s2a_go_proto

package
v0.1.7 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 1, 2023 License: Apache-2.0 Imports: 11 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	S2AService_SetUpSession_FullMethodName = "/s2a.proto.v2.S2AService/SetUpSession"
)

Variables

View Source 
var (
	SignatureAlgorithm_name = map[int32]string{
		0:  "S2A_SSL_SIGN_UNSPECIFIED",
		1:  "S2A_SSL_SIGN_RSA_PKCS1_SHA256",
		2:  "S2A_SSL_SIGN_RSA_PKCS1_SHA384",
		3:  "S2A_SSL_SIGN_RSA_PKCS1_SHA512",
		4:  "S2A_SSL_SIGN_ECDSA_SECP256R1_SHA256",
		5:  "S2A_SSL_SIGN_ECDSA_SECP384R1_SHA384",
		6:  "S2A_SSL_SIGN_ECDSA_SECP521R1_SHA512",
		7:  "S2A_SSL_SIGN_RSA_PSS_RSAE_SHA256",
		8:  "S2A_SSL_SIGN_RSA_PSS_RSAE_SHA384",
		9:  "S2A_SSL_SIGN_RSA_PSS_RSAE_SHA512",
		10: "S2A_SSL_SIGN_ED25519",
	}
	SignatureAlgorithm_value = map[string]int32{
		"S2A_SSL_SIGN_UNSPECIFIED":            0,
		"S2A_SSL_SIGN_RSA_PKCS1_SHA256":       1,
		"S2A_SSL_SIGN_RSA_PKCS1_SHA384":       2,
		"S2A_SSL_SIGN_RSA_PKCS1_SHA512":       3,
		"S2A_SSL_SIGN_ECDSA_SECP256R1_SHA256": 4,
		"S2A_SSL_SIGN_ECDSA_SECP384R1_SHA384": 5,
		"S2A_SSL_SIGN_ECDSA_SECP521R1_SHA512": 6,
		"S2A_SSL_SIGN_RSA_PSS_RSAE_SHA256":    7,
		"S2A_SSL_SIGN_RSA_PSS_RSAE_SHA384":    8,
		"S2A_SSL_SIGN_RSA_PSS_RSAE_SHA512":    9,
		"S2A_SSL_SIGN_ED25519":                10,
	}
)

Enum value maps for SignatureAlgorithm.

View Source 
var (
	GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate_name = map[int32]string{
		0: "UNSPECIFIED",
		1: "DONT_REQUEST_CLIENT_CERTIFICATE",
		2: "REQUEST_CLIENT_CERTIFICATE_BUT_DONT_VERIFY",
		3: "REQUEST_CLIENT_CERTIFICATE_AND_VERIFY",
		4: "REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_BUT_DONT_VERIFY",
		5: "REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY",
	}
	GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate_value = map[string]int32{
		"UNSPECIFIED":                                            0,
		"DONT_REQUEST_CLIENT_CERTIFICATE":                        1,
		"REQUEST_CLIENT_CERTIFICATE_BUT_DONT_VERIFY":             2,
		"REQUEST_CLIENT_CERTIFICATE_AND_VERIFY":                  3,
		"REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_BUT_DONT_VERIFY": 4,
		"REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY":      5,
	}
)

Enum value maps for GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate.

View Source 
var (
	OffloadPrivateKeyOperationReq_PrivateKeyOperation_name = map[int32]string{
		0: "UNSPECIFIED",
		1: "SIGN",
		2: "DECRYPT",
	}
	OffloadPrivateKeyOperationReq_PrivateKeyOperation_value = map[string]int32{
		"UNSPECIFIED": 0,
		"SIGN":        1,
		"DECRYPT":     2,
	}
)

Enum value maps for OffloadPrivateKeyOperationReq_PrivateKeyOperation.

View Source 
var (
	OffloadResumptionKeyOperationReq_ResumptionKeyOperation_name = map[int32]string{
		0: "UNSPECIFIED",
		1: "ENCRYPT",
		2: "DECRYPT",
	}
	OffloadResumptionKeyOperationReq_ResumptionKeyOperation_value = map[string]int32{
		"UNSPECIFIED": 0,
		"ENCRYPT":     1,
		"DECRYPT":     2,
	}
)

Enum value maps for OffloadResumptionKeyOperationReq_ResumptionKeyOperation.

View Source 
var (
	ValidatePeerCertificateChainReq_VerificationMode_name = map[int32]string{
		0: "UNSPECIFIED",
		1: "SPIFFE",
		2: "CONNECT_TO_GOOGLE",
	}
	ValidatePeerCertificateChainReq_VerificationMode_value = map[string]int32{
		"UNSPECIFIED":       0,
		"SPIFFE":            1,
		"CONNECT_TO_GOOGLE": 2,
	}
)

Enum value maps for ValidatePeerCertificateChainReq_VerificationMode.

View Source 
var (
	ValidatePeerCertificateChainResp_ValidationResult_name = map[int32]string{
		0: "UNSPECIFIED",
		1: "SUCCESS",
		2: "FAILURE",
	}
	ValidatePeerCertificateChainResp_ValidationResult_value = map[string]int32{
		"UNSPECIFIED": 0,
		"SUCCESS":     1,
		"FAILURE":     2,
	}
)

Enum value maps for ValidatePeerCertificateChainResp_ValidationResult.

View Source 
var File_internal_proto_v2_s2a_s2a_proto protoreflect.FileDescriptor
View Source 
var S2AService_ServiceDesc = grpc.ServiceDesc{
	ServiceName: "s2a.proto.v2.S2AService",
	HandlerType: (*S2AServiceServer)(nil),
	Methods:     []grpc.MethodDesc{},
	Streams: []grpc.StreamDesc{
		{
			StreamName:    "SetUpSession",
			Handler:       _S2AService_SetUpSession_Handler,
			ServerStreams: true,
			ClientStreams: true,
		},
	},
	Metadata: "internal/proto/v2/s2a/s2a.proto",
}

S2AService_ServiceDesc is the grpc.ServiceDesc for S2AService service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified (even as a copy)

Functions

func RegisterS2AServiceServer 

func RegisterS2AServiceServer(s grpc.ServiceRegistrar, srv S2AServiceServer)

Types

type AlpnPolicy 

type AlpnPolicy struct {

	// If true, the application MUST perform ALPN negotiation.
	EnableAlpnNegotiation bool `` /* 127-byte string literal not displayed */
	// The ordered list of ALPN protocols that specify how the application SHOULD
	// negotiate ALPN during the TLS handshake.
	//
	// The application MAY ignore any ALPN protocols in this list that are not
	// supported by the application.
	AlpnProtocols []common_go_proto.AlpnProtocol `` /* 139-byte string literal not displayed */
	// contains filtered or unexported fields
}

func (*AlpnPolicy) Descriptor deprecated 

func (*AlpnPolicy) Descriptor() ([]byte, []int)

Deprecated: Use AlpnPolicy.ProtoReflect.Descriptor instead.

func (*AlpnPolicy) GetAlpnProtocols 

func (x *AlpnPolicy) GetAlpnProtocols() []common_go_proto.AlpnProtocol

func (*AlpnPolicy) GetEnableAlpnNegotiation 

func (x *AlpnPolicy) GetEnableAlpnNegotiation() bool

func (*AlpnPolicy) ProtoMessage 

func (*AlpnPolicy) ProtoMessage()

func (*AlpnPolicy) ProtoReflect 

func (x *AlpnPolicy) ProtoReflect() protoreflect.Message

func (*AlpnPolicy) Reset 

func (x *AlpnPolicy) Reset()

func (*AlpnPolicy) String 

func (x *AlpnPolicy) String() string

type AuthenticationMechanism 

type AuthenticationMechanism struct {

	// Applications may specify an identity associated to an authentication
	// mechanism. Otherwise, S2A assumes that the authentication mechanism is
	// associated with the default identity. If the default identity cannot be
	// determined, the request is rejected.
	Identity *common_go_proto1.Identity `protobuf:"bytes,1,opt,name=identity,proto3" json:"identity,omitempty"`
	// Types that are assignable to MechanismOneof:
	//
	//	*AuthenticationMechanism_Token
	MechanismOneof isAuthenticationMechanism_MechanismOneof `protobuf_oneof:"mechanism_oneof"`
	// contains filtered or unexported fields
}

func (*AuthenticationMechanism) Descriptor deprecated 

func (*AuthenticationMechanism) Descriptor() ([]byte, []int)

Deprecated: Use AuthenticationMechanism.ProtoReflect.Descriptor instead.

func (*AuthenticationMechanism) GetIdentity 

func (x *AuthenticationMechanism) GetIdentity() *common_go_proto1.Identity

func (*AuthenticationMechanism) GetMechanismOneof 

func (m *AuthenticationMechanism) GetMechanismOneof() isAuthenticationMechanism_MechanismOneof

func (*AuthenticationMechanism) GetToken 

func (x *AuthenticationMechanism) GetToken() string

func (*AuthenticationMechanism) ProtoMessage 

func (*AuthenticationMechanism) ProtoMessage()

func (*AuthenticationMechanism) ProtoReflect 

func (x *AuthenticationMechanism) ProtoReflect() protoreflect.Message

func (*AuthenticationMechanism) Reset 

func (x *AuthenticationMechanism) Reset()

func (*AuthenticationMechanism) String 

func (x *AuthenticationMechanism) String() string

type AuthenticationMechanism_Token 

type AuthenticationMechanism_Token struct {
	// A token that the application uses to authenticate itself to S2A.
	Token string `protobuf:"bytes,2,opt,name=token,proto3,oneof"`
}

type GetTlsConfigurationReq 

type GetTlsConfigurationReq struct {

	// The role of the application in the TLS connection.
	ConnectionSide common_go_proto.ConnectionSide `` /* 137-byte string literal not displayed */
	// The server name indication (SNI) extension, which MAY be populated when a
	// server is offloading to S2A. The SNI is used to determine the server
	// identity if the local identity in the request is empty.
	Sni string `protobuf:"bytes,2,opt,name=sni,proto3" json:"sni,omitempty"`
	// contains filtered or unexported fields
}

func (*GetTlsConfigurationReq) Descriptor deprecated 

func (*GetTlsConfigurationReq) Descriptor() ([]byte, []int)

Deprecated: Use GetTlsConfigurationReq.ProtoReflect.Descriptor instead.

func (*GetTlsConfigurationReq) GetConnectionSide 

func (x *GetTlsConfigurationReq) GetConnectionSide() common_go_proto.ConnectionSide

func (*GetTlsConfigurationReq) GetSni 

func (x *GetTlsConfigurationReq) GetSni() string

func (*GetTlsConfigurationReq) ProtoMessage 

func (*GetTlsConfigurationReq) ProtoMessage()

func (*GetTlsConfigurationReq) ProtoReflect 

func (x *GetTlsConfigurationReq) ProtoReflect() protoreflect.Message

func (*GetTlsConfigurationReq) Reset 

func (x *GetTlsConfigurationReq) Reset()

func (*GetTlsConfigurationReq) String 

func (x *GetTlsConfigurationReq) String() string

type GetTlsConfigurationResp 

type GetTlsConfigurationResp struct {

	// Types that are assignable to TlsConfiguration:
	//
	//	*GetTlsConfigurationResp_ClientTlsConfiguration_
	//	*GetTlsConfigurationResp_ServerTlsConfiguration_
	TlsConfiguration isGetTlsConfigurationResp_TlsConfiguration `protobuf_oneof:"tls_configuration"`
	// contains filtered or unexported fields
}

func (*GetTlsConfigurationResp) Descriptor deprecated 

func (*GetTlsConfigurationResp) Descriptor() ([]byte, []int)

Deprecated: Use GetTlsConfigurationResp.ProtoReflect.Descriptor instead.

func (*GetTlsConfigurationResp) GetClientTlsConfiguration 

func (x *GetTlsConfigurationResp) GetClientTlsConfiguration() *GetTlsConfigurationResp_ClientTlsConfiguration

func (*GetTlsConfigurationResp) GetServerTlsConfiguration 

func (x *GetTlsConfigurationResp) GetServerTlsConfiguration() *GetTlsConfigurationResp_ServerTlsConfiguration

func (*GetTlsConfigurationResp) GetTlsConfiguration 

func (m *GetTlsConfigurationResp) GetTlsConfiguration() isGetTlsConfigurationResp_TlsConfiguration

func (*GetTlsConfigurationResp) ProtoMessage 

func (*GetTlsConfigurationResp) ProtoMessage()

func (*GetTlsConfigurationResp) ProtoReflect 

func (x *GetTlsConfigurationResp) ProtoReflect() protoreflect.Message

func (*GetTlsConfigurationResp) Reset 

func (x *GetTlsConfigurationResp) Reset()

func (*GetTlsConfigurationResp) String 

func (x *GetTlsConfigurationResp) String() string

type GetTlsConfigurationResp_ClientTlsConfiguration 

type GetTlsConfigurationResp_ClientTlsConfiguration struct {

	// The certificate chain that the client MUST use for the TLS handshake.
	// It's a list of PEM-encoded certificates, ordered from leaf to root,
	// excluding the root.
	CertificateChain []string `protobuf:"bytes,1,rep,name=certificate_chain,json=certificateChain,proto3" json:"certificate_chain,omitempty"`
	// The minimum TLS version number that the client MUST use for the TLS
	// handshake. If this field is not provided, the client MUST use the default
	// minimum version of the client's TLS library.
	MinTlsVersion common_go_proto.TLSVersion `` /* 132-byte string literal not displayed */
	// The maximum TLS version number that the client MUST use for the TLS
	// handshake. If this field is not provided, the client MUST use the default
	// maximum version of the client's TLS library.
	MaxTlsVersion common_go_proto.TLSVersion `` /* 132-byte string literal not displayed */
	// The ordered list of TLS 1.0-1.2 ciphersuites that the client MAY offer to
	// negotiate in the TLS handshake.
	Ciphersuites []common_go_proto.Ciphersuite `protobuf:"varint,6,rep,packed,name=ciphersuites,proto3,enum=s2a.proto.v2.Ciphersuite" json:"ciphersuites,omitempty"`
	// The policy that dictates how the client negotiates ALPN during the TLS
	// handshake.
	AlpnPolicy *AlpnPolicy `protobuf:"bytes,7,opt,name=alpn_policy,json=alpnPolicy,proto3" json:"alpn_policy,omitempty"`
	// contains filtered or unexported fields
}

Next ID: 8

func (*GetTlsConfigurationResp_ClientTlsConfiguration) Descriptor deprecated 

func (*GetTlsConfigurationResp_ClientTlsConfiguration) Descriptor() ([]byte, []int)

Deprecated: Use GetTlsConfigurationResp_ClientTlsConfiguration.ProtoReflect.Descriptor instead.

func (*GetTlsConfigurationResp_ClientTlsConfiguration) GetAlpnPolicy 

func (x *GetTlsConfigurationResp_ClientTlsConfiguration) GetAlpnPolicy() *AlpnPolicy

func (*GetTlsConfigurationResp_ClientTlsConfiguration) GetCertificateChain 

func (x *GetTlsConfigurationResp_ClientTlsConfiguration) GetCertificateChain() []string

func (*GetTlsConfigurationResp_ClientTlsConfiguration) GetCiphersuites 

func (x *GetTlsConfigurationResp_ClientTlsConfiguration) GetCiphersuites() []common_go_proto.Ciphersuite

func (*GetTlsConfigurationResp_ClientTlsConfiguration) GetMaxTlsVersion 

func (x *GetTlsConfigurationResp_ClientTlsConfiguration) GetMaxTlsVersion() common_go_proto.TLSVersion

func (*GetTlsConfigurationResp_ClientTlsConfiguration) GetMinTlsVersion 

func (x *GetTlsConfigurationResp_ClientTlsConfiguration) GetMinTlsVersion() common_go_proto.TLSVersion

func (*GetTlsConfigurationResp_ClientTlsConfiguration) ProtoMessage 

func (*GetTlsConfigurationResp_ClientTlsConfiguration) ProtoMessage()

func (*GetTlsConfigurationResp_ClientTlsConfiguration) ProtoReflect 

func (x *GetTlsConfigurationResp_ClientTlsConfiguration) ProtoReflect() protoreflect.Message

func (*GetTlsConfigurationResp_ClientTlsConfiguration) Reset 

func (x *GetTlsConfigurationResp_ClientTlsConfiguration) Reset()

func (*GetTlsConfigurationResp_ClientTlsConfiguration) String 

func (x *GetTlsConfigurationResp_ClientTlsConfiguration) String() string

type GetTlsConfigurationResp_ClientTlsConfiguration_ 

type GetTlsConfigurationResp_ClientTlsConfiguration_ struct {
	ClientTlsConfiguration *GetTlsConfigurationResp_ClientTlsConfiguration `protobuf:"bytes,1,opt,name=client_tls_configuration,json=clientTlsConfiguration,proto3,oneof"`
}

type GetTlsConfigurationResp_ServerTlsConfiguration 

type GetTlsConfigurationResp_ServerTlsConfiguration struct {

	// The certificate chain that the server MUST use for the TLS handshake.
	// It's a list of PEM-encoded certificates, ordered from leaf to root,
	// excluding the root.
	CertificateChain []string `protobuf:"bytes,1,rep,name=certificate_chain,json=certificateChain,proto3" json:"certificate_chain,omitempty"`
	// The minimum TLS version number that the server MUST use for the TLS
	// handshake. If this field is not provided, the server MUST use the default
	// minimum version of the server's TLS library.
	MinTlsVersion common_go_proto.TLSVersion `` /* 132-byte string literal not displayed */
	// The maximum TLS version number that the server MUST use for the TLS
	// handshake. If this field is not provided, the server MUST use the default
	// maximum version of the server's TLS library.
	MaxTlsVersion common_go_proto.TLSVersion `` /* 132-byte string literal not displayed */
	// The ordered list of TLS 1.0-1.2 ciphersuites that the server MAY offer to
	// negotiate in the TLS handshake.
	Ciphersuites []common_go_proto.Ciphersuite `protobuf:"varint,10,rep,packed,name=ciphersuites,proto3,enum=s2a.proto.v2.Ciphersuite" json:"ciphersuites,omitempty"`
	// Whether to enable TLS resumption.
	TlsResumptionEnabled bool `protobuf:"varint,6,opt,name=tls_resumption_enabled,json=tlsResumptionEnabled,proto3" json:"tls_resumption_enabled,omitempty"`
	// Whether the server MUST request a client certificate (i.e. to negotiate
	// TLS vs. mTLS).
	RequestClientCertificate GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate `` /* 226-byte string literal not displayed */
	// Returns the maximum number of extra bytes that
	// |OffloadResumptionKeyOperation| can add to the number of unencrypted
	// bytes to form the encrypted bytes.
	MaxOverheadOfTicketAead uint32 `` /* 137-byte string literal not displayed */
	// The policy that dictates how the server negotiates ALPN during the TLS
	// handshake.
	AlpnPolicy *AlpnPolicy `protobuf:"bytes,11,opt,name=alpn_policy,json=alpnPolicy,proto3" json:"alpn_policy,omitempty"`
	// contains filtered or unexported fields
}

Next ID: 12

func (*GetTlsConfigurationResp_ServerTlsConfiguration) Descriptor deprecated 

func (*GetTlsConfigurationResp_ServerTlsConfiguration) Descriptor() ([]byte, []int)

Deprecated: Use GetTlsConfigurationResp_ServerTlsConfiguration.ProtoReflect.Descriptor instead.

func (*GetTlsConfigurationResp_ServerTlsConfiguration) GetAlpnPolicy 

func (x *GetTlsConfigurationResp_ServerTlsConfiguration) GetAlpnPolicy() *AlpnPolicy

func (*GetTlsConfigurationResp_ServerTlsConfiguration) GetCertificateChain 

func (x *GetTlsConfigurationResp_ServerTlsConfiguration) GetCertificateChain() []string

func (*GetTlsConfigurationResp_ServerTlsConfiguration) GetCiphersuites 

func (x *GetTlsConfigurationResp_ServerTlsConfiguration) GetCiphersuites() []common_go_proto.Ciphersuite

func (*GetTlsConfigurationResp_ServerTlsConfiguration) GetMaxOverheadOfTicketAead 

func (x *GetTlsConfigurationResp_ServerTlsConfiguration) GetMaxOverheadOfTicketAead() uint32

func (*GetTlsConfigurationResp_ServerTlsConfiguration) GetMaxTlsVersion 

func (x *GetTlsConfigurationResp_ServerTlsConfiguration) GetMaxTlsVersion() common_go_proto.TLSVersion

func (*GetTlsConfigurationResp_ServerTlsConfiguration) GetMinTlsVersion 

func (x *GetTlsConfigurationResp_ServerTlsConfiguration) GetMinTlsVersion() common_go_proto.TLSVersion

func (*GetTlsConfigurationResp_ServerTlsConfiguration) GetRequestClientCertificate 

func (x *GetTlsConfigurationResp_ServerTlsConfiguration) GetRequestClientCertificate() GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate

func (*GetTlsConfigurationResp_ServerTlsConfiguration) GetTlsResumptionEnabled 

func (x *GetTlsConfigurationResp_ServerTlsConfiguration) GetTlsResumptionEnabled() bool

func (*GetTlsConfigurationResp_ServerTlsConfiguration) ProtoMessage 

func (*GetTlsConfigurationResp_ServerTlsConfiguration) ProtoMessage()

func (*GetTlsConfigurationResp_ServerTlsConfiguration) ProtoReflect 

func (x *GetTlsConfigurationResp_ServerTlsConfiguration) ProtoReflect() protoreflect.Message

func (*GetTlsConfigurationResp_ServerTlsConfiguration) Reset 

func (x *GetTlsConfigurationResp_ServerTlsConfiguration) Reset()

func (*GetTlsConfigurationResp_ServerTlsConfiguration) String 

func (x *GetTlsConfigurationResp_ServerTlsConfiguration) String() string

type GetTlsConfigurationResp_ServerTlsConfiguration_ 

type GetTlsConfigurationResp_ServerTlsConfiguration_ struct {
	ServerTlsConfiguration *GetTlsConfigurationResp_ServerTlsConfiguration `protobuf:"bytes,2,opt,name=server_tls_configuration,json=serverTlsConfiguration,proto3,oneof"`
}

type GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate 

type GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate int32
const (
	GetTlsConfigurationResp_ServerTlsConfiguration_UNSPECIFIED                                            GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate = 0
	GetTlsConfigurationResp_ServerTlsConfiguration_DONT_REQUEST_CLIENT_CERTIFICATE                        GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate = 1
	GetTlsConfigurationResp_ServerTlsConfiguration_REQUEST_CLIENT_CERTIFICATE_BUT_DONT_VERIFY             GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate = 2
	GetTlsConfigurationResp_ServerTlsConfiguration_REQUEST_CLIENT_CERTIFICATE_AND_VERIFY                  GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate = 3
	GetTlsConfigurationResp_ServerTlsConfiguration_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_BUT_DONT_VERIFY GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate = 4
	GetTlsConfigurationResp_ServerTlsConfiguration_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY      GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate = 5
)

func (GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate) Descriptor 

func (GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate) Descriptor() protoreflect.EnumDescriptor

func (GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate) Enum 

func (x GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate) Enum() *GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate

func (GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate) EnumDescriptor deprecated 

func (GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate) EnumDescriptor() ([]byte, []int)

Deprecated: Use GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate.Descriptor instead.

func (GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate) Number 

func (x GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate) Number() protoreflect.EnumNumber

func (GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate) String 

func (x GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate) String() string

func (GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate) Type 

func (GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate) Type() protoreflect.EnumType

type OffloadPrivateKeyOperationReq 

type OffloadPrivateKeyOperationReq struct {

	// The operation the private key is used for.
	Operation OffloadPrivateKeyOperationReq_PrivateKeyOperation `` /* 140-byte string literal not displayed */
	// The signature algorithm to be used for signing operations.
	SignatureAlgorithm SignatureAlgorithm `` /* 153-byte string literal not displayed */
	// The input bytes to be signed or decrypted.
	//
	// Types that are assignable to InBytes:
	//
	//	*OffloadPrivateKeyOperationReq_RawBytes
	//	*OffloadPrivateKeyOperationReq_Sha256Digest
	//	*OffloadPrivateKeyOperationReq_Sha384Digest
	//	*OffloadPrivateKeyOperationReq_Sha512Digest
	InBytes isOffloadPrivateKeyOperationReq_InBytes `protobuf_oneof:"in_bytes"`
	// contains filtered or unexported fields
}

func (*OffloadPrivateKeyOperationReq) Descriptor deprecated 

func (*OffloadPrivateKeyOperationReq) Descriptor() ([]byte, []int)

Deprecated: Use OffloadPrivateKeyOperationReq.ProtoReflect.Descriptor instead.

func (*OffloadPrivateKeyOperationReq) GetInBytes 

func (m *OffloadPrivateKeyOperationReq) GetInBytes() isOffloadPrivateKeyOperationReq_InBytes

func (*OffloadPrivateKeyOperationReq) GetOperation 

func (x *OffloadPrivateKeyOperationReq) GetOperation() OffloadPrivateKeyOperationReq_PrivateKeyOperation

func (*OffloadPrivateKeyOperationReq) GetRawBytes 

func (x *OffloadPrivateKeyOperationReq) GetRawBytes() []byte

func (*OffloadPrivateKeyOperationReq) GetSha256Digest 

func (x *OffloadPrivateKeyOperationReq) GetSha256Digest() []byte

func (*OffloadPrivateKeyOperationReq) GetSha384Digest 

func (x *OffloadPrivateKeyOperationReq) GetSha384Digest() []byte

func (*OffloadPrivateKeyOperationReq) GetSha512Digest 

func (x *OffloadPrivateKeyOperationReq) GetSha512Digest() []byte

func (*OffloadPrivateKeyOperationReq) GetSignatureAlgorithm 

func (x *OffloadPrivateKeyOperationReq) GetSignatureAlgorithm() SignatureAlgorithm

func (*OffloadPrivateKeyOperationReq) ProtoMessage 

func (*OffloadPrivateKeyOperationReq) ProtoMessage()

func (*OffloadPrivateKeyOperationReq) ProtoReflect 

func (x *OffloadPrivateKeyOperationReq) ProtoReflect() protoreflect.Message

func (*OffloadPrivateKeyOperationReq) Reset 

func (x *OffloadPrivateKeyOperationReq) Reset()

func (*OffloadPrivateKeyOperationReq) String 

func (x *OffloadPrivateKeyOperationReq) String() string

type OffloadPrivateKeyOperationReq_PrivateKeyOperation 

type OffloadPrivateKeyOperationReq_PrivateKeyOperation int32
const (
	OffloadPrivateKeyOperationReq_UNSPECIFIED OffloadPrivateKeyOperationReq_PrivateKeyOperation = 0
	// When performing a TLS 1.2 or 1.3 handshake, the (partial) transcript of
	// the TLS handshake must be signed to prove possession of the private key.
	//
	// See https://www.rfc-editor.org/rfc/rfc8446.html#section-4.4.3.
	OffloadPrivateKeyOperationReq_SIGN OffloadPrivateKeyOperationReq_PrivateKeyOperation = 1
	// When performing a TLS 1.2 handshake using an RSA algorithm, the key
	// exchange algorithm involves the client generating a premaster secret,
	// encrypting it using the server's public key, and sending this encrypted
	// blob to the server in a ClientKeyExchange message.
	//
	// See https://www.rfc-editor.org/rfc/rfc4346#section-7.4.7.1.
	OffloadPrivateKeyOperationReq_DECRYPT OffloadPrivateKeyOperationReq_PrivateKeyOperation = 2
)

func (OffloadPrivateKeyOperationReq_PrivateKeyOperation) Descriptor 

func (OffloadPrivateKeyOperationReq_PrivateKeyOperation) Descriptor() protoreflect.EnumDescriptor

func (OffloadPrivateKeyOperationReq_PrivateKeyOperation) Enum 

func (x OffloadPrivateKeyOperationReq_PrivateKeyOperation) Enum() *OffloadPrivateKeyOperationReq_PrivateKeyOperation

func (OffloadPrivateKeyOperationReq_PrivateKeyOperation) EnumDescriptor deprecated 

func (OffloadPrivateKeyOperationReq_PrivateKeyOperation) EnumDescriptor() ([]byte, []int)

Deprecated: Use OffloadPrivateKeyOperationReq_PrivateKeyOperation.Descriptor instead.

func (OffloadPrivateKeyOperationReq_PrivateKeyOperation) Number 

func (x OffloadPrivateKeyOperationReq_PrivateKeyOperation) Number() protoreflect.EnumNumber

func (OffloadPrivateKeyOperationReq_PrivateKeyOperation) String 

func (x OffloadPrivateKeyOperationReq_PrivateKeyOperation) String() string

func (OffloadPrivateKeyOperationReq_PrivateKeyOperation) Type 

func (OffloadPrivateKeyOperationReq_PrivateKeyOperation) Type() protoreflect.EnumType

type OffloadPrivateKeyOperationReq_RawBytes 

type OffloadPrivateKeyOperationReq_RawBytes struct {
	// Raw bytes to be hashed and signed, or decrypted.
	RawBytes []byte `protobuf:"bytes,4,opt,name=raw_bytes,json=rawBytes,proto3,oneof"`
}

type OffloadPrivateKeyOperationReq_Sha256Digest 

type OffloadPrivateKeyOperationReq_Sha256Digest struct {
	// A SHA256 hash to be signed. Must be 32 bytes.
	Sha256Digest []byte `protobuf:"bytes,5,opt,name=sha256_digest,json=sha256Digest,proto3,oneof"`
}

type OffloadPrivateKeyOperationReq_Sha384Digest 

type OffloadPrivateKeyOperationReq_Sha384Digest struct {
	// A SHA384 hash to be signed. Must be 48 bytes.
	Sha384Digest []byte `protobuf:"bytes,6,opt,name=sha384_digest,json=sha384Digest,proto3,oneof"`
}

type OffloadPrivateKeyOperationReq_Sha512Digest 

type OffloadPrivateKeyOperationReq_Sha512Digest struct {
	// A SHA512 hash to be signed. Must be 64 bytes.
	Sha512Digest []byte `protobuf:"bytes,7,opt,name=sha512_digest,json=sha512Digest,proto3,oneof"`
}

type OffloadPrivateKeyOperationResp 

type OffloadPrivateKeyOperationResp struct {

	// The signed or decrypted output bytes.
	OutBytes []byte `protobuf:"bytes,1,opt,name=out_bytes,json=outBytes,proto3" json:"out_bytes,omitempty"`
	// contains filtered or unexported fields
}

func (*OffloadPrivateKeyOperationResp) Descriptor deprecated 

func (*OffloadPrivateKeyOperationResp) Descriptor() ([]byte, []int)

Deprecated: Use OffloadPrivateKeyOperationResp.ProtoReflect.Descriptor instead.

func (*OffloadPrivateKeyOperationResp) GetOutBytes 

func (x *OffloadPrivateKeyOperationResp) GetOutBytes() []byte

func (*OffloadPrivateKeyOperationResp) ProtoMessage 

func (*OffloadPrivateKeyOperationResp) ProtoMessage()

func (*OffloadPrivateKeyOperationResp) ProtoReflect 

func (x *OffloadPrivateKeyOperationResp) ProtoReflect() protoreflect.Message

func (*OffloadPrivateKeyOperationResp) Reset 

func (x *OffloadPrivateKeyOperationResp) Reset()

func (*OffloadPrivateKeyOperationResp) String 

func (x *OffloadPrivateKeyOperationResp) String() string

type OffloadResumptionKeyOperationReq 

type OffloadResumptionKeyOperationReq struct {

	// The operation the resumption key is used for.
	Operation OffloadResumptionKeyOperationReq_ResumptionKeyOperation `` /* 146-byte string literal not displayed */
	// The bytes to be encrypted or decrypted.
	InBytes []byte `protobuf:"bytes,2,opt,name=in_bytes,json=inBytes,proto3" json:"in_bytes,omitempty"`
	// contains filtered or unexported fields
}

func (*OffloadResumptionKeyOperationReq) Descriptor deprecated 

func (*OffloadResumptionKeyOperationReq) Descriptor() ([]byte, []int)

Deprecated: Use OffloadResumptionKeyOperationReq.ProtoReflect.Descriptor instead.

func (*OffloadResumptionKeyOperationReq) GetInBytes 

func (x *OffloadResumptionKeyOperationReq) GetInBytes() []byte

func (*OffloadResumptionKeyOperationReq) GetOperation 

func (x *OffloadResumptionKeyOperationReq) GetOperation() OffloadResumptionKeyOperationReq_ResumptionKeyOperation

func (*OffloadResumptionKeyOperationReq) ProtoMessage 

func (*OffloadResumptionKeyOperationReq) ProtoMessage()

func (*OffloadResumptionKeyOperationReq) ProtoReflect 

func (x *OffloadResumptionKeyOperationReq) ProtoReflect() protoreflect.Message

func (*OffloadResumptionKeyOperationReq) Reset 

func (x *OffloadResumptionKeyOperationReq) Reset()

func (*OffloadResumptionKeyOperationReq) String 

func (x *OffloadResumptionKeyOperationReq) String() string

type OffloadResumptionKeyOperationReq_ResumptionKeyOperation 

type OffloadResumptionKeyOperationReq_ResumptionKeyOperation int32
const (
	OffloadResumptionKeyOperationReq_UNSPECIFIED OffloadResumptionKeyOperationReq_ResumptionKeyOperation = 0
	OffloadResumptionKeyOperationReq_ENCRYPT     OffloadResumptionKeyOperationReq_ResumptionKeyOperation = 1
	OffloadResumptionKeyOperationReq_DECRYPT     OffloadResumptionKeyOperationReq_ResumptionKeyOperation = 2
)

func (OffloadResumptionKeyOperationReq_ResumptionKeyOperation) Descriptor 

func (OffloadResumptionKeyOperationReq_ResumptionKeyOperation) Descriptor() protoreflect.EnumDescriptor

func (OffloadResumptionKeyOperationReq_ResumptionKeyOperation) Enum 

func (x OffloadResumptionKeyOperationReq_ResumptionKeyOperation) Enum() *OffloadResumptionKeyOperationReq_ResumptionKeyOperation

func (OffloadResumptionKeyOperationReq_ResumptionKeyOperation) EnumDescriptor deprecated 

func (OffloadResumptionKeyOperationReq_ResumptionKeyOperation) EnumDescriptor() ([]byte, []int)

Deprecated: Use OffloadResumptionKeyOperationReq_ResumptionKeyOperation.Descriptor instead.

func (OffloadResumptionKeyOperationReq_ResumptionKeyOperation) Number 

func (x OffloadResumptionKeyOperationReq_ResumptionKeyOperation) Number() protoreflect.EnumNumber

func (OffloadResumptionKeyOperationReq_ResumptionKeyOperation) String 

func (x OffloadResumptionKeyOperationReq_ResumptionKeyOperation) String() string

func (OffloadResumptionKeyOperationReq_ResumptionKeyOperation) Type 

func (OffloadResumptionKeyOperationReq_ResumptionKeyOperation) Type() protoreflect.EnumType

type OffloadResumptionKeyOperationResp 

type OffloadResumptionKeyOperationResp struct {

	// The encrypted or decrypted bytes.
	OutBytes []byte `protobuf:"bytes,1,opt,name=out_bytes,json=outBytes,proto3" json:"out_bytes,omitempty"`
	// contains filtered or unexported fields
}

func (*OffloadResumptionKeyOperationResp) Descriptor deprecated 

func (*OffloadResumptionKeyOperationResp) Descriptor() ([]byte, []int)

Deprecated: Use OffloadResumptionKeyOperationResp.ProtoReflect.Descriptor instead.

func (*OffloadResumptionKeyOperationResp) GetOutBytes 

func (x *OffloadResumptionKeyOperationResp) GetOutBytes() []byte

func (*OffloadResumptionKeyOperationResp) ProtoMessage 

func (*OffloadResumptionKeyOperationResp) ProtoMessage()

func (*OffloadResumptionKeyOperationResp) ProtoReflect 

func (x *OffloadResumptionKeyOperationResp) ProtoReflect() protoreflect.Message

func (*OffloadResumptionKeyOperationResp) Reset 

func (x *OffloadResumptionKeyOperationResp) Reset()

func (*OffloadResumptionKeyOperationResp) String 

func (x *OffloadResumptionKeyOperationResp) String() string

type S2AServiceClient 

type S2AServiceClient interface {
	// SetUpSession is a bidirectional stream used by applications to offload
	// operations from the TLS handshake.
	SetUpSession(ctx context.Context, opts ...grpc.CallOption) (S2AService_SetUpSessionClient, error)
}

S2AServiceClient is the client API for S2AService service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.golang.ir/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.

func NewS2AServiceClient 

func NewS2AServiceClient(cc grpc.ClientConnInterface) S2AServiceClient

type S2AServiceServer 

type S2AServiceServer interface {
	// SetUpSession is a bidirectional stream used by applications to offload
	// operations from the TLS handshake.
	SetUpSession(S2AService_SetUpSessionServer) error
	// contains filtered or unexported methods
}

S2AServiceServer is the server API for S2AService service. All implementations must embed UnimplementedS2AServiceServer for forward compatibility

type S2AService_SetUpSessionClient 

type S2AService_SetUpSessionClient interface {
	Send(*SessionReq) error
	Recv() (*SessionResp, error)
	grpc.ClientStream
}

type S2AService_SetUpSessionServer 

type S2AService_SetUpSessionServer interface {
	Send(*SessionResp) error
	Recv() (*SessionReq, error)
	grpc.ServerStream
}

type SessionReq 

type SessionReq struct {

	// The identity corresponding to the TLS configurations that MUST be used for
	// the TLS handshake.
	//
	// If a managed identity already exists, the local identity and authentication
	// mechanisms are ignored. If a managed identity doesn't exist and the local
	// identity is not populated, S2A will try to deduce the managed identity to
	// use from the SNI extension. If that also fails, S2A uses the default
	// identity (if one exists).
	LocalIdentity *common_go_proto1.Identity `protobuf:"bytes,1,opt,name=local_identity,json=localIdentity,proto3" json:"local_identity,omitempty"`
	// The authentication mechanisms that the application wishes to use to
	// authenticate to S2A, ordered by preference. S2A will always use the first
	// authentication mechanism that matches the managed identity.
	AuthenticationMechanisms []*AuthenticationMechanism `` /* 133-byte string literal not displayed */
	// Types that are assignable to ReqOneof:
	//
	//	*SessionReq_GetTlsConfigurationReq
	//	*SessionReq_OffloadPrivateKeyOperationReq
	//	*SessionReq_OffloadResumptionKeyOperationReq
	//	*SessionReq_ValidatePeerCertificateChainReq
	ReqOneof isSessionReq_ReqOneof `protobuf_oneof:"req_oneof"`
	// contains filtered or unexported fields
}

func (*SessionReq) Descriptor deprecated 

func (*SessionReq) Descriptor() ([]byte, []int)

Deprecated: Use SessionReq.ProtoReflect.Descriptor instead.

func (*SessionReq) GetAuthenticationMechanisms 

func (x *SessionReq) GetAuthenticationMechanisms() []*AuthenticationMechanism

func (*SessionReq) GetGetTlsConfigurationReq 

func (x *SessionReq) GetGetTlsConfigurationReq() *GetTlsConfigurationReq

func (*SessionReq) GetLocalIdentity 

func (x *SessionReq) GetLocalIdentity() *common_go_proto1.Identity

func (*SessionReq) GetOffloadPrivateKeyOperationReq 

func (x *SessionReq) GetOffloadPrivateKeyOperationReq() *OffloadPrivateKeyOperationReq

func (*SessionReq) GetOffloadResumptionKeyOperationReq 

func (x *SessionReq) GetOffloadResumptionKeyOperationReq() *OffloadResumptionKeyOperationReq

func (*SessionReq) GetReqOneof 

func (m *SessionReq) GetReqOneof() isSessionReq_ReqOneof

func (*SessionReq) GetValidatePeerCertificateChainReq 

func (x *SessionReq) GetValidatePeerCertificateChainReq() *ValidatePeerCertificateChainReq

func (*SessionReq) ProtoMessage 

func (*SessionReq) ProtoMessage()

func (*SessionReq) ProtoReflect 

func (x *SessionReq) ProtoReflect() protoreflect.Message

func (*SessionReq) Reset 

func (x *SessionReq) Reset()

func (*SessionReq) String 

func (x *SessionReq) String() string

type SessionReq_GetTlsConfigurationReq 

type SessionReq_GetTlsConfigurationReq struct {
	// Requests the certificate chain and TLS configuration corresponding to the
	// local identity, which the application MUST use to negotiate the TLS
	// handshake.
	GetTlsConfigurationReq *GetTlsConfigurationReq `protobuf:"bytes,3,opt,name=get_tls_configuration_req,json=getTlsConfigurationReq,proto3,oneof"`
}

type SessionReq_OffloadPrivateKeyOperationReq 

type SessionReq_OffloadPrivateKeyOperationReq struct {
	// Signs or decrypts the input bytes using a private key corresponding to
	// the local identity in the request.
	//
	// WARNING: More than one OffloadPrivateKeyOperationReq may be sent to the
	// S2Av2 by a server during a TLS 1.2 handshake.
	OffloadPrivateKeyOperationReq *OffloadPrivateKeyOperationReq `protobuf:"bytes,4,opt,name=offload_private_key_operation_req,json=offloadPrivateKeyOperationReq,proto3,oneof"`
}

type SessionReq_OffloadResumptionKeyOperationReq 

type SessionReq_OffloadResumptionKeyOperationReq struct {
	// Encrypts or decrypts the input bytes using a resumption key corresponding
	// to the local identity in the request.
	OffloadResumptionKeyOperationReq *OffloadResumptionKeyOperationReq `protobuf:"bytes,5,opt,name=offload_resumption_key_operation_req,json=offloadResumptionKeyOperationReq,proto3,oneof"`
}

type SessionReq_ValidatePeerCertificateChainReq 

type SessionReq_ValidatePeerCertificateChainReq struct {
	// Verifies the peer's certificate chain using
	// (a) trust bundles corresponding to the local identity in the request, and
	// (b) the verification mode in the request.
	ValidatePeerCertificateChainReq *ValidatePeerCertificateChainReq `protobuf:"bytes,6,opt,name=validate_peer_certificate_chain_req,json=validatePeerCertificateChainReq,proto3,oneof"`
}

type SessionResp 

type SessionResp struct {

	// Status of the session response.
	//
	// The status field is populated so that if an error occurs when making an
	// individual request, then communication with the S2A may continue. If an
	// error is returned directly (e.g. at the gRPC layer), then it may result
	// that the bidirectional stream being closed.
	Status *Status `protobuf:"bytes,1,opt,name=status,proto3" json:"status,omitempty"`
	// Types that are assignable to RespOneof:
	//
	//	*SessionResp_GetTlsConfigurationResp
	//	*SessionResp_OffloadPrivateKeyOperationResp
	//	*SessionResp_OffloadResumptionKeyOperationResp
	//	*SessionResp_ValidatePeerCertificateChainResp
	RespOneof isSessionResp_RespOneof `protobuf_oneof:"resp_oneof"`
	// contains filtered or unexported fields
}

func (*SessionResp) Descriptor deprecated 

func (*SessionResp) Descriptor() ([]byte, []int)

Deprecated: Use SessionResp.ProtoReflect.Descriptor instead.

func (*SessionResp) GetGetTlsConfigurationResp 

func (x *SessionResp) GetGetTlsConfigurationResp() *GetTlsConfigurationResp

func (*SessionResp) GetOffloadPrivateKeyOperationResp 

func (x *SessionResp) GetOffloadPrivateKeyOperationResp() *OffloadPrivateKeyOperationResp

func (*SessionResp) GetOffloadResumptionKeyOperationResp 

func (x *SessionResp) GetOffloadResumptionKeyOperationResp() *OffloadResumptionKeyOperationResp

func (*SessionResp) GetRespOneof 

func (m *SessionResp) GetRespOneof() isSessionResp_RespOneof

func (*SessionResp) GetStatus 

func (x *SessionResp) GetStatus() *Status

func (*SessionResp) GetValidatePeerCertificateChainResp 

func (x *SessionResp) GetValidatePeerCertificateChainResp() *ValidatePeerCertificateChainResp

func (*SessionResp) ProtoMessage 

func (*SessionResp) ProtoMessage()

func (*SessionResp) ProtoReflect 

func (x *SessionResp) ProtoReflect() protoreflect.Message

func (*SessionResp) Reset 

func (x *SessionResp) Reset()

func (*SessionResp) String 

func (x *SessionResp) String() string

type SessionResp_GetTlsConfigurationResp 

type SessionResp_GetTlsConfigurationResp struct {
	// Contains the certificate chain and TLS configurations corresponding to
	// the local identity.
	GetTlsConfigurationResp *GetTlsConfigurationResp `protobuf:"bytes,2,opt,name=get_tls_configuration_resp,json=getTlsConfigurationResp,proto3,oneof"`
}

type SessionResp_OffloadPrivateKeyOperationResp 

type SessionResp_OffloadPrivateKeyOperationResp struct {
	// Contains the signed or encrypted output bytes using the private key
	// corresponding to the local identity.
	OffloadPrivateKeyOperationResp *OffloadPrivateKeyOperationResp `protobuf:"bytes,3,opt,name=offload_private_key_operation_resp,json=offloadPrivateKeyOperationResp,proto3,oneof"`
}

type SessionResp_OffloadResumptionKeyOperationResp 

type SessionResp_OffloadResumptionKeyOperationResp struct {
	// Contains the encrypted or decrypted output bytes using the resumption key
	// corresponding to the local identity.
	OffloadResumptionKeyOperationResp *OffloadResumptionKeyOperationResp `protobuf:"bytes,4,opt,name=offload_resumption_key_operation_resp,json=offloadResumptionKeyOperationResp,proto3,oneof"`
}

type SessionResp_ValidatePeerCertificateChainResp 

type SessionResp_ValidatePeerCertificateChainResp struct {
	// Contains the validation result, peer identity and fingerprints of peer
	// certificates.
	ValidatePeerCertificateChainResp *ValidatePeerCertificateChainResp `protobuf:"bytes,5,opt,name=validate_peer_certificate_chain_resp,json=validatePeerCertificateChainResp,proto3,oneof"`
}

type SignatureAlgorithm 

type SignatureAlgorithm int32
const (
	SignatureAlgorithm_S2A_SSL_SIGN_UNSPECIFIED SignatureAlgorithm = 0
	// RSA Public-Key Cryptography Standards #1.
	SignatureAlgorithm_S2A_SSL_SIGN_RSA_PKCS1_SHA256 SignatureAlgorithm = 1
	SignatureAlgorithm_S2A_SSL_SIGN_RSA_PKCS1_SHA384 SignatureAlgorithm = 2
	SignatureAlgorithm_S2A_SSL_SIGN_RSA_PKCS1_SHA512 SignatureAlgorithm = 3
	// ECDSA.
	SignatureAlgorithm_S2A_SSL_SIGN_ECDSA_SECP256R1_SHA256 SignatureAlgorithm = 4
	SignatureAlgorithm_S2A_SSL_SIGN_ECDSA_SECP384R1_SHA384 SignatureAlgorithm = 5
	SignatureAlgorithm_S2A_SSL_SIGN_ECDSA_SECP521R1_SHA512 SignatureAlgorithm = 6
	// RSA Probabilistic Signature Scheme.
	SignatureAlgorithm_S2A_SSL_SIGN_RSA_PSS_RSAE_SHA256 SignatureAlgorithm = 7
	SignatureAlgorithm_S2A_SSL_SIGN_RSA_PSS_RSAE_SHA384 SignatureAlgorithm = 8
	SignatureAlgorithm_S2A_SSL_SIGN_RSA_PSS_RSAE_SHA512 SignatureAlgorithm = 9
	// ED25519.
	SignatureAlgorithm_S2A_SSL_SIGN_ED25519 SignatureAlgorithm = 10
)

func (SignatureAlgorithm) Descriptor 

func (SignatureAlgorithm) Descriptor() protoreflect.EnumDescriptor

func (SignatureAlgorithm) Enum 

func (x SignatureAlgorithm) Enum() *SignatureAlgorithm

func (SignatureAlgorithm) EnumDescriptor deprecated 

func (SignatureAlgorithm) EnumDescriptor() ([]byte, []int)

Deprecated: Use SignatureAlgorithm.Descriptor instead.

func (SignatureAlgorithm) Number 

func (x SignatureAlgorithm) Number() protoreflect.EnumNumber

func (SignatureAlgorithm) String 

func (x SignatureAlgorithm) String() string

func (SignatureAlgorithm) Type 

func (SignatureAlgorithm) Type() protoreflect.EnumType

type Status 

type Status struct {

	// The status code that is specific to the application and the implementation
	// of S2A, e.g., gRPC status code.
	Code uint32 `protobuf:"varint,1,opt,name=code,proto3" json:"code,omitempty"`
	// The status details.
	Details string `protobuf:"bytes,2,opt,name=details,proto3" json:"details,omitempty"`
	// contains filtered or unexported fields
}

func (*Status) Descriptor deprecated 

func (*Status) Descriptor() ([]byte, []int)

Deprecated: Use Status.ProtoReflect.Descriptor instead.

func (*Status) GetCode 

func (x *Status) GetCode() uint32

func (*Status) GetDetails 

func (x *Status) GetDetails() string

func (*Status) ProtoMessage 

func (*Status) ProtoMessage()

func (*Status) ProtoReflect 

func (x *Status) ProtoReflect() protoreflect.Message

func (*Status) Reset 

func (x *Status) Reset()

func (*Status) String 

func (x *Status) String() string

type UnimplementedS2AServiceServer 

type UnimplementedS2AServiceServer struct {
}

UnimplementedS2AServiceServer must be embedded to have forward compatible implementations.

func (UnimplementedS2AServiceServer) SetUpSession 

func (UnimplementedS2AServiceServer) SetUpSession(S2AService_SetUpSessionServer) error

type UnsafeS2AServiceServer 

type UnsafeS2AServiceServer interface {
	// contains filtered or unexported methods
}

UnsafeS2AServiceServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to S2AServiceServer will result in compilation errors.

type ValidatePeerCertificateChainReq 

type ValidatePeerCertificateChainReq struct {

	// The verification mode that S2A MUST use to validate the peer certificate
	// chain.
	Mode ValidatePeerCertificateChainReq_VerificationMode `` /* 129-byte string literal not displayed */
	// Types that are assignable to PeerOneof:
	//
	//	*ValidatePeerCertificateChainReq_ClientPeer_
	//	*ValidatePeerCertificateChainReq_ServerPeer_
	PeerOneof isValidatePeerCertificateChainReq_PeerOneof `protobuf_oneof:"peer_oneof"`
	// contains filtered or unexported fields
}

func (*ValidatePeerCertificateChainReq) Descriptor deprecated 

func (*ValidatePeerCertificateChainReq) Descriptor() ([]byte, []int)

Deprecated: Use ValidatePeerCertificateChainReq.ProtoReflect.Descriptor instead.

func (*ValidatePeerCertificateChainReq) GetClientPeer 

func (x *ValidatePeerCertificateChainReq) GetClientPeer() *ValidatePeerCertificateChainReq_ClientPeer

func (*ValidatePeerCertificateChainReq) GetMode 

func (x *ValidatePeerCertificateChainReq) GetMode() ValidatePeerCertificateChainReq_VerificationMode

func (*ValidatePeerCertificateChainReq) GetPeerOneof 

func (m *ValidatePeerCertificateChainReq) GetPeerOneof() isValidatePeerCertificateChainReq_PeerOneof

func (*ValidatePeerCertificateChainReq) GetServerPeer 

func (x *ValidatePeerCertificateChainReq) GetServerPeer() *ValidatePeerCertificateChainReq_ServerPeer

func (*ValidatePeerCertificateChainReq) ProtoMessage 

func (*ValidatePeerCertificateChainReq) ProtoMessage()

func (*ValidatePeerCertificateChainReq) ProtoReflect 

func (x *ValidatePeerCertificateChainReq) ProtoReflect() protoreflect.Message

func (*ValidatePeerCertificateChainReq) Reset 

func (x *ValidatePeerCertificateChainReq) Reset()

func (*ValidatePeerCertificateChainReq) String 

func (x *ValidatePeerCertificateChainReq) String() string

type ValidatePeerCertificateChainReq_ClientPeer 

type ValidatePeerCertificateChainReq_ClientPeer struct {

	// The certificate chain to be verified. The chain MUST be a list of
	// DER-encoded certificates, ordered from leaf to root, excluding the root.
	CertificateChain [][]byte `protobuf:"bytes,1,rep,name=certificate_chain,json=certificateChain,proto3" json:"certificate_chain,omitempty"`
	// contains filtered or unexported fields
}

func (*ValidatePeerCertificateChainReq_ClientPeer) Descriptor deprecated 

func (*ValidatePeerCertificateChainReq_ClientPeer) Descriptor() ([]byte, []int)

Deprecated: Use ValidatePeerCertificateChainReq_ClientPeer.ProtoReflect.Descriptor instead.

func (*ValidatePeerCertificateChainReq_ClientPeer) GetCertificateChain 

func (x *ValidatePeerCertificateChainReq_ClientPeer) GetCertificateChain() [][]byte

func (*ValidatePeerCertificateChainReq_ClientPeer) ProtoMessage 

func (*ValidatePeerCertificateChainReq_ClientPeer) ProtoMessage()

func (*ValidatePeerCertificateChainReq_ClientPeer) ProtoReflect 

func (x *ValidatePeerCertificateChainReq_ClientPeer) ProtoReflect() protoreflect.Message

func (*ValidatePeerCertificateChainReq_ClientPeer) Reset 

func (x *ValidatePeerCertificateChainReq_ClientPeer) Reset()

func (*ValidatePeerCertificateChainReq_ClientPeer) String 

func (x *ValidatePeerCertificateChainReq_ClientPeer) String() string

type ValidatePeerCertificateChainReq_ClientPeer_ 

type ValidatePeerCertificateChainReq_ClientPeer_ struct {
	ClientPeer *ValidatePeerCertificateChainReq_ClientPeer `protobuf:"bytes,2,opt,name=client_peer,json=clientPeer,proto3,oneof"`
}

type ValidatePeerCertificateChainReq_ServerPeer 

type ValidatePeerCertificateChainReq_ServerPeer struct {

	// The certificate chain to be verified. The chain MUST be a list of
	// DER-encoded certificates, ordered from leaf to root, excluding the root.
	CertificateChain [][]byte `protobuf:"bytes,1,rep,name=certificate_chain,json=certificateChain,proto3" json:"certificate_chain,omitempty"`
	// The expected hostname of the server.
	ServerHostname string `protobuf:"bytes,2,opt,name=server_hostname,json=serverHostname,proto3" json:"server_hostname,omitempty"`
	// The UnrestrictedClientPolicy specified by the user.
	SerializedUnrestrictedClientPolicy []byte `` /* 167-byte string literal not displayed */
	// contains filtered or unexported fields
}

func (*ValidatePeerCertificateChainReq_ServerPeer) Descriptor deprecated 

func (*ValidatePeerCertificateChainReq_ServerPeer) Descriptor() ([]byte, []int)

Deprecated: Use ValidatePeerCertificateChainReq_ServerPeer.ProtoReflect.Descriptor instead.

func (*ValidatePeerCertificateChainReq_ServerPeer) GetCertificateChain 

func (x *ValidatePeerCertificateChainReq_ServerPeer) GetCertificateChain() [][]byte

func (*ValidatePeerCertificateChainReq_ServerPeer) GetSerializedUnrestrictedClientPolicy added in v0.1.4 

func (x *ValidatePeerCertificateChainReq_ServerPeer) GetSerializedUnrestrictedClientPolicy() []byte

func (*ValidatePeerCertificateChainReq_ServerPeer) GetServerHostname 

func (x *ValidatePeerCertificateChainReq_ServerPeer) GetServerHostname() string

func (*ValidatePeerCertificateChainReq_ServerPeer) ProtoMessage 

func (*ValidatePeerCertificateChainReq_ServerPeer) ProtoMessage()

func (*ValidatePeerCertificateChainReq_ServerPeer) ProtoReflect 

func (x *ValidatePeerCertificateChainReq_ServerPeer) ProtoReflect() protoreflect.Message

func (*ValidatePeerCertificateChainReq_ServerPeer) Reset 

func (x *ValidatePeerCertificateChainReq_ServerPeer) Reset()

func (*ValidatePeerCertificateChainReq_ServerPeer) String 

func (x *ValidatePeerCertificateChainReq_ServerPeer) String() string

type ValidatePeerCertificateChainReq_ServerPeer_ 

type ValidatePeerCertificateChainReq_ServerPeer_ struct {
	ServerPeer *ValidatePeerCertificateChainReq_ServerPeer `protobuf:"bytes,3,opt,name=server_peer,json=serverPeer,proto3,oneof"`
}

type ValidatePeerCertificateChainReq_VerificationMode 

type ValidatePeerCertificateChainReq_VerificationMode int32
const (
	// The default verification mode supported by S2A.
	ValidatePeerCertificateChainReq_UNSPECIFIED ValidatePeerCertificateChainReq_VerificationMode = 0
	// The SPIFFE verification mode selects the set of trusted certificates to
	// use for path building based on the SPIFFE trust domain in the peer's leaf
	// certificate.
	ValidatePeerCertificateChainReq_SPIFFE ValidatePeerCertificateChainReq_VerificationMode = 1
	// The connect-to-Google verification mode uses the trust bundle for
	// connecting to Google, e.g. *.mtls.googleapis.com endpoints.
	ValidatePeerCertificateChainReq_CONNECT_TO_GOOGLE ValidatePeerCertificateChainReq_VerificationMode = 2
)

func (ValidatePeerCertificateChainReq_VerificationMode) Descriptor 

func (ValidatePeerCertificateChainReq_VerificationMode) Descriptor() protoreflect.EnumDescriptor

func (ValidatePeerCertificateChainReq_VerificationMode) Enum 

func (x ValidatePeerCertificateChainReq_VerificationMode) Enum() *ValidatePeerCertificateChainReq_VerificationMode

func (ValidatePeerCertificateChainReq_VerificationMode) EnumDescriptor deprecated 

func (ValidatePeerCertificateChainReq_VerificationMode) EnumDescriptor() ([]byte, []int)

Deprecated: Use ValidatePeerCertificateChainReq_VerificationMode.Descriptor instead.

func (ValidatePeerCertificateChainReq_VerificationMode) Number 

func (x ValidatePeerCertificateChainReq_VerificationMode) Number() protoreflect.EnumNumber

func (ValidatePeerCertificateChainReq_VerificationMode) String 

func (x ValidatePeerCertificateChainReq_VerificationMode) String() string

func (ValidatePeerCertificateChainReq_VerificationMode) Type 

func (ValidatePeerCertificateChainReq_VerificationMode) Type() protoreflect.EnumType

type ValidatePeerCertificateChainResp 

type ValidatePeerCertificateChainResp struct {

	// The result of validating the peer certificate chain.
	ValidationResult ValidatePeerCertificateChainResp_ValidationResult `` /* 178-byte string literal not displayed */
	// The validation details. This field is only populated when the validation
	// result is NOT SUCCESS.
	ValidationDetails string `protobuf:"bytes,2,opt,name=validation_details,json=validationDetails,proto3" json:"validation_details,omitempty"`
	// The S2A context contains information from the peer certificate chain.
	//
	// The S2A context MAY be populated even if validation of the peer certificate
	// chain fails.
	Context *s2a_context_go_proto.S2AContext `protobuf:"bytes,3,opt,name=context,proto3" json:"context,omitempty"`
	// contains filtered or unexported fields
}

func (*ValidatePeerCertificateChainResp) Descriptor deprecated 

func (*ValidatePeerCertificateChainResp) Descriptor() ([]byte, []int)

Deprecated: Use ValidatePeerCertificateChainResp.ProtoReflect.Descriptor instead.

func (*ValidatePeerCertificateChainResp) GetContext 

func (x *ValidatePeerCertificateChainResp) GetContext() *s2a_context_go_proto.S2AContext

func (*ValidatePeerCertificateChainResp) GetValidationDetails 

func (x *ValidatePeerCertificateChainResp) GetValidationDetails() string

func (*ValidatePeerCertificateChainResp) GetValidationResult 

func (x *ValidatePeerCertificateChainResp) GetValidationResult() ValidatePeerCertificateChainResp_ValidationResult

func (*ValidatePeerCertificateChainResp) ProtoMessage 

func (*ValidatePeerCertificateChainResp) ProtoMessage()

func (*ValidatePeerCertificateChainResp) ProtoReflect 

func (x *ValidatePeerCertificateChainResp) ProtoReflect() protoreflect.Message

func (*ValidatePeerCertificateChainResp) Reset 

func (x *ValidatePeerCertificateChainResp) Reset()

func (*ValidatePeerCertificateChainResp) String 

func (x *ValidatePeerCertificateChainResp) String() string

type ValidatePeerCertificateChainResp_ValidationResult 

type ValidatePeerCertificateChainResp_ValidationResult int32
const (
	ValidatePeerCertificateChainResp_UNSPECIFIED ValidatePeerCertificateChainResp_ValidationResult = 0
	ValidatePeerCertificateChainResp_SUCCESS     ValidatePeerCertificateChainResp_ValidationResult = 1
	ValidatePeerCertificateChainResp_FAILURE     ValidatePeerCertificateChainResp_ValidationResult = 2
)

func (ValidatePeerCertificateChainResp_ValidationResult) Descriptor 

func (ValidatePeerCertificateChainResp_ValidationResult) Descriptor() protoreflect.EnumDescriptor

func (ValidatePeerCertificateChainResp_ValidationResult) Enum 

func (x ValidatePeerCertificateChainResp_ValidationResult) Enum() *ValidatePeerCertificateChainResp_ValidationResult

func (ValidatePeerCertificateChainResp_ValidationResult) EnumDescriptor deprecated 

func (ValidatePeerCertificateChainResp_ValidationResult) EnumDescriptor() ([]byte, []int)

Deprecated: Use ValidatePeerCertificateChainResp_ValidationResult.Descriptor instead.

func (ValidatePeerCertificateChainResp_ValidationResult) Number 

func (x ValidatePeerCertificateChainResp_ValidationResult) Number() protoreflect.EnumNumber

func (ValidatePeerCertificateChainResp_ValidationResult) String 

func (x ValidatePeerCertificateChainResp_ValidationResult) String() string

func (ValidatePeerCertificateChainResp_ValidationResult) Type 

func (ValidatePeerCertificateChainResp_ValidationResult) Type() protoreflect.EnumType

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.