Documentation ¶
Index ¶
- Variables
- type AlpnPolicy
- func (*AlpnPolicy) Descriptor() ([]byte, []int)deprecated
- func (x *AlpnPolicy) GetAlpnProtocols() []AlpnProtocol
- func (x *AlpnPolicy) GetEnableAlpnNegotiation() bool
- func (*AlpnPolicy) ProtoMessage()
- func (x *AlpnPolicy) ProtoReflect() protoreflect.Message
- func (x *AlpnPolicy) Reset()
- func (x *AlpnPolicy) String() string
- type AlpnProtocol
- func (AlpnProtocol) Descriptor() protoreflect.EnumDescriptor
- func (x AlpnProtocol) Enum() *AlpnProtocol
- func (AlpnProtocol) EnumDescriptor() ([]byte, []int)deprecated
- func (x AlpnProtocol) Number() protoreflect.EnumNumber
- func (x AlpnProtocol) String() string
- func (AlpnProtocol) Type() protoreflect.EnumType
- type AuthenticationMechanism
- func (*AuthenticationMechanism) Descriptor() ([]byte, []int)deprecated
- func (x *AuthenticationMechanism) GetIdentity() *Identity
- func (m *AuthenticationMechanism) GetMechanismOneof() isAuthenticationMechanism_MechanismOneof
- func (x *AuthenticationMechanism) GetToken() string
- func (*AuthenticationMechanism) ProtoMessage()
- func (x *AuthenticationMechanism) ProtoReflect() protoreflect.Message
- func (x *AuthenticationMechanism) Reset()
- func (x *AuthenticationMechanism) String() string
- type AuthenticationMechanism_Token
- type Ciphersuite
- func (Ciphersuite) Descriptor() protoreflect.EnumDescriptor
- func (x Ciphersuite) Enum() *Ciphersuite
- func (Ciphersuite) EnumDescriptor() ([]byte, []int)deprecated
- func (x Ciphersuite) Number() protoreflect.EnumNumber
- func (x Ciphersuite) String() string
- func (Ciphersuite) Type() protoreflect.EnumType
- type ConnectionSide
- func (ConnectionSide) Descriptor() protoreflect.EnumDescriptor
- func (x ConnectionSide) Enum() *ConnectionSide
- func (ConnectionSide) EnumDescriptor() ([]byte, []int)deprecated
- func (x ConnectionSide) Number() protoreflect.EnumNumber
- func (x ConnectionSide) String() string
- func (ConnectionSide) Type() protoreflect.EnumType
- type GetTlsConfigurationReq
- func (*GetTlsConfigurationReq) Descriptor() ([]byte, []int)deprecated
- func (x *GetTlsConfigurationReq) GetConnectionSide() ConnectionSide
- func (x *GetTlsConfigurationReq) GetSni() string
- func (*GetTlsConfigurationReq) ProtoMessage()
- func (x *GetTlsConfigurationReq) ProtoReflect() protoreflect.Message
- func (x *GetTlsConfigurationReq) Reset()
- func (x *GetTlsConfigurationReq) String() string
- type GetTlsConfigurationResp
- func (*GetTlsConfigurationResp) Descriptor() ([]byte, []int)deprecated
- func (x *GetTlsConfigurationResp) GetClientTlsConfiguration() *GetTlsConfigurationResp_ClientTlsConfiguration
- func (x *GetTlsConfigurationResp) GetServerTlsConfiguration() *GetTlsConfigurationResp_ServerTlsConfiguration
- func (m *GetTlsConfigurationResp) GetTlsConfiguration() isGetTlsConfigurationResp_TlsConfiguration
- func (*GetTlsConfigurationResp) ProtoMessage()
- func (x *GetTlsConfigurationResp) ProtoReflect() protoreflect.Message
- func (x *GetTlsConfigurationResp) Reset()
- func (x *GetTlsConfigurationResp) String() string
- type GetTlsConfigurationResp_ClientTlsConfiguration
- func (*GetTlsConfigurationResp_ClientTlsConfiguration) Descriptor() ([]byte, []int)deprecated
- func (x *GetTlsConfigurationResp_ClientTlsConfiguration) GetAlpnPolicy() *AlpnPolicy
- func (x *GetTlsConfigurationResp_ClientTlsConfiguration) GetCertificateChain() []string
- func (x *GetTlsConfigurationResp_ClientTlsConfiguration) GetCiphersuites() []Ciphersuite
- func (x *GetTlsConfigurationResp_ClientTlsConfiguration) GetMaxTlsVersion() TLSVersion
- func (x *GetTlsConfigurationResp_ClientTlsConfiguration) GetMinTlsVersion() TLSVersion
- func (*GetTlsConfigurationResp_ClientTlsConfiguration) ProtoMessage()
- func (x *GetTlsConfigurationResp_ClientTlsConfiguration) ProtoReflect() protoreflect.Message
- func (x *GetTlsConfigurationResp_ClientTlsConfiguration) Reset()
- func (x *GetTlsConfigurationResp_ClientTlsConfiguration) String() string
- type GetTlsConfigurationResp_ClientTlsConfiguration_
- type GetTlsConfigurationResp_ServerTlsConfiguration
- func (*GetTlsConfigurationResp_ServerTlsConfiguration) Descriptor() ([]byte, []int)deprecated
- func (x *GetTlsConfigurationResp_ServerTlsConfiguration) GetAlpnPolicy() *AlpnPolicy
- func (x *GetTlsConfigurationResp_ServerTlsConfiguration) GetCertificateChain() []string
- func (x *GetTlsConfigurationResp_ServerTlsConfiguration) GetCiphersuites() []Ciphersuite
- func (x *GetTlsConfigurationResp_ServerTlsConfiguration) GetMaxOverheadOfTicketAead() uint32
- func (x *GetTlsConfigurationResp_ServerTlsConfiguration) GetMaxTlsVersion() TLSVersion
- func (x *GetTlsConfigurationResp_ServerTlsConfiguration) GetMinTlsVersion() TLSVersion
- func (x *GetTlsConfigurationResp_ServerTlsConfiguration) GetRequestClientCertificate() GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate
- func (x *GetTlsConfigurationResp_ServerTlsConfiguration) GetTlsResumptionEnabled() bool
- func (*GetTlsConfigurationResp_ServerTlsConfiguration) ProtoMessage()
- func (x *GetTlsConfigurationResp_ServerTlsConfiguration) ProtoReflect() protoreflect.Message
- func (x *GetTlsConfigurationResp_ServerTlsConfiguration) Reset()
- func (x *GetTlsConfigurationResp_ServerTlsConfiguration) String() string
- type GetTlsConfigurationResp_ServerTlsConfiguration_
- type GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate
- func (GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate) Descriptor() protoreflect.EnumDescriptor
- func (x GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate) Enum() *GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate
- func (GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate) EnumDescriptor() ([]byte, []int)deprecated
- func (x GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate) Number() protoreflect.EnumNumber
- func (x GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate) String() string
- func (GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate) Type() protoreflect.EnumType
- type Identity
- func (*Identity) Descriptor() ([]byte, []int)deprecated
- func (x *Identity) GetAttributes() map[string]string
- func (x *Identity) GetGcpId() string
- func (x *Identity) GetHostname() string
- func (m *Identity) GetIdentityOneof() isIdentity_IdentityOneof
- func (x *Identity) GetSpiffeId() string
- func (x *Identity) GetUid() string
- func (x *Identity) GetUsername() string
- func (*Identity) ProtoMessage()
- func (x *Identity) ProtoReflect() protoreflect.Message
- func (x *Identity) Reset()
- func (x *Identity) String() string
- type Identity_GcpId
- type Identity_Hostname
- type Identity_SpiffeId
- type Identity_Uid
- type Identity_Username
- type OffloadPrivateKeyOperationReq
- func (*OffloadPrivateKeyOperationReq) Descriptor() ([]byte, []int)deprecated
- func (m *OffloadPrivateKeyOperationReq) GetInBytes() isOffloadPrivateKeyOperationReq_InBytes
- func (x *OffloadPrivateKeyOperationReq) GetOperation() OffloadPrivateKeyOperationReq_PrivateKeyOperation
- func (x *OffloadPrivateKeyOperationReq) GetRawBytes() []byte
- func (x *OffloadPrivateKeyOperationReq) GetSha256Digest() []byte
- func (x *OffloadPrivateKeyOperationReq) GetSha384Digest() []byte
- func (x *OffloadPrivateKeyOperationReq) GetSha512Digest() []byte
- func (x *OffloadPrivateKeyOperationReq) GetSignatureAlgorithm() SignatureAlgorithm
- func (*OffloadPrivateKeyOperationReq) ProtoMessage()
- func (x *OffloadPrivateKeyOperationReq) ProtoReflect() protoreflect.Message
- func (x *OffloadPrivateKeyOperationReq) Reset()
- func (x *OffloadPrivateKeyOperationReq) String() string
- type OffloadPrivateKeyOperationReq_PrivateKeyOperation
- func (OffloadPrivateKeyOperationReq_PrivateKeyOperation) Descriptor() protoreflect.EnumDescriptor
- func (x OffloadPrivateKeyOperationReq_PrivateKeyOperation) Enum() *OffloadPrivateKeyOperationReq_PrivateKeyOperation
- func (OffloadPrivateKeyOperationReq_PrivateKeyOperation) EnumDescriptor() ([]byte, []int)deprecated
- func (x OffloadPrivateKeyOperationReq_PrivateKeyOperation) Number() protoreflect.EnumNumber
- func (x OffloadPrivateKeyOperationReq_PrivateKeyOperation) String() string
- func (OffloadPrivateKeyOperationReq_PrivateKeyOperation) Type() protoreflect.EnumType
- type OffloadPrivateKeyOperationReq_RawBytes
- type OffloadPrivateKeyOperationReq_Sha256Digest
- type OffloadPrivateKeyOperationReq_Sha384Digest
- type OffloadPrivateKeyOperationReq_Sha512Digest
- type OffloadPrivateKeyOperationResp
- func (*OffloadPrivateKeyOperationResp) Descriptor() ([]byte, []int)deprecated
- func (x *OffloadPrivateKeyOperationResp) GetOutBytes() []byte
- func (*OffloadPrivateKeyOperationResp) ProtoMessage()
- func (x *OffloadPrivateKeyOperationResp) ProtoReflect() protoreflect.Message
- func (x *OffloadPrivateKeyOperationResp) Reset()
- func (x *OffloadPrivateKeyOperationResp) String() string
- type OffloadResumptionKeyOperationReq
- func (*OffloadResumptionKeyOperationReq) Descriptor() ([]byte, []int)deprecated
- func (x *OffloadResumptionKeyOperationReq) GetInBytes() []byte
- func (x *OffloadResumptionKeyOperationReq) GetOperation() OffloadResumptionKeyOperationReq_ResumptionKeyOperation
- func (*OffloadResumptionKeyOperationReq) ProtoMessage()
- func (x *OffloadResumptionKeyOperationReq) ProtoReflect() protoreflect.Message
- func (x *OffloadResumptionKeyOperationReq) Reset()
- func (x *OffloadResumptionKeyOperationReq) String() string
- type OffloadResumptionKeyOperationReq_ResumptionKeyOperation
- func (OffloadResumptionKeyOperationReq_ResumptionKeyOperation) Descriptor() protoreflect.EnumDescriptor
- func (x OffloadResumptionKeyOperationReq_ResumptionKeyOperation) Enum() *OffloadResumptionKeyOperationReq_ResumptionKeyOperation
- func (OffloadResumptionKeyOperationReq_ResumptionKeyOperation) EnumDescriptor() ([]byte, []int)deprecated
- func (x OffloadResumptionKeyOperationReq_ResumptionKeyOperation) Number() protoreflect.EnumNumber
- func (x OffloadResumptionKeyOperationReq_ResumptionKeyOperation) String() string
- func (OffloadResumptionKeyOperationReq_ResumptionKeyOperation) Type() protoreflect.EnumType
- type OffloadResumptionKeyOperationResp
- func (*OffloadResumptionKeyOperationResp) Descriptor() ([]byte, []int)deprecated
- func (x *OffloadResumptionKeyOperationResp) GetOutBytes() []byte
- func (*OffloadResumptionKeyOperationResp) ProtoMessage()
- func (x *OffloadResumptionKeyOperationResp) ProtoReflect() protoreflect.Message
- func (x *OffloadResumptionKeyOperationResp) Reset()
- func (x *OffloadResumptionKeyOperationResp) String() string
- type S2AContext
- func (*S2AContext) Descriptor() ([]byte, []int)deprecated
- func (x *S2AContext) GetLeafCertDnsnames() []string
- func (x *S2AContext) GetLeafCertSpiffeId() string
- func (x *S2AContext) GetLeafCertUris() []string
- func (x *S2AContext) GetLocalIdentity() *Identity
- func (x *S2AContext) GetLocalLeafCertFingerprint() []byte
- func (x *S2AContext) GetPeerCertificateChainFingerprints() []string
- func (*S2AContext) ProtoMessage()
- func (x *S2AContext) ProtoReflect() protoreflect.Message
- func (x *S2AContext) Reset()
- func (x *S2AContext) String() string
- type SessionReq
- func (*SessionReq) Descriptor() ([]byte, []int)deprecated
- func (x *SessionReq) GetAuthenticationMechanisms() []*AuthenticationMechanism
- func (x *SessionReq) GetGetTlsConfigurationReq() *GetTlsConfigurationReq
- func (x *SessionReq) GetLocalIdentity() *Identity
- func (x *SessionReq) GetOffloadPrivateKeyOperationReq() *OffloadPrivateKeyOperationReq
- func (x *SessionReq) GetOffloadResumptionKeyOperationReq() *OffloadResumptionKeyOperationReq
- func (m *SessionReq) GetReqOneof() isSessionReq_ReqOneof
- func (x *SessionReq) GetValidatePeerCertificateChainReq() *ValidatePeerCertificateChainReq
- func (*SessionReq) ProtoMessage()
- func (x *SessionReq) ProtoReflect() protoreflect.Message
- func (x *SessionReq) Reset()
- func (x *SessionReq) String() string
- type SessionReq_GetTlsConfigurationReq
- type SessionReq_OffloadPrivateKeyOperationReq
- type SessionReq_OffloadResumptionKeyOperationReq
- type SessionReq_ValidatePeerCertificateChainReq
- type SessionResp
- func (*SessionResp) Descriptor() ([]byte, []int)deprecated
- func (x *SessionResp) GetGetTlsConfigurationResp() *GetTlsConfigurationResp
- func (x *SessionResp) GetOffloadPrivateKeyOperationResp() *OffloadPrivateKeyOperationResp
- func (x *SessionResp) GetOffloadResumptionKeyOperationResp() *OffloadResumptionKeyOperationResp
- func (m *SessionResp) GetRespOneof() isSessionResp_RespOneof
- func (x *SessionResp) GetStatus() *Status
- func (x *SessionResp) GetValidatePeerCertificateChainResp() *ValidatePeerCertificateChainResp
- func (*SessionResp) ProtoMessage()
- func (x *SessionResp) ProtoReflect() protoreflect.Message
- func (x *SessionResp) Reset()
- func (x *SessionResp) String() string
- type SessionResp_GetTlsConfigurationResp
- type SessionResp_OffloadPrivateKeyOperationResp
- type SessionResp_OffloadResumptionKeyOperationResp
- type SessionResp_ValidatePeerCertificateChainResp
- type SignatureAlgorithm
- func (SignatureAlgorithm) Descriptor() protoreflect.EnumDescriptor
- func (x SignatureAlgorithm) Enum() *SignatureAlgorithm
- func (SignatureAlgorithm) EnumDescriptor() ([]byte, []int)deprecated
- func (x SignatureAlgorithm) Number() protoreflect.EnumNumber
- func (x SignatureAlgorithm) String() string
- func (SignatureAlgorithm) Type() protoreflect.EnumType
- type Status
- type TLSVersion
- type ValidatePeerCertificateChainReq
- func (*ValidatePeerCertificateChainReq) Descriptor() ([]byte, []int)deprecated
- func (x *ValidatePeerCertificateChainReq) GetClientPeer() *ValidatePeerCertificateChainReq_ClientPeer
- func (x *ValidatePeerCertificateChainReq) GetMode() ValidatePeerCertificateChainReq_VerificationMode
- func (m *ValidatePeerCertificateChainReq) GetPeerOneof() isValidatePeerCertificateChainReq_PeerOneof
- func (x *ValidatePeerCertificateChainReq) GetServerPeer() *ValidatePeerCertificateChainReq_ServerPeer
- func (*ValidatePeerCertificateChainReq) ProtoMessage()
- func (x *ValidatePeerCertificateChainReq) ProtoReflect() protoreflect.Message
- func (x *ValidatePeerCertificateChainReq) Reset()
- func (x *ValidatePeerCertificateChainReq) String() string
- type ValidatePeerCertificateChainReq_ClientPeer
- func (*ValidatePeerCertificateChainReq_ClientPeer) Descriptor() ([]byte, []int)deprecated
- func (x *ValidatePeerCertificateChainReq_ClientPeer) GetCertificateChain() [][]byte
- func (*ValidatePeerCertificateChainReq_ClientPeer) ProtoMessage()
- func (x *ValidatePeerCertificateChainReq_ClientPeer) ProtoReflect() protoreflect.Message
- func (x *ValidatePeerCertificateChainReq_ClientPeer) Reset()
- func (x *ValidatePeerCertificateChainReq_ClientPeer) String() string
- type ValidatePeerCertificateChainReq_ClientPeer_
- type ValidatePeerCertificateChainReq_ServerPeer
- func (*ValidatePeerCertificateChainReq_ServerPeer) Descriptor() ([]byte, []int)deprecated
- func (x *ValidatePeerCertificateChainReq_ServerPeer) GetCertificateChain() [][]byte
- func (x *ValidatePeerCertificateChainReq_ServerPeer) GetSerializedUnrestrictedClientPolicy() []byte
- func (x *ValidatePeerCertificateChainReq_ServerPeer) GetServerHostname() string
- func (*ValidatePeerCertificateChainReq_ServerPeer) ProtoMessage()
- func (x *ValidatePeerCertificateChainReq_ServerPeer) ProtoReflect() protoreflect.Message
- func (x *ValidatePeerCertificateChainReq_ServerPeer) Reset()
- func (x *ValidatePeerCertificateChainReq_ServerPeer) String() string
- type ValidatePeerCertificateChainReq_ServerPeer_
- type ValidatePeerCertificateChainReq_VerificationMode
- func (ValidatePeerCertificateChainReq_VerificationMode) Descriptor() protoreflect.EnumDescriptor
- func (x ValidatePeerCertificateChainReq_VerificationMode) Enum() *ValidatePeerCertificateChainReq_VerificationMode
- func (ValidatePeerCertificateChainReq_VerificationMode) EnumDescriptor() ([]byte, []int)deprecated
- func (x ValidatePeerCertificateChainReq_VerificationMode) Number() protoreflect.EnumNumber
- func (x ValidatePeerCertificateChainReq_VerificationMode) String() string
- func (ValidatePeerCertificateChainReq_VerificationMode) Type() protoreflect.EnumType
- type ValidatePeerCertificateChainResp
- func (*ValidatePeerCertificateChainResp) Descriptor() ([]byte, []int)deprecated
- func (x *ValidatePeerCertificateChainResp) GetContext() *S2AContext
- func (x *ValidatePeerCertificateChainResp) GetValidationDetails() string
- func (x *ValidatePeerCertificateChainResp) GetValidationResult() ValidatePeerCertificateChainResp_ValidationResult
- func (*ValidatePeerCertificateChainResp) ProtoMessage()
- func (x *ValidatePeerCertificateChainResp) ProtoReflect() protoreflect.Message
- func (x *ValidatePeerCertificateChainResp) Reset()
- func (x *ValidatePeerCertificateChainResp) String() string
- type ValidatePeerCertificateChainResp_ValidationResult
- func (ValidatePeerCertificateChainResp_ValidationResult) Descriptor() protoreflect.EnumDescriptor
- func (x ValidatePeerCertificateChainResp_ValidationResult) Enum() *ValidatePeerCertificateChainResp_ValidationResult
- func (ValidatePeerCertificateChainResp_ValidationResult) EnumDescriptor() ([]byte, []int)deprecated
- func (x ValidatePeerCertificateChainResp_ValidationResult) Number() protoreflect.EnumNumber
- func (x ValidatePeerCertificateChainResp_ValidationResult) String() string
- func (ValidatePeerCertificateChainResp_ValidationResult) Type() protoreflect.EnumType
Constants ¶
This section is empty.
Variables ¶
var ( Ciphersuite_name = map[int32]string{ 0: "CIPHERSUITE_UNSPECIFIED", 1: "CIPHERSUITE_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", 2: "CIPHERSUITE_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", 3: "CIPHERSUITE_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", 4: "CIPHERSUITE_ECDHE_RSA_WITH_AES_128_GCM_SHA256", 5: "CIPHERSUITE_ECDHE_RSA_WITH_AES_256_GCM_SHA384", 6: "CIPHERSUITE_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", } Ciphersuite_value = map[string]int32{ "CIPHERSUITE_UNSPECIFIED": 0, "CIPHERSUITE_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256": 1, "CIPHERSUITE_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384": 2, "CIPHERSUITE_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256": 3, "CIPHERSUITE_ECDHE_RSA_WITH_AES_128_GCM_SHA256": 4, "CIPHERSUITE_ECDHE_RSA_WITH_AES_256_GCM_SHA384": 5, "CIPHERSUITE_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256": 6, } )
Enum value maps for Ciphersuite.
var ( TLSVersion_name = map[int32]string{ 0: "TLS_VERSION_UNSPECIFIED", 1: "TLS_VERSION_1_0", 2: "TLS_VERSION_1_1", 3: "TLS_VERSION_1_2", 4: "TLS_VERSION_1_3", } TLSVersion_value = map[string]int32{ "TLS_VERSION_UNSPECIFIED": 0, "TLS_VERSION_1_0": 1, "TLS_VERSION_1_1": 2, "TLS_VERSION_1_2": 3, "TLS_VERSION_1_3": 4, } )
Enum value maps for TLSVersion.
var ( ConnectionSide_name = map[int32]string{ 0: "CONNECTION_SIDE_UNSPECIFIED", 1: "CONNECTION_SIDE_CLIENT", 2: "CONNECTION_SIDE_SERVER", } ConnectionSide_value = map[string]int32{ "CONNECTION_SIDE_UNSPECIFIED": 0, "CONNECTION_SIDE_CLIENT": 1, "CONNECTION_SIDE_SERVER": 2, } )
Enum value maps for ConnectionSide.
var ( AlpnProtocol_name = map[int32]string{ 0: "ALPN_PROTOCOL_UNSPECIFIED", 1: "ALPN_PROTOCOL_GRPC", 2: "ALPN_PROTOCOL_HTTP2", 3: "ALPN_PROTOCOL_HTTP1_1", } AlpnProtocol_value = map[string]int32{ "ALPN_PROTOCOL_UNSPECIFIED": 0, "ALPN_PROTOCOL_GRPC": 1, "ALPN_PROTOCOL_HTTP2": 2, "ALPN_PROTOCOL_HTTP1_1": 3, } )
Enum value maps for AlpnProtocol.
var ( SignatureAlgorithm_name = map[int32]string{ 0: "S2A_SSL_SIGN_UNSPECIFIED", 1: "S2A_SSL_SIGN_RSA_PKCS1_SHA256", 2: "S2A_SSL_SIGN_RSA_PKCS1_SHA384", 3: "S2A_SSL_SIGN_RSA_PKCS1_SHA512", 4: "S2A_SSL_SIGN_ECDSA_SECP256R1_SHA256", 5: "S2A_SSL_SIGN_ECDSA_SECP384R1_SHA384", 6: "S2A_SSL_SIGN_ECDSA_SECP521R1_SHA512", 7: "S2A_SSL_SIGN_RSA_PSS_RSAE_SHA256", 8: "S2A_SSL_SIGN_RSA_PSS_RSAE_SHA384", 9: "S2A_SSL_SIGN_RSA_PSS_RSAE_SHA512", 10: "S2A_SSL_SIGN_ED25519", } SignatureAlgorithm_value = map[string]int32{ "S2A_SSL_SIGN_UNSPECIFIED": 0, "S2A_SSL_SIGN_RSA_PKCS1_SHA256": 1, "S2A_SSL_SIGN_RSA_PKCS1_SHA384": 2, "S2A_SSL_SIGN_RSA_PKCS1_SHA512": 3, "S2A_SSL_SIGN_ECDSA_SECP256R1_SHA256": 4, "S2A_SSL_SIGN_ECDSA_SECP384R1_SHA384": 5, "S2A_SSL_SIGN_ECDSA_SECP521R1_SHA512": 6, "S2A_SSL_SIGN_RSA_PSS_RSAE_SHA256": 7, "S2A_SSL_SIGN_RSA_PSS_RSAE_SHA384": 8, "S2A_SSL_SIGN_RSA_PSS_RSAE_SHA512": 9, "S2A_SSL_SIGN_ED25519": 10, } )
Enum value maps for SignatureAlgorithm.
var ( GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate_name = map[int32]string{ 0: "UNSPECIFIED", 1: "DONT_REQUEST_CLIENT_CERTIFICATE", 2: "REQUEST_CLIENT_CERTIFICATE_BUT_DONT_VERIFY", 3: "REQUEST_CLIENT_CERTIFICATE_AND_VERIFY", 4: "REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_BUT_DONT_VERIFY", 5: "REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY", } GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate_value = map[string]int32{ "UNSPECIFIED": 0, "DONT_REQUEST_CLIENT_CERTIFICATE": 1, "REQUEST_CLIENT_CERTIFICATE_BUT_DONT_VERIFY": 2, "REQUEST_CLIENT_CERTIFICATE_AND_VERIFY": 3, "REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_BUT_DONT_VERIFY": 4, "REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY": 5, } )
Enum value maps for GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate.
var ( OffloadPrivateKeyOperationReq_PrivateKeyOperation_name = map[int32]string{ 0: "UNSPECIFIED", 1: "SIGN", 2: "DECRYPT", } OffloadPrivateKeyOperationReq_PrivateKeyOperation_value = map[string]int32{ "UNSPECIFIED": 0, "SIGN": 1, "DECRYPT": 2, } )
Enum value maps for OffloadPrivateKeyOperationReq_PrivateKeyOperation.
var ( OffloadResumptionKeyOperationReq_ResumptionKeyOperation_name = map[int32]string{ 0: "UNSPECIFIED", 1: "ENCRYPT", 2: "DECRYPT", } OffloadResumptionKeyOperationReq_ResumptionKeyOperation_value = map[string]int32{ "UNSPECIFIED": 0, "ENCRYPT": 1, "DECRYPT": 2, } )
Enum value maps for OffloadResumptionKeyOperationReq_ResumptionKeyOperation.
var ( ValidatePeerCertificateChainReq_VerificationMode_name = map[int32]string{ 0: "UNSPECIFIED", 1: "SPIFFE", 2: "CONNECT_TO_GOOGLE", } ValidatePeerCertificateChainReq_VerificationMode_value = map[string]int32{ "UNSPECIFIED": 0, "SPIFFE": 1, "CONNECT_TO_GOOGLE": 2, } )
Enum value maps for ValidatePeerCertificateChainReq_VerificationMode.
var ( ValidatePeerCertificateChainResp_ValidationResult_name = map[int32]string{ 0: "UNSPECIFIED", 1: "SUCCESS", 2: "FAILURE", } ValidatePeerCertificateChainResp_ValidationResult_value = map[string]int32{ "UNSPECIFIED": 0, "SUCCESS": 1, "FAILURE": 2, } )
Enum value maps for ValidatePeerCertificateChainResp_ValidationResult.
var File_grpc_gcp_s2a_common_proto protoreflect.FileDescriptor
var File_grpc_gcp_s2a_s2a_context_proto protoreflect.FileDescriptor
var File_grpc_gcp_s2a_s2a_proto protoreflect.FileDescriptor
Functions ¶
This section is empty.
Types ¶
type AlpnPolicy ¶
type AlpnPolicy struct { // If true, the application MUST perform ALPN negotiation. EnableAlpnNegotiation bool `` /* 127-byte string literal not displayed */ // The ordered list of ALPN protocols that specify how the application SHOULD // negotiate ALPN during the TLS handshake. // // The application MAY ignore any ALPN protocols in this list that are not // supported by the application. AlpnProtocols []AlpnProtocol `` /* 139-byte string literal not displayed */ // contains filtered or unexported fields }
func (*AlpnPolicy) Descriptor
deprecated
func (*AlpnPolicy) Descriptor() ([]byte, []int)
Deprecated: Use AlpnPolicy.ProtoReflect.Descriptor instead.
func (*AlpnPolicy) GetAlpnProtocols ¶
func (x *AlpnPolicy) GetAlpnProtocols() []AlpnProtocol
func (*AlpnPolicy) GetEnableAlpnNegotiation ¶
func (x *AlpnPolicy) GetEnableAlpnNegotiation() bool
func (*AlpnPolicy) ProtoMessage ¶
func (*AlpnPolicy) ProtoMessage()
func (*AlpnPolicy) ProtoReflect ¶
func (x *AlpnPolicy) ProtoReflect() protoreflect.Message
func (*AlpnPolicy) Reset ¶
func (x *AlpnPolicy) Reset()
func (*AlpnPolicy) String ¶
func (x *AlpnPolicy) String() string
type AlpnProtocol ¶
type AlpnProtocol int32
The ALPN protocols that the application can negotiate during a TLS handshake.
const ( AlpnProtocol_ALPN_PROTOCOL_UNSPECIFIED AlpnProtocol = 0 AlpnProtocol_ALPN_PROTOCOL_GRPC AlpnProtocol = 1 AlpnProtocol_ALPN_PROTOCOL_HTTP2 AlpnProtocol = 2 AlpnProtocol_ALPN_PROTOCOL_HTTP1_1 AlpnProtocol = 3 )
func (AlpnProtocol) Descriptor ¶
func (AlpnProtocol) Descriptor() protoreflect.EnumDescriptor
func (AlpnProtocol) Enum ¶
func (x AlpnProtocol) Enum() *AlpnProtocol
func (AlpnProtocol) EnumDescriptor
deprecated
func (AlpnProtocol) EnumDescriptor() ([]byte, []int)
Deprecated: Use AlpnProtocol.Descriptor instead.
func (AlpnProtocol) Number ¶
func (x AlpnProtocol) Number() protoreflect.EnumNumber
func (AlpnProtocol) String ¶
func (x AlpnProtocol) String() string
func (AlpnProtocol) Type ¶
func (AlpnProtocol) Type() protoreflect.EnumType
type AuthenticationMechanism ¶
type AuthenticationMechanism struct { // Applications may specify an identity associated to an authentication // mechanism. Otherwise, S2A assumes that the authentication mechanism is // associated with the default identity. If the default identity cannot be // determined, the request is rejected. Identity *Identity `protobuf:"bytes,1,opt,name=identity,proto3" json:"identity,omitempty"` // Types that are assignable to MechanismOneof: // // *AuthenticationMechanism_Token MechanismOneof isAuthenticationMechanism_MechanismOneof `protobuf_oneof:"mechanism_oneof"` // contains filtered or unexported fields }
func (*AuthenticationMechanism) Descriptor
deprecated
func (*AuthenticationMechanism) Descriptor() ([]byte, []int)
Deprecated: Use AuthenticationMechanism.ProtoReflect.Descriptor instead.
func (*AuthenticationMechanism) GetIdentity ¶
func (x *AuthenticationMechanism) GetIdentity() *Identity
func (*AuthenticationMechanism) GetMechanismOneof ¶
func (m *AuthenticationMechanism) GetMechanismOneof() isAuthenticationMechanism_MechanismOneof
func (*AuthenticationMechanism) GetToken ¶
func (x *AuthenticationMechanism) GetToken() string
func (*AuthenticationMechanism) ProtoMessage ¶
func (*AuthenticationMechanism) ProtoMessage()
func (*AuthenticationMechanism) ProtoReflect ¶
func (x *AuthenticationMechanism) ProtoReflect() protoreflect.Message
func (*AuthenticationMechanism) Reset ¶
func (x *AuthenticationMechanism) Reset()
func (*AuthenticationMechanism) String ¶
func (x *AuthenticationMechanism) String() string
type AuthenticationMechanism_Token ¶
type AuthenticationMechanism_Token struct { // A token that the application uses to authenticate itself to S2A. Token string `protobuf:"bytes,2,opt,name=token,proto3,oneof"` }
type Ciphersuite ¶
type Ciphersuite int32
The TLS 1.0-1.2 ciphersuites that the application can negotiate when using S2A.
const ( Ciphersuite_CIPHERSUITE_UNSPECIFIED Ciphersuite = 0 Ciphersuite_CIPHERSUITE_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 Ciphersuite = 1 Ciphersuite_CIPHERSUITE_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 Ciphersuite = 2 Ciphersuite_CIPHERSUITE_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 Ciphersuite = 3 Ciphersuite_CIPHERSUITE_ECDHE_RSA_WITH_AES_128_GCM_SHA256 Ciphersuite = 4 Ciphersuite_CIPHERSUITE_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Ciphersuite = 5 Ciphersuite_CIPHERSUITE_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 Ciphersuite = 6 )
func (Ciphersuite) Descriptor ¶
func (Ciphersuite) Descriptor() protoreflect.EnumDescriptor
func (Ciphersuite) Enum ¶
func (x Ciphersuite) Enum() *Ciphersuite
func (Ciphersuite) EnumDescriptor
deprecated
func (Ciphersuite) EnumDescriptor() ([]byte, []int)
Deprecated: Use Ciphersuite.Descriptor instead.
func (Ciphersuite) Number ¶
func (x Ciphersuite) Number() protoreflect.EnumNumber
func (Ciphersuite) String ¶
func (x Ciphersuite) String() string
func (Ciphersuite) Type ¶
func (Ciphersuite) Type() protoreflect.EnumType
type ConnectionSide ¶
type ConnectionSide int32
The side in the TLS connection.
const ( ConnectionSide_CONNECTION_SIDE_UNSPECIFIED ConnectionSide = 0 ConnectionSide_CONNECTION_SIDE_CLIENT ConnectionSide = 1 ConnectionSide_CONNECTION_SIDE_SERVER ConnectionSide = 2 )
func (ConnectionSide) Descriptor ¶
func (ConnectionSide) Descriptor() protoreflect.EnumDescriptor
func (ConnectionSide) Enum ¶
func (x ConnectionSide) Enum() *ConnectionSide
func (ConnectionSide) EnumDescriptor
deprecated
func (ConnectionSide) EnumDescriptor() ([]byte, []int)
Deprecated: Use ConnectionSide.Descriptor instead.
func (ConnectionSide) Number ¶
func (x ConnectionSide) Number() protoreflect.EnumNumber
func (ConnectionSide) String ¶
func (x ConnectionSide) String() string
func (ConnectionSide) Type ¶
func (ConnectionSide) Type() protoreflect.EnumType
type GetTlsConfigurationReq ¶
type GetTlsConfigurationReq struct { // The role of the application in the TLS connection. ConnectionSide ConnectionSide `` /* 137-byte string literal not displayed */ // The server name indication (SNI) extension, which MAY be populated when a // server is offloading to S2A. The SNI is used to determine the server // identity if the local identity in the request is empty. Sni string `protobuf:"bytes,2,opt,name=sni,proto3" json:"sni,omitempty"` // contains filtered or unexported fields }
func (*GetTlsConfigurationReq) Descriptor
deprecated
func (*GetTlsConfigurationReq) Descriptor() ([]byte, []int)
Deprecated: Use GetTlsConfigurationReq.ProtoReflect.Descriptor instead.
func (*GetTlsConfigurationReq) GetConnectionSide ¶
func (x *GetTlsConfigurationReq) GetConnectionSide() ConnectionSide
func (*GetTlsConfigurationReq) GetSni ¶
func (x *GetTlsConfigurationReq) GetSni() string
func (*GetTlsConfigurationReq) ProtoMessage ¶
func (*GetTlsConfigurationReq) ProtoMessage()
func (*GetTlsConfigurationReq) ProtoReflect ¶
func (x *GetTlsConfigurationReq) ProtoReflect() protoreflect.Message
func (*GetTlsConfigurationReq) Reset ¶
func (x *GetTlsConfigurationReq) Reset()
func (*GetTlsConfigurationReq) String ¶
func (x *GetTlsConfigurationReq) String() string
type GetTlsConfigurationResp ¶
type GetTlsConfigurationResp struct { // Types that are assignable to TlsConfiguration: // // *GetTlsConfigurationResp_ClientTlsConfiguration_ // *GetTlsConfigurationResp_ServerTlsConfiguration_ TlsConfiguration isGetTlsConfigurationResp_TlsConfiguration `protobuf_oneof:"tls_configuration"` // contains filtered or unexported fields }
func (*GetTlsConfigurationResp) Descriptor
deprecated
func (*GetTlsConfigurationResp) Descriptor() ([]byte, []int)
Deprecated: Use GetTlsConfigurationResp.ProtoReflect.Descriptor instead.
func (*GetTlsConfigurationResp) GetClientTlsConfiguration ¶
func (x *GetTlsConfigurationResp) GetClientTlsConfiguration() *GetTlsConfigurationResp_ClientTlsConfiguration
func (*GetTlsConfigurationResp) GetServerTlsConfiguration ¶
func (x *GetTlsConfigurationResp) GetServerTlsConfiguration() *GetTlsConfigurationResp_ServerTlsConfiguration
func (*GetTlsConfigurationResp) GetTlsConfiguration ¶
func (m *GetTlsConfigurationResp) GetTlsConfiguration() isGetTlsConfigurationResp_TlsConfiguration
func (*GetTlsConfigurationResp) ProtoMessage ¶
func (*GetTlsConfigurationResp) ProtoMessage()
func (*GetTlsConfigurationResp) ProtoReflect ¶
func (x *GetTlsConfigurationResp) ProtoReflect() protoreflect.Message
func (*GetTlsConfigurationResp) Reset ¶
func (x *GetTlsConfigurationResp) Reset()
func (*GetTlsConfigurationResp) String ¶
func (x *GetTlsConfigurationResp) String() string
type GetTlsConfigurationResp_ClientTlsConfiguration ¶
type GetTlsConfigurationResp_ClientTlsConfiguration struct { // The certificate chain that the client MUST use for the TLS handshake. // It's a list of PEM-encoded certificates, ordered from leaf to root, // excluding the root. CertificateChain []string `protobuf:"bytes,1,rep,name=certificate_chain,json=certificateChain,proto3" json:"certificate_chain,omitempty"` // The minimum TLS version number that the client MUST use for the TLS // handshake. If this field is not provided, the client MUST use the default // minimum version of the client's TLS library. MinTlsVersion TLSVersion `` /* 132-byte string literal not displayed */ // The maximum TLS version number that the client MUST use for the TLS // handshake. If this field is not provided, the client MUST use the default // maximum version of the client's TLS library. MaxTlsVersion TLSVersion `` /* 132-byte string literal not displayed */ // The ordered list of TLS 1.0-1.2 ciphersuites that the client MAY offer to // negotiate in the TLS handshake. Ciphersuites []Ciphersuite `protobuf:"varint,6,rep,packed,name=ciphersuites,proto3,enum=grpc.gcp.s2a.Ciphersuite" json:"ciphersuites,omitempty"` // The policy that dictates how the client negotiates ALPN during the TLS // handshake. AlpnPolicy *AlpnPolicy `protobuf:"bytes,7,opt,name=alpn_policy,json=alpnPolicy,proto3" json:"alpn_policy,omitempty"` // contains filtered or unexported fields }
Next ID: 8
func (*GetTlsConfigurationResp_ClientTlsConfiguration) Descriptor
deprecated
func (*GetTlsConfigurationResp_ClientTlsConfiguration) Descriptor() ([]byte, []int)
Deprecated: Use GetTlsConfigurationResp_ClientTlsConfiguration.ProtoReflect.Descriptor instead.
func (*GetTlsConfigurationResp_ClientTlsConfiguration) GetAlpnPolicy ¶
func (x *GetTlsConfigurationResp_ClientTlsConfiguration) GetAlpnPolicy() *AlpnPolicy
func (*GetTlsConfigurationResp_ClientTlsConfiguration) GetCertificateChain ¶
func (x *GetTlsConfigurationResp_ClientTlsConfiguration) GetCertificateChain() []string
func (*GetTlsConfigurationResp_ClientTlsConfiguration) GetCiphersuites ¶
func (x *GetTlsConfigurationResp_ClientTlsConfiguration) GetCiphersuites() []Ciphersuite
func (*GetTlsConfigurationResp_ClientTlsConfiguration) GetMaxTlsVersion ¶
func (x *GetTlsConfigurationResp_ClientTlsConfiguration) GetMaxTlsVersion() TLSVersion
func (*GetTlsConfigurationResp_ClientTlsConfiguration) GetMinTlsVersion ¶
func (x *GetTlsConfigurationResp_ClientTlsConfiguration) GetMinTlsVersion() TLSVersion
func (*GetTlsConfigurationResp_ClientTlsConfiguration) ProtoMessage ¶
func (*GetTlsConfigurationResp_ClientTlsConfiguration) ProtoMessage()
func (*GetTlsConfigurationResp_ClientTlsConfiguration) ProtoReflect ¶
func (x *GetTlsConfigurationResp_ClientTlsConfiguration) ProtoReflect() protoreflect.Message
func (*GetTlsConfigurationResp_ClientTlsConfiguration) Reset ¶
func (x *GetTlsConfigurationResp_ClientTlsConfiguration) Reset()
func (*GetTlsConfigurationResp_ClientTlsConfiguration) String ¶
func (x *GetTlsConfigurationResp_ClientTlsConfiguration) String() string
type GetTlsConfigurationResp_ClientTlsConfiguration_ ¶
type GetTlsConfigurationResp_ClientTlsConfiguration_ struct {
ClientTlsConfiguration *GetTlsConfigurationResp_ClientTlsConfiguration `protobuf:"bytes,1,opt,name=client_tls_configuration,json=clientTlsConfiguration,proto3,oneof"`
}
type GetTlsConfigurationResp_ServerTlsConfiguration ¶
type GetTlsConfigurationResp_ServerTlsConfiguration struct { // The certificate chain that the server MUST use for the TLS handshake. // It's a list of PEM-encoded certificates, ordered from leaf to root, // excluding the root. CertificateChain []string `protobuf:"bytes,1,rep,name=certificate_chain,json=certificateChain,proto3" json:"certificate_chain,omitempty"` // The minimum TLS version number that the server MUST use for the TLS // handshake. If this field is not provided, the server MUST use the default // minimum version of the server's TLS library. MinTlsVersion TLSVersion `` /* 132-byte string literal not displayed */ // The maximum TLS version number that the server MUST use for the TLS // handshake. If this field is not provided, the server MUST use the default // maximum version of the server's TLS library. MaxTlsVersion TLSVersion `` /* 132-byte string literal not displayed */ // The ordered list of TLS 1.0-1.2 ciphersuites that the server MAY offer to // negotiate in the TLS handshake. Ciphersuites []Ciphersuite `protobuf:"varint,10,rep,packed,name=ciphersuites,proto3,enum=grpc.gcp.s2a.Ciphersuite" json:"ciphersuites,omitempty"` // Whether to enable TLS resumption. TlsResumptionEnabled bool `protobuf:"varint,6,opt,name=tls_resumption_enabled,json=tlsResumptionEnabled,proto3" json:"tls_resumption_enabled,omitempty"` // Whether the server MUST request a client certificate (i.e. to negotiate // TLS vs. mTLS). RequestClientCertificate GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate `` /* 226-byte string literal not displayed */ // Returns the maximum number of extra bytes that // |OffloadResumptionKeyOperation| can add to the number of unencrypted // bytes to form the encrypted bytes. MaxOverheadOfTicketAead uint32 `` /* 137-byte string literal not displayed */ // The policy that dictates how the server negotiates ALPN during the TLS // handshake. AlpnPolicy *AlpnPolicy `protobuf:"bytes,11,opt,name=alpn_policy,json=alpnPolicy,proto3" json:"alpn_policy,omitempty"` // contains filtered or unexported fields }
Next ID: 12
func (*GetTlsConfigurationResp_ServerTlsConfiguration) Descriptor
deprecated
func (*GetTlsConfigurationResp_ServerTlsConfiguration) Descriptor() ([]byte, []int)
Deprecated: Use GetTlsConfigurationResp_ServerTlsConfiguration.ProtoReflect.Descriptor instead.
func (*GetTlsConfigurationResp_ServerTlsConfiguration) GetAlpnPolicy ¶
func (x *GetTlsConfigurationResp_ServerTlsConfiguration) GetAlpnPolicy() *AlpnPolicy
func (*GetTlsConfigurationResp_ServerTlsConfiguration) GetCertificateChain ¶
func (x *GetTlsConfigurationResp_ServerTlsConfiguration) GetCertificateChain() []string
func (*GetTlsConfigurationResp_ServerTlsConfiguration) GetCiphersuites ¶
func (x *GetTlsConfigurationResp_ServerTlsConfiguration) GetCiphersuites() []Ciphersuite
func (*GetTlsConfigurationResp_ServerTlsConfiguration) GetMaxOverheadOfTicketAead ¶
func (x *GetTlsConfigurationResp_ServerTlsConfiguration) GetMaxOverheadOfTicketAead() uint32
func (*GetTlsConfigurationResp_ServerTlsConfiguration) GetMaxTlsVersion ¶
func (x *GetTlsConfigurationResp_ServerTlsConfiguration) GetMaxTlsVersion() TLSVersion
func (*GetTlsConfigurationResp_ServerTlsConfiguration) GetMinTlsVersion ¶
func (x *GetTlsConfigurationResp_ServerTlsConfiguration) GetMinTlsVersion() TLSVersion
func (*GetTlsConfigurationResp_ServerTlsConfiguration) GetRequestClientCertificate ¶
func (x *GetTlsConfigurationResp_ServerTlsConfiguration) GetRequestClientCertificate() GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate
func (*GetTlsConfigurationResp_ServerTlsConfiguration) GetTlsResumptionEnabled ¶
func (x *GetTlsConfigurationResp_ServerTlsConfiguration) GetTlsResumptionEnabled() bool
func (*GetTlsConfigurationResp_ServerTlsConfiguration) ProtoMessage ¶
func (*GetTlsConfigurationResp_ServerTlsConfiguration) ProtoMessage()
func (*GetTlsConfigurationResp_ServerTlsConfiguration) ProtoReflect ¶
func (x *GetTlsConfigurationResp_ServerTlsConfiguration) ProtoReflect() protoreflect.Message
func (*GetTlsConfigurationResp_ServerTlsConfiguration) Reset ¶
func (x *GetTlsConfigurationResp_ServerTlsConfiguration) Reset()
func (*GetTlsConfigurationResp_ServerTlsConfiguration) String ¶
func (x *GetTlsConfigurationResp_ServerTlsConfiguration) String() string
type GetTlsConfigurationResp_ServerTlsConfiguration_ ¶
type GetTlsConfigurationResp_ServerTlsConfiguration_ struct {
ServerTlsConfiguration *GetTlsConfigurationResp_ServerTlsConfiguration `protobuf:"bytes,2,opt,name=server_tls_configuration,json=serverTlsConfiguration,proto3,oneof"`
}
type GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate ¶
type GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate int32
const ( GetTlsConfigurationResp_ServerTlsConfiguration_UNSPECIFIED GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate = 0 GetTlsConfigurationResp_ServerTlsConfiguration_DONT_REQUEST_CLIENT_CERTIFICATE GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate = 1 GetTlsConfigurationResp_ServerTlsConfiguration_REQUEST_CLIENT_CERTIFICATE_BUT_DONT_VERIFY GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate = 2 GetTlsConfigurationResp_ServerTlsConfiguration_REQUEST_CLIENT_CERTIFICATE_AND_VERIFY GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate = 3 GetTlsConfigurationResp_ServerTlsConfiguration_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_BUT_DONT_VERIFY GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate = 4 GetTlsConfigurationResp_ServerTlsConfiguration_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate = 5 )
func (GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate) Descriptor ¶
func (GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate) Enum ¶
func (GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate) EnumDescriptor
deprecated
func (GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate) EnumDescriptor() ([]byte, []int)
Deprecated: Use GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate.Descriptor instead.
func (GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate) Number ¶
func (GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate) String ¶
func (GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate) Type ¶
type Identity ¶
type Identity struct { // Types that are assignable to IdentityOneof: // // *Identity_SpiffeId // *Identity_Hostname // *Identity_Uid // *Identity_Username // *Identity_GcpId IdentityOneof isIdentity_IdentityOneof `protobuf_oneof:"identity_oneof"` // Additional identity-specific attributes. Attributes map[string]string `` /* 161-byte string literal not displayed */ // contains filtered or unexported fields }
func (*Identity) ProtoReflect ¶
func (x *Identity) ProtoReflect() protoreflect.Message
type Identity_GcpId ¶
type Identity_GcpId struct { // The GCP ID of a connection endpoint. GcpId string `protobuf:"bytes,6,opt,name=gcp_id,json=gcpId,proto3,oneof"` }
type Identity_Hostname ¶
type Identity_Hostname struct { // The hostname of a connection endpoint. Hostname string `protobuf:"bytes,2,opt,name=hostname,proto3,oneof"` }
type Identity_SpiffeId ¶
type Identity_SpiffeId struct { // The SPIFFE ID of a connection endpoint. SpiffeId string `protobuf:"bytes,1,opt,name=spiffe_id,json=spiffeId,proto3,oneof"` }
type Identity_Uid ¶
type Identity_Uid struct { // The UID of a connection endpoint. Uid string `protobuf:"bytes,4,opt,name=uid,proto3,oneof"` }
type Identity_Username ¶
type Identity_Username struct { // The username of a connection endpoint. Username string `protobuf:"bytes,5,opt,name=username,proto3,oneof"` }
type OffloadPrivateKeyOperationReq ¶
type OffloadPrivateKeyOperationReq struct { // The operation the private key is used for. Operation OffloadPrivateKeyOperationReq_PrivateKeyOperation `` /* 140-byte string literal not displayed */ // The signature algorithm to be used for signing operations. SignatureAlgorithm SignatureAlgorithm `` /* 153-byte string literal not displayed */ // The input bytes to be signed or decrypted. // // Types that are assignable to InBytes: // // *OffloadPrivateKeyOperationReq_RawBytes // *OffloadPrivateKeyOperationReq_Sha256Digest // *OffloadPrivateKeyOperationReq_Sha384Digest // *OffloadPrivateKeyOperationReq_Sha512Digest InBytes isOffloadPrivateKeyOperationReq_InBytes `protobuf_oneof:"in_bytes"` // contains filtered or unexported fields }
func (*OffloadPrivateKeyOperationReq) Descriptor
deprecated
func (*OffloadPrivateKeyOperationReq) Descriptor() ([]byte, []int)
Deprecated: Use OffloadPrivateKeyOperationReq.ProtoReflect.Descriptor instead.
func (*OffloadPrivateKeyOperationReq) GetInBytes ¶
func (m *OffloadPrivateKeyOperationReq) GetInBytes() isOffloadPrivateKeyOperationReq_InBytes
func (*OffloadPrivateKeyOperationReq) GetOperation ¶
func (x *OffloadPrivateKeyOperationReq) GetOperation() OffloadPrivateKeyOperationReq_PrivateKeyOperation
func (*OffloadPrivateKeyOperationReq) GetRawBytes ¶
func (x *OffloadPrivateKeyOperationReq) GetRawBytes() []byte
func (*OffloadPrivateKeyOperationReq) GetSha256Digest ¶
func (x *OffloadPrivateKeyOperationReq) GetSha256Digest() []byte
func (*OffloadPrivateKeyOperationReq) GetSha384Digest ¶
func (x *OffloadPrivateKeyOperationReq) GetSha384Digest() []byte
func (*OffloadPrivateKeyOperationReq) GetSha512Digest ¶
func (x *OffloadPrivateKeyOperationReq) GetSha512Digest() []byte
func (*OffloadPrivateKeyOperationReq) GetSignatureAlgorithm ¶
func (x *OffloadPrivateKeyOperationReq) GetSignatureAlgorithm() SignatureAlgorithm
func (*OffloadPrivateKeyOperationReq) ProtoMessage ¶
func (*OffloadPrivateKeyOperationReq) ProtoMessage()
func (*OffloadPrivateKeyOperationReq) ProtoReflect ¶
func (x *OffloadPrivateKeyOperationReq) ProtoReflect() protoreflect.Message
func (*OffloadPrivateKeyOperationReq) Reset ¶
func (x *OffloadPrivateKeyOperationReq) Reset()
func (*OffloadPrivateKeyOperationReq) String ¶
func (x *OffloadPrivateKeyOperationReq) String() string
type OffloadPrivateKeyOperationReq_PrivateKeyOperation ¶
type OffloadPrivateKeyOperationReq_PrivateKeyOperation int32
const ( OffloadPrivateKeyOperationReq_UNSPECIFIED OffloadPrivateKeyOperationReq_PrivateKeyOperation = 0 // When performing a TLS 1.2 or 1.3 handshake, the (partial) transcript of // the TLS handshake must be signed to prove possession of the private key. // // See https://www.rfc-editor.org/rfc/rfc8446.html#section-4.4.3. OffloadPrivateKeyOperationReq_SIGN OffloadPrivateKeyOperationReq_PrivateKeyOperation = 1 // When performing a TLS 1.2 handshake using an RSA algorithm, the key // exchange algorithm involves the client generating a premaster secret, // encrypting it using the server's public key, and sending this encrypted // blob to the server in a ClientKeyExchange message. // // See https://www.rfc-editor.org/rfc/rfc4346#section-7.4.7.1. OffloadPrivateKeyOperationReq_DECRYPT OffloadPrivateKeyOperationReq_PrivateKeyOperation = 2 )
func (OffloadPrivateKeyOperationReq_PrivateKeyOperation) Descriptor ¶
func (OffloadPrivateKeyOperationReq_PrivateKeyOperation) Descriptor() protoreflect.EnumDescriptor
func (OffloadPrivateKeyOperationReq_PrivateKeyOperation) Enum ¶
func (OffloadPrivateKeyOperationReq_PrivateKeyOperation) EnumDescriptor
deprecated
func (OffloadPrivateKeyOperationReq_PrivateKeyOperation) EnumDescriptor() ([]byte, []int)
Deprecated: Use OffloadPrivateKeyOperationReq_PrivateKeyOperation.Descriptor instead.
func (OffloadPrivateKeyOperationReq_PrivateKeyOperation) Number ¶
func (x OffloadPrivateKeyOperationReq_PrivateKeyOperation) Number() protoreflect.EnumNumber
func (OffloadPrivateKeyOperationReq_PrivateKeyOperation) String ¶
func (x OffloadPrivateKeyOperationReq_PrivateKeyOperation) String() string
func (OffloadPrivateKeyOperationReq_PrivateKeyOperation) Type ¶
type OffloadPrivateKeyOperationReq_RawBytes ¶
type OffloadPrivateKeyOperationReq_RawBytes struct { // Raw bytes to be hashed and signed, or decrypted. RawBytes []byte `protobuf:"bytes,4,opt,name=raw_bytes,json=rawBytes,proto3,oneof"` }
type OffloadPrivateKeyOperationReq_Sha256Digest ¶
type OffloadPrivateKeyOperationReq_Sha256Digest struct { // A SHA256 hash to be signed. Must be 32 bytes. Sha256Digest []byte `protobuf:"bytes,5,opt,name=sha256_digest,json=sha256Digest,proto3,oneof"` }
type OffloadPrivateKeyOperationReq_Sha384Digest ¶
type OffloadPrivateKeyOperationReq_Sha384Digest struct { // A SHA384 hash to be signed. Must be 48 bytes. Sha384Digest []byte `protobuf:"bytes,6,opt,name=sha384_digest,json=sha384Digest,proto3,oneof"` }
type OffloadPrivateKeyOperationReq_Sha512Digest ¶
type OffloadPrivateKeyOperationReq_Sha512Digest struct { // A SHA512 hash to be signed. Must be 64 bytes. Sha512Digest []byte `protobuf:"bytes,7,opt,name=sha512_digest,json=sha512Digest,proto3,oneof"` }
type OffloadPrivateKeyOperationResp ¶
type OffloadPrivateKeyOperationResp struct { // The signed or decrypted output bytes. OutBytes []byte `protobuf:"bytes,1,opt,name=out_bytes,json=outBytes,proto3" json:"out_bytes,omitempty"` // contains filtered or unexported fields }
func (*OffloadPrivateKeyOperationResp) Descriptor
deprecated
func (*OffloadPrivateKeyOperationResp) Descriptor() ([]byte, []int)
Deprecated: Use OffloadPrivateKeyOperationResp.ProtoReflect.Descriptor instead.
func (*OffloadPrivateKeyOperationResp) GetOutBytes ¶
func (x *OffloadPrivateKeyOperationResp) GetOutBytes() []byte
func (*OffloadPrivateKeyOperationResp) ProtoMessage ¶
func (*OffloadPrivateKeyOperationResp) ProtoMessage()
func (*OffloadPrivateKeyOperationResp) ProtoReflect ¶
func (x *OffloadPrivateKeyOperationResp) ProtoReflect() protoreflect.Message
func (*OffloadPrivateKeyOperationResp) Reset ¶
func (x *OffloadPrivateKeyOperationResp) Reset()
func (*OffloadPrivateKeyOperationResp) String ¶
func (x *OffloadPrivateKeyOperationResp) String() string
type OffloadResumptionKeyOperationReq ¶
type OffloadResumptionKeyOperationReq struct { // The operation the resumption key is used for. Operation OffloadResumptionKeyOperationReq_ResumptionKeyOperation `` /* 146-byte string literal not displayed */ // The bytes to be encrypted or decrypted. InBytes []byte `protobuf:"bytes,2,opt,name=in_bytes,json=inBytes,proto3" json:"in_bytes,omitempty"` // contains filtered or unexported fields }
func (*OffloadResumptionKeyOperationReq) Descriptor
deprecated
func (*OffloadResumptionKeyOperationReq) Descriptor() ([]byte, []int)
Deprecated: Use OffloadResumptionKeyOperationReq.ProtoReflect.Descriptor instead.
func (*OffloadResumptionKeyOperationReq) GetInBytes ¶
func (x *OffloadResumptionKeyOperationReq) GetInBytes() []byte
func (*OffloadResumptionKeyOperationReq) GetOperation ¶
func (x *OffloadResumptionKeyOperationReq) GetOperation() OffloadResumptionKeyOperationReq_ResumptionKeyOperation
func (*OffloadResumptionKeyOperationReq) ProtoMessage ¶
func (*OffloadResumptionKeyOperationReq) ProtoMessage()
func (*OffloadResumptionKeyOperationReq) ProtoReflect ¶
func (x *OffloadResumptionKeyOperationReq) ProtoReflect() protoreflect.Message
func (*OffloadResumptionKeyOperationReq) Reset ¶
func (x *OffloadResumptionKeyOperationReq) Reset()
func (*OffloadResumptionKeyOperationReq) String ¶
func (x *OffloadResumptionKeyOperationReq) String() string
type OffloadResumptionKeyOperationReq_ResumptionKeyOperation ¶
type OffloadResumptionKeyOperationReq_ResumptionKeyOperation int32
const ( OffloadResumptionKeyOperationReq_UNSPECIFIED OffloadResumptionKeyOperationReq_ResumptionKeyOperation = 0 OffloadResumptionKeyOperationReq_ENCRYPT OffloadResumptionKeyOperationReq_ResumptionKeyOperation = 1 OffloadResumptionKeyOperationReq_DECRYPT OffloadResumptionKeyOperationReq_ResumptionKeyOperation = 2 )
func (OffloadResumptionKeyOperationReq_ResumptionKeyOperation) Descriptor ¶
func (OffloadResumptionKeyOperationReq_ResumptionKeyOperation) Descriptor() protoreflect.EnumDescriptor
func (OffloadResumptionKeyOperationReq_ResumptionKeyOperation) Enum ¶
func (OffloadResumptionKeyOperationReq_ResumptionKeyOperation) EnumDescriptor
deprecated
func (OffloadResumptionKeyOperationReq_ResumptionKeyOperation) EnumDescriptor() ([]byte, []int)
Deprecated: Use OffloadResumptionKeyOperationReq_ResumptionKeyOperation.Descriptor instead.
func (OffloadResumptionKeyOperationReq_ResumptionKeyOperation) Number ¶
func (x OffloadResumptionKeyOperationReq_ResumptionKeyOperation) Number() protoreflect.EnumNumber
func (OffloadResumptionKeyOperationReq_ResumptionKeyOperation) String ¶
func (x OffloadResumptionKeyOperationReq_ResumptionKeyOperation) String() string
func (OffloadResumptionKeyOperationReq_ResumptionKeyOperation) Type ¶
type OffloadResumptionKeyOperationResp ¶
type OffloadResumptionKeyOperationResp struct { // The encrypted or decrypted bytes. OutBytes []byte `protobuf:"bytes,1,opt,name=out_bytes,json=outBytes,proto3" json:"out_bytes,omitempty"` // contains filtered or unexported fields }
func (*OffloadResumptionKeyOperationResp) Descriptor
deprecated
func (*OffloadResumptionKeyOperationResp) Descriptor() ([]byte, []int)
Deprecated: Use OffloadResumptionKeyOperationResp.ProtoReflect.Descriptor instead.
func (*OffloadResumptionKeyOperationResp) GetOutBytes ¶
func (x *OffloadResumptionKeyOperationResp) GetOutBytes() []byte
func (*OffloadResumptionKeyOperationResp) ProtoMessage ¶
func (*OffloadResumptionKeyOperationResp) ProtoMessage()
func (*OffloadResumptionKeyOperationResp) ProtoReflect ¶
func (x *OffloadResumptionKeyOperationResp) ProtoReflect() protoreflect.Message
func (*OffloadResumptionKeyOperationResp) Reset ¶
func (x *OffloadResumptionKeyOperationResp) Reset()
func (*OffloadResumptionKeyOperationResp) String ¶
func (x *OffloadResumptionKeyOperationResp) String() string
type S2AContext ¶
type S2AContext struct { // The SPIFFE ID from the peer leaf certificate, if present. // // This field is only populated if the leaf certificate is a valid SPIFFE // SVID; in particular, there is a unique URI SAN and this URI SAN is a valid // SPIFFE ID. LeafCertSpiffeId string `protobuf:"bytes,1,opt,name=leaf_cert_spiffe_id,json=leafCertSpiffeId,proto3" json:"leaf_cert_spiffe_id,omitempty"` // The URIs that are present in the SubjectAltName extension of the peer leaf // certificate. // // Note that the extracted URIs are not validated and may not be properly // formatted. LeafCertUris []string `protobuf:"bytes,2,rep,name=leaf_cert_uris,json=leafCertUris,proto3" json:"leaf_cert_uris,omitempty"` // The DNSNames that are present in the SubjectAltName extension of the peer // leaf certificate. LeafCertDnsnames []string `protobuf:"bytes,3,rep,name=leaf_cert_dnsnames,json=leafCertDnsnames,proto3" json:"leaf_cert_dnsnames,omitempty"` // The (ordered) list of fingerprints in the certificate chain used to verify // the given leaf certificate. The order MUST be from leaf certificate // fingerprint to root certificate fingerprint. // // A fingerprint is the base-64 encoding of the SHA256 hash of the // DER-encoding of a certificate. The list MAY be populated even if the peer // certificate chain was NOT validated successfully. PeerCertificateChainFingerprints []string `` /* 161-byte string literal not displayed */ // The local identity used during session setup. LocalIdentity *Identity `protobuf:"bytes,5,opt,name=local_identity,json=localIdentity,proto3" json:"local_identity,omitempty"` // The SHA256 hash of the DER-encoding of the local leaf certificate used in // the handshake. LocalLeafCertFingerprint []byte `` /* 137-byte string literal not displayed */ // contains filtered or unexported fields }
func (*S2AContext) Descriptor
deprecated
func (*S2AContext) Descriptor() ([]byte, []int)
Deprecated: Use S2AContext.ProtoReflect.Descriptor instead.
func (*S2AContext) GetLeafCertDnsnames ¶
func (x *S2AContext) GetLeafCertDnsnames() []string
func (*S2AContext) GetLeafCertSpiffeId ¶
func (x *S2AContext) GetLeafCertSpiffeId() string
func (*S2AContext) GetLeafCertUris ¶
func (x *S2AContext) GetLeafCertUris() []string
func (*S2AContext) GetLocalIdentity ¶
func (x *S2AContext) GetLocalIdentity() *Identity
func (*S2AContext) GetLocalLeafCertFingerprint ¶
func (x *S2AContext) GetLocalLeafCertFingerprint() []byte
func (*S2AContext) GetPeerCertificateChainFingerprints ¶
func (x *S2AContext) GetPeerCertificateChainFingerprints() []string
func (*S2AContext) ProtoMessage ¶
func (*S2AContext) ProtoMessage()
func (*S2AContext) ProtoReflect ¶
func (x *S2AContext) ProtoReflect() protoreflect.Message
func (*S2AContext) Reset ¶
func (x *S2AContext) Reset()
func (*S2AContext) String ¶
func (x *S2AContext) String() string
type SessionReq ¶
type SessionReq struct { // The identity corresponding to the TLS configurations that MUST be used for // the TLS handshake. // // If a managed identity already exists, the local identity and authentication // mechanisms are ignored. If a managed identity doesn't exist and the local // identity is not populated, S2A will try to deduce the managed identity to // use from the SNI extension. If that also fails, S2A uses the default // identity (if one exists). LocalIdentity *Identity `protobuf:"bytes,1,opt,name=local_identity,json=localIdentity,proto3" json:"local_identity,omitempty"` // The authentication mechanisms that the application wishes to use to // authenticate to S2A, ordered by preference. S2A will always use the first // authentication mechanism that matches the managed identity. AuthenticationMechanisms []*AuthenticationMechanism `` /* 133-byte string literal not displayed */ // Types that are assignable to ReqOneof: // // *SessionReq_GetTlsConfigurationReq // *SessionReq_OffloadPrivateKeyOperationReq // *SessionReq_OffloadResumptionKeyOperationReq // *SessionReq_ValidatePeerCertificateChainReq ReqOneof isSessionReq_ReqOneof `protobuf_oneof:"req_oneof"` // contains filtered or unexported fields }
func (*SessionReq) Descriptor
deprecated
func (*SessionReq) Descriptor() ([]byte, []int)
Deprecated: Use SessionReq.ProtoReflect.Descriptor instead.
func (*SessionReq) GetAuthenticationMechanisms ¶
func (x *SessionReq) GetAuthenticationMechanisms() []*AuthenticationMechanism
func (*SessionReq) GetGetTlsConfigurationReq ¶
func (x *SessionReq) GetGetTlsConfigurationReq() *GetTlsConfigurationReq
func (*SessionReq) GetLocalIdentity ¶
func (x *SessionReq) GetLocalIdentity() *Identity
func (*SessionReq) GetOffloadPrivateKeyOperationReq ¶
func (x *SessionReq) GetOffloadPrivateKeyOperationReq() *OffloadPrivateKeyOperationReq
func (*SessionReq) GetOffloadResumptionKeyOperationReq ¶
func (x *SessionReq) GetOffloadResumptionKeyOperationReq() *OffloadResumptionKeyOperationReq
func (*SessionReq) GetReqOneof ¶
func (m *SessionReq) GetReqOneof() isSessionReq_ReqOneof
func (*SessionReq) GetValidatePeerCertificateChainReq ¶
func (x *SessionReq) GetValidatePeerCertificateChainReq() *ValidatePeerCertificateChainReq
func (*SessionReq) ProtoMessage ¶
func (*SessionReq) ProtoMessage()
func (*SessionReq) ProtoReflect ¶
func (x *SessionReq) ProtoReflect() protoreflect.Message
func (*SessionReq) Reset ¶
func (x *SessionReq) Reset()
func (*SessionReq) String ¶
func (x *SessionReq) String() string
type SessionReq_GetTlsConfigurationReq ¶
type SessionReq_GetTlsConfigurationReq struct { // Requests the certificate chain and TLS configuration corresponding to the // local identity, which the application MUST use to negotiate the TLS // handshake. GetTlsConfigurationReq *GetTlsConfigurationReq `protobuf:"bytes,3,opt,name=get_tls_configuration_req,json=getTlsConfigurationReq,proto3,oneof"` }
type SessionReq_OffloadPrivateKeyOperationReq ¶
type SessionReq_OffloadPrivateKeyOperationReq struct { // Signs or decrypts the input bytes using a private key corresponding to // the local identity in the request. // // WARNING: More than one OffloadPrivateKeyOperationReq may be sent to the // S2Av2 by a server during a TLS 1.2 handshake. OffloadPrivateKeyOperationReq *OffloadPrivateKeyOperationReq `protobuf:"bytes,4,opt,name=offload_private_key_operation_req,json=offloadPrivateKeyOperationReq,proto3,oneof"` }
type SessionReq_OffloadResumptionKeyOperationReq ¶
type SessionReq_OffloadResumptionKeyOperationReq struct { // Encrypts or decrypts the input bytes using a resumption key corresponding // to the local identity in the request. OffloadResumptionKeyOperationReq *OffloadResumptionKeyOperationReq `protobuf:"bytes,5,opt,name=offload_resumption_key_operation_req,json=offloadResumptionKeyOperationReq,proto3,oneof"` }
type SessionReq_ValidatePeerCertificateChainReq ¶
type SessionReq_ValidatePeerCertificateChainReq struct { // Verifies the peer's certificate chain using // (a) trust bundles corresponding to the local identity in the request, and // (b) the verification mode in the request. ValidatePeerCertificateChainReq *ValidatePeerCertificateChainReq `protobuf:"bytes,6,opt,name=validate_peer_certificate_chain_req,json=validatePeerCertificateChainReq,proto3,oneof"` }
type SessionResp ¶
type SessionResp struct { // Status of the session response. // // The status field is populated so that if an error occurs when making an // individual request, then communication with the S2A may continue. If an // error is returned directly (e.g. at the gRPC layer), then it may result // that the bidirectional stream being closed. Status *Status `protobuf:"bytes,1,opt,name=status,proto3" json:"status,omitempty"` // Types that are assignable to RespOneof: // // *SessionResp_GetTlsConfigurationResp // *SessionResp_OffloadPrivateKeyOperationResp // *SessionResp_OffloadResumptionKeyOperationResp // *SessionResp_ValidatePeerCertificateChainResp RespOneof isSessionResp_RespOneof `protobuf_oneof:"resp_oneof"` // contains filtered or unexported fields }
func (*SessionResp) Descriptor
deprecated
func (*SessionResp) Descriptor() ([]byte, []int)
Deprecated: Use SessionResp.ProtoReflect.Descriptor instead.
func (*SessionResp) GetGetTlsConfigurationResp ¶
func (x *SessionResp) GetGetTlsConfigurationResp() *GetTlsConfigurationResp
func (*SessionResp) GetOffloadPrivateKeyOperationResp ¶
func (x *SessionResp) GetOffloadPrivateKeyOperationResp() *OffloadPrivateKeyOperationResp
func (*SessionResp) GetOffloadResumptionKeyOperationResp ¶
func (x *SessionResp) GetOffloadResumptionKeyOperationResp() *OffloadResumptionKeyOperationResp
func (*SessionResp) GetRespOneof ¶
func (m *SessionResp) GetRespOneof() isSessionResp_RespOneof
func (*SessionResp) GetStatus ¶
func (x *SessionResp) GetStatus() *Status
func (*SessionResp) GetValidatePeerCertificateChainResp ¶
func (x *SessionResp) GetValidatePeerCertificateChainResp() *ValidatePeerCertificateChainResp
func (*SessionResp) ProtoMessage ¶
func (*SessionResp) ProtoMessage()
func (*SessionResp) ProtoReflect ¶
func (x *SessionResp) ProtoReflect() protoreflect.Message
func (*SessionResp) Reset ¶
func (x *SessionResp) Reset()
func (*SessionResp) String ¶
func (x *SessionResp) String() string
type SessionResp_GetTlsConfigurationResp ¶
type SessionResp_GetTlsConfigurationResp struct { // Contains the certificate chain and TLS configurations corresponding to // the local identity. GetTlsConfigurationResp *GetTlsConfigurationResp `protobuf:"bytes,2,opt,name=get_tls_configuration_resp,json=getTlsConfigurationResp,proto3,oneof"` }
type SessionResp_OffloadPrivateKeyOperationResp ¶
type SessionResp_OffloadPrivateKeyOperationResp struct { // Contains the signed or encrypted output bytes using the private key // corresponding to the local identity. OffloadPrivateKeyOperationResp *OffloadPrivateKeyOperationResp `protobuf:"bytes,3,opt,name=offload_private_key_operation_resp,json=offloadPrivateKeyOperationResp,proto3,oneof"` }
type SessionResp_OffloadResumptionKeyOperationResp ¶
type SessionResp_OffloadResumptionKeyOperationResp struct { // Contains the encrypted or decrypted output bytes using the resumption key // corresponding to the local identity. OffloadResumptionKeyOperationResp *OffloadResumptionKeyOperationResp `protobuf:"bytes,4,opt,name=offload_resumption_key_operation_resp,json=offloadResumptionKeyOperationResp,proto3,oneof"` }
type SessionResp_ValidatePeerCertificateChainResp ¶
type SessionResp_ValidatePeerCertificateChainResp struct { // Contains the validation result, peer identity and fingerprints of peer // certificates. ValidatePeerCertificateChainResp *ValidatePeerCertificateChainResp `protobuf:"bytes,5,opt,name=validate_peer_certificate_chain_resp,json=validatePeerCertificateChainResp,proto3,oneof"` }
type SignatureAlgorithm ¶
type SignatureAlgorithm int32
const ( SignatureAlgorithm_S2A_SSL_SIGN_UNSPECIFIED SignatureAlgorithm = 0 // RSA Public-Key Cryptography Standards #1. SignatureAlgorithm_S2A_SSL_SIGN_RSA_PKCS1_SHA256 SignatureAlgorithm = 1 SignatureAlgorithm_S2A_SSL_SIGN_RSA_PKCS1_SHA384 SignatureAlgorithm = 2 SignatureAlgorithm_S2A_SSL_SIGN_RSA_PKCS1_SHA512 SignatureAlgorithm = 3 // ECDSA. SignatureAlgorithm_S2A_SSL_SIGN_ECDSA_SECP256R1_SHA256 SignatureAlgorithm = 4 SignatureAlgorithm_S2A_SSL_SIGN_ECDSA_SECP384R1_SHA384 SignatureAlgorithm = 5 SignatureAlgorithm_S2A_SSL_SIGN_ECDSA_SECP521R1_SHA512 SignatureAlgorithm = 6 // RSA Probabilistic Signature Scheme. SignatureAlgorithm_S2A_SSL_SIGN_RSA_PSS_RSAE_SHA256 SignatureAlgorithm = 7 SignatureAlgorithm_S2A_SSL_SIGN_RSA_PSS_RSAE_SHA384 SignatureAlgorithm = 8 SignatureAlgorithm_S2A_SSL_SIGN_RSA_PSS_RSAE_SHA512 SignatureAlgorithm = 9 // ED25519. SignatureAlgorithm_S2A_SSL_SIGN_ED25519 SignatureAlgorithm = 10 )
func (SignatureAlgorithm) Descriptor ¶
func (SignatureAlgorithm) Descriptor() protoreflect.EnumDescriptor
func (SignatureAlgorithm) Enum ¶
func (x SignatureAlgorithm) Enum() *SignatureAlgorithm
func (SignatureAlgorithm) EnumDescriptor
deprecated
func (SignatureAlgorithm) EnumDescriptor() ([]byte, []int)
Deprecated: Use SignatureAlgorithm.Descriptor instead.
func (SignatureAlgorithm) Number ¶
func (x SignatureAlgorithm) Number() protoreflect.EnumNumber
func (SignatureAlgorithm) String ¶
func (x SignatureAlgorithm) String() string
func (SignatureAlgorithm) Type ¶
func (SignatureAlgorithm) Type() protoreflect.EnumType
type Status ¶
type Status struct { // The status code that is specific to the application and the implementation // of S2A, e.g., gRPC status code. Code uint32 `protobuf:"varint,1,opt,name=code,proto3" json:"code,omitempty"` // The status details. Details string `protobuf:"bytes,2,opt,name=details,proto3" json:"details,omitempty"` // contains filtered or unexported fields }
func (*Status) ProtoReflect ¶
func (x *Status) ProtoReflect() protoreflect.Message
type TLSVersion ¶
type TLSVersion int32
The TLS versions supported by S2A's handshaker module.
const ( TLSVersion_TLS_VERSION_UNSPECIFIED TLSVersion = 0 TLSVersion_TLS_VERSION_1_0 TLSVersion = 1 TLSVersion_TLS_VERSION_1_1 TLSVersion = 2 TLSVersion_TLS_VERSION_1_2 TLSVersion = 3 TLSVersion_TLS_VERSION_1_3 TLSVersion = 4 )
func (TLSVersion) Descriptor ¶
func (TLSVersion) Descriptor() protoreflect.EnumDescriptor
func (TLSVersion) Enum ¶
func (x TLSVersion) Enum() *TLSVersion
func (TLSVersion) EnumDescriptor
deprecated
func (TLSVersion) EnumDescriptor() ([]byte, []int)
Deprecated: Use TLSVersion.Descriptor instead.
func (TLSVersion) Number ¶
func (x TLSVersion) Number() protoreflect.EnumNumber
func (TLSVersion) String ¶
func (x TLSVersion) String() string
func (TLSVersion) Type ¶
func (TLSVersion) Type() protoreflect.EnumType
type ValidatePeerCertificateChainReq ¶
type ValidatePeerCertificateChainReq struct { // The verification mode that S2A MUST use to validate the peer certificate // chain. Mode ValidatePeerCertificateChainReq_VerificationMode `` /* 129-byte string literal not displayed */ // Types that are assignable to PeerOneof: // // *ValidatePeerCertificateChainReq_ClientPeer_ // *ValidatePeerCertificateChainReq_ServerPeer_ PeerOneof isValidatePeerCertificateChainReq_PeerOneof `protobuf_oneof:"peer_oneof"` // contains filtered or unexported fields }
func (*ValidatePeerCertificateChainReq) Descriptor
deprecated
func (*ValidatePeerCertificateChainReq) Descriptor() ([]byte, []int)
Deprecated: Use ValidatePeerCertificateChainReq.ProtoReflect.Descriptor instead.
func (*ValidatePeerCertificateChainReq) GetClientPeer ¶
func (x *ValidatePeerCertificateChainReq) GetClientPeer() *ValidatePeerCertificateChainReq_ClientPeer
func (*ValidatePeerCertificateChainReq) GetMode ¶
func (x *ValidatePeerCertificateChainReq) GetMode() ValidatePeerCertificateChainReq_VerificationMode
func (*ValidatePeerCertificateChainReq) GetPeerOneof ¶
func (m *ValidatePeerCertificateChainReq) GetPeerOneof() isValidatePeerCertificateChainReq_PeerOneof
func (*ValidatePeerCertificateChainReq) GetServerPeer ¶
func (x *ValidatePeerCertificateChainReq) GetServerPeer() *ValidatePeerCertificateChainReq_ServerPeer
func (*ValidatePeerCertificateChainReq) ProtoMessage ¶
func (*ValidatePeerCertificateChainReq) ProtoMessage()
func (*ValidatePeerCertificateChainReq) ProtoReflect ¶
func (x *ValidatePeerCertificateChainReq) ProtoReflect() protoreflect.Message
func (*ValidatePeerCertificateChainReq) Reset ¶
func (x *ValidatePeerCertificateChainReq) Reset()
func (*ValidatePeerCertificateChainReq) String ¶
func (x *ValidatePeerCertificateChainReq) String() string
type ValidatePeerCertificateChainReq_ClientPeer ¶
type ValidatePeerCertificateChainReq_ClientPeer struct { // The certificate chain to be verified. The chain MUST be a list of // DER-encoded certificates, ordered from leaf to root, excluding the root. CertificateChain [][]byte `protobuf:"bytes,1,rep,name=certificate_chain,json=certificateChain,proto3" json:"certificate_chain,omitempty"` // contains filtered or unexported fields }
func (*ValidatePeerCertificateChainReq_ClientPeer) Descriptor
deprecated
func (*ValidatePeerCertificateChainReq_ClientPeer) Descriptor() ([]byte, []int)
Deprecated: Use ValidatePeerCertificateChainReq_ClientPeer.ProtoReflect.Descriptor instead.
func (*ValidatePeerCertificateChainReq_ClientPeer) GetCertificateChain ¶
func (x *ValidatePeerCertificateChainReq_ClientPeer) GetCertificateChain() [][]byte
func (*ValidatePeerCertificateChainReq_ClientPeer) ProtoMessage ¶
func (*ValidatePeerCertificateChainReq_ClientPeer) ProtoMessage()
func (*ValidatePeerCertificateChainReq_ClientPeer) ProtoReflect ¶
func (x *ValidatePeerCertificateChainReq_ClientPeer) ProtoReflect() protoreflect.Message
func (*ValidatePeerCertificateChainReq_ClientPeer) Reset ¶
func (x *ValidatePeerCertificateChainReq_ClientPeer) Reset()
func (*ValidatePeerCertificateChainReq_ClientPeer) String ¶
func (x *ValidatePeerCertificateChainReq_ClientPeer) String() string
type ValidatePeerCertificateChainReq_ClientPeer_ ¶
type ValidatePeerCertificateChainReq_ClientPeer_ struct {
ClientPeer *ValidatePeerCertificateChainReq_ClientPeer `protobuf:"bytes,2,opt,name=client_peer,json=clientPeer,proto3,oneof"`
}
type ValidatePeerCertificateChainReq_ServerPeer ¶
type ValidatePeerCertificateChainReq_ServerPeer struct { // The certificate chain to be verified. The chain MUST be a list of // DER-encoded certificates, ordered from leaf to root, excluding the root. CertificateChain [][]byte `protobuf:"bytes,1,rep,name=certificate_chain,json=certificateChain,proto3" json:"certificate_chain,omitempty"` // The expected hostname of the server. ServerHostname string `protobuf:"bytes,2,opt,name=server_hostname,json=serverHostname,proto3" json:"server_hostname,omitempty"` // The UnrestrictedClientPolicy specified by the user. SerializedUnrestrictedClientPolicy []byte `` /* 167-byte string literal not displayed */ // contains filtered or unexported fields }
func (*ValidatePeerCertificateChainReq_ServerPeer) Descriptor
deprecated
func (*ValidatePeerCertificateChainReq_ServerPeer) Descriptor() ([]byte, []int)
Deprecated: Use ValidatePeerCertificateChainReq_ServerPeer.ProtoReflect.Descriptor instead.
func (*ValidatePeerCertificateChainReq_ServerPeer) GetCertificateChain ¶
func (x *ValidatePeerCertificateChainReq_ServerPeer) GetCertificateChain() [][]byte
func (*ValidatePeerCertificateChainReq_ServerPeer) GetSerializedUnrestrictedClientPolicy ¶
func (x *ValidatePeerCertificateChainReq_ServerPeer) GetSerializedUnrestrictedClientPolicy() []byte
func (*ValidatePeerCertificateChainReq_ServerPeer) GetServerHostname ¶
func (x *ValidatePeerCertificateChainReq_ServerPeer) GetServerHostname() string
func (*ValidatePeerCertificateChainReq_ServerPeer) ProtoMessage ¶
func (*ValidatePeerCertificateChainReq_ServerPeer) ProtoMessage()
func (*ValidatePeerCertificateChainReq_ServerPeer) ProtoReflect ¶
func (x *ValidatePeerCertificateChainReq_ServerPeer) ProtoReflect() protoreflect.Message
func (*ValidatePeerCertificateChainReq_ServerPeer) Reset ¶
func (x *ValidatePeerCertificateChainReq_ServerPeer) Reset()
func (*ValidatePeerCertificateChainReq_ServerPeer) String ¶
func (x *ValidatePeerCertificateChainReq_ServerPeer) String() string
type ValidatePeerCertificateChainReq_ServerPeer_ ¶
type ValidatePeerCertificateChainReq_ServerPeer_ struct {
ServerPeer *ValidatePeerCertificateChainReq_ServerPeer `protobuf:"bytes,3,opt,name=server_peer,json=serverPeer,proto3,oneof"`
}
type ValidatePeerCertificateChainReq_VerificationMode ¶
type ValidatePeerCertificateChainReq_VerificationMode int32
const ( // The default verification mode supported by S2A. ValidatePeerCertificateChainReq_UNSPECIFIED ValidatePeerCertificateChainReq_VerificationMode = 0 // The SPIFFE verification mode selects the set of trusted certificates to // use for path building based on the SPIFFE trust domain in the peer's leaf // certificate. ValidatePeerCertificateChainReq_SPIFFE ValidatePeerCertificateChainReq_VerificationMode = 1 // The connect-to-Google verification mode uses the trust bundle for // connecting to Google, e.g. *.mtls.googleapis.com endpoints. ValidatePeerCertificateChainReq_CONNECT_TO_GOOGLE ValidatePeerCertificateChainReq_VerificationMode = 2 )
func (ValidatePeerCertificateChainReq_VerificationMode) Descriptor ¶
func (ValidatePeerCertificateChainReq_VerificationMode) Descriptor() protoreflect.EnumDescriptor
func (ValidatePeerCertificateChainReq_VerificationMode) Enum ¶
func (ValidatePeerCertificateChainReq_VerificationMode) EnumDescriptor
deprecated
func (ValidatePeerCertificateChainReq_VerificationMode) EnumDescriptor() ([]byte, []int)
Deprecated: Use ValidatePeerCertificateChainReq_VerificationMode.Descriptor instead.
func (ValidatePeerCertificateChainReq_VerificationMode) Number ¶
func (x ValidatePeerCertificateChainReq_VerificationMode) Number() protoreflect.EnumNumber
func (ValidatePeerCertificateChainReq_VerificationMode) String ¶
func (x ValidatePeerCertificateChainReq_VerificationMode) String() string
func (ValidatePeerCertificateChainReq_VerificationMode) Type ¶
type ValidatePeerCertificateChainResp ¶
type ValidatePeerCertificateChainResp struct { // The result of validating the peer certificate chain. ValidationResult ValidatePeerCertificateChainResp_ValidationResult `` /* 178-byte string literal not displayed */ // The validation details. This field is only populated when the validation // result is NOT SUCCESS. ValidationDetails string `protobuf:"bytes,2,opt,name=validation_details,json=validationDetails,proto3" json:"validation_details,omitempty"` // The S2A context contains information from the peer certificate chain. // // The S2A context MAY be populated even if validation of the peer certificate // chain fails. Context *S2AContext `protobuf:"bytes,3,opt,name=context,proto3" json:"context,omitempty"` // contains filtered or unexported fields }
func (*ValidatePeerCertificateChainResp) Descriptor
deprecated
func (*ValidatePeerCertificateChainResp) Descriptor() ([]byte, []int)
Deprecated: Use ValidatePeerCertificateChainResp.ProtoReflect.Descriptor instead.
func (*ValidatePeerCertificateChainResp) GetContext ¶
func (x *ValidatePeerCertificateChainResp) GetContext() *S2AContext
func (*ValidatePeerCertificateChainResp) GetValidationDetails ¶
func (x *ValidatePeerCertificateChainResp) GetValidationDetails() string
func (*ValidatePeerCertificateChainResp) GetValidationResult ¶
func (x *ValidatePeerCertificateChainResp) GetValidationResult() ValidatePeerCertificateChainResp_ValidationResult
func (*ValidatePeerCertificateChainResp) ProtoMessage ¶
func (*ValidatePeerCertificateChainResp) ProtoMessage()
func (*ValidatePeerCertificateChainResp) ProtoReflect ¶
func (x *ValidatePeerCertificateChainResp) ProtoReflect() protoreflect.Message
func (*ValidatePeerCertificateChainResp) Reset ¶
func (x *ValidatePeerCertificateChainResp) Reset()
func (*ValidatePeerCertificateChainResp) String ¶
func (x *ValidatePeerCertificateChainResp) String() string
type ValidatePeerCertificateChainResp_ValidationResult ¶
type ValidatePeerCertificateChainResp_ValidationResult int32
const ( ValidatePeerCertificateChainResp_UNSPECIFIED ValidatePeerCertificateChainResp_ValidationResult = 0 ValidatePeerCertificateChainResp_SUCCESS ValidatePeerCertificateChainResp_ValidationResult = 1 ValidatePeerCertificateChainResp_FAILURE ValidatePeerCertificateChainResp_ValidationResult = 2 )
func (ValidatePeerCertificateChainResp_ValidationResult) Descriptor ¶
func (ValidatePeerCertificateChainResp_ValidationResult) Descriptor() protoreflect.EnumDescriptor
func (ValidatePeerCertificateChainResp_ValidationResult) Enum ¶
func (ValidatePeerCertificateChainResp_ValidationResult) EnumDescriptor
deprecated
func (ValidatePeerCertificateChainResp_ValidationResult) EnumDescriptor() ([]byte, []int)
Deprecated: Use ValidatePeerCertificateChainResp_ValidationResult.Descriptor instead.
func (ValidatePeerCertificateChainResp_ValidationResult) Number ¶
func (x ValidatePeerCertificateChainResp_ValidationResult) Number() protoreflect.EnumNumber
func (ValidatePeerCertificateChainResp_ValidationResult) String ¶
func (x ValidatePeerCertificateChainResp_ValidationResult) String() string