diff --git a/MODULE.bazel b/MODULE.bazel index 1d79e362e112..78e6ccb70f21 100644 --- a/MODULE.bazel +++ b/MODULE.bazel @@ -41,7 +41,9 @@ IO_GRPC_GRPC_JAVA_ARTIFACTS = [ "io.perfmark:perfmark-api:0.26.0", "junit:junit:4.13.2", "org.apache.tomcat:annotations-api:6.0.53", + "org.checkerframework:checker-qual:3.12.0", "org.codehaus.mojo:animal-sniffer-annotations:1.23", + "org.jcommander:jcommander:1.83", ] # GRPC_DEPS_END diff --git a/repositories.bzl b/repositories.bzl index 1f422d3380fc..7ed5141fec3f 100644 --- a/repositories.bzl +++ b/repositories.bzl @@ -45,7 +45,9 @@ IO_GRPC_GRPC_JAVA_ARTIFACTS = [ "io.perfmark:perfmark-api:0.26.0", "junit:junit:4.13.2", "org.apache.tomcat:annotations-api:6.0.53", + "org.checkerframework:checker-qual:3.12.0", "org.codehaus.mojo:animal-sniffer-annotations:1.23", + "org.jcommander:jcommander:1.83", ] # GRPC_DEPS_END @@ -80,6 +82,7 @@ IO_GRPC_GRPC_JAVA_OVERRIDE_TARGETS = { "io.grpc:grpc-rls": "@io_grpc_grpc_java//rls", "io.grpc:grpc-services": "@io_grpc_grpc_java//services:services_maven", "io.grpc:grpc-stub": "@io_grpc_grpc_java//stub", + "io.grpc:grpc-s2a": "@io_grpc_grpc_java//s2a", "io.grpc:grpc-testing": "@io_grpc_grpc_java//testing", "io.grpc:grpc-xds": "@io_grpc_grpc_java//xds:xds_maven", "io.grpc:grpc-util": "@io_grpc_grpc_java//util", diff --git a/s2a/BUILD.bazel b/s2a/BUILD.bazel new file mode 100644 index 000000000000..0041ad52be68 --- /dev/null +++ b/s2a/BUILD.bazel @@ -0,0 +1,194 @@ +load("@rules_proto//proto:defs.bzl", "proto_library") +load("//:java_grpc_library.bzl", "java_grpc_library") +load("@rules_jvm_external//:defs.bzl", "artifact") + +java_library( + name = "s2a_channel_pool", + srcs = glob([ + "src/main/java/io/grpc/s2a/channel/*.java", + ]), + deps = [ + "//api", + "//core", + "//core:internal", + "//netty", + artifact("com.google.code.findbugs:jsr305"), + artifact("com.google.errorprone:error_prone_annotations"), + artifact("com.google.guava:guava"), + artifact("org.checkerframework:checker-qual"), + artifact("io.netty:netty-common"), + artifact("io.netty:netty-transport"), + ], +) + +java_library( + name = "s2a_identity", + srcs = ["src/main/java/io/grpc/s2a/handshaker/S2AIdentity.java"], + deps = [ + ":common_java_proto", + artifact("com.google.errorprone:error_prone_annotations"), + artifact("com.google.guava:guava"), + ], +) + +java_library( + name = "token_fetcher", + srcs = ["src/main/java/io/grpc/s2a/handshaker/tokenmanager/TokenFetcher.java"], + deps = [ + ":s2a_identity", + ], +) + +java_library( + name = "access_token_manager", + srcs = [ + "src/main/java/io/grpc/s2a/handshaker/tokenmanager/AccessTokenManager.java", + ], + deps = [ + ":s2a_identity", + ":token_fetcher", + artifact("com.google.code.findbugs:jsr305"), + ], +) + +java_library( + name = "single_token_fetcher", + srcs = [ + "src/main/java/io/grpc/s2a/handshaker/tokenmanager/SingleTokenFetcher.java", + ], + deps = [ + ":s2a_identity", + ":token_fetcher", + artifact("org.jcommander:jcommander"), + ], +) + +java_library( + name = "s2a_handshaker", + srcs = [ + "src/main/java/io/grpc/s2a/handshaker/ConnectionIsClosedException.java", + "src/main/java/io/grpc/s2a/handshaker/GetAuthenticationMechanisms.java", + "src/main/java/io/grpc/s2a/handshaker/ProtoUtil.java", + "src/main/java/io/grpc/s2a/handshaker/S2AConnectionException.java", + "src/main/java/io/grpc/s2a/handshaker/S2APrivateKeyMethod.java", + "src/main/java/io/grpc/s2a/handshaker/S2AProtocolNegotiatorFactory.java", + "src/main/java/io/grpc/s2a/handshaker/S2AStub.java", + "src/main/java/io/grpc/s2a/handshaker/S2ATrustManager.java", + "src/main/java/io/grpc/s2a/handshaker/SslContextFactory.java", + ], + deps = [ + ":access_token_manager", + ":common_java_proto", + ":s2a_channel_pool", + ":s2a_identity", + ":s2a_java_proto", + ":s2a_java_grpc_proto", + ":single_token_fetcher", + "//api", + "//core:internal", + "//netty", + "//stub", + artifact("com.google.code.findbugs:jsr305"), + artifact("com.google.errorprone:error_prone_annotations"), + artifact("com.google.guava:guava"), + artifact("org.checkerframework:checker-qual"), + "@com_google_protobuf//:protobuf_java", + artifact("io.netty:netty-common"), + artifact("io.netty:netty-handler"), + artifact("io.netty:netty-transport"), + ], +) + +java_library( + name = "s2av2_credentials", + srcs = ["src/main/java/io/grpc/s2a/S2AChannelCredentials.java"], + visibility = ["//visibility:public"], + deps = [ + ":s2a_channel_pool", + ":s2a_handshaker", + ":s2a_identity", + "//api", + "//core:internal", + "//netty", + artifact("com.google.code.findbugs:jsr305"), + artifact("com.google.errorprone:error_prone_annotations"), + artifact("com.google.guava:guava"), + artifact("org.checkerframework:checker-qual"), + ], +) + +java_library( + name = "mtls_to_s2av2_credentials", + srcs = ["src/main/java/io/grpc/s2a/MtlsToS2AChannelCredentials.java"], + visibility = ["//visibility:public"], + deps = [ + ":s2a_channel_pool", + ":s2av2_credentials", + "//api", + "//util", + artifact("com.google.guava:guava"), + ], +) + +# bazel only accepts proto import with absolute path. +genrule( + name = "protobuf_imports", + srcs = glob(["src/main/proto/grpc/gcp/*.proto"]), + outs = [ + "protobuf_out/grpc/gcp/s2a.proto", + "protobuf_out/grpc/gcp/s2a_context.proto", + "protobuf_out/grpc/gcp/common.proto", + ], + cmd = "for fname in $(SRCS); do " + + "sed 's,import \",import \"s2a/protobuf_out/,g' $$fname > " + + "$(@D)/protobuf_out/grpc/gcp/$$(basename $$fname); done", +) + +proto_library( + name = "common_proto", + srcs = [ + "protobuf_out/grpc/gcp/common.proto", + ], +) + +proto_library( + name = "s2a_context_proto", + srcs = [ + "protobuf_out/grpc/gcp/s2a_context.proto", + ], + deps = [ + ":common_proto", + ], +) + +proto_library( + name = "s2a_proto", + srcs = [ + "protobuf_out/grpc/gcp/s2a.proto", + ], + deps = [ + ":common_proto", + ":s2a_context_proto", + ], +) + +java_proto_library( + name = "s2a_java_proto", + deps = [":s2a_proto"], +) + +java_proto_library( + name = "s2a_context_java_proto", + deps = [":s2a_context_proto"], +) + +java_proto_library( + name = "common_java_proto", + deps = [":common_proto"], +) + +java_grpc_library( + name = "s2a_java_grpc_proto", + srcs = [":s2a_proto"], + deps = [":s2a_java_proto"], +) diff --git a/s2a/build.gradle b/s2a/build.gradle new file mode 100644 index 000000000000..5ba5eddf0b63 --- /dev/null +++ b/s2a/build.gradle @@ -0,0 +1,153 @@ +buildscript { + dependencies { + classpath 'com.google.gradle:osdetector-gradle-plugin:1.4.0' + } +} + +plugins { + id "java-library" + id "maven-publish" + + id "com.github.johnrengelman.shadow" + id "com.google.protobuf" + id "ru.vyarus.animalsniffer" +} + +description = "gRPC: S2A" + +apply plugin: "com.google.osdetector" + +dependencies { + + api project(':grpc-api') + implementation project(':grpc-stub'), + project(':grpc-protobuf'), + project(':grpc-core'), + libraries.protobuf.java, + libraries.conscrypt, + libraries.guava.jre // JRE required by protobuf-java-util from grpclb + compileOnly 'org.jcommander:jcommander:1.83' + def nettyDependency = implementation project(':grpc-netty') + compileOnly libraries.javax.annotation + + shadow configurations.implementation.getDependencies().minus(nettyDependency) + shadow project(path: ':grpc-netty-shaded', configuration: 'shadow') + + testImplementation project(':grpc-benchmarks'), + project(':grpc-testing'), + project(':grpc-testing-proto'), + testFixtures(project(':grpc-core')), + libraries.guava, + libraries.junit, + libraries.mockito.core, + libraries.truth, + libraries.conscrypt, + libraries.netty.transport.epoll + + testImplementation 'org.jcommander:jcommander:1.83' + testImplementation 'com.google.truth:truth:1.4.2' + testImplementation 'com.google.truth.extensions:truth-proto-extension:1.4.2' + testImplementation libraries.guava.testlib + + testRuntimeOnly libraries.netty.tcnative, + libraries.netty.tcnative.classes + testRuntimeOnly (libraries.netty.tcnative) { + artifact { + classifier = "linux-x86_64" + } + } + testRuntimeOnly (libraries.netty.tcnative) { + artifact { + classifier = "linux-aarch_64" + } + } + testRuntimeOnly (libraries.netty.tcnative) { + artifact { + classifier = "osx-x86_64" + } + } + testRuntimeOnly (libraries.netty.tcnative) { + artifact { + classifier = "osx-aarch_64" + } + } + testRuntimeOnly (libraries.netty.tcnative) { + artifact { + classifier = "windows-x86_64" + } + } + testRuntimeOnly (libraries.netty.transport.epoll) { + artifact { + classifier = "linux-x86_64" + } + } + + signature libraries.signature.java +} + +tasks.named("compileJava") { + dependsOn(tasks.named("generateProto")) + //dependsOn(tasks.named("syncGeneratedSourcesmain")) +} + + +tasks.named("sourcesJar") { + dependsOn(tasks.named("generateProto")) + //dependsOn(tasks.named("syncGeneratedSourcesmain")) +} + +sourceSets { + main { + //java.srcDirs += "src/generated/main/java" + //java.srcDirs += "src/generated/main/grpc" + } +} +println sourceSets.main.java.srcDirs +println sourceSets.test.resources.srcDirs + +configureProtoCompilation() + +tasks.named("javadoc").configure { + exclude 'io/grpc/s2a/**' +} + +tasks.named("jar").configure { + // Must use a different archiveClassifier to avoid conflicting with shadowJar + archiveClassifier = 'original' + manifest { + attributes('Automatic-Module-Name': 'io.grpc.s2a') + } +} + +// We want to use grpc-netty-shaded instead of grpc-netty. But we also want our +// source to work with Bazel, so we rewrite the code as part of the build. +tasks.named("shadowJar").configure { + archiveClassifier = null + dependencies { + exclude(dependency {true}) + } + relocate 'io.grpc.netty', 'io.grpc.netty.shaded.io.grpc.netty' + relocate 'io.netty', 'io.grpc.netty.shaded.io.netty' +} + +publishing { + publications { + maven(MavenPublication) { + // We want this to throw an exception if it isn't working + def originalJar = artifacts.find { dep -> dep.classifier == 'original'} + artifacts.remove(originalJar) + + pom.withXml { + def dependenciesNode = new Node(null, 'dependencies') + project.configurations.shadow.allDependencies.each { dep -> + def dependencyNode = dependenciesNode.appendNode('dependency') + dependencyNode.appendNode('groupId', dep.group) + dependencyNode.appendNode('artifactId', dep.name) + dependencyNode.appendNode('version', dep.version) + dependencyNode.appendNode('scope', 'compile') + } + asNode().dependencies[0].replaceNode(dependenciesNode) + } + } + } +} diff --git a/s2a/src/generated/main/grpc/io/grpc/s2a/handshaker/S2AServiceGrpc.java b/s2a/src/generated/main/grpc/io/grpc/s2a/handshaker/S2AServiceGrpc.java new file mode 100644 index 000000000000..d7ab39735546 --- /dev/null +++ b/s2a/src/generated/main/grpc/io/grpc/s2a/handshaker/S2AServiceGrpc.java @@ -0,0 +1,285 @@ +package io.grpc.s2a.handshaker; + +import static io.grpc.MethodDescriptor.generateFullMethodName; + +/** + */ +@javax.annotation.Generated( + value = "by gRPC proto compiler (version 1.62.2)", + comments = "Source: s2a.proto") +@io.grpc.stub.annotations.GrpcGenerated +public final class S2AServiceGrpc { + + private S2AServiceGrpc() {} + + public static final java.lang.String SERVICE_NAME = "grpc.gcp.S2AService"; + + // Static method descriptors that strictly reflect the proto. + private static volatile io.grpc.MethodDescriptor getSetUpSessionMethod; + + @io.grpc.stub.annotations.RpcMethod( + fullMethodName = SERVICE_NAME + '/' + "SetUpSession", + requestType = io.grpc.s2a.handshaker.SessionReq.class, + responseType = io.grpc.s2a.handshaker.SessionResp.class, + methodType = io.grpc.MethodDescriptor.MethodType.BIDI_STREAMING) + public static io.grpc.MethodDescriptor getSetUpSessionMethod() { + io.grpc.MethodDescriptor getSetUpSessionMethod; + if ((getSetUpSessionMethod = S2AServiceGrpc.getSetUpSessionMethod) == null) { + synchronized (S2AServiceGrpc.class) { + if ((getSetUpSessionMethod = S2AServiceGrpc.getSetUpSessionMethod) == null) { + S2AServiceGrpc.getSetUpSessionMethod = getSetUpSessionMethod = + io.grpc.MethodDescriptor.newBuilder() + .setType(io.grpc.MethodDescriptor.MethodType.BIDI_STREAMING) + .setFullMethodName(generateFullMethodName(SERVICE_NAME, "SetUpSession")) + .setSampledToLocalTracing(true) + .setRequestMarshaller(io.grpc.protobuf.ProtoUtils.marshaller( + io.grpc.s2a.handshaker.SessionReq.getDefaultInstance())) + .setResponseMarshaller(io.grpc.protobuf.ProtoUtils.marshaller( + io.grpc.s2a.handshaker.SessionResp.getDefaultInstance())) + .setSchemaDescriptor(new S2AServiceMethodDescriptorSupplier("SetUpSession")) + .build(); + } + } + } + return getSetUpSessionMethod; + } + + /** + * Creates a new async stub that supports all call types for the service + */ + public static S2AServiceStub newStub(io.grpc.Channel channel) { + io.grpc.stub.AbstractStub.StubFactory factory = + new io.grpc.stub.AbstractStub.StubFactory() { + @java.lang.Override + public S2AServiceStub newStub(io.grpc.Channel channel, io.grpc.CallOptions callOptions) { + return new S2AServiceStub(channel, callOptions); + } + }; + return S2AServiceStub.newStub(factory, channel); + } + + /** + * Creates a new blocking-style stub that supports unary and streaming output calls on the service + */ + public static S2AServiceBlockingStub newBlockingStub( + io.grpc.Channel channel) { + io.grpc.stub.AbstractStub.StubFactory factory = + new io.grpc.stub.AbstractStub.StubFactory() { + @java.lang.Override + public S2AServiceBlockingStub newStub(io.grpc.Channel channel, io.grpc.CallOptions callOptions) { + return new S2AServiceBlockingStub(channel, callOptions); + } + }; + return S2AServiceBlockingStub.newStub(factory, channel); + } + + /** + * Creates a new ListenableFuture-style stub that supports unary calls on the service + */ + public static S2AServiceFutureStub newFutureStub( + io.grpc.Channel channel) { + io.grpc.stub.AbstractStub.StubFactory factory = + new io.grpc.stub.AbstractStub.StubFactory() { + @java.lang.Override + public S2AServiceFutureStub newStub(io.grpc.Channel channel, io.grpc.CallOptions callOptions) { + return new S2AServiceFutureStub(channel, callOptions); + } + }; + return S2AServiceFutureStub.newStub(factory, channel); + } + + /** + */ + public interface AsyncService { + + /** + * 
+     * SetUpSession is a bidirectional stream used by applications to offload
+     * operations from the TLS handshake.
+     *
+ */ + default io.grpc.stub.StreamObserver setUpSession( + io.grpc.stub.StreamObserver responseObserver) { + return io.grpc.stub.ServerCalls.asyncUnimplementedStreamingCall(getSetUpSessionMethod(), responseObserver); + } + } + + /** + * Base class for the server implementation of the service S2AService. + */ + public static abstract class S2AServiceImplBase + implements io.grpc.BindableService, AsyncService { + + @java.lang.Override public final io.grpc.ServerServiceDefinition bindService() { + return S2AServiceGrpc.bindService(this); + } + } + + /** + * A stub to allow clients to do asynchronous rpc calls to service S2AService. + */ + public static final class S2AServiceStub + extends io.grpc.stub.AbstractAsyncStub { + private S2AServiceStub( + io.grpc.Channel channel, io.grpc.CallOptions callOptions) { + super(channel, callOptions); + } + + @java.lang.Override + protected S2AServiceStub build( + io.grpc.Channel channel, io.grpc.CallOptions callOptions) { + return new S2AServiceStub(channel, callOptions); + } + + /** + * 
+     * SetUpSession is a bidirectional stream used by applications to offload
+     * operations from the TLS handshake.
+     *
+ */ + public io.grpc.stub.StreamObserver setUpSession( + io.grpc.stub.StreamObserver responseObserver) { + return io.grpc.stub.ClientCalls.asyncBidiStreamingCall( + getChannel().newCall(getSetUpSessionMethod(), getCallOptions()), responseObserver); + } + } + + /** + * A stub to allow clients to do synchronous rpc calls to service S2AService. + */ + public static final class S2AServiceBlockingStub + extends io.grpc.stub.AbstractBlockingStub { + private S2AServiceBlockingStub( + io.grpc.Channel channel, io.grpc.CallOptions callOptions) { + super(channel, callOptions); + } + + @java.lang.Override + protected S2AServiceBlockingStub build( + io.grpc.Channel channel, io.grpc.CallOptions callOptions) { + return new S2AServiceBlockingStub(channel, callOptions); + } + } + + /** + * A stub to allow clients to do ListenableFuture-style rpc calls to service S2AService. + */ + public static final class S2AServiceFutureStub + extends io.grpc.stub.AbstractFutureStub { + private S2AServiceFutureStub( + io.grpc.Channel channel, io.grpc.CallOptions callOptions) { + super(channel, callOptions); + } + + @java.lang.Override + protected S2AServiceFutureStub build( + io.grpc.Channel channel, io.grpc.CallOptions callOptions) { + return new S2AServiceFutureStub(channel, callOptions); + } + } + + private static final int METHODID_SET_UP_SESSION = 0; + + private static final class MethodHandlers implements + io.grpc.stub.ServerCalls.UnaryMethod, + io.grpc.stub.ServerCalls.ServerStreamingMethod, + io.grpc.stub.ServerCalls.ClientStreamingMethod, + io.grpc.stub.ServerCalls.BidiStreamingMethod { + private final AsyncService serviceImpl; + private final int methodId; + + MethodHandlers(AsyncService serviceImpl, int methodId) { + this.serviceImpl = serviceImpl; + this.methodId = methodId; + } + + @java.lang.Override + @java.lang.SuppressWarnings("unchecked") + public void invoke(Req request, io.grpc.stub.StreamObserver responseObserver) { + switch (methodId) { + default: + throw new AssertionError(); + } + } + + @java.lang.Override + @java.lang.SuppressWarnings("unchecked") + public io.grpc.stub.StreamObserver invoke( + io.grpc.stub.StreamObserver responseObserver) { + switch (methodId) { + case METHODID_SET_UP_SESSION: + return (io.grpc.stub.StreamObserver) serviceImpl.setUpSession( + (io.grpc.stub.StreamObserver) responseObserver); + default: + throw new AssertionError(); + } + } + } + + public static final io.grpc.ServerServiceDefinition bindService(AsyncService service) { + return io.grpc.ServerServiceDefinition.builder(getServiceDescriptor()) + .addMethod( + getSetUpSessionMethod(), + io.grpc.stub.ServerCalls.asyncBidiStreamingCall( + new MethodHandlers< + io.grpc.s2a.handshaker.SessionReq, + io.grpc.s2a.handshaker.SessionResp>( + service, METHODID_SET_UP_SESSION))) + .build(); + } + + private static abstract class S2AServiceBaseDescriptorSupplier + implements io.grpc.protobuf.ProtoFileDescriptorSupplier, io.grpc.protobuf.ProtoServiceDescriptorSupplier { + S2AServiceBaseDescriptorSupplier() {} + + @java.lang.Override + public com.google.protobuf.Descriptors.FileDescriptor getFileDescriptor() { + return io.grpc.s2a.handshaker.S2AProto.getDescriptor(); + } + + @java.lang.Override + public com.google.protobuf.Descriptors.ServiceDescriptor getServiceDescriptor() { + return getFileDescriptor().findServiceByName("S2AService"); + } + } + + private static final class S2AServiceFileDescriptorSupplier + extends S2AServiceBaseDescriptorSupplier { + S2AServiceFileDescriptorSupplier() {} + } + + private static final class S2AServiceMethodDescriptorSupplier + extends S2AServiceBaseDescriptorSupplier + implements io.grpc.protobuf.ProtoMethodDescriptorSupplier { + private final java.lang.String methodName; + + S2AServiceMethodDescriptorSupplier(java.lang.String methodName) { + this.methodName = methodName; + } + + @java.lang.Override + public com.google.protobuf.Descriptors.MethodDescriptor getMethodDescriptor() { + return getServiceDescriptor().findMethodByName(methodName); + } + } + + private static volatile io.grpc.ServiceDescriptor serviceDescriptor; + + public static io.grpc.ServiceDescriptor getServiceDescriptor() { + io.grpc.ServiceDescriptor result = serviceDescriptor; + if (result == null) { + synchronized (S2AServiceGrpc.class) { + result = serviceDescriptor; + if (result == null) { + serviceDescriptor = result = io.grpc.ServiceDescriptor.newBuilder(SERVICE_NAME) + .setSchemaDescriptor(new S2AServiceFileDescriptorSupplier()) + .addMethod(getSetUpSessionMethod()) + .build(); + } + } + } + return result; + } +} diff --git a/s2a/src/generated/main/java/io/grpc/s2a/handshaker/AlpnPolicy.java b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/AlpnPolicy.java new file mode 100644 index 000000000000..0a0d424dd5ba --- /dev/null +++ b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/AlpnPolicy.java @@ -0,0 +1,887 @@ +// Generated by the protocol buffer compiler. DO NOT EDIT! +// source: s2a.proto + +// Protobuf Java Version: 3.25.1 +package io.grpc.s2a.handshaker; + +/** + * Protobuf type {@code grpc.gcp.AlpnPolicy} + */ +public final class AlpnPolicy extends + com.google.protobuf.GeneratedMessageV3 implements + // @@protoc_insertion_point(message_implements:grpc.gcp.AlpnPolicy) + AlpnPolicyOrBuilder { +private static final long serialVersionUID = 0L; + // Use AlpnPolicy.newBuilder() to construct. + private AlpnPolicy(com.google.protobuf.GeneratedMessageV3.Builder builder) { + super(builder); + } + private AlpnPolicy() { + alpnProtocols_ = java.util.Collections.emptyList(); + } + + @java.lang.Override + @SuppressWarnings({"unused"}) + protected java.lang.Object newInstance( + UnusedPrivateParameter unused) { + return new AlpnPolicy(); + } + + public static final com.google.protobuf.Descriptors.Descriptor + getDescriptor() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_AlpnPolicy_descriptor; + } + + @java.lang.Override + protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable + internalGetFieldAccessorTable() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_AlpnPolicy_fieldAccessorTable + .ensureFieldAccessorsInitialized( + io.grpc.s2a.handshaker.AlpnPolicy.class, io.grpc.s2a.handshaker.AlpnPolicy.Builder.class); + } + + public static final int ENABLE_ALPN_NEGOTIATION_FIELD_NUMBER = 1; + private boolean enableAlpnNegotiation_ = false; + /** + * 
+   * If true, the application MUST perform ALPN negotiation.
+   *
+ * + * bool enable_alpn_negotiation = 1; + * @return The enableAlpnNegotiation. + */ + @java.lang.Override + public boolean getEnableAlpnNegotiation() { + return enableAlpnNegotiation_; + } + + public static final int ALPN_PROTOCOLS_FIELD_NUMBER = 2; + @SuppressWarnings("serial") + private java.util.List alpnProtocols_; + private static final com.google.protobuf.Internal.ListAdapter.Converter< + java.lang.Integer, io.grpc.s2a.handshaker.AlpnProtocol> alpnProtocols_converter_ = + new com.google.protobuf.Internal.ListAdapter.Converter< + java.lang.Integer, io.grpc.s2a.handshaker.AlpnProtocol>() { + public io.grpc.s2a.handshaker.AlpnProtocol convert(java.lang.Integer from) { + io.grpc.s2a.handshaker.AlpnProtocol result = io.grpc.s2a.handshaker.AlpnProtocol.forNumber(from); + return result == null ? io.grpc.s2a.handshaker.AlpnProtocol.UNRECOGNIZED : result; + } + }; + /** + * 
+   * The ordered list of ALPN protocols that specify how the application SHOULD
+   * negotiate ALPN during the TLS handshake.
+   *
+   * The application MAY ignore any ALPN protocols in this list that are not
+   * supported by the application.
+   *
+ * + * repeated .grpc.gcp.AlpnProtocol alpn_protocols = 2; + * @return A list containing the alpnProtocols. + */ + @java.lang.Override + public java.util.List getAlpnProtocolsList() { + return new com.google.protobuf.Internal.ListAdapter< + java.lang.Integer, io.grpc.s2a.handshaker.AlpnProtocol>(alpnProtocols_, alpnProtocols_converter_); + } + /** + * 
+   * The ordered list of ALPN protocols that specify how the application SHOULD
+   * negotiate ALPN during the TLS handshake.
+   *
+   * The application MAY ignore any ALPN protocols in this list that are not
+   * supported by the application.
+   *
+ * + * repeated .grpc.gcp.AlpnProtocol alpn_protocols = 2; + * @return The count of alpnProtocols. + */ + @java.lang.Override + public int getAlpnProtocolsCount() { + return alpnProtocols_.size(); + } + /** + * 
+   * The ordered list of ALPN protocols that specify how the application SHOULD
+   * negotiate ALPN during the TLS handshake.
+   *
+   * The application MAY ignore any ALPN protocols in this list that are not
+   * supported by the application.
+   *
+ * + * repeated .grpc.gcp.AlpnProtocol alpn_protocols = 2; + * @param index The index of the element to return. + * @return The alpnProtocols at the given index. + */ + @java.lang.Override + public io.grpc.s2a.handshaker.AlpnProtocol getAlpnProtocols(int index) { + return alpnProtocols_converter_.convert(alpnProtocols_.get(index)); + } + /** + * 
+   * The ordered list of ALPN protocols that specify how the application SHOULD
+   * negotiate ALPN during the TLS handshake.
+   *
+   * The application MAY ignore any ALPN protocols in this list that are not
+   * supported by the application.
+   *
+ * + * repeated .grpc.gcp.AlpnProtocol alpn_protocols = 2; + * @return A list containing the enum numeric values on the wire for alpnProtocols. + */ + @java.lang.Override + public java.util.List + getAlpnProtocolsValueList() { + return alpnProtocols_; + } + /** + * 
+   * The ordered list of ALPN protocols that specify how the application SHOULD
+   * negotiate ALPN during the TLS handshake.
+   *
+   * The application MAY ignore any ALPN protocols in this list that are not
+   * supported by the application.
+   *
+ * + * repeated .grpc.gcp.AlpnProtocol alpn_protocols = 2; + * @param index The index of the value to return. + * @return The enum numeric value on the wire of alpnProtocols at the given index. + */ + @java.lang.Override + public int getAlpnProtocolsValue(int index) { + return alpnProtocols_.get(index); + } + private int alpnProtocolsMemoizedSerializedSize; + + private byte memoizedIsInitialized = -1; + @java.lang.Override + public final boolean isInitialized() { + byte isInitialized = memoizedIsInitialized; + if (isInitialized == 1) return true; + if (isInitialized == 0) return false; + + memoizedIsInitialized = 1; + return true; + } + + @java.lang.Override + public void writeTo(com.google.protobuf.CodedOutputStream output) + throws java.io.IOException { + getSerializedSize(); + if (enableAlpnNegotiation_ != false) { + output.writeBool(1, enableAlpnNegotiation_); + } + if (getAlpnProtocolsList().size() > 0) { + output.writeUInt32NoTag(18); + output.writeUInt32NoTag(alpnProtocolsMemoizedSerializedSize); + } + for (int i = 0; i < alpnProtocols_.size(); i++) { + output.writeEnumNoTag(alpnProtocols_.get(i)); + } + getUnknownFields().writeTo(output); + } + + @java.lang.Override + public int getSerializedSize() { + int size = memoizedSize; + if (size != -1) return size; + + size = 0; + if (enableAlpnNegotiation_ != false) { + size += com.google.protobuf.CodedOutputStream + .computeBoolSize(1, enableAlpnNegotiation_); + } + { + int dataSize = 0; + for (int i = 0; i < alpnProtocols_.size(); i++) { + dataSize += com.google.protobuf.CodedOutputStream + .computeEnumSizeNoTag(alpnProtocols_.get(i)); + } + size += dataSize; + if (!getAlpnProtocolsList().isEmpty()) { size += 1; + size += com.google.protobuf.CodedOutputStream + .computeUInt32SizeNoTag(dataSize); + }alpnProtocolsMemoizedSerializedSize = dataSize; + } + size += getUnknownFields().getSerializedSize(); + memoizedSize = size; + return size; + } + + @java.lang.Override + public boolean equals(final java.lang.Object obj) { + if (obj == this) { + return true; + } + if (!(obj instanceof io.grpc.s2a.handshaker.AlpnPolicy)) { + return super.equals(obj); + } + io.grpc.s2a.handshaker.AlpnPolicy other = (io.grpc.s2a.handshaker.AlpnPolicy) obj; + + if (getEnableAlpnNegotiation() + != other.getEnableAlpnNegotiation()) return false; + if (!alpnProtocols_.equals(other.alpnProtocols_)) return false; + if (!getUnknownFields().equals(other.getUnknownFields())) return false; + return true; + } + + @java.lang.Override + public int hashCode() { + if (memoizedHashCode != 0) { + return memoizedHashCode; + } + int hash = 41; + hash = (19 * hash) + getDescriptor().hashCode(); + hash = (37 * hash) + ENABLE_ALPN_NEGOTIATION_FIELD_NUMBER; + hash = (53 * hash) + com.google.protobuf.Internal.hashBoolean( + getEnableAlpnNegotiation()); + if (getAlpnProtocolsCount() > 0) { + hash = (37 * hash) + ALPN_PROTOCOLS_FIELD_NUMBER; + hash = (53 * hash) + alpnProtocols_.hashCode(); + } + hash = (29 * hash) + getUnknownFields().hashCode(); + memoizedHashCode = hash; + return hash; + } + + public static io.grpc.s2a.handshaker.AlpnPolicy parseFrom( + java.nio.ByteBuffer data) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data); + } + public static io.grpc.s2a.handshaker.AlpnPolicy parseFrom( + java.nio.ByteBuffer data, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data, extensionRegistry); + } + public static io.grpc.s2a.handshaker.AlpnPolicy parseFrom( + com.google.protobuf.ByteString data) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data); + } + public static io.grpc.s2a.handshaker.AlpnPolicy parseFrom( + com.google.protobuf.ByteString data, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data, extensionRegistry); + } + public static io.grpc.s2a.handshaker.AlpnPolicy parseFrom(byte[] data) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data); + } + public static io.grpc.s2a.handshaker.AlpnPolicy parseFrom( + byte[] data, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data, extensionRegistry); + } + public static io.grpc.s2a.handshaker.AlpnPolicy parseFrom(java.io.InputStream input) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input); + } + public static io.grpc.s2a.handshaker.AlpnPolicy parseFrom( + java.io.InputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input, extensionRegistry); + } + + public static io.grpc.s2a.handshaker.AlpnPolicy parseDelimitedFrom(java.io.InputStream input) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseDelimitedWithIOException(PARSER, input); + } + + public static io.grpc.s2a.handshaker.AlpnPolicy parseDelimitedFrom( + java.io.InputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseDelimitedWithIOException(PARSER, input, extensionRegistry); + } + public static io.grpc.s2a.handshaker.AlpnPolicy parseFrom( + com.google.protobuf.CodedInputStream input) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input); + } + public static io.grpc.s2a.handshaker.AlpnPolicy parseFrom( + com.google.protobuf.CodedInputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input, extensionRegistry); + } + + @java.lang.Override + public Builder newBuilderForType() { return newBuilder(); } + public static Builder newBuilder() { + return DEFAULT_INSTANCE.toBuilder(); + } + public static Builder newBuilder(io.grpc.s2a.handshaker.AlpnPolicy prototype) { + return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype); + } + @java.lang.Override + public Builder toBuilder() { + return this == DEFAULT_INSTANCE + ? new Builder() : new Builder().mergeFrom(this); + } + + @java.lang.Override + protected Builder newBuilderForType( + com.google.protobuf.GeneratedMessageV3.BuilderParent parent) { + Builder builder = new Builder(parent); + return builder; + } + /** + * Protobuf type {@code grpc.gcp.AlpnPolicy} + */ + public static final class Builder extends + com.google.protobuf.GeneratedMessageV3.Builder implements + // @@protoc_insertion_point(builder_implements:grpc.gcp.AlpnPolicy) + io.grpc.s2a.handshaker.AlpnPolicyOrBuilder { + public static final com.google.protobuf.Descriptors.Descriptor + getDescriptor() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_AlpnPolicy_descriptor; + } + + @java.lang.Override + protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable + internalGetFieldAccessorTable() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_AlpnPolicy_fieldAccessorTable + .ensureFieldAccessorsInitialized( + io.grpc.s2a.handshaker.AlpnPolicy.class, io.grpc.s2a.handshaker.AlpnPolicy.Builder.class); + } + + // Construct using io.grpc.s2a.handshaker.AlpnPolicy.newBuilder() + private Builder() { + + } + + private Builder( + com.google.protobuf.GeneratedMessageV3.BuilderParent parent) { + super(parent); + + } + @java.lang.Override + public Builder clear() { + super.clear(); + bitField0_ = 0; + enableAlpnNegotiation_ = false; + alpnProtocols_ = java.util.Collections.emptyList(); + bitField0_ = (bitField0_ & ~0x00000002); + return this; + } + + @java.lang.Override + public com.google.protobuf.Descriptors.Descriptor + getDescriptorForType() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_AlpnPolicy_descriptor; + } + + @java.lang.Override + public io.grpc.s2a.handshaker.AlpnPolicy getDefaultInstanceForType() { + return io.grpc.s2a.handshaker.AlpnPolicy.getDefaultInstance(); + } + + @java.lang.Override + public io.grpc.s2a.handshaker.AlpnPolicy build() { + io.grpc.s2a.handshaker.AlpnPolicy result = buildPartial(); + if (!result.isInitialized()) { + throw newUninitializedMessageException(result); + } + return result; + } + + @java.lang.Override + public io.grpc.s2a.handshaker.AlpnPolicy buildPartial() { + io.grpc.s2a.handshaker.AlpnPolicy result = new io.grpc.s2a.handshaker.AlpnPolicy(this); + buildPartialRepeatedFields(result); + if (bitField0_ != 0) { buildPartial0(result); } + onBuilt(); + return result; + } + + private void buildPartialRepeatedFields(io.grpc.s2a.handshaker.AlpnPolicy result) { + if (((bitField0_ & 0x00000002) != 0)) { + alpnProtocols_ = java.util.Collections.unmodifiableList(alpnProtocols_); + bitField0_ = (bitField0_ & ~0x00000002); + } + result.alpnProtocols_ = alpnProtocols_; + } + + private void buildPartial0(io.grpc.s2a.handshaker.AlpnPolicy result) { + int from_bitField0_ = bitField0_; + if (((from_bitField0_ & 0x00000001) != 0)) { + result.enableAlpnNegotiation_ = enableAlpnNegotiation_; + } + } + + @java.lang.Override + public Builder clone() { + return super.clone(); + } + @java.lang.Override + public Builder setField( + com.google.protobuf.Descriptors.FieldDescriptor field, + java.lang.Object value) { + return super.setField(field, value); + } + @java.lang.Override + public Builder clearField( + com.google.protobuf.Descriptors.FieldDescriptor field) { + return super.clearField(field); + } + @java.lang.Override + public Builder clearOneof( + com.google.protobuf.Descriptors.OneofDescriptor oneof) { + return super.clearOneof(oneof); + } + @java.lang.Override + public Builder setRepeatedField( + com.google.protobuf.Descriptors.FieldDescriptor field, + int index, java.lang.Object value) { + return super.setRepeatedField(field, index, value); + } + @java.lang.Override + public Builder addRepeatedField( + com.google.protobuf.Descriptors.FieldDescriptor field, + java.lang.Object value) { + return super.addRepeatedField(field, value); + } + @java.lang.Override + public Builder mergeFrom(com.google.protobuf.Message other) { + if (other instanceof io.grpc.s2a.handshaker.AlpnPolicy) { + return mergeFrom((io.grpc.s2a.handshaker.AlpnPolicy)other); + } else { + super.mergeFrom(other); + return this; + } + } + + public Builder mergeFrom(io.grpc.s2a.handshaker.AlpnPolicy other) { + if (other == io.grpc.s2a.handshaker.AlpnPolicy.getDefaultInstance()) return this; + if (other.getEnableAlpnNegotiation() != false) { + setEnableAlpnNegotiation(other.getEnableAlpnNegotiation()); + } + if (!other.alpnProtocols_.isEmpty()) { + if (alpnProtocols_.isEmpty()) { + alpnProtocols_ = other.alpnProtocols_; + bitField0_ = (bitField0_ & ~0x00000002); + } else { + ensureAlpnProtocolsIsMutable(); + alpnProtocols_.addAll(other.alpnProtocols_); + } + onChanged(); + } + this.mergeUnknownFields(other.getUnknownFields()); + onChanged(); + return this; + } + + @java.lang.Override + public final boolean isInitialized() { + return true; + } + + @java.lang.Override + public Builder mergeFrom( + com.google.protobuf.CodedInputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + if (extensionRegistry == null) { + throw new java.lang.NullPointerException(); + } + try { + boolean done = false; + while (!done) { + int tag = input.readTag(); + switch (tag) { + case 0: + done = true; + break; + case 8: { + enableAlpnNegotiation_ = input.readBool(); + bitField0_ |= 0x00000001; + break; + } // case 8 + case 16: { + int tmpRaw = input.readEnum(); + ensureAlpnProtocolsIsMutable(); + alpnProtocols_.add(tmpRaw); + break; + } // case 16 + case 18: { + int length = input.readRawVarint32(); + int oldLimit = input.pushLimit(length); + while(input.getBytesUntilLimit() > 0) { + int tmpRaw = input.readEnum(); + ensureAlpnProtocolsIsMutable(); + alpnProtocols_.add(tmpRaw); + } + input.popLimit(oldLimit); + break; + } // case 18 + default: { + if (!super.parseUnknownField(input, extensionRegistry, tag)) { + done = true; // was an endgroup tag + } + break; + } // default: + } // switch (tag) + } // while (!done) + } catch (com.google.protobuf.InvalidProtocolBufferException e) { + throw e.unwrapIOException(); + } finally { + onChanged(); + } // finally + return this; + } + private int bitField0_; + + private boolean enableAlpnNegotiation_ ; + /** + * 
+     * If true, the application MUST perform ALPN negotiation.
+     *
+ * + * bool enable_alpn_negotiation = 1; + * @return The enableAlpnNegotiation. + */ + @java.lang.Override + public boolean getEnableAlpnNegotiation() { + return enableAlpnNegotiation_; + } + /** + * 
+     * If true, the application MUST perform ALPN negotiation.
+     *
+ * + * bool enable_alpn_negotiation = 1; + * @param value The enableAlpnNegotiation to set. + * @return This builder for chaining. + */ + public Builder setEnableAlpnNegotiation(boolean value) { + + enableAlpnNegotiation_ = value; + bitField0_ |= 0x00000001; + onChanged(); + return this; + } + /** + * 
+     * If true, the application MUST perform ALPN negotiation.
+     *
+ * + * bool enable_alpn_negotiation = 1; + * @return This builder for chaining. + */ + public Builder clearEnableAlpnNegotiation() { + bitField0_ = (bitField0_ & ~0x00000001); + enableAlpnNegotiation_ = false; + onChanged(); + return this; + } + + private java.util.List alpnProtocols_ = + java.util.Collections.emptyList(); + private void ensureAlpnProtocolsIsMutable() { + if (!((bitField0_ & 0x00000002) != 0)) { + alpnProtocols_ = new java.util.ArrayList(alpnProtocols_); + bitField0_ |= 0x00000002; + } + } + /** + * 
+     * The ordered list of ALPN protocols that specify how the application SHOULD
+     * negotiate ALPN during the TLS handshake.
+     *
+     * The application MAY ignore any ALPN protocols in this list that are not
+     * supported by the application.
+     *
+ * + * repeated .grpc.gcp.AlpnProtocol alpn_protocols = 2; + * @return A list containing the alpnProtocols. + */ + public java.util.List getAlpnProtocolsList() { + return new com.google.protobuf.Internal.ListAdapter< + java.lang.Integer, io.grpc.s2a.handshaker.AlpnProtocol>(alpnProtocols_, alpnProtocols_converter_); + } + /** + * 
+     * The ordered list of ALPN protocols that specify how the application SHOULD
+     * negotiate ALPN during the TLS handshake.
+     *
+     * The application MAY ignore any ALPN protocols in this list that are not
+     * supported by the application.
+     *
+ * + * repeated .grpc.gcp.AlpnProtocol alpn_protocols = 2; + * @return The count of alpnProtocols. + */ + public int getAlpnProtocolsCount() { + return alpnProtocols_.size(); + } + /** + * 
+     * The ordered list of ALPN protocols that specify how the application SHOULD
+     * negotiate ALPN during the TLS handshake.
+     *
+     * The application MAY ignore any ALPN protocols in this list that are not
+     * supported by the application.
+     *
+ * + * repeated .grpc.gcp.AlpnProtocol alpn_protocols = 2; + * @param index The index of the element to return. + * @return The alpnProtocols at the given index. + */ + public io.grpc.s2a.handshaker.AlpnProtocol getAlpnProtocols(int index) { + return alpnProtocols_converter_.convert(alpnProtocols_.get(index)); + } + /** + * 
+     * The ordered list of ALPN protocols that specify how the application SHOULD
+     * negotiate ALPN during the TLS handshake.
+     *
+     * The application MAY ignore any ALPN protocols in this list that are not
+     * supported by the application.
+     *
+ * + * repeated .grpc.gcp.AlpnProtocol alpn_protocols = 2; + * @param index The index to set the value at. + * @param value The alpnProtocols to set. + * @return This builder for chaining. + */ + public Builder setAlpnProtocols( + int index, io.grpc.s2a.handshaker.AlpnProtocol value) { + if (value == null) { + throw new NullPointerException(); + } + ensureAlpnProtocolsIsMutable(); + alpnProtocols_.set(index, value.getNumber()); + onChanged(); + return this; + } + /** + * 
+     * The ordered list of ALPN protocols that specify how the application SHOULD
+     * negotiate ALPN during the TLS handshake.
+     *
+     * The application MAY ignore any ALPN protocols in this list that are not
+     * supported by the application.
+     *
+ * + * repeated .grpc.gcp.AlpnProtocol alpn_protocols = 2; + * @param value The alpnProtocols to add. + * @return This builder for chaining. + */ + public Builder addAlpnProtocols(io.grpc.s2a.handshaker.AlpnProtocol value) { + if (value == null) { + throw new NullPointerException(); + } + ensureAlpnProtocolsIsMutable(); + alpnProtocols_.add(value.getNumber()); + onChanged(); + return this; + } + /** + * 
+     * The ordered list of ALPN protocols that specify how the application SHOULD
+     * negotiate ALPN during the TLS handshake.
+     *
+     * The application MAY ignore any ALPN protocols in this list that are not
+     * supported by the application.
+     *
+ * + * repeated .grpc.gcp.AlpnProtocol alpn_protocols = 2; + * @param values The alpnProtocols to add. + * @return This builder for chaining. + */ + public Builder addAllAlpnProtocols( + java.lang.Iterable values) { + ensureAlpnProtocolsIsMutable(); + for (io.grpc.s2a.handshaker.AlpnProtocol value : values) { + alpnProtocols_.add(value.getNumber()); + } + onChanged(); + return this; + } + /** + * 
+     * The ordered list of ALPN protocols that specify how the application SHOULD
+     * negotiate ALPN during the TLS handshake.
+     *
+     * The application MAY ignore any ALPN protocols in this list that are not
+     * supported by the application.
+     *
+ * + * repeated .grpc.gcp.AlpnProtocol alpn_protocols = 2; + * @return This builder for chaining. + */ + public Builder clearAlpnProtocols() { + alpnProtocols_ = java.util.Collections.emptyList(); + bitField0_ = (bitField0_ & ~0x00000002); + onChanged(); + return this; + } + /** + * 
+     * The ordered list of ALPN protocols that specify how the application SHOULD
+     * negotiate ALPN during the TLS handshake.
+     *
+     * The application MAY ignore any ALPN protocols in this list that are not
+     * supported by the application.
+     *
+ * + * repeated .grpc.gcp.AlpnProtocol alpn_protocols = 2; + * @return A list containing the enum numeric values on the wire for alpnProtocols. + */ + public java.util.List + getAlpnProtocolsValueList() { + return java.util.Collections.unmodifiableList(alpnProtocols_); + } + /** + * 
+     * The ordered list of ALPN protocols that specify how the application SHOULD
+     * negotiate ALPN during the TLS handshake.
+     *
+     * The application MAY ignore any ALPN protocols in this list that are not
+     * supported by the application.
+     *
+ * + * repeated .grpc.gcp.AlpnProtocol alpn_protocols = 2; + * @param index The index of the value to return. + * @return The enum numeric value on the wire of alpnProtocols at the given index. + */ + public int getAlpnProtocolsValue(int index) { + return alpnProtocols_.get(index); + } + /** + * 
+     * The ordered list of ALPN protocols that specify how the application SHOULD
+     * negotiate ALPN during the TLS handshake.
+     *
+     * The application MAY ignore any ALPN protocols in this list that are not
+     * supported by the application.
+     *
+ * + * repeated .grpc.gcp.AlpnProtocol alpn_protocols = 2; + * @param index The index to set the value at. + * @param value The enum numeric value on the wire for alpnProtocols to set. + * @return This builder for chaining. + */ + public Builder setAlpnProtocolsValue( + int index, int value) { + ensureAlpnProtocolsIsMutable(); + alpnProtocols_.set(index, value); + onChanged(); + return this; + } + /** + * 
+     * The ordered list of ALPN protocols that specify how the application SHOULD
+     * negotiate ALPN during the TLS handshake.
+     *
+     * The application MAY ignore any ALPN protocols in this list that are not
+     * supported by the application.
+     *
+ * + * repeated .grpc.gcp.AlpnProtocol alpn_protocols = 2; + * @param value The enum numeric value on the wire for alpnProtocols to add. + * @return This builder for chaining. + */ + public Builder addAlpnProtocolsValue(int value) { + ensureAlpnProtocolsIsMutable(); + alpnProtocols_.add(value); + onChanged(); + return this; + } + /** + * 
+     * The ordered list of ALPN protocols that specify how the application SHOULD
+     * negotiate ALPN during the TLS handshake.
+     *
+     * The application MAY ignore any ALPN protocols in this list that are not
+     * supported by the application.
+     *
+ * + * repeated .grpc.gcp.AlpnProtocol alpn_protocols = 2; + * @param values The enum numeric values on the wire for alpnProtocols to add. + * @return This builder for chaining. + */ + public Builder addAllAlpnProtocolsValue( + java.lang.Iterable values) { + ensureAlpnProtocolsIsMutable(); + for (int value : values) { + alpnProtocols_.add(value); + } + onChanged(); + return this; + } + @java.lang.Override + public final Builder setUnknownFields( + final com.google.protobuf.UnknownFieldSet unknownFields) { + return super.setUnknownFields(unknownFields); + } + + @java.lang.Override + public final Builder mergeUnknownFields( + final com.google.protobuf.UnknownFieldSet unknownFields) { + return super.mergeUnknownFields(unknownFields); + } + + + // @@protoc_insertion_point(builder_scope:grpc.gcp.AlpnPolicy) + } + + // @@protoc_insertion_point(class_scope:grpc.gcp.AlpnPolicy) + private static final io.grpc.s2a.handshaker.AlpnPolicy DEFAULT_INSTANCE; + static { + DEFAULT_INSTANCE = new io.grpc.s2a.handshaker.AlpnPolicy(); + } + + public static io.grpc.s2a.handshaker.AlpnPolicy getDefaultInstance() { + return DEFAULT_INSTANCE; + } + + private static final com.google.protobuf.Parser + PARSER = new com.google.protobuf.AbstractParser() { + @java.lang.Override + public AlpnPolicy parsePartialFrom( + com.google.protobuf.CodedInputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + Builder builder = newBuilder(); + try { + builder.mergeFrom(input, extensionRegistry); + } catch (com.google.protobuf.InvalidProtocolBufferException e) { + throw e.setUnfinishedMessage(builder.buildPartial()); + } catch (com.google.protobuf.UninitializedMessageException e) { + throw e.asInvalidProtocolBufferException().setUnfinishedMessage(builder.buildPartial()); + } catch (java.io.IOException e) { + throw new com.google.protobuf.InvalidProtocolBufferException(e) + .setUnfinishedMessage(builder.buildPartial()); + } + return builder.buildPartial(); + } + }; + + public static com.google.protobuf.Parser parser() { + return PARSER; + } + + @java.lang.Override + public com.google.protobuf.Parser getParserForType() { + return PARSER; + } + + @java.lang.Override + public io.grpc.s2a.handshaker.AlpnPolicy getDefaultInstanceForType() { + return DEFAULT_INSTANCE; + } + +} + diff --git a/s2a/src/generated/main/java/io/grpc/s2a/handshaker/AlpnPolicyOrBuilder.java b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/AlpnPolicyOrBuilder.java new file mode 100644 index 000000000000..825ba0731d49 --- /dev/null +++ b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/AlpnPolicyOrBuilder.java @@ -0,0 +1,89 @@ +// Generated by the protocol buffer compiler. DO NOT EDIT! +// source: s2a.proto + +// Protobuf Java Version: 3.25.1 +package io.grpc.s2a.handshaker; + +public interface AlpnPolicyOrBuilder extends + // @@protoc_insertion_point(interface_extends:grpc.gcp.AlpnPolicy) + com.google.protobuf.MessageOrBuilder { + + /** + * 
+   * If true, the application MUST perform ALPN negotiation.
+   *
+ * + * bool enable_alpn_negotiation = 1; + * @return The enableAlpnNegotiation. + */ + boolean getEnableAlpnNegotiation(); + + /** + * 
+   * The ordered list of ALPN protocols that specify how the application SHOULD
+   * negotiate ALPN during the TLS handshake.
+   *
+   * The application MAY ignore any ALPN protocols in this list that are not
+   * supported by the application.
+   *
+ * + * repeated .grpc.gcp.AlpnProtocol alpn_protocols = 2; + * @return A list containing the alpnProtocols. + */ + java.util.List getAlpnProtocolsList(); + /** + * 
+   * The ordered list of ALPN protocols that specify how the application SHOULD
+   * negotiate ALPN during the TLS handshake.
+   *
+   * The application MAY ignore any ALPN protocols in this list that are not
+   * supported by the application.
+   *
+ * + * repeated .grpc.gcp.AlpnProtocol alpn_protocols = 2; + * @return The count of alpnProtocols. + */ + int getAlpnProtocolsCount(); + /** + * 
+   * The ordered list of ALPN protocols that specify how the application SHOULD
+   * negotiate ALPN during the TLS handshake.
+   *
+   * The application MAY ignore any ALPN protocols in this list that are not
+   * supported by the application.
+   *
+ * + * repeated .grpc.gcp.AlpnProtocol alpn_protocols = 2; + * @param index The index of the element to return. + * @return The alpnProtocols at the given index. + */ + io.grpc.s2a.handshaker.AlpnProtocol getAlpnProtocols(int index); + /** + * 
+   * The ordered list of ALPN protocols that specify how the application SHOULD
+   * negotiate ALPN during the TLS handshake.
+   *
+   * The application MAY ignore any ALPN protocols in this list that are not
+   * supported by the application.
+   *
+ * + * repeated .grpc.gcp.AlpnProtocol alpn_protocols = 2; + * @return A list containing the enum numeric values on the wire for alpnProtocols. + */ + java.util.List + getAlpnProtocolsValueList(); + /** + * 
+   * The ordered list of ALPN protocols that specify how the application SHOULD
+   * negotiate ALPN during the TLS handshake.
+   *
+   * The application MAY ignore any ALPN protocols in this list that are not
+   * supported by the application.
+   *
+ * + * repeated .grpc.gcp.AlpnProtocol alpn_protocols = 2; + * @param index The index of the value to return. + * @return The enum numeric value on the wire of alpnProtocols at the given index. + */ + int getAlpnProtocolsValue(int index); +} diff --git a/s2a/src/generated/main/java/io/grpc/s2a/handshaker/AlpnProtocol.java b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/AlpnProtocol.java new file mode 100644 index 000000000000..42fb6aff69b8 --- /dev/null +++ b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/AlpnProtocol.java @@ -0,0 +1,136 @@ +// Generated by the protocol buffer compiler. DO NOT EDIT! +// source: common.proto + +// Protobuf Java Version: 3.25.1 +package io.grpc.s2a.handshaker; + +/** + * 
+ * The ALPN protocols that the application can negotiate during a TLS handshake.
+ *
+ * + * Protobuf enum {@code grpc.gcp.AlpnProtocol} + */ +public enum AlpnProtocol + implements com.google.protobuf.ProtocolMessageEnum { + /** + * ALPN_PROTOCOL_UNSPECIFIED = 0; + */ + ALPN_PROTOCOL_UNSPECIFIED(0), + /** + * ALPN_PROTOCOL_GRPC = 1; + */ + ALPN_PROTOCOL_GRPC(1), + /** + * ALPN_PROTOCOL_HTTP2 = 2; + */ + ALPN_PROTOCOL_HTTP2(2), + /** + * ALPN_PROTOCOL_HTTP1_1 = 3; + */ + ALPN_PROTOCOL_HTTP1_1(3), + UNRECOGNIZED(-1), + ; + + /** + * ALPN_PROTOCOL_UNSPECIFIED = 0; + */ + public static final int ALPN_PROTOCOL_UNSPECIFIED_VALUE = 0; + /** + * ALPN_PROTOCOL_GRPC = 1; + */ + public static final int ALPN_PROTOCOL_GRPC_VALUE = 1; + /** + * ALPN_PROTOCOL_HTTP2 = 2; + */ + public static final int ALPN_PROTOCOL_HTTP2_VALUE = 2; + /** + * ALPN_PROTOCOL_HTTP1_1 = 3; + */ + public static final int ALPN_PROTOCOL_HTTP1_1_VALUE = 3; + + + public final int getNumber() { + if (this == UNRECOGNIZED) { + throw new java.lang.IllegalArgumentException( + "Can't get the number of an unknown enum value."); + } + return value; + } + + /** + * @param value The numeric wire value of the corresponding enum entry. + * @return The enum associated with the given numeric wire value. + * @deprecated Use {@link #forNumber(int)} instead. + */ + @java.lang.Deprecated + public static AlpnProtocol valueOf(int value) { + return forNumber(value); + } + + /** + * @param value The numeric wire value of the corresponding enum entry. + * @return The enum associated with the given numeric wire value. + */ + public static AlpnProtocol forNumber(int value) { + switch (value) { + case 0: return ALPN_PROTOCOL_UNSPECIFIED; + case 1: return ALPN_PROTOCOL_GRPC; + case 2: return ALPN_PROTOCOL_HTTP2; + case 3: return ALPN_PROTOCOL_HTTP1_1; + default: return null; + } + } + + public static com.google.protobuf.Internal.EnumLiteMap + internalGetValueMap() { + return internalValueMap; + } + private static final com.google.protobuf.Internal.EnumLiteMap< + AlpnProtocol> internalValueMap = + new com.google.protobuf.Internal.EnumLiteMap() { + public AlpnProtocol findValueByNumber(int number) { + return AlpnProtocol.forNumber(number); + } + }; + + public final com.google.protobuf.Descriptors.EnumValueDescriptor + getValueDescriptor() { + if (this == UNRECOGNIZED) { + throw new java.lang.IllegalStateException( + "Can't get the descriptor of an unrecognized enum value."); + } + return getDescriptor().getValues().get(ordinal()); + } + public final com.google.protobuf.Descriptors.EnumDescriptor + getDescriptorForType() { + return getDescriptor(); + } + public static final com.google.protobuf.Descriptors.EnumDescriptor + getDescriptor() { + return io.grpc.s2a.handshaker.CommonProto.getDescriptor().getEnumTypes().get(3); + } + + private static final AlpnProtocol[] VALUES = values(); + + public static AlpnProtocol valueOf( + com.google.protobuf.Descriptors.EnumValueDescriptor desc) { + if (desc.getType() != getDescriptor()) { + throw new java.lang.IllegalArgumentException( + "EnumValueDescriptor is not for this type."); + } + if (desc.getIndex() == -1) { + return UNRECOGNIZED; + } + return VALUES[desc.getIndex()]; + } + + private final int value; + + private AlpnProtocol(int value) { + this.value = value; + } + + // @@protoc_insertion_point(enum_scope:grpc.gcp.AlpnProtocol) +} + diff --git a/s2a/src/generated/main/java/io/grpc/s2a/handshaker/AuthenticationMechanism.java b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/AuthenticationMechanism.java new file mode 100644 index 000000000000..45de2b50ba96 --- /dev/null +++ b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/AuthenticationMechanism.java @@ -0,0 +1,967 @@ +// Generated by the protocol buffer compiler. DO NOT EDIT! +// source: s2a.proto + +// Protobuf Java Version: 3.25.1 +package io.grpc.s2a.handshaker; + +/** + * Protobuf type {@code grpc.gcp.AuthenticationMechanism} + */ +public final class AuthenticationMechanism extends + com.google.protobuf.GeneratedMessageV3 implements + // @@protoc_insertion_point(message_implements:grpc.gcp.AuthenticationMechanism) + AuthenticationMechanismOrBuilder { +private static final long serialVersionUID = 0L; + // Use AuthenticationMechanism.newBuilder() to construct. + private AuthenticationMechanism(com.google.protobuf.GeneratedMessageV3.Builder builder) { + super(builder); + } + private AuthenticationMechanism() { + } + + @java.lang.Override + @SuppressWarnings({"unused"}) + protected java.lang.Object newInstance( + UnusedPrivateParameter unused) { + return new AuthenticationMechanism(); + } + + public static final com.google.protobuf.Descriptors.Descriptor + getDescriptor() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_AuthenticationMechanism_descriptor; + } + + @java.lang.Override + protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable + internalGetFieldAccessorTable() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_AuthenticationMechanism_fieldAccessorTable + .ensureFieldAccessorsInitialized( + io.grpc.s2a.handshaker.AuthenticationMechanism.class, io.grpc.s2a.handshaker.AuthenticationMechanism.Builder.class); + } + + private int bitField0_; + private int mechanismOneofCase_ = 0; + @SuppressWarnings("serial") + private java.lang.Object mechanismOneof_; + public enum MechanismOneofCase + implements com.google.protobuf.Internal.EnumLite, + com.google.protobuf.AbstractMessage.InternalOneOfEnum { + TOKEN(2), + MECHANISMONEOF_NOT_SET(0); + private final int value; + private MechanismOneofCase(int value) { + this.value = value; + } + /** + * @param value The number of the enum to look for. + * @return The enum associated with the given number. + * @deprecated Use {@link #forNumber(int)} instead. + */ + @java.lang.Deprecated + public static MechanismOneofCase valueOf(int value) { + return forNumber(value); + } + + public static MechanismOneofCase forNumber(int value) { + switch (value) { + case 2: return TOKEN; + case 0: return MECHANISMONEOF_NOT_SET; + default: return null; + } + } + public int getNumber() { + return this.value; + } + }; + + public MechanismOneofCase + getMechanismOneofCase() { + return MechanismOneofCase.forNumber( + mechanismOneofCase_); + } + + public static final int IDENTITY_FIELD_NUMBER = 1; + private io.grpc.s2a.handshaker.Identity identity_; + /** + * 
+   * Applications may specify an identity associated to an authentication
+   * mechanism. Otherwise, S2A assumes that the authentication mechanism is
+   * associated with the default identity. If the default identity cannot be
+   * determined, the request is rejected.
+   *
+ * + * .grpc.gcp.Identity identity = 1; + * @return Whether the identity field is set. + */ + @java.lang.Override + public boolean hasIdentity() { + return ((bitField0_ & 0x00000001) != 0); + } + /** + * 
+   * Applications may specify an identity associated to an authentication
+   * mechanism. Otherwise, S2A assumes that the authentication mechanism is
+   * associated with the default identity. If the default identity cannot be
+   * determined, the request is rejected.
+   *
+ * + * .grpc.gcp.Identity identity = 1; + * @return The identity. + */ + @java.lang.Override + public io.grpc.s2a.handshaker.Identity getIdentity() { + return identity_ == null ? io.grpc.s2a.handshaker.Identity.getDefaultInstance() : identity_; + } + /** + * 
+   * Applications may specify an identity associated to an authentication
+   * mechanism. Otherwise, S2A assumes that the authentication mechanism is
+   * associated with the default identity. If the default identity cannot be
+   * determined, the request is rejected.
+   *
+ * + * .grpc.gcp.Identity identity = 1; + */ + @java.lang.Override + public io.grpc.s2a.handshaker.IdentityOrBuilder getIdentityOrBuilder() { + return identity_ == null ? io.grpc.s2a.handshaker.Identity.getDefaultInstance() : identity_; + } + + public static final int TOKEN_FIELD_NUMBER = 2; + /** + * 
+   * A token that the application uses to authenticate itself to S2A.
+   *
+ * + * string token = 2; + * @return Whether the token field is set. + */ + public boolean hasToken() { + return mechanismOneofCase_ == 2; + } + /** + * 
+   * A token that the application uses to authenticate itself to S2A.
+   *
+ * + * string token = 2; + * @return The token. + */ + public java.lang.String getToken() { + java.lang.Object ref = ""; + if (mechanismOneofCase_ == 2) { + ref = mechanismOneof_; + } + if (ref instanceof java.lang.String) { + return (java.lang.String) ref; + } else { + com.google.protobuf.ByteString bs = + (com.google.protobuf.ByteString) ref; + java.lang.String s = bs.toStringUtf8(); + if (mechanismOneofCase_ == 2) { + mechanismOneof_ = s; + } + return s; + } + } + /** + * 
+   * A token that the application uses to authenticate itself to S2A.
+   *
+ * + * string token = 2; + * @return The bytes for token. + */ + public com.google.protobuf.ByteString + getTokenBytes() { + java.lang.Object ref = ""; + if (mechanismOneofCase_ == 2) { + ref = mechanismOneof_; + } + if (ref instanceof java.lang.String) { + com.google.protobuf.ByteString b = + com.google.protobuf.ByteString.copyFromUtf8( + (java.lang.String) ref); + if (mechanismOneofCase_ == 2) { + mechanismOneof_ = b; + } + return b; + } else { + return (com.google.protobuf.ByteString) ref; + } + } + + private byte memoizedIsInitialized = -1; + @java.lang.Override + public final boolean isInitialized() { + byte isInitialized = memoizedIsInitialized; + if (isInitialized == 1) return true; + if (isInitialized == 0) return false; + + memoizedIsInitialized = 1; + return true; + } + + @java.lang.Override + public void writeTo(com.google.protobuf.CodedOutputStream output) + throws java.io.IOException { + if (((bitField0_ & 0x00000001) != 0)) { + output.writeMessage(1, getIdentity()); + } + if (mechanismOneofCase_ == 2) { + com.google.protobuf.GeneratedMessageV3.writeString(output, 2, mechanismOneof_); + } + getUnknownFields().writeTo(output); + } + + @java.lang.Override + public int getSerializedSize() { + int size = memoizedSize; + if (size != -1) return size; + + size = 0; + if (((bitField0_ & 0x00000001) != 0)) { + size += com.google.protobuf.CodedOutputStream + .computeMessageSize(1, getIdentity()); + } + if (mechanismOneofCase_ == 2) { + size += com.google.protobuf.GeneratedMessageV3.computeStringSize(2, mechanismOneof_); + } + size += getUnknownFields().getSerializedSize(); + memoizedSize = size; + return size; + } + + @java.lang.Override + public boolean equals(final java.lang.Object obj) { + if (obj == this) { + return true; + } + if (!(obj instanceof io.grpc.s2a.handshaker.AuthenticationMechanism)) { + return super.equals(obj); + } + io.grpc.s2a.handshaker.AuthenticationMechanism other = (io.grpc.s2a.handshaker.AuthenticationMechanism) obj; + + if (hasIdentity() != other.hasIdentity()) return false; + if (hasIdentity()) { + if (!getIdentity() + .equals(other.getIdentity())) return false; + } + if (!getMechanismOneofCase().equals(other.getMechanismOneofCase())) return false; + switch (mechanismOneofCase_) { + case 2: + if (!getToken() + .equals(other.getToken())) return false; + break; + case 0: + default: + } + if (!getUnknownFields().equals(other.getUnknownFields())) return false; + return true; + } + + @java.lang.Override + public int hashCode() { + if (memoizedHashCode != 0) { + return memoizedHashCode; + } + int hash = 41; + hash = (19 * hash) + getDescriptor().hashCode(); + if (hasIdentity()) { + hash = (37 * hash) + IDENTITY_FIELD_NUMBER; + hash = (53 * hash) + getIdentity().hashCode(); + } + switch (mechanismOneofCase_) { + case 2: + hash = (37 * hash) + TOKEN_FIELD_NUMBER; + hash = (53 * hash) + getToken().hashCode(); + break; + case 0: + default: + } + hash = (29 * hash) + getUnknownFields().hashCode(); + memoizedHashCode = hash; + return hash; + } + + public static io.grpc.s2a.handshaker.AuthenticationMechanism parseFrom( + java.nio.ByteBuffer data) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data); + } + public static io.grpc.s2a.handshaker.AuthenticationMechanism parseFrom( + java.nio.ByteBuffer data, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data, extensionRegistry); + } + public static io.grpc.s2a.handshaker.AuthenticationMechanism parseFrom( + com.google.protobuf.ByteString data) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data); + } + public static io.grpc.s2a.handshaker.AuthenticationMechanism parseFrom( + com.google.protobuf.ByteString data, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data, extensionRegistry); + } + public static io.grpc.s2a.handshaker.AuthenticationMechanism parseFrom(byte[] data) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data); + } + public static io.grpc.s2a.handshaker.AuthenticationMechanism parseFrom( + byte[] data, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data, extensionRegistry); + } + public static io.grpc.s2a.handshaker.AuthenticationMechanism parseFrom(java.io.InputStream input) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input); + } + public static io.grpc.s2a.handshaker.AuthenticationMechanism parseFrom( + java.io.InputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input, extensionRegistry); + } + + public static io.grpc.s2a.handshaker.AuthenticationMechanism parseDelimitedFrom(java.io.InputStream input) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseDelimitedWithIOException(PARSER, input); + } + + public static io.grpc.s2a.handshaker.AuthenticationMechanism parseDelimitedFrom( + java.io.InputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseDelimitedWithIOException(PARSER, input, extensionRegistry); + } + public static io.grpc.s2a.handshaker.AuthenticationMechanism parseFrom( + com.google.protobuf.CodedInputStream input) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input); + } + public static io.grpc.s2a.handshaker.AuthenticationMechanism parseFrom( + com.google.protobuf.CodedInputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input, extensionRegistry); + } + + @java.lang.Override + public Builder newBuilderForType() { return newBuilder(); } + public static Builder newBuilder() { + return DEFAULT_INSTANCE.toBuilder(); + } + public static Builder newBuilder(io.grpc.s2a.handshaker.AuthenticationMechanism prototype) { + return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype); + } + @java.lang.Override + public Builder toBuilder() { + return this == DEFAULT_INSTANCE + ? new Builder() : new Builder().mergeFrom(this); + } + + @java.lang.Override + protected Builder newBuilderForType( + com.google.protobuf.GeneratedMessageV3.BuilderParent parent) { + Builder builder = new Builder(parent); + return builder; + } + /** + * Protobuf type {@code grpc.gcp.AuthenticationMechanism} + */ + public static final class Builder extends + com.google.protobuf.GeneratedMessageV3.Builder implements + // @@protoc_insertion_point(builder_implements:grpc.gcp.AuthenticationMechanism) + io.grpc.s2a.handshaker.AuthenticationMechanismOrBuilder { + public static final com.google.protobuf.Descriptors.Descriptor + getDescriptor() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_AuthenticationMechanism_descriptor; + } + + @java.lang.Override + protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable + internalGetFieldAccessorTable() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_AuthenticationMechanism_fieldAccessorTable + .ensureFieldAccessorsInitialized( + io.grpc.s2a.handshaker.AuthenticationMechanism.class, io.grpc.s2a.handshaker.AuthenticationMechanism.Builder.class); + } + + // Construct using io.grpc.s2a.handshaker.AuthenticationMechanism.newBuilder() + private Builder() { + maybeForceBuilderInitialization(); + } + + private Builder( + com.google.protobuf.GeneratedMessageV3.BuilderParent parent) { + super(parent); + maybeForceBuilderInitialization(); + } + private void maybeForceBuilderInitialization() { + if (com.google.protobuf.GeneratedMessageV3 + .alwaysUseFieldBuilders) { + getIdentityFieldBuilder(); + } + } + @java.lang.Override + public Builder clear() { + super.clear(); + bitField0_ = 0; + identity_ = null; + if (identityBuilder_ != null) { + identityBuilder_.dispose(); + identityBuilder_ = null; + } + mechanismOneofCase_ = 0; + mechanismOneof_ = null; + return this; + } + + @java.lang.Override + public com.google.protobuf.Descriptors.Descriptor + getDescriptorForType() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_AuthenticationMechanism_descriptor; + } + + @java.lang.Override + public io.grpc.s2a.handshaker.AuthenticationMechanism getDefaultInstanceForType() { + return io.grpc.s2a.handshaker.AuthenticationMechanism.getDefaultInstance(); + } + + @java.lang.Override + public io.grpc.s2a.handshaker.AuthenticationMechanism build() { + io.grpc.s2a.handshaker.AuthenticationMechanism result = buildPartial(); + if (!result.isInitialized()) { + throw newUninitializedMessageException(result); + } + return result; + } + + @java.lang.Override + public io.grpc.s2a.handshaker.AuthenticationMechanism buildPartial() { + io.grpc.s2a.handshaker.AuthenticationMechanism result = new io.grpc.s2a.handshaker.AuthenticationMechanism(this); + if (bitField0_ != 0) { buildPartial0(result); } + buildPartialOneofs(result); + onBuilt(); + return result; + } + + private void buildPartial0(io.grpc.s2a.handshaker.AuthenticationMechanism result) { + int from_bitField0_ = bitField0_; + int to_bitField0_ = 0; + if (((from_bitField0_ & 0x00000001) != 0)) { + result.identity_ = identityBuilder_ == null + ? identity_ + : identityBuilder_.build(); + to_bitField0_ |= 0x00000001; + } + result.bitField0_ |= to_bitField0_; + } + + private void buildPartialOneofs(io.grpc.s2a.handshaker.AuthenticationMechanism result) { + result.mechanismOneofCase_ = mechanismOneofCase_; + result.mechanismOneof_ = this.mechanismOneof_; + } + + @java.lang.Override + public Builder clone() { + return super.clone(); + } + @java.lang.Override + public Builder setField( + com.google.protobuf.Descriptors.FieldDescriptor field, + java.lang.Object value) { + return super.setField(field, value); + } + @java.lang.Override + public Builder clearField( + com.google.protobuf.Descriptors.FieldDescriptor field) { + return super.clearField(field); + } + @java.lang.Override + public Builder clearOneof( + com.google.protobuf.Descriptors.OneofDescriptor oneof) { + return super.clearOneof(oneof); + } + @java.lang.Override + public Builder setRepeatedField( + com.google.protobuf.Descriptors.FieldDescriptor field, + int index, java.lang.Object value) { + return super.setRepeatedField(field, index, value); + } + @java.lang.Override + public Builder addRepeatedField( + com.google.protobuf.Descriptors.FieldDescriptor field, + java.lang.Object value) { + return super.addRepeatedField(field, value); + } + @java.lang.Override + public Builder mergeFrom(com.google.protobuf.Message other) { + if (other instanceof io.grpc.s2a.handshaker.AuthenticationMechanism) { + return mergeFrom((io.grpc.s2a.handshaker.AuthenticationMechanism)other); + } else { + super.mergeFrom(other); + return this; + } + } + + public Builder mergeFrom(io.grpc.s2a.handshaker.AuthenticationMechanism other) { + if (other == io.grpc.s2a.handshaker.AuthenticationMechanism.getDefaultInstance()) return this; + if (other.hasIdentity()) { + mergeIdentity(other.getIdentity()); + } + switch (other.getMechanismOneofCase()) { + case TOKEN: { + mechanismOneofCase_ = 2; + mechanismOneof_ = other.mechanismOneof_; + onChanged(); + break; + } + case MECHANISMONEOF_NOT_SET: { + break; + } + } + this.mergeUnknownFields(other.getUnknownFields()); + onChanged(); + return this; + } + + @java.lang.Override + public final boolean isInitialized() { + return true; + } + + @java.lang.Override + public Builder mergeFrom( + com.google.protobuf.CodedInputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + if (extensionRegistry == null) { + throw new java.lang.NullPointerException(); + } + try { + boolean done = false; + while (!done) { + int tag = input.readTag(); + switch (tag) { + case 0: + done = true; + break; + case 10: { + input.readMessage( + getIdentityFieldBuilder().getBuilder(), + extensionRegistry); + bitField0_ |= 0x00000001; + break; + } // case 10 + case 18: { + java.lang.String s = input.readStringRequireUtf8(); + mechanismOneofCase_ = 2; + mechanismOneof_ = s; + break; + } // case 18 + default: { + if (!super.parseUnknownField(input, extensionRegistry, tag)) { + done = true; // was an endgroup tag + } + break; + } // default: + } // switch (tag) + } // while (!done) + } catch (com.google.protobuf.InvalidProtocolBufferException e) { + throw e.unwrapIOException(); + } finally { + onChanged(); + } // finally + return this; + } + private int mechanismOneofCase_ = 0; + private java.lang.Object mechanismOneof_; + public MechanismOneofCase + getMechanismOneofCase() { + return MechanismOneofCase.forNumber( + mechanismOneofCase_); + } + + public Builder clearMechanismOneof() { + mechanismOneofCase_ = 0; + mechanismOneof_ = null; + onChanged(); + return this; + } + + private int bitField0_; + + private io.grpc.s2a.handshaker.Identity identity_; + private com.google.protobuf.SingleFieldBuilderV3< + io.grpc.s2a.handshaker.Identity, io.grpc.s2a.handshaker.Identity.Builder, io.grpc.s2a.handshaker.IdentityOrBuilder> identityBuilder_; + /** + * 
+     * Applications may specify an identity associated to an authentication
+     * mechanism. Otherwise, S2A assumes that the authentication mechanism is
+     * associated with the default identity. If the default identity cannot be
+     * determined, the request is rejected.
+     *
+ * + * .grpc.gcp.Identity identity = 1; + * @return Whether the identity field is set. + */ + public boolean hasIdentity() { + return ((bitField0_ & 0x00000001) != 0); + } + /** + * 
+     * Applications may specify an identity associated to an authentication
+     * mechanism. Otherwise, S2A assumes that the authentication mechanism is
+     * associated with the default identity. If the default identity cannot be
+     * determined, the request is rejected.
+     *
+ * + * .grpc.gcp.Identity identity = 1; + * @return The identity. + */ + public io.grpc.s2a.handshaker.Identity getIdentity() { + if (identityBuilder_ == null) { + return identity_ == null ? io.grpc.s2a.handshaker.Identity.getDefaultInstance() : identity_; + } else { + return identityBuilder_.getMessage(); + } + } + /** + * 
+     * Applications may specify an identity associated to an authentication
+     * mechanism. Otherwise, S2A assumes that the authentication mechanism is
+     * associated with the default identity. If the default identity cannot be
+     * determined, the request is rejected.
+     *
+ * + * .grpc.gcp.Identity identity = 1; + */ + public Builder setIdentity(io.grpc.s2a.handshaker.Identity value) { + if (identityBuilder_ == null) { + if (value == null) { + throw new NullPointerException(); + } + identity_ = value; + } else { + identityBuilder_.setMessage(value); + } + bitField0_ |= 0x00000001; + onChanged(); + return this; + } + /** + * 
+     * Applications may specify an identity associated to an authentication
+     * mechanism. Otherwise, S2A assumes that the authentication mechanism is
+     * associated with the default identity. If the default identity cannot be
+     * determined, the request is rejected.
+     *
+ * + * .grpc.gcp.Identity identity = 1; + */ + public Builder setIdentity( + io.grpc.s2a.handshaker.Identity.Builder builderForValue) { + if (identityBuilder_ == null) { + identity_ = builderForValue.build(); + } else { + identityBuilder_.setMessage(builderForValue.build()); + } + bitField0_ |= 0x00000001; + onChanged(); + return this; + } + /** + * 
+     * Applications may specify an identity associated to an authentication
+     * mechanism. Otherwise, S2A assumes that the authentication mechanism is
+     * associated with the default identity. If the default identity cannot be
+     * determined, the request is rejected.
+     *
+ * + * .grpc.gcp.Identity identity = 1; + */ + public Builder mergeIdentity(io.grpc.s2a.handshaker.Identity value) { + if (identityBuilder_ == null) { + if (((bitField0_ & 0x00000001) != 0) && + identity_ != null && + identity_ != io.grpc.s2a.handshaker.Identity.getDefaultInstance()) { + getIdentityBuilder().mergeFrom(value); + } else { + identity_ = value; + } + } else { + identityBuilder_.mergeFrom(value); + } + if (identity_ != null) { + bitField0_ |= 0x00000001; + onChanged(); + } + return this; + } + /** + * 
+     * Applications may specify an identity associated to an authentication
+     * mechanism. Otherwise, S2A assumes that the authentication mechanism is
+     * associated with the default identity. If the default identity cannot be
+     * determined, the request is rejected.
+     *
+ * + * .grpc.gcp.Identity identity = 1; + */ + public Builder clearIdentity() { + bitField0_ = (bitField0_ & ~0x00000001); + identity_ = null; + if (identityBuilder_ != null) { + identityBuilder_.dispose(); + identityBuilder_ = null; + } + onChanged(); + return this; + } + /** + * 
+     * Applications may specify an identity associated to an authentication
+     * mechanism. Otherwise, S2A assumes that the authentication mechanism is
+     * associated with the default identity. If the default identity cannot be
+     * determined, the request is rejected.
+     *
+ * + * .grpc.gcp.Identity identity = 1; + */ + public io.grpc.s2a.handshaker.Identity.Builder getIdentityBuilder() { + bitField0_ |= 0x00000001; + onChanged(); + return getIdentityFieldBuilder().getBuilder(); + } + /** + * 
+     * Applications may specify an identity associated to an authentication
+     * mechanism. Otherwise, S2A assumes that the authentication mechanism is
+     * associated with the default identity. If the default identity cannot be
+     * determined, the request is rejected.
+     *
+ * + * .grpc.gcp.Identity identity = 1; + */ + public io.grpc.s2a.handshaker.IdentityOrBuilder getIdentityOrBuilder() { + if (identityBuilder_ != null) { + return identityBuilder_.getMessageOrBuilder(); + } else { + return identity_ == null ? + io.grpc.s2a.handshaker.Identity.getDefaultInstance() : identity_; + } + } + /** + * 
+     * Applications may specify an identity associated to an authentication
+     * mechanism. Otherwise, S2A assumes that the authentication mechanism is
+     * associated with the default identity. If the default identity cannot be
+     * determined, the request is rejected.
+     *
+ * + * .grpc.gcp.Identity identity = 1; + */ + private com.google.protobuf.SingleFieldBuilderV3< + io.grpc.s2a.handshaker.Identity, io.grpc.s2a.handshaker.Identity.Builder, io.grpc.s2a.handshaker.IdentityOrBuilder> + getIdentityFieldBuilder() { + if (identityBuilder_ == null) { + identityBuilder_ = new com.google.protobuf.SingleFieldBuilderV3< + io.grpc.s2a.handshaker.Identity, io.grpc.s2a.handshaker.Identity.Builder, io.grpc.s2a.handshaker.IdentityOrBuilder>( + getIdentity(), + getParentForChildren(), + isClean()); + identity_ = null; + } + return identityBuilder_; + } + + /** + * 
+     * A token that the application uses to authenticate itself to S2A.
+     *
+ * + * string token = 2; + * @return Whether the token field is set. + */ + @java.lang.Override + public boolean hasToken() { + return mechanismOneofCase_ == 2; + } + /** + * 
+     * A token that the application uses to authenticate itself to S2A.
+     *
+ * + * string token = 2; + * @return The token. + */ + @java.lang.Override + public java.lang.String getToken() { + java.lang.Object ref = ""; + if (mechanismOneofCase_ == 2) { + ref = mechanismOneof_; + } + if (!(ref instanceof java.lang.String)) { + com.google.protobuf.ByteString bs = + (com.google.protobuf.ByteString) ref; + java.lang.String s = bs.toStringUtf8(); + if (mechanismOneofCase_ == 2) { + mechanismOneof_ = s; + } + return s; + } else { + return (java.lang.String) ref; + } + } + /** + * 
+     * A token that the application uses to authenticate itself to S2A.
+     *
+ * + * string token = 2; + * @return The bytes for token. + */ + @java.lang.Override + public com.google.protobuf.ByteString + getTokenBytes() { + java.lang.Object ref = ""; + if (mechanismOneofCase_ == 2) { + ref = mechanismOneof_; + } + if (ref instanceof String) { + com.google.protobuf.ByteString b = + com.google.protobuf.ByteString.copyFromUtf8( + (java.lang.String) ref); + if (mechanismOneofCase_ == 2) { + mechanismOneof_ = b; + } + return b; + } else { + return (com.google.protobuf.ByteString) ref; + } + } + /** + * 
+     * A token that the application uses to authenticate itself to S2A.
+     *
+ * + * string token = 2; + * @param value The token to set. + * @return This builder for chaining. + */ + public Builder setToken( + java.lang.String value) { + if (value == null) { throw new NullPointerException(); } + mechanismOneofCase_ = 2; + mechanismOneof_ = value; + onChanged(); + return this; + } + /** + * 
+     * A token that the application uses to authenticate itself to S2A.
+     *
+ * + * string token = 2; + * @return This builder for chaining. + */ + public Builder clearToken() { + if (mechanismOneofCase_ == 2) { + mechanismOneofCase_ = 0; + mechanismOneof_ = null; + onChanged(); + } + return this; + } + /** + * 
+     * A token that the application uses to authenticate itself to S2A.
+     *
+ * + * string token = 2; + * @param value The bytes for token to set. + * @return This builder for chaining. + */ + public Builder setTokenBytes( + com.google.protobuf.ByteString value) { + if (value == null) { throw new NullPointerException(); } + checkByteStringIsUtf8(value); + mechanismOneofCase_ = 2; + mechanismOneof_ = value; + onChanged(); + return this; + } + @java.lang.Override + public final Builder setUnknownFields( + final com.google.protobuf.UnknownFieldSet unknownFields) { + return super.setUnknownFields(unknownFields); + } + + @java.lang.Override + public final Builder mergeUnknownFields( + final com.google.protobuf.UnknownFieldSet unknownFields) { + return super.mergeUnknownFields(unknownFields); + } + + + // @@protoc_insertion_point(builder_scope:grpc.gcp.AuthenticationMechanism) + } + + // @@protoc_insertion_point(class_scope:grpc.gcp.AuthenticationMechanism) + private static final io.grpc.s2a.handshaker.AuthenticationMechanism DEFAULT_INSTANCE; + static { + DEFAULT_INSTANCE = new io.grpc.s2a.handshaker.AuthenticationMechanism(); + } + + public static io.grpc.s2a.handshaker.AuthenticationMechanism getDefaultInstance() { + return DEFAULT_INSTANCE; + } + + private static final com.google.protobuf.Parser + PARSER = new com.google.protobuf.AbstractParser() { + @java.lang.Override + public AuthenticationMechanism parsePartialFrom( + com.google.protobuf.CodedInputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + Builder builder = newBuilder(); + try { + builder.mergeFrom(input, extensionRegistry); + } catch (com.google.protobuf.InvalidProtocolBufferException e) { + throw e.setUnfinishedMessage(builder.buildPartial()); + } catch (com.google.protobuf.UninitializedMessageException e) { + throw e.asInvalidProtocolBufferException().setUnfinishedMessage(builder.buildPartial()); + } catch (java.io.IOException e) { + throw new com.google.protobuf.InvalidProtocolBufferException(e) + .setUnfinishedMessage(builder.buildPartial()); + } + return builder.buildPartial(); + } + }; + + public static com.google.protobuf.Parser parser() { + return PARSER; + } + + @java.lang.Override + public com.google.protobuf.Parser getParserForType() { + return PARSER; + } + + @java.lang.Override + public io.grpc.s2a.handshaker.AuthenticationMechanism getDefaultInstanceForType() { + return DEFAULT_INSTANCE; + } + +} + diff --git a/s2a/src/generated/main/java/io/grpc/s2a/handshaker/AuthenticationMechanismOrBuilder.java b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/AuthenticationMechanismOrBuilder.java new file mode 100644 index 000000000000..c06e169ecfe4 --- /dev/null +++ b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/AuthenticationMechanismOrBuilder.java @@ -0,0 +1,77 @@ +// Generated by the protocol buffer compiler. DO NOT EDIT! +// source: s2a.proto + +// Protobuf Java Version: 3.25.1 +package io.grpc.s2a.handshaker; + +public interface AuthenticationMechanismOrBuilder extends + // @@protoc_insertion_point(interface_extends:grpc.gcp.AuthenticationMechanism) + com.google.protobuf.MessageOrBuilder { + + /** + * 
+   * Applications may specify an identity associated to an authentication
+   * mechanism. Otherwise, S2A assumes that the authentication mechanism is
+   * associated with the default identity. If the default identity cannot be
+   * determined, the request is rejected.
+   *
+ * + * .grpc.gcp.Identity identity = 1; + * @return Whether the identity field is set. + */ + boolean hasIdentity(); + /** + * 
+   * Applications may specify an identity associated to an authentication
+   * mechanism. Otherwise, S2A assumes that the authentication mechanism is
+   * associated with the default identity. If the default identity cannot be
+   * determined, the request is rejected.
+   *
+ * + * .grpc.gcp.Identity identity = 1; + * @return The identity. + */ + io.grpc.s2a.handshaker.Identity getIdentity(); + /** + * 
+   * Applications may specify an identity associated to an authentication
+   * mechanism. Otherwise, S2A assumes that the authentication mechanism is
+   * associated with the default identity. If the default identity cannot be
+   * determined, the request is rejected.
+   *
+ * + * .grpc.gcp.Identity identity = 1; + */ + io.grpc.s2a.handshaker.IdentityOrBuilder getIdentityOrBuilder(); + + /** + * 
+   * A token that the application uses to authenticate itself to S2A.
+   *
+ * + * string token = 2; + * @return Whether the token field is set. + */ + boolean hasToken(); + /** + * 
+   * A token that the application uses to authenticate itself to S2A.
+   *
+ * + * string token = 2; + * @return The token. + */ + java.lang.String getToken(); + /** + * 
+   * A token that the application uses to authenticate itself to S2A.
+   *
+ * + * string token = 2; + * @return The bytes for token. + */ + com.google.protobuf.ByteString + getTokenBytes(); + + io.grpc.s2a.handshaker.AuthenticationMechanism.MechanismOneofCase getMechanismOneofCase(); +} diff --git a/s2a/src/generated/main/java/io/grpc/s2a/handshaker/Ciphersuite.java b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/Ciphersuite.java new file mode 100644 index 000000000000..4649133f7a52 --- /dev/null +++ b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/Ciphersuite.java @@ -0,0 +1,164 @@ +// Generated by the protocol buffer compiler. DO NOT EDIT! +// source: common.proto + +// Protobuf Java Version: 3.25.1 +package io.grpc.s2a.handshaker; + +/** + * 
+ * The TLS 1.0-1.2 ciphersuites that the application can negotiate when using
+ * S2A.
+ *
+ * + * Protobuf enum {@code grpc.gcp.Ciphersuite} + */ +public enum Ciphersuite + implements com.google.protobuf.ProtocolMessageEnum { + /** + * CIPHERSUITE_UNSPECIFIED = 0; + */ + CIPHERSUITE_UNSPECIFIED(0), + /** + * CIPHERSUITE_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 1; + */ + CIPHERSUITE_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(1), + /** + * CIPHERSUITE_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 2; + */ + CIPHERSUITE_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(2), + /** + * CIPHERSUITE_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = 3; + */ + CIPHERSUITE_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256(3), + /** + * CIPHERSUITE_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 4; + */ + CIPHERSUITE_ECDHE_RSA_WITH_AES_128_GCM_SHA256(4), + /** + * CIPHERSUITE_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 5; + */ + CIPHERSUITE_ECDHE_RSA_WITH_AES_256_GCM_SHA384(5), + /** + * CIPHERSUITE_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 6; + */ + CIPHERSUITE_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256(6), + UNRECOGNIZED(-1), + ; + + /** + * CIPHERSUITE_UNSPECIFIED = 0; + */ + public static final int CIPHERSUITE_UNSPECIFIED_VALUE = 0; + /** + * CIPHERSUITE_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 1; + */ + public static final int CIPHERSUITE_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_VALUE = 1; + /** + * CIPHERSUITE_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 2; + */ + public static final int CIPHERSUITE_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_VALUE = 2; + /** + * CIPHERSUITE_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = 3; + */ + public static final int CIPHERSUITE_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256_VALUE = 3; + /** + * CIPHERSUITE_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 4; + */ + public static final int CIPHERSUITE_ECDHE_RSA_WITH_AES_128_GCM_SHA256_VALUE = 4; + /** + * CIPHERSUITE_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 5; + */ + public static final int CIPHERSUITE_ECDHE_RSA_WITH_AES_256_GCM_SHA384_VALUE = 5; + /** + * CIPHERSUITE_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 6; + */ + public static final int CIPHERSUITE_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256_VALUE = 6; + + + public final int getNumber() { + if (this == UNRECOGNIZED) { + throw new java.lang.IllegalArgumentException( + "Can't get the number of an unknown enum value."); + } + return value; + } + + /** + * @param value The numeric wire value of the corresponding enum entry. + * @return The enum associated with the given numeric wire value. + * @deprecated Use {@link #forNumber(int)} instead. + */ + @java.lang.Deprecated + public static Ciphersuite valueOf(int value) { + return forNumber(value); + } + + /** + * @param value The numeric wire value of the corresponding enum entry. + * @return The enum associated with the given numeric wire value. + */ + public static Ciphersuite forNumber(int value) { + switch (value) { + case 0: return CIPHERSUITE_UNSPECIFIED; + case 1: return CIPHERSUITE_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256; + case 2: return CIPHERSUITE_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384; + case 3: return CIPHERSUITE_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256; + case 4: return CIPHERSUITE_ECDHE_RSA_WITH_AES_128_GCM_SHA256; + case 5: return CIPHERSUITE_ECDHE_RSA_WITH_AES_256_GCM_SHA384; + case 6: return CIPHERSUITE_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256; + default: return null; + } + } + + public static com.google.protobuf.Internal.EnumLiteMap + internalGetValueMap() { + return internalValueMap; + } + private static final com.google.protobuf.Internal.EnumLiteMap< + Ciphersuite> internalValueMap = + new com.google.protobuf.Internal.EnumLiteMap() { + public Ciphersuite findValueByNumber(int number) { + return Ciphersuite.forNumber(number); + } + }; + + public final com.google.protobuf.Descriptors.EnumValueDescriptor + getValueDescriptor() { + if (this == UNRECOGNIZED) { + throw new java.lang.IllegalStateException( + "Can't get the descriptor of an unrecognized enum value."); + } + return getDescriptor().getValues().get(ordinal()); + } + public final com.google.protobuf.Descriptors.EnumDescriptor + getDescriptorForType() { + return getDescriptor(); + } + public static final com.google.protobuf.Descriptors.EnumDescriptor + getDescriptor() { + return io.grpc.s2a.handshaker.CommonProto.getDescriptor().getEnumTypes().get(0); + } + + private static final Ciphersuite[] VALUES = values(); + + public static Ciphersuite valueOf( + com.google.protobuf.Descriptors.EnumValueDescriptor desc) { + if (desc.getType() != getDescriptor()) { + throw new java.lang.IllegalArgumentException( + "EnumValueDescriptor is not for this type."); + } + if (desc.getIndex() == -1) { + return UNRECOGNIZED; + } + return VALUES[desc.getIndex()]; + } + + private final int value; + + private Ciphersuite(int value) { + this.value = value; + } + + // @@protoc_insertion_point(enum_scope:grpc.gcp.Ciphersuite) +} + diff --git a/s2a/src/generated/main/java/io/grpc/s2a/handshaker/CommonProto.java b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/CommonProto.java new file mode 100644 index 000000000000..bf22b9d91379 --- /dev/null +++ b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/CommonProto.java @@ -0,0 +1,83 @@ +// Generated by the protocol buffer compiler. DO NOT EDIT! +// source: common.proto + +// Protobuf Java Version: 3.25.1 +package io.grpc.s2a.handshaker; + +public final class CommonProto { + private CommonProto() {} + public static void registerAllExtensions( + com.google.protobuf.ExtensionRegistryLite registry) { + } + + public static void registerAllExtensions( + com.google.protobuf.ExtensionRegistry registry) { + registerAllExtensions( + (com.google.protobuf.ExtensionRegistryLite) registry); + } + static final com.google.protobuf.Descriptors.Descriptor + internal_static_grpc_gcp_Identity_descriptor; + static final + com.google.protobuf.GeneratedMessageV3.FieldAccessorTable + internal_static_grpc_gcp_Identity_fieldAccessorTable; + static final com.google.protobuf.Descriptors.Descriptor + internal_static_grpc_gcp_Identity_AttributesEntry_descriptor; + static final + com.google.protobuf.GeneratedMessageV3.FieldAccessorTable + internal_static_grpc_gcp_Identity_AttributesEntry_fieldAccessorTable; + + public static com.google.protobuf.Descriptors.FileDescriptor + getDescriptor() { + return descriptor; + } + private static com.google.protobuf.Descriptors.FileDescriptor + descriptor; + static { + java.lang.String[] descriptorData = { + "\n\014common.proto\022\010grpc.gcp\"\352\001\n\010Identity\022\023\n" + + "\tspiffe_id\030\001 \001(\tH\000\022\022\n\010hostname\030\002 \001(\tH\000\022\r" + + "\n\003uid\030\004 \001(\tH\000\022\026\n\014mdb_username\030\005 \001(\tH\000\022\021\n" + + "\007gaia_id\030\006 \001(\tH\000\0226\n\nattributes\030\003 \003(\0132\".g" + + "rpc.gcp.Identity.AttributesEntry\0321\n\017Attr" + + "ibutesEntry\022\013\n\003key\030\001 \001(\t\022\r\n\005value\030\002 \001(\t:" + + "\0028\001B\020\n\016identity_oneof*\356\002\n\013Ciphersuite\022\033\n" + + "\027CIPHERSUITE_UNSPECIFIED\020\000\0223\n/CIPHERSUIT" + + "E_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256\020\001\022" + + "3\n/CIPHERSUITE_ECDHE_ECDSA_WITH_AES_256_" + + "GCM_SHA384\020\002\0229\n5CIPHERSUITE_ECDHE_ECDSA_" + + "WITH_CHACHA20_POLY1305_SHA256\020\003\0221\n-CIPHE" + + "RSUITE_ECDHE_RSA_WITH_AES_128_GCM_SHA256" + + "\020\004\0221\n-CIPHERSUITE_ECDHE_RSA_WITH_AES_256" + + "_GCM_SHA384\020\005\0227\n3CIPHERSUITE_ECDHE_RSA_W" + + "ITH_CHACHA20_POLY1305_SHA256\020\006*}\n\nTLSVer" + + "sion\022\033\n\027TLS_VERSION_UNSPECIFIED\020\000\022\023\n\017TLS" + + "_VERSION_1_0\020\001\022\023\n\017TLS_VERSION_1_1\020\002\022\023\n\017T" + + "LS_VERSION_1_2\020\003\022\023\n\017TLS_VERSION_1_3\020\004*i\n" + + "\016ConnectionSide\022\037\n\033CONNECTION_SIDE_UNSPE" + + "CIFIED\020\000\022\032\n\026CONNECTION_SIDE_CLIENT\020\001\022\032\n\026" + + "CONNECTION_SIDE_SERVER\020\002*y\n\014AlpnProtocol" + + "\022\035\n\031ALPN_PROTOCOL_UNSPECIFIED\020\000\022\026\n\022ALPN_" + + "PROTOCOL_GRPC\020\001\022\027\n\023ALPN_PROTOCOL_HTTP2\020\002" + + "\022\031\n\025ALPN_PROTOCOL_HTTP1_1\020\003B\'\n\026io.grpc.s" + + "2a.handshakerB\013CommonProtoP\001b\006proto3" + }; + descriptor = com.google.protobuf.Descriptors.FileDescriptor + .internalBuildGeneratedFileFrom(descriptorData, + new com.google.protobuf.Descriptors.FileDescriptor[] { + }); + internal_static_grpc_gcp_Identity_descriptor = + getDescriptor().getMessageTypes().get(0); + internal_static_grpc_gcp_Identity_fieldAccessorTable = new + com.google.protobuf.GeneratedMessageV3.FieldAccessorTable( + internal_static_grpc_gcp_Identity_descriptor, + new java.lang.String[] { "SpiffeId", "Hostname", "Uid", "MdbUsername", "GaiaId", "Attributes", "IdentityOneof", }); + internal_static_grpc_gcp_Identity_AttributesEntry_descriptor = + internal_static_grpc_gcp_Identity_descriptor.getNestedTypes().get(0); + internal_static_grpc_gcp_Identity_AttributesEntry_fieldAccessorTable = new + com.google.protobuf.GeneratedMessageV3.FieldAccessorTable( + internal_static_grpc_gcp_Identity_AttributesEntry_descriptor, + new java.lang.String[] { "Key", "Value", }); + } + + // @@protoc_insertion_point(outer_class_scope) +} diff --git a/s2a/src/generated/main/java/io/grpc/s2a/handshaker/ConnectionSide.java b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/ConnectionSide.java new file mode 100644 index 000000000000..d52e8d9e3196 --- /dev/null +++ b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/ConnectionSide.java @@ -0,0 +1,127 @@ +// Generated by the protocol buffer compiler. DO NOT EDIT! +// source: common.proto + +// Protobuf Java Version: 3.25.1 +package io.grpc.s2a.handshaker; + +/** + * 
+ * The side in the TLS connection.
+ *
+ * + * Protobuf enum {@code grpc.gcp.ConnectionSide} + */ +public enum ConnectionSide + implements com.google.protobuf.ProtocolMessageEnum { + /** + * CONNECTION_SIDE_UNSPECIFIED = 0; + */ + CONNECTION_SIDE_UNSPECIFIED(0), + /** + * CONNECTION_SIDE_CLIENT = 1; + */ + CONNECTION_SIDE_CLIENT(1), + /** + * CONNECTION_SIDE_SERVER = 2; + */ + CONNECTION_SIDE_SERVER(2), + UNRECOGNIZED(-1), + ; + + /** + * CONNECTION_SIDE_UNSPECIFIED = 0; + */ + public static final int CONNECTION_SIDE_UNSPECIFIED_VALUE = 0; + /** + * CONNECTION_SIDE_CLIENT = 1; + */ + public static final int CONNECTION_SIDE_CLIENT_VALUE = 1; + /** + * CONNECTION_SIDE_SERVER = 2; + */ + public static final int CONNECTION_SIDE_SERVER_VALUE = 2; + + + public final int getNumber() { + if (this == UNRECOGNIZED) { + throw new java.lang.IllegalArgumentException( + "Can't get the number of an unknown enum value."); + } + return value; + } + + /** + * @param value The numeric wire value of the corresponding enum entry. + * @return The enum associated with the given numeric wire value. + * @deprecated Use {@link #forNumber(int)} instead. + */ + @java.lang.Deprecated + public static ConnectionSide valueOf(int value) { + return forNumber(value); + } + + /** + * @param value The numeric wire value of the corresponding enum entry. + * @return The enum associated with the given numeric wire value. + */ + public static ConnectionSide forNumber(int value) { + switch (value) { + case 0: return CONNECTION_SIDE_UNSPECIFIED; + case 1: return CONNECTION_SIDE_CLIENT; + case 2: return CONNECTION_SIDE_SERVER; + default: return null; + } + } + + public static com.google.protobuf.Internal.EnumLiteMap + internalGetValueMap() { + return internalValueMap; + } + private static final com.google.protobuf.Internal.EnumLiteMap< + ConnectionSide> internalValueMap = + new com.google.protobuf.Internal.EnumLiteMap() { + public ConnectionSide findValueByNumber(int number) { + return ConnectionSide.forNumber(number); + } + }; + + public final com.google.protobuf.Descriptors.EnumValueDescriptor + getValueDescriptor() { + if (this == UNRECOGNIZED) { + throw new java.lang.IllegalStateException( + "Can't get the descriptor of an unrecognized enum value."); + } + return getDescriptor().getValues().get(ordinal()); + } + public final com.google.protobuf.Descriptors.EnumDescriptor + getDescriptorForType() { + return getDescriptor(); + } + public static final com.google.protobuf.Descriptors.EnumDescriptor + getDescriptor() { + return io.grpc.s2a.handshaker.CommonProto.getDescriptor().getEnumTypes().get(2); + } + + private static final ConnectionSide[] VALUES = values(); + + public static ConnectionSide valueOf( + com.google.protobuf.Descriptors.EnumValueDescriptor desc) { + if (desc.getType() != getDescriptor()) { + throw new java.lang.IllegalArgumentException( + "EnumValueDescriptor is not for this type."); + } + if (desc.getIndex() == -1) { + return UNRECOGNIZED; + } + return VALUES[desc.getIndex()]; + } + + private final int value; + + private ConnectionSide(int value) { + this.value = value; + } + + // @@protoc_insertion_point(enum_scope:grpc.gcp.ConnectionSide) +} + diff --git a/s2a/src/generated/main/java/io/grpc/s2a/handshaker/GetTlsConfigurationReq.java b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/GetTlsConfigurationReq.java new file mode 100644 index 000000000000..0bf008a2cb64 --- /dev/null +++ b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/GetTlsConfigurationReq.java @@ -0,0 +1,706 @@ +// Generated by the protocol buffer compiler. DO NOT EDIT! +// source: s2a.proto + +// Protobuf Java Version: 3.25.1 +package io.grpc.s2a.handshaker; + +/** + * Protobuf type {@code grpc.gcp.GetTlsConfigurationReq} + */ +public final class GetTlsConfigurationReq extends + com.google.protobuf.GeneratedMessageV3 implements + // @@protoc_insertion_point(message_implements:grpc.gcp.GetTlsConfigurationReq) + GetTlsConfigurationReqOrBuilder { +private static final long serialVersionUID = 0L; + // Use GetTlsConfigurationReq.newBuilder() to construct. + private GetTlsConfigurationReq(com.google.protobuf.GeneratedMessageV3.Builder builder) { + super(builder); + } + private GetTlsConfigurationReq() { + connectionSide_ = 0; + sni_ = ""; + } + + @java.lang.Override + @SuppressWarnings({"unused"}) + protected java.lang.Object newInstance( + UnusedPrivateParameter unused) { + return new GetTlsConfigurationReq(); + } + + public static final com.google.protobuf.Descriptors.Descriptor + getDescriptor() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_GetTlsConfigurationReq_descriptor; + } + + @java.lang.Override + protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable + internalGetFieldAccessorTable() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_GetTlsConfigurationReq_fieldAccessorTable + .ensureFieldAccessorsInitialized( + io.grpc.s2a.handshaker.GetTlsConfigurationReq.class, io.grpc.s2a.handshaker.GetTlsConfigurationReq.Builder.class); + } + + public static final int CONNECTION_SIDE_FIELD_NUMBER = 1; + private int connectionSide_ = 0; + /** + * 
+   * The role of the application in the TLS connection.
+   *
+ * + * .grpc.gcp.ConnectionSide connection_side = 1; + * @return The enum numeric value on the wire for connectionSide. + */ + @java.lang.Override public int getConnectionSideValue() { + return connectionSide_; + } + /** + * 
+   * The role of the application in the TLS connection.
+   *
+ * + * .grpc.gcp.ConnectionSide connection_side = 1; + * @return The connectionSide. + */ + @java.lang.Override public io.grpc.s2a.handshaker.ConnectionSide getConnectionSide() { + io.grpc.s2a.handshaker.ConnectionSide result = io.grpc.s2a.handshaker.ConnectionSide.forNumber(connectionSide_); + return result == null ? io.grpc.s2a.handshaker.ConnectionSide.UNRECOGNIZED : result; + } + + public static final int SNI_FIELD_NUMBER = 2; + @SuppressWarnings("serial") + private volatile java.lang.Object sni_ = ""; + /** + * 
+   * The server name indication (SNI) extension, which MAY be populated when a
+   * server is offloading to S2A. The SNI is used to determine the server
+   * identity if the local identity in the request is empty.
+   *
+ * + * string sni = 2; + * @return The sni. + */ + @java.lang.Override + public java.lang.String getSni() { + java.lang.Object ref = sni_; + if (ref instanceof java.lang.String) { + return (java.lang.String) ref; + } else { + com.google.protobuf.ByteString bs = + (com.google.protobuf.ByteString) ref; + java.lang.String s = bs.toStringUtf8(); + sni_ = s; + return s; + } + } + /** + * 
+   * The server name indication (SNI) extension, which MAY be populated when a
+   * server is offloading to S2A. The SNI is used to determine the server
+   * identity if the local identity in the request is empty.
+   *
+ * + * string sni = 2; + * @return The bytes for sni. + */ + @java.lang.Override + public com.google.protobuf.ByteString + getSniBytes() { + java.lang.Object ref = sni_; + if (ref instanceof java.lang.String) { + com.google.protobuf.ByteString b = + com.google.protobuf.ByteString.copyFromUtf8( + (java.lang.String) ref); + sni_ = b; + return b; + } else { + return (com.google.protobuf.ByteString) ref; + } + } + + private byte memoizedIsInitialized = -1; + @java.lang.Override + public final boolean isInitialized() { + byte isInitialized = memoizedIsInitialized; + if (isInitialized == 1) return true; + if (isInitialized == 0) return false; + + memoizedIsInitialized = 1; + return true; + } + + @java.lang.Override + public void writeTo(com.google.protobuf.CodedOutputStream output) + throws java.io.IOException { + if (connectionSide_ != io.grpc.s2a.handshaker.ConnectionSide.CONNECTION_SIDE_UNSPECIFIED.getNumber()) { + output.writeEnum(1, connectionSide_); + } + if (!com.google.protobuf.GeneratedMessageV3.isStringEmpty(sni_)) { + com.google.protobuf.GeneratedMessageV3.writeString(output, 2, sni_); + } + getUnknownFields().writeTo(output); + } + + @java.lang.Override + public int getSerializedSize() { + int size = memoizedSize; + if (size != -1) return size; + + size = 0; + if (connectionSide_ != io.grpc.s2a.handshaker.ConnectionSide.CONNECTION_SIDE_UNSPECIFIED.getNumber()) { + size += com.google.protobuf.CodedOutputStream + .computeEnumSize(1, connectionSide_); + } + if (!com.google.protobuf.GeneratedMessageV3.isStringEmpty(sni_)) { + size += com.google.protobuf.GeneratedMessageV3.computeStringSize(2, sni_); + } + size += getUnknownFields().getSerializedSize(); + memoizedSize = size; + return size; + } + + @java.lang.Override + public boolean equals(final java.lang.Object obj) { + if (obj == this) { + return true; + } + if (!(obj instanceof io.grpc.s2a.handshaker.GetTlsConfigurationReq)) { + return super.equals(obj); + } + io.grpc.s2a.handshaker.GetTlsConfigurationReq other = (io.grpc.s2a.handshaker.GetTlsConfigurationReq) obj; + + if (connectionSide_ != other.connectionSide_) return false; + if (!getSni() + .equals(other.getSni())) return false; + if (!getUnknownFields().equals(other.getUnknownFields())) return false; + return true; + } + + @java.lang.Override + public int hashCode() { + if (memoizedHashCode != 0) { + return memoizedHashCode; + } + int hash = 41; + hash = (19 * hash) + getDescriptor().hashCode(); + hash = (37 * hash) + CONNECTION_SIDE_FIELD_NUMBER; + hash = (53 * hash) + connectionSide_; + hash = (37 * hash) + SNI_FIELD_NUMBER; + hash = (53 * hash) + getSni().hashCode(); + hash = (29 * hash) + getUnknownFields().hashCode(); + memoizedHashCode = hash; + return hash; + } + + public static io.grpc.s2a.handshaker.GetTlsConfigurationReq parseFrom( + java.nio.ByteBuffer data) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data); + } + public static io.grpc.s2a.handshaker.GetTlsConfigurationReq parseFrom( + java.nio.ByteBuffer data, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data, extensionRegistry); + } + public static io.grpc.s2a.handshaker.GetTlsConfigurationReq parseFrom( + com.google.protobuf.ByteString data) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data); + } + public static io.grpc.s2a.handshaker.GetTlsConfigurationReq parseFrom( + com.google.protobuf.ByteString data, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data, extensionRegistry); + } + public static io.grpc.s2a.handshaker.GetTlsConfigurationReq parseFrom(byte[] data) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data); + } + public static io.grpc.s2a.handshaker.GetTlsConfigurationReq parseFrom( + byte[] data, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data, extensionRegistry); + } + public static io.grpc.s2a.handshaker.GetTlsConfigurationReq parseFrom(java.io.InputStream input) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input); + } + public static io.grpc.s2a.handshaker.GetTlsConfigurationReq parseFrom( + java.io.InputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input, extensionRegistry); + } + + public static io.grpc.s2a.handshaker.GetTlsConfigurationReq parseDelimitedFrom(java.io.InputStream input) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseDelimitedWithIOException(PARSER, input); + } + + public static io.grpc.s2a.handshaker.GetTlsConfigurationReq parseDelimitedFrom( + java.io.InputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseDelimitedWithIOException(PARSER, input, extensionRegistry); + } + public static io.grpc.s2a.handshaker.GetTlsConfigurationReq parseFrom( + com.google.protobuf.CodedInputStream input) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input); + } + public static io.grpc.s2a.handshaker.GetTlsConfigurationReq parseFrom( + com.google.protobuf.CodedInputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input, extensionRegistry); + } + + @java.lang.Override + public Builder newBuilderForType() { return newBuilder(); } + public static Builder newBuilder() { + return DEFAULT_INSTANCE.toBuilder(); + } + public static Builder newBuilder(io.grpc.s2a.handshaker.GetTlsConfigurationReq prototype) { + return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype); + } + @java.lang.Override + public Builder toBuilder() { + return this == DEFAULT_INSTANCE + ? new Builder() : new Builder().mergeFrom(this); + } + + @java.lang.Override + protected Builder newBuilderForType( + com.google.protobuf.GeneratedMessageV3.BuilderParent parent) { + Builder builder = new Builder(parent); + return builder; + } + /** + * Protobuf type {@code grpc.gcp.GetTlsConfigurationReq} + */ + public static final class Builder extends + com.google.protobuf.GeneratedMessageV3.Builder implements + // @@protoc_insertion_point(builder_implements:grpc.gcp.GetTlsConfigurationReq) + io.grpc.s2a.handshaker.GetTlsConfigurationReqOrBuilder { + public static final com.google.protobuf.Descriptors.Descriptor + getDescriptor() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_GetTlsConfigurationReq_descriptor; + } + + @java.lang.Override + protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable + internalGetFieldAccessorTable() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_GetTlsConfigurationReq_fieldAccessorTable + .ensureFieldAccessorsInitialized( + io.grpc.s2a.handshaker.GetTlsConfigurationReq.class, io.grpc.s2a.handshaker.GetTlsConfigurationReq.Builder.class); + } + + // Construct using io.grpc.s2a.handshaker.GetTlsConfigurationReq.newBuilder() + private Builder() { + + } + + private Builder( + com.google.protobuf.GeneratedMessageV3.BuilderParent parent) { + super(parent); + + } + @java.lang.Override + public Builder clear() { + super.clear(); + bitField0_ = 0; + connectionSide_ = 0; + sni_ = ""; + return this; + } + + @java.lang.Override + public com.google.protobuf.Descriptors.Descriptor + getDescriptorForType() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_GetTlsConfigurationReq_descriptor; + } + + @java.lang.Override + public io.grpc.s2a.handshaker.GetTlsConfigurationReq getDefaultInstanceForType() { + return io.grpc.s2a.handshaker.GetTlsConfigurationReq.getDefaultInstance(); + } + + @java.lang.Override + public io.grpc.s2a.handshaker.GetTlsConfigurationReq build() { + io.grpc.s2a.handshaker.GetTlsConfigurationReq result = buildPartial(); + if (!result.isInitialized()) { + throw newUninitializedMessageException(result); + } + return result; + } + + @java.lang.Override + public io.grpc.s2a.handshaker.GetTlsConfigurationReq buildPartial() { + io.grpc.s2a.handshaker.GetTlsConfigurationReq result = new io.grpc.s2a.handshaker.GetTlsConfigurationReq(this); + if (bitField0_ != 0) { buildPartial0(result); } + onBuilt(); + return result; + } + + private void buildPartial0(io.grpc.s2a.handshaker.GetTlsConfigurationReq result) { + int from_bitField0_ = bitField0_; + if (((from_bitField0_ & 0x00000001) != 0)) { + result.connectionSide_ = connectionSide_; + } + if (((from_bitField0_ & 0x00000002) != 0)) { + result.sni_ = sni_; + } + } + + @java.lang.Override + public Builder clone() { + return super.clone(); + } + @java.lang.Override + public Builder setField( + com.google.protobuf.Descriptors.FieldDescriptor field, + java.lang.Object value) { + return super.setField(field, value); + } + @java.lang.Override + public Builder clearField( + com.google.protobuf.Descriptors.FieldDescriptor field) { + return super.clearField(field); + } + @java.lang.Override + public Builder clearOneof( + com.google.protobuf.Descriptors.OneofDescriptor oneof) { + return super.clearOneof(oneof); + } + @java.lang.Override + public Builder setRepeatedField( + com.google.protobuf.Descriptors.FieldDescriptor field, + int index, java.lang.Object value) { + return super.setRepeatedField(field, index, value); + } + @java.lang.Override + public Builder addRepeatedField( + com.google.protobuf.Descriptors.FieldDescriptor field, + java.lang.Object value) { + return super.addRepeatedField(field, value); + } + @java.lang.Override + public Builder mergeFrom(com.google.protobuf.Message other) { + if (other instanceof io.grpc.s2a.handshaker.GetTlsConfigurationReq) { + return mergeFrom((io.grpc.s2a.handshaker.GetTlsConfigurationReq)other); + } else { + super.mergeFrom(other); + return this; + } + } + + public Builder mergeFrom(io.grpc.s2a.handshaker.GetTlsConfigurationReq other) { + if (other == io.grpc.s2a.handshaker.GetTlsConfigurationReq.getDefaultInstance()) return this; + if (other.connectionSide_ != 0) { + setConnectionSideValue(other.getConnectionSideValue()); + } + if (!other.getSni().isEmpty()) { + sni_ = other.sni_; + bitField0_ |= 0x00000002; + onChanged(); + } + this.mergeUnknownFields(other.getUnknownFields()); + onChanged(); + return this; + } + + @java.lang.Override + public final boolean isInitialized() { + return true; + } + + @java.lang.Override + public Builder mergeFrom( + com.google.protobuf.CodedInputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + if (extensionRegistry == null) { + throw new java.lang.NullPointerException(); + } + try { + boolean done = false; + while (!done) { + int tag = input.readTag(); + switch (tag) { + case 0: + done = true; + break; + case 8: { + connectionSide_ = input.readEnum(); + bitField0_ |= 0x00000001; + break; + } // case 8 + case 18: { + sni_ = input.readStringRequireUtf8(); + bitField0_ |= 0x00000002; + break; + } // case 18 + default: { + if (!super.parseUnknownField(input, extensionRegistry, tag)) { + done = true; // was an endgroup tag + } + break; + } // default: + } // switch (tag) + } // while (!done) + } catch (com.google.protobuf.InvalidProtocolBufferException e) { + throw e.unwrapIOException(); + } finally { + onChanged(); + } // finally + return this; + } + private int bitField0_; + + private int connectionSide_ = 0; + /** + * 
+     * The role of the application in the TLS connection.
+     *
+ * + * .grpc.gcp.ConnectionSide connection_side = 1; + * @return The enum numeric value on the wire for connectionSide. + */ + @java.lang.Override public int getConnectionSideValue() { + return connectionSide_; + } + /** + * 
+     * The role of the application in the TLS connection.
+     *
+ * + * .grpc.gcp.ConnectionSide connection_side = 1; + * @param value The enum numeric value on the wire for connectionSide to set. + * @return This builder for chaining. + */ + public Builder setConnectionSideValue(int value) { + connectionSide_ = value; + bitField0_ |= 0x00000001; + onChanged(); + return this; + } + /** + * 
+     * The role of the application in the TLS connection.
+     *
+ * + * .grpc.gcp.ConnectionSide connection_side = 1; + * @return The connectionSide. + */ + @java.lang.Override + public io.grpc.s2a.handshaker.ConnectionSide getConnectionSide() { + io.grpc.s2a.handshaker.ConnectionSide result = io.grpc.s2a.handshaker.ConnectionSide.forNumber(connectionSide_); + return result == null ? io.grpc.s2a.handshaker.ConnectionSide.UNRECOGNIZED : result; + } + /** + * 
+     * The role of the application in the TLS connection.
+     *
+ * + * .grpc.gcp.ConnectionSide connection_side = 1; + * @param value The connectionSide to set. + * @return This builder for chaining. + */ + public Builder setConnectionSide(io.grpc.s2a.handshaker.ConnectionSide value) { + if (value == null) { + throw new NullPointerException(); + } + bitField0_ |= 0x00000001; + connectionSide_ = value.getNumber(); + onChanged(); + return this; + } + /** + * 
+     * The role of the application in the TLS connection.
+     *
+ * + * .grpc.gcp.ConnectionSide connection_side = 1; + * @return This builder for chaining. + */ + public Builder clearConnectionSide() { + bitField0_ = (bitField0_ & ~0x00000001); + connectionSide_ = 0; + onChanged(); + return this; + } + + private java.lang.Object sni_ = ""; + /** + * 
+     * The server name indication (SNI) extension, which MAY be populated when a
+     * server is offloading to S2A. The SNI is used to determine the server
+     * identity if the local identity in the request is empty.
+     *
+ * + * string sni = 2; + * @return The sni. + */ + public java.lang.String getSni() { + java.lang.Object ref = sni_; + if (!(ref instanceof java.lang.String)) { + com.google.protobuf.ByteString bs = + (com.google.protobuf.ByteString) ref; + java.lang.String s = bs.toStringUtf8(); + sni_ = s; + return s; + } else { + return (java.lang.String) ref; + } + } + /** + * 
+     * The server name indication (SNI) extension, which MAY be populated when a
+     * server is offloading to S2A. The SNI is used to determine the server
+     * identity if the local identity in the request is empty.
+     *
+ * + * string sni = 2; + * @return The bytes for sni. + */ + public com.google.protobuf.ByteString + getSniBytes() { + java.lang.Object ref = sni_; + if (ref instanceof String) { + com.google.protobuf.ByteString b = + com.google.protobuf.ByteString.copyFromUtf8( + (java.lang.String) ref); + sni_ = b; + return b; + } else { + return (com.google.protobuf.ByteString) ref; + } + } + /** + * 
+     * The server name indication (SNI) extension, which MAY be populated when a
+     * server is offloading to S2A. The SNI is used to determine the server
+     * identity if the local identity in the request is empty.
+     *
+ * + * string sni = 2; + * @param value The sni to set. + * @return This builder for chaining. + */ + public Builder setSni( + java.lang.String value) { + if (value == null) { throw new NullPointerException(); } + sni_ = value; + bitField0_ |= 0x00000002; + onChanged(); + return this; + } + /** + * 
+     * The server name indication (SNI) extension, which MAY be populated when a
+     * server is offloading to S2A. The SNI is used to determine the server
+     * identity if the local identity in the request is empty.
+     *
+ * + * string sni = 2; + * @return This builder for chaining. + */ + public Builder clearSni() { + sni_ = getDefaultInstance().getSni(); + bitField0_ = (bitField0_ & ~0x00000002); + onChanged(); + return this; + } + /** + * 
+     * The server name indication (SNI) extension, which MAY be populated when a
+     * server is offloading to S2A. The SNI is used to determine the server
+     * identity if the local identity in the request is empty.
+     *
+ * + * string sni = 2; + * @param value The bytes for sni to set. + * @return This builder for chaining. + */ + public Builder setSniBytes( + com.google.protobuf.ByteString value) { + if (value == null) { throw new NullPointerException(); } + checkByteStringIsUtf8(value); + sni_ = value; + bitField0_ |= 0x00000002; + onChanged(); + return this; + } + @java.lang.Override + public final Builder setUnknownFields( + final com.google.protobuf.UnknownFieldSet unknownFields) { + return super.setUnknownFields(unknownFields); + } + + @java.lang.Override + public final Builder mergeUnknownFields( + final com.google.protobuf.UnknownFieldSet unknownFields) { + return super.mergeUnknownFields(unknownFields); + } + + + // @@protoc_insertion_point(builder_scope:grpc.gcp.GetTlsConfigurationReq) + } + + // @@protoc_insertion_point(class_scope:grpc.gcp.GetTlsConfigurationReq) + private static final io.grpc.s2a.handshaker.GetTlsConfigurationReq DEFAULT_INSTANCE; + static { + DEFAULT_INSTANCE = new io.grpc.s2a.handshaker.GetTlsConfigurationReq(); + } + + public static io.grpc.s2a.handshaker.GetTlsConfigurationReq getDefaultInstance() { + return DEFAULT_INSTANCE; + } + + private static final com.google.protobuf.Parser + PARSER = new com.google.protobuf.AbstractParser() { + @java.lang.Override + public GetTlsConfigurationReq parsePartialFrom( + com.google.protobuf.CodedInputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + Builder builder = newBuilder(); + try { + builder.mergeFrom(input, extensionRegistry); + } catch (com.google.protobuf.InvalidProtocolBufferException e) { + throw e.setUnfinishedMessage(builder.buildPartial()); + } catch (com.google.protobuf.UninitializedMessageException e) { + throw e.asInvalidProtocolBufferException().setUnfinishedMessage(builder.buildPartial()); + } catch (java.io.IOException e) { + throw new com.google.protobuf.InvalidProtocolBufferException(e) + .setUnfinishedMessage(builder.buildPartial()); + } + return builder.buildPartial(); + } + }; + + public static com.google.protobuf.Parser parser() { + return PARSER; + } + + @java.lang.Override + public com.google.protobuf.Parser getParserForType() { + return PARSER; + } + + @java.lang.Override + public io.grpc.s2a.handshaker.GetTlsConfigurationReq getDefaultInstanceForType() { + return DEFAULT_INSTANCE; + } + +} + diff --git a/s2a/src/generated/main/java/io/grpc/s2a/handshaker/GetTlsConfigurationReqOrBuilder.java b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/GetTlsConfigurationReqOrBuilder.java new file mode 100644 index 000000000000..8b7c197e72c3 --- /dev/null +++ b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/GetTlsConfigurationReqOrBuilder.java @@ -0,0 +1,53 @@ +// Generated by the protocol buffer compiler. DO NOT EDIT! +// source: s2a.proto + +// Protobuf Java Version: 3.25.1 +package io.grpc.s2a.handshaker; + +public interface GetTlsConfigurationReqOrBuilder extends + // @@protoc_insertion_point(interface_extends:grpc.gcp.GetTlsConfigurationReq) + com.google.protobuf.MessageOrBuilder { + + /** + * 
+   * The role of the application in the TLS connection.
+   *
+ * + * .grpc.gcp.ConnectionSide connection_side = 1; + * @return The enum numeric value on the wire for connectionSide. + */ + int getConnectionSideValue(); + /** + * 
+   * The role of the application in the TLS connection.
+   *
+ * + * .grpc.gcp.ConnectionSide connection_side = 1; + * @return The connectionSide. + */ + io.grpc.s2a.handshaker.ConnectionSide getConnectionSide(); + + /** + * 
+   * The server name indication (SNI) extension, which MAY be populated when a
+   * server is offloading to S2A. The SNI is used to determine the server
+   * identity if the local identity in the request is empty.
+   *
+ * + * string sni = 2; + * @return The sni. + */ + java.lang.String getSni(); + /** + * 
+   * The server name indication (SNI) extension, which MAY be populated when a
+   * server is offloading to S2A. The SNI is used to determine the server
+   * identity if the local identity in the request is empty.
+   *
+ * + * string sni = 2; + * @return The bytes for sni. + */ + com.google.protobuf.ByteString + getSniBytes(); +} diff --git a/s2a/src/generated/main/java/io/grpc/s2a/handshaker/GetTlsConfigurationResp.java b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/GetTlsConfigurationResp.java new file mode 100644 index 000000000000..cf79e3a23383 --- /dev/null +++ b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/GetTlsConfigurationResp.java @@ -0,0 +1,4846 @@ +// Generated by the protocol buffer compiler. DO NOT EDIT! +// source: s2a.proto + +// Protobuf Java Version: 3.25.1 +package io.grpc.s2a.handshaker; + +/** + * Protobuf type {@code grpc.gcp.GetTlsConfigurationResp} + */ +public final class GetTlsConfigurationResp extends + com.google.protobuf.GeneratedMessageV3 implements + // @@protoc_insertion_point(message_implements:grpc.gcp.GetTlsConfigurationResp) + GetTlsConfigurationRespOrBuilder { +private static final long serialVersionUID = 0L; + // Use GetTlsConfigurationResp.newBuilder() to construct. + private GetTlsConfigurationResp(com.google.protobuf.GeneratedMessageV3.Builder builder) { + super(builder); + } + private GetTlsConfigurationResp() { + } + + @java.lang.Override + @SuppressWarnings({"unused"}) + protected java.lang.Object newInstance( + UnusedPrivateParameter unused) { + return new GetTlsConfigurationResp(); + } + + public static final com.google.protobuf.Descriptors.Descriptor + getDescriptor() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_GetTlsConfigurationResp_descriptor; + } + + @java.lang.Override + protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable + internalGetFieldAccessorTable() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_GetTlsConfigurationResp_fieldAccessorTable + .ensureFieldAccessorsInitialized( + io.grpc.s2a.handshaker.GetTlsConfigurationResp.class, io.grpc.s2a.handshaker.GetTlsConfigurationResp.Builder.class); + } + + public interface ClientTlsConfigurationOrBuilder extends + // @@protoc_insertion_point(interface_extends:grpc.gcp.GetTlsConfigurationResp.ClientTlsConfiguration) + com.google.protobuf.MessageOrBuilder { + + /** + * 
+     * The certificate chain that the client MUST use for the TLS handshake.
+     * It's a list of PEM-encoded certificates, ordered from leaf to root,
+     * excluding the root.
+     *
+ * + * repeated string certificate_chain = 1; + * @return A list containing the certificateChain. + */ + java.util.List + getCertificateChainList(); + /** + * 
+     * The certificate chain that the client MUST use for the TLS handshake.
+     * It's a list of PEM-encoded certificates, ordered from leaf to root,
+     * excluding the root.
+     *
+ * + * repeated string certificate_chain = 1; + * @return The count of certificateChain. + */ + int getCertificateChainCount(); + /** + * 
+     * The certificate chain that the client MUST use for the TLS handshake.
+     * It's a list of PEM-encoded certificates, ordered from leaf to root,
+     * excluding the root.
+     *
+ * + * repeated string certificate_chain = 1; + * @param index The index of the element to return. + * @return The certificateChain at the given index. + */ + java.lang.String getCertificateChain(int index); + /** + * 
+     * The certificate chain that the client MUST use for the TLS handshake.
+     * It's a list of PEM-encoded certificates, ordered from leaf to root,
+     * excluding the root.
+     *
+ * + * repeated string certificate_chain = 1; + * @param index The index of the value to return. + * @return The bytes of the certificateChain at the given index. + */ + com.google.protobuf.ByteString + getCertificateChainBytes(int index); + + /** + * 
+     * The minimum TLS version number that the client MUST use for the TLS
+     * handshake. If this field is not provided, the client MUST use the default
+     * minimum version of the client's TLS library.
+     *
+ * + * .grpc.gcp.TLSVersion min_tls_version = 2; + * @return The enum numeric value on the wire for minTlsVersion. + */ + int getMinTlsVersionValue(); + /** + * 
+     * The minimum TLS version number that the client MUST use for the TLS
+     * handshake. If this field is not provided, the client MUST use the default
+     * minimum version of the client's TLS library.
+     *
+ * + * .grpc.gcp.TLSVersion min_tls_version = 2; + * @return The minTlsVersion. + */ + io.grpc.s2a.handshaker.TLSVersion getMinTlsVersion(); + + /** + * 
+     * The maximum TLS version number that the client MUST use for the TLS
+     * handshake. If this field is not provided, the client MUST use the default
+     * maximum version of the client's TLS library.
+     *
+ * + * .grpc.gcp.TLSVersion max_tls_version = 3; + * @return The enum numeric value on the wire for maxTlsVersion. + */ + int getMaxTlsVersionValue(); + /** + * 
+     * The maximum TLS version number that the client MUST use for the TLS
+     * handshake. If this field is not provided, the client MUST use the default
+     * maximum version of the client's TLS library.
+     *
+ * + * .grpc.gcp.TLSVersion max_tls_version = 3; + * @return The maxTlsVersion. + */ + io.grpc.s2a.handshaker.TLSVersion getMaxTlsVersion(); + + /** + * 
+     * The ordered list of TLS 1.0-1.2 ciphersuites that the client MAY offer to
+     * negotiate in the TLS handshake.
+     *
+ * + * repeated .grpc.gcp.Ciphersuite ciphersuites = 6; + * @return A list containing the ciphersuites. + */ + java.util.List getCiphersuitesList(); + /** + * 
+     * The ordered list of TLS 1.0-1.2 ciphersuites that the client MAY offer to
+     * negotiate in the TLS handshake.
+     *
+ * + * repeated .grpc.gcp.Ciphersuite ciphersuites = 6; + * @return The count of ciphersuites. + */ + int getCiphersuitesCount(); + /** + * 
+     * The ordered list of TLS 1.0-1.2 ciphersuites that the client MAY offer to
+     * negotiate in the TLS handshake.
+     *
+ * + * repeated .grpc.gcp.Ciphersuite ciphersuites = 6; + * @param index The index of the element to return. + * @return The ciphersuites at the given index. + */ + io.grpc.s2a.handshaker.Ciphersuite getCiphersuites(int index); + /** + * 
+     * The ordered list of TLS 1.0-1.2 ciphersuites that the client MAY offer to
+     * negotiate in the TLS handshake.
+     *
+ * + * repeated .grpc.gcp.Ciphersuite ciphersuites = 6; + * @return A list containing the enum numeric values on the wire for ciphersuites. + */ + java.util.List + getCiphersuitesValueList(); + /** + * 
+     * The ordered list of TLS 1.0-1.2 ciphersuites that the client MAY offer to
+     * negotiate in the TLS handshake.
+     *
+ * + * repeated .grpc.gcp.Ciphersuite ciphersuites = 6; + * @param index The index of the value to return. + * @return The enum numeric value on the wire of ciphersuites at the given index. + */ + int getCiphersuitesValue(int index); + + /** + * 
+     * The policy that dictates how the client negotiates ALPN during the TLS
+     * handshake.
+     *
+ * + * .grpc.gcp.AlpnPolicy alpn_policy = 7; + * @return Whether the alpnPolicy field is set. + */ + boolean hasAlpnPolicy(); + /** + * 
+     * The policy that dictates how the client negotiates ALPN during the TLS
+     * handshake.
+     *
+ * + * .grpc.gcp.AlpnPolicy alpn_policy = 7; + * @return The alpnPolicy. + */ + io.grpc.s2a.handshaker.AlpnPolicy getAlpnPolicy(); + /** + * 
+     * The policy that dictates how the client negotiates ALPN during the TLS
+     * handshake.
+     *
+ * + * .grpc.gcp.AlpnPolicy alpn_policy = 7; + */ + io.grpc.s2a.handshaker.AlpnPolicyOrBuilder getAlpnPolicyOrBuilder(); + } + /** + * 
+   * Next ID: 8
+   *
+ * + * Protobuf type {@code grpc.gcp.GetTlsConfigurationResp.ClientTlsConfiguration} + */ + public static final class ClientTlsConfiguration extends + com.google.protobuf.GeneratedMessageV3 implements + // @@protoc_insertion_point(message_implements:grpc.gcp.GetTlsConfigurationResp.ClientTlsConfiguration) + ClientTlsConfigurationOrBuilder { + private static final long serialVersionUID = 0L; + // Use ClientTlsConfiguration.newBuilder() to construct. + private ClientTlsConfiguration(com.google.protobuf.GeneratedMessageV3.Builder builder) { + super(builder); + } + private ClientTlsConfiguration() { + certificateChain_ = + com.google.protobuf.LazyStringArrayList.emptyList(); + minTlsVersion_ = 0; + maxTlsVersion_ = 0; + ciphersuites_ = java.util.Collections.emptyList(); + } + + @java.lang.Override + @SuppressWarnings({"unused"}) + protected java.lang.Object newInstance( + UnusedPrivateParameter unused) { + return new ClientTlsConfiguration(); + } + + public static final com.google.protobuf.Descriptors.Descriptor + getDescriptor() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_GetTlsConfigurationResp_ClientTlsConfiguration_descriptor; + } + + @java.lang.Override + protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable + internalGetFieldAccessorTable() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_GetTlsConfigurationResp_ClientTlsConfiguration_fieldAccessorTable + .ensureFieldAccessorsInitialized( + io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfiguration.class, io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfiguration.Builder.class); + } + + private int bitField0_; + public static final int CERTIFICATE_CHAIN_FIELD_NUMBER = 1; + @SuppressWarnings("serial") + private com.google.protobuf.LazyStringArrayList certificateChain_ = + com.google.protobuf.LazyStringArrayList.emptyList(); + /** + * 
+     * The certificate chain that the client MUST use for the TLS handshake.
+     * It's a list of PEM-encoded certificates, ordered from leaf to root,
+     * excluding the root.
+     *
+ * + * repeated string certificate_chain = 1; + * @return A list containing the certificateChain. + */ + public com.google.protobuf.ProtocolStringList + getCertificateChainList() { + return certificateChain_; + } + /** + * 
+     * The certificate chain that the client MUST use for the TLS handshake.
+     * It's a list of PEM-encoded certificates, ordered from leaf to root,
+     * excluding the root.
+     *
+ * + * repeated string certificate_chain = 1; + * @return The count of certificateChain. + */ + public int getCertificateChainCount() { + return certificateChain_.size(); + } + /** + * 
+     * The certificate chain that the client MUST use for the TLS handshake.
+     * It's a list of PEM-encoded certificates, ordered from leaf to root,
+     * excluding the root.
+     *
+ * + * repeated string certificate_chain = 1; + * @param index The index of the element to return. + * @return The certificateChain at the given index. + */ + public java.lang.String getCertificateChain(int index) { + return certificateChain_.get(index); + } + /** + * 
+     * The certificate chain that the client MUST use for the TLS handshake.
+     * It's a list of PEM-encoded certificates, ordered from leaf to root,
+     * excluding the root.
+     *
+ * + * repeated string certificate_chain = 1; + * @param index The index of the value to return. + * @return The bytes of the certificateChain at the given index. + */ + public com.google.protobuf.ByteString + getCertificateChainBytes(int index) { + return certificateChain_.getByteString(index); + } + + public static final int MIN_TLS_VERSION_FIELD_NUMBER = 2; + private int minTlsVersion_ = 0; + /** + * 
+     * The minimum TLS version number that the client MUST use for the TLS
+     * handshake. If this field is not provided, the client MUST use the default
+     * minimum version of the client's TLS library.
+     *
+ * + * .grpc.gcp.TLSVersion min_tls_version = 2; + * @return The enum numeric value on the wire for minTlsVersion. + */ + @java.lang.Override public int getMinTlsVersionValue() { + return minTlsVersion_; + } + /** + * 
+     * The minimum TLS version number that the client MUST use for the TLS
+     * handshake. If this field is not provided, the client MUST use the default
+     * minimum version of the client's TLS library.
+     *
+ * + * .grpc.gcp.TLSVersion min_tls_version = 2; + * @return The minTlsVersion. + */ + @java.lang.Override public io.grpc.s2a.handshaker.TLSVersion getMinTlsVersion() { + io.grpc.s2a.handshaker.TLSVersion result = io.grpc.s2a.handshaker.TLSVersion.forNumber(minTlsVersion_); + return result == null ? io.grpc.s2a.handshaker.TLSVersion.UNRECOGNIZED : result; + } + + public static final int MAX_TLS_VERSION_FIELD_NUMBER = 3; + private int maxTlsVersion_ = 0; + /** + * 
+     * The maximum TLS version number that the client MUST use for the TLS
+     * handshake. If this field is not provided, the client MUST use the default
+     * maximum version of the client's TLS library.
+     *
+ * + * .grpc.gcp.TLSVersion max_tls_version = 3; + * @return The enum numeric value on the wire for maxTlsVersion. + */ + @java.lang.Override public int getMaxTlsVersionValue() { + return maxTlsVersion_; + } + /** + * 
+     * The maximum TLS version number that the client MUST use for the TLS
+     * handshake. If this field is not provided, the client MUST use the default
+     * maximum version of the client's TLS library.
+     *
+ * + * .grpc.gcp.TLSVersion max_tls_version = 3; + * @return The maxTlsVersion. + */ + @java.lang.Override public io.grpc.s2a.handshaker.TLSVersion getMaxTlsVersion() { + io.grpc.s2a.handshaker.TLSVersion result = io.grpc.s2a.handshaker.TLSVersion.forNumber(maxTlsVersion_); + return result == null ? io.grpc.s2a.handshaker.TLSVersion.UNRECOGNIZED : result; + } + + public static final int CIPHERSUITES_FIELD_NUMBER = 6; + @SuppressWarnings("serial") + private java.util.List ciphersuites_; + private static final com.google.protobuf.Internal.ListAdapter.Converter< + java.lang.Integer, io.grpc.s2a.handshaker.Ciphersuite> ciphersuites_converter_ = + new com.google.protobuf.Internal.ListAdapter.Converter< + java.lang.Integer, io.grpc.s2a.handshaker.Ciphersuite>() { + public io.grpc.s2a.handshaker.Ciphersuite convert(java.lang.Integer from) { + io.grpc.s2a.handshaker.Ciphersuite result = io.grpc.s2a.handshaker.Ciphersuite.forNumber(from); + return result == null ? io.grpc.s2a.handshaker.Ciphersuite.UNRECOGNIZED : result; + } + }; + /** + * 
+     * The ordered list of TLS 1.0-1.2 ciphersuites that the client MAY offer to
+     * negotiate in the TLS handshake.
+     *
+ * + * repeated .grpc.gcp.Ciphersuite ciphersuites = 6; + * @return A list containing the ciphersuites. + */ + @java.lang.Override + public java.util.List getCiphersuitesList() { + return new com.google.protobuf.Internal.ListAdapter< + java.lang.Integer, io.grpc.s2a.handshaker.Ciphersuite>(ciphersuites_, ciphersuites_converter_); + } + /** + * 
+     * The ordered list of TLS 1.0-1.2 ciphersuites that the client MAY offer to
+     * negotiate in the TLS handshake.
+     *
+ * + * repeated .grpc.gcp.Ciphersuite ciphersuites = 6; + * @return The count of ciphersuites. + */ + @java.lang.Override + public int getCiphersuitesCount() { + return ciphersuites_.size(); + } + /** + * 
+     * The ordered list of TLS 1.0-1.2 ciphersuites that the client MAY offer to
+     * negotiate in the TLS handshake.
+     *
+ * + * repeated .grpc.gcp.Ciphersuite ciphersuites = 6; + * @param index The index of the element to return. + * @return The ciphersuites at the given index. + */ + @java.lang.Override + public io.grpc.s2a.handshaker.Ciphersuite getCiphersuites(int index) { + return ciphersuites_converter_.convert(ciphersuites_.get(index)); + } + /** + * 
+     * The ordered list of TLS 1.0-1.2 ciphersuites that the client MAY offer to
+     * negotiate in the TLS handshake.
+     *
+ * + * repeated .grpc.gcp.Ciphersuite ciphersuites = 6; + * @return A list containing the enum numeric values on the wire for ciphersuites. + */ + @java.lang.Override + public java.util.List + getCiphersuitesValueList() { + return ciphersuites_; + } + /** + * 
+     * The ordered list of TLS 1.0-1.2 ciphersuites that the client MAY offer to
+     * negotiate in the TLS handshake.
+     *
+ * + * repeated .grpc.gcp.Ciphersuite ciphersuites = 6; + * @param index The index of the value to return. + * @return The enum numeric value on the wire of ciphersuites at the given index. + */ + @java.lang.Override + public int getCiphersuitesValue(int index) { + return ciphersuites_.get(index); + } + private int ciphersuitesMemoizedSerializedSize; + + public static final int ALPN_POLICY_FIELD_NUMBER = 7; + private io.grpc.s2a.handshaker.AlpnPolicy alpnPolicy_; + /** + * 
+     * The policy that dictates how the client negotiates ALPN during the TLS
+     * handshake.
+     *
+ * + * .grpc.gcp.AlpnPolicy alpn_policy = 7; + * @return Whether the alpnPolicy field is set. + */ + @java.lang.Override + public boolean hasAlpnPolicy() { + return ((bitField0_ & 0x00000001) != 0); + } + /** + * 
+     * The policy that dictates how the client negotiates ALPN during the TLS
+     * handshake.
+     *
+ * + * .grpc.gcp.AlpnPolicy alpn_policy = 7; + * @return The alpnPolicy. + */ + @java.lang.Override + public io.grpc.s2a.handshaker.AlpnPolicy getAlpnPolicy() { + return alpnPolicy_ == null ? io.grpc.s2a.handshaker.AlpnPolicy.getDefaultInstance() : alpnPolicy_; + } + /** + * 
+     * The policy that dictates how the client negotiates ALPN during the TLS
+     * handshake.
+     *
+ * + * .grpc.gcp.AlpnPolicy alpn_policy = 7; + */ + @java.lang.Override + public io.grpc.s2a.handshaker.AlpnPolicyOrBuilder getAlpnPolicyOrBuilder() { + return alpnPolicy_ == null ? io.grpc.s2a.handshaker.AlpnPolicy.getDefaultInstance() : alpnPolicy_; + } + + private byte memoizedIsInitialized = -1; + @java.lang.Override + public final boolean isInitialized() { + byte isInitialized = memoizedIsInitialized; + if (isInitialized == 1) return true; + if (isInitialized == 0) return false; + + memoizedIsInitialized = 1; + return true; + } + + @java.lang.Override + public void writeTo(com.google.protobuf.CodedOutputStream output) + throws java.io.IOException { + getSerializedSize(); + for (int i = 0; i < certificateChain_.size(); i++) { + com.google.protobuf.GeneratedMessageV3.writeString(output, 1, certificateChain_.getRaw(i)); + } + if (minTlsVersion_ != io.grpc.s2a.handshaker.TLSVersion.TLS_VERSION_UNSPECIFIED.getNumber()) { + output.writeEnum(2, minTlsVersion_); + } + if (maxTlsVersion_ != io.grpc.s2a.handshaker.TLSVersion.TLS_VERSION_UNSPECIFIED.getNumber()) { + output.writeEnum(3, maxTlsVersion_); + } + if (getCiphersuitesList().size() > 0) { + output.writeUInt32NoTag(50); + output.writeUInt32NoTag(ciphersuitesMemoizedSerializedSize); + } + for (int i = 0; i < ciphersuites_.size(); i++) { + output.writeEnumNoTag(ciphersuites_.get(i)); + } + if (((bitField0_ & 0x00000001) != 0)) { + output.writeMessage(7, getAlpnPolicy()); + } + getUnknownFields().writeTo(output); + } + + @java.lang.Override + public int getSerializedSize() { + int size = memoizedSize; + if (size != -1) return size; + + size = 0; + { + int dataSize = 0; + for (int i = 0; i < certificateChain_.size(); i++) { + dataSize += computeStringSizeNoTag(certificateChain_.getRaw(i)); + } + size += dataSize; + size += 1 * getCertificateChainList().size(); + } + if (minTlsVersion_ != io.grpc.s2a.handshaker.TLSVersion.TLS_VERSION_UNSPECIFIED.getNumber()) { + size += com.google.protobuf.CodedOutputStream + .computeEnumSize(2, minTlsVersion_); + } + if (maxTlsVersion_ != io.grpc.s2a.handshaker.TLSVersion.TLS_VERSION_UNSPECIFIED.getNumber()) { + size += com.google.protobuf.CodedOutputStream + .computeEnumSize(3, maxTlsVersion_); + } + { + int dataSize = 0; + for (int i = 0; i < ciphersuites_.size(); i++) { + dataSize += com.google.protobuf.CodedOutputStream + .computeEnumSizeNoTag(ciphersuites_.get(i)); + } + size += dataSize; + if (!getCiphersuitesList().isEmpty()) { size += 1; + size += com.google.protobuf.CodedOutputStream + .computeUInt32SizeNoTag(dataSize); + }ciphersuitesMemoizedSerializedSize = dataSize; + } + if (((bitField0_ & 0x00000001) != 0)) { + size += com.google.protobuf.CodedOutputStream + .computeMessageSize(7, getAlpnPolicy()); + } + size += getUnknownFields().getSerializedSize(); + memoizedSize = size; + return size; + } + + @java.lang.Override + public boolean equals(final java.lang.Object obj) { + if (obj == this) { + return true; + } + if (!(obj instanceof io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfiguration)) { + return super.equals(obj); + } + io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfiguration other = (io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfiguration) obj; + + if (!getCertificateChainList() + .equals(other.getCertificateChainList())) return false; + if (minTlsVersion_ != other.minTlsVersion_) return false; + if (maxTlsVersion_ != other.maxTlsVersion_) return false; + if (!ciphersuites_.equals(other.ciphersuites_)) return false; + if (hasAlpnPolicy() != other.hasAlpnPolicy()) return false; + if (hasAlpnPolicy()) { + if (!getAlpnPolicy() + .equals(other.getAlpnPolicy())) return false; + } + if (!getUnknownFields().equals(other.getUnknownFields())) return false; + return true; + } + + @java.lang.Override + public int hashCode() { + if (memoizedHashCode != 0) { + return memoizedHashCode; + } + int hash = 41; + hash = (19 * hash) + getDescriptor().hashCode(); + if (getCertificateChainCount() > 0) { + hash = (37 * hash) + CERTIFICATE_CHAIN_FIELD_NUMBER; + hash = (53 * hash) + getCertificateChainList().hashCode(); + } + hash = (37 * hash) + MIN_TLS_VERSION_FIELD_NUMBER; + hash = (53 * hash) + minTlsVersion_; + hash = (37 * hash) + MAX_TLS_VERSION_FIELD_NUMBER; + hash = (53 * hash) + maxTlsVersion_; + if (getCiphersuitesCount() > 0) { + hash = (37 * hash) + CIPHERSUITES_FIELD_NUMBER; + hash = (53 * hash) + ciphersuites_.hashCode(); + } + if (hasAlpnPolicy()) { + hash = (37 * hash) + ALPN_POLICY_FIELD_NUMBER; + hash = (53 * hash) + getAlpnPolicy().hashCode(); + } + hash = (29 * hash) + getUnknownFields().hashCode(); + memoizedHashCode = hash; + return hash; + } + + public static io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfiguration parseFrom( + java.nio.ByteBuffer data) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data); + } + public static io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfiguration parseFrom( + java.nio.ByteBuffer data, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data, extensionRegistry); + } + public static io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfiguration parseFrom( + com.google.protobuf.ByteString data) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data); + } + public static io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfiguration parseFrom( + com.google.protobuf.ByteString data, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data, extensionRegistry); + } + public static io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfiguration parseFrom(byte[] data) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data); + } + public static io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfiguration parseFrom( + byte[] data, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data, extensionRegistry); + } + public static io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfiguration parseFrom(java.io.InputStream input) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input); + } + public static io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfiguration parseFrom( + java.io.InputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input, extensionRegistry); + } + + public static io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfiguration parseDelimitedFrom(java.io.InputStream input) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseDelimitedWithIOException(PARSER, input); + } + + public static io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfiguration parseDelimitedFrom( + java.io.InputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseDelimitedWithIOException(PARSER, input, extensionRegistry); + } + public static io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfiguration parseFrom( + com.google.protobuf.CodedInputStream input) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input); + } + public static io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfiguration parseFrom( + com.google.protobuf.CodedInputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input, extensionRegistry); + } + + @java.lang.Override + public Builder newBuilderForType() { return newBuilder(); } + public static Builder newBuilder() { + return DEFAULT_INSTANCE.toBuilder(); + } + public static Builder newBuilder(io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfiguration prototype) { + return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype); + } + @java.lang.Override + public Builder toBuilder() { + return this == DEFAULT_INSTANCE + ? new Builder() : new Builder().mergeFrom(this); + } + + @java.lang.Override + protected Builder newBuilderForType( + com.google.protobuf.GeneratedMessageV3.BuilderParent parent) { + Builder builder = new Builder(parent); + return builder; + } + /** + * 
+     * Next ID: 8
+     *
+ * + * Protobuf type {@code grpc.gcp.GetTlsConfigurationResp.ClientTlsConfiguration} + */ + public static final class Builder extends + com.google.protobuf.GeneratedMessageV3.Builder implements + // @@protoc_insertion_point(builder_implements:grpc.gcp.GetTlsConfigurationResp.ClientTlsConfiguration) + io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfigurationOrBuilder { + public static final com.google.protobuf.Descriptors.Descriptor + getDescriptor() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_GetTlsConfigurationResp_ClientTlsConfiguration_descriptor; + } + + @java.lang.Override + protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable + internalGetFieldAccessorTable() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_GetTlsConfigurationResp_ClientTlsConfiguration_fieldAccessorTable + .ensureFieldAccessorsInitialized( + io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfiguration.class, io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfiguration.Builder.class); + } + + // Construct using io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfiguration.newBuilder() + private Builder() { + maybeForceBuilderInitialization(); + } + + private Builder( + com.google.protobuf.GeneratedMessageV3.BuilderParent parent) { + super(parent); + maybeForceBuilderInitialization(); + } + private void maybeForceBuilderInitialization() { + if (com.google.protobuf.GeneratedMessageV3 + .alwaysUseFieldBuilders) { + getAlpnPolicyFieldBuilder(); + } + } + @java.lang.Override + public Builder clear() { + super.clear(); + bitField0_ = 0; + certificateChain_ = + com.google.protobuf.LazyStringArrayList.emptyList(); + minTlsVersion_ = 0; + maxTlsVersion_ = 0; + ciphersuites_ = java.util.Collections.emptyList(); + bitField0_ = (bitField0_ & ~0x00000008); + alpnPolicy_ = null; + if (alpnPolicyBuilder_ != null) { + alpnPolicyBuilder_.dispose(); + alpnPolicyBuilder_ = null; + } + return this; + } + + @java.lang.Override + public com.google.protobuf.Descriptors.Descriptor + getDescriptorForType() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_GetTlsConfigurationResp_ClientTlsConfiguration_descriptor; + } + + @java.lang.Override + public io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfiguration getDefaultInstanceForType() { + return io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfiguration.getDefaultInstance(); + } + + @java.lang.Override + public io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfiguration build() { + io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfiguration result = buildPartial(); + if (!result.isInitialized()) { + throw newUninitializedMessageException(result); + } + return result; + } + + @java.lang.Override + public io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfiguration buildPartial() { + io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfiguration result = new io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfiguration(this); + buildPartialRepeatedFields(result); + if (bitField0_ != 0) { buildPartial0(result); } + onBuilt(); + return result; + } + + private void buildPartialRepeatedFields(io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfiguration result) { + if (((bitField0_ & 0x00000008) != 0)) { + ciphersuites_ = java.util.Collections.unmodifiableList(ciphersuites_); + bitField0_ = (bitField0_ & ~0x00000008); + } + result.ciphersuites_ = ciphersuites_; + } + + private void buildPartial0(io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfiguration result) { + int from_bitField0_ = bitField0_; + if (((from_bitField0_ & 0x00000001) != 0)) { + certificateChain_.makeImmutable(); + result.certificateChain_ = certificateChain_; + } + if (((from_bitField0_ & 0x00000002) != 0)) { + result.minTlsVersion_ = minTlsVersion_; + } + if (((from_bitField0_ & 0x00000004) != 0)) { + result.maxTlsVersion_ = maxTlsVersion_; + } + int to_bitField0_ = 0; + if (((from_bitField0_ & 0x00000010) != 0)) { + result.alpnPolicy_ = alpnPolicyBuilder_ == null + ? alpnPolicy_ + : alpnPolicyBuilder_.build(); + to_bitField0_ |= 0x00000001; + } + result.bitField0_ |= to_bitField0_; + } + + @java.lang.Override + public Builder clone() { + return super.clone(); + } + @java.lang.Override + public Builder setField( + com.google.protobuf.Descriptors.FieldDescriptor field, + java.lang.Object value) { + return super.setField(field, value); + } + @java.lang.Override + public Builder clearField( + com.google.protobuf.Descriptors.FieldDescriptor field) { + return super.clearField(field); + } + @java.lang.Override + public Builder clearOneof( + com.google.protobuf.Descriptors.OneofDescriptor oneof) { + return super.clearOneof(oneof); + } + @java.lang.Override + public Builder setRepeatedField( + com.google.protobuf.Descriptors.FieldDescriptor field, + int index, java.lang.Object value) { + return super.setRepeatedField(field, index, value); + } + @java.lang.Override + public Builder addRepeatedField( + com.google.protobuf.Descriptors.FieldDescriptor field, + java.lang.Object value) { + return super.addRepeatedField(field, value); + } + @java.lang.Override + public Builder mergeFrom(com.google.protobuf.Message other) { + if (other instanceof io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfiguration) { + return mergeFrom((io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfiguration)other); + } else { + super.mergeFrom(other); + return this; + } + } + + public Builder mergeFrom(io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfiguration other) { + if (other == io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfiguration.getDefaultInstance()) return this; + if (!other.certificateChain_.isEmpty()) { + if (certificateChain_.isEmpty()) { + certificateChain_ = other.certificateChain_; + bitField0_ |= 0x00000001; + } else { + ensureCertificateChainIsMutable(); + certificateChain_.addAll(other.certificateChain_); + } + onChanged(); + } + if (other.minTlsVersion_ != 0) { + setMinTlsVersionValue(other.getMinTlsVersionValue()); + } + if (other.maxTlsVersion_ != 0) { + setMaxTlsVersionValue(other.getMaxTlsVersionValue()); + } + if (!other.ciphersuites_.isEmpty()) { + if (ciphersuites_.isEmpty()) { + ciphersuites_ = other.ciphersuites_; + bitField0_ = (bitField0_ & ~0x00000008); + } else { + ensureCiphersuitesIsMutable(); + ciphersuites_.addAll(other.ciphersuites_); + } + onChanged(); + } + if (other.hasAlpnPolicy()) { + mergeAlpnPolicy(other.getAlpnPolicy()); + } + this.mergeUnknownFields(other.getUnknownFields()); + onChanged(); + return this; + } + + @java.lang.Override + public final boolean isInitialized() { + return true; + } + + @java.lang.Override + public Builder mergeFrom( + com.google.protobuf.CodedInputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + if (extensionRegistry == null) { + throw new java.lang.NullPointerException(); + } + try { + boolean done = false; + while (!done) { + int tag = input.readTag(); + switch (tag) { + case 0: + done = true; + break; + case 10: { + java.lang.String s = input.readStringRequireUtf8(); + ensureCertificateChainIsMutable(); + certificateChain_.add(s); + break; + } // case 10 + case 16: { + minTlsVersion_ = input.readEnum(); + bitField0_ |= 0x00000002; + break; + } // case 16 + case 24: { + maxTlsVersion_ = input.readEnum(); + bitField0_ |= 0x00000004; + break; + } // case 24 + case 48: { + int tmpRaw = input.readEnum(); + ensureCiphersuitesIsMutable(); + ciphersuites_.add(tmpRaw); + break; + } // case 48 + case 50: { + int length = input.readRawVarint32(); + int oldLimit = input.pushLimit(length); + while(input.getBytesUntilLimit() > 0) { + int tmpRaw = input.readEnum(); + ensureCiphersuitesIsMutable(); + ciphersuites_.add(tmpRaw); + } + input.popLimit(oldLimit); + break; + } // case 50 + case 58: { + input.readMessage( + getAlpnPolicyFieldBuilder().getBuilder(), + extensionRegistry); + bitField0_ |= 0x00000010; + break; + } // case 58 + default: { + if (!super.parseUnknownField(input, extensionRegistry, tag)) { + done = true; // was an endgroup tag + } + break; + } // default: + } // switch (tag) + } // while (!done) + } catch (com.google.protobuf.InvalidProtocolBufferException e) { + throw e.unwrapIOException(); + } finally { + onChanged(); + } // finally + return this; + } + private int bitField0_; + + private com.google.protobuf.LazyStringArrayList certificateChain_ = + com.google.protobuf.LazyStringArrayList.emptyList(); + private void ensureCertificateChainIsMutable() { + if (!certificateChain_.isModifiable()) { + certificateChain_ = new com.google.protobuf.LazyStringArrayList(certificateChain_); + } + bitField0_ |= 0x00000001; + } + /** + * 
+       * The certificate chain that the client MUST use for the TLS handshake.
+       * It's a list of PEM-encoded certificates, ordered from leaf to root,
+       * excluding the root.
+       *
+ * + * repeated string certificate_chain = 1; + * @return A list containing the certificateChain. + */ + public com.google.protobuf.ProtocolStringList + getCertificateChainList() { + certificateChain_.makeImmutable(); + return certificateChain_; + } + /** + * 
+       * The certificate chain that the client MUST use for the TLS handshake.
+       * It's a list of PEM-encoded certificates, ordered from leaf to root,
+       * excluding the root.
+       *
+ * + * repeated string certificate_chain = 1; + * @return The count of certificateChain. + */ + public int getCertificateChainCount() { + return certificateChain_.size(); + } + /** + * 
+       * The certificate chain that the client MUST use for the TLS handshake.
+       * It's a list of PEM-encoded certificates, ordered from leaf to root,
+       * excluding the root.
+       *
+ * + * repeated string certificate_chain = 1; + * @param index The index of the element to return. + * @return The certificateChain at the given index. + */ + public java.lang.String getCertificateChain(int index) { + return certificateChain_.get(index); + } + /** + * 
+       * The certificate chain that the client MUST use for the TLS handshake.
+       * It's a list of PEM-encoded certificates, ordered from leaf to root,
+       * excluding the root.
+       *
+ * + * repeated string certificate_chain = 1; + * @param index The index of the value to return. + * @return The bytes of the certificateChain at the given index. + */ + public com.google.protobuf.ByteString + getCertificateChainBytes(int index) { + return certificateChain_.getByteString(index); + } + /** + * 
+       * The certificate chain that the client MUST use for the TLS handshake.
+       * It's a list of PEM-encoded certificates, ordered from leaf to root,
+       * excluding the root.
+       *
+ * + * repeated string certificate_chain = 1; + * @param index The index to set the value at. + * @param value The certificateChain to set. + * @return This builder for chaining. + */ + public Builder setCertificateChain( + int index, java.lang.String value) { + if (value == null) { throw new NullPointerException(); } + ensureCertificateChainIsMutable(); + certificateChain_.set(index, value); + bitField0_ |= 0x00000001; + onChanged(); + return this; + } + /** + * 
+       * The certificate chain that the client MUST use for the TLS handshake.
+       * It's a list of PEM-encoded certificates, ordered from leaf to root,
+       * excluding the root.
+       *
+ * + * repeated string certificate_chain = 1; + * @param value The certificateChain to add. + * @return This builder for chaining. + */ + public Builder addCertificateChain( + java.lang.String value) { + if (value == null) { throw new NullPointerException(); } + ensureCertificateChainIsMutable(); + certificateChain_.add(value); + bitField0_ |= 0x00000001; + onChanged(); + return this; + } + /** + * 
+       * The certificate chain that the client MUST use for the TLS handshake.
+       * It's a list of PEM-encoded certificates, ordered from leaf to root,
+       * excluding the root.
+       *
+ * + * repeated string certificate_chain = 1; + * @param values The certificateChain to add. + * @return This builder for chaining. + */ + public Builder addAllCertificateChain( + java.lang.Iterable values) { + ensureCertificateChainIsMutable(); + com.google.protobuf.AbstractMessageLite.Builder.addAll( + values, certificateChain_); + bitField0_ |= 0x00000001; + onChanged(); + return this; + } + /** + * 
+       * The certificate chain that the client MUST use for the TLS handshake.
+       * It's a list of PEM-encoded certificates, ordered from leaf to root,
+       * excluding the root.
+       *
+ * + * repeated string certificate_chain = 1; + * @return This builder for chaining. + */ + public Builder clearCertificateChain() { + certificateChain_ = + com.google.protobuf.LazyStringArrayList.emptyList(); + bitField0_ = (bitField0_ & ~0x00000001);; + onChanged(); + return this; + } + /** + * 
+       * The certificate chain that the client MUST use for the TLS handshake.
+       * It's a list of PEM-encoded certificates, ordered from leaf to root,
+       * excluding the root.
+       *
+ * + * repeated string certificate_chain = 1; + * @param value The bytes of the certificateChain to add. + * @return This builder for chaining. + */ + public Builder addCertificateChainBytes( + com.google.protobuf.ByteString value) { + if (value == null) { throw new NullPointerException(); } + checkByteStringIsUtf8(value); + ensureCertificateChainIsMutable(); + certificateChain_.add(value); + bitField0_ |= 0x00000001; + onChanged(); + return this; + } + + private int minTlsVersion_ = 0; + /** + * 
+       * The minimum TLS version number that the client MUST use for the TLS
+       * handshake. If this field is not provided, the client MUST use the default
+       * minimum version of the client's TLS library.
+       *
+ * + * .grpc.gcp.TLSVersion min_tls_version = 2; + * @return The enum numeric value on the wire for minTlsVersion. + */ + @java.lang.Override public int getMinTlsVersionValue() { + return minTlsVersion_; + } + /** + * 
+       * The minimum TLS version number that the client MUST use for the TLS
+       * handshake. If this field is not provided, the client MUST use the default
+       * minimum version of the client's TLS library.
+       *
+ * + * .grpc.gcp.TLSVersion min_tls_version = 2; + * @param value The enum numeric value on the wire for minTlsVersion to set. + * @return This builder for chaining. + */ + public Builder setMinTlsVersionValue(int value) { + minTlsVersion_ = value; + bitField0_ |= 0x00000002; + onChanged(); + return this; + } + /** + * 
+       * The minimum TLS version number that the client MUST use for the TLS
+       * handshake. If this field is not provided, the client MUST use the default
+       * minimum version of the client's TLS library.
+       *
+ * + * .grpc.gcp.TLSVersion min_tls_version = 2; + * @return The minTlsVersion. + */ + @java.lang.Override + public io.grpc.s2a.handshaker.TLSVersion getMinTlsVersion() { + io.grpc.s2a.handshaker.TLSVersion result = io.grpc.s2a.handshaker.TLSVersion.forNumber(minTlsVersion_); + return result == null ? io.grpc.s2a.handshaker.TLSVersion.UNRECOGNIZED : result; + } + /** + * 
+       * The minimum TLS version number that the client MUST use for the TLS
+       * handshake. If this field is not provided, the client MUST use the default
+       * minimum version of the client's TLS library.
+       *
+ * + * .grpc.gcp.TLSVersion min_tls_version = 2; + * @param value The minTlsVersion to set. + * @return This builder for chaining. + */ + public Builder setMinTlsVersion(io.grpc.s2a.handshaker.TLSVersion value) { + if (value == null) { + throw new NullPointerException(); + } + bitField0_ |= 0x00000002; + minTlsVersion_ = value.getNumber(); + onChanged(); + return this; + } + /** + * 
+       * The minimum TLS version number that the client MUST use for the TLS
+       * handshake. If this field is not provided, the client MUST use the default
+       * minimum version of the client's TLS library.
+       *
+ * + * .grpc.gcp.TLSVersion min_tls_version = 2; + * @return This builder for chaining. + */ + public Builder clearMinTlsVersion() { + bitField0_ = (bitField0_ & ~0x00000002); + minTlsVersion_ = 0; + onChanged(); + return this; + } + + private int maxTlsVersion_ = 0; + /** + * 
+       * The maximum TLS version number that the client MUST use for the TLS
+       * handshake. If this field is not provided, the client MUST use the default
+       * maximum version of the client's TLS library.
+       *
+ * + * .grpc.gcp.TLSVersion max_tls_version = 3; + * @return The enum numeric value on the wire for maxTlsVersion. + */ + @java.lang.Override public int getMaxTlsVersionValue() { + return maxTlsVersion_; + } + /** + * 
+       * The maximum TLS version number that the client MUST use for the TLS
+       * handshake. If this field is not provided, the client MUST use the default
+       * maximum version of the client's TLS library.
+       *
+ * + * .grpc.gcp.TLSVersion max_tls_version = 3; + * @param value The enum numeric value on the wire for maxTlsVersion to set. + * @return This builder for chaining. + */ + public Builder setMaxTlsVersionValue(int value) { + maxTlsVersion_ = value; + bitField0_ |= 0x00000004; + onChanged(); + return this; + } + /** + * 
+       * The maximum TLS version number that the client MUST use for the TLS
+       * handshake. If this field is not provided, the client MUST use the default
+       * maximum version of the client's TLS library.
+       *
+ * + * .grpc.gcp.TLSVersion max_tls_version = 3; + * @return The maxTlsVersion. + */ + @java.lang.Override + public io.grpc.s2a.handshaker.TLSVersion getMaxTlsVersion() { + io.grpc.s2a.handshaker.TLSVersion result = io.grpc.s2a.handshaker.TLSVersion.forNumber(maxTlsVersion_); + return result == null ? io.grpc.s2a.handshaker.TLSVersion.UNRECOGNIZED : result; + } + /** + * 
+       * The maximum TLS version number that the client MUST use for the TLS
+       * handshake. If this field is not provided, the client MUST use the default
+       * maximum version of the client's TLS library.
+       *
+ * + * .grpc.gcp.TLSVersion max_tls_version = 3; + * @param value The maxTlsVersion to set. + * @return This builder for chaining. + */ + public Builder setMaxTlsVersion(io.grpc.s2a.handshaker.TLSVersion value) { + if (value == null) { + throw new NullPointerException(); + } + bitField0_ |= 0x00000004; + maxTlsVersion_ = value.getNumber(); + onChanged(); + return this; + } + /** + * 
+       * The maximum TLS version number that the client MUST use for the TLS
+       * handshake. If this field is not provided, the client MUST use the default
+       * maximum version of the client's TLS library.
+       *
+ * + * .grpc.gcp.TLSVersion max_tls_version = 3; + * @return This builder for chaining. + */ + public Builder clearMaxTlsVersion() { + bitField0_ = (bitField0_ & ~0x00000004); + maxTlsVersion_ = 0; + onChanged(); + return this; + } + + private java.util.List ciphersuites_ = + java.util.Collections.emptyList(); + private void ensureCiphersuitesIsMutable() { + if (!((bitField0_ & 0x00000008) != 0)) { + ciphersuites_ = new java.util.ArrayList(ciphersuites_); + bitField0_ |= 0x00000008; + } + } + /** + * 
+       * The ordered list of TLS 1.0-1.2 ciphersuites that the client MAY offer to
+       * negotiate in the TLS handshake.
+       *
+ * + * repeated .grpc.gcp.Ciphersuite ciphersuites = 6; + * @return A list containing the ciphersuites. + */ + public java.util.List getCiphersuitesList() { + return new com.google.protobuf.Internal.ListAdapter< + java.lang.Integer, io.grpc.s2a.handshaker.Ciphersuite>(ciphersuites_, ciphersuites_converter_); + } + /** + * 
+       * The ordered list of TLS 1.0-1.2 ciphersuites that the client MAY offer to
+       * negotiate in the TLS handshake.
+       *
+ * + * repeated .grpc.gcp.Ciphersuite ciphersuites = 6; + * @return The count of ciphersuites. + */ + public int getCiphersuitesCount() { + return ciphersuites_.size(); + } + /** + * 
+       * The ordered list of TLS 1.0-1.2 ciphersuites that the client MAY offer to
+       * negotiate in the TLS handshake.
+       *
+ * + * repeated .grpc.gcp.Ciphersuite ciphersuites = 6; + * @param index The index of the element to return. + * @return The ciphersuites at the given index. + */ + public io.grpc.s2a.handshaker.Ciphersuite getCiphersuites(int index) { + return ciphersuites_converter_.convert(ciphersuites_.get(index)); + } + /** + * 
+       * The ordered list of TLS 1.0-1.2 ciphersuites that the client MAY offer to
+       * negotiate in the TLS handshake.
+       *
+ * + * repeated .grpc.gcp.Ciphersuite ciphersuites = 6; + * @param index The index to set the value at. + * @param value The ciphersuites to set. + * @return This builder for chaining. + */ + public Builder setCiphersuites( + int index, io.grpc.s2a.handshaker.Ciphersuite value) { + if (value == null) { + throw new NullPointerException(); + } + ensureCiphersuitesIsMutable(); + ciphersuites_.set(index, value.getNumber()); + onChanged(); + return this; + } + /** + * 
+       * The ordered list of TLS 1.0-1.2 ciphersuites that the client MAY offer to
+       * negotiate in the TLS handshake.
+       *
+ * + * repeated .grpc.gcp.Ciphersuite ciphersuites = 6; + * @param value The ciphersuites to add. + * @return This builder for chaining. + */ + public Builder addCiphersuites(io.grpc.s2a.handshaker.Ciphersuite value) { + if (value == null) { + throw new NullPointerException(); + } + ensureCiphersuitesIsMutable(); + ciphersuites_.add(value.getNumber()); + onChanged(); + return this; + } + /** + * 
+       * The ordered list of TLS 1.0-1.2 ciphersuites that the client MAY offer to
+       * negotiate in the TLS handshake.
+       *
+ * + * repeated .grpc.gcp.Ciphersuite ciphersuites = 6; + * @param values The ciphersuites to add. + * @return This builder for chaining. + */ + public Builder addAllCiphersuites( + java.lang.Iterable values) { + ensureCiphersuitesIsMutable(); + for (io.grpc.s2a.handshaker.Ciphersuite value : values) { + ciphersuites_.add(value.getNumber()); + } + onChanged(); + return this; + } + /** + * 
+       * The ordered list of TLS 1.0-1.2 ciphersuites that the client MAY offer to
+       * negotiate in the TLS handshake.
+       *
+ * + * repeated .grpc.gcp.Ciphersuite ciphersuites = 6; + * @return This builder for chaining. + */ + public Builder clearCiphersuites() { + ciphersuites_ = java.util.Collections.emptyList(); + bitField0_ = (bitField0_ & ~0x00000008); + onChanged(); + return this; + } + /** + * 
+       * The ordered list of TLS 1.0-1.2 ciphersuites that the client MAY offer to
+       * negotiate in the TLS handshake.
+       *
+ * + * repeated .grpc.gcp.Ciphersuite ciphersuites = 6; + * @return A list containing the enum numeric values on the wire for ciphersuites. + */ + public java.util.List + getCiphersuitesValueList() { + return java.util.Collections.unmodifiableList(ciphersuites_); + } + /** + * 
+       * The ordered list of TLS 1.0-1.2 ciphersuites that the client MAY offer to
+       * negotiate in the TLS handshake.
+       *
+ * + * repeated .grpc.gcp.Ciphersuite ciphersuites = 6; + * @param index The index of the value to return. + * @return The enum numeric value on the wire of ciphersuites at the given index. + */ + public int getCiphersuitesValue(int index) { + return ciphersuites_.get(index); + } + /** + * 
+       * The ordered list of TLS 1.0-1.2 ciphersuites that the client MAY offer to
+       * negotiate in the TLS handshake.
+       *
+ * + * repeated .grpc.gcp.Ciphersuite ciphersuites = 6; + * @param index The index to set the value at. + * @param value The enum numeric value on the wire for ciphersuites to set. + * @return This builder for chaining. + */ + public Builder setCiphersuitesValue( + int index, int value) { + ensureCiphersuitesIsMutable(); + ciphersuites_.set(index, value); + onChanged(); + return this; + } + /** + * 
+       * The ordered list of TLS 1.0-1.2 ciphersuites that the client MAY offer to
+       * negotiate in the TLS handshake.
+       *
+ * + * repeated .grpc.gcp.Ciphersuite ciphersuites = 6; + * @param value The enum numeric value on the wire for ciphersuites to add. + * @return This builder for chaining. + */ + public Builder addCiphersuitesValue(int value) { + ensureCiphersuitesIsMutable(); + ciphersuites_.add(value); + onChanged(); + return this; + } + /** + * 
+       * The ordered list of TLS 1.0-1.2 ciphersuites that the client MAY offer to
+       * negotiate in the TLS handshake.
+       *
+ * + * repeated .grpc.gcp.Ciphersuite ciphersuites = 6; + * @param values The enum numeric values on the wire for ciphersuites to add. + * @return This builder for chaining. + */ + public Builder addAllCiphersuitesValue( + java.lang.Iterable values) { + ensureCiphersuitesIsMutable(); + for (int value : values) { + ciphersuites_.add(value); + } + onChanged(); + return this; + } + + private io.grpc.s2a.handshaker.AlpnPolicy alpnPolicy_; + private com.google.protobuf.SingleFieldBuilderV3< + io.grpc.s2a.handshaker.AlpnPolicy, io.grpc.s2a.handshaker.AlpnPolicy.Builder, io.grpc.s2a.handshaker.AlpnPolicyOrBuilder> alpnPolicyBuilder_; + /** + * 
+       * The policy that dictates how the client negotiates ALPN during the TLS
+       * handshake.
+       *
+ * + * .grpc.gcp.AlpnPolicy alpn_policy = 7; + * @return Whether the alpnPolicy field is set. + */ + public boolean hasAlpnPolicy() { + return ((bitField0_ & 0x00000010) != 0); + } + /** + * 
+       * The policy that dictates how the client negotiates ALPN during the TLS
+       * handshake.
+       *
+ * + * .grpc.gcp.AlpnPolicy alpn_policy = 7; + * @return The alpnPolicy. + */ + public io.grpc.s2a.handshaker.AlpnPolicy getAlpnPolicy() { + if (alpnPolicyBuilder_ == null) { + return alpnPolicy_ == null ? io.grpc.s2a.handshaker.AlpnPolicy.getDefaultInstance() : alpnPolicy_; + } else { + return alpnPolicyBuilder_.getMessage(); + } + } + /** + * 
+       * The policy that dictates how the client negotiates ALPN during the TLS
+       * handshake.
+       *
+ * + * .grpc.gcp.AlpnPolicy alpn_policy = 7; + */ + public Builder setAlpnPolicy(io.grpc.s2a.handshaker.AlpnPolicy value) { + if (alpnPolicyBuilder_ == null) { + if (value == null) { + throw new NullPointerException(); + } + alpnPolicy_ = value; + } else { + alpnPolicyBuilder_.setMessage(value); + } + bitField0_ |= 0x00000010; + onChanged(); + return this; + } + /** + * 
+       * The policy that dictates how the client negotiates ALPN during the TLS
+       * handshake.
+       *
+ * + * .grpc.gcp.AlpnPolicy alpn_policy = 7; + */ + public Builder setAlpnPolicy( + io.grpc.s2a.handshaker.AlpnPolicy.Builder builderForValue) { + if (alpnPolicyBuilder_ == null) { + alpnPolicy_ = builderForValue.build(); + } else { + alpnPolicyBuilder_.setMessage(builderForValue.build()); + } + bitField0_ |= 0x00000010; + onChanged(); + return this; + } + /** + * 
+       * The policy that dictates how the client negotiates ALPN during the TLS
+       * handshake.
+       *
+ * + * .grpc.gcp.AlpnPolicy alpn_policy = 7; + */ + public Builder mergeAlpnPolicy(io.grpc.s2a.handshaker.AlpnPolicy value) { + if (alpnPolicyBuilder_ == null) { + if (((bitField0_ & 0x00000010) != 0) && + alpnPolicy_ != null && + alpnPolicy_ != io.grpc.s2a.handshaker.AlpnPolicy.getDefaultInstance()) { + getAlpnPolicyBuilder().mergeFrom(value); + } else { + alpnPolicy_ = value; + } + } else { + alpnPolicyBuilder_.mergeFrom(value); + } + if (alpnPolicy_ != null) { + bitField0_ |= 0x00000010; + onChanged(); + } + return this; + } + /** + * 
+       * The policy that dictates how the client negotiates ALPN during the TLS
+       * handshake.
+       *
+ * + * .grpc.gcp.AlpnPolicy alpn_policy = 7; + */ + public Builder clearAlpnPolicy() { + bitField0_ = (bitField0_ & ~0x00000010); + alpnPolicy_ = null; + if (alpnPolicyBuilder_ != null) { + alpnPolicyBuilder_.dispose(); + alpnPolicyBuilder_ = null; + } + onChanged(); + return this; + } + /** + * 
+       * The policy that dictates how the client negotiates ALPN during the TLS
+       * handshake.
+       *
+ * + * .grpc.gcp.AlpnPolicy alpn_policy = 7; + */ + public io.grpc.s2a.handshaker.AlpnPolicy.Builder getAlpnPolicyBuilder() { + bitField0_ |= 0x00000010; + onChanged(); + return getAlpnPolicyFieldBuilder().getBuilder(); + } + /** + * 
+       * The policy that dictates how the client negotiates ALPN during the TLS
+       * handshake.
+       *
+ * + * .grpc.gcp.AlpnPolicy alpn_policy = 7; + */ + public io.grpc.s2a.handshaker.AlpnPolicyOrBuilder getAlpnPolicyOrBuilder() { + if (alpnPolicyBuilder_ != null) { + return alpnPolicyBuilder_.getMessageOrBuilder(); + } else { + return alpnPolicy_ == null ? + io.grpc.s2a.handshaker.AlpnPolicy.getDefaultInstance() : alpnPolicy_; + } + } + /** + * 
+       * The policy that dictates how the client negotiates ALPN during the TLS
+       * handshake.
+       *
+ * + * .grpc.gcp.AlpnPolicy alpn_policy = 7; + */ + private com.google.protobuf.SingleFieldBuilderV3< + io.grpc.s2a.handshaker.AlpnPolicy, io.grpc.s2a.handshaker.AlpnPolicy.Builder, io.grpc.s2a.handshaker.AlpnPolicyOrBuilder> + getAlpnPolicyFieldBuilder() { + if (alpnPolicyBuilder_ == null) { + alpnPolicyBuilder_ = new com.google.protobuf.SingleFieldBuilderV3< + io.grpc.s2a.handshaker.AlpnPolicy, io.grpc.s2a.handshaker.AlpnPolicy.Builder, io.grpc.s2a.handshaker.AlpnPolicyOrBuilder>( + getAlpnPolicy(), + getParentForChildren(), + isClean()); + alpnPolicy_ = null; + } + return alpnPolicyBuilder_; + } + @java.lang.Override + public final Builder setUnknownFields( + final com.google.protobuf.UnknownFieldSet unknownFields) { + return super.setUnknownFields(unknownFields); + } + + @java.lang.Override + public final Builder mergeUnknownFields( + final com.google.protobuf.UnknownFieldSet unknownFields) { + return super.mergeUnknownFields(unknownFields); + } + + + // @@protoc_insertion_point(builder_scope:grpc.gcp.GetTlsConfigurationResp.ClientTlsConfiguration) + } + + // @@protoc_insertion_point(class_scope:grpc.gcp.GetTlsConfigurationResp.ClientTlsConfiguration) + private static final io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfiguration DEFAULT_INSTANCE; + static { + DEFAULT_INSTANCE = new io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfiguration(); + } + + public static io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfiguration getDefaultInstance() { + return DEFAULT_INSTANCE; + } + + private static final com.google.protobuf.Parser + PARSER = new com.google.protobuf.AbstractParser() { + @java.lang.Override + public ClientTlsConfiguration parsePartialFrom( + com.google.protobuf.CodedInputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + Builder builder = newBuilder(); + try { + builder.mergeFrom(input, extensionRegistry); + } catch (com.google.protobuf.InvalidProtocolBufferException e) { + throw e.setUnfinishedMessage(builder.buildPartial()); + } catch (com.google.protobuf.UninitializedMessageException e) { + throw e.asInvalidProtocolBufferException().setUnfinishedMessage(builder.buildPartial()); + } catch (java.io.IOException e) { + throw new com.google.protobuf.InvalidProtocolBufferException(e) + .setUnfinishedMessage(builder.buildPartial()); + } + return builder.buildPartial(); + } + }; + + public static com.google.protobuf.Parser parser() { + return PARSER; + } + + @java.lang.Override + public com.google.protobuf.Parser getParserForType() { + return PARSER; + } + + @java.lang.Override + public io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfiguration getDefaultInstanceForType() { + return DEFAULT_INSTANCE; + } + + } + + public interface ServerTlsConfigurationOrBuilder extends + // @@protoc_insertion_point(interface_extends:grpc.gcp.GetTlsConfigurationResp.ServerTlsConfiguration) + com.google.protobuf.MessageOrBuilder { + + /** + * 
+     * The certificate chain that the server MUST use for the TLS handshake.
+     * It's a list of PEM-encoded certificates, ordered from leaf to root,
+     * excluding the root.
+     *
+ * + * repeated string certificate_chain = 1; + * @return A list containing the certificateChain. + */ + java.util.List + getCertificateChainList(); + /** + * 
+     * The certificate chain that the server MUST use for the TLS handshake.
+     * It's a list of PEM-encoded certificates, ordered from leaf to root,
+     * excluding the root.
+     *
+ * + * repeated string certificate_chain = 1; + * @return The count of certificateChain. + */ + int getCertificateChainCount(); + /** + * 
+     * The certificate chain that the server MUST use for the TLS handshake.
+     * It's a list of PEM-encoded certificates, ordered from leaf to root,
+     * excluding the root.
+     *
+ * + * repeated string certificate_chain = 1; + * @param index The index of the element to return. + * @return The certificateChain at the given index. + */ + java.lang.String getCertificateChain(int index); + /** + * 
+     * The certificate chain that the server MUST use for the TLS handshake.
+     * It's a list of PEM-encoded certificates, ordered from leaf to root,
+     * excluding the root.
+     *
+ * + * repeated string certificate_chain = 1; + * @param index The index of the value to return. + * @return The bytes of the certificateChain at the given index. + */ + com.google.protobuf.ByteString + getCertificateChainBytes(int index); + + /** + * 
+     * The minimum TLS version number that the server MUST use for the TLS
+     * handshake. If this field is not provided, the server MUST use the default
+     * minimum version of the server's TLS library.
+     *
+ * + * .grpc.gcp.TLSVersion min_tls_version = 2; + * @return The enum numeric value on the wire for minTlsVersion. + */ + int getMinTlsVersionValue(); + /** + * 
+     * The minimum TLS version number that the server MUST use for the TLS
+     * handshake. If this field is not provided, the server MUST use the default
+     * minimum version of the server's TLS library.
+     *
+ * + * .grpc.gcp.TLSVersion min_tls_version = 2; + * @return The minTlsVersion. + */ + io.grpc.s2a.handshaker.TLSVersion getMinTlsVersion(); + + /** + * 
+     * The maximum TLS version number that the server MUST use for the TLS
+     * handshake. If this field is not provided, the server MUST use the default
+     * maximum version of the server's TLS library.
+     *
+ * + * .grpc.gcp.TLSVersion max_tls_version = 3; + * @return The enum numeric value on the wire for maxTlsVersion. + */ + int getMaxTlsVersionValue(); + /** + * 
+     * The maximum TLS version number that the server MUST use for the TLS
+     * handshake. If this field is not provided, the server MUST use the default
+     * maximum version of the server's TLS library.
+     *
+ * + * .grpc.gcp.TLSVersion max_tls_version = 3; + * @return The maxTlsVersion. + */ + io.grpc.s2a.handshaker.TLSVersion getMaxTlsVersion(); + + /** + * 
+     * The ordered list of TLS 1.0-1.2 ciphersuites that the server MAY offer to
+     * negotiate in the TLS handshake.
+     *
+ * + * repeated .grpc.gcp.Ciphersuite ciphersuites = 10; + * @return A list containing the ciphersuites. + */ + java.util.List getCiphersuitesList(); + /** + * 
+     * The ordered list of TLS 1.0-1.2 ciphersuites that the server MAY offer to
+     * negotiate in the TLS handshake.
+     *
+ * + * repeated .grpc.gcp.Ciphersuite ciphersuites = 10; + * @return The count of ciphersuites. + */ + int getCiphersuitesCount(); + /** + * 
+     * The ordered list of TLS 1.0-1.2 ciphersuites that the server MAY offer to
+     * negotiate in the TLS handshake.
+     *
+ * + * repeated .grpc.gcp.Ciphersuite ciphersuites = 10; + * @param index The index of the element to return. + * @return The ciphersuites at the given index. + */ + io.grpc.s2a.handshaker.Ciphersuite getCiphersuites(int index); + /** + * 
+     * The ordered list of TLS 1.0-1.2 ciphersuites that the server MAY offer to
+     * negotiate in the TLS handshake.
+     *
+ * + * repeated .grpc.gcp.Ciphersuite ciphersuites = 10; + * @return A list containing the enum numeric values on the wire for ciphersuites. + */ + java.util.List + getCiphersuitesValueList(); + /** + * 
+     * The ordered list of TLS 1.0-1.2 ciphersuites that the server MAY offer to
+     * negotiate in the TLS handshake.
+     *
+ * + * repeated .grpc.gcp.Ciphersuite ciphersuites = 10; + * @param index The index of the value to return. + * @return The enum numeric value on the wire of ciphersuites at the given index. + */ + int getCiphersuitesValue(int index); + + /** + * 
+     * Whether to enable TLS resumption.
+     *
+ * + * bool tls_resumption_enabled = 6; + * @return The tlsResumptionEnabled. + */ + boolean getTlsResumptionEnabled(); + + /** + * 
+     * Whether the server MUST request a client certificate (i.e. to negotiate
+     * TLS vs. mTLS).
+     *
+ * + * .grpc.gcp.GetTlsConfigurationResp.ServerTlsConfiguration.RequestClientCertificate request_client_certificate = 7; + * @return The enum numeric value on the wire for requestClientCertificate. + */ + int getRequestClientCertificateValue(); + /** + * 
+     * Whether the server MUST request a client certificate (i.e. to negotiate
+     * TLS vs. mTLS).
+     *
+ * + * .grpc.gcp.GetTlsConfigurationResp.ServerTlsConfiguration.RequestClientCertificate request_client_certificate = 7; + * @return The requestClientCertificate. + */ + io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration.RequestClientCertificate getRequestClientCertificate(); + + /** + * 
+     * Returns the maximum number of extra bytes that
+     * |OffloadResumptionKeyOperation| can add to the number of unencrypted
+     * bytes to form the encrypted bytes.
+     *
+ * + * uint32 max_overhead_of_ticket_aead = 9; + * @return The maxOverheadOfTicketAead. + */ + int getMaxOverheadOfTicketAead(); + + /** + * 
+     * The policy that dictates how the server negotiates ALPN during the TLS
+     * handshake.
+     *
+ * + * .grpc.gcp.AlpnPolicy alpn_policy = 11; + * @return Whether the alpnPolicy field is set. + */ + boolean hasAlpnPolicy(); + /** + * 
+     * The policy that dictates how the server negotiates ALPN during the TLS
+     * handshake.
+     *
+ * + * .grpc.gcp.AlpnPolicy alpn_policy = 11; + * @return The alpnPolicy. + */ + io.grpc.s2a.handshaker.AlpnPolicy getAlpnPolicy(); + /** + * 
+     * The policy that dictates how the server negotiates ALPN during the TLS
+     * handshake.
+     *
+ * + * .grpc.gcp.AlpnPolicy alpn_policy = 11; + */ + io.grpc.s2a.handshaker.AlpnPolicyOrBuilder getAlpnPolicyOrBuilder(); + } + /** + * 
+   * Next ID: 12
+   *
+ * + * Protobuf type {@code grpc.gcp.GetTlsConfigurationResp.ServerTlsConfiguration} + */ + public static final class ServerTlsConfiguration extends + com.google.protobuf.GeneratedMessageV3 implements + // @@protoc_insertion_point(message_implements:grpc.gcp.GetTlsConfigurationResp.ServerTlsConfiguration) + ServerTlsConfigurationOrBuilder { + private static final long serialVersionUID = 0L; + // Use ServerTlsConfiguration.newBuilder() to construct. + private ServerTlsConfiguration(com.google.protobuf.GeneratedMessageV3.Builder builder) { + super(builder); + } + private ServerTlsConfiguration() { + certificateChain_ = + com.google.protobuf.LazyStringArrayList.emptyList(); + minTlsVersion_ = 0; + maxTlsVersion_ = 0; + ciphersuites_ = java.util.Collections.emptyList(); + requestClientCertificate_ = 0; + } + + @java.lang.Override + @SuppressWarnings({"unused"}) + protected java.lang.Object newInstance( + UnusedPrivateParameter unused) { + return new ServerTlsConfiguration(); + } + + public static final com.google.protobuf.Descriptors.Descriptor + getDescriptor() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_GetTlsConfigurationResp_ServerTlsConfiguration_descriptor; + } + + @java.lang.Override + protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable + internalGetFieldAccessorTable() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_GetTlsConfigurationResp_ServerTlsConfiguration_fieldAccessorTable + .ensureFieldAccessorsInitialized( + io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration.class, io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration.Builder.class); + } + + /** + * Protobuf enum {@code grpc.gcp.GetTlsConfigurationResp.ServerTlsConfiguration.RequestClientCertificate} + */ + public enum RequestClientCertificate + implements com.google.protobuf.ProtocolMessageEnum { + /** + * UNSPECIFIED = 0; + */ + UNSPECIFIED(0), + /** + * DONT_REQUEST_CLIENT_CERTIFICATE = 1; + */ + DONT_REQUEST_CLIENT_CERTIFICATE(1), + /** + * REQUEST_CLIENT_CERTIFICATE_BUT_DONT_VERIFY = 2; + */ + REQUEST_CLIENT_CERTIFICATE_BUT_DONT_VERIFY(2), + /** + * REQUEST_CLIENT_CERTIFICATE_AND_VERIFY = 3; + */ + REQUEST_CLIENT_CERTIFICATE_AND_VERIFY(3), + /** + * REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_BUT_DONT_VERIFY = 4; + */ + REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_BUT_DONT_VERIFY(4), + /** + * REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY = 5; + */ + REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY(5), + UNRECOGNIZED(-1), + ; + + /** + * UNSPECIFIED = 0; + */ + public static final int UNSPECIFIED_VALUE = 0; + /** + * DONT_REQUEST_CLIENT_CERTIFICATE = 1; + */ + public static final int DONT_REQUEST_CLIENT_CERTIFICATE_VALUE = 1; + /** + * REQUEST_CLIENT_CERTIFICATE_BUT_DONT_VERIFY = 2; + */ + public static final int REQUEST_CLIENT_CERTIFICATE_BUT_DONT_VERIFY_VALUE = 2; + /** + * REQUEST_CLIENT_CERTIFICATE_AND_VERIFY = 3; + */ + public static final int REQUEST_CLIENT_CERTIFICATE_AND_VERIFY_VALUE = 3; + /** + * REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_BUT_DONT_VERIFY = 4; + */ + public static final int REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_BUT_DONT_VERIFY_VALUE = 4; + /** + * REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY = 5; + */ + public static final int REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY_VALUE = 5; + + + public final int getNumber() { + if (this == UNRECOGNIZED) { + throw new java.lang.IllegalArgumentException( + "Can't get the number of an unknown enum value."); + } + return value; + } + + /** + * @param value The numeric wire value of the corresponding enum entry. + * @return The enum associated with the given numeric wire value. + * @deprecated Use {@link #forNumber(int)} instead. + */ + @java.lang.Deprecated + public static RequestClientCertificate valueOf(int value) { + return forNumber(value); + } + + /** + * @param value The numeric wire value of the corresponding enum entry. + * @return The enum associated with the given numeric wire value. + */ + public static RequestClientCertificate forNumber(int value) { + switch (value) { + case 0: return UNSPECIFIED; + case 1: return DONT_REQUEST_CLIENT_CERTIFICATE; + case 2: return REQUEST_CLIENT_CERTIFICATE_BUT_DONT_VERIFY; + case 3: return REQUEST_CLIENT_CERTIFICATE_AND_VERIFY; + case 4: return REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_BUT_DONT_VERIFY; + case 5: return REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY; + default: return null; + } + } + + public static com.google.protobuf.Internal.EnumLiteMap + internalGetValueMap() { + return internalValueMap; + } + private static final com.google.protobuf.Internal.EnumLiteMap< + RequestClientCertificate> internalValueMap = + new com.google.protobuf.Internal.EnumLiteMap() { + public RequestClientCertificate findValueByNumber(int number) { + return RequestClientCertificate.forNumber(number); + } + }; + + public final com.google.protobuf.Descriptors.EnumValueDescriptor + getValueDescriptor() { + if (this == UNRECOGNIZED) { + throw new java.lang.IllegalStateException( + "Can't get the descriptor of an unrecognized enum value."); + } + return getDescriptor().getValues().get(ordinal()); + } + public final com.google.protobuf.Descriptors.EnumDescriptor + getDescriptorForType() { + return getDescriptor(); + } + public static final com.google.protobuf.Descriptors.EnumDescriptor + getDescriptor() { + return io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration.getDescriptor().getEnumTypes().get(0); + } + + private static final RequestClientCertificate[] VALUES = values(); + + public static RequestClientCertificate valueOf( + com.google.protobuf.Descriptors.EnumValueDescriptor desc) { + if (desc.getType() != getDescriptor()) { + throw new java.lang.IllegalArgumentException( + "EnumValueDescriptor is not for this type."); + } + if (desc.getIndex() == -1) { + return UNRECOGNIZED; + } + return VALUES[desc.getIndex()]; + } + + private final int value; + + private RequestClientCertificate(int value) { + this.value = value; + } + + // @@protoc_insertion_point(enum_scope:grpc.gcp.GetTlsConfigurationResp.ServerTlsConfiguration.RequestClientCertificate) + } + + private int bitField0_; + public static final int CERTIFICATE_CHAIN_FIELD_NUMBER = 1; + @SuppressWarnings("serial") + private com.google.protobuf.LazyStringArrayList certificateChain_ = + com.google.protobuf.LazyStringArrayList.emptyList(); + /** + * 
+     * The certificate chain that the server MUST use for the TLS handshake.
+     * It's a list of PEM-encoded certificates, ordered from leaf to root,
+     * excluding the root.
+     *
+ * + * repeated string certificate_chain = 1; + * @return A list containing the certificateChain. + */ + public com.google.protobuf.ProtocolStringList + getCertificateChainList() { + return certificateChain_; + } + /** + * 
+     * The certificate chain that the server MUST use for the TLS handshake.
+     * It's a list of PEM-encoded certificates, ordered from leaf to root,
+     * excluding the root.
+     *
+ * + * repeated string certificate_chain = 1; + * @return The count of certificateChain. + */ + public int getCertificateChainCount() { + return certificateChain_.size(); + } + /** + * 
+     * The certificate chain that the server MUST use for the TLS handshake.
+     * It's a list of PEM-encoded certificates, ordered from leaf to root,
+     * excluding the root.
+     *
+ * + * repeated string certificate_chain = 1; + * @param index The index of the element to return. + * @return The certificateChain at the given index. + */ + public java.lang.String getCertificateChain(int index) { + return certificateChain_.get(index); + } + /** + * 
+     * The certificate chain that the server MUST use for the TLS handshake.
+     * It's a list of PEM-encoded certificates, ordered from leaf to root,
+     * excluding the root.
+     *
+ * + * repeated string certificate_chain = 1; + * @param index The index of the value to return. + * @return The bytes of the certificateChain at the given index. + */ + public com.google.protobuf.ByteString + getCertificateChainBytes(int index) { + return certificateChain_.getByteString(index); + } + + public static final int MIN_TLS_VERSION_FIELD_NUMBER = 2; + private int minTlsVersion_ = 0; + /** + * 
+     * The minimum TLS version number that the server MUST use for the TLS
+     * handshake. If this field is not provided, the server MUST use the default
+     * minimum version of the server's TLS library.
+     *
+ * + * .grpc.gcp.TLSVersion min_tls_version = 2; + * @return The enum numeric value on the wire for minTlsVersion. + */ + @java.lang.Override public int getMinTlsVersionValue() { + return minTlsVersion_; + } + /** + * 
+     * The minimum TLS version number that the server MUST use for the TLS
+     * handshake. If this field is not provided, the server MUST use the default
+     * minimum version of the server's TLS library.
+     *
+ * + * .grpc.gcp.TLSVersion min_tls_version = 2; + * @return The minTlsVersion. + */ + @java.lang.Override public io.grpc.s2a.handshaker.TLSVersion getMinTlsVersion() { + io.grpc.s2a.handshaker.TLSVersion result = io.grpc.s2a.handshaker.TLSVersion.forNumber(minTlsVersion_); + return result == null ? io.grpc.s2a.handshaker.TLSVersion.UNRECOGNIZED : result; + } + + public static final int MAX_TLS_VERSION_FIELD_NUMBER = 3; + private int maxTlsVersion_ = 0; + /** + * 
+     * The maximum TLS version number that the server MUST use for the TLS
+     * handshake. If this field is not provided, the server MUST use the default
+     * maximum version of the server's TLS library.
+     *
+ * + * .grpc.gcp.TLSVersion max_tls_version = 3; + * @return The enum numeric value on the wire for maxTlsVersion. + */ + @java.lang.Override public int getMaxTlsVersionValue() { + return maxTlsVersion_; + } + /** + * 
+     * The maximum TLS version number that the server MUST use for the TLS
+     * handshake. If this field is not provided, the server MUST use the default
+     * maximum version of the server's TLS library.
+     *
+ * + * .grpc.gcp.TLSVersion max_tls_version = 3; + * @return The maxTlsVersion. + */ + @java.lang.Override public io.grpc.s2a.handshaker.TLSVersion getMaxTlsVersion() { + io.grpc.s2a.handshaker.TLSVersion result = io.grpc.s2a.handshaker.TLSVersion.forNumber(maxTlsVersion_); + return result == null ? io.grpc.s2a.handshaker.TLSVersion.UNRECOGNIZED : result; + } + + public static final int CIPHERSUITES_FIELD_NUMBER = 10; + @SuppressWarnings("serial") + private java.util.List ciphersuites_; + private static final com.google.protobuf.Internal.ListAdapter.Converter< + java.lang.Integer, io.grpc.s2a.handshaker.Ciphersuite> ciphersuites_converter_ = + new com.google.protobuf.Internal.ListAdapter.Converter< + java.lang.Integer, io.grpc.s2a.handshaker.Ciphersuite>() { + public io.grpc.s2a.handshaker.Ciphersuite convert(java.lang.Integer from) { + io.grpc.s2a.handshaker.Ciphersuite result = io.grpc.s2a.handshaker.Ciphersuite.forNumber(from); + return result == null ? io.grpc.s2a.handshaker.Ciphersuite.UNRECOGNIZED : result; + } + }; + /** + * 
+     * The ordered list of TLS 1.0-1.2 ciphersuites that the server MAY offer to
+     * negotiate in the TLS handshake.
+     *
+ * + * repeated .grpc.gcp.Ciphersuite ciphersuites = 10; + * @return A list containing the ciphersuites. + */ + @java.lang.Override + public java.util.List getCiphersuitesList() { + return new com.google.protobuf.Internal.ListAdapter< + java.lang.Integer, io.grpc.s2a.handshaker.Ciphersuite>(ciphersuites_, ciphersuites_converter_); + } + /** + * 
+     * The ordered list of TLS 1.0-1.2 ciphersuites that the server MAY offer to
+     * negotiate in the TLS handshake.
+     *
+ * + * repeated .grpc.gcp.Ciphersuite ciphersuites = 10; + * @return The count of ciphersuites. + */ + @java.lang.Override + public int getCiphersuitesCount() { + return ciphersuites_.size(); + } + /** + * 
+     * The ordered list of TLS 1.0-1.2 ciphersuites that the server MAY offer to
+     * negotiate in the TLS handshake.
+     *
+ * + * repeated .grpc.gcp.Ciphersuite ciphersuites = 10; + * @param index The index of the element to return. + * @return The ciphersuites at the given index. + */ + @java.lang.Override + public io.grpc.s2a.handshaker.Ciphersuite getCiphersuites(int index) { + return ciphersuites_converter_.convert(ciphersuites_.get(index)); + } + /** + * 
+     * The ordered list of TLS 1.0-1.2 ciphersuites that the server MAY offer to
+     * negotiate in the TLS handshake.
+     *
+ * + * repeated .grpc.gcp.Ciphersuite ciphersuites = 10; + * @return A list containing the enum numeric values on the wire for ciphersuites. + */ + @java.lang.Override + public java.util.List + getCiphersuitesValueList() { + return ciphersuites_; + } + /** + * 
+     * The ordered list of TLS 1.0-1.2 ciphersuites that the server MAY offer to
+     * negotiate in the TLS handshake.
+     *
+ * + * repeated .grpc.gcp.Ciphersuite ciphersuites = 10; + * @param index The index of the value to return. + * @return The enum numeric value on the wire of ciphersuites at the given index. + */ + @java.lang.Override + public int getCiphersuitesValue(int index) { + return ciphersuites_.get(index); + } + private int ciphersuitesMemoizedSerializedSize; + + public static final int TLS_RESUMPTION_ENABLED_FIELD_NUMBER = 6; + private boolean tlsResumptionEnabled_ = false; + /** + * 
+     * Whether to enable TLS resumption.
+     *
+ * + * bool tls_resumption_enabled = 6; + * @return The tlsResumptionEnabled. + */ + @java.lang.Override + public boolean getTlsResumptionEnabled() { + return tlsResumptionEnabled_; + } + + public static final int REQUEST_CLIENT_CERTIFICATE_FIELD_NUMBER = 7; + private int requestClientCertificate_ = 0; + /** + * 
+     * Whether the server MUST request a client certificate (i.e. to negotiate
+     * TLS vs. mTLS).
+     *
+ * + * .grpc.gcp.GetTlsConfigurationResp.ServerTlsConfiguration.RequestClientCertificate request_client_certificate = 7; + * @return The enum numeric value on the wire for requestClientCertificate. + */ + @java.lang.Override public int getRequestClientCertificateValue() { + return requestClientCertificate_; + } + /** + * 
+     * Whether the server MUST request a client certificate (i.e. to negotiate
+     * TLS vs. mTLS).
+     *
+ * + * .grpc.gcp.GetTlsConfigurationResp.ServerTlsConfiguration.RequestClientCertificate request_client_certificate = 7; + * @return The requestClientCertificate. + */ + @java.lang.Override public io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration.RequestClientCertificate getRequestClientCertificate() { + io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration.RequestClientCertificate result = io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration.RequestClientCertificate.forNumber(requestClientCertificate_); + return result == null ? io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration.RequestClientCertificate.UNRECOGNIZED : result; + } + + public static final int MAX_OVERHEAD_OF_TICKET_AEAD_FIELD_NUMBER = 9; + private int maxOverheadOfTicketAead_ = 0; + /** + * 
+     * Returns the maximum number of extra bytes that
+     * |OffloadResumptionKeyOperation| can add to the number of unencrypted
+     * bytes to form the encrypted bytes.
+     *
+ * + * uint32 max_overhead_of_ticket_aead = 9; + * @return The maxOverheadOfTicketAead. + */ + @java.lang.Override + public int getMaxOverheadOfTicketAead() { + return maxOverheadOfTicketAead_; + } + + public static final int ALPN_POLICY_FIELD_NUMBER = 11; + private io.grpc.s2a.handshaker.AlpnPolicy alpnPolicy_; + /** + * 
+     * The policy that dictates how the server negotiates ALPN during the TLS
+     * handshake.
+     *
+ * + * .grpc.gcp.AlpnPolicy alpn_policy = 11; + * @return Whether the alpnPolicy field is set. + */ + @java.lang.Override + public boolean hasAlpnPolicy() { + return ((bitField0_ & 0x00000001) != 0); + } + /** + * 
+     * The policy that dictates how the server negotiates ALPN during the TLS
+     * handshake.
+     *
+ * + * .grpc.gcp.AlpnPolicy alpn_policy = 11; + * @return The alpnPolicy. + */ + @java.lang.Override + public io.grpc.s2a.handshaker.AlpnPolicy getAlpnPolicy() { + return alpnPolicy_ == null ? io.grpc.s2a.handshaker.AlpnPolicy.getDefaultInstance() : alpnPolicy_; + } + /** + * 
+     * The policy that dictates how the server negotiates ALPN during the TLS
+     * handshake.
+     *
+ * + * .grpc.gcp.AlpnPolicy alpn_policy = 11; + */ + @java.lang.Override + public io.grpc.s2a.handshaker.AlpnPolicyOrBuilder getAlpnPolicyOrBuilder() { + return alpnPolicy_ == null ? io.grpc.s2a.handshaker.AlpnPolicy.getDefaultInstance() : alpnPolicy_; + } + + private byte memoizedIsInitialized = -1; + @java.lang.Override + public final boolean isInitialized() { + byte isInitialized = memoizedIsInitialized; + if (isInitialized == 1) return true; + if (isInitialized == 0) return false; + + memoizedIsInitialized = 1; + return true; + } + + @java.lang.Override + public void writeTo(com.google.protobuf.CodedOutputStream output) + throws java.io.IOException { + getSerializedSize(); + for (int i = 0; i < certificateChain_.size(); i++) { + com.google.protobuf.GeneratedMessageV3.writeString(output, 1, certificateChain_.getRaw(i)); + } + if (minTlsVersion_ != io.grpc.s2a.handshaker.TLSVersion.TLS_VERSION_UNSPECIFIED.getNumber()) { + output.writeEnum(2, minTlsVersion_); + } + if (maxTlsVersion_ != io.grpc.s2a.handshaker.TLSVersion.TLS_VERSION_UNSPECIFIED.getNumber()) { + output.writeEnum(3, maxTlsVersion_); + } + if (tlsResumptionEnabled_ != false) { + output.writeBool(6, tlsResumptionEnabled_); + } + if (requestClientCertificate_ != io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration.RequestClientCertificate.UNSPECIFIED.getNumber()) { + output.writeEnum(7, requestClientCertificate_); + } + if (maxOverheadOfTicketAead_ != 0) { + output.writeUInt32(9, maxOverheadOfTicketAead_); + } + if (getCiphersuitesList().size() > 0) { + output.writeUInt32NoTag(82); + output.writeUInt32NoTag(ciphersuitesMemoizedSerializedSize); + } + for (int i = 0; i < ciphersuites_.size(); i++) { + output.writeEnumNoTag(ciphersuites_.get(i)); + } + if (((bitField0_ & 0x00000001) != 0)) { + output.writeMessage(11, getAlpnPolicy()); + } + getUnknownFields().writeTo(output); + } + + @java.lang.Override + public int getSerializedSize() { + int size = memoizedSize; + if (size != -1) return size; + + size = 0; + { + int dataSize = 0; + for (int i = 0; i < certificateChain_.size(); i++) { + dataSize += computeStringSizeNoTag(certificateChain_.getRaw(i)); + } + size += dataSize; + size += 1 * getCertificateChainList().size(); + } + if (minTlsVersion_ != io.grpc.s2a.handshaker.TLSVersion.TLS_VERSION_UNSPECIFIED.getNumber()) { + size += com.google.protobuf.CodedOutputStream + .computeEnumSize(2, minTlsVersion_); + } + if (maxTlsVersion_ != io.grpc.s2a.handshaker.TLSVersion.TLS_VERSION_UNSPECIFIED.getNumber()) { + size += com.google.protobuf.CodedOutputStream + .computeEnumSize(3, maxTlsVersion_); + } + if (tlsResumptionEnabled_ != false) { + size += com.google.protobuf.CodedOutputStream + .computeBoolSize(6, tlsResumptionEnabled_); + } + if (requestClientCertificate_ != io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration.RequestClientCertificate.UNSPECIFIED.getNumber()) { + size += com.google.protobuf.CodedOutputStream + .computeEnumSize(7, requestClientCertificate_); + } + if (maxOverheadOfTicketAead_ != 0) { + size += com.google.protobuf.CodedOutputStream + .computeUInt32Size(9, maxOverheadOfTicketAead_); + } + { + int dataSize = 0; + for (int i = 0; i < ciphersuites_.size(); i++) { + dataSize += com.google.protobuf.CodedOutputStream + .computeEnumSizeNoTag(ciphersuites_.get(i)); + } + size += dataSize; + if (!getCiphersuitesList().isEmpty()) { size += 1; + size += com.google.protobuf.CodedOutputStream + .computeUInt32SizeNoTag(dataSize); + }ciphersuitesMemoizedSerializedSize = dataSize; + } + if (((bitField0_ & 0x00000001) != 0)) { + size += com.google.protobuf.CodedOutputStream + .computeMessageSize(11, getAlpnPolicy()); + } + size += getUnknownFields().getSerializedSize(); + memoizedSize = size; + return size; + } + + @java.lang.Override + public boolean equals(final java.lang.Object obj) { + if (obj == this) { + return true; + } + if (!(obj instanceof io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration)) { + return super.equals(obj); + } + io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration other = (io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration) obj; + + if (!getCertificateChainList() + .equals(other.getCertificateChainList())) return false; + if (minTlsVersion_ != other.minTlsVersion_) return false; + if (maxTlsVersion_ != other.maxTlsVersion_) return false; + if (!ciphersuites_.equals(other.ciphersuites_)) return false; + if (getTlsResumptionEnabled() + != other.getTlsResumptionEnabled()) return false; + if (requestClientCertificate_ != other.requestClientCertificate_) return false; + if (getMaxOverheadOfTicketAead() + != other.getMaxOverheadOfTicketAead()) return false; + if (hasAlpnPolicy() != other.hasAlpnPolicy()) return false; + if (hasAlpnPolicy()) { + if (!getAlpnPolicy() + .equals(other.getAlpnPolicy())) return false; + } + if (!getUnknownFields().equals(other.getUnknownFields())) return false; + return true; + } + + @java.lang.Override + public int hashCode() { + if (memoizedHashCode != 0) { + return memoizedHashCode; + } + int hash = 41; + hash = (19 * hash) + getDescriptor().hashCode(); + if (getCertificateChainCount() > 0) { + hash = (37 * hash) + CERTIFICATE_CHAIN_FIELD_NUMBER; + hash = (53 * hash) + getCertificateChainList().hashCode(); + } + hash = (37 * hash) + MIN_TLS_VERSION_FIELD_NUMBER; + hash = (53 * hash) + minTlsVersion_; + hash = (37 * hash) + MAX_TLS_VERSION_FIELD_NUMBER; + hash = (53 * hash) + maxTlsVersion_; + if (getCiphersuitesCount() > 0) { + hash = (37 * hash) + CIPHERSUITES_FIELD_NUMBER; + hash = (53 * hash) + ciphersuites_.hashCode(); + } + hash = (37 * hash) + TLS_RESUMPTION_ENABLED_FIELD_NUMBER; + hash = (53 * hash) + com.google.protobuf.Internal.hashBoolean( + getTlsResumptionEnabled()); + hash = (37 * hash) + REQUEST_CLIENT_CERTIFICATE_FIELD_NUMBER; + hash = (53 * hash) + requestClientCertificate_; + hash = (37 * hash) + MAX_OVERHEAD_OF_TICKET_AEAD_FIELD_NUMBER; + hash = (53 * hash) + getMaxOverheadOfTicketAead(); + if (hasAlpnPolicy()) { + hash = (37 * hash) + ALPN_POLICY_FIELD_NUMBER; + hash = (53 * hash) + getAlpnPolicy().hashCode(); + } + hash = (29 * hash) + getUnknownFields().hashCode(); + memoizedHashCode = hash; + return hash; + } + + public static io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration parseFrom( + java.nio.ByteBuffer data) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data); + } + public static io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration parseFrom( + java.nio.ByteBuffer data, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data, extensionRegistry); + } + public static io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration parseFrom( + com.google.protobuf.ByteString data) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data); + } + public static io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration parseFrom( + com.google.protobuf.ByteString data, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data, extensionRegistry); + } + public static io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration parseFrom(byte[] data) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data); + } + public static io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration parseFrom( + byte[] data, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data, extensionRegistry); + } + public static io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration parseFrom(java.io.InputStream input) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input); + } + public static io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration parseFrom( + java.io.InputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input, extensionRegistry); + } + + public static io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration parseDelimitedFrom(java.io.InputStream input) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseDelimitedWithIOException(PARSER, input); + } + + public static io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration parseDelimitedFrom( + java.io.InputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseDelimitedWithIOException(PARSER, input, extensionRegistry); + } + public static io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration parseFrom( + com.google.protobuf.CodedInputStream input) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input); + } + public static io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration parseFrom( + com.google.protobuf.CodedInputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input, extensionRegistry); + } + + @java.lang.Override + public Builder newBuilderForType() { return newBuilder(); } + public static Builder newBuilder() { + return DEFAULT_INSTANCE.toBuilder(); + } + public static Builder newBuilder(io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration prototype) { + return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype); + } + @java.lang.Override + public Builder toBuilder() { + return this == DEFAULT_INSTANCE + ? new Builder() : new Builder().mergeFrom(this); + } + + @java.lang.Override + protected Builder newBuilderForType( + com.google.protobuf.GeneratedMessageV3.BuilderParent parent) { + Builder builder = new Builder(parent); + return builder; + } + /** + * 
+     * Next ID: 12
+     *
+ * + * Protobuf type {@code grpc.gcp.GetTlsConfigurationResp.ServerTlsConfiguration} + */ + public static final class Builder extends + com.google.protobuf.GeneratedMessageV3.Builder implements + // @@protoc_insertion_point(builder_implements:grpc.gcp.GetTlsConfigurationResp.ServerTlsConfiguration) + io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfigurationOrBuilder { + public static final com.google.protobuf.Descriptors.Descriptor + getDescriptor() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_GetTlsConfigurationResp_ServerTlsConfiguration_descriptor; + } + + @java.lang.Override + protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable + internalGetFieldAccessorTable() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_GetTlsConfigurationResp_ServerTlsConfiguration_fieldAccessorTable + .ensureFieldAccessorsInitialized( + io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration.class, io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration.Builder.class); + } + + // Construct using io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration.newBuilder() + private Builder() { + maybeForceBuilderInitialization(); + } + + private Builder( + com.google.protobuf.GeneratedMessageV3.BuilderParent parent) { + super(parent); + maybeForceBuilderInitialization(); + } + private void maybeForceBuilderInitialization() { + if (com.google.protobuf.GeneratedMessageV3 + .alwaysUseFieldBuilders) { + getAlpnPolicyFieldBuilder(); + } + } + @java.lang.Override + public Builder clear() { + super.clear(); + bitField0_ = 0; + certificateChain_ = + com.google.protobuf.LazyStringArrayList.emptyList(); + minTlsVersion_ = 0; + maxTlsVersion_ = 0; + ciphersuites_ = java.util.Collections.emptyList(); + bitField0_ = (bitField0_ & ~0x00000008); + tlsResumptionEnabled_ = false; + requestClientCertificate_ = 0; + maxOverheadOfTicketAead_ = 0; + alpnPolicy_ = null; + if (alpnPolicyBuilder_ != null) { + alpnPolicyBuilder_.dispose(); + alpnPolicyBuilder_ = null; + } + return this; + } + + @java.lang.Override + public com.google.protobuf.Descriptors.Descriptor + getDescriptorForType() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_GetTlsConfigurationResp_ServerTlsConfiguration_descriptor; + } + + @java.lang.Override + public io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration getDefaultInstanceForType() { + return io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration.getDefaultInstance(); + } + + @java.lang.Override + public io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration build() { + io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration result = buildPartial(); + if (!result.isInitialized()) { + throw newUninitializedMessageException(result); + } + return result; + } + + @java.lang.Override + public io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration buildPartial() { + io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration result = new io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration(this); + buildPartialRepeatedFields(result); + if (bitField0_ != 0) { buildPartial0(result); } + onBuilt(); + return result; + } + + private void buildPartialRepeatedFields(io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration result) { + if (((bitField0_ & 0x00000008) != 0)) { + ciphersuites_ = java.util.Collections.unmodifiableList(ciphersuites_); + bitField0_ = (bitField0_ & ~0x00000008); + } + result.ciphersuites_ = ciphersuites_; + } + + private void buildPartial0(io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration result) { + int from_bitField0_ = bitField0_; + if (((from_bitField0_ & 0x00000001) != 0)) { + certificateChain_.makeImmutable(); + result.certificateChain_ = certificateChain_; + } + if (((from_bitField0_ & 0x00000002) != 0)) { + result.minTlsVersion_ = minTlsVersion_; + } + if (((from_bitField0_ & 0x00000004) != 0)) { + result.maxTlsVersion_ = maxTlsVersion_; + } + if (((from_bitField0_ & 0x00000010) != 0)) { + result.tlsResumptionEnabled_ = tlsResumptionEnabled_; + } + if (((from_bitField0_ & 0x00000020) != 0)) { + result.requestClientCertificate_ = requestClientCertificate_; + } + if (((from_bitField0_ & 0x00000040) != 0)) { + result.maxOverheadOfTicketAead_ = maxOverheadOfTicketAead_; + } + int to_bitField0_ = 0; + if (((from_bitField0_ & 0x00000080) != 0)) { + result.alpnPolicy_ = alpnPolicyBuilder_ == null + ? alpnPolicy_ + : alpnPolicyBuilder_.build(); + to_bitField0_ |= 0x00000001; + } + result.bitField0_ |= to_bitField0_; + } + + @java.lang.Override + public Builder clone() { + return super.clone(); + } + @java.lang.Override + public Builder setField( + com.google.protobuf.Descriptors.FieldDescriptor field, + java.lang.Object value) { + return super.setField(field, value); + } + @java.lang.Override + public Builder clearField( + com.google.protobuf.Descriptors.FieldDescriptor field) { + return super.clearField(field); + } + @java.lang.Override + public Builder clearOneof( + com.google.protobuf.Descriptors.OneofDescriptor oneof) { + return super.clearOneof(oneof); + } + @java.lang.Override + public Builder setRepeatedField( + com.google.protobuf.Descriptors.FieldDescriptor field, + int index, java.lang.Object value) { + return super.setRepeatedField(field, index, value); + } + @java.lang.Override + public Builder addRepeatedField( + com.google.protobuf.Descriptors.FieldDescriptor field, + java.lang.Object value) { + return super.addRepeatedField(field, value); + } + @java.lang.Override + public Builder mergeFrom(com.google.protobuf.Message other) { + if (other instanceof io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration) { + return mergeFrom((io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration)other); + } else { + super.mergeFrom(other); + return this; + } + } + + public Builder mergeFrom(io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration other) { + if (other == io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration.getDefaultInstance()) return this; + if (!other.certificateChain_.isEmpty()) { + if (certificateChain_.isEmpty()) { + certificateChain_ = other.certificateChain_; + bitField0_ |= 0x00000001; + } else { + ensureCertificateChainIsMutable(); + certificateChain_.addAll(other.certificateChain_); + } + onChanged(); + } + if (other.minTlsVersion_ != 0) { + setMinTlsVersionValue(other.getMinTlsVersionValue()); + } + if (other.maxTlsVersion_ != 0) { + setMaxTlsVersionValue(other.getMaxTlsVersionValue()); + } + if (!other.ciphersuites_.isEmpty()) { + if (ciphersuites_.isEmpty()) { + ciphersuites_ = other.ciphersuites_; + bitField0_ = (bitField0_ & ~0x00000008); + } else { + ensureCiphersuitesIsMutable(); + ciphersuites_.addAll(other.ciphersuites_); + } + onChanged(); + } + if (other.getTlsResumptionEnabled() != false) { + setTlsResumptionEnabled(other.getTlsResumptionEnabled()); + } + if (other.requestClientCertificate_ != 0) { + setRequestClientCertificateValue(other.getRequestClientCertificateValue()); + } + if (other.getMaxOverheadOfTicketAead() != 0) { + setMaxOverheadOfTicketAead(other.getMaxOverheadOfTicketAead()); + } + if (other.hasAlpnPolicy()) { + mergeAlpnPolicy(other.getAlpnPolicy()); + } + this.mergeUnknownFields(other.getUnknownFields()); + onChanged(); + return this; + } + + @java.lang.Override + public final boolean isInitialized() { + return true; + } + + @java.lang.Override + public Builder mergeFrom( + com.google.protobuf.CodedInputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + if (extensionRegistry == null) { + throw new java.lang.NullPointerException(); + } + try { + boolean done = false; + while (!done) { + int tag = input.readTag(); + switch (tag) { + case 0: + done = true; + break; + case 10: { + java.lang.String s = input.readStringRequireUtf8(); + ensureCertificateChainIsMutable(); + certificateChain_.add(s); + break; + } // case 10 + case 16: { + minTlsVersion_ = input.readEnum(); + bitField0_ |= 0x00000002; + break; + } // case 16 + case 24: { + maxTlsVersion_ = input.readEnum(); + bitField0_ |= 0x00000004; + break; + } // case 24 + case 48: { + tlsResumptionEnabled_ = input.readBool(); + bitField0_ |= 0x00000010; + break; + } // case 48 + case 56: { + requestClientCertificate_ = input.readEnum(); + bitField0_ |= 0x00000020; + break; + } // case 56 + case 72: { + maxOverheadOfTicketAead_ = input.readUInt32(); + bitField0_ |= 0x00000040; + break; + } // case 72 + case 80: { + int tmpRaw = input.readEnum(); + ensureCiphersuitesIsMutable(); + ciphersuites_.add(tmpRaw); + break; + } // case 80 + case 82: { + int length = input.readRawVarint32(); + int oldLimit = input.pushLimit(length); + while(input.getBytesUntilLimit() > 0) { + int tmpRaw = input.readEnum(); + ensureCiphersuitesIsMutable(); + ciphersuites_.add(tmpRaw); + } + input.popLimit(oldLimit); + break; + } // case 82 + case 90: { + input.readMessage( + getAlpnPolicyFieldBuilder().getBuilder(), + extensionRegistry); + bitField0_ |= 0x00000080; + break; + } // case 90 + default: { + if (!super.parseUnknownField(input, extensionRegistry, tag)) { + done = true; // was an endgroup tag + } + break; + } // default: + } // switch (tag) + } // while (!done) + } catch (com.google.protobuf.InvalidProtocolBufferException e) { + throw e.unwrapIOException(); + } finally { + onChanged(); + } // finally + return this; + } + private int bitField0_; + + private com.google.protobuf.LazyStringArrayList certificateChain_ = + com.google.protobuf.LazyStringArrayList.emptyList(); + private void ensureCertificateChainIsMutable() { + if (!certificateChain_.isModifiable()) { + certificateChain_ = new com.google.protobuf.LazyStringArrayList(certificateChain_); + } + bitField0_ |= 0x00000001; + } + /** + * 
+       * The certificate chain that the server MUST use for the TLS handshake.
+       * It's a list of PEM-encoded certificates, ordered from leaf to root,
+       * excluding the root.
+       *
+ * + * repeated string certificate_chain = 1; + * @return A list containing the certificateChain. + */ + public com.google.protobuf.ProtocolStringList + getCertificateChainList() { + certificateChain_.makeImmutable(); + return certificateChain_; + } + /** + * 
+       * The certificate chain that the server MUST use for the TLS handshake.
+       * It's a list of PEM-encoded certificates, ordered from leaf to root,
+       * excluding the root.
+       *
+ * + * repeated string certificate_chain = 1; + * @return The count of certificateChain. + */ + public int getCertificateChainCount() { + return certificateChain_.size(); + } + /** + * 
+       * The certificate chain that the server MUST use for the TLS handshake.
+       * It's a list of PEM-encoded certificates, ordered from leaf to root,
+       * excluding the root.
+       *
+ * + * repeated string certificate_chain = 1; + * @param index The index of the element to return. + * @return The certificateChain at the given index. + */ + public java.lang.String getCertificateChain(int index) { + return certificateChain_.get(index); + } + /** + * 
+       * The certificate chain that the server MUST use for the TLS handshake.
+       * It's a list of PEM-encoded certificates, ordered from leaf to root,
+       * excluding the root.
+       *
+ * + * repeated string certificate_chain = 1; + * @param index The index of the value to return. + * @return The bytes of the certificateChain at the given index. + */ + public com.google.protobuf.ByteString + getCertificateChainBytes(int index) { + return certificateChain_.getByteString(index); + } + /** + * 
+       * The certificate chain that the server MUST use for the TLS handshake.
+       * It's a list of PEM-encoded certificates, ordered from leaf to root,
+       * excluding the root.
+       *
+ * + * repeated string certificate_chain = 1; + * @param index The index to set the value at. + * @param value The certificateChain to set. + * @return This builder for chaining. + */ + public Builder setCertificateChain( + int index, java.lang.String value) { + if (value == null) { throw new NullPointerException(); } + ensureCertificateChainIsMutable(); + certificateChain_.set(index, value); + bitField0_ |= 0x00000001; + onChanged(); + return this; + } + /** + * 
+       * The certificate chain that the server MUST use for the TLS handshake.
+       * It's a list of PEM-encoded certificates, ordered from leaf to root,
+       * excluding the root.
+       *
+ * + * repeated string certificate_chain = 1; + * @param value The certificateChain to add. + * @return This builder for chaining. + */ + public Builder addCertificateChain( + java.lang.String value) { + if (value == null) { throw new NullPointerException(); } + ensureCertificateChainIsMutable(); + certificateChain_.add(value); + bitField0_ |= 0x00000001; + onChanged(); + return this; + } + /** + * 
+       * The certificate chain that the server MUST use for the TLS handshake.
+       * It's a list of PEM-encoded certificates, ordered from leaf to root,
+       * excluding the root.
+       *
+ * + * repeated string certificate_chain = 1; + * @param values The certificateChain to add. + * @return This builder for chaining. + */ + public Builder addAllCertificateChain( + java.lang.Iterable values) { + ensureCertificateChainIsMutable(); + com.google.protobuf.AbstractMessageLite.Builder.addAll( + values, certificateChain_); + bitField0_ |= 0x00000001; + onChanged(); + return this; + } + /** + * 
+       * The certificate chain that the server MUST use for the TLS handshake.
+       * It's a list of PEM-encoded certificates, ordered from leaf to root,
+       * excluding the root.
+       *
+ * + * repeated string certificate_chain = 1; + * @return This builder for chaining. + */ + public Builder clearCertificateChain() { + certificateChain_ = + com.google.protobuf.LazyStringArrayList.emptyList(); + bitField0_ = (bitField0_ & ~0x00000001);; + onChanged(); + return this; + } + /** + * 
+       * The certificate chain that the server MUST use for the TLS handshake.
+       * It's a list of PEM-encoded certificates, ordered from leaf to root,
+       * excluding the root.
+       *
+ * + * repeated string certificate_chain = 1; + * @param value The bytes of the certificateChain to add. + * @return This builder for chaining. + */ + public Builder addCertificateChainBytes( + com.google.protobuf.ByteString value) { + if (value == null) { throw new NullPointerException(); } + checkByteStringIsUtf8(value); + ensureCertificateChainIsMutable(); + certificateChain_.add(value); + bitField0_ |= 0x00000001; + onChanged(); + return this; + } + + private int minTlsVersion_ = 0; + /** + * 
+       * The minimum TLS version number that the server MUST use for the TLS
+       * handshake. If this field is not provided, the server MUST use the default
+       * minimum version of the server's TLS library.
+       *
+ * + * .grpc.gcp.TLSVersion min_tls_version = 2; + * @return The enum numeric value on the wire for minTlsVersion. + */ + @java.lang.Override public int getMinTlsVersionValue() { + return minTlsVersion_; + } + /** + * 
+       * The minimum TLS version number that the server MUST use for the TLS
+       * handshake. If this field is not provided, the server MUST use the default
+       * minimum version of the server's TLS library.
+       *
+ * + * .grpc.gcp.TLSVersion min_tls_version = 2; + * @param value The enum numeric value on the wire for minTlsVersion to set. + * @return This builder for chaining. + */ + public Builder setMinTlsVersionValue(int value) { + minTlsVersion_ = value; + bitField0_ |= 0x00000002; + onChanged(); + return this; + } + /** + * 
+       * The minimum TLS version number that the server MUST use for the TLS
+       * handshake. If this field is not provided, the server MUST use the default
+       * minimum version of the server's TLS library.
+       *
+ * + * .grpc.gcp.TLSVersion min_tls_version = 2; + * @return The minTlsVersion. + */ + @java.lang.Override + public io.grpc.s2a.handshaker.TLSVersion getMinTlsVersion() { + io.grpc.s2a.handshaker.TLSVersion result = io.grpc.s2a.handshaker.TLSVersion.forNumber(minTlsVersion_); + return result == null ? io.grpc.s2a.handshaker.TLSVersion.UNRECOGNIZED : result; + } + /** + * 
+       * The minimum TLS version number that the server MUST use for the TLS
+       * handshake. If this field is not provided, the server MUST use the default
+       * minimum version of the server's TLS library.
+       *
+ * + * .grpc.gcp.TLSVersion min_tls_version = 2; + * @param value The minTlsVersion to set. + * @return This builder for chaining. + */ + public Builder setMinTlsVersion(io.grpc.s2a.handshaker.TLSVersion value) { + if (value == null) { + throw new NullPointerException(); + } + bitField0_ |= 0x00000002; + minTlsVersion_ = value.getNumber(); + onChanged(); + return this; + } + /** + * 
+       * The minimum TLS version number that the server MUST use for the TLS
+       * handshake. If this field is not provided, the server MUST use the default
+       * minimum version of the server's TLS library.
+       *
+ * + * .grpc.gcp.TLSVersion min_tls_version = 2; + * @return This builder for chaining. + */ + public Builder clearMinTlsVersion() { + bitField0_ = (bitField0_ & ~0x00000002); + minTlsVersion_ = 0; + onChanged(); + return this; + } + + private int maxTlsVersion_ = 0; + /** + * 
+       * The maximum TLS version number that the server MUST use for the TLS
+       * handshake. If this field is not provided, the server MUST use the default
+       * maximum version of the server's TLS library.
+       *
+ * + * .grpc.gcp.TLSVersion max_tls_version = 3; + * @return The enum numeric value on the wire for maxTlsVersion. + */ + @java.lang.Override public int getMaxTlsVersionValue() { + return maxTlsVersion_; + } + /** + * 
+       * The maximum TLS version number that the server MUST use for the TLS
+       * handshake. If this field is not provided, the server MUST use the default
+       * maximum version of the server's TLS library.
+       *
+ * + * .grpc.gcp.TLSVersion max_tls_version = 3; + * @param value The enum numeric value on the wire for maxTlsVersion to set. + * @return This builder for chaining. + */ + public Builder setMaxTlsVersionValue(int value) { + maxTlsVersion_ = value; + bitField0_ |= 0x00000004; + onChanged(); + return this; + } + /** + * 
+       * The maximum TLS version number that the server MUST use for the TLS
+       * handshake. If this field is not provided, the server MUST use the default
+       * maximum version of the server's TLS library.
+       *
+ * + * .grpc.gcp.TLSVersion max_tls_version = 3; + * @return The maxTlsVersion. + */ + @java.lang.Override + public io.grpc.s2a.handshaker.TLSVersion getMaxTlsVersion() { + io.grpc.s2a.handshaker.TLSVersion result = io.grpc.s2a.handshaker.TLSVersion.forNumber(maxTlsVersion_); + return result == null ? io.grpc.s2a.handshaker.TLSVersion.UNRECOGNIZED : result; + } + /** + * 
+       * The maximum TLS version number that the server MUST use for the TLS
+       * handshake. If this field is not provided, the server MUST use the default
+       * maximum version of the server's TLS library.
+       *
+ * + * .grpc.gcp.TLSVersion max_tls_version = 3; + * @param value The maxTlsVersion to set. + * @return This builder for chaining. + */ + public Builder setMaxTlsVersion(io.grpc.s2a.handshaker.TLSVersion value) { + if (value == null) { + throw new NullPointerException(); + } + bitField0_ |= 0x00000004; + maxTlsVersion_ = value.getNumber(); + onChanged(); + return this; + } + /** + * 
+       * The maximum TLS version number that the server MUST use for the TLS
+       * handshake. If this field is not provided, the server MUST use the default
+       * maximum version of the server's TLS library.
+       *
+ * + * .grpc.gcp.TLSVersion max_tls_version = 3; + * @return This builder for chaining. + */ + public Builder clearMaxTlsVersion() { + bitField0_ = (bitField0_ & ~0x00000004); + maxTlsVersion_ = 0; + onChanged(); + return this; + } + + private java.util.List ciphersuites_ = + java.util.Collections.emptyList(); + private void ensureCiphersuitesIsMutable() { + if (!((bitField0_ & 0x00000008) != 0)) { + ciphersuites_ = new java.util.ArrayList(ciphersuites_); + bitField0_ |= 0x00000008; + } + } + /** + * 
+       * The ordered list of TLS 1.0-1.2 ciphersuites that the server MAY offer to
+       * negotiate in the TLS handshake.
+       *
+ * + * repeated .grpc.gcp.Ciphersuite ciphersuites = 10; + * @return A list containing the ciphersuites. + */ + public java.util.List getCiphersuitesList() { + return new com.google.protobuf.Internal.ListAdapter< + java.lang.Integer, io.grpc.s2a.handshaker.Ciphersuite>(ciphersuites_, ciphersuites_converter_); + } + /** + * 
+       * The ordered list of TLS 1.0-1.2 ciphersuites that the server MAY offer to
+       * negotiate in the TLS handshake.
+       *
+ * + * repeated .grpc.gcp.Ciphersuite ciphersuites = 10; + * @return The count of ciphersuites. + */ + public int getCiphersuitesCount() { + return ciphersuites_.size(); + } + /** + * 
+       * The ordered list of TLS 1.0-1.2 ciphersuites that the server MAY offer to
+       * negotiate in the TLS handshake.
+       *
+ * + * repeated .grpc.gcp.Ciphersuite ciphersuites = 10; + * @param index The index of the element to return. + * @return The ciphersuites at the given index. + */ + public io.grpc.s2a.handshaker.Ciphersuite getCiphersuites(int index) { + return ciphersuites_converter_.convert(ciphersuites_.get(index)); + } + /** + * 
+       * The ordered list of TLS 1.0-1.2 ciphersuites that the server MAY offer to
+       * negotiate in the TLS handshake.
+       *
+ * + * repeated .grpc.gcp.Ciphersuite ciphersuites = 10; + * @param index The index to set the value at. + * @param value The ciphersuites to set. + * @return This builder for chaining. + */ + public Builder setCiphersuites( + int index, io.grpc.s2a.handshaker.Ciphersuite value) { + if (value == null) { + throw new NullPointerException(); + } + ensureCiphersuitesIsMutable(); + ciphersuites_.set(index, value.getNumber()); + onChanged(); + return this; + } + /** + * 
+       * The ordered list of TLS 1.0-1.2 ciphersuites that the server MAY offer to
+       * negotiate in the TLS handshake.
+       *
+ * + * repeated .grpc.gcp.Ciphersuite ciphersuites = 10; + * @param value The ciphersuites to add. + * @return This builder for chaining. + */ + public Builder addCiphersuites(io.grpc.s2a.handshaker.Ciphersuite value) { + if (value == null) { + throw new NullPointerException(); + } + ensureCiphersuitesIsMutable(); + ciphersuites_.add(value.getNumber()); + onChanged(); + return this; + } + /** + * 
+       * The ordered list of TLS 1.0-1.2 ciphersuites that the server MAY offer to
+       * negotiate in the TLS handshake.
+       *
+ * + * repeated .grpc.gcp.Ciphersuite ciphersuites = 10; + * @param values The ciphersuites to add. + * @return This builder for chaining. + */ + public Builder addAllCiphersuites( + java.lang.Iterable values) { + ensureCiphersuitesIsMutable(); + for (io.grpc.s2a.handshaker.Ciphersuite value : values) { + ciphersuites_.add(value.getNumber()); + } + onChanged(); + return this; + } + /** + * 
+       * The ordered list of TLS 1.0-1.2 ciphersuites that the server MAY offer to
+       * negotiate in the TLS handshake.
+       *
+ * + * repeated .grpc.gcp.Ciphersuite ciphersuites = 10; + * @return This builder for chaining. + */ + public Builder clearCiphersuites() { + ciphersuites_ = java.util.Collections.emptyList(); + bitField0_ = (bitField0_ & ~0x00000008); + onChanged(); + return this; + } + /** + * 
+       * The ordered list of TLS 1.0-1.2 ciphersuites that the server MAY offer to
+       * negotiate in the TLS handshake.
+       *
+ * + * repeated .grpc.gcp.Ciphersuite ciphersuites = 10; + * @return A list containing the enum numeric values on the wire for ciphersuites. + */ + public java.util.List + getCiphersuitesValueList() { + return java.util.Collections.unmodifiableList(ciphersuites_); + } + /** + * 
+       * The ordered list of TLS 1.0-1.2 ciphersuites that the server MAY offer to
+       * negotiate in the TLS handshake.
+       *
+ * + * repeated .grpc.gcp.Ciphersuite ciphersuites = 10; + * @param index The index of the value to return. + * @return The enum numeric value on the wire of ciphersuites at the given index. + */ + public int getCiphersuitesValue(int index) { + return ciphersuites_.get(index); + } + /** + * 
+       * The ordered list of TLS 1.0-1.2 ciphersuites that the server MAY offer to
+       * negotiate in the TLS handshake.
+       *
+ * + * repeated .grpc.gcp.Ciphersuite ciphersuites = 10; + * @param index The index to set the value at. + * @param value The enum numeric value on the wire for ciphersuites to set. + * @return This builder for chaining. + */ + public Builder setCiphersuitesValue( + int index, int value) { + ensureCiphersuitesIsMutable(); + ciphersuites_.set(index, value); + onChanged(); + return this; + } + /** + * 
+       * The ordered list of TLS 1.0-1.2 ciphersuites that the server MAY offer to
+       * negotiate in the TLS handshake.
+       *
+ * + * repeated .grpc.gcp.Ciphersuite ciphersuites = 10; + * @param value The enum numeric value on the wire for ciphersuites to add. + * @return This builder for chaining. + */ + public Builder addCiphersuitesValue(int value) { + ensureCiphersuitesIsMutable(); + ciphersuites_.add(value); + onChanged(); + return this; + } + /** + * 
+       * The ordered list of TLS 1.0-1.2 ciphersuites that the server MAY offer to
+       * negotiate in the TLS handshake.
+       *
+ * + * repeated .grpc.gcp.Ciphersuite ciphersuites = 10; + * @param values The enum numeric values on the wire for ciphersuites to add. + * @return This builder for chaining. + */ + public Builder addAllCiphersuitesValue( + java.lang.Iterable values) { + ensureCiphersuitesIsMutable(); + for (int value : values) { + ciphersuites_.add(value); + } + onChanged(); + return this; + } + + private boolean tlsResumptionEnabled_ ; + /** + * 
+       * Whether to enable TLS resumption.
+       *
+ * + * bool tls_resumption_enabled = 6; + * @return The tlsResumptionEnabled. + */ + @java.lang.Override + public boolean getTlsResumptionEnabled() { + return tlsResumptionEnabled_; + } + /** + * 
+       * Whether to enable TLS resumption.
+       *
+ * + * bool tls_resumption_enabled = 6; + * @param value The tlsResumptionEnabled to set. + * @return This builder for chaining. + */ + public Builder setTlsResumptionEnabled(boolean value) { + + tlsResumptionEnabled_ = value; + bitField0_ |= 0x00000010; + onChanged(); + return this; + } + /** + * 
+       * Whether to enable TLS resumption.
+       *
+ * + * bool tls_resumption_enabled = 6; + * @return This builder for chaining. + */ + public Builder clearTlsResumptionEnabled() { + bitField0_ = (bitField0_ & ~0x00000010); + tlsResumptionEnabled_ = false; + onChanged(); + return this; + } + + private int requestClientCertificate_ = 0; + /** + * 
+       * Whether the server MUST request a client certificate (i.e. to negotiate
+       * TLS vs. mTLS).
+       *
+ * + * .grpc.gcp.GetTlsConfigurationResp.ServerTlsConfiguration.RequestClientCertificate request_client_certificate = 7; + * @return The enum numeric value on the wire for requestClientCertificate. + */ + @java.lang.Override public int getRequestClientCertificateValue() { + return requestClientCertificate_; + } + /** + * 
+       * Whether the server MUST request a client certificate (i.e. to negotiate
+       * TLS vs. mTLS).
+       *
+ * + * .grpc.gcp.GetTlsConfigurationResp.ServerTlsConfiguration.RequestClientCertificate request_client_certificate = 7; + * @param value The enum numeric value on the wire for requestClientCertificate to set. + * @return This builder for chaining. + */ + public Builder setRequestClientCertificateValue(int value) { + requestClientCertificate_ = value; + bitField0_ |= 0x00000020; + onChanged(); + return this; + } + /** + * 
+       * Whether the server MUST request a client certificate (i.e. to negotiate
+       * TLS vs. mTLS).
+       *
+ * + * .grpc.gcp.GetTlsConfigurationResp.ServerTlsConfiguration.RequestClientCertificate request_client_certificate = 7; + * @return The requestClientCertificate. + */ + @java.lang.Override + public io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration.RequestClientCertificate getRequestClientCertificate() { + io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration.RequestClientCertificate result = io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration.RequestClientCertificate.forNumber(requestClientCertificate_); + return result == null ? io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration.RequestClientCertificate.UNRECOGNIZED : result; + } + /** + * 
+       * Whether the server MUST request a client certificate (i.e. to negotiate
+       * TLS vs. mTLS).
+       *
+ * + * .grpc.gcp.GetTlsConfigurationResp.ServerTlsConfiguration.RequestClientCertificate request_client_certificate = 7; + * @param value The requestClientCertificate to set. + * @return This builder for chaining. + */ + public Builder setRequestClientCertificate(io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration.RequestClientCertificate value) { + if (value == null) { + throw new NullPointerException(); + } + bitField0_ |= 0x00000020; + requestClientCertificate_ = value.getNumber(); + onChanged(); + return this; + } + /** + * 
+       * Whether the server MUST request a client certificate (i.e. to negotiate
+       * TLS vs. mTLS).
+       *
+ * + * .grpc.gcp.GetTlsConfigurationResp.ServerTlsConfiguration.RequestClientCertificate request_client_certificate = 7; + * @return This builder for chaining. + */ + public Builder clearRequestClientCertificate() { + bitField0_ = (bitField0_ & ~0x00000020); + requestClientCertificate_ = 0; + onChanged(); + return this; + } + + private int maxOverheadOfTicketAead_ ; + /** + * 
+       * Returns the maximum number of extra bytes that
+       * |OffloadResumptionKeyOperation| can add to the number of unencrypted
+       * bytes to form the encrypted bytes.
+       *
+ * + * uint32 max_overhead_of_ticket_aead = 9; + * @return The maxOverheadOfTicketAead. + */ + @java.lang.Override + public int getMaxOverheadOfTicketAead() { + return maxOverheadOfTicketAead_; + } + /** + * 
+       * Returns the maximum number of extra bytes that
+       * |OffloadResumptionKeyOperation| can add to the number of unencrypted
+       * bytes to form the encrypted bytes.
+       *
+ * + * uint32 max_overhead_of_ticket_aead = 9; + * @param value The maxOverheadOfTicketAead to set. + * @return This builder for chaining. + */ + public Builder setMaxOverheadOfTicketAead(int value) { + + maxOverheadOfTicketAead_ = value; + bitField0_ |= 0x00000040; + onChanged(); + return this; + } + /** + * 
+       * Returns the maximum number of extra bytes that
+       * |OffloadResumptionKeyOperation| can add to the number of unencrypted
+       * bytes to form the encrypted bytes.
+       *
+ * + * uint32 max_overhead_of_ticket_aead = 9; + * @return This builder for chaining. + */ + public Builder clearMaxOverheadOfTicketAead() { + bitField0_ = (bitField0_ & ~0x00000040); + maxOverheadOfTicketAead_ = 0; + onChanged(); + return this; + } + + private io.grpc.s2a.handshaker.AlpnPolicy alpnPolicy_; + private com.google.protobuf.SingleFieldBuilderV3< + io.grpc.s2a.handshaker.AlpnPolicy, io.grpc.s2a.handshaker.AlpnPolicy.Builder, io.grpc.s2a.handshaker.AlpnPolicyOrBuilder> alpnPolicyBuilder_; + /** + * 
+       * The policy that dictates how the server negotiates ALPN during the TLS
+       * handshake.
+       *
+ * + * .grpc.gcp.AlpnPolicy alpn_policy = 11; + * @return Whether the alpnPolicy field is set. + */ + public boolean hasAlpnPolicy() { + return ((bitField0_ & 0x00000080) != 0); + } + /** + * 
+       * The policy that dictates how the server negotiates ALPN during the TLS
+       * handshake.
+       *
+ * + * .grpc.gcp.AlpnPolicy alpn_policy = 11; + * @return The alpnPolicy. + */ + public io.grpc.s2a.handshaker.AlpnPolicy getAlpnPolicy() { + if (alpnPolicyBuilder_ == null) { + return alpnPolicy_ == null ? io.grpc.s2a.handshaker.AlpnPolicy.getDefaultInstance() : alpnPolicy_; + } else { + return alpnPolicyBuilder_.getMessage(); + } + } + /** + * 
+       * The policy that dictates how the server negotiates ALPN during the TLS
+       * handshake.
+       *
+ * + * .grpc.gcp.AlpnPolicy alpn_policy = 11; + */ + public Builder setAlpnPolicy(io.grpc.s2a.handshaker.AlpnPolicy value) { + if (alpnPolicyBuilder_ == null) { + if (value == null) { + throw new NullPointerException(); + } + alpnPolicy_ = value; + } else { + alpnPolicyBuilder_.setMessage(value); + } + bitField0_ |= 0x00000080; + onChanged(); + return this; + } + /** + * 
+       * The policy that dictates how the server negotiates ALPN during the TLS
+       * handshake.
+       *
+ * + * .grpc.gcp.AlpnPolicy alpn_policy = 11; + */ + public Builder setAlpnPolicy( + io.grpc.s2a.handshaker.AlpnPolicy.Builder builderForValue) { + if (alpnPolicyBuilder_ == null) { + alpnPolicy_ = builderForValue.build(); + } else { + alpnPolicyBuilder_.setMessage(builderForValue.build()); + } + bitField0_ |= 0x00000080; + onChanged(); + return this; + } + /** + * 
+       * The policy that dictates how the server negotiates ALPN during the TLS
+       * handshake.
+       *
+ * + * .grpc.gcp.AlpnPolicy alpn_policy = 11; + */ + public Builder mergeAlpnPolicy(io.grpc.s2a.handshaker.AlpnPolicy value) { + if (alpnPolicyBuilder_ == null) { + if (((bitField0_ & 0x00000080) != 0) && + alpnPolicy_ != null && + alpnPolicy_ != io.grpc.s2a.handshaker.AlpnPolicy.getDefaultInstance()) { + getAlpnPolicyBuilder().mergeFrom(value); + } else { + alpnPolicy_ = value; + } + } else { + alpnPolicyBuilder_.mergeFrom(value); + } + if (alpnPolicy_ != null) { + bitField0_ |= 0x00000080; + onChanged(); + } + return this; + } + /** + * 
+       * The policy that dictates how the server negotiates ALPN during the TLS
+       * handshake.
+       *
+ * + * .grpc.gcp.AlpnPolicy alpn_policy = 11; + */ + public Builder clearAlpnPolicy() { + bitField0_ = (bitField0_ & ~0x00000080); + alpnPolicy_ = null; + if (alpnPolicyBuilder_ != null) { + alpnPolicyBuilder_.dispose(); + alpnPolicyBuilder_ = null; + } + onChanged(); + return this; + } + /** + * 
+       * The policy that dictates how the server negotiates ALPN during the TLS
+       * handshake.
+       *
+ * + * .grpc.gcp.AlpnPolicy alpn_policy = 11; + */ + public io.grpc.s2a.handshaker.AlpnPolicy.Builder getAlpnPolicyBuilder() { + bitField0_ |= 0x00000080; + onChanged(); + return getAlpnPolicyFieldBuilder().getBuilder(); + } + /** + * 
+       * The policy that dictates how the server negotiates ALPN during the TLS
+       * handshake.
+       *
+ * + * .grpc.gcp.AlpnPolicy alpn_policy = 11; + */ + public io.grpc.s2a.handshaker.AlpnPolicyOrBuilder getAlpnPolicyOrBuilder() { + if (alpnPolicyBuilder_ != null) { + return alpnPolicyBuilder_.getMessageOrBuilder(); + } else { + return alpnPolicy_ == null ? + io.grpc.s2a.handshaker.AlpnPolicy.getDefaultInstance() : alpnPolicy_; + } + } + /** + * 
+       * The policy that dictates how the server negotiates ALPN during the TLS
+       * handshake.
+       *
+ * + * .grpc.gcp.AlpnPolicy alpn_policy = 11; + */ + private com.google.protobuf.SingleFieldBuilderV3< + io.grpc.s2a.handshaker.AlpnPolicy, io.grpc.s2a.handshaker.AlpnPolicy.Builder, io.grpc.s2a.handshaker.AlpnPolicyOrBuilder> + getAlpnPolicyFieldBuilder() { + if (alpnPolicyBuilder_ == null) { + alpnPolicyBuilder_ = new com.google.protobuf.SingleFieldBuilderV3< + io.grpc.s2a.handshaker.AlpnPolicy, io.grpc.s2a.handshaker.AlpnPolicy.Builder, io.grpc.s2a.handshaker.AlpnPolicyOrBuilder>( + getAlpnPolicy(), + getParentForChildren(), + isClean()); + alpnPolicy_ = null; + } + return alpnPolicyBuilder_; + } + @java.lang.Override + public final Builder setUnknownFields( + final com.google.protobuf.UnknownFieldSet unknownFields) { + return super.setUnknownFields(unknownFields); + } + + @java.lang.Override + public final Builder mergeUnknownFields( + final com.google.protobuf.UnknownFieldSet unknownFields) { + return super.mergeUnknownFields(unknownFields); + } + + + // @@protoc_insertion_point(builder_scope:grpc.gcp.GetTlsConfigurationResp.ServerTlsConfiguration) + } + + // @@protoc_insertion_point(class_scope:grpc.gcp.GetTlsConfigurationResp.ServerTlsConfiguration) + private static final io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration DEFAULT_INSTANCE; + static { + DEFAULT_INSTANCE = new io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration(); + } + + public static io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration getDefaultInstance() { + return DEFAULT_INSTANCE; + } + + private static final com.google.protobuf.Parser + PARSER = new com.google.protobuf.AbstractParser() { + @java.lang.Override + public ServerTlsConfiguration parsePartialFrom( + com.google.protobuf.CodedInputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + Builder builder = newBuilder(); + try { + builder.mergeFrom(input, extensionRegistry); + } catch (com.google.protobuf.InvalidProtocolBufferException e) { + throw e.setUnfinishedMessage(builder.buildPartial()); + } catch (com.google.protobuf.UninitializedMessageException e) { + throw e.asInvalidProtocolBufferException().setUnfinishedMessage(builder.buildPartial()); + } catch (java.io.IOException e) { + throw new com.google.protobuf.InvalidProtocolBufferException(e) + .setUnfinishedMessage(builder.buildPartial()); + } + return builder.buildPartial(); + } + }; + + public static com.google.protobuf.Parser parser() { + return PARSER; + } + + @java.lang.Override + public com.google.protobuf.Parser getParserForType() { + return PARSER; + } + + @java.lang.Override + public io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration getDefaultInstanceForType() { + return DEFAULT_INSTANCE; + } + + } + + private int tlsConfigurationCase_ = 0; + @SuppressWarnings("serial") + private java.lang.Object tlsConfiguration_; + public enum TlsConfigurationCase + implements com.google.protobuf.Internal.EnumLite, + com.google.protobuf.AbstractMessage.InternalOneOfEnum { + CLIENT_TLS_CONFIGURATION(1), + SERVER_TLS_CONFIGURATION(2), + TLSCONFIGURATION_NOT_SET(0); + private final int value; + private TlsConfigurationCase(int value) { + this.value = value; + } + /** + * @param value The number of the enum to look for. + * @return The enum associated with the given number. + * @deprecated Use {@link #forNumber(int)} instead. + */ + @java.lang.Deprecated + public static TlsConfigurationCase valueOf(int value) { + return forNumber(value); + } + + public static TlsConfigurationCase forNumber(int value) { + switch (value) { + case 1: return CLIENT_TLS_CONFIGURATION; + case 2: return SERVER_TLS_CONFIGURATION; + case 0: return TLSCONFIGURATION_NOT_SET; + default: return null; + } + } + public int getNumber() { + return this.value; + } + }; + + public TlsConfigurationCase + getTlsConfigurationCase() { + return TlsConfigurationCase.forNumber( + tlsConfigurationCase_); + } + + public static final int CLIENT_TLS_CONFIGURATION_FIELD_NUMBER = 1; + /** + * .grpc.gcp.GetTlsConfigurationResp.ClientTlsConfiguration client_tls_configuration = 1; + * @return Whether the clientTlsConfiguration field is set. + */ + @java.lang.Override + public boolean hasClientTlsConfiguration() { + return tlsConfigurationCase_ == 1; + } + /** + * .grpc.gcp.GetTlsConfigurationResp.ClientTlsConfiguration client_tls_configuration = 1; + * @return The clientTlsConfiguration. + */ + @java.lang.Override + public io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfiguration getClientTlsConfiguration() { + if (tlsConfigurationCase_ == 1) { + return (io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfiguration) tlsConfiguration_; + } + return io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfiguration.getDefaultInstance(); + } + /** + * .grpc.gcp.GetTlsConfigurationResp.ClientTlsConfiguration client_tls_configuration = 1; + */ + @java.lang.Override + public io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfigurationOrBuilder getClientTlsConfigurationOrBuilder() { + if (tlsConfigurationCase_ == 1) { + return (io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfiguration) tlsConfiguration_; + } + return io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfiguration.getDefaultInstance(); + } + + public static final int SERVER_TLS_CONFIGURATION_FIELD_NUMBER = 2; + /** + * .grpc.gcp.GetTlsConfigurationResp.ServerTlsConfiguration server_tls_configuration = 2; + * @return Whether the serverTlsConfiguration field is set. + */ + @java.lang.Override + public boolean hasServerTlsConfiguration() { + return tlsConfigurationCase_ == 2; + } + /** + * .grpc.gcp.GetTlsConfigurationResp.ServerTlsConfiguration server_tls_configuration = 2; + * @return The serverTlsConfiguration. + */ + @java.lang.Override + public io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration getServerTlsConfiguration() { + if (tlsConfigurationCase_ == 2) { + return (io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration) tlsConfiguration_; + } + return io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration.getDefaultInstance(); + } + /** + * .grpc.gcp.GetTlsConfigurationResp.ServerTlsConfiguration server_tls_configuration = 2; + */ + @java.lang.Override + public io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfigurationOrBuilder getServerTlsConfigurationOrBuilder() { + if (tlsConfigurationCase_ == 2) { + return (io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration) tlsConfiguration_; + } + return io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration.getDefaultInstance(); + } + + private byte memoizedIsInitialized = -1; + @java.lang.Override + public final boolean isInitialized() { + byte isInitialized = memoizedIsInitialized; + if (isInitialized == 1) return true; + if (isInitialized == 0) return false; + + memoizedIsInitialized = 1; + return true; + } + + @java.lang.Override + public void writeTo(com.google.protobuf.CodedOutputStream output) + throws java.io.IOException { + if (tlsConfigurationCase_ == 1) { + output.writeMessage(1, (io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfiguration) tlsConfiguration_); + } + if (tlsConfigurationCase_ == 2) { + output.writeMessage(2, (io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration) tlsConfiguration_); + } + getUnknownFields().writeTo(output); + } + + @java.lang.Override + public int getSerializedSize() { + int size = memoizedSize; + if (size != -1) return size; + + size = 0; + if (tlsConfigurationCase_ == 1) { + size += com.google.protobuf.CodedOutputStream + .computeMessageSize(1, (io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfiguration) tlsConfiguration_); + } + if (tlsConfigurationCase_ == 2) { + size += com.google.protobuf.CodedOutputStream + .computeMessageSize(2, (io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration) tlsConfiguration_); + } + size += getUnknownFields().getSerializedSize(); + memoizedSize = size; + return size; + } + + @java.lang.Override + public boolean equals(final java.lang.Object obj) { + if (obj == this) { + return true; + } + if (!(obj instanceof io.grpc.s2a.handshaker.GetTlsConfigurationResp)) { + return super.equals(obj); + } + io.grpc.s2a.handshaker.GetTlsConfigurationResp other = (io.grpc.s2a.handshaker.GetTlsConfigurationResp) obj; + + if (!getTlsConfigurationCase().equals(other.getTlsConfigurationCase())) return false; + switch (tlsConfigurationCase_) { + case 1: + if (!getClientTlsConfiguration() + .equals(other.getClientTlsConfiguration())) return false; + break; + case 2: + if (!getServerTlsConfiguration() + .equals(other.getServerTlsConfiguration())) return false; + break; + case 0: + default: + } + if (!getUnknownFields().equals(other.getUnknownFields())) return false; + return true; + } + + @java.lang.Override + public int hashCode() { + if (memoizedHashCode != 0) { + return memoizedHashCode; + } + int hash = 41; + hash = (19 * hash) + getDescriptor().hashCode(); + switch (tlsConfigurationCase_) { + case 1: + hash = (37 * hash) + CLIENT_TLS_CONFIGURATION_FIELD_NUMBER; + hash = (53 * hash) + getClientTlsConfiguration().hashCode(); + break; + case 2: + hash = (37 * hash) + SERVER_TLS_CONFIGURATION_FIELD_NUMBER; + hash = (53 * hash) + getServerTlsConfiguration().hashCode(); + break; + case 0: + default: + } + hash = (29 * hash) + getUnknownFields().hashCode(); + memoizedHashCode = hash; + return hash; + } + + public static io.grpc.s2a.handshaker.GetTlsConfigurationResp parseFrom( + java.nio.ByteBuffer data) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data); + } + public static io.grpc.s2a.handshaker.GetTlsConfigurationResp parseFrom( + java.nio.ByteBuffer data, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data, extensionRegistry); + } + public static io.grpc.s2a.handshaker.GetTlsConfigurationResp parseFrom( + com.google.protobuf.ByteString data) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data); + } + public static io.grpc.s2a.handshaker.GetTlsConfigurationResp parseFrom( + com.google.protobuf.ByteString data, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data, extensionRegistry); + } + public static io.grpc.s2a.handshaker.GetTlsConfigurationResp parseFrom(byte[] data) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data); + } + public static io.grpc.s2a.handshaker.GetTlsConfigurationResp parseFrom( + byte[] data, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data, extensionRegistry); + } + public static io.grpc.s2a.handshaker.GetTlsConfigurationResp parseFrom(java.io.InputStream input) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input); + } + public static io.grpc.s2a.handshaker.GetTlsConfigurationResp parseFrom( + java.io.InputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input, extensionRegistry); + } + + public static io.grpc.s2a.handshaker.GetTlsConfigurationResp parseDelimitedFrom(java.io.InputStream input) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseDelimitedWithIOException(PARSER, input); + } + + public static io.grpc.s2a.handshaker.GetTlsConfigurationResp parseDelimitedFrom( + java.io.InputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseDelimitedWithIOException(PARSER, input, extensionRegistry); + } + public static io.grpc.s2a.handshaker.GetTlsConfigurationResp parseFrom( + com.google.protobuf.CodedInputStream input) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input); + } + public static io.grpc.s2a.handshaker.GetTlsConfigurationResp parseFrom( + com.google.protobuf.CodedInputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input, extensionRegistry); + } + + @java.lang.Override + public Builder newBuilderForType() { return newBuilder(); } + public static Builder newBuilder() { + return DEFAULT_INSTANCE.toBuilder(); + } + public static Builder newBuilder(io.grpc.s2a.handshaker.GetTlsConfigurationResp prototype) { + return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype); + } + @java.lang.Override + public Builder toBuilder() { + return this == DEFAULT_INSTANCE + ? new Builder() : new Builder().mergeFrom(this); + } + + @java.lang.Override + protected Builder newBuilderForType( + com.google.protobuf.GeneratedMessageV3.BuilderParent parent) { + Builder builder = new Builder(parent); + return builder; + } + /** + * Protobuf type {@code grpc.gcp.GetTlsConfigurationResp} + */ + public static final class Builder extends + com.google.protobuf.GeneratedMessageV3.Builder implements + // @@protoc_insertion_point(builder_implements:grpc.gcp.GetTlsConfigurationResp) + io.grpc.s2a.handshaker.GetTlsConfigurationRespOrBuilder { + public static final com.google.protobuf.Descriptors.Descriptor + getDescriptor() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_GetTlsConfigurationResp_descriptor; + } + + @java.lang.Override + protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable + internalGetFieldAccessorTable() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_GetTlsConfigurationResp_fieldAccessorTable + .ensureFieldAccessorsInitialized( + io.grpc.s2a.handshaker.GetTlsConfigurationResp.class, io.grpc.s2a.handshaker.GetTlsConfigurationResp.Builder.class); + } + + // Construct using io.grpc.s2a.handshaker.GetTlsConfigurationResp.newBuilder() + private Builder() { + + } + + private Builder( + com.google.protobuf.GeneratedMessageV3.BuilderParent parent) { + super(parent); + + } + @java.lang.Override + public Builder clear() { + super.clear(); + bitField0_ = 0; + if (clientTlsConfigurationBuilder_ != null) { + clientTlsConfigurationBuilder_.clear(); + } + if (serverTlsConfigurationBuilder_ != null) { + serverTlsConfigurationBuilder_.clear(); + } + tlsConfigurationCase_ = 0; + tlsConfiguration_ = null; + return this; + } + + @java.lang.Override + public com.google.protobuf.Descriptors.Descriptor + getDescriptorForType() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_GetTlsConfigurationResp_descriptor; + } + + @java.lang.Override + public io.grpc.s2a.handshaker.GetTlsConfigurationResp getDefaultInstanceForType() { + return io.grpc.s2a.handshaker.GetTlsConfigurationResp.getDefaultInstance(); + } + + @java.lang.Override + public io.grpc.s2a.handshaker.GetTlsConfigurationResp build() { + io.grpc.s2a.handshaker.GetTlsConfigurationResp result = buildPartial(); + if (!result.isInitialized()) { + throw newUninitializedMessageException(result); + } + return result; + } + + @java.lang.Override + public io.grpc.s2a.handshaker.GetTlsConfigurationResp buildPartial() { + io.grpc.s2a.handshaker.GetTlsConfigurationResp result = new io.grpc.s2a.handshaker.GetTlsConfigurationResp(this); + if (bitField0_ != 0) { buildPartial0(result); } + buildPartialOneofs(result); + onBuilt(); + return result; + } + + private void buildPartial0(io.grpc.s2a.handshaker.GetTlsConfigurationResp result) { + int from_bitField0_ = bitField0_; + } + + private void buildPartialOneofs(io.grpc.s2a.handshaker.GetTlsConfigurationResp result) { + result.tlsConfigurationCase_ = tlsConfigurationCase_; + result.tlsConfiguration_ = this.tlsConfiguration_; + if (tlsConfigurationCase_ == 1 && + clientTlsConfigurationBuilder_ != null) { + result.tlsConfiguration_ = clientTlsConfigurationBuilder_.build(); + } + if (tlsConfigurationCase_ == 2 && + serverTlsConfigurationBuilder_ != null) { + result.tlsConfiguration_ = serverTlsConfigurationBuilder_.build(); + } + } + + @java.lang.Override + public Builder clone() { + return super.clone(); + } + @java.lang.Override + public Builder setField( + com.google.protobuf.Descriptors.FieldDescriptor field, + java.lang.Object value) { + return super.setField(field, value); + } + @java.lang.Override + public Builder clearField( + com.google.protobuf.Descriptors.FieldDescriptor field) { + return super.clearField(field); + } + @java.lang.Override + public Builder clearOneof( + com.google.protobuf.Descriptors.OneofDescriptor oneof) { + return super.clearOneof(oneof); + } + @java.lang.Override + public Builder setRepeatedField( + com.google.protobuf.Descriptors.FieldDescriptor field, + int index, java.lang.Object value) { + return super.setRepeatedField(field, index, value); + } + @java.lang.Override + public Builder addRepeatedField( + com.google.protobuf.Descriptors.FieldDescriptor field, + java.lang.Object value) { + return super.addRepeatedField(field, value); + } + @java.lang.Override + public Builder mergeFrom(com.google.protobuf.Message other) { + if (other instanceof io.grpc.s2a.handshaker.GetTlsConfigurationResp) { + return mergeFrom((io.grpc.s2a.handshaker.GetTlsConfigurationResp)other); + } else { + super.mergeFrom(other); + return this; + } + } + + public Builder mergeFrom(io.grpc.s2a.handshaker.GetTlsConfigurationResp other) { + if (other == io.grpc.s2a.handshaker.GetTlsConfigurationResp.getDefaultInstance()) return this; + switch (other.getTlsConfigurationCase()) { + case CLIENT_TLS_CONFIGURATION: { + mergeClientTlsConfiguration(other.getClientTlsConfiguration()); + break; + } + case SERVER_TLS_CONFIGURATION: { + mergeServerTlsConfiguration(other.getServerTlsConfiguration()); + break; + } + case TLSCONFIGURATION_NOT_SET: { + break; + } + } + this.mergeUnknownFields(other.getUnknownFields()); + onChanged(); + return this; + } + + @java.lang.Override + public final boolean isInitialized() { + return true; + } + + @java.lang.Override + public Builder mergeFrom( + com.google.protobuf.CodedInputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + if (extensionRegistry == null) { + throw new java.lang.NullPointerException(); + } + try { + boolean done = false; + while (!done) { + int tag = input.readTag(); + switch (tag) { + case 0: + done = true; + break; + case 10: { + input.readMessage( + getClientTlsConfigurationFieldBuilder().getBuilder(), + extensionRegistry); + tlsConfigurationCase_ = 1; + break; + } // case 10 + case 18: { + input.readMessage( + getServerTlsConfigurationFieldBuilder().getBuilder(), + extensionRegistry); + tlsConfigurationCase_ = 2; + break; + } // case 18 + default: { + if (!super.parseUnknownField(input, extensionRegistry, tag)) { + done = true; // was an endgroup tag + } + break; + } // default: + } // switch (tag) + } // while (!done) + } catch (com.google.protobuf.InvalidProtocolBufferException e) { + throw e.unwrapIOException(); + } finally { + onChanged(); + } // finally + return this; + } + private int tlsConfigurationCase_ = 0; + private java.lang.Object tlsConfiguration_; + public TlsConfigurationCase + getTlsConfigurationCase() { + return TlsConfigurationCase.forNumber( + tlsConfigurationCase_); + } + + public Builder clearTlsConfiguration() { + tlsConfigurationCase_ = 0; + tlsConfiguration_ = null; + onChanged(); + return this; + } + + private int bitField0_; + + private com.google.protobuf.SingleFieldBuilderV3< + io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfiguration, io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfiguration.Builder, io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfigurationOrBuilder> clientTlsConfigurationBuilder_; + /** + * .grpc.gcp.GetTlsConfigurationResp.ClientTlsConfiguration client_tls_configuration = 1; + * @return Whether the clientTlsConfiguration field is set. + */ + @java.lang.Override + public boolean hasClientTlsConfiguration() { + return tlsConfigurationCase_ == 1; + } + /** + * .grpc.gcp.GetTlsConfigurationResp.ClientTlsConfiguration client_tls_configuration = 1; + * @return The clientTlsConfiguration. + */ + @java.lang.Override + public io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfiguration getClientTlsConfiguration() { + if (clientTlsConfigurationBuilder_ == null) { + if (tlsConfigurationCase_ == 1) { + return (io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfiguration) tlsConfiguration_; + } + return io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfiguration.getDefaultInstance(); + } else { + if (tlsConfigurationCase_ == 1) { + return clientTlsConfigurationBuilder_.getMessage(); + } + return io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfiguration.getDefaultInstance(); + } + } + /** + * .grpc.gcp.GetTlsConfigurationResp.ClientTlsConfiguration client_tls_configuration = 1; + */ + public Builder setClientTlsConfiguration(io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfiguration value) { + if (clientTlsConfigurationBuilder_ == null) { + if (value == null) { + throw new NullPointerException(); + } + tlsConfiguration_ = value; + onChanged(); + } else { + clientTlsConfigurationBuilder_.setMessage(value); + } + tlsConfigurationCase_ = 1; + return this; + } + /** + * .grpc.gcp.GetTlsConfigurationResp.ClientTlsConfiguration client_tls_configuration = 1; + */ + public Builder setClientTlsConfiguration( + io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfiguration.Builder builderForValue) { + if (clientTlsConfigurationBuilder_ == null) { + tlsConfiguration_ = builderForValue.build(); + onChanged(); + } else { + clientTlsConfigurationBuilder_.setMessage(builderForValue.build()); + } + tlsConfigurationCase_ = 1; + return this; + } + /** + * .grpc.gcp.GetTlsConfigurationResp.ClientTlsConfiguration client_tls_configuration = 1; + */ + public Builder mergeClientTlsConfiguration(io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfiguration value) { + if (clientTlsConfigurationBuilder_ == null) { + if (tlsConfigurationCase_ == 1 && + tlsConfiguration_ != io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfiguration.getDefaultInstance()) { + tlsConfiguration_ = io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfiguration.newBuilder((io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfiguration) tlsConfiguration_) + .mergeFrom(value).buildPartial(); + } else { + tlsConfiguration_ = value; + } + onChanged(); + } else { + if (tlsConfigurationCase_ == 1) { + clientTlsConfigurationBuilder_.mergeFrom(value); + } else { + clientTlsConfigurationBuilder_.setMessage(value); + } + } + tlsConfigurationCase_ = 1; + return this; + } + /** + * .grpc.gcp.GetTlsConfigurationResp.ClientTlsConfiguration client_tls_configuration = 1; + */ + public Builder clearClientTlsConfiguration() { + if (clientTlsConfigurationBuilder_ == null) { + if (tlsConfigurationCase_ == 1) { + tlsConfigurationCase_ = 0; + tlsConfiguration_ = null; + onChanged(); + } + } else { + if (tlsConfigurationCase_ == 1) { + tlsConfigurationCase_ = 0; + tlsConfiguration_ = null; + } + clientTlsConfigurationBuilder_.clear(); + } + return this; + } + /** + * .grpc.gcp.GetTlsConfigurationResp.ClientTlsConfiguration client_tls_configuration = 1; + */ + public io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfiguration.Builder getClientTlsConfigurationBuilder() { + return getClientTlsConfigurationFieldBuilder().getBuilder(); + } + /** + * .grpc.gcp.GetTlsConfigurationResp.ClientTlsConfiguration client_tls_configuration = 1; + */ + @java.lang.Override + public io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfigurationOrBuilder getClientTlsConfigurationOrBuilder() { + if ((tlsConfigurationCase_ == 1) && (clientTlsConfigurationBuilder_ != null)) { + return clientTlsConfigurationBuilder_.getMessageOrBuilder(); + } else { + if (tlsConfigurationCase_ == 1) { + return (io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfiguration) tlsConfiguration_; + } + return io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfiguration.getDefaultInstance(); + } + } + /** + * .grpc.gcp.GetTlsConfigurationResp.ClientTlsConfiguration client_tls_configuration = 1; + */ + private com.google.protobuf.SingleFieldBuilderV3< + io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfiguration, io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfiguration.Builder, io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfigurationOrBuilder> + getClientTlsConfigurationFieldBuilder() { + if (clientTlsConfigurationBuilder_ == null) { + if (!(tlsConfigurationCase_ == 1)) { + tlsConfiguration_ = io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfiguration.getDefaultInstance(); + } + clientTlsConfigurationBuilder_ = new com.google.protobuf.SingleFieldBuilderV3< + io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfiguration, io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfiguration.Builder, io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfigurationOrBuilder>( + (io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfiguration) tlsConfiguration_, + getParentForChildren(), + isClean()); + tlsConfiguration_ = null; + } + tlsConfigurationCase_ = 1; + onChanged(); + return clientTlsConfigurationBuilder_; + } + + private com.google.protobuf.SingleFieldBuilderV3< + io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration, io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration.Builder, io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfigurationOrBuilder> serverTlsConfigurationBuilder_; + /** + * .grpc.gcp.GetTlsConfigurationResp.ServerTlsConfiguration server_tls_configuration = 2; + * @return Whether the serverTlsConfiguration field is set. + */ + @java.lang.Override + public boolean hasServerTlsConfiguration() { + return tlsConfigurationCase_ == 2; + } + /** + * .grpc.gcp.GetTlsConfigurationResp.ServerTlsConfiguration server_tls_configuration = 2; + * @return The serverTlsConfiguration. + */ + @java.lang.Override + public io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration getServerTlsConfiguration() { + if (serverTlsConfigurationBuilder_ == null) { + if (tlsConfigurationCase_ == 2) { + return (io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration) tlsConfiguration_; + } + return io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration.getDefaultInstance(); + } else { + if (tlsConfigurationCase_ == 2) { + return serverTlsConfigurationBuilder_.getMessage(); + } + return io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration.getDefaultInstance(); + } + } + /** + * .grpc.gcp.GetTlsConfigurationResp.ServerTlsConfiguration server_tls_configuration = 2; + */ + public Builder setServerTlsConfiguration(io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration value) { + if (serverTlsConfigurationBuilder_ == null) { + if (value == null) { + throw new NullPointerException(); + } + tlsConfiguration_ = value; + onChanged(); + } else { + serverTlsConfigurationBuilder_.setMessage(value); + } + tlsConfigurationCase_ = 2; + return this; + } + /** + * .grpc.gcp.GetTlsConfigurationResp.ServerTlsConfiguration server_tls_configuration = 2; + */ + public Builder setServerTlsConfiguration( + io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration.Builder builderForValue) { + if (serverTlsConfigurationBuilder_ == null) { + tlsConfiguration_ = builderForValue.build(); + onChanged(); + } else { + serverTlsConfigurationBuilder_.setMessage(builderForValue.build()); + } + tlsConfigurationCase_ = 2; + return this; + } + /** + * .grpc.gcp.GetTlsConfigurationResp.ServerTlsConfiguration server_tls_configuration = 2; + */ + public Builder mergeServerTlsConfiguration(io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration value) { + if (serverTlsConfigurationBuilder_ == null) { + if (tlsConfigurationCase_ == 2 && + tlsConfiguration_ != io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration.getDefaultInstance()) { + tlsConfiguration_ = io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration.newBuilder((io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration) tlsConfiguration_) + .mergeFrom(value).buildPartial(); + } else { + tlsConfiguration_ = value; + } + onChanged(); + } else { + if (tlsConfigurationCase_ == 2) { + serverTlsConfigurationBuilder_.mergeFrom(value); + } else { + serverTlsConfigurationBuilder_.setMessage(value); + } + } + tlsConfigurationCase_ = 2; + return this; + } + /** + * .grpc.gcp.GetTlsConfigurationResp.ServerTlsConfiguration server_tls_configuration = 2; + */ + public Builder clearServerTlsConfiguration() { + if (serverTlsConfigurationBuilder_ == null) { + if (tlsConfigurationCase_ == 2) { + tlsConfigurationCase_ = 0; + tlsConfiguration_ = null; + onChanged(); + } + } else { + if (tlsConfigurationCase_ == 2) { + tlsConfigurationCase_ = 0; + tlsConfiguration_ = null; + } + serverTlsConfigurationBuilder_.clear(); + } + return this; + } + /** + * .grpc.gcp.GetTlsConfigurationResp.ServerTlsConfiguration server_tls_configuration = 2; + */ + public io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration.Builder getServerTlsConfigurationBuilder() { + return getServerTlsConfigurationFieldBuilder().getBuilder(); + } + /** + * .grpc.gcp.GetTlsConfigurationResp.ServerTlsConfiguration server_tls_configuration = 2; + */ + @java.lang.Override + public io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfigurationOrBuilder getServerTlsConfigurationOrBuilder() { + if ((tlsConfigurationCase_ == 2) && (serverTlsConfigurationBuilder_ != null)) { + return serverTlsConfigurationBuilder_.getMessageOrBuilder(); + } else { + if (tlsConfigurationCase_ == 2) { + return (io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration) tlsConfiguration_; + } + return io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration.getDefaultInstance(); + } + } + /** + * .grpc.gcp.GetTlsConfigurationResp.ServerTlsConfiguration server_tls_configuration = 2; + */ + private com.google.protobuf.SingleFieldBuilderV3< + io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration, io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration.Builder, io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfigurationOrBuilder> + getServerTlsConfigurationFieldBuilder() { + if (serverTlsConfigurationBuilder_ == null) { + if (!(tlsConfigurationCase_ == 2)) { + tlsConfiguration_ = io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration.getDefaultInstance(); + } + serverTlsConfigurationBuilder_ = new com.google.protobuf.SingleFieldBuilderV3< + io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration, io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration.Builder, io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfigurationOrBuilder>( + (io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration) tlsConfiguration_, + getParentForChildren(), + isClean()); + tlsConfiguration_ = null; + } + tlsConfigurationCase_ = 2; + onChanged(); + return serverTlsConfigurationBuilder_; + } + @java.lang.Override + public final Builder setUnknownFields( + final com.google.protobuf.UnknownFieldSet unknownFields) { + return super.setUnknownFields(unknownFields); + } + + @java.lang.Override + public final Builder mergeUnknownFields( + final com.google.protobuf.UnknownFieldSet unknownFields) { + return super.mergeUnknownFields(unknownFields); + } + + + // @@protoc_insertion_point(builder_scope:grpc.gcp.GetTlsConfigurationResp) + } + + // @@protoc_insertion_point(class_scope:grpc.gcp.GetTlsConfigurationResp) + private static final io.grpc.s2a.handshaker.GetTlsConfigurationResp DEFAULT_INSTANCE; + static { + DEFAULT_INSTANCE = new io.grpc.s2a.handshaker.GetTlsConfigurationResp(); + } + + public static io.grpc.s2a.handshaker.GetTlsConfigurationResp getDefaultInstance() { + return DEFAULT_INSTANCE; + } + + private static final com.google.protobuf.Parser + PARSER = new com.google.protobuf.AbstractParser() { + @java.lang.Override + public GetTlsConfigurationResp parsePartialFrom( + com.google.protobuf.CodedInputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + Builder builder = newBuilder(); + try { + builder.mergeFrom(input, extensionRegistry); + } catch (com.google.protobuf.InvalidProtocolBufferException e) { + throw e.setUnfinishedMessage(builder.buildPartial()); + } catch (com.google.protobuf.UninitializedMessageException e) { + throw e.asInvalidProtocolBufferException().setUnfinishedMessage(builder.buildPartial()); + } catch (java.io.IOException e) { + throw new com.google.protobuf.InvalidProtocolBufferException(e) + .setUnfinishedMessage(builder.buildPartial()); + } + return builder.buildPartial(); + } + }; + + public static com.google.protobuf.Parser parser() { + return PARSER; + } + + @java.lang.Override + public com.google.protobuf.Parser getParserForType() { + return PARSER; + } + + @java.lang.Override + public io.grpc.s2a.handshaker.GetTlsConfigurationResp getDefaultInstanceForType() { + return DEFAULT_INSTANCE; + } + +} + diff --git a/s2a/src/generated/main/java/io/grpc/s2a/handshaker/GetTlsConfigurationRespOrBuilder.java b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/GetTlsConfigurationRespOrBuilder.java new file mode 100644 index 000000000000..0a93d5fc9c3b --- /dev/null +++ b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/GetTlsConfigurationRespOrBuilder.java @@ -0,0 +1,42 @@ +// Generated by the protocol buffer compiler. DO NOT EDIT! +// source: s2a.proto + +// Protobuf Java Version: 3.25.1 +package io.grpc.s2a.handshaker; + +public interface GetTlsConfigurationRespOrBuilder extends + // @@protoc_insertion_point(interface_extends:grpc.gcp.GetTlsConfigurationResp) + com.google.protobuf.MessageOrBuilder { + + /** + * .grpc.gcp.GetTlsConfigurationResp.ClientTlsConfiguration client_tls_configuration = 1; + * @return Whether the clientTlsConfiguration field is set. + */ + boolean hasClientTlsConfiguration(); + /** + * .grpc.gcp.GetTlsConfigurationResp.ClientTlsConfiguration client_tls_configuration = 1; + * @return The clientTlsConfiguration. + */ + io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfiguration getClientTlsConfiguration(); + /** + * .grpc.gcp.GetTlsConfigurationResp.ClientTlsConfiguration client_tls_configuration = 1; + */ + io.grpc.s2a.handshaker.GetTlsConfigurationResp.ClientTlsConfigurationOrBuilder getClientTlsConfigurationOrBuilder(); + + /** + * .grpc.gcp.GetTlsConfigurationResp.ServerTlsConfiguration server_tls_configuration = 2; + * @return Whether the serverTlsConfiguration field is set. + */ + boolean hasServerTlsConfiguration(); + /** + * .grpc.gcp.GetTlsConfigurationResp.ServerTlsConfiguration server_tls_configuration = 2; + * @return The serverTlsConfiguration. + */ + io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfiguration getServerTlsConfiguration(); + /** + * .grpc.gcp.GetTlsConfigurationResp.ServerTlsConfiguration server_tls_configuration = 2; + */ + io.grpc.s2a.handshaker.GetTlsConfigurationResp.ServerTlsConfigurationOrBuilder getServerTlsConfigurationOrBuilder(); + + io.grpc.s2a.handshaker.GetTlsConfigurationResp.TlsConfigurationCase getTlsConfigurationCase(); +} diff --git a/s2a/src/generated/main/java/io/grpc/s2a/handshaker/Identity.java b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/Identity.java new file mode 100644 index 000000000000..40e962d89d53 --- /dev/null +++ b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/Identity.java @@ -0,0 +1,1849 @@ +// Generated by the protocol buffer compiler. DO NOT EDIT! +// source: common.proto + +// Protobuf Java Version: 3.25.1 +package io.grpc.s2a.handshaker; + +/** + * Protobuf type {@code grpc.gcp.Identity} + */ +public final class Identity extends + com.google.protobuf.GeneratedMessageV3 implements + // @@protoc_insertion_point(message_implements:grpc.gcp.Identity) + IdentityOrBuilder { +private static final long serialVersionUID = 0L; + // Use Identity.newBuilder() to construct. + private Identity(com.google.protobuf.GeneratedMessageV3.Builder builder) { + super(builder); + } + private Identity() { + } + + @java.lang.Override + @SuppressWarnings({"unused"}) + protected java.lang.Object newInstance( + UnusedPrivateParameter unused) { + return new Identity(); + } + + public static final com.google.protobuf.Descriptors.Descriptor + getDescriptor() { + return io.grpc.s2a.handshaker.CommonProto.internal_static_grpc_gcp_Identity_descriptor; + } + + @SuppressWarnings({"rawtypes"}) + @java.lang.Override + protected com.google.protobuf.MapFieldReflectionAccessor internalGetMapFieldReflection( + int number) { + switch (number) { + case 3: + return internalGetAttributes(); + default: + throw new RuntimeException( + "Invalid map field number: " + number); + } + } + @java.lang.Override + protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable + internalGetFieldAccessorTable() { + return io.grpc.s2a.handshaker.CommonProto.internal_static_grpc_gcp_Identity_fieldAccessorTable + .ensureFieldAccessorsInitialized( + io.grpc.s2a.handshaker.Identity.class, io.grpc.s2a.handshaker.Identity.Builder.class); + } + + private int identityOneofCase_ = 0; + @SuppressWarnings("serial") + private java.lang.Object identityOneof_; + public enum IdentityOneofCase + implements com.google.protobuf.Internal.EnumLite, + com.google.protobuf.AbstractMessage.InternalOneOfEnum { + SPIFFE_ID(1), + HOSTNAME(2), + UID(4), + MDB_USERNAME(5), + GAIA_ID(6), + IDENTITYONEOF_NOT_SET(0); + private final int value; + private IdentityOneofCase(int value) { + this.value = value; + } + /** + * @param value The number of the enum to look for. + * @return The enum associated with the given number. + * @deprecated Use {@link #forNumber(int)} instead. + */ + @java.lang.Deprecated + public static IdentityOneofCase valueOf(int value) { + return forNumber(value); + } + + public static IdentityOneofCase forNumber(int value) { + switch (value) { + case 1: return SPIFFE_ID; + case 2: return HOSTNAME; + case 4: return UID; + case 5: return MDB_USERNAME; + case 6: return GAIA_ID; + case 0: return IDENTITYONEOF_NOT_SET; + default: return null; + } + } + public int getNumber() { + return this.value; + } + }; + + public IdentityOneofCase + getIdentityOneofCase() { + return IdentityOneofCase.forNumber( + identityOneofCase_); + } + + public static final int SPIFFE_ID_FIELD_NUMBER = 1; + /** + * 
+   * The SPIFFE ID of a connection endpoint.
+   *
+ * + * string spiffe_id = 1; + * @return Whether the spiffeId field is set. + */ + public boolean hasSpiffeId() { + return identityOneofCase_ == 1; + } + /** + * 
+   * The SPIFFE ID of a connection endpoint.
+   *
+ * + * string spiffe_id = 1; + * @return The spiffeId. + */ + public java.lang.String getSpiffeId() { + java.lang.Object ref = ""; + if (identityOneofCase_ == 1) { + ref = identityOneof_; + } + if (ref instanceof java.lang.String) { + return (java.lang.String) ref; + } else { + com.google.protobuf.ByteString bs = + (com.google.protobuf.ByteString) ref; + java.lang.String s = bs.toStringUtf8(); + if (identityOneofCase_ == 1) { + identityOneof_ = s; + } + return s; + } + } + /** + * 
+   * The SPIFFE ID of a connection endpoint.
+   *
+ * + * string spiffe_id = 1; + * @return The bytes for spiffeId. + */ + public com.google.protobuf.ByteString + getSpiffeIdBytes() { + java.lang.Object ref = ""; + if (identityOneofCase_ == 1) { + ref = identityOneof_; + } + if (ref instanceof java.lang.String) { + com.google.protobuf.ByteString b = + com.google.protobuf.ByteString.copyFromUtf8( + (java.lang.String) ref); + if (identityOneofCase_ == 1) { + identityOneof_ = b; + } + return b; + } else { + return (com.google.protobuf.ByteString) ref; + } + } + + public static final int HOSTNAME_FIELD_NUMBER = 2; + /** + * 
+   * The hostname of a connection endpoint.
+   *
+ * + * string hostname = 2; + * @return Whether the hostname field is set. + */ + public boolean hasHostname() { + return identityOneofCase_ == 2; + } + /** + * 
+   * The hostname of a connection endpoint.
+   *
+ * + * string hostname = 2; + * @return The hostname. + */ + public java.lang.String getHostname() { + java.lang.Object ref = ""; + if (identityOneofCase_ == 2) { + ref = identityOneof_; + } + if (ref instanceof java.lang.String) { + return (java.lang.String) ref; + } else { + com.google.protobuf.ByteString bs = + (com.google.protobuf.ByteString) ref; + java.lang.String s = bs.toStringUtf8(); + if (identityOneofCase_ == 2) { + identityOneof_ = s; + } + return s; + } + } + /** + * 
+   * The hostname of a connection endpoint.
+   *
+ * + * string hostname = 2; + * @return The bytes for hostname. + */ + public com.google.protobuf.ByteString + getHostnameBytes() { + java.lang.Object ref = ""; + if (identityOneofCase_ == 2) { + ref = identityOneof_; + } + if (ref instanceof java.lang.String) { + com.google.protobuf.ByteString b = + com.google.protobuf.ByteString.copyFromUtf8( + (java.lang.String) ref); + if (identityOneofCase_ == 2) { + identityOneof_ = b; + } + return b; + } else { + return (com.google.protobuf.ByteString) ref; + } + } + + public static final int UID_FIELD_NUMBER = 4; + /** + * 
+   * The UID of a connection endpoint.
+   *
+ * + * string uid = 4; + * @return Whether the uid field is set. + */ + public boolean hasUid() { + return identityOneofCase_ == 4; + } + /** + * 
+   * The UID of a connection endpoint.
+   *
+ * + * string uid = 4; + * @return The uid. + */ + public java.lang.String getUid() { + java.lang.Object ref = ""; + if (identityOneofCase_ == 4) { + ref = identityOneof_; + } + if (ref instanceof java.lang.String) { + return (java.lang.String) ref; + } else { + com.google.protobuf.ByteString bs = + (com.google.protobuf.ByteString) ref; + java.lang.String s = bs.toStringUtf8(); + if (identityOneofCase_ == 4) { + identityOneof_ = s; + } + return s; + } + } + /** + * 
+   * The UID of a connection endpoint.
+   *
+ * + * string uid = 4; + * @return The bytes for uid. + */ + public com.google.protobuf.ByteString + getUidBytes() { + java.lang.Object ref = ""; + if (identityOneofCase_ == 4) { + ref = identityOneof_; + } + if (ref instanceof java.lang.String) { + com.google.protobuf.ByteString b = + com.google.protobuf.ByteString.copyFromUtf8( + (java.lang.String) ref); + if (identityOneofCase_ == 4) { + identityOneof_ = b; + } + return b; + } else { + return (com.google.protobuf.ByteString) ref; + } + } + + public static final int MDB_USERNAME_FIELD_NUMBER = 5; + /** + * 
+   * The MDB username of a connection endpoint.
+   *
+ * + * string mdb_username = 5; + * @return Whether the mdbUsername field is set. + */ + public boolean hasMdbUsername() { + return identityOneofCase_ == 5; + } + /** + * 
+   * The MDB username of a connection endpoint.
+   *
+ * + * string mdb_username = 5; + * @return The mdbUsername. + */ + public java.lang.String getMdbUsername() { + java.lang.Object ref = ""; + if (identityOneofCase_ == 5) { + ref = identityOneof_; + } + if (ref instanceof java.lang.String) { + return (java.lang.String) ref; + } else { + com.google.protobuf.ByteString bs = + (com.google.protobuf.ByteString) ref; + java.lang.String s = bs.toStringUtf8(); + if (identityOneofCase_ == 5) { + identityOneof_ = s; + } + return s; + } + } + /** + * 
+   * The MDB username of a connection endpoint.
+   *
+ * + * string mdb_username = 5; + * @return The bytes for mdbUsername. + */ + public com.google.protobuf.ByteString + getMdbUsernameBytes() { + java.lang.Object ref = ""; + if (identityOneofCase_ == 5) { + ref = identityOneof_; + } + if (ref instanceof java.lang.String) { + com.google.protobuf.ByteString b = + com.google.protobuf.ByteString.copyFromUtf8( + (java.lang.String) ref); + if (identityOneofCase_ == 5) { + identityOneof_ = b; + } + return b; + } else { + return (com.google.protobuf.ByteString) ref; + } + } + + public static final int GAIA_ID_FIELD_NUMBER = 6; + /** + * 
+   * The Gaia ID of a connection endpoint.
+   *
+ * + * string gaia_id = 6; + * @return Whether the gaiaId field is set. + */ + public boolean hasGaiaId() { + return identityOneofCase_ == 6; + } + /** + * 
+   * The Gaia ID of a connection endpoint.
+   *
+ * + * string gaia_id = 6; + * @return The gaiaId. + */ + public java.lang.String getGaiaId() { + java.lang.Object ref = ""; + if (identityOneofCase_ == 6) { + ref = identityOneof_; + } + if (ref instanceof java.lang.String) { + return (java.lang.String) ref; + } else { + com.google.protobuf.ByteString bs = + (com.google.protobuf.ByteString) ref; + java.lang.String s = bs.toStringUtf8(); + if (identityOneofCase_ == 6) { + identityOneof_ = s; + } + return s; + } + } + /** + * 
+   * The Gaia ID of a connection endpoint.
+   *
+ * + * string gaia_id = 6; + * @return The bytes for gaiaId. + */ + public com.google.protobuf.ByteString + getGaiaIdBytes() { + java.lang.Object ref = ""; + if (identityOneofCase_ == 6) { + ref = identityOneof_; + } + if (ref instanceof java.lang.String) { + com.google.protobuf.ByteString b = + com.google.protobuf.ByteString.copyFromUtf8( + (java.lang.String) ref); + if (identityOneofCase_ == 6) { + identityOneof_ = b; + } + return b; + } else { + return (com.google.protobuf.ByteString) ref; + } + } + + public static final int ATTRIBUTES_FIELD_NUMBER = 3; + private static final class AttributesDefaultEntryHolder { + static final com.google.protobuf.MapEntry< + java.lang.String, java.lang.String> defaultEntry = + com.google.protobuf.MapEntry + .newDefaultInstance( + io.grpc.s2a.handshaker.CommonProto.internal_static_grpc_gcp_Identity_AttributesEntry_descriptor, + com.google.protobuf.WireFormat.FieldType.STRING, + "", + com.google.protobuf.WireFormat.FieldType.STRING, + ""); + } + @SuppressWarnings("serial") + private com.google.protobuf.MapField< + java.lang.String, java.lang.String> attributes_; + private com.google.protobuf.MapField + internalGetAttributes() { + if (attributes_ == null) { + return com.google.protobuf.MapField.emptyMapField( + AttributesDefaultEntryHolder.defaultEntry); + } + return attributes_; + } + public int getAttributesCount() { + return internalGetAttributes().getMap().size(); + } + /** + * 
+   * Additional identity-specific attributes.
+   *
+ * + * map<string, string> attributes = 3; + */ + @java.lang.Override + public boolean containsAttributes( + java.lang.String key) { + if (key == null) { throw new NullPointerException("map key"); } + return internalGetAttributes().getMap().containsKey(key); + } + /** + * Use {@link #getAttributesMap()} instead. + */ + @java.lang.Override + @java.lang.Deprecated + public java.util.Map getAttributes() { + return getAttributesMap(); + } + /** + * 
+   * Additional identity-specific attributes.
+   *
+ * + * map<string, string> attributes = 3; + */ + @java.lang.Override + public java.util.Map getAttributesMap() { + return internalGetAttributes().getMap(); + } + /** + * 
+   * Additional identity-specific attributes.
+   *
+ * + * map<string, string> attributes = 3; + */ + @java.lang.Override + public /* nullable */ +java.lang.String getAttributesOrDefault( + java.lang.String key, + /* nullable */ +java.lang.String defaultValue) { + if (key == null) { throw new NullPointerException("map key"); } + java.util.Map map = + internalGetAttributes().getMap(); + return map.containsKey(key) ? map.get(key) : defaultValue; + } + /** + * 
+   * Additional identity-specific attributes.
+   *
+ * + * map<string, string> attributes = 3; + */ + @java.lang.Override + public java.lang.String getAttributesOrThrow( + java.lang.String key) { + if (key == null) { throw new NullPointerException("map key"); } + java.util.Map map = + internalGetAttributes().getMap(); + if (!map.containsKey(key)) { + throw new java.lang.IllegalArgumentException(); + } + return map.get(key); + } + + private byte memoizedIsInitialized = -1; + @java.lang.Override + public final boolean isInitialized() { + byte isInitialized = memoizedIsInitialized; + if (isInitialized == 1) return true; + if (isInitialized == 0) return false; + + memoizedIsInitialized = 1; + return true; + } + + @java.lang.Override + public void writeTo(com.google.protobuf.CodedOutputStream output) + throws java.io.IOException { + if (identityOneofCase_ == 1) { + com.google.protobuf.GeneratedMessageV3.writeString(output, 1, identityOneof_); + } + if (identityOneofCase_ == 2) { + com.google.protobuf.GeneratedMessageV3.writeString(output, 2, identityOneof_); + } + com.google.protobuf.GeneratedMessageV3 + .serializeStringMapTo( + output, + internalGetAttributes(), + AttributesDefaultEntryHolder.defaultEntry, + 3); + if (identityOneofCase_ == 4) { + com.google.protobuf.GeneratedMessageV3.writeString(output, 4, identityOneof_); + } + if (identityOneofCase_ == 5) { + com.google.protobuf.GeneratedMessageV3.writeString(output, 5, identityOneof_); + } + if (identityOneofCase_ == 6) { + com.google.protobuf.GeneratedMessageV3.writeString(output, 6, identityOneof_); + } + getUnknownFields().writeTo(output); + } + + @java.lang.Override + public int getSerializedSize() { + int size = memoizedSize; + if (size != -1) return size; + + size = 0; + if (identityOneofCase_ == 1) { + size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, identityOneof_); + } + if (identityOneofCase_ == 2) { + size += com.google.protobuf.GeneratedMessageV3.computeStringSize(2, identityOneof_); + } + for (java.util.Map.Entry entry + : internalGetAttributes().getMap().entrySet()) { + com.google.protobuf.MapEntry + attributes__ = AttributesDefaultEntryHolder.defaultEntry.newBuilderForType() + .setKey(entry.getKey()) + .setValue(entry.getValue()) + .build(); + size += com.google.protobuf.CodedOutputStream + .computeMessageSize(3, attributes__); + } + if (identityOneofCase_ == 4) { + size += com.google.protobuf.GeneratedMessageV3.computeStringSize(4, identityOneof_); + } + if (identityOneofCase_ == 5) { + size += com.google.protobuf.GeneratedMessageV3.computeStringSize(5, identityOneof_); + } + if (identityOneofCase_ == 6) { + size += com.google.protobuf.GeneratedMessageV3.computeStringSize(6, identityOneof_); + } + size += getUnknownFields().getSerializedSize(); + memoizedSize = size; + return size; + } + + @java.lang.Override + public boolean equals(final java.lang.Object obj) { + if (obj == this) { + return true; + } + if (!(obj instanceof io.grpc.s2a.handshaker.Identity)) { + return super.equals(obj); + } + io.grpc.s2a.handshaker.Identity other = (io.grpc.s2a.handshaker.Identity) obj; + + if (!internalGetAttributes().equals( + other.internalGetAttributes())) return false; + if (!getIdentityOneofCase().equals(other.getIdentityOneofCase())) return false; + switch (identityOneofCase_) { + case 1: + if (!getSpiffeId() + .equals(other.getSpiffeId())) return false; + break; + case 2: + if (!getHostname() + .equals(other.getHostname())) return false; + break; + case 4: + if (!getUid() + .equals(other.getUid())) return false; + break; + case 5: + if (!getMdbUsername() + .equals(other.getMdbUsername())) return false; + break; + case 6: + if (!getGaiaId() + .equals(other.getGaiaId())) return false; + break; + case 0: + default: + } + if (!getUnknownFields().equals(other.getUnknownFields())) return false; + return true; + } + + @java.lang.Override + public int hashCode() { + if (memoizedHashCode != 0) { + return memoizedHashCode; + } + int hash = 41; + hash = (19 * hash) + getDescriptor().hashCode(); + if (!internalGetAttributes().getMap().isEmpty()) { + hash = (37 * hash) + ATTRIBUTES_FIELD_NUMBER; + hash = (53 * hash) + internalGetAttributes().hashCode(); + } + switch (identityOneofCase_) { + case 1: + hash = (37 * hash) + SPIFFE_ID_FIELD_NUMBER; + hash = (53 * hash) + getSpiffeId().hashCode(); + break; + case 2: + hash = (37 * hash) + HOSTNAME_FIELD_NUMBER; + hash = (53 * hash) + getHostname().hashCode(); + break; + case 4: + hash = (37 * hash) + UID_FIELD_NUMBER; + hash = (53 * hash) + getUid().hashCode(); + break; + case 5: + hash = (37 * hash) + MDB_USERNAME_FIELD_NUMBER; + hash = (53 * hash) + getMdbUsername().hashCode(); + break; + case 6: + hash = (37 * hash) + GAIA_ID_FIELD_NUMBER; + hash = (53 * hash) + getGaiaId().hashCode(); + break; + case 0: + default: + } + hash = (29 * hash) + getUnknownFields().hashCode(); + memoizedHashCode = hash; + return hash; + } + + public static io.grpc.s2a.handshaker.Identity parseFrom( + java.nio.ByteBuffer data) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data); + } + public static io.grpc.s2a.handshaker.Identity parseFrom( + java.nio.ByteBuffer data, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data, extensionRegistry); + } + public static io.grpc.s2a.handshaker.Identity parseFrom( + com.google.protobuf.ByteString data) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data); + } + public static io.grpc.s2a.handshaker.Identity parseFrom( + com.google.protobuf.ByteString data, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data, extensionRegistry); + } + public static io.grpc.s2a.handshaker.Identity parseFrom(byte[] data) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data); + } + public static io.grpc.s2a.handshaker.Identity parseFrom( + byte[] data, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data, extensionRegistry); + } + public static io.grpc.s2a.handshaker.Identity parseFrom(java.io.InputStream input) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input); + } + public static io.grpc.s2a.handshaker.Identity parseFrom( + java.io.InputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input, extensionRegistry); + } + + public static io.grpc.s2a.handshaker.Identity parseDelimitedFrom(java.io.InputStream input) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseDelimitedWithIOException(PARSER, input); + } + + public static io.grpc.s2a.handshaker.Identity parseDelimitedFrom( + java.io.InputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseDelimitedWithIOException(PARSER, input, extensionRegistry); + } + public static io.grpc.s2a.handshaker.Identity parseFrom( + com.google.protobuf.CodedInputStream input) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input); + } + public static io.grpc.s2a.handshaker.Identity parseFrom( + com.google.protobuf.CodedInputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input, extensionRegistry); + } + + @java.lang.Override + public Builder newBuilderForType() { return newBuilder(); } + public static Builder newBuilder() { + return DEFAULT_INSTANCE.toBuilder(); + } + public static Builder newBuilder(io.grpc.s2a.handshaker.Identity prototype) { + return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype); + } + @java.lang.Override + public Builder toBuilder() { + return this == DEFAULT_INSTANCE + ? new Builder() : new Builder().mergeFrom(this); + } + + @java.lang.Override + protected Builder newBuilderForType( + com.google.protobuf.GeneratedMessageV3.BuilderParent parent) { + Builder builder = new Builder(parent); + return builder; + } + /** + * Protobuf type {@code grpc.gcp.Identity} + */ + public static final class Builder extends + com.google.protobuf.GeneratedMessageV3.Builder implements + // @@protoc_insertion_point(builder_implements:grpc.gcp.Identity) + io.grpc.s2a.handshaker.IdentityOrBuilder { + public static final com.google.protobuf.Descriptors.Descriptor + getDescriptor() { + return io.grpc.s2a.handshaker.CommonProto.internal_static_grpc_gcp_Identity_descriptor; + } + + @SuppressWarnings({"rawtypes"}) + protected com.google.protobuf.MapFieldReflectionAccessor internalGetMapFieldReflection( + int number) { + switch (number) { + case 3: + return internalGetAttributes(); + default: + throw new RuntimeException( + "Invalid map field number: " + number); + } + } + @SuppressWarnings({"rawtypes"}) + protected com.google.protobuf.MapFieldReflectionAccessor internalGetMutableMapFieldReflection( + int number) { + switch (number) { + case 3: + return internalGetMutableAttributes(); + default: + throw new RuntimeException( + "Invalid map field number: " + number); + } + } + @java.lang.Override + protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable + internalGetFieldAccessorTable() { + return io.grpc.s2a.handshaker.CommonProto.internal_static_grpc_gcp_Identity_fieldAccessorTable + .ensureFieldAccessorsInitialized( + io.grpc.s2a.handshaker.Identity.class, io.grpc.s2a.handshaker.Identity.Builder.class); + } + + // Construct using io.grpc.s2a.handshaker.Identity.newBuilder() + private Builder() { + + } + + private Builder( + com.google.protobuf.GeneratedMessageV3.BuilderParent parent) { + super(parent); + + } + @java.lang.Override + public Builder clear() { + super.clear(); + bitField0_ = 0; + internalGetMutableAttributes().clear(); + identityOneofCase_ = 0; + identityOneof_ = null; + return this; + } + + @java.lang.Override + public com.google.protobuf.Descriptors.Descriptor + getDescriptorForType() { + return io.grpc.s2a.handshaker.CommonProto.internal_static_grpc_gcp_Identity_descriptor; + } + + @java.lang.Override + public io.grpc.s2a.handshaker.Identity getDefaultInstanceForType() { + return io.grpc.s2a.handshaker.Identity.getDefaultInstance(); + } + + @java.lang.Override + public io.grpc.s2a.handshaker.Identity build() { + io.grpc.s2a.handshaker.Identity result = buildPartial(); + if (!result.isInitialized()) { + throw newUninitializedMessageException(result); + } + return result; + } + + @java.lang.Override + public io.grpc.s2a.handshaker.Identity buildPartial() { + io.grpc.s2a.handshaker.Identity result = new io.grpc.s2a.handshaker.Identity(this); + if (bitField0_ != 0) { buildPartial0(result); } + buildPartialOneofs(result); + onBuilt(); + return result; + } + + private void buildPartial0(io.grpc.s2a.handshaker.Identity result) { + int from_bitField0_ = bitField0_; + if (((from_bitField0_ & 0x00000020) != 0)) { + result.attributes_ = internalGetAttributes(); + result.attributes_.makeImmutable(); + } + } + + private void buildPartialOneofs(io.grpc.s2a.handshaker.Identity result) { + result.identityOneofCase_ = identityOneofCase_; + result.identityOneof_ = this.identityOneof_; + } + + @java.lang.Override + public Builder clone() { + return super.clone(); + } + @java.lang.Override + public Builder setField( + com.google.protobuf.Descriptors.FieldDescriptor field, + java.lang.Object value) { + return super.setField(field, value); + } + @java.lang.Override + public Builder clearField( + com.google.protobuf.Descriptors.FieldDescriptor field) { + return super.clearField(field); + } + @java.lang.Override + public Builder clearOneof( + com.google.protobuf.Descriptors.OneofDescriptor oneof) { + return super.clearOneof(oneof); + } + @java.lang.Override + public Builder setRepeatedField( + com.google.protobuf.Descriptors.FieldDescriptor field, + int index, java.lang.Object value) { + return super.setRepeatedField(field, index, value); + } + @java.lang.Override + public Builder addRepeatedField( + com.google.protobuf.Descriptors.FieldDescriptor field, + java.lang.Object value) { + return super.addRepeatedField(field, value); + } + @java.lang.Override + public Builder mergeFrom(com.google.protobuf.Message other) { + if (other instanceof io.grpc.s2a.handshaker.Identity) { + return mergeFrom((io.grpc.s2a.handshaker.Identity)other); + } else { + super.mergeFrom(other); + return this; + } + } + + public Builder mergeFrom(io.grpc.s2a.handshaker.Identity other) { + if (other == io.grpc.s2a.handshaker.Identity.getDefaultInstance()) return this; + internalGetMutableAttributes().mergeFrom( + other.internalGetAttributes()); + bitField0_ |= 0x00000020; + switch (other.getIdentityOneofCase()) { + case SPIFFE_ID: { + identityOneofCase_ = 1; + identityOneof_ = other.identityOneof_; + onChanged(); + break; + } + case HOSTNAME: { + identityOneofCase_ = 2; + identityOneof_ = other.identityOneof_; + onChanged(); + break; + } + case UID: { + identityOneofCase_ = 4; + identityOneof_ = other.identityOneof_; + onChanged(); + break; + } + case MDB_USERNAME: { + identityOneofCase_ = 5; + identityOneof_ = other.identityOneof_; + onChanged(); + break; + } + case GAIA_ID: { + identityOneofCase_ = 6; + identityOneof_ = other.identityOneof_; + onChanged(); + break; + } + case IDENTITYONEOF_NOT_SET: { + break; + } + } + this.mergeUnknownFields(other.getUnknownFields()); + onChanged(); + return this; + } + + @java.lang.Override + public final boolean isInitialized() { + return true; + } + + @java.lang.Override + public Builder mergeFrom( + com.google.protobuf.CodedInputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + if (extensionRegistry == null) { + throw new java.lang.NullPointerException(); + } + try { + boolean done = false; + while (!done) { + int tag = input.readTag(); + switch (tag) { + case 0: + done = true; + break; + case 10: { + java.lang.String s = input.readStringRequireUtf8(); + identityOneofCase_ = 1; + identityOneof_ = s; + break; + } // case 10 + case 18: { + java.lang.String s = input.readStringRequireUtf8(); + identityOneofCase_ = 2; + identityOneof_ = s; + break; + } // case 18 + case 26: { + com.google.protobuf.MapEntry + attributes__ = input.readMessage( + AttributesDefaultEntryHolder.defaultEntry.getParserForType(), extensionRegistry); + internalGetMutableAttributes().getMutableMap().put( + attributes__.getKey(), attributes__.getValue()); + bitField0_ |= 0x00000020; + break; + } // case 26 + case 34: { + java.lang.String s = input.readStringRequireUtf8(); + identityOneofCase_ = 4; + identityOneof_ = s; + break; + } // case 34 + case 42: { + java.lang.String s = input.readStringRequireUtf8(); + identityOneofCase_ = 5; + identityOneof_ = s; + break; + } // case 42 + case 50: { + java.lang.String s = input.readStringRequireUtf8(); + identityOneofCase_ = 6; + identityOneof_ = s; + break; + } // case 50 + default: { + if (!super.parseUnknownField(input, extensionRegistry, tag)) { + done = true; // was an endgroup tag + } + break; + } // default: + } // switch (tag) + } // while (!done) + } catch (com.google.protobuf.InvalidProtocolBufferException e) { + throw e.unwrapIOException(); + } finally { + onChanged(); + } // finally + return this; + } + private int identityOneofCase_ = 0; + private java.lang.Object identityOneof_; + public IdentityOneofCase + getIdentityOneofCase() { + return IdentityOneofCase.forNumber( + identityOneofCase_); + } + + public Builder clearIdentityOneof() { + identityOneofCase_ = 0; + identityOneof_ = null; + onChanged(); + return this; + } + + private int bitField0_; + + /** + * 
+     * The SPIFFE ID of a connection endpoint.
+     *
+ * + * string spiffe_id = 1; + * @return Whether the spiffeId field is set. + */ + @java.lang.Override + public boolean hasSpiffeId() { + return identityOneofCase_ == 1; + } + /** + * 
+     * The SPIFFE ID of a connection endpoint.
+     *
+ * + * string spiffe_id = 1; + * @return The spiffeId. + */ + @java.lang.Override + public java.lang.String getSpiffeId() { + java.lang.Object ref = ""; + if (identityOneofCase_ == 1) { + ref = identityOneof_; + } + if (!(ref instanceof java.lang.String)) { + com.google.protobuf.ByteString bs = + (com.google.protobuf.ByteString) ref; + java.lang.String s = bs.toStringUtf8(); + if (identityOneofCase_ == 1) { + identityOneof_ = s; + } + return s; + } else { + return (java.lang.String) ref; + } + } + /** + * 
+     * The SPIFFE ID of a connection endpoint.
+     *
+ * + * string spiffe_id = 1; + * @return The bytes for spiffeId. + */ + @java.lang.Override + public com.google.protobuf.ByteString + getSpiffeIdBytes() { + java.lang.Object ref = ""; + if (identityOneofCase_ == 1) { + ref = identityOneof_; + } + if (ref instanceof String) { + com.google.protobuf.ByteString b = + com.google.protobuf.ByteString.copyFromUtf8( + (java.lang.String) ref); + if (identityOneofCase_ == 1) { + identityOneof_ = b; + } + return b; + } else { + return (com.google.protobuf.ByteString) ref; + } + } + /** + * 
+     * The SPIFFE ID of a connection endpoint.
+     *
+ * + * string spiffe_id = 1; + * @param value The spiffeId to set. + * @return This builder for chaining. + */ + public Builder setSpiffeId( + java.lang.String value) { + if (value == null) { throw new NullPointerException(); } + identityOneofCase_ = 1; + identityOneof_ = value; + onChanged(); + return this; + } + /** + * 
+     * The SPIFFE ID of a connection endpoint.
+     *
+ * + * string spiffe_id = 1; + * @return This builder for chaining. + */ + public Builder clearSpiffeId() { + if (identityOneofCase_ == 1) { + identityOneofCase_ = 0; + identityOneof_ = null; + onChanged(); + } + return this; + } + /** + * 
+     * The SPIFFE ID of a connection endpoint.
+     *
+ * + * string spiffe_id = 1; + * @param value The bytes for spiffeId to set. + * @return This builder for chaining. + */ + public Builder setSpiffeIdBytes( + com.google.protobuf.ByteString value) { + if (value == null) { throw new NullPointerException(); } + checkByteStringIsUtf8(value); + identityOneofCase_ = 1; + identityOneof_ = value; + onChanged(); + return this; + } + + /** + * 
+     * The hostname of a connection endpoint.
+     *
+ * + * string hostname = 2; + * @return Whether the hostname field is set. + */ + @java.lang.Override + public boolean hasHostname() { + return identityOneofCase_ == 2; + } + /** + * 
+     * The hostname of a connection endpoint.
+     *
+ * + * string hostname = 2; + * @return The hostname. + */ + @java.lang.Override + public java.lang.String getHostname() { + java.lang.Object ref = ""; + if (identityOneofCase_ == 2) { + ref = identityOneof_; + } + if (!(ref instanceof java.lang.String)) { + com.google.protobuf.ByteString bs = + (com.google.protobuf.ByteString) ref; + java.lang.String s = bs.toStringUtf8(); + if (identityOneofCase_ == 2) { + identityOneof_ = s; + } + return s; + } else { + return (java.lang.String) ref; + } + } + /** + * 
+     * The hostname of a connection endpoint.
+     *
+ * + * string hostname = 2; + * @return The bytes for hostname. + */ + @java.lang.Override + public com.google.protobuf.ByteString + getHostnameBytes() { + java.lang.Object ref = ""; + if (identityOneofCase_ == 2) { + ref = identityOneof_; + } + if (ref instanceof String) { + com.google.protobuf.ByteString b = + com.google.protobuf.ByteString.copyFromUtf8( + (java.lang.String) ref); + if (identityOneofCase_ == 2) { + identityOneof_ = b; + } + return b; + } else { + return (com.google.protobuf.ByteString) ref; + } + } + /** + * 
+     * The hostname of a connection endpoint.
+     *
+ * + * string hostname = 2; + * @param value The hostname to set. + * @return This builder for chaining. + */ + public Builder setHostname( + java.lang.String value) { + if (value == null) { throw new NullPointerException(); } + identityOneofCase_ = 2; + identityOneof_ = value; + onChanged(); + return this; + } + /** + * 
+     * The hostname of a connection endpoint.
+     *
+ * + * string hostname = 2; + * @return This builder for chaining. + */ + public Builder clearHostname() { + if (identityOneofCase_ == 2) { + identityOneofCase_ = 0; + identityOneof_ = null; + onChanged(); + } + return this; + } + /** + * 
+     * The hostname of a connection endpoint.
+     *
+ * + * string hostname = 2; + * @param value The bytes for hostname to set. + * @return This builder for chaining. + */ + public Builder setHostnameBytes( + com.google.protobuf.ByteString value) { + if (value == null) { throw new NullPointerException(); } + checkByteStringIsUtf8(value); + identityOneofCase_ = 2; + identityOneof_ = value; + onChanged(); + return this; + } + + /** + * 
+     * The UID of a connection endpoint.
+     *
+ * + * string uid = 4; + * @return Whether the uid field is set. + */ + @java.lang.Override + public boolean hasUid() { + return identityOneofCase_ == 4; + } + /** + * 
+     * The UID of a connection endpoint.
+     *
+ * + * string uid = 4; + * @return The uid. + */ + @java.lang.Override + public java.lang.String getUid() { + java.lang.Object ref = ""; + if (identityOneofCase_ == 4) { + ref = identityOneof_; + } + if (!(ref instanceof java.lang.String)) { + com.google.protobuf.ByteString bs = + (com.google.protobuf.ByteString) ref; + java.lang.String s = bs.toStringUtf8(); + if (identityOneofCase_ == 4) { + identityOneof_ = s; + } + return s; + } else { + return (java.lang.String) ref; + } + } + /** + * 
+     * The UID of a connection endpoint.
+     *
+ * + * string uid = 4; + * @return The bytes for uid. + */ + @java.lang.Override + public com.google.protobuf.ByteString + getUidBytes() { + java.lang.Object ref = ""; + if (identityOneofCase_ == 4) { + ref = identityOneof_; + } + if (ref instanceof String) { + com.google.protobuf.ByteString b = + com.google.protobuf.ByteString.copyFromUtf8( + (java.lang.String) ref); + if (identityOneofCase_ == 4) { + identityOneof_ = b; + } + return b; + } else { + return (com.google.protobuf.ByteString) ref; + } + } + /** + * 
+     * The UID of a connection endpoint.
+     *
+ * + * string uid = 4; + * @param value The uid to set. + * @return This builder for chaining. + */ + public Builder setUid( + java.lang.String value) { + if (value == null) { throw new NullPointerException(); } + identityOneofCase_ = 4; + identityOneof_ = value; + onChanged(); + return this; + } + /** + * 
+     * The UID of a connection endpoint.
+     *
+ * + * string uid = 4; + * @return This builder for chaining. + */ + public Builder clearUid() { + if (identityOneofCase_ == 4) { + identityOneofCase_ = 0; + identityOneof_ = null; + onChanged(); + } + return this; + } + /** + * 
+     * The UID of a connection endpoint.
+     *
+ * + * string uid = 4; + * @param value The bytes for uid to set. + * @return This builder for chaining. + */ + public Builder setUidBytes( + com.google.protobuf.ByteString value) { + if (value == null) { throw new NullPointerException(); } + checkByteStringIsUtf8(value); + identityOneofCase_ = 4; + identityOneof_ = value; + onChanged(); + return this; + } + + /** + * 
+     * The MDB username of a connection endpoint.
+     *
+ * + * string mdb_username = 5; + * @return Whether the mdbUsername field is set. + */ + @java.lang.Override + public boolean hasMdbUsername() { + return identityOneofCase_ == 5; + } + /** + * 
+     * The MDB username of a connection endpoint.
+     *
+ * + * string mdb_username = 5; + * @return The mdbUsername. + */ + @java.lang.Override + public java.lang.String getMdbUsername() { + java.lang.Object ref = ""; + if (identityOneofCase_ == 5) { + ref = identityOneof_; + } + if (!(ref instanceof java.lang.String)) { + com.google.protobuf.ByteString bs = + (com.google.protobuf.ByteString) ref; + java.lang.String s = bs.toStringUtf8(); + if (identityOneofCase_ == 5) { + identityOneof_ = s; + } + return s; + } else { + return (java.lang.String) ref; + } + } + /** + * 
+     * The MDB username of a connection endpoint.
+     *
+ * + * string mdb_username = 5; + * @return The bytes for mdbUsername. + */ + @java.lang.Override + public com.google.protobuf.ByteString + getMdbUsernameBytes() { + java.lang.Object ref = ""; + if (identityOneofCase_ == 5) { + ref = identityOneof_; + } + if (ref instanceof String) { + com.google.protobuf.ByteString b = + com.google.protobuf.ByteString.copyFromUtf8( + (java.lang.String) ref); + if (identityOneofCase_ == 5) { + identityOneof_ = b; + } + return b; + } else { + return (com.google.protobuf.ByteString) ref; + } + } + /** + * 
+     * The MDB username of a connection endpoint.
+     *
+ * + * string mdb_username = 5; + * @param value The mdbUsername to set. + * @return This builder for chaining. + */ + public Builder setMdbUsername( + java.lang.String value) { + if (value == null) { throw new NullPointerException(); } + identityOneofCase_ = 5; + identityOneof_ = value; + onChanged(); + return this; + } + /** + * 
+     * The MDB username of a connection endpoint.
+     *
+ * + * string mdb_username = 5; + * @return This builder for chaining. + */ + public Builder clearMdbUsername() { + if (identityOneofCase_ == 5) { + identityOneofCase_ = 0; + identityOneof_ = null; + onChanged(); + } + return this; + } + /** + * 
+     * The MDB username of a connection endpoint.
+     *
+ * + * string mdb_username = 5; + * @param value The bytes for mdbUsername to set. + * @return This builder for chaining. + */ + public Builder setMdbUsernameBytes( + com.google.protobuf.ByteString value) { + if (value == null) { throw new NullPointerException(); } + checkByteStringIsUtf8(value); + identityOneofCase_ = 5; + identityOneof_ = value; + onChanged(); + return this; + } + + /** + * 
+     * The Gaia ID of a connection endpoint.
+     *
+ * + * string gaia_id = 6; + * @return Whether the gaiaId field is set. + */ + @java.lang.Override + public boolean hasGaiaId() { + return identityOneofCase_ == 6; + } + /** + * 
+     * The Gaia ID of a connection endpoint.
+     *
+ * + * string gaia_id = 6; + * @return The gaiaId. + */ + @java.lang.Override + public java.lang.String getGaiaId() { + java.lang.Object ref = ""; + if (identityOneofCase_ == 6) { + ref = identityOneof_; + } + if (!(ref instanceof java.lang.String)) { + com.google.protobuf.ByteString bs = + (com.google.protobuf.ByteString) ref; + java.lang.String s = bs.toStringUtf8(); + if (identityOneofCase_ == 6) { + identityOneof_ = s; + } + return s; + } else { + return (java.lang.String) ref; + } + } + /** + * 
+     * The Gaia ID of a connection endpoint.
+     *
+ * + * string gaia_id = 6; + * @return The bytes for gaiaId. + */ + @java.lang.Override + public com.google.protobuf.ByteString + getGaiaIdBytes() { + java.lang.Object ref = ""; + if (identityOneofCase_ == 6) { + ref = identityOneof_; + } + if (ref instanceof String) { + com.google.protobuf.ByteString b = + com.google.protobuf.ByteString.copyFromUtf8( + (java.lang.String) ref); + if (identityOneofCase_ == 6) { + identityOneof_ = b; + } + return b; + } else { + return (com.google.protobuf.ByteString) ref; + } + } + /** + * 
+     * The Gaia ID of a connection endpoint.
+     *
+ * + * string gaia_id = 6; + * @param value The gaiaId to set. + * @return This builder for chaining. + */ + public Builder setGaiaId( + java.lang.String value) { + if (value == null) { throw new NullPointerException(); } + identityOneofCase_ = 6; + identityOneof_ = value; + onChanged(); + return this; + } + /** + * 
+     * The Gaia ID of a connection endpoint.
+     *
+ * + * string gaia_id = 6; + * @return This builder for chaining. + */ + public Builder clearGaiaId() { + if (identityOneofCase_ == 6) { + identityOneofCase_ = 0; + identityOneof_ = null; + onChanged(); + } + return this; + } + /** + * 
+     * The Gaia ID of a connection endpoint.
+     *
+ * + * string gaia_id = 6; + * @param value The bytes for gaiaId to set. + * @return This builder for chaining. + */ + public Builder setGaiaIdBytes( + com.google.protobuf.ByteString value) { + if (value == null) { throw new NullPointerException(); } + checkByteStringIsUtf8(value); + identityOneofCase_ = 6; + identityOneof_ = value; + onChanged(); + return this; + } + + private com.google.protobuf.MapField< + java.lang.String, java.lang.String> attributes_; + private com.google.protobuf.MapField + internalGetAttributes() { + if (attributes_ == null) { + return com.google.protobuf.MapField.emptyMapField( + AttributesDefaultEntryHolder.defaultEntry); + } + return attributes_; + } + private com.google.protobuf.MapField + internalGetMutableAttributes() { + if (attributes_ == null) { + attributes_ = com.google.protobuf.MapField.newMapField( + AttributesDefaultEntryHolder.defaultEntry); + } + if (!attributes_.isMutable()) { + attributes_ = attributes_.copy(); + } + bitField0_ |= 0x00000020; + onChanged(); + return attributes_; + } + public int getAttributesCount() { + return internalGetAttributes().getMap().size(); + } + /** + * 
+     * Additional identity-specific attributes.
+     *
+ * + * map<string, string> attributes = 3; + */ + @java.lang.Override + public boolean containsAttributes( + java.lang.String key) { + if (key == null) { throw new NullPointerException("map key"); } + return internalGetAttributes().getMap().containsKey(key); + } + /** + * Use {@link #getAttributesMap()} instead. + */ + @java.lang.Override + @java.lang.Deprecated + public java.util.Map getAttributes() { + return getAttributesMap(); + } + /** + * 
+     * Additional identity-specific attributes.
+     *
+ * + * map<string, string> attributes = 3; + */ + @java.lang.Override + public java.util.Map getAttributesMap() { + return internalGetAttributes().getMap(); + } + /** + * 
+     * Additional identity-specific attributes.
+     *
+ * + * map<string, string> attributes = 3; + */ + @java.lang.Override + public /* nullable */ +java.lang.String getAttributesOrDefault( + java.lang.String key, + /* nullable */ +java.lang.String defaultValue) { + if (key == null) { throw new NullPointerException("map key"); } + java.util.Map map = + internalGetAttributes().getMap(); + return map.containsKey(key) ? map.get(key) : defaultValue; + } + /** + * 
+     * Additional identity-specific attributes.
+     *
+ * + * map<string, string> attributes = 3; + */ + @java.lang.Override + public java.lang.String getAttributesOrThrow( + java.lang.String key) { + if (key == null) { throw new NullPointerException("map key"); } + java.util.Map map = + internalGetAttributes().getMap(); + if (!map.containsKey(key)) { + throw new java.lang.IllegalArgumentException(); + } + return map.get(key); + } + public Builder clearAttributes() { + bitField0_ = (bitField0_ & ~0x00000020); + internalGetMutableAttributes().getMutableMap() + .clear(); + return this; + } + /** + * 
+     * Additional identity-specific attributes.
+     *
+ * + * map<string, string> attributes = 3; + */ + public Builder removeAttributes( + java.lang.String key) { + if (key == null) { throw new NullPointerException("map key"); } + internalGetMutableAttributes().getMutableMap() + .remove(key); + return this; + } + /** + * Use alternate mutation accessors instead. + */ + @java.lang.Deprecated + public java.util.Map + getMutableAttributes() { + bitField0_ |= 0x00000020; + return internalGetMutableAttributes().getMutableMap(); + } + /** + * 
+     * Additional identity-specific attributes.
+     *
+ * + * map<string, string> attributes = 3; + */ + public Builder putAttributes( + java.lang.String key, + java.lang.String value) { + if (key == null) { throw new NullPointerException("map key"); } + if (value == null) { throw new NullPointerException("map value"); } + internalGetMutableAttributes().getMutableMap() + .put(key, value); + bitField0_ |= 0x00000020; + return this; + } + /** + * 
+     * Additional identity-specific attributes.
+     *
+ * + * map<string, string> attributes = 3; + */ + public Builder putAllAttributes( + java.util.Map values) { + internalGetMutableAttributes().getMutableMap() + .putAll(values); + bitField0_ |= 0x00000020; + return this; + } + @java.lang.Override + public final Builder setUnknownFields( + final com.google.protobuf.UnknownFieldSet unknownFields) { + return super.setUnknownFields(unknownFields); + } + + @java.lang.Override + public final Builder mergeUnknownFields( + final com.google.protobuf.UnknownFieldSet unknownFields) { + return super.mergeUnknownFields(unknownFields); + } + + + // @@protoc_insertion_point(builder_scope:grpc.gcp.Identity) + } + + // @@protoc_insertion_point(class_scope:grpc.gcp.Identity) + private static final io.grpc.s2a.handshaker.Identity DEFAULT_INSTANCE; + static { + DEFAULT_INSTANCE = new io.grpc.s2a.handshaker.Identity(); + } + + public static io.grpc.s2a.handshaker.Identity getDefaultInstance() { + return DEFAULT_INSTANCE; + } + + private static final com.google.protobuf.Parser + PARSER = new com.google.protobuf.AbstractParser() { + @java.lang.Override + public Identity parsePartialFrom( + com.google.protobuf.CodedInputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + Builder builder = newBuilder(); + try { + builder.mergeFrom(input, extensionRegistry); + } catch (com.google.protobuf.InvalidProtocolBufferException e) { + throw e.setUnfinishedMessage(builder.buildPartial()); + } catch (com.google.protobuf.UninitializedMessageException e) { + throw e.asInvalidProtocolBufferException().setUnfinishedMessage(builder.buildPartial()); + } catch (java.io.IOException e) { + throw new com.google.protobuf.InvalidProtocolBufferException(e) + .setUnfinishedMessage(builder.buildPartial()); + } + return builder.buildPartial(); + } + }; + + public static com.google.protobuf.Parser parser() { + return PARSER; + } + + @java.lang.Override + public com.google.protobuf.Parser getParserForType() { + return PARSER; + } + + @java.lang.Override + public io.grpc.s2a.handshaker.Identity getDefaultInstanceForType() { + return DEFAULT_INSTANCE; + } + +} + diff --git a/s2a/src/generated/main/java/io/grpc/s2a/handshaker/IdentityOrBuilder.java b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/IdentityOrBuilder.java new file mode 100644 index 000000000000..4b7a845a2fe6 --- /dev/null +++ b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/IdentityOrBuilder.java @@ -0,0 +1,211 @@ +// Generated by the protocol buffer compiler. DO NOT EDIT! +// source: common.proto + +// Protobuf Java Version: 3.25.1 +package io.grpc.s2a.handshaker; + +public interface IdentityOrBuilder extends + // @@protoc_insertion_point(interface_extends:grpc.gcp.Identity) + com.google.protobuf.MessageOrBuilder { + + /** + * 
+   * The SPIFFE ID of a connection endpoint.
+   *
+ * + * string spiffe_id = 1; + * @return Whether the spiffeId field is set. + */ + boolean hasSpiffeId(); + /** + * 
+   * The SPIFFE ID of a connection endpoint.
+   *
+ * + * string spiffe_id = 1; + * @return The spiffeId. + */ + java.lang.String getSpiffeId(); + /** + * 
+   * The SPIFFE ID of a connection endpoint.
+   *
+ * + * string spiffe_id = 1; + * @return The bytes for spiffeId. + */ + com.google.protobuf.ByteString + getSpiffeIdBytes(); + + /** + * 
+   * The hostname of a connection endpoint.
+   *
+ * + * string hostname = 2; + * @return Whether the hostname field is set. + */ + boolean hasHostname(); + /** + * 
+   * The hostname of a connection endpoint.
+   *
+ * + * string hostname = 2; + * @return The hostname. + */ + java.lang.String getHostname(); + /** + * 
+   * The hostname of a connection endpoint.
+   *
+ * + * string hostname = 2; + * @return The bytes for hostname. + */ + com.google.protobuf.ByteString + getHostnameBytes(); + + /** + * 
+   * The UID of a connection endpoint.
+   *
+ * + * string uid = 4; + * @return Whether the uid field is set. + */ + boolean hasUid(); + /** + * 
+   * The UID of a connection endpoint.
+   *
+ * + * string uid = 4; + * @return The uid. + */ + java.lang.String getUid(); + /** + * 
+   * The UID of a connection endpoint.
+   *
+ * + * string uid = 4; + * @return The bytes for uid. + */ + com.google.protobuf.ByteString + getUidBytes(); + + /** + * 
+   * The MDB username of a connection endpoint.
+   *
+ * + * string mdb_username = 5; + * @return Whether the mdbUsername field is set. + */ + boolean hasMdbUsername(); + /** + * 
+   * The MDB username of a connection endpoint.
+   *
+ * + * string mdb_username = 5; + * @return The mdbUsername. + */ + java.lang.String getMdbUsername(); + /** + * 
+   * The MDB username of a connection endpoint.
+   *
+ * + * string mdb_username = 5; + * @return The bytes for mdbUsername. + */ + com.google.protobuf.ByteString + getMdbUsernameBytes(); + + /** + * 
+   * The Gaia ID of a connection endpoint.
+   *
+ * + * string gaia_id = 6; + * @return Whether the gaiaId field is set. + */ + boolean hasGaiaId(); + /** + * 
+   * The Gaia ID of a connection endpoint.
+   *
+ * + * string gaia_id = 6; + * @return The gaiaId. + */ + java.lang.String getGaiaId(); + /** + * 
+   * The Gaia ID of a connection endpoint.
+   *
+ * + * string gaia_id = 6; + * @return The bytes for gaiaId. + */ + com.google.protobuf.ByteString + getGaiaIdBytes(); + + /** + * 
+   * Additional identity-specific attributes.
+   *
+ * + * map<string, string> attributes = 3; + */ + int getAttributesCount(); + /** + * 
+   * Additional identity-specific attributes.
+   *
+ * + * map<string, string> attributes = 3; + */ + boolean containsAttributes( + java.lang.String key); + /** + * Use {@link #getAttributesMap()} instead. + */ + @java.lang.Deprecated + java.util.Map + getAttributes(); + /** + * 
+   * Additional identity-specific attributes.
+   *
+ * + * map<string, string> attributes = 3; + */ + java.util.Map + getAttributesMap(); + /** + * 
+   * Additional identity-specific attributes.
+   *
+ * + * map<string, string> attributes = 3; + */ + /* nullable */ +java.lang.String getAttributesOrDefault( + java.lang.String key, + /* nullable */ +java.lang.String defaultValue); + /** + * 
+   * Additional identity-specific attributes.
+   *
+ * + * map<string, string> attributes = 3; + */ + java.lang.String getAttributesOrThrow( + java.lang.String key); + + io.grpc.s2a.handshaker.Identity.IdentityOneofCase getIdentityOneofCase(); +} diff --git a/s2a/src/generated/main/java/io/grpc/s2a/handshaker/OffloadPrivateKeyOperationReq.java b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/OffloadPrivateKeyOperationReq.java new file mode 100644 index 000000000000..0bea497c91c7 --- /dev/null +++ b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/OffloadPrivateKeyOperationReq.java @@ -0,0 +1,1334 @@ +// Generated by the protocol buffer compiler. DO NOT EDIT! +// source: s2a.proto + +// Protobuf Java Version: 3.25.1 +package io.grpc.s2a.handshaker; + +/** + * Protobuf type {@code grpc.gcp.OffloadPrivateKeyOperationReq} + */ +public final class OffloadPrivateKeyOperationReq extends + com.google.protobuf.GeneratedMessageV3 implements + // @@protoc_insertion_point(message_implements:grpc.gcp.OffloadPrivateKeyOperationReq) + OffloadPrivateKeyOperationReqOrBuilder { +private static final long serialVersionUID = 0L; + // Use OffloadPrivateKeyOperationReq.newBuilder() to construct. + private OffloadPrivateKeyOperationReq(com.google.protobuf.GeneratedMessageV3.Builder builder) { + super(builder); + } + private OffloadPrivateKeyOperationReq() { + operation_ = 0; + signatureAlgorithm_ = 0; + } + + @java.lang.Override + @SuppressWarnings({"unused"}) + protected java.lang.Object newInstance( + UnusedPrivateParameter unused) { + return new OffloadPrivateKeyOperationReq(); + } + + public static final com.google.protobuf.Descriptors.Descriptor + getDescriptor() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_OffloadPrivateKeyOperationReq_descriptor; + } + + @java.lang.Override + protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable + internalGetFieldAccessorTable() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_OffloadPrivateKeyOperationReq_fieldAccessorTable + .ensureFieldAccessorsInitialized( + io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq.class, io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq.Builder.class); + } + + /** + * Protobuf enum {@code grpc.gcp.OffloadPrivateKeyOperationReq.PrivateKeyOperation} + */ + public enum PrivateKeyOperation + implements com.google.protobuf.ProtocolMessageEnum { + /** + * UNSPECIFIED = 0; + */ + UNSPECIFIED(0), + /** + * 
+     * When performing a TLS 1.2 or 1.3 handshake, the (partial) transcript of
+     * the TLS handshake must be signed to prove possession of the private key.
+     *
+     * See https://www.rfc-editor.org/rfc/rfc8446.html#section-4.4.3.
+     *
+ * + * SIGN = 1; + */ + SIGN(1), + /** + * 
+     * When performing a TLS 1.2 handshake using an RSA algorithm, the key
+     * exchange algorithm involves the client generating a premaster secret,
+     * encrypting it using the server's public key, and sending this encrypted
+     * blob to the server in a ClientKeyExchange message.
+     *
+     * See https://www.rfc-editor.org/rfc/rfc4346#section-7.4.7.1.
+     *
+ * + * DECRYPT = 2; + */ + DECRYPT(2), + UNRECOGNIZED(-1), + ; + + /** + * UNSPECIFIED = 0; + */ + public static final int UNSPECIFIED_VALUE = 0; + /** + * 
+     * When performing a TLS 1.2 or 1.3 handshake, the (partial) transcript of
+     * the TLS handshake must be signed to prove possession of the private key.
+     *
+     * See https://www.rfc-editor.org/rfc/rfc8446.html#section-4.4.3.
+     *
+ * + * SIGN = 1; + */ + public static final int SIGN_VALUE = 1; + /** + * 
+     * When performing a TLS 1.2 handshake using an RSA algorithm, the key
+     * exchange algorithm involves the client generating a premaster secret,
+     * encrypting it using the server's public key, and sending this encrypted
+     * blob to the server in a ClientKeyExchange message.
+     *
+     * See https://www.rfc-editor.org/rfc/rfc4346#section-7.4.7.1.
+     *
+ * + * DECRYPT = 2; + */ + public static final int DECRYPT_VALUE = 2; + + + public final int getNumber() { + if (this == UNRECOGNIZED) { + throw new java.lang.IllegalArgumentException( + "Can't get the number of an unknown enum value."); + } + return value; + } + + /** + * @param value The numeric wire value of the corresponding enum entry. + * @return The enum associated with the given numeric wire value. + * @deprecated Use {@link #forNumber(int)} instead. + */ + @java.lang.Deprecated + public static PrivateKeyOperation valueOf(int value) { + return forNumber(value); + } + + /** + * @param value The numeric wire value of the corresponding enum entry. + * @return The enum associated with the given numeric wire value. + */ + public static PrivateKeyOperation forNumber(int value) { + switch (value) { + case 0: return UNSPECIFIED; + case 1: return SIGN; + case 2: return DECRYPT; + default: return null; + } + } + + public static com.google.protobuf.Internal.EnumLiteMap + internalGetValueMap() { + return internalValueMap; + } + private static final com.google.protobuf.Internal.EnumLiteMap< + PrivateKeyOperation> internalValueMap = + new com.google.protobuf.Internal.EnumLiteMap() { + public PrivateKeyOperation findValueByNumber(int number) { + return PrivateKeyOperation.forNumber(number); + } + }; + + public final com.google.protobuf.Descriptors.EnumValueDescriptor + getValueDescriptor() { + if (this == UNRECOGNIZED) { + throw new java.lang.IllegalStateException( + "Can't get the descriptor of an unrecognized enum value."); + } + return getDescriptor().getValues().get(ordinal()); + } + public final com.google.protobuf.Descriptors.EnumDescriptor + getDescriptorForType() { + return getDescriptor(); + } + public static final com.google.protobuf.Descriptors.EnumDescriptor + getDescriptor() { + return io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq.getDescriptor().getEnumTypes().get(0); + } + + private static final PrivateKeyOperation[] VALUES = values(); + + public static PrivateKeyOperation valueOf( + com.google.protobuf.Descriptors.EnumValueDescriptor desc) { + if (desc.getType() != getDescriptor()) { + throw new java.lang.IllegalArgumentException( + "EnumValueDescriptor is not for this type."); + } + if (desc.getIndex() == -1) { + return UNRECOGNIZED; + } + return VALUES[desc.getIndex()]; + } + + private final int value; + + private PrivateKeyOperation(int value) { + this.value = value; + } + + // @@protoc_insertion_point(enum_scope:grpc.gcp.OffloadPrivateKeyOperationReq.PrivateKeyOperation) + } + + private int inBytesCase_ = 0; + @SuppressWarnings("serial") + private java.lang.Object inBytes_; + public enum InBytesCase + implements com.google.protobuf.Internal.EnumLite, + com.google.protobuf.AbstractMessage.InternalOneOfEnum { + RAW_BYTES(4), + SHA256_DIGEST(5), + SHA384_DIGEST(6), + SHA512_DIGEST(7), + INBYTES_NOT_SET(0); + private final int value; + private InBytesCase(int value) { + this.value = value; + } + /** + * @param value The number of the enum to look for. + * @return The enum associated with the given number. + * @deprecated Use {@link #forNumber(int)} instead. + */ + @java.lang.Deprecated + public static InBytesCase valueOf(int value) { + return forNumber(value); + } + + public static InBytesCase forNumber(int value) { + switch (value) { + case 4: return RAW_BYTES; + case 5: return SHA256_DIGEST; + case 6: return SHA384_DIGEST; + case 7: return SHA512_DIGEST; + case 0: return INBYTES_NOT_SET; + default: return null; + } + } + public int getNumber() { + return this.value; + } + }; + + public InBytesCase + getInBytesCase() { + return InBytesCase.forNumber( + inBytesCase_); + } + + public static final int OPERATION_FIELD_NUMBER = 1; + private int operation_ = 0; + /** + * 
+   * The operation the private key is used for.
+   *
+ * + * .grpc.gcp.OffloadPrivateKeyOperationReq.PrivateKeyOperation operation = 1; + * @return The enum numeric value on the wire for operation. + */ + @java.lang.Override public int getOperationValue() { + return operation_; + } + /** + * 
+   * The operation the private key is used for.
+   *
+ * + * .grpc.gcp.OffloadPrivateKeyOperationReq.PrivateKeyOperation operation = 1; + * @return The operation. + */ + @java.lang.Override public io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq.PrivateKeyOperation getOperation() { + io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq.PrivateKeyOperation result = io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq.PrivateKeyOperation.forNumber(operation_); + return result == null ? io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq.PrivateKeyOperation.UNRECOGNIZED : result; + } + + public static final int SIGNATURE_ALGORITHM_FIELD_NUMBER = 2; + private int signatureAlgorithm_ = 0; + /** + * 
+   * The signature algorithm to be used for signing operations.
+   *
+ * + * .grpc.gcp.SignatureAlgorithm signature_algorithm = 2; + * @return The enum numeric value on the wire for signatureAlgorithm. + */ + @java.lang.Override public int getSignatureAlgorithmValue() { + return signatureAlgorithm_; + } + /** + * 
+   * The signature algorithm to be used for signing operations.
+   *
+ * + * .grpc.gcp.SignatureAlgorithm signature_algorithm = 2; + * @return The signatureAlgorithm. + */ + @java.lang.Override public io.grpc.s2a.handshaker.SignatureAlgorithm getSignatureAlgorithm() { + io.grpc.s2a.handshaker.SignatureAlgorithm result = io.grpc.s2a.handshaker.SignatureAlgorithm.forNumber(signatureAlgorithm_); + return result == null ? io.grpc.s2a.handshaker.SignatureAlgorithm.UNRECOGNIZED : result; + } + + public static final int RAW_BYTES_FIELD_NUMBER = 4; + /** + * 
+   * Raw bytes to be hashed and signed, or decrypted.
+   *
+ * + * bytes raw_bytes = 4; + * @return Whether the rawBytes field is set. + */ + @java.lang.Override + public boolean hasRawBytes() { + return inBytesCase_ == 4; + } + /** + * 
+   * Raw bytes to be hashed and signed, or decrypted.
+   *
+ * + * bytes raw_bytes = 4; + * @return The rawBytes. + */ + @java.lang.Override + public com.google.protobuf.ByteString getRawBytes() { + if (inBytesCase_ == 4) { + return (com.google.protobuf.ByteString) inBytes_; + } + return com.google.protobuf.ByteString.EMPTY; + } + + public static final int SHA256_DIGEST_FIELD_NUMBER = 5; + /** + * 
+   * A SHA256 hash to be signed. Must be 32 bytes.
+   *
+ * + * bytes sha256_digest = 5; + * @return Whether the sha256Digest field is set. + */ + @java.lang.Override + public boolean hasSha256Digest() { + return inBytesCase_ == 5; + } + /** + * 
+   * A SHA256 hash to be signed. Must be 32 bytes.
+   *
+ * + * bytes sha256_digest = 5; + * @return The sha256Digest. + */ + @java.lang.Override + public com.google.protobuf.ByteString getSha256Digest() { + if (inBytesCase_ == 5) { + return (com.google.protobuf.ByteString) inBytes_; + } + return com.google.protobuf.ByteString.EMPTY; + } + + public static final int SHA384_DIGEST_FIELD_NUMBER = 6; + /** + * 
+   * A SHA384 hash to be signed. Must be 48 bytes.
+   *
+ * + * bytes sha384_digest = 6; + * @return Whether the sha384Digest field is set. + */ + @java.lang.Override + public boolean hasSha384Digest() { + return inBytesCase_ == 6; + } + /** + * 
+   * A SHA384 hash to be signed. Must be 48 bytes.
+   *
+ * + * bytes sha384_digest = 6; + * @return The sha384Digest. + */ + @java.lang.Override + public com.google.protobuf.ByteString getSha384Digest() { + if (inBytesCase_ == 6) { + return (com.google.protobuf.ByteString) inBytes_; + } + return com.google.protobuf.ByteString.EMPTY; + } + + public static final int SHA512_DIGEST_FIELD_NUMBER = 7; + /** + * 
+   * A SHA512 hash to be signed. Must be 64 bytes.
+   *
+ * + * bytes sha512_digest = 7; + * @return Whether the sha512Digest field is set. + */ + @java.lang.Override + public boolean hasSha512Digest() { + return inBytesCase_ == 7; + } + /** + * 
+   * A SHA512 hash to be signed. Must be 64 bytes.
+   *
+ * + * bytes sha512_digest = 7; + * @return The sha512Digest. + */ + @java.lang.Override + public com.google.protobuf.ByteString getSha512Digest() { + if (inBytesCase_ == 7) { + return (com.google.protobuf.ByteString) inBytes_; + } + return com.google.protobuf.ByteString.EMPTY; + } + + private byte memoizedIsInitialized = -1; + @java.lang.Override + public final boolean isInitialized() { + byte isInitialized = memoizedIsInitialized; + if (isInitialized == 1) return true; + if (isInitialized == 0) return false; + + memoizedIsInitialized = 1; + return true; + } + + @java.lang.Override + public void writeTo(com.google.protobuf.CodedOutputStream output) + throws java.io.IOException { + if (operation_ != io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq.PrivateKeyOperation.UNSPECIFIED.getNumber()) { + output.writeEnum(1, operation_); + } + if (signatureAlgorithm_ != io.grpc.s2a.handshaker.SignatureAlgorithm.S2A_SSL_SIGN_UNSPECIFIED.getNumber()) { + output.writeEnum(2, signatureAlgorithm_); + } + if (inBytesCase_ == 4) { + output.writeBytes( + 4, (com.google.protobuf.ByteString) inBytes_); + } + if (inBytesCase_ == 5) { + output.writeBytes( + 5, (com.google.protobuf.ByteString) inBytes_); + } + if (inBytesCase_ == 6) { + output.writeBytes( + 6, (com.google.protobuf.ByteString) inBytes_); + } + if (inBytesCase_ == 7) { + output.writeBytes( + 7, (com.google.protobuf.ByteString) inBytes_); + } + getUnknownFields().writeTo(output); + } + + @java.lang.Override + public int getSerializedSize() { + int size = memoizedSize; + if (size != -1) return size; + + size = 0; + if (operation_ != io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq.PrivateKeyOperation.UNSPECIFIED.getNumber()) { + size += com.google.protobuf.CodedOutputStream + .computeEnumSize(1, operation_); + } + if (signatureAlgorithm_ != io.grpc.s2a.handshaker.SignatureAlgorithm.S2A_SSL_SIGN_UNSPECIFIED.getNumber()) { + size += com.google.protobuf.CodedOutputStream + .computeEnumSize(2, signatureAlgorithm_); + } + if (inBytesCase_ == 4) { + size += com.google.protobuf.CodedOutputStream + .computeBytesSize( + 4, (com.google.protobuf.ByteString) inBytes_); + } + if (inBytesCase_ == 5) { + size += com.google.protobuf.CodedOutputStream + .computeBytesSize( + 5, (com.google.protobuf.ByteString) inBytes_); + } + if (inBytesCase_ == 6) { + size += com.google.protobuf.CodedOutputStream + .computeBytesSize( + 6, (com.google.protobuf.ByteString) inBytes_); + } + if (inBytesCase_ == 7) { + size += com.google.protobuf.CodedOutputStream + .computeBytesSize( + 7, (com.google.protobuf.ByteString) inBytes_); + } + size += getUnknownFields().getSerializedSize(); + memoizedSize = size; + return size; + } + + @java.lang.Override + public boolean equals(final java.lang.Object obj) { + if (obj == this) { + return true; + } + if (!(obj instanceof io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq)) { + return super.equals(obj); + } + io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq other = (io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq) obj; + + if (operation_ != other.operation_) return false; + if (signatureAlgorithm_ != other.signatureAlgorithm_) return false; + if (!getInBytesCase().equals(other.getInBytesCase())) return false; + switch (inBytesCase_) { + case 4: + if (!getRawBytes() + .equals(other.getRawBytes())) return false; + break; + case 5: + if (!getSha256Digest() + .equals(other.getSha256Digest())) return false; + break; + case 6: + if (!getSha384Digest() + .equals(other.getSha384Digest())) return false; + break; + case 7: + if (!getSha512Digest() + .equals(other.getSha512Digest())) return false; + break; + case 0: + default: + } + if (!getUnknownFields().equals(other.getUnknownFields())) return false; + return true; + } + + @java.lang.Override + public int hashCode() { + if (memoizedHashCode != 0) { + return memoizedHashCode; + } + int hash = 41; + hash = (19 * hash) + getDescriptor().hashCode(); + hash = (37 * hash) + OPERATION_FIELD_NUMBER; + hash = (53 * hash) + operation_; + hash = (37 * hash) + SIGNATURE_ALGORITHM_FIELD_NUMBER; + hash = (53 * hash) + signatureAlgorithm_; + switch (inBytesCase_) { + case 4: + hash = (37 * hash) + RAW_BYTES_FIELD_NUMBER; + hash = (53 * hash) + getRawBytes().hashCode(); + break; + case 5: + hash = (37 * hash) + SHA256_DIGEST_FIELD_NUMBER; + hash = (53 * hash) + getSha256Digest().hashCode(); + break; + case 6: + hash = (37 * hash) + SHA384_DIGEST_FIELD_NUMBER; + hash = (53 * hash) + getSha384Digest().hashCode(); + break; + case 7: + hash = (37 * hash) + SHA512_DIGEST_FIELD_NUMBER; + hash = (53 * hash) + getSha512Digest().hashCode(); + break; + case 0: + default: + } + hash = (29 * hash) + getUnknownFields().hashCode(); + memoizedHashCode = hash; + return hash; + } + + public static io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq parseFrom( + java.nio.ByteBuffer data) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data); + } + public static io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq parseFrom( + java.nio.ByteBuffer data, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data, extensionRegistry); + } + public static io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq parseFrom( + com.google.protobuf.ByteString data) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data); + } + public static io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq parseFrom( + com.google.protobuf.ByteString data, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data, extensionRegistry); + } + public static io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq parseFrom(byte[] data) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data); + } + public static io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq parseFrom( + byte[] data, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data, extensionRegistry); + } + public static io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq parseFrom(java.io.InputStream input) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input); + } + public static io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq parseFrom( + java.io.InputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input, extensionRegistry); + } + + public static io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq parseDelimitedFrom(java.io.InputStream input) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseDelimitedWithIOException(PARSER, input); + } + + public static io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq parseDelimitedFrom( + java.io.InputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseDelimitedWithIOException(PARSER, input, extensionRegistry); + } + public static io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq parseFrom( + com.google.protobuf.CodedInputStream input) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input); + } + public static io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq parseFrom( + com.google.protobuf.CodedInputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input, extensionRegistry); + } + + @java.lang.Override + public Builder newBuilderForType() { return newBuilder(); } + public static Builder newBuilder() { + return DEFAULT_INSTANCE.toBuilder(); + } + public static Builder newBuilder(io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq prototype) { + return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype); + } + @java.lang.Override + public Builder toBuilder() { + return this == DEFAULT_INSTANCE + ? new Builder() : new Builder().mergeFrom(this); + } + + @java.lang.Override + protected Builder newBuilderForType( + com.google.protobuf.GeneratedMessageV3.BuilderParent parent) { + Builder builder = new Builder(parent); + return builder; + } + /** + * Protobuf type {@code grpc.gcp.OffloadPrivateKeyOperationReq} + */ + public static final class Builder extends + com.google.protobuf.GeneratedMessageV3.Builder implements + // @@protoc_insertion_point(builder_implements:grpc.gcp.OffloadPrivateKeyOperationReq) + io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReqOrBuilder { + public static final com.google.protobuf.Descriptors.Descriptor + getDescriptor() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_OffloadPrivateKeyOperationReq_descriptor; + } + + @java.lang.Override + protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable + internalGetFieldAccessorTable() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_OffloadPrivateKeyOperationReq_fieldAccessorTable + .ensureFieldAccessorsInitialized( + io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq.class, io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq.Builder.class); + } + + // Construct using io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq.newBuilder() + private Builder() { + + } + + private Builder( + com.google.protobuf.GeneratedMessageV3.BuilderParent parent) { + super(parent); + + } + @java.lang.Override + public Builder clear() { + super.clear(); + bitField0_ = 0; + operation_ = 0; + signatureAlgorithm_ = 0; + inBytesCase_ = 0; + inBytes_ = null; + return this; + } + + @java.lang.Override + public com.google.protobuf.Descriptors.Descriptor + getDescriptorForType() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_OffloadPrivateKeyOperationReq_descriptor; + } + + @java.lang.Override + public io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq getDefaultInstanceForType() { + return io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq.getDefaultInstance(); + } + + @java.lang.Override + public io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq build() { + io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq result = buildPartial(); + if (!result.isInitialized()) { + throw newUninitializedMessageException(result); + } + return result; + } + + @java.lang.Override + public io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq buildPartial() { + io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq result = new io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq(this); + if (bitField0_ != 0) { buildPartial0(result); } + buildPartialOneofs(result); + onBuilt(); + return result; + } + + private void buildPartial0(io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq result) { + int from_bitField0_ = bitField0_; + if (((from_bitField0_ & 0x00000001) != 0)) { + result.operation_ = operation_; + } + if (((from_bitField0_ & 0x00000002) != 0)) { + result.signatureAlgorithm_ = signatureAlgorithm_; + } + } + + private void buildPartialOneofs(io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq result) { + result.inBytesCase_ = inBytesCase_; + result.inBytes_ = this.inBytes_; + } + + @java.lang.Override + public Builder clone() { + return super.clone(); + } + @java.lang.Override + public Builder setField( + com.google.protobuf.Descriptors.FieldDescriptor field, + java.lang.Object value) { + return super.setField(field, value); + } + @java.lang.Override + public Builder clearField( + com.google.protobuf.Descriptors.FieldDescriptor field) { + return super.clearField(field); + } + @java.lang.Override + public Builder clearOneof( + com.google.protobuf.Descriptors.OneofDescriptor oneof) { + return super.clearOneof(oneof); + } + @java.lang.Override + public Builder setRepeatedField( + com.google.protobuf.Descriptors.FieldDescriptor field, + int index, java.lang.Object value) { + return super.setRepeatedField(field, index, value); + } + @java.lang.Override + public Builder addRepeatedField( + com.google.protobuf.Descriptors.FieldDescriptor field, + java.lang.Object value) { + return super.addRepeatedField(field, value); + } + @java.lang.Override + public Builder mergeFrom(com.google.protobuf.Message other) { + if (other instanceof io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq) { + return mergeFrom((io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq)other); + } else { + super.mergeFrom(other); + return this; + } + } + + public Builder mergeFrom(io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq other) { + if (other == io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq.getDefaultInstance()) return this; + if (other.operation_ != 0) { + setOperationValue(other.getOperationValue()); + } + if (other.signatureAlgorithm_ != 0) { + setSignatureAlgorithmValue(other.getSignatureAlgorithmValue()); + } + switch (other.getInBytesCase()) { + case RAW_BYTES: { + setRawBytes(other.getRawBytes()); + break; + } + case SHA256_DIGEST: { + setSha256Digest(other.getSha256Digest()); + break; + } + case SHA384_DIGEST: { + setSha384Digest(other.getSha384Digest()); + break; + } + case SHA512_DIGEST: { + setSha512Digest(other.getSha512Digest()); + break; + } + case INBYTES_NOT_SET: { + break; + } + } + this.mergeUnknownFields(other.getUnknownFields()); + onChanged(); + return this; + } + + @java.lang.Override + public final boolean isInitialized() { + return true; + } + + @java.lang.Override + public Builder mergeFrom( + com.google.protobuf.CodedInputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + if (extensionRegistry == null) { + throw new java.lang.NullPointerException(); + } + try { + boolean done = false; + while (!done) { + int tag = input.readTag(); + switch (tag) { + case 0: + done = true; + break; + case 8: { + operation_ = input.readEnum(); + bitField0_ |= 0x00000001; + break; + } // case 8 + case 16: { + signatureAlgorithm_ = input.readEnum(); + bitField0_ |= 0x00000002; + break; + } // case 16 + case 34: { + inBytes_ = input.readBytes(); + inBytesCase_ = 4; + break; + } // case 34 + case 42: { + inBytes_ = input.readBytes(); + inBytesCase_ = 5; + break; + } // case 42 + case 50: { + inBytes_ = input.readBytes(); + inBytesCase_ = 6; + break; + } // case 50 + case 58: { + inBytes_ = input.readBytes(); + inBytesCase_ = 7; + break; + } // case 58 + default: { + if (!super.parseUnknownField(input, extensionRegistry, tag)) { + done = true; // was an endgroup tag + } + break; + } // default: + } // switch (tag) + } // while (!done) + } catch (com.google.protobuf.InvalidProtocolBufferException e) { + throw e.unwrapIOException(); + } finally { + onChanged(); + } // finally + return this; + } + private int inBytesCase_ = 0; + private java.lang.Object inBytes_; + public InBytesCase + getInBytesCase() { + return InBytesCase.forNumber( + inBytesCase_); + } + + public Builder clearInBytes() { + inBytesCase_ = 0; + inBytes_ = null; + onChanged(); + return this; + } + + private int bitField0_; + + private int operation_ = 0; + /** + * 
+     * The operation the private key is used for.
+     *
+ * + * .grpc.gcp.OffloadPrivateKeyOperationReq.PrivateKeyOperation operation = 1; + * @return The enum numeric value on the wire for operation. + */ + @java.lang.Override public int getOperationValue() { + return operation_; + } + /** + * 
+     * The operation the private key is used for.
+     *
+ * + * .grpc.gcp.OffloadPrivateKeyOperationReq.PrivateKeyOperation operation = 1; + * @param value The enum numeric value on the wire for operation to set. + * @return This builder for chaining. + */ + public Builder setOperationValue(int value) { + operation_ = value; + bitField0_ |= 0x00000001; + onChanged(); + return this; + } + /** + * 
+     * The operation the private key is used for.
+     *
+ * + * .grpc.gcp.OffloadPrivateKeyOperationReq.PrivateKeyOperation operation = 1; + * @return The operation. + */ + @java.lang.Override + public io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq.PrivateKeyOperation getOperation() { + io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq.PrivateKeyOperation result = io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq.PrivateKeyOperation.forNumber(operation_); + return result == null ? io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq.PrivateKeyOperation.UNRECOGNIZED : result; + } + /** + * 
+     * The operation the private key is used for.
+     *
+ * + * .grpc.gcp.OffloadPrivateKeyOperationReq.PrivateKeyOperation operation = 1; + * @param value The operation to set. + * @return This builder for chaining. + */ + public Builder setOperation(io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq.PrivateKeyOperation value) { + if (value == null) { + throw new NullPointerException(); + } + bitField0_ |= 0x00000001; + operation_ = value.getNumber(); + onChanged(); + return this; + } + /** + * 
+     * The operation the private key is used for.
+     *
+ * + * .grpc.gcp.OffloadPrivateKeyOperationReq.PrivateKeyOperation operation = 1; + * @return This builder for chaining. + */ + public Builder clearOperation() { + bitField0_ = (bitField0_ & ~0x00000001); + operation_ = 0; + onChanged(); + return this; + } + + private int signatureAlgorithm_ = 0; + /** + * 
+     * The signature algorithm to be used for signing operations.
+     *
+ * + * .grpc.gcp.SignatureAlgorithm signature_algorithm = 2; + * @return The enum numeric value on the wire for signatureAlgorithm. + */ + @java.lang.Override public int getSignatureAlgorithmValue() { + return signatureAlgorithm_; + } + /** + * 
+     * The signature algorithm to be used for signing operations.
+     *
+ * + * .grpc.gcp.SignatureAlgorithm signature_algorithm = 2; + * @param value The enum numeric value on the wire for signatureAlgorithm to set. + * @return This builder for chaining. + */ + public Builder setSignatureAlgorithmValue(int value) { + signatureAlgorithm_ = value; + bitField0_ |= 0x00000002; + onChanged(); + return this; + } + /** + * 
+     * The signature algorithm to be used for signing operations.
+     *
+ * + * .grpc.gcp.SignatureAlgorithm signature_algorithm = 2; + * @return The signatureAlgorithm. + */ + @java.lang.Override + public io.grpc.s2a.handshaker.SignatureAlgorithm getSignatureAlgorithm() { + io.grpc.s2a.handshaker.SignatureAlgorithm result = io.grpc.s2a.handshaker.SignatureAlgorithm.forNumber(signatureAlgorithm_); + return result == null ? io.grpc.s2a.handshaker.SignatureAlgorithm.UNRECOGNIZED : result; + } + /** + * 
+     * The signature algorithm to be used for signing operations.
+     *
+ * + * .grpc.gcp.SignatureAlgorithm signature_algorithm = 2; + * @param value The signatureAlgorithm to set. + * @return This builder for chaining. + */ + public Builder setSignatureAlgorithm(io.grpc.s2a.handshaker.SignatureAlgorithm value) { + if (value == null) { + throw new NullPointerException(); + } + bitField0_ |= 0x00000002; + signatureAlgorithm_ = value.getNumber(); + onChanged(); + return this; + } + /** + * 
+     * The signature algorithm to be used for signing operations.
+     *
+ * + * .grpc.gcp.SignatureAlgorithm signature_algorithm = 2; + * @return This builder for chaining. + */ + public Builder clearSignatureAlgorithm() { + bitField0_ = (bitField0_ & ~0x00000002); + signatureAlgorithm_ = 0; + onChanged(); + return this; + } + + /** + * 
+     * Raw bytes to be hashed and signed, or decrypted.
+     *
+ * + * bytes raw_bytes = 4; + * @return Whether the rawBytes field is set. + */ + public boolean hasRawBytes() { + return inBytesCase_ == 4; + } + /** + * 
+     * Raw bytes to be hashed and signed, or decrypted.
+     *
+ * + * bytes raw_bytes = 4; + * @return The rawBytes. + */ + public com.google.protobuf.ByteString getRawBytes() { + if (inBytesCase_ == 4) { + return (com.google.protobuf.ByteString) inBytes_; + } + return com.google.protobuf.ByteString.EMPTY; + } + /** + * 
+     * Raw bytes to be hashed and signed, or decrypted.
+     *
+ * + * bytes raw_bytes = 4; + * @param value The rawBytes to set. + * @return This builder for chaining. + */ + public Builder setRawBytes(com.google.protobuf.ByteString value) { + if (value == null) { throw new NullPointerException(); } + inBytesCase_ = 4; + inBytes_ = value; + onChanged(); + return this; + } + /** + * 
+     * Raw bytes to be hashed and signed, or decrypted.
+     *
+ * + * bytes raw_bytes = 4; + * @return This builder for chaining. + */ + public Builder clearRawBytes() { + if (inBytesCase_ == 4) { + inBytesCase_ = 0; + inBytes_ = null; + onChanged(); + } + return this; + } + + /** + * 
+     * A SHA256 hash to be signed. Must be 32 bytes.
+     *
+ * + * bytes sha256_digest = 5; + * @return Whether the sha256Digest field is set. + */ + public boolean hasSha256Digest() { + return inBytesCase_ == 5; + } + /** + * 
+     * A SHA256 hash to be signed. Must be 32 bytes.
+     *
+ * + * bytes sha256_digest = 5; + * @return The sha256Digest. + */ + public com.google.protobuf.ByteString getSha256Digest() { + if (inBytesCase_ == 5) { + return (com.google.protobuf.ByteString) inBytes_; + } + return com.google.protobuf.ByteString.EMPTY; + } + /** + * 
+     * A SHA256 hash to be signed. Must be 32 bytes.
+     *
+ * + * bytes sha256_digest = 5; + * @param value The sha256Digest to set. + * @return This builder for chaining. + */ + public Builder setSha256Digest(com.google.protobuf.ByteString value) { + if (value == null) { throw new NullPointerException(); } + inBytesCase_ = 5; + inBytes_ = value; + onChanged(); + return this; + } + /** + * 
+     * A SHA256 hash to be signed. Must be 32 bytes.
+     *
+ * + * bytes sha256_digest = 5; + * @return This builder for chaining. + */ + public Builder clearSha256Digest() { + if (inBytesCase_ == 5) { + inBytesCase_ = 0; + inBytes_ = null; + onChanged(); + } + return this; + } + + /** + * 
+     * A SHA384 hash to be signed. Must be 48 bytes.
+     *
+ * + * bytes sha384_digest = 6; + * @return Whether the sha384Digest field is set. + */ + public boolean hasSha384Digest() { + return inBytesCase_ == 6; + } + /** + * 
+     * A SHA384 hash to be signed. Must be 48 bytes.
+     *
+ * + * bytes sha384_digest = 6; + * @return The sha384Digest. + */ + public com.google.protobuf.ByteString getSha384Digest() { + if (inBytesCase_ == 6) { + return (com.google.protobuf.ByteString) inBytes_; + } + return com.google.protobuf.ByteString.EMPTY; + } + /** + * 
+     * A SHA384 hash to be signed. Must be 48 bytes.
+     *
+ * + * bytes sha384_digest = 6; + * @param value The sha384Digest to set. + * @return This builder for chaining. + */ + public Builder setSha384Digest(com.google.protobuf.ByteString value) { + if (value == null) { throw new NullPointerException(); } + inBytesCase_ = 6; + inBytes_ = value; + onChanged(); + return this; + } + /** + * 
+     * A SHA384 hash to be signed. Must be 48 bytes.
+     *
+ * + * bytes sha384_digest = 6; + * @return This builder for chaining. + */ + public Builder clearSha384Digest() { + if (inBytesCase_ == 6) { + inBytesCase_ = 0; + inBytes_ = null; + onChanged(); + } + return this; + } + + /** + * 
+     * A SHA512 hash to be signed. Must be 64 bytes.
+     *
+ * + * bytes sha512_digest = 7; + * @return Whether the sha512Digest field is set. + */ + public boolean hasSha512Digest() { + return inBytesCase_ == 7; + } + /** + * 
+     * A SHA512 hash to be signed. Must be 64 bytes.
+     *
+ * + * bytes sha512_digest = 7; + * @return The sha512Digest. + */ + public com.google.protobuf.ByteString getSha512Digest() { + if (inBytesCase_ == 7) { + return (com.google.protobuf.ByteString) inBytes_; + } + return com.google.protobuf.ByteString.EMPTY; + } + /** + * 
+     * A SHA512 hash to be signed. Must be 64 bytes.
+     *
+ * + * bytes sha512_digest = 7; + * @param value The sha512Digest to set. + * @return This builder for chaining. + */ + public Builder setSha512Digest(com.google.protobuf.ByteString value) { + if (value == null) { throw new NullPointerException(); } + inBytesCase_ = 7; + inBytes_ = value; + onChanged(); + return this; + } + /** + * 
+     * A SHA512 hash to be signed. Must be 64 bytes.
+     *
+ * + * bytes sha512_digest = 7; + * @return This builder for chaining. + */ + public Builder clearSha512Digest() { + if (inBytesCase_ == 7) { + inBytesCase_ = 0; + inBytes_ = null; + onChanged(); + } + return this; + } + @java.lang.Override + public final Builder setUnknownFields( + final com.google.protobuf.UnknownFieldSet unknownFields) { + return super.setUnknownFields(unknownFields); + } + + @java.lang.Override + public final Builder mergeUnknownFields( + final com.google.protobuf.UnknownFieldSet unknownFields) { + return super.mergeUnknownFields(unknownFields); + } + + + // @@protoc_insertion_point(builder_scope:grpc.gcp.OffloadPrivateKeyOperationReq) + } + + // @@protoc_insertion_point(class_scope:grpc.gcp.OffloadPrivateKeyOperationReq) + private static final io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq DEFAULT_INSTANCE; + static { + DEFAULT_INSTANCE = new io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq(); + } + + public static io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq getDefaultInstance() { + return DEFAULT_INSTANCE; + } + + private static final com.google.protobuf.Parser + PARSER = new com.google.protobuf.AbstractParser() { + @java.lang.Override + public OffloadPrivateKeyOperationReq parsePartialFrom( + com.google.protobuf.CodedInputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + Builder builder = newBuilder(); + try { + builder.mergeFrom(input, extensionRegistry); + } catch (com.google.protobuf.InvalidProtocolBufferException e) { + throw e.setUnfinishedMessage(builder.buildPartial()); + } catch (com.google.protobuf.UninitializedMessageException e) { + throw e.asInvalidProtocolBufferException().setUnfinishedMessage(builder.buildPartial()); + } catch (java.io.IOException e) { + throw new com.google.protobuf.InvalidProtocolBufferException(e) + .setUnfinishedMessage(builder.buildPartial()); + } + return builder.buildPartial(); + } + }; + + public static com.google.protobuf.Parser parser() { + return PARSER; + } + + @java.lang.Override + public com.google.protobuf.Parser getParserForType() { + return PARSER; + } + + @java.lang.Override + public io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq getDefaultInstanceForType() { + return DEFAULT_INSTANCE; + } + +} + diff --git a/s2a/src/generated/main/java/io/grpc/s2a/handshaker/OffloadPrivateKeyOperationReqOrBuilder.java b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/OffloadPrivateKeyOperationReqOrBuilder.java new file mode 100644 index 000000000000..c30ac5a0018d --- /dev/null +++ b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/OffloadPrivateKeyOperationReqOrBuilder.java @@ -0,0 +1,126 @@ +// Generated by the protocol buffer compiler. DO NOT EDIT! +// source: s2a.proto + +// Protobuf Java Version: 3.25.1 +package io.grpc.s2a.handshaker; + +public interface OffloadPrivateKeyOperationReqOrBuilder extends + // @@protoc_insertion_point(interface_extends:grpc.gcp.OffloadPrivateKeyOperationReq) + com.google.protobuf.MessageOrBuilder { + + /** + * 
+   * The operation the private key is used for.
+   *
+ * + * .grpc.gcp.OffloadPrivateKeyOperationReq.PrivateKeyOperation operation = 1; + * @return The enum numeric value on the wire for operation. + */ + int getOperationValue(); + /** + * 
+   * The operation the private key is used for.
+   *
+ * + * .grpc.gcp.OffloadPrivateKeyOperationReq.PrivateKeyOperation operation = 1; + * @return The operation. + */ + io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq.PrivateKeyOperation getOperation(); + + /** + * 
+   * The signature algorithm to be used for signing operations.
+   *
+ * + * .grpc.gcp.SignatureAlgorithm signature_algorithm = 2; + * @return The enum numeric value on the wire for signatureAlgorithm. + */ + int getSignatureAlgorithmValue(); + /** + * 
+   * The signature algorithm to be used for signing operations.
+   *
+ * + * .grpc.gcp.SignatureAlgorithm signature_algorithm = 2; + * @return The signatureAlgorithm. + */ + io.grpc.s2a.handshaker.SignatureAlgorithm getSignatureAlgorithm(); + + /** + * 
+   * Raw bytes to be hashed and signed, or decrypted.
+   *
+ * + * bytes raw_bytes = 4; + * @return Whether the rawBytes field is set. + */ + boolean hasRawBytes(); + /** + * 
+   * Raw bytes to be hashed and signed, or decrypted.
+   *
+ * + * bytes raw_bytes = 4; + * @return The rawBytes. + */ + com.google.protobuf.ByteString getRawBytes(); + + /** + * 
+   * A SHA256 hash to be signed. Must be 32 bytes.
+   *
+ * + * bytes sha256_digest = 5; + * @return Whether the sha256Digest field is set. + */ + boolean hasSha256Digest(); + /** + * 
+   * A SHA256 hash to be signed. Must be 32 bytes.
+   *
+ * + * bytes sha256_digest = 5; + * @return The sha256Digest. + */ + com.google.protobuf.ByteString getSha256Digest(); + + /** + * 
+   * A SHA384 hash to be signed. Must be 48 bytes.
+   *
+ * + * bytes sha384_digest = 6; + * @return Whether the sha384Digest field is set. + */ + boolean hasSha384Digest(); + /** + * 
+   * A SHA384 hash to be signed. Must be 48 bytes.
+   *
+ * + * bytes sha384_digest = 6; + * @return The sha384Digest. + */ + com.google.protobuf.ByteString getSha384Digest(); + + /** + * 
+   * A SHA512 hash to be signed. Must be 64 bytes.
+   *
+ * + * bytes sha512_digest = 7; + * @return Whether the sha512Digest field is set. + */ + boolean hasSha512Digest(); + /** + * 
+   * A SHA512 hash to be signed. Must be 64 bytes.
+   *
+ * + * bytes sha512_digest = 7; + * @return The sha512Digest. + */ + com.google.protobuf.ByteString getSha512Digest(); + + io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq.InBytesCase getInBytesCase(); +} diff --git a/s2a/src/generated/main/java/io/grpc/s2a/handshaker/OffloadPrivateKeyOperationResp.java b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/OffloadPrivateKeyOperationResp.java new file mode 100644 index 000000000000..791212b03ae7 --- /dev/null +++ b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/OffloadPrivateKeyOperationResp.java @@ -0,0 +1,489 @@ +// Generated by the protocol buffer compiler. DO NOT EDIT! +// source: s2a.proto + +// Protobuf Java Version: 3.25.1 +package io.grpc.s2a.handshaker; + +/** + * Protobuf type {@code grpc.gcp.OffloadPrivateKeyOperationResp} + */ +public final class OffloadPrivateKeyOperationResp extends + com.google.protobuf.GeneratedMessageV3 implements + // @@protoc_insertion_point(message_implements:grpc.gcp.OffloadPrivateKeyOperationResp) + OffloadPrivateKeyOperationRespOrBuilder { +private static final long serialVersionUID = 0L; + // Use OffloadPrivateKeyOperationResp.newBuilder() to construct. + private OffloadPrivateKeyOperationResp(com.google.protobuf.GeneratedMessageV3.Builder builder) { + super(builder); + } + private OffloadPrivateKeyOperationResp() { + outBytes_ = com.google.protobuf.ByteString.EMPTY; + } + + @java.lang.Override + @SuppressWarnings({"unused"}) + protected java.lang.Object newInstance( + UnusedPrivateParameter unused) { + return new OffloadPrivateKeyOperationResp(); + } + + public static final com.google.protobuf.Descriptors.Descriptor + getDescriptor() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_OffloadPrivateKeyOperationResp_descriptor; + } + + @java.lang.Override + protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable + internalGetFieldAccessorTable() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_OffloadPrivateKeyOperationResp_fieldAccessorTable + .ensureFieldAccessorsInitialized( + io.grpc.s2a.handshaker.OffloadPrivateKeyOperationResp.class, io.grpc.s2a.handshaker.OffloadPrivateKeyOperationResp.Builder.class); + } + + public static final int OUT_BYTES_FIELD_NUMBER = 1; + private com.google.protobuf.ByteString outBytes_ = com.google.protobuf.ByteString.EMPTY; + /** + * 
+   * The signed or decrypted output bytes.
+   *
+ * + * bytes out_bytes = 1; + * @return The outBytes. + */ + @java.lang.Override + public com.google.protobuf.ByteString getOutBytes() { + return outBytes_; + } + + private byte memoizedIsInitialized = -1; + @java.lang.Override + public final boolean isInitialized() { + byte isInitialized = memoizedIsInitialized; + if (isInitialized == 1) return true; + if (isInitialized == 0) return false; + + memoizedIsInitialized = 1; + return true; + } + + @java.lang.Override + public void writeTo(com.google.protobuf.CodedOutputStream output) + throws java.io.IOException { + if (!outBytes_.isEmpty()) { + output.writeBytes(1, outBytes_); + } + getUnknownFields().writeTo(output); + } + + @java.lang.Override + public int getSerializedSize() { + int size = memoizedSize; + if (size != -1) return size; + + size = 0; + if (!outBytes_.isEmpty()) { + size += com.google.protobuf.CodedOutputStream + .computeBytesSize(1, outBytes_); + } + size += getUnknownFields().getSerializedSize(); + memoizedSize = size; + return size; + } + + @java.lang.Override + public boolean equals(final java.lang.Object obj) { + if (obj == this) { + return true; + } + if (!(obj instanceof io.grpc.s2a.handshaker.OffloadPrivateKeyOperationResp)) { + return super.equals(obj); + } + io.grpc.s2a.handshaker.OffloadPrivateKeyOperationResp other = (io.grpc.s2a.handshaker.OffloadPrivateKeyOperationResp) obj; + + if (!getOutBytes() + .equals(other.getOutBytes())) return false; + if (!getUnknownFields().equals(other.getUnknownFields())) return false; + return true; + } + + @java.lang.Override + public int hashCode() { + if (memoizedHashCode != 0) { + return memoizedHashCode; + } + int hash = 41; + hash = (19 * hash) + getDescriptor().hashCode(); + hash = (37 * hash) + OUT_BYTES_FIELD_NUMBER; + hash = (53 * hash) + getOutBytes().hashCode(); + hash = (29 * hash) + getUnknownFields().hashCode(); + memoizedHashCode = hash; + return hash; + } + + public static io.grpc.s2a.handshaker.OffloadPrivateKeyOperationResp parseFrom( + java.nio.ByteBuffer data) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data); + } + public static io.grpc.s2a.handshaker.OffloadPrivateKeyOperationResp parseFrom( + java.nio.ByteBuffer data, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data, extensionRegistry); + } + public static io.grpc.s2a.handshaker.OffloadPrivateKeyOperationResp parseFrom( + com.google.protobuf.ByteString data) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data); + } + public static io.grpc.s2a.handshaker.OffloadPrivateKeyOperationResp parseFrom( + com.google.protobuf.ByteString data, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data, extensionRegistry); + } + public static io.grpc.s2a.handshaker.OffloadPrivateKeyOperationResp parseFrom(byte[] data) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data); + } + public static io.grpc.s2a.handshaker.OffloadPrivateKeyOperationResp parseFrom( + byte[] data, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data, extensionRegistry); + } + public static io.grpc.s2a.handshaker.OffloadPrivateKeyOperationResp parseFrom(java.io.InputStream input) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input); + } + public static io.grpc.s2a.handshaker.OffloadPrivateKeyOperationResp parseFrom( + java.io.InputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input, extensionRegistry); + } + + public static io.grpc.s2a.handshaker.OffloadPrivateKeyOperationResp parseDelimitedFrom(java.io.InputStream input) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseDelimitedWithIOException(PARSER, input); + } + + public static io.grpc.s2a.handshaker.OffloadPrivateKeyOperationResp parseDelimitedFrom( + java.io.InputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseDelimitedWithIOException(PARSER, input, extensionRegistry); + } + public static io.grpc.s2a.handshaker.OffloadPrivateKeyOperationResp parseFrom( + com.google.protobuf.CodedInputStream input) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input); + } + public static io.grpc.s2a.handshaker.OffloadPrivateKeyOperationResp parseFrom( + com.google.protobuf.CodedInputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input, extensionRegistry); + } + + @java.lang.Override + public Builder newBuilderForType() { return newBuilder(); } + public static Builder newBuilder() { + return DEFAULT_INSTANCE.toBuilder(); + } + public static Builder newBuilder(io.grpc.s2a.handshaker.OffloadPrivateKeyOperationResp prototype) { + return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype); + } + @java.lang.Override + public Builder toBuilder() { + return this == DEFAULT_INSTANCE + ? new Builder() : new Builder().mergeFrom(this); + } + + @java.lang.Override + protected Builder newBuilderForType( + com.google.protobuf.GeneratedMessageV3.BuilderParent parent) { + Builder builder = new Builder(parent); + return builder; + } + /** + * Protobuf type {@code grpc.gcp.OffloadPrivateKeyOperationResp} + */ + public static final class Builder extends + com.google.protobuf.GeneratedMessageV3.Builder implements + // @@protoc_insertion_point(builder_implements:grpc.gcp.OffloadPrivateKeyOperationResp) + io.grpc.s2a.handshaker.OffloadPrivateKeyOperationRespOrBuilder { + public static final com.google.protobuf.Descriptors.Descriptor + getDescriptor() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_OffloadPrivateKeyOperationResp_descriptor; + } + + @java.lang.Override + protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable + internalGetFieldAccessorTable() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_OffloadPrivateKeyOperationResp_fieldAccessorTable + .ensureFieldAccessorsInitialized( + io.grpc.s2a.handshaker.OffloadPrivateKeyOperationResp.class, io.grpc.s2a.handshaker.OffloadPrivateKeyOperationResp.Builder.class); + } + + // Construct using io.grpc.s2a.handshaker.OffloadPrivateKeyOperationResp.newBuilder() + private Builder() { + + } + + private Builder( + com.google.protobuf.GeneratedMessageV3.BuilderParent parent) { + super(parent); + + } + @java.lang.Override + public Builder clear() { + super.clear(); + bitField0_ = 0; + outBytes_ = com.google.protobuf.ByteString.EMPTY; + return this; + } + + @java.lang.Override + public com.google.protobuf.Descriptors.Descriptor + getDescriptorForType() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_OffloadPrivateKeyOperationResp_descriptor; + } + + @java.lang.Override + public io.grpc.s2a.handshaker.OffloadPrivateKeyOperationResp getDefaultInstanceForType() { + return io.grpc.s2a.handshaker.OffloadPrivateKeyOperationResp.getDefaultInstance(); + } + + @java.lang.Override + public io.grpc.s2a.handshaker.OffloadPrivateKeyOperationResp build() { + io.grpc.s2a.handshaker.OffloadPrivateKeyOperationResp result = buildPartial(); + if (!result.isInitialized()) { + throw newUninitializedMessageException(result); + } + return result; + } + + @java.lang.Override + public io.grpc.s2a.handshaker.OffloadPrivateKeyOperationResp buildPartial() { + io.grpc.s2a.handshaker.OffloadPrivateKeyOperationResp result = new io.grpc.s2a.handshaker.OffloadPrivateKeyOperationResp(this); + if (bitField0_ != 0) { buildPartial0(result); } + onBuilt(); + return result; + } + + private void buildPartial0(io.grpc.s2a.handshaker.OffloadPrivateKeyOperationResp result) { + int from_bitField0_ = bitField0_; + if (((from_bitField0_ & 0x00000001) != 0)) { + result.outBytes_ = outBytes_; + } + } + + @java.lang.Override + public Builder clone() { + return super.clone(); + } + @java.lang.Override + public Builder setField( + com.google.protobuf.Descriptors.FieldDescriptor field, + java.lang.Object value) { + return super.setField(field, value); + } + @java.lang.Override + public Builder clearField( + com.google.protobuf.Descriptors.FieldDescriptor field) { + return super.clearField(field); + } + @java.lang.Override + public Builder clearOneof( + com.google.protobuf.Descriptors.OneofDescriptor oneof) { + return super.clearOneof(oneof); + } + @java.lang.Override + public Builder setRepeatedField( + com.google.protobuf.Descriptors.FieldDescriptor field, + int index, java.lang.Object value) { + return super.setRepeatedField(field, index, value); + } + @java.lang.Override + public Builder addRepeatedField( + com.google.protobuf.Descriptors.FieldDescriptor field, + java.lang.Object value) { + return super.addRepeatedField(field, value); + } + @java.lang.Override + public Builder mergeFrom(com.google.protobuf.Message other) { + if (other instanceof io.grpc.s2a.handshaker.OffloadPrivateKeyOperationResp) { + return mergeFrom((io.grpc.s2a.handshaker.OffloadPrivateKeyOperationResp)other); + } else { + super.mergeFrom(other); + return this; + } + } + + public Builder mergeFrom(io.grpc.s2a.handshaker.OffloadPrivateKeyOperationResp other) { + if (other == io.grpc.s2a.handshaker.OffloadPrivateKeyOperationResp.getDefaultInstance()) return this; + if (other.getOutBytes() != com.google.protobuf.ByteString.EMPTY) { + setOutBytes(other.getOutBytes()); + } + this.mergeUnknownFields(other.getUnknownFields()); + onChanged(); + return this; + } + + @java.lang.Override + public final boolean isInitialized() { + return true; + } + + @java.lang.Override + public Builder mergeFrom( + com.google.protobuf.CodedInputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + if (extensionRegistry == null) { + throw new java.lang.NullPointerException(); + } + try { + boolean done = false; + while (!done) { + int tag = input.readTag(); + switch (tag) { + case 0: + done = true; + break; + case 10: { + outBytes_ = input.readBytes(); + bitField0_ |= 0x00000001; + break; + } // case 10 + default: { + if (!super.parseUnknownField(input, extensionRegistry, tag)) { + done = true; // was an endgroup tag + } + break; + } // default: + } // switch (tag) + } // while (!done) + } catch (com.google.protobuf.InvalidProtocolBufferException e) { + throw e.unwrapIOException(); + } finally { + onChanged(); + } // finally + return this; + } + private int bitField0_; + + private com.google.protobuf.ByteString outBytes_ = com.google.protobuf.ByteString.EMPTY; + /** + * 
+     * The signed or decrypted output bytes.
+     *
+ * + * bytes out_bytes = 1; + * @return The outBytes. + */ + @java.lang.Override + public com.google.protobuf.ByteString getOutBytes() { + return outBytes_; + } + /** + * 
+     * The signed or decrypted output bytes.
+     *
+ * + * bytes out_bytes = 1; + * @param value The outBytes to set. + * @return This builder for chaining. + */ + public Builder setOutBytes(com.google.protobuf.ByteString value) { + if (value == null) { throw new NullPointerException(); } + outBytes_ = value; + bitField0_ |= 0x00000001; + onChanged(); + return this; + } + /** + * 
+     * The signed or decrypted output bytes.
+     *
+ * + * bytes out_bytes = 1; + * @return This builder for chaining. + */ + public Builder clearOutBytes() { + bitField0_ = (bitField0_ & ~0x00000001); + outBytes_ = getDefaultInstance().getOutBytes(); + onChanged(); + return this; + } + @java.lang.Override + public final Builder setUnknownFields( + final com.google.protobuf.UnknownFieldSet unknownFields) { + return super.setUnknownFields(unknownFields); + } + + @java.lang.Override + public final Builder mergeUnknownFields( + final com.google.protobuf.UnknownFieldSet unknownFields) { + return super.mergeUnknownFields(unknownFields); + } + + + // @@protoc_insertion_point(builder_scope:grpc.gcp.OffloadPrivateKeyOperationResp) + } + + // @@protoc_insertion_point(class_scope:grpc.gcp.OffloadPrivateKeyOperationResp) + private static final io.grpc.s2a.handshaker.OffloadPrivateKeyOperationResp DEFAULT_INSTANCE; + static { + DEFAULT_INSTANCE = new io.grpc.s2a.handshaker.OffloadPrivateKeyOperationResp(); + } + + public static io.grpc.s2a.handshaker.OffloadPrivateKeyOperationResp getDefaultInstance() { + return DEFAULT_INSTANCE; + } + + private static final com.google.protobuf.Parser + PARSER = new com.google.protobuf.AbstractParser() { + @java.lang.Override + public OffloadPrivateKeyOperationResp parsePartialFrom( + com.google.protobuf.CodedInputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + Builder builder = newBuilder(); + try { + builder.mergeFrom(input, extensionRegistry); + } catch (com.google.protobuf.InvalidProtocolBufferException e) { + throw e.setUnfinishedMessage(builder.buildPartial()); + } catch (com.google.protobuf.UninitializedMessageException e) { + throw e.asInvalidProtocolBufferException().setUnfinishedMessage(builder.buildPartial()); + } catch (java.io.IOException e) { + throw new com.google.protobuf.InvalidProtocolBufferException(e) + .setUnfinishedMessage(builder.buildPartial()); + } + return builder.buildPartial(); + } + }; + + public static com.google.protobuf.Parser parser() { + return PARSER; + } + + @java.lang.Override + public com.google.protobuf.Parser getParserForType() { + return PARSER; + } + + @java.lang.Override + public io.grpc.s2a.handshaker.OffloadPrivateKeyOperationResp getDefaultInstanceForType() { + return DEFAULT_INSTANCE; + } + +} + diff --git a/s2a/src/generated/main/java/io/grpc/s2a/handshaker/OffloadPrivateKeyOperationRespOrBuilder.java b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/OffloadPrivateKeyOperationRespOrBuilder.java new file mode 100644 index 000000000000..284db2627e5e --- /dev/null +++ b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/OffloadPrivateKeyOperationRespOrBuilder.java @@ -0,0 +1,20 @@ +// Generated by the protocol buffer compiler. DO NOT EDIT! +// source: s2a.proto + +// Protobuf Java Version: 3.25.1 +package io.grpc.s2a.handshaker; + +public interface OffloadPrivateKeyOperationRespOrBuilder extends + // @@protoc_insertion_point(interface_extends:grpc.gcp.OffloadPrivateKeyOperationResp) + com.google.protobuf.MessageOrBuilder { + + /** + * 
+   * The signed or decrypted output bytes.
+   *
+ * + * bytes out_bytes = 1; + * @return The outBytes. + */ + com.google.protobuf.ByteString getOutBytes(); +} diff --git a/s2a/src/generated/main/java/io/grpc/s2a/handshaker/OffloadResumptionKeyOperationReq.java b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/OffloadResumptionKeyOperationReq.java new file mode 100644 index 000000000000..bf3b6553c549 --- /dev/null +++ b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/OffloadResumptionKeyOperationReq.java @@ -0,0 +1,728 @@ +// Generated by the protocol buffer compiler. DO NOT EDIT! +// source: s2a.proto + +// Protobuf Java Version: 3.25.1 +package io.grpc.s2a.handshaker; + +/** + * Protobuf type {@code grpc.gcp.OffloadResumptionKeyOperationReq} + */ +public final class OffloadResumptionKeyOperationReq extends + com.google.protobuf.GeneratedMessageV3 implements + // @@protoc_insertion_point(message_implements:grpc.gcp.OffloadResumptionKeyOperationReq) + OffloadResumptionKeyOperationReqOrBuilder { +private static final long serialVersionUID = 0L; + // Use OffloadResumptionKeyOperationReq.newBuilder() to construct. + private OffloadResumptionKeyOperationReq(com.google.protobuf.GeneratedMessageV3.Builder builder) { + super(builder); + } + private OffloadResumptionKeyOperationReq() { + operation_ = 0; + inBytes_ = com.google.protobuf.ByteString.EMPTY; + } + + @java.lang.Override + @SuppressWarnings({"unused"}) + protected java.lang.Object newInstance( + UnusedPrivateParameter unused) { + return new OffloadResumptionKeyOperationReq(); + } + + public static final com.google.protobuf.Descriptors.Descriptor + getDescriptor() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_OffloadResumptionKeyOperationReq_descriptor; + } + + @java.lang.Override + protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable + internalGetFieldAccessorTable() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_OffloadResumptionKeyOperationReq_fieldAccessorTable + .ensureFieldAccessorsInitialized( + io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq.class, io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq.Builder.class); + } + + /** + * Protobuf enum {@code grpc.gcp.OffloadResumptionKeyOperationReq.ResumptionKeyOperation} + */ + public enum ResumptionKeyOperation + implements com.google.protobuf.ProtocolMessageEnum { + /** + * UNSPECIFIED = 0; + */ + UNSPECIFIED(0), + /** + * ENCRYPT = 1; + */ + ENCRYPT(1), + /** + * DECRYPT = 2; + */ + DECRYPT(2), + UNRECOGNIZED(-1), + ; + + /** + * UNSPECIFIED = 0; + */ + public static final int UNSPECIFIED_VALUE = 0; + /** + * ENCRYPT = 1; + */ + public static final int ENCRYPT_VALUE = 1; + /** + * DECRYPT = 2; + */ + public static final int DECRYPT_VALUE = 2; + + + public final int getNumber() { + if (this == UNRECOGNIZED) { + throw new java.lang.IllegalArgumentException( + "Can't get the number of an unknown enum value."); + } + return value; + } + + /** + * @param value The numeric wire value of the corresponding enum entry. + * @return The enum associated with the given numeric wire value. + * @deprecated Use {@link #forNumber(int)} instead. + */ + @java.lang.Deprecated + public static ResumptionKeyOperation valueOf(int value) { + return forNumber(value); + } + + /** + * @param value The numeric wire value of the corresponding enum entry. + * @return The enum associated with the given numeric wire value. + */ + public static ResumptionKeyOperation forNumber(int value) { + switch (value) { + case 0: return UNSPECIFIED; + case 1: return ENCRYPT; + case 2: return DECRYPT; + default: return null; + } + } + + public static com.google.protobuf.Internal.EnumLiteMap + internalGetValueMap() { + return internalValueMap; + } + private static final com.google.protobuf.Internal.EnumLiteMap< + ResumptionKeyOperation> internalValueMap = + new com.google.protobuf.Internal.EnumLiteMap() { + public ResumptionKeyOperation findValueByNumber(int number) { + return ResumptionKeyOperation.forNumber(number); + } + }; + + public final com.google.protobuf.Descriptors.EnumValueDescriptor + getValueDescriptor() { + if (this == UNRECOGNIZED) { + throw new java.lang.IllegalStateException( + "Can't get the descriptor of an unrecognized enum value."); + } + return getDescriptor().getValues().get(ordinal()); + } + public final com.google.protobuf.Descriptors.EnumDescriptor + getDescriptorForType() { + return getDescriptor(); + } + public static final com.google.protobuf.Descriptors.EnumDescriptor + getDescriptor() { + return io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq.getDescriptor().getEnumTypes().get(0); + } + + private static final ResumptionKeyOperation[] VALUES = values(); + + public static ResumptionKeyOperation valueOf( + com.google.protobuf.Descriptors.EnumValueDescriptor desc) { + if (desc.getType() != getDescriptor()) { + throw new java.lang.IllegalArgumentException( + "EnumValueDescriptor is not for this type."); + } + if (desc.getIndex() == -1) { + return UNRECOGNIZED; + } + return VALUES[desc.getIndex()]; + } + + private final int value; + + private ResumptionKeyOperation(int value) { + this.value = value; + } + + // @@protoc_insertion_point(enum_scope:grpc.gcp.OffloadResumptionKeyOperationReq.ResumptionKeyOperation) + } + + public static final int OPERATION_FIELD_NUMBER = 1; + private int operation_ = 0; + /** + * 
+   * The operation the resumption key is used for.
+   *
+ * + * .grpc.gcp.OffloadResumptionKeyOperationReq.ResumptionKeyOperation operation = 1; + * @return The enum numeric value on the wire for operation. + */ + @java.lang.Override public int getOperationValue() { + return operation_; + } + /** + * 
+   * The operation the resumption key is used for.
+   *
+ * + * .grpc.gcp.OffloadResumptionKeyOperationReq.ResumptionKeyOperation operation = 1; + * @return The operation. + */ + @java.lang.Override public io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq.ResumptionKeyOperation getOperation() { + io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq.ResumptionKeyOperation result = io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq.ResumptionKeyOperation.forNumber(operation_); + return result == null ? io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq.ResumptionKeyOperation.UNRECOGNIZED : result; + } + + public static final int IN_BYTES_FIELD_NUMBER = 2; + private com.google.protobuf.ByteString inBytes_ = com.google.protobuf.ByteString.EMPTY; + /** + * 
+   * The bytes to be encrypted or decrypted.
+   *
+ * + * bytes in_bytes = 2; + * @return The inBytes. + */ + @java.lang.Override + public com.google.protobuf.ByteString getInBytes() { + return inBytes_; + } + + private byte memoizedIsInitialized = -1; + @java.lang.Override + public final boolean isInitialized() { + byte isInitialized = memoizedIsInitialized; + if (isInitialized == 1) return true; + if (isInitialized == 0) return false; + + memoizedIsInitialized = 1; + return true; + } + + @java.lang.Override + public void writeTo(com.google.protobuf.CodedOutputStream output) + throws java.io.IOException { + if (operation_ != io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq.ResumptionKeyOperation.UNSPECIFIED.getNumber()) { + output.writeEnum(1, operation_); + } + if (!inBytes_.isEmpty()) { + output.writeBytes(2, inBytes_); + } + getUnknownFields().writeTo(output); + } + + @java.lang.Override + public int getSerializedSize() { + int size = memoizedSize; + if (size != -1) return size; + + size = 0; + if (operation_ != io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq.ResumptionKeyOperation.UNSPECIFIED.getNumber()) { + size += com.google.protobuf.CodedOutputStream + .computeEnumSize(1, operation_); + } + if (!inBytes_.isEmpty()) { + size += com.google.protobuf.CodedOutputStream + .computeBytesSize(2, inBytes_); + } + size += getUnknownFields().getSerializedSize(); + memoizedSize = size; + return size; + } + + @java.lang.Override + public boolean equals(final java.lang.Object obj) { + if (obj == this) { + return true; + } + if (!(obj instanceof io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq)) { + return super.equals(obj); + } + io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq other = (io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq) obj; + + if (operation_ != other.operation_) return false; + if (!getInBytes() + .equals(other.getInBytes())) return false; + if (!getUnknownFields().equals(other.getUnknownFields())) return false; + return true; + } + + @java.lang.Override + public int hashCode() { + if (memoizedHashCode != 0) { + return memoizedHashCode; + } + int hash = 41; + hash = (19 * hash) + getDescriptor().hashCode(); + hash = (37 * hash) + OPERATION_FIELD_NUMBER; + hash = (53 * hash) + operation_; + hash = (37 * hash) + IN_BYTES_FIELD_NUMBER; + hash = (53 * hash) + getInBytes().hashCode(); + hash = (29 * hash) + getUnknownFields().hashCode(); + memoizedHashCode = hash; + return hash; + } + + public static io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq parseFrom( + java.nio.ByteBuffer data) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data); + } + public static io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq parseFrom( + java.nio.ByteBuffer data, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data, extensionRegistry); + } + public static io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq parseFrom( + com.google.protobuf.ByteString data) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data); + } + public static io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq parseFrom( + com.google.protobuf.ByteString data, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data, extensionRegistry); + } + public static io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq parseFrom(byte[] data) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data); + } + public static io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq parseFrom( + byte[] data, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data, extensionRegistry); + } + public static io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq parseFrom(java.io.InputStream input) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input); + } + public static io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq parseFrom( + java.io.InputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input, extensionRegistry); + } + + public static io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq parseDelimitedFrom(java.io.InputStream input) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseDelimitedWithIOException(PARSER, input); + } + + public static io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq parseDelimitedFrom( + java.io.InputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseDelimitedWithIOException(PARSER, input, extensionRegistry); + } + public static io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq parseFrom( + com.google.protobuf.CodedInputStream input) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input); + } + public static io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq parseFrom( + com.google.protobuf.CodedInputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input, extensionRegistry); + } + + @java.lang.Override + public Builder newBuilderForType() { return newBuilder(); } + public static Builder newBuilder() { + return DEFAULT_INSTANCE.toBuilder(); + } + public static Builder newBuilder(io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq prototype) { + return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype); + } + @java.lang.Override + public Builder toBuilder() { + return this == DEFAULT_INSTANCE + ? new Builder() : new Builder().mergeFrom(this); + } + + @java.lang.Override + protected Builder newBuilderForType( + com.google.protobuf.GeneratedMessageV3.BuilderParent parent) { + Builder builder = new Builder(parent); + return builder; + } + /** + * Protobuf type {@code grpc.gcp.OffloadResumptionKeyOperationReq} + */ + public static final class Builder extends + com.google.protobuf.GeneratedMessageV3.Builder implements + // @@protoc_insertion_point(builder_implements:grpc.gcp.OffloadResumptionKeyOperationReq) + io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReqOrBuilder { + public static final com.google.protobuf.Descriptors.Descriptor + getDescriptor() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_OffloadResumptionKeyOperationReq_descriptor; + } + + @java.lang.Override + protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable + internalGetFieldAccessorTable() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_OffloadResumptionKeyOperationReq_fieldAccessorTable + .ensureFieldAccessorsInitialized( + io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq.class, io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq.Builder.class); + } + + // Construct using io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq.newBuilder() + private Builder() { + + } + + private Builder( + com.google.protobuf.GeneratedMessageV3.BuilderParent parent) { + super(parent); + + } + @java.lang.Override + public Builder clear() { + super.clear(); + bitField0_ = 0; + operation_ = 0; + inBytes_ = com.google.protobuf.ByteString.EMPTY; + return this; + } + + @java.lang.Override + public com.google.protobuf.Descriptors.Descriptor + getDescriptorForType() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_OffloadResumptionKeyOperationReq_descriptor; + } + + @java.lang.Override + public io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq getDefaultInstanceForType() { + return io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq.getDefaultInstance(); + } + + @java.lang.Override + public io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq build() { + io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq result = buildPartial(); + if (!result.isInitialized()) { + throw newUninitializedMessageException(result); + } + return result; + } + + @java.lang.Override + public io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq buildPartial() { + io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq result = new io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq(this); + if (bitField0_ != 0) { buildPartial0(result); } + onBuilt(); + return result; + } + + private void buildPartial0(io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq result) { + int from_bitField0_ = bitField0_; + if (((from_bitField0_ & 0x00000001) != 0)) { + result.operation_ = operation_; + } + if (((from_bitField0_ & 0x00000002) != 0)) { + result.inBytes_ = inBytes_; + } + } + + @java.lang.Override + public Builder clone() { + return super.clone(); + } + @java.lang.Override + public Builder setField( + com.google.protobuf.Descriptors.FieldDescriptor field, + java.lang.Object value) { + return super.setField(field, value); + } + @java.lang.Override + public Builder clearField( + com.google.protobuf.Descriptors.FieldDescriptor field) { + return super.clearField(field); + } + @java.lang.Override + public Builder clearOneof( + com.google.protobuf.Descriptors.OneofDescriptor oneof) { + return super.clearOneof(oneof); + } + @java.lang.Override + public Builder setRepeatedField( + com.google.protobuf.Descriptors.FieldDescriptor field, + int index, java.lang.Object value) { + return super.setRepeatedField(field, index, value); + } + @java.lang.Override + public Builder addRepeatedField( + com.google.protobuf.Descriptors.FieldDescriptor field, + java.lang.Object value) { + return super.addRepeatedField(field, value); + } + @java.lang.Override + public Builder mergeFrom(com.google.protobuf.Message other) { + if (other instanceof io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq) { + return mergeFrom((io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq)other); + } else { + super.mergeFrom(other); + return this; + } + } + + public Builder mergeFrom(io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq other) { + if (other == io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq.getDefaultInstance()) return this; + if (other.operation_ != 0) { + setOperationValue(other.getOperationValue()); + } + if (other.getInBytes() != com.google.protobuf.ByteString.EMPTY) { + setInBytes(other.getInBytes()); + } + this.mergeUnknownFields(other.getUnknownFields()); + onChanged(); + return this; + } + + @java.lang.Override + public final boolean isInitialized() { + return true; + } + + @java.lang.Override + public Builder mergeFrom( + com.google.protobuf.CodedInputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + if (extensionRegistry == null) { + throw new java.lang.NullPointerException(); + } + try { + boolean done = false; + while (!done) { + int tag = input.readTag(); + switch (tag) { + case 0: + done = true; + break; + case 8: { + operation_ = input.readEnum(); + bitField0_ |= 0x00000001; + break; + } // case 8 + case 18: { + inBytes_ = input.readBytes(); + bitField0_ |= 0x00000002; + break; + } // case 18 + default: { + if (!super.parseUnknownField(input, extensionRegistry, tag)) { + done = true; // was an endgroup tag + } + break; + } // default: + } // switch (tag) + } // while (!done) + } catch (com.google.protobuf.InvalidProtocolBufferException e) { + throw e.unwrapIOException(); + } finally { + onChanged(); + } // finally + return this; + } + private int bitField0_; + + private int operation_ = 0; + /** + * 
+     * The operation the resumption key is used for.
+     *
+ * + * .grpc.gcp.OffloadResumptionKeyOperationReq.ResumptionKeyOperation operation = 1; + * @return The enum numeric value on the wire for operation. + */ + @java.lang.Override public int getOperationValue() { + return operation_; + } + /** + * 
+     * The operation the resumption key is used for.
+     *
+ * + * .grpc.gcp.OffloadResumptionKeyOperationReq.ResumptionKeyOperation operation = 1; + * @param value The enum numeric value on the wire for operation to set. + * @return This builder for chaining. + */ + public Builder setOperationValue(int value) { + operation_ = value; + bitField0_ |= 0x00000001; + onChanged(); + return this; + } + /** + * 
+     * The operation the resumption key is used for.
+     *
+ * + * .grpc.gcp.OffloadResumptionKeyOperationReq.ResumptionKeyOperation operation = 1; + * @return The operation. + */ + @java.lang.Override + public io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq.ResumptionKeyOperation getOperation() { + io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq.ResumptionKeyOperation result = io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq.ResumptionKeyOperation.forNumber(operation_); + return result == null ? io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq.ResumptionKeyOperation.UNRECOGNIZED : result; + } + /** + * 
+     * The operation the resumption key is used for.
+     *
+ * + * .grpc.gcp.OffloadResumptionKeyOperationReq.ResumptionKeyOperation operation = 1; + * @param value The operation to set. + * @return This builder for chaining. + */ + public Builder setOperation(io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq.ResumptionKeyOperation value) { + if (value == null) { + throw new NullPointerException(); + } + bitField0_ |= 0x00000001; + operation_ = value.getNumber(); + onChanged(); + return this; + } + /** + * 
+     * The operation the resumption key is used for.
+     *
+ * + * .grpc.gcp.OffloadResumptionKeyOperationReq.ResumptionKeyOperation operation = 1; + * @return This builder for chaining. + */ + public Builder clearOperation() { + bitField0_ = (bitField0_ & ~0x00000001); + operation_ = 0; + onChanged(); + return this; + } + + private com.google.protobuf.ByteString inBytes_ = com.google.protobuf.ByteString.EMPTY; + /** + * 
+     * The bytes to be encrypted or decrypted.
+     *
+ * + * bytes in_bytes = 2; + * @return The inBytes. + */ + @java.lang.Override + public com.google.protobuf.ByteString getInBytes() { + return inBytes_; + } + /** + * 
+     * The bytes to be encrypted or decrypted.
+     *
+ * + * bytes in_bytes = 2; + * @param value The inBytes to set. + * @return This builder for chaining. + */ + public Builder setInBytes(com.google.protobuf.ByteString value) { + if (value == null) { throw new NullPointerException(); } + inBytes_ = value; + bitField0_ |= 0x00000002; + onChanged(); + return this; + } + /** + * 
+     * The bytes to be encrypted or decrypted.
+     *
+ * + * bytes in_bytes = 2; + * @return This builder for chaining. + */ + public Builder clearInBytes() { + bitField0_ = (bitField0_ & ~0x00000002); + inBytes_ = getDefaultInstance().getInBytes(); + onChanged(); + return this; + } + @java.lang.Override + public final Builder setUnknownFields( + final com.google.protobuf.UnknownFieldSet unknownFields) { + return super.setUnknownFields(unknownFields); + } + + @java.lang.Override + public final Builder mergeUnknownFields( + final com.google.protobuf.UnknownFieldSet unknownFields) { + return super.mergeUnknownFields(unknownFields); + } + + + // @@protoc_insertion_point(builder_scope:grpc.gcp.OffloadResumptionKeyOperationReq) + } + + // @@protoc_insertion_point(class_scope:grpc.gcp.OffloadResumptionKeyOperationReq) + private static final io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq DEFAULT_INSTANCE; + static { + DEFAULT_INSTANCE = new io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq(); + } + + public static io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq getDefaultInstance() { + return DEFAULT_INSTANCE; + } + + private static final com.google.protobuf.Parser + PARSER = new com.google.protobuf.AbstractParser() { + @java.lang.Override + public OffloadResumptionKeyOperationReq parsePartialFrom( + com.google.protobuf.CodedInputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + Builder builder = newBuilder(); + try { + builder.mergeFrom(input, extensionRegistry); + } catch (com.google.protobuf.InvalidProtocolBufferException e) { + throw e.setUnfinishedMessage(builder.buildPartial()); + } catch (com.google.protobuf.UninitializedMessageException e) { + throw e.asInvalidProtocolBufferException().setUnfinishedMessage(builder.buildPartial()); + } catch (java.io.IOException e) { + throw new com.google.protobuf.InvalidProtocolBufferException(e) + .setUnfinishedMessage(builder.buildPartial()); + } + return builder.buildPartial(); + } + }; + + public static com.google.protobuf.Parser parser() { + return PARSER; + } + + @java.lang.Override + public com.google.protobuf.Parser getParserForType() { + return PARSER; + } + + @java.lang.Override + public io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq getDefaultInstanceForType() { + return DEFAULT_INSTANCE; + } + +} + diff --git a/s2a/src/generated/main/java/io/grpc/s2a/handshaker/OffloadResumptionKeyOperationReqOrBuilder.java b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/OffloadResumptionKeyOperationReqOrBuilder.java new file mode 100644 index 000000000000..ae1c1648c41d --- /dev/null +++ b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/OffloadResumptionKeyOperationReqOrBuilder.java @@ -0,0 +1,39 @@ +// Generated by the protocol buffer compiler. DO NOT EDIT! +// source: s2a.proto + +// Protobuf Java Version: 3.25.1 +package io.grpc.s2a.handshaker; + +public interface OffloadResumptionKeyOperationReqOrBuilder extends + // @@protoc_insertion_point(interface_extends:grpc.gcp.OffloadResumptionKeyOperationReq) + com.google.protobuf.MessageOrBuilder { + + /** + * 
+   * The operation the resumption key is used for.
+   *
+ * + * .grpc.gcp.OffloadResumptionKeyOperationReq.ResumptionKeyOperation operation = 1; + * @return The enum numeric value on the wire for operation. + */ + int getOperationValue(); + /** + * 
+   * The operation the resumption key is used for.
+   *
+ * + * .grpc.gcp.OffloadResumptionKeyOperationReq.ResumptionKeyOperation operation = 1; + * @return The operation. + */ + io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq.ResumptionKeyOperation getOperation(); + + /** + * 
+   * The bytes to be encrypted or decrypted.
+   *
+ * + * bytes in_bytes = 2; + * @return The inBytes. + */ + com.google.protobuf.ByteString getInBytes(); +} diff --git a/s2a/src/generated/main/java/io/grpc/s2a/handshaker/OffloadResumptionKeyOperationResp.java b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/OffloadResumptionKeyOperationResp.java new file mode 100644 index 000000000000..c298fd98b210 --- /dev/null +++ b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/OffloadResumptionKeyOperationResp.java @@ -0,0 +1,489 @@ +// Generated by the protocol buffer compiler. DO NOT EDIT! +// source: s2a.proto + +// Protobuf Java Version: 3.25.1 +package io.grpc.s2a.handshaker; + +/** + * Protobuf type {@code grpc.gcp.OffloadResumptionKeyOperationResp} + */ +public final class OffloadResumptionKeyOperationResp extends + com.google.protobuf.GeneratedMessageV3 implements + // @@protoc_insertion_point(message_implements:grpc.gcp.OffloadResumptionKeyOperationResp) + OffloadResumptionKeyOperationRespOrBuilder { +private static final long serialVersionUID = 0L; + // Use OffloadResumptionKeyOperationResp.newBuilder() to construct. + private OffloadResumptionKeyOperationResp(com.google.protobuf.GeneratedMessageV3.Builder builder) { + super(builder); + } + private OffloadResumptionKeyOperationResp() { + outBytes_ = com.google.protobuf.ByteString.EMPTY; + } + + @java.lang.Override + @SuppressWarnings({"unused"}) + protected java.lang.Object newInstance( + UnusedPrivateParameter unused) { + return new OffloadResumptionKeyOperationResp(); + } + + public static final com.google.protobuf.Descriptors.Descriptor + getDescriptor() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_OffloadResumptionKeyOperationResp_descriptor; + } + + @java.lang.Override + protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable + internalGetFieldAccessorTable() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_OffloadResumptionKeyOperationResp_fieldAccessorTable + .ensureFieldAccessorsInitialized( + io.grpc.s2a.handshaker.OffloadResumptionKeyOperationResp.class, io.grpc.s2a.handshaker.OffloadResumptionKeyOperationResp.Builder.class); + } + + public static final int OUT_BYTES_FIELD_NUMBER = 1; + private com.google.protobuf.ByteString outBytes_ = com.google.protobuf.ByteString.EMPTY; + /** + * 
+   * The encrypted or decrypted bytes.
+   *
+ * + * bytes out_bytes = 1; + * @return The outBytes. + */ + @java.lang.Override + public com.google.protobuf.ByteString getOutBytes() { + return outBytes_; + } + + private byte memoizedIsInitialized = -1; + @java.lang.Override + public final boolean isInitialized() { + byte isInitialized = memoizedIsInitialized; + if (isInitialized == 1) return true; + if (isInitialized == 0) return false; + + memoizedIsInitialized = 1; + return true; + } + + @java.lang.Override + public void writeTo(com.google.protobuf.CodedOutputStream output) + throws java.io.IOException { + if (!outBytes_.isEmpty()) { + output.writeBytes(1, outBytes_); + } + getUnknownFields().writeTo(output); + } + + @java.lang.Override + public int getSerializedSize() { + int size = memoizedSize; + if (size != -1) return size; + + size = 0; + if (!outBytes_.isEmpty()) { + size += com.google.protobuf.CodedOutputStream + .computeBytesSize(1, outBytes_); + } + size += getUnknownFields().getSerializedSize(); + memoizedSize = size; + return size; + } + + @java.lang.Override + public boolean equals(final java.lang.Object obj) { + if (obj == this) { + return true; + } + if (!(obj instanceof io.grpc.s2a.handshaker.OffloadResumptionKeyOperationResp)) { + return super.equals(obj); + } + io.grpc.s2a.handshaker.OffloadResumptionKeyOperationResp other = (io.grpc.s2a.handshaker.OffloadResumptionKeyOperationResp) obj; + + if (!getOutBytes() + .equals(other.getOutBytes())) return false; + if (!getUnknownFields().equals(other.getUnknownFields())) return false; + return true; + } + + @java.lang.Override + public int hashCode() { + if (memoizedHashCode != 0) { + return memoizedHashCode; + } + int hash = 41; + hash = (19 * hash) + getDescriptor().hashCode(); + hash = (37 * hash) + OUT_BYTES_FIELD_NUMBER; + hash = (53 * hash) + getOutBytes().hashCode(); + hash = (29 * hash) + getUnknownFields().hashCode(); + memoizedHashCode = hash; + return hash; + } + + public static io.grpc.s2a.handshaker.OffloadResumptionKeyOperationResp parseFrom( + java.nio.ByteBuffer data) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data); + } + public static io.grpc.s2a.handshaker.OffloadResumptionKeyOperationResp parseFrom( + java.nio.ByteBuffer data, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data, extensionRegistry); + } + public static io.grpc.s2a.handshaker.OffloadResumptionKeyOperationResp parseFrom( + com.google.protobuf.ByteString data) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data); + } + public static io.grpc.s2a.handshaker.OffloadResumptionKeyOperationResp parseFrom( + com.google.protobuf.ByteString data, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data, extensionRegistry); + } + public static io.grpc.s2a.handshaker.OffloadResumptionKeyOperationResp parseFrom(byte[] data) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data); + } + public static io.grpc.s2a.handshaker.OffloadResumptionKeyOperationResp parseFrom( + byte[] data, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data, extensionRegistry); + } + public static io.grpc.s2a.handshaker.OffloadResumptionKeyOperationResp parseFrom(java.io.InputStream input) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input); + } + public static io.grpc.s2a.handshaker.OffloadResumptionKeyOperationResp parseFrom( + java.io.InputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input, extensionRegistry); + } + + public static io.grpc.s2a.handshaker.OffloadResumptionKeyOperationResp parseDelimitedFrom(java.io.InputStream input) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseDelimitedWithIOException(PARSER, input); + } + + public static io.grpc.s2a.handshaker.OffloadResumptionKeyOperationResp parseDelimitedFrom( + java.io.InputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseDelimitedWithIOException(PARSER, input, extensionRegistry); + } + public static io.grpc.s2a.handshaker.OffloadResumptionKeyOperationResp parseFrom( + com.google.protobuf.CodedInputStream input) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input); + } + public static io.grpc.s2a.handshaker.OffloadResumptionKeyOperationResp parseFrom( + com.google.protobuf.CodedInputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input, extensionRegistry); + } + + @java.lang.Override + public Builder newBuilderForType() { return newBuilder(); } + public static Builder newBuilder() { + return DEFAULT_INSTANCE.toBuilder(); + } + public static Builder newBuilder(io.grpc.s2a.handshaker.OffloadResumptionKeyOperationResp prototype) { + return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype); + } + @java.lang.Override + public Builder toBuilder() { + return this == DEFAULT_INSTANCE + ? new Builder() : new Builder().mergeFrom(this); + } + + @java.lang.Override + protected Builder newBuilderForType( + com.google.protobuf.GeneratedMessageV3.BuilderParent parent) { + Builder builder = new Builder(parent); + return builder; + } + /** + * Protobuf type {@code grpc.gcp.OffloadResumptionKeyOperationResp} + */ + public static final class Builder extends + com.google.protobuf.GeneratedMessageV3.Builder implements + // @@protoc_insertion_point(builder_implements:grpc.gcp.OffloadResumptionKeyOperationResp) + io.grpc.s2a.handshaker.OffloadResumptionKeyOperationRespOrBuilder { + public static final com.google.protobuf.Descriptors.Descriptor + getDescriptor() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_OffloadResumptionKeyOperationResp_descriptor; + } + + @java.lang.Override + protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable + internalGetFieldAccessorTable() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_OffloadResumptionKeyOperationResp_fieldAccessorTable + .ensureFieldAccessorsInitialized( + io.grpc.s2a.handshaker.OffloadResumptionKeyOperationResp.class, io.grpc.s2a.handshaker.OffloadResumptionKeyOperationResp.Builder.class); + } + + // Construct using io.grpc.s2a.handshaker.OffloadResumptionKeyOperationResp.newBuilder() + private Builder() { + + } + + private Builder( + com.google.protobuf.GeneratedMessageV3.BuilderParent parent) { + super(parent); + + } + @java.lang.Override + public Builder clear() { + super.clear(); + bitField0_ = 0; + outBytes_ = com.google.protobuf.ByteString.EMPTY; + return this; + } + + @java.lang.Override + public com.google.protobuf.Descriptors.Descriptor + getDescriptorForType() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_OffloadResumptionKeyOperationResp_descriptor; + } + + @java.lang.Override + public io.grpc.s2a.handshaker.OffloadResumptionKeyOperationResp getDefaultInstanceForType() { + return io.grpc.s2a.handshaker.OffloadResumptionKeyOperationResp.getDefaultInstance(); + } + + @java.lang.Override + public io.grpc.s2a.handshaker.OffloadResumptionKeyOperationResp build() { + io.grpc.s2a.handshaker.OffloadResumptionKeyOperationResp result = buildPartial(); + if (!result.isInitialized()) { + throw newUninitializedMessageException(result); + } + return result; + } + + @java.lang.Override + public io.grpc.s2a.handshaker.OffloadResumptionKeyOperationResp buildPartial() { + io.grpc.s2a.handshaker.OffloadResumptionKeyOperationResp result = new io.grpc.s2a.handshaker.OffloadResumptionKeyOperationResp(this); + if (bitField0_ != 0) { buildPartial0(result); } + onBuilt(); + return result; + } + + private void buildPartial0(io.grpc.s2a.handshaker.OffloadResumptionKeyOperationResp result) { + int from_bitField0_ = bitField0_; + if (((from_bitField0_ & 0x00000001) != 0)) { + result.outBytes_ = outBytes_; + } + } + + @java.lang.Override + public Builder clone() { + return super.clone(); + } + @java.lang.Override + public Builder setField( + com.google.protobuf.Descriptors.FieldDescriptor field, + java.lang.Object value) { + return super.setField(field, value); + } + @java.lang.Override + public Builder clearField( + com.google.protobuf.Descriptors.FieldDescriptor field) { + return super.clearField(field); + } + @java.lang.Override + public Builder clearOneof( + com.google.protobuf.Descriptors.OneofDescriptor oneof) { + return super.clearOneof(oneof); + } + @java.lang.Override + public Builder setRepeatedField( + com.google.protobuf.Descriptors.FieldDescriptor field, + int index, java.lang.Object value) { + return super.setRepeatedField(field, index, value); + } + @java.lang.Override + public Builder addRepeatedField( + com.google.protobuf.Descriptors.FieldDescriptor field, + java.lang.Object value) { + return super.addRepeatedField(field, value); + } + @java.lang.Override + public Builder mergeFrom(com.google.protobuf.Message other) { + if (other instanceof io.grpc.s2a.handshaker.OffloadResumptionKeyOperationResp) { + return mergeFrom((io.grpc.s2a.handshaker.OffloadResumptionKeyOperationResp)other); + } else { + super.mergeFrom(other); + return this; + } + } + + public Builder mergeFrom(io.grpc.s2a.handshaker.OffloadResumptionKeyOperationResp other) { + if (other == io.grpc.s2a.handshaker.OffloadResumptionKeyOperationResp.getDefaultInstance()) return this; + if (other.getOutBytes() != com.google.protobuf.ByteString.EMPTY) { + setOutBytes(other.getOutBytes()); + } + this.mergeUnknownFields(other.getUnknownFields()); + onChanged(); + return this; + } + + @java.lang.Override + public final boolean isInitialized() { + return true; + } + + @java.lang.Override + public Builder mergeFrom( + com.google.protobuf.CodedInputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + if (extensionRegistry == null) { + throw new java.lang.NullPointerException(); + } + try { + boolean done = false; + while (!done) { + int tag = input.readTag(); + switch (tag) { + case 0: + done = true; + break; + case 10: { + outBytes_ = input.readBytes(); + bitField0_ |= 0x00000001; + break; + } // case 10 + default: { + if (!super.parseUnknownField(input, extensionRegistry, tag)) { + done = true; // was an endgroup tag + } + break; + } // default: + } // switch (tag) + } // while (!done) + } catch (com.google.protobuf.InvalidProtocolBufferException e) { + throw e.unwrapIOException(); + } finally { + onChanged(); + } // finally + return this; + } + private int bitField0_; + + private com.google.protobuf.ByteString outBytes_ = com.google.protobuf.ByteString.EMPTY; + /** + * 
+     * The encrypted or decrypted bytes.
+     *
+ * + * bytes out_bytes = 1; + * @return The outBytes. + */ + @java.lang.Override + public com.google.protobuf.ByteString getOutBytes() { + return outBytes_; + } + /** + * 
+     * The encrypted or decrypted bytes.
+     *
+ * + * bytes out_bytes = 1; + * @param value The outBytes to set. + * @return This builder for chaining. + */ + public Builder setOutBytes(com.google.protobuf.ByteString value) { + if (value == null) { throw new NullPointerException(); } + outBytes_ = value; + bitField0_ |= 0x00000001; + onChanged(); + return this; + } + /** + * 
+     * The encrypted or decrypted bytes.
+     *
+ * + * bytes out_bytes = 1; + * @return This builder for chaining. + */ + public Builder clearOutBytes() { + bitField0_ = (bitField0_ & ~0x00000001); + outBytes_ = getDefaultInstance().getOutBytes(); + onChanged(); + return this; + } + @java.lang.Override + public final Builder setUnknownFields( + final com.google.protobuf.UnknownFieldSet unknownFields) { + return super.setUnknownFields(unknownFields); + } + + @java.lang.Override + public final Builder mergeUnknownFields( + final com.google.protobuf.UnknownFieldSet unknownFields) { + return super.mergeUnknownFields(unknownFields); + } + + + // @@protoc_insertion_point(builder_scope:grpc.gcp.OffloadResumptionKeyOperationResp) + } + + // @@protoc_insertion_point(class_scope:grpc.gcp.OffloadResumptionKeyOperationResp) + private static final io.grpc.s2a.handshaker.OffloadResumptionKeyOperationResp DEFAULT_INSTANCE; + static { + DEFAULT_INSTANCE = new io.grpc.s2a.handshaker.OffloadResumptionKeyOperationResp(); + } + + public static io.grpc.s2a.handshaker.OffloadResumptionKeyOperationResp getDefaultInstance() { + return DEFAULT_INSTANCE; + } + + private static final com.google.protobuf.Parser + PARSER = new com.google.protobuf.AbstractParser() { + @java.lang.Override + public OffloadResumptionKeyOperationResp parsePartialFrom( + com.google.protobuf.CodedInputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + Builder builder = newBuilder(); + try { + builder.mergeFrom(input, extensionRegistry); + } catch (com.google.protobuf.InvalidProtocolBufferException e) { + throw e.setUnfinishedMessage(builder.buildPartial()); + } catch (com.google.protobuf.UninitializedMessageException e) { + throw e.asInvalidProtocolBufferException().setUnfinishedMessage(builder.buildPartial()); + } catch (java.io.IOException e) { + throw new com.google.protobuf.InvalidProtocolBufferException(e) + .setUnfinishedMessage(builder.buildPartial()); + } + return builder.buildPartial(); + } + }; + + public static com.google.protobuf.Parser parser() { + return PARSER; + } + + @java.lang.Override + public com.google.protobuf.Parser getParserForType() { + return PARSER; + } + + @java.lang.Override + public io.grpc.s2a.handshaker.OffloadResumptionKeyOperationResp getDefaultInstanceForType() { + return DEFAULT_INSTANCE; + } + +} + diff --git a/s2a/src/generated/main/java/io/grpc/s2a/handshaker/OffloadResumptionKeyOperationRespOrBuilder.java b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/OffloadResumptionKeyOperationRespOrBuilder.java new file mode 100644 index 000000000000..a6e35fabf32e --- /dev/null +++ b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/OffloadResumptionKeyOperationRespOrBuilder.java @@ -0,0 +1,20 @@ +// Generated by the protocol buffer compiler. DO NOT EDIT! +// source: s2a.proto + +// Protobuf Java Version: 3.25.1 +package io.grpc.s2a.handshaker; + +public interface OffloadResumptionKeyOperationRespOrBuilder extends + // @@protoc_insertion_point(interface_extends:grpc.gcp.OffloadResumptionKeyOperationResp) + com.google.protobuf.MessageOrBuilder { + + /** + * 
+   * The encrypted or decrypted bytes.
+   *
+ * + * bytes out_bytes = 1; + * @return The outBytes. + */ + com.google.protobuf.ByteString getOutBytes(); +} diff --git a/s2a/src/generated/main/java/io/grpc/s2a/handshaker/S2AContext.java b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/S2AContext.java new file mode 100644 index 000000000000..fa8fe744d171 --- /dev/null +++ b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/S2AContext.java @@ -0,0 +1,1792 @@ +// Generated by the protocol buffer compiler. DO NOT EDIT! +// source: s2a_context.proto + +// Protobuf Java Version: 3.25.1 +package io.grpc.s2a.handshaker; + +/** + * Protobuf type {@code grpc.gcp.S2AContext} + */ +public final class S2AContext extends + com.google.protobuf.GeneratedMessageV3 implements + // @@protoc_insertion_point(message_implements:grpc.gcp.S2AContext) + S2AContextOrBuilder { +private static final long serialVersionUID = 0L; + // Use S2AContext.newBuilder() to construct. + private S2AContext(com.google.protobuf.GeneratedMessageV3.Builder builder) { + super(builder); + } + private S2AContext() { + leafCertSpiffeId_ = ""; + leafCertUris_ = + com.google.protobuf.LazyStringArrayList.emptyList(); + leafCertDnsnames_ = + com.google.protobuf.LazyStringArrayList.emptyList(); + peerCertificateChainFingerprints_ = + com.google.protobuf.LazyStringArrayList.emptyList(); + localLeafCertFingerprint_ = com.google.protobuf.ByteString.EMPTY; + } + + @java.lang.Override + @SuppressWarnings({"unused"}) + protected java.lang.Object newInstance( + UnusedPrivateParameter unused) { + return new S2AContext(); + } + + public static final com.google.protobuf.Descriptors.Descriptor + getDescriptor() { + return io.grpc.s2a.handshaker.S2AContextProto.internal_static_grpc_gcp_S2AContext_descriptor; + } + + @java.lang.Override + protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable + internalGetFieldAccessorTable() { + return io.grpc.s2a.handshaker.S2AContextProto.internal_static_grpc_gcp_S2AContext_fieldAccessorTable + .ensureFieldAccessorsInitialized( + io.grpc.s2a.handshaker.S2AContext.class, io.grpc.s2a.handshaker.S2AContext.Builder.class); + } + + private int bitField0_; + public static final int LEAF_CERT_SPIFFE_ID_FIELD_NUMBER = 1; + @SuppressWarnings("serial") + private volatile java.lang.Object leafCertSpiffeId_ = ""; + /** + * 
+   * The SPIFFE ID from the peer leaf certificate, if present.
+   *
+   * This field is only populated if the leaf certificate is a valid SPIFFE
+   * SVID; in particular, there is a unique URI SAN and this URI SAN is a valid
+   * SPIFFE ID.
+   *
+ * + * string leaf_cert_spiffe_id = 1; + * @return The leafCertSpiffeId. + */ + @java.lang.Override + public java.lang.String getLeafCertSpiffeId() { + java.lang.Object ref = leafCertSpiffeId_; + if (ref instanceof java.lang.String) { + return (java.lang.String) ref; + } else { + com.google.protobuf.ByteString bs = + (com.google.protobuf.ByteString) ref; + java.lang.String s = bs.toStringUtf8(); + leafCertSpiffeId_ = s; + return s; + } + } + /** + * 
+   * The SPIFFE ID from the peer leaf certificate, if present.
+   *
+   * This field is only populated if the leaf certificate is a valid SPIFFE
+   * SVID; in particular, there is a unique URI SAN and this URI SAN is a valid
+   * SPIFFE ID.
+   *
+ * + * string leaf_cert_spiffe_id = 1; + * @return The bytes for leafCertSpiffeId. + */ + @java.lang.Override + public com.google.protobuf.ByteString + getLeafCertSpiffeIdBytes() { + java.lang.Object ref = leafCertSpiffeId_; + if (ref instanceof java.lang.String) { + com.google.protobuf.ByteString b = + com.google.protobuf.ByteString.copyFromUtf8( + (java.lang.String) ref); + leafCertSpiffeId_ = b; + return b; + } else { + return (com.google.protobuf.ByteString) ref; + } + } + + public static final int LEAF_CERT_URIS_FIELD_NUMBER = 2; + @SuppressWarnings("serial") + private com.google.protobuf.LazyStringArrayList leafCertUris_ = + com.google.protobuf.LazyStringArrayList.emptyList(); + /** + * 
+   * The URIs that are present in the SubjectAltName extension of the peer leaf
+   * certificate.
+   *
+   * Note that the extracted URIs are not validated and may not be properly
+   * formatted.
+   *
+ * + * repeated string leaf_cert_uris = 2; + * @return A list containing the leafCertUris. + */ + public com.google.protobuf.ProtocolStringList + getLeafCertUrisList() { + return leafCertUris_; + } + /** + * 
+   * The URIs that are present in the SubjectAltName extension of the peer leaf
+   * certificate.
+   *
+   * Note that the extracted URIs are not validated and may not be properly
+   * formatted.
+   *
+ * + * repeated string leaf_cert_uris = 2; + * @return The count of leafCertUris. + */ + public int getLeafCertUrisCount() { + return leafCertUris_.size(); + } + /** + * 
+   * The URIs that are present in the SubjectAltName extension of the peer leaf
+   * certificate.
+   *
+   * Note that the extracted URIs are not validated and may not be properly
+   * formatted.
+   *
+ * + * repeated string leaf_cert_uris = 2; + * @param index The index of the element to return. + * @return The leafCertUris at the given index. + */ + public java.lang.String getLeafCertUris(int index) { + return leafCertUris_.get(index); + } + /** + * 
+   * The URIs that are present in the SubjectAltName extension of the peer leaf
+   * certificate.
+   *
+   * Note that the extracted URIs are not validated and may not be properly
+   * formatted.
+   *
+ * + * repeated string leaf_cert_uris = 2; + * @param index The index of the value to return. + * @return The bytes of the leafCertUris at the given index. + */ + public com.google.protobuf.ByteString + getLeafCertUrisBytes(int index) { + return leafCertUris_.getByteString(index); + } + + public static final int LEAF_CERT_DNSNAMES_FIELD_NUMBER = 3; + @SuppressWarnings("serial") + private com.google.protobuf.LazyStringArrayList leafCertDnsnames_ = + com.google.protobuf.LazyStringArrayList.emptyList(); + /** + * 
+   * The DNSNames that are present in the SubjectAltName extension of the peer
+   * leaf certificate.
+   *
+ * + * repeated string leaf_cert_dnsnames = 3; + * @return A list containing the leafCertDnsnames. + */ + public com.google.protobuf.ProtocolStringList + getLeafCertDnsnamesList() { + return leafCertDnsnames_; + } + /** + * 
+   * The DNSNames that are present in the SubjectAltName extension of the peer
+   * leaf certificate.
+   *
+ * + * repeated string leaf_cert_dnsnames = 3; + * @return The count of leafCertDnsnames. + */ + public int getLeafCertDnsnamesCount() { + return leafCertDnsnames_.size(); + } + /** + * 
+   * The DNSNames that are present in the SubjectAltName extension of the peer
+   * leaf certificate.
+   *
+ * + * repeated string leaf_cert_dnsnames = 3; + * @param index The index of the element to return. + * @return The leafCertDnsnames at the given index. + */ + public java.lang.String getLeafCertDnsnames(int index) { + return leafCertDnsnames_.get(index); + } + /** + * 
+   * The DNSNames that are present in the SubjectAltName extension of the peer
+   * leaf certificate.
+   *
+ * + * repeated string leaf_cert_dnsnames = 3; + * @param index The index of the value to return. + * @return The bytes of the leafCertDnsnames at the given index. + */ + public com.google.protobuf.ByteString + getLeafCertDnsnamesBytes(int index) { + return leafCertDnsnames_.getByteString(index); + } + + public static final int PEER_CERTIFICATE_CHAIN_FINGERPRINTS_FIELD_NUMBER = 4; + @SuppressWarnings("serial") + private com.google.protobuf.LazyStringArrayList peerCertificateChainFingerprints_ = + com.google.protobuf.LazyStringArrayList.emptyList(); + /** + * 
+   * The (ordered) list of fingerprints in the certificate chain used to verify
+   * the given leaf certificate. The order MUST be from leaf certificate
+   * fingerprint to root certificate fingerprint.
+   *
+   * A fingerprint is the base-64 encoding of the SHA256 hash of the
+   * DER-encoding of a certificate. The list MAY be populated even if the peer
+   * certificate chain was NOT validated successfully.
+   *
+ * + * repeated string peer_certificate_chain_fingerprints = 4; + * @return A list containing the peerCertificateChainFingerprints. + */ + public com.google.protobuf.ProtocolStringList + getPeerCertificateChainFingerprintsList() { + return peerCertificateChainFingerprints_; + } + /** + * 
+   * The (ordered) list of fingerprints in the certificate chain used to verify
+   * the given leaf certificate. The order MUST be from leaf certificate
+   * fingerprint to root certificate fingerprint.
+   *
+   * A fingerprint is the base-64 encoding of the SHA256 hash of the
+   * DER-encoding of a certificate. The list MAY be populated even if the peer
+   * certificate chain was NOT validated successfully.
+   *
+ * + * repeated string peer_certificate_chain_fingerprints = 4; + * @return The count of peerCertificateChainFingerprints. + */ + public int getPeerCertificateChainFingerprintsCount() { + return peerCertificateChainFingerprints_.size(); + } + /** + * 
+   * The (ordered) list of fingerprints in the certificate chain used to verify
+   * the given leaf certificate. The order MUST be from leaf certificate
+   * fingerprint to root certificate fingerprint.
+   *
+   * A fingerprint is the base-64 encoding of the SHA256 hash of the
+   * DER-encoding of a certificate. The list MAY be populated even if the peer
+   * certificate chain was NOT validated successfully.
+   *
+ * + * repeated string peer_certificate_chain_fingerprints = 4; + * @param index The index of the element to return. + * @return The peerCertificateChainFingerprints at the given index. + */ + public java.lang.String getPeerCertificateChainFingerprints(int index) { + return peerCertificateChainFingerprints_.get(index); + } + /** + * 
+   * The (ordered) list of fingerprints in the certificate chain used to verify
+   * the given leaf certificate. The order MUST be from leaf certificate
+   * fingerprint to root certificate fingerprint.
+   *
+   * A fingerprint is the base-64 encoding of the SHA256 hash of the
+   * DER-encoding of a certificate. The list MAY be populated even if the peer
+   * certificate chain was NOT validated successfully.
+   *
+ * + * repeated string peer_certificate_chain_fingerprints = 4; + * @param index The index of the value to return. + * @return The bytes of the peerCertificateChainFingerprints at the given index. + */ + public com.google.protobuf.ByteString + getPeerCertificateChainFingerprintsBytes(int index) { + return peerCertificateChainFingerprints_.getByteString(index); + } + + public static final int LOCAL_IDENTITY_FIELD_NUMBER = 5; + private io.grpc.s2a.handshaker.Identity localIdentity_; + /** + * 
+   * The local identity used during session setup.
+   *
+ * + * .grpc.gcp.Identity local_identity = 5; + * @return Whether the localIdentity field is set. + */ + @java.lang.Override + public boolean hasLocalIdentity() { + return ((bitField0_ & 0x00000001) != 0); + } + /** + * 
+   * The local identity used during session setup.
+   *
+ * + * .grpc.gcp.Identity local_identity = 5; + * @return The localIdentity. + */ + @java.lang.Override + public io.grpc.s2a.handshaker.Identity getLocalIdentity() { + return localIdentity_ == null ? io.grpc.s2a.handshaker.Identity.getDefaultInstance() : localIdentity_; + } + /** + * 
+   * The local identity used during session setup.
+   *
+ * + * .grpc.gcp.Identity local_identity = 5; + */ + @java.lang.Override + public io.grpc.s2a.handshaker.IdentityOrBuilder getLocalIdentityOrBuilder() { + return localIdentity_ == null ? io.grpc.s2a.handshaker.Identity.getDefaultInstance() : localIdentity_; + } + + public static final int LOCAL_LEAF_CERT_FINGERPRINT_FIELD_NUMBER = 6; + private com.google.protobuf.ByteString localLeafCertFingerprint_ = com.google.protobuf.ByteString.EMPTY; + /** + * 
+   * The SHA256 hash of the DER-encoding of the local leaf certificate used in
+   * the handshake.
+   *
+ * + * bytes local_leaf_cert_fingerprint = 6; + * @return The localLeafCertFingerprint. + */ + @java.lang.Override + public com.google.protobuf.ByteString getLocalLeafCertFingerprint() { + return localLeafCertFingerprint_; + } + + private byte memoizedIsInitialized = -1; + @java.lang.Override + public final boolean isInitialized() { + byte isInitialized = memoizedIsInitialized; + if (isInitialized == 1) return true; + if (isInitialized == 0) return false; + + memoizedIsInitialized = 1; + return true; + } + + @java.lang.Override + public void writeTo(com.google.protobuf.CodedOutputStream output) + throws java.io.IOException { + if (!com.google.protobuf.GeneratedMessageV3.isStringEmpty(leafCertSpiffeId_)) { + com.google.protobuf.GeneratedMessageV3.writeString(output, 1, leafCertSpiffeId_); + } + for (int i = 0; i < leafCertUris_.size(); i++) { + com.google.protobuf.GeneratedMessageV3.writeString(output, 2, leafCertUris_.getRaw(i)); + } + for (int i = 0; i < leafCertDnsnames_.size(); i++) { + com.google.protobuf.GeneratedMessageV3.writeString(output, 3, leafCertDnsnames_.getRaw(i)); + } + for (int i = 0; i < peerCertificateChainFingerprints_.size(); i++) { + com.google.protobuf.GeneratedMessageV3.writeString(output, 4, peerCertificateChainFingerprints_.getRaw(i)); + } + if (((bitField0_ & 0x00000001) != 0)) { + output.writeMessage(5, getLocalIdentity()); + } + if (!localLeafCertFingerprint_.isEmpty()) { + output.writeBytes(6, localLeafCertFingerprint_); + } + getUnknownFields().writeTo(output); + } + + @java.lang.Override + public int getSerializedSize() { + int size = memoizedSize; + if (size != -1) return size; + + size = 0; + if (!com.google.protobuf.GeneratedMessageV3.isStringEmpty(leafCertSpiffeId_)) { + size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, leafCertSpiffeId_); + } + { + int dataSize = 0; + for (int i = 0; i < leafCertUris_.size(); i++) { + dataSize += computeStringSizeNoTag(leafCertUris_.getRaw(i)); + } + size += dataSize; + size += 1 * getLeafCertUrisList().size(); + } + { + int dataSize = 0; + for (int i = 0; i < leafCertDnsnames_.size(); i++) { + dataSize += computeStringSizeNoTag(leafCertDnsnames_.getRaw(i)); + } + size += dataSize; + size += 1 * getLeafCertDnsnamesList().size(); + } + { + int dataSize = 0; + for (int i = 0; i < peerCertificateChainFingerprints_.size(); i++) { + dataSize += computeStringSizeNoTag(peerCertificateChainFingerprints_.getRaw(i)); + } + size += dataSize; + size += 1 * getPeerCertificateChainFingerprintsList().size(); + } + if (((bitField0_ & 0x00000001) != 0)) { + size += com.google.protobuf.CodedOutputStream + .computeMessageSize(5, getLocalIdentity()); + } + if (!localLeafCertFingerprint_.isEmpty()) { + size += com.google.protobuf.CodedOutputStream + .computeBytesSize(6, localLeafCertFingerprint_); + } + size += getUnknownFields().getSerializedSize(); + memoizedSize = size; + return size; + } + + @java.lang.Override + public boolean equals(final java.lang.Object obj) { + if (obj == this) { + return true; + } + if (!(obj instanceof io.grpc.s2a.handshaker.S2AContext)) { + return super.equals(obj); + } + io.grpc.s2a.handshaker.S2AContext other = (io.grpc.s2a.handshaker.S2AContext) obj; + + if (!getLeafCertSpiffeId() + .equals(other.getLeafCertSpiffeId())) return false; + if (!getLeafCertUrisList() + .equals(other.getLeafCertUrisList())) return false; + if (!getLeafCertDnsnamesList() + .equals(other.getLeafCertDnsnamesList())) return false; + if (!getPeerCertificateChainFingerprintsList() + .equals(other.getPeerCertificateChainFingerprintsList())) return false; + if (hasLocalIdentity() != other.hasLocalIdentity()) return false; + if (hasLocalIdentity()) { + if (!getLocalIdentity() + .equals(other.getLocalIdentity())) return false; + } + if (!getLocalLeafCertFingerprint() + .equals(other.getLocalLeafCertFingerprint())) return false; + if (!getUnknownFields().equals(other.getUnknownFields())) return false; + return true; + } + + @java.lang.Override + public int hashCode() { + if (memoizedHashCode != 0) { + return memoizedHashCode; + } + int hash = 41; + hash = (19 * hash) + getDescriptor().hashCode(); + hash = (37 * hash) + LEAF_CERT_SPIFFE_ID_FIELD_NUMBER; + hash = (53 * hash) + getLeafCertSpiffeId().hashCode(); + if (getLeafCertUrisCount() > 0) { + hash = (37 * hash) + LEAF_CERT_URIS_FIELD_NUMBER; + hash = (53 * hash) + getLeafCertUrisList().hashCode(); + } + if (getLeafCertDnsnamesCount() > 0) { + hash = (37 * hash) + LEAF_CERT_DNSNAMES_FIELD_NUMBER; + hash = (53 * hash) + getLeafCertDnsnamesList().hashCode(); + } + if (getPeerCertificateChainFingerprintsCount() > 0) { + hash = (37 * hash) + PEER_CERTIFICATE_CHAIN_FINGERPRINTS_FIELD_NUMBER; + hash = (53 * hash) + getPeerCertificateChainFingerprintsList().hashCode(); + } + if (hasLocalIdentity()) { + hash = (37 * hash) + LOCAL_IDENTITY_FIELD_NUMBER; + hash = (53 * hash) + getLocalIdentity().hashCode(); + } + hash = (37 * hash) + LOCAL_LEAF_CERT_FINGERPRINT_FIELD_NUMBER; + hash = (53 * hash) + getLocalLeafCertFingerprint().hashCode(); + hash = (29 * hash) + getUnknownFields().hashCode(); + memoizedHashCode = hash; + return hash; + } + + public static io.grpc.s2a.handshaker.S2AContext parseFrom( + java.nio.ByteBuffer data) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data); + } + public static io.grpc.s2a.handshaker.S2AContext parseFrom( + java.nio.ByteBuffer data, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data, extensionRegistry); + } + public static io.grpc.s2a.handshaker.S2AContext parseFrom( + com.google.protobuf.ByteString data) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data); + } + public static io.grpc.s2a.handshaker.S2AContext parseFrom( + com.google.protobuf.ByteString data, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data, extensionRegistry); + } + public static io.grpc.s2a.handshaker.S2AContext parseFrom(byte[] data) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data); + } + public static io.grpc.s2a.handshaker.S2AContext parseFrom( + byte[] data, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data, extensionRegistry); + } + public static io.grpc.s2a.handshaker.S2AContext parseFrom(java.io.InputStream input) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input); + } + public static io.grpc.s2a.handshaker.S2AContext parseFrom( + java.io.InputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input, extensionRegistry); + } + + public static io.grpc.s2a.handshaker.S2AContext parseDelimitedFrom(java.io.InputStream input) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseDelimitedWithIOException(PARSER, input); + } + + public static io.grpc.s2a.handshaker.S2AContext parseDelimitedFrom( + java.io.InputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseDelimitedWithIOException(PARSER, input, extensionRegistry); + } + public static io.grpc.s2a.handshaker.S2AContext parseFrom( + com.google.protobuf.CodedInputStream input) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input); + } + public static io.grpc.s2a.handshaker.S2AContext parseFrom( + com.google.protobuf.CodedInputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input, extensionRegistry); + } + + @java.lang.Override + public Builder newBuilderForType() { return newBuilder(); } + public static Builder newBuilder() { + return DEFAULT_INSTANCE.toBuilder(); + } + public static Builder newBuilder(io.grpc.s2a.handshaker.S2AContext prototype) { + return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype); + } + @java.lang.Override + public Builder toBuilder() { + return this == DEFAULT_INSTANCE + ? new Builder() : new Builder().mergeFrom(this); + } + + @java.lang.Override + protected Builder newBuilderForType( + com.google.protobuf.GeneratedMessageV3.BuilderParent parent) { + Builder builder = new Builder(parent); + return builder; + } + /** + * Protobuf type {@code grpc.gcp.S2AContext} + */ + public static final class Builder extends + com.google.protobuf.GeneratedMessageV3.Builder implements + // @@protoc_insertion_point(builder_implements:grpc.gcp.S2AContext) + io.grpc.s2a.handshaker.S2AContextOrBuilder { + public static final com.google.protobuf.Descriptors.Descriptor + getDescriptor() { + return io.grpc.s2a.handshaker.S2AContextProto.internal_static_grpc_gcp_S2AContext_descriptor; + } + + @java.lang.Override + protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable + internalGetFieldAccessorTable() { + return io.grpc.s2a.handshaker.S2AContextProto.internal_static_grpc_gcp_S2AContext_fieldAccessorTable + .ensureFieldAccessorsInitialized( + io.grpc.s2a.handshaker.S2AContext.class, io.grpc.s2a.handshaker.S2AContext.Builder.class); + } + + // Construct using io.grpc.s2a.handshaker.S2AContext.newBuilder() + private Builder() { + maybeForceBuilderInitialization(); + } + + private Builder( + com.google.protobuf.GeneratedMessageV3.BuilderParent parent) { + super(parent); + maybeForceBuilderInitialization(); + } + private void maybeForceBuilderInitialization() { + if (com.google.protobuf.GeneratedMessageV3 + .alwaysUseFieldBuilders) { + getLocalIdentityFieldBuilder(); + } + } + @java.lang.Override + public Builder clear() { + super.clear(); + bitField0_ = 0; + leafCertSpiffeId_ = ""; + leafCertUris_ = + com.google.protobuf.LazyStringArrayList.emptyList(); + leafCertDnsnames_ = + com.google.protobuf.LazyStringArrayList.emptyList(); + peerCertificateChainFingerprints_ = + com.google.protobuf.LazyStringArrayList.emptyList(); + localIdentity_ = null; + if (localIdentityBuilder_ != null) { + localIdentityBuilder_.dispose(); + localIdentityBuilder_ = null; + } + localLeafCertFingerprint_ = com.google.protobuf.ByteString.EMPTY; + return this; + } + + @java.lang.Override + public com.google.protobuf.Descriptors.Descriptor + getDescriptorForType() { + return io.grpc.s2a.handshaker.S2AContextProto.internal_static_grpc_gcp_S2AContext_descriptor; + } + + @java.lang.Override + public io.grpc.s2a.handshaker.S2AContext getDefaultInstanceForType() { + return io.grpc.s2a.handshaker.S2AContext.getDefaultInstance(); + } + + @java.lang.Override + public io.grpc.s2a.handshaker.S2AContext build() { + io.grpc.s2a.handshaker.S2AContext result = buildPartial(); + if (!result.isInitialized()) { + throw newUninitializedMessageException(result); + } + return result; + } + + @java.lang.Override + public io.grpc.s2a.handshaker.S2AContext buildPartial() { + io.grpc.s2a.handshaker.S2AContext result = new io.grpc.s2a.handshaker.S2AContext(this); + if (bitField0_ != 0) { buildPartial0(result); } + onBuilt(); + return result; + } + + private void buildPartial0(io.grpc.s2a.handshaker.S2AContext result) { + int from_bitField0_ = bitField0_; + if (((from_bitField0_ & 0x00000001) != 0)) { + result.leafCertSpiffeId_ = leafCertSpiffeId_; + } + if (((from_bitField0_ & 0x00000002) != 0)) { + leafCertUris_.makeImmutable(); + result.leafCertUris_ = leafCertUris_; + } + if (((from_bitField0_ & 0x00000004) != 0)) { + leafCertDnsnames_.makeImmutable(); + result.leafCertDnsnames_ = leafCertDnsnames_; + } + if (((from_bitField0_ & 0x00000008) != 0)) { + peerCertificateChainFingerprints_.makeImmutable(); + result.peerCertificateChainFingerprints_ = peerCertificateChainFingerprints_; + } + int to_bitField0_ = 0; + if (((from_bitField0_ & 0x00000010) != 0)) { + result.localIdentity_ = localIdentityBuilder_ == null + ? localIdentity_ + : localIdentityBuilder_.build(); + to_bitField0_ |= 0x00000001; + } + if (((from_bitField0_ & 0x00000020) != 0)) { + result.localLeafCertFingerprint_ = localLeafCertFingerprint_; + } + result.bitField0_ |= to_bitField0_; + } + + @java.lang.Override + public Builder clone() { + return super.clone(); + } + @java.lang.Override + public Builder setField( + com.google.protobuf.Descriptors.FieldDescriptor field, + java.lang.Object value) { + return super.setField(field, value); + } + @java.lang.Override + public Builder clearField( + com.google.protobuf.Descriptors.FieldDescriptor field) { + return super.clearField(field); + } + @java.lang.Override + public Builder clearOneof( + com.google.protobuf.Descriptors.OneofDescriptor oneof) { + return super.clearOneof(oneof); + } + @java.lang.Override + public Builder setRepeatedField( + com.google.protobuf.Descriptors.FieldDescriptor field, + int index, java.lang.Object value) { + return super.setRepeatedField(field, index, value); + } + @java.lang.Override + public Builder addRepeatedField( + com.google.protobuf.Descriptors.FieldDescriptor field, + java.lang.Object value) { + return super.addRepeatedField(field, value); + } + @java.lang.Override + public Builder mergeFrom(com.google.protobuf.Message other) { + if (other instanceof io.grpc.s2a.handshaker.S2AContext) { + return mergeFrom((io.grpc.s2a.handshaker.S2AContext)other); + } else { + super.mergeFrom(other); + return this; + } + } + + public Builder mergeFrom(io.grpc.s2a.handshaker.S2AContext other) { + if (other == io.grpc.s2a.handshaker.S2AContext.getDefaultInstance()) return this; + if (!other.getLeafCertSpiffeId().isEmpty()) { + leafCertSpiffeId_ = other.leafCertSpiffeId_; + bitField0_ |= 0x00000001; + onChanged(); + } + if (!other.leafCertUris_.isEmpty()) { + if (leafCertUris_.isEmpty()) { + leafCertUris_ = other.leafCertUris_; + bitField0_ |= 0x00000002; + } else { + ensureLeafCertUrisIsMutable(); + leafCertUris_.addAll(other.leafCertUris_); + } + onChanged(); + } + if (!other.leafCertDnsnames_.isEmpty()) { + if (leafCertDnsnames_.isEmpty()) { + leafCertDnsnames_ = other.leafCertDnsnames_; + bitField0_ |= 0x00000004; + } else { + ensureLeafCertDnsnamesIsMutable(); + leafCertDnsnames_.addAll(other.leafCertDnsnames_); + } + onChanged(); + } + if (!other.peerCertificateChainFingerprints_.isEmpty()) { + if (peerCertificateChainFingerprints_.isEmpty()) { + peerCertificateChainFingerprints_ = other.peerCertificateChainFingerprints_; + bitField0_ |= 0x00000008; + } else { + ensurePeerCertificateChainFingerprintsIsMutable(); + peerCertificateChainFingerprints_.addAll(other.peerCertificateChainFingerprints_); + } + onChanged(); + } + if (other.hasLocalIdentity()) { + mergeLocalIdentity(other.getLocalIdentity()); + } + if (other.getLocalLeafCertFingerprint() != com.google.protobuf.ByteString.EMPTY) { + setLocalLeafCertFingerprint(other.getLocalLeafCertFingerprint()); + } + this.mergeUnknownFields(other.getUnknownFields()); + onChanged(); + return this; + } + + @java.lang.Override + public final boolean isInitialized() { + return true; + } + + @java.lang.Override + public Builder mergeFrom( + com.google.protobuf.CodedInputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + if (extensionRegistry == null) { + throw new java.lang.NullPointerException(); + } + try { + boolean done = false; + while (!done) { + int tag = input.readTag(); + switch (tag) { + case 0: + done = true; + break; + case 10: { + leafCertSpiffeId_ = input.readStringRequireUtf8(); + bitField0_ |= 0x00000001; + break; + } // case 10 + case 18: { + java.lang.String s = input.readStringRequireUtf8(); + ensureLeafCertUrisIsMutable(); + leafCertUris_.add(s); + break; + } // case 18 + case 26: { + java.lang.String s = input.readStringRequireUtf8(); + ensureLeafCertDnsnamesIsMutable(); + leafCertDnsnames_.add(s); + break; + } // case 26 + case 34: { + java.lang.String s = input.readStringRequireUtf8(); + ensurePeerCertificateChainFingerprintsIsMutable(); + peerCertificateChainFingerprints_.add(s); + break; + } // case 34 + case 42: { + input.readMessage( + getLocalIdentityFieldBuilder().getBuilder(), + extensionRegistry); + bitField0_ |= 0x00000010; + break; + } // case 42 + case 50: { + localLeafCertFingerprint_ = input.readBytes(); + bitField0_ |= 0x00000020; + break; + } // case 50 + default: { + if (!super.parseUnknownField(input, extensionRegistry, tag)) { + done = true; // was an endgroup tag + } + break; + } // default: + } // switch (tag) + } // while (!done) + } catch (com.google.protobuf.InvalidProtocolBufferException e) { + throw e.unwrapIOException(); + } finally { + onChanged(); + } // finally + return this; + } + private int bitField0_; + + private java.lang.Object leafCertSpiffeId_ = ""; + /** + * 
+     * The SPIFFE ID from the peer leaf certificate, if present.
+     *
+     * This field is only populated if the leaf certificate is a valid SPIFFE
+     * SVID; in particular, there is a unique URI SAN and this URI SAN is a valid
+     * SPIFFE ID.
+     *
+ * + * string leaf_cert_spiffe_id = 1; + * @return The leafCertSpiffeId. + */ + public java.lang.String getLeafCertSpiffeId() { + java.lang.Object ref = leafCertSpiffeId_; + if (!(ref instanceof java.lang.String)) { + com.google.protobuf.ByteString bs = + (com.google.protobuf.ByteString) ref; + java.lang.String s = bs.toStringUtf8(); + leafCertSpiffeId_ = s; + return s; + } else { + return (java.lang.String) ref; + } + } + /** + * 
+     * The SPIFFE ID from the peer leaf certificate, if present.
+     *
+     * This field is only populated if the leaf certificate is a valid SPIFFE
+     * SVID; in particular, there is a unique URI SAN and this URI SAN is a valid
+     * SPIFFE ID.
+     *
+ * + * string leaf_cert_spiffe_id = 1; + * @return The bytes for leafCertSpiffeId. + */ + public com.google.protobuf.ByteString + getLeafCertSpiffeIdBytes() { + java.lang.Object ref = leafCertSpiffeId_; + if (ref instanceof String) { + com.google.protobuf.ByteString b = + com.google.protobuf.ByteString.copyFromUtf8( + (java.lang.String) ref); + leafCertSpiffeId_ = b; + return b; + } else { + return (com.google.protobuf.ByteString) ref; + } + } + /** + * 
+     * The SPIFFE ID from the peer leaf certificate, if present.
+     *
+     * This field is only populated if the leaf certificate is a valid SPIFFE
+     * SVID; in particular, there is a unique URI SAN and this URI SAN is a valid
+     * SPIFFE ID.
+     *
+ * + * string leaf_cert_spiffe_id = 1; + * @param value The leafCertSpiffeId to set. + * @return This builder for chaining. + */ + public Builder setLeafCertSpiffeId( + java.lang.String value) { + if (value == null) { throw new NullPointerException(); } + leafCertSpiffeId_ = value; + bitField0_ |= 0x00000001; + onChanged(); + return this; + } + /** + * 
+     * The SPIFFE ID from the peer leaf certificate, if present.
+     *
+     * This field is only populated if the leaf certificate is a valid SPIFFE
+     * SVID; in particular, there is a unique URI SAN and this URI SAN is a valid
+     * SPIFFE ID.
+     *
+ * + * string leaf_cert_spiffe_id = 1; + * @return This builder for chaining. + */ + public Builder clearLeafCertSpiffeId() { + leafCertSpiffeId_ = getDefaultInstance().getLeafCertSpiffeId(); + bitField0_ = (bitField0_ & ~0x00000001); + onChanged(); + return this; + } + /** + * 
+     * The SPIFFE ID from the peer leaf certificate, if present.
+     *
+     * This field is only populated if the leaf certificate is a valid SPIFFE
+     * SVID; in particular, there is a unique URI SAN and this URI SAN is a valid
+     * SPIFFE ID.
+     *
+ * + * string leaf_cert_spiffe_id = 1; + * @param value The bytes for leafCertSpiffeId to set. + * @return This builder for chaining. + */ + public Builder setLeafCertSpiffeIdBytes( + com.google.protobuf.ByteString value) { + if (value == null) { throw new NullPointerException(); } + checkByteStringIsUtf8(value); + leafCertSpiffeId_ = value; + bitField0_ |= 0x00000001; + onChanged(); + return this; + } + + private com.google.protobuf.LazyStringArrayList leafCertUris_ = + com.google.protobuf.LazyStringArrayList.emptyList(); + private void ensureLeafCertUrisIsMutable() { + if (!leafCertUris_.isModifiable()) { + leafCertUris_ = new com.google.protobuf.LazyStringArrayList(leafCertUris_); + } + bitField0_ |= 0x00000002; + } + /** + * 
+     * The URIs that are present in the SubjectAltName extension of the peer leaf
+     * certificate.
+     *
+     * Note that the extracted URIs are not validated and may not be properly
+     * formatted.
+     *
+ * + * repeated string leaf_cert_uris = 2; + * @return A list containing the leafCertUris. + */ + public com.google.protobuf.ProtocolStringList + getLeafCertUrisList() { + leafCertUris_.makeImmutable(); + return leafCertUris_; + } + /** + * 
+     * The URIs that are present in the SubjectAltName extension of the peer leaf
+     * certificate.
+     *
+     * Note that the extracted URIs are not validated and may not be properly
+     * formatted.
+     *
+ * + * repeated string leaf_cert_uris = 2; + * @return The count of leafCertUris. + */ + public int getLeafCertUrisCount() { + return leafCertUris_.size(); + } + /** + * 
+     * The URIs that are present in the SubjectAltName extension of the peer leaf
+     * certificate.
+     *
+     * Note that the extracted URIs are not validated and may not be properly
+     * formatted.
+     *
+ * + * repeated string leaf_cert_uris = 2; + * @param index The index of the element to return. + * @return The leafCertUris at the given index. + */ + public java.lang.String getLeafCertUris(int index) { + return leafCertUris_.get(index); + } + /** + * 
+     * The URIs that are present in the SubjectAltName extension of the peer leaf
+     * certificate.
+     *
+     * Note that the extracted URIs are not validated and may not be properly
+     * formatted.
+     *
+ * + * repeated string leaf_cert_uris = 2; + * @param index The index of the value to return. + * @return The bytes of the leafCertUris at the given index. + */ + public com.google.protobuf.ByteString + getLeafCertUrisBytes(int index) { + return leafCertUris_.getByteString(index); + } + /** + * 
+     * The URIs that are present in the SubjectAltName extension of the peer leaf
+     * certificate.
+     *
+     * Note that the extracted URIs are not validated and may not be properly
+     * formatted.
+     *
+ * + * repeated string leaf_cert_uris = 2; + * @param index The index to set the value at. + * @param value The leafCertUris to set. + * @return This builder for chaining. + */ + public Builder setLeafCertUris( + int index, java.lang.String value) { + if (value == null) { throw new NullPointerException(); } + ensureLeafCertUrisIsMutable(); + leafCertUris_.set(index, value); + bitField0_ |= 0x00000002; + onChanged(); + return this; + } + /** + * 
+     * The URIs that are present in the SubjectAltName extension of the peer leaf
+     * certificate.
+     *
+     * Note that the extracted URIs are not validated and may not be properly
+     * formatted.
+     *
+ * + * repeated string leaf_cert_uris = 2; + * @param value The leafCertUris to add. + * @return This builder for chaining. + */ + public Builder addLeafCertUris( + java.lang.String value) { + if (value == null) { throw new NullPointerException(); } + ensureLeafCertUrisIsMutable(); + leafCertUris_.add(value); + bitField0_ |= 0x00000002; + onChanged(); + return this; + } + /** + * 
+     * The URIs that are present in the SubjectAltName extension of the peer leaf
+     * certificate.
+     *
+     * Note that the extracted URIs are not validated and may not be properly
+     * formatted.
+     *
+ * + * repeated string leaf_cert_uris = 2; + * @param values The leafCertUris to add. + * @return This builder for chaining. + */ + public Builder addAllLeafCertUris( + java.lang.Iterable values) { + ensureLeafCertUrisIsMutable(); + com.google.protobuf.AbstractMessageLite.Builder.addAll( + values, leafCertUris_); + bitField0_ |= 0x00000002; + onChanged(); + return this; + } + /** + * 
+     * The URIs that are present in the SubjectAltName extension of the peer leaf
+     * certificate.
+     *
+     * Note that the extracted URIs are not validated and may not be properly
+     * formatted.
+     *
+ * + * repeated string leaf_cert_uris = 2; + * @return This builder for chaining. + */ + public Builder clearLeafCertUris() { + leafCertUris_ = + com.google.protobuf.LazyStringArrayList.emptyList(); + bitField0_ = (bitField0_ & ~0x00000002);; + onChanged(); + return this; + } + /** + * 
+     * The URIs that are present in the SubjectAltName extension of the peer leaf
+     * certificate.
+     *
+     * Note that the extracted URIs are not validated and may not be properly
+     * formatted.
+     *
+ * + * repeated string leaf_cert_uris = 2; + * @param value The bytes of the leafCertUris to add. + * @return This builder for chaining. + */ + public Builder addLeafCertUrisBytes( + com.google.protobuf.ByteString value) { + if (value == null) { throw new NullPointerException(); } + checkByteStringIsUtf8(value); + ensureLeafCertUrisIsMutable(); + leafCertUris_.add(value); + bitField0_ |= 0x00000002; + onChanged(); + return this; + } + + private com.google.protobuf.LazyStringArrayList leafCertDnsnames_ = + com.google.protobuf.LazyStringArrayList.emptyList(); + private void ensureLeafCertDnsnamesIsMutable() { + if (!leafCertDnsnames_.isModifiable()) { + leafCertDnsnames_ = new com.google.protobuf.LazyStringArrayList(leafCertDnsnames_); + } + bitField0_ |= 0x00000004; + } + /** + * 
+     * The DNSNames that are present in the SubjectAltName extension of the peer
+     * leaf certificate.
+     *
+ * + * repeated string leaf_cert_dnsnames = 3; + * @return A list containing the leafCertDnsnames. + */ + public com.google.protobuf.ProtocolStringList + getLeafCertDnsnamesList() { + leafCertDnsnames_.makeImmutable(); + return leafCertDnsnames_; + } + /** + * 
+     * The DNSNames that are present in the SubjectAltName extension of the peer
+     * leaf certificate.
+     *
+ * + * repeated string leaf_cert_dnsnames = 3; + * @return The count of leafCertDnsnames. + */ + public int getLeafCertDnsnamesCount() { + return leafCertDnsnames_.size(); + } + /** + * 
+     * The DNSNames that are present in the SubjectAltName extension of the peer
+     * leaf certificate.
+     *
+ * + * repeated string leaf_cert_dnsnames = 3; + * @param index The index of the element to return. + * @return The leafCertDnsnames at the given index. + */ + public java.lang.String getLeafCertDnsnames(int index) { + return leafCertDnsnames_.get(index); + } + /** + * 
+     * The DNSNames that are present in the SubjectAltName extension of the peer
+     * leaf certificate.
+     *
+ * + * repeated string leaf_cert_dnsnames = 3; + * @param index The index of the value to return. + * @return The bytes of the leafCertDnsnames at the given index. + */ + public com.google.protobuf.ByteString + getLeafCertDnsnamesBytes(int index) { + return leafCertDnsnames_.getByteString(index); + } + /** + * 
+     * The DNSNames that are present in the SubjectAltName extension of the peer
+     * leaf certificate.
+     *
+ * + * repeated string leaf_cert_dnsnames = 3; + * @param index The index to set the value at. + * @param value The leafCertDnsnames to set. + * @return This builder for chaining. + */ + public Builder setLeafCertDnsnames( + int index, java.lang.String value) { + if (value == null) { throw new NullPointerException(); } + ensureLeafCertDnsnamesIsMutable(); + leafCertDnsnames_.set(index, value); + bitField0_ |= 0x00000004; + onChanged(); + return this; + } + /** + * 
+     * The DNSNames that are present in the SubjectAltName extension of the peer
+     * leaf certificate.
+     *
+ * + * repeated string leaf_cert_dnsnames = 3; + * @param value The leafCertDnsnames to add. + * @return This builder for chaining. + */ + public Builder addLeafCertDnsnames( + java.lang.String value) { + if (value == null) { throw new NullPointerException(); } + ensureLeafCertDnsnamesIsMutable(); + leafCertDnsnames_.add(value); + bitField0_ |= 0x00000004; + onChanged(); + return this; + } + /** + * 
+     * The DNSNames that are present in the SubjectAltName extension of the peer
+     * leaf certificate.
+     *
+ * + * repeated string leaf_cert_dnsnames = 3; + * @param values The leafCertDnsnames to add. + * @return This builder for chaining. + */ + public Builder addAllLeafCertDnsnames( + java.lang.Iterable values) { + ensureLeafCertDnsnamesIsMutable(); + com.google.protobuf.AbstractMessageLite.Builder.addAll( + values, leafCertDnsnames_); + bitField0_ |= 0x00000004; + onChanged(); + return this; + } + /** + * 
+     * The DNSNames that are present in the SubjectAltName extension of the peer
+     * leaf certificate.
+     *
+ * + * repeated string leaf_cert_dnsnames = 3; + * @return This builder for chaining. + */ + public Builder clearLeafCertDnsnames() { + leafCertDnsnames_ = + com.google.protobuf.LazyStringArrayList.emptyList(); + bitField0_ = (bitField0_ & ~0x00000004);; + onChanged(); + return this; + } + /** + * 
+     * The DNSNames that are present in the SubjectAltName extension of the peer
+     * leaf certificate.
+     *
+ * + * repeated string leaf_cert_dnsnames = 3; + * @param value The bytes of the leafCertDnsnames to add. + * @return This builder for chaining. + */ + public Builder addLeafCertDnsnamesBytes( + com.google.protobuf.ByteString value) { + if (value == null) { throw new NullPointerException(); } + checkByteStringIsUtf8(value); + ensureLeafCertDnsnamesIsMutable(); + leafCertDnsnames_.add(value); + bitField0_ |= 0x00000004; + onChanged(); + return this; + } + + private com.google.protobuf.LazyStringArrayList peerCertificateChainFingerprints_ = + com.google.protobuf.LazyStringArrayList.emptyList(); + private void ensurePeerCertificateChainFingerprintsIsMutable() { + if (!peerCertificateChainFingerprints_.isModifiable()) { + peerCertificateChainFingerprints_ = new com.google.protobuf.LazyStringArrayList(peerCertificateChainFingerprints_); + } + bitField0_ |= 0x00000008; + } + /** + * 
+     * The (ordered) list of fingerprints in the certificate chain used to verify
+     * the given leaf certificate. The order MUST be from leaf certificate
+     * fingerprint to root certificate fingerprint.
+     *
+     * A fingerprint is the base-64 encoding of the SHA256 hash of the
+     * DER-encoding of a certificate. The list MAY be populated even if the peer
+     * certificate chain was NOT validated successfully.
+     *
+ * + * repeated string peer_certificate_chain_fingerprints = 4; + * @return A list containing the peerCertificateChainFingerprints. + */ + public com.google.protobuf.ProtocolStringList + getPeerCertificateChainFingerprintsList() { + peerCertificateChainFingerprints_.makeImmutable(); + return peerCertificateChainFingerprints_; + } + /** + * 
+     * The (ordered) list of fingerprints in the certificate chain used to verify
+     * the given leaf certificate. The order MUST be from leaf certificate
+     * fingerprint to root certificate fingerprint.
+     *
+     * A fingerprint is the base-64 encoding of the SHA256 hash of the
+     * DER-encoding of a certificate. The list MAY be populated even if the peer
+     * certificate chain was NOT validated successfully.
+     *
+ * + * repeated string peer_certificate_chain_fingerprints = 4; + * @return The count of peerCertificateChainFingerprints. + */ + public int getPeerCertificateChainFingerprintsCount() { + return peerCertificateChainFingerprints_.size(); + } + /** + * 
+     * The (ordered) list of fingerprints in the certificate chain used to verify
+     * the given leaf certificate. The order MUST be from leaf certificate
+     * fingerprint to root certificate fingerprint.
+     *
+     * A fingerprint is the base-64 encoding of the SHA256 hash of the
+     * DER-encoding of a certificate. The list MAY be populated even if the peer
+     * certificate chain was NOT validated successfully.
+     *
+ * + * repeated string peer_certificate_chain_fingerprints = 4; + * @param index The index of the element to return. + * @return The peerCertificateChainFingerprints at the given index. + */ + public java.lang.String getPeerCertificateChainFingerprints(int index) { + return peerCertificateChainFingerprints_.get(index); + } + /** + * 
+     * The (ordered) list of fingerprints in the certificate chain used to verify
+     * the given leaf certificate. The order MUST be from leaf certificate
+     * fingerprint to root certificate fingerprint.
+     *
+     * A fingerprint is the base-64 encoding of the SHA256 hash of the
+     * DER-encoding of a certificate. The list MAY be populated even if the peer
+     * certificate chain was NOT validated successfully.
+     *
+ * + * repeated string peer_certificate_chain_fingerprints = 4; + * @param index The index of the value to return. + * @return The bytes of the peerCertificateChainFingerprints at the given index. + */ + public com.google.protobuf.ByteString + getPeerCertificateChainFingerprintsBytes(int index) { + return peerCertificateChainFingerprints_.getByteString(index); + } + /** + * 
+     * The (ordered) list of fingerprints in the certificate chain used to verify
+     * the given leaf certificate. The order MUST be from leaf certificate
+     * fingerprint to root certificate fingerprint.
+     *
+     * A fingerprint is the base-64 encoding of the SHA256 hash of the
+     * DER-encoding of a certificate. The list MAY be populated even if the peer
+     * certificate chain was NOT validated successfully.
+     *
+ * + * repeated string peer_certificate_chain_fingerprints = 4; + * @param index The index to set the value at. + * @param value The peerCertificateChainFingerprints to set. + * @return This builder for chaining. + */ + public Builder setPeerCertificateChainFingerprints( + int index, java.lang.String value) { + if (value == null) { throw new NullPointerException(); } + ensurePeerCertificateChainFingerprintsIsMutable(); + peerCertificateChainFingerprints_.set(index, value); + bitField0_ |= 0x00000008; + onChanged(); + return this; + } + /** + * 
+     * The (ordered) list of fingerprints in the certificate chain used to verify
+     * the given leaf certificate. The order MUST be from leaf certificate
+     * fingerprint to root certificate fingerprint.
+     *
+     * A fingerprint is the base-64 encoding of the SHA256 hash of the
+     * DER-encoding of a certificate. The list MAY be populated even if the peer
+     * certificate chain was NOT validated successfully.
+     *
+ * + * repeated string peer_certificate_chain_fingerprints = 4; + * @param value The peerCertificateChainFingerprints to add. + * @return This builder for chaining. + */ + public Builder addPeerCertificateChainFingerprints( + java.lang.String value) { + if (value == null) { throw new NullPointerException(); } + ensurePeerCertificateChainFingerprintsIsMutable(); + peerCertificateChainFingerprints_.add(value); + bitField0_ |= 0x00000008; + onChanged(); + return this; + } + /** + * 
+     * The (ordered) list of fingerprints in the certificate chain used to verify
+     * the given leaf certificate. The order MUST be from leaf certificate
+     * fingerprint to root certificate fingerprint.
+     *
+     * A fingerprint is the base-64 encoding of the SHA256 hash of the
+     * DER-encoding of a certificate. The list MAY be populated even if the peer
+     * certificate chain was NOT validated successfully.
+     *
+ * + * repeated string peer_certificate_chain_fingerprints = 4; + * @param values The peerCertificateChainFingerprints to add. + * @return This builder for chaining. + */ + public Builder addAllPeerCertificateChainFingerprints( + java.lang.Iterable values) { + ensurePeerCertificateChainFingerprintsIsMutable(); + com.google.protobuf.AbstractMessageLite.Builder.addAll( + values, peerCertificateChainFingerprints_); + bitField0_ |= 0x00000008; + onChanged(); + return this; + } + /** + * 
+     * The (ordered) list of fingerprints in the certificate chain used to verify
+     * the given leaf certificate. The order MUST be from leaf certificate
+     * fingerprint to root certificate fingerprint.
+     *
+     * A fingerprint is the base-64 encoding of the SHA256 hash of the
+     * DER-encoding of a certificate. The list MAY be populated even if the peer
+     * certificate chain was NOT validated successfully.
+     *
+ * + * repeated string peer_certificate_chain_fingerprints = 4; + * @return This builder for chaining. + */ + public Builder clearPeerCertificateChainFingerprints() { + peerCertificateChainFingerprints_ = + com.google.protobuf.LazyStringArrayList.emptyList(); + bitField0_ = (bitField0_ & ~0x00000008);; + onChanged(); + return this; + } + /** + * 
+     * The (ordered) list of fingerprints in the certificate chain used to verify
+     * the given leaf certificate. The order MUST be from leaf certificate
+     * fingerprint to root certificate fingerprint.
+     *
+     * A fingerprint is the base-64 encoding of the SHA256 hash of the
+     * DER-encoding of a certificate. The list MAY be populated even if the peer
+     * certificate chain was NOT validated successfully.
+     *
+ * + * repeated string peer_certificate_chain_fingerprints = 4; + * @param value The bytes of the peerCertificateChainFingerprints to add. + * @return This builder for chaining. + */ + public Builder addPeerCertificateChainFingerprintsBytes( + com.google.protobuf.ByteString value) { + if (value == null) { throw new NullPointerException(); } + checkByteStringIsUtf8(value); + ensurePeerCertificateChainFingerprintsIsMutable(); + peerCertificateChainFingerprints_.add(value); + bitField0_ |= 0x00000008; + onChanged(); + return this; + } + + private io.grpc.s2a.handshaker.Identity localIdentity_; + private com.google.protobuf.SingleFieldBuilderV3< + io.grpc.s2a.handshaker.Identity, io.grpc.s2a.handshaker.Identity.Builder, io.grpc.s2a.handshaker.IdentityOrBuilder> localIdentityBuilder_; + /** + * 
+     * The local identity used during session setup.
+     *
+ * + * .grpc.gcp.Identity local_identity = 5; + * @return Whether the localIdentity field is set. + */ + public boolean hasLocalIdentity() { + return ((bitField0_ & 0x00000010) != 0); + } + /** + * 
+     * The local identity used during session setup.
+     *
+ * + * .grpc.gcp.Identity local_identity = 5; + * @return The localIdentity. + */ + public io.grpc.s2a.handshaker.Identity getLocalIdentity() { + if (localIdentityBuilder_ == null) { + return localIdentity_ == null ? io.grpc.s2a.handshaker.Identity.getDefaultInstance() : localIdentity_; + } else { + return localIdentityBuilder_.getMessage(); + } + } + /** + * 
+     * The local identity used during session setup.
+     *
+ * + * .grpc.gcp.Identity local_identity = 5; + */ + public Builder setLocalIdentity(io.grpc.s2a.handshaker.Identity value) { + if (localIdentityBuilder_ == null) { + if (value == null) { + throw new NullPointerException(); + } + localIdentity_ = value; + } else { + localIdentityBuilder_.setMessage(value); + } + bitField0_ |= 0x00000010; + onChanged(); + return this; + } + /** + * 
+     * The local identity used during session setup.
+     *
+ * + * .grpc.gcp.Identity local_identity = 5; + */ + public Builder setLocalIdentity( + io.grpc.s2a.handshaker.Identity.Builder builderForValue) { + if (localIdentityBuilder_ == null) { + localIdentity_ = builderForValue.build(); + } else { + localIdentityBuilder_.setMessage(builderForValue.build()); + } + bitField0_ |= 0x00000010; + onChanged(); + return this; + } + /** + * 
+     * The local identity used during session setup.
+     *
+ * + * .grpc.gcp.Identity local_identity = 5; + */ + public Builder mergeLocalIdentity(io.grpc.s2a.handshaker.Identity value) { + if (localIdentityBuilder_ == null) { + if (((bitField0_ & 0x00000010) != 0) && + localIdentity_ != null && + localIdentity_ != io.grpc.s2a.handshaker.Identity.getDefaultInstance()) { + getLocalIdentityBuilder().mergeFrom(value); + } else { + localIdentity_ = value; + } + } else { + localIdentityBuilder_.mergeFrom(value); + } + if (localIdentity_ != null) { + bitField0_ |= 0x00000010; + onChanged(); + } + return this; + } + /** + * 
+     * The local identity used during session setup.
+     *
+ * + * .grpc.gcp.Identity local_identity = 5; + */ + public Builder clearLocalIdentity() { + bitField0_ = (bitField0_ & ~0x00000010); + localIdentity_ = null; + if (localIdentityBuilder_ != null) { + localIdentityBuilder_.dispose(); + localIdentityBuilder_ = null; + } + onChanged(); + return this; + } + /** + * 
+     * The local identity used during session setup.
+     *
+ * + * .grpc.gcp.Identity local_identity = 5; + */ + public io.grpc.s2a.handshaker.Identity.Builder getLocalIdentityBuilder() { + bitField0_ |= 0x00000010; + onChanged(); + return getLocalIdentityFieldBuilder().getBuilder(); + } + /** + * 
+     * The local identity used during session setup.
+     *
+ * + * .grpc.gcp.Identity local_identity = 5; + */ + public io.grpc.s2a.handshaker.IdentityOrBuilder getLocalIdentityOrBuilder() { + if (localIdentityBuilder_ != null) { + return localIdentityBuilder_.getMessageOrBuilder(); + } else { + return localIdentity_ == null ? + io.grpc.s2a.handshaker.Identity.getDefaultInstance() : localIdentity_; + } + } + /** + * 
+     * The local identity used during session setup.
+     *
+ * + * .grpc.gcp.Identity local_identity = 5; + */ + private com.google.protobuf.SingleFieldBuilderV3< + io.grpc.s2a.handshaker.Identity, io.grpc.s2a.handshaker.Identity.Builder, io.grpc.s2a.handshaker.IdentityOrBuilder> + getLocalIdentityFieldBuilder() { + if (localIdentityBuilder_ == null) { + localIdentityBuilder_ = new com.google.protobuf.SingleFieldBuilderV3< + io.grpc.s2a.handshaker.Identity, io.grpc.s2a.handshaker.Identity.Builder, io.grpc.s2a.handshaker.IdentityOrBuilder>( + getLocalIdentity(), + getParentForChildren(), + isClean()); + localIdentity_ = null; + } + return localIdentityBuilder_; + } + + private com.google.protobuf.ByteString localLeafCertFingerprint_ = com.google.protobuf.ByteString.EMPTY; + /** + * 
+     * The SHA256 hash of the DER-encoding of the local leaf certificate used in
+     * the handshake.
+     *
+ * + * bytes local_leaf_cert_fingerprint = 6; + * @return The localLeafCertFingerprint. + */ + @java.lang.Override + public com.google.protobuf.ByteString getLocalLeafCertFingerprint() { + return localLeafCertFingerprint_; + } + /** + * 
+     * The SHA256 hash of the DER-encoding of the local leaf certificate used in
+     * the handshake.
+     *
+ * + * bytes local_leaf_cert_fingerprint = 6; + * @param value The localLeafCertFingerprint to set. + * @return This builder for chaining. + */ + public Builder setLocalLeafCertFingerprint(com.google.protobuf.ByteString value) { + if (value == null) { throw new NullPointerException(); } + localLeafCertFingerprint_ = value; + bitField0_ |= 0x00000020; + onChanged(); + return this; + } + /** + * 
+     * The SHA256 hash of the DER-encoding of the local leaf certificate used in
+     * the handshake.
+     *
+ * + * bytes local_leaf_cert_fingerprint = 6; + * @return This builder for chaining. + */ + public Builder clearLocalLeafCertFingerprint() { + bitField0_ = (bitField0_ & ~0x00000020); + localLeafCertFingerprint_ = getDefaultInstance().getLocalLeafCertFingerprint(); + onChanged(); + return this; + } + @java.lang.Override + public final Builder setUnknownFields( + final com.google.protobuf.UnknownFieldSet unknownFields) { + return super.setUnknownFields(unknownFields); + } + + @java.lang.Override + public final Builder mergeUnknownFields( + final com.google.protobuf.UnknownFieldSet unknownFields) { + return super.mergeUnknownFields(unknownFields); + } + + + // @@protoc_insertion_point(builder_scope:grpc.gcp.S2AContext) + } + + // @@protoc_insertion_point(class_scope:grpc.gcp.S2AContext) + private static final io.grpc.s2a.handshaker.S2AContext DEFAULT_INSTANCE; + static { + DEFAULT_INSTANCE = new io.grpc.s2a.handshaker.S2AContext(); + } + + public static io.grpc.s2a.handshaker.S2AContext getDefaultInstance() { + return DEFAULT_INSTANCE; + } + + private static final com.google.protobuf.Parser + PARSER = new com.google.protobuf.AbstractParser() { + @java.lang.Override + public S2AContext parsePartialFrom( + com.google.protobuf.CodedInputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + Builder builder = newBuilder(); + try { + builder.mergeFrom(input, extensionRegistry); + } catch (com.google.protobuf.InvalidProtocolBufferException e) { + throw e.setUnfinishedMessage(builder.buildPartial()); + } catch (com.google.protobuf.UninitializedMessageException e) { + throw e.asInvalidProtocolBufferException().setUnfinishedMessage(builder.buildPartial()); + } catch (java.io.IOException e) { + throw new com.google.protobuf.InvalidProtocolBufferException(e) + .setUnfinishedMessage(builder.buildPartial()); + } + return builder.buildPartial(); + } + }; + + public static com.google.protobuf.Parser parser() { + return PARSER; + } + + @java.lang.Override + public com.google.protobuf.Parser getParserForType() { + return PARSER; + } + + @java.lang.Override + public io.grpc.s2a.handshaker.S2AContext getDefaultInstanceForType() { + return DEFAULT_INSTANCE; + } + +} + diff --git a/s2a/src/generated/main/java/io/grpc/s2a/handshaker/S2AContextOrBuilder.java b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/S2AContextOrBuilder.java new file mode 100644 index 000000000000..9919a30cb0e6 --- /dev/null +++ b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/S2AContextOrBuilder.java @@ -0,0 +1,243 @@ +// Generated by the protocol buffer compiler. DO NOT EDIT! +// source: s2a_context.proto + +// Protobuf Java Version: 3.25.1 +package io.grpc.s2a.handshaker; + +public interface S2AContextOrBuilder extends + // @@protoc_insertion_point(interface_extends:grpc.gcp.S2AContext) + com.google.protobuf.MessageOrBuilder { + + /** + * 
+   * The SPIFFE ID from the peer leaf certificate, if present.
+   *
+   * This field is only populated if the leaf certificate is a valid SPIFFE
+   * SVID; in particular, there is a unique URI SAN and this URI SAN is a valid
+   * SPIFFE ID.
+   *
+ * + * string leaf_cert_spiffe_id = 1; + * @return The leafCertSpiffeId. + */ + java.lang.String getLeafCertSpiffeId(); + /** + * 
+   * The SPIFFE ID from the peer leaf certificate, if present.
+   *
+   * This field is only populated if the leaf certificate is a valid SPIFFE
+   * SVID; in particular, there is a unique URI SAN and this URI SAN is a valid
+   * SPIFFE ID.
+   *
+ * + * string leaf_cert_spiffe_id = 1; + * @return The bytes for leafCertSpiffeId. + */ + com.google.protobuf.ByteString + getLeafCertSpiffeIdBytes(); + + /** + * 
+   * The URIs that are present in the SubjectAltName extension of the peer leaf
+   * certificate.
+   *
+   * Note that the extracted URIs are not validated and may not be properly
+   * formatted.
+   *
+ * + * repeated string leaf_cert_uris = 2; + * @return A list containing the leafCertUris. + */ + java.util.List + getLeafCertUrisList(); + /** + * 
+   * The URIs that are present in the SubjectAltName extension of the peer leaf
+   * certificate.
+   *
+   * Note that the extracted URIs are not validated and may not be properly
+   * formatted.
+   *
+ * + * repeated string leaf_cert_uris = 2; + * @return The count of leafCertUris. + */ + int getLeafCertUrisCount(); + /** + * 
+   * The URIs that are present in the SubjectAltName extension of the peer leaf
+   * certificate.
+   *
+   * Note that the extracted URIs are not validated and may not be properly
+   * formatted.
+   *
+ * + * repeated string leaf_cert_uris = 2; + * @param index The index of the element to return. + * @return The leafCertUris at the given index. + */ + java.lang.String getLeafCertUris(int index); + /** + * 
+   * The URIs that are present in the SubjectAltName extension of the peer leaf
+   * certificate.
+   *
+   * Note that the extracted URIs are not validated and may not be properly
+   * formatted.
+   *
+ * + * repeated string leaf_cert_uris = 2; + * @param index The index of the value to return. + * @return The bytes of the leafCertUris at the given index. + */ + com.google.protobuf.ByteString + getLeafCertUrisBytes(int index); + + /** + * 
+   * The DNSNames that are present in the SubjectAltName extension of the peer
+   * leaf certificate.
+   *
+ * + * repeated string leaf_cert_dnsnames = 3; + * @return A list containing the leafCertDnsnames. + */ + java.util.List + getLeafCertDnsnamesList(); + /** + * 
+   * The DNSNames that are present in the SubjectAltName extension of the peer
+   * leaf certificate.
+   *
+ * + * repeated string leaf_cert_dnsnames = 3; + * @return The count of leafCertDnsnames. + */ + int getLeafCertDnsnamesCount(); + /** + * 
+   * The DNSNames that are present in the SubjectAltName extension of the peer
+   * leaf certificate.
+   *
+ * + * repeated string leaf_cert_dnsnames = 3; + * @param index The index of the element to return. + * @return The leafCertDnsnames at the given index. + */ + java.lang.String getLeafCertDnsnames(int index); + /** + * 
+   * The DNSNames that are present in the SubjectAltName extension of the peer
+   * leaf certificate.
+   *
+ * + * repeated string leaf_cert_dnsnames = 3; + * @param index The index of the value to return. + * @return The bytes of the leafCertDnsnames at the given index. + */ + com.google.protobuf.ByteString + getLeafCertDnsnamesBytes(int index); + + /** + * 
+   * The (ordered) list of fingerprints in the certificate chain used to verify
+   * the given leaf certificate. The order MUST be from leaf certificate
+   * fingerprint to root certificate fingerprint.
+   *
+   * A fingerprint is the base-64 encoding of the SHA256 hash of the
+   * DER-encoding of a certificate. The list MAY be populated even if the peer
+   * certificate chain was NOT validated successfully.
+   *
+ * + * repeated string peer_certificate_chain_fingerprints = 4; + * @return A list containing the peerCertificateChainFingerprints. + */ + java.util.List + getPeerCertificateChainFingerprintsList(); + /** + * 
+   * The (ordered) list of fingerprints in the certificate chain used to verify
+   * the given leaf certificate. The order MUST be from leaf certificate
+   * fingerprint to root certificate fingerprint.
+   *
+   * A fingerprint is the base-64 encoding of the SHA256 hash of the
+   * DER-encoding of a certificate. The list MAY be populated even if the peer
+   * certificate chain was NOT validated successfully.
+   *
+ * + * repeated string peer_certificate_chain_fingerprints = 4; + * @return The count of peerCertificateChainFingerprints. + */ + int getPeerCertificateChainFingerprintsCount(); + /** + * 
+   * The (ordered) list of fingerprints in the certificate chain used to verify
+   * the given leaf certificate. The order MUST be from leaf certificate
+   * fingerprint to root certificate fingerprint.
+   *
+   * A fingerprint is the base-64 encoding of the SHA256 hash of the
+   * DER-encoding of a certificate. The list MAY be populated even if the peer
+   * certificate chain was NOT validated successfully.
+   *
+ * + * repeated string peer_certificate_chain_fingerprints = 4; + * @param index The index of the element to return. + * @return The peerCertificateChainFingerprints at the given index. + */ + java.lang.String getPeerCertificateChainFingerprints(int index); + /** + * 
+   * The (ordered) list of fingerprints in the certificate chain used to verify
+   * the given leaf certificate. The order MUST be from leaf certificate
+   * fingerprint to root certificate fingerprint.
+   *
+   * A fingerprint is the base-64 encoding of the SHA256 hash of the
+   * DER-encoding of a certificate. The list MAY be populated even if the peer
+   * certificate chain was NOT validated successfully.
+   *
+ * + * repeated string peer_certificate_chain_fingerprints = 4; + * @param index The index of the value to return. + * @return The bytes of the peerCertificateChainFingerprints at the given index. + */ + com.google.protobuf.ByteString + getPeerCertificateChainFingerprintsBytes(int index); + + /** + * 
+   * The local identity used during session setup.
+   *
+ * + * .grpc.gcp.Identity local_identity = 5; + * @return Whether the localIdentity field is set. + */ + boolean hasLocalIdentity(); + /** + * 
+   * The local identity used during session setup.
+   *
+ * + * .grpc.gcp.Identity local_identity = 5; + * @return The localIdentity. + */ + io.grpc.s2a.handshaker.Identity getLocalIdentity(); + /** + * 
+   * The local identity used during session setup.
+   *
+ * + * .grpc.gcp.Identity local_identity = 5; + */ + io.grpc.s2a.handshaker.IdentityOrBuilder getLocalIdentityOrBuilder(); + + /** + * 
+   * The SHA256 hash of the DER-encoding of the local leaf certificate used in
+   * the handshake.
+   *
+ * + * bytes local_leaf_cert_fingerprint = 6; + * @return The localLeafCertFingerprint. + */ + com.google.protobuf.ByteString getLocalLeafCertFingerprint(); +} diff --git a/s2a/src/generated/main/java/io/grpc/s2a/handshaker/S2AContextProto.java b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/S2AContextProto.java new file mode 100644 index 000000000000..9dbb08043d6f --- /dev/null +++ b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/S2AContextProto.java @@ -0,0 +1,56 @@ +// Generated by the protocol buffer compiler. DO NOT EDIT! +// source: s2a_context.proto + +// Protobuf Java Version: 3.25.1 +package io.grpc.s2a.handshaker; + +public final class S2AContextProto { + private S2AContextProto() {} + public static void registerAllExtensions( + com.google.protobuf.ExtensionRegistryLite registry) { + } + + public static void registerAllExtensions( + com.google.protobuf.ExtensionRegistry registry) { + registerAllExtensions( + (com.google.protobuf.ExtensionRegistryLite) registry); + } + static final com.google.protobuf.Descriptors.Descriptor + internal_static_grpc_gcp_S2AContext_descriptor; + static final + com.google.protobuf.GeneratedMessageV3.FieldAccessorTable + internal_static_grpc_gcp_S2AContext_fieldAccessorTable; + + public static com.google.protobuf.Descriptors.FileDescriptor + getDescriptor() { + return descriptor; + } + private static com.google.protobuf.Descriptors.FileDescriptor + descriptor; + static { + java.lang.String[] descriptorData = { + "\n\021s2a_context.proto\022\010grpc.gcp\032\014common.pr" + + "oto\"\333\001\n\nS2AContext\022\033\n\023leaf_cert_spiffe_i" + + "d\030\001 \001(\t\022\026\n\016leaf_cert_uris\030\002 \003(\t\022\032\n\022leaf_" + + "cert_dnsnames\030\003 \003(\t\022+\n#peer_certificate_" + + "chain_fingerprints\030\004 \003(\t\022*\n\016local_identi" + + "ty\030\005 \001(\0132\022.grpc.gcp.Identity\022#\n\033local_le" + + "af_cert_fingerprint\030\006 \001(\014B+\n\026io.grpc.s2a" + + ".handshakerB\017S2AContextProtoP\001b\006proto3" + }; + descriptor = com.google.protobuf.Descriptors.FileDescriptor + .internalBuildGeneratedFileFrom(descriptorData, + new com.google.protobuf.Descriptors.FileDescriptor[] { + io.grpc.s2a.handshaker.CommonProto.getDescriptor(), + }); + internal_static_grpc_gcp_S2AContext_descriptor = + getDescriptor().getMessageTypes().get(0); + internal_static_grpc_gcp_S2AContext_fieldAccessorTable = new + com.google.protobuf.GeneratedMessageV3.FieldAccessorTable( + internal_static_grpc_gcp_S2AContext_descriptor, + new java.lang.String[] { "LeafCertSpiffeId", "LeafCertUris", "LeafCertDnsnames", "PeerCertificateChainFingerprints", "LocalIdentity", "LocalLeafCertFingerprint", }); + io.grpc.s2a.handshaker.CommonProto.getDescriptor(); + } + + // @@protoc_insertion_point(outer_class_scope) +} diff --git a/s2a/src/generated/main/java/io/grpc/s2a/handshaker/S2AProto.java b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/S2AProto.java new file mode 100644 index 000000000000..4a479d8758c3 --- /dev/null +++ b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/S2AProto.java @@ -0,0 +1,338 @@ +// Generated by the protocol buffer compiler. DO NOT EDIT! +// source: s2a.proto + +// Protobuf Java Version: 3.25.1 +package io.grpc.s2a.handshaker; + +public final class S2AProto { + private S2AProto() {} + public static void registerAllExtensions( + com.google.protobuf.ExtensionRegistryLite registry) { + } + + public static void registerAllExtensions( + com.google.protobuf.ExtensionRegistry registry) { + registerAllExtensions( + (com.google.protobuf.ExtensionRegistryLite) registry); + } + static final com.google.protobuf.Descriptors.Descriptor + internal_static_grpc_gcp_AlpnPolicy_descriptor; + static final + com.google.protobuf.GeneratedMessageV3.FieldAccessorTable + internal_static_grpc_gcp_AlpnPolicy_fieldAccessorTable; + static final com.google.protobuf.Descriptors.Descriptor + internal_static_grpc_gcp_AuthenticationMechanism_descriptor; + static final + com.google.protobuf.GeneratedMessageV3.FieldAccessorTable + internal_static_grpc_gcp_AuthenticationMechanism_fieldAccessorTable; + static final com.google.protobuf.Descriptors.Descriptor + internal_static_grpc_gcp_Status_descriptor; + static final + com.google.protobuf.GeneratedMessageV3.FieldAccessorTable + internal_static_grpc_gcp_Status_fieldAccessorTable; + static final com.google.protobuf.Descriptors.Descriptor + internal_static_grpc_gcp_GetTlsConfigurationReq_descriptor; + static final + com.google.protobuf.GeneratedMessageV3.FieldAccessorTable + internal_static_grpc_gcp_GetTlsConfigurationReq_fieldAccessorTable; + static final com.google.protobuf.Descriptors.Descriptor + internal_static_grpc_gcp_GetTlsConfigurationResp_descriptor; + static final + com.google.protobuf.GeneratedMessageV3.FieldAccessorTable + internal_static_grpc_gcp_GetTlsConfigurationResp_fieldAccessorTable; + static final com.google.protobuf.Descriptors.Descriptor + internal_static_grpc_gcp_GetTlsConfigurationResp_ClientTlsConfiguration_descriptor; + static final + com.google.protobuf.GeneratedMessageV3.FieldAccessorTable + internal_static_grpc_gcp_GetTlsConfigurationResp_ClientTlsConfiguration_fieldAccessorTable; + static final com.google.protobuf.Descriptors.Descriptor + internal_static_grpc_gcp_GetTlsConfigurationResp_ServerTlsConfiguration_descriptor; + static final + com.google.protobuf.GeneratedMessageV3.FieldAccessorTable + internal_static_grpc_gcp_GetTlsConfigurationResp_ServerTlsConfiguration_fieldAccessorTable; + static final com.google.protobuf.Descriptors.Descriptor + internal_static_grpc_gcp_OffloadPrivateKeyOperationReq_descriptor; + static final + com.google.protobuf.GeneratedMessageV3.FieldAccessorTable + internal_static_grpc_gcp_OffloadPrivateKeyOperationReq_fieldAccessorTable; + static final com.google.protobuf.Descriptors.Descriptor + internal_static_grpc_gcp_OffloadPrivateKeyOperationResp_descriptor; + static final + com.google.protobuf.GeneratedMessageV3.FieldAccessorTable + internal_static_grpc_gcp_OffloadPrivateKeyOperationResp_fieldAccessorTable; + static final com.google.protobuf.Descriptors.Descriptor + internal_static_grpc_gcp_OffloadResumptionKeyOperationReq_descriptor; + static final + com.google.protobuf.GeneratedMessageV3.FieldAccessorTable + internal_static_grpc_gcp_OffloadResumptionKeyOperationReq_fieldAccessorTable; + static final com.google.protobuf.Descriptors.Descriptor + internal_static_grpc_gcp_OffloadResumptionKeyOperationResp_descriptor; + static final + com.google.protobuf.GeneratedMessageV3.FieldAccessorTable + internal_static_grpc_gcp_OffloadResumptionKeyOperationResp_fieldAccessorTable; + static final com.google.protobuf.Descriptors.Descriptor + internal_static_grpc_gcp_ValidatePeerCertificateChainReq_descriptor; + static final + com.google.protobuf.GeneratedMessageV3.FieldAccessorTable + internal_static_grpc_gcp_ValidatePeerCertificateChainReq_fieldAccessorTable; + static final com.google.protobuf.Descriptors.Descriptor + internal_static_grpc_gcp_ValidatePeerCertificateChainReq_ClientPeer_descriptor; + static final + com.google.protobuf.GeneratedMessageV3.FieldAccessorTable + internal_static_grpc_gcp_ValidatePeerCertificateChainReq_ClientPeer_fieldAccessorTable; + static final com.google.protobuf.Descriptors.Descriptor + internal_static_grpc_gcp_ValidatePeerCertificateChainReq_ServerPeer_descriptor; + static final + com.google.protobuf.GeneratedMessageV3.FieldAccessorTable + internal_static_grpc_gcp_ValidatePeerCertificateChainReq_ServerPeer_fieldAccessorTable; + static final com.google.protobuf.Descriptors.Descriptor + internal_static_grpc_gcp_ValidatePeerCertificateChainResp_descriptor; + static final + com.google.protobuf.GeneratedMessageV3.FieldAccessorTable + internal_static_grpc_gcp_ValidatePeerCertificateChainResp_fieldAccessorTable; + static final com.google.protobuf.Descriptors.Descriptor + internal_static_grpc_gcp_SessionReq_descriptor; + static final + com.google.protobuf.GeneratedMessageV3.FieldAccessorTable + internal_static_grpc_gcp_SessionReq_fieldAccessorTable; + static final com.google.protobuf.Descriptors.Descriptor + internal_static_grpc_gcp_SessionResp_descriptor; + static final + com.google.protobuf.GeneratedMessageV3.FieldAccessorTable + internal_static_grpc_gcp_SessionResp_fieldAccessorTable; + + public static com.google.protobuf.Descriptors.FileDescriptor + getDescriptor() { + return descriptor; + } + private static com.google.protobuf.Descriptors.FileDescriptor + descriptor; + static { + java.lang.String[] descriptorData = { + "\n\ts2a.proto\022\010grpc.gcp\032\014common.proto\032\021s2a" + + "_context.proto\"]\n\nAlpnPolicy\022\037\n\027enable_a" + + "lpn_negotiation\030\001 \001(\010\022.\n\016alpn_protocols\030" + + "\002 \003(\0162\026.grpc.gcp.AlpnProtocol\"c\n\027Authent" + + "icationMechanism\022$\n\010identity\030\001 \001(\0132\022.grp" + + "c.gcp.Identity\022\017\n\005token\030\002 \001(\tH\000B\021\n\017mecha" + + "nism_oneof\"\'\n\006Status\022\014\n\004code\030\001 \001(\r\022\017\n\007de" + + "tails\030\002 \001(\t\"X\n\026GetTlsConfigurationReq\0221\n" + + "\017connection_side\030\001 \001(\0162\030.grpc.gcp.Connec" + + "tionSide\022\013\n\003sni\030\002 \001(\t\"\267\t\n\027GetTlsConfigur" + + "ationResp\022\\\n\030client_tls_configuration\030\001 " + + "\001(\01328.grpc.gcp.GetTlsConfigurationResp.C" + + "lientTlsConfigurationH\000\022\\\n\030server_tls_co" + + "nfiguration\030\002 \001(\01328.grpc.gcp.GetTlsConfi" + + "gurationResp.ServerTlsConfigurationH\000\032\365\001" + + "\n\026ClientTlsConfiguration\022\031\n\021certificate_" + + "chain\030\001 \003(\t\022-\n\017min_tls_version\030\002 \001(\0162\024.g" + + "rpc.gcp.TLSVersion\022-\n\017max_tls_version\030\003 " + + "\001(\0162\024.grpc.gcp.TLSVersion\022+\n\014ciphersuite" + + "s\030\006 \003(\0162\025.grpc.gcp.Ciphersuite\022)\n\013alpn_p" + + "olicy\030\007 \001(\0132\024.grpc.gcp.AlpnPolicyJ\004\010\004\020\005J" + + "\004\010\005\020\006\032\322\005\n\026ServerTlsConfiguration\022\031\n\021cert" + + "ificate_chain\030\001 \003(\t\022-\n\017min_tls_version\030\002" + + " \001(\0162\024.grpc.gcp.TLSVersion\022-\n\017max_tls_ve" + + "rsion\030\003 \001(\0162\024.grpc.gcp.TLSVersion\022+\n\014cip" + + "hersuites\030\n \003(\0162\025.grpc.gcp.Ciphersuite\022\036" + + "\n\026tls_resumption_enabled\030\006 \001(\010\022u\n\032reques" + + "t_client_certificate\030\007 \001(\0162Q.grpc.gcp.Ge" + + "tTlsConfigurationResp.ServerTlsConfigura" + + "tion.RequestClientCertificate\022#\n\033max_ove" + + "rhead_of_ticket_aead\030\t \001(\r\022)\n\013alpn_polic" + + "y\030\013 \001(\0132\024.grpc.gcp.AlpnPolicy\"\236\002\n\030Reques" + + "tClientCertificate\022\017\n\013UNSPECIFIED\020\000\022#\n\037D" + + "ONT_REQUEST_CLIENT_CERTIFICATE\020\001\022.\n*REQU" + + "EST_CLIENT_CERTIFICATE_BUT_DONT_VERIFY\020\002" + + "\022)\n%REQUEST_CLIENT_CERTIFICATE_AND_VERIF" + + "Y\020\003\022:\n6REQUEST_AND_REQUIRE_CLIENT_CERTIF" + + "ICATE_BUT_DONT_VERIFY\020\004\0225\n1REQUEST_AND_R" + + "EQUIRE_CLIENT_CERTIFICATE_AND_VERIFY\020\005J\004" + + "\010\004\020\005J\004\010\005\020\006B\023\n\021tls_configuration\"\325\002\n\035Offl" + + "oadPrivateKeyOperationReq\022N\n\toperation\030\001" + + " \001(\0162;.grpc.gcp.OffloadPrivateKeyOperati" + + "onReq.PrivateKeyOperation\0229\n\023signature_a" + + "lgorithm\030\002 \001(\0162\034.grpc.gcp.SignatureAlgor" + + "ithm\022\023\n\traw_bytes\030\004 \001(\014H\000\022\027\n\rsha256_dige" + + "st\030\005 \001(\014H\000\022\027\n\rsha384_digest\030\006 \001(\014H\000\022\027\n\rs" + + "ha512_digest\030\007 \001(\014H\000\"=\n\023PrivateKeyOperat" + + "ion\022\017\n\013UNSPECIFIED\020\000\022\010\n\004SIGN\020\001\022\013\n\007DECRYP" + + "T\020\002B\n\n\010in_bytes\"3\n\036OffloadPrivateKeyOper" + + "ationResp\022\021\n\tout_bytes\030\001 \001(\014\"\317\001\n Offload" + + "ResumptionKeyOperationReq\022T\n\toperation\030\001" + + " \001(\0162A.grpc.gcp.OffloadResumptionKeyOper" + + "ationReq.ResumptionKeyOperation\022\020\n\010in_by" + + "tes\030\002 \001(\014\"C\n\026ResumptionKeyOperation\022\017\n\013U" + + "NSPECIFIED\020\000\022\013\n\007ENCRYPT\020\001\022\013\n\007DECRYPT\020\002\"6" + + "\n!OffloadResumptionKeyOperationResp\022\021\n\to" + + "ut_bytes\030\001 \001(\014\"\365\003\n\037ValidatePeerCertifica" + + "teChainReq\022H\n\004mode\030\001 \001(\0162:.grpc.gcp.Vali" + + "datePeerCertificateChainReq.Verification" + + "Mode\022K\n\013client_peer\030\002 \001(\01324.grpc.gcp.Val" + + "idatePeerCertificateChainReq.ClientPeerH" + + "\000\022K\n\013server_peer\030\003 \001(\01324.grpc.gcp.Valida" + + "tePeerCertificateChainReq.ServerPeerH\000\032\'" + + "\n\nClientPeer\022\031\n\021certificate_chain\030\001 \003(\014\032" + + "o\n\nServerPeer\022\031\n\021certificate_chain\030\001 \003(\014" + + "\022\027\n\017server_hostname\030\002 \001(\t\022-\n%serialized_" + + "unrestricted_client_policy\030\003 \001(\014\"F\n\020Veri" + + "ficationMode\022\017\n\013UNSPECIFIED\020\000\022\n\n\006SPIFFE\020" + + "\001\022\025\n\021CONNECT_TO_GOOGLE\020\002B\014\n\npeer_oneof\"\374" + + "\001\n ValidatePeerCertificateChainResp\022V\n\021v" + + "alidation_result\030\001 \001(\0162;.grpc.gcp.Valida" + + "tePeerCertificateChainResp.ValidationRes" + + "ult\022\032\n\022validation_details\030\002 \001(\t\022%\n\007conte" + + "xt\030\003 \001(\0132\024.grpc.gcp.S2AContext\"=\n\020Valida" + + "tionResult\022\017\n\013UNSPECIFIED\020\000\022\013\n\007SUCCESS\020\001" + + "\022\013\n\007FAILURE\020\002\"\336\003\n\nSessionReq\022*\n\016local_id" + + "entity\030\001 \001(\0132\022.grpc.gcp.Identity\022D\n\031auth" + + "entication_mechanisms\030\002 \003(\0132!.grpc.gcp.A" + + "uthenticationMechanism\022E\n\031get_tls_config" + + "uration_req\030\003 \001(\0132 .grpc.gcp.GetTlsConfi" + + "gurationReqH\000\022T\n!offload_private_key_ope" + + "ration_req\030\004 \001(\0132\'.grpc.gcp.OffloadPriva" + + "teKeyOperationReqH\000\022Z\n$offload_resumptio" + + "n_key_operation_req\030\005 \001(\0132*.grpc.gcp.Off" + + "loadResumptionKeyOperationReqH\000\022X\n#valid" + + "ate_peer_certificate_chain_req\030\006 \001(\0132).g" + + "rpc.gcp.ValidatePeerCertificateChainReqH" + + "\000B\013\n\treq_oneof\"\230\003\n\013SessionResp\022 \n\006status" + + "\030\001 \001(\0132\020.grpc.gcp.Status\022G\n\032get_tls_conf" + + "iguration_resp\030\002 \001(\0132!.grpc.gcp.GetTlsCo" + + "nfigurationRespH\000\022V\n\"offload_private_key" + + "_operation_resp\030\003 \001(\0132(.grpc.gcp.Offload" + + "PrivateKeyOperationRespH\000\022\\\n%offload_res" + + "umption_key_operation_resp\030\004 \001(\0132+.grpc." + + "gcp.OffloadResumptionKeyOperationRespH\000\022" + + "Z\n$validate_peer_certificate_chain_resp\030" + + "\005 \001(\0132*.grpc.gcp.ValidatePeerCertificate" + + "ChainRespH\000B\014\n\nresp_oneof*\242\003\n\022SignatureA" + + "lgorithm\022\034\n\030S2A_SSL_SIGN_UNSPECIFIED\020\000\022!" + + "\n\035S2A_SSL_SIGN_RSA_PKCS1_SHA256\020\001\022!\n\035S2A" + + "_SSL_SIGN_RSA_PKCS1_SHA384\020\002\022!\n\035S2A_SSL_" + + "SIGN_RSA_PKCS1_SHA512\020\003\022\'\n#S2A_SSL_SIGN_" + + "ECDSA_SECP256R1_SHA256\020\004\022\'\n#S2A_SSL_SIGN" + + "_ECDSA_SECP384R1_SHA384\020\005\022\'\n#S2A_SSL_SIG" + + "N_ECDSA_SECP521R1_SHA512\020\006\022$\n S2A_SSL_SI" + + "GN_RSA_PSS_RSAE_SHA256\020\007\022$\n S2A_SSL_SIGN" + + "_RSA_PSS_RSAE_SHA384\020\010\022$\n S2A_SSL_SIGN_R" + + "SA_PSS_RSAE_SHA512\020\t\022\030\n\024S2A_SSL_SIGN_ED2" + + "5519\020\n2O\n\nS2AService\022A\n\014SetUpSession\022\024.g" + + "rpc.gcp.SessionReq\032\025.grpc.gcp.SessionRes" + + "p\"\000(\0010\001B$\n\026io.grpc.s2a.handshakerB\010S2APr" + + "otoP\001b\006proto3" + }; + descriptor = com.google.protobuf.Descriptors.FileDescriptor + .internalBuildGeneratedFileFrom(descriptorData, + new com.google.protobuf.Descriptors.FileDescriptor[] { + io.grpc.s2a.handshaker.CommonProto.getDescriptor(), + io.grpc.s2a.handshaker.S2AContextProto.getDescriptor(), + }); + internal_static_grpc_gcp_AlpnPolicy_descriptor = + getDescriptor().getMessageTypes().get(0); + internal_static_grpc_gcp_AlpnPolicy_fieldAccessorTable = new + com.google.protobuf.GeneratedMessageV3.FieldAccessorTable( + internal_static_grpc_gcp_AlpnPolicy_descriptor, + new java.lang.String[] { "EnableAlpnNegotiation", "AlpnProtocols", }); + internal_static_grpc_gcp_AuthenticationMechanism_descriptor = + getDescriptor().getMessageTypes().get(1); + internal_static_grpc_gcp_AuthenticationMechanism_fieldAccessorTable = new + com.google.protobuf.GeneratedMessageV3.FieldAccessorTable( + internal_static_grpc_gcp_AuthenticationMechanism_descriptor, + new java.lang.String[] { "Identity", "Token", "MechanismOneof", }); + internal_static_grpc_gcp_Status_descriptor = + getDescriptor().getMessageTypes().get(2); + internal_static_grpc_gcp_Status_fieldAccessorTable = new + com.google.protobuf.GeneratedMessageV3.FieldAccessorTable( + internal_static_grpc_gcp_Status_descriptor, + new java.lang.String[] { "Code", "Details", }); + internal_static_grpc_gcp_GetTlsConfigurationReq_descriptor = + getDescriptor().getMessageTypes().get(3); + internal_static_grpc_gcp_GetTlsConfigurationReq_fieldAccessorTable = new + com.google.protobuf.GeneratedMessageV3.FieldAccessorTable( + internal_static_grpc_gcp_GetTlsConfigurationReq_descriptor, + new java.lang.String[] { "ConnectionSide", "Sni", }); + internal_static_grpc_gcp_GetTlsConfigurationResp_descriptor = + getDescriptor().getMessageTypes().get(4); + internal_static_grpc_gcp_GetTlsConfigurationResp_fieldAccessorTable = new + com.google.protobuf.GeneratedMessageV3.FieldAccessorTable( + internal_static_grpc_gcp_GetTlsConfigurationResp_descriptor, + new java.lang.String[] { "ClientTlsConfiguration", "ServerTlsConfiguration", "TlsConfiguration", }); + internal_static_grpc_gcp_GetTlsConfigurationResp_ClientTlsConfiguration_descriptor = + internal_static_grpc_gcp_GetTlsConfigurationResp_descriptor.getNestedTypes().get(0); + internal_static_grpc_gcp_GetTlsConfigurationResp_ClientTlsConfiguration_fieldAccessorTable = new + com.google.protobuf.GeneratedMessageV3.FieldAccessorTable( + internal_static_grpc_gcp_GetTlsConfigurationResp_ClientTlsConfiguration_descriptor, + new java.lang.String[] { "CertificateChain", "MinTlsVersion", "MaxTlsVersion", "Ciphersuites", "AlpnPolicy", }); + internal_static_grpc_gcp_GetTlsConfigurationResp_ServerTlsConfiguration_descriptor = + internal_static_grpc_gcp_GetTlsConfigurationResp_descriptor.getNestedTypes().get(1); + internal_static_grpc_gcp_GetTlsConfigurationResp_ServerTlsConfiguration_fieldAccessorTable = new + com.google.protobuf.GeneratedMessageV3.FieldAccessorTable( + internal_static_grpc_gcp_GetTlsConfigurationResp_ServerTlsConfiguration_descriptor, + new java.lang.String[] { "CertificateChain", "MinTlsVersion", "MaxTlsVersion", "Ciphersuites", "TlsResumptionEnabled", "RequestClientCertificate", "MaxOverheadOfTicketAead", "AlpnPolicy", }); + internal_static_grpc_gcp_OffloadPrivateKeyOperationReq_descriptor = + getDescriptor().getMessageTypes().get(5); + internal_static_grpc_gcp_OffloadPrivateKeyOperationReq_fieldAccessorTable = new + com.google.protobuf.GeneratedMessageV3.FieldAccessorTable( + internal_static_grpc_gcp_OffloadPrivateKeyOperationReq_descriptor, + new java.lang.String[] { "Operation", "SignatureAlgorithm", "RawBytes", "Sha256Digest", "Sha384Digest", "Sha512Digest", "InBytes", }); + internal_static_grpc_gcp_OffloadPrivateKeyOperationResp_descriptor = + getDescriptor().getMessageTypes().get(6); + internal_static_grpc_gcp_OffloadPrivateKeyOperationResp_fieldAccessorTable = new + com.google.protobuf.GeneratedMessageV3.FieldAccessorTable( + internal_static_grpc_gcp_OffloadPrivateKeyOperationResp_descriptor, + new java.lang.String[] { "OutBytes", }); + internal_static_grpc_gcp_OffloadResumptionKeyOperationReq_descriptor = + getDescriptor().getMessageTypes().get(7); + internal_static_grpc_gcp_OffloadResumptionKeyOperationReq_fieldAccessorTable = new + com.google.protobuf.GeneratedMessageV3.FieldAccessorTable( + internal_static_grpc_gcp_OffloadResumptionKeyOperationReq_descriptor, + new java.lang.String[] { "Operation", "InBytes", }); + internal_static_grpc_gcp_OffloadResumptionKeyOperationResp_descriptor = + getDescriptor().getMessageTypes().get(8); + internal_static_grpc_gcp_OffloadResumptionKeyOperationResp_fieldAccessorTable = new + com.google.protobuf.GeneratedMessageV3.FieldAccessorTable( + internal_static_grpc_gcp_OffloadResumptionKeyOperationResp_descriptor, + new java.lang.String[] { "OutBytes", }); + internal_static_grpc_gcp_ValidatePeerCertificateChainReq_descriptor = + getDescriptor().getMessageTypes().get(9); + internal_static_grpc_gcp_ValidatePeerCertificateChainReq_fieldAccessorTable = new + com.google.protobuf.GeneratedMessageV3.FieldAccessorTable( + internal_static_grpc_gcp_ValidatePeerCertificateChainReq_descriptor, + new java.lang.String[] { "Mode", "ClientPeer", "ServerPeer", "PeerOneof", }); + internal_static_grpc_gcp_ValidatePeerCertificateChainReq_ClientPeer_descriptor = + internal_static_grpc_gcp_ValidatePeerCertificateChainReq_descriptor.getNestedTypes().get(0); + internal_static_grpc_gcp_ValidatePeerCertificateChainReq_ClientPeer_fieldAccessorTable = new + com.google.protobuf.GeneratedMessageV3.FieldAccessorTable( + internal_static_grpc_gcp_ValidatePeerCertificateChainReq_ClientPeer_descriptor, + new java.lang.String[] { "CertificateChain", }); + internal_static_grpc_gcp_ValidatePeerCertificateChainReq_ServerPeer_descriptor = + internal_static_grpc_gcp_ValidatePeerCertificateChainReq_descriptor.getNestedTypes().get(1); + internal_static_grpc_gcp_ValidatePeerCertificateChainReq_ServerPeer_fieldAccessorTable = new + com.google.protobuf.GeneratedMessageV3.FieldAccessorTable( + internal_static_grpc_gcp_ValidatePeerCertificateChainReq_ServerPeer_descriptor, + new java.lang.String[] { "CertificateChain", "ServerHostname", "SerializedUnrestrictedClientPolicy", }); + internal_static_grpc_gcp_ValidatePeerCertificateChainResp_descriptor = + getDescriptor().getMessageTypes().get(10); + internal_static_grpc_gcp_ValidatePeerCertificateChainResp_fieldAccessorTable = new + com.google.protobuf.GeneratedMessageV3.FieldAccessorTable( + internal_static_grpc_gcp_ValidatePeerCertificateChainResp_descriptor, + new java.lang.String[] { "ValidationResult", "ValidationDetails", "Context", }); + internal_static_grpc_gcp_SessionReq_descriptor = + getDescriptor().getMessageTypes().get(11); + internal_static_grpc_gcp_SessionReq_fieldAccessorTable = new + com.google.protobuf.GeneratedMessageV3.FieldAccessorTable( + internal_static_grpc_gcp_SessionReq_descriptor, + new java.lang.String[] { "LocalIdentity", "AuthenticationMechanisms", "GetTlsConfigurationReq", "OffloadPrivateKeyOperationReq", "OffloadResumptionKeyOperationReq", "ValidatePeerCertificateChainReq", "ReqOneof", }); + internal_static_grpc_gcp_SessionResp_descriptor = + getDescriptor().getMessageTypes().get(12); + internal_static_grpc_gcp_SessionResp_fieldAccessorTable = new + com.google.protobuf.GeneratedMessageV3.FieldAccessorTable( + internal_static_grpc_gcp_SessionResp_descriptor, + new java.lang.String[] { "Status", "GetTlsConfigurationResp", "OffloadPrivateKeyOperationResp", "OffloadResumptionKeyOperationResp", "ValidatePeerCertificateChainResp", "RespOneof", }); + io.grpc.s2a.handshaker.CommonProto.getDescriptor(); + io.grpc.s2a.handshaker.S2AContextProto.getDescriptor(); + } + + // @@protoc_insertion_point(outer_class_scope) +} diff --git a/s2a/src/generated/main/java/io/grpc/s2a/handshaker/SessionReq.java b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/SessionReq.java new file mode 100644 index 000000000000..ae187d44eb0e --- /dev/null +++ b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/SessionReq.java @@ -0,0 +1,2431 @@ +// Generated by the protocol buffer compiler. DO NOT EDIT! +// source: s2a.proto + +// Protobuf Java Version: 3.25.1 +package io.grpc.s2a.handshaker; + +/** + * Protobuf type {@code grpc.gcp.SessionReq} + */ +public final class SessionReq extends + com.google.protobuf.GeneratedMessageV3 implements + // @@protoc_insertion_point(message_implements:grpc.gcp.SessionReq) + SessionReqOrBuilder { +private static final long serialVersionUID = 0L; + // Use SessionReq.newBuilder() to construct. + private SessionReq(com.google.protobuf.GeneratedMessageV3.Builder builder) { + super(builder); + } + private SessionReq() { + authenticationMechanisms_ = java.util.Collections.emptyList(); + } + + @java.lang.Override + @SuppressWarnings({"unused"}) + protected java.lang.Object newInstance( + UnusedPrivateParameter unused) { + return new SessionReq(); + } + + public static final com.google.protobuf.Descriptors.Descriptor + getDescriptor() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_SessionReq_descriptor; + } + + @java.lang.Override + protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable + internalGetFieldAccessorTable() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_SessionReq_fieldAccessorTable + .ensureFieldAccessorsInitialized( + io.grpc.s2a.handshaker.SessionReq.class, io.grpc.s2a.handshaker.SessionReq.Builder.class); + } + + private int bitField0_; + private int reqOneofCase_ = 0; + @SuppressWarnings("serial") + private java.lang.Object reqOneof_; + public enum ReqOneofCase + implements com.google.protobuf.Internal.EnumLite, + com.google.protobuf.AbstractMessage.InternalOneOfEnum { + GET_TLS_CONFIGURATION_REQ(3), + OFFLOAD_PRIVATE_KEY_OPERATION_REQ(4), + OFFLOAD_RESUMPTION_KEY_OPERATION_REQ(5), + VALIDATE_PEER_CERTIFICATE_CHAIN_REQ(6), + REQONEOF_NOT_SET(0); + private final int value; + private ReqOneofCase(int value) { + this.value = value; + } + /** + * @param value The number of the enum to look for. + * @return The enum associated with the given number. + * @deprecated Use {@link #forNumber(int)} instead. + */ + @java.lang.Deprecated + public static ReqOneofCase valueOf(int value) { + return forNumber(value); + } + + public static ReqOneofCase forNumber(int value) { + switch (value) { + case 3: return GET_TLS_CONFIGURATION_REQ; + case 4: return OFFLOAD_PRIVATE_KEY_OPERATION_REQ; + case 5: return OFFLOAD_RESUMPTION_KEY_OPERATION_REQ; + case 6: return VALIDATE_PEER_CERTIFICATE_CHAIN_REQ; + case 0: return REQONEOF_NOT_SET; + default: return null; + } + } + public int getNumber() { + return this.value; + } + }; + + public ReqOneofCase + getReqOneofCase() { + return ReqOneofCase.forNumber( + reqOneofCase_); + } + + public static final int LOCAL_IDENTITY_FIELD_NUMBER = 1; + private io.grpc.s2a.handshaker.Identity localIdentity_; + /** + * 
+   * The identity corresponding to the TLS configurations that MUST be used for
+   * the TLS handshake.
+   *
+   * If a managed identity already exists, the local identity and authentication
+   * mechanisms are ignored. If a managed identity doesn't exist and the local
+   * identity is not populated, S2A will try to deduce the managed identity to
+   * use from the SNI extension. If that also fails, S2A uses the default
+   * identity (if one exists).
+   *
+ * + * .grpc.gcp.Identity local_identity = 1; + * @return Whether the localIdentity field is set. + */ + @java.lang.Override + public boolean hasLocalIdentity() { + return ((bitField0_ & 0x00000001) != 0); + } + /** + * 
+   * The identity corresponding to the TLS configurations that MUST be used for
+   * the TLS handshake.
+   *
+   * If a managed identity already exists, the local identity and authentication
+   * mechanisms are ignored. If a managed identity doesn't exist and the local
+   * identity is not populated, S2A will try to deduce the managed identity to
+   * use from the SNI extension. If that also fails, S2A uses the default
+   * identity (if one exists).
+   *
+ * + * .grpc.gcp.Identity local_identity = 1; + * @return The localIdentity. + */ + @java.lang.Override + public io.grpc.s2a.handshaker.Identity getLocalIdentity() { + return localIdentity_ == null ? io.grpc.s2a.handshaker.Identity.getDefaultInstance() : localIdentity_; + } + /** + * 
+   * The identity corresponding to the TLS configurations that MUST be used for
+   * the TLS handshake.
+   *
+   * If a managed identity already exists, the local identity and authentication
+   * mechanisms are ignored. If a managed identity doesn't exist and the local
+   * identity is not populated, S2A will try to deduce the managed identity to
+   * use from the SNI extension. If that also fails, S2A uses the default
+   * identity (if one exists).
+   *
+ * + * .grpc.gcp.Identity local_identity = 1; + */ + @java.lang.Override + public io.grpc.s2a.handshaker.IdentityOrBuilder getLocalIdentityOrBuilder() { + return localIdentity_ == null ? io.grpc.s2a.handshaker.Identity.getDefaultInstance() : localIdentity_; + } + + public static final int AUTHENTICATION_MECHANISMS_FIELD_NUMBER = 2; + @SuppressWarnings("serial") + private java.util.List authenticationMechanisms_; + /** + * 
+   * The authentication mechanisms that the application wishes to use to
+   * authenticate to S2A, ordered by preference. S2A will always use the first
+   * authentication mechanism that matches the managed identity.
+   *
+ * + * repeated .grpc.gcp.AuthenticationMechanism authentication_mechanisms = 2; + */ + @java.lang.Override + public java.util.List getAuthenticationMechanismsList() { + return authenticationMechanisms_; + } + /** + * 
+   * The authentication mechanisms that the application wishes to use to
+   * authenticate to S2A, ordered by preference. S2A will always use the first
+   * authentication mechanism that matches the managed identity.
+   *
+ * + * repeated .grpc.gcp.AuthenticationMechanism authentication_mechanisms = 2; + */ + @java.lang.Override + public java.util.List + getAuthenticationMechanismsOrBuilderList() { + return authenticationMechanisms_; + } + /** + * 
+   * The authentication mechanisms that the application wishes to use to
+   * authenticate to S2A, ordered by preference. S2A will always use the first
+   * authentication mechanism that matches the managed identity.
+   *
+ * + * repeated .grpc.gcp.AuthenticationMechanism authentication_mechanisms = 2; + */ + @java.lang.Override + public int getAuthenticationMechanismsCount() { + return authenticationMechanisms_.size(); + } + /** + * 
+   * The authentication mechanisms that the application wishes to use to
+   * authenticate to S2A, ordered by preference. S2A will always use the first
+   * authentication mechanism that matches the managed identity.
+   *
+ * + * repeated .grpc.gcp.AuthenticationMechanism authentication_mechanisms = 2; + */ + @java.lang.Override + public io.grpc.s2a.handshaker.AuthenticationMechanism getAuthenticationMechanisms(int index) { + return authenticationMechanisms_.get(index); + } + /** + * 
+   * The authentication mechanisms that the application wishes to use to
+   * authenticate to S2A, ordered by preference. S2A will always use the first
+   * authentication mechanism that matches the managed identity.
+   *
+ * + * repeated .grpc.gcp.AuthenticationMechanism authentication_mechanisms = 2; + */ + @java.lang.Override + public io.grpc.s2a.handshaker.AuthenticationMechanismOrBuilder getAuthenticationMechanismsOrBuilder( + int index) { + return authenticationMechanisms_.get(index); + } + + public static final int GET_TLS_CONFIGURATION_REQ_FIELD_NUMBER = 3; + /** + * 
+   * Requests the certificate chain and TLS configuration corresponding to the
+   * local identity, which the application MUST use to negotiate the TLS
+   * handshake.
+   *
+ * + * .grpc.gcp.GetTlsConfigurationReq get_tls_configuration_req = 3; + * @return Whether the getTlsConfigurationReq field is set. + */ + @java.lang.Override + public boolean hasGetTlsConfigurationReq() { + return reqOneofCase_ == 3; + } + /** + * 
+   * Requests the certificate chain and TLS configuration corresponding to the
+   * local identity, which the application MUST use to negotiate the TLS
+   * handshake.
+   *
+ * + * .grpc.gcp.GetTlsConfigurationReq get_tls_configuration_req = 3; + * @return The getTlsConfigurationReq. + */ + @java.lang.Override + public io.grpc.s2a.handshaker.GetTlsConfigurationReq getGetTlsConfigurationReq() { + if (reqOneofCase_ == 3) { + return (io.grpc.s2a.handshaker.GetTlsConfigurationReq) reqOneof_; + } + return io.grpc.s2a.handshaker.GetTlsConfigurationReq.getDefaultInstance(); + } + /** + * 
+   * Requests the certificate chain and TLS configuration corresponding to the
+   * local identity, which the application MUST use to negotiate the TLS
+   * handshake.
+   *
+ * + * .grpc.gcp.GetTlsConfigurationReq get_tls_configuration_req = 3; + */ + @java.lang.Override + public io.grpc.s2a.handshaker.GetTlsConfigurationReqOrBuilder getGetTlsConfigurationReqOrBuilder() { + if (reqOneofCase_ == 3) { + return (io.grpc.s2a.handshaker.GetTlsConfigurationReq) reqOneof_; + } + return io.grpc.s2a.handshaker.GetTlsConfigurationReq.getDefaultInstance(); + } + + public static final int OFFLOAD_PRIVATE_KEY_OPERATION_REQ_FIELD_NUMBER = 4; + /** + * 
+   * Signs or decrypts the input bytes using a private key corresponding to
+   * the local identity in the request.
+   *
+   * WARNING: More than one OffloadPrivateKeyOperationReq may be sent to the
+   * S2Av2 by a server during a TLS 1.2 handshake.
+   *
+ * + * .grpc.gcp.OffloadPrivateKeyOperationReq offload_private_key_operation_req = 4; + * @return Whether the offloadPrivateKeyOperationReq field is set. + */ + @java.lang.Override + public boolean hasOffloadPrivateKeyOperationReq() { + return reqOneofCase_ == 4; + } + /** + * 
+   * Signs or decrypts the input bytes using a private key corresponding to
+   * the local identity in the request.
+   *
+   * WARNING: More than one OffloadPrivateKeyOperationReq may be sent to the
+   * S2Av2 by a server during a TLS 1.2 handshake.
+   *
+ * + * .grpc.gcp.OffloadPrivateKeyOperationReq offload_private_key_operation_req = 4; + * @return The offloadPrivateKeyOperationReq. + */ + @java.lang.Override + public io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq getOffloadPrivateKeyOperationReq() { + if (reqOneofCase_ == 4) { + return (io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq) reqOneof_; + } + return io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq.getDefaultInstance(); + } + /** + * 
+   * Signs or decrypts the input bytes using a private key corresponding to
+   * the local identity in the request.
+   *
+   * WARNING: More than one OffloadPrivateKeyOperationReq may be sent to the
+   * S2Av2 by a server during a TLS 1.2 handshake.
+   *
+ * + * .grpc.gcp.OffloadPrivateKeyOperationReq offload_private_key_operation_req = 4; + */ + @java.lang.Override + public io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReqOrBuilder getOffloadPrivateKeyOperationReqOrBuilder() { + if (reqOneofCase_ == 4) { + return (io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq) reqOneof_; + } + return io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq.getDefaultInstance(); + } + + public static final int OFFLOAD_RESUMPTION_KEY_OPERATION_REQ_FIELD_NUMBER = 5; + /** + * 
+   * Encrypts or decrypts the input bytes using a resumption key corresponding
+   * to the local identity in the request.
+   *
+ * + * .grpc.gcp.OffloadResumptionKeyOperationReq offload_resumption_key_operation_req = 5; + * @return Whether the offloadResumptionKeyOperationReq field is set. + */ + @java.lang.Override + public boolean hasOffloadResumptionKeyOperationReq() { + return reqOneofCase_ == 5; + } + /** + * 
+   * Encrypts or decrypts the input bytes using a resumption key corresponding
+   * to the local identity in the request.
+   *
+ * + * .grpc.gcp.OffloadResumptionKeyOperationReq offload_resumption_key_operation_req = 5; + * @return The offloadResumptionKeyOperationReq. + */ + @java.lang.Override + public io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq getOffloadResumptionKeyOperationReq() { + if (reqOneofCase_ == 5) { + return (io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq) reqOneof_; + } + return io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq.getDefaultInstance(); + } + /** + * 
+   * Encrypts or decrypts the input bytes using a resumption key corresponding
+   * to the local identity in the request.
+   *
+ * + * .grpc.gcp.OffloadResumptionKeyOperationReq offload_resumption_key_operation_req = 5; + */ + @java.lang.Override + public io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReqOrBuilder getOffloadResumptionKeyOperationReqOrBuilder() { + if (reqOneofCase_ == 5) { + return (io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq) reqOneof_; + } + return io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq.getDefaultInstance(); + } + + public static final int VALIDATE_PEER_CERTIFICATE_CHAIN_REQ_FIELD_NUMBER = 6; + /** + * 
+   * Verifies the peer's certificate chain using
+   * (a) trust bundles corresponding to the local identity in the request, and
+   * (b) the verification mode in the request.
+   *
+ * + * .grpc.gcp.ValidatePeerCertificateChainReq validate_peer_certificate_chain_req = 6; + * @return Whether the validatePeerCertificateChainReq field is set. + */ + @java.lang.Override + public boolean hasValidatePeerCertificateChainReq() { + return reqOneofCase_ == 6; + } + /** + * 
+   * Verifies the peer's certificate chain using
+   * (a) trust bundles corresponding to the local identity in the request, and
+   * (b) the verification mode in the request.
+   *
+ * + * .grpc.gcp.ValidatePeerCertificateChainReq validate_peer_certificate_chain_req = 6; + * @return The validatePeerCertificateChainReq. + */ + @java.lang.Override + public io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq getValidatePeerCertificateChainReq() { + if (reqOneofCase_ == 6) { + return (io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq) reqOneof_; + } + return io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.getDefaultInstance(); + } + /** + * 
+   * Verifies the peer's certificate chain using
+   * (a) trust bundles corresponding to the local identity in the request, and
+   * (b) the verification mode in the request.
+   *
+ * + * .grpc.gcp.ValidatePeerCertificateChainReq validate_peer_certificate_chain_req = 6; + */ + @java.lang.Override + public io.grpc.s2a.handshaker.ValidatePeerCertificateChainReqOrBuilder getValidatePeerCertificateChainReqOrBuilder() { + if (reqOneofCase_ == 6) { + return (io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq) reqOneof_; + } + return io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.getDefaultInstance(); + } + + private byte memoizedIsInitialized = -1; + @java.lang.Override + public final boolean isInitialized() { + byte isInitialized = memoizedIsInitialized; + if (isInitialized == 1) return true; + if (isInitialized == 0) return false; + + memoizedIsInitialized = 1; + return true; + } + + @java.lang.Override + public void writeTo(com.google.protobuf.CodedOutputStream output) + throws java.io.IOException { + if (((bitField0_ & 0x00000001) != 0)) { + output.writeMessage(1, getLocalIdentity()); + } + for (int i = 0; i < authenticationMechanisms_.size(); i++) { + output.writeMessage(2, authenticationMechanisms_.get(i)); + } + if (reqOneofCase_ == 3) { + output.writeMessage(3, (io.grpc.s2a.handshaker.GetTlsConfigurationReq) reqOneof_); + } + if (reqOneofCase_ == 4) { + output.writeMessage(4, (io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq) reqOneof_); + } + if (reqOneofCase_ == 5) { + output.writeMessage(5, (io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq) reqOneof_); + } + if (reqOneofCase_ == 6) { + output.writeMessage(6, (io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq) reqOneof_); + } + getUnknownFields().writeTo(output); + } + + @java.lang.Override + public int getSerializedSize() { + int size = memoizedSize; + if (size != -1) return size; + + size = 0; + if (((bitField0_ & 0x00000001) != 0)) { + size += com.google.protobuf.CodedOutputStream + .computeMessageSize(1, getLocalIdentity()); + } + for (int i = 0; i < authenticationMechanisms_.size(); i++) { + size += com.google.protobuf.CodedOutputStream + .computeMessageSize(2, authenticationMechanisms_.get(i)); + } + if (reqOneofCase_ == 3) { + size += com.google.protobuf.CodedOutputStream + .computeMessageSize(3, (io.grpc.s2a.handshaker.GetTlsConfigurationReq) reqOneof_); + } + if (reqOneofCase_ == 4) { + size += com.google.protobuf.CodedOutputStream + .computeMessageSize(4, (io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq) reqOneof_); + } + if (reqOneofCase_ == 5) { + size += com.google.protobuf.CodedOutputStream + .computeMessageSize(5, (io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq) reqOneof_); + } + if (reqOneofCase_ == 6) { + size += com.google.protobuf.CodedOutputStream + .computeMessageSize(6, (io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq) reqOneof_); + } + size += getUnknownFields().getSerializedSize(); + memoizedSize = size; + return size; + } + + @java.lang.Override + public boolean equals(final java.lang.Object obj) { + if (obj == this) { + return true; + } + if (!(obj instanceof io.grpc.s2a.handshaker.SessionReq)) { + return super.equals(obj); + } + io.grpc.s2a.handshaker.SessionReq other = (io.grpc.s2a.handshaker.SessionReq) obj; + + if (hasLocalIdentity() != other.hasLocalIdentity()) return false; + if (hasLocalIdentity()) { + if (!getLocalIdentity() + .equals(other.getLocalIdentity())) return false; + } + if (!getAuthenticationMechanismsList() + .equals(other.getAuthenticationMechanismsList())) return false; + if (!getReqOneofCase().equals(other.getReqOneofCase())) return false; + switch (reqOneofCase_) { + case 3: + if (!getGetTlsConfigurationReq() + .equals(other.getGetTlsConfigurationReq())) return false; + break; + case 4: + if (!getOffloadPrivateKeyOperationReq() + .equals(other.getOffloadPrivateKeyOperationReq())) return false; + break; + case 5: + if (!getOffloadResumptionKeyOperationReq() + .equals(other.getOffloadResumptionKeyOperationReq())) return false; + break; + case 6: + if (!getValidatePeerCertificateChainReq() + .equals(other.getValidatePeerCertificateChainReq())) return false; + break; + case 0: + default: + } + if (!getUnknownFields().equals(other.getUnknownFields())) return false; + return true; + } + + @java.lang.Override + public int hashCode() { + if (memoizedHashCode != 0) { + return memoizedHashCode; + } + int hash = 41; + hash = (19 * hash) + getDescriptor().hashCode(); + if (hasLocalIdentity()) { + hash = (37 * hash) + LOCAL_IDENTITY_FIELD_NUMBER; + hash = (53 * hash) + getLocalIdentity().hashCode(); + } + if (getAuthenticationMechanismsCount() > 0) { + hash = (37 * hash) + AUTHENTICATION_MECHANISMS_FIELD_NUMBER; + hash = (53 * hash) + getAuthenticationMechanismsList().hashCode(); + } + switch (reqOneofCase_) { + case 3: + hash = (37 * hash) + GET_TLS_CONFIGURATION_REQ_FIELD_NUMBER; + hash = (53 * hash) + getGetTlsConfigurationReq().hashCode(); + break; + case 4: + hash = (37 * hash) + OFFLOAD_PRIVATE_KEY_OPERATION_REQ_FIELD_NUMBER; + hash = (53 * hash) + getOffloadPrivateKeyOperationReq().hashCode(); + break; + case 5: + hash = (37 * hash) + OFFLOAD_RESUMPTION_KEY_OPERATION_REQ_FIELD_NUMBER; + hash = (53 * hash) + getOffloadResumptionKeyOperationReq().hashCode(); + break; + case 6: + hash = (37 * hash) + VALIDATE_PEER_CERTIFICATE_CHAIN_REQ_FIELD_NUMBER; + hash = (53 * hash) + getValidatePeerCertificateChainReq().hashCode(); + break; + case 0: + default: + } + hash = (29 * hash) + getUnknownFields().hashCode(); + memoizedHashCode = hash; + return hash; + } + + public static io.grpc.s2a.handshaker.SessionReq parseFrom( + java.nio.ByteBuffer data) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data); + } + public static io.grpc.s2a.handshaker.SessionReq parseFrom( + java.nio.ByteBuffer data, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data, extensionRegistry); + } + public static io.grpc.s2a.handshaker.SessionReq parseFrom( + com.google.protobuf.ByteString data) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data); + } + public static io.grpc.s2a.handshaker.SessionReq parseFrom( + com.google.protobuf.ByteString data, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data, extensionRegistry); + } + public static io.grpc.s2a.handshaker.SessionReq parseFrom(byte[] data) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data); + } + public static io.grpc.s2a.handshaker.SessionReq parseFrom( + byte[] data, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data, extensionRegistry); + } + public static io.grpc.s2a.handshaker.SessionReq parseFrom(java.io.InputStream input) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input); + } + public static io.grpc.s2a.handshaker.SessionReq parseFrom( + java.io.InputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input, extensionRegistry); + } + + public static io.grpc.s2a.handshaker.SessionReq parseDelimitedFrom(java.io.InputStream input) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseDelimitedWithIOException(PARSER, input); + } + + public static io.grpc.s2a.handshaker.SessionReq parseDelimitedFrom( + java.io.InputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseDelimitedWithIOException(PARSER, input, extensionRegistry); + } + public static io.grpc.s2a.handshaker.SessionReq parseFrom( + com.google.protobuf.CodedInputStream input) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input); + } + public static io.grpc.s2a.handshaker.SessionReq parseFrom( + com.google.protobuf.CodedInputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input, extensionRegistry); + } + + @java.lang.Override + public Builder newBuilderForType() { return newBuilder(); } + public static Builder newBuilder() { + return DEFAULT_INSTANCE.toBuilder(); + } + public static Builder newBuilder(io.grpc.s2a.handshaker.SessionReq prototype) { + return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype); + } + @java.lang.Override + public Builder toBuilder() { + return this == DEFAULT_INSTANCE + ? new Builder() : new Builder().mergeFrom(this); + } + + @java.lang.Override + protected Builder newBuilderForType( + com.google.protobuf.GeneratedMessageV3.BuilderParent parent) { + Builder builder = new Builder(parent); + return builder; + } + /** + * Protobuf type {@code grpc.gcp.SessionReq} + */ + public static final class Builder extends + com.google.protobuf.GeneratedMessageV3.Builder implements + // @@protoc_insertion_point(builder_implements:grpc.gcp.SessionReq) + io.grpc.s2a.handshaker.SessionReqOrBuilder { + public static final com.google.protobuf.Descriptors.Descriptor + getDescriptor() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_SessionReq_descriptor; + } + + @java.lang.Override + protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable + internalGetFieldAccessorTable() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_SessionReq_fieldAccessorTable + .ensureFieldAccessorsInitialized( + io.grpc.s2a.handshaker.SessionReq.class, io.grpc.s2a.handshaker.SessionReq.Builder.class); + } + + // Construct using io.grpc.s2a.handshaker.SessionReq.newBuilder() + private Builder() { + maybeForceBuilderInitialization(); + } + + private Builder( + com.google.protobuf.GeneratedMessageV3.BuilderParent parent) { + super(parent); + maybeForceBuilderInitialization(); + } + private void maybeForceBuilderInitialization() { + if (com.google.protobuf.GeneratedMessageV3 + .alwaysUseFieldBuilders) { + getLocalIdentityFieldBuilder(); + getAuthenticationMechanismsFieldBuilder(); + } + } + @java.lang.Override + public Builder clear() { + super.clear(); + bitField0_ = 0; + localIdentity_ = null; + if (localIdentityBuilder_ != null) { + localIdentityBuilder_.dispose(); + localIdentityBuilder_ = null; + } + if (authenticationMechanismsBuilder_ == null) { + authenticationMechanisms_ = java.util.Collections.emptyList(); + } else { + authenticationMechanisms_ = null; + authenticationMechanismsBuilder_.clear(); + } + bitField0_ = (bitField0_ & ~0x00000002); + if (getTlsConfigurationReqBuilder_ != null) { + getTlsConfigurationReqBuilder_.clear(); + } + if (offloadPrivateKeyOperationReqBuilder_ != null) { + offloadPrivateKeyOperationReqBuilder_.clear(); + } + if (offloadResumptionKeyOperationReqBuilder_ != null) { + offloadResumptionKeyOperationReqBuilder_.clear(); + } + if (validatePeerCertificateChainReqBuilder_ != null) { + validatePeerCertificateChainReqBuilder_.clear(); + } + reqOneofCase_ = 0; + reqOneof_ = null; + return this; + } + + @java.lang.Override + public com.google.protobuf.Descriptors.Descriptor + getDescriptorForType() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_SessionReq_descriptor; + } + + @java.lang.Override + public io.grpc.s2a.handshaker.SessionReq getDefaultInstanceForType() { + return io.grpc.s2a.handshaker.SessionReq.getDefaultInstance(); + } + + @java.lang.Override + public io.grpc.s2a.handshaker.SessionReq build() { + io.grpc.s2a.handshaker.SessionReq result = buildPartial(); + if (!result.isInitialized()) { + throw newUninitializedMessageException(result); + } + return result; + } + + @java.lang.Override + public io.grpc.s2a.handshaker.SessionReq buildPartial() { + io.grpc.s2a.handshaker.SessionReq result = new io.grpc.s2a.handshaker.SessionReq(this); + buildPartialRepeatedFields(result); + if (bitField0_ != 0) { buildPartial0(result); } + buildPartialOneofs(result); + onBuilt(); + return result; + } + + private void buildPartialRepeatedFields(io.grpc.s2a.handshaker.SessionReq result) { + if (authenticationMechanismsBuilder_ == null) { + if (((bitField0_ & 0x00000002) != 0)) { + authenticationMechanisms_ = java.util.Collections.unmodifiableList(authenticationMechanisms_); + bitField0_ = (bitField0_ & ~0x00000002); + } + result.authenticationMechanisms_ = authenticationMechanisms_; + } else { + result.authenticationMechanisms_ = authenticationMechanismsBuilder_.build(); + } + } + + private void buildPartial0(io.grpc.s2a.handshaker.SessionReq result) { + int from_bitField0_ = bitField0_; + int to_bitField0_ = 0; + if (((from_bitField0_ & 0x00000001) != 0)) { + result.localIdentity_ = localIdentityBuilder_ == null + ? localIdentity_ + : localIdentityBuilder_.build(); + to_bitField0_ |= 0x00000001; + } + result.bitField0_ |= to_bitField0_; + } + + private void buildPartialOneofs(io.grpc.s2a.handshaker.SessionReq result) { + result.reqOneofCase_ = reqOneofCase_; + result.reqOneof_ = this.reqOneof_; + if (reqOneofCase_ == 3 && + getTlsConfigurationReqBuilder_ != null) { + result.reqOneof_ = getTlsConfigurationReqBuilder_.build(); + } + if (reqOneofCase_ == 4 && + offloadPrivateKeyOperationReqBuilder_ != null) { + result.reqOneof_ = offloadPrivateKeyOperationReqBuilder_.build(); + } + if (reqOneofCase_ == 5 && + offloadResumptionKeyOperationReqBuilder_ != null) { + result.reqOneof_ = offloadResumptionKeyOperationReqBuilder_.build(); + } + if (reqOneofCase_ == 6 && + validatePeerCertificateChainReqBuilder_ != null) { + result.reqOneof_ = validatePeerCertificateChainReqBuilder_.build(); + } + } + + @java.lang.Override + public Builder clone() { + return super.clone(); + } + @java.lang.Override + public Builder setField( + com.google.protobuf.Descriptors.FieldDescriptor field, + java.lang.Object value) { + return super.setField(field, value); + } + @java.lang.Override + public Builder clearField( + com.google.protobuf.Descriptors.FieldDescriptor field) { + return super.clearField(field); + } + @java.lang.Override + public Builder clearOneof( + com.google.protobuf.Descriptors.OneofDescriptor oneof) { + return super.clearOneof(oneof); + } + @java.lang.Override + public Builder setRepeatedField( + com.google.protobuf.Descriptors.FieldDescriptor field, + int index, java.lang.Object value) { + return super.setRepeatedField(field, index, value); + } + @java.lang.Override + public Builder addRepeatedField( + com.google.protobuf.Descriptors.FieldDescriptor field, + java.lang.Object value) { + return super.addRepeatedField(field, value); + } + @java.lang.Override + public Builder mergeFrom(com.google.protobuf.Message other) { + if (other instanceof io.grpc.s2a.handshaker.SessionReq) { + return mergeFrom((io.grpc.s2a.handshaker.SessionReq)other); + } else { + super.mergeFrom(other); + return this; + } + } + + public Builder mergeFrom(io.grpc.s2a.handshaker.SessionReq other) { + if (other == io.grpc.s2a.handshaker.SessionReq.getDefaultInstance()) return this; + if (other.hasLocalIdentity()) { + mergeLocalIdentity(other.getLocalIdentity()); + } + if (authenticationMechanismsBuilder_ == null) { + if (!other.authenticationMechanisms_.isEmpty()) { + if (authenticationMechanisms_.isEmpty()) { + authenticationMechanisms_ = other.authenticationMechanisms_; + bitField0_ = (bitField0_ & ~0x00000002); + } else { + ensureAuthenticationMechanismsIsMutable(); + authenticationMechanisms_.addAll(other.authenticationMechanisms_); + } + onChanged(); + } + } else { + if (!other.authenticationMechanisms_.isEmpty()) { + if (authenticationMechanismsBuilder_.isEmpty()) { + authenticationMechanismsBuilder_.dispose(); + authenticationMechanismsBuilder_ = null; + authenticationMechanisms_ = other.authenticationMechanisms_; + bitField0_ = (bitField0_ & ~0x00000002); + authenticationMechanismsBuilder_ = + com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders ? + getAuthenticationMechanismsFieldBuilder() : null; + } else { + authenticationMechanismsBuilder_.addAllMessages(other.authenticationMechanisms_); + } + } + } + switch (other.getReqOneofCase()) { + case GET_TLS_CONFIGURATION_REQ: { + mergeGetTlsConfigurationReq(other.getGetTlsConfigurationReq()); + break; + } + case OFFLOAD_PRIVATE_KEY_OPERATION_REQ: { + mergeOffloadPrivateKeyOperationReq(other.getOffloadPrivateKeyOperationReq()); + break; + } + case OFFLOAD_RESUMPTION_KEY_OPERATION_REQ: { + mergeOffloadResumptionKeyOperationReq(other.getOffloadResumptionKeyOperationReq()); + break; + } + case VALIDATE_PEER_CERTIFICATE_CHAIN_REQ: { + mergeValidatePeerCertificateChainReq(other.getValidatePeerCertificateChainReq()); + break; + } + case REQONEOF_NOT_SET: { + break; + } + } + this.mergeUnknownFields(other.getUnknownFields()); + onChanged(); + return this; + } + + @java.lang.Override + public final boolean isInitialized() { + return true; + } + + @java.lang.Override + public Builder mergeFrom( + com.google.protobuf.CodedInputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + if (extensionRegistry == null) { + throw new java.lang.NullPointerException(); + } + try { + boolean done = false; + while (!done) { + int tag = input.readTag(); + switch (tag) { + case 0: + done = true; + break; + case 10: { + input.readMessage( + getLocalIdentityFieldBuilder().getBuilder(), + extensionRegistry); + bitField0_ |= 0x00000001; + break; + } // case 10 + case 18: { + io.grpc.s2a.handshaker.AuthenticationMechanism m = + input.readMessage( + io.grpc.s2a.handshaker.AuthenticationMechanism.parser(), + extensionRegistry); + if (authenticationMechanismsBuilder_ == null) { + ensureAuthenticationMechanismsIsMutable(); + authenticationMechanisms_.add(m); + } else { + authenticationMechanismsBuilder_.addMessage(m); + } + break; + } // case 18 + case 26: { + input.readMessage( + getGetTlsConfigurationReqFieldBuilder().getBuilder(), + extensionRegistry); + reqOneofCase_ = 3; + break; + } // case 26 + case 34: { + input.readMessage( + getOffloadPrivateKeyOperationReqFieldBuilder().getBuilder(), + extensionRegistry); + reqOneofCase_ = 4; + break; + } // case 34 + case 42: { + input.readMessage( + getOffloadResumptionKeyOperationReqFieldBuilder().getBuilder(), + extensionRegistry); + reqOneofCase_ = 5; + break; + } // case 42 + case 50: { + input.readMessage( + getValidatePeerCertificateChainReqFieldBuilder().getBuilder(), + extensionRegistry); + reqOneofCase_ = 6; + break; + } // case 50 + default: { + if (!super.parseUnknownField(input, extensionRegistry, tag)) { + done = true; // was an endgroup tag + } + break; + } // default: + } // switch (tag) + } // while (!done) + } catch (com.google.protobuf.InvalidProtocolBufferException e) { + throw e.unwrapIOException(); + } finally { + onChanged(); + } // finally + return this; + } + private int reqOneofCase_ = 0; + private java.lang.Object reqOneof_; + public ReqOneofCase + getReqOneofCase() { + return ReqOneofCase.forNumber( + reqOneofCase_); + } + + public Builder clearReqOneof() { + reqOneofCase_ = 0; + reqOneof_ = null; + onChanged(); + return this; + } + + private int bitField0_; + + private io.grpc.s2a.handshaker.Identity localIdentity_; + private com.google.protobuf.SingleFieldBuilderV3< + io.grpc.s2a.handshaker.Identity, io.grpc.s2a.handshaker.Identity.Builder, io.grpc.s2a.handshaker.IdentityOrBuilder> localIdentityBuilder_; + /** + * 
+     * The identity corresponding to the TLS configurations that MUST be used for
+     * the TLS handshake.
+     *
+     * If a managed identity already exists, the local identity and authentication
+     * mechanisms are ignored. If a managed identity doesn't exist and the local
+     * identity is not populated, S2A will try to deduce the managed identity to
+     * use from the SNI extension. If that also fails, S2A uses the default
+     * identity (if one exists).
+     *
+ * + * .grpc.gcp.Identity local_identity = 1; + * @return Whether the localIdentity field is set. + */ + public boolean hasLocalIdentity() { + return ((bitField0_ & 0x00000001) != 0); + } + /** + * 
+     * The identity corresponding to the TLS configurations that MUST be used for
+     * the TLS handshake.
+     *
+     * If a managed identity already exists, the local identity and authentication
+     * mechanisms are ignored. If a managed identity doesn't exist and the local
+     * identity is not populated, S2A will try to deduce the managed identity to
+     * use from the SNI extension. If that also fails, S2A uses the default
+     * identity (if one exists).
+     *
+ * + * .grpc.gcp.Identity local_identity = 1; + * @return The localIdentity. + */ + public io.grpc.s2a.handshaker.Identity getLocalIdentity() { + if (localIdentityBuilder_ == null) { + return localIdentity_ == null ? io.grpc.s2a.handshaker.Identity.getDefaultInstance() : localIdentity_; + } else { + return localIdentityBuilder_.getMessage(); + } + } + /** + * 
+     * The identity corresponding to the TLS configurations that MUST be used for
+     * the TLS handshake.
+     *
+     * If a managed identity already exists, the local identity and authentication
+     * mechanisms are ignored. If a managed identity doesn't exist and the local
+     * identity is not populated, S2A will try to deduce the managed identity to
+     * use from the SNI extension. If that also fails, S2A uses the default
+     * identity (if one exists).
+     *
+ * + * .grpc.gcp.Identity local_identity = 1; + */ + public Builder setLocalIdentity(io.grpc.s2a.handshaker.Identity value) { + if (localIdentityBuilder_ == null) { + if (value == null) { + throw new NullPointerException(); + } + localIdentity_ = value; + } else { + localIdentityBuilder_.setMessage(value); + } + bitField0_ |= 0x00000001; + onChanged(); + return this; + } + /** + * 
+     * The identity corresponding to the TLS configurations that MUST be used for
+     * the TLS handshake.
+     *
+     * If a managed identity already exists, the local identity and authentication
+     * mechanisms are ignored. If a managed identity doesn't exist and the local
+     * identity is not populated, S2A will try to deduce the managed identity to
+     * use from the SNI extension. If that also fails, S2A uses the default
+     * identity (if one exists).
+     *
+ * + * .grpc.gcp.Identity local_identity = 1; + */ + public Builder setLocalIdentity( + io.grpc.s2a.handshaker.Identity.Builder builderForValue) { + if (localIdentityBuilder_ == null) { + localIdentity_ = builderForValue.build(); + } else { + localIdentityBuilder_.setMessage(builderForValue.build()); + } + bitField0_ |= 0x00000001; + onChanged(); + return this; + } + /** + * 
+     * The identity corresponding to the TLS configurations that MUST be used for
+     * the TLS handshake.
+     *
+     * If a managed identity already exists, the local identity and authentication
+     * mechanisms are ignored. If a managed identity doesn't exist and the local
+     * identity is not populated, S2A will try to deduce the managed identity to
+     * use from the SNI extension. If that also fails, S2A uses the default
+     * identity (if one exists).
+     *
+ * + * .grpc.gcp.Identity local_identity = 1; + */ + public Builder mergeLocalIdentity(io.grpc.s2a.handshaker.Identity value) { + if (localIdentityBuilder_ == null) { + if (((bitField0_ & 0x00000001) != 0) && + localIdentity_ != null && + localIdentity_ != io.grpc.s2a.handshaker.Identity.getDefaultInstance()) { + getLocalIdentityBuilder().mergeFrom(value); + } else { + localIdentity_ = value; + } + } else { + localIdentityBuilder_.mergeFrom(value); + } + if (localIdentity_ != null) { + bitField0_ |= 0x00000001; + onChanged(); + } + return this; + } + /** + * 
+     * The identity corresponding to the TLS configurations that MUST be used for
+     * the TLS handshake.
+     *
+     * If a managed identity already exists, the local identity and authentication
+     * mechanisms are ignored. If a managed identity doesn't exist and the local
+     * identity is not populated, S2A will try to deduce the managed identity to
+     * use from the SNI extension. If that also fails, S2A uses the default
+     * identity (if one exists).
+     *
+ * + * .grpc.gcp.Identity local_identity = 1; + */ + public Builder clearLocalIdentity() { + bitField0_ = (bitField0_ & ~0x00000001); + localIdentity_ = null; + if (localIdentityBuilder_ != null) { + localIdentityBuilder_.dispose(); + localIdentityBuilder_ = null; + } + onChanged(); + return this; + } + /** + * 
+     * The identity corresponding to the TLS configurations that MUST be used for
+     * the TLS handshake.
+     *
+     * If a managed identity already exists, the local identity and authentication
+     * mechanisms are ignored. If a managed identity doesn't exist and the local
+     * identity is not populated, S2A will try to deduce the managed identity to
+     * use from the SNI extension. If that also fails, S2A uses the default
+     * identity (if one exists).
+     *
+ * + * .grpc.gcp.Identity local_identity = 1; + */ + public io.grpc.s2a.handshaker.Identity.Builder getLocalIdentityBuilder() { + bitField0_ |= 0x00000001; + onChanged(); + return getLocalIdentityFieldBuilder().getBuilder(); + } + /** + * 
+     * The identity corresponding to the TLS configurations that MUST be used for
+     * the TLS handshake.
+     *
+     * If a managed identity already exists, the local identity and authentication
+     * mechanisms are ignored. If a managed identity doesn't exist and the local
+     * identity is not populated, S2A will try to deduce the managed identity to
+     * use from the SNI extension. If that also fails, S2A uses the default
+     * identity (if one exists).
+     *
+ * + * .grpc.gcp.Identity local_identity = 1; + */ + public io.grpc.s2a.handshaker.IdentityOrBuilder getLocalIdentityOrBuilder() { + if (localIdentityBuilder_ != null) { + return localIdentityBuilder_.getMessageOrBuilder(); + } else { + return localIdentity_ == null ? + io.grpc.s2a.handshaker.Identity.getDefaultInstance() : localIdentity_; + } + } + /** + * 
+     * The identity corresponding to the TLS configurations that MUST be used for
+     * the TLS handshake.
+     *
+     * If a managed identity already exists, the local identity and authentication
+     * mechanisms are ignored. If a managed identity doesn't exist and the local
+     * identity is not populated, S2A will try to deduce the managed identity to
+     * use from the SNI extension. If that also fails, S2A uses the default
+     * identity (if one exists).
+     *
+ * + * .grpc.gcp.Identity local_identity = 1; + */ + private com.google.protobuf.SingleFieldBuilderV3< + io.grpc.s2a.handshaker.Identity, io.grpc.s2a.handshaker.Identity.Builder, io.grpc.s2a.handshaker.IdentityOrBuilder> + getLocalIdentityFieldBuilder() { + if (localIdentityBuilder_ == null) { + localIdentityBuilder_ = new com.google.protobuf.SingleFieldBuilderV3< + io.grpc.s2a.handshaker.Identity, io.grpc.s2a.handshaker.Identity.Builder, io.grpc.s2a.handshaker.IdentityOrBuilder>( + getLocalIdentity(), + getParentForChildren(), + isClean()); + localIdentity_ = null; + } + return localIdentityBuilder_; + } + + private java.util.List authenticationMechanisms_ = + java.util.Collections.emptyList(); + private void ensureAuthenticationMechanismsIsMutable() { + if (!((bitField0_ & 0x00000002) != 0)) { + authenticationMechanisms_ = new java.util.ArrayList(authenticationMechanisms_); + bitField0_ |= 0x00000002; + } + } + + private com.google.protobuf.RepeatedFieldBuilderV3< + io.grpc.s2a.handshaker.AuthenticationMechanism, io.grpc.s2a.handshaker.AuthenticationMechanism.Builder, io.grpc.s2a.handshaker.AuthenticationMechanismOrBuilder> authenticationMechanismsBuilder_; + + /** + * 
+     * The authentication mechanisms that the application wishes to use to
+     * authenticate to S2A, ordered by preference. S2A will always use the first
+     * authentication mechanism that matches the managed identity.
+     *
+ * + * repeated .grpc.gcp.AuthenticationMechanism authentication_mechanisms = 2; + */ + public java.util.List getAuthenticationMechanismsList() { + if (authenticationMechanismsBuilder_ == null) { + return java.util.Collections.unmodifiableList(authenticationMechanisms_); + } else { + return authenticationMechanismsBuilder_.getMessageList(); + } + } + /** + * 
+     * The authentication mechanisms that the application wishes to use to
+     * authenticate to S2A, ordered by preference. S2A will always use the first
+     * authentication mechanism that matches the managed identity.
+     *
+ * + * repeated .grpc.gcp.AuthenticationMechanism authentication_mechanisms = 2; + */ + public int getAuthenticationMechanismsCount() { + if (authenticationMechanismsBuilder_ == null) { + return authenticationMechanisms_.size(); + } else { + return authenticationMechanismsBuilder_.getCount(); + } + } + /** + * 
+     * The authentication mechanisms that the application wishes to use to
+     * authenticate to S2A, ordered by preference. S2A will always use the first
+     * authentication mechanism that matches the managed identity.
+     *
+ * + * repeated .grpc.gcp.AuthenticationMechanism authentication_mechanisms = 2; + */ + public io.grpc.s2a.handshaker.AuthenticationMechanism getAuthenticationMechanisms(int index) { + if (authenticationMechanismsBuilder_ == null) { + return authenticationMechanisms_.get(index); + } else { + return authenticationMechanismsBuilder_.getMessage(index); + } + } + /** + * 
+     * The authentication mechanisms that the application wishes to use to
+     * authenticate to S2A, ordered by preference. S2A will always use the first
+     * authentication mechanism that matches the managed identity.
+     *
+ * + * repeated .grpc.gcp.AuthenticationMechanism authentication_mechanisms = 2; + */ + public Builder setAuthenticationMechanisms( + int index, io.grpc.s2a.handshaker.AuthenticationMechanism value) { + if (authenticationMechanismsBuilder_ == null) { + if (value == null) { + throw new NullPointerException(); + } + ensureAuthenticationMechanismsIsMutable(); + authenticationMechanisms_.set(index, value); + onChanged(); + } else { + authenticationMechanismsBuilder_.setMessage(index, value); + } + return this; + } + /** + * 
+     * The authentication mechanisms that the application wishes to use to
+     * authenticate to S2A, ordered by preference. S2A will always use the first
+     * authentication mechanism that matches the managed identity.
+     *
+ * + * repeated .grpc.gcp.AuthenticationMechanism authentication_mechanisms = 2; + */ + public Builder setAuthenticationMechanisms( + int index, io.grpc.s2a.handshaker.AuthenticationMechanism.Builder builderForValue) { + if (authenticationMechanismsBuilder_ == null) { + ensureAuthenticationMechanismsIsMutable(); + authenticationMechanisms_.set(index, builderForValue.build()); + onChanged(); + } else { + authenticationMechanismsBuilder_.setMessage(index, builderForValue.build()); + } + return this; + } + /** + * 
+     * The authentication mechanisms that the application wishes to use to
+     * authenticate to S2A, ordered by preference. S2A will always use the first
+     * authentication mechanism that matches the managed identity.
+     *
+ * + * repeated .grpc.gcp.AuthenticationMechanism authentication_mechanisms = 2; + */ + public Builder addAuthenticationMechanisms(io.grpc.s2a.handshaker.AuthenticationMechanism value) { + if (authenticationMechanismsBuilder_ == null) { + if (value == null) { + throw new NullPointerException(); + } + ensureAuthenticationMechanismsIsMutable(); + authenticationMechanisms_.add(value); + onChanged(); + } else { + authenticationMechanismsBuilder_.addMessage(value); + } + return this; + } + /** + * 
+     * The authentication mechanisms that the application wishes to use to
+     * authenticate to S2A, ordered by preference. S2A will always use the first
+     * authentication mechanism that matches the managed identity.
+     *
+ * + * repeated .grpc.gcp.AuthenticationMechanism authentication_mechanisms = 2; + */ + public Builder addAuthenticationMechanisms( + int index, io.grpc.s2a.handshaker.AuthenticationMechanism value) { + if (authenticationMechanismsBuilder_ == null) { + if (value == null) { + throw new NullPointerException(); + } + ensureAuthenticationMechanismsIsMutable(); + authenticationMechanisms_.add(index, value); + onChanged(); + } else { + authenticationMechanismsBuilder_.addMessage(index, value); + } + return this; + } + /** + * 
+     * The authentication mechanisms that the application wishes to use to
+     * authenticate to S2A, ordered by preference. S2A will always use the first
+     * authentication mechanism that matches the managed identity.
+     *
+ * + * repeated .grpc.gcp.AuthenticationMechanism authentication_mechanisms = 2; + */ + public Builder addAuthenticationMechanisms( + io.grpc.s2a.handshaker.AuthenticationMechanism.Builder builderForValue) { + if (authenticationMechanismsBuilder_ == null) { + ensureAuthenticationMechanismsIsMutable(); + authenticationMechanisms_.add(builderForValue.build()); + onChanged(); + } else { + authenticationMechanismsBuilder_.addMessage(builderForValue.build()); + } + return this; + } + /** + * 
+     * The authentication mechanisms that the application wishes to use to
+     * authenticate to S2A, ordered by preference. S2A will always use the first
+     * authentication mechanism that matches the managed identity.
+     *
+ * + * repeated .grpc.gcp.AuthenticationMechanism authentication_mechanisms = 2; + */ + public Builder addAuthenticationMechanisms( + int index, io.grpc.s2a.handshaker.AuthenticationMechanism.Builder builderForValue) { + if (authenticationMechanismsBuilder_ == null) { + ensureAuthenticationMechanismsIsMutable(); + authenticationMechanisms_.add(index, builderForValue.build()); + onChanged(); + } else { + authenticationMechanismsBuilder_.addMessage(index, builderForValue.build()); + } + return this; + } + /** + * 
+     * The authentication mechanisms that the application wishes to use to
+     * authenticate to S2A, ordered by preference. S2A will always use the first
+     * authentication mechanism that matches the managed identity.
+     *
+ * + * repeated .grpc.gcp.AuthenticationMechanism authentication_mechanisms = 2; + */ + public Builder addAllAuthenticationMechanisms( + java.lang.Iterable values) { + if (authenticationMechanismsBuilder_ == null) { + ensureAuthenticationMechanismsIsMutable(); + com.google.protobuf.AbstractMessageLite.Builder.addAll( + values, authenticationMechanisms_); + onChanged(); + } else { + authenticationMechanismsBuilder_.addAllMessages(values); + } + return this; + } + /** + * 
+     * The authentication mechanisms that the application wishes to use to
+     * authenticate to S2A, ordered by preference. S2A will always use the first
+     * authentication mechanism that matches the managed identity.
+     *
+ * + * repeated .grpc.gcp.AuthenticationMechanism authentication_mechanisms = 2; + */ + public Builder clearAuthenticationMechanisms() { + if (authenticationMechanismsBuilder_ == null) { + authenticationMechanisms_ = java.util.Collections.emptyList(); + bitField0_ = (bitField0_ & ~0x00000002); + onChanged(); + } else { + authenticationMechanismsBuilder_.clear(); + } + return this; + } + /** + * 
+     * The authentication mechanisms that the application wishes to use to
+     * authenticate to S2A, ordered by preference. S2A will always use the first
+     * authentication mechanism that matches the managed identity.
+     *
+ * + * repeated .grpc.gcp.AuthenticationMechanism authentication_mechanisms = 2; + */ + public Builder removeAuthenticationMechanisms(int index) { + if (authenticationMechanismsBuilder_ == null) { + ensureAuthenticationMechanismsIsMutable(); + authenticationMechanisms_.remove(index); + onChanged(); + } else { + authenticationMechanismsBuilder_.remove(index); + } + return this; + } + /** + * 
+     * The authentication mechanisms that the application wishes to use to
+     * authenticate to S2A, ordered by preference. S2A will always use the first
+     * authentication mechanism that matches the managed identity.
+     *
+ * + * repeated .grpc.gcp.AuthenticationMechanism authentication_mechanisms = 2; + */ + public io.grpc.s2a.handshaker.AuthenticationMechanism.Builder getAuthenticationMechanismsBuilder( + int index) { + return getAuthenticationMechanismsFieldBuilder().getBuilder(index); + } + /** + * 
+     * The authentication mechanisms that the application wishes to use to
+     * authenticate to S2A, ordered by preference. S2A will always use the first
+     * authentication mechanism that matches the managed identity.
+     *
+ * + * repeated .grpc.gcp.AuthenticationMechanism authentication_mechanisms = 2; + */ + public io.grpc.s2a.handshaker.AuthenticationMechanismOrBuilder getAuthenticationMechanismsOrBuilder( + int index) { + if (authenticationMechanismsBuilder_ == null) { + return authenticationMechanisms_.get(index); } else { + return authenticationMechanismsBuilder_.getMessageOrBuilder(index); + } + } + /** + * 
+     * The authentication mechanisms that the application wishes to use to
+     * authenticate to S2A, ordered by preference. S2A will always use the first
+     * authentication mechanism that matches the managed identity.
+     *
+ * + * repeated .grpc.gcp.AuthenticationMechanism authentication_mechanisms = 2; + */ + public java.util.List + getAuthenticationMechanismsOrBuilderList() { + if (authenticationMechanismsBuilder_ != null) { + return authenticationMechanismsBuilder_.getMessageOrBuilderList(); + } else { + return java.util.Collections.unmodifiableList(authenticationMechanisms_); + } + } + /** + * 
+     * The authentication mechanisms that the application wishes to use to
+     * authenticate to S2A, ordered by preference. S2A will always use the first
+     * authentication mechanism that matches the managed identity.
+     *
+ * + * repeated .grpc.gcp.AuthenticationMechanism authentication_mechanisms = 2; + */ + public io.grpc.s2a.handshaker.AuthenticationMechanism.Builder addAuthenticationMechanismsBuilder() { + return getAuthenticationMechanismsFieldBuilder().addBuilder( + io.grpc.s2a.handshaker.AuthenticationMechanism.getDefaultInstance()); + } + /** + * 
+     * The authentication mechanisms that the application wishes to use to
+     * authenticate to S2A, ordered by preference. S2A will always use the first
+     * authentication mechanism that matches the managed identity.
+     *
+ * + * repeated .grpc.gcp.AuthenticationMechanism authentication_mechanisms = 2; + */ + public io.grpc.s2a.handshaker.AuthenticationMechanism.Builder addAuthenticationMechanismsBuilder( + int index) { + return getAuthenticationMechanismsFieldBuilder().addBuilder( + index, io.grpc.s2a.handshaker.AuthenticationMechanism.getDefaultInstance()); + } + /** + * 
+     * The authentication mechanisms that the application wishes to use to
+     * authenticate to S2A, ordered by preference. S2A will always use the first
+     * authentication mechanism that matches the managed identity.
+     *
+ * + * repeated .grpc.gcp.AuthenticationMechanism authentication_mechanisms = 2; + */ + public java.util.List + getAuthenticationMechanismsBuilderList() { + return getAuthenticationMechanismsFieldBuilder().getBuilderList(); + } + private com.google.protobuf.RepeatedFieldBuilderV3< + io.grpc.s2a.handshaker.AuthenticationMechanism, io.grpc.s2a.handshaker.AuthenticationMechanism.Builder, io.grpc.s2a.handshaker.AuthenticationMechanismOrBuilder> + getAuthenticationMechanismsFieldBuilder() { + if (authenticationMechanismsBuilder_ == null) { + authenticationMechanismsBuilder_ = new com.google.protobuf.RepeatedFieldBuilderV3< + io.grpc.s2a.handshaker.AuthenticationMechanism, io.grpc.s2a.handshaker.AuthenticationMechanism.Builder, io.grpc.s2a.handshaker.AuthenticationMechanismOrBuilder>( + authenticationMechanisms_, + ((bitField0_ & 0x00000002) != 0), + getParentForChildren(), + isClean()); + authenticationMechanisms_ = null; + } + return authenticationMechanismsBuilder_; + } + + private com.google.protobuf.SingleFieldBuilderV3< + io.grpc.s2a.handshaker.GetTlsConfigurationReq, io.grpc.s2a.handshaker.GetTlsConfigurationReq.Builder, io.grpc.s2a.handshaker.GetTlsConfigurationReqOrBuilder> getTlsConfigurationReqBuilder_; + /** + * 
+     * Requests the certificate chain and TLS configuration corresponding to the
+     * local identity, which the application MUST use to negotiate the TLS
+     * handshake.
+     *
+ * + * .grpc.gcp.GetTlsConfigurationReq get_tls_configuration_req = 3; + * @return Whether the getTlsConfigurationReq field is set. + */ + @java.lang.Override + public boolean hasGetTlsConfigurationReq() { + return reqOneofCase_ == 3; + } + /** + * 
+     * Requests the certificate chain and TLS configuration corresponding to the
+     * local identity, which the application MUST use to negotiate the TLS
+     * handshake.
+     *
+ * + * .grpc.gcp.GetTlsConfigurationReq get_tls_configuration_req = 3; + * @return The getTlsConfigurationReq. + */ + @java.lang.Override + public io.grpc.s2a.handshaker.GetTlsConfigurationReq getGetTlsConfigurationReq() { + if (getTlsConfigurationReqBuilder_ == null) { + if (reqOneofCase_ == 3) { + return (io.grpc.s2a.handshaker.GetTlsConfigurationReq) reqOneof_; + } + return io.grpc.s2a.handshaker.GetTlsConfigurationReq.getDefaultInstance(); + } else { + if (reqOneofCase_ == 3) { + return getTlsConfigurationReqBuilder_.getMessage(); + } + return io.grpc.s2a.handshaker.GetTlsConfigurationReq.getDefaultInstance(); + } + } + /** + * 
+     * Requests the certificate chain and TLS configuration corresponding to the
+     * local identity, which the application MUST use to negotiate the TLS
+     * handshake.
+     *
+ * + * .grpc.gcp.GetTlsConfigurationReq get_tls_configuration_req = 3; + */ + public Builder setGetTlsConfigurationReq(io.grpc.s2a.handshaker.GetTlsConfigurationReq value) { + if (getTlsConfigurationReqBuilder_ == null) { + if (value == null) { + throw new NullPointerException(); + } + reqOneof_ = value; + onChanged(); + } else { + getTlsConfigurationReqBuilder_.setMessage(value); + } + reqOneofCase_ = 3; + return this; + } + /** + * 
+     * Requests the certificate chain and TLS configuration corresponding to the
+     * local identity, which the application MUST use to negotiate the TLS
+     * handshake.
+     *
+ * + * .grpc.gcp.GetTlsConfigurationReq get_tls_configuration_req = 3; + */ + public Builder setGetTlsConfigurationReq( + io.grpc.s2a.handshaker.GetTlsConfigurationReq.Builder builderForValue) { + if (getTlsConfigurationReqBuilder_ == null) { + reqOneof_ = builderForValue.build(); + onChanged(); + } else { + getTlsConfigurationReqBuilder_.setMessage(builderForValue.build()); + } + reqOneofCase_ = 3; + return this; + } + /** + * 
+     * Requests the certificate chain and TLS configuration corresponding to the
+     * local identity, which the application MUST use to negotiate the TLS
+     * handshake.
+     *
+ * + * .grpc.gcp.GetTlsConfigurationReq get_tls_configuration_req = 3; + */ + public Builder mergeGetTlsConfigurationReq(io.grpc.s2a.handshaker.GetTlsConfigurationReq value) { + if (getTlsConfigurationReqBuilder_ == null) { + if (reqOneofCase_ == 3 && + reqOneof_ != io.grpc.s2a.handshaker.GetTlsConfigurationReq.getDefaultInstance()) { + reqOneof_ = io.grpc.s2a.handshaker.GetTlsConfigurationReq.newBuilder((io.grpc.s2a.handshaker.GetTlsConfigurationReq) reqOneof_) + .mergeFrom(value).buildPartial(); + } else { + reqOneof_ = value; + } + onChanged(); + } else { + if (reqOneofCase_ == 3) { + getTlsConfigurationReqBuilder_.mergeFrom(value); + } else { + getTlsConfigurationReqBuilder_.setMessage(value); + } + } + reqOneofCase_ = 3; + return this; + } + /** + * 
+     * Requests the certificate chain and TLS configuration corresponding to the
+     * local identity, which the application MUST use to negotiate the TLS
+     * handshake.
+     *
+ * + * .grpc.gcp.GetTlsConfigurationReq get_tls_configuration_req = 3; + */ + public Builder clearGetTlsConfigurationReq() { + if (getTlsConfigurationReqBuilder_ == null) { + if (reqOneofCase_ == 3) { + reqOneofCase_ = 0; + reqOneof_ = null; + onChanged(); + } + } else { + if (reqOneofCase_ == 3) { + reqOneofCase_ = 0; + reqOneof_ = null; + } + getTlsConfigurationReqBuilder_.clear(); + } + return this; + } + /** + * 
+     * Requests the certificate chain and TLS configuration corresponding to the
+     * local identity, which the application MUST use to negotiate the TLS
+     * handshake.
+     *
+ * + * .grpc.gcp.GetTlsConfigurationReq get_tls_configuration_req = 3; + */ + public io.grpc.s2a.handshaker.GetTlsConfigurationReq.Builder getGetTlsConfigurationReqBuilder() { + return getGetTlsConfigurationReqFieldBuilder().getBuilder(); + } + /** + * 
+     * Requests the certificate chain and TLS configuration corresponding to the
+     * local identity, which the application MUST use to negotiate the TLS
+     * handshake.
+     *
+ * + * .grpc.gcp.GetTlsConfigurationReq get_tls_configuration_req = 3; + */ + @java.lang.Override + public io.grpc.s2a.handshaker.GetTlsConfigurationReqOrBuilder getGetTlsConfigurationReqOrBuilder() { + if ((reqOneofCase_ == 3) && (getTlsConfigurationReqBuilder_ != null)) { + return getTlsConfigurationReqBuilder_.getMessageOrBuilder(); + } else { + if (reqOneofCase_ == 3) { + return (io.grpc.s2a.handshaker.GetTlsConfigurationReq) reqOneof_; + } + return io.grpc.s2a.handshaker.GetTlsConfigurationReq.getDefaultInstance(); + } + } + /** + * 
+     * Requests the certificate chain and TLS configuration corresponding to the
+     * local identity, which the application MUST use to negotiate the TLS
+     * handshake.
+     *
+ * + * .grpc.gcp.GetTlsConfigurationReq get_tls_configuration_req = 3; + */ + private com.google.protobuf.SingleFieldBuilderV3< + io.grpc.s2a.handshaker.GetTlsConfigurationReq, io.grpc.s2a.handshaker.GetTlsConfigurationReq.Builder, io.grpc.s2a.handshaker.GetTlsConfigurationReqOrBuilder> + getGetTlsConfigurationReqFieldBuilder() { + if (getTlsConfigurationReqBuilder_ == null) { + if (!(reqOneofCase_ == 3)) { + reqOneof_ = io.grpc.s2a.handshaker.GetTlsConfigurationReq.getDefaultInstance(); + } + getTlsConfigurationReqBuilder_ = new com.google.protobuf.SingleFieldBuilderV3< + io.grpc.s2a.handshaker.GetTlsConfigurationReq, io.grpc.s2a.handshaker.GetTlsConfigurationReq.Builder, io.grpc.s2a.handshaker.GetTlsConfigurationReqOrBuilder>( + (io.grpc.s2a.handshaker.GetTlsConfigurationReq) reqOneof_, + getParentForChildren(), + isClean()); + reqOneof_ = null; + } + reqOneofCase_ = 3; + onChanged(); + return getTlsConfigurationReqBuilder_; + } + + private com.google.protobuf.SingleFieldBuilderV3< + io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq, io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq.Builder, io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReqOrBuilder> offloadPrivateKeyOperationReqBuilder_; + /** + * 
+     * Signs or decrypts the input bytes using a private key corresponding to
+     * the local identity in the request.
+     *
+     * WARNING: More than one OffloadPrivateKeyOperationReq may be sent to the
+     * S2Av2 by a server during a TLS 1.2 handshake.
+     *
+ * + * .grpc.gcp.OffloadPrivateKeyOperationReq offload_private_key_operation_req = 4; + * @return Whether the offloadPrivateKeyOperationReq field is set. + */ + @java.lang.Override + public boolean hasOffloadPrivateKeyOperationReq() { + return reqOneofCase_ == 4; + } + /** + * 
+     * Signs or decrypts the input bytes using a private key corresponding to
+     * the local identity in the request.
+     *
+     * WARNING: More than one OffloadPrivateKeyOperationReq may be sent to the
+     * S2Av2 by a server during a TLS 1.2 handshake.
+     *
+ * + * .grpc.gcp.OffloadPrivateKeyOperationReq offload_private_key_operation_req = 4; + * @return The offloadPrivateKeyOperationReq. + */ + @java.lang.Override + public io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq getOffloadPrivateKeyOperationReq() { + if (offloadPrivateKeyOperationReqBuilder_ == null) { + if (reqOneofCase_ == 4) { + return (io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq) reqOneof_; + } + return io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq.getDefaultInstance(); + } else { + if (reqOneofCase_ == 4) { + return offloadPrivateKeyOperationReqBuilder_.getMessage(); + } + return io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq.getDefaultInstance(); + } + } + /** + * 
+     * Signs or decrypts the input bytes using a private key corresponding to
+     * the local identity in the request.
+     *
+     * WARNING: More than one OffloadPrivateKeyOperationReq may be sent to the
+     * S2Av2 by a server during a TLS 1.2 handshake.
+     *
+ * + * .grpc.gcp.OffloadPrivateKeyOperationReq offload_private_key_operation_req = 4; + */ + public Builder setOffloadPrivateKeyOperationReq(io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq value) { + if (offloadPrivateKeyOperationReqBuilder_ == null) { + if (value == null) { + throw new NullPointerException(); + } + reqOneof_ = value; + onChanged(); + } else { + offloadPrivateKeyOperationReqBuilder_.setMessage(value); + } + reqOneofCase_ = 4; + return this; + } + /** + * 
+     * Signs or decrypts the input bytes using a private key corresponding to
+     * the local identity in the request.
+     *
+     * WARNING: More than one OffloadPrivateKeyOperationReq may be sent to the
+     * S2Av2 by a server during a TLS 1.2 handshake.
+     *
+ * + * .grpc.gcp.OffloadPrivateKeyOperationReq offload_private_key_operation_req = 4; + */ + public Builder setOffloadPrivateKeyOperationReq( + io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq.Builder builderForValue) { + if (offloadPrivateKeyOperationReqBuilder_ == null) { + reqOneof_ = builderForValue.build(); + onChanged(); + } else { + offloadPrivateKeyOperationReqBuilder_.setMessage(builderForValue.build()); + } + reqOneofCase_ = 4; + return this; + } + /** + * 
+     * Signs or decrypts the input bytes using a private key corresponding to
+     * the local identity in the request.
+     *
+     * WARNING: More than one OffloadPrivateKeyOperationReq may be sent to the
+     * S2Av2 by a server during a TLS 1.2 handshake.
+     *
+ * + * .grpc.gcp.OffloadPrivateKeyOperationReq offload_private_key_operation_req = 4; + */ + public Builder mergeOffloadPrivateKeyOperationReq(io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq value) { + if (offloadPrivateKeyOperationReqBuilder_ == null) { + if (reqOneofCase_ == 4 && + reqOneof_ != io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq.getDefaultInstance()) { + reqOneof_ = io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq.newBuilder((io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq) reqOneof_) + .mergeFrom(value).buildPartial(); + } else { + reqOneof_ = value; + } + onChanged(); + } else { + if (reqOneofCase_ == 4) { + offloadPrivateKeyOperationReqBuilder_.mergeFrom(value); + } else { + offloadPrivateKeyOperationReqBuilder_.setMessage(value); + } + } + reqOneofCase_ = 4; + return this; + } + /** + * 
+     * Signs or decrypts the input bytes using a private key corresponding to
+     * the local identity in the request.
+     *
+     * WARNING: More than one OffloadPrivateKeyOperationReq may be sent to the
+     * S2Av2 by a server during a TLS 1.2 handshake.
+     *
+ * + * .grpc.gcp.OffloadPrivateKeyOperationReq offload_private_key_operation_req = 4; + */ + public Builder clearOffloadPrivateKeyOperationReq() { + if (offloadPrivateKeyOperationReqBuilder_ == null) { + if (reqOneofCase_ == 4) { + reqOneofCase_ = 0; + reqOneof_ = null; + onChanged(); + } + } else { + if (reqOneofCase_ == 4) { + reqOneofCase_ = 0; + reqOneof_ = null; + } + offloadPrivateKeyOperationReqBuilder_.clear(); + } + return this; + } + /** + * 
+     * Signs or decrypts the input bytes using a private key corresponding to
+     * the local identity in the request.
+     *
+     * WARNING: More than one OffloadPrivateKeyOperationReq may be sent to the
+     * S2Av2 by a server during a TLS 1.2 handshake.
+     *
+ * + * .grpc.gcp.OffloadPrivateKeyOperationReq offload_private_key_operation_req = 4; + */ + public io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq.Builder getOffloadPrivateKeyOperationReqBuilder() { + return getOffloadPrivateKeyOperationReqFieldBuilder().getBuilder(); + } + /** + * 
+     * Signs or decrypts the input bytes using a private key corresponding to
+     * the local identity in the request.
+     *
+     * WARNING: More than one OffloadPrivateKeyOperationReq may be sent to the
+     * S2Av2 by a server during a TLS 1.2 handshake.
+     *
+ * + * .grpc.gcp.OffloadPrivateKeyOperationReq offload_private_key_operation_req = 4; + */ + @java.lang.Override + public io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReqOrBuilder getOffloadPrivateKeyOperationReqOrBuilder() { + if ((reqOneofCase_ == 4) && (offloadPrivateKeyOperationReqBuilder_ != null)) { + return offloadPrivateKeyOperationReqBuilder_.getMessageOrBuilder(); + } else { + if (reqOneofCase_ == 4) { + return (io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq) reqOneof_; + } + return io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq.getDefaultInstance(); + } + } + /** + * 
+     * Signs or decrypts the input bytes using a private key corresponding to
+     * the local identity in the request.
+     *
+     * WARNING: More than one OffloadPrivateKeyOperationReq may be sent to the
+     * S2Av2 by a server during a TLS 1.2 handshake.
+     *
+ * + * .grpc.gcp.OffloadPrivateKeyOperationReq offload_private_key_operation_req = 4; + */ + private com.google.protobuf.SingleFieldBuilderV3< + io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq, io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq.Builder, io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReqOrBuilder> + getOffloadPrivateKeyOperationReqFieldBuilder() { + if (offloadPrivateKeyOperationReqBuilder_ == null) { + if (!(reqOneofCase_ == 4)) { + reqOneof_ = io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq.getDefaultInstance(); + } + offloadPrivateKeyOperationReqBuilder_ = new com.google.protobuf.SingleFieldBuilderV3< + io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq, io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq.Builder, io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReqOrBuilder>( + (io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq) reqOneof_, + getParentForChildren(), + isClean()); + reqOneof_ = null; + } + reqOneofCase_ = 4; + onChanged(); + return offloadPrivateKeyOperationReqBuilder_; + } + + private com.google.protobuf.SingleFieldBuilderV3< + io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq, io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq.Builder, io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReqOrBuilder> offloadResumptionKeyOperationReqBuilder_; + /** + * 
+     * Encrypts or decrypts the input bytes using a resumption key corresponding
+     * to the local identity in the request.
+     *
+ * + * .grpc.gcp.OffloadResumptionKeyOperationReq offload_resumption_key_operation_req = 5; + * @return Whether the offloadResumptionKeyOperationReq field is set. + */ + @java.lang.Override + public boolean hasOffloadResumptionKeyOperationReq() { + return reqOneofCase_ == 5; + } + /** + * 
+     * Encrypts or decrypts the input bytes using a resumption key corresponding
+     * to the local identity in the request.
+     *
+ * + * .grpc.gcp.OffloadResumptionKeyOperationReq offload_resumption_key_operation_req = 5; + * @return The offloadResumptionKeyOperationReq. + */ + @java.lang.Override + public io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq getOffloadResumptionKeyOperationReq() { + if (offloadResumptionKeyOperationReqBuilder_ == null) { + if (reqOneofCase_ == 5) { + return (io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq) reqOneof_; + } + return io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq.getDefaultInstance(); + } else { + if (reqOneofCase_ == 5) { + return offloadResumptionKeyOperationReqBuilder_.getMessage(); + } + return io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq.getDefaultInstance(); + } + } + /** + * 
+     * Encrypts or decrypts the input bytes using a resumption key corresponding
+     * to the local identity in the request.
+     *
+ * + * .grpc.gcp.OffloadResumptionKeyOperationReq offload_resumption_key_operation_req = 5; + */ + public Builder setOffloadResumptionKeyOperationReq(io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq value) { + if (offloadResumptionKeyOperationReqBuilder_ == null) { + if (value == null) { + throw new NullPointerException(); + } + reqOneof_ = value; + onChanged(); + } else { + offloadResumptionKeyOperationReqBuilder_.setMessage(value); + } + reqOneofCase_ = 5; + return this; + } + /** + * 
+     * Encrypts or decrypts the input bytes using a resumption key corresponding
+     * to the local identity in the request.
+     *
+ * + * .grpc.gcp.OffloadResumptionKeyOperationReq offload_resumption_key_operation_req = 5; + */ + public Builder setOffloadResumptionKeyOperationReq( + io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq.Builder builderForValue) { + if (offloadResumptionKeyOperationReqBuilder_ == null) { + reqOneof_ = builderForValue.build(); + onChanged(); + } else { + offloadResumptionKeyOperationReqBuilder_.setMessage(builderForValue.build()); + } + reqOneofCase_ = 5; + return this; + } + /** + * 
+     * Encrypts or decrypts the input bytes using a resumption key corresponding
+     * to the local identity in the request.
+     *
+ * + * .grpc.gcp.OffloadResumptionKeyOperationReq offload_resumption_key_operation_req = 5; + */ + public Builder mergeOffloadResumptionKeyOperationReq(io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq value) { + if (offloadResumptionKeyOperationReqBuilder_ == null) { + if (reqOneofCase_ == 5 && + reqOneof_ != io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq.getDefaultInstance()) { + reqOneof_ = io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq.newBuilder((io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq) reqOneof_) + .mergeFrom(value).buildPartial(); + } else { + reqOneof_ = value; + } + onChanged(); + } else { + if (reqOneofCase_ == 5) { + offloadResumptionKeyOperationReqBuilder_.mergeFrom(value); + } else { + offloadResumptionKeyOperationReqBuilder_.setMessage(value); + } + } + reqOneofCase_ = 5; + return this; + } + /** + * 
+     * Encrypts or decrypts the input bytes using a resumption key corresponding
+     * to the local identity in the request.
+     *
+ * + * .grpc.gcp.OffloadResumptionKeyOperationReq offload_resumption_key_operation_req = 5; + */ + public Builder clearOffloadResumptionKeyOperationReq() { + if (offloadResumptionKeyOperationReqBuilder_ == null) { + if (reqOneofCase_ == 5) { + reqOneofCase_ = 0; + reqOneof_ = null; + onChanged(); + } + } else { + if (reqOneofCase_ == 5) { + reqOneofCase_ = 0; + reqOneof_ = null; + } + offloadResumptionKeyOperationReqBuilder_.clear(); + } + return this; + } + /** + * 
+     * Encrypts or decrypts the input bytes using a resumption key corresponding
+     * to the local identity in the request.
+     *
+ * + * .grpc.gcp.OffloadResumptionKeyOperationReq offload_resumption_key_operation_req = 5; + */ + public io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq.Builder getOffloadResumptionKeyOperationReqBuilder() { + return getOffloadResumptionKeyOperationReqFieldBuilder().getBuilder(); + } + /** + * 
+     * Encrypts or decrypts the input bytes using a resumption key corresponding
+     * to the local identity in the request.
+     *
+ * + * .grpc.gcp.OffloadResumptionKeyOperationReq offload_resumption_key_operation_req = 5; + */ + @java.lang.Override + public io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReqOrBuilder getOffloadResumptionKeyOperationReqOrBuilder() { + if ((reqOneofCase_ == 5) && (offloadResumptionKeyOperationReqBuilder_ != null)) { + return offloadResumptionKeyOperationReqBuilder_.getMessageOrBuilder(); + } else { + if (reqOneofCase_ == 5) { + return (io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq) reqOneof_; + } + return io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq.getDefaultInstance(); + } + } + /** + * 
+     * Encrypts or decrypts the input bytes using a resumption key corresponding
+     * to the local identity in the request.
+     *
+ * + * .grpc.gcp.OffloadResumptionKeyOperationReq offload_resumption_key_operation_req = 5; + */ + private com.google.protobuf.SingleFieldBuilderV3< + io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq, io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq.Builder, io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReqOrBuilder> + getOffloadResumptionKeyOperationReqFieldBuilder() { + if (offloadResumptionKeyOperationReqBuilder_ == null) { + if (!(reqOneofCase_ == 5)) { + reqOneof_ = io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq.getDefaultInstance(); + } + offloadResumptionKeyOperationReqBuilder_ = new com.google.protobuf.SingleFieldBuilderV3< + io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq, io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq.Builder, io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReqOrBuilder>( + (io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq) reqOneof_, + getParentForChildren(), + isClean()); + reqOneof_ = null; + } + reqOneofCase_ = 5; + onChanged(); + return offloadResumptionKeyOperationReqBuilder_; + } + + private com.google.protobuf.SingleFieldBuilderV3< + io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq, io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.Builder, io.grpc.s2a.handshaker.ValidatePeerCertificateChainReqOrBuilder> validatePeerCertificateChainReqBuilder_; + /** + * 
+     * Verifies the peer's certificate chain using
+     * (a) trust bundles corresponding to the local identity in the request, and
+     * (b) the verification mode in the request.
+     *
+ * + * .grpc.gcp.ValidatePeerCertificateChainReq validate_peer_certificate_chain_req = 6; + * @return Whether the validatePeerCertificateChainReq field is set. + */ + @java.lang.Override + public boolean hasValidatePeerCertificateChainReq() { + return reqOneofCase_ == 6; + } + /** + * 
+     * Verifies the peer's certificate chain using
+     * (a) trust bundles corresponding to the local identity in the request, and
+     * (b) the verification mode in the request.
+     *
+ * + * .grpc.gcp.ValidatePeerCertificateChainReq validate_peer_certificate_chain_req = 6; + * @return The validatePeerCertificateChainReq. + */ + @java.lang.Override + public io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq getValidatePeerCertificateChainReq() { + if (validatePeerCertificateChainReqBuilder_ == null) { + if (reqOneofCase_ == 6) { + return (io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq) reqOneof_; + } + return io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.getDefaultInstance(); + } else { + if (reqOneofCase_ == 6) { + return validatePeerCertificateChainReqBuilder_.getMessage(); + } + return io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.getDefaultInstance(); + } + } + /** + * 
+     * Verifies the peer's certificate chain using
+     * (a) trust bundles corresponding to the local identity in the request, and
+     * (b) the verification mode in the request.
+     *
+ * + * .grpc.gcp.ValidatePeerCertificateChainReq validate_peer_certificate_chain_req = 6; + */ + public Builder setValidatePeerCertificateChainReq(io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq value) { + if (validatePeerCertificateChainReqBuilder_ == null) { + if (value == null) { + throw new NullPointerException(); + } + reqOneof_ = value; + onChanged(); + } else { + validatePeerCertificateChainReqBuilder_.setMessage(value); + } + reqOneofCase_ = 6; + return this; + } + /** + * 
+     * Verifies the peer's certificate chain using
+     * (a) trust bundles corresponding to the local identity in the request, and
+     * (b) the verification mode in the request.
+     *
+ * + * .grpc.gcp.ValidatePeerCertificateChainReq validate_peer_certificate_chain_req = 6; + */ + public Builder setValidatePeerCertificateChainReq( + io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.Builder builderForValue) { + if (validatePeerCertificateChainReqBuilder_ == null) { + reqOneof_ = builderForValue.build(); + onChanged(); + } else { + validatePeerCertificateChainReqBuilder_.setMessage(builderForValue.build()); + } + reqOneofCase_ = 6; + return this; + } + /** + * 
+     * Verifies the peer's certificate chain using
+     * (a) trust bundles corresponding to the local identity in the request, and
+     * (b) the verification mode in the request.
+     *
+ * + * .grpc.gcp.ValidatePeerCertificateChainReq validate_peer_certificate_chain_req = 6; + */ + public Builder mergeValidatePeerCertificateChainReq(io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq value) { + if (validatePeerCertificateChainReqBuilder_ == null) { + if (reqOneofCase_ == 6 && + reqOneof_ != io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.getDefaultInstance()) { + reqOneof_ = io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.newBuilder((io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq) reqOneof_) + .mergeFrom(value).buildPartial(); + } else { + reqOneof_ = value; + } + onChanged(); + } else { + if (reqOneofCase_ == 6) { + validatePeerCertificateChainReqBuilder_.mergeFrom(value); + } else { + validatePeerCertificateChainReqBuilder_.setMessage(value); + } + } + reqOneofCase_ = 6; + return this; + } + /** + * 
+     * Verifies the peer's certificate chain using
+     * (a) trust bundles corresponding to the local identity in the request, and
+     * (b) the verification mode in the request.
+     *
+ * + * .grpc.gcp.ValidatePeerCertificateChainReq validate_peer_certificate_chain_req = 6; + */ + public Builder clearValidatePeerCertificateChainReq() { + if (validatePeerCertificateChainReqBuilder_ == null) { + if (reqOneofCase_ == 6) { + reqOneofCase_ = 0; + reqOneof_ = null; + onChanged(); + } + } else { + if (reqOneofCase_ == 6) { + reqOneofCase_ = 0; + reqOneof_ = null; + } + validatePeerCertificateChainReqBuilder_.clear(); + } + return this; + } + /** + * 
+     * Verifies the peer's certificate chain using
+     * (a) trust bundles corresponding to the local identity in the request, and
+     * (b) the verification mode in the request.
+     *
+ * + * .grpc.gcp.ValidatePeerCertificateChainReq validate_peer_certificate_chain_req = 6; + */ + public io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.Builder getValidatePeerCertificateChainReqBuilder() { + return getValidatePeerCertificateChainReqFieldBuilder().getBuilder(); + } + /** + * 
+     * Verifies the peer's certificate chain using
+     * (a) trust bundles corresponding to the local identity in the request, and
+     * (b) the verification mode in the request.
+     *
+ * + * .grpc.gcp.ValidatePeerCertificateChainReq validate_peer_certificate_chain_req = 6; + */ + @java.lang.Override + public io.grpc.s2a.handshaker.ValidatePeerCertificateChainReqOrBuilder getValidatePeerCertificateChainReqOrBuilder() { + if ((reqOneofCase_ == 6) && (validatePeerCertificateChainReqBuilder_ != null)) { + return validatePeerCertificateChainReqBuilder_.getMessageOrBuilder(); + } else { + if (reqOneofCase_ == 6) { + return (io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq) reqOneof_; + } + return io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.getDefaultInstance(); + } + } + /** + * 
+     * Verifies the peer's certificate chain using
+     * (a) trust bundles corresponding to the local identity in the request, and
+     * (b) the verification mode in the request.
+     *
+ * + * .grpc.gcp.ValidatePeerCertificateChainReq validate_peer_certificate_chain_req = 6; + */ + private com.google.protobuf.SingleFieldBuilderV3< + io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq, io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.Builder, io.grpc.s2a.handshaker.ValidatePeerCertificateChainReqOrBuilder> + getValidatePeerCertificateChainReqFieldBuilder() { + if (validatePeerCertificateChainReqBuilder_ == null) { + if (!(reqOneofCase_ == 6)) { + reqOneof_ = io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.getDefaultInstance(); + } + validatePeerCertificateChainReqBuilder_ = new com.google.protobuf.SingleFieldBuilderV3< + io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq, io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.Builder, io.grpc.s2a.handshaker.ValidatePeerCertificateChainReqOrBuilder>( + (io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq) reqOneof_, + getParentForChildren(), + isClean()); + reqOneof_ = null; + } + reqOneofCase_ = 6; + onChanged(); + return validatePeerCertificateChainReqBuilder_; + } + @java.lang.Override + public final Builder setUnknownFields( + final com.google.protobuf.UnknownFieldSet unknownFields) { + return super.setUnknownFields(unknownFields); + } + + @java.lang.Override + public final Builder mergeUnknownFields( + final com.google.protobuf.UnknownFieldSet unknownFields) { + return super.mergeUnknownFields(unknownFields); + } + + + // @@protoc_insertion_point(builder_scope:grpc.gcp.SessionReq) + } + + // @@protoc_insertion_point(class_scope:grpc.gcp.SessionReq) + private static final io.grpc.s2a.handshaker.SessionReq DEFAULT_INSTANCE; + static { + DEFAULT_INSTANCE = new io.grpc.s2a.handshaker.SessionReq(); + } + + public static io.grpc.s2a.handshaker.SessionReq getDefaultInstance() { + return DEFAULT_INSTANCE; + } + + private static final com.google.protobuf.Parser + PARSER = new com.google.protobuf.AbstractParser() { + @java.lang.Override + public SessionReq parsePartialFrom( + com.google.protobuf.CodedInputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + Builder builder = newBuilder(); + try { + builder.mergeFrom(input, extensionRegistry); + } catch (com.google.protobuf.InvalidProtocolBufferException e) { + throw e.setUnfinishedMessage(builder.buildPartial()); + } catch (com.google.protobuf.UninitializedMessageException e) { + throw e.asInvalidProtocolBufferException().setUnfinishedMessage(builder.buildPartial()); + } catch (java.io.IOException e) { + throw new com.google.protobuf.InvalidProtocolBufferException(e) + .setUnfinishedMessage(builder.buildPartial()); + } + return builder.buildPartial(); + } + }; + + public static com.google.protobuf.Parser parser() { + return PARSER; + } + + @java.lang.Override + public com.google.protobuf.Parser getParserForType() { + return PARSER; + } + + @java.lang.Override + public io.grpc.s2a.handshaker.SessionReq getDefaultInstanceForType() { + return DEFAULT_INSTANCE; + } + +} + diff --git a/s2a/src/generated/main/java/io/grpc/s2a/handshaker/SessionReqOrBuilder.java b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/SessionReqOrBuilder.java new file mode 100644 index 000000000000..d9cffb838845 --- /dev/null +++ b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/SessionReqOrBuilder.java @@ -0,0 +1,249 @@ +// Generated by the protocol buffer compiler. DO NOT EDIT! +// source: s2a.proto + +// Protobuf Java Version: 3.25.1 +package io.grpc.s2a.handshaker; + +public interface SessionReqOrBuilder extends + // @@protoc_insertion_point(interface_extends:grpc.gcp.SessionReq) + com.google.protobuf.MessageOrBuilder { + + /** + * 
+   * The identity corresponding to the TLS configurations that MUST be used for
+   * the TLS handshake.
+   *
+   * If a managed identity already exists, the local identity and authentication
+   * mechanisms are ignored. If a managed identity doesn't exist and the local
+   * identity is not populated, S2A will try to deduce the managed identity to
+   * use from the SNI extension. If that also fails, S2A uses the default
+   * identity (if one exists).
+   *
+ * + * .grpc.gcp.Identity local_identity = 1; + * @return Whether the localIdentity field is set. + */ + boolean hasLocalIdentity(); + /** + * 
+   * The identity corresponding to the TLS configurations that MUST be used for
+   * the TLS handshake.
+   *
+   * If a managed identity already exists, the local identity and authentication
+   * mechanisms are ignored. If a managed identity doesn't exist and the local
+   * identity is not populated, S2A will try to deduce the managed identity to
+   * use from the SNI extension. If that also fails, S2A uses the default
+   * identity (if one exists).
+   *
+ * + * .grpc.gcp.Identity local_identity = 1; + * @return The localIdentity. + */ + io.grpc.s2a.handshaker.Identity getLocalIdentity(); + /** + * 
+   * The identity corresponding to the TLS configurations that MUST be used for
+   * the TLS handshake.
+   *
+   * If a managed identity already exists, the local identity and authentication
+   * mechanisms are ignored. If a managed identity doesn't exist and the local
+   * identity is not populated, S2A will try to deduce the managed identity to
+   * use from the SNI extension. If that also fails, S2A uses the default
+   * identity (if one exists).
+   *
+ * + * .grpc.gcp.Identity local_identity = 1; + */ + io.grpc.s2a.handshaker.IdentityOrBuilder getLocalIdentityOrBuilder(); + + /** + * 
+   * The authentication mechanisms that the application wishes to use to
+   * authenticate to S2A, ordered by preference. S2A will always use the first
+   * authentication mechanism that matches the managed identity.
+   *
+ * + * repeated .grpc.gcp.AuthenticationMechanism authentication_mechanisms = 2; + */ + java.util.List + getAuthenticationMechanismsList(); + /** + * 
+   * The authentication mechanisms that the application wishes to use to
+   * authenticate to S2A, ordered by preference. S2A will always use the first
+   * authentication mechanism that matches the managed identity.
+   *
+ * + * repeated .grpc.gcp.AuthenticationMechanism authentication_mechanisms = 2; + */ + io.grpc.s2a.handshaker.AuthenticationMechanism getAuthenticationMechanisms(int index); + /** + * 
+   * The authentication mechanisms that the application wishes to use to
+   * authenticate to S2A, ordered by preference. S2A will always use the first
+   * authentication mechanism that matches the managed identity.
+   *
+ * + * repeated .grpc.gcp.AuthenticationMechanism authentication_mechanisms = 2; + */ + int getAuthenticationMechanismsCount(); + /** + * 
+   * The authentication mechanisms that the application wishes to use to
+   * authenticate to S2A, ordered by preference. S2A will always use the first
+   * authentication mechanism that matches the managed identity.
+   *
+ * + * repeated .grpc.gcp.AuthenticationMechanism authentication_mechanisms = 2; + */ + java.util.List + getAuthenticationMechanismsOrBuilderList(); + /** + * 
+   * The authentication mechanisms that the application wishes to use to
+   * authenticate to S2A, ordered by preference. S2A will always use the first
+   * authentication mechanism that matches the managed identity.
+   *
+ * + * repeated .grpc.gcp.AuthenticationMechanism authentication_mechanisms = 2; + */ + io.grpc.s2a.handshaker.AuthenticationMechanismOrBuilder getAuthenticationMechanismsOrBuilder( + int index); + + /** + * 
+   * Requests the certificate chain and TLS configuration corresponding to the
+   * local identity, which the application MUST use to negotiate the TLS
+   * handshake.
+   *
+ * + * .grpc.gcp.GetTlsConfigurationReq get_tls_configuration_req = 3; + * @return Whether the getTlsConfigurationReq field is set. + */ + boolean hasGetTlsConfigurationReq(); + /** + * 
+   * Requests the certificate chain and TLS configuration corresponding to the
+   * local identity, which the application MUST use to negotiate the TLS
+   * handshake.
+   *
+ * + * .grpc.gcp.GetTlsConfigurationReq get_tls_configuration_req = 3; + * @return The getTlsConfigurationReq. + */ + io.grpc.s2a.handshaker.GetTlsConfigurationReq getGetTlsConfigurationReq(); + /** + * 
+   * Requests the certificate chain and TLS configuration corresponding to the
+   * local identity, which the application MUST use to negotiate the TLS
+   * handshake.
+   *
+ * + * .grpc.gcp.GetTlsConfigurationReq get_tls_configuration_req = 3; + */ + io.grpc.s2a.handshaker.GetTlsConfigurationReqOrBuilder getGetTlsConfigurationReqOrBuilder(); + + /** + * 
+   * Signs or decrypts the input bytes using a private key corresponding to
+   * the local identity in the request.
+   *
+   * WARNING: More than one OffloadPrivateKeyOperationReq may be sent to the
+   * S2Av2 by a server during a TLS 1.2 handshake.
+   *
+ * + * .grpc.gcp.OffloadPrivateKeyOperationReq offload_private_key_operation_req = 4; + * @return Whether the offloadPrivateKeyOperationReq field is set. + */ + boolean hasOffloadPrivateKeyOperationReq(); + /** + * 
+   * Signs or decrypts the input bytes using a private key corresponding to
+   * the local identity in the request.
+   *
+   * WARNING: More than one OffloadPrivateKeyOperationReq may be sent to the
+   * S2Av2 by a server during a TLS 1.2 handshake.
+   *
+ * + * .grpc.gcp.OffloadPrivateKeyOperationReq offload_private_key_operation_req = 4; + * @return The offloadPrivateKeyOperationReq. + */ + io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReq getOffloadPrivateKeyOperationReq(); + /** + * 
+   * Signs or decrypts the input bytes using a private key corresponding to
+   * the local identity in the request.
+   *
+   * WARNING: More than one OffloadPrivateKeyOperationReq may be sent to the
+   * S2Av2 by a server during a TLS 1.2 handshake.
+   *
+ * + * .grpc.gcp.OffloadPrivateKeyOperationReq offload_private_key_operation_req = 4; + */ + io.grpc.s2a.handshaker.OffloadPrivateKeyOperationReqOrBuilder getOffloadPrivateKeyOperationReqOrBuilder(); + + /** + * 
+   * Encrypts or decrypts the input bytes using a resumption key corresponding
+   * to the local identity in the request.
+   *
+ * + * .grpc.gcp.OffloadResumptionKeyOperationReq offload_resumption_key_operation_req = 5; + * @return Whether the offloadResumptionKeyOperationReq field is set. + */ + boolean hasOffloadResumptionKeyOperationReq(); + /** + * 
+   * Encrypts or decrypts the input bytes using a resumption key corresponding
+   * to the local identity in the request.
+   *
+ * + * .grpc.gcp.OffloadResumptionKeyOperationReq offload_resumption_key_operation_req = 5; + * @return The offloadResumptionKeyOperationReq. + */ + io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReq getOffloadResumptionKeyOperationReq(); + /** + * 
+   * Encrypts or decrypts the input bytes using a resumption key corresponding
+   * to the local identity in the request.
+   *
+ * + * .grpc.gcp.OffloadResumptionKeyOperationReq offload_resumption_key_operation_req = 5; + */ + io.grpc.s2a.handshaker.OffloadResumptionKeyOperationReqOrBuilder getOffloadResumptionKeyOperationReqOrBuilder(); + + /** + * 
+   * Verifies the peer's certificate chain using
+   * (a) trust bundles corresponding to the local identity in the request, and
+   * (b) the verification mode in the request.
+   *
+ * + * .grpc.gcp.ValidatePeerCertificateChainReq validate_peer_certificate_chain_req = 6; + * @return Whether the validatePeerCertificateChainReq field is set. + */ + boolean hasValidatePeerCertificateChainReq(); + /** + * 
+   * Verifies the peer's certificate chain using
+   * (a) trust bundles corresponding to the local identity in the request, and
+   * (b) the verification mode in the request.
+   *
+ * + * .grpc.gcp.ValidatePeerCertificateChainReq validate_peer_certificate_chain_req = 6; + * @return The validatePeerCertificateChainReq. + */ + io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq getValidatePeerCertificateChainReq(); + /** + * 
+   * Verifies the peer's certificate chain using
+   * (a) trust bundles corresponding to the local identity in the request, and
+   * (b) the verification mode in the request.
+   *
+ * + * .grpc.gcp.ValidatePeerCertificateChainReq validate_peer_certificate_chain_req = 6; + */ + io.grpc.s2a.handshaker.ValidatePeerCertificateChainReqOrBuilder getValidatePeerCertificateChainReqOrBuilder(); + + io.grpc.s2a.handshaker.SessionReq.ReqOneofCase getReqOneofCase(); +} diff --git a/s2a/src/generated/main/java/io/grpc/s2a/handshaker/SessionResp.java b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/SessionResp.java new file mode 100644 index 000000000000..1e38dc09e154 --- /dev/null +++ b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/SessionResp.java @@ -0,0 +1,1854 @@ +// Generated by the protocol buffer compiler. DO NOT EDIT! +// source: s2a.proto + +// Protobuf Java Version: 3.25.1 +package io.grpc.s2a.handshaker; + +/** + * Protobuf type {@code grpc.gcp.SessionResp} + */ +public final class SessionResp extends + com.google.protobuf.GeneratedMessageV3 implements + // @@protoc_insertion_point(message_implements:grpc.gcp.SessionResp) + SessionRespOrBuilder { +private static final long serialVersionUID = 0L; + // Use SessionResp.newBuilder() to construct. + private SessionResp(com.google.protobuf.GeneratedMessageV3.Builder builder) { + super(builder); + } + private SessionResp() { + } + + @java.lang.Override + @SuppressWarnings({"unused"}) + protected java.lang.Object newInstance( + UnusedPrivateParameter unused) { + return new SessionResp(); + } + + public static final com.google.protobuf.Descriptors.Descriptor + getDescriptor() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_SessionResp_descriptor; + } + + @java.lang.Override + protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable + internalGetFieldAccessorTable() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_SessionResp_fieldAccessorTable + .ensureFieldAccessorsInitialized( + io.grpc.s2a.handshaker.SessionResp.class, io.grpc.s2a.handshaker.SessionResp.Builder.class); + } + + private int bitField0_; + private int respOneofCase_ = 0; + @SuppressWarnings("serial") + private java.lang.Object respOneof_; + public enum RespOneofCase + implements com.google.protobuf.Internal.EnumLite, + com.google.protobuf.AbstractMessage.InternalOneOfEnum { + GET_TLS_CONFIGURATION_RESP(2), + OFFLOAD_PRIVATE_KEY_OPERATION_RESP(3), + OFFLOAD_RESUMPTION_KEY_OPERATION_RESP(4), + VALIDATE_PEER_CERTIFICATE_CHAIN_RESP(5), + RESPONEOF_NOT_SET(0); + private final int value; + private RespOneofCase(int value) { + this.value = value; + } + /** + * @param value The number of the enum to look for. + * @return The enum associated with the given number. + * @deprecated Use {@link #forNumber(int)} instead. + */ + @java.lang.Deprecated + public static RespOneofCase valueOf(int value) { + return forNumber(value); + } + + public static RespOneofCase forNumber(int value) { + switch (value) { + case 2: return GET_TLS_CONFIGURATION_RESP; + case 3: return OFFLOAD_PRIVATE_KEY_OPERATION_RESP; + case 4: return OFFLOAD_RESUMPTION_KEY_OPERATION_RESP; + case 5: return VALIDATE_PEER_CERTIFICATE_CHAIN_RESP; + case 0: return RESPONEOF_NOT_SET; + default: return null; + } + } + public int getNumber() { + return this.value; + } + }; + + public RespOneofCase + getRespOneofCase() { + return RespOneofCase.forNumber( + respOneofCase_); + } + + public static final int STATUS_FIELD_NUMBER = 1; + private io.grpc.s2a.handshaker.Status status_; + /** + * 
+   * Status of the session response.
+   *
+   * The status field is populated so that if an error occurs when making an
+   * individual request, then communication with the S2A may continue. If an
+   * error is returned directly (e.g. at the gRPC layer), then it may result
+   * that the bidirectional stream being closed.
+   *
+ * + * .grpc.gcp.Status status = 1; + * @return Whether the status field is set. + */ + @java.lang.Override + public boolean hasStatus() { + return ((bitField0_ & 0x00000001) != 0); + } + /** + * 
+   * Status of the session response.
+   *
+   * The status field is populated so that if an error occurs when making an
+   * individual request, then communication with the S2A may continue. If an
+   * error is returned directly (e.g. at the gRPC layer), then it may result
+   * that the bidirectional stream being closed.
+   *
+ * + * .grpc.gcp.Status status = 1; + * @return The status. + */ + @java.lang.Override + public io.grpc.s2a.handshaker.Status getStatus() { + return status_ == null ? io.grpc.s2a.handshaker.Status.getDefaultInstance() : status_; + } + /** + * 
+   * Status of the session response.
+   *
+   * The status field is populated so that if an error occurs when making an
+   * individual request, then communication with the S2A may continue. If an
+   * error is returned directly (e.g. at the gRPC layer), then it may result
+   * that the bidirectional stream being closed.
+   *
+ * + * .grpc.gcp.Status status = 1; + */ + @java.lang.Override + public io.grpc.s2a.handshaker.StatusOrBuilder getStatusOrBuilder() { + return status_ == null ? io.grpc.s2a.handshaker.Status.getDefaultInstance() : status_; + } + + public static final int GET_TLS_CONFIGURATION_RESP_FIELD_NUMBER = 2; + /** + * 
+   * Contains the certificate chain and TLS configurations corresponding to
+   * the local identity.
+   *
+ * + * .grpc.gcp.GetTlsConfigurationResp get_tls_configuration_resp = 2; + * @return Whether the getTlsConfigurationResp field is set. + */ + @java.lang.Override + public boolean hasGetTlsConfigurationResp() { + return respOneofCase_ == 2; + } + /** + * 
+   * Contains the certificate chain and TLS configurations corresponding to
+   * the local identity.
+   *
+ * + * .grpc.gcp.GetTlsConfigurationResp get_tls_configuration_resp = 2; + * @return The getTlsConfigurationResp. + */ + @java.lang.Override + public io.grpc.s2a.handshaker.GetTlsConfigurationResp getGetTlsConfigurationResp() { + if (respOneofCase_ == 2) { + return (io.grpc.s2a.handshaker.GetTlsConfigurationResp) respOneof_; + } + return io.grpc.s2a.handshaker.GetTlsConfigurationResp.getDefaultInstance(); + } + /** + * 
+   * Contains the certificate chain and TLS configurations corresponding to
+   * the local identity.
+   *
+ * + * .grpc.gcp.GetTlsConfigurationResp get_tls_configuration_resp = 2; + */ + @java.lang.Override + public io.grpc.s2a.handshaker.GetTlsConfigurationRespOrBuilder getGetTlsConfigurationRespOrBuilder() { + if (respOneofCase_ == 2) { + return (io.grpc.s2a.handshaker.GetTlsConfigurationResp) respOneof_; + } + return io.grpc.s2a.handshaker.GetTlsConfigurationResp.getDefaultInstance(); + } + + public static final int OFFLOAD_PRIVATE_KEY_OPERATION_RESP_FIELD_NUMBER = 3; + /** + * 
+   * Contains the signed or encrypted output bytes using the private key
+   * corresponding to the local identity.
+   *
+ * + * .grpc.gcp.OffloadPrivateKeyOperationResp offload_private_key_operation_resp = 3; + * @return Whether the offloadPrivateKeyOperationResp field is set. + */ + @java.lang.Override + public boolean hasOffloadPrivateKeyOperationResp() { + return respOneofCase_ == 3; + } + /** + * 
+   * Contains the signed or encrypted output bytes using the private key
+   * corresponding to the local identity.
+   *
+ * + * .grpc.gcp.OffloadPrivateKeyOperationResp offload_private_key_operation_resp = 3; + * @return The offloadPrivateKeyOperationResp. + */ + @java.lang.Override + public io.grpc.s2a.handshaker.OffloadPrivateKeyOperationResp getOffloadPrivateKeyOperationResp() { + if (respOneofCase_ == 3) { + return (io.grpc.s2a.handshaker.OffloadPrivateKeyOperationResp) respOneof_; + } + return io.grpc.s2a.handshaker.OffloadPrivateKeyOperationResp.getDefaultInstance(); + } + /** + * 
+   * Contains the signed or encrypted output bytes using the private key
+   * corresponding to the local identity.
+   *
+ * + * .grpc.gcp.OffloadPrivateKeyOperationResp offload_private_key_operation_resp = 3; + */ + @java.lang.Override + public io.grpc.s2a.handshaker.OffloadPrivateKeyOperationRespOrBuilder getOffloadPrivateKeyOperationRespOrBuilder() { + if (respOneofCase_ == 3) { + return (io.grpc.s2a.handshaker.OffloadPrivateKeyOperationResp) respOneof_; + } + return io.grpc.s2a.handshaker.OffloadPrivateKeyOperationResp.getDefaultInstance(); + } + + public static final int OFFLOAD_RESUMPTION_KEY_OPERATION_RESP_FIELD_NUMBER = 4; + /** + * 
+   * Contains the encrypted or decrypted output bytes using the resumption key
+   * corresponding to the local identity.
+   *
+ * + * .grpc.gcp.OffloadResumptionKeyOperationResp offload_resumption_key_operation_resp = 4; + * @return Whether the offloadResumptionKeyOperationResp field is set. + */ + @java.lang.Override + public boolean hasOffloadResumptionKeyOperationResp() { + return respOneofCase_ == 4; + } + /** + * 
+   * Contains the encrypted or decrypted output bytes using the resumption key
+   * corresponding to the local identity.
+   *
+ * + * .grpc.gcp.OffloadResumptionKeyOperationResp offload_resumption_key_operation_resp = 4; + * @return The offloadResumptionKeyOperationResp. + */ + @java.lang.Override + public io.grpc.s2a.handshaker.OffloadResumptionKeyOperationResp getOffloadResumptionKeyOperationResp() { + if (respOneofCase_ == 4) { + return (io.grpc.s2a.handshaker.OffloadResumptionKeyOperationResp) respOneof_; + } + return io.grpc.s2a.handshaker.OffloadResumptionKeyOperationResp.getDefaultInstance(); + } + /** + * 
+   * Contains the encrypted or decrypted output bytes using the resumption key
+   * corresponding to the local identity.
+   *
+ * + * .grpc.gcp.OffloadResumptionKeyOperationResp offload_resumption_key_operation_resp = 4; + */ + @java.lang.Override + public io.grpc.s2a.handshaker.OffloadResumptionKeyOperationRespOrBuilder getOffloadResumptionKeyOperationRespOrBuilder() { + if (respOneofCase_ == 4) { + return (io.grpc.s2a.handshaker.OffloadResumptionKeyOperationResp) respOneof_; + } + return io.grpc.s2a.handshaker.OffloadResumptionKeyOperationResp.getDefaultInstance(); + } + + public static final int VALIDATE_PEER_CERTIFICATE_CHAIN_RESP_FIELD_NUMBER = 5; + /** + * 
+   * Contains the validation result, peer identity and fingerprints of peer
+   * certificates.
+   *
+ * + * .grpc.gcp.ValidatePeerCertificateChainResp validate_peer_certificate_chain_resp = 5; + * @return Whether the validatePeerCertificateChainResp field is set. + */ + @java.lang.Override + public boolean hasValidatePeerCertificateChainResp() { + return respOneofCase_ == 5; + } + /** + * 
+   * Contains the validation result, peer identity and fingerprints of peer
+   * certificates.
+   *
+ * + * .grpc.gcp.ValidatePeerCertificateChainResp validate_peer_certificate_chain_resp = 5; + * @return The validatePeerCertificateChainResp. + */ + @java.lang.Override + public io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp getValidatePeerCertificateChainResp() { + if (respOneofCase_ == 5) { + return (io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp) respOneof_; + } + return io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp.getDefaultInstance(); + } + /** + * 
+   * Contains the validation result, peer identity and fingerprints of peer
+   * certificates.
+   *
+ * + * .grpc.gcp.ValidatePeerCertificateChainResp validate_peer_certificate_chain_resp = 5; + */ + @java.lang.Override + public io.grpc.s2a.handshaker.ValidatePeerCertificateChainRespOrBuilder getValidatePeerCertificateChainRespOrBuilder() { + if (respOneofCase_ == 5) { + return (io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp) respOneof_; + } + return io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp.getDefaultInstance(); + } + + private byte memoizedIsInitialized = -1; + @java.lang.Override + public final boolean isInitialized() { + byte isInitialized = memoizedIsInitialized; + if (isInitialized == 1) return true; + if (isInitialized == 0) return false; + + memoizedIsInitialized = 1; + return true; + } + + @java.lang.Override + public void writeTo(com.google.protobuf.CodedOutputStream output) + throws java.io.IOException { + if (((bitField0_ & 0x00000001) != 0)) { + output.writeMessage(1, getStatus()); + } + if (respOneofCase_ == 2) { + output.writeMessage(2, (io.grpc.s2a.handshaker.GetTlsConfigurationResp) respOneof_); + } + if (respOneofCase_ == 3) { + output.writeMessage(3, (io.grpc.s2a.handshaker.OffloadPrivateKeyOperationResp) respOneof_); + } + if (respOneofCase_ == 4) { + output.writeMessage(4, (io.grpc.s2a.handshaker.OffloadResumptionKeyOperationResp) respOneof_); + } + if (respOneofCase_ == 5) { + output.writeMessage(5, (io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp) respOneof_); + } + getUnknownFields().writeTo(output); + } + + @java.lang.Override + public int getSerializedSize() { + int size = memoizedSize; + if (size != -1) return size; + + size = 0; + if (((bitField0_ & 0x00000001) != 0)) { + size += com.google.protobuf.CodedOutputStream + .computeMessageSize(1, getStatus()); + } + if (respOneofCase_ == 2) { + size += com.google.protobuf.CodedOutputStream + .computeMessageSize(2, (io.grpc.s2a.handshaker.GetTlsConfigurationResp) respOneof_); + } + if (respOneofCase_ == 3) { + size += com.google.protobuf.CodedOutputStream + .computeMessageSize(3, (io.grpc.s2a.handshaker.OffloadPrivateKeyOperationResp) respOneof_); + } + if (respOneofCase_ == 4) { + size += com.google.protobuf.CodedOutputStream + .computeMessageSize(4, (io.grpc.s2a.handshaker.OffloadResumptionKeyOperationResp) respOneof_); + } + if (respOneofCase_ == 5) { + size += com.google.protobuf.CodedOutputStream + .computeMessageSize(5, (io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp) respOneof_); + } + size += getUnknownFields().getSerializedSize(); + memoizedSize = size; + return size; + } + + @java.lang.Override + public boolean equals(final java.lang.Object obj) { + if (obj == this) { + return true; + } + if (!(obj instanceof io.grpc.s2a.handshaker.SessionResp)) { + return super.equals(obj); + } + io.grpc.s2a.handshaker.SessionResp other = (io.grpc.s2a.handshaker.SessionResp) obj; + + if (hasStatus() != other.hasStatus()) return false; + if (hasStatus()) { + if (!getStatus() + .equals(other.getStatus())) return false; + } + if (!getRespOneofCase().equals(other.getRespOneofCase())) return false; + switch (respOneofCase_) { + case 2: + if (!getGetTlsConfigurationResp() + .equals(other.getGetTlsConfigurationResp())) return false; + break; + case 3: + if (!getOffloadPrivateKeyOperationResp() + .equals(other.getOffloadPrivateKeyOperationResp())) return false; + break; + case 4: + if (!getOffloadResumptionKeyOperationResp() + .equals(other.getOffloadResumptionKeyOperationResp())) return false; + break; + case 5: + if (!getValidatePeerCertificateChainResp() + .equals(other.getValidatePeerCertificateChainResp())) return false; + break; + case 0: + default: + } + if (!getUnknownFields().equals(other.getUnknownFields())) return false; + return true; + } + + @java.lang.Override + public int hashCode() { + if (memoizedHashCode != 0) { + return memoizedHashCode; + } + int hash = 41; + hash = (19 * hash) + getDescriptor().hashCode(); + if (hasStatus()) { + hash = (37 * hash) + STATUS_FIELD_NUMBER; + hash = (53 * hash) + getStatus().hashCode(); + } + switch (respOneofCase_) { + case 2: + hash = (37 * hash) + GET_TLS_CONFIGURATION_RESP_FIELD_NUMBER; + hash = (53 * hash) + getGetTlsConfigurationResp().hashCode(); + break; + case 3: + hash = (37 * hash) + OFFLOAD_PRIVATE_KEY_OPERATION_RESP_FIELD_NUMBER; + hash = (53 * hash) + getOffloadPrivateKeyOperationResp().hashCode(); + break; + case 4: + hash = (37 * hash) + OFFLOAD_RESUMPTION_KEY_OPERATION_RESP_FIELD_NUMBER; + hash = (53 * hash) + getOffloadResumptionKeyOperationResp().hashCode(); + break; + case 5: + hash = (37 * hash) + VALIDATE_PEER_CERTIFICATE_CHAIN_RESP_FIELD_NUMBER; + hash = (53 * hash) + getValidatePeerCertificateChainResp().hashCode(); + break; + case 0: + default: + } + hash = (29 * hash) + getUnknownFields().hashCode(); + memoizedHashCode = hash; + return hash; + } + + public static io.grpc.s2a.handshaker.SessionResp parseFrom( + java.nio.ByteBuffer data) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data); + } + public static io.grpc.s2a.handshaker.SessionResp parseFrom( + java.nio.ByteBuffer data, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data, extensionRegistry); + } + public static io.grpc.s2a.handshaker.SessionResp parseFrom( + com.google.protobuf.ByteString data) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data); + } + public static io.grpc.s2a.handshaker.SessionResp parseFrom( + com.google.protobuf.ByteString data, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data, extensionRegistry); + } + public static io.grpc.s2a.handshaker.SessionResp parseFrom(byte[] data) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data); + } + public static io.grpc.s2a.handshaker.SessionResp parseFrom( + byte[] data, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data, extensionRegistry); + } + public static io.grpc.s2a.handshaker.SessionResp parseFrom(java.io.InputStream input) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input); + } + public static io.grpc.s2a.handshaker.SessionResp parseFrom( + java.io.InputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input, extensionRegistry); + } + + public static io.grpc.s2a.handshaker.SessionResp parseDelimitedFrom(java.io.InputStream input) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseDelimitedWithIOException(PARSER, input); + } + + public static io.grpc.s2a.handshaker.SessionResp parseDelimitedFrom( + java.io.InputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseDelimitedWithIOException(PARSER, input, extensionRegistry); + } + public static io.grpc.s2a.handshaker.SessionResp parseFrom( + com.google.protobuf.CodedInputStream input) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input); + } + public static io.grpc.s2a.handshaker.SessionResp parseFrom( + com.google.protobuf.CodedInputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input, extensionRegistry); + } + + @java.lang.Override + public Builder newBuilderForType() { return newBuilder(); } + public static Builder newBuilder() { + return DEFAULT_INSTANCE.toBuilder(); + } + public static Builder newBuilder(io.grpc.s2a.handshaker.SessionResp prototype) { + return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype); + } + @java.lang.Override + public Builder toBuilder() { + return this == DEFAULT_INSTANCE + ? new Builder() : new Builder().mergeFrom(this); + } + + @java.lang.Override + protected Builder newBuilderForType( + com.google.protobuf.GeneratedMessageV3.BuilderParent parent) { + Builder builder = new Builder(parent); + return builder; + } + /** + * Protobuf type {@code grpc.gcp.SessionResp} + */ + public static final class Builder extends + com.google.protobuf.GeneratedMessageV3.Builder implements + // @@protoc_insertion_point(builder_implements:grpc.gcp.SessionResp) + io.grpc.s2a.handshaker.SessionRespOrBuilder { + public static final com.google.protobuf.Descriptors.Descriptor + getDescriptor() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_SessionResp_descriptor; + } + + @java.lang.Override + protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable + internalGetFieldAccessorTable() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_SessionResp_fieldAccessorTable + .ensureFieldAccessorsInitialized( + io.grpc.s2a.handshaker.SessionResp.class, io.grpc.s2a.handshaker.SessionResp.Builder.class); + } + + // Construct using io.grpc.s2a.handshaker.SessionResp.newBuilder() + private Builder() { + maybeForceBuilderInitialization(); + } + + private Builder( + com.google.protobuf.GeneratedMessageV3.BuilderParent parent) { + super(parent); + maybeForceBuilderInitialization(); + } + private void maybeForceBuilderInitialization() { + if (com.google.protobuf.GeneratedMessageV3 + .alwaysUseFieldBuilders) { + getStatusFieldBuilder(); + } + } + @java.lang.Override + public Builder clear() { + super.clear(); + bitField0_ = 0; + status_ = null; + if (statusBuilder_ != null) { + statusBuilder_.dispose(); + statusBuilder_ = null; + } + if (getTlsConfigurationRespBuilder_ != null) { + getTlsConfigurationRespBuilder_.clear(); + } + if (offloadPrivateKeyOperationRespBuilder_ != null) { + offloadPrivateKeyOperationRespBuilder_.clear(); + } + if (offloadResumptionKeyOperationRespBuilder_ != null) { + offloadResumptionKeyOperationRespBuilder_.clear(); + } + if (validatePeerCertificateChainRespBuilder_ != null) { + validatePeerCertificateChainRespBuilder_.clear(); + } + respOneofCase_ = 0; + respOneof_ = null; + return this; + } + + @java.lang.Override + public com.google.protobuf.Descriptors.Descriptor + getDescriptorForType() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_SessionResp_descriptor; + } + + @java.lang.Override + public io.grpc.s2a.handshaker.SessionResp getDefaultInstanceForType() { + return io.grpc.s2a.handshaker.SessionResp.getDefaultInstance(); + } + + @java.lang.Override + public io.grpc.s2a.handshaker.SessionResp build() { + io.grpc.s2a.handshaker.SessionResp result = buildPartial(); + if (!result.isInitialized()) { + throw newUninitializedMessageException(result); + } + return result; + } + + @java.lang.Override + public io.grpc.s2a.handshaker.SessionResp buildPartial() { + io.grpc.s2a.handshaker.SessionResp result = new io.grpc.s2a.handshaker.SessionResp(this); + if (bitField0_ != 0) { buildPartial0(result); } + buildPartialOneofs(result); + onBuilt(); + return result; + } + + private void buildPartial0(io.grpc.s2a.handshaker.SessionResp result) { + int from_bitField0_ = bitField0_; + int to_bitField0_ = 0; + if (((from_bitField0_ & 0x00000001) != 0)) { + result.status_ = statusBuilder_ == null + ? status_ + : statusBuilder_.build(); + to_bitField0_ |= 0x00000001; + } + result.bitField0_ |= to_bitField0_; + } + + private void buildPartialOneofs(io.grpc.s2a.handshaker.SessionResp result) { + result.respOneofCase_ = respOneofCase_; + result.respOneof_ = this.respOneof_; + if (respOneofCase_ == 2 && + getTlsConfigurationRespBuilder_ != null) { + result.respOneof_ = getTlsConfigurationRespBuilder_.build(); + } + if (respOneofCase_ == 3 && + offloadPrivateKeyOperationRespBuilder_ != null) { + result.respOneof_ = offloadPrivateKeyOperationRespBuilder_.build(); + } + if (respOneofCase_ == 4 && + offloadResumptionKeyOperationRespBuilder_ != null) { + result.respOneof_ = offloadResumptionKeyOperationRespBuilder_.build(); + } + if (respOneofCase_ == 5 && + validatePeerCertificateChainRespBuilder_ != null) { + result.respOneof_ = validatePeerCertificateChainRespBuilder_.build(); + } + } + + @java.lang.Override + public Builder clone() { + return super.clone(); + } + @java.lang.Override + public Builder setField( + com.google.protobuf.Descriptors.FieldDescriptor field, + java.lang.Object value) { + return super.setField(field, value); + } + @java.lang.Override + public Builder clearField( + com.google.protobuf.Descriptors.FieldDescriptor field) { + return super.clearField(field); + } + @java.lang.Override + public Builder clearOneof( + com.google.protobuf.Descriptors.OneofDescriptor oneof) { + return super.clearOneof(oneof); + } + @java.lang.Override + public Builder setRepeatedField( + com.google.protobuf.Descriptors.FieldDescriptor field, + int index, java.lang.Object value) { + return super.setRepeatedField(field, index, value); + } + @java.lang.Override + public Builder addRepeatedField( + com.google.protobuf.Descriptors.FieldDescriptor field, + java.lang.Object value) { + return super.addRepeatedField(field, value); + } + @java.lang.Override + public Builder mergeFrom(com.google.protobuf.Message other) { + if (other instanceof io.grpc.s2a.handshaker.SessionResp) { + return mergeFrom((io.grpc.s2a.handshaker.SessionResp)other); + } else { + super.mergeFrom(other); + return this; + } + } + + public Builder mergeFrom(io.grpc.s2a.handshaker.SessionResp other) { + if (other == io.grpc.s2a.handshaker.SessionResp.getDefaultInstance()) return this; + if (other.hasStatus()) { + mergeStatus(other.getStatus()); + } + switch (other.getRespOneofCase()) { + case GET_TLS_CONFIGURATION_RESP: { + mergeGetTlsConfigurationResp(other.getGetTlsConfigurationResp()); + break; + } + case OFFLOAD_PRIVATE_KEY_OPERATION_RESP: { + mergeOffloadPrivateKeyOperationResp(other.getOffloadPrivateKeyOperationResp()); + break; + } + case OFFLOAD_RESUMPTION_KEY_OPERATION_RESP: { + mergeOffloadResumptionKeyOperationResp(other.getOffloadResumptionKeyOperationResp()); + break; + } + case VALIDATE_PEER_CERTIFICATE_CHAIN_RESP: { + mergeValidatePeerCertificateChainResp(other.getValidatePeerCertificateChainResp()); + break; + } + case RESPONEOF_NOT_SET: { + break; + } + } + this.mergeUnknownFields(other.getUnknownFields()); + onChanged(); + return this; + } + + @java.lang.Override + public final boolean isInitialized() { + return true; + } + + @java.lang.Override + public Builder mergeFrom( + com.google.protobuf.CodedInputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + if (extensionRegistry == null) { + throw new java.lang.NullPointerException(); + } + try { + boolean done = false; + while (!done) { + int tag = input.readTag(); + switch (tag) { + case 0: + done = true; + break; + case 10: { + input.readMessage( + getStatusFieldBuilder().getBuilder(), + extensionRegistry); + bitField0_ |= 0x00000001; + break; + } // case 10 + case 18: { + input.readMessage( + getGetTlsConfigurationRespFieldBuilder().getBuilder(), + extensionRegistry); + respOneofCase_ = 2; + break; + } // case 18 + case 26: { + input.readMessage( + getOffloadPrivateKeyOperationRespFieldBuilder().getBuilder(), + extensionRegistry); + respOneofCase_ = 3; + break; + } // case 26 + case 34: { + input.readMessage( + getOffloadResumptionKeyOperationRespFieldBuilder().getBuilder(), + extensionRegistry); + respOneofCase_ = 4; + break; + } // case 34 + case 42: { + input.readMessage( + getValidatePeerCertificateChainRespFieldBuilder().getBuilder(), + extensionRegistry); + respOneofCase_ = 5; + break; + } // case 42 + default: { + if (!super.parseUnknownField(input, extensionRegistry, tag)) { + done = true; // was an endgroup tag + } + break; + } // default: + } // switch (tag) + } // while (!done) + } catch (com.google.protobuf.InvalidProtocolBufferException e) { + throw e.unwrapIOException(); + } finally { + onChanged(); + } // finally + return this; + } + private int respOneofCase_ = 0; + private java.lang.Object respOneof_; + public RespOneofCase + getRespOneofCase() { + return RespOneofCase.forNumber( + respOneofCase_); + } + + public Builder clearRespOneof() { + respOneofCase_ = 0; + respOneof_ = null; + onChanged(); + return this; + } + + private int bitField0_; + + private io.grpc.s2a.handshaker.Status status_; + private com.google.protobuf.SingleFieldBuilderV3< + io.grpc.s2a.handshaker.Status, io.grpc.s2a.handshaker.Status.Builder, io.grpc.s2a.handshaker.StatusOrBuilder> statusBuilder_; + /** + * 
+     * Status of the session response.
+     *
+     * The status field is populated so that if an error occurs when making an
+     * individual request, then communication with the S2A may continue. If an
+     * error is returned directly (e.g. at the gRPC layer), then it may result
+     * that the bidirectional stream being closed.
+     *
+ * + * .grpc.gcp.Status status = 1; + * @return Whether the status field is set. + */ + public boolean hasStatus() { + return ((bitField0_ & 0x00000001) != 0); + } + /** + * 
+     * Status of the session response.
+     *
+     * The status field is populated so that if an error occurs when making an
+     * individual request, then communication with the S2A may continue. If an
+     * error is returned directly (e.g. at the gRPC layer), then it may result
+     * that the bidirectional stream being closed.
+     *
+ * + * .grpc.gcp.Status status = 1; + * @return The status. + */ + public io.grpc.s2a.handshaker.Status getStatus() { + if (statusBuilder_ == null) { + return status_ == null ? io.grpc.s2a.handshaker.Status.getDefaultInstance() : status_; + } else { + return statusBuilder_.getMessage(); + } + } + /** + * 
+     * Status of the session response.
+     *
+     * The status field is populated so that if an error occurs when making an
+     * individual request, then communication with the S2A may continue. If an
+     * error is returned directly (e.g. at the gRPC layer), then it may result
+     * that the bidirectional stream being closed.
+     *
+ * + * .grpc.gcp.Status status = 1; + */ + public Builder setStatus(io.grpc.s2a.handshaker.Status value) { + if (statusBuilder_ == null) { + if (value == null) { + throw new NullPointerException(); + } + status_ = value; + } else { + statusBuilder_.setMessage(value); + } + bitField0_ |= 0x00000001; + onChanged(); + return this; + } + /** + * 
+     * Status of the session response.
+     *
+     * The status field is populated so that if an error occurs when making an
+     * individual request, then communication with the S2A may continue. If an
+     * error is returned directly (e.g. at the gRPC layer), then it may result
+     * that the bidirectional stream being closed.
+     *
+ * + * .grpc.gcp.Status status = 1; + */ + public Builder setStatus( + io.grpc.s2a.handshaker.Status.Builder builderForValue) { + if (statusBuilder_ == null) { + status_ = builderForValue.build(); + } else { + statusBuilder_.setMessage(builderForValue.build()); + } + bitField0_ |= 0x00000001; + onChanged(); + return this; + } + /** + * 
+     * Status of the session response.
+     *
+     * The status field is populated so that if an error occurs when making an
+     * individual request, then communication with the S2A may continue. If an
+     * error is returned directly (e.g. at the gRPC layer), then it may result
+     * that the bidirectional stream being closed.
+     *
+ * + * .grpc.gcp.Status status = 1; + */ + public Builder mergeStatus(io.grpc.s2a.handshaker.Status value) { + if (statusBuilder_ == null) { + if (((bitField0_ & 0x00000001) != 0) && + status_ != null && + status_ != io.grpc.s2a.handshaker.Status.getDefaultInstance()) { + getStatusBuilder().mergeFrom(value); + } else { + status_ = value; + } + } else { + statusBuilder_.mergeFrom(value); + } + if (status_ != null) { + bitField0_ |= 0x00000001; + onChanged(); + } + return this; + } + /** + * 
+     * Status of the session response.
+     *
+     * The status field is populated so that if an error occurs when making an
+     * individual request, then communication with the S2A may continue. If an
+     * error is returned directly (e.g. at the gRPC layer), then it may result
+     * that the bidirectional stream being closed.
+     *
+ * + * .grpc.gcp.Status status = 1; + */ + public Builder clearStatus() { + bitField0_ = (bitField0_ & ~0x00000001); + status_ = null; + if (statusBuilder_ != null) { + statusBuilder_.dispose(); + statusBuilder_ = null; + } + onChanged(); + return this; + } + /** + * 
+     * Status of the session response.
+     *
+     * The status field is populated so that if an error occurs when making an
+     * individual request, then communication with the S2A may continue. If an
+     * error is returned directly (e.g. at the gRPC layer), then it may result
+     * that the bidirectional stream being closed.
+     *
+ * + * .grpc.gcp.Status status = 1; + */ + public io.grpc.s2a.handshaker.Status.Builder getStatusBuilder() { + bitField0_ |= 0x00000001; + onChanged(); + return getStatusFieldBuilder().getBuilder(); + } + /** + * 
+     * Status of the session response.
+     *
+     * The status field is populated so that if an error occurs when making an
+     * individual request, then communication with the S2A may continue. If an
+     * error is returned directly (e.g. at the gRPC layer), then it may result
+     * that the bidirectional stream being closed.
+     *
+ * + * .grpc.gcp.Status status = 1; + */ + public io.grpc.s2a.handshaker.StatusOrBuilder getStatusOrBuilder() { + if (statusBuilder_ != null) { + return statusBuilder_.getMessageOrBuilder(); + } else { + return status_ == null ? + io.grpc.s2a.handshaker.Status.getDefaultInstance() : status_; + } + } + /** + * 
+     * Status of the session response.
+     *
+     * The status field is populated so that if an error occurs when making an
+     * individual request, then communication with the S2A may continue. If an
+     * error is returned directly (e.g. at the gRPC layer), then it may result
+     * that the bidirectional stream being closed.
+     *
+ * + * .grpc.gcp.Status status = 1; + */ + private com.google.protobuf.SingleFieldBuilderV3< + io.grpc.s2a.handshaker.Status, io.grpc.s2a.handshaker.Status.Builder, io.grpc.s2a.handshaker.StatusOrBuilder> + getStatusFieldBuilder() { + if (statusBuilder_ == null) { + statusBuilder_ = new com.google.protobuf.SingleFieldBuilderV3< + io.grpc.s2a.handshaker.Status, io.grpc.s2a.handshaker.Status.Builder, io.grpc.s2a.handshaker.StatusOrBuilder>( + getStatus(), + getParentForChildren(), + isClean()); + status_ = null; + } + return statusBuilder_; + } + + private com.google.protobuf.SingleFieldBuilderV3< + io.grpc.s2a.handshaker.GetTlsConfigurationResp, io.grpc.s2a.handshaker.GetTlsConfigurationResp.Builder, io.grpc.s2a.handshaker.GetTlsConfigurationRespOrBuilder> getTlsConfigurationRespBuilder_; + /** + * 
+     * Contains the certificate chain and TLS configurations corresponding to
+     * the local identity.
+     *
+ * + * .grpc.gcp.GetTlsConfigurationResp get_tls_configuration_resp = 2; + * @return Whether the getTlsConfigurationResp field is set. + */ + @java.lang.Override + public boolean hasGetTlsConfigurationResp() { + return respOneofCase_ == 2; + } + /** + * 
+     * Contains the certificate chain and TLS configurations corresponding to
+     * the local identity.
+     *
+ * + * .grpc.gcp.GetTlsConfigurationResp get_tls_configuration_resp = 2; + * @return The getTlsConfigurationResp. + */ + @java.lang.Override + public io.grpc.s2a.handshaker.GetTlsConfigurationResp getGetTlsConfigurationResp() { + if (getTlsConfigurationRespBuilder_ == null) { + if (respOneofCase_ == 2) { + return (io.grpc.s2a.handshaker.GetTlsConfigurationResp) respOneof_; + } + return io.grpc.s2a.handshaker.GetTlsConfigurationResp.getDefaultInstance(); + } else { + if (respOneofCase_ == 2) { + return getTlsConfigurationRespBuilder_.getMessage(); + } + return io.grpc.s2a.handshaker.GetTlsConfigurationResp.getDefaultInstance(); + } + } + /** + * 
+     * Contains the certificate chain and TLS configurations corresponding to
+     * the local identity.
+     *
+ * + * .grpc.gcp.GetTlsConfigurationResp get_tls_configuration_resp = 2; + */ + public Builder setGetTlsConfigurationResp(io.grpc.s2a.handshaker.GetTlsConfigurationResp value) { + if (getTlsConfigurationRespBuilder_ == null) { + if (value == null) { + throw new NullPointerException(); + } + respOneof_ = value; + onChanged(); + } else { + getTlsConfigurationRespBuilder_.setMessage(value); + } + respOneofCase_ = 2; + return this; + } + /** + * 
+     * Contains the certificate chain and TLS configurations corresponding to
+     * the local identity.
+     *
+ * + * .grpc.gcp.GetTlsConfigurationResp get_tls_configuration_resp = 2; + */ + public Builder setGetTlsConfigurationResp( + io.grpc.s2a.handshaker.GetTlsConfigurationResp.Builder builderForValue) { + if (getTlsConfigurationRespBuilder_ == null) { + respOneof_ = builderForValue.build(); + onChanged(); + } else { + getTlsConfigurationRespBuilder_.setMessage(builderForValue.build()); + } + respOneofCase_ = 2; + return this; + } + /** + * 
+     * Contains the certificate chain and TLS configurations corresponding to
+     * the local identity.
+     *
+ * + * .grpc.gcp.GetTlsConfigurationResp get_tls_configuration_resp = 2; + */ + public Builder mergeGetTlsConfigurationResp(io.grpc.s2a.handshaker.GetTlsConfigurationResp value) { + if (getTlsConfigurationRespBuilder_ == null) { + if (respOneofCase_ == 2 && + respOneof_ != io.grpc.s2a.handshaker.GetTlsConfigurationResp.getDefaultInstance()) { + respOneof_ = io.grpc.s2a.handshaker.GetTlsConfigurationResp.newBuilder((io.grpc.s2a.handshaker.GetTlsConfigurationResp) respOneof_) + .mergeFrom(value).buildPartial(); + } else { + respOneof_ = value; + } + onChanged(); + } else { + if (respOneofCase_ == 2) { + getTlsConfigurationRespBuilder_.mergeFrom(value); + } else { + getTlsConfigurationRespBuilder_.setMessage(value); + } + } + respOneofCase_ = 2; + return this; + } + /** + * 
+     * Contains the certificate chain and TLS configurations corresponding to
+     * the local identity.
+     *
+ * + * .grpc.gcp.GetTlsConfigurationResp get_tls_configuration_resp = 2; + */ + public Builder clearGetTlsConfigurationResp() { + if (getTlsConfigurationRespBuilder_ == null) { + if (respOneofCase_ == 2) { + respOneofCase_ = 0; + respOneof_ = null; + onChanged(); + } + } else { + if (respOneofCase_ == 2) { + respOneofCase_ = 0; + respOneof_ = null; + } + getTlsConfigurationRespBuilder_.clear(); + } + return this; + } + /** + * 
+     * Contains the certificate chain and TLS configurations corresponding to
+     * the local identity.
+     *
+ * + * .grpc.gcp.GetTlsConfigurationResp get_tls_configuration_resp = 2; + */ + public io.grpc.s2a.handshaker.GetTlsConfigurationResp.Builder getGetTlsConfigurationRespBuilder() { + return getGetTlsConfigurationRespFieldBuilder().getBuilder(); + } + /** + * 
+     * Contains the certificate chain and TLS configurations corresponding to
+     * the local identity.
+     *
+ * + * .grpc.gcp.GetTlsConfigurationResp get_tls_configuration_resp = 2; + */ + @java.lang.Override + public io.grpc.s2a.handshaker.GetTlsConfigurationRespOrBuilder getGetTlsConfigurationRespOrBuilder() { + if ((respOneofCase_ == 2) && (getTlsConfigurationRespBuilder_ != null)) { + return getTlsConfigurationRespBuilder_.getMessageOrBuilder(); + } else { + if (respOneofCase_ == 2) { + return (io.grpc.s2a.handshaker.GetTlsConfigurationResp) respOneof_; + } + return io.grpc.s2a.handshaker.GetTlsConfigurationResp.getDefaultInstance(); + } + } + /** + * 
+     * Contains the certificate chain and TLS configurations corresponding to
+     * the local identity.
+     *
+ * + * .grpc.gcp.GetTlsConfigurationResp get_tls_configuration_resp = 2; + */ + private com.google.protobuf.SingleFieldBuilderV3< + io.grpc.s2a.handshaker.GetTlsConfigurationResp, io.grpc.s2a.handshaker.GetTlsConfigurationResp.Builder, io.grpc.s2a.handshaker.GetTlsConfigurationRespOrBuilder> + getGetTlsConfigurationRespFieldBuilder() { + if (getTlsConfigurationRespBuilder_ == null) { + if (!(respOneofCase_ == 2)) { + respOneof_ = io.grpc.s2a.handshaker.GetTlsConfigurationResp.getDefaultInstance(); + } + getTlsConfigurationRespBuilder_ = new com.google.protobuf.SingleFieldBuilderV3< + io.grpc.s2a.handshaker.GetTlsConfigurationResp, io.grpc.s2a.handshaker.GetTlsConfigurationResp.Builder, io.grpc.s2a.handshaker.GetTlsConfigurationRespOrBuilder>( + (io.grpc.s2a.handshaker.GetTlsConfigurationResp) respOneof_, + getParentForChildren(), + isClean()); + respOneof_ = null; + } + respOneofCase_ = 2; + onChanged(); + return getTlsConfigurationRespBuilder_; + } + + private com.google.protobuf.SingleFieldBuilderV3< + io.grpc.s2a.handshaker.OffloadPrivateKeyOperationResp, io.grpc.s2a.handshaker.OffloadPrivateKeyOperationResp.Builder, io.grpc.s2a.handshaker.OffloadPrivateKeyOperationRespOrBuilder> offloadPrivateKeyOperationRespBuilder_; + /** + * 
+     * Contains the signed or encrypted output bytes using the private key
+     * corresponding to the local identity.
+     *
+ * + * .grpc.gcp.OffloadPrivateKeyOperationResp offload_private_key_operation_resp = 3; + * @return Whether the offloadPrivateKeyOperationResp field is set. + */ + @java.lang.Override + public boolean hasOffloadPrivateKeyOperationResp() { + return respOneofCase_ == 3; + } + /** + * 
+     * Contains the signed or encrypted output bytes using the private key
+     * corresponding to the local identity.
+     *
+ * + * .grpc.gcp.OffloadPrivateKeyOperationResp offload_private_key_operation_resp = 3; + * @return The offloadPrivateKeyOperationResp. + */ + @java.lang.Override + public io.grpc.s2a.handshaker.OffloadPrivateKeyOperationResp getOffloadPrivateKeyOperationResp() { + if (offloadPrivateKeyOperationRespBuilder_ == null) { + if (respOneofCase_ == 3) { + return (io.grpc.s2a.handshaker.OffloadPrivateKeyOperationResp) respOneof_; + } + return io.grpc.s2a.handshaker.OffloadPrivateKeyOperationResp.getDefaultInstance(); + } else { + if (respOneofCase_ == 3) { + return offloadPrivateKeyOperationRespBuilder_.getMessage(); + } + return io.grpc.s2a.handshaker.OffloadPrivateKeyOperationResp.getDefaultInstance(); + } + } + /** + * 
+     * Contains the signed or encrypted output bytes using the private key
+     * corresponding to the local identity.
+     *
+ * + * .grpc.gcp.OffloadPrivateKeyOperationResp offload_private_key_operation_resp = 3; + */ + public Builder setOffloadPrivateKeyOperationResp(io.grpc.s2a.handshaker.OffloadPrivateKeyOperationResp value) { + if (offloadPrivateKeyOperationRespBuilder_ == null) { + if (value == null) { + throw new NullPointerException(); + } + respOneof_ = value; + onChanged(); + } else { + offloadPrivateKeyOperationRespBuilder_.setMessage(value); + } + respOneofCase_ = 3; + return this; + } + /** + * 
+     * Contains the signed or encrypted output bytes using the private key
+     * corresponding to the local identity.
+     *
+ * + * .grpc.gcp.OffloadPrivateKeyOperationResp offload_private_key_operation_resp = 3; + */ + public Builder setOffloadPrivateKeyOperationResp( + io.grpc.s2a.handshaker.OffloadPrivateKeyOperationResp.Builder builderForValue) { + if (offloadPrivateKeyOperationRespBuilder_ == null) { + respOneof_ = builderForValue.build(); + onChanged(); + } else { + offloadPrivateKeyOperationRespBuilder_.setMessage(builderForValue.build()); + } + respOneofCase_ = 3; + return this; + } + /** + * 
+     * Contains the signed or encrypted output bytes using the private key
+     * corresponding to the local identity.
+     *
+ * + * .grpc.gcp.OffloadPrivateKeyOperationResp offload_private_key_operation_resp = 3; + */ + public Builder mergeOffloadPrivateKeyOperationResp(io.grpc.s2a.handshaker.OffloadPrivateKeyOperationResp value) { + if (offloadPrivateKeyOperationRespBuilder_ == null) { + if (respOneofCase_ == 3 && + respOneof_ != io.grpc.s2a.handshaker.OffloadPrivateKeyOperationResp.getDefaultInstance()) { + respOneof_ = io.grpc.s2a.handshaker.OffloadPrivateKeyOperationResp.newBuilder((io.grpc.s2a.handshaker.OffloadPrivateKeyOperationResp) respOneof_) + .mergeFrom(value).buildPartial(); + } else { + respOneof_ = value; + } + onChanged(); + } else { + if (respOneofCase_ == 3) { + offloadPrivateKeyOperationRespBuilder_.mergeFrom(value); + } else { + offloadPrivateKeyOperationRespBuilder_.setMessage(value); + } + } + respOneofCase_ = 3; + return this; + } + /** + * 
+     * Contains the signed or encrypted output bytes using the private key
+     * corresponding to the local identity.
+     *
+ * + * .grpc.gcp.OffloadPrivateKeyOperationResp offload_private_key_operation_resp = 3; + */ + public Builder clearOffloadPrivateKeyOperationResp() { + if (offloadPrivateKeyOperationRespBuilder_ == null) { + if (respOneofCase_ == 3) { + respOneofCase_ = 0; + respOneof_ = null; + onChanged(); + } + } else { + if (respOneofCase_ == 3) { + respOneofCase_ = 0; + respOneof_ = null; + } + offloadPrivateKeyOperationRespBuilder_.clear(); + } + return this; + } + /** + * 
+     * Contains the signed or encrypted output bytes using the private key
+     * corresponding to the local identity.
+     *
+ * + * .grpc.gcp.OffloadPrivateKeyOperationResp offload_private_key_operation_resp = 3; + */ + public io.grpc.s2a.handshaker.OffloadPrivateKeyOperationResp.Builder getOffloadPrivateKeyOperationRespBuilder() { + return getOffloadPrivateKeyOperationRespFieldBuilder().getBuilder(); + } + /** + * 
+     * Contains the signed or encrypted output bytes using the private key
+     * corresponding to the local identity.
+     *
+ * + * .grpc.gcp.OffloadPrivateKeyOperationResp offload_private_key_operation_resp = 3; + */ + @java.lang.Override + public io.grpc.s2a.handshaker.OffloadPrivateKeyOperationRespOrBuilder getOffloadPrivateKeyOperationRespOrBuilder() { + if ((respOneofCase_ == 3) && (offloadPrivateKeyOperationRespBuilder_ != null)) { + return offloadPrivateKeyOperationRespBuilder_.getMessageOrBuilder(); + } else { + if (respOneofCase_ == 3) { + return (io.grpc.s2a.handshaker.OffloadPrivateKeyOperationResp) respOneof_; + } + return io.grpc.s2a.handshaker.OffloadPrivateKeyOperationResp.getDefaultInstance(); + } + } + /** + * 
+     * Contains the signed or encrypted output bytes using the private key
+     * corresponding to the local identity.
+     *
+ * + * .grpc.gcp.OffloadPrivateKeyOperationResp offload_private_key_operation_resp = 3; + */ + private com.google.protobuf.SingleFieldBuilderV3< + io.grpc.s2a.handshaker.OffloadPrivateKeyOperationResp, io.grpc.s2a.handshaker.OffloadPrivateKeyOperationResp.Builder, io.grpc.s2a.handshaker.OffloadPrivateKeyOperationRespOrBuilder> + getOffloadPrivateKeyOperationRespFieldBuilder() { + if (offloadPrivateKeyOperationRespBuilder_ == null) { + if (!(respOneofCase_ == 3)) { + respOneof_ = io.grpc.s2a.handshaker.OffloadPrivateKeyOperationResp.getDefaultInstance(); + } + offloadPrivateKeyOperationRespBuilder_ = new com.google.protobuf.SingleFieldBuilderV3< + io.grpc.s2a.handshaker.OffloadPrivateKeyOperationResp, io.grpc.s2a.handshaker.OffloadPrivateKeyOperationResp.Builder, io.grpc.s2a.handshaker.OffloadPrivateKeyOperationRespOrBuilder>( + (io.grpc.s2a.handshaker.OffloadPrivateKeyOperationResp) respOneof_, + getParentForChildren(), + isClean()); + respOneof_ = null; + } + respOneofCase_ = 3; + onChanged(); + return offloadPrivateKeyOperationRespBuilder_; + } + + private com.google.protobuf.SingleFieldBuilderV3< + io.grpc.s2a.handshaker.OffloadResumptionKeyOperationResp, io.grpc.s2a.handshaker.OffloadResumptionKeyOperationResp.Builder, io.grpc.s2a.handshaker.OffloadResumptionKeyOperationRespOrBuilder> offloadResumptionKeyOperationRespBuilder_; + /** + * 
+     * Contains the encrypted or decrypted output bytes using the resumption key
+     * corresponding to the local identity.
+     *
+ * + * .grpc.gcp.OffloadResumptionKeyOperationResp offload_resumption_key_operation_resp = 4; + * @return Whether the offloadResumptionKeyOperationResp field is set. + */ + @java.lang.Override + public boolean hasOffloadResumptionKeyOperationResp() { + return respOneofCase_ == 4; + } + /** + * 
+     * Contains the encrypted or decrypted output bytes using the resumption key
+     * corresponding to the local identity.
+     *
+ * + * .grpc.gcp.OffloadResumptionKeyOperationResp offload_resumption_key_operation_resp = 4; + * @return The offloadResumptionKeyOperationResp. + */ + @java.lang.Override + public io.grpc.s2a.handshaker.OffloadResumptionKeyOperationResp getOffloadResumptionKeyOperationResp() { + if (offloadResumptionKeyOperationRespBuilder_ == null) { + if (respOneofCase_ == 4) { + return (io.grpc.s2a.handshaker.OffloadResumptionKeyOperationResp) respOneof_; + } + return io.grpc.s2a.handshaker.OffloadResumptionKeyOperationResp.getDefaultInstance(); + } else { + if (respOneofCase_ == 4) { + return offloadResumptionKeyOperationRespBuilder_.getMessage(); + } + return io.grpc.s2a.handshaker.OffloadResumptionKeyOperationResp.getDefaultInstance(); + } + } + /** + * 
+     * Contains the encrypted or decrypted output bytes using the resumption key
+     * corresponding to the local identity.
+     *
+ * + * .grpc.gcp.OffloadResumptionKeyOperationResp offload_resumption_key_operation_resp = 4; + */ + public Builder setOffloadResumptionKeyOperationResp(io.grpc.s2a.handshaker.OffloadResumptionKeyOperationResp value) { + if (offloadResumptionKeyOperationRespBuilder_ == null) { + if (value == null) { + throw new NullPointerException(); + } + respOneof_ = value; + onChanged(); + } else { + offloadResumptionKeyOperationRespBuilder_.setMessage(value); + } + respOneofCase_ = 4; + return this; + } + /** + * 
+     * Contains the encrypted or decrypted output bytes using the resumption key
+     * corresponding to the local identity.
+     *
+ * + * .grpc.gcp.OffloadResumptionKeyOperationResp offload_resumption_key_operation_resp = 4; + */ + public Builder setOffloadResumptionKeyOperationResp( + io.grpc.s2a.handshaker.OffloadResumptionKeyOperationResp.Builder builderForValue) { + if (offloadResumptionKeyOperationRespBuilder_ == null) { + respOneof_ = builderForValue.build(); + onChanged(); + } else { + offloadResumptionKeyOperationRespBuilder_.setMessage(builderForValue.build()); + } + respOneofCase_ = 4; + return this; + } + /** + * 
+     * Contains the encrypted or decrypted output bytes using the resumption key
+     * corresponding to the local identity.
+     *
+ * + * .grpc.gcp.OffloadResumptionKeyOperationResp offload_resumption_key_operation_resp = 4; + */ + public Builder mergeOffloadResumptionKeyOperationResp(io.grpc.s2a.handshaker.OffloadResumptionKeyOperationResp value) { + if (offloadResumptionKeyOperationRespBuilder_ == null) { + if (respOneofCase_ == 4 && + respOneof_ != io.grpc.s2a.handshaker.OffloadResumptionKeyOperationResp.getDefaultInstance()) { + respOneof_ = io.grpc.s2a.handshaker.OffloadResumptionKeyOperationResp.newBuilder((io.grpc.s2a.handshaker.OffloadResumptionKeyOperationResp) respOneof_) + .mergeFrom(value).buildPartial(); + } else { + respOneof_ = value; + } + onChanged(); + } else { + if (respOneofCase_ == 4) { + offloadResumptionKeyOperationRespBuilder_.mergeFrom(value); + } else { + offloadResumptionKeyOperationRespBuilder_.setMessage(value); + } + } + respOneofCase_ = 4; + return this; + } + /** + * 
+     * Contains the encrypted or decrypted output bytes using the resumption key
+     * corresponding to the local identity.
+     *
+ * + * .grpc.gcp.OffloadResumptionKeyOperationResp offload_resumption_key_operation_resp = 4; + */ + public Builder clearOffloadResumptionKeyOperationResp() { + if (offloadResumptionKeyOperationRespBuilder_ == null) { + if (respOneofCase_ == 4) { + respOneofCase_ = 0; + respOneof_ = null; + onChanged(); + } + } else { + if (respOneofCase_ == 4) { + respOneofCase_ = 0; + respOneof_ = null; + } + offloadResumptionKeyOperationRespBuilder_.clear(); + } + return this; + } + /** + * 
+     * Contains the encrypted or decrypted output bytes using the resumption key
+     * corresponding to the local identity.
+     *
+ * + * .grpc.gcp.OffloadResumptionKeyOperationResp offload_resumption_key_operation_resp = 4; + */ + public io.grpc.s2a.handshaker.OffloadResumptionKeyOperationResp.Builder getOffloadResumptionKeyOperationRespBuilder() { + return getOffloadResumptionKeyOperationRespFieldBuilder().getBuilder(); + } + /** + * 
+     * Contains the encrypted or decrypted output bytes using the resumption key
+     * corresponding to the local identity.
+     *
+ * + * .grpc.gcp.OffloadResumptionKeyOperationResp offload_resumption_key_operation_resp = 4; + */ + @java.lang.Override + public io.grpc.s2a.handshaker.OffloadResumptionKeyOperationRespOrBuilder getOffloadResumptionKeyOperationRespOrBuilder() { + if ((respOneofCase_ == 4) && (offloadResumptionKeyOperationRespBuilder_ != null)) { + return offloadResumptionKeyOperationRespBuilder_.getMessageOrBuilder(); + } else { + if (respOneofCase_ == 4) { + return (io.grpc.s2a.handshaker.OffloadResumptionKeyOperationResp) respOneof_; + } + return io.grpc.s2a.handshaker.OffloadResumptionKeyOperationResp.getDefaultInstance(); + } + } + /** + * 
+     * Contains the encrypted or decrypted output bytes using the resumption key
+     * corresponding to the local identity.
+     *
+ * + * .grpc.gcp.OffloadResumptionKeyOperationResp offload_resumption_key_operation_resp = 4; + */ + private com.google.protobuf.SingleFieldBuilderV3< + io.grpc.s2a.handshaker.OffloadResumptionKeyOperationResp, io.grpc.s2a.handshaker.OffloadResumptionKeyOperationResp.Builder, io.grpc.s2a.handshaker.OffloadResumptionKeyOperationRespOrBuilder> + getOffloadResumptionKeyOperationRespFieldBuilder() { + if (offloadResumptionKeyOperationRespBuilder_ == null) { + if (!(respOneofCase_ == 4)) { + respOneof_ = io.grpc.s2a.handshaker.OffloadResumptionKeyOperationResp.getDefaultInstance(); + } + offloadResumptionKeyOperationRespBuilder_ = new com.google.protobuf.SingleFieldBuilderV3< + io.grpc.s2a.handshaker.OffloadResumptionKeyOperationResp, io.grpc.s2a.handshaker.OffloadResumptionKeyOperationResp.Builder, io.grpc.s2a.handshaker.OffloadResumptionKeyOperationRespOrBuilder>( + (io.grpc.s2a.handshaker.OffloadResumptionKeyOperationResp) respOneof_, + getParentForChildren(), + isClean()); + respOneof_ = null; + } + respOneofCase_ = 4; + onChanged(); + return offloadResumptionKeyOperationRespBuilder_; + } + + private com.google.protobuf.SingleFieldBuilderV3< + io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp, io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp.Builder, io.grpc.s2a.handshaker.ValidatePeerCertificateChainRespOrBuilder> validatePeerCertificateChainRespBuilder_; + /** + * 
+     * Contains the validation result, peer identity and fingerprints of peer
+     * certificates.
+     *
+ * + * .grpc.gcp.ValidatePeerCertificateChainResp validate_peer_certificate_chain_resp = 5; + * @return Whether the validatePeerCertificateChainResp field is set. + */ + @java.lang.Override + public boolean hasValidatePeerCertificateChainResp() { + return respOneofCase_ == 5; + } + /** + * 
+     * Contains the validation result, peer identity and fingerprints of peer
+     * certificates.
+     *
+ * + * .grpc.gcp.ValidatePeerCertificateChainResp validate_peer_certificate_chain_resp = 5; + * @return The validatePeerCertificateChainResp. + */ + @java.lang.Override + public io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp getValidatePeerCertificateChainResp() { + if (validatePeerCertificateChainRespBuilder_ == null) { + if (respOneofCase_ == 5) { + return (io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp) respOneof_; + } + return io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp.getDefaultInstance(); + } else { + if (respOneofCase_ == 5) { + return validatePeerCertificateChainRespBuilder_.getMessage(); + } + return io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp.getDefaultInstance(); + } + } + /** + * 
+     * Contains the validation result, peer identity and fingerprints of peer
+     * certificates.
+     *
+ * + * .grpc.gcp.ValidatePeerCertificateChainResp validate_peer_certificate_chain_resp = 5; + */ + public Builder setValidatePeerCertificateChainResp(io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp value) { + if (validatePeerCertificateChainRespBuilder_ == null) { + if (value == null) { + throw new NullPointerException(); + } + respOneof_ = value; + onChanged(); + } else { + validatePeerCertificateChainRespBuilder_.setMessage(value); + } + respOneofCase_ = 5; + return this; + } + /** + * 
+     * Contains the validation result, peer identity and fingerprints of peer
+     * certificates.
+     *
+ * + * .grpc.gcp.ValidatePeerCertificateChainResp validate_peer_certificate_chain_resp = 5; + */ + public Builder setValidatePeerCertificateChainResp( + io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp.Builder builderForValue) { + if (validatePeerCertificateChainRespBuilder_ == null) { + respOneof_ = builderForValue.build(); + onChanged(); + } else { + validatePeerCertificateChainRespBuilder_.setMessage(builderForValue.build()); + } + respOneofCase_ = 5; + return this; + } + /** + * 
+     * Contains the validation result, peer identity and fingerprints of peer
+     * certificates.
+     *
+ * + * .grpc.gcp.ValidatePeerCertificateChainResp validate_peer_certificate_chain_resp = 5; + */ + public Builder mergeValidatePeerCertificateChainResp(io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp value) { + if (validatePeerCertificateChainRespBuilder_ == null) { + if (respOneofCase_ == 5 && + respOneof_ != io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp.getDefaultInstance()) { + respOneof_ = io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp.newBuilder((io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp) respOneof_) + .mergeFrom(value).buildPartial(); + } else { + respOneof_ = value; + } + onChanged(); + } else { + if (respOneofCase_ == 5) { + validatePeerCertificateChainRespBuilder_.mergeFrom(value); + } else { + validatePeerCertificateChainRespBuilder_.setMessage(value); + } + } + respOneofCase_ = 5; + return this; + } + /** + * 
+     * Contains the validation result, peer identity and fingerprints of peer
+     * certificates.
+     *
+ * + * .grpc.gcp.ValidatePeerCertificateChainResp validate_peer_certificate_chain_resp = 5; + */ + public Builder clearValidatePeerCertificateChainResp() { + if (validatePeerCertificateChainRespBuilder_ == null) { + if (respOneofCase_ == 5) { + respOneofCase_ = 0; + respOneof_ = null; + onChanged(); + } + } else { + if (respOneofCase_ == 5) { + respOneofCase_ = 0; + respOneof_ = null; + } + validatePeerCertificateChainRespBuilder_.clear(); + } + return this; + } + /** + * 
+     * Contains the validation result, peer identity and fingerprints of peer
+     * certificates.
+     *
+ * + * .grpc.gcp.ValidatePeerCertificateChainResp validate_peer_certificate_chain_resp = 5; + */ + public io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp.Builder getValidatePeerCertificateChainRespBuilder() { + return getValidatePeerCertificateChainRespFieldBuilder().getBuilder(); + } + /** + * 
+     * Contains the validation result, peer identity and fingerprints of peer
+     * certificates.
+     *
+ * + * .grpc.gcp.ValidatePeerCertificateChainResp validate_peer_certificate_chain_resp = 5; + */ + @java.lang.Override + public io.grpc.s2a.handshaker.ValidatePeerCertificateChainRespOrBuilder getValidatePeerCertificateChainRespOrBuilder() { + if ((respOneofCase_ == 5) && (validatePeerCertificateChainRespBuilder_ != null)) { + return validatePeerCertificateChainRespBuilder_.getMessageOrBuilder(); + } else { + if (respOneofCase_ == 5) { + return (io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp) respOneof_; + } + return io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp.getDefaultInstance(); + } + } + /** + * 
+     * Contains the validation result, peer identity and fingerprints of peer
+     * certificates.
+     *
+ * + * .grpc.gcp.ValidatePeerCertificateChainResp validate_peer_certificate_chain_resp = 5; + */ + private com.google.protobuf.SingleFieldBuilderV3< + io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp, io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp.Builder, io.grpc.s2a.handshaker.ValidatePeerCertificateChainRespOrBuilder> + getValidatePeerCertificateChainRespFieldBuilder() { + if (validatePeerCertificateChainRespBuilder_ == null) { + if (!(respOneofCase_ == 5)) { + respOneof_ = io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp.getDefaultInstance(); + } + validatePeerCertificateChainRespBuilder_ = new com.google.protobuf.SingleFieldBuilderV3< + io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp, io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp.Builder, io.grpc.s2a.handshaker.ValidatePeerCertificateChainRespOrBuilder>( + (io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp) respOneof_, + getParentForChildren(), + isClean()); + respOneof_ = null; + } + respOneofCase_ = 5; + onChanged(); + return validatePeerCertificateChainRespBuilder_; + } + @java.lang.Override + public final Builder setUnknownFields( + final com.google.protobuf.UnknownFieldSet unknownFields) { + return super.setUnknownFields(unknownFields); + } + + @java.lang.Override + public final Builder mergeUnknownFields( + final com.google.protobuf.UnknownFieldSet unknownFields) { + return super.mergeUnknownFields(unknownFields); + } + + + // @@protoc_insertion_point(builder_scope:grpc.gcp.SessionResp) + } + + // @@protoc_insertion_point(class_scope:grpc.gcp.SessionResp) + private static final io.grpc.s2a.handshaker.SessionResp DEFAULT_INSTANCE; + static { + DEFAULT_INSTANCE = new io.grpc.s2a.handshaker.SessionResp(); + } + + public static io.grpc.s2a.handshaker.SessionResp getDefaultInstance() { + return DEFAULT_INSTANCE; + } + + private static final com.google.protobuf.Parser + PARSER = new com.google.protobuf.AbstractParser() { + @java.lang.Override + public SessionResp parsePartialFrom( + com.google.protobuf.CodedInputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + Builder builder = newBuilder(); + try { + builder.mergeFrom(input, extensionRegistry); + } catch (com.google.protobuf.InvalidProtocolBufferException e) { + throw e.setUnfinishedMessage(builder.buildPartial()); + } catch (com.google.protobuf.UninitializedMessageException e) { + throw e.asInvalidProtocolBufferException().setUnfinishedMessage(builder.buildPartial()); + } catch (java.io.IOException e) { + throw new com.google.protobuf.InvalidProtocolBufferException(e) + .setUnfinishedMessage(builder.buildPartial()); + } + return builder.buildPartial(); + } + }; + + public static com.google.protobuf.Parser parser() { + return PARSER; + } + + @java.lang.Override + public com.google.protobuf.Parser getParserForType() { + return PARSER; + } + + @java.lang.Override + public io.grpc.s2a.handshaker.SessionResp getDefaultInstanceForType() { + return DEFAULT_INSTANCE; + } + +} + diff --git a/s2a/src/generated/main/java/io/grpc/s2a/handshaker/SessionRespOrBuilder.java b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/SessionRespOrBuilder.java new file mode 100644 index 000000000000..f3f0589827cd --- /dev/null +++ b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/SessionRespOrBuilder.java @@ -0,0 +1,174 @@ +// Generated by the protocol buffer compiler. DO NOT EDIT! +// source: s2a.proto + +// Protobuf Java Version: 3.25.1 +package io.grpc.s2a.handshaker; + +public interface SessionRespOrBuilder extends + // @@protoc_insertion_point(interface_extends:grpc.gcp.SessionResp) + com.google.protobuf.MessageOrBuilder { + + /** + * 
+   * Status of the session response.
+   *
+   * The status field is populated so that if an error occurs when making an
+   * individual request, then communication with the S2A may continue. If an
+   * error is returned directly (e.g. at the gRPC layer), then it may result
+   * that the bidirectional stream being closed.
+   *
+ * + * .grpc.gcp.Status status = 1; + * @return Whether the status field is set. + */ + boolean hasStatus(); + /** + * 
+   * Status of the session response.
+   *
+   * The status field is populated so that if an error occurs when making an
+   * individual request, then communication with the S2A may continue. If an
+   * error is returned directly (e.g. at the gRPC layer), then it may result
+   * that the bidirectional stream being closed.
+   *
+ * + * .grpc.gcp.Status status = 1; + * @return The status. + */ + io.grpc.s2a.handshaker.Status getStatus(); + /** + * 
+   * Status of the session response.
+   *
+   * The status field is populated so that if an error occurs when making an
+   * individual request, then communication with the S2A may continue. If an
+   * error is returned directly (e.g. at the gRPC layer), then it may result
+   * that the bidirectional stream being closed.
+   *
+ * + * .grpc.gcp.Status status = 1; + */ + io.grpc.s2a.handshaker.StatusOrBuilder getStatusOrBuilder(); + + /** + * 
+   * Contains the certificate chain and TLS configurations corresponding to
+   * the local identity.
+   *
+ * + * .grpc.gcp.GetTlsConfigurationResp get_tls_configuration_resp = 2; + * @return Whether the getTlsConfigurationResp field is set. + */ + boolean hasGetTlsConfigurationResp(); + /** + * 
+   * Contains the certificate chain and TLS configurations corresponding to
+   * the local identity.
+   *
+ * + * .grpc.gcp.GetTlsConfigurationResp get_tls_configuration_resp = 2; + * @return The getTlsConfigurationResp. + */ + io.grpc.s2a.handshaker.GetTlsConfigurationResp getGetTlsConfigurationResp(); + /** + * 
+   * Contains the certificate chain and TLS configurations corresponding to
+   * the local identity.
+   *
+ * + * .grpc.gcp.GetTlsConfigurationResp get_tls_configuration_resp = 2; + */ + io.grpc.s2a.handshaker.GetTlsConfigurationRespOrBuilder getGetTlsConfigurationRespOrBuilder(); + + /** + * 
+   * Contains the signed or encrypted output bytes using the private key
+   * corresponding to the local identity.
+   *
+ * + * .grpc.gcp.OffloadPrivateKeyOperationResp offload_private_key_operation_resp = 3; + * @return Whether the offloadPrivateKeyOperationResp field is set. + */ + boolean hasOffloadPrivateKeyOperationResp(); + /** + * 
+   * Contains the signed or encrypted output bytes using the private key
+   * corresponding to the local identity.
+   *
+ * + * .grpc.gcp.OffloadPrivateKeyOperationResp offload_private_key_operation_resp = 3; + * @return The offloadPrivateKeyOperationResp. + */ + io.grpc.s2a.handshaker.OffloadPrivateKeyOperationResp getOffloadPrivateKeyOperationResp(); + /** + * 
+   * Contains the signed or encrypted output bytes using the private key
+   * corresponding to the local identity.
+   *
+ * + * .grpc.gcp.OffloadPrivateKeyOperationResp offload_private_key_operation_resp = 3; + */ + io.grpc.s2a.handshaker.OffloadPrivateKeyOperationRespOrBuilder getOffloadPrivateKeyOperationRespOrBuilder(); + + /** + * 
+   * Contains the encrypted or decrypted output bytes using the resumption key
+   * corresponding to the local identity.
+   *
+ * + * .grpc.gcp.OffloadResumptionKeyOperationResp offload_resumption_key_operation_resp = 4; + * @return Whether the offloadResumptionKeyOperationResp field is set. + */ + boolean hasOffloadResumptionKeyOperationResp(); + /** + * 
+   * Contains the encrypted or decrypted output bytes using the resumption key
+   * corresponding to the local identity.
+   *
+ * + * .grpc.gcp.OffloadResumptionKeyOperationResp offload_resumption_key_operation_resp = 4; + * @return The offloadResumptionKeyOperationResp. + */ + io.grpc.s2a.handshaker.OffloadResumptionKeyOperationResp getOffloadResumptionKeyOperationResp(); + /** + * 
+   * Contains the encrypted or decrypted output bytes using the resumption key
+   * corresponding to the local identity.
+   *
+ * + * .grpc.gcp.OffloadResumptionKeyOperationResp offload_resumption_key_operation_resp = 4; + */ + io.grpc.s2a.handshaker.OffloadResumptionKeyOperationRespOrBuilder getOffloadResumptionKeyOperationRespOrBuilder(); + + /** + * 
+   * Contains the validation result, peer identity and fingerprints of peer
+   * certificates.
+   *
+ * + * .grpc.gcp.ValidatePeerCertificateChainResp validate_peer_certificate_chain_resp = 5; + * @return Whether the validatePeerCertificateChainResp field is set. + */ + boolean hasValidatePeerCertificateChainResp(); + /** + * 
+   * Contains the validation result, peer identity and fingerprints of peer
+   * certificates.
+   *
+ * + * .grpc.gcp.ValidatePeerCertificateChainResp validate_peer_certificate_chain_resp = 5; + * @return The validatePeerCertificateChainResp. + */ + io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp getValidatePeerCertificateChainResp(); + /** + * 
+   * Contains the validation result, peer identity and fingerprints of peer
+   * certificates.
+   *
+ * + * .grpc.gcp.ValidatePeerCertificateChainResp validate_peer_certificate_chain_resp = 5; + */ + io.grpc.s2a.handshaker.ValidatePeerCertificateChainRespOrBuilder getValidatePeerCertificateChainRespOrBuilder(); + + io.grpc.s2a.handshaker.SessionResp.RespOneofCase getRespOneofCase(); +} diff --git a/s2a/src/generated/main/java/io/grpc/s2a/handshaker/SignatureAlgorithm.java b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/SignatureAlgorithm.java new file mode 100644 index 000000000000..f4d43faa8a51 --- /dev/null +++ b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/SignatureAlgorithm.java @@ -0,0 +1,227 @@ +// Generated by the protocol buffer compiler. DO NOT EDIT! +// source: s2a.proto + +// Protobuf Java Version: 3.25.1 +package io.grpc.s2a.handshaker; + +/** + * Protobuf enum {@code grpc.gcp.SignatureAlgorithm} + */ +public enum SignatureAlgorithm + implements com.google.protobuf.ProtocolMessageEnum { + /** + * S2A_SSL_SIGN_UNSPECIFIED = 0; + */ + S2A_SSL_SIGN_UNSPECIFIED(0), + /** + * 
+   * RSA Public-Key Cryptography Standards #1.
+   *
+ * + * S2A_SSL_SIGN_RSA_PKCS1_SHA256 = 1; + */ + S2A_SSL_SIGN_RSA_PKCS1_SHA256(1), + /** + * S2A_SSL_SIGN_RSA_PKCS1_SHA384 = 2; + */ + S2A_SSL_SIGN_RSA_PKCS1_SHA384(2), + /** + * S2A_SSL_SIGN_RSA_PKCS1_SHA512 = 3; + */ + S2A_SSL_SIGN_RSA_PKCS1_SHA512(3), + /** + * 
+   * ECDSA.
+   *
+ * + * S2A_SSL_SIGN_ECDSA_SECP256R1_SHA256 = 4; + */ + S2A_SSL_SIGN_ECDSA_SECP256R1_SHA256(4), + /** + * S2A_SSL_SIGN_ECDSA_SECP384R1_SHA384 = 5; + */ + S2A_SSL_SIGN_ECDSA_SECP384R1_SHA384(5), + /** + * S2A_SSL_SIGN_ECDSA_SECP521R1_SHA512 = 6; + */ + S2A_SSL_SIGN_ECDSA_SECP521R1_SHA512(6), + /** + * 
+   * RSA Probabilistic Signature Scheme.
+   *
+ * + * S2A_SSL_SIGN_RSA_PSS_RSAE_SHA256 = 7; + */ + S2A_SSL_SIGN_RSA_PSS_RSAE_SHA256(7), + /** + * S2A_SSL_SIGN_RSA_PSS_RSAE_SHA384 = 8; + */ + S2A_SSL_SIGN_RSA_PSS_RSAE_SHA384(8), + /** + * S2A_SSL_SIGN_RSA_PSS_RSAE_SHA512 = 9; + */ + S2A_SSL_SIGN_RSA_PSS_RSAE_SHA512(9), + /** + * 
+   * ED25519.
+   *
+ * + * S2A_SSL_SIGN_ED25519 = 10; + */ + S2A_SSL_SIGN_ED25519(10), + UNRECOGNIZED(-1), + ; + + /** + * S2A_SSL_SIGN_UNSPECIFIED = 0; + */ + public static final int S2A_SSL_SIGN_UNSPECIFIED_VALUE = 0; + /** + * 
+   * RSA Public-Key Cryptography Standards #1.
+   *
+ * + * S2A_SSL_SIGN_RSA_PKCS1_SHA256 = 1; + */ + public static final int S2A_SSL_SIGN_RSA_PKCS1_SHA256_VALUE = 1; + /** + * S2A_SSL_SIGN_RSA_PKCS1_SHA384 = 2; + */ + public static final int S2A_SSL_SIGN_RSA_PKCS1_SHA384_VALUE = 2; + /** + * S2A_SSL_SIGN_RSA_PKCS1_SHA512 = 3; + */ + public static final int S2A_SSL_SIGN_RSA_PKCS1_SHA512_VALUE = 3; + /** + * 
+   * ECDSA.
+   *
+ * + * S2A_SSL_SIGN_ECDSA_SECP256R1_SHA256 = 4; + */ + public static final int S2A_SSL_SIGN_ECDSA_SECP256R1_SHA256_VALUE = 4; + /** + * S2A_SSL_SIGN_ECDSA_SECP384R1_SHA384 = 5; + */ + public static final int S2A_SSL_SIGN_ECDSA_SECP384R1_SHA384_VALUE = 5; + /** + * S2A_SSL_SIGN_ECDSA_SECP521R1_SHA512 = 6; + */ + public static final int S2A_SSL_SIGN_ECDSA_SECP521R1_SHA512_VALUE = 6; + /** + * 
+   * RSA Probabilistic Signature Scheme.
+   *
+ * + * S2A_SSL_SIGN_RSA_PSS_RSAE_SHA256 = 7; + */ + public static final int S2A_SSL_SIGN_RSA_PSS_RSAE_SHA256_VALUE = 7; + /** + * S2A_SSL_SIGN_RSA_PSS_RSAE_SHA384 = 8; + */ + public static final int S2A_SSL_SIGN_RSA_PSS_RSAE_SHA384_VALUE = 8; + /** + * S2A_SSL_SIGN_RSA_PSS_RSAE_SHA512 = 9; + */ + public static final int S2A_SSL_SIGN_RSA_PSS_RSAE_SHA512_VALUE = 9; + /** + * 
+   * ED25519.
+   *
+ * + * S2A_SSL_SIGN_ED25519 = 10; + */ + public static final int S2A_SSL_SIGN_ED25519_VALUE = 10; + + + public final int getNumber() { + if (this == UNRECOGNIZED) { + throw new java.lang.IllegalArgumentException( + "Can't get the number of an unknown enum value."); + } + return value; + } + + /** + * @param value The numeric wire value of the corresponding enum entry. + * @return The enum associated with the given numeric wire value. + * @deprecated Use {@link #forNumber(int)} instead. + */ + @java.lang.Deprecated + public static SignatureAlgorithm valueOf(int value) { + return forNumber(value); + } + + /** + * @param value The numeric wire value of the corresponding enum entry. + * @return The enum associated with the given numeric wire value. + */ + public static SignatureAlgorithm forNumber(int value) { + switch (value) { + case 0: return S2A_SSL_SIGN_UNSPECIFIED; + case 1: return S2A_SSL_SIGN_RSA_PKCS1_SHA256; + case 2: return S2A_SSL_SIGN_RSA_PKCS1_SHA384; + case 3: return S2A_SSL_SIGN_RSA_PKCS1_SHA512; + case 4: return S2A_SSL_SIGN_ECDSA_SECP256R1_SHA256; + case 5: return S2A_SSL_SIGN_ECDSA_SECP384R1_SHA384; + case 6: return S2A_SSL_SIGN_ECDSA_SECP521R1_SHA512; + case 7: return S2A_SSL_SIGN_RSA_PSS_RSAE_SHA256; + case 8: return S2A_SSL_SIGN_RSA_PSS_RSAE_SHA384; + case 9: return S2A_SSL_SIGN_RSA_PSS_RSAE_SHA512; + case 10: return S2A_SSL_SIGN_ED25519; + default: return null; + } + } + + public static com.google.protobuf.Internal.EnumLiteMap + internalGetValueMap() { + return internalValueMap; + } + private static final com.google.protobuf.Internal.EnumLiteMap< + SignatureAlgorithm> internalValueMap = + new com.google.protobuf.Internal.EnumLiteMap() { + public SignatureAlgorithm findValueByNumber(int number) { + return SignatureAlgorithm.forNumber(number); + } + }; + + public final com.google.protobuf.Descriptors.EnumValueDescriptor + getValueDescriptor() { + if (this == UNRECOGNIZED) { + throw new java.lang.IllegalStateException( + "Can't get the descriptor of an unrecognized enum value."); + } + return getDescriptor().getValues().get(ordinal()); + } + public final com.google.protobuf.Descriptors.EnumDescriptor + getDescriptorForType() { + return getDescriptor(); + } + public static final com.google.protobuf.Descriptors.EnumDescriptor + getDescriptor() { + return io.grpc.s2a.handshaker.S2AProto.getDescriptor().getEnumTypes().get(0); + } + + private static final SignatureAlgorithm[] VALUES = values(); + + public static SignatureAlgorithm valueOf( + com.google.protobuf.Descriptors.EnumValueDescriptor desc) { + if (desc.getType() != getDescriptor()) { + throw new java.lang.IllegalArgumentException( + "EnumValueDescriptor is not for this type."); + } + if (desc.getIndex() == -1) { + return UNRECOGNIZED; + } + return VALUES[desc.getIndex()]; + } + + private final int value; + + private SignatureAlgorithm(int value) { + this.value = value; + } + + // @@protoc_insertion_point(enum_scope:grpc.gcp.SignatureAlgorithm) +} + diff --git a/s2a/src/generated/main/java/io/grpc/s2a/handshaker/Status.java b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/Status.java new file mode 100644 index 000000000000..d9273757f488 --- /dev/null +++ b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/Status.java @@ -0,0 +1,656 @@ +// Generated by the protocol buffer compiler. DO NOT EDIT! +// source: s2a.proto + +// Protobuf Java Version: 3.25.1 +package io.grpc.s2a.handshaker; + +/** + * Protobuf type {@code grpc.gcp.Status} + */ +public final class Status extends + com.google.protobuf.GeneratedMessageV3 implements + // @@protoc_insertion_point(message_implements:grpc.gcp.Status) + StatusOrBuilder { +private static final long serialVersionUID = 0L; + // Use Status.newBuilder() to construct. + private Status(com.google.protobuf.GeneratedMessageV3.Builder builder) { + super(builder); + } + private Status() { + details_ = ""; + } + + @java.lang.Override + @SuppressWarnings({"unused"}) + protected java.lang.Object newInstance( + UnusedPrivateParameter unused) { + return new Status(); + } + + public static final com.google.protobuf.Descriptors.Descriptor + getDescriptor() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_Status_descriptor; + } + + @java.lang.Override + protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable + internalGetFieldAccessorTable() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_Status_fieldAccessorTable + .ensureFieldAccessorsInitialized( + io.grpc.s2a.handshaker.Status.class, io.grpc.s2a.handshaker.Status.Builder.class); + } + + public static final int CODE_FIELD_NUMBER = 1; + private int code_ = 0; + /** + * 
+   * The status code that is specific to the application and the implementation
+   * of S2A, e.g., gRPC status code.
+   *
+ * + * uint32 code = 1; + * @return The code. + */ + @java.lang.Override + public int getCode() { + return code_; + } + + public static final int DETAILS_FIELD_NUMBER = 2; + @SuppressWarnings("serial") + private volatile java.lang.Object details_ = ""; + /** + * 
+   * The status details.
+   *
+ * + * string details = 2; + * @return The details. + */ + @java.lang.Override + public java.lang.String getDetails() { + java.lang.Object ref = details_; + if (ref instanceof java.lang.String) { + return (java.lang.String) ref; + } else { + com.google.protobuf.ByteString bs = + (com.google.protobuf.ByteString) ref; + java.lang.String s = bs.toStringUtf8(); + details_ = s; + return s; + } + } + /** + * 
+   * The status details.
+   *
+ * + * string details = 2; + * @return The bytes for details. + */ + @java.lang.Override + public com.google.protobuf.ByteString + getDetailsBytes() { + java.lang.Object ref = details_; + if (ref instanceof java.lang.String) { + com.google.protobuf.ByteString b = + com.google.protobuf.ByteString.copyFromUtf8( + (java.lang.String) ref); + details_ = b; + return b; + } else { + return (com.google.protobuf.ByteString) ref; + } + } + + private byte memoizedIsInitialized = -1; + @java.lang.Override + public final boolean isInitialized() { + byte isInitialized = memoizedIsInitialized; + if (isInitialized == 1) return true; + if (isInitialized == 0) return false; + + memoizedIsInitialized = 1; + return true; + } + + @java.lang.Override + public void writeTo(com.google.protobuf.CodedOutputStream output) + throws java.io.IOException { + if (code_ != 0) { + output.writeUInt32(1, code_); + } + if (!com.google.protobuf.GeneratedMessageV3.isStringEmpty(details_)) { + com.google.protobuf.GeneratedMessageV3.writeString(output, 2, details_); + } + getUnknownFields().writeTo(output); + } + + @java.lang.Override + public int getSerializedSize() { + int size = memoizedSize; + if (size != -1) return size; + + size = 0; + if (code_ != 0) { + size += com.google.protobuf.CodedOutputStream + .computeUInt32Size(1, code_); + } + if (!com.google.protobuf.GeneratedMessageV3.isStringEmpty(details_)) { + size += com.google.protobuf.GeneratedMessageV3.computeStringSize(2, details_); + } + size += getUnknownFields().getSerializedSize(); + memoizedSize = size; + return size; + } + + @java.lang.Override + public boolean equals(final java.lang.Object obj) { + if (obj == this) { + return true; + } + if (!(obj instanceof io.grpc.s2a.handshaker.Status)) { + return super.equals(obj); + } + io.grpc.s2a.handshaker.Status other = (io.grpc.s2a.handshaker.Status) obj; + + if (getCode() + != other.getCode()) return false; + if (!getDetails() + .equals(other.getDetails())) return false; + if (!getUnknownFields().equals(other.getUnknownFields())) return false; + return true; + } + + @java.lang.Override + public int hashCode() { + if (memoizedHashCode != 0) { + return memoizedHashCode; + } + int hash = 41; + hash = (19 * hash) + getDescriptor().hashCode(); + hash = (37 * hash) + CODE_FIELD_NUMBER; + hash = (53 * hash) + getCode(); + hash = (37 * hash) + DETAILS_FIELD_NUMBER; + hash = (53 * hash) + getDetails().hashCode(); + hash = (29 * hash) + getUnknownFields().hashCode(); + memoizedHashCode = hash; + return hash; + } + + public static io.grpc.s2a.handshaker.Status parseFrom( + java.nio.ByteBuffer data) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data); + } + public static io.grpc.s2a.handshaker.Status parseFrom( + java.nio.ByteBuffer data, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data, extensionRegistry); + } + public static io.grpc.s2a.handshaker.Status parseFrom( + com.google.protobuf.ByteString data) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data); + } + public static io.grpc.s2a.handshaker.Status parseFrom( + com.google.protobuf.ByteString data, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data, extensionRegistry); + } + public static io.grpc.s2a.handshaker.Status parseFrom(byte[] data) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data); + } + public static io.grpc.s2a.handshaker.Status parseFrom( + byte[] data, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data, extensionRegistry); + } + public static io.grpc.s2a.handshaker.Status parseFrom(java.io.InputStream input) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input); + } + public static io.grpc.s2a.handshaker.Status parseFrom( + java.io.InputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input, extensionRegistry); + } + + public static io.grpc.s2a.handshaker.Status parseDelimitedFrom(java.io.InputStream input) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseDelimitedWithIOException(PARSER, input); + } + + public static io.grpc.s2a.handshaker.Status parseDelimitedFrom( + java.io.InputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseDelimitedWithIOException(PARSER, input, extensionRegistry); + } + public static io.grpc.s2a.handshaker.Status parseFrom( + com.google.protobuf.CodedInputStream input) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input); + } + public static io.grpc.s2a.handshaker.Status parseFrom( + com.google.protobuf.CodedInputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input, extensionRegistry); + } + + @java.lang.Override + public Builder newBuilderForType() { return newBuilder(); } + public static Builder newBuilder() { + return DEFAULT_INSTANCE.toBuilder(); + } + public static Builder newBuilder(io.grpc.s2a.handshaker.Status prototype) { + return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype); + } + @java.lang.Override + public Builder toBuilder() { + return this == DEFAULT_INSTANCE + ? new Builder() : new Builder().mergeFrom(this); + } + + @java.lang.Override + protected Builder newBuilderForType( + com.google.protobuf.GeneratedMessageV3.BuilderParent parent) { + Builder builder = new Builder(parent); + return builder; + } + /** + * Protobuf type {@code grpc.gcp.Status} + */ + public static final class Builder extends + com.google.protobuf.GeneratedMessageV3.Builder implements + // @@protoc_insertion_point(builder_implements:grpc.gcp.Status) + io.grpc.s2a.handshaker.StatusOrBuilder { + public static final com.google.protobuf.Descriptors.Descriptor + getDescriptor() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_Status_descriptor; + } + + @java.lang.Override + protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable + internalGetFieldAccessorTable() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_Status_fieldAccessorTable + .ensureFieldAccessorsInitialized( + io.grpc.s2a.handshaker.Status.class, io.grpc.s2a.handshaker.Status.Builder.class); + } + + // Construct using io.grpc.s2a.handshaker.Status.newBuilder() + private Builder() { + + } + + private Builder( + com.google.protobuf.GeneratedMessageV3.BuilderParent parent) { + super(parent); + + } + @java.lang.Override + public Builder clear() { + super.clear(); + bitField0_ = 0; + code_ = 0; + details_ = ""; + return this; + } + + @java.lang.Override + public com.google.protobuf.Descriptors.Descriptor + getDescriptorForType() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_Status_descriptor; + } + + @java.lang.Override + public io.grpc.s2a.handshaker.Status getDefaultInstanceForType() { + return io.grpc.s2a.handshaker.Status.getDefaultInstance(); + } + + @java.lang.Override + public io.grpc.s2a.handshaker.Status build() { + io.grpc.s2a.handshaker.Status result = buildPartial(); + if (!result.isInitialized()) { + throw newUninitializedMessageException(result); + } + return result; + } + + @java.lang.Override + public io.grpc.s2a.handshaker.Status buildPartial() { + io.grpc.s2a.handshaker.Status result = new io.grpc.s2a.handshaker.Status(this); + if (bitField0_ != 0) { buildPartial0(result); } + onBuilt(); + return result; + } + + private void buildPartial0(io.grpc.s2a.handshaker.Status result) { + int from_bitField0_ = bitField0_; + if (((from_bitField0_ & 0x00000001) != 0)) { + result.code_ = code_; + } + if (((from_bitField0_ & 0x00000002) != 0)) { + result.details_ = details_; + } + } + + @java.lang.Override + public Builder clone() { + return super.clone(); + } + @java.lang.Override + public Builder setField( + com.google.protobuf.Descriptors.FieldDescriptor field, + java.lang.Object value) { + return super.setField(field, value); + } + @java.lang.Override + public Builder clearField( + com.google.protobuf.Descriptors.FieldDescriptor field) { + return super.clearField(field); + } + @java.lang.Override + public Builder clearOneof( + com.google.protobuf.Descriptors.OneofDescriptor oneof) { + return super.clearOneof(oneof); + } + @java.lang.Override + public Builder setRepeatedField( + com.google.protobuf.Descriptors.FieldDescriptor field, + int index, java.lang.Object value) { + return super.setRepeatedField(field, index, value); + } + @java.lang.Override + public Builder addRepeatedField( + com.google.protobuf.Descriptors.FieldDescriptor field, + java.lang.Object value) { + return super.addRepeatedField(field, value); + } + @java.lang.Override + public Builder mergeFrom(com.google.protobuf.Message other) { + if (other instanceof io.grpc.s2a.handshaker.Status) { + return mergeFrom((io.grpc.s2a.handshaker.Status)other); + } else { + super.mergeFrom(other); + return this; + } + } + + public Builder mergeFrom(io.grpc.s2a.handshaker.Status other) { + if (other == io.grpc.s2a.handshaker.Status.getDefaultInstance()) return this; + if (other.getCode() != 0) { + setCode(other.getCode()); + } + if (!other.getDetails().isEmpty()) { + details_ = other.details_; + bitField0_ |= 0x00000002; + onChanged(); + } + this.mergeUnknownFields(other.getUnknownFields()); + onChanged(); + return this; + } + + @java.lang.Override + public final boolean isInitialized() { + return true; + } + + @java.lang.Override + public Builder mergeFrom( + com.google.protobuf.CodedInputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + if (extensionRegistry == null) { + throw new java.lang.NullPointerException(); + } + try { + boolean done = false; + while (!done) { + int tag = input.readTag(); + switch (tag) { + case 0: + done = true; + break; + case 8: { + code_ = input.readUInt32(); + bitField0_ |= 0x00000001; + break; + } // case 8 + case 18: { + details_ = input.readStringRequireUtf8(); + bitField0_ |= 0x00000002; + break; + } // case 18 + default: { + if (!super.parseUnknownField(input, extensionRegistry, tag)) { + done = true; // was an endgroup tag + } + break; + } // default: + } // switch (tag) + } // while (!done) + } catch (com.google.protobuf.InvalidProtocolBufferException e) { + throw e.unwrapIOException(); + } finally { + onChanged(); + } // finally + return this; + } + private int bitField0_; + + private int code_ ; + /** + * 
+     * The status code that is specific to the application and the implementation
+     * of S2A, e.g., gRPC status code.
+     *
+ * + * uint32 code = 1; + * @return The code. + */ + @java.lang.Override + public int getCode() { + return code_; + } + /** + * 
+     * The status code that is specific to the application and the implementation
+     * of S2A, e.g., gRPC status code.
+     *
+ * + * uint32 code = 1; + * @param value The code to set. + * @return This builder for chaining. + */ + public Builder setCode(int value) { + + code_ = value; + bitField0_ |= 0x00000001; + onChanged(); + return this; + } + /** + * 
+     * The status code that is specific to the application and the implementation
+     * of S2A, e.g., gRPC status code.
+     *
+ * + * uint32 code = 1; + * @return This builder for chaining. + */ + public Builder clearCode() { + bitField0_ = (bitField0_ & ~0x00000001); + code_ = 0; + onChanged(); + return this; + } + + private java.lang.Object details_ = ""; + /** + * 
+     * The status details.
+     *
+ * + * string details = 2; + * @return The details. + */ + public java.lang.String getDetails() { + java.lang.Object ref = details_; + if (!(ref instanceof java.lang.String)) { + com.google.protobuf.ByteString bs = + (com.google.protobuf.ByteString) ref; + java.lang.String s = bs.toStringUtf8(); + details_ = s; + return s; + } else { + return (java.lang.String) ref; + } + } + /** + * 
+     * The status details.
+     *
+ * + * string details = 2; + * @return The bytes for details. + */ + public com.google.protobuf.ByteString + getDetailsBytes() { + java.lang.Object ref = details_; + if (ref instanceof String) { + com.google.protobuf.ByteString b = + com.google.protobuf.ByteString.copyFromUtf8( + (java.lang.String) ref); + details_ = b; + return b; + } else { + return (com.google.protobuf.ByteString) ref; + } + } + /** + * 
+     * The status details.
+     *
+ * + * string details = 2; + * @param value The details to set. + * @return This builder for chaining. + */ + public Builder setDetails( + java.lang.String value) { + if (value == null) { throw new NullPointerException(); } + details_ = value; + bitField0_ |= 0x00000002; + onChanged(); + return this; + } + /** + * 
+     * The status details.
+     *
+ * + * string details = 2; + * @return This builder for chaining. + */ + public Builder clearDetails() { + details_ = getDefaultInstance().getDetails(); + bitField0_ = (bitField0_ & ~0x00000002); + onChanged(); + return this; + } + /** + * 
+     * The status details.
+     *
+ * + * string details = 2; + * @param value The bytes for details to set. + * @return This builder for chaining. + */ + public Builder setDetailsBytes( + com.google.protobuf.ByteString value) { + if (value == null) { throw new NullPointerException(); } + checkByteStringIsUtf8(value); + details_ = value; + bitField0_ |= 0x00000002; + onChanged(); + return this; + } + @java.lang.Override + public final Builder setUnknownFields( + final com.google.protobuf.UnknownFieldSet unknownFields) { + return super.setUnknownFields(unknownFields); + } + + @java.lang.Override + public final Builder mergeUnknownFields( + final com.google.protobuf.UnknownFieldSet unknownFields) { + return super.mergeUnknownFields(unknownFields); + } + + + // @@protoc_insertion_point(builder_scope:grpc.gcp.Status) + } + + // @@protoc_insertion_point(class_scope:grpc.gcp.Status) + private static final io.grpc.s2a.handshaker.Status DEFAULT_INSTANCE; + static { + DEFAULT_INSTANCE = new io.grpc.s2a.handshaker.Status(); + } + + public static io.grpc.s2a.handshaker.Status getDefaultInstance() { + return DEFAULT_INSTANCE; + } + + private static final com.google.protobuf.Parser + PARSER = new com.google.protobuf.AbstractParser() { + @java.lang.Override + public Status parsePartialFrom( + com.google.protobuf.CodedInputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + Builder builder = newBuilder(); + try { + builder.mergeFrom(input, extensionRegistry); + } catch (com.google.protobuf.InvalidProtocolBufferException e) { + throw e.setUnfinishedMessage(builder.buildPartial()); + } catch (com.google.protobuf.UninitializedMessageException e) { + throw e.asInvalidProtocolBufferException().setUnfinishedMessage(builder.buildPartial()); + } catch (java.io.IOException e) { + throw new com.google.protobuf.InvalidProtocolBufferException(e) + .setUnfinishedMessage(builder.buildPartial()); + } + return builder.buildPartial(); + } + }; + + public static com.google.protobuf.Parser parser() { + return PARSER; + } + + @java.lang.Override + public com.google.protobuf.Parser getParserForType() { + return PARSER; + } + + @java.lang.Override + public io.grpc.s2a.handshaker.Status getDefaultInstanceForType() { + return DEFAULT_INSTANCE; + } + +} + diff --git a/s2a/src/generated/main/java/io/grpc/s2a/handshaker/StatusOrBuilder.java b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/StatusOrBuilder.java new file mode 100644 index 000000000000..5cc24546b77e --- /dev/null +++ b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/StatusOrBuilder.java @@ -0,0 +1,41 @@ +// Generated by the protocol buffer compiler. DO NOT EDIT! +// source: s2a.proto + +// Protobuf Java Version: 3.25.1 +package io.grpc.s2a.handshaker; + +public interface StatusOrBuilder extends + // @@protoc_insertion_point(interface_extends:grpc.gcp.Status) + com.google.protobuf.MessageOrBuilder { + + /** + * 
+   * The status code that is specific to the application and the implementation
+   * of S2A, e.g., gRPC status code.
+   *
+ * + * uint32 code = 1; + * @return The code. + */ + int getCode(); + + /** + * 
+   * The status details.
+   *
+ * + * string details = 2; + * @return The details. + */ + java.lang.String getDetails(); + /** + * 
+   * The status details.
+   *
+ * + * string details = 2; + * @return The bytes for details. + */ + com.google.protobuf.ByteString + getDetailsBytes(); +} diff --git a/s2a/src/generated/main/java/io/grpc/s2a/handshaker/TLSVersion.java b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/TLSVersion.java new file mode 100644 index 000000000000..057036bc71d9 --- /dev/null +++ b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/TLSVersion.java @@ -0,0 +1,145 @@ +// Generated by the protocol buffer compiler. DO NOT EDIT! +// source: common.proto + +// Protobuf Java Version: 3.25.1 +package io.grpc.s2a.handshaker; + +/** + * 
+ * The TLS versions supported by S2A's handshaker module.
+ *
+ * + * Protobuf enum {@code grpc.gcp.TLSVersion} + */ +public enum TLSVersion + implements com.google.protobuf.ProtocolMessageEnum { + /** + * TLS_VERSION_UNSPECIFIED = 0; + */ + TLS_VERSION_UNSPECIFIED(0), + /** + * TLS_VERSION_1_0 = 1; + */ + TLS_VERSION_1_0(1), + /** + * TLS_VERSION_1_1 = 2; + */ + TLS_VERSION_1_1(2), + /** + * TLS_VERSION_1_2 = 3; + */ + TLS_VERSION_1_2(3), + /** + * TLS_VERSION_1_3 = 4; + */ + TLS_VERSION_1_3(4), + UNRECOGNIZED(-1), + ; + + /** + * TLS_VERSION_UNSPECIFIED = 0; + */ + public static final int TLS_VERSION_UNSPECIFIED_VALUE = 0; + /** + * TLS_VERSION_1_0 = 1; + */ + public static final int TLS_VERSION_1_0_VALUE = 1; + /** + * TLS_VERSION_1_1 = 2; + */ + public static final int TLS_VERSION_1_1_VALUE = 2; + /** + * TLS_VERSION_1_2 = 3; + */ + public static final int TLS_VERSION_1_2_VALUE = 3; + /** + * TLS_VERSION_1_3 = 4; + */ + public static final int TLS_VERSION_1_3_VALUE = 4; + + + public final int getNumber() { + if (this == UNRECOGNIZED) { + throw new java.lang.IllegalArgumentException( + "Can't get the number of an unknown enum value."); + } + return value; + } + + /** + * @param value The numeric wire value of the corresponding enum entry. + * @return The enum associated with the given numeric wire value. + * @deprecated Use {@link #forNumber(int)} instead. + */ + @java.lang.Deprecated + public static TLSVersion valueOf(int value) { + return forNumber(value); + } + + /** + * @param value The numeric wire value of the corresponding enum entry. + * @return The enum associated with the given numeric wire value. + */ + public static TLSVersion forNumber(int value) { + switch (value) { + case 0: return TLS_VERSION_UNSPECIFIED; + case 1: return TLS_VERSION_1_0; + case 2: return TLS_VERSION_1_1; + case 3: return TLS_VERSION_1_2; + case 4: return TLS_VERSION_1_3; + default: return null; + } + } + + public static com.google.protobuf.Internal.EnumLiteMap + internalGetValueMap() { + return internalValueMap; + } + private static final com.google.protobuf.Internal.EnumLiteMap< + TLSVersion> internalValueMap = + new com.google.protobuf.Internal.EnumLiteMap() { + public TLSVersion findValueByNumber(int number) { + return TLSVersion.forNumber(number); + } + }; + + public final com.google.protobuf.Descriptors.EnumValueDescriptor + getValueDescriptor() { + if (this == UNRECOGNIZED) { + throw new java.lang.IllegalStateException( + "Can't get the descriptor of an unrecognized enum value."); + } + return getDescriptor().getValues().get(ordinal()); + } + public final com.google.protobuf.Descriptors.EnumDescriptor + getDescriptorForType() { + return getDescriptor(); + } + public static final com.google.protobuf.Descriptors.EnumDescriptor + getDescriptor() { + return io.grpc.s2a.handshaker.CommonProto.getDescriptor().getEnumTypes().get(1); + } + + private static final TLSVersion[] VALUES = values(); + + public static TLSVersion valueOf( + com.google.protobuf.Descriptors.EnumValueDescriptor desc) { + if (desc.getType() != getDescriptor()) { + throw new java.lang.IllegalArgumentException( + "EnumValueDescriptor is not for this type."); + } + if (desc.getIndex() == -1) { + return UNRECOGNIZED; + } + return VALUES[desc.getIndex()]; + } + + private final int value; + + private TLSVersion(int value) { + this.value = value; + } + + // @@protoc_insertion_point(enum_scope:grpc.gcp.TLSVersion) +} + diff --git a/s2a/src/generated/main/java/io/grpc/s2a/handshaker/ValidatePeerCertificateChainReq.java b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/ValidatePeerCertificateChainReq.java new file mode 100644 index 000000000000..b8bbea7bff55 --- /dev/null +++ b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/ValidatePeerCertificateChainReq.java @@ -0,0 +1,2730 @@ +// Generated by the protocol buffer compiler. DO NOT EDIT! +// source: s2a.proto + +// Protobuf Java Version: 3.25.1 +package io.grpc.s2a.handshaker; + +/** + * Protobuf type {@code grpc.gcp.ValidatePeerCertificateChainReq} + */ +public final class ValidatePeerCertificateChainReq extends + com.google.protobuf.GeneratedMessageV3 implements + // @@protoc_insertion_point(message_implements:grpc.gcp.ValidatePeerCertificateChainReq) + ValidatePeerCertificateChainReqOrBuilder { +private static final long serialVersionUID = 0L; + // Use ValidatePeerCertificateChainReq.newBuilder() to construct. + private ValidatePeerCertificateChainReq(com.google.protobuf.GeneratedMessageV3.Builder builder) { + super(builder); + } + private ValidatePeerCertificateChainReq() { + mode_ = 0; + } + + @java.lang.Override + @SuppressWarnings({"unused"}) + protected java.lang.Object newInstance( + UnusedPrivateParameter unused) { + return new ValidatePeerCertificateChainReq(); + } + + public static final com.google.protobuf.Descriptors.Descriptor + getDescriptor() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_ValidatePeerCertificateChainReq_descriptor; + } + + @java.lang.Override + protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable + internalGetFieldAccessorTable() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_ValidatePeerCertificateChainReq_fieldAccessorTable + .ensureFieldAccessorsInitialized( + io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.class, io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.Builder.class); + } + + /** + * Protobuf enum {@code grpc.gcp.ValidatePeerCertificateChainReq.VerificationMode} + */ + public enum VerificationMode + implements com.google.protobuf.ProtocolMessageEnum { + /** + * 
+     * The default verification mode supported by S2A.
+     *
+ * + * UNSPECIFIED = 0; + */ + UNSPECIFIED(0), + /** + * 
+     * The SPIFFE verification mode selects the set of trusted certificates to
+     * use for path building based on the SPIFFE trust domain in the peer's leaf
+     * certificate.
+     *
+ * + * SPIFFE = 1; + */ + SPIFFE(1), + /** + * 
+     * The connect-to-Google verification mode uses the trust bundle for
+     * connecting to Google, e.g. *.mtls.googleapis.com endpoints.
+     *
+ * + * CONNECT_TO_GOOGLE = 2; + */ + CONNECT_TO_GOOGLE(2), + UNRECOGNIZED(-1), + ; + + /** + * 
+     * The default verification mode supported by S2A.
+     *
+ * + * UNSPECIFIED = 0; + */ + public static final int UNSPECIFIED_VALUE = 0; + /** + * 
+     * The SPIFFE verification mode selects the set of trusted certificates to
+     * use for path building based on the SPIFFE trust domain in the peer's leaf
+     * certificate.
+     *
+ * + * SPIFFE = 1; + */ + public static final int SPIFFE_VALUE = 1; + /** + * 
+     * The connect-to-Google verification mode uses the trust bundle for
+     * connecting to Google, e.g. *.mtls.googleapis.com endpoints.
+     *
+ * + * CONNECT_TO_GOOGLE = 2; + */ + public static final int CONNECT_TO_GOOGLE_VALUE = 2; + + + public final int getNumber() { + if (this == UNRECOGNIZED) { + throw new java.lang.IllegalArgumentException( + "Can't get the number of an unknown enum value."); + } + return value; + } + + /** + * @param value The numeric wire value of the corresponding enum entry. + * @return The enum associated with the given numeric wire value. + * @deprecated Use {@link #forNumber(int)} instead. + */ + @java.lang.Deprecated + public static VerificationMode valueOf(int value) { + return forNumber(value); + } + + /** + * @param value The numeric wire value of the corresponding enum entry. + * @return The enum associated with the given numeric wire value. + */ + public static VerificationMode forNumber(int value) { + switch (value) { + case 0: return UNSPECIFIED; + case 1: return SPIFFE; + case 2: return CONNECT_TO_GOOGLE; + default: return null; + } + } + + public static com.google.protobuf.Internal.EnumLiteMap + internalGetValueMap() { + return internalValueMap; + } + private static final com.google.protobuf.Internal.EnumLiteMap< + VerificationMode> internalValueMap = + new com.google.protobuf.Internal.EnumLiteMap() { + public VerificationMode findValueByNumber(int number) { + return VerificationMode.forNumber(number); + } + }; + + public final com.google.protobuf.Descriptors.EnumValueDescriptor + getValueDescriptor() { + if (this == UNRECOGNIZED) { + throw new java.lang.IllegalStateException( + "Can't get the descriptor of an unrecognized enum value."); + } + return getDescriptor().getValues().get(ordinal()); + } + public final com.google.protobuf.Descriptors.EnumDescriptor + getDescriptorForType() { + return getDescriptor(); + } + public static final com.google.protobuf.Descriptors.EnumDescriptor + getDescriptor() { + return io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.getDescriptor().getEnumTypes().get(0); + } + + private static final VerificationMode[] VALUES = values(); + + public static VerificationMode valueOf( + com.google.protobuf.Descriptors.EnumValueDescriptor desc) { + if (desc.getType() != getDescriptor()) { + throw new java.lang.IllegalArgumentException( + "EnumValueDescriptor is not for this type."); + } + if (desc.getIndex() == -1) { + return UNRECOGNIZED; + } + return VALUES[desc.getIndex()]; + } + + private final int value; + + private VerificationMode(int value) { + this.value = value; + } + + // @@protoc_insertion_point(enum_scope:grpc.gcp.ValidatePeerCertificateChainReq.VerificationMode) + } + + public interface ClientPeerOrBuilder extends + // @@protoc_insertion_point(interface_extends:grpc.gcp.ValidatePeerCertificateChainReq.ClientPeer) + com.google.protobuf.MessageOrBuilder { + + /** + * 
+     * The certificate chain to be verified. The chain MUST be a list of
+     * DER-encoded certificates, ordered from leaf to root, excluding the root.
+     *
+ * + * repeated bytes certificate_chain = 1; + * @return A list containing the certificateChain. + */ + java.util.List getCertificateChainList(); + /** + * 
+     * The certificate chain to be verified. The chain MUST be a list of
+     * DER-encoded certificates, ordered from leaf to root, excluding the root.
+     *
+ * + * repeated bytes certificate_chain = 1; + * @return The count of certificateChain. + */ + int getCertificateChainCount(); + /** + * 
+     * The certificate chain to be verified. The chain MUST be a list of
+     * DER-encoded certificates, ordered from leaf to root, excluding the root.
+     *
+ * + * repeated bytes certificate_chain = 1; + * @param index The index of the element to return. + * @return The certificateChain at the given index. + */ + com.google.protobuf.ByteString getCertificateChain(int index); + } + /** + * Protobuf type {@code grpc.gcp.ValidatePeerCertificateChainReq.ClientPeer} + */ + public static final class ClientPeer extends + com.google.protobuf.GeneratedMessageV3 implements + // @@protoc_insertion_point(message_implements:grpc.gcp.ValidatePeerCertificateChainReq.ClientPeer) + ClientPeerOrBuilder { + private static final long serialVersionUID = 0L; + // Use ClientPeer.newBuilder() to construct. + private ClientPeer(com.google.protobuf.GeneratedMessageV3.Builder builder) { + super(builder); + } + private ClientPeer() { + certificateChain_ = emptyList(com.google.protobuf.ByteString.class); + } + + @java.lang.Override + @SuppressWarnings({"unused"}) + protected java.lang.Object newInstance( + UnusedPrivateParameter unused) { + return new ClientPeer(); + } + + public static final com.google.protobuf.Descriptors.Descriptor + getDescriptor() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_ValidatePeerCertificateChainReq_ClientPeer_descriptor; + } + + @java.lang.Override + protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable + internalGetFieldAccessorTable() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_ValidatePeerCertificateChainReq_ClientPeer_fieldAccessorTable + .ensureFieldAccessorsInitialized( + io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeer.class, io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeer.Builder.class); + } + + public static final int CERTIFICATE_CHAIN_FIELD_NUMBER = 1; + @SuppressWarnings("serial") + private com.google.protobuf.Internal.ProtobufList certificateChain_ = + emptyList(com.google.protobuf.ByteString.class); + /** + * 
+     * The certificate chain to be verified. The chain MUST be a list of
+     * DER-encoded certificates, ordered from leaf to root, excluding the root.
+     *
+ * + * repeated bytes certificate_chain = 1; + * @return A list containing the certificateChain. + */ + @java.lang.Override + public java.util.List + getCertificateChainList() { + return certificateChain_; + } + /** + * 
+     * The certificate chain to be verified. The chain MUST be a list of
+     * DER-encoded certificates, ordered from leaf to root, excluding the root.
+     *
+ * + * repeated bytes certificate_chain = 1; + * @return The count of certificateChain. + */ + public int getCertificateChainCount() { + return certificateChain_.size(); + } + /** + * 
+     * The certificate chain to be verified. The chain MUST be a list of
+     * DER-encoded certificates, ordered from leaf to root, excluding the root.
+     *
+ * + * repeated bytes certificate_chain = 1; + * @param index The index of the element to return. + * @return The certificateChain at the given index. + */ + public com.google.protobuf.ByteString getCertificateChain(int index) { + return certificateChain_.get(index); + } + + private byte memoizedIsInitialized = -1; + @java.lang.Override + public final boolean isInitialized() { + byte isInitialized = memoizedIsInitialized; + if (isInitialized == 1) return true; + if (isInitialized == 0) return false; + + memoizedIsInitialized = 1; + return true; + } + + @java.lang.Override + public void writeTo(com.google.protobuf.CodedOutputStream output) + throws java.io.IOException { + for (int i = 0; i < certificateChain_.size(); i++) { + output.writeBytes(1, certificateChain_.get(i)); + } + getUnknownFields().writeTo(output); + } + + @java.lang.Override + public int getSerializedSize() { + int size = memoizedSize; + if (size != -1) return size; + + size = 0; + { + int dataSize = 0; + for (int i = 0; i < certificateChain_.size(); i++) { + dataSize += com.google.protobuf.CodedOutputStream + .computeBytesSizeNoTag(certificateChain_.get(i)); + } + size += dataSize; + size += 1 * getCertificateChainList().size(); + } + size += getUnknownFields().getSerializedSize(); + memoizedSize = size; + return size; + } + + @java.lang.Override + public boolean equals(final java.lang.Object obj) { + if (obj == this) { + return true; + } + if (!(obj instanceof io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeer)) { + return super.equals(obj); + } + io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeer other = (io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeer) obj; + + if (!getCertificateChainList() + .equals(other.getCertificateChainList())) return false; + if (!getUnknownFields().equals(other.getUnknownFields())) return false; + return true; + } + + @java.lang.Override + public int hashCode() { + if (memoizedHashCode != 0) { + return memoizedHashCode; + } + int hash = 41; + hash = (19 * hash) + getDescriptor().hashCode(); + if (getCertificateChainCount() > 0) { + hash = (37 * hash) + CERTIFICATE_CHAIN_FIELD_NUMBER; + hash = (53 * hash) + getCertificateChainList().hashCode(); + } + hash = (29 * hash) + getUnknownFields().hashCode(); + memoizedHashCode = hash; + return hash; + } + + public static io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeer parseFrom( + java.nio.ByteBuffer data) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data); + } + public static io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeer parseFrom( + java.nio.ByteBuffer data, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data, extensionRegistry); + } + public static io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeer parseFrom( + com.google.protobuf.ByteString data) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data); + } + public static io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeer parseFrom( + com.google.protobuf.ByteString data, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data, extensionRegistry); + } + public static io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeer parseFrom(byte[] data) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data); + } + public static io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeer parseFrom( + byte[] data, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data, extensionRegistry); + } + public static io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeer parseFrom(java.io.InputStream input) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input); + } + public static io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeer parseFrom( + java.io.InputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input, extensionRegistry); + } + + public static io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeer parseDelimitedFrom(java.io.InputStream input) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseDelimitedWithIOException(PARSER, input); + } + + public static io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeer parseDelimitedFrom( + java.io.InputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseDelimitedWithIOException(PARSER, input, extensionRegistry); + } + public static io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeer parseFrom( + com.google.protobuf.CodedInputStream input) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input); + } + public static io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeer parseFrom( + com.google.protobuf.CodedInputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input, extensionRegistry); + } + + @java.lang.Override + public Builder newBuilderForType() { return newBuilder(); } + public static Builder newBuilder() { + return DEFAULT_INSTANCE.toBuilder(); + } + public static Builder newBuilder(io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeer prototype) { + return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype); + } + @java.lang.Override + public Builder toBuilder() { + return this == DEFAULT_INSTANCE + ? new Builder() : new Builder().mergeFrom(this); + } + + @java.lang.Override + protected Builder newBuilderForType( + com.google.protobuf.GeneratedMessageV3.BuilderParent parent) { + Builder builder = new Builder(parent); + return builder; + } + /** + * Protobuf type {@code grpc.gcp.ValidatePeerCertificateChainReq.ClientPeer} + */ + public static final class Builder extends + com.google.protobuf.GeneratedMessageV3.Builder implements + // @@protoc_insertion_point(builder_implements:grpc.gcp.ValidatePeerCertificateChainReq.ClientPeer) + io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeerOrBuilder { + public static final com.google.protobuf.Descriptors.Descriptor + getDescriptor() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_ValidatePeerCertificateChainReq_ClientPeer_descriptor; + } + + @java.lang.Override + protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable + internalGetFieldAccessorTable() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_ValidatePeerCertificateChainReq_ClientPeer_fieldAccessorTable + .ensureFieldAccessorsInitialized( + io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeer.class, io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeer.Builder.class); + } + + // Construct using io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeer.newBuilder() + private Builder() { + + } + + private Builder( + com.google.protobuf.GeneratedMessageV3.BuilderParent parent) { + super(parent); + + } + @java.lang.Override + public Builder clear() { + super.clear(); + bitField0_ = 0; + certificateChain_ = emptyList(com.google.protobuf.ByteString.class); + return this; + } + + @java.lang.Override + public com.google.protobuf.Descriptors.Descriptor + getDescriptorForType() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_ValidatePeerCertificateChainReq_ClientPeer_descriptor; + } + + @java.lang.Override + public io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeer getDefaultInstanceForType() { + return io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeer.getDefaultInstance(); + } + + @java.lang.Override + public io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeer build() { + io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeer result = buildPartial(); + if (!result.isInitialized()) { + throw newUninitializedMessageException(result); + } + return result; + } + + @java.lang.Override + public io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeer buildPartial() { + io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeer result = new io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeer(this); + if (bitField0_ != 0) { buildPartial0(result); } + onBuilt(); + return result; + } + + private void buildPartial0(io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeer result) { + int from_bitField0_ = bitField0_; + if (((from_bitField0_ & 0x00000001) != 0)) { + certificateChain_.makeImmutable(); + result.certificateChain_ = certificateChain_; + } + } + + @java.lang.Override + public Builder clone() { + return super.clone(); + } + @java.lang.Override + public Builder setField( + com.google.protobuf.Descriptors.FieldDescriptor field, + java.lang.Object value) { + return super.setField(field, value); + } + @java.lang.Override + public Builder clearField( + com.google.protobuf.Descriptors.FieldDescriptor field) { + return super.clearField(field); + } + @java.lang.Override + public Builder clearOneof( + com.google.protobuf.Descriptors.OneofDescriptor oneof) { + return super.clearOneof(oneof); + } + @java.lang.Override + public Builder setRepeatedField( + com.google.protobuf.Descriptors.FieldDescriptor field, + int index, java.lang.Object value) { + return super.setRepeatedField(field, index, value); + } + @java.lang.Override + public Builder addRepeatedField( + com.google.protobuf.Descriptors.FieldDescriptor field, + java.lang.Object value) { + return super.addRepeatedField(field, value); + } + @java.lang.Override + public Builder mergeFrom(com.google.protobuf.Message other) { + if (other instanceof io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeer) { + return mergeFrom((io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeer)other); + } else { + super.mergeFrom(other); + return this; + } + } + + public Builder mergeFrom(io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeer other) { + if (other == io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeer.getDefaultInstance()) return this; + if (!other.certificateChain_.isEmpty()) { + if (certificateChain_.isEmpty()) { + certificateChain_ = other.certificateChain_; + certificateChain_.makeImmutable(); + bitField0_ |= 0x00000001; + } else { + ensureCertificateChainIsMutable(); + certificateChain_.addAll(other.certificateChain_); + } + onChanged(); + } + this.mergeUnknownFields(other.getUnknownFields()); + onChanged(); + return this; + } + + @java.lang.Override + public final boolean isInitialized() { + return true; + } + + @java.lang.Override + public Builder mergeFrom( + com.google.protobuf.CodedInputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + if (extensionRegistry == null) { + throw new java.lang.NullPointerException(); + } + try { + boolean done = false; + while (!done) { + int tag = input.readTag(); + switch (tag) { + case 0: + done = true; + break; + case 10: { + com.google.protobuf.ByteString v = input.readBytes(); + ensureCertificateChainIsMutable(); + certificateChain_.add(v); + break; + } // case 10 + default: { + if (!super.parseUnknownField(input, extensionRegistry, tag)) { + done = true; // was an endgroup tag + } + break; + } // default: + } // switch (tag) + } // while (!done) + } catch (com.google.protobuf.InvalidProtocolBufferException e) { + throw e.unwrapIOException(); + } finally { + onChanged(); + } // finally + return this; + } + private int bitField0_; + + private com.google.protobuf.Internal.ProtobufList certificateChain_ = emptyList(com.google.protobuf.ByteString.class); + private void ensureCertificateChainIsMutable() { + if (!certificateChain_.isModifiable()) { + certificateChain_ = makeMutableCopy(certificateChain_); + } + bitField0_ |= 0x00000001; + } + /** + * 
+       * The certificate chain to be verified. The chain MUST be a list of
+       * DER-encoded certificates, ordered from leaf to root, excluding the root.
+       *
+ * + * repeated bytes certificate_chain = 1; + * @return A list containing the certificateChain. + */ + public java.util.List + getCertificateChainList() { + certificateChain_.makeImmutable(); + return certificateChain_; + } + /** + * 
+       * The certificate chain to be verified. The chain MUST be a list of
+       * DER-encoded certificates, ordered from leaf to root, excluding the root.
+       *
+ * + * repeated bytes certificate_chain = 1; + * @return The count of certificateChain. + */ + public int getCertificateChainCount() { + return certificateChain_.size(); + } + /** + * 
+       * The certificate chain to be verified. The chain MUST be a list of
+       * DER-encoded certificates, ordered from leaf to root, excluding the root.
+       *
+ * + * repeated bytes certificate_chain = 1; + * @param index The index of the element to return. + * @return The certificateChain at the given index. + */ + public com.google.protobuf.ByteString getCertificateChain(int index) { + return certificateChain_.get(index); + } + /** + * 
+       * The certificate chain to be verified. The chain MUST be a list of
+       * DER-encoded certificates, ordered from leaf to root, excluding the root.
+       *
+ * + * repeated bytes certificate_chain = 1; + * @param index The index to set the value at. + * @param value The certificateChain to set. + * @return This builder for chaining. + */ + public Builder setCertificateChain( + int index, com.google.protobuf.ByteString value) { + if (value == null) { throw new NullPointerException(); } + ensureCertificateChainIsMutable(); + certificateChain_.set(index, value); + bitField0_ |= 0x00000001; + onChanged(); + return this; + } + /** + * 
+       * The certificate chain to be verified. The chain MUST be a list of
+       * DER-encoded certificates, ordered from leaf to root, excluding the root.
+       *
+ * + * repeated bytes certificate_chain = 1; + * @param value The certificateChain to add. + * @return This builder for chaining. + */ + public Builder addCertificateChain(com.google.protobuf.ByteString value) { + if (value == null) { throw new NullPointerException(); } + ensureCertificateChainIsMutable(); + certificateChain_.add(value); + bitField0_ |= 0x00000001; + onChanged(); + return this; + } + /** + * 
+       * The certificate chain to be verified. The chain MUST be a list of
+       * DER-encoded certificates, ordered from leaf to root, excluding the root.
+       *
+ * + * repeated bytes certificate_chain = 1; + * @param values The certificateChain to add. + * @return This builder for chaining. + */ + public Builder addAllCertificateChain( + java.lang.Iterable values) { + ensureCertificateChainIsMutable(); + com.google.protobuf.AbstractMessageLite.Builder.addAll( + values, certificateChain_); + bitField0_ |= 0x00000001; + onChanged(); + return this; + } + /** + * 
+       * The certificate chain to be verified. The chain MUST be a list of
+       * DER-encoded certificates, ordered from leaf to root, excluding the root.
+       *
+ * + * repeated bytes certificate_chain = 1; + * @return This builder for chaining. + */ + public Builder clearCertificateChain() { + certificateChain_ = emptyList(com.google.protobuf.ByteString.class); + bitField0_ = (bitField0_ & ~0x00000001); + onChanged(); + return this; + } + @java.lang.Override + public final Builder setUnknownFields( + final com.google.protobuf.UnknownFieldSet unknownFields) { + return super.setUnknownFields(unknownFields); + } + + @java.lang.Override + public final Builder mergeUnknownFields( + final com.google.protobuf.UnknownFieldSet unknownFields) { + return super.mergeUnknownFields(unknownFields); + } + + + // @@protoc_insertion_point(builder_scope:grpc.gcp.ValidatePeerCertificateChainReq.ClientPeer) + } + + // @@protoc_insertion_point(class_scope:grpc.gcp.ValidatePeerCertificateChainReq.ClientPeer) + private static final io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeer DEFAULT_INSTANCE; + static { + DEFAULT_INSTANCE = new io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeer(); + } + + public static io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeer getDefaultInstance() { + return DEFAULT_INSTANCE; + } + + private static final com.google.protobuf.Parser + PARSER = new com.google.protobuf.AbstractParser() { + @java.lang.Override + public ClientPeer parsePartialFrom( + com.google.protobuf.CodedInputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + Builder builder = newBuilder(); + try { + builder.mergeFrom(input, extensionRegistry); + } catch (com.google.protobuf.InvalidProtocolBufferException e) { + throw e.setUnfinishedMessage(builder.buildPartial()); + } catch (com.google.protobuf.UninitializedMessageException e) { + throw e.asInvalidProtocolBufferException().setUnfinishedMessage(builder.buildPartial()); + } catch (java.io.IOException e) { + throw new com.google.protobuf.InvalidProtocolBufferException(e) + .setUnfinishedMessage(builder.buildPartial()); + } + return builder.buildPartial(); + } + }; + + public static com.google.protobuf.Parser parser() { + return PARSER; + } + + @java.lang.Override + public com.google.protobuf.Parser getParserForType() { + return PARSER; + } + + @java.lang.Override + public io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeer getDefaultInstanceForType() { + return DEFAULT_INSTANCE; + } + + } + + public interface ServerPeerOrBuilder extends + // @@protoc_insertion_point(interface_extends:grpc.gcp.ValidatePeerCertificateChainReq.ServerPeer) + com.google.protobuf.MessageOrBuilder { + + /** + * 
+     * The certificate chain to be verified. The chain MUST be a list of
+     * DER-encoded certificates, ordered from leaf to root, excluding the root.
+     *
+ * + * repeated bytes certificate_chain = 1; + * @return A list containing the certificateChain. + */ + java.util.List getCertificateChainList(); + /** + * 
+     * The certificate chain to be verified. The chain MUST be a list of
+     * DER-encoded certificates, ordered from leaf to root, excluding the root.
+     *
+ * + * repeated bytes certificate_chain = 1; + * @return The count of certificateChain. + */ + int getCertificateChainCount(); + /** + * 
+     * The certificate chain to be verified. The chain MUST be a list of
+     * DER-encoded certificates, ordered from leaf to root, excluding the root.
+     *
+ * + * repeated bytes certificate_chain = 1; + * @param index The index of the element to return. + * @return The certificateChain at the given index. + */ + com.google.protobuf.ByteString getCertificateChain(int index); + + /** + * 
+     * The expected hostname of the server.
+     *
+ * + * string server_hostname = 2; + * @return The serverHostname. + */ + java.lang.String getServerHostname(); + /** + * 
+     * The expected hostname of the server.
+     *
+ * + * string server_hostname = 2; + * @return The bytes for serverHostname. + */ + com.google.protobuf.ByteString + getServerHostnameBytes(); + + /** + * 
+     * The UnrestrictedClientPolicy specified by the user.
+     *
+ * + * bytes serialized_unrestricted_client_policy = 3; + * @return The serializedUnrestrictedClientPolicy. + */ + com.google.protobuf.ByteString getSerializedUnrestrictedClientPolicy(); + } + /** + * Protobuf type {@code grpc.gcp.ValidatePeerCertificateChainReq.ServerPeer} + */ + public static final class ServerPeer extends + com.google.protobuf.GeneratedMessageV3 implements + // @@protoc_insertion_point(message_implements:grpc.gcp.ValidatePeerCertificateChainReq.ServerPeer) + ServerPeerOrBuilder { + private static final long serialVersionUID = 0L; + // Use ServerPeer.newBuilder() to construct. + private ServerPeer(com.google.protobuf.GeneratedMessageV3.Builder builder) { + super(builder); + } + private ServerPeer() { + certificateChain_ = emptyList(com.google.protobuf.ByteString.class); + serverHostname_ = ""; + serializedUnrestrictedClientPolicy_ = com.google.protobuf.ByteString.EMPTY; + } + + @java.lang.Override + @SuppressWarnings({"unused"}) + protected java.lang.Object newInstance( + UnusedPrivateParameter unused) { + return new ServerPeer(); + } + + public static final com.google.protobuf.Descriptors.Descriptor + getDescriptor() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_ValidatePeerCertificateChainReq_ServerPeer_descriptor; + } + + @java.lang.Override + protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable + internalGetFieldAccessorTable() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_ValidatePeerCertificateChainReq_ServerPeer_fieldAccessorTable + .ensureFieldAccessorsInitialized( + io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeer.class, io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeer.Builder.class); + } + + public static final int CERTIFICATE_CHAIN_FIELD_NUMBER = 1; + @SuppressWarnings("serial") + private com.google.protobuf.Internal.ProtobufList certificateChain_ = + emptyList(com.google.protobuf.ByteString.class); + /** + * 
+     * The certificate chain to be verified. The chain MUST be a list of
+     * DER-encoded certificates, ordered from leaf to root, excluding the root.
+     *
+ * + * repeated bytes certificate_chain = 1; + * @return A list containing the certificateChain. + */ + @java.lang.Override + public java.util.List + getCertificateChainList() { + return certificateChain_; + } + /** + * 
+     * The certificate chain to be verified. The chain MUST be a list of
+     * DER-encoded certificates, ordered from leaf to root, excluding the root.
+     *
+ * + * repeated bytes certificate_chain = 1; + * @return The count of certificateChain. + */ + public int getCertificateChainCount() { + return certificateChain_.size(); + } + /** + * 
+     * The certificate chain to be verified. The chain MUST be a list of
+     * DER-encoded certificates, ordered from leaf to root, excluding the root.
+     *
+ * + * repeated bytes certificate_chain = 1; + * @param index The index of the element to return. + * @return The certificateChain at the given index. + */ + public com.google.protobuf.ByteString getCertificateChain(int index) { + return certificateChain_.get(index); + } + + public static final int SERVER_HOSTNAME_FIELD_NUMBER = 2; + @SuppressWarnings("serial") + private volatile java.lang.Object serverHostname_ = ""; + /** + * 
+     * The expected hostname of the server.
+     *
+ * + * string server_hostname = 2; + * @return The serverHostname. + */ + @java.lang.Override + public java.lang.String getServerHostname() { + java.lang.Object ref = serverHostname_; + if (ref instanceof java.lang.String) { + return (java.lang.String) ref; + } else { + com.google.protobuf.ByteString bs = + (com.google.protobuf.ByteString) ref; + java.lang.String s = bs.toStringUtf8(); + serverHostname_ = s; + return s; + } + } + /** + * 
+     * The expected hostname of the server.
+     *
+ * + * string server_hostname = 2; + * @return The bytes for serverHostname. + */ + @java.lang.Override + public com.google.protobuf.ByteString + getServerHostnameBytes() { + java.lang.Object ref = serverHostname_; + if (ref instanceof java.lang.String) { + com.google.protobuf.ByteString b = + com.google.protobuf.ByteString.copyFromUtf8( + (java.lang.String) ref); + serverHostname_ = b; + return b; + } else { + return (com.google.protobuf.ByteString) ref; + } + } + + public static final int SERIALIZED_UNRESTRICTED_CLIENT_POLICY_FIELD_NUMBER = 3; + private com.google.protobuf.ByteString serializedUnrestrictedClientPolicy_ = com.google.protobuf.ByteString.EMPTY; + /** + * 
+     * The UnrestrictedClientPolicy specified by the user.
+     *
+ * + * bytes serialized_unrestricted_client_policy = 3; + * @return The serializedUnrestrictedClientPolicy. + */ + @java.lang.Override + public com.google.protobuf.ByteString getSerializedUnrestrictedClientPolicy() { + return serializedUnrestrictedClientPolicy_; + } + + private byte memoizedIsInitialized = -1; + @java.lang.Override + public final boolean isInitialized() { + byte isInitialized = memoizedIsInitialized; + if (isInitialized == 1) return true; + if (isInitialized == 0) return false; + + memoizedIsInitialized = 1; + return true; + } + + @java.lang.Override + public void writeTo(com.google.protobuf.CodedOutputStream output) + throws java.io.IOException { + for (int i = 0; i < certificateChain_.size(); i++) { + output.writeBytes(1, certificateChain_.get(i)); + } + if (!com.google.protobuf.GeneratedMessageV3.isStringEmpty(serverHostname_)) { + com.google.protobuf.GeneratedMessageV3.writeString(output, 2, serverHostname_); + } + if (!serializedUnrestrictedClientPolicy_.isEmpty()) { + output.writeBytes(3, serializedUnrestrictedClientPolicy_); + } + getUnknownFields().writeTo(output); + } + + @java.lang.Override + public int getSerializedSize() { + int size = memoizedSize; + if (size != -1) return size; + + size = 0; + { + int dataSize = 0; + for (int i = 0; i < certificateChain_.size(); i++) { + dataSize += com.google.protobuf.CodedOutputStream + .computeBytesSizeNoTag(certificateChain_.get(i)); + } + size += dataSize; + size += 1 * getCertificateChainList().size(); + } + if (!com.google.protobuf.GeneratedMessageV3.isStringEmpty(serverHostname_)) { + size += com.google.protobuf.GeneratedMessageV3.computeStringSize(2, serverHostname_); + } + if (!serializedUnrestrictedClientPolicy_.isEmpty()) { + size += com.google.protobuf.CodedOutputStream + .computeBytesSize(3, serializedUnrestrictedClientPolicy_); + } + size += getUnknownFields().getSerializedSize(); + memoizedSize = size; + return size; + } + + @java.lang.Override + public boolean equals(final java.lang.Object obj) { + if (obj == this) { + return true; + } + if (!(obj instanceof io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeer)) { + return super.equals(obj); + } + io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeer other = (io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeer) obj; + + if (!getCertificateChainList() + .equals(other.getCertificateChainList())) return false; + if (!getServerHostname() + .equals(other.getServerHostname())) return false; + if (!getSerializedUnrestrictedClientPolicy() + .equals(other.getSerializedUnrestrictedClientPolicy())) return false; + if (!getUnknownFields().equals(other.getUnknownFields())) return false; + return true; + } + + @java.lang.Override + public int hashCode() { + if (memoizedHashCode != 0) { + return memoizedHashCode; + } + int hash = 41; + hash = (19 * hash) + getDescriptor().hashCode(); + if (getCertificateChainCount() > 0) { + hash = (37 * hash) + CERTIFICATE_CHAIN_FIELD_NUMBER; + hash = (53 * hash) + getCertificateChainList().hashCode(); + } + hash = (37 * hash) + SERVER_HOSTNAME_FIELD_NUMBER; + hash = (53 * hash) + getServerHostname().hashCode(); + hash = (37 * hash) + SERIALIZED_UNRESTRICTED_CLIENT_POLICY_FIELD_NUMBER; + hash = (53 * hash) + getSerializedUnrestrictedClientPolicy().hashCode(); + hash = (29 * hash) + getUnknownFields().hashCode(); + memoizedHashCode = hash; + return hash; + } + + public static io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeer parseFrom( + java.nio.ByteBuffer data) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data); + } + public static io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeer parseFrom( + java.nio.ByteBuffer data, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data, extensionRegistry); + } + public static io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeer parseFrom( + com.google.protobuf.ByteString data) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data); + } + public static io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeer parseFrom( + com.google.protobuf.ByteString data, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data, extensionRegistry); + } + public static io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeer parseFrom(byte[] data) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data); + } + public static io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeer parseFrom( + byte[] data, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data, extensionRegistry); + } + public static io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeer parseFrom(java.io.InputStream input) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input); + } + public static io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeer parseFrom( + java.io.InputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input, extensionRegistry); + } + + public static io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeer parseDelimitedFrom(java.io.InputStream input) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseDelimitedWithIOException(PARSER, input); + } + + public static io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeer parseDelimitedFrom( + java.io.InputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseDelimitedWithIOException(PARSER, input, extensionRegistry); + } + public static io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeer parseFrom( + com.google.protobuf.CodedInputStream input) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input); + } + public static io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeer parseFrom( + com.google.protobuf.CodedInputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input, extensionRegistry); + } + + @java.lang.Override + public Builder newBuilderForType() { return newBuilder(); } + public static Builder newBuilder() { + return DEFAULT_INSTANCE.toBuilder(); + } + public static Builder newBuilder(io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeer prototype) { + return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype); + } + @java.lang.Override + public Builder toBuilder() { + return this == DEFAULT_INSTANCE + ? new Builder() : new Builder().mergeFrom(this); + } + + @java.lang.Override + protected Builder newBuilderForType( + com.google.protobuf.GeneratedMessageV3.BuilderParent parent) { + Builder builder = new Builder(parent); + return builder; + } + /** + * Protobuf type {@code grpc.gcp.ValidatePeerCertificateChainReq.ServerPeer} + */ + public static final class Builder extends + com.google.protobuf.GeneratedMessageV3.Builder implements + // @@protoc_insertion_point(builder_implements:grpc.gcp.ValidatePeerCertificateChainReq.ServerPeer) + io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeerOrBuilder { + public static final com.google.protobuf.Descriptors.Descriptor + getDescriptor() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_ValidatePeerCertificateChainReq_ServerPeer_descriptor; + } + + @java.lang.Override + protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable + internalGetFieldAccessorTable() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_ValidatePeerCertificateChainReq_ServerPeer_fieldAccessorTable + .ensureFieldAccessorsInitialized( + io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeer.class, io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeer.Builder.class); + } + + // Construct using io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeer.newBuilder() + private Builder() { + + } + + private Builder( + com.google.protobuf.GeneratedMessageV3.BuilderParent parent) { + super(parent); + + } + @java.lang.Override + public Builder clear() { + super.clear(); + bitField0_ = 0; + certificateChain_ = emptyList(com.google.protobuf.ByteString.class); + serverHostname_ = ""; + serializedUnrestrictedClientPolicy_ = com.google.protobuf.ByteString.EMPTY; + return this; + } + + @java.lang.Override + public com.google.protobuf.Descriptors.Descriptor + getDescriptorForType() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_ValidatePeerCertificateChainReq_ServerPeer_descriptor; + } + + @java.lang.Override + public io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeer getDefaultInstanceForType() { + return io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeer.getDefaultInstance(); + } + + @java.lang.Override + public io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeer build() { + io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeer result = buildPartial(); + if (!result.isInitialized()) { + throw newUninitializedMessageException(result); + } + return result; + } + + @java.lang.Override + public io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeer buildPartial() { + io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeer result = new io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeer(this); + if (bitField0_ != 0) { buildPartial0(result); } + onBuilt(); + return result; + } + + private void buildPartial0(io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeer result) { + int from_bitField0_ = bitField0_; + if (((from_bitField0_ & 0x00000001) != 0)) { + certificateChain_.makeImmutable(); + result.certificateChain_ = certificateChain_; + } + if (((from_bitField0_ & 0x00000002) != 0)) { + result.serverHostname_ = serverHostname_; + } + if (((from_bitField0_ & 0x00000004) != 0)) { + result.serializedUnrestrictedClientPolicy_ = serializedUnrestrictedClientPolicy_; + } + } + + @java.lang.Override + public Builder clone() { + return super.clone(); + } + @java.lang.Override + public Builder setField( + com.google.protobuf.Descriptors.FieldDescriptor field, + java.lang.Object value) { + return super.setField(field, value); + } + @java.lang.Override + public Builder clearField( + com.google.protobuf.Descriptors.FieldDescriptor field) { + return super.clearField(field); + } + @java.lang.Override + public Builder clearOneof( + com.google.protobuf.Descriptors.OneofDescriptor oneof) { + return super.clearOneof(oneof); + } + @java.lang.Override + public Builder setRepeatedField( + com.google.protobuf.Descriptors.FieldDescriptor field, + int index, java.lang.Object value) { + return super.setRepeatedField(field, index, value); + } + @java.lang.Override + public Builder addRepeatedField( + com.google.protobuf.Descriptors.FieldDescriptor field, + java.lang.Object value) { + return super.addRepeatedField(field, value); + } + @java.lang.Override + public Builder mergeFrom(com.google.protobuf.Message other) { + if (other instanceof io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeer) { + return mergeFrom((io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeer)other); + } else { + super.mergeFrom(other); + return this; + } + } + + public Builder mergeFrom(io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeer other) { + if (other == io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeer.getDefaultInstance()) return this; + if (!other.certificateChain_.isEmpty()) { + if (certificateChain_.isEmpty()) { + certificateChain_ = other.certificateChain_; + certificateChain_.makeImmutable(); + bitField0_ |= 0x00000001; + } else { + ensureCertificateChainIsMutable(); + certificateChain_.addAll(other.certificateChain_); + } + onChanged(); + } + if (!other.getServerHostname().isEmpty()) { + serverHostname_ = other.serverHostname_; + bitField0_ |= 0x00000002; + onChanged(); + } + if (other.getSerializedUnrestrictedClientPolicy() != com.google.protobuf.ByteString.EMPTY) { + setSerializedUnrestrictedClientPolicy(other.getSerializedUnrestrictedClientPolicy()); + } + this.mergeUnknownFields(other.getUnknownFields()); + onChanged(); + return this; + } + + @java.lang.Override + public final boolean isInitialized() { + return true; + } + + @java.lang.Override + public Builder mergeFrom( + com.google.protobuf.CodedInputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + if (extensionRegistry == null) { + throw new java.lang.NullPointerException(); + } + try { + boolean done = false; + while (!done) { + int tag = input.readTag(); + switch (tag) { + case 0: + done = true; + break; + case 10: { + com.google.protobuf.ByteString v = input.readBytes(); + ensureCertificateChainIsMutable(); + certificateChain_.add(v); + break; + } // case 10 + case 18: { + serverHostname_ = input.readStringRequireUtf8(); + bitField0_ |= 0x00000002; + break; + } // case 18 + case 26: { + serializedUnrestrictedClientPolicy_ = input.readBytes(); + bitField0_ |= 0x00000004; + break; + } // case 26 + default: { + if (!super.parseUnknownField(input, extensionRegistry, tag)) { + done = true; // was an endgroup tag + } + break; + } // default: + } // switch (tag) + } // while (!done) + } catch (com.google.protobuf.InvalidProtocolBufferException e) { + throw e.unwrapIOException(); + } finally { + onChanged(); + } // finally + return this; + } + private int bitField0_; + + private com.google.protobuf.Internal.ProtobufList certificateChain_ = emptyList(com.google.protobuf.ByteString.class); + private void ensureCertificateChainIsMutable() { + if (!certificateChain_.isModifiable()) { + certificateChain_ = makeMutableCopy(certificateChain_); + } + bitField0_ |= 0x00000001; + } + /** + * 
+       * The certificate chain to be verified. The chain MUST be a list of
+       * DER-encoded certificates, ordered from leaf to root, excluding the root.
+       *
+ * + * repeated bytes certificate_chain = 1; + * @return A list containing the certificateChain. + */ + public java.util.List + getCertificateChainList() { + certificateChain_.makeImmutable(); + return certificateChain_; + } + /** + * 
+       * The certificate chain to be verified. The chain MUST be a list of
+       * DER-encoded certificates, ordered from leaf to root, excluding the root.
+       *
+ * + * repeated bytes certificate_chain = 1; + * @return The count of certificateChain. + */ + public int getCertificateChainCount() { + return certificateChain_.size(); + } + /** + * 
+       * The certificate chain to be verified. The chain MUST be a list of
+       * DER-encoded certificates, ordered from leaf to root, excluding the root.
+       *
+ * + * repeated bytes certificate_chain = 1; + * @param index The index of the element to return. + * @return The certificateChain at the given index. + */ + public com.google.protobuf.ByteString getCertificateChain(int index) { + return certificateChain_.get(index); + } + /** + * 
+       * The certificate chain to be verified. The chain MUST be a list of
+       * DER-encoded certificates, ordered from leaf to root, excluding the root.
+       *
+ * + * repeated bytes certificate_chain = 1; + * @param index The index to set the value at. + * @param value The certificateChain to set. + * @return This builder for chaining. + */ + public Builder setCertificateChain( + int index, com.google.protobuf.ByteString value) { + if (value == null) { throw new NullPointerException(); } + ensureCertificateChainIsMutable(); + certificateChain_.set(index, value); + bitField0_ |= 0x00000001; + onChanged(); + return this; + } + /** + * 
+       * The certificate chain to be verified. The chain MUST be a list of
+       * DER-encoded certificates, ordered from leaf to root, excluding the root.
+       *
+ * + * repeated bytes certificate_chain = 1; + * @param value The certificateChain to add. + * @return This builder for chaining. + */ + public Builder addCertificateChain(com.google.protobuf.ByteString value) { + if (value == null) { throw new NullPointerException(); } + ensureCertificateChainIsMutable(); + certificateChain_.add(value); + bitField0_ |= 0x00000001; + onChanged(); + return this; + } + /** + * 
+       * The certificate chain to be verified. The chain MUST be a list of
+       * DER-encoded certificates, ordered from leaf to root, excluding the root.
+       *
+ * + * repeated bytes certificate_chain = 1; + * @param values The certificateChain to add. + * @return This builder for chaining. + */ + public Builder addAllCertificateChain( + java.lang.Iterable values) { + ensureCertificateChainIsMutable(); + com.google.protobuf.AbstractMessageLite.Builder.addAll( + values, certificateChain_); + bitField0_ |= 0x00000001; + onChanged(); + return this; + } + /** + * 
+       * The certificate chain to be verified. The chain MUST be a list of
+       * DER-encoded certificates, ordered from leaf to root, excluding the root.
+       *
+ * + * repeated bytes certificate_chain = 1; + * @return This builder for chaining. + */ + public Builder clearCertificateChain() { + certificateChain_ = emptyList(com.google.protobuf.ByteString.class); + bitField0_ = (bitField0_ & ~0x00000001); + onChanged(); + return this; + } + + private java.lang.Object serverHostname_ = ""; + /** + * 
+       * The expected hostname of the server.
+       *
+ * + * string server_hostname = 2; + * @return The serverHostname. + */ + public java.lang.String getServerHostname() { + java.lang.Object ref = serverHostname_; + if (!(ref instanceof java.lang.String)) { + com.google.protobuf.ByteString bs = + (com.google.protobuf.ByteString) ref; + java.lang.String s = bs.toStringUtf8(); + serverHostname_ = s; + return s; + } else { + return (java.lang.String) ref; + } + } + /** + * 
+       * The expected hostname of the server.
+       *
+ * + * string server_hostname = 2; + * @return The bytes for serverHostname. + */ + public com.google.protobuf.ByteString + getServerHostnameBytes() { + java.lang.Object ref = serverHostname_; + if (ref instanceof String) { + com.google.protobuf.ByteString b = + com.google.protobuf.ByteString.copyFromUtf8( + (java.lang.String) ref); + serverHostname_ = b; + return b; + } else { + return (com.google.protobuf.ByteString) ref; + } + } + /** + * 
+       * The expected hostname of the server.
+       *
+ * + * string server_hostname = 2; + * @param value The serverHostname to set. + * @return This builder for chaining. + */ + public Builder setServerHostname( + java.lang.String value) { + if (value == null) { throw new NullPointerException(); } + serverHostname_ = value; + bitField0_ |= 0x00000002; + onChanged(); + return this; + } + /** + * 
+       * The expected hostname of the server.
+       *
+ * + * string server_hostname = 2; + * @return This builder for chaining. + */ + public Builder clearServerHostname() { + serverHostname_ = getDefaultInstance().getServerHostname(); + bitField0_ = (bitField0_ & ~0x00000002); + onChanged(); + return this; + } + /** + * 
+       * The expected hostname of the server.
+       *
+ * + * string server_hostname = 2; + * @param value The bytes for serverHostname to set. + * @return This builder for chaining. + */ + public Builder setServerHostnameBytes( + com.google.protobuf.ByteString value) { + if (value == null) { throw new NullPointerException(); } + checkByteStringIsUtf8(value); + serverHostname_ = value; + bitField0_ |= 0x00000002; + onChanged(); + return this; + } + + private com.google.protobuf.ByteString serializedUnrestrictedClientPolicy_ = com.google.protobuf.ByteString.EMPTY; + /** + * 
+       * The UnrestrictedClientPolicy specified by the user.
+       *
+ * + * bytes serialized_unrestricted_client_policy = 3; + * @return The serializedUnrestrictedClientPolicy. + */ + @java.lang.Override + public com.google.protobuf.ByteString getSerializedUnrestrictedClientPolicy() { + return serializedUnrestrictedClientPolicy_; + } + /** + * 
+       * The UnrestrictedClientPolicy specified by the user.
+       *
+ * + * bytes serialized_unrestricted_client_policy = 3; + * @param value The serializedUnrestrictedClientPolicy to set. + * @return This builder for chaining. + */ + public Builder setSerializedUnrestrictedClientPolicy(com.google.protobuf.ByteString value) { + if (value == null) { throw new NullPointerException(); } + serializedUnrestrictedClientPolicy_ = value; + bitField0_ |= 0x00000004; + onChanged(); + return this; + } + /** + * 
+       * The UnrestrictedClientPolicy specified by the user.
+       *
+ * + * bytes serialized_unrestricted_client_policy = 3; + * @return This builder for chaining. + */ + public Builder clearSerializedUnrestrictedClientPolicy() { + bitField0_ = (bitField0_ & ~0x00000004); + serializedUnrestrictedClientPolicy_ = getDefaultInstance().getSerializedUnrestrictedClientPolicy(); + onChanged(); + return this; + } + @java.lang.Override + public final Builder setUnknownFields( + final com.google.protobuf.UnknownFieldSet unknownFields) { + return super.setUnknownFields(unknownFields); + } + + @java.lang.Override + public final Builder mergeUnknownFields( + final com.google.protobuf.UnknownFieldSet unknownFields) { + return super.mergeUnknownFields(unknownFields); + } + + + // @@protoc_insertion_point(builder_scope:grpc.gcp.ValidatePeerCertificateChainReq.ServerPeer) + } + + // @@protoc_insertion_point(class_scope:grpc.gcp.ValidatePeerCertificateChainReq.ServerPeer) + private static final io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeer DEFAULT_INSTANCE; + static { + DEFAULT_INSTANCE = new io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeer(); + } + + public static io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeer getDefaultInstance() { + return DEFAULT_INSTANCE; + } + + private static final com.google.protobuf.Parser + PARSER = new com.google.protobuf.AbstractParser() { + @java.lang.Override + public ServerPeer parsePartialFrom( + com.google.protobuf.CodedInputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + Builder builder = newBuilder(); + try { + builder.mergeFrom(input, extensionRegistry); + } catch (com.google.protobuf.InvalidProtocolBufferException e) { + throw e.setUnfinishedMessage(builder.buildPartial()); + } catch (com.google.protobuf.UninitializedMessageException e) { + throw e.asInvalidProtocolBufferException().setUnfinishedMessage(builder.buildPartial()); + } catch (java.io.IOException e) { + throw new com.google.protobuf.InvalidProtocolBufferException(e) + .setUnfinishedMessage(builder.buildPartial()); + } + return builder.buildPartial(); + } + }; + + public static com.google.protobuf.Parser parser() { + return PARSER; + } + + @java.lang.Override + public com.google.protobuf.Parser getParserForType() { + return PARSER; + } + + @java.lang.Override + public io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeer getDefaultInstanceForType() { + return DEFAULT_INSTANCE; + } + + } + + private int peerOneofCase_ = 0; + @SuppressWarnings("serial") + private java.lang.Object peerOneof_; + public enum PeerOneofCase + implements com.google.protobuf.Internal.EnumLite, + com.google.protobuf.AbstractMessage.InternalOneOfEnum { + CLIENT_PEER(2), + SERVER_PEER(3), + PEERONEOF_NOT_SET(0); + private final int value; + private PeerOneofCase(int value) { + this.value = value; + } + /** + * @param value The number of the enum to look for. + * @return The enum associated with the given number. + * @deprecated Use {@link #forNumber(int)} instead. + */ + @java.lang.Deprecated + public static PeerOneofCase valueOf(int value) { + return forNumber(value); + } + + public static PeerOneofCase forNumber(int value) { + switch (value) { + case 2: return CLIENT_PEER; + case 3: return SERVER_PEER; + case 0: return PEERONEOF_NOT_SET; + default: return null; + } + } + public int getNumber() { + return this.value; + } + }; + + public PeerOneofCase + getPeerOneofCase() { + return PeerOneofCase.forNumber( + peerOneofCase_); + } + + public static final int MODE_FIELD_NUMBER = 1; + private int mode_ = 0; + /** + * 
+   * The verification mode that S2A MUST use to validate the peer certificate
+   * chain.
+   *
+ * + * .grpc.gcp.ValidatePeerCertificateChainReq.VerificationMode mode = 1; + * @return The enum numeric value on the wire for mode. + */ + @java.lang.Override public int getModeValue() { + return mode_; + } + /** + * 
+   * The verification mode that S2A MUST use to validate the peer certificate
+   * chain.
+   *
+ * + * .grpc.gcp.ValidatePeerCertificateChainReq.VerificationMode mode = 1; + * @return The mode. + */ + @java.lang.Override public io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.VerificationMode getMode() { + io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.VerificationMode result = io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.VerificationMode.forNumber(mode_); + return result == null ? io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.VerificationMode.UNRECOGNIZED : result; + } + + public static final int CLIENT_PEER_FIELD_NUMBER = 2; + /** + * .grpc.gcp.ValidatePeerCertificateChainReq.ClientPeer client_peer = 2; + * @return Whether the clientPeer field is set. + */ + @java.lang.Override + public boolean hasClientPeer() { + return peerOneofCase_ == 2; + } + /** + * .grpc.gcp.ValidatePeerCertificateChainReq.ClientPeer client_peer = 2; + * @return The clientPeer. + */ + @java.lang.Override + public io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeer getClientPeer() { + if (peerOneofCase_ == 2) { + return (io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeer) peerOneof_; + } + return io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeer.getDefaultInstance(); + } + /** + * .grpc.gcp.ValidatePeerCertificateChainReq.ClientPeer client_peer = 2; + */ + @java.lang.Override + public io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeerOrBuilder getClientPeerOrBuilder() { + if (peerOneofCase_ == 2) { + return (io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeer) peerOneof_; + } + return io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeer.getDefaultInstance(); + } + + public static final int SERVER_PEER_FIELD_NUMBER = 3; + /** + * .grpc.gcp.ValidatePeerCertificateChainReq.ServerPeer server_peer = 3; + * @return Whether the serverPeer field is set. + */ + @java.lang.Override + public boolean hasServerPeer() { + return peerOneofCase_ == 3; + } + /** + * .grpc.gcp.ValidatePeerCertificateChainReq.ServerPeer server_peer = 3; + * @return The serverPeer. + */ + @java.lang.Override + public io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeer getServerPeer() { + if (peerOneofCase_ == 3) { + return (io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeer) peerOneof_; + } + return io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeer.getDefaultInstance(); + } + /** + * .grpc.gcp.ValidatePeerCertificateChainReq.ServerPeer server_peer = 3; + */ + @java.lang.Override + public io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeerOrBuilder getServerPeerOrBuilder() { + if (peerOneofCase_ == 3) { + return (io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeer) peerOneof_; + } + return io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeer.getDefaultInstance(); + } + + private byte memoizedIsInitialized = -1; + @java.lang.Override + public final boolean isInitialized() { + byte isInitialized = memoizedIsInitialized; + if (isInitialized == 1) return true; + if (isInitialized == 0) return false; + + memoizedIsInitialized = 1; + return true; + } + + @java.lang.Override + public void writeTo(com.google.protobuf.CodedOutputStream output) + throws java.io.IOException { + if (mode_ != io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.VerificationMode.UNSPECIFIED.getNumber()) { + output.writeEnum(1, mode_); + } + if (peerOneofCase_ == 2) { + output.writeMessage(2, (io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeer) peerOneof_); + } + if (peerOneofCase_ == 3) { + output.writeMessage(3, (io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeer) peerOneof_); + } + getUnknownFields().writeTo(output); + } + + @java.lang.Override + public int getSerializedSize() { + int size = memoizedSize; + if (size != -1) return size; + + size = 0; + if (mode_ != io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.VerificationMode.UNSPECIFIED.getNumber()) { + size += com.google.protobuf.CodedOutputStream + .computeEnumSize(1, mode_); + } + if (peerOneofCase_ == 2) { + size += com.google.protobuf.CodedOutputStream + .computeMessageSize(2, (io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeer) peerOneof_); + } + if (peerOneofCase_ == 3) { + size += com.google.protobuf.CodedOutputStream + .computeMessageSize(3, (io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeer) peerOneof_); + } + size += getUnknownFields().getSerializedSize(); + memoizedSize = size; + return size; + } + + @java.lang.Override + public boolean equals(final java.lang.Object obj) { + if (obj == this) { + return true; + } + if (!(obj instanceof io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq)) { + return super.equals(obj); + } + io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq other = (io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq) obj; + + if (mode_ != other.mode_) return false; + if (!getPeerOneofCase().equals(other.getPeerOneofCase())) return false; + switch (peerOneofCase_) { + case 2: + if (!getClientPeer() + .equals(other.getClientPeer())) return false; + break; + case 3: + if (!getServerPeer() + .equals(other.getServerPeer())) return false; + break; + case 0: + default: + } + if (!getUnknownFields().equals(other.getUnknownFields())) return false; + return true; + } + + @java.lang.Override + public int hashCode() { + if (memoizedHashCode != 0) { + return memoizedHashCode; + } + int hash = 41; + hash = (19 * hash) + getDescriptor().hashCode(); + hash = (37 * hash) + MODE_FIELD_NUMBER; + hash = (53 * hash) + mode_; + switch (peerOneofCase_) { + case 2: + hash = (37 * hash) + CLIENT_PEER_FIELD_NUMBER; + hash = (53 * hash) + getClientPeer().hashCode(); + break; + case 3: + hash = (37 * hash) + SERVER_PEER_FIELD_NUMBER; + hash = (53 * hash) + getServerPeer().hashCode(); + break; + case 0: + default: + } + hash = (29 * hash) + getUnknownFields().hashCode(); + memoizedHashCode = hash; + return hash; + } + + public static io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq parseFrom( + java.nio.ByteBuffer data) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data); + } + public static io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq parseFrom( + java.nio.ByteBuffer data, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data, extensionRegistry); + } + public static io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq parseFrom( + com.google.protobuf.ByteString data) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data); + } + public static io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq parseFrom( + com.google.protobuf.ByteString data, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data, extensionRegistry); + } + public static io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq parseFrom(byte[] data) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data); + } + public static io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq parseFrom( + byte[] data, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data, extensionRegistry); + } + public static io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq parseFrom(java.io.InputStream input) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input); + } + public static io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq parseFrom( + java.io.InputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input, extensionRegistry); + } + + public static io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq parseDelimitedFrom(java.io.InputStream input) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseDelimitedWithIOException(PARSER, input); + } + + public static io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq parseDelimitedFrom( + java.io.InputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseDelimitedWithIOException(PARSER, input, extensionRegistry); + } + public static io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq parseFrom( + com.google.protobuf.CodedInputStream input) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input); + } + public static io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq parseFrom( + com.google.protobuf.CodedInputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input, extensionRegistry); + } + + @java.lang.Override + public Builder newBuilderForType() { return newBuilder(); } + public static Builder newBuilder() { + return DEFAULT_INSTANCE.toBuilder(); + } + public static Builder newBuilder(io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq prototype) { + return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype); + } + @java.lang.Override + public Builder toBuilder() { + return this == DEFAULT_INSTANCE + ? new Builder() : new Builder().mergeFrom(this); + } + + @java.lang.Override + protected Builder newBuilderForType( + com.google.protobuf.GeneratedMessageV3.BuilderParent parent) { + Builder builder = new Builder(parent); + return builder; + } + /** + * Protobuf type {@code grpc.gcp.ValidatePeerCertificateChainReq} + */ + public static final class Builder extends + com.google.protobuf.GeneratedMessageV3.Builder implements + // @@protoc_insertion_point(builder_implements:grpc.gcp.ValidatePeerCertificateChainReq) + io.grpc.s2a.handshaker.ValidatePeerCertificateChainReqOrBuilder { + public static final com.google.protobuf.Descriptors.Descriptor + getDescriptor() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_ValidatePeerCertificateChainReq_descriptor; + } + + @java.lang.Override + protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable + internalGetFieldAccessorTable() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_ValidatePeerCertificateChainReq_fieldAccessorTable + .ensureFieldAccessorsInitialized( + io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.class, io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.Builder.class); + } + + // Construct using io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.newBuilder() + private Builder() { + + } + + private Builder( + com.google.protobuf.GeneratedMessageV3.BuilderParent parent) { + super(parent); + + } + @java.lang.Override + public Builder clear() { + super.clear(); + bitField0_ = 0; + mode_ = 0; + if (clientPeerBuilder_ != null) { + clientPeerBuilder_.clear(); + } + if (serverPeerBuilder_ != null) { + serverPeerBuilder_.clear(); + } + peerOneofCase_ = 0; + peerOneof_ = null; + return this; + } + + @java.lang.Override + public com.google.protobuf.Descriptors.Descriptor + getDescriptorForType() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_ValidatePeerCertificateChainReq_descriptor; + } + + @java.lang.Override + public io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq getDefaultInstanceForType() { + return io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.getDefaultInstance(); + } + + @java.lang.Override + public io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq build() { + io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq result = buildPartial(); + if (!result.isInitialized()) { + throw newUninitializedMessageException(result); + } + return result; + } + + @java.lang.Override + public io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq buildPartial() { + io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq result = new io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq(this); + if (bitField0_ != 0) { buildPartial0(result); } + buildPartialOneofs(result); + onBuilt(); + return result; + } + + private void buildPartial0(io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq result) { + int from_bitField0_ = bitField0_; + if (((from_bitField0_ & 0x00000001) != 0)) { + result.mode_ = mode_; + } + } + + private void buildPartialOneofs(io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq result) { + result.peerOneofCase_ = peerOneofCase_; + result.peerOneof_ = this.peerOneof_; + if (peerOneofCase_ == 2 && + clientPeerBuilder_ != null) { + result.peerOneof_ = clientPeerBuilder_.build(); + } + if (peerOneofCase_ == 3 && + serverPeerBuilder_ != null) { + result.peerOneof_ = serverPeerBuilder_.build(); + } + } + + @java.lang.Override + public Builder clone() { + return super.clone(); + } + @java.lang.Override + public Builder setField( + com.google.protobuf.Descriptors.FieldDescriptor field, + java.lang.Object value) { + return super.setField(field, value); + } + @java.lang.Override + public Builder clearField( + com.google.protobuf.Descriptors.FieldDescriptor field) { + return super.clearField(field); + } + @java.lang.Override + public Builder clearOneof( + com.google.protobuf.Descriptors.OneofDescriptor oneof) { + return super.clearOneof(oneof); + } + @java.lang.Override + public Builder setRepeatedField( + com.google.protobuf.Descriptors.FieldDescriptor field, + int index, java.lang.Object value) { + return super.setRepeatedField(field, index, value); + } + @java.lang.Override + public Builder addRepeatedField( + com.google.protobuf.Descriptors.FieldDescriptor field, + java.lang.Object value) { + return super.addRepeatedField(field, value); + } + @java.lang.Override + public Builder mergeFrom(com.google.protobuf.Message other) { + if (other instanceof io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq) { + return mergeFrom((io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq)other); + } else { + super.mergeFrom(other); + return this; + } + } + + public Builder mergeFrom(io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq other) { + if (other == io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.getDefaultInstance()) return this; + if (other.mode_ != 0) { + setModeValue(other.getModeValue()); + } + switch (other.getPeerOneofCase()) { + case CLIENT_PEER: { + mergeClientPeer(other.getClientPeer()); + break; + } + case SERVER_PEER: { + mergeServerPeer(other.getServerPeer()); + break; + } + case PEERONEOF_NOT_SET: { + break; + } + } + this.mergeUnknownFields(other.getUnknownFields()); + onChanged(); + return this; + } + + @java.lang.Override + public final boolean isInitialized() { + return true; + } + + @java.lang.Override + public Builder mergeFrom( + com.google.protobuf.CodedInputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + if (extensionRegistry == null) { + throw new java.lang.NullPointerException(); + } + try { + boolean done = false; + while (!done) { + int tag = input.readTag(); + switch (tag) { + case 0: + done = true; + break; + case 8: { + mode_ = input.readEnum(); + bitField0_ |= 0x00000001; + break; + } // case 8 + case 18: { + input.readMessage( + getClientPeerFieldBuilder().getBuilder(), + extensionRegistry); + peerOneofCase_ = 2; + break; + } // case 18 + case 26: { + input.readMessage( + getServerPeerFieldBuilder().getBuilder(), + extensionRegistry); + peerOneofCase_ = 3; + break; + } // case 26 + default: { + if (!super.parseUnknownField(input, extensionRegistry, tag)) { + done = true; // was an endgroup tag + } + break; + } // default: + } // switch (tag) + } // while (!done) + } catch (com.google.protobuf.InvalidProtocolBufferException e) { + throw e.unwrapIOException(); + } finally { + onChanged(); + } // finally + return this; + } + private int peerOneofCase_ = 0; + private java.lang.Object peerOneof_; + public PeerOneofCase + getPeerOneofCase() { + return PeerOneofCase.forNumber( + peerOneofCase_); + } + + public Builder clearPeerOneof() { + peerOneofCase_ = 0; + peerOneof_ = null; + onChanged(); + return this; + } + + private int bitField0_; + + private int mode_ = 0; + /** + * 
+     * The verification mode that S2A MUST use to validate the peer certificate
+     * chain.
+     *
+ * + * .grpc.gcp.ValidatePeerCertificateChainReq.VerificationMode mode = 1; + * @return The enum numeric value on the wire for mode. + */ + @java.lang.Override public int getModeValue() { + return mode_; + } + /** + * 
+     * The verification mode that S2A MUST use to validate the peer certificate
+     * chain.
+     *
+ * + * .grpc.gcp.ValidatePeerCertificateChainReq.VerificationMode mode = 1; + * @param value The enum numeric value on the wire for mode to set. + * @return This builder for chaining. + */ + public Builder setModeValue(int value) { + mode_ = value; + bitField0_ |= 0x00000001; + onChanged(); + return this; + } + /** + * 
+     * The verification mode that S2A MUST use to validate the peer certificate
+     * chain.
+     *
+ * + * .grpc.gcp.ValidatePeerCertificateChainReq.VerificationMode mode = 1; + * @return The mode. + */ + @java.lang.Override + public io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.VerificationMode getMode() { + io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.VerificationMode result = io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.VerificationMode.forNumber(mode_); + return result == null ? io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.VerificationMode.UNRECOGNIZED : result; + } + /** + * 
+     * The verification mode that S2A MUST use to validate the peer certificate
+     * chain.
+     *
+ * + * .grpc.gcp.ValidatePeerCertificateChainReq.VerificationMode mode = 1; + * @param value The mode to set. + * @return This builder for chaining. + */ + public Builder setMode(io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.VerificationMode value) { + if (value == null) { + throw new NullPointerException(); + } + bitField0_ |= 0x00000001; + mode_ = value.getNumber(); + onChanged(); + return this; + } + /** + * 
+     * The verification mode that S2A MUST use to validate the peer certificate
+     * chain.
+     *
+ * + * .grpc.gcp.ValidatePeerCertificateChainReq.VerificationMode mode = 1; + * @return This builder for chaining. + */ + public Builder clearMode() { + bitField0_ = (bitField0_ & ~0x00000001); + mode_ = 0; + onChanged(); + return this; + } + + private com.google.protobuf.SingleFieldBuilderV3< + io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeer, io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeer.Builder, io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeerOrBuilder> clientPeerBuilder_; + /** + * .grpc.gcp.ValidatePeerCertificateChainReq.ClientPeer client_peer = 2; + * @return Whether the clientPeer field is set. + */ + @java.lang.Override + public boolean hasClientPeer() { + return peerOneofCase_ == 2; + } + /** + * .grpc.gcp.ValidatePeerCertificateChainReq.ClientPeer client_peer = 2; + * @return The clientPeer. + */ + @java.lang.Override + public io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeer getClientPeer() { + if (clientPeerBuilder_ == null) { + if (peerOneofCase_ == 2) { + return (io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeer) peerOneof_; + } + return io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeer.getDefaultInstance(); + } else { + if (peerOneofCase_ == 2) { + return clientPeerBuilder_.getMessage(); + } + return io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeer.getDefaultInstance(); + } + } + /** + * .grpc.gcp.ValidatePeerCertificateChainReq.ClientPeer client_peer = 2; + */ + public Builder setClientPeer(io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeer value) { + if (clientPeerBuilder_ == null) { + if (value == null) { + throw new NullPointerException(); + } + peerOneof_ = value; + onChanged(); + } else { + clientPeerBuilder_.setMessage(value); + } + peerOneofCase_ = 2; + return this; + } + /** + * .grpc.gcp.ValidatePeerCertificateChainReq.ClientPeer client_peer = 2; + */ + public Builder setClientPeer( + io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeer.Builder builderForValue) { + if (clientPeerBuilder_ == null) { + peerOneof_ = builderForValue.build(); + onChanged(); + } else { + clientPeerBuilder_.setMessage(builderForValue.build()); + } + peerOneofCase_ = 2; + return this; + } + /** + * .grpc.gcp.ValidatePeerCertificateChainReq.ClientPeer client_peer = 2; + */ + public Builder mergeClientPeer(io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeer value) { + if (clientPeerBuilder_ == null) { + if (peerOneofCase_ == 2 && + peerOneof_ != io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeer.getDefaultInstance()) { + peerOneof_ = io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeer.newBuilder((io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeer) peerOneof_) + .mergeFrom(value).buildPartial(); + } else { + peerOneof_ = value; + } + onChanged(); + } else { + if (peerOneofCase_ == 2) { + clientPeerBuilder_.mergeFrom(value); + } else { + clientPeerBuilder_.setMessage(value); + } + } + peerOneofCase_ = 2; + return this; + } + /** + * .grpc.gcp.ValidatePeerCertificateChainReq.ClientPeer client_peer = 2; + */ + public Builder clearClientPeer() { + if (clientPeerBuilder_ == null) { + if (peerOneofCase_ == 2) { + peerOneofCase_ = 0; + peerOneof_ = null; + onChanged(); + } + } else { + if (peerOneofCase_ == 2) { + peerOneofCase_ = 0; + peerOneof_ = null; + } + clientPeerBuilder_.clear(); + } + return this; + } + /** + * .grpc.gcp.ValidatePeerCertificateChainReq.ClientPeer client_peer = 2; + */ + public io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeer.Builder getClientPeerBuilder() { + return getClientPeerFieldBuilder().getBuilder(); + } + /** + * .grpc.gcp.ValidatePeerCertificateChainReq.ClientPeer client_peer = 2; + */ + @java.lang.Override + public io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeerOrBuilder getClientPeerOrBuilder() { + if ((peerOneofCase_ == 2) && (clientPeerBuilder_ != null)) { + return clientPeerBuilder_.getMessageOrBuilder(); + } else { + if (peerOneofCase_ == 2) { + return (io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeer) peerOneof_; + } + return io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeer.getDefaultInstance(); + } + } + /** + * .grpc.gcp.ValidatePeerCertificateChainReq.ClientPeer client_peer = 2; + */ + private com.google.protobuf.SingleFieldBuilderV3< + io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeer, io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeer.Builder, io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeerOrBuilder> + getClientPeerFieldBuilder() { + if (clientPeerBuilder_ == null) { + if (!(peerOneofCase_ == 2)) { + peerOneof_ = io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeer.getDefaultInstance(); + } + clientPeerBuilder_ = new com.google.protobuf.SingleFieldBuilderV3< + io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeer, io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeer.Builder, io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeerOrBuilder>( + (io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeer) peerOneof_, + getParentForChildren(), + isClean()); + peerOneof_ = null; + } + peerOneofCase_ = 2; + onChanged(); + return clientPeerBuilder_; + } + + private com.google.protobuf.SingleFieldBuilderV3< + io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeer, io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeer.Builder, io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeerOrBuilder> serverPeerBuilder_; + /** + * .grpc.gcp.ValidatePeerCertificateChainReq.ServerPeer server_peer = 3; + * @return Whether the serverPeer field is set. + */ + @java.lang.Override + public boolean hasServerPeer() { + return peerOneofCase_ == 3; + } + /** + * .grpc.gcp.ValidatePeerCertificateChainReq.ServerPeer server_peer = 3; + * @return The serverPeer. + */ + @java.lang.Override + public io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeer getServerPeer() { + if (serverPeerBuilder_ == null) { + if (peerOneofCase_ == 3) { + return (io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeer) peerOneof_; + } + return io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeer.getDefaultInstance(); + } else { + if (peerOneofCase_ == 3) { + return serverPeerBuilder_.getMessage(); + } + return io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeer.getDefaultInstance(); + } + } + /** + * .grpc.gcp.ValidatePeerCertificateChainReq.ServerPeer server_peer = 3; + */ + public Builder setServerPeer(io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeer value) { + if (serverPeerBuilder_ == null) { + if (value == null) { + throw new NullPointerException(); + } + peerOneof_ = value; + onChanged(); + } else { + serverPeerBuilder_.setMessage(value); + } + peerOneofCase_ = 3; + return this; + } + /** + * .grpc.gcp.ValidatePeerCertificateChainReq.ServerPeer server_peer = 3; + */ + public Builder setServerPeer( + io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeer.Builder builderForValue) { + if (serverPeerBuilder_ == null) { + peerOneof_ = builderForValue.build(); + onChanged(); + } else { + serverPeerBuilder_.setMessage(builderForValue.build()); + } + peerOneofCase_ = 3; + return this; + } + /** + * .grpc.gcp.ValidatePeerCertificateChainReq.ServerPeer server_peer = 3; + */ + public Builder mergeServerPeer(io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeer value) { + if (serverPeerBuilder_ == null) { + if (peerOneofCase_ == 3 && + peerOneof_ != io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeer.getDefaultInstance()) { + peerOneof_ = io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeer.newBuilder((io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeer) peerOneof_) + .mergeFrom(value).buildPartial(); + } else { + peerOneof_ = value; + } + onChanged(); + } else { + if (peerOneofCase_ == 3) { + serverPeerBuilder_.mergeFrom(value); + } else { + serverPeerBuilder_.setMessage(value); + } + } + peerOneofCase_ = 3; + return this; + } + /** + * .grpc.gcp.ValidatePeerCertificateChainReq.ServerPeer server_peer = 3; + */ + public Builder clearServerPeer() { + if (serverPeerBuilder_ == null) { + if (peerOneofCase_ == 3) { + peerOneofCase_ = 0; + peerOneof_ = null; + onChanged(); + } + } else { + if (peerOneofCase_ == 3) { + peerOneofCase_ = 0; + peerOneof_ = null; + } + serverPeerBuilder_.clear(); + } + return this; + } + /** + * .grpc.gcp.ValidatePeerCertificateChainReq.ServerPeer server_peer = 3; + */ + public io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeer.Builder getServerPeerBuilder() { + return getServerPeerFieldBuilder().getBuilder(); + } + /** + * .grpc.gcp.ValidatePeerCertificateChainReq.ServerPeer server_peer = 3; + */ + @java.lang.Override + public io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeerOrBuilder getServerPeerOrBuilder() { + if ((peerOneofCase_ == 3) && (serverPeerBuilder_ != null)) { + return serverPeerBuilder_.getMessageOrBuilder(); + } else { + if (peerOneofCase_ == 3) { + return (io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeer) peerOneof_; + } + return io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeer.getDefaultInstance(); + } + } + /** + * .grpc.gcp.ValidatePeerCertificateChainReq.ServerPeer server_peer = 3; + */ + private com.google.protobuf.SingleFieldBuilderV3< + io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeer, io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeer.Builder, io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeerOrBuilder> + getServerPeerFieldBuilder() { + if (serverPeerBuilder_ == null) { + if (!(peerOneofCase_ == 3)) { + peerOneof_ = io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeer.getDefaultInstance(); + } + serverPeerBuilder_ = new com.google.protobuf.SingleFieldBuilderV3< + io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeer, io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeer.Builder, io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeerOrBuilder>( + (io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeer) peerOneof_, + getParentForChildren(), + isClean()); + peerOneof_ = null; + } + peerOneofCase_ = 3; + onChanged(); + return serverPeerBuilder_; + } + @java.lang.Override + public final Builder setUnknownFields( + final com.google.protobuf.UnknownFieldSet unknownFields) { + return super.setUnknownFields(unknownFields); + } + + @java.lang.Override + public final Builder mergeUnknownFields( + final com.google.protobuf.UnknownFieldSet unknownFields) { + return super.mergeUnknownFields(unknownFields); + } + + + // @@protoc_insertion_point(builder_scope:grpc.gcp.ValidatePeerCertificateChainReq) + } + + // @@protoc_insertion_point(class_scope:grpc.gcp.ValidatePeerCertificateChainReq) + private static final io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq DEFAULT_INSTANCE; + static { + DEFAULT_INSTANCE = new io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq(); + } + + public static io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq getDefaultInstance() { + return DEFAULT_INSTANCE; + } + + private static final com.google.protobuf.Parser + PARSER = new com.google.protobuf.AbstractParser() { + @java.lang.Override + public ValidatePeerCertificateChainReq parsePartialFrom( + com.google.protobuf.CodedInputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + Builder builder = newBuilder(); + try { + builder.mergeFrom(input, extensionRegistry); + } catch (com.google.protobuf.InvalidProtocolBufferException e) { + throw e.setUnfinishedMessage(builder.buildPartial()); + } catch (com.google.protobuf.UninitializedMessageException e) { + throw e.asInvalidProtocolBufferException().setUnfinishedMessage(builder.buildPartial()); + } catch (java.io.IOException e) { + throw new com.google.protobuf.InvalidProtocolBufferException(e) + .setUnfinishedMessage(builder.buildPartial()); + } + return builder.buildPartial(); + } + }; + + public static com.google.protobuf.Parser parser() { + return PARSER; + } + + @java.lang.Override + public com.google.protobuf.Parser getParserForType() { + return PARSER; + } + + @java.lang.Override + public io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq getDefaultInstanceForType() { + return DEFAULT_INSTANCE; + } + +} + diff --git a/s2a/src/generated/main/java/io/grpc/s2a/handshaker/ValidatePeerCertificateChainReqOrBuilder.java b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/ValidatePeerCertificateChainReqOrBuilder.java new file mode 100644 index 000000000000..9dff410bb2b4 --- /dev/null +++ b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/ValidatePeerCertificateChainReqOrBuilder.java @@ -0,0 +1,63 @@ +// Generated by the protocol buffer compiler. DO NOT EDIT! +// source: s2a.proto + +// Protobuf Java Version: 3.25.1 +package io.grpc.s2a.handshaker; + +public interface ValidatePeerCertificateChainReqOrBuilder extends + // @@protoc_insertion_point(interface_extends:grpc.gcp.ValidatePeerCertificateChainReq) + com.google.protobuf.MessageOrBuilder { + + /** + * 
+   * The verification mode that S2A MUST use to validate the peer certificate
+   * chain.
+   *
+ * + * .grpc.gcp.ValidatePeerCertificateChainReq.VerificationMode mode = 1; + * @return The enum numeric value on the wire for mode. + */ + int getModeValue(); + /** + * 
+   * The verification mode that S2A MUST use to validate the peer certificate
+   * chain.
+   *
+ * + * .grpc.gcp.ValidatePeerCertificateChainReq.VerificationMode mode = 1; + * @return The mode. + */ + io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.VerificationMode getMode(); + + /** + * .grpc.gcp.ValidatePeerCertificateChainReq.ClientPeer client_peer = 2; + * @return Whether the clientPeer field is set. + */ + boolean hasClientPeer(); + /** + * .grpc.gcp.ValidatePeerCertificateChainReq.ClientPeer client_peer = 2; + * @return The clientPeer. + */ + io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeer getClientPeer(); + /** + * .grpc.gcp.ValidatePeerCertificateChainReq.ClientPeer client_peer = 2; + */ + io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ClientPeerOrBuilder getClientPeerOrBuilder(); + + /** + * .grpc.gcp.ValidatePeerCertificateChainReq.ServerPeer server_peer = 3; + * @return Whether the serverPeer field is set. + */ + boolean hasServerPeer(); + /** + * .grpc.gcp.ValidatePeerCertificateChainReq.ServerPeer server_peer = 3; + * @return The serverPeer. + */ + io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeer getServerPeer(); + /** + * .grpc.gcp.ValidatePeerCertificateChainReq.ServerPeer server_peer = 3; + */ + io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.ServerPeerOrBuilder getServerPeerOrBuilder(); + + io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.PeerOneofCase getPeerOneofCase(); +} diff --git a/s2a/src/generated/main/java/io/grpc/s2a/handshaker/ValidatePeerCertificateChainResp.java b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/ValidatePeerCertificateChainResp.java new file mode 100644 index 000000000000..498b83a07d66 --- /dev/null +++ b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/ValidatePeerCertificateChainResp.java @@ -0,0 +1,1093 @@ +// Generated by the protocol buffer compiler. DO NOT EDIT! +// source: s2a.proto + +// Protobuf Java Version: 3.25.1 +package io.grpc.s2a.handshaker; + +/** + * Protobuf type {@code grpc.gcp.ValidatePeerCertificateChainResp} + */ +public final class ValidatePeerCertificateChainResp extends + com.google.protobuf.GeneratedMessageV3 implements + // @@protoc_insertion_point(message_implements:grpc.gcp.ValidatePeerCertificateChainResp) + ValidatePeerCertificateChainRespOrBuilder { +private static final long serialVersionUID = 0L; + // Use ValidatePeerCertificateChainResp.newBuilder() to construct. + private ValidatePeerCertificateChainResp(com.google.protobuf.GeneratedMessageV3.Builder builder) { + super(builder); + } + private ValidatePeerCertificateChainResp() { + validationResult_ = 0; + validationDetails_ = ""; + } + + @java.lang.Override + @SuppressWarnings({"unused"}) + protected java.lang.Object newInstance( + UnusedPrivateParameter unused) { + return new ValidatePeerCertificateChainResp(); + } + + public static final com.google.protobuf.Descriptors.Descriptor + getDescriptor() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_ValidatePeerCertificateChainResp_descriptor; + } + + @java.lang.Override + protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable + internalGetFieldAccessorTable() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_ValidatePeerCertificateChainResp_fieldAccessorTable + .ensureFieldAccessorsInitialized( + io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp.class, io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp.Builder.class); + } + + /** + * Protobuf enum {@code grpc.gcp.ValidatePeerCertificateChainResp.ValidationResult} + */ + public enum ValidationResult + implements com.google.protobuf.ProtocolMessageEnum { + /** + * UNSPECIFIED = 0; + */ + UNSPECIFIED(0), + /** + * SUCCESS = 1; + */ + SUCCESS(1), + /** + * FAILURE = 2; + */ + FAILURE(2), + UNRECOGNIZED(-1), + ; + + /** + * UNSPECIFIED = 0; + */ + public static final int UNSPECIFIED_VALUE = 0; + /** + * SUCCESS = 1; + */ + public static final int SUCCESS_VALUE = 1; + /** + * FAILURE = 2; + */ + public static final int FAILURE_VALUE = 2; + + + public final int getNumber() { + if (this == UNRECOGNIZED) { + throw new java.lang.IllegalArgumentException( + "Can't get the number of an unknown enum value."); + } + return value; + } + + /** + * @param value The numeric wire value of the corresponding enum entry. + * @return The enum associated with the given numeric wire value. + * @deprecated Use {@link #forNumber(int)} instead. + */ + @java.lang.Deprecated + public static ValidationResult valueOf(int value) { + return forNumber(value); + } + + /** + * @param value The numeric wire value of the corresponding enum entry. + * @return The enum associated with the given numeric wire value. + */ + public static ValidationResult forNumber(int value) { + switch (value) { + case 0: return UNSPECIFIED; + case 1: return SUCCESS; + case 2: return FAILURE; + default: return null; + } + } + + public static com.google.protobuf.Internal.EnumLiteMap + internalGetValueMap() { + return internalValueMap; + } + private static final com.google.protobuf.Internal.EnumLiteMap< + ValidationResult> internalValueMap = + new com.google.protobuf.Internal.EnumLiteMap() { + public ValidationResult findValueByNumber(int number) { + return ValidationResult.forNumber(number); + } + }; + + public final com.google.protobuf.Descriptors.EnumValueDescriptor + getValueDescriptor() { + if (this == UNRECOGNIZED) { + throw new java.lang.IllegalStateException( + "Can't get the descriptor of an unrecognized enum value."); + } + return getDescriptor().getValues().get(ordinal()); + } + public final com.google.protobuf.Descriptors.EnumDescriptor + getDescriptorForType() { + return getDescriptor(); + } + public static final com.google.protobuf.Descriptors.EnumDescriptor + getDescriptor() { + return io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp.getDescriptor().getEnumTypes().get(0); + } + + private static final ValidationResult[] VALUES = values(); + + public static ValidationResult valueOf( + com.google.protobuf.Descriptors.EnumValueDescriptor desc) { + if (desc.getType() != getDescriptor()) { + throw new java.lang.IllegalArgumentException( + "EnumValueDescriptor is not for this type."); + } + if (desc.getIndex() == -1) { + return UNRECOGNIZED; + } + return VALUES[desc.getIndex()]; + } + + private final int value; + + private ValidationResult(int value) { + this.value = value; + } + + // @@protoc_insertion_point(enum_scope:grpc.gcp.ValidatePeerCertificateChainResp.ValidationResult) + } + + private int bitField0_; + public static final int VALIDATION_RESULT_FIELD_NUMBER = 1; + private int validationResult_ = 0; + /** + * 
+   * The result of validating the peer certificate chain.
+   *
+ * + * .grpc.gcp.ValidatePeerCertificateChainResp.ValidationResult validation_result = 1; + * @return The enum numeric value on the wire for validationResult. + */ + @java.lang.Override public int getValidationResultValue() { + return validationResult_; + } + /** + * 
+   * The result of validating the peer certificate chain.
+   *
+ * + * .grpc.gcp.ValidatePeerCertificateChainResp.ValidationResult validation_result = 1; + * @return The validationResult. + */ + @java.lang.Override public io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp.ValidationResult getValidationResult() { + io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp.ValidationResult result = io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp.ValidationResult.forNumber(validationResult_); + return result == null ? io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp.ValidationResult.UNRECOGNIZED : result; + } + + public static final int VALIDATION_DETAILS_FIELD_NUMBER = 2; + @SuppressWarnings("serial") + private volatile java.lang.Object validationDetails_ = ""; + /** + * 
+   * The validation details. This field is only populated when the validation
+   * result is NOT SUCCESS.
+   *
+ * + * string validation_details = 2; + * @return The validationDetails. + */ + @java.lang.Override + public java.lang.String getValidationDetails() { + java.lang.Object ref = validationDetails_; + if (ref instanceof java.lang.String) { + return (java.lang.String) ref; + } else { + com.google.protobuf.ByteString bs = + (com.google.protobuf.ByteString) ref; + java.lang.String s = bs.toStringUtf8(); + validationDetails_ = s; + return s; + } + } + /** + * 
+   * The validation details. This field is only populated when the validation
+   * result is NOT SUCCESS.
+   *
+ * + * string validation_details = 2; + * @return The bytes for validationDetails. + */ + @java.lang.Override + public com.google.protobuf.ByteString + getValidationDetailsBytes() { + java.lang.Object ref = validationDetails_; + if (ref instanceof java.lang.String) { + com.google.protobuf.ByteString b = + com.google.protobuf.ByteString.copyFromUtf8( + (java.lang.String) ref); + validationDetails_ = b; + return b; + } else { + return (com.google.protobuf.ByteString) ref; + } + } + + public static final int CONTEXT_FIELD_NUMBER = 3; + private io.grpc.s2a.handshaker.S2AContext context_; + /** + * 
+   * The S2A context contains information from the peer certificate chain.
+   *
+   * The S2A context MAY be populated even if validation of the peer certificate
+   * chain fails.
+   *
+ * + * .grpc.gcp.S2AContext context = 3; + * @return Whether the context field is set. + */ + @java.lang.Override + public boolean hasContext() { + return ((bitField0_ & 0x00000001) != 0); + } + /** + * 
+   * The S2A context contains information from the peer certificate chain.
+   *
+   * The S2A context MAY be populated even if validation of the peer certificate
+   * chain fails.
+   *
+ * + * .grpc.gcp.S2AContext context = 3; + * @return The context. + */ + @java.lang.Override + public io.grpc.s2a.handshaker.S2AContext getContext() { + return context_ == null ? io.grpc.s2a.handshaker.S2AContext.getDefaultInstance() : context_; + } + /** + * 
+   * The S2A context contains information from the peer certificate chain.
+   *
+   * The S2A context MAY be populated even if validation of the peer certificate
+   * chain fails.
+   *
+ * + * .grpc.gcp.S2AContext context = 3; + */ + @java.lang.Override + public io.grpc.s2a.handshaker.S2AContextOrBuilder getContextOrBuilder() { + return context_ == null ? io.grpc.s2a.handshaker.S2AContext.getDefaultInstance() : context_; + } + + private byte memoizedIsInitialized = -1; + @java.lang.Override + public final boolean isInitialized() { + byte isInitialized = memoizedIsInitialized; + if (isInitialized == 1) return true; + if (isInitialized == 0) return false; + + memoizedIsInitialized = 1; + return true; + } + + @java.lang.Override + public void writeTo(com.google.protobuf.CodedOutputStream output) + throws java.io.IOException { + if (validationResult_ != io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp.ValidationResult.UNSPECIFIED.getNumber()) { + output.writeEnum(1, validationResult_); + } + if (!com.google.protobuf.GeneratedMessageV3.isStringEmpty(validationDetails_)) { + com.google.protobuf.GeneratedMessageV3.writeString(output, 2, validationDetails_); + } + if (((bitField0_ & 0x00000001) != 0)) { + output.writeMessage(3, getContext()); + } + getUnknownFields().writeTo(output); + } + + @java.lang.Override + public int getSerializedSize() { + int size = memoizedSize; + if (size != -1) return size; + + size = 0; + if (validationResult_ != io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp.ValidationResult.UNSPECIFIED.getNumber()) { + size += com.google.protobuf.CodedOutputStream + .computeEnumSize(1, validationResult_); + } + if (!com.google.protobuf.GeneratedMessageV3.isStringEmpty(validationDetails_)) { + size += com.google.protobuf.GeneratedMessageV3.computeStringSize(2, validationDetails_); + } + if (((bitField0_ & 0x00000001) != 0)) { + size += com.google.protobuf.CodedOutputStream + .computeMessageSize(3, getContext()); + } + size += getUnknownFields().getSerializedSize(); + memoizedSize = size; + return size; + } + + @java.lang.Override + public boolean equals(final java.lang.Object obj) { + if (obj == this) { + return true; + } + if (!(obj instanceof io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp)) { + return super.equals(obj); + } + io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp other = (io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp) obj; + + if (validationResult_ != other.validationResult_) return false; + if (!getValidationDetails() + .equals(other.getValidationDetails())) return false; + if (hasContext() != other.hasContext()) return false; + if (hasContext()) { + if (!getContext() + .equals(other.getContext())) return false; + } + if (!getUnknownFields().equals(other.getUnknownFields())) return false; + return true; + } + + @java.lang.Override + public int hashCode() { + if (memoizedHashCode != 0) { + return memoizedHashCode; + } + int hash = 41; + hash = (19 * hash) + getDescriptor().hashCode(); + hash = (37 * hash) + VALIDATION_RESULT_FIELD_NUMBER; + hash = (53 * hash) + validationResult_; + hash = (37 * hash) + VALIDATION_DETAILS_FIELD_NUMBER; + hash = (53 * hash) + getValidationDetails().hashCode(); + if (hasContext()) { + hash = (37 * hash) + CONTEXT_FIELD_NUMBER; + hash = (53 * hash) + getContext().hashCode(); + } + hash = (29 * hash) + getUnknownFields().hashCode(); + memoizedHashCode = hash; + return hash; + } + + public static io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp parseFrom( + java.nio.ByteBuffer data) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data); + } + public static io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp parseFrom( + java.nio.ByteBuffer data, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data, extensionRegistry); + } + public static io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp parseFrom( + com.google.protobuf.ByteString data) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data); + } + public static io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp parseFrom( + com.google.protobuf.ByteString data, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data, extensionRegistry); + } + public static io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp parseFrom(byte[] data) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data); + } + public static io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp parseFrom( + byte[] data, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + return PARSER.parseFrom(data, extensionRegistry); + } + public static io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp parseFrom(java.io.InputStream input) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input); + } + public static io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp parseFrom( + java.io.InputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input, extensionRegistry); + } + + public static io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp parseDelimitedFrom(java.io.InputStream input) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseDelimitedWithIOException(PARSER, input); + } + + public static io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp parseDelimitedFrom( + java.io.InputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseDelimitedWithIOException(PARSER, input, extensionRegistry); + } + public static io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp parseFrom( + com.google.protobuf.CodedInputStream input) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input); + } + public static io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp parseFrom( + com.google.protobuf.CodedInputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + return com.google.protobuf.GeneratedMessageV3 + .parseWithIOException(PARSER, input, extensionRegistry); + } + + @java.lang.Override + public Builder newBuilderForType() { return newBuilder(); } + public static Builder newBuilder() { + return DEFAULT_INSTANCE.toBuilder(); + } + public static Builder newBuilder(io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp prototype) { + return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype); + } + @java.lang.Override + public Builder toBuilder() { + return this == DEFAULT_INSTANCE + ? new Builder() : new Builder().mergeFrom(this); + } + + @java.lang.Override + protected Builder newBuilderForType( + com.google.protobuf.GeneratedMessageV3.BuilderParent parent) { + Builder builder = new Builder(parent); + return builder; + } + /** + * Protobuf type {@code grpc.gcp.ValidatePeerCertificateChainResp} + */ + public static final class Builder extends + com.google.protobuf.GeneratedMessageV3.Builder implements + // @@protoc_insertion_point(builder_implements:grpc.gcp.ValidatePeerCertificateChainResp) + io.grpc.s2a.handshaker.ValidatePeerCertificateChainRespOrBuilder { + public static final com.google.protobuf.Descriptors.Descriptor + getDescriptor() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_ValidatePeerCertificateChainResp_descriptor; + } + + @java.lang.Override + protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable + internalGetFieldAccessorTable() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_ValidatePeerCertificateChainResp_fieldAccessorTable + .ensureFieldAccessorsInitialized( + io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp.class, io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp.Builder.class); + } + + // Construct using io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp.newBuilder() + private Builder() { + maybeForceBuilderInitialization(); + } + + private Builder( + com.google.protobuf.GeneratedMessageV3.BuilderParent parent) { + super(parent); + maybeForceBuilderInitialization(); + } + private void maybeForceBuilderInitialization() { + if (com.google.protobuf.GeneratedMessageV3 + .alwaysUseFieldBuilders) { + getContextFieldBuilder(); + } + } + @java.lang.Override + public Builder clear() { + super.clear(); + bitField0_ = 0; + validationResult_ = 0; + validationDetails_ = ""; + context_ = null; + if (contextBuilder_ != null) { + contextBuilder_.dispose(); + contextBuilder_ = null; + } + return this; + } + + @java.lang.Override + public com.google.protobuf.Descriptors.Descriptor + getDescriptorForType() { + return io.grpc.s2a.handshaker.S2AProto.internal_static_grpc_gcp_ValidatePeerCertificateChainResp_descriptor; + } + + @java.lang.Override + public io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp getDefaultInstanceForType() { + return io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp.getDefaultInstance(); + } + + @java.lang.Override + public io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp build() { + io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp result = buildPartial(); + if (!result.isInitialized()) { + throw newUninitializedMessageException(result); + } + return result; + } + + @java.lang.Override + public io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp buildPartial() { + io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp result = new io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp(this); + if (bitField0_ != 0) { buildPartial0(result); } + onBuilt(); + return result; + } + + private void buildPartial0(io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp result) { + int from_bitField0_ = bitField0_; + if (((from_bitField0_ & 0x00000001) != 0)) { + result.validationResult_ = validationResult_; + } + if (((from_bitField0_ & 0x00000002) != 0)) { + result.validationDetails_ = validationDetails_; + } + int to_bitField0_ = 0; + if (((from_bitField0_ & 0x00000004) != 0)) { + result.context_ = contextBuilder_ == null + ? context_ + : contextBuilder_.build(); + to_bitField0_ |= 0x00000001; + } + result.bitField0_ |= to_bitField0_; + } + + @java.lang.Override + public Builder clone() { + return super.clone(); + } + @java.lang.Override + public Builder setField( + com.google.protobuf.Descriptors.FieldDescriptor field, + java.lang.Object value) { + return super.setField(field, value); + } + @java.lang.Override + public Builder clearField( + com.google.protobuf.Descriptors.FieldDescriptor field) { + return super.clearField(field); + } + @java.lang.Override + public Builder clearOneof( + com.google.protobuf.Descriptors.OneofDescriptor oneof) { + return super.clearOneof(oneof); + } + @java.lang.Override + public Builder setRepeatedField( + com.google.protobuf.Descriptors.FieldDescriptor field, + int index, java.lang.Object value) { + return super.setRepeatedField(field, index, value); + } + @java.lang.Override + public Builder addRepeatedField( + com.google.protobuf.Descriptors.FieldDescriptor field, + java.lang.Object value) { + return super.addRepeatedField(field, value); + } + @java.lang.Override + public Builder mergeFrom(com.google.protobuf.Message other) { + if (other instanceof io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp) { + return mergeFrom((io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp)other); + } else { + super.mergeFrom(other); + return this; + } + } + + public Builder mergeFrom(io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp other) { + if (other == io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp.getDefaultInstance()) return this; + if (other.validationResult_ != 0) { + setValidationResultValue(other.getValidationResultValue()); + } + if (!other.getValidationDetails().isEmpty()) { + validationDetails_ = other.validationDetails_; + bitField0_ |= 0x00000002; + onChanged(); + } + if (other.hasContext()) { + mergeContext(other.getContext()); + } + this.mergeUnknownFields(other.getUnknownFields()); + onChanged(); + return this; + } + + @java.lang.Override + public final boolean isInitialized() { + return true; + } + + @java.lang.Override + public Builder mergeFrom( + com.google.protobuf.CodedInputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws java.io.IOException { + if (extensionRegistry == null) { + throw new java.lang.NullPointerException(); + } + try { + boolean done = false; + while (!done) { + int tag = input.readTag(); + switch (tag) { + case 0: + done = true; + break; + case 8: { + validationResult_ = input.readEnum(); + bitField0_ |= 0x00000001; + break; + } // case 8 + case 18: { + validationDetails_ = input.readStringRequireUtf8(); + bitField0_ |= 0x00000002; + break; + } // case 18 + case 26: { + input.readMessage( + getContextFieldBuilder().getBuilder(), + extensionRegistry); + bitField0_ |= 0x00000004; + break; + } // case 26 + default: { + if (!super.parseUnknownField(input, extensionRegistry, tag)) { + done = true; // was an endgroup tag + } + break; + } // default: + } // switch (tag) + } // while (!done) + } catch (com.google.protobuf.InvalidProtocolBufferException e) { + throw e.unwrapIOException(); + } finally { + onChanged(); + } // finally + return this; + } + private int bitField0_; + + private int validationResult_ = 0; + /** + * 
+     * The result of validating the peer certificate chain.
+     *
+ * + * .grpc.gcp.ValidatePeerCertificateChainResp.ValidationResult validation_result = 1; + * @return The enum numeric value on the wire for validationResult. + */ + @java.lang.Override public int getValidationResultValue() { + return validationResult_; + } + /** + * 
+     * The result of validating the peer certificate chain.
+     *
+ * + * .grpc.gcp.ValidatePeerCertificateChainResp.ValidationResult validation_result = 1; + * @param value The enum numeric value on the wire for validationResult to set. + * @return This builder for chaining. + */ + public Builder setValidationResultValue(int value) { + validationResult_ = value; + bitField0_ |= 0x00000001; + onChanged(); + return this; + } + /** + * 
+     * The result of validating the peer certificate chain.
+     *
+ * + * .grpc.gcp.ValidatePeerCertificateChainResp.ValidationResult validation_result = 1; + * @return The validationResult. + */ + @java.lang.Override + public io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp.ValidationResult getValidationResult() { + io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp.ValidationResult result = io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp.ValidationResult.forNumber(validationResult_); + return result == null ? io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp.ValidationResult.UNRECOGNIZED : result; + } + /** + * 
+     * The result of validating the peer certificate chain.
+     *
+ * + * .grpc.gcp.ValidatePeerCertificateChainResp.ValidationResult validation_result = 1; + * @param value The validationResult to set. + * @return This builder for chaining. + */ + public Builder setValidationResult(io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp.ValidationResult value) { + if (value == null) { + throw new NullPointerException(); + } + bitField0_ |= 0x00000001; + validationResult_ = value.getNumber(); + onChanged(); + return this; + } + /** + * 
+     * The result of validating the peer certificate chain.
+     *
+ * + * .grpc.gcp.ValidatePeerCertificateChainResp.ValidationResult validation_result = 1; + * @return This builder for chaining. + */ + public Builder clearValidationResult() { + bitField0_ = (bitField0_ & ~0x00000001); + validationResult_ = 0; + onChanged(); + return this; + } + + private java.lang.Object validationDetails_ = ""; + /** + * 
+     * The validation details. This field is only populated when the validation
+     * result is NOT SUCCESS.
+     *
+ * + * string validation_details = 2; + * @return The validationDetails. + */ + public java.lang.String getValidationDetails() { + java.lang.Object ref = validationDetails_; + if (!(ref instanceof java.lang.String)) { + com.google.protobuf.ByteString bs = + (com.google.protobuf.ByteString) ref; + java.lang.String s = bs.toStringUtf8(); + validationDetails_ = s; + return s; + } else { + return (java.lang.String) ref; + } + } + /** + * 
+     * The validation details. This field is only populated when the validation
+     * result is NOT SUCCESS.
+     *
+ * + * string validation_details = 2; + * @return The bytes for validationDetails. + */ + public com.google.protobuf.ByteString + getValidationDetailsBytes() { + java.lang.Object ref = validationDetails_; + if (ref instanceof String) { + com.google.protobuf.ByteString b = + com.google.protobuf.ByteString.copyFromUtf8( + (java.lang.String) ref); + validationDetails_ = b; + return b; + } else { + return (com.google.protobuf.ByteString) ref; + } + } + /** + * 
+     * The validation details. This field is only populated when the validation
+     * result is NOT SUCCESS.
+     *
+ * + * string validation_details = 2; + * @param value The validationDetails to set. + * @return This builder for chaining. + */ + public Builder setValidationDetails( + java.lang.String value) { + if (value == null) { throw new NullPointerException(); } + validationDetails_ = value; + bitField0_ |= 0x00000002; + onChanged(); + return this; + } + /** + * 
+     * The validation details. This field is only populated when the validation
+     * result is NOT SUCCESS.
+     *
+ * + * string validation_details = 2; + * @return This builder for chaining. + */ + public Builder clearValidationDetails() { + validationDetails_ = getDefaultInstance().getValidationDetails(); + bitField0_ = (bitField0_ & ~0x00000002); + onChanged(); + return this; + } + /** + * 
+     * The validation details. This field is only populated when the validation
+     * result is NOT SUCCESS.
+     *
+ * + * string validation_details = 2; + * @param value The bytes for validationDetails to set. + * @return This builder for chaining. + */ + public Builder setValidationDetailsBytes( + com.google.protobuf.ByteString value) { + if (value == null) { throw new NullPointerException(); } + checkByteStringIsUtf8(value); + validationDetails_ = value; + bitField0_ |= 0x00000002; + onChanged(); + return this; + } + + private io.grpc.s2a.handshaker.S2AContext context_; + private com.google.protobuf.SingleFieldBuilderV3< + io.grpc.s2a.handshaker.S2AContext, io.grpc.s2a.handshaker.S2AContext.Builder, io.grpc.s2a.handshaker.S2AContextOrBuilder> contextBuilder_; + /** + * 
+     * The S2A context contains information from the peer certificate chain.
+     *
+     * The S2A context MAY be populated even if validation of the peer certificate
+     * chain fails.
+     *
+ * + * .grpc.gcp.S2AContext context = 3; + * @return Whether the context field is set. + */ + public boolean hasContext() { + return ((bitField0_ & 0x00000004) != 0); + } + /** + * 
+     * The S2A context contains information from the peer certificate chain.
+     *
+     * The S2A context MAY be populated even if validation of the peer certificate
+     * chain fails.
+     *
+ * + * .grpc.gcp.S2AContext context = 3; + * @return The context. + */ + public io.grpc.s2a.handshaker.S2AContext getContext() { + if (contextBuilder_ == null) { + return context_ == null ? io.grpc.s2a.handshaker.S2AContext.getDefaultInstance() : context_; + } else { + return contextBuilder_.getMessage(); + } + } + /** + * 
+     * The S2A context contains information from the peer certificate chain.
+     *
+     * The S2A context MAY be populated even if validation of the peer certificate
+     * chain fails.
+     *
+ * + * .grpc.gcp.S2AContext context = 3; + */ + public Builder setContext(io.grpc.s2a.handshaker.S2AContext value) { + if (contextBuilder_ == null) { + if (value == null) { + throw new NullPointerException(); + } + context_ = value; + } else { + contextBuilder_.setMessage(value); + } + bitField0_ |= 0x00000004; + onChanged(); + return this; + } + /** + * 
+     * The S2A context contains information from the peer certificate chain.
+     *
+     * The S2A context MAY be populated even if validation of the peer certificate
+     * chain fails.
+     *
+ * + * .grpc.gcp.S2AContext context = 3; + */ + public Builder setContext( + io.grpc.s2a.handshaker.S2AContext.Builder builderForValue) { + if (contextBuilder_ == null) { + context_ = builderForValue.build(); + } else { + contextBuilder_.setMessage(builderForValue.build()); + } + bitField0_ |= 0x00000004; + onChanged(); + return this; + } + /** + * 
+     * The S2A context contains information from the peer certificate chain.
+     *
+     * The S2A context MAY be populated even if validation of the peer certificate
+     * chain fails.
+     *
+ * + * .grpc.gcp.S2AContext context = 3; + */ + public Builder mergeContext(io.grpc.s2a.handshaker.S2AContext value) { + if (contextBuilder_ == null) { + if (((bitField0_ & 0x00000004) != 0) && + context_ != null && + context_ != io.grpc.s2a.handshaker.S2AContext.getDefaultInstance()) { + getContextBuilder().mergeFrom(value); + } else { + context_ = value; + } + } else { + contextBuilder_.mergeFrom(value); + } + if (context_ != null) { + bitField0_ |= 0x00000004; + onChanged(); + } + return this; + } + /** + * 
+     * The S2A context contains information from the peer certificate chain.
+     *
+     * The S2A context MAY be populated even if validation of the peer certificate
+     * chain fails.
+     *
+ * + * .grpc.gcp.S2AContext context = 3; + */ + public Builder clearContext() { + bitField0_ = (bitField0_ & ~0x00000004); + context_ = null; + if (contextBuilder_ != null) { + contextBuilder_.dispose(); + contextBuilder_ = null; + } + onChanged(); + return this; + } + /** + * 
+     * The S2A context contains information from the peer certificate chain.
+     *
+     * The S2A context MAY be populated even if validation of the peer certificate
+     * chain fails.
+     *
+ * + * .grpc.gcp.S2AContext context = 3; + */ + public io.grpc.s2a.handshaker.S2AContext.Builder getContextBuilder() { + bitField0_ |= 0x00000004; + onChanged(); + return getContextFieldBuilder().getBuilder(); + } + /** + * 
+     * The S2A context contains information from the peer certificate chain.
+     *
+     * The S2A context MAY be populated even if validation of the peer certificate
+     * chain fails.
+     *
+ * + * .grpc.gcp.S2AContext context = 3; + */ + public io.grpc.s2a.handshaker.S2AContextOrBuilder getContextOrBuilder() { + if (contextBuilder_ != null) { + return contextBuilder_.getMessageOrBuilder(); + } else { + return context_ == null ? + io.grpc.s2a.handshaker.S2AContext.getDefaultInstance() : context_; + } + } + /** + * 
+     * The S2A context contains information from the peer certificate chain.
+     *
+     * The S2A context MAY be populated even if validation of the peer certificate
+     * chain fails.
+     *
+ * + * .grpc.gcp.S2AContext context = 3; + */ + private com.google.protobuf.SingleFieldBuilderV3< + io.grpc.s2a.handshaker.S2AContext, io.grpc.s2a.handshaker.S2AContext.Builder, io.grpc.s2a.handshaker.S2AContextOrBuilder> + getContextFieldBuilder() { + if (contextBuilder_ == null) { + contextBuilder_ = new com.google.protobuf.SingleFieldBuilderV3< + io.grpc.s2a.handshaker.S2AContext, io.grpc.s2a.handshaker.S2AContext.Builder, io.grpc.s2a.handshaker.S2AContextOrBuilder>( + getContext(), + getParentForChildren(), + isClean()); + context_ = null; + } + return contextBuilder_; + } + @java.lang.Override + public final Builder setUnknownFields( + final com.google.protobuf.UnknownFieldSet unknownFields) { + return super.setUnknownFields(unknownFields); + } + + @java.lang.Override + public final Builder mergeUnknownFields( + final com.google.protobuf.UnknownFieldSet unknownFields) { + return super.mergeUnknownFields(unknownFields); + } + + + // @@protoc_insertion_point(builder_scope:grpc.gcp.ValidatePeerCertificateChainResp) + } + + // @@protoc_insertion_point(class_scope:grpc.gcp.ValidatePeerCertificateChainResp) + private static final io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp DEFAULT_INSTANCE; + static { + DEFAULT_INSTANCE = new io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp(); + } + + public static io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp getDefaultInstance() { + return DEFAULT_INSTANCE; + } + + private static final com.google.protobuf.Parser + PARSER = new com.google.protobuf.AbstractParser() { + @java.lang.Override + public ValidatePeerCertificateChainResp parsePartialFrom( + com.google.protobuf.CodedInputStream input, + com.google.protobuf.ExtensionRegistryLite extensionRegistry) + throws com.google.protobuf.InvalidProtocolBufferException { + Builder builder = newBuilder(); + try { + builder.mergeFrom(input, extensionRegistry); + } catch (com.google.protobuf.InvalidProtocolBufferException e) { + throw e.setUnfinishedMessage(builder.buildPartial()); + } catch (com.google.protobuf.UninitializedMessageException e) { + throw e.asInvalidProtocolBufferException().setUnfinishedMessage(builder.buildPartial()); + } catch (java.io.IOException e) { + throw new com.google.protobuf.InvalidProtocolBufferException(e) + .setUnfinishedMessage(builder.buildPartial()); + } + return builder.buildPartial(); + } + }; + + public static com.google.protobuf.Parser parser() { + return PARSER; + } + + @java.lang.Override + public com.google.protobuf.Parser getParserForType() { + return PARSER; + } + + @java.lang.Override + public io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp getDefaultInstanceForType() { + return DEFAULT_INSTANCE; + } + +} + diff --git a/s2a/src/generated/main/java/io/grpc/s2a/handshaker/ValidatePeerCertificateChainRespOrBuilder.java b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/ValidatePeerCertificateChainRespOrBuilder.java new file mode 100644 index 000000000000..fae70d806afc --- /dev/null +++ b/s2a/src/generated/main/java/io/grpc/s2a/handshaker/ValidatePeerCertificateChainRespOrBuilder.java @@ -0,0 +1,87 @@ +// Generated by the protocol buffer compiler. DO NOT EDIT! +// source: s2a.proto + +// Protobuf Java Version: 3.25.1 +package io.grpc.s2a.handshaker; + +public interface ValidatePeerCertificateChainRespOrBuilder extends + // @@protoc_insertion_point(interface_extends:grpc.gcp.ValidatePeerCertificateChainResp) + com.google.protobuf.MessageOrBuilder { + + /** + * 
+   * The result of validating the peer certificate chain.
+   *
+ * + * .grpc.gcp.ValidatePeerCertificateChainResp.ValidationResult validation_result = 1; + * @return The enum numeric value on the wire for validationResult. + */ + int getValidationResultValue(); + /** + * 
+   * The result of validating the peer certificate chain.
+   *
+ * + * .grpc.gcp.ValidatePeerCertificateChainResp.ValidationResult validation_result = 1; + * @return The validationResult. + */ + io.grpc.s2a.handshaker.ValidatePeerCertificateChainResp.ValidationResult getValidationResult(); + + /** + * 
+   * The validation details. This field is only populated when the validation
+   * result is NOT SUCCESS.
+   *
+ * + * string validation_details = 2; + * @return The validationDetails. + */ + java.lang.String getValidationDetails(); + /** + * 
+   * The validation details. This field is only populated when the validation
+   * result is NOT SUCCESS.
+   *
+ * + * string validation_details = 2; + * @return The bytes for validationDetails. + */ + com.google.protobuf.ByteString + getValidationDetailsBytes(); + + /** + * 
+   * The S2A context contains information from the peer certificate chain.
+   *
+   * The S2A context MAY be populated even if validation of the peer certificate
+   * chain fails.
+   *
+ * + * .grpc.gcp.S2AContext context = 3; + * @return Whether the context field is set. + */ + boolean hasContext(); + /** + * 
+   * The S2A context contains information from the peer certificate chain.
+   *
+   * The S2A context MAY be populated even if validation of the peer certificate
+   * chain fails.
+   *
+ * + * .grpc.gcp.S2AContext context = 3; + * @return The context. + */ + io.grpc.s2a.handshaker.S2AContext getContext(); + /** + * 
+   * The S2A context contains information from the peer certificate chain.
+   *
+   * The S2A context MAY be populated even if validation of the peer certificate
+   * chain fails.
+   *
+ * + * .grpc.gcp.S2AContext context = 3; + */ + io.grpc.s2a.handshaker.S2AContextOrBuilder getContextOrBuilder(); +} diff --git a/s2a/src/main/java/io/grpc/s2a/MtlsToS2AChannelCredentials.java b/s2a/src/main/java/io/grpc/s2a/MtlsToS2AChannelCredentials.java new file mode 100644 index 000000000000..b2aee6db49e2 --- /dev/null +++ b/s2a/src/main/java/io/grpc/s2a/MtlsToS2AChannelCredentials.java @@ -0,0 +1,96 @@ +/* + * Copyright 2024 The gRPC Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.grpc.s2a; + +import static com.google.common.base.Preconditions.checkArgument; +import static com.google.common.base.Preconditions.checkState; +import static com.google.common.base.Strings.isNullOrEmpty; + +import io.grpc.ChannelCredentials; +import io.grpc.TlsChannelCredentials; +import io.grpc.util.AdvancedTlsX509KeyManager; +import io.grpc.util.AdvancedTlsX509TrustManager; +import java.io.File; +import java.io.IOException; +import java.security.GeneralSecurityException; + +/** + * Configures an {@code S2AChannelCredentials.Builder} instance with credentials used to establish a + * connection with the S2A to support talking to the S2A over mTLS. + */ +public final class MtlsToS2AChannelCredentials { + /** + * Creates a {@code S2AChannelCredentials.Builder} builder, that talks to the S2A over mTLS. + * + * @param s2aAddress the address of the S2A server used to secure the connection. + * @param privateKeyPath the path to the private key PEM to use for authenticating to the S2A. + * @param certChainPath the path to the cert chain PEM to use for authenticating to the S2A. + * @param trustBundlePath the path to the trust bundle PEM. + * @return a {@code MtlsToS2AChannelCredentials.Builder} instance. + */ + public static Builder createBuilder( + String s2aAddress, String privateKeyPath, String certChainPath, String trustBundlePath) { + checkArgument(!isNullOrEmpty(s2aAddress), "S2A address must not be null or empty."); + checkArgument(!isNullOrEmpty(privateKeyPath), "privateKeyPath must not be null or empty."); + checkArgument(!isNullOrEmpty(certChainPath), "certChainPath must not be null or empty."); + checkArgument(!isNullOrEmpty(trustBundlePath), "trustBundlePath must not be null or empty."); + return new Builder(s2aAddress, privateKeyPath, certChainPath, trustBundlePath); + } + + /** Builds an {@code MtlsToS2AChannelCredentials} instance. */ + public static final class Builder { + private final String s2aAddress; + private final String privateKeyPath; + private final String certChainPath; + private final String trustBundlePath; + + Builder( + String s2aAddress, String privateKeyPath, String certChainPath, String trustBundlePath) { + this.s2aAddress = s2aAddress; + this.privateKeyPath = privateKeyPath; + this.certChainPath = certChainPath; + this.trustBundlePath = trustBundlePath; + } + + public S2AChannelCredentials.Builder build() throws GeneralSecurityException, IOException { + checkState(!isNullOrEmpty(s2aAddress), "S2A address must not be null or empty."); + checkState(!isNullOrEmpty(privateKeyPath), "privateKeyPath must not be null or empty."); + checkState(!isNullOrEmpty(certChainPath), "certChainPath must not be null or empty."); + checkState(!isNullOrEmpty(trustBundlePath), "trustBundlePath must not be null or empty."); + File privateKeyFile = new File(privateKeyPath); + File certChainFile = new File(certChainPath); + File trustBundleFile = new File(trustBundlePath); + + AdvancedTlsX509KeyManager keyManager = new AdvancedTlsX509KeyManager(); + keyManager.updateIdentityCredentialsFromFile(privateKeyFile, certChainFile); + + AdvancedTlsX509TrustManager trustManager = AdvancedTlsX509TrustManager.newBuilder().build(); + trustManager.updateTrustCredentialsFromFile(trustBundleFile); + + ChannelCredentials channelToS2ACredentials = + TlsChannelCredentials.newBuilder() + .keyManager(keyManager) + .trustManager(trustManager) + .build(); + + return S2AChannelCredentials.createBuilder(s2aAddress) + .setS2AChannelCredentials(channelToS2ACredentials); + } + } + + private MtlsToS2AChannelCredentials() {} +} \ No newline at end of file diff --git a/s2a/src/main/java/io/grpc/s2a/S2AChannelCredentials.java b/s2a/src/main/java/io/grpc/s2a/S2AChannelCredentials.java new file mode 100644 index 000000000000..36620e165a6e --- /dev/null +++ b/s2a/src/main/java/io/grpc/s2a/S2AChannelCredentials.java @@ -0,0 +1,132 @@ +/* + * Copyright 2024 The gRPC Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.grpc.s2a; + +import static com.google.common.base.Preconditions.checkArgument; +import static com.google.common.base.Preconditions.checkNotNull; +import static com.google.common.base.Preconditions.checkState; +import static com.google.common.base.Strings.isNullOrEmpty; + +import com.google.errorprone.annotations.CanIgnoreReturnValue; +import io.grpc.Channel; +import io.grpc.ChannelCredentials; +import io.grpc.internal.ObjectPool; +import io.grpc.internal.SharedResourcePool; +import io.grpc.netty.InternalNettyChannelCredentials; +import io.grpc.netty.InternalProtocolNegotiator; +import io.grpc.s2a.channel.S2AHandshakerServiceChannel; +import io.grpc.s2a.handshaker.S2AIdentity; +import io.grpc.s2a.handshaker.S2AProtocolNegotiatorFactory; +import java.util.Optional; +import javax.annotation.concurrent.NotThreadSafe; +import org.checkerframework.checker.nullness.qual.Nullable; + +/** + * Configures gRPC to use S2Av2 for transport security when establishing a secure channel. Only for + * use on the client side of a gRPC connection. + */ +@NotThreadSafe +public final class S2AChannelCredentials { + /** + * Creates a channel credentials builder for establishing an S2A-secured connection. + * + * @param s2aAddress the address of the S2A server used to secure the connection. + * @return a {@code S2AChannelCredentials.Builder} instance. + */ + public static Builder createBuilder(String s2aAddress) { + checkArgument(!isNullOrEmpty(s2aAddress), "S2A address must not be null or empty."); + return new Builder(s2aAddress); + } + + /** Builds an {@code S2AChannelCredentials} instance. */ + public static final class Builder { + private final String s2aAddress; + private ObjectPool s2aChannelPool; + private Optional s2aChannelCredentials; + private @Nullable S2AIdentity localIdentity = null; + + Builder(String s2aAddress) { + this.s2aAddress = s2aAddress; + this.s2aChannelPool = null; + this.s2aChannelCredentials = Optional.empty(); + } + + /** + * Sets the local identity of the client in the form of a SPIFFE ID. The client may set at most + * 1 local identity. If no local identity is specified, then the S2A chooses a default local + * identity, if one exists. + */ + @CanIgnoreReturnValue + public Builder setLocalSpiffeId(String localSpiffeId) { + checkNotNull(localSpiffeId); + localIdentity = S2AIdentity.fromSpiffeId(localSpiffeId); + return this; + } + + /** + * Sets the local identity of the client in the form of a hostname. The client may set at most 1 + * local identity. If no local identity is specified, then the S2A chooses a default local + * identity, if one exists. + */ + @CanIgnoreReturnValue + public Builder setLocalHostname(String localHostname) { + checkNotNull(localHostname); + localIdentity = S2AIdentity.fromHostname(localHostname); + return this; + } + + /** + * Sets the local identity of the client in the form of a UID. The client may set at most 1 + * local identity. If no local identity is specified, then the S2A chooses a default local + * identity, if one exists. + */ + @CanIgnoreReturnValue + public Builder setLocalUid(String localUid) { + checkNotNull(localUid); + localIdentity = S2AIdentity.fromUid(localUid); + return this; + } + + /** Sets the credentials to be used when connecting to the S2A. */ + @CanIgnoreReturnValue + public Builder setS2AChannelCredentials(ChannelCredentials s2aChannelCredentials) { + this.s2aChannelCredentials = Optional.of(s2aChannelCredentials); + return this; + } + + public ChannelCredentials build() { + checkState(!isNullOrEmpty(s2aAddress), "S2A address must not be null or empty."); + ObjectPool s2aChannelPool = + SharedResourcePool.forResource( + S2AHandshakerServiceChannel.getChannelResource(s2aAddress, s2aChannelCredentials)); + checkNotNull(s2aChannelPool, "s2aChannelPool"); + this.s2aChannelPool = s2aChannelPool; + return InternalNettyChannelCredentials.create(buildProtocolNegotiatorFactory()); + } + + InternalProtocolNegotiator.ClientFactory buildProtocolNegotiatorFactory() { + if (localIdentity == null) { + return S2AProtocolNegotiatorFactory.createClientFactory(Optional.empty(), s2aChannelPool); + } else { + return S2AProtocolNegotiatorFactory.createClientFactory( + Optional.of(localIdentity), s2aChannelPool); + } + } + } + + private S2AChannelCredentials() {} +} \ No newline at end of file diff --git a/s2a/src/main/java/io/grpc/s2a/channel/S2AChannelPool.java b/s2a/src/main/java/io/grpc/s2a/channel/S2AChannelPool.java new file mode 100644 index 000000000000..e0501e91c66c --- /dev/null +++ b/s2a/src/main/java/io/grpc/s2a/channel/S2AChannelPool.java @@ -0,0 +1,43 @@ +/* + * Copyright 2024 The gRPC Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.grpc.s2a.channel; + +import com.google.errorprone.annotations.CanIgnoreReturnValue; +import io.grpc.Channel; +import javax.annotation.concurrent.ThreadSafe; + +/** Manages a channel pool to be used for communication with the S2A. */ +@ThreadSafe +public interface S2AChannelPool extends AutoCloseable { + /** + * Retrieves an open channel to the S2A from the channel pool. + * + *

If no channel is available, blocks until a channel can be retrieved from the channel pool. + */ + @CanIgnoreReturnValue + Channel getChannel(); + + /** Returns a channel to the channel pool. */ + void returnChannel(Channel channel); + + /** + * Returns all channels to the channel pool and closes the pool so that no new channels can be + * retrieved from the pool. + */ + @Override + void close(); +} \ No newline at end of file diff --git a/s2a/src/main/java/io/grpc/s2a/channel/S2AGrpcChannelPool.java b/s2a/src/main/java/io/grpc/s2a/channel/S2AGrpcChannelPool.java new file mode 100644 index 000000000000..1d1de28e64e9 --- /dev/null +++ b/s2a/src/main/java/io/grpc/s2a/channel/S2AGrpcChannelPool.java @@ -0,0 +1,112 @@ +/* + * Copyright 2024 The gRPC Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.grpc.s2a.channel; + +import static com.google.common.base.Preconditions.checkArgument; +import static com.google.common.base.Preconditions.checkNotNull; +import static com.google.common.base.Preconditions.checkState; + +import com.google.errorprone.annotations.concurrent.GuardedBy; +import io.grpc.Channel; +import io.grpc.internal.ObjectPool; +import javax.annotation.concurrent.ThreadSafe; +import org.checkerframework.checker.nullness.qual.Nullable; + +/** + * Manages a gRPC channel pool and a cached gRPC channel to be used for communication with the S2A. + */ +@ThreadSafe +public final class S2AGrpcChannelPool implements S2AChannelPool { + private static final int MAX_NUMBER_USERS_OF_CACHED_CHANNEL = 100000; + private final ObjectPool channelPool; + + @GuardedBy("this") + private @Nullable Channel cachedChannel; + + @GuardedBy("this") + private int numberOfUsersOfCachedChannel = 0; + + private enum State { + OPEN, + CLOSED, + } + + ; + + @GuardedBy("this") + private State state = State.OPEN; + + public static S2AChannelPool create(ObjectPool channelPool) { + checkNotNull(channelPool, "Channel pool should not be null."); + return new S2AGrpcChannelPool(channelPool); + } + + private S2AGrpcChannelPool(ObjectPool channelPool) { + this.channelPool = channelPool; + } + + /** + * Retrieves a channel from {@code channelPool} if {@code channel} is null, and returns {@code + * channel} otherwise. + * + * @return a {@link Channel} obtained from the channel pool. + */ + @Override + public synchronized Channel getChannel() { + checkState(state.equals(State.OPEN), "Channel pool is not open."); + checkState( + numberOfUsersOfCachedChannel >= 0, + "Number of users of cached channel must be non-negative."); + checkState( + numberOfUsersOfCachedChannel < MAX_NUMBER_USERS_OF_CACHED_CHANNEL, + "Max number of channels have been retrieved from the channel pool."); + if (cachedChannel == null) { + cachedChannel = channelPool.getObject(); + } + numberOfUsersOfCachedChannel += 1; + return cachedChannel; + } + + /** + * Returns {@code channel} to {@code channelPool}. + * + *

The caller must ensure that {@code channel} was retrieved from this channel pool. + */ + @Override + public synchronized void returnChannel(Channel channel) { + checkState(state.equals(State.OPEN), "Channel pool is not open."); + checkArgument( + cachedChannel != null && numberOfUsersOfCachedChannel > 0 && cachedChannel.equals(channel), + "Cannot return the channel to channel pool because the channel was not obtained from" + + " channel pool."); + numberOfUsersOfCachedChannel -= 1; + if (numberOfUsersOfCachedChannel == 0) { + channelPool.returnObject(channel); + cachedChannel = null; + } + } + + @Override + public synchronized void close() { + state = State.CLOSED; + numberOfUsersOfCachedChannel = 0; + if (cachedChannel != null) { + channelPool.returnObject(cachedChannel); + cachedChannel = null; + } + } +} \ No newline at end of file diff --git a/s2a/src/main/java/io/grpc/s2a/channel/S2AHandshakerServiceChannel.java b/s2a/src/main/java/io/grpc/s2a/channel/S2AHandshakerServiceChannel.java new file mode 100644 index 000000000000..75ec7347bb55 --- /dev/null +++ b/s2a/src/main/java/io/grpc/s2a/channel/S2AHandshakerServiceChannel.java @@ -0,0 +1,195 @@ +/* + * Copyright 2024 The gRPC Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.grpc.s2a.channel; + +import static com.google.common.base.Preconditions.checkNotNull; +import static java.util.concurrent.TimeUnit.SECONDS; + +import com.google.common.annotations.VisibleForTesting; +import com.google.common.collect.Maps; +import io.grpc.CallOptions; +import io.grpc.Channel; +import io.grpc.ChannelCredentials; +import io.grpc.ClientCall; +import io.grpc.ManagedChannel; +import io.grpc.MethodDescriptor; +import io.grpc.internal.SharedResourceHolder.Resource; +import io.grpc.netty.NettyChannelBuilder; +import io.netty.channel.EventLoopGroup; +import io.netty.channel.nio.NioEventLoopGroup; +import io.netty.channel.socket.nio.NioSocketChannel; +import io.netty.util.concurrent.DefaultThreadFactory; +import java.time.Duration; +import java.util.Optional; +import java.util.concurrent.ConcurrentMap; +import javax.annotation.concurrent.ThreadSafe; + +/** + * Provides APIs for managing gRPC channels to S2A servers. Each channel is local and plaintext. If + * credentials are provided, they are used to secure the channel. + * + *

This is done as follows: for each S2A server, provides an implementation of gRPC's {@link + * SharedResourceHolder.Resource} interface called a {@code Resource}. A {@code + * Resource} is a factory for creating gRPC channels to the S2A server at a given address, + * and a channel must be returned to the {@code Resource} when it is no longer needed. + * + *

Typical usage pattern is below: + * + * 

{@code
+ * Resource resource = S2AHandshakerServiceChannel.getChannelResource("localhost:1234",
+ * creds);
+ * Channel channel = resource.create();
+ * // Send an RPC over the channel to the S2A server running at localhost:1234.
+ * resource.close(channel);
+ * }
+ */ +@ThreadSafe +public final class S2AHandshakerServiceChannel { + private static final ConcurrentMap> SHARED_RESOURCE_CHANNELS = + Maps.newConcurrentMap(); + private static final Duration DELEGATE_TERMINATION_TIMEOUT = Duration.ofSeconds(2); + private static final Duration CHANNEL_SHUTDOWN_TIMEOUT = Duration.ofSeconds(10); + + /** + * Returns a {@link SharedResourceHolder.Resource} instance for managing channels to an S2A server + * running at {@code s2aAddress}. + * + * @param s2aAddress the address of the S2A, typically in the format {@code host:port}. + * @param s2aChannelCredentials the credentials to use when establishing a connection to the S2A. + * @return a {@link ChannelResource} instance that manages a {@link Channel} to the S2A server + * running at {@code s2aAddress}. + */ + public static Resource getChannelResource( + String s2aAddress, Optional s2aChannelCredentials) { + checkNotNull(s2aAddress); + return SHARED_RESOURCE_CHANNELS.computeIfAbsent( + s2aAddress, channelResource -> new ChannelResource(s2aAddress, s2aChannelCredentials)); + } + + /** + * Defines how to create and destroy a {@link Channel} instance that uses shared resources. A + * channel created by {@code ChannelResource} is a plaintext, local channel to the service running + * at {@code targetAddress}. + */ + private static class ChannelResource implements Resource { + private final String targetAddress; + private final Optional channelCredentials; + + public ChannelResource(String targetAddress, Optional channelCredentials) { + this.targetAddress = targetAddress; + this.channelCredentials = channelCredentials; + } + + /** + * Creates a {@code EventLoopHoldingChannel} instance to the service running at {@code + * targetAddress}. This channel uses a dedicated thread pool for its {@code EventLoopGroup} + * instance to avoid blocking. + */ + @Override + public Channel create() { + EventLoopGroup eventLoopGroup = + new NioEventLoopGroup(1, new DefaultThreadFactory("S2A channel pool", true)); + ManagedChannel channel = null; + if (channelCredentials.isPresent()) { + // Create a secure channel. + channel = + NettyChannelBuilder.forTarget(targetAddress, channelCredentials.get()) + .channelType(NioSocketChannel.class) + .directExecutor() + .eventLoopGroup(eventLoopGroup) + .build(); + } else { + // Create a plaintext channel. + channel = + NettyChannelBuilder.forTarget(targetAddress) + .channelType(NioSocketChannel.class) + .directExecutor() + .eventLoopGroup(eventLoopGroup) + .usePlaintext() + .build(); + } + return EventLoopHoldingChannel.create(channel, eventLoopGroup); + } + + /** Destroys a {@code EventLoopHoldingChannel} instance. */ + @Override + public void close(Channel instanceChannel) { + checkNotNull(instanceChannel); + EventLoopHoldingChannel channel = (EventLoopHoldingChannel) instanceChannel; + channel.close(); + } + + @Override + public String toString() { + return "grpc-s2a-channel"; + } + } + + /** + * Manages a channel using a {@link ManagedChannel} instance that belong to the {@code + * EventLoopGroup} thread pool. + */ + @VisibleForTesting + static class EventLoopHoldingChannel extends Channel { + private final ManagedChannel delegate; + private final EventLoopGroup eventLoopGroup; + + static EventLoopHoldingChannel create(ManagedChannel delegate, EventLoopGroup eventLoopGroup) { + checkNotNull(delegate); + checkNotNull(eventLoopGroup); + return new EventLoopHoldingChannel(delegate, eventLoopGroup); + } + + private EventLoopHoldingChannel(ManagedChannel delegate, EventLoopGroup eventLoopGroup) { + this.delegate = delegate; + this.eventLoopGroup = eventLoopGroup; + } + + /** + * Returns the address of the service to which the {@code delegate} channel connects, which is + * typically of the form {@code host:port}. + */ + @Override + public String authority() { + return delegate.authority(); + } + + /** Creates a {@link ClientCall} that invokes the operations in {@link MethodDescriptor}. */ + @Override + public ClientCall newCall( + MethodDescriptor methodDescriptor, CallOptions options) { + return delegate.newCall(methodDescriptor, options); + } + + @SuppressWarnings("FutureReturnValueIgnored") + public void close() { + delegate.shutdownNow(); + boolean isDelegateTerminated; + try { + isDelegateTerminated = + delegate.awaitTermination(DELEGATE_TERMINATION_TIMEOUT.getSeconds(), SECONDS); + } catch (InterruptedException e) { + isDelegateTerminated = false; + } + long quietPeriodSeconds = isDelegateTerminated ? 0 : 1; + eventLoopGroup.shutdownGracefully( + quietPeriodSeconds, CHANNEL_SHUTDOWN_TIMEOUT.getSeconds(), SECONDS); + } + } + + private S2AHandshakerServiceChannel() {} +} \ No newline at end of file diff --git a/s2a/src/main/java/io/grpc/s2a/handshaker/ConnectionIsClosedException.java b/s2a/src/main/java/io/grpc/s2a/handshaker/ConnectionIsClosedException.java new file mode 100644 index 000000000000..1f9b2d5a23af --- /dev/null +++ b/s2a/src/main/java/io/grpc/s2a/handshaker/ConnectionIsClosedException.java @@ -0,0 +1,27 @@ +/* + * Copyright 2024 The gRPC Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.grpc.s2a.handshaker; + +import java.io.IOException; + +/** Indicates that a connection has been closed. */ +@SuppressWarnings("serial") // This class is never serialized. +final class ConnectionIsClosedException extends IOException { + public ConnectionIsClosedException(String errorMessage) { + super(errorMessage); + } +} \ No newline at end of file diff --git a/s2a/src/main/java/io/grpc/s2a/handshaker/GetAuthenticationMechanisms.java b/s2a/src/main/java/io/grpc/s2a/handshaker/GetAuthenticationMechanisms.java new file mode 100644 index 000000000000..3b17a5ed322a --- /dev/null +++ b/s2a/src/main/java/io/grpc/s2a/handshaker/GetAuthenticationMechanisms.java @@ -0,0 +1,60 @@ +/* + * Copyright 2024 The gRPC Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.grpc.s2a.handshaker; + +import com.google.errorprone.annotations.Immutable; +import io.grpc.s2a.handshaker.S2AIdentity; +import io.grpc.s2a.handshaker.tokenmanager.AccessTokenManager; +import java.util.Optional; + +/** Retrieves the authentication mechanism for a given local identity. */ +@Immutable +final class GetAuthenticationMechanisms { + private static final Optional TOKEN_MANAGER = AccessTokenManager.create(); + + /** + * Retrieves the authentication mechanism for a given local identity. + * + * @param localIdentity the identity for which to fetch a token. + * @return an {@link AuthenticationMechanism} for the given local identity. + */ + static Optional getAuthMechanism(Optional localIdentity) { + Optional authMechanism = Optional.empty(); + if (!TOKEN_MANAGER.isPresent()) { + return Optional.empty(); + } + AccessTokenManager manager = TOKEN_MANAGER.get(); + // If no identity is provided, fetch the default access token and DO NOT attach an identity + // to the request. + if (!localIdentity.isPresent()) { + authMechanism = + Optional.of( + AuthenticationMechanism.newBuilder().setToken(manager.getDefaultToken()).build()); + } else { + // Fetch an access token for the provided identity. + authMechanism = + Optional.of( + AuthenticationMechanism.newBuilder() + .setIdentity(localIdentity.get().identity()) + .setToken(manager.getToken(localIdentity.get())) + .build()); + } + return authMechanism; + } + + private GetAuthenticationMechanisms() {} +} \ No newline at end of file diff --git a/s2a/src/main/java/io/grpc/s2a/handshaker/ProtoUtil.java b/s2a/src/main/java/io/grpc/s2a/handshaker/ProtoUtil.java new file mode 100644 index 000000000000..34cc4bbe7373 --- /dev/null +++ b/s2a/src/main/java/io/grpc/s2a/handshaker/ProtoUtil.java @@ -0,0 +1,72 @@ +/* + * Copyright 2024 The gRPC Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.grpc.s2a.handshaker; + +/** Converts proto messages to Netty strings. */ +final class ProtoUtil { + /** + * Converts {@link Ciphersuite} to its {@link String} representation. + * + * @param ciphersuite the {@link Ciphersuite} to be converted. + * @return a {@link String} representing the ciphersuite. + * @throws AssertionError if the {@link Ciphersuite} is not one of the supported ciphersuites. + */ + static String convertCiphersuite(Ciphersuite ciphersuite) { + switch (ciphersuite) { + case CIPHERSUITE_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: + return "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"; + case CIPHERSUITE_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: + return "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"; + case CIPHERSUITE_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: + return "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"; + case CIPHERSUITE_ECDHE_RSA_WITH_AES_128_GCM_SHA256: + return "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"; + case CIPHERSUITE_ECDHE_RSA_WITH_AES_256_GCM_SHA384: + return "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"; + case CIPHERSUITE_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: + return "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"; + default: + throw new AssertionError( + String.format("Ciphersuite %d is not supported.", ciphersuite.getNumber())); + } + } + + /** + * Converts a {@link TLSVersion} object to its {@link String} representation. + * + * @param tlsVersion the {@link TLSVersion} object to be converted. + * @return a {@link String} representation of the TLS version. + * @throws AssertionError if the {@code tlsVersion} is not one of the supported TLS versions. + */ + static String convertTlsProtocolVersion(TLSVersion tlsVersion) { + switch (tlsVersion) { + case TLS_VERSION_1_3: + return "TLSv1.3"; + case TLS_VERSION_1_2: + return "TLSv1.2"; + case TLS_VERSION_1_1: + return "TLSv1.1"; + case TLS_VERSION_1_0: + return "TLSv1"; + default: + throw new AssertionError( + String.format("TLS version %d is not supported.", tlsVersion.getNumber())); + } + } + + private ProtoUtil() {} +} \ No newline at end of file diff --git a/s2a/src/main/java/io/grpc/s2a/handshaker/S2AConnectionException.java b/s2a/src/main/java/io/grpc/s2a/handshaker/S2AConnectionException.java new file mode 100644 index 000000000000..d976308ad222 --- /dev/null +++ b/s2a/src/main/java/io/grpc/s2a/handshaker/S2AConnectionException.java @@ -0,0 +1,25 @@ +/* + * Copyright 2024 The gRPC Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.grpc.s2a.handshaker; + +/** Exception that denotes a runtime error that was encountered when talking to the S2A server. */ +@SuppressWarnings("serial") // This class is never serialized. +public class S2AConnectionException extends RuntimeException { + S2AConnectionException(String message) { + super(message); + } +} \ No newline at end of file diff --git a/s2a/src/main/java/io/grpc/s2a/handshaker/S2AIdentity.java b/s2a/src/main/java/io/grpc/s2a/handshaker/S2AIdentity.java new file mode 100644 index 000000000000..30957acd5219 --- /dev/null +++ b/s2a/src/main/java/io/grpc/s2a/handshaker/S2AIdentity.java @@ -0,0 +1,62 @@ +/* + * Copyright 2024 The gRPC Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.grpc.s2a.handshaker; + +import static com.google.common.base.Preconditions.checkNotNull; + +import com.google.errorprone.annotations.ThreadSafe; + +/** + * Stores an identity in such a way that it can be sent to the S2A handshaker service. The identity + * may be formatted as a SPIFFE ID or as a hostname. + */ +@ThreadSafe +public final class S2AIdentity { + private final Identity identity; + + /** Returns an {@link S2AIdentity} instance with SPIFFE ID set to {@code spiffeId}. */ + public static S2AIdentity fromSpiffeId(String spiffeId) { + checkNotNull(spiffeId); + return new S2AIdentity(Identity.newBuilder().setSpiffeId(spiffeId).build()); + } + + /** Returns an {@link S2AIdentity} instance with hostname set to {@code hostname}. */ + public static S2AIdentity fromHostname(String hostname) { + checkNotNull(hostname); + return new S2AIdentity(Identity.newBuilder().setHostname(hostname).build()); + } + + /** Returns an {@link S2AIdentity} instance with UID set to {@code uid}. */ + public static S2AIdentity fromUid(String uid) { + checkNotNull(uid); + return new S2AIdentity(Identity.newBuilder().setUid(uid).build()); + } + + /** Returns an {@link S2AIdentity} instance with {@code identity} set. */ + public static S2AIdentity fromIdentity(Identity identity) { + return new S2AIdentity(identity == null ? Identity.getDefaultInstance() : identity); + } + + private S2AIdentity(Identity identity) { + this.identity = identity; + } + + /** Returns the proto {@link Identity} representation of this identity instance. */ + public Identity identity() { + return identity; + } +} \ No newline at end of file diff --git a/s2a/src/main/java/io/grpc/s2a/handshaker/S2APrivateKeyMethod.java b/s2a/src/main/java/io/grpc/s2a/handshaker/S2APrivateKeyMethod.java new file mode 100644 index 000000000000..fb4908d99fc0 --- /dev/null +++ b/s2a/src/main/java/io/grpc/s2a/handshaker/S2APrivateKeyMethod.java @@ -0,0 +1,143 @@ +/* + * Copyright 2024 The gRPC Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.grpc.s2a.handshaker; + +import static com.google.common.base.Preconditions.checkArgument; +import static com.google.common.base.Preconditions.checkNotNull; + +import com.google.common.annotations.VisibleForTesting; +import com.google.common.collect.ImmutableMap; +import com.google.protobuf.ByteString; +import io.grpc.s2a.handshaker.S2AIdentity; +import io.netty.handler.ssl.OpenSslPrivateKeyMethod; +import java.io.IOException; +import java.util.Optional; +import javax.annotation.concurrent.NotThreadSafe; +import javax.net.ssl.SSLEngine; + +/** + * Handles requests on signing bytes with a private key designated by {@code stub}. + * + *

This is done by sending the to-be-signed bytes to an S2A server (designated by {@code stub}) + * and read the signature from the server. + * + *

OpenSSL libraries must be appropriately initialized before using this class. One possible way + * to initialize OpenSSL library is to call {@code + * GrpcSslContexts.configure(SslContextBuilder.forClient());}. + */ +@NotThreadSafe +final class S2APrivateKeyMethod implements OpenSslPrivateKeyMethod { + private final S2AStub stub; + private final Optional localIdentity; + private static final ImmutableMap + OPENSSL_TO_S2A_SIGNATURE_ALGORITHM_MAP = + ImmutableMap.of( + OpenSslPrivateKeyMethod.SSL_SIGN_RSA_PKCS1_SHA256, + SignatureAlgorithm.S2A_SSL_SIGN_RSA_PKCS1_SHA256, + OpenSslPrivateKeyMethod.SSL_SIGN_RSA_PKCS1_SHA384, + SignatureAlgorithm.S2A_SSL_SIGN_RSA_PKCS1_SHA384, + OpenSslPrivateKeyMethod.SSL_SIGN_RSA_PKCS1_SHA512, + SignatureAlgorithm.S2A_SSL_SIGN_RSA_PKCS1_SHA512, + OpenSslPrivateKeyMethod.SSL_SIGN_ECDSA_SECP256R1_SHA256, + SignatureAlgorithm.S2A_SSL_SIGN_ECDSA_SECP256R1_SHA256, + OpenSslPrivateKeyMethod.SSL_SIGN_ECDSA_SECP384R1_SHA384, + SignatureAlgorithm.S2A_SSL_SIGN_ECDSA_SECP384R1_SHA384, + OpenSslPrivateKeyMethod.SSL_SIGN_ECDSA_SECP521R1_SHA512, + SignatureAlgorithm.S2A_SSL_SIGN_ECDSA_SECP521R1_SHA512, + OpenSslPrivateKeyMethod.SSL_SIGN_RSA_PSS_RSAE_SHA256, + SignatureAlgorithm.S2A_SSL_SIGN_RSA_PSS_RSAE_SHA256, + OpenSslPrivateKeyMethod.SSL_SIGN_RSA_PSS_RSAE_SHA384, + SignatureAlgorithm.S2A_SSL_SIGN_RSA_PSS_RSAE_SHA384, + OpenSslPrivateKeyMethod.SSL_SIGN_RSA_PSS_RSAE_SHA512, + SignatureAlgorithm.S2A_SSL_SIGN_RSA_PSS_RSAE_SHA512); + + public static S2APrivateKeyMethod create(S2AStub stub, Optional localIdentity) { + checkNotNull(stub); + return new S2APrivateKeyMethod(stub, localIdentity); + } + + private S2APrivateKeyMethod(S2AStub stub, Optional localIdentity) { + this.stub = stub; + this.localIdentity = localIdentity; + } + + /** + * Converts the signature algorithm to an enum understood by S2A. + * + * @param signatureAlgorithm the int representation of the signature algorithm define by {@code + * OpenSslPrivateKeyMethod}. + * @return the signature algorithm enum defined by S2A proto. + * @throws UnsupportedOperationException if the algorithm is not supported by S2A. + */ + @VisibleForTesting + static SignatureAlgorithm convertOpenSslSignAlgToS2ASignAlg(int signatureAlgorithm) { + SignatureAlgorithm sig = OPENSSL_TO_S2A_SIGNATURE_ALGORITHM_MAP.get(signatureAlgorithm); + if (sig == null) { + throw new UnsupportedOperationException( + String.format("Signature Algorithm %d is not supported.", signatureAlgorithm)); + } + return sig; + } + + /** + * Signs the input bytes by sending the request to the S2A srever. + * + * @param engine not used. + * @param signatureAlgorithm the {@link OpenSslPrivateKeyMethod}'s signature algorithm + * representation + * @param input the bytes to be signed. + * @return the signature of the {@code input}. + * @throws IOException if the connection to the S2A server is corrupted. + * @throws InterruptedException if the connection to the S2A server is interrupted. + * @throws S2AConnectionException if the response from the S2A server does not contain valid data. + */ + @Override + public byte[] sign(SSLEngine engine, int signatureAlgorithm, byte[] input) + throws IOException, InterruptedException { + checkArgument(input.length > 0, "No bytes to sign."); + SignatureAlgorithm s2aSignatureAlgorithm = + convertOpenSslSignAlgToS2ASignAlg(signatureAlgorithm); + SessionReq.Builder reqBuilder = + SessionReq.newBuilder() + .setOffloadPrivateKeyOperationReq( + OffloadPrivateKeyOperationReq.newBuilder() + .setOperation(OffloadPrivateKeyOperationReq.PrivateKeyOperation.SIGN) + .setSignatureAlgorithm(s2aSignatureAlgorithm) + .setRawBytes(ByteString.copyFrom(input))); + if (localIdentity.isPresent()) { + reqBuilder.setLocalIdentity(localIdentity.get().identity()); + } + + SessionResp resp = stub.send(reqBuilder.build()); + + if (resp.hasStatus() && resp.getStatus().getCode() != 0) { + throw new S2AConnectionException( + String.format( + "Error occurred in response from S2A, error code: %d, error message: \"%s\".", + resp.getStatus().getCode(), resp.getStatus().getDetails())); + } + if (!resp.hasOffloadPrivateKeyOperationResp()) { + throw new S2AConnectionException("No valid response received from S2A."); + } + return resp.getOffloadPrivateKeyOperationResp().getOutBytes().toByteArray(); + } + + @Override + public byte[] decrypt(SSLEngine engine, byte[] input) { + throw new UnsupportedOperationException("decrypt is not supported."); + } +} \ No newline at end of file diff --git a/s2a/src/main/java/io/grpc/s2a/handshaker/S2AProtocolNegotiatorFactory.java b/s2a/src/main/java/io/grpc/s2a/handshaker/S2AProtocolNegotiatorFactory.java new file mode 100644 index 000000000000..7f00e198fae4 --- /dev/null +++ b/s2a/src/main/java/io/grpc/s2a/handshaker/S2AProtocolNegotiatorFactory.java @@ -0,0 +1,194 @@ +/* + * Copyright 2024 The gRPC Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.grpc.s2a.handshaker; + +import static com.google.common.base.Preconditions.checkNotNull; + +import com.google.common.annotations.VisibleForTesting; +import com.google.common.net.HostAndPort; +import com.google.errorprone.annotations.ThreadSafe; +import io.grpc.Channel; +import io.grpc.ChannelLogger; +import io.grpc.internal.ObjectPool; +import io.grpc.netty.GrpcHttp2ConnectionHandler; +import io.grpc.netty.InternalProtocolNegotiator; +import io.grpc.netty.InternalProtocolNegotiator.ProtocolNegotiator; +import io.grpc.netty.InternalProtocolNegotiators; +import io.grpc.netty.InternalProtocolNegotiators.ProtocolNegotiationHandler; +import io.grpc.s2a.channel.S2AChannelPool; +import io.grpc.s2a.channel.S2AGrpcChannelPool; +import io.grpc.s2a.handshaker.S2AIdentity; +import io.netty.channel.ChannelHandler; +import io.netty.channel.ChannelHandlerContext; +import io.netty.handler.ssl.SslContext; +import io.netty.util.AsciiString; +import java.io.IOException; +import java.security.GeneralSecurityException; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.UnrecoverableKeyException; +import java.security.cert.CertificateException; +import java.util.Optional; +import org.checkerframework.checker.nullness.qual.Nullable; + +/** Factory for performing negotiation of a secure channel using the S2A. */ +@ThreadSafe +public final class S2AProtocolNegotiatorFactory { + @VisibleForTesting static final int DEFAULT_PORT = 443; + private static final AsciiString SCHEME = AsciiString.of("https"); + + /** + * Creates a {@code S2AProtocolNegotiatorFactory} configured for a client to establish secure + * connections using the S2A. + * + * @param localIdentity the identity of the client; if none is provided, the S2A will use the + * client's default identity. + * @param s2aChannelPool a pool of shared channels that can be used to connect to the S2A. + * @return a factory for creating a client-side protocol negotiator. + */ + public static InternalProtocolNegotiator.ClientFactory createClientFactory( + Optional localIdentity, ObjectPool s2aChannelPool) { + checkNotNull(s2aChannelPool, "S2A channel pool should not be null."); + checkNotNull(localIdentity, "Local identity should not be null on the client side."); + S2AChannelPool channelPool = S2AGrpcChannelPool.create(s2aChannelPool); + return new S2AClientProtocolNegotiatorFactory(localIdentity, channelPool); + } + + static final class S2AClientProtocolNegotiatorFactory + implements InternalProtocolNegotiator.ClientFactory { + private final Optional localIdentity; + private final S2AChannelPool channelPool; + + S2AClientProtocolNegotiatorFactory( + Optional localIdentity, S2AChannelPool channelPool) { + this.localIdentity = localIdentity; + this.channelPool = channelPool; + } + + @Override + public ProtocolNegotiator newNegotiator() { + return S2AProtocolNegotiator.createForClient(channelPool, localIdentity); + } + + @Override + public int getDefaultPort() { + return DEFAULT_PORT; + } + } + + /** Negotiates the TLS handshake using S2A. */ + @VisibleForTesting + static final class S2AProtocolNegotiator implements ProtocolNegotiator { + + private final S2AChannelPool channelPool; + private final Optional localIdentity; + + static S2AProtocolNegotiator createForClient( + S2AChannelPool channelPool, Optional localIdentity) { + checkNotNull(channelPool, "Channel pool should not be null."); + checkNotNull(localIdentity, "Local identity should not be null on the client side."); + return new S2AProtocolNegotiator(channelPool, localIdentity); + } + + @VisibleForTesting + static @Nullable String getHostNameFromAuthority(@Nullable String authority) { + if (authority == null) { + return null; + } + return HostAndPort.fromString(authority).getHost(); + } + + private S2AProtocolNegotiator(S2AChannelPool channelPool, Optional localIdentity) { + this.channelPool = channelPool; + this.localIdentity = localIdentity; + } + + @Override + public AsciiString scheme() { + return SCHEME; + } + + @Override + public ChannelHandler newHandler(GrpcHttp2ConnectionHandler grpcHandler) { + checkNotNull(grpcHandler, "grpcHandler should not be null."); + String hostname = getHostNameFromAuthority(grpcHandler.getAuthority()); + checkNotNull(hostname, "hostname should not be null."); + return new S2AProtocolNegotiationHandler( + InternalProtocolNegotiators.grpcNegotiationHandler(grpcHandler), + grpcHandler.getNegotiationLogger(), + channelPool, + localIdentity, + hostname, + grpcHandler); + } + + @Override + public void close() { + channelPool.close(); + } + } + + private static final class S2AProtocolNegotiationHandler extends ProtocolNegotiationHandler { + private final S2AChannelPool channelPool; + private final Optional localIdentity; + private final String hostname; + private InternalProtocolNegotiator.ProtocolNegotiator negotiator; + private final GrpcHttp2ConnectionHandler grpcHandler; + + private S2AProtocolNegotiationHandler( + ChannelHandler next, + ChannelLogger negotiationLogger, + S2AChannelPool channelPool, + Optional localIdentity, + String hostname, + GrpcHttp2ConnectionHandler grpcHandler) { + super(next, negotiationLogger); + this.channelPool = channelPool; + this.localIdentity = localIdentity; + this.hostname = hostname; + this.grpcHandler = grpcHandler; + } + + @Override + protected void handlerAdded0(ChannelHandlerContext ctx) throws GeneralSecurityException { + SslContext sslContext; + try { + // Establish a stream to S2A server. + Channel ch = channelPool.getChannel(); + S2AServiceGrpc.S2AServiceStub stub = S2AServiceGrpc.newStub(ch); + S2AStub s2aStub = S2AStub.newInstance(stub); + sslContext = SslContextFactory.createForClient(s2aStub, hostname, localIdentity); + } catch (InterruptedException + | IOException + | IllegalArgumentException + | UnrecoverableKeyException + | CertificateException + | NoSuchAlgorithmException + | KeyStoreException e) { + // GeneralSecurityException is intentionally not caught, and rather propagated. This is done + // because throwing a GeneralSecurityException in this context indicates that we encountered + // a retryable error. + throw new IllegalArgumentException( + "Something went wrong during the initialization of SslContext.", e); + } + negotiator = InternalProtocolNegotiators.tls(sslContext); + ctx.pipeline().addBefore(ctx.name(), /* name= */ null, negotiator.newHandler(grpcHandler)); + } + } + + private S2AProtocolNegotiatorFactory() {} +} \ No newline at end of file diff --git a/s2a/src/main/java/io/grpc/s2a/handshaker/S2AStub.java b/s2a/src/main/java/io/grpc/s2a/handshaker/S2AStub.java new file mode 100644 index 000000000000..aa2502cd4fa4 --- /dev/null +++ b/s2a/src/main/java/io/grpc/s2a/handshaker/S2AStub.java @@ -0,0 +1,225 @@ +/* + * Copyright 2024 The gRPC Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.grpc.s2a.handshaker; + +import static com.google.common.base.Preconditions.checkArgument; +import static com.google.common.base.Preconditions.checkNotNull; +import static com.google.common.base.Verify.verify; +import static java.util.concurrent.TimeUnit.SECONDS; + +import com.google.common.annotations.VisibleForTesting; +import io.grpc.stub.StreamObserver; +import java.io.IOException; +import java.util.Optional; +import java.util.concurrent.ArrayBlockingQueue; +import java.util.concurrent.BlockingQueue; +import java.util.logging.Level; +import java.util.logging.Logger; +import javax.annotation.concurrent.NotThreadSafe; + +/** Reads and writes messages to and from the S2A. */ +@NotThreadSafe +class S2AStub implements AutoCloseable { + private static final Logger logger = Logger.getLogger(S2AStub.class.getName()); + private static final long HANDSHAKE_RPC_DEADLINE_SECS = 20; + private final StreamObserver reader = new Reader(); + private final BlockingQueue responses = new ArrayBlockingQueue<>(10); + private S2AServiceGrpc.S2AServiceStub serviceStub; + private StreamObserver writer; + private boolean doneReading = false; + private boolean doneWriting = false; + + static S2AStub newInstance(S2AServiceGrpc.S2AServiceStub serviceStub) { + checkNotNull(serviceStub); + return new S2AStub(serviceStub); + } + + @VisibleForTesting + static S2AStub newInstanceForTesting(StreamObserver writer) { + checkNotNull(writer); + return new S2AStub(writer); + } + + private S2AStub(S2AServiceGrpc.S2AServiceStub serviceStub) { + this.serviceStub = serviceStub; + } + + private S2AStub(StreamObserver writer) { + this.writer = writer; + } + + @VisibleForTesting + StreamObserver getReader() { + return reader; + } + + @VisibleForTesting + BlockingQueue getResponses() { + return responses; + } + + /** + * Sends a request and returns the response. Caller must wait until this method executes prior to + * calling it again. If this method throws {@code ConnectionIsClosedException}, then it should not + * be called again, and both {@code reader} and {@code writer} are closed. + * + * @param req the {@code SessionReq} message to be sent to the S2A server. + * @return the {@code SessionResp} message received from the S2A server. + * @throws ConnectionIsClosedException if {@code reader} or {@code writer} calls their {@code + * onCompleted} method. + * @throws IOException if an unexpected response is received, or if the {@code reader} or {@code + * writer} calls their {@code onError} method. + */ + public SessionResp send(SessionReq req) throws IOException, InterruptedException { + if (doneWriting && doneReading) { + logger.log(Level.INFO, "Stream to the S2A is closed."); + throw new ConnectionIsClosedException("Stream to the S2A is closed."); + } + createWriterIfNull(); + if (!responses.isEmpty()) { + IOException exception = null; + SessionResp resp = null; + try { + resp = responses.take().getResultOrThrow(); + } catch (IOException e) { + exception = e; + } + responses.clear(); + if (exception != null) { + logger.log( + Level.WARNING, + "Received an unexpected response from a host at the S2A's address. The S2A might be" + + " unavailable. " + + exception.getMessage()); + throw new IOException( + "Received an unexpected response from a host at the S2A's address. The S2A might be" + + " unavailable." + + exception.getMessage()); + } + return resp; + } + try { + writer.onNext(req); + } catch (RuntimeException e) { + logger.log(Level.WARNING, "Error occurred while writing to the S2A.", e); + writer.onError(e); + responses.offer(Result.createWithThrowable(e)); + } + try { + return responses.take().getResultOrThrow(); + } catch (ConnectionIsClosedException e) { + // A ConnectionIsClosedException is thrown by getResultOrThrow when reader calls its + // onCompleted method. The close method is called to also close the writer, and then the + // ConnectionIsClosedException is re-thrown in order to indicate to the caller that send + // should not be called again. + close(); + throw e; + } + } + + @Override + public void close() { + if (doneWriting && doneReading) { + return; + } + verify(!doneWriting); + doneReading = true; + doneWriting = true; + if (writer != null) { + writer.onCompleted(); + } + } + + /** Create a new writer if the writer is null. */ + private void createWriterIfNull() { + if (writer == null) { + writer = + serviceStub.withDeadlineAfter(HANDSHAKE_RPC_DEADLINE_SECS, SECONDS).setUpSession(reader); + } + } + + private class Reader implements StreamObserver { + /** + * Places a {@code SessionResp} message in the {@code responses} queue, or an {@code + * IOException} if reading is complete. + * + * @param resp the {@code SessionResp} message received from the S2A handshaker module. + */ + @Override + public void onNext(SessionResp resp) { + verify(!doneReading); + responses.offer(Result.createWithResponse(resp)); + } + + /** + * Places a {@code Throwable} in the {@code responses} queue. + * + * @param t the {@code Throwable} caught when reading the stream to the S2A handshaker module. + */ + @Override + public void onError(Throwable t) { + logger.log(Level.WARNING, "Error occurred while reading from the S2A.", t); + responses.offer(Result.createWithThrowable(t)); + } + + /** + * Sets {@code doneReading} to true, and places a {@code ConnectionIsClosedException} in the + * {@code responses} queue. + */ + @Override + public void onCompleted() { + logger.log(Level.INFO, "Reading from the S2A is complete."); + doneReading = true; + responses.offer( + Result.createWithThrowable( + new ConnectionIsClosedException("Reading from the S2A is complete."))); + } + } + + private static final class Result { + private final Optional response; + private final Optional throwable; + + static Result createWithResponse(SessionResp response) { + return new Result(Optional.of(response), Optional.empty()); + } + + static Result createWithThrowable(Throwable throwable) { + return new Result(Optional.empty(), Optional.of(throwable)); + } + + private Result(Optional response, Optional throwable) { + checkArgument(response.isPresent() != throwable.isPresent()); + this.response = response; + this.throwable = throwable; + } + + /** Throws {@code throwable} if present, and returns {@code response} otherwise. */ + SessionResp getResultOrThrow() throws IOException { + if (throwable.isPresent()) { + if (throwable.get() instanceof ConnectionIsClosedException) { + ConnectionIsClosedException exception = (ConnectionIsClosedException) throwable.get(); + throw exception; + } else { + throw new IOException(throwable.get()); + } + } + verify(response.isPresent()); + return response.get(); + } + } +} \ No newline at end of file diff --git a/s2a/src/main/java/io/grpc/s2a/handshaker/S2ATrustManager.java b/s2a/src/main/java/io/grpc/s2a/handshaker/S2ATrustManager.java new file mode 100644 index 000000000000..992628c30bea --- /dev/null +++ b/s2a/src/main/java/io/grpc/s2a/handshaker/S2ATrustManager.java @@ -0,0 +1,152 @@ +/* + * Copyright 2024 The gRPC Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.grpc.s2a.handshaker; + +import static com.google.common.base.Preconditions.checkArgument; +import static com.google.common.base.Preconditions.checkNotNull; + +import com.google.common.collect.ImmutableList; +import com.google.protobuf.ByteString; +import io.grpc.s2a.handshaker.S2AIdentity; +import io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.VerificationMode; +import java.io.IOException; +import java.security.cert.CertificateEncodingException; +import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; +import java.util.Optional; +import javax.annotation.concurrent.NotThreadSafe; +import javax.net.ssl.X509TrustManager; +import org.checkerframework.checker.nullness.qual.Nullable; + +/** Handles requests on verification of peer's certificates. */ +@NotThreadSafe +final class S2ATrustManager implements X509TrustManager { + private final Optional localIdentity; + private final S2AStub stub; + private final String hostname; + + static S2ATrustManager createForClient( + S2AStub stub, String hostname, Optional localIdentity) { + checkNotNull(stub); + checkNotNull(hostname); + return new S2ATrustManager(stub, hostname, localIdentity); + } + + private S2ATrustManager(S2AStub stub, String hostname, Optional localIdentity) { + this.stub = stub; + this.hostname = hostname; + this.localIdentity = localIdentity; + } + + /** + * Validates the given certificate chain provided by the peer. + * + * @param chain the peer certificate chain + * @param authType the authentication type based on the client certificate + * @throws IllegalArgumentException if null or zero-length chain is passed in for the chain + * parameter. + * @throws CertificateException if the certificate chain is not trusted by this TrustManager. + */ + @Override + public void checkClientTrusted(X509Certificate[] chain, String authType) + throws CertificateException { + checkPeerTrusted(chain, /* isCheckingClientCertificateChain= */ true); + } + + /** + * Validates the given certificate chain provided by the peer. + * + * @param chain the peer certificate chain + * @param authType the authentication type based on the client certificate + * @throws IllegalArgumentException if null or zero-length chain is passed in for the chain + * parameter. + * @throws CertificateException if the certificate chain is not trusted by this TrustManager. + */ + @Override + public void checkServerTrusted(X509Certificate[] chain, String authType) + throws CertificateException { + checkPeerTrusted(chain, /* isCheckingClientCertificateChain= */ false); + } + + /** + * Returns null because the accepted issuers are held in S2A and this class receives decision made + * from S2A on the fly about which to use to verify a given chain. + * + * @return null. + */ + @Override + public X509Certificate @Nullable [] getAcceptedIssuers() { + return null; + } + + private void checkPeerTrusted(X509Certificate[] chain, boolean isCheckingClientCertificateChain) + throws CertificateException { + checkNotNull(chain); + checkArgument(chain.length > 0, "Certificate chain has zero certificates."); + + ValidatePeerCertificateChainReq.Builder validatePeerCertificateChainReq = + ValidatePeerCertificateChainReq.newBuilder().setMode(VerificationMode.UNSPECIFIED); + if (isCheckingClientCertificateChain) { + validatePeerCertificateChainReq.setClientPeer( + ValidatePeerCertificateChainReq.ClientPeer.newBuilder() + .addAllCertificateChain(certificateChainToDerChain(chain))); + } else { + validatePeerCertificateChainReq.setServerPeer( + ValidatePeerCertificateChainReq.ServerPeer.newBuilder() + .addAllCertificateChain(certificateChainToDerChain(chain)) + .setServerHostname(hostname)); + } + + SessionReq.Builder reqBuilder = + SessionReq.newBuilder().setValidatePeerCertificateChainReq(validatePeerCertificateChainReq); + if (localIdentity.isPresent()) { + reqBuilder.setLocalIdentity(localIdentity.get().identity()); + } + + SessionResp resp; + try { + resp = stub.send(reqBuilder.build()); + } catch (IOException | InterruptedException e) { + throw new CertificateException("Failed to send request to S2A.", e); + } + if (resp.hasStatus() && resp.getStatus().getCode() != 0) { + throw new CertificateException( + String.format( + "Error occurred in response from S2A, error code: %d, error message: %s.", + resp.getStatus().getCode(), resp.getStatus().getDetails())); + } + + if (!resp.hasValidatePeerCertificateChainResp()) { + throw new CertificateException("No valid response received from S2A."); + } + + ValidatePeerCertificateChainResp validationResult = resp.getValidatePeerCertificateChainResp(); + if (validationResult.getValidationResult() + != ValidatePeerCertificateChainResp.ValidationResult.SUCCESS) { + throw new CertificateException(validationResult.getValidationDetails()); + } + } + + private static ImmutableList certificateChainToDerChain(X509Certificate[] chain) + throws CertificateEncodingException { + ImmutableList.Builder derChain = ImmutableList.builder(); + for (X509Certificate certificate : chain) { + derChain.add(ByteString.copyFrom(certificate.getEncoded())); + } + return derChain.build(); + } +} \ No newline at end of file diff --git a/s2a/src/main/java/io/grpc/s2a/handshaker/SslContextFactory.java b/s2a/src/main/java/io/grpc/s2a/handshaker/SslContextFactory.java new file mode 100644 index 000000000000..bfa45146625f --- /dev/null +++ b/s2a/src/main/java/io/grpc/s2a/handshaker/SslContextFactory.java @@ -0,0 +1,179 @@ +/* + * Copyright 2024 The gRPC Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.grpc.s2a.handshaker; + +import static com.google.common.base.Preconditions.checkNotNull; +import static java.nio.charset.StandardCharsets.UTF_8; + +import com.google.common.collect.ImmutableList; +import io.grpc.netty.GrpcSslContexts; +import io.grpc.s2a.handshaker.S2AIdentity; +import io.netty.handler.ssl.OpenSslContextOption; +import io.netty.handler.ssl.OpenSslSessionContext; +import io.netty.handler.ssl.OpenSslX509KeyManagerFactory; +import io.netty.handler.ssl.SslContext; +import io.netty.handler.ssl.SslContextBuilder; +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.security.GeneralSecurityException; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.UnrecoverableKeyException; +import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; +import java.security.cert.X509Certificate; +import java.util.Optional; +import javax.net.ssl.KeyManager; +import javax.net.ssl.SSLSessionContext; + +/** Creates {@link SslContext} objects with TLS configurations from S2A server. */ +final class SslContextFactory { + + /** + * Creates {@link SslContext} objects for client with TLS configurations from S2A server. + * + * @param stub the {@link S2AStub} to talk to the S2A server. + * @param targetName the {@link String} of the server that this client makes connection to. + * @param localIdentity the {@link S2AIdentity} that should be used when talking to S2A server. + * Will use default identity if empty. + * @return a {@link SslContext} object. + * @throws NullPointerException if either {@code stub} or {@code targetName} is null. + * @throws IOException if an unexpected response from S2A server is received. + * @throws InterruptedException if {@code stub} is closed. + */ + static SslContext createForClient( + S2AStub stub, String targetName, Optional localIdentity) + throws IOException, + InterruptedException, + CertificateException, + KeyStoreException, + NoSuchAlgorithmException, + UnrecoverableKeyException, + GeneralSecurityException { + checkNotNull(stub, "stub should not be null."); + checkNotNull(targetName, "targetName should not be null on client side."); + GetTlsConfigurationResp.ClientTlsConfiguration clientTlsConfiguration; + try { + clientTlsConfiguration = getClientTlsConfigurationFromS2A(stub, localIdentity); + } catch (IOException | InterruptedException e) { + throw new GeneralSecurityException("Failed to get client TLS configuration from S2A.", e); + } + + // Use the default value for timeout. + // Use the smallest possible value for cache size. + // The Provider is by default OPENSSL. No need to manually set it. + SslContextBuilder sslContextBuilder = + GrpcSslContexts.configure(SslContextBuilder.forClient()) + .sessionCacheSize(1) + .sessionTimeout(0); + + configureSslContextWithClientTlsConfiguration(clientTlsConfiguration, sslContextBuilder); + sslContextBuilder.trustManager( + S2ATrustManager.createForClient(stub, targetName, localIdentity)); + sslContextBuilder.option( + OpenSslContextOption.PRIVATE_KEY_METHOD, S2APrivateKeyMethod.create(stub, localIdentity)); + + SslContext sslContext = sslContextBuilder.build(); + SSLSessionContext sslSessionContext = sslContext.sessionContext(); + if (sslSessionContext instanceof OpenSslSessionContext) { + OpenSslSessionContext openSslSessionContext = (OpenSslSessionContext) sslSessionContext; + openSslSessionContext.setSessionCacheEnabled(false); + } + + return sslContext; + } + + private static GetTlsConfigurationResp.ClientTlsConfiguration getClientTlsConfigurationFromS2A( + S2AStub stub, Optional localIdentity) throws IOException, InterruptedException { + checkNotNull(stub, "stub should not be null."); + SessionReq.Builder reqBuilder = SessionReq.newBuilder(); + if (localIdentity.isPresent()) { + reqBuilder.setLocalIdentity(localIdentity.get().identity()); + } + Optional authMechanism = + GetAuthenticationMechanisms.getAuthMechanism(localIdentity); + if (authMechanism.isPresent()) { + reqBuilder.addAuthenticationMechanisms(authMechanism.get()); + } + SessionResp resp = + stub.send( + reqBuilder + .setGetTlsConfigurationReq( + GetTlsConfigurationReq.newBuilder() + .setConnectionSide(ConnectionSide.CONNECTION_SIDE_CLIENT)) + .build()); + if (resp.hasStatus() && resp.getStatus().getCode() != 0) { + throw new S2AConnectionException( + String.format( + "response from S2A server has ean error %d with error message %s.", + resp.getStatus().getCode(), resp.getStatus().getDetails())); + } + if (!resp.getGetTlsConfigurationResp().hasClientTlsConfiguration()) { + throw new S2AConnectionException( + "Response from S2A server does NOT contain ClientTlsConfiguration."); + } + return resp.getGetTlsConfigurationResp().getClientTlsConfiguration(); + } + + private static void configureSslContextWithClientTlsConfiguration( + GetTlsConfigurationResp.ClientTlsConfiguration clientTlsConfiguration, + SslContextBuilder sslContextBuilder) + throws CertificateException, + IOException, + KeyStoreException, + NoSuchAlgorithmException, + UnrecoverableKeyException { + sslContextBuilder.keyManager(createKeylessManager(clientTlsConfiguration)); + sslContextBuilder.protocols( + ProtoUtil.convertTlsProtocolVersion(clientTlsConfiguration.getMinTlsVersion()), + ProtoUtil.convertTlsProtocolVersion(clientTlsConfiguration.getMaxTlsVersion())); + ImmutableList.Builder ciphersuites = ImmutableList.builder(); + for (int i = 0; i < clientTlsConfiguration.getCiphersuitesCount(); ++i) { + ciphersuites.add(ProtoUtil.convertCiphersuite(clientTlsConfiguration.getCiphersuites(i))); + } + sslContextBuilder.ciphers(ciphersuites.build()); + } + + private static KeyManager createKeylessManager( + GetTlsConfigurationResp.ClientTlsConfiguration clientTlsConfiguration) + throws CertificateException, + IOException, + KeyStoreException, + NoSuchAlgorithmException, + UnrecoverableKeyException { + X509Certificate[] certificates = + new X509Certificate[clientTlsConfiguration.getCertificateChainCount()]; + for (int i = 0; i < clientTlsConfiguration.getCertificateChainCount(); ++i) { + certificates[i] = convertStringToX509Cert(clientTlsConfiguration.getCertificateChain(i)); + } + KeyManager[] keyManagers = + OpenSslX509KeyManagerFactory.newKeyless(certificates).getKeyManagers(); + if (keyManagers == null || keyManagers.length == 0) { + throw new IllegalStateException("No key managers created."); + } + return keyManagers[0]; + } + + private static X509Certificate convertStringToX509Cert(String certificate) + throws CertificateException { + return (X509Certificate) + CertificateFactory.getInstance("X509") + .generateCertificate(new ByteArrayInputStream(certificate.getBytes(UTF_8))); + } + + private SslContextFactory() {} +} \ No newline at end of file diff --git a/s2a/src/main/java/io/grpc/s2a/handshaker/tokenmanager/AccessTokenManager.java b/s2a/src/main/java/io/grpc/s2a/handshaker/tokenmanager/AccessTokenManager.java new file mode 100644 index 000000000000..94549d11c871 --- /dev/null +++ b/s2a/src/main/java/io/grpc/s2a/handshaker/tokenmanager/AccessTokenManager.java @@ -0,0 +1,61 @@ +/* + * Copyright 2024 The gRPC Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.grpc.s2a.handshaker.tokenmanager; + +import io.grpc.s2a.handshaker.S2AIdentity; +import java.lang.reflect.Method; +import java.util.Optional; +import javax.annotation.concurrent.ThreadSafe; + +/** Manages access tokens for authenticating to the S2A. */ +@ThreadSafe +public final class AccessTokenManager { + private final TokenFetcher tokenFetcher; + + /** Creates an {@code AccessTokenManager} based on the environment where the application runs. */ + @SuppressWarnings("RethrowReflectiveOperationExceptionAsLinkageError") + public static Optional create() { + Optional tokenFetcher; + try { + Class singleTokenFetcherClass = + Class.forName("io.grpc.s2a.handshaker.tokenmanager.SingleTokenFetcher"); + Method createTokenFetcher = singleTokenFetcherClass.getMethod("create"); + tokenFetcher = (Optional) createTokenFetcher.invoke(null); + } catch (ClassNotFoundException e) { + tokenFetcher = Optional.empty(); + } catch (ReflectiveOperationException e) { + throw new AssertionError(e); + } + return tokenFetcher.isPresent() + ? Optional.of(new AccessTokenManager((TokenFetcher) tokenFetcher.get())) + : Optional.empty(); + } + + private AccessTokenManager(TokenFetcher tokenFetcher) { + this.tokenFetcher = tokenFetcher; + } + + /** Returns an access token when no identity is specified. */ + public String getDefaultToken() { + return tokenFetcher.getDefaultToken(); + } + + /** Returns an access token for the given identity. */ + public String getToken(S2AIdentity identity) { + return tokenFetcher.getToken(identity); + } +} \ No newline at end of file diff --git a/s2a/src/main/java/io/grpc/s2a/handshaker/tokenmanager/SingleTokenFetcher.java b/s2a/src/main/java/io/grpc/s2a/handshaker/tokenmanager/SingleTokenFetcher.java new file mode 100644 index 000000000000..3b2bd051e84b --- /dev/null +++ b/s2a/src/main/java/io/grpc/s2a/handshaker/tokenmanager/SingleTokenFetcher.java @@ -0,0 +1,64 @@ +/* + * Copyright 2024 The gRPC Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.grpc.s2a.handshaker.tokenmanager; + +import com.beust.jcommander.Parameter; +import com.beust.jcommander.Parameters; +import io.grpc.s2a.handshaker.S2AIdentity; +import java.util.Optional; + +/** Fetches a single access token via an environment variable. */ +public final class SingleTokenFetcher implements TokenFetcher { + private static final String ENVIRONMENT_VARIABLE = "S2A_ACCESS_TOKEN"; + + /** Set an access token via a flag. */ + @Parameters(separators = "=") + public static class Flags { + @Parameter( + names = "--s2a_access_token", + description = "The access token used to authenticate to S2A.") + private static String accessToken = System.getenv(ENVIRONMENT_VARIABLE); + + public synchronized void reset() { + accessToken = null; + } + } + + private final String token; + + /** + * Creates a {@code SingleTokenFetcher} from {@code ENVIRONMENT_VARIABLE}, and returns an empty + * {@code Optional} instance if the token could not be fetched. + */ + public static Optional create() { + return Optional.ofNullable(Flags.accessToken).map(SingleTokenFetcher::new); + } + + private SingleTokenFetcher(String token) { + this.token = token; + } + + @Override + public String getDefaultToken() { + return token; + } + + @Override + public String getToken(S2AIdentity identity) { + return token; + } +} \ No newline at end of file diff --git a/s2a/src/main/java/io/grpc/s2a/handshaker/tokenmanager/TokenFetcher.java b/s2a/src/main/java/io/grpc/s2a/handshaker/tokenmanager/TokenFetcher.java new file mode 100644 index 000000000000..9eeddaad8448 --- /dev/null +++ b/s2a/src/main/java/io/grpc/s2a/handshaker/tokenmanager/TokenFetcher.java @@ -0,0 +1,28 @@ +/* + * Copyright 2024 The gRPC Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.grpc.s2a.handshaker.tokenmanager; + +import io.grpc.s2a.handshaker.S2AIdentity; + +/** Fetches tokens used to authenticate to S2A. */ +interface TokenFetcher { + /** Returns an access token when no identity is specified. */ + String getDefaultToken(); + + /** Returns an access token for the given identity. */ + String getToken(S2AIdentity identity); +} \ No newline at end of file diff --git a/s2a/src/main/proto/grpc/gcp/common.proto b/s2a/src/main/proto/grpc/gcp/common.proto new file mode 100644 index 000000000000..d1df0d115323 --- /dev/null +++ b/s2a/src/main/proto/grpc/gcp/common.proto @@ -0,0 +1,79 @@ +// Copyright 2022 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package grpc.gcp; + +option java_multiple_files = true; +option java_outer_classname = "CommonProto"; +option java_package = "io.grpc.s2a.handshaker"; + +// The TLS 1.0-1.2 ciphersuites that the application can negotiate when using +// S2A. +enum Ciphersuite { + CIPHERSUITE_UNSPECIFIED = 0; + CIPHERSUITE_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 1; + CIPHERSUITE_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 2; + CIPHERSUITE_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = 3; + CIPHERSUITE_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 4; + CIPHERSUITE_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 5; + CIPHERSUITE_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 6; +} + +// The TLS versions supported by S2A's handshaker module. +enum TLSVersion { + TLS_VERSION_UNSPECIFIED = 0; + TLS_VERSION_1_0 = 1; + TLS_VERSION_1_1 = 2; + TLS_VERSION_1_2 = 3; + TLS_VERSION_1_3 = 4; +} + +// The side in the TLS connection. +enum ConnectionSide { + CONNECTION_SIDE_UNSPECIFIED = 0; + CONNECTION_SIDE_CLIENT = 1; + CONNECTION_SIDE_SERVER = 2; +} + +// The ALPN protocols that the application can negotiate during a TLS handshake. +enum AlpnProtocol { + ALPN_PROTOCOL_UNSPECIFIED = 0; + ALPN_PROTOCOL_GRPC = 1; + ALPN_PROTOCOL_HTTP2 = 2; + ALPN_PROTOCOL_HTTP1_1 = 3; +} + +message Identity { + oneof identity_oneof { + // The SPIFFE ID of a connection endpoint. + string spiffe_id = 1; + + // The hostname of a connection endpoint. + string hostname = 2; + + // The UID of a connection endpoint. + string uid = 4; + + // The MDB username of a connection endpoint. + string mdb_username = 5; + + // The Gaia ID of a connection endpoint. + string gaia_id = 6; + } + + // Additional identity-specific attributes. + map attributes = 3; +} diff --git a/s2a/src/main/proto/grpc/gcp/s2a.proto b/s2a/src/main/proto/grpc/gcp/s2a.proto new file mode 100644 index 000000000000..1a05b546ebbd --- /dev/null +++ b/s2a/src/main/proto/grpc/gcp/s2a.proto @@ -0,0 +1,369 @@ +// Copyright 2024 The gRPC Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// The canonical version of this proto can be found at +// https://github.com/grpc/grpc-proto/blob/master/grpc/gcp/s2a/s2a.proto + +syntax = "proto3"; + +package grpc.gcp; + +import "grpc/gcp/common.proto"; +import "grpc/gcp/s2a_context.proto"; + +option java_multiple_files = true; +option java_outer_classname = "S2AProto"; +option java_package = "io.grpc.s2a.handshaker"; + +enum SignatureAlgorithm { + S2A_SSL_SIGN_UNSPECIFIED = 0; + // RSA Public-Key Cryptography Standards #1. + S2A_SSL_SIGN_RSA_PKCS1_SHA256 = 1; + S2A_SSL_SIGN_RSA_PKCS1_SHA384 = 2; + S2A_SSL_SIGN_RSA_PKCS1_SHA512 = 3; + // ECDSA. + S2A_SSL_SIGN_ECDSA_SECP256R1_SHA256 = 4; + S2A_SSL_SIGN_ECDSA_SECP384R1_SHA384 = 5; + S2A_SSL_SIGN_ECDSA_SECP521R1_SHA512 = 6; + // RSA Probabilistic Signature Scheme. + S2A_SSL_SIGN_RSA_PSS_RSAE_SHA256 = 7; + S2A_SSL_SIGN_RSA_PSS_RSAE_SHA384 = 8; + S2A_SSL_SIGN_RSA_PSS_RSAE_SHA512 = 9; + // ED25519. + S2A_SSL_SIGN_ED25519 = 10; +} + +message AlpnPolicy { + // If true, the application MUST perform ALPN negotiation. + bool enable_alpn_negotiation = 1; + + // The ordered list of ALPN protocols that specify how the application SHOULD + // negotiate ALPN during the TLS handshake. + // + // The application MAY ignore any ALPN protocols in this list that are not + // supported by the application. + repeated AlpnProtocol alpn_protocols = 2; +} + +message AuthenticationMechanism { + // Applications may specify an identity associated to an authentication + // mechanism. Otherwise, S2A assumes that the authentication mechanism is + // associated with the default identity. If the default identity cannot be + // determined, the request is rejected. + Identity identity = 1; + + oneof mechanism_oneof { + // A token that the application uses to authenticate itself to S2A. + string token = 2; + } +} + +message Status { + // The status code that is specific to the application and the implementation + // of S2A, e.g., gRPC status code. + uint32 code = 1; + + // The status details. + string details = 2; +} + +message GetTlsConfigurationReq { + // The role of the application in the TLS connection. + ConnectionSide connection_side = 1; + + // The server name indication (SNI) extension, which MAY be populated when a + // server is offloading to S2A. The SNI is used to determine the server + // identity if the local identity in the request is empty. + string sni = 2; +} + +message GetTlsConfigurationResp { + // Next ID: 8 + message ClientTlsConfiguration { + reserved 4, 5; + + // The certificate chain that the client MUST use for the TLS handshake. + // It's a list of PEM-encoded certificates, ordered from leaf to root, + // excluding the root. + repeated string certificate_chain = 1; + + // The minimum TLS version number that the client MUST use for the TLS + // handshake. If this field is not provided, the client MUST use the default + // minimum version of the client's TLS library. + TLSVersion min_tls_version = 2; + + // The maximum TLS version number that the client MUST use for the TLS + // handshake. If this field is not provided, the client MUST use the default + // maximum version of the client's TLS library. + TLSVersion max_tls_version = 3; + + // The ordered list of TLS 1.0-1.2 ciphersuites that the client MAY offer to + // negotiate in the TLS handshake. + repeated Ciphersuite ciphersuites = 6; + + // The policy that dictates how the client negotiates ALPN during the TLS + // handshake. + AlpnPolicy alpn_policy = 7; + } + + // Next ID: 12 + message ServerTlsConfiguration { + reserved 4, 5; + + enum RequestClientCertificate { + UNSPECIFIED = 0; + DONT_REQUEST_CLIENT_CERTIFICATE = 1; + REQUEST_CLIENT_CERTIFICATE_BUT_DONT_VERIFY = 2; + REQUEST_CLIENT_CERTIFICATE_AND_VERIFY = 3; + REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_BUT_DONT_VERIFY = 4; + REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY = 5; + } + + // The certificate chain that the server MUST use for the TLS handshake. + // It's a list of PEM-encoded certificates, ordered from leaf to root, + // excluding the root. + repeated string certificate_chain = 1; + + // The minimum TLS version number that the server MUST use for the TLS + // handshake. If this field is not provided, the server MUST use the default + // minimum version of the server's TLS library. + TLSVersion min_tls_version = 2; + + // The maximum TLS version number that the server MUST use for the TLS + // handshake. If this field is not provided, the server MUST use the default + // maximum version of the server's TLS library. + TLSVersion max_tls_version = 3; + + // The ordered list of TLS 1.0-1.2 ciphersuites that the server MAY offer to + // negotiate in the TLS handshake. + repeated Ciphersuite ciphersuites = 10; + + // Whether to enable TLS resumption. + bool tls_resumption_enabled = 6; + + // Whether the server MUST request a client certificate (i.e. to negotiate + // TLS vs. mTLS). + RequestClientCertificate request_client_certificate = 7; + + // Returns the maximum number of extra bytes that + // |OffloadResumptionKeyOperation| can add to the number of unencrypted + // bytes to form the encrypted bytes. + uint32 max_overhead_of_ticket_aead = 9; + + // The policy that dictates how the server negotiates ALPN during the TLS + // handshake. + AlpnPolicy alpn_policy = 11; + } + + oneof tls_configuration { + ClientTlsConfiguration client_tls_configuration = 1; + ServerTlsConfiguration server_tls_configuration = 2; + } +} + +message OffloadPrivateKeyOperationReq { + enum PrivateKeyOperation { + UNSPECIFIED = 0; + // When performing a TLS 1.2 or 1.3 handshake, the (partial) transcript of + // the TLS handshake must be signed to prove possession of the private key. + // + // See https://www.rfc-editor.org/rfc/rfc8446.html#section-4.4.3. + SIGN = 1; + // When performing a TLS 1.2 handshake using an RSA algorithm, the key + // exchange algorithm involves the client generating a premaster secret, + // encrypting it using the server's public key, and sending this encrypted + // blob to the server in a ClientKeyExchange message. + // + // See https://www.rfc-editor.org/rfc/rfc4346#section-7.4.7.1. + DECRYPT = 2; + } + + // The operation the private key is used for. + PrivateKeyOperation operation = 1; + + // The signature algorithm to be used for signing operations. + SignatureAlgorithm signature_algorithm = 2; + + // The input bytes to be signed or decrypted. + oneof in_bytes { + // Raw bytes to be hashed and signed, or decrypted. + bytes raw_bytes = 4; + // A SHA256 hash to be signed. Must be 32 bytes. + bytes sha256_digest = 5; + // A SHA384 hash to be signed. Must be 48 bytes. + bytes sha384_digest = 6; + // A SHA512 hash to be signed. Must be 64 bytes. + bytes sha512_digest = 7; + } +} + +message OffloadPrivateKeyOperationResp { + // The signed or decrypted output bytes. + bytes out_bytes = 1; +} + +message OffloadResumptionKeyOperationReq { + enum ResumptionKeyOperation { + UNSPECIFIED = 0; + ENCRYPT = 1; + DECRYPT = 2; + } + + // The operation the resumption key is used for. + ResumptionKeyOperation operation = 1; + + // The bytes to be encrypted or decrypted. + bytes in_bytes = 2; +} + +message OffloadResumptionKeyOperationResp { + // The encrypted or decrypted bytes. + bytes out_bytes = 1; +} + +message ValidatePeerCertificateChainReq { + enum VerificationMode { + // The default verification mode supported by S2A. + UNSPECIFIED = 0; + // The SPIFFE verification mode selects the set of trusted certificates to + // use for path building based on the SPIFFE trust domain in the peer's leaf + // certificate. + SPIFFE = 1; + // The connect-to-Google verification mode uses the trust bundle for + // connecting to Google, e.g. *.mtls.googleapis.com endpoints. + CONNECT_TO_GOOGLE = 2; + } + + message ClientPeer { + // The certificate chain to be verified. The chain MUST be a list of + // DER-encoded certificates, ordered from leaf to root, excluding the root. + repeated bytes certificate_chain = 1; + } + + message ServerPeer { + // The certificate chain to be verified. The chain MUST be a list of + // DER-encoded certificates, ordered from leaf to root, excluding the root. + repeated bytes certificate_chain = 1; + + // The expected hostname of the server. + string server_hostname = 2; + + // The UnrestrictedClientPolicy specified by the user. + bytes serialized_unrestricted_client_policy = 3; + } + + // The verification mode that S2A MUST use to validate the peer certificate + // chain. + VerificationMode mode = 1; + + oneof peer_oneof { + ClientPeer client_peer = 2; + ServerPeer server_peer = 3; + } +} + +message ValidatePeerCertificateChainResp { + enum ValidationResult { + UNSPECIFIED = 0; + SUCCESS = 1; + FAILURE = 2; + } + + // The result of validating the peer certificate chain. + ValidationResult validation_result = 1; + + // The validation details. This field is only populated when the validation + // result is NOT SUCCESS. + string validation_details = 2; + + // The S2A context contains information from the peer certificate chain. + // + // The S2A context MAY be populated even if validation of the peer certificate + // chain fails. + S2AContext context = 3; +} + +message SessionReq { + // The identity corresponding to the TLS configurations that MUST be used for + // the TLS handshake. + // + // If a managed identity already exists, the local identity and authentication + // mechanisms are ignored. If a managed identity doesn't exist and the local + // identity is not populated, S2A will try to deduce the managed identity to + // use from the SNI extension. If that also fails, S2A uses the default + // identity (if one exists). + Identity local_identity = 1; + + // The authentication mechanisms that the application wishes to use to + // authenticate to S2A, ordered by preference. S2A will always use the first + // authentication mechanism that matches the managed identity. + repeated AuthenticationMechanism authentication_mechanisms = 2; + + oneof req_oneof { + // Requests the certificate chain and TLS configuration corresponding to the + // local identity, which the application MUST use to negotiate the TLS + // handshake. + GetTlsConfigurationReq get_tls_configuration_req = 3; + + // Signs or decrypts the input bytes using a private key corresponding to + // the local identity in the request. + // + // WARNING: More than one OffloadPrivateKeyOperationReq may be sent to the + // S2Av2 by a server during a TLS 1.2 handshake. + OffloadPrivateKeyOperationReq offload_private_key_operation_req = 4; + + // Encrypts or decrypts the input bytes using a resumption key corresponding + // to the local identity in the request. + OffloadResumptionKeyOperationReq offload_resumption_key_operation_req = 5; + + // Verifies the peer's certificate chain using + // (a) trust bundles corresponding to the local identity in the request, and + // (b) the verification mode in the request. + ValidatePeerCertificateChainReq validate_peer_certificate_chain_req = 6; + } +} + +message SessionResp { + // Status of the session response. + // + // The status field is populated so that if an error occurs when making an + // individual request, then communication with the S2A may continue. If an + // error is returned directly (e.g. at the gRPC layer), then it may result + // that the bidirectional stream being closed. + Status status = 1; + + oneof resp_oneof { + // Contains the certificate chain and TLS configurations corresponding to + // the local identity. + GetTlsConfigurationResp get_tls_configuration_resp = 2; + + // Contains the signed or encrypted output bytes using the private key + // corresponding to the local identity. + OffloadPrivateKeyOperationResp offload_private_key_operation_resp = 3; + + // Contains the encrypted or decrypted output bytes using the resumption key + // corresponding to the local identity. + OffloadResumptionKeyOperationResp offload_resumption_key_operation_resp = 4; + + // Contains the validation result, peer identity and fingerprints of peer + // certificates. + ValidatePeerCertificateChainResp validate_peer_certificate_chain_resp = 5; + } +} + +service S2AService { + // SetUpSession is a bidirectional stream used by applications to offload + // operations from the TLS handshake. + rpc SetUpSession(stream SessionReq) returns (stream SessionResp) {} +} diff --git a/s2a/src/main/proto/grpc/gcp/s2a_context.proto b/s2a/src/main/proto/grpc/gcp/s2a_context.proto new file mode 100644 index 000000000000..5ad264bf8759 --- /dev/null +++ b/s2a/src/main/proto/grpc/gcp/s2a_context.proto @@ -0,0 +1,61 @@ +// Copyright 2024 The gRPC Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// The canonical version of this proto can be found at +// https://github.com/grpc/grpc-proto/blob/master/grpc/gcp/s2a/s2a_context.proto +syntax = "proto3"; + +package grpc.gcp; + +import "grpc/gcp/common.proto"; + +option java_multiple_files = true; +option java_outer_classname = "S2AContextProto"; +option java_package = "io.grpc.s2a.handshaker"; + +message S2AContext { + // The SPIFFE ID from the peer leaf certificate, if present. + // + // This field is only populated if the leaf certificate is a valid SPIFFE + // SVID; in particular, there is a unique URI SAN and this URI SAN is a valid + // SPIFFE ID. + string leaf_cert_spiffe_id = 1; + + // The URIs that are present in the SubjectAltName extension of the peer leaf + // certificate. + // + // Note that the extracted URIs are not validated and may not be properly + // formatted. + repeated string leaf_cert_uris = 2; + + // The DNSNames that are present in the SubjectAltName extension of the peer + // leaf certificate. + repeated string leaf_cert_dnsnames = 3; + + // The (ordered) list of fingerprints in the certificate chain used to verify + // the given leaf certificate. The order MUST be from leaf certificate + // fingerprint to root certificate fingerprint. + // + // A fingerprint is the base-64 encoding of the SHA256 hash of the + // DER-encoding of a certificate. The list MAY be populated even if the peer + // certificate chain was NOT validated successfully. + repeated string peer_certificate_chain_fingerprints = 4; + + // The local identity used during session setup. + Identity local_identity = 5; + + // The SHA256 hash of the DER-encoding of the local leaf certificate used in + // the handshake. + bytes local_leaf_cert_fingerprint = 6; +} diff --git a/s2a/src/test/java/io/grpc/s2a/IntegrationTest.java b/s2a/src/test/java/io/grpc/s2a/IntegrationTest.java new file mode 100644 index 000000000000..ec07a57e371b --- /dev/null +++ b/s2a/src/test/java/io/grpc/s2a/IntegrationTest.java @@ -0,0 +1,323 @@ +/* + * Copyright 2024 The gRPC Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.grpc.s2a; + +import static com.google.common.truth.Truth.assertThat; +import static java.nio.charset.StandardCharsets.UTF_8; +import static java.util.concurrent.TimeUnit.SECONDS; + +import io.grpc.ChannelCredentials; +import io.grpc.Grpc; +import io.grpc.ManagedChannel; +import io.grpc.Server; +import io.grpc.ServerBuilder; +import io.grpc.ServerCredentials; +import io.grpc.TlsServerCredentials; +import io.grpc.benchmarks.Utils; +import io.grpc.netty.GrpcSslContexts; +import io.grpc.netty.NettyServerBuilder; +import io.grpc.s2a.MtlsToS2AChannelCredentials; +import io.grpc.s2a.S2AChannelCredentials; +import io.grpc.s2a.handshaker.FakeS2AServer; +import io.grpc.stub.StreamObserver; +import io.grpc.testing.protobuf.SimpleRequest; +import io.grpc.testing.protobuf.SimpleResponse; +import io.grpc.testing.protobuf.SimpleServiceGrpc; +import io.netty.handler.ssl.ClientAuth; +import io.netty.handler.ssl.OpenSslSessionContext; +import io.netty.handler.ssl.SslContext; +import io.netty.handler.ssl.SslContextBuilder; +import io.netty.handler.ssl.SslProvider; +import java.io.ByteArrayInputStream; +import java.io.File; +import java.util.concurrent.ExecutorService; +import java.util.concurrent.Executors; +import java.util.logging.Level; +import java.util.logging.Logger; +import javax.net.ssl.SSLException; +import javax.net.ssl.SSLSessionContext; +import org.junit.After; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.JUnit4; + +@RunWith(JUnit4.class) +public final class IntegrationTest { + private static final Logger logger = Logger.getLogger(FakeS2AServer.class.getName()); + + // prod_machine_leaf - prod_epoch_cert - prod_context_cert (- prod_root) + private static final String CERT_CHAIN = + "-----BEGIN CERTIFICATE-----\n" + + "MIICkDCCAjagAwIBAgIUSAtcrPhNNs1zxv51lIfGOVtkw6QwCgYIKoZIzj0EAwIw\n" + + "QTEXMBUGA1UECgwOc2VjdXJpdHktcmVhbG0xEDAOBgNVBAsMB2NvbnRleHQxFDAS\n" + + "BgorBgEEAdZ5AggBDAQyMDIyMCAXDTIzMDcxNDIyMzYwNFoYDzIwNTAxMTI5MjIz\n" + + "NjA0WjARMQ8wDQYDVQQDDAZ1bnVzZWQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC\n" + + "AAQGFlJpLxJMh4HuUm0DKjnUF7larH3tJvroQ12xpk+pPKQepn4ILoq9lZ8Xd3jz\n" + + "U98eDRXG5f4VjnX98DDHE4Ido4IBODCCATQwDgYDVR0PAQH/BAQDAgeAMCAGA1Ud\n" + + "JQEB/wQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMIGxBgNV\n" + + "HREBAf8EgaYwgaOGSnNwaWZmZTovL3NpZ25lci1yb2xlLmNvbnRleHQuc2VjdXJp\n" + + "dHktcmVhbG0ucHJvZC5nb29nbGUuY29tL3JvbGUvbGVhZi1yb2xlgjNzaWduZXIt\n" + + "cm9sZS5jb250ZXh0LnNlY3VyaXR5LXJlYWxtLnByb2Quc3BpZmZlLmdvb2eCIGZx\n" + + "ZG4tb2YtdGhlLW5vZGUucHJvZC5nb29nbGUuY29tMB0GA1UdDgQWBBSWSd5Fw6dI\n" + + "TGpt0m1Uxwf0iKqebzAfBgNVHSMEGDAWgBRm5agVVdpWfRZKM7u6OMuzHhqPcDAK\n" + + "BggqhkjOPQQDAgNIADBFAiB0sjRPSYy2eFq8Y0vQ8QN4AZ2NMajskvxnlifu7O4U\n" + + "RwIhANTh5Fkyx2nMYFfyl+W45dY8ODTw3HnlZ4b51hTAdkWl\n" + + "-----END CERTIFICATE-----\n" + + "-----BEGIN CERTIFICATE-----\n" + + "MIICQjCCAeigAwIBAgIUKxXRDlnWXefNV5lj5CwhDuXEq7MwCgYIKoZIzj0EAwIw\n" + + "OzEXMBUGA1UECgwOc2VjdXJpdHktcmVhbG0xEDAOBgNVBAsMB2NvbnRleHQxDjAM\n" + + "BgNVBAMMBTEyMzQ1MCAXDTIzMDcxNDIyMzYwNFoYDzIwNTAxMTI5MjIzNjA0WjBB\n" + + "MRcwFQYDVQQKDA5zZWN1cml0eS1yZWFsbTEQMA4GA1UECwwHY29udGV4dDEUMBIG\n" + + "CisGAQQB1nkCCAEMBDIwMjIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAT/Zu7x\n" + + "UYVyg+T/vg2H+y4I6t36Kc4qxD0eqqZjRLYBVKkUQHxBqc14t0DpoROMYQCNd4DF\n" + + "pcxv/9m6DaJbRk6Ao4HBMIG+MA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAG\n" + + "AQH/AgEBMFgGA1UdHgEB/wROMEygSjA1gjNzaWduZXItcm9sZS5jb250ZXh0LnNl\n" + + "Y3VyaXR5LXJlYWxtLnByb2Quc3BpZmZlLmdvb2cwEYIPcHJvZC5nb29nbGUuY29t\n" + + "MB0GA1UdDgQWBBRm5agVVdpWfRZKM7u6OMuzHhqPcDAfBgNVHSMEGDAWgBQcjNAh\n" + + "SCHTj+BW8KrzSSLo2ASEgjAKBggqhkjOPQQDAgNIADBFAiEA6KyGd9VxXDZceMZG\n" + + "IsbC40rtunFjLYI0mjZw9RcRWx8CIHCIiIHxafnDaCi+VB99NZfzAdu37g6pJptB\n" + + "gjIY71MO\n" + + "-----END CERTIFICATE-----\n" + + "-----BEGIN CERTIFICATE-----\n" + + "MIICODCCAd6gAwIBAgIUXtZECORWRSKnS9rRTJYkiALUXswwCgYIKoZIzj0EAwIw\n" + + "NzEXMBUGA1UECgwOc2VjdXJpdHktcmVhbG0xDTALBgNVBAsMBHJvb3QxDTALBgNV\n" + + "BAMMBDEyMzQwIBcNMjMwNzE0MjIzNjA0WhgPMjA1MDExMjkyMjM2MDRaMDsxFzAV\n" + + "BgNVBAoMDnNlY3VyaXR5LXJlYWxtMRAwDgYDVQQLDAdjb250ZXh0MQ4wDAYDVQQD\n" + + "DAUxMjM0NTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAycVTZrjockbpD59f1a\n" + + "4l1SNL7nSyXz66Guz4eDveQqLmaMBg7vpACfO4CtiAGnolHEffuRtSkdM434m5En\n" + + "bXCjgcEwgb4wDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQIwWAYD\n" + + "VR0eAQH/BE4wTKBKMDWCM3NpZ25lci1yb2xlLmNvbnRleHQuc2VjdXJpdHktcmVh\n" + + "bG0ucHJvZC5zcGlmZmUuZ29vZzARgg9wcm9kLmdvb2dsZS5jb20wHQYDVR0OBBYE\n" + + "FByM0CFIIdOP4FbwqvNJIujYBISCMB8GA1UdIwQYMBaAFMX+vebuj/lYfYEC23IA\n" + + "8HoIW0HsMAoGCCqGSM49BAMCA0gAMEUCIQCfxeXEBd7UPmeImT16SseCRu/6cHxl\n" + + "kTDsq9sKZ+eXBAIgA+oViAVOUhUQO1/6Mjlczg8NmMy2vNtG4V/7g9dMMVU=\n" + + "-----END CERTIFICATE-----"; + private static final String ROOT_PEM = + "-----BEGIN CERTIFICATE-----\n" + + "MIIBtTCCAVqgAwIBAgIUbAe+8OocndQXRBCElLBxBSdfdV8wCgYIKoZIzj0EAwIw\n" + + "NzEXMBUGA1UECgwOc2VjdXJpdHktcmVhbG0xDTALBgNVBAsMBHJvb3QxDTALBgNV\n" + + "BAMMBDEyMzQwIBcNMjMwNzE0MjIzNjA0WhgPMjA1MDExMjkyMjM2MDRaMDcxFzAV\n" + + "BgNVBAoMDnNlY3VyaXR5LXJlYWxtMQ0wCwYDVQQLDARyb290MQ0wCwYDVQQDDAQx\n" + + "MjM0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEaMY2tBW5r1t0+vhayz0ZoGMF\n" + + "boX/ZmmCmIh0iTWg4madvwNOh74CMVVvDUlXZcuVqZ3vVIX/a7PTFVqUwQlKW6NC\n" + + "MEAwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFMX+\n" + + "vebuj/lYfYEC23IA8HoIW0HsMAoGCCqGSM49BAMCA0kAMEYCIQDETd27nsUTXKWY\n" + + "CiOno78O09gK95NoTkPU5e2chJYMqAIhALYFAyh7PU5xgFQsN9hiqgsHUc5/pmBG\n" + + "BGjJ1iz8rWGJ\n" + + "-----END CERTIFICATE-----"; + private static final String PRIVATE_KEY = + "-----BEGIN PRIVATE KEY-----\n" + + "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgqA2U0ld1OOHLMXWf\n" + + "uyN4GSaqhhudEIaKkll3rdIq0M+hRANCAAQGFlJpLxJMh4HuUm0DKjnUF7larH3t\n" + + "JvroQ12xpk+pPKQepn4ILoq9lZ8Xd3jzU98eDRXG5f4VjnX98DDHE4Id\n" + + "-----END PRIVATE KEY-----"; + + private String s2aAddress; + private int s2aPort; + private Server s2aServer; + private String s2aDelayAddress; + private int s2aDelayPort; + private Server s2aDelayServer; + private String mtlsS2AAddress; + private int mtlsS2APort; + private Server mtlsS2AServer; + private int serverPort; + private String serverAddress; + private Server server; + + @BeforeClass + public static void setUpClass() { + System.setProperty("GRPC_EXPERIMENTAL_ENABLE_NEW_PICK_FIRST", "false"); + } + + @Before + public void setUp() throws Exception { + s2aPort = Utils.pickUnusedPort(); + s2aAddress = "localhost:" + s2aPort; + s2aServer = ServerBuilder.forPort(s2aPort).addService(new FakeS2AServer()).build(); + logger.info("S2A service listening on localhost:" + s2aPort); + s2aServer.start(); + + mtlsS2APort = Utils.pickUnusedPort(); + mtlsS2AAddress = "localhost:" + mtlsS2APort; + File s2aCert = new File("src/test/resources/server_cert.pem"); + File s2aKey = new File("src/test/resources/server_key.pem"); + File rootCert = new File("src/test/resources/root_cert.pem"); + ServerCredentials s2aCreds = + TlsServerCredentials.newBuilder() + .keyManager(s2aCert, s2aKey) + .trustManager(rootCert) + .clientAuth(TlsServerCredentials.ClientAuth.REQUIRE) + .build(); + mtlsS2AServer = + NettyServerBuilder.forPort(mtlsS2APort, s2aCreds).addService(new FakeS2AServer()).build(); + logger.info("mTLS S2A service listening on localhost:" + mtlsS2APort); + mtlsS2AServer.start(); + + s2aDelayPort = Utils.pickUnusedPort(); + s2aDelayAddress = "localhost:" + s2aDelayPort; + s2aDelayServer = ServerBuilder.forPort(s2aDelayPort).addService(new FakeS2AServer()).build(); + + serverPort = Utils.pickUnusedPort(); + serverAddress = "localhost:" + serverPort; + server = + NettyServerBuilder.forPort(serverPort) + .addService(new SimpleServiceImpl()) + .sslContext(buildSslContext()) + .build(); + logger.info("Simple Service listening on localhost:" + serverPort); + server.start(); + } + + @After + public void tearDown() throws Exception { + server.shutdown(); + s2aServer.shutdown(); + s2aDelayServer.shutdown(); + mtlsS2AServer.shutdown(); + } + + @Test + public void clientCommunicateUsingS2ACredentials_succeeds() throws Exception { + ExecutorService executor = Executors.newSingleThreadExecutor(); + ChannelCredentials credentials = + S2AChannelCredentials.createBuilder(s2aAddress).setLocalSpiffeId("test-spiffe-id").build(); + ManagedChannel channel = + Grpc.newChannelBuilder(serverAddress, credentials).executor(executor).build(); + + assertThat(doUnaryRpc(executor, channel)).isTrue(); + } + + @Test + public void clientCommunicateUsingS2ACredentialsNoLocalIdentity_succeeds() throws Exception { + ExecutorService executor = Executors.newSingleThreadExecutor(); + ChannelCredentials credentials = S2AChannelCredentials.createBuilder(s2aAddress).build(); + ManagedChannel channel = + Grpc.newChannelBuilder(serverAddress, credentials).executor(executor).build(); + + assertThat(doUnaryRpc(executor, channel)).isTrue(); + } + + @Test + public void clientCommunicateUsingMtlsToS2ACredentials_succeeds() throws Exception { + ExecutorService executor = Executors.newSingleThreadExecutor(); + ChannelCredentials credentials = + MtlsToS2AChannelCredentials.createBuilder( + /* s2aAddress= */ mtlsS2AAddress, + /* privateKeyPath= */ "src/test/resources/client_key.pem", + /* certChainPath= */ "src/test/resources/client_cert.pem", + /* trustBundlePath= */ "src/test/resources/root_cert.pem") + .build() + .setLocalSpiffeId("test-spiffe-id") + .build(); + ManagedChannel channel = + Grpc.newChannelBuilder(serverAddress, credentials).executor(executor).build(); + + assertThat(doUnaryRpc(executor, channel)).isTrue(); + } + + @Test + public void clientCommunicateUsingS2ACredentials_s2AdelayStart_succeeds() throws Exception { + DoUnaryRpc doUnaryRpc = new DoUnaryRpc(); + doUnaryRpc.start(); + Thread.sleep(2000); + s2aDelayServer.start(); + doUnaryRpc.join(); + } + + private class DoUnaryRpc extends Thread { + @Override + public void run() { + ExecutorService executor = Executors.newSingleThreadExecutor(); + ChannelCredentials credentials = S2AChannelCredentials.createBuilder(s2aDelayAddress).build(); + ManagedChannel channel = + Grpc.newChannelBuilder(serverAddress, credentials).executor(executor).build(); + boolean result = false; + try { + result = doUnaryRpc(executor, channel); + } catch (InterruptedException e) { + logger.log(Level.SEVERE, "Failed to do unary rpc", e); + result = false; + } + assertThat(result).isTrue(); + } + } + + public static boolean doUnaryRpc(ExecutorService executor, ManagedChannel channel) + throws InterruptedException { + try { + SimpleServiceGrpc.SimpleServiceBlockingStub stub = + SimpleServiceGrpc.newBlockingStub(channel).withWaitForReady(); + SimpleResponse resp = stub.unaryRpc(SimpleRequest.newBuilder() + .setRequestMessage("S2A team") + .build()); + if (!resp.getResponseMessage().equals("Hello, S2A team!")) { + logger.info( + "Received unexpected message from the Simple Service: " + resp.getResponseMessage()); + throw new RuntimeException(); + } else { + System.out.println( + "We received this message from the Simple Service: " + resp.getResponseMessage()); + return true; + } + } finally { + channel.shutdown(); + channel.awaitTermination(1, SECONDS); + executor.shutdown(); + executor.awaitTermination(1, SECONDS); + } + } + + private static SslContext buildSslContext() throws SSLException { + SslContextBuilder sslServerContextBuilder = + SslContextBuilder.forServer( + new ByteArrayInputStream(CERT_CHAIN.getBytes(UTF_8)), + new ByteArrayInputStream(PRIVATE_KEY.getBytes(UTF_8))); + SslContext sslServerContext = + GrpcSslContexts.configure(sslServerContextBuilder, SslProvider.OPENSSL) + .protocols("TLSv1.3", "TLSv1.2") + .trustManager(new ByteArrayInputStream(ROOT_PEM.getBytes(UTF_8))) + .clientAuth(ClientAuth.REQUIRE) + .build(); + + // Enable TLS resumption. This requires using the OpenSSL provider, since the JDK provider does + // not allow a server to send session tickets. + SSLSessionContext sslSessionContext = sslServerContext.sessionContext(); + if (!(sslSessionContext instanceof OpenSslSessionContext)) { + throw new SSLException("sslSessionContext does not use OpenSSL."); + } + OpenSslSessionContext openSslSessionContext = (OpenSslSessionContext) sslSessionContext; + // Calling {@code setTicketKeys} without specifying any keys means that the SSL libraries will + // handle the generation of the resumption master secret. + openSslSessionContext.setTicketKeys(); + + return sslServerContext; + } + + public static class SimpleServiceImpl extends SimpleServiceGrpc.SimpleServiceImplBase { + @Override + public void unaryRpc(SimpleRequest request, StreamObserver observer) { + observer.onNext( + SimpleResponse.newBuilder() + .setResponseMessage("Hello, " + request.getRequestMessage() + "!") + .build()); + observer.onCompleted(); + } + } +} \ No newline at end of file diff --git a/s2a/src/test/java/io/grpc/s2a/MtlsToS2AChannelCredentialsTest.java b/s2a/src/test/java/io/grpc/s2a/MtlsToS2AChannelCredentialsTest.java new file mode 100644 index 000000000000..5ccc522292e8 --- /dev/null +++ b/s2a/src/test/java/io/grpc/s2a/MtlsToS2AChannelCredentialsTest.java @@ -0,0 +1,135 @@ +/* + * Copyright 2024 The gRPC Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.grpc.s2a; + +import static com.google.common.truth.Truth.assertThat; +import static org.junit.Assert.assertThrows; + +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.JUnit4; + +@RunWith(JUnit4.class) +public final class MtlsToS2AChannelCredentialsTest { + @Test + public void createBuilder_nullAddress_throwsException() throws Exception { + assertThrows( + IllegalArgumentException.class, + () -> + MtlsToS2AChannelCredentials.createBuilder( + /* s2aAddress= */ null, + /* privateKeyPath= */ "src/test/resources/client_key.pem", + /* certChainPath= */ "src/test/resources/client_cert.pem", + /* trustBundlePath= */ "src/test/resources/root_cert.pem")); + } + + @Test + public void createBuilder_nullPrivateKeyPath_throwsException() throws Exception { + assertThrows( + IllegalArgumentException.class, + () -> + MtlsToS2AChannelCredentials.createBuilder( + /* s2aAddress= */ "s2a_address", + /* privateKeyPath= */ null, + /* certChainPath= */ "src/test/resources/client_cert.pem", + /* trustBundlePath= */ "src/test/resources/root_cert.pem")); + } + + @Test + public void createBuilder_nullCertChainPath_throwsException() throws Exception { + assertThrows( + IllegalArgumentException.class, + () -> + MtlsToS2AChannelCredentials.createBuilder( + /* s2aAddress= */ "s2a_address", + /* privateKeyPath= */ "src/test/resources/client_key.pem", + /* certChainPath= */ null, + /* trustBundlePath= */ "src/test/resources/root_cert.pem")); + } + + @Test + public void createBuilder_nullTrustBundlePath_throwsException() throws Exception { + assertThrows( + IllegalArgumentException.class, + () -> + MtlsToS2AChannelCredentials.createBuilder( + /* s2aAddress= */ "s2a_address", + /* privateKeyPath= */ "src/test/resources/client_key.pem", + /* certChainPath= */ "src/test/resources/client_cert.pem", + /* trustBundlePath= */ null)); + } + + @Test + public void createBuilder_emptyAddress_throwsException() throws Exception { + assertThrows( + IllegalArgumentException.class, + () -> + MtlsToS2AChannelCredentials.createBuilder( + /* s2aAddress= */ "", + /* privateKeyPath= */ "src/test/resources/client_key.pem", + /* certChainPath= */ "src/test/resources/client_cert.pem", + /* trustBundlePath= */ "src/test/resources/root_cert.pem")); + } + + @Test + public void createBuilder_emptyPrivateKeyPath_throwsException() throws Exception { + assertThrows( + IllegalArgumentException.class, + () -> + MtlsToS2AChannelCredentials.createBuilder( + /* s2aAddress= */ "s2a_address", + /* privateKeyPath= */ "", + /* certChainPath= */ "src/test/resources/client_cert.pem", + /* trustBundlePath= */ "src/test/resources/root_cert.pem")); + } + + @Test + public void createBuilder_emptyCertChainPath_throwsException() throws Exception { + assertThrows( + IllegalArgumentException.class, + () -> + MtlsToS2AChannelCredentials.createBuilder( + /* s2aAddress= */ "s2a_address", + /* privateKeyPath= */ "src/test/resources/client_key.pem", + /* certChainPath= */ "", + /* trustBundlePath= */ "src/test/resources/root_cert.pem")); + } + + @Test + public void createBuilder_emptyTrustBundlePath_throwsException() throws Exception { + assertThrows( + IllegalArgumentException.class, + () -> + MtlsToS2AChannelCredentials.createBuilder( + /* s2aAddress= */ "s2a_address", + /* privateKeyPath= */ "src/test/resources/client_key.pem", + /* certChainPath= */ "src/test/resources/client_cert.pem", + /* trustBundlePath= */ "")); + } + + @Test + public void build_s2AChannelCredentials_success() throws Exception { + assertThat( + MtlsToS2AChannelCredentials.createBuilder( + /* s2aAddress= */ "s2a_address", + /* privateKeyPath= */ "src/test/resources/client_key.pem", + /* certChainPath= */ "src/test/resources/client_cert.pem", + /* trustBundlePath= */ "src/test/resources/root_cert.pem") + .build()) + .isInstanceOf(S2AChannelCredentials.Builder.class); + } +} \ No newline at end of file diff --git a/s2a/src/test/java/io/grpc/s2a/S2AChannelCredentialsTest.java b/s2a/src/test/java/io/grpc/s2a/S2AChannelCredentialsTest.java new file mode 100644 index 000000000000..a6133ed0af89 --- /dev/null +++ b/s2a/src/test/java/io/grpc/s2a/S2AChannelCredentialsTest.java @@ -0,0 +1,112 @@ +/* + * Copyright 2024 The gRPC Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.grpc.s2a; + +import static com.google.common.truth.Truth.assertThat; +import static org.junit.Assert.assertThrows; + +import io.grpc.ChannelCredentials; +import io.grpc.TlsChannelCredentials; +import java.io.File; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.JUnit4; + +/** Unit tests for {@code S2AChannelCredentials}. */ +@RunWith(JUnit4.class) +public final class S2AChannelCredentialsTest { + @Test + public void createBuilder_nullArgument_throwsException() throws Exception { + assertThrows(IllegalArgumentException.class, () -> S2AChannelCredentials.createBuilder(null)); + } + + @Test + public void createBuilder_emptyAddress_throwsException() throws Exception { + assertThrows(IllegalArgumentException.class, () -> S2AChannelCredentials.createBuilder("")); + } + + @Test + public void setLocalSpiffeId_nullArgument_throwsException() throws Exception { + assertThrows( + NullPointerException.class, + () -> S2AChannelCredentials.createBuilder("s2a_address").setLocalSpiffeId(null)); + } + + @Test + public void setLocalHostname_nullArgument_throwsException() throws Exception { + assertThrows( + NullPointerException.class, + () -> S2AChannelCredentials.createBuilder("s2a_address").setLocalHostname(null)); + } + + @Test + public void setLocalUid_nullArgument_throwsException() throws Exception { + assertThrows( + NullPointerException.class, + () -> S2AChannelCredentials.createBuilder("s2a_address").setLocalUid(null)); + } + + @Test + public void build_withLocalSpiffeId_succeeds() throws Exception { + assertThat( + S2AChannelCredentials.createBuilder("s2a_address") + .setLocalSpiffeId("spiffe://test") + .build()) + .isNotNull(); + } + + @Test + public void build_withLocalHostname_succeeds() throws Exception { + assertThat( + S2AChannelCredentials.createBuilder("s2a_address") + .setLocalHostname("local_hostname") + .build()) + .isNotNull(); + } + + @Test + public void build_withLocalUid_succeeds() throws Exception { + assertThat(S2AChannelCredentials.createBuilder("s2a_address").setLocalUid("local_uid").build()) + .isNotNull(); + } + + @Test + public void build_withNoLocalIdentity_succeeds() throws Exception { + assertThat(S2AChannelCredentials.createBuilder("s2a_address").build()) + .isNotNull(); + } + + @Test + public void build_withTlsChannelCredentials_succeeds() throws Exception { + assertThat( + S2AChannelCredentials.createBuilder("s2a_address") + .setLocalSpiffeId("spiffe://test") + .setS2AChannelCredentials(getTlsChannelCredentials()) + .build()) + .isNotNull(); + } + + private static ChannelCredentials getTlsChannelCredentials() throws Exception { + File clientCert = new File("src/test/resources/client_cert.pem"); + File clientKey = new File("src/test/resources/client_key.pem"); + File rootCert = new File("src/test/resources/root_cert.pem"); + return TlsChannelCredentials.newBuilder() + .keyManager(clientCert, clientKey) + .trustManager(rootCert) + .build(); + } +} \ No newline at end of file diff --git a/s2a/src/test/java/io/grpc/s2a/channel/S2AGrpcChannelPoolTest.java b/s2a/src/test/java/io/grpc/s2a/channel/S2AGrpcChannelPoolTest.java new file mode 100644 index 000000000000..13eccac682d7 --- /dev/null +++ b/s2a/src/test/java/io/grpc/s2a/channel/S2AGrpcChannelPoolTest.java @@ -0,0 +1,125 @@ +/* + * Copyright 2024 The gRPC Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.grpc.s2a.channel; + +import static com.google.common.truth.Truth.assertThat; +import static org.junit.Assert.assertThrows; +import static org.mockito.Mockito.mock; + +import io.grpc.Channel; +import io.grpc.internal.ObjectPool; +import org.checkerframework.checker.nullness.qual.Nullable; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.JUnit4; + +/** Unit tests for {@link S2AGrpcChannelPool}. */ +@RunWith(JUnit4.class) +public final class S2AGrpcChannelPoolTest { + @Test + public void getChannel_success() throws Exception { + FakeChannelPool fakeChannelPool = new FakeChannelPool(); + S2AChannelPool s2aChannelPool = S2AGrpcChannelPool.create(fakeChannelPool); + + Channel channel = s2aChannelPool.getChannel(); + + assertThat(channel).isNotNull(); + assertThat(fakeChannelPool.isChannelCached()).isTrue(); + assertThat(s2aChannelPool.getChannel()).isEqualTo(channel); + } + + @Test + public void returnChannel_success() throws Exception { + FakeChannelPool fakeChannelPool = new FakeChannelPool(); + S2AChannelPool s2aChannelPool = S2AGrpcChannelPool.create(fakeChannelPool); + + s2aChannelPool.returnChannel(s2aChannelPool.getChannel()); + + assertThat(fakeChannelPool.isChannelCached()).isFalse(); + } + + @Test + public void returnChannel_channelStillCachedBecauseMultipleChannelsRetrieved() throws Exception { + FakeChannelPool fakeChannelPool = new FakeChannelPool(); + S2AChannelPool s2aChannelPool = S2AGrpcChannelPool.create(fakeChannelPool); + + s2aChannelPool.getChannel(); + s2aChannelPool.returnChannel(s2aChannelPool.getChannel()); + + assertThat(fakeChannelPool.isChannelCached()).isTrue(); + } + + @Test + public void returnChannel_failureBecauseChannelWasNotFromPool() throws Exception { + S2AChannelPool s2aChannelPool = S2AGrpcChannelPool.create(new FakeChannelPool()); + + IllegalArgumentException expected = + assertThrows( + IllegalArgumentException.class, + () -> s2aChannelPool.returnChannel(mock(Channel.class))); + assertThat(expected) + .hasMessageThat() + .isEqualTo( + "Cannot return the channel to channel pool because the channel was not obtained from" + + " channel pool."); + } + + @Test + public void close_success() throws Exception { + FakeChannelPool fakeChannelPool = new FakeChannelPool(); + try (S2AChannelPool s2aChannelPool = S2AGrpcChannelPool.create(fakeChannelPool)) { + s2aChannelPool.getChannel(); + } + + assertThat(fakeChannelPool.isChannelCached()).isFalse(); + } + + @Test + public void close_poolIsUnusable() throws Exception { + S2AChannelPool s2aChannelPool = S2AGrpcChannelPool.create(new FakeChannelPool()); + s2aChannelPool.close(); + + IllegalStateException expected = + assertThrows(IllegalStateException.class, s2aChannelPool::getChannel); + + assertThat(expected).hasMessageThat().isEqualTo("Channel pool is not open."); + } + + private static class FakeChannelPool implements ObjectPool { + private final Channel mockChannel = mock(Channel.class); + private @Nullable Channel cachedChannel = null; + + @Override + public Channel getObject() { + if (cachedChannel == null) { + cachedChannel = mockChannel; + } + return cachedChannel; + } + + @Override + public Channel returnObject(Object object) { + assertThat(object).isSameInstanceAs(mockChannel); + cachedChannel = null; + return null; + } + + public boolean isChannelCached() { + return (cachedChannel != null); + } + } +} \ No newline at end of file diff --git a/s2a/src/test/java/io/grpc/s2a/channel/S2AHandshakerServiceChannelTest.java b/s2a/src/test/java/io/grpc/s2a/channel/S2AHandshakerServiceChannelTest.java new file mode 100644 index 000000000000..57288be1b6fa --- /dev/null +++ b/s2a/src/test/java/io/grpc/s2a/channel/S2AHandshakerServiceChannelTest.java @@ -0,0 +1,390 @@ +/* + * Copyright 2024 The gRPC Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.grpc.s2a.channel; + +import static com.google.common.truth.Truth.assertThat; +import static com.google.common.truth.extensions.proto.ProtoTruth.assertThat; +import static java.util.concurrent.TimeUnit.SECONDS; +import static org.junit.Assert.assertThrows; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.times; +import static org.mockito.Mockito.verify; + +import io.grpc.CallOptions; +import io.grpc.Channel; +import io.grpc.ChannelCredentials; +import io.grpc.ClientCall; +import io.grpc.ManagedChannel; +import io.grpc.MethodDescriptor; +import io.grpc.Server; +import io.grpc.ServerBuilder; +import io.grpc.ServerCredentials; +import io.grpc.StatusRuntimeException; +import io.grpc.TlsChannelCredentials; +import io.grpc.TlsServerCredentials; +import io.grpc.benchmarks.Utils; +import io.grpc.internal.SharedResourceHolder.Resource; +import io.grpc.netty.NettyServerBuilder; +import io.grpc.s2a.channel.S2AHandshakerServiceChannel.EventLoopHoldingChannel; +import io.grpc.stub.StreamObserver; +import io.grpc.testing.GrpcCleanupRule; +import io.grpc.testing.protobuf.SimpleRequest; +import io.grpc.testing.protobuf.SimpleResponse; +import io.grpc.testing.protobuf.SimpleServiceGrpc; +import io.netty.channel.EventLoopGroup; +import java.io.File; +import java.time.Duration; +import java.util.Optional; +import java.util.concurrent.TimeUnit; +import org.junit.Before; +import org.junit.ClassRule; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.JUnit4; + +/** Unit tests for {@link S2AHandshakerServiceChannel}. */ +@RunWith(JUnit4.class) +public final class S2AHandshakerServiceChannelTest { + @ClassRule public static final GrpcCleanupRule grpcCleanup = new GrpcCleanupRule(); + private static final Duration CHANNEL_SHUTDOWN_TIMEOUT = Duration.ofSeconds(10); + private final EventLoopGroup mockEventLoopGroup = mock(EventLoopGroup.class); + private Server mtlsServer; + private Server plaintextServer; + + @Before + public void setUp() throws Exception { + mtlsServer = createMtlsServer(); + plaintextServer = createPlaintextServer(); + mtlsServer.start(); + plaintextServer.start(); + } + + /** + * Creates a {@code Resource} and verifies that it produces a {@code ChannelResource} + * instance by using its {@code toString()} method. + */ + @Test + public void getChannelResource_success() { + Resource resource = + S2AHandshakerServiceChannel.getChannelResource( + "localhost:" + plaintextServer.getPort(), + /* s2aChannelCredentials= */ Optional.empty()); + assertThat(resource.toString()).isEqualTo("grpc-s2a-channel"); + } + + /** Same as getChannelResource_success, but use mTLS. */ + @Test + public void getChannelResource_mtlsSuccess() throws Exception { + Resource resource = + S2AHandshakerServiceChannel.getChannelResource( + "localhost:" + mtlsServer.getPort(), getTlsChannelCredentials()); + assertThat(resource.toString()).isEqualTo("grpc-s2a-channel"); + } + + /** + * Creates two {@code Resoure}s for the same target address and verifies that they are + * equal. + */ + @Test + public void getChannelResource_twoEqualChannels() { + Resource resource = + S2AHandshakerServiceChannel.getChannelResource( + "localhost:" + plaintextServer.getPort(), + /* s2aChannelCredentials= */ Optional.empty()); + Resource resourceTwo = + S2AHandshakerServiceChannel.getChannelResource( + "localhost:" + plaintextServer.getPort(), + /* s2aChannelCredentials= */ Optional.empty()); + assertThat(resource).isEqualTo(resourceTwo); + } + + /** Same as getChannelResource_twoEqualChannels, but use mTLS. */ + @Test + public void getChannelResource_mtlsTwoEqualChannels() throws Exception { + Resource resource = + S2AHandshakerServiceChannel.getChannelResource( + "localhost:" + mtlsServer.getPort(), getTlsChannelCredentials()); + Resource resourceTwo = + S2AHandshakerServiceChannel.getChannelResource( + "localhost:" + mtlsServer.getPort(), getTlsChannelCredentials()); + assertThat(resource).isEqualTo(resourceTwo); + } + + /** + * Creates two {@code Resoure}s for different target addresses and verifies that they are + * distinct. + */ + @Test + public void getChannelResource_twoDistinctChannels() { + Resource resource = + S2AHandshakerServiceChannel.getChannelResource( + "localhost:" + plaintextServer.getPort(), + /* s2aChannelCredentials= */ Optional.empty()); + Resource resourceTwo = + S2AHandshakerServiceChannel.getChannelResource( + "localhost:" + Utils.pickUnusedPort(), /* s2aChannelCredentials= */ Optional.empty()); + assertThat(resourceTwo).isNotEqualTo(resource); + } + + /** Same as getChannelResource_twoDistinctChannels, but use mTLS. */ + @Test + public void getChannelResource_mtlsTwoDistinctChannels() throws Exception { + Resource resource = + S2AHandshakerServiceChannel.getChannelResource( + "localhost:" + mtlsServer.getPort(), getTlsChannelCredentials()); + Resource resourceTwo = + S2AHandshakerServiceChannel.getChannelResource( + "localhost:" + Utils.pickUnusedPort(), getTlsChannelCredentials()); + assertThat(resourceTwo).isNotEqualTo(resource); + } + + /** + * Uses a {@code Resource} to create a channel, closes the channel, and verifies that the + * channel is closed by attempting to make a simple RPC. + */ + @Test + public void close_success() { + Resource resource = + S2AHandshakerServiceChannel.getChannelResource( + "localhost:" + plaintextServer.getPort(), + /* s2aChannelCredentials= */ Optional.empty()); + Channel channel = resource.create(); + resource.close(channel); + StatusRuntimeException expected = + assertThrows( + StatusRuntimeException.class, + () -> + SimpleServiceGrpc.newBlockingStub(channel) + .unaryRpc(SimpleRequest.getDefaultInstance())); + assertThat(expected).hasMessageThat().isEqualTo("UNAVAILABLE: Channel shutdown invoked"); + } + + /** Same as close_success, but use mTLS. */ + @Test + public void close_mtlsSuccess() throws Exception { + Resource resource = + S2AHandshakerServiceChannel.getChannelResource( + "localhost:" + mtlsServer.getPort(), getTlsChannelCredentials()); + Channel channel = resource.create(); + resource.close(channel); + StatusRuntimeException expected = + assertThrows( + StatusRuntimeException.class, + () -> + SimpleServiceGrpc.newBlockingStub(channel) + .unaryRpc(SimpleRequest.getDefaultInstance())); + assertThat(expected).hasMessageThat().isEqualTo("UNAVAILABLE: Channel shutdown invoked"); + } + + /** + * Verifies that an {@code EventLoopHoldingChannel}'s {@code newCall} method can be used to + * perform a simple RPC. + */ + @Test + public void newCall_performSimpleRpcSuccess() { + Resource resource = + S2AHandshakerServiceChannel.getChannelResource( + "localhost:" + plaintextServer.getPort(), + /* s2aChannelCredentials= */ Optional.empty()); + Channel channel = resource.create(); + assertThat(channel).isInstanceOf(EventLoopHoldingChannel.class); + assertThat( + SimpleServiceGrpc.newBlockingStub(channel).unaryRpc(SimpleRequest.getDefaultInstance())) + .isEqualToDefaultInstance(); + } + + /** Same as newCall_performSimpleRpcSuccess, but use mTLS. */ + @Test + public void newCall_mtlsPerformSimpleRpcSuccess() throws Exception { + Resource resource = + S2AHandshakerServiceChannel.getChannelResource( + "localhost:" + mtlsServer.getPort(), getTlsChannelCredentials()); + Channel channel = resource.create(); + assertThat(channel).isInstanceOf(EventLoopHoldingChannel.class); + assertThat( + SimpleServiceGrpc.newBlockingStub(channel).unaryRpc(SimpleRequest.getDefaultInstance())) + .isEqualToDefaultInstance(); + } + + /** Creates a {@code EventLoopHoldingChannel} instance and verifies its authority. */ + @Test + public void authority_success() throws Exception { + ManagedChannel channel = new FakeManagedChannel(true); + EventLoopHoldingChannel eventLoopHoldingChannel = + EventLoopHoldingChannel.create(channel, mockEventLoopGroup); + assertThat(eventLoopHoldingChannel.authority()).isEqualTo("FakeManagedChannel"); + } + + /** + * Creates and closes a {@code EventLoopHoldingChannel} when its {@code ManagedChannel} terminates + * successfully. + */ + @Test + public void close_withDelegateTerminatedSuccess() throws Exception { + ManagedChannel channel = new FakeManagedChannel(true); + EventLoopHoldingChannel eventLoopHoldingChannel = + EventLoopHoldingChannel.create(channel, mockEventLoopGroup); + eventLoopHoldingChannel.close(); + assertThat(channel.isShutdown()).isTrue(); + verify(mockEventLoopGroup, times(1)) + .shutdownGracefully(0, CHANNEL_SHUTDOWN_TIMEOUT.getSeconds(), SECONDS); + } + + /** + * Creates and closes a {@code EventLoopHoldingChannel} when its {@code ManagedChannel} does not + * terminate successfully. + */ + @Test + public void close_withDelegateTerminatedFailure() throws Exception { + ManagedChannel channel = new FakeManagedChannel(false); + EventLoopHoldingChannel eventLoopHoldingChannel = + EventLoopHoldingChannel.create(channel, mockEventLoopGroup); + eventLoopHoldingChannel.close(); + assertThat(channel.isShutdown()).isTrue(); + verify(mockEventLoopGroup, times(1)) + .shutdownGracefully(1, CHANNEL_SHUTDOWN_TIMEOUT.getSeconds(), SECONDS); + } + + /** + * Creates and closes a {@code EventLoopHoldingChannel}, creates a new channel from the same + * resource, and verifies that this second channel is useable. + */ + @Test + public void create_succeedsAfterCloseIsCalledOnce() throws Exception { + Resource resource = + S2AHandshakerServiceChannel.getChannelResource( + "localhost:" + plaintextServer.getPort(), + /* s2aChannelCredentials= */ Optional.empty()); + Channel channelOne = resource.create(); + resource.close(channelOne); + + Channel channelTwo = resource.create(); + assertThat(channelTwo).isInstanceOf(EventLoopHoldingChannel.class); + assertThat( + SimpleServiceGrpc.newBlockingStub(channelTwo) + .unaryRpc(SimpleRequest.getDefaultInstance())) + .isEqualToDefaultInstance(); + resource.close(channelTwo); + } + + /** Same as create_succeedsAfterCloseIsCalledOnce, but use mTLS. */ + @Test + public void create_mtlsSucceedsAfterCloseIsCalledOnce() throws Exception { + Resource resource = + S2AHandshakerServiceChannel.getChannelResource( + "localhost:" + mtlsServer.getPort(), getTlsChannelCredentials()); + Channel channelOne = resource.create(); + resource.close(channelOne); + + Channel channelTwo = resource.create(); + assertThat(channelTwo).isInstanceOf(EventLoopHoldingChannel.class); + assertThat( + SimpleServiceGrpc.newBlockingStub(channelTwo) + .unaryRpc(SimpleRequest.getDefaultInstance())) + .isEqualToDefaultInstance(); + resource.close(channelTwo); + } + + private static Server createMtlsServer() throws Exception { + SimpleServiceImpl service = new SimpleServiceImpl(); + File serverCert = new File("src/test/resources/server_cert.pem"); + File serverKey = new File("src/test/resources/server_key.pem"); + File rootCert = new File("src/test/resources/root_cert.pem"); + ServerCredentials creds = + TlsServerCredentials.newBuilder() + .keyManager(serverCert, serverKey) + .trustManager(rootCert) + .clientAuth(TlsServerCredentials.ClientAuth.REQUIRE) + .build(); + return grpcCleanup.register( + NettyServerBuilder.forPort(Utils.pickUnusedPort(), creds).addService(service).build()); + } + + private static Server createPlaintextServer() { + SimpleServiceImpl service = new SimpleServiceImpl(); + return grpcCleanup.register( + ServerBuilder.forPort(Utils.pickUnusedPort()).addService(service).build()); + } + + private static Optional getTlsChannelCredentials() throws Exception { + File clientCert = new File("src/test/resources/client_cert.pem"); + File clientKey = new File("src/test/resources/client_key.pem"); + File rootCert = new File("src/test/resources/root_cert.pem"); + return Optional.of( + TlsChannelCredentials.newBuilder() + .keyManager(clientCert, clientKey) + .trustManager(rootCert) + .build()); + } + + private static class SimpleServiceImpl extends SimpleServiceGrpc.SimpleServiceImplBase { + @Override + public void unaryRpc(SimpleRequest request, StreamObserver streamObserver) { + streamObserver.onNext(SimpleResponse.getDefaultInstance()); + streamObserver.onCompleted(); + } + } + + private static class FakeManagedChannel extends ManagedChannel { + private final boolean isDelegateTerminatedSuccess; + private boolean isShutdown = false; + + FakeManagedChannel(boolean isDelegateTerminatedSuccess) { + this.isDelegateTerminatedSuccess = isDelegateTerminatedSuccess; + } + + @Override + public String authority() { + return "FakeManagedChannel"; + } + + @Override + public ClientCall newCall( + MethodDescriptor methodDescriptor, CallOptions options) { + throw new UnsupportedOperationException("This method should not be called."); + } + + @Override + public ManagedChannel shutdown() { + throw new UnsupportedOperationException("This method should not be called."); + } + + @Override + public boolean isShutdown() { + return isShutdown; + } + + @Override + public boolean isTerminated() { + throw new UnsupportedOperationException("This method should not be called."); + } + + @Override + public ManagedChannel shutdownNow() { + isShutdown = true; + return null; + } + + @Override + public boolean awaitTermination(long timeout, TimeUnit unit) throws InterruptedException { + if (isDelegateTerminatedSuccess) { + return true; + } + throw new InterruptedException("Await termination was interrupted."); + } + } +} diff --git a/s2a/src/test/java/io/grpc/s2a/handshaker/FakeS2AServer.java b/s2a/src/test/java/io/grpc/s2a/handshaker/FakeS2AServer.java new file mode 100644 index 000000000000..66f636ada224 --- /dev/null +++ b/s2a/src/test/java/io/grpc/s2a/handshaker/FakeS2AServer.java @@ -0,0 +1,55 @@ +/* + * Copyright 2024 The gRPC Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.grpc.s2a.handshaker; + +import io.grpc.stub.StreamObserver; +import java.security.NoSuchAlgorithmException; +import java.security.spec.InvalidKeySpecException; +import java.util.logging.Logger; + +/** A fake S2Av2 server that should be used for testing only. */ +public final class FakeS2AServer extends S2AServiceGrpc.S2AServiceImplBase { + private static final Logger logger = Logger.getLogger(FakeS2AServer.class.getName()); + + private final FakeWriter writer; + + public FakeS2AServer() throws InvalidKeySpecException, NoSuchAlgorithmException { + this.writer = new FakeWriter(); + this.writer.setVerificationResult(FakeWriter.VerificationResult.SUCCESS).initializePrivateKey(); + } + + @Override + public StreamObserver setUpSession(StreamObserver responseObserver) { + return new StreamObserver() { + @Override + public void onNext(SessionReq req) { + logger.info("Received a request from client."); + responseObserver.onNext(writer.handleResponse(req)); + } + + @Override + public void onError(Throwable t) { + responseObserver.onError(t); + } + + @Override + public void onCompleted() { + responseObserver.onCompleted(); + } + }; + } +} \ No newline at end of file diff --git a/s2a/src/test/java/io/grpc/s2a/handshaker/FakeS2AServerTest.java b/s2a/src/test/java/io/grpc/s2a/handshaker/FakeS2AServerTest.java new file mode 100644 index 000000000000..7b8a2c068856 --- /dev/null +++ b/s2a/src/test/java/io/grpc/s2a/handshaker/FakeS2AServerTest.java @@ -0,0 +1,265 @@ +/* + * Copyright 2024 The gRPC Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.grpc.s2a.handshaker; + +import static com.google.common.truth.extensions.proto.ProtoTruth.assertThat; +import static java.util.concurrent.TimeUnit.SECONDS; + +import com.google.common.collect.ImmutableList; +import com.google.protobuf.ByteString; +import io.grpc.Grpc; +import io.grpc.InsecureChannelCredentials; +import io.grpc.ManagedChannel; +import io.grpc.Server; +import io.grpc.ServerBuilder; +import io.grpc.benchmarks.Utils; +import io.grpc.s2a.handshaker.ValidatePeerCertificateChainReq.VerificationMode; +import io.grpc.stub.StreamObserver; +import java.util.concurrent.CountDownLatch; +import java.util.concurrent.ExecutorService; +import java.util.concurrent.Executors; +import java.util.logging.Logger; +import org.junit.After; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.JUnit4; + +/** Unit tests for {@link FakeS2AServer}. */ +@RunWith(JUnit4.class) +public final class FakeS2AServerTest { + private static final Logger logger = Logger.getLogger(FakeS2AServerTest.class.getName()); + + private static final ImmutableList FAKE_CERT_DER_CHAIN = + ImmutableList.of( + ByteString.copyFrom( + new byte[] {'f', 'a', 'k', 'e', '-', 'd', 'e', 'r', '-', 'c', 'h', 'a', 'i', 'n'})); + private int port; + private String serverAddress; + private SessionResp response = null; + private Server fakeS2AServer; + + @Before + public void setUp() throws Exception { + port = Utils.pickUnusedPort(); + fakeS2AServer = ServerBuilder.forPort(port).addService(new FakeS2AServer()).build(); + fakeS2AServer.start(); + serverAddress = String.format("localhost:%d", port); + } + + @After + public void tearDown() { + fakeS2AServer.shutdown(); + } + + @Test + public void callS2AServerOnce_getTlsConfiguration_returnsValidResult() + throws InterruptedException { + ExecutorService executor = Executors.newSingleThreadExecutor(); + logger.info("Client connecting to: " + serverAddress); + ManagedChannel channel = + Grpc.newChannelBuilder(serverAddress, InsecureChannelCredentials.create()) + .executor(executor) + .build(); + + try { + S2AServiceGrpc.S2AServiceStub asyncStub = S2AServiceGrpc.newStub(channel); + StreamObserver requestObserver = + asyncStub.setUpSession( + new StreamObserver() { + @Override + public void onNext(SessionResp resp) { + response = resp; + } + + @Override + public void onError(Throwable t) { + throw new RuntimeException(t); + } + + @Override + public void onCompleted() {} + }); + try { + requestObserver.onNext( + SessionReq.newBuilder() + .setGetTlsConfigurationReq( + GetTlsConfigurationReq.newBuilder() + .setConnectionSide(ConnectionSide.CONNECTION_SIDE_CLIENT)) + .build()); + } catch (RuntimeException e) { + // Cancel the RPC. + requestObserver.onError(e); + throw e; + } + // Mark the end of requests. + requestObserver.onCompleted(); + // Wait for receiving to happen. + } finally { + channel.shutdown(); + channel.awaitTermination(1, SECONDS); + executor.shutdown(); + executor.awaitTermination(1, SECONDS); + } + + SessionResp expected = + SessionResp.newBuilder() + .setGetTlsConfigurationResp( + GetTlsConfigurationResp.newBuilder() + .setClientTlsConfiguration( + GetTlsConfigurationResp.ClientTlsConfiguration.newBuilder() + .addCertificateChain(FakeWriter.LEAF_CERT) + .addCertificateChain(FakeWriter.EPOCH_CERT) + .addCertificateChain(FakeWriter.CONTEXT_CERT) + .setMinTlsVersion(TLSVersion.TLS_VERSION_1_3) + .setMaxTlsVersion(TLSVersion.TLS_VERSION_1_3) + .addCiphersuites( + Ciphersuite.CIPHERSUITE_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) + .addCiphersuites( + Ciphersuite.CIPHERSUITE_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384) + .addCiphersuites( + Ciphersuite.CIPHERSUITE_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256))) + .build(); + assertThat(response).ignoringRepeatedFieldOrder().isEqualTo(expected); + } + + @Test + public void callS2AServerOnce_validatePeerCertifiate_returnsValidResult() + throws InterruptedException { + ExecutorService executor = Executors.newSingleThreadExecutor(); + logger.info("Client connecting to: " + serverAddress); + ManagedChannel channel = + Grpc.newChannelBuilder(serverAddress, InsecureChannelCredentials.create()) + .executor(executor) + .build(); + + try { + S2AServiceGrpc.S2AServiceStub asyncStub = S2AServiceGrpc.newStub(channel); + StreamObserver requestObserver = + asyncStub.setUpSession( + new StreamObserver() { + @Override + public void onNext(SessionResp resp) { + response = resp; + } + + @Override + public void onError(Throwable t) { + throw new RuntimeException(t); + } + + @Override + public void onCompleted() {} + }); + try { + requestObserver.onNext( + SessionReq.newBuilder() + .setValidatePeerCertificateChainReq( + ValidatePeerCertificateChainReq.newBuilder() + .setMode(VerificationMode.UNSPECIFIED) + .setClientPeer( + ValidatePeerCertificateChainReq.ClientPeer.newBuilder() + .addAllCertificateChain(FAKE_CERT_DER_CHAIN))) + .build()); + } catch (RuntimeException e) { + // Cancel the RPC. + requestObserver.onError(e); + throw e; + } + // Mark the end of requests. + requestObserver.onCompleted(); + // Wait for receiving to happen. + } finally { + channel.shutdown(); + channel.awaitTermination(1, SECONDS); + executor.shutdown(); + executor.awaitTermination(1, SECONDS); + } + + SessionResp expected = + SessionResp.newBuilder() + .setValidatePeerCertificateChainResp( + ValidatePeerCertificateChainResp.newBuilder() + .setValidationResult(ValidatePeerCertificateChainResp.ValidationResult.SUCCESS)) + .build(); + assertThat(response).ignoringRepeatedFieldOrder().isEqualTo(expected); + } + + @Test + public void callS2AServerRepeatedly_returnsValidResult() throws InterruptedException { + final int numberOfRequests = 10; + ExecutorService executor = Executors.newSingleThreadExecutor(); + logger.info("Client connecting to: " + serverAddress); + ManagedChannel channel = + Grpc.newChannelBuilder(serverAddress, InsecureChannelCredentials.create()) + .executor(executor) + .build(); + + try { + S2AServiceGrpc.S2AServiceStub asyncStub = S2AServiceGrpc.newStub(channel); + CountDownLatch finishLatch = new CountDownLatch(1); + StreamObserver requestObserver = + asyncStub.setUpSession( + new StreamObserver() { + private int expectedNumberOfReplies = numberOfRequests; + + @Override + public void onNext(SessionResp reply) { + System.out.println("Received a message from the S2AService service."); + expectedNumberOfReplies -= 1; + } + + @Override + public void onError(Throwable t) { + finishLatch.countDown(); + if (expectedNumberOfReplies != 0) { + throw new RuntimeException(t); + } + } + + @Override + public void onCompleted() { + finishLatch.countDown(); + if (expectedNumberOfReplies != 0) { + throw new RuntimeException(); + } + } + }); + try { + for (int i = 0; i < numberOfRequests; i++) { + requestObserver.onNext(SessionReq.getDefaultInstance()); + } + } catch (RuntimeException e) { + // Cancel the RPC. + requestObserver.onError(e); + throw e; + } + // Mark the end of requests. + requestObserver.onCompleted(); + // Wait for receiving to happen. + if (!finishLatch.await(10, SECONDS)) { + throw new RuntimeException(); + } + } finally { + channel.shutdown(); + channel.awaitTermination(1, SECONDS); + executor.shutdown(); + executor.awaitTermination(1, SECONDS); + } + } + +} \ No newline at end of file diff --git a/s2a/src/test/java/io/grpc/s2a/handshaker/FakeWriter.java b/s2a/src/test/java/io/grpc/s2a/handshaker/FakeWriter.java new file mode 100644 index 000000000000..65abc77c84d4 --- /dev/null +++ b/s2a/src/test/java/io/grpc/s2a/handshaker/FakeWriter.java @@ -0,0 +1,347 @@ +/* + * Copyright 2024 The gRPC Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.grpc.s2a.handshaker; + +import static io.grpc.s2a.handshaker.TLSVersion.TLS_VERSION_1_3; + +import com.google.common.collect.ImmutableMap; +import com.google.errorprone.annotations.CanIgnoreReturnValue; +import com.google.protobuf.ByteString; +import io.grpc.stub.StreamObserver; +import java.io.IOException; +import java.security.KeyFactory; +import java.security.NoSuchAlgorithmException; +import java.security.PrivateKey; +import java.security.Signature; +import java.security.spec.InvalidKeySpecException; +import java.security.spec.PKCS8EncodedKeySpec; +import java.util.Base64; + +/** A fake Writer Class to mock the behavior of S2A server. */ +final class FakeWriter implements StreamObserver { + /** Fake behavior of S2A service. */ + enum Behavior { + OK_STATUS, + EMPTY_RESPONSE, + ERROR_STATUS, + ERROR_RESPONSE, + COMPLETE_STATUS + } + + enum VerificationResult { + UNSPECIFIED, + SUCCESS, + FAILURE + } + + public static final String LEAF_CERT = + "-----BEGIN CERTIFICATE-----\n" + + "MIICkDCCAjagAwIBAgIUSAtcrPhNNs1zxv51lIfGOVtkw6QwCgYIKoZIzj0EAwIw\n" + + "QTEXMBUGA1UECgwOc2VjdXJpdHktcmVhbG0xEDAOBgNVBAsMB2NvbnRleHQxFDAS\n" + + "BgorBgEEAdZ5AggBDAQyMDIyMCAXDTIzMDcxNDIyMzYwNFoYDzIwNTAxMTI5MjIz\n" + + "NjA0WjARMQ8wDQYDVQQDDAZ1bnVzZWQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC\n" + + "AAQGFlJpLxJMh4HuUm0DKjnUF7larH3tJvroQ12xpk+pPKQepn4ILoq9lZ8Xd3jz\n" + + "U98eDRXG5f4VjnX98DDHE4Ido4IBODCCATQwDgYDVR0PAQH/BAQDAgeAMCAGA1Ud\n" + + "JQEB/wQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMIGxBgNV\n" + + "HREBAf8EgaYwgaOGSnNwaWZmZTovL3NpZ25lci1yb2xlLmNvbnRleHQuc2VjdXJp\n" + + "dHktcmVhbG0ucHJvZC5nb29nbGUuY29tL3JvbGUvbGVhZi1yb2xlgjNzaWduZXIt\n" + + "cm9sZS5jb250ZXh0LnNlY3VyaXR5LXJlYWxtLnByb2Quc3BpZmZlLmdvb2eCIGZx\n" + + "ZG4tb2YtdGhlLW5vZGUucHJvZC5nb29nbGUuY29tMB0GA1UdDgQWBBSWSd5Fw6dI\n" + + "TGpt0m1Uxwf0iKqebzAfBgNVHSMEGDAWgBRm5agVVdpWfRZKM7u6OMuzHhqPcDAK\n" + + "BggqhkjOPQQDAgNIADBFAiB0sjRPSYy2eFq8Y0vQ8QN4AZ2NMajskvxnlifu7O4U\n" + + "RwIhANTh5Fkyx2nMYFfyl+W45dY8ODTw3HnlZ4b51hTAdkWl\n" + + "-----END CERTIFICATE-----"; + public static final String EPOCH_CERT = + "-----BEGIN CERTIFICATE-----\n" + + "MIICQjCCAeigAwIBAgIUKxXRDlnWXefNV5lj5CwhDuXEq7MwCgYIKoZIzj0EAwIw\n" + + "OzEXMBUGA1UECgwOc2VjdXJpdHktcmVhbG0xEDAOBgNVBAsMB2NvbnRleHQxDjAM\n" + + "BgNVBAMMBTEyMzQ1MCAXDTIzMDcxNDIyMzYwNFoYDzIwNTAxMTI5MjIzNjA0WjBB\n" + + "MRcwFQYDVQQKDA5zZWN1cml0eS1yZWFsbTEQMA4GA1UECwwHY29udGV4dDEUMBIG\n" + + "CisGAQQB1nkCCAEMBDIwMjIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAT/Zu7x\n" + + "UYVyg+T/vg2H+y4I6t36Kc4qxD0eqqZjRLYBVKkUQHxBqc14t0DpoROMYQCNd4DF\n" + + "pcxv/9m6DaJbRk6Ao4HBMIG+MA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAG\n" + + "AQH/AgEBMFgGA1UdHgEB/wROMEygSjA1gjNzaWduZXItcm9sZS5jb250ZXh0LnNl\n" + + "Y3VyaXR5LXJlYWxtLnByb2Quc3BpZmZlLmdvb2cwEYIPcHJvZC5nb29nbGUuY29t\n" + + "MB0GA1UdDgQWBBRm5agVVdpWfRZKM7u6OMuzHhqPcDAfBgNVHSMEGDAWgBQcjNAh\n" + + "SCHTj+BW8KrzSSLo2ASEgjAKBggqhkjOPQQDAgNIADBFAiEA6KyGd9VxXDZceMZG\n" + + "IsbC40rtunFjLYI0mjZw9RcRWx8CIHCIiIHxafnDaCi+VB99NZfzAdu37g6pJptB\n" + + "gjIY71MO\n" + + "-----END CERTIFICATE-----"; + public static final String CONTEXT_CERT = + "-----BEGIN CERTIFICATE-----\n" + + "MIICODCCAd6gAwIBAgIUXtZECORWRSKnS9rRTJYkiALUXswwCgYIKoZIzj0EAwIw\n" + + "NzEXMBUGA1UECgwOc2VjdXJpdHktcmVhbG0xDTALBgNVBAsMBHJvb3QxDTALBgNV\n" + + "BAMMBDEyMzQwIBcNMjMwNzE0MjIzNjA0WhgPMjA1MDExMjkyMjM2MDRaMDsxFzAV\n" + + "BgNVBAoMDnNlY3VyaXR5LXJlYWxtMRAwDgYDVQQLDAdjb250ZXh0MQ4wDAYDVQQD\n" + + "DAUxMjM0NTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAycVTZrjockbpD59f1a\n" + + "4l1SNL7nSyXz66Guz4eDveQqLmaMBg7vpACfO4CtiAGnolHEffuRtSkdM434m5En\n" + + "bXCjgcEwgb4wDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQIwWAYD\n" + + "VR0eAQH/BE4wTKBKMDWCM3NpZ25lci1yb2xlLmNvbnRleHQuc2VjdXJpdHktcmVh\n" + + "bG0ucHJvZC5zcGlmZmUuZ29vZzARgg9wcm9kLmdvb2dsZS5jb20wHQYDVR0OBBYE\n" + + "FByM0CFIIdOP4FbwqvNJIujYBISCMB8GA1UdIwQYMBaAFMX+vebuj/lYfYEC23IA\n" + + "8HoIW0HsMAoGCCqGSM49BAMCA0gAMEUCIQCfxeXEBd7UPmeImT16SseCRu/6cHxl\n" + + "kTDsq9sKZ+eXBAIgA+oViAVOUhUQO1/6Mjlczg8NmMy2vNtG4V/7g9dMMVU=\n" + + "-----END CERTIFICATE-----"; + + private static final String PRIVATE_KEY = + "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgqA2U0ld1OOHLMXWf" + + "uyN4GSaqhhudEIaKkll3rdIq0M+hRANCAAQGFlJpLxJMh4HuUm0DKjnUF7larH3t" + + "JvroQ12xpk+pPKQepn4ILoq9lZ8Xd3jzU98eDRXG5f4VjnX98DDHE4Id"; + private static final ImmutableMap + ALGORITHM_TO_SIGNATURE_INSTANCE_IDENTIFIER = + ImmutableMap.of( + SignatureAlgorithm.S2A_SSL_SIGN_ECDSA_SECP256R1_SHA256, + "SHA256withECDSA", + SignatureAlgorithm.S2A_SSL_SIGN_ECDSA_SECP384R1_SHA384, + "SHA384withECDSA", + SignatureAlgorithm.S2A_SSL_SIGN_ECDSA_SECP521R1_SHA512, + "SHA512withECDSA"); + + private boolean fakeWriterClosed = false; + private Behavior behavior = Behavior.OK_STATUS; + private StreamObserver reader; + private VerificationResult verificationResult = VerificationResult.UNSPECIFIED; + private String failureReason; + private PrivateKey privateKey; + + @CanIgnoreReturnValue + FakeWriter setReader(StreamObserver reader) { + this.reader = reader; + return this; + } + + @CanIgnoreReturnValue + FakeWriter setBehavior(Behavior behavior) { + this.behavior = behavior; + return this; + } + + @CanIgnoreReturnValue + FakeWriter setVerificationResult(VerificationResult verificationResult) { + this.verificationResult = verificationResult; + return this; + } + + @CanIgnoreReturnValue + FakeWriter setFailureReason(String failureReason) { + this.failureReason = failureReason; + return this; + } + + @CanIgnoreReturnValue + FakeWriter initializePrivateKey() throws InvalidKeySpecException, NoSuchAlgorithmException { + privateKey = + KeyFactory.getInstance("EC") + .generatePrivate(new PKCS8EncodedKeySpec(Base64.getDecoder().decode(PRIVATE_KEY))); + return this; + } + + @CanIgnoreReturnValue + FakeWriter resetPrivateKey() { + privateKey = null; + return this; + } + + void sendUnexpectedResponse() { + reader.onNext(SessionResp.getDefaultInstance()); + } + + void sendIoError() { + reader.onError(new IOException("Intended ERROR from FakeWriter.")); + } + + void sendGetTlsConfigResp() { + reader.onNext( + SessionResp.newBuilder() + .setGetTlsConfigurationResp( + GetTlsConfigurationResp.newBuilder() + .setClientTlsConfiguration( + GetTlsConfigurationResp.ClientTlsConfiguration.newBuilder() + .addCertificateChain(LEAF_CERT) + .addCertificateChain(EPOCH_CERT) + .addCertificateChain(CONTEXT_CERT) + .setMinTlsVersion(TLS_VERSION_1_3) + .setMaxTlsVersion(TLS_VERSION_1_3) + .addCiphersuites( + Ciphersuite.CIPHERSUITE_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) + .addCiphersuites( + Ciphersuite.CIPHERSUITE_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384) + .addCiphersuites( + Ciphersuite.CIPHERSUITE_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256))) + .build()); + } + + boolean isFakeWriterClosed() { + return fakeWriterClosed; + } + + @Override + public void onNext(SessionReq sessionReq) { + switch (behavior) { + case OK_STATUS: + reader.onNext(handleResponse(sessionReq)); + break; + case EMPTY_RESPONSE: + reader.onNext(SessionResp.getDefaultInstance()); + break; + case ERROR_STATUS: + reader.onNext( + SessionResp.newBuilder() + .setStatus( + Status.newBuilder() + .setCode(1) + .setDetails("Intended ERROR Status from FakeWriter.")) + .build()); + break; + case ERROR_RESPONSE: + reader.onError(new S2AConnectionException("Intended ERROR from FakeWriter.")); + break; + case COMPLETE_STATUS: + reader.onCompleted(); + break; + default: + reader.onNext(handleResponse(sessionReq)); + } + } + + SessionResp handleResponse(SessionReq sessionReq) { + if (sessionReq.hasGetTlsConfigurationReq()) { + return handleGetTlsConfigurationReq(sessionReq.getGetTlsConfigurationReq()); + } + + if (sessionReq.hasValidatePeerCertificateChainReq()) { + return handleValidatePeerCertificateChainReq(sessionReq.getValidatePeerCertificateChainReq()); + } + + if (sessionReq.hasOffloadPrivateKeyOperationReq()) { + return handleOffloadPrivateKeyOperationReq(sessionReq.getOffloadPrivateKeyOperationReq()); + } + + return SessionResp.newBuilder() + .setStatus( + Status.newBuilder().setCode(255).setDetails("No supported operation designated.")) + .build(); + } + + private SessionResp handleGetTlsConfigurationReq(GetTlsConfigurationReq req) { + if (!req.getConnectionSide().equals(ConnectionSide.CONNECTION_SIDE_CLIENT)) { + return SessionResp.newBuilder() + .setStatus( + Status.newBuilder() + .setCode(255) + .setDetails("No TLS configuration for the server side.")) + .build(); + } + return SessionResp.newBuilder() + .setGetTlsConfigurationResp( + GetTlsConfigurationResp.newBuilder() + .setClientTlsConfiguration( + GetTlsConfigurationResp.ClientTlsConfiguration.newBuilder() + .addCertificateChain(LEAF_CERT) + .addCertificateChain(EPOCH_CERT) + .addCertificateChain(CONTEXT_CERT) + .setMinTlsVersion(TLS_VERSION_1_3) + .setMaxTlsVersion(TLS_VERSION_1_3) + .addCiphersuites( + Ciphersuite.CIPHERSUITE_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) + .addCiphersuites( + Ciphersuite.CIPHERSUITE_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384) + .addCiphersuites( + Ciphersuite.CIPHERSUITE_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256))) + .build(); + } + + private SessionResp handleValidatePeerCertificateChainReq(ValidatePeerCertificateChainReq req) { + if (verifyValidatePeerCertificateChainReq(req) + && verificationResult == VerificationResult.SUCCESS) { + return SessionResp.newBuilder() + .setValidatePeerCertificateChainResp( + ValidatePeerCertificateChainResp.newBuilder() + .setValidationResult(ValidatePeerCertificateChainResp.ValidationResult.SUCCESS)) + .build(); + } + return SessionResp.newBuilder() + .setValidatePeerCertificateChainResp( + ValidatePeerCertificateChainResp.newBuilder() + .setValidationResult( + verificationResult == VerificationResult.FAILURE + ? ValidatePeerCertificateChainResp.ValidationResult.FAILURE + : ValidatePeerCertificateChainResp.ValidationResult.UNSPECIFIED) + .setValidationDetails(failureReason)) + .build(); + } + + private boolean verifyValidatePeerCertificateChainReq(ValidatePeerCertificateChainReq req) { + if (req.getMode() != ValidatePeerCertificateChainReq.VerificationMode.UNSPECIFIED) { + return false; + } + if (req.getClientPeer().getCertificateChainCount() > 0) { + return true; + } + if (req.getServerPeer().getCertificateChainCount() > 0 + && !req.getServerPeer().getServerHostname().isEmpty()) { + return true; + } + return false; + } + + private SessionResp handleOffloadPrivateKeyOperationReq(OffloadPrivateKeyOperationReq req) { + if (privateKey == null) { + return SessionResp.newBuilder() + .setStatus(Status.newBuilder().setCode(255).setDetails("No Private Key available.")) + .build(); + } + String signatureIdentifier = + ALGORITHM_TO_SIGNATURE_INSTANCE_IDENTIFIER.get(req.getSignatureAlgorithm()); + if (signatureIdentifier == null) { + return SessionResp.newBuilder() + .setStatus( + Status.newBuilder() + .setCode(255) + .setDetails("Only ECDSA key algorithms are supported.")) + .build(); + } + + byte[] signature; + try { + Signature sig = Signature.getInstance(signatureIdentifier); + sig.initSign(privateKey); + sig.update(req.getRawBytes().toByteArray()); + signature = sig.sign(); + } catch (Exception e) { + return SessionResp.newBuilder() + .setStatus(Status.newBuilder().setCode(255).setDetails(e.getMessage())) + .build(); + } + + return SessionResp.newBuilder() + .setOffloadPrivateKeyOperationResp( + OffloadPrivateKeyOperationResp.newBuilder().setOutBytes(ByteString.copyFrom(signature))) + .build(); + } + + @Override + public void onError(Throwable t) { + throw new UnsupportedOperationException("onError is not supported by FakeWriter."); + } + + @Override + public void onCompleted() { + fakeWriterClosed = true; + reader.onCompleted(); + } +} \ No newline at end of file diff --git a/s2a/src/test/java/io/grpc/s2a/handshaker/GetAuthenticationMechanismsTest.java b/s2a/src/test/java/io/grpc/s2a/handshaker/GetAuthenticationMechanismsTest.java new file mode 100644 index 000000000000..aea279ed8c53 --- /dev/null +++ b/s2a/src/test/java/io/grpc/s2a/handshaker/GetAuthenticationMechanismsTest.java @@ -0,0 +1,64 @@ +/* + * Copyright 2024 The gRPC Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.grpc.s2a.handshaker; + +import com.beust.jcommander.JCommander; +import com.google.common.truth.Expect; +import io.grpc.s2a.handshaker.S2AIdentity; +import io.grpc.s2a.handshaker.tokenmanager.SingleTokenFetcher; +import java.util.Optional; +import org.junit.BeforeClass; +import org.junit.Rule; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.JUnit4; + +/** Unit tests for {@link GetAuthenticationMechanisms}. */ +@RunWith(JUnit4.class) +public final class GetAuthenticationMechanismsTest { + @Rule public final Expect expect = Expect.create(); + private static final String TOKEN = "access_token"; + private static final String[] SET_TOKEN = {"--s2a_access_token", TOKEN}; + private static final SingleTokenFetcher.Flags FLAGS = new SingleTokenFetcher.Flags(); + + @BeforeClass + public static void setUpClass() { + // Set the token that the client will use to authenticate to the S2A. + JCommander.newBuilder().addObject(FLAGS).build().parse(SET_TOKEN); + } + + @Test + public void getAuthMechanisms_emptyIdentity_success() { + expect + .that(GetAuthenticationMechanisms.getAuthMechanism(Optional.empty())) + .isEqualTo( + Optional.of(AuthenticationMechanism.newBuilder().setToken("access_token").build())); + } + + @Test + public void getAuthMechanisms_nonEmptyIdentity_success() { + S2AIdentity fakeIdentity = S2AIdentity.fromSpiffeId("fake-spiffe-id"); + expect + .that(GetAuthenticationMechanisms.getAuthMechanism(Optional.of(fakeIdentity))) + .isEqualTo( + Optional.of( + AuthenticationMechanism.newBuilder() + .setIdentity(fakeIdentity.identity()) + .setToken("access_token") + .build())); + } +} \ No newline at end of file diff --git a/s2a/src/test/java/io/grpc/s2a/handshaker/ProtoUtilTest.java b/s2a/src/test/java/io/grpc/s2a/handshaker/ProtoUtilTest.java new file mode 100644 index 000000000000..0191398b6b7b --- /dev/null +++ b/s2a/src/test/java/io/grpc/s2a/handshaker/ProtoUtilTest.java @@ -0,0 +1,95 @@ +/* + * Copyright 2024 The gRPC Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.grpc.s2a.handshaker; + +import static org.junit.Assert.assertThrows; + +import com.google.common.truth.Expect; +import org.junit.Rule; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.JUnit4; + +/** Unit tests for {@link ProtoUtil}. */ +@RunWith(JUnit4.class) +public final class ProtoUtilTest { + @Rule public final Expect expect = Expect.create(); + + @Test + public void convertCiphersuite_success() { + expect + .that( + ProtoUtil.convertCiphersuite( + Ciphersuite.CIPHERSUITE_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)) + .isEqualTo("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"); + expect + .that( + ProtoUtil.convertCiphersuite( + Ciphersuite.CIPHERSUITE_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384)) + .isEqualTo("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"); + expect + .that( + ProtoUtil.convertCiphersuite( + Ciphersuite.CIPHERSUITE_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256)) + .isEqualTo("TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"); + expect + .that( + ProtoUtil.convertCiphersuite(Ciphersuite.CIPHERSUITE_ECDHE_RSA_WITH_AES_128_GCM_SHA256)) + .isEqualTo("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"); + expect + .that( + ProtoUtil.convertCiphersuite(Ciphersuite.CIPHERSUITE_ECDHE_RSA_WITH_AES_256_GCM_SHA384)) + .isEqualTo("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"); + expect + .that( + ProtoUtil.convertCiphersuite( + Ciphersuite.CIPHERSUITE_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256)) + .isEqualTo("TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"); + } + + @Test + public void convertCiphersuite_withUnspecifiedCiphersuite_fails() { + AssertionError expected = + assertThrows( + AssertionError.class, + () -> ProtoUtil.convertCiphersuite(Ciphersuite.CIPHERSUITE_UNSPECIFIED)); + expect.that(expected).hasMessageThat().isEqualTo("Ciphersuite 0 is not supported."); + } + + @Test + public void convertTlsProtocolVersion_success() { + expect + .that(ProtoUtil.convertTlsProtocolVersion(TLSVersion.TLS_VERSION_1_3)) + .isEqualTo("TLSv1.3"); + expect + .that(ProtoUtil.convertTlsProtocolVersion(TLSVersion.TLS_VERSION_1_2)) + .isEqualTo("TLSv1.2"); + expect + .that(ProtoUtil.convertTlsProtocolVersion(TLSVersion.TLS_VERSION_1_1)) + .isEqualTo("TLSv1.1"); + expect.that(ProtoUtil.convertTlsProtocolVersion(TLSVersion.TLS_VERSION_1_0)).isEqualTo("TLSv1"); + } + + @Test + public void convertTlsProtocolVersion_withUnknownTlsVersion_fails() { + AssertionError expected = + assertThrows( + AssertionError.class, + () -> ProtoUtil.convertTlsProtocolVersion(TLSVersion.TLS_VERSION_UNSPECIFIED)); + expect.that(expected).hasMessageThat().isEqualTo("TLS version 0 is not supported."); + } +} \ No newline at end of file diff --git a/s2a/src/test/java/io/grpc/s2a/handshaker/S2APrivateKeyMethodTest.java b/s2a/src/test/java/io/grpc/s2a/handshaker/S2APrivateKeyMethodTest.java new file mode 100644 index 000000000000..4024e8a6e361 --- /dev/null +++ b/s2a/src/test/java/io/grpc/s2a/handshaker/S2APrivateKeyMethodTest.java @@ -0,0 +1,308 @@ +/* + * Copyright 2024 The gRPC Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.grpc.s2a.handshaker; + +import static com.google.common.truth.Truth.assertThat; +import static java.nio.charset.StandardCharsets.UTF_8; +import static org.junit.Assert.assertThrows; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.verify; +import static org.mockito.Mockito.when; + +import com.google.common.truth.Expect; +import com.google.protobuf.ByteString; +import io.grpc.netty.GrpcSslContexts; +import io.grpc.s2a.handshaker.S2AIdentity; +import io.netty.handler.ssl.OpenSslPrivateKeyMethod; +import io.netty.handler.ssl.SslContextBuilder; +import java.io.ByteArrayInputStream; +import java.security.PublicKey; +import java.security.Signature; +import java.security.cert.CertificateFactory; +import java.security.cert.X509Certificate; +import java.util.Optional; +import org.junit.Before; +import org.junit.Rule; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.JUnit4; + +@RunWith(JUnit4.class) +public final class S2APrivateKeyMethodTest { + @Rule public final Expect expect = Expect.create(); + private static final byte[] DATA_TO_SIGN = "random bytes for signing.".getBytes(UTF_8); + + private S2AStub stub; + private FakeWriter writer; + private S2APrivateKeyMethod keyMethod; + + private static PublicKey extractPublicKeyFromPem(String pem) throws Exception { + X509Certificate cert = + (X509Certificate) + CertificateFactory.getInstance("X.509") + .generateCertificate(new ByteArrayInputStream(pem.getBytes(UTF_8))); + return cert.getPublicKey(); + } + + private static boolean verifySignature( + byte[] dataToSign, byte[] signature, String signatureAlgorithm) throws Exception { + Signature sig = Signature.getInstance(signatureAlgorithm); + sig.initVerify(extractPublicKeyFromPem(FakeWriter.LEAF_CERT)); + sig.update(dataToSign); + return sig.verify(signature); + } + + @Before + public void setUp() { + // This is line is to ensure that JNI correctly links the necessary objects. Without this, we + // get `java.lang.UnsatisfiedLinkError` on + // `io.netty.internal.tcnative.NativeStaticallyReferencedJniMethods.sslSignRsaPkcsSha1()` + GrpcSslContexts.configure(SslContextBuilder.forClient()); + + writer = new FakeWriter(); + stub = S2AStub.newInstanceForTesting(writer); + writer.setReader(stub.getReader()); + keyMethod = S2APrivateKeyMethod.create(stub, /* localIdentity= */ Optional.empty()); + } + + @Test + public void signatureAlgorithmConversion_success() { + expect + .that( + S2APrivateKeyMethod.convertOpenSslSignAlgToS2ASignAlg( + OpenSslPrivateKeyMethod.SSL_SIGN_RSA_PKCS1_SHA256)) + .isEqualTo(SignatureAlgorithm.S2A_SSL_SIGN_RSA_PKCS1_SHA256); + expect + .that( + S2APrivateKeyMethod.convertOpenSslSignAlgToS2ASignAlg( + OpenSslPrivateKeyMethod.SSL_SIGN_RSA_PKCS1_SHA384)) + .isEqualTo(SignatureAlgorithm.S2A_SSL_SIGN_RSA_PKCS1_SHA384); + expect + .that( + S2APrivateKeyMethod.convertOpenSslSignAlgToS2ASignAlg( + OpenSslPrivateKeyMethod.SSL_SIGN_RSA_PKCS1_SHA512)) + .isEqualTo(SignatureAlgorithm.S2A_SSL_SIGN_RSA_PKCS1_SHA512); + expect + .that( + S2APrivateKeyMethod.convertOpenSslSignAlgToS2ASignAlg( + OpenSslPrivateKeyMethod.SSL_SIGN_ECDSA_SECP256R1_SHA256)) + .isEqualTo(SignatureAlgorithm.S2A_SSL_SIGN_ECDSA_SECP256R1_SHA256); + expect + .that( + S2APrivateKeyMethod.convertOpenSslSignAlgToS2ASignAlg( + OpenSslPrivateKeyMethod.SSL_SIGN_ECDSA_SECP384R1_SHA384)) + .isEqualTo(SignatureAlgorithm.S2A_SSL_SIGN_ECDSA_SECP384R1_SHA384); + expect + .that( + S2APrivateKeyMethod.convertOpenSslSignAlgToS2ASignAlg( + OpenSslPrivateKeyMethod.SSL_SIGN_ECDSA_SECP521R1_SHA512)) + .isEqualTo(SignatureAlgorithm.S2A_SSL_SIGN_ECDSA_SECP521R1_SHA512); + expect + .that( + S2APrivateKeyMethod.convertOpenSslSignAlgToS2ASignAlg( + OpenSslPrivateKeyMethod.SSL_SIGN_RSA_PSS_RSAE_SHA256)) + .isEqualTo(SignatureAlgorithm.S2A_SSL_SIGN_RSA_PSS_RSAE_SHA256); + expect + .that( + S2APrivateKeyMethod.convertOpenSslSignAlgToS2ASignAlg( + OpenSslPrivateKeyMethod.SSL_SIGN_RSA_PSS_RSAE_SHA384)) + .isEqualTo(SignatureAlgorithm.S2A_SSL_SIGN_RSA_PSS_RSAE_SHA384); + expect + .that( + S2APrivateKeyMethod.convertOpenSslSignAlgToS2ASignAlg( + OpenSslPrivateKeyMethod.SSL_SIGN_RSA_PSS_RSAE_SHA512)) + .isEqualTo(SignatureAlgorithm.S2A_SSL_SIGN_RSA_PSS_RSAE_SHA512); + } + + @Test + public void signatureAlgorithmConversion_unsupportedOperation() { + UnsupportedOperationException e = + assertThrows( + UnsupportedOperationException.class, + () -> S2APrivateKeyMethod.convertOpenSslSignAlgToS2ASignAlg(-1)); + + assertThat(e).hasMessageThat().contains("Signature Algorithm -1 is not supported."); + } + + @Test + public void createOnNullStub_returnsNullPointerException() { + assertThrows( + NullPointerException.class, + () -> S2APrivateKeyMethod.create(/* stub= */ null, /* localIdentity= */ Optional.empty())); + } + + @Test + public void decrypt_unsupportedOperation() { + UnsupportedOperationException e = + assertThrows( + UnsupportedOperationException.class, + () -> keyMethod.decrypt(/* engine= */ null, DATA_TO_SIGN)); + + assertThat(e).hasMessageThat().contains("decrypt is not supported."); + } + + @Test + public void fakelocalIdentity_signWithSha256_success() throws Exception { + S2AIdentity fakeIdentity = S2AIdentity.fromSpiffeId("fake-spiffe-id"); + S2AStub mockStub = mock(S2AStub.class); + OpenSslPrivateKeyMethod keyMethodWithFakeIdentity = + S2APrivateKeyMethod.create(mockStub, Optional.of(fakeIdentity)); + SessionReq req = + SessionReq.newBuilder() + .setLocalIdentity(fakeIdentity.identity()) + .setOffloadPrivateKeyOperationReq( + OffloadPrivateKeyOperationReq.newBuilder() + .setOperation(OffloadPrivateKeyOperationReq.PrivateKeyOperation.SIGN) + .setSignatureAlgorithm(SignatureAlgorithm.S2A_SSL_SIGN_ECDSA_SECP256R1_SHA256) + .setRawBytes(ByteString.copyFrom(DATA_TO_SIGN))) + .build(); + byte[] expectedOutbytes = "fake out bytes".getBytes(UTF_8); + when(mockStub.send(req)) + .thenReturn( + SessionResp.newBuilder() + .setOffloadPrivateKeyOperationResp( + OffloadPrivateKeyOperationResp.newBuilder() + .setOutBytes(ByteString.copyFrom(expectedOutbytes))) + .build()); + + byte[] signature = + keyMethodWithFakeIdentity.sign( + /* engine= */ null, + OpenSslPrivateKeyMethod.SSL_SIGN_ECDSA_SECP256R1_SHA256, + DATA_TO_SIGN); + verify(mockStub).send(req); + assertThat(signature).isEqualTo(expectedOutbytes); + } + + @Test + public void signWithSha256_success() throws Exception { + writer.initializePrivateKey().setBehavior(FakeWriter.Behavior.OK_STATUS); + + byte[] signature = + keyMethod.sign( + /* engine= */ null, + OpenSslPrivateKeyMethod.SSL_SIGN_ECDSA_SECP256R1_SHA256, + DATA_TO_SIGN); + + assertThat(signature).isNotEmpty(); + assertThat(verifySignature(DATA_TO_SIGN, signature, "SHA256withECDSA")).isTrue(); + } + + @Test + public void signWithSha384_success() throws Exception { + writer.initializePrivateKey().setBehavior(FakeWriter.Behavior.OK_STATUS); + + byte[] signature = + keyMethod.sign( + /* engine= */ null, + OpenSslPrivateKeyMethod.SSL_SIGN_ECDSA_SECP384R1_SHA384, + DATA_TO_SIGN); + + assertThat(signature).isNotEmpty(); + assertThat(verifySignature(DATA_TO_SIGN, signature, "SHA384withECDSA")).isTrue(); + } + + @Test + public void signWithSha512_success() throws Exception { + writer.initializePrivateKey().setBehavior(FakeWriter.Behavior.OK_STATUS); + + byte[] signature = + keyMethod.sign( + /* engine= */ null, + OpenSslPrivateKeyMethod.SSL_SIGN_ECDSA_SECP521R1_SHA512, + DATA_TO_SIGN); + + assertThat(signature).isNotEmpty(); + assertThat(verifySignature(DATA_TO_SIGN, signature, "SHA512withECDSA")).isTrue(); + } + + @Test + public void sign_noKeyAvailable() throws Exception { + writer.resetPrivateKey().setBehavior(FakeWriter.Behavior.OK_STATUS); + + S2AConnectionException e = + assertThrows( + S2AConnectionException.class, + () -> + keyMethod.sign( + /* engine= */ null, + OpenSslPrivateKeyMethod.SSL_SIGN_ECDSA_SECP256R1_SHA256, + DATA_TO_SIGN)); + + assertThat(e) + .hasMessageThat() + .contains( + "Error occurred in response from S2A, error code: 255, error message: \"No Private Key" + + " available.\"."); + } + + @Test + public void sign_algorithmNotSupported() throws Exception { + writer.initializePrivateKey().setBehavior(FakeWriter.Behavior.OK_STATUS); + + S2AConnectionException e = + assertThrows( + S2AConnectionException.class, + () -> + keyMethod.sign( + /* engine= */ null, + OpenSslPrivateKeyMethod.SSL_SIGN_RSA_PKCS1_SHA256, + DATA_TO_SIGN)); + + assertThat(e) + .hasMessageThat() + .contains( + "Error occurred in response from S2A, error code: 255, error message: \"Only ECDSA key" + + " algorithms are supported.\"."); + } + + @Test + public void sign_getsErrorResponse() throws Exception { + writer.initializePrivateKey().setBehavior(FakeWriter.Behavior.ERROR_STATUS); + + S2AConnectionException e = + assertThrows( + S2AConnectionException.class, + () -> + keyMethod.sign( + /* engine= */ null, + OpenSslPrivateKeyMethod.SSL_SIGN_ECDSA_SECP256R1_SHA256, + DATA_TO_SIGN)); + + assertThat(e) + .hasMessageThat() + .contains( + "Error occurred in response from S2A, error code: 1, error message: \"Intended ERROR" + + " Status from FakeWriter.\"."); + } + + @Test + public void sign_getsEmptyResponse() throws Exception { + writer.initializePrivateKey().setBehavior(FakeWriter.Behavior.EMPTY_RESPONSE); + + S2AConnectionException e = + assertThrows( + S2AConnectionException.class, + () -> + keyMethod.sign( + /* engine= */ null, + OpenSslPrivateKeyMethod.SSL_SIGN_ECDSA_SECP256R1_SHA256, + DATA_TO_SIGN)); + + assertThat(e).hasMessageThat().contains("No valid response received from S2A."); + } +} \ No newline at end of file diff --git a/s2a/src/test/java/io/grpc/s2a/handshaker/S2AProtocolNegotiatorFactoryTest.java b/s2a/src/test/java/io/grpc/s2a/handshaker/S2AProtocolNegotiatorFactoryTest.java new file mode 100644 index 000000000000..82db6d4a1448 --- /dev/null +++ b/s2a/src/test/java/io/grpc/s2a/handshaker/S2AProtocolNegotiatorFactoryTest.java @@ -0,0 +1,267 @@ +/* + * Copyright 2024 The gRPC Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.grpc.s2a.handshaker; + +import static com.google.common.truth.Truth.assertThat; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.verify; + +import com.google.common.testing.NullPointerTester; +import com.google.common.testing.NullPointerTester.Visibility; +import io.grpc.Channel; +import io.grpc.Grpc; +import io.grpc.InsecureChannelCredentials; +import io.grpc.ManagedChannel; +import io.grpc.Server; +import io.grpc.ServerBuilder; +import io.grpc.benchmarks.Utils; +import io.grpc.internal.ObjectPool; +import io.grpc.internal.SharedResourcePool; +import io.grpc.internal.TestUtils.NoopChannelLogger; +import io.grpc.netty.GrpcHttp2ConnectionHandler; +import io.grpc.netty.InternalProtocolNegotiator; +import io.grpc.netty.InternalProtocolNegotiator.ProtocolNegotiator; +import io.grpc.s2a.channel.S2AChannelPool; +import io.grpc.s2a.channel.S2AGrpcChannelPool; +import io.grpc.s2a.channel.S2AHandshakerServiceChannel; +import io.grpc.s2a.handshaker.S2AIdentity; +import io.grpc.s2a.handshaker.S2AProtocolNegotiatorFactory.S2AProtocolNegotiator; +import io.grpc.stub.StreamObserver; +import io.netty.channel.ChannelDuplexHandler; +import io.netty.channel.ChannelHandler; +import io.netty.channel.ChannelHandlerContext; +import io.netty.channel.ChannelPromise; +import io.netty.handler.codec.http2.Http2ConnectionDecoder; +import io.netty.handler.codec.http2.Http2ConnectionEncoder; +import io.netty.handler.codec.http2.Http2Settings; +import io.netty.util.AsciiString; +import java.util.Optional; +import java.util.concurrent.ExecutorService; +import java.util.concurrent.Executors; +import org.checkerframework.checker.nullness.qual.Nullable; +import org.junit.After; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.JUnit4; + +/** Unit tests for {@link S2AProtocolNegotiatorFactory}. */ +@RunWith(JUnit4.class) +public class S2AProtocolNegotiatorFactoryTest { + private static final S2AIdentity LOCAL_IDENTITY = S2AIdentity.fromSpiffeId("local identity"); + private final ChannelHandlerContext mockChannelHandlerContext = mock(ChannelHandlerContext.class); + private GrpcHttp2ConnectionHandler fakeConnectionHandler; + private String authority; + private int port; + private Server fakeS2AServer; + private ObjectPool channelPool; + + @Before + public void setUp() throws Exception { + port = Utils.pickUnusedPort(); + fakeS2AServer = ServerBuilder.forPort(port).addService(new S2AServiceImpl()).build(); + fakeS2AServer.start(); + channelPool = new FakeChannelPool(); + authority = "localhost:" + port; + fakeConnectionHandler = FakeConnectionHandler.create(authority); + } + + @After + public void tearDown() { + fakeS2AServer.shutdown(); + } + + @Test + public void createProtocolNegotiatorFactory_nullArgument() throws Exception { + NullPointerTester tester = new NullPointerTester().setDefault(Optional.class, Optional.empty()); + + tester.testStaticMethods(S2AProtocolNegotiatorFactory.class, Visibility.PUBLIC); + } + + @Test + public void createProtocolNegotiator_nullArgument() throws Exception { + S2AChannelPool pool = + S2AGrpcChannelPool.create( + SharedResourcePool.forResource( + S2AHandshakerServiceChannel.getChannelResource( + "localhost:8080", /* s2aChannelCredentials= */ Optional.empty()))); + + NullPointerTester tester = + new NullPointerTester() + .setDefault(S2AChannelPool.class, pool) + .setDefault(Optional.class, Optional.empty()); + + tester.testStaticMethods(S2AProtocolNegotiator.class, Visibility.PACKAGE); + } + + @Test + public void createProtocolNegotiatorFactory_getsDefaultPort_succeeds() throws Exception { + InternalProtocolNegotiator.ClientFactory clientFactory = + S2AProtocolNegotiatorFactory.createClientFactory(Optional.of(LOCAL_IDENTITY), channelPool); + + assertThat(clientFactory.getDefaultPort()).isEqualTo(S2AProtocolNegotiatorFactory.DEFAULT_PORT); + } + + @Test + public void s2aProtocolNegotiator_getHostNameOnNull_returnsNull() throws Exception { + assertThat(S2AProtocolNegotiatorFactory.S2AProtocolNegotiator.getHostNameFromAuthority(null)) + .isNull(); + } + + @Test + public void s2aProtocolNegotiator_getHostNameOnValidAuthority_returnsValidHostname() + throws Exception { + assertThat( + S2AProtocolNegotiatorFactory.S2AProtocolNegotiator.getHostNameFromAuthority( + "hostname:80")) + .isEqualTo("hostname"); + } + + @Test + public void createProtocolNegotiatorFactory_buildsAnS2AProtocolNegotiatorOnClientSide_succeeds() + throws Exception { + InternalProtocolNegotiator.ClientFactory clientFactory = + S2AProtocolNegotiatorFactory.createClientFactory(Optional.of(LOCAL_IDENTITY), channelPool); + + ProtocolNegotiator clientNegotiator = clientFactory.newNegotiator(); + + assertThat(clientNegotiator).isInstanceOf(S2AProtocolNegotiator.class); + assertThat(clientNegotiator.scheme()).isEqualTo(AsciiString.of("https")); + } + + @Test + public void closeProtocolNegotiator_verifyProtocolNegotiatorIsClosedOnClientSide() + throws Exception { + InternalProtocolNegotiator.ClientFactory clientFactory = + S2AProtocolNegotiatorFactory.createClientFactory(Optional.of(LOCAL_IDENTITY), channelPool); + ProtocolNegotiator clientNegotiator = clientFactory.newNegotiator(); + + clientNegotiator.close(); + + assertThat(((FakeChannelPool) channelPool).isChannelCached()).isFalse(); + } + + @Test + public void createChannelHandler_addHandlerToMockContext() throws Exception { + ExecutorService executor = Executors.newSingleThreadExecutor(); + ManagedChannel channel = + Grpc.newChannelBuilder(authority, InsecureChannelCredentials.create()) + .executor(executor) + .build(); + FakeS2AChannelPool fakeChannelPool = new FakeS2AChannelPool(channel); + ProtocolNegotiator clientNegotiator = + S2AProtocolNegotiatorFactory.S2AProtocolNegotiator.createForClient( + fakeChannelPool, Optional.of(LOCAL_IDENTITY)); + + ChannelHandler channelHandler = clientNegotiator.newHandler(fakeConnectionHandler); + + ((ChannelDuplexHandler) channelHandler).userEventTriggered(mockChannelHandlerContext, "event"); + verify(mockChannelHandlerContext).fireUserEventTriggered("event"); + } + + /** A {@link S2AChannelPool} that returns the given channel. */ + private static class FakeS2AChannelPool implements S2AChannelPool { + private final Channel channel; + + FakeS2AChannelPool(Channel channel) { + this.channel = channel; + } + + @Override + public Channel getChannel() { + return channel; + } + + @Override + public void returnChannel(Channel channel) {} + + @Override + public void close() {} + } + + /** A {@code GrpcHttp2ConnectionHandler} that does nothing. */ + private static class FakeConnectionHandler extends GrpcHttp2ConnectionHandler { + private static final Http2ConnectionDecoder DECODER = mock(Http2ConnectionDecoder.class); + private static final Http2ConnectionEncoder ENCODER = mock(Http2ConnectionEncoder.class); + private static final Http2Settings SETTINGS = new Http2Settings(); + private final String authority; + + static FakeConnectionHandler create(String authority) { + return new FakeConnectionHandler(null, DECODER, ENCODER, SETTINGS, authority); + } + + private FakeConnectionHandler( + ChannelPromise channelUnused, + Http2ConnectionDecoder decoder, + Http2ConnectionEncoder encoder, + Http2Settings initialSettings, + String authority) { + super(channelUnused, decoder, encoder, initialSettings, new NoopChannelLogger()); + this.authority = authority; + } + + @Override + public String getAuthority() { + return authority; + } + } + + /** An S2A server that handles GetTlsConfiguration request. */ + private static class S2AServiceImpl extends S2AServiceGrpc.S2AServiceImplBase { + static final FakeWriter writer = new FakeWriter(); + + @Override + public StreamObserver setUpSession(StreamObserver responseObserver) { + return new StreamObserver() { + @Override + public void onNext(SessionReq req) { + responseObserver.onNext(writer.handleResponse(req)); + } + + @Override + public void onError(Throwable t) {} + + @Override + public void onCompleted() {} + }; + } + } + + private static class FakeChannelPool implements ObjectPool { + private final Channel mockChannel = mock(Channel.class); + private @Nullable Channel cachedChannel = null; + + @Override + public Channel getObject() { + if (cachedChannel == null) { + cachedChannel = mockChannel; + } + return cachedChannel; + } + + @Override + public Channel returnObject(Object object) { + assertThat(object).isSameInstanceAs(mockChannel); + cachedChannel = null; + return null; + } + + public boolean isChannelCached() { + return (cachedChannel != null); + } + } +} \ No newline at end of file diff --git a/s2a/src/test/java/io/grpc/s2a/handshaker/S2AStubTest.java b/s2a/src/test/java/io/grpc/s2a/handshaker/S2AStubTest.java new file mode 100644 index 000000000000..a6ff7ffd2101 --- /dev/null +++ b/s2a/src/test/java/io/grpc/s2a/handshaker/S2AStubTest.java @@ -0,0 +1,260 @@ +/* + * Copyright 2024 The gRPC Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.grpc.s2a.handshaker; + +import static com.google.common.truth.Truth.assertThat; +import static com.google.common.truth.extensions.proto.ProtoTruth.assertThat; +import static org.junit.Assert.assertThrows; + +import com.google.common.truth.Expect; +import io.grpc.internal.SharedResourcePool; +import io.grpc.s2a.channel.S2AChannelPool; +import io.grpc.s2a.channel.S2AGrpcChannelPool; +import io.grpc.s2a.channel.S2AHandshakerServiceChannel; +import io.grpc.stub.StreamObserver; +import java.io.IOException; +import java.util.Optional; +import org.junit.Before; +import org.junit.Rule; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.JUnit4; + +/** Unit tests for {@link S2AStub}. */ +@RunWith(JUnit4.class) +public class S2AStubTest { + @Rule public final Expect expect = Expect.create(); + private static final String S2A_ADDRESS = "localhost:8080"; + private S2AStub stub; + private FakeWriter writer; + + @Before + public void setUp() { + writer = new FakeWriter(); + stub = S2AStub.newInstanceForTesting(writer); + writer.setReader(stub.getReader()); + } + + @Test + public void send_receiveOkStatus() throws Exception { + S2AChannelPool channelPool = + S2AGrpcChannelPool.create( + SharedResourcePool.forResource( + S2AHandshakerServiceChannel.getChannelResource( + S2A_ADDRESS, /* s2aChannelCredentials= */ Optional.empty()))); + S2AServiceGrpc.S2AServiceStub serviceStub = S2AServiceGrpc.newStub(channelPool.getChannel()); + S2AStub newStub = S2AStub.newInstance(serviceStub); + + IOException expected = + assertThrows(IOException.class, () -> newStub.send(SessionReq.getDefaultInstance())); + + assertThat(expected).hasMessageThat().contains("UNAVAILABLE"); + } + + @Test + public void send_clientTlsConfiguration_receiveOkStatus() throws Exception { + SessionReq req = + SessionReq.newBuilder() + .setGetTlsConfigurationReq( + GetTlsConfigurationReq.newBuilder() + .setConnectionSide(ConnectionSide.CONNECTION_SIDE_CLIENT)) + .build(); + + SessionResp resp = stub.send(req); + + SessionResp expected = + SessionResp.newBuilder() + .setGetTlsConfigurationResp( + GetTlsConfigurationResp.newBuilder() + .setClientTlsConfiguration( + GetTlsConfigurationResp.ClientTlsConfiguration.newBuilder() + .addCertificateChain(FakeWriter.LEAF_CERT) + .addCertificateChain(FakeWriter.EPOCH_CERT) + .addCertificateChain(FakeWriter.CONTEXT_CERT) + .setMinTlsVersion(TLSVersion.TLS_VERSION_1_3) + .setMaxTlsVersion(TLSVersion.TLS_VERSION_1_3) + .addCiphersuites( + Ciphersuite.CIPHERSUITE_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) + .addCiphersuites( + Ciphersuite.CIPHERSUITE_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384) + .addCiphersuites( + Ciphersuite.CIPHERSUITE_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256))) + .build(); + assertThat(resp).ignoringRepeatedFieldOrder().isEqualTo(expected); + } + + @Test + public void send_serverTlsConfiguration_receiveErrorStatus() throws Exception { + SessionReq req = + SessionReq.newBuilder() + .setGetTlsConfigurationReq( + GetTlsConfigurationReq.newBuilder() + .setConnectionSide(ConnectionSide.CONNECTION_SIDE_SERVER)) + .build(); + + SessionResp resp = stub.send(req); + + SessionResp expected = + SessionResp.newBuilder() + .setStatus( + Status.newBuilder() + .setCode(255) + .setDetails("No TLS configuration for the server side.")) + .build(); + assertThat(resp).isEqualTo(expected); + } + + @Test + public void send_receiveErrorStatus() throws Exception { + writer.setBehavior(FakeWriter.Behavior.ERROR_STATUS); + + SessionResp resp = stub.send(SessionReq.getDefaultInstance()); + + SessionResp expected = + SessionResp.newBuilder() + .setStatus( + Status.newBuilder().setCode(1).setDetails("Intended ERROR Status from FakeWriter.")) + .build(); + assertThat(resp).isEqualTo(expected); + } + + @Test + public void send_receiveErrorResponse() throws InterruptedException { + writer.setBehavior(FakeWriter.Behavior.ERROR_RESPONSE); + + IOException expected = + assertThrows(IOException.class, () -> stub.send(SessionReq.getDefaultInstance())); + + expect.that(expected).hasCauseThat().isInstanceOf(RuntimeException.class); + expect.that(expected).hasMessageThat().contains("Intended ERROR from FakeWriter."); + } + + @Test + public void send_receiveCompleteStatus() throws Exception { + writer.setBehavior(FakeWriter.Behavior.COMPLETE_STATUS); + + ConnectionIsClosedException expected = + assertThrows( + ConnectionIsClosedException.class, () -> stub.send(SessionReq.getDefaultInstance())); + + assertThat(expected).hasMessageThat().contains("Reading from the S2A is complete."); + } + + @Test + public void send_receiveUnexpectedResponse() throws Exception { + writer.sendIoError(); + + IOException expected = + assertThrows(IOException.class, () -> stub.send(SessionReq.getDefaultInstance())); + + assertThat(expected) + .hasMessageThat() + .contains( + "Received an unexpected response from a host at the S2A's address. The S2A might be" + + " unavailable."); + } + + @Test + public void send_receiveManyUnexpectedResponse_expectResponsesEmpty() throws Exception { + writer.sendIoError(); + writer.sendIoError(); + writer.sendIoError(); + + IOException expected = + assertThrows(IOException.class, () -> stub.send(SessionReq.getDefaultInstance())); + + assertThat(expected) + .hasMessageThat() + .contains( + "Received an unexpected response from a host at the S2A's address. The S2A might be" + + " unavailable."); + + assertThat(stub.getResponses()).isEmpty(); + } + + @Test + public void send_receiveDelayedResponse() throws Exception { + writer.sendGetTlsConfigResp(); + SessionResp resp = stub.send(SessionReq.getDefaultInstance()); + SessionResp expected = + SessionResp.newBuilder() + .setGetTlsConfigurationResp( + GetTlsConfigurationResp.newBuilder() + .setClientTlsConfiguration( + GetTlsConfigurationResp.ClientTlsConfiguration.newBuilder() + .addCertificateChain(FakeWriter.LEAF_CERT) + .addCertificateChain(FakeWriter.EPOCH_CERT) + .addCertificateChain(FakeWriter.CONTEXT_CERT) + .setMinTlsVersion(TLSVersion.TLS_VERSION_1_3) + .setMaxTlsVersion(TLSVersion.TLS_VERSION_1_3) + .addCiphersuites( + Ciphersuite.CIPHERSUITE_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) + .addCiphersuites( + Ciphersuite.CIPHERSUITE_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384) + .addCiphersuites( + Ciphersuite.CIPHERSUITE_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256))) + .build(); + assertThat(resp).ignoringRepeatedFieldOrder().isEqualTo(expected); + } + + @Test + public void send_afterEarlyClose_receivesClosedException() throws InterruptedException { + stub.close(); + expect.that(writer.isFakeWriterClosed()).isTrue(); + + ConnectionIsClosedException expected = + assertThrows( + ConnectionIsClosedException.class, () -> stub.send(SessionReq.getDefaultInstance())); + + assertThat(expected).hasMessageThat().contains("Stream to the S2A is closed."); + } + + @Test + public void send_failToWrite() throws Exception { + FailWriter failWriter = new FailWriter(); + stub = S2AStub.newInstanceForTesting(failWriter); + + IOException expected = + assertThrows(IOException.class, () -> stub.send(SessionReq.getDefaultInstance())); + + expect.that(expected).hasCauseThat().isInstanceOf(S2AConnectionException.class); + expect + .that(expected) + .hasCauseThat() + .hasMessageThat() + .isEqualTo("Could not send request to S2A."); + } + + /** Fails whenever a write is attempted. */ + private static class FailWriter implements StreamObserver { + @Override + public void onNext(SessionReq req) { + assertThat(req).isNotNull(); + throw new S2AConnectionException("Could not send request to S2A."); + } + + @Override + public void onError(Throwable t) { + assertThat(t).isInstanceOf(S2AConnectionException.class); + } + + @Override + public void onCompleted() { + throw new UnsupportedOperationException(); + } + } +} \ No newline at end of file diff --git a/s2a/src/test/java/io/grpc/s2a/handshaker/S2ATrustManagerTest.java b/s2a/src/test/java/io/grpc/s2a/handshaker/S2ATrustManagerTest.java new file mode 100644 index 000000000000..384e1aba5ccb --- /dev/null +++ b/s2a/src/test/java/io/grpc/s2a/handshaker/S2ATrustManagerTest.java @@ -0,0 +1,262 @@ +/* + * Copyright 2024 The gRPC Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.grpc.s2a.handshaker; + +import static com.google.common.truth.Truth.assertThat; +import static org.junit.Assert.assertThrows; + +import io.grpc.s2a.handshaker.S2AIdentity; +import java.io.ByteArrayInputStream; +import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; +import java.security.cert.X509Certificate; +import java.util.Base64; +import java.util.Optional; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.JUnit4; + +@RunWith(JUnit4.class) +public final class S2ATrustManagerTest { + private S2AStub stub; + private FakeWriter writer; + private static final String FAKE_HOSTNAME = "Fake-Hostname"; + private static final String CLIENT_CERT_PEM = + "MIICKjCCAc+gAwIBAgIUC2GShcVO+5Zkml+7VO3OQ+B2c7EwCgYIKoZIzj0EAwIw" + + "HzEdMBsGA1UEAwwUcm9vdGNlcnQuZXhhbXBsZS5jb20wIBcNMjMwMTI2MTk0OTUx" + + "WhgPMjA1MDA2MTMxOTQ5NTFaMB8xHTAbBgNVBAMMFGxlYWZjZXJ0LmV4YW1wbGUu" + + "Y29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEeciYZgFAZjxyzTrklCRIWpad" + + "8wkyCZQzJSf0IfNn9NKtfzL2V/blteULO0o9Da8e2Avaj+XCKfFTc7salMo/waOB" + + "5jCB4zAOBgNVHQ8BAf8EBAMCB4AwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwIGCCsG" + + "AQUFBwMBMAwGA1UdEwEB/wQCMAAwYQYDVR0RBFowWIYic3BpZmZlOi8vZm9vLnBy" + + "b2QuZ29vZ2xlLmNvbS9wMS9wMoIUZm9vLnByb2Quc3BpZmZlLmdvb2eCHG1hY2hp" + + "bmUtbmFtZS5wcm9kLmdvb2dsZS5jb20wHQYDVR0OBBYEFETY6Cu/aW924nfvUrOs" + + "yXCC1hrpMB8GA1UdIwQYMBaAFJLkXGlTYKISiGd+K/Ijh4IOEpHBMAoGCCqGSM49" + + "BAMCA0kAMEYCIQCZDW472c1/4jEOHES/88X7NTqsYnLtIpTjp5PZ62z3sAIhAN1J" + + "vxvbxt9ySdFO+cW7oLBEkCwUicBhxJi5VfQeQypT"; + + @Before + public void setUp() { + writer = new FakeWriter(); + stub = S2AStub.newInstanceForTesting(writer); + writer.setReader(stub.getReader()); + } + + @Test + public void createForClient_withNullStub_throwsError() { + NullPointerException expected = + assertThrows( + NullPointerException.class, + () -> + S2ATrustManager.createForClient( + /* stub= */ null, FAKE_HOSTNAME, /* localIdentity= */ Optional.empty())); + + assertThat(expected).hasMessageThat().isNull(); + } + + @Test + public void createForClient_withNullHostname_throwsError() { + NullPointerException expected = + assertThrows( + NullPointerException.class, + () -> + S2ATrustManager.createForClient( + stub, /* hostname= */ null, /* localIdentity= */ Optional.empty())); + + assertThat(expected).hasMessageThat().isNull(); + } + + @Test + public void getAcceptedIssuers_returnsExpectedNullResult() { + S2ATrustManager trustManager = + S2ATrustManager.createForClient(stub, FAKE_HOSTNAME, /* localIdentity= */ Optional.empty()); + + assertThat(trustManager.getAcceptedIssuers()).isNull(); + } + + @Test + public void checkClientTrusted_withEmptyCertificateChain_throwsException() + throws CertificateException { + writer.setVerificationResult(FakeWriter.VerificationResult.SUCCESS); + S2ATrustManager trustManager = + S2ATrustManager.createForClient(stub, FAKE_HOSTNAME, /* localIdentity= */ Optional.empty()); + + IllegalArgumentException expected = + assertThrows( + IllegalArgumentException.class, + () -> trustManager.checkClientTrusted(new X509Certificate[] {}, /* authType= */ "")); + + assertThat(expected).hasMessageThat().contains("Certificate chain has zero certificates."); + } + + @Test + public void checkServerTrusted_withEmptyCertificateChain_throwsException() + throws CertificateException { + writer.setVerificationResult(FakeWriter.VerificationResult.SUCCESS); + S2ATrustManager trustManager = + S2ATrustManager.createForClient(stub, FAKE_HOSTNAME, /* localIdentity= */ Optional.empty()); + + IllegalArgumentException expected = + assertThrows( + IllegalArgumentException.class, + () -> trustManager.checkServerTrusted(new X509Certificate[] {}, /* authType= */ "")); + + assertThat(expected).hasMessageThat().contains("Certificate chain has zero certificates."); + } + + @Test + public void checkClientTrusted_getsSuccessResponse() throws CertificateException { + writer.setVerificationResult(FakeWriter.VerificationResult.SUCCESS); + S2ATrustManager trustManager = + S2ATrustManager.createForClient(stub, FAKE_HOSTNAME, /* localIdentity= */ Optional.empty()); + + // Expect no exception. + trustManager.checkClientTrusted(getCerts(), /* authType= */ ""); + } + + @Test + public void checkClientTrusted_withLocalIdentity_getsSuccessResponse() + throws CertificateException { + writer.setVerificationResult(FakeWriter.VerificationResult.SUCCESS); + S2ATrustManager trustManager = + S2ATrustManager.createForClient( + stub, FAKE_HOSTNAME, Optional.of(S2AIdentity.fromSpiffeId("fake-spiffe-id"))); + + // Expect no exception. + trustManager.checkClientTrusted(getCerts(), /* authType= */ ""); + } + + @Test + public void checkServerTrusted_getsSuccessResponse() throws CertificateException { + writer.setVerificationResult(FakeWriter.VerificationResult.SUCCESS); + S2ATrustManager trustManager = + S2ATrustManager.createForClient(stub, FAKE_HOSTNAME, /* localIdentity= */ Optional.empty()); + + // Expect no exception. + trustManager.checkServerTrusted(getCerts(), /* authType= */ ""); + } + + @Test + public void checkServerTrusted_withLocalIdentity_getsSuccessResponse() + throws CertificateException { + writer.setVerificationResult(FakeWriter.VerificationResult.SUCCESS); + S2ATrustManager trustManager = + S2ATrustManager.createForClient( + stub, FAKE_HOSTNAME, Optional.of(S2AIdentity.fromSpiffeId("fake-spiffe-id"))); + + // Expect no exception. + trustManager.checkServerTrusted(getCerts(), /* authType= */ ""); + } + + @Test + public void checkClientTrusted_getsIntendedFailureResponse() throws CertificateException { + writer + .setVerificationResult(FakeWriter.VerificationResult.FAILURE) + .setFailureReason("Intended failure."); + S2ATrustManager trustManager = + S2ATrustManager.createForClient(stub, FAKE_HOSTNAME, /* localIdentity= */ Optional.empty()); + + CertificateException expected = + assertThrows( + CertificateException.class, + () -> trustManager.checkClientTrusted(getCerts(), /* authType= */ "")); + + assertThat(expected).hasMessageThat().contains("Intended failure."); + } + + @Test + public void checkClientTrusted_getsIntendedFailureStatusInResponse() throws CertificateException { + writer.setBehavior(FakeWriter.Behavior.ERROR_STATUS); + S2ATrustManager trustManager = + S2ATrustManager.createForClient(stub, FAKE_HOSTNAME, /* localIdentity= */ Optional.empty()); + + CertificateException expected = + assertThrows( + CertificateException.class, + () -> trustManager.checkClientTrusted(getCerts(), /* authType= */ "")); + + assertThat(expected).hasMessageThat().contains("Error occurred in response from S2A"); + } + + @Test + public void checkClientTrusted_getsIntendedFailureFromServer() throws CertificateException { + writer.setBehavior(FakeWriter.Behavior.ERROR_RESPONSE); + S2ATrustManager trustManager = + S2ATrustManager.createForClient(stub, FAKE_HOSTNAME, /* localIdentity= */ Optional.empty()); + + CertificateException expected = + assertThrows( + CertificateException.class, + () -> trustManager.checkClientTrusted(getCerts(), /* authType= */ "")); + + assertThat(expected).hasMessageThat().isEqualTo("Failed to send request to S2A."); + } + + @Test + public void checkServerTrusted_getsIntendedFailureResponse() throws CertificateException { + writer + .setVerificationResult(FakeWriter.VerificationResult.FAILURE) + .setFailureReason("Intended failure."); + S2ATrustManager trustManager = + S2ATrustManager.createForClient(stub, FAKE_HOSTNAME, /* localIdentity= */ Optional.empty()); + + CertificateException expected = + assertThrows( + CertificateException.class, + () -> trustManager.checkServerTrusted(getCerts(), /* authType= */ "")); + + assertThat(expected).hasMessageThat().contains("Intended failure."); + } + + @Test + public void checkServerTrusted_getsIntendedFailureStatusInResponse() throws CertificateException { + writer.setBehavior(FakeWriter.Behavior.ERROR_STATUS); + S2ATrustManager trustManager = + S2ATrustManager.createForClient(stub, FAKE_HOSTNAME, /* localIdentity= */ Optional.empty()); + + CertificateException expected = + assertThrows( + CertificateException.class, + () -> trustManager.checkServerTrusted(getCerts(), /* authType= */ "")); + + assertThat(expected).hasMessageThat().contains("Error occurred in response from S2A"); + } + + @Test + public void checkServerTrusted_getsIntendedFailureFromServer() throws CertificateException { + writer.setBehavior(FakeWriter.Behavior.ERROR_RESPONSE); + S2ATrustManager trustManager = + S2ATrustManager.createForClient(stub, FAKE_HOSTNAME, /* localIdentity= */ Optional.empty()); + + CertificateException expected = + assertThrows( + CertificateException.class, + () -> trustManager.checkServerTrusted(getCerts(), /* authType= */ "")); + + assertThat(expected).hasMessageThat().isEqualTo("Failed to send request to S2A."); + } + + private X509Certificate[] getCerts() throws CertificateException { + byte[] decoded = Base64.getDecoder().decode(CLIENT_CERT_PEM); + return new X509Certificate[] { + (X509Certificate) + CertificateFactory.getInstance("X.509") + .generateCertificate(new ByteArrayInputStream(decoded)) + }; + } +} \ No newline at end of file diff --git a/s2a/src/test/java/io/grpc/s2a/handshaker/SslContextFactoryTest.java b/s2a/src/test/java/io/grpc/s2a/handshaker/SslContextFactoryTest.java new file mode 100644 index 000000000000..c33fd820e4cc --- /dev/null +++ b/s2a/src/test/java/io/grpc/s2a/handshaker/SslContextFactoryTest.java @@ -0,0 +1,173 @@ +/* + * Copyright 2024 The gRPC Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.grpc.s2a.handshaker; + +import static com.google.common.truth.Truth.assertThat; +import static org.junit.Assert.assertThrows; + +import com.google.common.truth.Expect; +import io.grpc.s2a.handshaker.S2AIdentity; +import io.netty.handler.ssl.OpenSslSessionContext; +import io.netty.handler.ssl.SslContext; +import java.security.GeneralSecurityException; +import java.util.Optional; +import javax.net.ssl.SSLSessionContext; +import org.junit.Before; +import org.junit.Rule; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.JUnit4; + +/** Unit tests for {@link SslContextFactory}. */ +@RunWith(JUnit4.class) +public final class SslContextFactoryTest { + @Rule public final Expect expect = Expect.create(); + private static final String FAKE_TARGET_NAME = "fake_target_name"; + private S2AStub stub; + private FakeWriter writer; + + @Before + public void setUp() { + writer = new FakeWriter(); + stub = S2AStub.newInstanceForTesting(writer); + writer.setReader(stub.getReader()); + } + + @Test + public void createForClient_returnsValidSslContext() throws Exception { + SslContext sslContext = + SslContextFactory.createForClient( + stub, FAKE_TARGET_NAME, /* localIdentity= */ Optional.empty()); + + expect.that(sslContext).isNotNull(); + expect.that(sslContext.sessionCacheSize()).isEqualTo(1); + expect.that(sslContext.sessionTimeout()).isEqualTo(300); + expect.that(sslContext.isClient()).isTrue(); + expect.that(sslContext.applicationProtocolNegotiator().protocols()).containsExactly("h2"); + expect + .that(sslContext.cipherSuites()) + .containsExactly( + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", + "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"); + SSLSessionContext sslSessionContext = sslContext.sessionContext(); + if (sslSessionContext instanceof OpenSslSessionContext) { + OpenSslSessionContext openSslSessionContext = (OpenSslSessionContext) sslSessionContext; + expect.that(openSslSessionContext.isSessionCacheEnabled()).isFalse(); + } + } + + @Test + public void createForClient_withLocalIdentity_returnsValidSslContext() throws Exception { + SslContext sslContext = + SslContextFactory.createForClient( + stub, FAKE_TARGET_NAME, Optional.of(S2AIdentity.fromSpiffeId("fake-spiffe-id"))); + + expect.that(sslContext).isNotNull(); + expect.that(sslContext.sessionCacheSize()).isEqualTo(1); + expect.that(sslContext.sessionTimeout()).isEqualTo(300); + expect.that(sslContext.isClient()).isTrue(); + expect.that(sslContext.applicationProtocolNegotiator().protocols()).containsExactly("h2"); + expect + .that(sslContext.cipherSuites()) + .containsExactly( + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", + "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"); + SSLSessionContext sslSessionContext = sslContext.sessionContext(); + if (sslSessionContext instanceof OpenSslSessionContext) { + OpenSslSessionContext openSslSessionContext = (OpenSslSessionContext) sslSessionContext; + expect.that(openSslSessionContext.isSessionCacheEnabled()).isFalse(); + } + } + + @Test + public void createForClient_returnsEmptyResponse_error() throws Exception { + writer.setBehavior(FakeWriter.Behavior.EMPTY_RESPONSE); + + S2AConnectionException expected = + assertThrows( + S2AConnectionException.class, + () -> + SslContextFactory.createForClient( + stub, FAKE_TARGET_NAME, /* localIdentity= */ Optional.empty())); + + assertThat(expected) + .hasMessageThat() + .contains("Response from S2A server does NOT contain ClientTlsConfiguration."); + } + + @Test + public void createForClient_returnsErrorStatus_error() throws Exception { + writer.setBehavior(FakeWriter.Behavior.ERROR_STATUS); + + S2AConnectionException expected = + assertThrows( + S2AConnectionException.class, + () -> + SslContextFactory.createForClient( + stub, FAKE_TARGET_NAME, /* localIdentity= */ Optional.empty())); + + assertThat(expected).hasMessageThat().contains("Intended ERROR Status from FakeWriter."); + } + + @Test + public void createForClient_getsErrorFromServer_throwsError() throws Exception { + writer.sendIoError(); + + GeneralSecurityException expected = + assertThrows( + GeneralSecurityException.class, + () -> + SslContextFactory.createForClient( + stub, FAKE_TARGET_NAME, /* localIdentity= */ Optional.empty())); + + assertThat(expected) + .hasMessageThat() + .contains("Failed to get client TLS configuration from S2A."); + } + + @Test + public void createForClient_nullStub_throwsError() throws Exception { + writer.sendUnexpectedResponse(); + + NullPointerException expected = + assertThrows( + NullPointerException.class, + () -> + SslContextFactory.createForClient( + /* stub= */ null, FAKE_TARGET_NAME, /* localIdentity= */ Optional.empty())); + + assertThat(expected).hasMessageThat().isEqualTo("stub should not be null."); + } + + @Test + public void createForClient_nullTargetName_throwsError() throws Exception { + writer.sendUnexpectedResponse(); + + NullPointerException expected = + assertThrows( + NullPointerException.class, + () -> + SslContextFactory.createForClient( + stub, /* targetName= */ null, /* localIdentity= */ Optional.empty())); + + assertThat(expected) + .hasMessageThat() + .isEqualTo("targetName should not be null on client side."); + } +} \ No newline at end of file diff --git a/s2a/src/test/java/io/grpc/s2a/handshaker/tokenmanager/SingleTokenAccessTokenManagerTest.java b/s2a/src/test/java/io/grpc/s2a/handshaker/tokenmanager/SingleTokenAccessTokenManagerTest.java new file mode 100644 index 000000000000..806e412b784d --- /dev/null +++ b/s2a/src/test/java/io/grpc/s2a/handshaker/tokenmanager/SingleTokenAccessTokenManagerTest.java @@ -0,0 +1,74 @@ +/* + * Copyright 2024 The gRPC Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.grpc.s2a.handshaker.tokenmanager; + +import static com.google.common.truth.Truth.assertThat; + +import com.beust.jcommander.JCommander; +import io.grpc.s2a.handshaker.S2AIdentity; +import java.util.Optional; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.JUnit4; + +@RunWith(JUnit4.class) +public final class SingleTokenAccessTokenManagerTest { + private static final S2AIdentity IDENTITY = S2AIdentity.fromSpiffeId("spiffe_id"); + private static final String TOKEN = "token"; + private static final String[] SET_TOKEN = {"--s2a_access_token", TOKEN}; + private static final SingleTokenFetcher.Flags FLAGS = new SingleTokenFetcher.Flags(); + + @Before + public void setUp() { + FLAGS.reset(); + } + + @Test + public void getDefaultToken_success() throws Exception { + JCommander.newBuilder().addObject(FLAGS).build().parse(SET_TOKEN); + Optional manager = AccessTokenManager.create(); + assertThat(manager).isPresent(); + assertThat(manager.get().getDefaultToken()).isEqualTo(TOKEN); + } + + @Test + public void getToken_success() throws Exception { + JCommander.newBuilder().addObject(FLAGS).build().parse(SET_TOKEN); + Optional manager = AccessTokenManager.create(); + assertThat(manager).isPresent(); + assertThat(manager.get().getToken(IDENTITY)).isEqualTo(TOKEN); + } + + @Test + public void getToken_noEnvironmentVariable() throws Exception { + assertThat(SingleTokenFetcher.create()).isEmpty(); + } + + @Test + public void create_success() throws Exception { + JCommander.newBuilder().addObject(FLAGS).build().parse(SET_TOKEN); + Optional manager = AccessTokenManager.create(); + assertThat(manager).isPresent(); + assertThat(manager.get().getToken(IDENTITY)).isEqualTo(TOKEN); + } + + @Test + public void create_noEnvironmentVariable() throws Exception { + assertThat(AccessTokenManager.create()).isEmpty(); + } +} \ No newline at end of file diff --git a/s2a/src/test/resources/README.md b/s2a/src/test/resources/README.md new file mode 100644 index 000000000000..009010154448 --- /dev/null +++ b/s2a/src/test/resources/README.md @@ -0,0 +1,31 @@ +# Generating certificates and keys for testing mTLS-S2A + +Content from: https://github.com/google/s2a-go/blob/main/testdata/README.md + +Create root CA + +``` +openssl req -x509 -sha256 -days 7305 -newkey rsa:2048 -keyout root_key.pem -out +root_cert.pem +``` + +Generate private keys for server and client + +``` +openssl genrsa -out server_key.pem 2048 +openssl genrsa -out client_key.pem 2048 +``` + +Generate CSRs for server and client + +``` +openssl req -key server_key.pem -new -out server.csr -config config.cnf +openssl req -key client_key.pem -new -out client.csr -config config.cnf +``` + +Sign CSRs for server and client + +``` +openssl x509 -req -CA root_cert.pem -CAkey root_key.pem -in server.csr -out server_cert.pem -days 7305 -extfile config.cnf -extensions req_ext +openssl x509 -req -CA root_cert.pem -CAkey root_key.pem -in client.csr -out client_cert.pem -days 7305 +``` \ No newline at end of file diff --git a/s2a/src/test/resources/client.csr b/s2a/src/test/resources/client.csr new file mode 100644 index 000000000000..664f5a4cf86e --- /dev/null +++ b/s2a/src/test/resources/client.csr @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIChzCCAW8CAQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEAoSS3KtFgiXX4vAUNscFGIB/r2OOMgiZMKHz72dN0 +5kSxwdpQxpMIhwEoe0lhHNfOiuE7/r6VbGG9RGGIcQcoSonc3InPRfpnzfj9KohJ +i8pYkLL9EwElAEl9sWnvVKTza8jTApDP2Z/fntBEsWAMsLPpuRZT6tgN1sXe4vNG +4wufJSxuImyCVAx1fkZjRkYEKOtm1osnEDng4R0WXZ6S+q5lYzYPk1wxgbjdZu2U +fWxP6V63SphV0NFXTx0E401j2h258cIqTVj8lRX6dfl9gO0d43Rd+hSU7R4iXGEw +arixuH9g5H745AFf9H52twHPcNP9cEKBljBpSV5z3MvTkQIDAQABoC4wLAYJKoZI +hvcNAQkOMR8wHTAbBgNVHREEFDAShxAAAAAAAAAAAAAAAAAAAAAAMA0GCSqGSIb3 +DQEBCwUAA4IBAQCQHim3aIpGJs5u6JhEA07Rwm8YKyVALDEklhsHILlFhdNr2uV7 +S+3bHV79mDGjxNWvFcgK5h5ENkT60tXbhbie1gYmFT0RMCYHDsL09NGTh8G9Bbdl +UKeA9DMhRSYzE7Ks3Lo1dJvX7OAEI0qV77dGpQknufYpmHiBXuqtB9I0SpYi1c4O +9IUn/NY0yiYFPsIEsVRz/1dK97wazusLnijaMwNNhUc9bJwTyujhlr+b8ioPyADG +e+GDF97d0nQ8806DOJF4GTRKwaXD+R5zN5t4ULhZ7ERqLNeE9EnWRe4CvSGvBoNA +hIVeYaLd761Z9ZKvOnsgCr8qvMDilDFY6OfB +-----END CERTIFICATE REQUEST----- \ No newline at end of file diff --git a/s2a/src/test/resources/client_cert.pem b/s2a/src/test/resources/client_cert.pem new file mode 100644 index 000000000000..b72f6991c912 --- /dev/null +++ b/s2a/src/test/resources/client_cert.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC9DCCAdwCFB+cDXee2sIHjdlBhdNpTo+G2XAjMA0GCSqGSIb3DQEBCwUAMFkx +CzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRl +cm5ldCBXaWRnaXRzIFB0eSBMdGQxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0yMzEw +MTcyMzA5MDNaFw00MzEwMTcyMzA5MDNaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKEktyrRYIl1+LwFDbHBRiAf +69jjjIImTCh8+9nTdOZEscHaUMaTCIcBKHtJYRzXzorhO/6+lWxhvURhiHEHKEqJ +3NyJz0X6Z834/SqISYvKWJCy/RMBJQBJfbFp71Sk82vI0wKQz9mf357QRLFgDLCz +6bkWU+rYDdbF3uLzRuMLnyUsbiJsglQMdX5GY0ZGBCjrZtaLJxA54OEdFl2ekvqu +ZWM2D5NcMYG43WbtlH1sT+let0qYVdDRV08dBONNY9odufHCKk1Y/JUV+nX5fYDt +HeN0XfoUlO0eIlxhMGq4sbh/YOR++OQBX/R+drcBz3DT/XBCgZYwaUlec9zL05EC +AwEAATANBgkqhkiG9w0BAQsFAAOCAQEARorc1t2OJnwm1lxhf2KpTpNvNOI9FJak +iSHz/MxhMdu4BG/dQHkKkWoVC6W2Kaimx4OImBwRlGEmGf4P0bXOLSTOumk2k1np +ZUbw7Z2cJzvBmT2BLoHRXcBvbFIBW5DJUSHR37eXEKP57BeD+Og4/3XhNzehSpTX +DRd2Ix/D39JjYA462nqPHQP8HDMf6+0BFmvf9ZRYmFucccYQRCUCKDqb8+wGf9W6 +tKNRE6qPG2jpAQ9qkgO7XuucbLvpywt5xj+yDRbOIq43l40mHaz4lRp697oaxjP8 +HSVcMydW3cluoW3AVInNIaqbM1dr6931MllK62DKipFtmCycq/56XA== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/s2a/src/test/resources/client_key.pem b/s2a/src/test/resources/client_key.pem new file mode 100644 index 000000000000..dd3e2ff78f10 --- /dev/null +++ b/s2a/src/test/resources/client_key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQChJLcq0WCJdfi8 +BQ2xwUYgH+vY44yCJkwofPvZ03TmRLHB2lDGkwiHASh7SWEc186K4Tv+vpVsYb1E +YYhxByhKidzcic9F+mfN+P0qiEmLyliQsv0TASUASX2xae9UpPNryNMCkM/Zn9+e +0ESxYAyws+m5FlPq2A3Wxd7i80bjC58lLG4ibIJUDHV+RmNGRgQo62bWiycQOeDh +HRZdnpL6rmVjNg+TXDGBuN1m7ZR9bE/pXrdKmFXQ0VdPHQTjTWPaHbnxwipNWPyV +Ffp1+X2A7R3jdF36FJTtHiJcYTBquLG4f2DkfvjkAV/0fna3Ac9w0/1wQoGWMGlJ +XnPcy9ORAgMBAAECggEALAUqoGDIHWUDyOEch5WDwZzWwc4PgTJTFbBm4G96fLkB +UjKAZG6gIrk3RM6b39Q4UQoMaJ/Jk+zzVi3Kpw3MfOhCVGC1JamtF8BP8IGAjdZ9 +8TFkHv/uCrEIzCFjRt00vhoDQq0qiom4/dppGYdikBbl3zDxRbM1vJkbNSY+FCGW +dA0uJ5XdMLR6lPeB5odqjUggnfUgPCOLdV/F+HkSM9NP1bzmHLiKznzwFsfat139 +7LdzJwNN5IX4Io6cxsxNlrX/NNvPkKdGv07Z6FYxWROyKCunjh48xFcQg0ltoRuq +R9P8/LwS8GYrcc1uC/uBc0e6VgM9D9fsvh+8SQtf3QKBgQDXX+z2GnsFoEs7xv9U +qN0HEX4jOkihZvFu43layUmeCeE8wlEctJ0TsM5Bd7FMoUG6e5/btwhsAIYW89Xn +l/R8OzxR6Kh952Dce4DAULuIeopiw7ASJwTZtO9lWhxw0hjM1hxXTG+xxOqQvsRX +c+d+vtvdIqyJ4ELfzg9kUtkdpwKBgQC/ig3cmej7dQdRAMn0YAwgwhuLkCqVFh4y +WIlqyPPejKf8RXubqgtaSYx/T7apP87SMMSfSLaUdrYAGjST6k+tG5cmwutPIbw/ +osL7U3hcIhjX3hfHgI69Ojcpplbd5yqTxZHpxIs6iAQCEqNuasLXIDMouqNhGF1D +YssD6qxcBwKBgQCdZqWvVrsB6ZwSG+UO4jpmqAofhMD/9FQOToCqMOF0dpP966WL +7RO/CEA06FzTPCblOuQhlyq4g8l7jMiPcSZkhIYY9oftO+Q2Pqxh4J6tp6DrfUh4 +e7u3v9wVnj2a1nD5gqFDy8D1kow7LLAhmbtdje7xNh4SxasaFWZ6U3IJkQKBgGS1 +F5i3q9IatCAZBBZjMb0/kfANevYsTPA3sPjec6q91c1EUzuDarisFx0RMn9Gt124 +mokNWEIzMHpZTO/AsOfZq92LeuF+YVYsI8y1FIGMw/csJOCWbXZ812gkt2OxGafc +p118I6BAx6q3VgrGQ2+M1JlDmIeCofa+SPPkPX+dAoGBAJrOgEJ+oyEaX/YR1g+f +33pWoPQbRCG7T4+Y0oetCCWIcMg1/IUvGUCGmRDxj5dMqB+a0vJtviQN9rjpSuNS +0EVw79AJkIjHhi6KDOfAuyBvzGhxpqxGufnQ2GU0QL65NxQfd290xkxikN0ZGtuB +SDgZoJxMOGYwf8EX5i9h27Db +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/s2a/src/test/resources/config.cnf b/s2a/src/test/resources/config.cnf new file mode 100644 index 000000000000..38d9a9ccdb09 --- /dev/null +++ b/s2a/src/test/resources/config.cnf @@ -0,0 +1,17 @@ +[req] +distinguished_name = req_distinguished_name +req_extensions = req_ext + +[req_distinguished_name] +countryName = Country Name (2 letter code) +stateOrProvinceName = State or Province Name (full name) +localityName = Locality Name (eg, city) +organizationalUnitName = Organizational Unit Name (eg, section) +commonName = Common Name (eg, your name or your server\'s hostname) +emailAddress = Email Address + +[req_ext] +subjectAltName = @alt_names + +[alt_names] +IP.1 = :: \ No newline at end of file diff --git a/s2a/src/test/resources/root_cert.pem b/s2a/src/test/resources/root_cert.pem new file mode 100644 index 000000000000..737e601691c8 --- /dev/null +++ b/s2a/src/test/resources/root_cert.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDkzCCAnugAwIBAgIUb7RsINwsFgKf0Q0RuzfOgp48j6UwDQYJKoZIhvcNAQEL +BQAwWTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM +GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDESMBAGA1UEAwwJbG9jYWxob3N0MB4X +DTIzMTAxNzIzMDczOFoXDTQzMTAxNzIzMDczOFowWTELMAkGA1UEBhMCQVUxEzAR +BgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5 +IEx0ZDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAkIFnQLuhzYnm3rvmi/U7zMgEP2Tqgb3VC00frSXEV6olZcLgyC9g +0DAGdt9l9lP90DQTG5KCOtoW2BTqM/aaVpR0OaDFOCy90FIj6YyZLZ9w2PQxQcxS +GQHyEvWszTkNxeDyG1mPTj+Go8JLKqdvLg/9GUgPg6stxyAZwYhyUTGuEM4bv0sn +b3vmHRmIGJ/w6aLtd7nK8LkNHa3WVrbvRGHrzdMHfpzF/M/5fAk8GfRYugo39knf +VLKGyQCXNI8Y1iHGEmPqQZIFPTjBL6caIlbEV0VHlxoSOGB6JVxcllxAEvd6abqX +RJVJPQzzGfEnMNYp9SiZQ9bvDRUsUkWyYwIDAQABo1MwUTAdBgNVHQ4EFgQUAZMN +F9JAGHbA3jGOeu6bWFvSdWkwHwYDVR0jBBgwFoAUAZMNF9JAGHbA3jGOeu6bWFvS +dWkwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAicBli36ISJFu +lrJqOHVqTeNP6go0I35VGnP44nEEP5cBvRD3XntBFEk5D3mSNNOGt+2ncxom8VR9 +FsLuTfHAipXePJI6MSxFuBPea8V/YPBs3npk5f1FRvJ5vEgtzFvBjsKmp1dS9hH0 +KUWtWcsAkO2Anc/LVc0xxSidL8NjzYoEFqiki0TNNwCJjmd9XwnBLHW38sEb/pgy +KTyRpOyG3Zg2UDjBHiXPBrmIvVFLB6+LrPNvfr1k4HjIgVY539ZXUvVMDKytMrDY +h63EMDn4kkPpxXlufgWGybjN5D51OylyWBZLe+L1DQyWEg0Vd7GwPzb6p7bmI7MP +pooqbgbDpQ== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/s2a/src/test/resources/root_key.pem b/s2a/src/test/resources/root_key.pem new file mode 100644 index 000000000000..aae992426d7f --- /dev/null +++ b/s2a/src/test/resources/root_key.pem @@ -0,0 +1,30 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQInmQVkXP3TFcCAggA +MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECGeCAVH1pefxBIIEyD3Nj1Dy19oy +fogU+z8YBLXuSCx8s3zncYPF9nYlegGSSo0ace/WxfPu8AEPus1P2MxlxfcCQ1A+ +5+vMihtEpgpTg9R4RlLAWs45jz4AduGiwqW05+W5zgDn6g7p7HIL0+M5FxKRkAW0 +KEH4Jy8Vc1XQxkhOm1Q4NLI8PT94rcBDE9Od03sdrW/hQgaOFz5AWOlT5jF1uUOz +glF1RQQxfJygTB6qlPTC3BAaiAnWij3NOg5L5vvUhjLa7iOZOhRQBRkf4YtHsM+2 +rFy8Z7MeHOvrqFf8LXosNy3JreQW036rLGR0Xh5myATkNrEwA8df37AgLUmwqyfz +hjZefPW77LgMAXlaN8s345AGikOX8yQKEFzPV/Nag32p6t4oiRRcUUfdB4wzKi6T +mzZ6lKcGR3qqL4V6lJSV3I2fmgkYZnUwymolyu+1+CVYDLuE53TBi5dRXwgOghi7 +npw7PqqQCian8yxHF9c1rYukD0ov0/y8ratjOu9XoJG2/wWQJNvDkAyc3mSJf+3y +6Wtu1qhLszU8pZOGW0fK6bGyHSp+wkoah/vRzB0+yFjvuMIG6py2ZDQeqhqS3ZV2 +nZHHjj0tZ45Wbdf4k17ujEK34pFXluPH//zADnd6ym2W0t6x+jtqR5tYu3poORQg +jFgpudkn2RUSq8N/gIiHDwblYBxU2dmyzEVudv1zNgVSHyetGLxsFoNB7Prn89rJ +u24a/xtuCyC2pshWo3KiL74hkkCsC8rLbEAAbADheb35b+Ca3JnMwgyUHbHL6Hqf +EiVIgm14lB/1uz651X58Boo6tDFkgrxEtGDUIZm8yk2n0tGflp7BtYbMCw+7gqhb +XN4hlhFDcCJm8peXcyCtGajOnBuNO9JJDNYor6QjptaIpQBFb7/0rc7kyO12BIUv +F9mrCHF18Hd/9AtUO93+tyDAnL64Jqq9tUv8dOVtIfbcHXZSYHf24l0XAiKByb8y +9NQLUZkIuF4aUZVHV8ZBDdHNqjzqVglKQlGHdw1XBexSal5pC9HvknOmWBgl0aza +flzeTRPX7TPrMJDE5lgSy58czGpvZzhFYwOp6cwpfjNsiqdzD78Zs0xsRbNg519s +d+cLmbiU3plWCoYCuDb68eZRRzT+o41+QJG2PoMCpzPw5wMLl6HuW7HXMRFpZKJc +tPKpeTIzb8hjhA+TwVIVpTPHvvQehtTUQD2mRujdvNM6PF8tnuC3F3sB3PTjeeJg +uzfEfs3BynRTIj/gX6y87gzwsrwWIEN6U0cCbQ6J1EcgdQCiH8vbhIgfd4DkLgLN +Kkif+fI/HgBOqaiwSw3sHmWgB6PllVQOKH6qAiejTHR/UUvJTPvgKJFLunmBiF12 +N1bRge1sSXE1eLKVdi+dP1j0o6RxhaRrbX7ie3y/wYHwCJnb8h08DEprgCqoswFs +SuNKmvlibBHAsnOdhyCTOd9I5n8XzAUUp6mT+C5WDfl7qfYvh6IHFlSrhZ9aS9b6 +RY873cnphKbqU5d7Cr8Ufx4b4SgS+hEnuP8y5IToLQ3BONGQH2lu7nmd89wjW0uo +IMRXybwf/5FnKhEy8Aw+pD6AxiXC3DZVTKl3SHmjkYBDvNElsJVgygVTKgbOa1Z+ +ovIK/D7QV7Nv3uVortH8XA== +-----END ENCRYPTED PRIVATE KEY----- \ No newline at end of file diff --git a/s2a/src/test/resources/server.csr b/s2a/src/test/resources/server.csr new file mode 100644 index 000000000000..1657b1911334 --- /dev/null +++ b/s2a/src/test/resources/server.csr @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIChzCCAW8CAQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEAlPThqu8tfJ4hQKRiUw/vNPfo2L2LQU8NlrRL7rvV +71E345LGK1h/hM3MHp5VgEvaaIibb0hSNv/TYz3HVCQyNuPlcmkHZTJ9mB0icilU +rYWdM0LPIg46iThmIQVhMiNfpMKQLDLQ7o3Jktjm32OxnQdtYSV+7NFnw8/0pB4j +iaiBYfZIMeGzEJIOFG8GSNJG0pfCI71DyLRonIcb2XzfeDPHeWSF7lbIoMGAuKIE +2mXpwHmAjTMJzIShSgLqCvmbz7wR3ZeVMknXcgcqMmagGphy8SjizIWC5KRbrnRq +F22Ouxdat6scIevRXGp5nYawFYdpK9qo+82gEouVX3dtSQIDAQABoC4wLAYJKoZI +hvcNAQkOMR8wHTAbBgNVHREEFDAShxAAAAAAAAAAAAAAAAAAAAAAMA0GCSqGSIb3 +DQEBCwUAA4IBAQB2qU354OlNVunhZhiOFNwabovxLcgKoQz+GtJ2EzsMEza+NPvV +dttPxXzqL/U+gDghvGzSYGuh2yMfTTPO+XtZKpvMUmIWonN5jItbFwSTaWcoE8Qs +zFZokRuFJ9dy017u642mpdf6neUzjbfCjWs8+3jyFzWlkrMF3RlSTxPuksWjhXsX +dxxLNu8YWcsYRB3fODHqrlBNuDn+9kb9z8to+yq76MA0HtdDkjd/dfgghiTDJhqm +IcwhBXufwQUrOP4YiuiwM0mo7Xlhw65gnSmRcwR9ha98SV2zG5kiRYE+m+94bDbd +kGBRfhpQSzh1w09cVzmLgzkfxRShEB+bb9Ss +-----END CERTIFICATE REQUEST----- \ No newline at end of file diff --git a/s2a/src/test/resources/server_cert.pem b/s2a/src/test/resources/server_cert.pem new file mode 100644 index 000000000000..10a98cf5c217 --- /dev/null +++ b/s2a/src/test/resources/server_cert.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDWjCCAkKgAwIBAgIUMZkgD5gtoa39H9jdI/ijVkyxC/swDQYJKoZIhvcNAQEL +BQAwWTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM +GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDESMBAGA1UEAwwJbG9jYWxob3N0MB4X +DTIzMTAxNzIzMDg1M1oXDTQzMTAxNzIzMDg1M1owFDESMBAGA1UEAwwJbG9jYWxo +b3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlPThqu8tfJ4hQKRi +Uw/vNPfo2L2LQU8NlrRL7rvV71E345LGK1h/hM3MHp5VgEvaaIibb0hSNv/TYz3H +VCQyNuPlcmkHZTJ9mB0icilUrYWdM0LPIg46iThmIQVhMiNfpMKQLDLQ7o3Jktjm +32OxnQdtYSV+7NFnw8/0pB4jiaiBYfZIMeGzEJIOFG8GSNJG0pfCI71DyLRonIcb +2XzfeDPHeWSF7lbIoMGAuKIE2mXpwHmAjTMJzIShSgLqCvmbz7wR3ZeVMknXcgcq +MmagGphy8SjizIWC5KRbrnRqF22Ouxdat6scIevRXGp5nYawFYdpK9qo+82gEouV +X3dtSQIDAQABo18wXTAbBgNVHREEFDAShxAAAAAAAAAAAAAAAAAAAAAAMB0GA1Ud +DgQWBBTKJU+NK7Q6ZPccSigRCMBCBgjkaDAfBgNVHSMEGDAWgBQBkw0X0kAYdsDe +MY567ptYW9J1aTANBgkqhkiG9w0BAQsFAAOCAQEAXuCs6MGVoND8TaJ6qaDmqtpy +wKEW2hsGclI9yv5cMS0XCVTkmKYnIoijtqv6Pdh8PfhIx5oJqJC8Ml16w4Iou4+6 +kKF0DdzdQyiM0OlNCgLYPiR4rh0ZCAFFCvOsDum1g+b9JTFZGooK4TMd9thwms4D +SqpP5v1NWf/ZLH5TYnp2CkPzBxDlnMJZphuWtPHL+78TbgQuQaKu2nMLBGBJqtFi +HDOGxckgZuwBsy0c+aC/ZwaV7FdMP42kxUZduCEx8+BDSGwPoEpz6pwVIkjiyYAm +3O8FUeEPzYzwpkANIbbEIDWV6FVH9IahKRRkE+bL3BqoQkv8SMciEA5zWsPrbA== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/s2a/src/test/resources/server_key.pem b/s2a/src/test/resources/server_key.pem new file mode 100644 index 000000000000..44f087dee948 --- /dev/null +++ b/s2a/src/test/resources/server_key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCU9OGq7y18niFA +pGJTD+809+jYvYtBTw2WtEvuu9XvUTfjksYrWH+EzcwenlWAS9poiJtvSFI2/9Nj +PcdUJDI24+VyaQdlMn2YHSJyKVSthZ0zQs8iDjqJOGYhBWEyI1+kwpAsMtDujcmS +2ObfY7GdB21hJX7s0WfDz/SkHiOJqIFh9kgx4bMQkg4UbwZI0kbSl8IjvUPItGic +hxvZfN94M8d5ZIXuVsigwYC4ogTaZenAeYCNMwnMhKFKAuoK+ZvPvBHdl5UySddy +ByoyZqAamHLxKOLMhYLkpFuudGoXbY67F1q3qxwh69FcanmdhrAVh2kr2qj7zaAS +i5Vfd21JAgMBAAECggEACTBuN4hXywdKT92UP0GNZTwh/jT7QUUqNnDa+lhWI1Rk +WUK1vPjRrRSxEfZ8mdSUHbzHsf7JK6FungGyqUsuWdqHTh6SmTibLOYnONm54paK +kx38/0HXdJ2pF0Jos5ohDV3/XOqpnv3aQJfm7kMNMv3BTqvsf5mPiDHtCq7dTGGj +rGiLc0zirKZq79C6YSB1UMB01BsDl2ScflK8b3osT18uYx/BOdjLT4yZWQsU/nbB +OeF+ziWTTUAVjodGeTf+NYG7cFN/9N9PdSnAwuw8Nche3xZKbHTh2I578Zd4bsDX +H+hoMN862nzOXEvD6KyLB8xDdnEZ+p+njeDROJVmgQKBgQDQhzQEl/co1LYc5IDO +mynhCOtKJeRWBLhYEPIuaSY3qF+lrOWzqyOUNppWDx+HeKOq70X1Q+ETeSXtbaL1 +qHBkNcApQ2lStcpkR9whcVbr9NIWC8y8UQxyerEK3x3l0bZ99dfJ/z6lbxdS7prc +Hhxy6pUj8Q8AgpTZA8HfQUF1EQKBgQC23ek24kTVvWeWX2C/82H1Yfia6ITL7WHz +3aEJaZaO5JD3KmOSZgY88Ob3pkDTRYjFZND5zSB7PnM68gpo/OEDla6ZYtfwBWCX +q4QhFtv2obehobmDk+URVfvlOcBikoEP1i8oy7WdZ5CgC4gNKkkD15l68W+g5IIG +2ZOA97yUuQKBgDAzoI2TRxmUGciR9UhMy6Bt/F12ZtKPYsFQoXqi6aeh7wIP9kTS +wXWoLYLJGiOpekOv7X7lQujKbz7zweCBIAG5/wJKx9TLms4VYkgEt+/w9oMMFTZO +kc8Al14I9xNBp6p0In5Z1vRMupp79yX8e90AZpsZRLt8c8W6PZ1Kq0PRAoGBAKmD +7LzD46t/eJccs0M9CoG94Ac5pGCmHTdDLBTdnIO5vehhkwwTJ5U2e+T2aQFwY+kY +G+B1FrconQj3dk78nFoGV2Q5DJOjaHcwt7s0xZNLNj7O/HnMj3wSiP9lGcJGrP1R +P0ZCEIlph9fU2LnbiPPW2J/vT9uF+EMBTosvG9GBAoGAEVaDLLXOHj+oh1i6YY7s +0qokN2CdeKY4gG7iKjuDFb0r/l6R9uFvpUwJMhLEkF5SPQMyrzKFdnTpw3n/jnRa +AWG6GoV+D7LES+lHP5TXKKijbnHJdFjW8PtfDXHCJ6uGG91vH0TMMp1LqhcvGfTv +lcNGXkk6gUNSecxBC1uJfKE= +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/settings.gradle b/settings.gradle index ae6e395e7a18..a550789aacad 100644 --- a/settings.gradle +++ b/settings.gradle @@ -64,6 +64,7 @@ include ":grpc-benchmarks" include ":grpc-services" include ":grpc-servlet" include ":grpc-servlet-jakarta" +include ":grpc-s2a" include ":grpc-xds" include ":grpc-bom" include ":grpc-rls" @@ -98,6 +99,7 @@ project(':grpc-benchmarks').projectDir = "$rootDir/benchmarks" as File project(':grpc-services').projectDir = "$rootDir/services" as File project(':grpc-servlet').projectDir = "$rootDir/servlet" as File project(':grpc-servlet-jakarta').projectDir = "$rootDir/servlet/jakarta" as File +project(':grpc-s2a').projectDir = "$rootDir/s2a" as File project(':grpc-xds').projectDir = "$rootDir/xds" as File project(':grpc-bom').projectDir = "$rootDir/bom" as File project(':grpc-rls').projectDir = "$rootDir/rls" as File