GetWatchedDirectory() *v3.WatchedDirectory { 863 if x != nil { 864 return x.WatchedDirectory 865 } 866 return nil 867 } 868 869 func (x *CertificateValidationContext) GetVerifyCertificateSpki() []string { 870 if x != nil { 871 return x.VerifyCertificateSpki 872 } 873 return nil 874 } 875 876 func (x *CertificateValidationContext) GetVerifyCertificateHash() []string { 877 if x != nil { 878 return x.VerifyCertificateHash 879 } 880 return nil 881 } 882 883 func (x *CertificateValidationContext) GetMatchSubjectAltNames() []*v31.StringMatcher { 884 if x != nil { 885 return x.MatchSubjectAltNames 886 } 887 return nil 888 } 889 890 func (x *CertificateValidationContext) GetRequireSignedCertificateTimestamp() *wrappers.BoolValue { 891 if x != nil { 892 return x.RequireSignedCertificateTimestamp 893 } 894 return nil 895 } 896 897 func (x *CertificateValidationContext) GetCrl() *v3.DataSource { 898 if x != nil { 899 return x.Crl 900 } 901 return nil 902 } 903 904 func (x *CertificateValidationContext) GetAllowExpiredCertificate() bool { 905 if x != nil { 906 return x.AllowExpiredCertificate 907 } 908 return false 909 } 910 911 func (x *CertificateValidationContext) GetTrustChainVerification() CertificateValidationContext_TrustChainVerification { 912 if x != nil { 913 return x.TrustChainVerification 914 } 915 return CertificateValidationContext_VERIFY_TRUST_CHAIN 916 } 917 918 func (x *CertificateValidationContext) GetCustomValidatorConfig() *v3.TypedExtensionConfig { 919 if x != nil { 920 return x.CustomValidatorConfig 921 } 922 return nil 923 } 924 925 // Deprecated: Do not use. 926 func (x *CertificateValidationContext) GetHiddenEnvoyDeprecatedVerifySubjectAltName() []string { 927 if x != nil { 928 return x.HiddenEnvoyDeprecatedVerifySubjectAltName 929 } 930 return nil 931 } 932 933 var File_envoy_extensions_transport_sockets_tls_v3_common_proto protoreflect.FileDescriptor 934 935 var file_envoy_extensions_transport_sockets_tls_v3_common_proto_rawDesc = []byte{ 936 0x0a, 0x36, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2f, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 937 0x6e, 0x73, 0x2f, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x73, 0x6f, 0x63, 938 0x6b, 0x65, 0x74, 0x73, 0x2f, 0x74, 0x6c, 0x73, 0x2f, 0x76, 0x33, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 939 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x29, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 940 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x74, 0x72, 0x61, 0x6e, 0x73, 941 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x73, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x73, 0x2e, 0x74, 0x6c, 0x73, 942 0x2e, 0x76, 0x33, 0x1a, 0x1f, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 943 0x67, 0x2f, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x76, 0x33, 0x2f, 0x62, 0x61, 0x73, 0x65, 0x2e, 0x70, 944 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x24, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2f, 0x63, 0x6f, 0x6e, 0x66, 945 0x69, 0x67, 0x2f, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x76, 0x33, 0x2f, 0x65, 0x78, 0x74, 0x65, 0x6e, 946 0x73, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x22, 0x65, 0x6e, 0x76, 0x6f, 947 0x79, 0x2f, 0x74, 0x79, 0x70, 0x65, 0x2f, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x2f, 0x76, 948 0x33, 0x2f, 0x73, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x19, 949 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 950 0x61, 0x6e, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1c, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 951 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x73, 0x74, 0x72, 0x75, 0x63, 952 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 953 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x77, 0x72, 0x61, 0x70, 0x70, 0x65, 0x72, 954 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x23, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2f, 0x61, 955 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x64, 0x65, 0x70, 0x72, 0x65, 956 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1e, 0x75, 0x64, 957 0x70, 0x61, 0x2f, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x6d, 958 0x69, 0x67, 0x72, 0x61, 0x74, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x20, 0x75, 0x64, 959 0x70, 0x61, 0x2f, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x73, 960 0x65, 0x6e, 0x73, 0x69, 0x74, 0x69, 0x76, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1d, 961 0x75, 0x64, 0x70, 0x61, 0x2f, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 962 0x2f, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x21, 0x75, 963 0x64, 0x70, 0x61, 0x2f, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 964 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x69, 0x6e, 0x67, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 965 0x1a, 0x17, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x2f, 0x76, 0x61, 0x6c, 0x69, 0x64, 966 0x61, 0x74, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xf2, 0x03, 0x0a, 0x0d, 0x54, 0x6c, 967 0x73, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x12, 0x8f, 0x01, 0x0a, 0x1c, 968 0x74, 0x6c, 0x73, 0x5f, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x5f, 0x70, 0x72, 0x6f, 0x74, 969 0x6f, 0x63, 0x6f, 0x6c, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 970 0x28, 0x0e, 0x32, 0x44, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x65, 0x78, 0x74, 0x65, 0x6e, 971 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x5f, 972 0x73, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x73, 0x2e, 0x74, 0x6c, 0x73, 0x2e, 0x76, 0x33, 0x2e, 0x54, 973 0x6c, 0x73, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x2e, 0x54, 0x6c, 0x73, 974 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x42, 0x08, 0xfa, 0x42, 0x05, 0x82, 0x01, 0x02, 975 0x10, 0x01, 0x52, 0x19, 0x74, 0x6c, 0x73, 0x4d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x50, 0x72, 976 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x8f, 0x01, 977 0x0a, 0x1c, 0x74, 0x6c, 0x73, 0x5f, 0x6d, 0x61, 0x78, 0x69, 0x6d, 0x75, 0x6d, 0x5f, 0x70, 0x72, 978 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x02, 979 0x20, 0x01, 0x28, 0x0e, 0x32, 0x44, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x65, 0x78, 0x74, 980 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 981 0x74, 0x5f, 0x73, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x73, 0x2e, 0x74, 0x6c, 0x73, 0x2e, 0x76, 0x33, 982 0x2e, 0x54, 0x6c, 0x73, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x2e, 0x54, 983 0x6c, 0x73, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x42, 0x08, 0xfa, 0x42, 0x05, 0x82, 984 0x01, 0x02, 0x10, 0x01, 0x52, 0x19, 0x74, 0x6c, 0x73, 0x4d, 0x61, 0x78, 0x69, 0x6d, 0x75, 0x6d, 985 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 986 0x23, 0x0a, 0x0d, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x5f, 0x73, 0x75, 0x69, 0x74, 0x65, 0x73, 987 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0c, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x53, 0x75, 988 0x69, 0x74, 0x65, 0x73, 0x12, 0x1f, 0x0a, 0x0b, 0x65, 0x63, 0x64, 0x68, 0x5f, 0x63, 0x75, 0x72, 989 0x76, 0x65, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0a, 0x65, 0x63, 0x64, 0x68, 0x43, 990 0x75, 0x72, 0x76, 0x65, 0x73, 0x22, 0x4f, 0x0a, 0x0b, 0x54, 0x6c, 0x73, 0x50, 0x72, 0x6f, 0x74, 991 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x0c, 0x0a, 0x08, 0x54, 0x4c, 0x53, 0x5f, 0x41, 0x55, 0x54, 0x4f, 992 0x10, 0x00, 0x12, 0x0b, 0x0a, 0x07, 0x54, 0x4c, 0x53, 0x76, 0x31, 0x5f, 0x30, 0x10, 0x01, 0x12, 993 0x0b, 0x0a, 0x07, 0x54, 0x4c, 0x53, 0x76, 0x31, 0x5f, 0x31, 0x10, 0x02, 0x12, 0x0b, 0x0a, 0x07, 994 0x54, 0x4c, 0x53, 0x76, 0x31, 0x5f, 0x32, 0x10, 0x03, 0x12, 0x0b, 0x0a, 0x07, 0x54, 0x4c, 0x53, 995 0x76, 0x31, 0x5f, 0x33, 0x10, 0x04, 0x3a, 0x26, 0x9a, 0xc5, 0x88, 0x1e, 0x21, 0x0a, 0x1f, 0x65, 996 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x61, 0x75, 0x74, 0x68, 997 0x2e, 0x54, 0x6c, 0x73, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x22, 0xb4, 998 0x02, 0x0a, 0x12, 0x50, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x50, 0x72, 0x6f, 999 0x76, 0x69, 0x64, 0x65, 0x72, 0x12, 0x2c, 0x0a, 0x0d, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 1000 0x72, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x07, 0xfa, 0x42, 1001 0x04, 0x72, 0x02, 0x10, 0x01, 0x52, 0x0c, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x4e, 1002 0x61, 0x6d, 0x65, 0x12, 0x41, 0x0a, 0x0c, 0x74, 0x79, 0x70, 0x65, 0x64, 0x5f, 0x63, 0x6f, 0x6e, 1003 0x66, 0x69, 0x67, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 1004 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x41, 0x6e, 0x79, 0x42, 1005 0x06, 0xb8, 0xb7, 0x8b, 0xa4, 0x02, 0x01, 0x48, 0x00, 0x52, 0x0b, 0x74, 0x79, 0x70, 0x65, 0x64, 1006 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x71, 0x0a, 0x1e, 0x68, 0x69, 0x64, 0x64, 0x65, 0x6e, 1007 0x5f, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x5f, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 1008 0x64, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 1009 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 1010 0x2e, 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, 0x42, 0x11, 0x18, 0x01, 0xb8, 0xb7, 0x8b, 0xa4, 0x02, 1011 0x01, 0x92, 0xc7, 0x86, 0xd8, 0x04, 0x03, 0x33, 0x2e, 0x30, 0x48, 0x00, 0x52, 0x1b, 0x68, 0x69, 1012 0x64, 0x64, 0x65, 0x6e, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x44, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 1013 0x74, 0x65, 0x64, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x3a, 0x2b, 0x9a, 0xc5, 0x88, 0x1e, 0x26, 1014 0x0a, 0x24, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x61, 1015 0x75, 0x74, 0x68, 0x2e, 0x50, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x50, 0x72, 1016 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x42, 0x0d, 0x0a, 0x0b, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 1017 0x5f, 0x74, 0x79, 0x70, 0x65, 0x22, 0x86, 0x05, 0x0a, 0x0e, 0x54, 0x6c, 0x73, 0x43, 0x65, 0x72, 1018 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x4d, 0x0a, 0x11, 0x63, 0x65, 0x72, 0x74, 1019 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x18, 0x01, 0x20, 1020 0x01, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 1021 0x69, 0x67, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x76, 0x33, 0x2e, 0x44, 0x61, 0x74, 0x61, 0x53, 1022 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x10, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 1023 0x74, 0x65, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x12, 0x49, 0x0a, 0x0b, 0x70, 0x72, 0x69, 0x76, 0x61, 1024 0x74, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x65, 1025 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x63, 0x6f, 0x72, 0x65, 1026 0x2e, 0x76, 0x33, 0x2e, 0x44, 0x61, 0x74, 0x61, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x42, 0x06, 1027 0xb8, 0xb7, 0x8b, 0xa4, 0x02, 0x01, 0x52, 0x0a, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 1028 0x65, 0x79, 0x12, 0x53, 0x0a, 0x11, 0x77, 0x61, 0x74, 0x63, 0x68, 0x65, 0x64, 0x5f, 0x64, 0x69, 1029 0x72, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x79, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 1030 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x63, 0x6f, 0x72, 1031 0x65, 0x2e, 0x76, 0x33, 0x2e, 0x57, 0x61, 0x74, 0x63, 0x68, 0x65, 0x64, 0x44, 0x69, 0x72, 0x65, 1032 0x63, 0x74, 0x6f, 0x72, 0x79, 0x52, 0x10, 0x77, 0x61, 0x74, 0x63, 0x68, 0x65, 0x64, 0x44, 0x69, 1033 0x72, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x79, 0x12, 0x6f, 0x0a, 0x14, 0x70, 0x72, 0x69, 0x76, 0x61, 1034 0x74, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x18, 1035 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3d, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x65, 0x78, 1036 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 1037 0x72, 0x74, 0x5f, 0x73, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x73, 0x2e, 0x74, 0x6c, 0x73, 0x2e, 0x76, 1038 0x33, 0x2e, 0x50, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x50, 0x72, 0x6f, 0x76, 1039 0x69, 0x64, 0x65, 0x72, 0x52, 0x12, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 1040 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x12, 0x44, 0x0a, 0x08, 0x70, 0x61, 0x73, 0x73, 1041 0x77, 0x6f, 0x72, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x65, 0x6e, 0x76, 1042 0x6f, 0x79, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x76, 1043 0x33, 0x2e, 0x44, 0x61, 0x74, 0x61, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x42, 0x06, 0xb8, 0xb7, 1044 0x8b, 0xa4, 0x02, 0x01, 0x52, 0x08, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x12, 0x41, 1045 0x0a, 0x0b, 0x6f, 0x63, 0x73, 0x70, 0x5f, 0x73, 0x74, 0x61, 0x70, 0x6c, 0x65, 0x18, 0x04, 0x20, 1046 0x01, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 1047 0x69, 0x67, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x76, 0x33, 0x2e, 0x44, 0x61, 0x74, 0x61, 0x53, 1048 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x0a, 0x6f, 0x63, 0x73, 0x70, 0x53, 0x74, 0x61, 0x70, 0x6c, 1049 0x65, 0x12, 0x62, 0x0a, 0x1c, 0x73, 0x69, 0x67, 0x6e, 0x65, 0x64, 0x5f, 0x63, 0x65, 0x72, 0x74, 1050 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 1051 0x70, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 1052 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x76, 0x33, 0x2e, 0x44, 1053 0x61, 0x74, 0x61, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x1a, 0x73, 0x69, 0x67, 0x6e, 0x65, 1054 0x64, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x54, 0x69, 0x6d, 0x65, 1055 0x73, 0x74, 0x61, 0x6d, 0x70, 0x3a, 0x27, 0x9a, 0xc5, 0x88, 0x1e, 0x22, 0x0a, 0x20, 0x65, 0x6e, 1056 0x76, 0x6f, 0x79, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x32, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x2e, 1057 0x54, 0x6c, 0x73, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x22, 0x8b, 1058 0x01, 0x0a, 0x14, 0x54, 0x6c, 0x73, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x54, 0x69, 0x63, 1059 0x6b, 0x65, 0x74, 0x4b, 0x65, 0x79, 0x73, 0x12, 0x44, 0x0a, 0x04, 0x6b, 0x65, 0x79, 0x73, 0x18, 1060 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x63, 0x6f, 1061 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x76, 0x33, 0x2e, 0x44, 0x61, 0x74, 1062 0x61, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x42, 0x0e, 0xfa, 0x42, 0x05, 0x92, 0x01, 0x02, 0x08, 1063 0x01, 0xb8, 0xb7, 0x8b, 0xa4, 0x02, 0x01, 0x52, 0x04, 0x6b, 0x65, 0x79, 0x73, 0x3a, 0x2d, 0x9a, 1064 0xc5, 0x88, 0x1e, 0x28, 0x0a, 0x26, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x61, 0x70, 0x69, 0x2e, 1065 0x76, 0x32, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x2e, 0x54, 0x6c, 0x73, 0x53, 0x65, 0x73, 0x73, 0x69, 1066 0x6f, 0x6e, 0x54, 0x69, 0x63, 0x6b, 0x65, 0x74, 0x4b, 0x65, 0x79, 0x73, 0x22, 0x73, 0x0a, 0x21, 1067 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x50, 0x72, 0x6f, 0x76, 0x69, 1068 0x64, 0x65, 0x72, 0x50, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 1069 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x5f, 0x6e, 0x61, 1070 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, 1071 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x29, 0x0a, 0x10, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 1072 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 1073 0x52, 0x0f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x4e, 0x61, 0x6d, 1074 0x65, 0x22, 0xc5, 0x0a, 0x0a, 0x1c, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 1075 0x65, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x74, 0x65, 1076 0x78, 0x74, 0x12, 0x57, 0x0a, 0x0a, 0x74, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x5f, 0x63, 0x61, 1077 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x63, 1078 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x76, 0x33, 0x2e, 0x44, 0x61, 1079 0x74, 0x61, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x42, 0x16, 0xf2, 0x98, 0xfe, 0x8f, 0x05, 0x10, 1080 0x12, 0x0e, 0x63, 0x61, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x5f, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 1081 0x52, 0x09, 0x74, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x43, 0x61, 0x12, 0xad, 0x01, 0x0a, 0x20, 1082 0x63, 0x61, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x70, 1083 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x5f, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 1084 0x18, 0x0d, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x4c, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x65, 1085 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 1086 0x6f, 0x72, 0x74, 0x5f, 0x73, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x73, 0x2e, 0x74, 0x6c, 0x73, 0x2e, 1087 0x76, 0x33, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x50, 0x72, 1088 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x50, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x49, 0x6e, 0x73, 0x74, 1089 0x61, 0x6e, 0x63, 0x65, 0x42, 0x16, 0xf2, 0x98, 0xfe, 0x8f, 0x05, 0x10, 0x12, 0x0e, 0x63, 0x61, 1090 0x5f, 0x63, 0x65, 0x72, 0x74, 0x5f, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x1d, 0x63, 0x61, 1091 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x50, 0x72, 0x6f, 0x76, 0x69, 1092 0x64, 0x65, 0x72, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x12, 0x53, 0x0a, 0x11, 0x77, 1093 0x61, 0x74, 0x63, 0x68, 0x65, 0x64, 0x5f, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x79, 1094 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x63, 1095 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x76, 0x33, 0x2e, 0x57, 0x61, 1096 0x74, 0x63, 0x68, 0x65, 0x64, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x79, 0x52, 0x10, 1097 0x77, 0x61, 0x74, 0x63, 0x68, 0x65, 0x64, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x79, 1098 0x12, 0x46, 0x0a, 0x17, 0x76, 0x65, 0x72, 0x69, 0x66, 0x79, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, 1099 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x73, 0x70, 0x6b, 0x69, 0x18, 0x03, 0x20, 0x03, 0x28, 1100 0x09, 0x42, 0x0e, 0xfa, 0x42, 0x0b, 0x92, 0x01, 0x08, 0x22, 0x06, 0x72, 0x04, 0x10, 0x2c, 0x28, 1101 0x2c, 0x52, 0x15, 0x76, 0x65, 0x72, 0x69, 0x66, 0x79, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 1102 0x63, 0x61, 0x74, 0x65, 0x53, 0x70, 0x6b, 0x69, 0x12, 0x46, 0x0a, 0x17, 0x76, 0x65, 0x72, 0x69, 1103 0x66, 0x79, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x68, 1104 0x61, 0x73, 0x68, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x42, 0x0e, 0xfa, 0x42, 0x0b, 0x92, 0x01, 1105 0x08, 0x22, 0x06, 0x72, 0x04, 0x10, 0x40, 0x28, 0x5f, 0x52, 0x15, 0x76, 0x65, 0x72, 0x69, 0x66, 1106 0x79, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x48, 0x61, 0x73, 0x68, 1107 0x12, 0x5b, 0x0a, 0x17, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x5f, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 1108 0x74, 0x5f, 0x61, 0x6c, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x18, 0x09, 0x20, 0x03, 0x28, 1109 0x0b, 0x32, 0x24, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x2e, 0x6d, 1110 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x2e, 0x76, 0x33, 0x2e, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 1111 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x52, 0x14, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x53, 0x75, 1112 0x62, 0x6a, 0x65, 0x63, 0x74, 0x41, 0x6c, 0x74, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x6b, 0x0a, 1113 0x24, 0x72, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x5f, 0x73, 0x69, 0x67, 0x6e, 0x65, 0x64, 0x5f, 1114 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x74, 0x69, 0x6d, 0x65, 1115 0x73, 0x74, 0x61, 0x6d, 0x70, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 1116 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 1117 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x21, 0x72, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 1118 0x53, 0x69, 0x67, 0x6e, 0x65, 0x64, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 1119 0x65, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x12, 0x32, 0x0a, 0x03, 0x63, 0x72, 1120 0x6c, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 1121 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x76, 0x33, 0x2e, 0x44, 1122 0x61, 0x74, 0x61, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x03, 0x63, 0x72, 0x6c, 0x12, 0x3a, 1123 0x0a, 0x19, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x5f, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x64, 0x5f, 1124 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 1125 0x08, 0x52, 0x17, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x45, 0x78, 0x70, 0x69, 0x72, 0x65, 0x64, 0x43, 1126 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0xa2, 0x01, 0x0a, 0x18, 0x74, 1127 0x72, 0x75, 0x73, 0x74, 0x5f, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x5f, 0x76, 0x65, 0x72, 0x69, 0x66, 1128 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x5e, 0x2e, 1129 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x73, 1130 0x2e, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x73, 0x6f, 0x63, 0x6b, 0x65, 1131 0x74, 0x73, 0x2e, 0x74, 0x6c, 0x73, 0x2e, 0x76, 0x33, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 1132 0x69, 0x63, 0x61, 0x74, 0x65, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 1133 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x2e, 0x54, 0x72, 0x75, 0x73, 0x74, 0x43, 0x68, 0x61, 0x69, 1134 0x6e, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x08, 0xfa, 1135 0x42, 0x05, 0x82, 0x01, 0x02, 0x10, 0x01, 0x52, 0x16, 0x74, 0x72, 0x75, 0x73, 0x74, 0x43, 0x68, 1136 0x61, 0x69, 0x6e, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 1137 0x62, 0x0a, 0x17, 0x63, 0x75, 0x73, 0x74, 0x6f, 0x6d, 0x5f, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 1138 0x74, 0x6f, 0x72, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0b, 1139 0x32, 0x2a, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 1140 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x76, 0x33, 0x2e, 0x54, 0x79, 0x70, 0x65, 0x64, 0x45, 0x78, 0x74, 1141 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x15, 0x63, 0x75, 1142 0x73, 0x74, 0x6f, 0x6d, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x6f, 0x72, 0x43, 0x6f, 0x6e, 1143 0x66, 0x69, 0x67, 0x12, 0x6f, 0x0a, 0x2f, 0x68, 0x69, 0x64, 0x64, 0x65, 0x6e, 0x5f, 0x65, 0x6e, 1144 0x76, 0x6f, 0x79, 0x5f, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x76, 1145 0x65, 0x72, 0x69, 0x66, 0x79, 0x5f, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x61, 0x6c, 1146 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, 0x42, 0x0b, 0x18, 0x01, 1147 0x92, 0xc7, 0x86, 0xd8, 0x04, 0x03, 0x33, 0x2e, 0x30, 0x52, 0x29, 0x68, 0x69, 0x64, 0x64, 0x65, 1148 0x6e, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x44, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 1149 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x41, 0x6c, 0x74, 1150 0x4e, 0x61, 0x6d, 0x65, 0x22, 0x46, 0x0a, 0x16, 0x54, 0x72, 0x75, 0x73, 0x74, 0x43, 0x68, 0x61, 1151 0x69, 0x6e, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x16, 1152 0x0a, 0x12, 0x56, 0x45, 0x52, 0x49, 0x46, 0x59, 0x5f, 0x54, 0x52, 0x55, 0x53, 0x54, 0x5f, 0x43, 1153 0x48, 0x41, 0x49, 0x4e, 0x10, 0x00, 0x12, 0x14, 0x0a, 0x10, 0x41, 0x43, 0x43, 0x45, 0x50, 0x54, 1154 0x5f, 0x55, 0x4e, 0x54, 0x52, 0x55, 0x53, 0x54, 0x45, 0x44, 0x10, 0x01, 0x3a, 0x35, 0x9a, 0xc5, 1155 0x88, 0x1e, 0x30, 0x0a, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 1156 0x32, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 1157 0x74, 0x65, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x74, 1158 0x65, 0x78, 0x74, 0x4a, 0x04, 0x08, 0x05, 0x10, 0x06, 0x42, 0x50, 0x0a, 0x37, 0x69, 0x6f, 0x2e, 1159 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 1160 0x2e, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x74, 0x72, 0x61, 0x6e, 1161 0x73, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x73, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x73, 0x2e, 0x74, 0x6c, 1162 0x73, 0x2e, 0x76, 0x33, 0x42, 0x0b, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x74, 1163 0x6f, 0x50, 0x01, 0xba, 0x80, 0xc8, 0xd1, 0x06, 0x02, 0x10, 0x02, 0x62, 0x06, 0x70, 0x72, 0x6f, 1164 0x74, 0x6f, 0x33, 1165 } 1166 1167 var ( 1168 file_envoy_extensions_transport_sockets_tls_v3_common_proto_rawDescOnce sync.Once 1169 file_envoy_extensions_transport_sockets_tls_v3_common_proto_rawDescData = file_envoy_extensions_transport_sockets_tls_v3_common_proto_rawDesc 1170 ) 1171 1172 func file_envoy_extensions_transport_sockets_tls_v3_common_proto_rawDescGZIP() []byte { 1173 file_envoy_extensions_transport_sockets_tls_v3_common_proto_rawDescOnce.Do(func() { 1174 file_envoy_extensions_transport_sockets_tls_v3_common_proto_rawDescData = protoimpl.X.CompressGZIP(file_envoy_extensions_transport_sockets_tls_v3_common_proto_rawDescData) 1175 }) 1176 return file_envoy_extensions_transport_sockets_tls_v3_common_proto_rawDescData 1177 } 1178 1179 var file_envoy_extensions_transport_sockets_tls_v3_common_proto_enumTypes = make([]protoimpl.EnumInfo, 2) 1180 var file_envoy_extensions_transport_sockets_tls_v3_common_proto_msgTypes = make([]protoimpl.MessageInfo, 6) 1181 var file_envoy_extensions_transport_sockets_tls_v3_common_proto_goTypes = []interface{}{ 1182 (TlsParameters_TlsProtocol)(0), // 0: envoy.extensions.transport_sockets.tls.v3.TlsParameters.TlsProtocol 1183 (CertificateValidationContext_TrustChainVerification)(0), // 1: envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext.TrustChainVerification 1184 (*TlsParameters)(nil), // 2: envoy.extensions.transport_sockets.tls.v3.TlsParameters 1185 (*PrivateKeyProvider)(nil), // 3: envoy.extensions.transport_sockets.tls.v3.PrivateKeyProvider 1186 (*TlsCertificate)(nil), // 4: envoy.extensions.transport_sockets.tls.v3.TlsCertificate 1187 (*TlsSessionTicketKeys)(nil), // 5: envoy.extensions.transport_sockets.tls.v3.TlsSessionTicketKeys 1188 (*CertificateProviderPluginInstance)(nil), // 6: envoy.extensions.transport_sockets.tls.v3.CertificateProviderPluginInstance 1189 (*CertificateValidationContext)(nil), // 7: envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext 1190 (*any.Any)(nil), // 8: google.protobuf.Any 1191 (*_struct.Struct)(nil), // 9: google.protobuf.Struct 1192 (*v3.DataSource)(nil), // 10: envoy.config.core.v3.DataSource 1193 (*v3.WatchedDirectory)(nil), // 11: envoy.config.core.v3.WatchedDirectory 1194 (*v31.StringMatcher)(nil), // 12: envoy.type.matcher.v3.StringMatcher 1195 (*wrappers.BoolValue)(nil), // 13: google.protobuf.BoolValue 1196 (*v3.TypedExtensionConfig)(nil), // 14: envoy.config.core.v3.TypedExtensionConfig 1197 } 1198 var file_envoy_extensions_transport_sockets_tls_v3_common_proto_depIdxs = []int32{ 1199 0, // 0: envoy.extensions.transport_sockets.tls.v3.TlsParameters.tls_minimum_protocol_version:type_name -> envoy.extensions.transport_sockets.tls.v3.TlsParameters.TlsProtocol 1200 0, // 1: envoy.extensions.transport_sockets.tls.v3.TlsParameters.tls_maximum_protocol_version:type_name -> envoy.extensions.transport_sockets.tls.v3.TlsParameters.TlsProtocol 1201 8, // 2: envoy.extensions.transport_sockets.tls.v3.PrivateKeyProvider.typed_config:type_name -> google.protobuf.Any 1202 9, // 3: envoy.extensions.transport_sockets.tls.v3.PrivateKeyProvider.hidden_envoy_deprecated_config:type_name -> google.protobuf.Struct 1203 10, // 4: envoy.extensions.transport_sockets.tls.v3.TlsCertificate.certificate_chain:type_name -> envoy.config.core.v3.DataSource 1204 10, // 5: envoy.extensions.transport_sockets.tls.v3.TlsCertificate.private_key:type_name -> envoy.config.core.v3.DataSource 1205 11, // 6: envoy.extensions.transport_sockets.tls.v3.TlsCertificate.watched_directory:type_name -> envoy.config.core.v3.WatchedDirectory 1206 3, // 7: envoy.extensions.transport_sockets.tls.v3.TlsCertificate.private_key_provider:type_name -> envoy.extensions.transport_sockets.tls.v3.PrivateKeyProvider 1207 10, // 8: envoy.extensions.transport_sockets.tls.v3.TlsCertificate.password:type_name -> envoy.config.core.v3.DataSource 1208 10, // 9: envoy.extensions.transport_sockets.tls.v3.TlsCertificate.ocsp_staple:type_name -> envoy.config.core.v3.DataSource 1209 10, // 10: envoy.extensions.transport_sockets.tls.v3.TlsCertificate.signed_certificate_timestamp:type_name -> envoy.config.core.v3.DataSource 1210 10, // 11: envoy.extensions.transport_sockets.tls.v3.TlsSessionTicketKeys.keys:type_name -> envoy.config.core.v3.DataSource 1211 10, // 12: envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext.trusted_ca:type_name -> envoy.config.core.v3.DataSource 1212 6, // 13: envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext.ca_certificate_provider_instance:type_name -> envoy.extensions.transport_sockets.tls.v3.CertificateProviderPluginInstance 1213 11, // 14: envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext.watched_directory:type_name -> envoy.config.core.v3.WatchedDirectory 1214 12, // 15: envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext.match_subject_alt_names:type_name -> envoy.type.matcher.v3.StringMatcher 1215 13, // 16: envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext.require_signed_certificate_timestamp:type_name -> google.protobuf.BoolValue 1216 10, // 17: envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext.crl:type_name -> envoy.config.core.v3.DataSource 1217 1, // 18: envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext.trust_chain_verification:type_name -> envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext.TrustChainVerification 1218 14, // 19: envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext.custom_validator_config:type_name -> envoy.config.core.v3.TypedExtensionConfig 1219 20, // [20:20] is the sub-list for method output_type 1220 20, // [20:20] is the sub-list for method input_type 1221 20, // [20:20] is the sub-list for extension type_name 1222 20, // [20:20] is the sub-list for extension extendee 1223 0, // [0:20] is the sub-list for field type_name 1224 } 1225 1226 func init() { file_envoy_extensions_transport_sockets_tls_v3_common_proto_init() } 1227 func file_envoy_extensions_transport_sockets_tls_v3_common_proto_init() { 1228 if File_envoy_extensions_transport_sockets_tls_v3_common_proto != nil { 1229 return 1230 } 1231 if !protoimpl.UnsafeEnabled { 1232 file_envoy_extensions_transport_sockets_tls_v3_common_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { 1233 switch v := v.(*TlsParameters); i { 1234 case 0: 1235 return &v.state 1236 case 1: 1237 return &v.sizeCache 1238 case 2: 1239 return &v.unknownFields 1240 default: 1241 return nil 1242 } 1243 } 1244 file_envoy_extensions_transport_sockets_tls_v3_common_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { 1245 switch v := v.(*PrivateKeyProvider); i { 1246 case 0: 1247 return &v.state 1248 case 1: 1249 return &v.sizeCache 1250 case 2: 1251 return &v.unknownFields 1252 default: 1253 return nil 1254 } 1255 } 1256 file_envoy_extensions_transport_sockets_tls_v3_common_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { 1257 switch v := v.(*TlsCertificate); i { 1258 case 0: 1259 return &v.state 1260 case 1: 1261 return &v.sizeCache 1262 case 2: 1263 return &v.unknownFields 1264 default: 1265 return nil 1266 } 1267 } 1268 file_envoy_extensions_transport_sockets_tls_v3_common_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { 1269 switch v := v.(*TlsSessionTicketKeys); i { 1270 case 0: 1271 return &v.state 1272 case 1: 1273 return &v.sizeCache 1274 case 2: 1275 return &v.unknownFields 1276 default: 1277 return nil 1278 } 1279 } 1280 file_envoy_extensions_transport_sockets_tls_v3_common_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { 1281 switch v := v.(*CertificateProviderPluginInstance); i { 1282 case 0: 1283 return &v.state 1284 case 1: 1285 return &v.sizeCache 1286 case 2: 1287 return &v.unknownFields 1288 default: 1289 return nil 1290 } 1291 } 1292 file_envoy_extensions_transport_sockets_tls_v3_common_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { 1293 switch v := v.(*CertificateValidationContext); i { 1294 case 0: 1295 return &v.state 1296 case 1: 1297 return &v.sizeCache 1298 case 2: 1299 return &v.unknownFields 1300 default: 1301 return nil 1302 } 1303 } 1304 } 1305 file_envoy_extensions_transport_sockets_tls_v3_common_proto_msgTypes[1].OneofWrappers = []interface{}{ 1306 (*PrivateKeyProvider_TypedConfig)(nil), 1307 (*PrivateKeyProvider_HiddenEnvoyDeprecatedConfig)(nil), 1308 } 1309 type x struct{} 1310 out := protoimpl.TypeBuilder{ 1311 File: protoimpl.DescBuilder{ 1312 GoPackagePath: reflect.TypeOf(x{}).PkgPath(), 1313 RawDescriptor: file_envoy_extensions_transport_sockets_tls_v3_common_proto_rawDesc, 1314 NumEnums: 2, 1315 NumMessages: 6, 1316 NumExtensions: 0, 1317 NumServices: 0, 1318 }, 1319 GoTypes: file_envoy_extensions_transport_sockets_tls_v3_common_proto_goTypes, 1320 DependencyIndexes: file_envoy_extensions_transport_sockets_tls_v3_common_proto_depIdxs, 1321 EnumInfos: file_envoy_extensions_transport_sockets_tls_v3_common_proto_enumTypes, 1322 MessageInfos: file_envoy_extensions_transport_sockets_tls_v3_common_proto_msgTypes, 1323 }.Build() 1324 File_envoy_extensions_transport_sockets_tls_v3_common_proto = out.File 1325 file_envoy_extensions_transport_sockets_tls_v3_common_proto_rawDesc = nil 1326 file_envoy_extensions_transport_sockets_tls_v3_common_proto_goTypes = nil 1327 file_envoy_extensions_transport_sockets_tls_v3_common_proto_depIdxs = nil 1328 }