protobug_fulcio_protos 0.2.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 74b3a6b42eb4ce413c2336632938d49b758060253d1a6808b85dab530ee1986e
+  data.tar.gz: 3b23fa735a6b7e0ee535ffaec8159056bfc4ad292e2025925ba2c513462b46b9
+SHA512:
+  metadata.gz: 80d8d2b2513030e977722b8c3694e740d82d4cb05dfaf1b768a6f39300f9904a9720bc9b25b2ca03996b66943f2807165b7ec23defe6cfd6da0853a4458ccdb9
+  data.tar.gz: 71cca4c7bd0a1a6035b26d55ef216248a5e97ea789dbaa72fa1de87d7604887eddc72980c620cc4e12b9783846bdaa761876494f926550317b813c299c78bea6

data/lib/dev/sigstore/fulcio/v2/fulcio_pb.rb

@@ -0,0 +1,404 @@
+# frozen_string_literal: true
+
+# Code generated by protoc-gen-protobug. DO NOT EDIT.
+
+# source: fulcio.proto
+# syntax: proto3
+# package: dev.sigstore.fulcio.v2
+# options:
+#   java_package: "dev.sigstore.fulcio.v2"
+#   java_outer_classname: "FulcioProto"
+#   java_multiple_files: true
+#   go_package: "github.com/sigstore/fulcio/pkg/generated/protobuf"
+
+#
+#  Copyright 2022 The Sigstore Authors.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+
+require "protobug"
+
+require "google/api/annotations_pb"
+require "google/api/field_behavior_pb"
+require "grpc/gateway/protoc_gen_openapiv2/options/annotations_pb"
+
+module Dev
+  module Sigstore
+    module Fulcio
+      module V2
+        # For Fulcio developers: All features should be designed with HTTP support in
+        # mind, since some clients may access this API over HTTP rather than gRPC.
+        #
+        # If there's a feature that you think would negatively impact the HTTP API,
+        # open an issue to discuss.
+
+        class CA
+          # *
+          #  Returns an X.509 certificate created by the Fulcio certificate authority for the given request parameters
+          def create_signing_certificate(...)
+            raise(NotImplementedError)
+          end
+
+          # *
+          #  Returns the bundle of certificates that can be used to validate code signing certificates issued by this Fulcio instance
+          def get_trust_bundle(...)
+            raise(NotImplementedError)
+          end
+
+          # *
+          #  Returns the configuration of supported OIDC issuers, including the required challenge for each issuer.
+          def get_configuration(...)
+            raise(NotImplementedError)
+          end
+        end
+
+        class CreateSigningCertificateRequest
+          extend Protobug::Message
+
+          self.full_name = "dev.sigstore.fulcio.v2.CreateSigningCertificateRequest"
+
+          #
+          #  Identity information about who possesses the private / public key pair presented
+          optional(
+            1,
+            "credentials",
+            type: :message,
+            message_type: "dev.sigstore.fulcio.v2.Credentials",
+            proto3_optional: false
+          )
+          #
+          #  The public key to be stored in the requested certificate along with a signed
+          #  challenge as proof of possession of the private key.
+          optional(
+            2,
+            "public_key_request",
+            type: :message,
+            message_type: "dev.sigstore.fulcio.v2.PublicKeyRequest",
+            json_name: "publicKeyRequest",
+            oneof: :key,
+            proto3_optional: false
+          )
+          #
+          #  PKCS#10 PEM-encoded certificate signing request
+          #
+          #  Contains the public key to be stored in the requested certificate. All other CSR fields
+          #  are ignored. Since the CSR is self-signed, it also acts as a proof of possession of
+          #  the private key.
+          #
+          #  In particular, the CSR's subject name is not verified, or tested for
+          #  compatibility with its specified X.509 name type (e.g. email address).
+          optional(
+            3,
+            "certificate_signing_request",
+            type: :bytes,
+            json_name: "certificateSigningRequest",
+            oneof: :key,
+            proto3_optional: false
+          )
+        end
+
+        class Credentials
+          extend Protobug::Message
+
+          self.full_name = "dev.sigstore.fulcio.v2.Credentials"
+
+          #
+          #  The OIDC token that identifies the caller
+          optional(
+            1,
+            "oidc_identity_token",
+            type: :string,
+            json_name: "oidcIdentityToken",
+            oneof: :credentials,
+            proto3_optional: false
+          )
+        end
+
+        class PublicKeyRequest
+          extend Protobug::Message
+
+          self.full_name = "dev.sigstore.fulcio.v2.PublicKeyRequest"
+
+          #
+          #  The public key to be stored in the requested certificate
+          optional(
+            1,
+            "public_key",
+            type: :message,
+            message_type: "dev.sigstore.fulcio.v2.PublicKey",
+            json_name: "publicKey",
+            proto3_optional: false
+          )
+          #
+          #  Proof that the client possesses the private key; must be verifiable by provided public key
+          #
+          #  This is a currently a signature over the `sub` claim from the OIDC identity token
+          optional(
+            2,
+            "proof_of_possession",
+            type: :bytes,
+            json_name: "proofOfPossession",
+            proto3_optional: false
+          )
+        end
+
+        class PublicKey
+          extend Protobug::Message
+
+          self.full_name = "dev.sigstore.fulcio.v2.PublicKey"
+
+          #
+          #  The cryptographic algorithm to use with the key material
+          optional(
+            1,
+            "algorithm",
+            type: :enum,
+            enum_type: "dev.sigstore.fulcio.v2.PublicKeyAlgorithm",
+            proto3_optional: false
+          )
+          #
+          #  PKIX, ASN.1 DER or PEM-encoded public key. PEM is typically
+          #  of type PUBLIC KEY.
+          optional(2, "content", type: :string, proto3_optional: false)
+        end
+
+        class SigningCertificate
+          extend Protobug::Message
+
+          self.full_name = "dev.sigstore.fulcio.v2.SigningCertificate"
+
+          optional(
+            1,
+            "signed_certificate_detached_sct",
+            type: :message,
+            message_type:
+            "dev.sigstore.fulcio.v2.SigningCertificateDetachedSCT",
+            json_name: "signedCertificateDetachedSct",
+            oneof: :certificate,
+            proto3_optional: false
+          )
+          optional(
+            2,
+            "signed_certificate_embedded_sct",
+            type: :message,
+            message_type:
+            "dev.sigstore.fulcio.v2.SigningCertificateEmbeddedSCT",
+            json_name: "signedCertificateEmbeddedSct",
+            oneof: :certificate,
+            proto3_optional: false
+          )
+        end
+
+        # (-- api-linter: core::0142::time-field-type=disabled
+        #     aip.dev/not-precedent: SCT is defined in RFC6962 and we keep the name consistent for easier understanding. --)
+        class SigningCertificateDetachedSCT
+          extend Protobug::Message
+
+          self.full_name = "dev.sigstore.fulcio.v2.SigningCertificateDetachedSCT"
+
+          #
+          #  The certificate chain serialized with the leaf certificate first, followed
+          #  by all intermediate certificates (if present), finishing with the root certificate.
+          #
+          #  All values are PEM-encoded certificates.
+          optional(
+            1,
+            "chain",
+            type: :message,
+            message_type: "dev.sigstore.fulcio.v2.CertificateChain",
+            proto3_optional: false
+          )
+          #
+          #  The Signed Certificate Timestamp (SCT) is a promise for including the certificate in
+          #  a certificate transparency log. It can be "stapled" to verify the inclusion of
+          #  a certificate in the log in an offline fashion.
+          #
+          #  The SCT format is an AddChainResponse struct, defined in
+          #  https://github.com/google/certificate-transparency-go
+          optional(
+            2,
+            "signed_certificate_timestamp",
+            type: :bytes,
+            json_name: "signedCertificateTimestamp",
+            proto3_optional: false
+          )
+        end
+
+        class SigningCertificateEmbeddedSCT
+          extend Protobug::Message
+
+          self.full_name = "dev.sigstore.fulcio.v2.SigningCertificateEmbeddedSCT"
+
+          #
+          #  The certificate chain serialized with the leaf certificate first, followed
+          #  by all intermediate certificates (if present), finishing with the root certificate.
+          #
+          #  All values are PEM-encoded certificates.
+          #
+          #  The leaf certificate contains an embedded Signed Certificate Timestamp (SCT) to
+          #  verify inclusion of the certificate in a log. The SCT format is a SignedCertificateTimestampList,
+          #  as defined in https://datatracker.ietf.org/doc/html/rfc6962#section-3.3
+          optional(
+            1,
+            "chain",
+            type: :message,
+            message_type: "dev.sigstore.fulcio.v2.CertificateChain",
+            proto3_optional: false
+          )
+        end
+
+        # This is created for forward compatibility in case we want to add fields to the TrustBundle service in the future
+        class GetTrustBundleRequest
+          extend Protobug::Message
+
+          self.full_name = "dev.sigstore.fulcio.v2.GetTrustBundleRequest"
+        end
+
+        class TrustBundle
+          extend Protobug::Message
+
+          self.full_name = "dev.sigstore.fulcio.v2.TrustBundle"
+
+          #
+          #  The set of PEM-encoded certificate chains for this Fulcio instance; each chain will start with any
+          #  intermediate certificates (if present), finishing with the root certificate.
+          repeated(
+            1,
+            "chains",
+            type: :message,
+            message_type: "dev.sigstore.fulcio.v2.CertificateChain"
+          )
+        end
+
+        class CertificateChain
+          extend Protobug::Message
+
+          self.full_name = "dev.sigstore.fulcio.v2.CertificateChain"
+
+          #
+          #  The PEM-encoded certificate chain, ordered from leaf to intermediate to root as applicable.
+          repeated(1, "certificates", type: :string)
+        end
+
+        class PublicKeyAlgorithm
+          extend Protobug::Enum
+
+          self.full_name = "dev.sigstore.fulcio.v2.PublicKeyAlgorithm"
+
+          PUBLIC_KEY_ALGORITHM_UNSPECIFIED = new(
+            "PUBLIC_KEY_ALGORITHM_UNSPECIFIED",
+            0
+          ).freeze
+          RSA_PSS = new("RSA_PSS", 1).freeze
+          ECDSA = new("ECDSA", 2).freeze
+          ED25519 = new("ED25519", 3).freeze
+        end
+
+        # This is created for forward compatibility in case we want to add fields in the future.
+        class GetConfigurationRequest
+          extend Protobug::Message
+
+          self.full_name = "dev.sigstore.fulcio.v2.GetConfigurationRequest"
+        end
+
+        # The configuration for the Fulcio instance.
+        class Configuration
+          extend Protobug::Message
+
+          self.full_name = "dev.sigstore.fulcio.v2.Configuration"
+
+          # The OIDC issuers supported by this Fulcio instance.
+          repeated(
+            1,
+            "issuers",
+            type: :message,
+            message_type: "dev.sigstore.fulcio.v2.OIDCIssuer"
+          )
+        end
+
+        # Metadata about an OIDC issuer.
+        class OIDCIssuer
+          extend Protobug::Message
+
+          self.full_name = "dev.sigstore.fulcio.v2.OIDCIssuer"
+
+          # The URL of the OIDC issuer.
+          optional(
+            1,
+            "issuer_url",
+            type: :string,
+            json_name: "issuerUrl",
+            oneof: :issuer,
+            proto3_optional: false
+          )
+          # The URL of wildcard OIDC issuer, e.g. "https://oidc.eks.*.amazonaws.com/id/*".
+          # When comparing the issuer, the wildcards will be replaced by "[-_a-zA-Z0-9]+".
+          optional(
+            2,
+            "wildcard_issuer_url",
+            type: :string,
+            json_name: "wildcardIssuerUrl",
+            oneof: :issuer,
+            proto3_optional: false
+          )
+          # The expected audience of the OIDC token for the issuer.
+          optional(3, "audience", type: :string, proto3_optional: false)
+          # The OIDC claim that must be signed for a proof of possession challenge.
+          optional(
+            4,
+            "challenge_claim",
+            type: :string,
+            json_name: "challengeClaim",
+            proto3_optional: false
+          )
+          # The expected SPIFFE trust domain. Only present when the OIDC issuer issues tokens for SPIFFE identities.
+          optional(
+            5,
+            "spiffe_trust_domain",
+            type: :string,
+            json_name: "spiffeTrustDomain",
+            proto3_optional: false
+          )
+        end
+
+        def self.register_fulcio_protos(registry)
+          Google::Api.register_annotations_protos(registry)
+          Google::Api.register_field_behavior_protos(registry)
+          Grpc::Gateway::ProtocGenOpenapiv2::Options.register_annotations_protos(
+            registry
+          )
+          registry.register(
+            Dev::Sigstore::Fulcio::V2::CreateSigningCertificateRequest
+          )
+          registry.register(Dev::Sigstore::Fulcio::V2::Credentials)
+          registry.register(Dev::Sigstore::Fulcio::V2::PublicKeyRequest)
+          registry.register(Dev::Sigstore::Fulcio::V2::PublicKey)
+          registry.register(Dev::Sigstore::Fulcio::V2::SigningCertificate)
+          registry.register(
+            Dev::Sigstore::Fulcio::V2::SigningCertificateDetachedSCT
+          )
+          registry.register(
+            Dev::Sigstore::Fulcio::V2::SigningCertificateEmbeddedSCT
+          )
+          registry.register(Dev::Sigstore::Fulcio::V2::GetTrustBundleRequest)
+          registry.register(Dev::Sigstore::Fulcio::V2::TrustBundle)
+          registry.register(Dev::Sigstore::Fulcio::V2::CertificateChain)
+          registry.register(Dev::Sigstore::Fulcio::V2::PublicKeyAlgorithm)
+          registry.register(Dev::Sigstore::Fulcio::V2::GetConfigurationRequest)
+          registry.register(Dev::Sigstore::Fulcio::V2::Configuration)
+          registry.register(Dev::Sigstore::Fulcio::V2::OIDCIssuer)
+        end
+      end
+    end
+  end
+end

data/lib/protobug_fulcio_protos.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+require "protobug"
+
+require_relative "dev/sigstore/fulcio/v2/fulcio_pb"

metadata

@@ -0,0 +1,116 @@
+--- !ruby/object:Gem::Specification
+name: protobug_fulcio_protos
+version: !ruby/object:Gem::Version
+  version: 0.2.0
+platform: ruby
+authors:
+- Samuel Giddins
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2026-06-19 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: protobug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.2.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.2.0
+- !ruby/object:Gem::Dependency
+  name: protobug_well_known_protos
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.2.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.2.0
+- !ruby/object:Gem::Dependency
+  name: protobug_googleapis_field_behavior_protos
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.2.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.2.0
+- !ruby/object:Gem::Dependency
+  name: protobug_googleapis_annotations_protos
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.2.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.2.0
+- !ruby/object:Gem::Dependency
+  name: protobug_protoc_gen_openapiv2_protos
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.2.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.2.0
+description:
+email:
+- segiddins@segiddins.me
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/dev/sigstore/fulcio/v2/fulcio_pb.rb
+- lib/protobug_fulcio_protos.rb
+homepage: https://github.com/segiddins/protobug/blob/v0.2.0/gen/protobug_fulcio_protos
+licenses:
+- Unlicense
+metadata:
+  rubygems_mfa_required: 'true'
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 3.0.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.5.9
+signing_key:
+specification_version: 4
+summary: Compiled protos for protobug from https://github.com/sigstore/fulcio (fulcio_protos)
+test_files: []