const (
S2AService_SetUpSession_FullMethodName = "/s2a.proto.v2.S2AService/SetUpSession"
)
Enum value maps for SignatureAlgorithm.
var (
SignatureAlgorithm_name = map[int32]string{
0: "S2A_SSL_SIGN_UNSPECIFIED",
1: "S2A_SSL_SIGN_RSA_PKCS1_SHA256",
2: "S2A_SSL_SIGN_RSA_PKCS1_SHA384",
3: "S2A_SSL_SIGN_RSA_PKCS1_SHA512",
4: "S2A_SSL_SIGN_ECDSA_SECP256R1_SHA256",
5: "S2A_SSL_SIGN_ECDSA_SECP384R1_SHA384",
6: "S2A_SSL_SIGN_ECDSA_SECP521R1_SHA512",
7: "S2A_SSL_SIGN_RSA_PSS_RSAE_SHA256",
8: "S2A_SSL_SIGN_RSA_PSS_RSAE_SHA384",
9: "S2A_SSL_SIGN_RSA_PSS_RSAE_SHA512",
10: "S2A_SSL_SIGN_ED25519",
}
SignatureAlgorithm_value = map[string]int32{
"S2A_SSL_SIGN_UNSPECIFIED": 0,
"S2A_SSL_SIGN_RSA_PKCS1_SHA256": 1,
"S2A_SSL_SIGN_RSA_PKCS1_SHA384": 2,
"S2A_SSL_SIGN_RSA_PKCS1_SHA512": 3,
"S2A_SSL_SIGN_ECDSA_SECP256R1_SHA256": 4,
"S2A_SSL_SIGN_ECDSA_SECP384R1_SHA384": 5,
"S2A_SSL_SIGN_ECDSA_SECP521R1_SHA512": 6,
"S2A_SSL_SIGN_RSA_PSS_RSAE_SHA256": 7,
"S2A_SSL_SIGN_RSA_PSS_RSAE_SHA384": 8,
"S2A_SSL_SIGN_RSA_PSS_RSAE_SHA512": 9,
"S2A_SSL_SIGN_ED25519": 10,
}
)
Enum value maps for GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate.
var (
GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate_name = map[int32]string{
0: "UNSPECIFIED",
1: "DONT_REQUEST_CLIENT_CERTIFICATE",
2: "REQUEST_CLIENT_CERTIFICATE_BUT_DONT_VERIFY",
3: "REQUEST_CLIENT_CERTIFICATE_AND_VERIFY",
4: "REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_BUT_DONT_VERIFY",
5: "REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY",
}
GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate_value = map[string]int32{
"UNSPECIFIED": 0,
"DONT_REQUEST_CLIENT_CERTIFICATE": 1,
"REQUEST_CLIENT_CERTIFICATE_BUT_DONT_VERIFY": 2,
"REQUEST_CLIENT_CERTIFICATE_AND_VERIFY": 3,
"REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_BUT_DONT_VERIFY": 4,
"REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY": 5,
}
)
Enum value maps for OffloadPrivateKeyOperationReq_PrivateKeyOperation.
var (
OffloadPrivateKeyOperationReq_PrivateKeyOperation_name = map[int32]string{
0: "UNSPECIFIED",
1: "SIGN",
2: "DECRYPT",
}
OffloadPrivateKeyOperationReq_PrivateKeyOperation_value = map[string]int32{
"UNSPECIFIED": 0,
"SIGN": 1,
"DECRYPT": 2,
}
)
Enum value maps for OffloadResumptionKeyOperationReq_ResumptionKeyOperation.
var (
OffloadResumptionKeyOperationReq_ResumptionKeyOperation_name = map[int32]string{
0: "UNSPECIFIED",
1: "ENCRYPT",
2: "DECRYPT",
}
OffloadResumptionKeyOperationReq_ResumptionKeyOperation_value = map[string]int32{
"UNSPECIFIED": 0,
"ENCRYPT": 1,
"DECRYPT": 2,
}
)
Enum value maps for ValidatePeerCertificateChainReq_VerificationMode.
var (
ValidatePeerCertificateChainReq_VerificationMode_name = map[int32]string{
0: "UNSPECIFIED",
1: "SPIFFE",
2: "CONNECT_TO_GOOGLE",
}
ValidatePeerCertificateChainReq_VerificationMode_value = map[string]int32{
"UNSPECIFIED": 0,
"SPIFFE": 1,
"CONNECT_TO_GOOGLE": 2,
}
)
Enum value maps for ValidatePeerCertificateChainResp_ValidationResult.
var (
ValidatePeerCertificateChainResp_ValidationResult_name = map[int32]string{
0: "UNSPECIFIED",
1: "SUCCESS",
2: "FAILURE",
}
ValidatePeerCertificateChainResp_ValidationResult_value = map[string]int32{
"UNSPECIFIED": 0,
"SUCCESS": 1,
"FAILURE": 2,
}
)
var File_internal_proto_v2_s2a_s2a_proto protoreflect.FileDescriptor
S2AService_ServiceDesc is the grpc.ServiceDesc for S2AService service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified (even as a copy)
var S2AService_ServiceDesc = grpc.ServiceDesc{ ServiceName: "s2a.proto.v2.S2AService", HandlerType: (*S2AServiceServer)(nil), Methods: []grpc.MethodDesc{}, Streams: []grpc.StreamDesc{ { StreamName: "SetUpSession", Handler: _S2AService_SetUpSession_Handler, ServerStreams: true, ClientStreams: true, }, }, Metadata: "internal/proto/v2/s2a/s2a.proto", }
func RegisterS2AServiceServer(s grpc.ServiceRegistrar, srv S2AServiceServer)
type AlpnPolicy struct {
// If true, the application MUST perform ALPN negotiation.
EnableAlpnNegotiation bool `protobuf:"varint,1,opt,name=enable_alpn_negotiation,json=enableAlpnNegotiation,proto3" json:"enable_alpn_negotiation,omitempty"`
// The ordered list of ALPN protocols that specify how the application SHOULD
// negotiate ALPN during the TLS handshake.
//
// The application MAY ignore any ALPN protocols in this list that are not
// supported by the application.
AlpnProtocols []common_go_proto.AlpnProtocol `protobuf:"varint,2,rep,packed,name=alpn_protocols,json=alpnProtocols,proto3,enum=s2a.proto.v2.AlpnProtocol" json:"alpn_protocols,omitempty"`
// contains filtered or unexported fields
}
func (*AlpnPolicy) Descriptor() ([]byte, []int)
Deprecated: Use AlpnPolicy.ProtoReflect.Descriptor instead.
func (x *AlpnPolicy) GetAlpnProtocols() []common_go_proto.AlpnProtocol
func (x *AlpnPolicy) GetEnableAlpnNegotiation() bool
func (*AlpnPolicy) ProtoMessage()
func (x *AlpnPolicy) ProtoReflect() protoreflect.Message
func (x *AlpnPolicy) Reset()
func (x *AlpnPolicy) String() string
type AuthenticationMechanism struct {
// Applications may specify an identity associated to an authentication
// mechanism. Otherwise, S2A assumes that the authentication mechanism is
// associated with the default identity. If the default identity cannot be
// determined, the request is rejected.
Identity *common_go_proto1.Identity `protobuf:"bytes,1,opt,name=identity,proto3" json:"identity,omitempty"`
// Types that are assignable to MechanismOneof:
//
// *AuthenticationMechanism_Token
MechanismOneof isAuthenticationMechanism_MechanismOneof `protobuf_oneof:"mechanism_oneof"`
// contains filtered or unexported fields
}
func (*AuthenticationMechanism) Descriptor() ([]byte, []int)
Deprecated: Use AuthenticationMechanism.ProtoReflect.Descriptor instead.
func (x *AuthenticationMechanism) GetIdentity() *common_go_proto1.Identity
func (m *AuthenticationMechanism) GetMechanismOneof() isAuthenticationMechanism_MechanismOneof
func (x *AuthenticationMechanism) GetToken() string
func (*AuthenticationMechanism) ProtoMessage()
func (x *AuthenticationMechanism) ProtoReflect() protoreflect.Message
func (x *AuthenticationMechanism) Reset()
func (x *AuthenticationMechanism) String() string
type AuthenticationMechanism_Token struct {
// A token that the application uses to authenticate itself to S2A.
Token string `protobuf:"bytes,2,opt,name=token,proto3,oneof"`
}
type GetTlsConfigurationReq struct {
// The role of the application in the TLS connection.
ConnectionSide common_go_proto.ConnectionSide `protobuf:"varint,1,opt,name=connection_side,json=connectionSide,proto3,enum=s2a.proto.v2.ConnectionSide" json:"connection_side,omitempty"`
// The server name indication (SNI) extension, which MAY be populated when a
// server is offloading to S2A. The SNI is used to determine the server
// identity if the local identity in the request is empty.
Sni string `protobuf:"bytes,2,opt,name=sni,proto3" json:"sni,omitempty"`
// contains filtered or unexported fields
}
func (*GetTlsConfigurationReq) Descriptor() ([]byte, []int)
Deprecated: Use GetTlsConfigurationReq.ProtoReflect.Descriptor instead.
func (x *GetTlsConfigurationReq) GetConnectionSide() common_go_proto.ConnectionSide
func (x *GetTlsConfigurationReq) GetSni() string
func (*GetTlsConfigurationReq) ProtoMessage()
func (x *GetTlsConfigurationReq) ProtoReflect() protoreflect.Message
func (x *GetTlsConfigurationReq) Reset()
func (x *GetTlsConfigurationReq) String() string
type GetTlsConfigurationResp struct {
// Types that are assignable to TlsConfiguration:
//
// *GetTlsConfigurationResp_ClientTlsConfiguration_
// *GetTlsConfigurationResp_ServerTlsConfiguration_
TlsConfiguration isGetTlsConfigurationResp_TlsConfiguration `protobuf_oneof:"tls_configuration"`
// contains filtered or unexported fields
}
func (*GetTlsConfigurationResp) Descriptor() ([]byte, []int)
Deprecated: Use GetTlsConfigurationResp.ProtoReflect.Descriptor instead.
func (x *GetTlsConfigurationResp) GetClientTlsConfiguration() *GetTlsConfigurationResp_ClientTlsConfiguration
func (x *GetTlsConfigurationResp) GetServerTlsConfiguration() *GetTlsConfigurationResp_ServerTlsConfiguration
func (m *GetTlsConfigurationResp) GetTlsConfiguration() isGetTlsConfigurationResp_TlsConfiguration
func (*GetTlsConfigurationResp) ProtoMessage()
func (x *GetTlsConfigurationResp) ProtoReflect() protoreflect.Message
func (x *GetTlsConfigurationResp) Reset()
func (x *GetTlsConfigurationResp) String() string
Next ID: 8
type GetTlsConfigurationResp_ClientTlsConfiguration struct {
// The certificate chain that the client MUST use for the TLS handshake.
// It's a list of PEM-encoded certificates, ordered from leaf to root,
// excluding the root.
CertificateChain []string `protobuf:"bytes,1,rep,name=certificate_chain,json=certificateChain,proto3" json:"certificate_chain,omitempty"`
// The minimum TLS version number that the client MUST use for the TLS
// handshake. If this field is not provided, the client MUST use the default
// minimum version of the client's TLS library.
MinTlsVersion common_go_proto.TLSVersion `protobuf:"varint,2,opt,name=min_tls_version,json=minTlsVersion,proto3,enum=s2a.proto.v2.TLSVersion" json:"min_tls_version,omitempty"`
// The maximum TLS version number that the client MUST use for the TLS
// handshake. If this field is not provided, the client MUST use the default
// maximum version of the client's TLS library.
MaxTlsVersion common_go_proto.TLSVersion `protobuf:"varint,3,opt,name=max_tls_version,json=maxTlsVersion,proto3,enum=s2a.proto.v2.TLSVersion" json:"max_tls_version,omitempty"`
// The ordered list of TLS 1.0-1.2 ciphersuites that the client MAY offer to
// negotiate in the TLS handshake.
Ciphersuites []common_go_proto.Ciphersuite `protobuf:"varint,6,rep,packed,name=ciphersuites,proto3,enum=s2a.proto.v2.Ciphersuite" json:"ciphersuites,omitempty"`
// The policy that dictates how the client negotiates ALPN during the TLS
// handshake.
AlpnPolicy *AlpnPolicy `protobuf:"bytes,7,opt,name=alpn_policy,json=alpnPolicy,proto3" json:"alpn_policy,omitempty"`
// contains filtered or unexported fields
}
func (*GetTlsConfigurationResp_ClientTlsConfiguration) Descriptor() ([]byte, []int)
Deprecated: Use GetTlsConfigurationResp_ClientTlsConfiguration.ProtoReflect.Descriptor instead.
func (x *GetTlsConfigurationResp_ClientTlsConfiguration) GetAlpnPolicy() *AlpnPolicy
func (x *GetTlsConfigurationResp_ClientTlsConfiguration) GetCertificateChain() []string
func (x *GetTlsConfigurationResp_ClientTlsConfiguration) GetCiphersuites() []common_go_proto.Ciphersuite
func (x *GetTlsConfigurationResp_ClientTlsConfiguration) GetMaxTlsVersion() common_go_proto.TLSVersion
func (x *GetTlsConfigurationResp_ClientTlsConfiguration) GetMinTlsVersion() common_go_proto.TLSVersion
func (*GetTlsConfigurationResp_ClientTlsConfiguration) ProtoMessage()
func (x *GetTlsConfigurationResp_ClientTlsConfiguration) ProtoReflect() protoreflect.Message
func (x *GetTlsConfigurationResp_ClientTlsConfiguration) Reset()
func (x *GetTlsConfigurationResp_ClientTlsConfiguration) String() string
type GetTlsConfigurationResp_ClientTlsConfiguration_ struct {
ClientTlsConfiguration *GetTlsConfigurationResp_ClientTlsConfiguration `protobuf:"bytes,1,opt,name=client_tls_configuration,json=clientTlsConfiguration,proto3,oneof"`
}
Next ID: 12
type GetTlsConfigurationResp_ServerTlsConfiguration struct {
// The certificate chain that the server MUST use for the TLS handshake.
// It's a list of PEM-encoded certificates, ordered from leaf to root,
// excluding the root.
CertificateChain []string `protobuf:"bytes,1,rep,name=certificate_chain,json=certificateChain,proto3" json:"certificate_chain,omitempty"`
// The minimum TLS version number that the server MUST use for the TLS
// handshake. If this field is not provided, the server MUST use the default
// minimum version of the server's TLS library.
MinTlsVersion common_go_proto.TLSVersion `protobuf:"varint,2,opt,name=min_tls_version,json=minTlsVersion,proto3,enum=s2a.proto.v2.TLSVersion" json:"min_tls_version,omitempty"`
// The maximum TLS version number that the server MUST use for the TLS
// handshake. If this field is not provided, the server MUST use the default
// maximum version of the server's TLS library.
MaxTlsVersion common_go_proto.TLSVersion `protobuf:"varint,3,opt,name=max_tls_version,json=maxTlsVersion,proto3,enum=s2a.proto.v2.TLSVersion" json:"max_tls_version,omitempty"`
// The ordered list of TLS 1.0-1.2 ciphersuites that the server MAY offer to
// negotiate in the TLS handshake.
Ciphersuites []common_go_proto.Ciphersuite `protobuf:"varint,10,rep,packed,name=ciphersuites,proto3,enum=s2a.proto.v2.Ciphersuite" json:"ciphersuites,omitempty"`
// Whether to enable TLS resumption.
TlsResumptionEnabled bool `protobuf:"varint,6,opt,name=tls_resumption_enabled,json=tlsResumptionEnabled,proto3" json:"tls_resumption_enabled,omitempty"`
// Whether the server MUST request a client certificate (i.e. to negotiate
// TLS vs. mTLS).
RequestClientCertificate GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate `protobuf:"varint,7,opt,name=request_client_certificate,json=requestClientCertificate,proto3,enum=s2a.proto.v2.GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate" json:"request_client_certificate,omitempty"`
// Returns the maximum number of extra bytes that
// |OffloadResumptionKeyOperation| can add to the number of unencrypted
// bytes to form the encrypted bytes.
MaxOverheadOfTicketAead uint32 `protobuf:"varint,9,opt,name=max_overhead_of_ticket_aead,json=maxOverheadOfTicketAead,proto3" json:"max_overhead_of_ticket_aead,omitempty"`
// The policy that dictates how the server negotiates ALPN during the TLS
// handshake.
AlpnPolicy *AlpnPolicy `protobuf:"bytes,11,opt,name=alpn_policy,json=alpnPolicy,proto3" json:"alpn_policy,omitempty"`
// contains filtered or unexported fields
}
func (*GetTlsConfigurationResp_ServerTlsConfiguration) Descriptor() ([]byte, []int)
Deprecated: Use GetTlsConfigurationResp_ServerTlsConfiguration.ProtoReflect.Descriptor instead.
func (x *GetTlsConfigurationResp_ServerTlsConfiguration) GetAlpnPolicy() *AlpnPolicy
func (x *GetTlsConfigurationResp_ServerTlsConfiguration) GetCertificateChain() []string
func (x *GetTlsConfigurationResp_ServerTlsConfiguration) GetCiphersuites() []common_go_proto.Ciphersuite
func (x *GetTlsConfigurationResp_ServerTlsConfiguration) GetMaxOverheadOfTicketAead() uint32
func (x *GetTlsConfigurationResp_ServerTlsConfiguration) GetMaxTlsVersion() common_go_proto.TLSVersion
func (x *GetTlsConfigurationResp_ServerTlsConfiguration) GetMinTlsVersion() common_go_proto.TLSVersion
func (x *GetTlsConfigurationResp_ServerTlsConfiguration) GetRequestClientCertificate() GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate
func (x *GetTlsConfigurationResp_ServerTlsConfiguration) GetTlsResumptionEnabled() bool
func (*GetTlsConfigurationResp_ServerTlsConfiguration) ProtoMessage()
func (x *GetTlsConfigurationResp_ServerTlsConfiguration) ProtoReflect() protoreflect.Message
func (x *GetTlsConfigurationResp_ServerTlsConfiguration) Reset()
func (x *GetTlsConfigurationResp_ServerTlsConfiguration) String() string
type GetTlsConfigurationResp_ServerTlsConfiguration_ struct {
ServerTlsConfiguration *GetTlsConfigurationResp_ServerTlsConfiguration `protobuf:"bytes,2,opt,name=server_tls_configuration,json=serverTlsConfiguration,proto3,oneof"`
}
type GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate int32
const (
GetTlsConfigurationResp_ServerTlsConfiguration_UNSPECIFIED GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate = 0
GetTlsConfigurationResp_ServerTlsConfiguration_DONT_REQUEST_CLIENT_CERTIFICATE GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate = 1
GetTlsConfigurationResp_ServerTlsConfiguration_REQUEST_CLIENT_CERTIFICATE_BUT_DONT_VERIFY GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate = 2
GetTlsConfigurationResp_ServerTlsConfiguration_REQUEST_CLIENT_CERTIFICATE_AND_VERIFY GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate = 3
GetTlsConfigurationResp_ServerTlsConfiguration_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_BUT_DONT_VERIFY GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate = 4
GetTlsConfigurationResp_ServerTlsConfiguration_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate = 5
)
func (GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate) Descriptor() protoreflect.EnumDescriptor
func (x GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate) Enum() *GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate
func (GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate) EnumDescriptor() ([]byte, []int)
Deprecated: Use GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate.Descriptor instead.
func (x GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate) Number() protoreflect.EnumNumber
func (x GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate) String() string
func (GetTlsConfigurationResp_ServerTlsConfiguration_RequestClientCertificate) Type() protoreflect.EnumType
type OffloadPrivateKeyOperationReq struct {
// The operation the private key is used for.
Operation OffloadPrivateKeyOperationReq_PrivateKeyOperation `protobuf:"varint,1,opt,name=operation,proto3,enum=s2a.proto.v2.OffloadPrivateKeyOperationReq_PrivateKeyOperation" json:"operation,omitempty"`
// The signature algorithm to be used for signing operations.
SignatureAlgorithm SignatureAlgorithm `protobuf:"varint,2,opt,name=signature_algorithm,json=signatureAlgorithm,proto3,enum=s2a.proto.v2.SignatureAlgorithm" json:"signature_algorithm,omitempty"`
// The input bytes to be signed or decrypted.
//
// Types that are assignable to InBytes:
//
// *OffloadPrivateKeyOperationReq_RawBytes
// *OffloadPrivateKeyOperationReq_Sha256Digest
// *OffloadPrivateKeyOperationReq_Sha384Digest
// *OffloadPrivateKeyOperationReq_Sha512Digest
InBytes isOffloadPrivateKeyOperationReq_InBytes `protobuf_oneof:"in_bytes"`
// contains filtered or unexported fields
}
func (*OffloadPrivateKeyOperationReq) Descriptor() ([]byte, []int)
Deprecated: Use OffloadPrivateKeyOperationReq.ProtoReflect.Descriptor instead.
func (m *OffloadPrivateKeyOperationReq) GetInBytes() isOffloadPrivateKeyOperationReq_InBytes
func (x *OffloadPrivateKeyOperationReq) GetOperation() OffloadPrivateKeyOperationReq_PrivateKeyOperation
func (x *OffloadPrivateKeyOperationReq) GetRawBytes() []byte
func (x *OffloadPrivateKeyOperationReq) GetSha256Digest() []byte
func (x *OffloadPrivateKeyOperationReq) GetSha384Digest() []byte
func (x *OffloadPrivateKeyOperationReq) GetSha512Digest() []byte
func (x *OffloadPrivateKeyOperationReq) GetSignatureAlgorithm() SignatureAlgorithm
func (*OffloadPrivateKeyOperationReq) ProtoMessage()
func (x *OffloadPrivateKeyOperationReq) ProtoReflect() protoreflect.Message
func (x *OffloadPrivateKeyOperationReq) Reset()
func (x *OffloadPrivateKeyOperationReq) String() string
type OffloadPrivateKeyOperationReq_PrivateKeyOperation int32
const (
OffloadPrivateKeyOperationReq_UNSPECIFIED OffloadPrivateKeyOperationReq_PrivateKeyOperation = 0
// When performing a TLS 1.2 or 1.3 handshake, the (partial) transcript of
// the TLS handshake must be signed to prove possession of the private key.
//
// See https://www.rfc-editor.org/rfc/rfc8446.html#section-4.4.3.
OffloadPrivateKeyOperationReq_SIGN OffloadPrivateKeyOperationReq_PrivateKeyOperation = 1
// When performing a TLS 1.2 handshake using an RSA algorithm, the key
// exchange algorithm involves the client generating a premaster secret,
// encrypting it using the server's public key, and sending this encrypted
// blob to the server in a ClientKeyExchange message.
//
// See https://www.rfc-editor.org/rfc/rfc4346#section-7.4.7.1.
OffloadPrivateKeyOperationReq_DECRYPT OffloadPrivateKeyOperationReq_PrivateKeyOperation = 2
)
func (OffloadPrivateKeyOperationReq_PrivateKeyOperation) Descriptor() protoreflect.EnumDescriptor
func (x OffloadPrivateKeyOperationReq_PrivateKeyOperation) Enum() *OffloadPrivateKeyOperationReq_PrivateKeyOperation
func (OffloadPrivateKeyOperationReq_PrivateKeyOperation) EnumDescriptor() ([]byte, []int)
Deprecated: Use OffloadPrivateKeyOperationReq_PrivateKeyOperation.Descriptor instead.
func (x OffloadPrivateKeyOperationReq_PrivateKeyOperation) Number() protoreflect.EnumNumber
func (x OffloadPrivateKeyOperationReq_PrivateKeyOperation) String() string
func (OffloadPrivateKeyOperationReq_PrivateKeyOperation) Type() protoreflect.EnumType
type OffloadPrivateKeyOperationReq_RawBytes struct {
// Raw bytes to be hashed and signed, or decrypted.
RawBytes []byte `protobuf:"bytes,4,opt,name=raw_bytes,json=rawBytes,proto3,oneof"`
}
type OffloadPrivateKeyOperationReq_Sha256Digest struct {
// A SHA256 hash to be signed. Must be 32 bytes.
Sha256Digest []byte `protobuf:"bytes,5,opt,name=sha256_digest,json=sha256Digest,proto3,oneof"`
}
type OffloadPrivateKeyOperationReq_Sha384Digest struct {
// A SHA384 hash to be signed. Must be 48 bytes.
Sha384Digest []byte `protobuf:"bytes,6,opt,name=sha384_digest,json=sha384Digest,proto3,oneof"`
}
type OffloadPrivateKeyOperationReq_Sha512Digest struct {
// A SHA512 hash to be signed. Must be 64 bytes.
Sha512Digest []byte `protobuf:"bytes,7,opt,name=sha512_digest,json=sha512Digest,proto3,oneof"`
}
type OffloadPrivateKeyOperationResp struct {
// The signed or decrypted output bytes.
OutBytes []byte `protobuf:"bytes,1,opt,name=out_bytes,json=outBytes,proto3" json:"out_bytes,omitempty"`
// contains filtered or unexported fields
}
func (*OffloadPrivateKeyOperationResp) Descriptor() ([]byte, []int)
Deprecated: Use OffloadPrivateKeyOperationResp.ProtoReflect.Descriptor instead.
func (x *OffloadPrivateKeyOperationResp) GetOutBytes() []byte
func (*OffloadPrivateKeyOperationResp) ProtoMessage()
func (x *OffloadPrivateKeyOperationResp) ProtoReflect() protoreflect.Message
func (x *OffloadPrivateKeyOperationResp) Reset()
func (x *OffloadPrivateKeyOperationResp) String() string
type OffloadResumptionKeyOperationReq struct {
// The operation the resumption key is used for.
Operation OffloadResumptionKeyOperationReq_ResumptionKeyOperation `protobuf:"varint,1,opt,name=operation,proto3,enum=s2a.proto.v2.OffloadResumptionKeyOperationReq_ResumptionKeyOperation" json:"operation,omitempty"`
// The bytes to be encrypted or decrypted.
InBytes []byte `protobuf:"bytes,2,opt,name=in_bytes,json=inBytes,proto3" json:"in_bytes,omitempty"`
// contains filtered or unexported fields
}
func (*OffloadResumptionKeyOperationReq) Descriptor() ([]byte, []int)
Deprecated: Use OffloadResumptionKeyOperationReq.ProtoReflect.Descriptor instead.
func (x *OffloadResumptionKeyOperationReq) GetInBytes() []byte
func (x *OffloadResumptionKeyOperationReq) GetOperation() OffloadResumptionKeyOperationReq_ResumptionKeyOperation
func (*OffloadResumptionKeyOperationReq) ProtoMessage()
func (x *OffloadResumptionKeyOperationReq) ProtoReflect() protoreflect.Message
func (x *OffloadResumptionKeyOperationReq) Reset()
func (x *OffloadResumptionKeyOperationReq) String() string
type OffloadResumptionKeyOperationReq_ResumptionKeyOperation int32
const (
OffloadResumptionKeyOperationReq_UNSPECIFIED OffloadResumptionKeyOperationReq_ResumptionKeyOperation = 0
OffloadResumptionKeyOperationReq_ENCRYPT OffloadResumptionKeyOperationReq_ResumptionKeyOperation = 1
OffloadResumptionKeyOperationReq_DECRYPT OffloadResumptionKeyOperationReq_ResumptionKeyOperation = 2
)
func (OffloadResumptionKeyOperationReq_ResumptionKeyOperation) Descriptor() protoreflect.EnumDescriptor
func (x OffloadResumptionKeyOperationReq_ResumptionKeyOperation) Enum() *OffloadResumptionKeyOperationReq_ResumptionKeyOperation
func (OffloadResumptionKeyOperationReq_ResumptionKeyOperation) EnumDescriptor() ([]byte, []int)
Deprecated: Use OffloadResumptionKeyOperationReq_ResumptionKeyOperation.Descriptor instead.
func (x OffloadResumptionKeyOperationReq_ResumptionKeyOperation) Number() protoreflect.EnumNumber
func (x OffloadResumptionKeyOperationReq_ResumptionKeyOperation) String() string
func (OffloadResumptionKeyOperationReq_ResumptionKeyOperation) Type() protoreflect.EnumType
type OffloadResumptionKeyOperationResp struct {
// The encrypted or decrypted bytes.
OutBytes []byte `protobuf:"bytes,1,opt,name=out_bytes,json=outBytes,proto3" json:"out_bytes,omitempty"`
// contains filtered or unexported fields
}
func (*OffloadResumptionKeyOperationResp) Descriptor() ([]byte, []int)
Deprecated: Use OffloadResumptionKeyOperationResp.ProtoReflect.Descriptor instead.
func (x *OffloadResumptionKeyOperationResp) GetOutBytes() []byte
func (*OffloadResumptionKeyOperationResp) ProtoMessage()
func (x *OffloadResumptionKeyOperationResp) ProtoReflect() protoreflect.Message
func (x *OffloadResumptionKeyOperationResp) Reset()
func (x *OffloadResumptionKeyOperationResp) String() string
S2AServiceClient is the client API for S2AService service.
For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
type S2AServiceClient interface {
// SetUpSession is a bidirectional stream used by applications to offload
// operations from the TLS handshake.
SetUpSession(ctx context.Context, opts ...grpc.CallOption) (S2AService_SetUpSessionClient, error)
}
func NewS2AServiceClient(cc grpc.ClientConnInterface) S2AServiceClient
S2AServiceServer is the server API for S2AService service. All implementations must embed UnimplementedS2AServiceServer for forward compatibility
type S2AServiceServer interface {
// SetUpSession is a bidirectional stream used by applications to offload
// operations from the TLS handshake.
SetUpSession(S2AService_SetUpSessionServer) error
// contains filtered or unexported methods
}
type S2AService_SetUpSessionClient interface {
Send(*SessionReq) error
Recv() (*SessionResp, error)
grpc.ClientStream
}
type S2AService_SetUpSessionServer interface {
Send(*SessionResp) error
Recv() (*SessionReq, error)
grpc.ServerStream
}
type SessionReq struct {
// The identity corresponding to the TLS configurations that MUST be used for
// the TLS handshake.
//
// If a managed identity already exists, the local identity and authentication
// mechanisms are ignored. If a managed identity doesn't exist and the local
// identity is not populated, S2A will try to deduce the managed identity to
// use from the SNI extension. If that also fails, S2A uses the default
// identity (if one exists).
LocalIdentity *common_go_proto1.Identity `protobuf:"bytes,1,opt,name=local_identity,json=localIdentity,proto3" json:"local_identity,omitempty"`
// The authentication mechanisms that the application wishes to use to
// authenticate to S2A, ordered by preference. S2A will always use the first
// authentication mechanism that matches the managed identity.
AuthenticationMechanisms []*AuthenticationMechanism `protobuf:"bytes,2,rep,name=authentication_mechanisms,json=authenticationMechanisms,proto3" json:"authentication_mechanisms,omitempty"`
// Types that are assignable to ReqOneof:
//
// *SessionReq_GetTlsConfigurationReq
// *SessionReq_OffloadPrivateKeyOperationReq
// *SessionReq_OffloadResumptionKeyOperationReq
// *SessionReq_ValidatePeerCertificateChainReq
ReqOneof isSessionReq_ReqOneof `protobuf_oneof:"req_oneof"`
// contains filtered or unexported fields
}
func (*SessionReq) Descriptor() ([]byte, []int)
Deprecated: Use SessionReq.ProtoReflect.Descriptor instead.
func (x *SessionReq) GetAuthenticationMechanisms() []*AuthenticationMechanism
func (x *SessionReq) GetGetTlsConfigurationReq() *GetTlsConfigurationReq
func (x *SessionReq) GetLocalIdentity() *common_go_proto1.Identity
func (x *SessionReq) GetOffloadPrivateKeyOperationReq() *OffloadPrivateKeyOperationReq
func (x *SessionReq) GetOffloadResumptionKeyOperationReq() *OffloadResumptionKeyOperationReq
func (m *SessionReq) GetReqOneof() isSessionReq_ReqOneof
func (x *SessionReq) GetValidatePeerCertificateChainReq() *ValidatePeerCertificateChainReq
func (*SessionReq) ProtoMessage()
func (x *SessionReq) ProtoReflect() protoreflect.Message
func (x *SessionReq) Reset()
func (x *SessionReq) String() string
type SessionReq_GetTlsConfigurationReq struct {
// Requests the certificate chain and TLS configuration corresponding to the
// local identity, which the application MUST use to negotiate the TLS
// handshake.
GetTlsConfigurationReq *GetTlsConfigurationReq `protobuf:"bytes,3,opt,name=get_tls_configuration_req,json=getTlsConfigurationReq,proto3,oneof"`
}
type SessionReq_OffloadPrivateKeyOperationReq struct {
// Signs or decrypts the input bytes using a private key corresponding to
// the local identity in the request.
//
// WARNING: More than one OffloadPrivateKeyOperationReq may be sent to the
// S2Av2 by a server during a TLS 1.2 handshake.
OffloadPrivateKeyOperationReq *OffloadPrivateKeyOperationReq `protobuf:"bytes,4,opt,name=offload_private_key_operation_req,json=offloadPrivateKeyOperationReq,proto3,oneof"`
}
type SessionReq_OffloadResumptionKeyOperationReq struct {
// Encrypts or decrypts the input bytes using a resumption key corresponding
// to the local identity in the request.
OffloadResumptionKeyOperationReq *OffloadResumptionKeyOperationReq `protobuf:"bytes,5,opt,name=offload_resumption_key_operation_req,json=offloadResumptionKeyOperationReq,proto3,oneof"`
}
type SessionReq_ValidatePeerCertificateChainReq struct {
// Verifies the peer's certificate chain using
// (a) trust bundles corresponding to the local identity in the request, and
// (b) the verification mode in the request.
ValidatePeerCertificateChainReq *ValidatePeerCertificateChainReq `protobuf:"bytes,6,opt,name=validate_peer_certificate_chain_req,json=validatePeerCertificateChainReq,proto3,oneof"`
}
type SessionResp struct {
// Status of the session response.
//
// The status field is populated so that if an error occurs when making an
// individual request, then communication with the S2A may continue. If an
// error is returned directly (e.g. at the gRPC layer), then it may result
// that the bidirectional stream being closed.
Status *Status `protobuf:"bytes,1,opt,name=status,proto3" json:"status,omitempty"`
// Types that are assignable to RespOneof:
//
// *SessionResp_GetTlsConfigurationResp
// *SessionResp_OffloadPrivateKeyOperationResp
// *SessionResp_OffloadResumptionKeyOperationResp
// *SessionResp_ValidatePeerCertificateChainResp
RespOneof isSessionResp_RespOneof `protobuf_oneof:"resp_oneof"`
// contains filtered or unexported fields
}
func (*SessionResp) Descriptor() ([]byte, []int)
Deprecated: Use SessionResp.ProtoReflect.Descriptor instead.
func (x *SessionResp) GetGetTlsConfigurationResp() *GetTlsConfigurationResp
func (x *SessionResp) GetOffloadPrivateKeyOperationResp() *OffloadPrivateKeyOperationResp
func (x *SessionResp) GetOffloadResumptionKeyOperationResp() *OffloadResumptionKeyOperationResp
func (m *SessionResp) GetRespOneof() isSessionResp_RespOneof
func (x *SessionResp) GetStatus() *Status
func (x *SessionResp) GetValidatePeerCertificateChainResp() *ValidatePeerCertificateChainResp
func (*SessionResp) ProtoMessage()
func (x *SessionResp) ProtoReflect() protoreflect.Message
func (x *SessionResp) Reset()
func (x *SessionResp) String() string
type SessionResp_GetTlsConfigurationResp struct {
// Contains the certificate chain and TLS configurations corresponding to
// the local identity.
GetTlsConfigurationResp *GetTlsConfigurationResp `protobuf:"bytes,2,opt,name=get_tls_configuration_resp,json=getTlsConfigurationResp,proto3,oneof"`
}
type SessionResp_OffloadPrivateKeyOperationResp struct {
// Contains the signed or encrypted output bytes using the private key
// corresponding to the local identity.
OffloadPrivateKeyOperationResp *OffloadPrivateKeyOperationResp `protobuf:"bytes,3,opt,name=offload_private_key_operation_resp,json=offloadPrivateKeyOperationResp,proto3,oneof"`
}
type SessionResp_OffloadResumptionKeyOperationResp struct {
// Contains the encrypted or decrypted output bytes using the resumption key
// corresponding to the local identity.
OffloadResumptionKeyOperationResp *OffloadResumptionKeyOperationResp `protobuf:"bytes,4,opt,name=offload_resumption_key_operation_resp,json=offloadResumptionKeyOperationResp,proto3,oneof"`
}
type SessionResp_ValidatePeerCertificateChainResp struct {
// Contains the validation result, peer identity and fingerprints of peer
// certificates.
ValidatePeerCertificateChainResp *ValidatePeerCertificateChainResp `protobuf:"bytes,5,opt,name=validate_peer_certificate_chain_resp,json=validatePeerCertificateChainResp,proto3,oneof"`
}
type SignatureAlgorithm int32
const (
SignatureAlgorithm_S2A_SSL_SIGN_UNSPECIFIED SignatureAlgorithm = 0
// RSA Public-Key Cryptography Standards #1.
SignatureAlgorithm_S2A_SSL_SIGN_RSA_PKCS1_SHA256 SignatureAlgorithm = 1
SignatureAlgorithm_S2A_SSL_SIGN_RSA_PKCS1_SHA384 SignatureAlgorithm = 2
SignatureAlgorithm_S2A_SSL_SIGN_RSA_PKCS1_SHA512 SignatureAlgorithm = 3
// ECDSA.
SignatureAlgorithm_S2A_SSL_SIGN_ECDSA_SECP256R1_SHA256 SignatureAlgorithm = 4
SignatureAlgorithm_S2A_SSL_SIGN_ECDSA_SECP384R1_SHA384 SignatureAlgorithm = 5
SignatureAlgorithm_S2A_SSL_SIGN_ECDSA_SECP521R1_SHA512 SignatureAlgorithm = 6
// RSA Probabilistic Signature Scheme.
SignatureAlgorithm_S2A_SSL_SIGN_RSA_PSS_RSAE_SHA256 SignatureAlgorithm = 7
SignatureAlgorithm_S2A_SSL_SIGN_RSA_PSS_RSAE_SHA384 SignatureAlgorithm = 8
SignatureAlgorithm_S2A_SSL_SIGN_RSA_PSS_RSAE_SHA512 SignatureAlgorithm = 9
// ED25519.
SignatureAlgorithm_S2A_SSL_SIGN_ED25519 SignatureAlgorithm = 10
)
func (SignatureAlgorithm) Descriptor() protoreflect.EnumDescriptor
func (x SignatureAlgorithm) Enum() *SignatureAlgorithm
func (SignatureAlgorithm) EnumDescriptor() ([]byte, []int)
Deprecated: Use SignatureAlgorithm.Descriptor instead.
func (x SignatureAlgorithm) Number() protoreflect.EnumNumber
func (x SignatureAlgorithm) String() string
func (SignatureAlgorithm) Type() protoreflect.EnumType
type Status struct {
// The status code that is specific to the application and the implementation
// of S2A, e.g., gRPC status code.
Code uint32 `protobuf:"varint,1,opt,name=code,proto3" json:"code,omitempty"`
// The status details.
Details string `protobuf:"bytes,2,opt,name=details,proto3" json:"details,omitempty"`
// contains filtered or unexported fields
}
func (*Status) Descriptor() ([]byte, []int)
Deprecated: Use Status.ProtoReflect.Descriptor instead.
func (x *Status) GetCode() uint32
func (x *Status) GetDetails() string
func (*Status) ProtoMessage()
func (x *Status) ProtoReflect() protoreflect.Message
func (x *Status) Reset()
func (x *Status) String() string
UnimplementedS2AServiceServer must be embedded to have forward compatible implementations.
type UnimplementedS2AServiceServer struct {
}
func (UnimplementedS2AServiceServer) SetUpSession(S2AService_SetUpSessionServer) error
UnsafeS2AServiceServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to S2AServiceServer will result in compilation errors.
type UnsafeS2AServiceServer interface {
// contains filtered or unexported methods
}
type ValidatePeerCertificateChainReq struct {
// The verification mode that S2A MUST use to validate the peer certificate
// chain.
Mode ValidatePeerCertificateChainReq_VerificationMode `protobuf:"varint,1,opt,name=mode,proto3,enum=s2a.proto.v2.ValidatePeerCertificateChainReq_VerificationMode" json:"mode,omitempty"`
// Types that are assignable to PeerOneof:
//
// *ValidatePeerCertificateChainReq_ClientPeer_
// *ValidatePeerCertificateChainReq_ServerPeer_
PeerOneof isValidatePeerCertificateChainReq_PeerOneof `protobuf_oneof:"peer_oneof"`
// contains filtered or unexported fields
}
func (*ValidatePeerCertificateChainReq) Descriptor() ([]byte, []int)
Deprecated: Use ValidatePeerCertificateChainReq.ProtoReflect.Descriptor instead.
func (x *ValidatePeerCertificateChainReq) GetClientPeer() *ValidatePeerCertificateChainReq_ClientPeer
func (x *ValidatePeerCertificateChainReq) GetMode() ValidatePeerCertificateChainReq_VerificationMode
func (m *ValidatePeerCertificateChainReq) GetPeerOneof() isValidatePeerCertificateChainReq_PeerOneof
func (x *ValidatePeerCertificateChainReq) GetServerPeer() *ValidatePeerCertificateChainReq_ServerPeer
func (*ValidatePeerCertificateChainReq) ProtoMessage()
func (x *ValidatePeerCertificateChainReq) ProtoReflect() protoreflect.Message
func (x *ValidatePeerCertificateChainReq) Reset()
func (x *ValidatePeerCertificateChainReq) String() string
type ValidatePeerCertificateChainReq_ClientPeer struct {
// The certificate chain to be verified. The chain MUST be a list of
// DER-encoded certificates, ordered from leaf to root, excluding the root.
CertificateChain [][]byte `protobuf:"bytes,1,rep,name=certificate_chain,json=certificateChain,proto3" json:"certificate_chain,omitempty"`
// contains filtered or unexported fields
}
func (*ValidatePeerCertificateChainReq_ClientPeer) Descriptor() ([]byte, []int)
Deprecated: Use ValidatePeerCertificateChainReq_ClientPeer.ProtoReflect.Descriptor instead.
func (x *ValidatePeerCertificateChainReq_ClientPeer) GetCertificateChain() [][]byte
func (*ValidatePeerCertificateChainReq_ClientPeer) ProtoMessage()
func (x *ValidatePeerCertificateChainReq_ClientPeer) ProtoReflect() protoreflect.Message
func (x *ValidatePeerCertificateChainReq_ClientPeer) Reset()
func (x *ValidatePeerCertificateChainReq_ClientPeer) String() string
type ValidatePeerCertificateChainReq_ClientPeer_ struct {
ClientPeer *ValidatePeerCertificateChainReq_ClientPeer `protobuf:"bytes,2,opt,name=client_peer,json=clientPeer,proto3,oneof"`
}
type ValidatePeerCertificateChainReq_ServerPeer struct {
// The certificate chain to be verified. The chain MUST be a list of
// DER-encoded certificates, ordered from leaf to root, excluding the root.
CertificateChain [][]byte `protobuf:"bytes,1,rep,name=certificate_chain,json=certificateChain,proto3" json:"certificate_chain,omitempty"`
// The expected hostname of the server.
ServerHostname string `protobuf:"bytes,2,opt,name=server_hostname,json=serverHostname,proto3" json:"server_hostname,omitempty"`
// The UnrestrictedClientPolicy specified by the user.
SerializedUnrestrictedClientPolicy []byte `protobuf:"bytes,3,opt,name=serialized_unrestricted_client_policy,json=serializedUnrestrictedClientPolicy,proto3" json:"serialized_unrestricted_client_policy,omitempty"`
// contains filtered or unexported fields
}
func (*ValidatePeerCertificateChainReq_ServerPeer) Descriptor() ([]byte, []int)
Deprecated: Use ValidatePeerCertificateChainReq_ServerPeer.ProtoReflect.Descriptor instead.
func (x *ValidatePeerCertificateChainReq_ServerPeer) GetCertificateChain() [][]byte
func (x *ValidatePeerCertificateChainReq_ServerPeer) GetSerializedUnrestrictedClientPolicy() []byte
func (x *ValidatePeerCertificateChainReq_ServerPeer) GetServerHostname() string
func (*ValidatePeerCertificateChainReq_ServerPeer) ProtoMessage()
func (x *ValidatePeerCertificateChainReq_ServerPeer) ProtoReflect() protoreflect.Message
func (x *ValidatePeerCertificateChainReq_ServerPeer) Reset()
func (x *ValidatePeerCertificateChainReq_ServerPeer) String() string
type ValidatePeerCertificateChainReq_ServerPeer_ struct {
ServerPeer *ValidatePeerCertificateChainReq_ServerPeer `protobuf:"bytes,3,opt,name=server_peer,json=serverPeer,proto3,oneof"`
}
type ValidatePeerCertificateChainReq_VerificationMode int32
const (
// The default verification mode supported by S2A.
ValidatePeerCertificateChainReq_UNSPECIFIED ValidatePeerCertificateChainReq_VerificationMode = 0
// The SPIFFE verification mode selects the set of trusted certificates to
// use for path building based on the SPIFFE trust domain in the peer's leaf
// certificate.
ValidatePeerCertificateChainReq_SPIFFE ValidatePeerCertificateChainReq_VerificationMode = 1
// The connect-to-Google verification mode uses the trust bundle for
// connecting to Google, e.g. *.mtls.googleapis.com endpoints.
ValidatePeerCertificateChainReq_CONNECT_TO_GOOGLE ValidatePeerCertificateChainReq_VerificationMode = 2
)
func (ValidatePeerCertificateChainReq_VerificationMode) Descriptor() protoreflect.EnumDescriptor
func (x ValidatePeerCertificateChainReq_VerificationMode) Enum() *ValidatePeerCertificateChainReq_VerificationMode
func (ValidatePeerCertificateChainReq_VerificationMode) EnumDescriptor() ([]byte, []int)
Deprecated: Use ValidatePeerCertificateChainReq_VerificationMode.Descriptor instead.
func (x ValidatePeerCertificateChainReq_VerificationMode) Number() protoreflect.EnumNumber
func (x ValidatePeerCertificateChainReq_VerificationMode) String() string
func (ValidatePeerCertificateChainReq_VerificationMode) Type() protoreflect.EnumType
type ValidatePeerCertificateChainResp struct {
// The result of validating the peer certificate chain.
ValidationResult ValidatePeerCertificateChainResp_ValidationResult `protobuf:"varint,1,opt,name=validation_result,json=validationResult,proto3,enum=s2a.proto.v2.ValidatePeerCertificateChainResp_ValidationResult" json:"validation_result,omitempty"`
// The validation details. This field is only populated when the validation
// result is NOT SUCCESS.
ValidationDetails string `protobuf:"bytes,2,opt,name=validation_details,json=validationDetails,proto3" json:"validation_details,omitempty"`
// The S2A context contains information from the peer certificate chain.
//
// The S2A context MAY be populated even if validation of the peer certificate
// chain fails.
Context *s2a_context_go_proto.S2AContext `protobuf:"bytes,3,opt,name=context,proto3" json:"context,omitempty"`
// contains filtered or unexported fields
}
func (*ValidatePeerCertificateChainResp) Descriptor() ([]byte, []int)
Deprecated: Use ValidatePeerCertificateChainResp.ProtoReflect.Descriptor instead.
func (x *ValidatePeerCertificateChainResp) GetContext() *s2a_context_go_proto.S2AContext
func (x *ValidatePeerCertificateChainResp) GetValidationDetails() string
func (x *ValidatePeerCertificateChainResp) GetValidationResult() ValidatePeerCertificateChainResp_ValidationResult
func (*ValidatePeerCertificateChainResp) ProtoMessage()
func (x *ValidatePeerCertificateChainResp) ProtoReflect() protoreflect.Message
func (x *ValidatePeerCertificateChainResp) Reset()
func (x *ValidatePeerCertificateChainResp) String() string
type ValidatePeerCertificateChainResp_ValidationResult int32
const (
ValidatePeerCertificateChainResp_UNSPECIFIED ValidatePeerCertificateChainResp_ValidationResult = 0
ValidatePeerCertificateChainResp_SUCCESS ValidatePeerCertificateChainResp_ValidationResult = 1
ValidatePeerCertificateChainResp_FAILURE ValidatePeerCertificateChainResp_ValidationResult = 2
)
func (ValidatePeerCertificateChainResp_ValidationResult) Descriptor() protoreflect.EnumDescriptor
func (x ValidatePeerCertificateChainResp_ValidationResult) Enum() *ValidatePeerCertificateChainResp_ValidationResult
func (ValidatePeerCertificateChainResp_ValidationResult) EnumDescriptor() ([]byte, []int)
Deprecated: Use ValidatePeerCertificateChainResp_ValidationResult.Descriptor instead.
func (x ValidatePeerCertificateChainResp_ValidationResult) Number() protoreflect.EnumNumber
func (x ValidatePeerCertificateChainResp_ValidationResult) String() string
func (ValidatePeerCertificateChainResp_ValidationResult) Type() protoreflect.EnumType