protobug_sigstore_protos 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/lib/protobug_sigstore_protos.rb +11 -0
- data/lib/sigstore/bundle/v1/sigstore_bundle_pb.rb +244 -0
- data/lib/sigstore/common/v1/sigstore_common_pb.rb +441 -0
- data/lib/sigstore/dsse/envelope_pb.rb +77 -0
- data/lib/sigstore/events/events_pb.rb +194 -0
- data/lib/sigstore/rekor/v1/sigstore_rekor_pb.rb +252 -0
- data/lib/sigstore/trustroot/v1/sigstore_trustroot_pb.rb +346 -0
- data/lib/sigstore/verification/v1/sigstore_verification_pb.rb +365 -0
- metadata +95 -0
@@ -0,0 +1,441 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# Code generated by protoc-gen-protobug. DO NOT EDIT.
|
4
|
+
|
5
|
+
# source: sigstore_common.proto
|
6
|
+
# syntax: proto3
|
7
|
+
# package: dev.sigstore.common.v1
|
8
|
+
# options:
|
9
|
+
# java_package: "dev.sigstore.proto.common.v1"
|
10
|
+
# java_outer_classname: "CommonProto"
|
11
|
+
# java_multiple_files: true
|
12
|
+
# go_package: "github.com/sigstore/protobuf-specs/gen/pb-go/common/v1"
|
13
|
+
# ruby_package: "Sigstore::Common::V1"
|
14
|
+
|
15
|
+
# Copyright 2022 The Sigstore Authors.
|
16
|
+
#
|
17
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
18
|
+
# you may not use this file except in compliance with the License.
|
19
|
+
# You may obtain a copy of the License at
|
20
|
+
#
|
21
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
22
|
+
#
|
23
|
+
# Unless required by applicable law or agreed to in writing, software
|
24
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
25
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
26
|
+
# See the License for the specific language governing permissions and
|
27
|
+
# limitations under the License.
|
28
|
+
|
29
|
+
require "protobug"
|
30
|
+
|
31
|
+
require "google/api/field_behavior_pb"
|
32
|
+
require "google/protobuf/timestamp_pb"
|
33
|
+
|
34
|
+
module Sigstore
|
35
|
+
module Common
|
36
|
+
module V1
|
37
|
+
# This package defines commonly used message types within the Sigstore
|
38
|
+
# community.
|
39
|
+
|
40
|
+
# Only a subset of the secure hash standard algorithms are supported.
|
41
|
+
# See <https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf> for more
|
42
|
+
# details.
|
43
|
+
# UNSPECIFIED SHOULD not be used, primary reason for inclusion is to force
|
44
|
+
# any proto JSON serialization to emit the used hash algorithm, as default
|
45
|
+
# option is to *omit* the default value of an enum (which is the first
|
46
|
+
# value, represented by '0'.
|
47
|
+
class HashAlgorithm
|
48
|
+
extend Protobug::Enum
|
49
|
+
|
50
|
+
self.full_name = "dev.sigstore.common.v1.HashAlgorithm"
|
51
|
+
|
52
|
+
HASH_ALGORITHM_UNSPECIFIED = new("HASH_ALGORITHM_UNSPECIFIED", 0).freeze
|
53
|
+
SHA2_256 = new("SHA2_256", 1).freeze
|
54
|
+
SHA2_384 = new("SHA2_384", 2).freeze
|
55
|
+
SHA2_512 = new("SHA2_512", 3).freeze
|
56
|
+
SHA3_256 = new("SHA3_256", 4).freeze
|
57
|
+
SHA3_384 = new("SHA3_384", 5).freeze
|
58
|
+
end
|
59
|
+
|
60
|
+
# Details of a specific public key, capturing the the key encoding method,
|
61
|
+
# and signature algorithm.
|
62
|
+
#
|
63
|
+
# PublicKeyDetails captures the public key/hash algorithm combinations
|
64
|
+
# recommended in the Sigstore ecosystem.
|
65
|
+
#
|
66
|
+
# This is modelled as a linear set as we want to provide a small number of
|
67
|
+
# opinionated options instead of allowing every possible permutation.
|
68
|
+
#
|
69
|
+
# Any changes to this enum MUST be reflected in the algorithm registry.
|
70
|
+
# See: docs/algorithm-registry.md
|
71
|
+
#
|
72
|
+
# To avoid the possibility of contradicting formats such as PKCS1 with
|
73
|
+
# ED25519 the valid permutations are listed as a linear set instead of a
|
74
|
+
# cartesian set (i.e one combined variable instead of two, one for encoding
|
75
|
+
# and one for the signature algorithm).
|
76
|
+
class PublicKeyDetails
|
77
|
+
extend Protobug::Enum
|
78
|
+
|
79
|
+
self.full_name = "dev.sigstore.common.v1.PublicKeyDetails"
|
80
|
+
|
81
|
+
PUBLIC_KEY_DETAILS_UNSPECIFIED = new(
|
82
|
+
"PUBLIC_KEY_DETAILS_UNSPECIFIED",
|
83
|
+
0
|
84
|
+
).freeze
|
85
|
+
# RSA
|
86
|
+
PKCS1_RSA_PKCS1V5 = new("PKCS1_RSA_PKCS1V5", 1).freeze # See RFC8017
|
87
|
+
PKCS1_RSA_PSS = new("PKCS1_RSA_PSS", 2).freeze # See RFC8017
|
88
|
+
PKIX_RSA_PKCS1V5 = new("PKIX_RSA_PKCS1V5", 3).freeze
|
89
|
+
PKIX_RSA_PSS = new("PKIX_RSA_PSS", 4).freeze
|
90
|
+
# RSA public key in PKIX format, PKCS#1v1.5 signature
|
91
|
+
PKIX_RSA_PKCS1V15_2048_SHA256 = new(
|
92
|
+
"PKIX_RSA_PKCS1V15_2048_SHA256",
|
93
|
+
9
|
94
|
+
).freeze
|
95
|
+
PKIX_RSA_PKCS1V15_3072_SHA256 = new(
|
96
|
+
"PKIX_RSA_PKCS1V15_3072_SHA256",
|
97
|
+
10
|
98
|
+
).freeze
|
99
|
+
PKIX_RSA_PKCS1V15_4096_SHA256 = new(
|
100
|
+
"PKIX_RSA_PKCS1V15_4096_SHA256",
|
101
|
+
11
|
102
|
+
).freeze
|
103
|
+
# RSA public key in PKIX format, RSASSA-PSS signature
|
104
|
+
PKIX_RSA_PSS_2048_SHA256 = new(
|
105
|
+
"PKIX_RSA_PSS_2048_SHA256",
|
106
|
+
16
|
107
|
+
).freeze # See RFC4055
|
108
|
+
PKIX_RSA_PSS_3072_SHA256 = new("PKIX_RSA_PSS_3072_SHA256", 17).freeze
|
109
|
+
PKIX_RSA_PSS_4096_SHA256 = new("PKIX_RSA_PSS_4096_SHA256", 18).freeze
|
110
|
+
# ECDSA
|
111
|
+
PKIX_ECDSA_P256_HMAC_SHA_256 = new(
|
112
|
+
"PKIX_ECDSA_P256_HMAC_SHA_256",
|
113
|
+
6
|
114
|
+
).freeze # See RFC6979
|
115
|
+
PKIX_ECDSA_P256_SHA_256 = new(
|
116
|
+
"PKIX_ECDSA_P256_SHA_256",
|
117
|
+
5
|
118
|
+
).freeze # See NIST FIPS 186-4
|
119
|
+
PKIX_ECDSA_P384_SHA_384 = new("PKIX_ECDSA_P384_SHA_384", 12).freeze
|
120
|
+
PKIX_ECDSA_P521_SHA_512 = new("PKIX_ECDSA_P521_SHA_512", 13).freeze
|
121
|
+
# Ed 25519
|
122
|
+
PKIX_ED25519 = new("PKIX_ED25519", 7).freeze # See RFC8032
|
123
|
+
PKIX_ED25519_PH = new("PKIX_ED25519_PH", 8).freeze
|
124
|
+
# LMS and LM-OTS
|
125
|
+
#
|
126
|
+
# These keys and signatures may be used by private Sigstore
|
127
|
+
# deployments, but are not currently supported by the public
|
128
|
+
# good instance.
|
129
|
+
#
|
130
|
+
# USER WARNING: LMS and LM-OTS are both stateful signature schemes.
|
131
|
+
# Using them correctly requires discretion and careful consideration
|
132
|
+
# to ensure that individual secret keys are not used more than once.
|
133
|
+
# In addition, LM-OTS is a single-use scheme, meaning that it
|
134
|
+
# MUST NOT be used for more than one signature per LM-OTS key.
|
135
|
+
# If you cannot maintain these invariants, you MUST NOT use these
|
136
|
+
# schemes.
|
137
|
+
LMS_SHA256 = new("LMS_SHA256", 14).freeze
|
138
|
+
LMOTS_SHA256 = new("LMOTS_SHA256", 15).freeze
|
139
|
+
|
140
|
+
reserved_range(19..49)
|
141
|
+
end
|
142
|
+
|
143
|
+
# HashOutput captures a digest of a 'message' (generic octet sequence)
|
144
|
+
# and the corresponding hash algorithm used.
|
145
|
+
class HashOutput
|
146
|
+
extend Protobug::Message
|
147
|
+
|
148
|
+
self.full_name = "dev.sigstore.common.v1.HashOutput"
|
149
|
+
|
150
|
+
optional(
|
151
|
+
1,
|
152
|
+
"algorithm",
|
153
|
+
type: :enum,
|
154
|
+
enum_type: "dev.sigstore.common.v1.HashAlgorithm",
|
155
|
+
proto3_optional: false
|
156
|
+
)
|
157
|
+
# This is the raw octets of the message digest as computed by
|
158
|
+
# the hash algorithm.
|
159
|
+
optional(2, "digest", type: :bytes, proto3_optional: false)
|
160
|
+
end
|
161
|
+
|
162
|
+
# MessageSignature stores the computed signature over a message.
|
163
|
+
class MessageSignature
|
164
|
+
extend Protobug::Message
|
165
|
+
|
166
|
+
self.full_name = "dev.sigstore.common.v1.MessageSignature"
|
167
|
+
|
168
|
+
# Message digest can be used to identify the artifact.
|
169
|
+
# Clients MUST NOT attempt to use this digest to verify the associated
|
170
|
+
# signature; it is intended solely for identification.
|
171
|
+
optional(
|
172
|
+
1,
|
173
|
+
"message_digest",
|
174
|
+
type: :message,
|
175
|
+
message_type: "dev.sigstore.common.v1.HashOutput",
|
176
|
+
json_name: "messageDigest",
|
177
|
+
proto3_optional: false
|
178
|
+
)
|
179
|
+
# The raw bytes as returned from the signature algorithm.
|
180
|
+
# The signature algorithm (and so the format of the signature bytes)
|
181
|
+
# are determined by the contents of the 'verification_material',
|
182
|
+
# either a key-pair or a certificate. If using a certificate, the
|
183
|
+
# certificate contains the required information on the signature
|
184
|
+
# algorithm.
|
185
|
+
# When using a key pair, the algorithm MUST be part of the public
|
186
|
+
# key, which MUST be communicated out-of-band.
|
187
|
+
optional(2, "signature", type: :bytes, proto3_optional: false)
|
188
|
+
end
|
189
|
+
|
190
|
+
# LogId captures the identity of a transparency log.
|
191
|
+
class LogId
|
192
|
+
extend Protobug::Message
|
193
|
+
|
194
|
+
self.full_name = "dev.sigstore.common.v1.LogId"
|
195
|
+
|
196
|
+
# The unique identity of the log, represented by its public key.
|
197
|
+
optional(
|
198
|
+
1,
|
199
|
+
"key_id",
|
200
|
+
type: :bytes,
|
201
|
+
json_name: "keyId",
|
202
|
+
proto3_optional: false
|
203
|
+
)
|
204
|
+
end
|
205
|
+
|
206
|
+
# This message holds a RFC 3161 timestamp.
|
207
|
+
class RFC3161SignedTimestamp
|
208
|
+
extend Protobug::Message
|
209
|
+
|
210
|
+
self.full_name = "dev.sigstore.common.v1.RFC3161SignedTimestamp"
|
211
|
+
|
212
|
+
# Signed timestamp is the DER encoded TimeStampResponse.
|
213
|
+
# See https://www.rfc-editor.org/rfc/rfc3161.html#section-2.4.2
|
214
|
+
optional(
|
215
|
+
1,
|
216
|
+
"signed_timestamp",
|
217
|
+
type: :bytes,
|
218
|
+
json_name: "signedTimestamp",
|
219
|
+
proto3_optional: false
|
220
|
+
)
|
221
|
+
end
|
222
|
+
|
223
|
+
class PublicKey
|
224
|
+
extend Protobug::Message
|
225
|
+
|
226
|
+
self.full_name = "dev.sigstore.common.v1.PublicKey"
|
227
|
+
|
228
|
+
# DER-encoded public key, encoding method is specified by the
|
229
|
+
# key_details attribute.
|
230
|
+
optional(1, "raw_bytes", type: :bytes, json_name: "rawBytes")
|
231
|
+
# Key encoding and signature algorithm to use for this key.
|
232
|
+
optional(
|
233
|
+
2,
|
234
|
+
"key_details",
|
235
|
+
type: :enum,
|
236
|
+
enum_type: "dev.sigstore.common.v1.PublicKeyDetails",
|
237
|
+
json_name: "keyDetails",
|
238
|
+
proto3_optional: false
|
239
|
+
)
|
240
|
+
# Optional validity period for this key, *inclusive* of the endpoints.
|
241
|
+
optional(
|
242
|
+
3,
|
243
|
+
"valid_for",
|
244
|
+
type: :message,
|
245
|
+
message_type: "dev.sigstore.common.v1.TimeRange",
|
246
|
+
json_name: "validFor"
|
247
|
+
)
|
248
|
+
end
|
249
|
+
|
250
|
+
# PublicKeyIdentifier can be used to identify an (out of band) delivered
|
251
|
+
# key, to verify a signature.
|
252
|
+
class PublicKeyIdentifier
|
253
|
+
extend Protobug::Message
|
254
|
+
|
255
|
+
self.full_name = "dev.sigstore.common.v1.PublicKeyIdentifier"
|
256
|
+
|
257
|
+
# Optional unauthenticated hint on which key to use.
|
258
|
+
# The format of the hint must be agreed upon out of band by the
|
259
|
+
# signer and the verifiers, and so is not subject to this
|
260
|
+
# specification.
|
261
|
+
# Example use-case is to specify the public key to use, from a
|
262
|
+
# trusted key-ring.
|
263
|
+
# Implementors are RECOMMENDED to derive the value from the public
|
264
|
+
# key as described in RFC 6962.
|
265
|
+
# See: <https://www.rfc-editor.org/rfc/rfc6962#section-3.2>
|
266
|
+
optional(1, "hint", type: :string, proto3_optional: false)
|
267
|
+
end
|
268
|
+
|
269
|
+
# An ASN.1 OBJECT IDENTIFIER
|
270
|
+
class ObjectIdentifier
|
271
|
+
extend Protobug::Message
|
272
|
+
|
273
|
+
self.full_name = "dev.sigstore.common.v1.ObjectIdentifier"
|
274
|
+
|
275
|
+
repeated(1, "id", type: :int32, packed: true)
|
276
|
+
end
|
277
|
+
|
278
|
+
# An OID and the corresponding (byte) value.
|
279
|
+
class ObjectIdentifierValuePair
|
280
|
+
extend Protobug::Message
|
281
|
+
|
282
|
+
self.full_name = "dev.sigstore.common.v1.ObjectIdentifierValuePair"
|
283
|
+
|
284
|
+
optional(
|
285
|
+
1,
|
286
|
+
"oid",
|
287
|
+
type: :message,
|
288
|
+
message_type: "dev.sigstore.common.v1.ObjectIdentifier",
|
289
|
+
proto3_optional: false
|
290
|
+
)
|
291
|
+
optional(2, "value", type: :bytes, proto3_optional: false)
|
292
|
+
end
|
293
|
+
|
294
|
+
class DistinguishedName
|
295
|
+
extend Protobug::Message
|
296
|
+
|
297
|
+
self.full_name = "dev.sigstore.common.v1.DistinguishedName"
|
298
|
+
|
299
|
+
optional(1, "organization", type: :string, proto3_optional: false)
|
300
|
+
optional(
|
301
|
+
2,
|
302
|
+
"common_name",
|
303
|
+
type: :string,
|
304
|
+
json_name: "commonName",
|
305
|
+
proto3_optional: false
|
306
|
+
)
|
307
|
+
end
|
308
|
+
|
309
|
+
class X509Certificate
|
310
|
+
extend Protobug::Message
|
311
|
+
|
312
|
+
self.full_name = "dev.sigstore.common.v1.X509Certificate"
|
313
|
+
|
314
|
+
# DER-encoded X.509 certificate.
|
315
|
+
optional(
|
316
|
+
1,
|
317
|
+
"raw_bytes",
|
318
|
+
type: :bytes,
|
319
|
+
json_name: "rawBytes",
|
320
|
+
proto3_optional: false
|
321
|
+
)
|
322
|
+
end
|
323
|
+
|
324
|
+
class SubjectAlternativeNameType
|
325
|
+
extend Protobug::Enum
|
326
|
+
|
327
|
+
self.full_name = "dev.sigstore.common.v1.SubjectAlternativeNameType"
|
328
|
+
|
329
|
+
SUBJECT_ALTERNATIVE_NAME_TYPE_UNSPECIFIED = new(
|
330
|
+
"SUBJECT_ALTERNATIVE_NAME_TYPE_UNSPECIFIED",
|
331
|
+
0
|
332
|
+
).freeze
|
333
|
+
EMAIL = new("EMAIL", 1).freeze
|
334
|
+
URI = new("URI", 2).freeze
|
335
|
+
# OID 1.3.6.1.4.1.57264.1.7
|
336
|
+
# See https://github.com/sigstore/fulcio/blob/main/docs/oid-info.md#1361415726417--othername-san
|
337
|
+
# for more details.
|
338
|
+
OTHER_NAME = new("OTHER_NAME", 3).freeze
|
339
|
+
end
|
340
|
+
|
341
|
+
class SubjectAlternativeName
|
342
|
+
extend Protobug::Message
|
343
|
+
|
344
|
+
self.full_name = "dev.sigstore.common.v1.SubjectAlternativeName"
|
345
|
+
|
346
|
+
optional(
|
347
|
+
1,
|
348
|
+
"type",
|
349
|
+
type: :enum,
|
350
|
+
enum_type: "dev.sigstore.common.v1.SubjectAlternativeNameType",
|
351
|
+
proto3_optional: false
|
352
|
+
)
|
353
|
+
# A regular expression describing the expected value for
|
354
|
+
# the SAN.
|
355
|
+
optional(
|
356
|
+
2,
|
357
|
+
"regexp",
|
358
|
+
type: :string,
|
359
|
+
oneof: :identity,
|
360
|
+
proto3_optional: false
|
361
|
+
)
|
362
|
+
# The exact value to match against.
|
363
|
+
optional(
|
364
|
+
3,
|
365
|
+
"value",
|
366
|
+
type: :string,
|
367
|
+
oneof: :identity,
|
368
|
+
proto3_optional: false
|
369
|
+
)
|
370
|
+
end
|
371
|
+
|
372
|
+
# A collection of X.509 certificates.
|
373
|
+
#
|
374
|
+
# This "chain" can be used in multiple contexts, such as providing a root CA
|
375
|
+
# certificate within a TUF root of trust or multiple untrusted certificates for
|
376
|
+
# the purpose of chain building.
|
377
|
+
class X509CertificateChain
|
378
|
+
extend Protobug::Message
|
379
|
+
|
380
|
+
self.full_name = "dev.sigstore.common.v1.X509CertificateChain"
|
381
|
+
|
382
|
+
# One or more DER-encoded certificates.
|
383
|
+
#
|
384
|
+
# In some contexts (such as `VerificationMaterial.x509_certificate_chain`), this sequence
|
385
|
+
# has an imposed order. Unless explicitly specified, there is otherwise no
|
386
|
+
# guaranteed order.
|
387
|
+
repeated(
|
388
|
+
1,
|
389
|
+
"certificates",
|
390
|
+
type: :message,
|
391
|
+
message_type: "dev.sigstore.common.v1.X509Certificate"
|
392
|
+
)
|
393
|
+
end
|
394
|
+
|
395
|
+
# The time range is closed and includes both the start and end times,
|
396
|
+
# (i.e., [start, end]).
|
397
|
+
# End is optional to be able to capture a period that has started but
|
398
|
+
# has no known end.
|
399
|
+
class TimeRange
|
400
|
+
extend Protobug::Message
|
401
|
+
|
402
|
+
self.full_name = "dev.sigstore.common.v1.TimeRange"
|
403
|
+
|
404
|
+
optional(
|
405
|
+
1,
|
406
|
+
"start",
|
407
|
+
type: :message,
|
408
|
+
message_type: "google.protobuf.Timestamp",
|
409
|
+
proto3_optional: false
|
410
|
+
)
|
411
|
+
optional(
|
412
|
+
2,
|
413
|
+
"end",
|
414
|
+
type: :message,
|
415
|
+
message_type: "google.protobuf.Timestamp"
|
416
|
+
)
|
417
|
+
end
|
418
|
+
|
419
|
+
def self.register_sigstore_common_protos(registry)
|
420
|
+
Google::Api.register_field_behavior_protos(registry)
|
421
|
+
Google::Protobuf.register_timestamp_protos(registry)
|
422
|
+
registry.register(Sigstore::Common::V1::HashAlgorithm)
|
423
|
+
registry.register(Sigstore::Common::V1::PublicKeyDetails)
|
424
|
+
registry.register(Sigstore::Common::V1::HashOutput)
|
425
|
+
registry.register(Sigstore::Common::V1::MessageSignature)
|
426
|
+
registry.register(Sigstore::Common::V1::LogId)
|
427
|
+
registry.register(Sigstore::Common::V1::RFC3161SignedTimestamp)
|
428
|
+
registry.register(Sigstore::Common::V1::PublicKey)
|
429
|
+
registry.register(Sigstore::Common::V1::PublicKeyIdentifier)
|
430
|
+
registry.register(Sigstore::Common::V1::ObjectIdentifier)
|
431
|
+
registry.register(Sigstore::Common::V1::ObjectIdentifierValuePair)
|
432
|
+
registry.register(Sigstore::Common::V1::DistinguishedName)
|
433
|
+
registry.register(Sigstore::Common::V1::X509Certificate)
|
434
|
+
registry.register(Sigstore::Common::V1::SubjectAlternativeNameType)
|
435
|
+
registry.register(Sigstore::Common::V1::SubjectAlternativeName)
|
436
|
+
registry.register(Sigstore::Common::V1::X509CertificateChain)
|
437
|
+
registry.register(Sigstore::Common::V1::TimeRange)
|
438
|
+
end
|
439
|
+
end
|
440
|
+
end
|
441
|
+
end
|
@@ -0,0 +1,77 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# Code generated by protoc-gen-protobug. DO NOT EDIT.
|
4
|
+
|
5
|
+
# source: envelope.proto
|
6
|
+
# syntax: proto3
|
7
|
+
# package: io.intoto
|
8
|
+
# options:
|
9
|
+
# go_package: "github.com/sigstore/protobuf-specs/gen/pb-go/dsse"
|
10
|
+
# ruby_package: "Sigstore::DSSE"
|
11
|
+
|
12
|
+
# https://raw.githubusercontent.com/secure-systems-lab/dsse/9c813476bd36de70a5738c72e784f123ecea16af/envelope.proto
|
13
|
+
|
14
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
15
|
+
# you may not use this file except in compliance with the License.
|
16
|
+
# You may obtain a copy of the License at
|
17
|
+
#
|
18
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
19
|
+
#
|
20
|
+
# Unless required by applicable law or agreed to in writing, software
|
21
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
22
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
23
|
+
# See the License for the specific language governing permissions and
|
24
|
+
# limitations under the License.
|
25
|
+
|
26
|
+
require "protobug"
|
27
|
+
|
28
|
+
module Sigstore
|
29
|
+
module DSSE
|
30
|
+
# An authenticated message of arbitrary type.
|
31
|
+
class Envelope
|
32
|
+
extend Protobug::Message
|
33
|
+
|
34
|
+
self.full_name = "io.intoto.Envelope"
|
35
|
+
|
36
|
+
# Message to be signed. (In JSON, this is encoded as base64.)
|
37
|
+
# REQUIRED.
|
38
|
+
optional(1, "payload", type: :bytes, proto3_optional: false)
|
39
|
+
# String unambiguously identifying how to interpret payload.
|
40
|
+
# REQUIRED.
|
41
|
+
optional(2, "payloadType", type: :string, proto3_optional: false)
|
42
|
+
# Signature over:
|
43
|
+
# PAE(type, payload)
|
44
|
+
# Where PAE is defined as:
|
45
|
+
# PAE(type, payload) = "DSSEv1" + SP + LEN(type) + SP + type + SP + LEN(payload) + SP + payload
|
46
|
+
# + = concatenation
|
47
|
+
# SP = ASCII space [0x20]
|
48
|
+
# "DSSEv1" = ASCII [0x44, 0x53, 0x53, 0x45, 0x76, 0x31]
|
49
|
+
# LEN(s) = ASCII decimal encoding of the byte length of s, with no leading zeros
|
50
|
+
# REQUIRED (length >= 1).
|
51
|
+
repeated(
|
52
|
+
3,
|
53
|
+
"signatures",
|
54
|
+
type: :message,
|
55
|
+
message_type: "io.intoto.Signature"
|
56
|
+
)
|
57
|
+
end
|
58
|
+
|
59
|
+
class Signature
|
60
|
+
extend Protobug::Message
|
61
|
+
|
62
|
+
self.full_name = "io.intoto.Signature"
|
63
|
+
|
64
|
+
# Signature itself. (In JSON, this is encoded as base64.)
|
65
|
+
# REQUIRED.
|
66
|
+
optional(1, "sig", type: :bytes, proto3_optional: false)
|
67
|
+
# *Unauthenticated* hint identifying which public key was used.
|
68
|
+
# OPTIONAL.
|
69
|
+
optional(2, "keyid", type: :string, proto3_optional: false)
|
70
|
+
end
|
71
|
+
|
72
|
+
def self.register_envelope_protos(registry)
|
73
|
+
registry.register(Sigstore::DSSE::Envelope)
|
74
|
+
registry.register(Sigstore::DSSE::Signature)
|
75
|
+
end
|
76
|
+
end
|
77
|
+
end
|
@@ -0,0 +1,194 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# Code generated by protoc-gen-protobug. DO NOT EDIT.
|
4
|
+
|
5
|
+
# source: events.proto
|
6
|
+
# syntax: proto3
|
7
|
+
# package: dev.sigstore.events.v1
|
8
|
+
# options:
|
9
|
+
# java_package: "dev.sigstore.proto.events.v1"
|
10
|
+
# java_multiple_files: true
|
11
|
+
# go_package: "github.com/sigstore/protobuf-specs/gen/pb-go/events/v1"
|
12
|
+
# ruby_package: "Sigstore::Events"
|
13
|
+
|
14
|
+
# https://github.com/cloudevents/spec/blob/v1.0.2/cloudevents/formats/cloudevents.proto
|
15
|
+
|
16
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
17
|
+
# you may not use this file except in compliance with the License.
|
18
|
+
# You may obtain a copy of the License at
|
19
|
+
#
|
20
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
21
|
+
#
|
22
|
+
# Unless required by applicable law or agreed to in writing, software
|
23
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
24
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
25
|
+
# See the License for the specific language governing permissions and
|
26
|
+
# limitations under the License.
|
27
|
+
|
28
|
+
# *
|
29
|
+
# CloudEvent Protobuf Format
|
30
|
+
#
|
31
|
+
# - Required context attributes are explicity represented.
|
32
|
+
# - Optional and Extension context attributes are carried in a map structure.
|
33
|
+
# - Data may be represented as binary, text, or protobuf messages.
|
34
|
+
|
35
|
+
require "protobug"
|
36
|
+
|
37
|
+
require "google/protobuf/any_pb"
|
38
|
+
require "google/protobuf/timestamp_pb"
|
39
|
+
|
40
|
+
module Sigstore
|
41
|
+
module Events
|
42
|
+
class CloudEvent
|
43
|
+
extend Protobug::Message
|
44
|
+
|
45
|
+
self.full_name = "dev.sigstore.events.v1.CloudEvent"
|
46
|
+
|
47
|
+
# -- CloudEvent Context Attributes
|
48
|
+
|
49
|
+
# Required Attributes
|
50
|
+
optional(1, "id", type: :string, proto3_optional: false)
|
51
|
+
optional(
|
52
|
+
2,
|
53
|
+
"source",
|
54
|
+
type: :string,
|
55
|
+
proto3_optional: false
|
56
|
+
) # URI-reference
|
57
|
+
optional(
|
58
|
+
3,
|
59
|
+
"spec_version",
|
60
|
+
type: :string,
|
61
|
+
json_name: "specVersion",
|
62
|
+
proto3_optional: false
|
63
|
+
)
|
64
|
+
optional(4, "type", type: :string, proto3_optional: false)
|
65
|
+
# Optional & Extension Attributes
|
66
|
+
map(
|
67
|
+
5,
|
68
|
+
"attributes",
|
69
|
+
key_type: :string,
|
70
|
+
value_type: :message,
|
71
|
+
message_type:
|
72
|
+
"dev.sigstore.events.v1.CloudEvent.CloudEventAttributeValue"
|
73
|
+
)
|
74
|
+
# -- CloudEvent Data (Bytes, Text, or Proto)
|
75
|
+
|
76
|
+
optional(
|
77
|
+
6,
|
78
|
+
"binary_data",
|
79
|
+
type: :bytes,
|
80
|
+
json_name: "binaryData",
|
81
|
+
oneof: :data,
|
82
|
+
proto3_optional: false
|
83
|
+
)
|
84
|
+
optional(
|
85
|
+
7,
|
86
|
+
"text_data",
|
87
|
+
type: :string,
|
88
|
+
json_name: "textData",
|
89
|
+
oneof: :data,
|
90
|
+
proto3_optional: false
|
91
|
+
)
|
92
|
+
optional(
|
93
|
+
8,
|
94
|
+
"proto_data",
|
95
|
+
type: :message,
|
96
|
+
message_type: "google.protobuf.Any",
|
97
|
+
json_name: "protoData",
|
98
|
+
oneof: :data,
|
99
|
+
proto3_optional: false
|
100
|
+
)
|
101
|
+
# *
|
102
|
+
# The CloudEvent specification defines
|
103
|
+
# seven attribute value types...
|
104
|
+
|
105
|
+
class CloudEventAttributeValue
|
106
|
+
extend Protobug::Message
|
107
|
+
|
108
|
+
self.full_name = "dev.sigstore.events.v1.CloudEvent.CloudEventAttributeValue"
|
109
|
+
|
110
|
+
optional(
|
111
|
+
1,
|
112
|
+
"ce_boolean",
|
113
|
+
type: :bool,
|
114
|
+
json_name: "ceBoolean",
|
115
|
+
oneof: :attr,
|
116
|
+
proto3_optional: false
|
117
|
+
)
|
118
|
+
optional(
|
119
|
+
2,
|
120
|
+
"ce_integer",
|
121
|
+
type: :int32,
|
122
|
+
json_name: "ceInteger",
|
123
|
+
oneof: :attr,
|
124
|
+
proto3_optional: false
|
125
|
+
)
|
126
|
+
optional(
|
127
|
+
3,
|
128
|
+
"ce_string",
|
129
|
+
type: :string,
|
130
|
+
json_name: "ceString",
|
131
|
+
oneof: :attr,
|
132
|
+
proto3_optional: false
|
133
|
+
)
|
134
|
+
optional(
|
135
|
+
4,
|
136
|
+
"ce_bytes",
|
137
|
+
type: :bytes,
|
138
|
+
json_name: "ceBytes",
|
139
|
+
oneof: :attr,
|
140
|
+
proto3_optional: false
|
141
|
+
)
|
142
|
+
optional(
|
143
|
+
5,
|
144
|
+
"ce_uri",
|
145
|
+
type: :string,
|
146
|
+
json_name: "ceUri",
|
147
|
+
oneof: :attr,
|
148
|
+
proto3_optional: false
|
149
|
+
)
|
150
|
+
optional(
|
151
|
+
6,
|
152
|
+
"ce_uri_ref",
|
153
|
+
type: :string,
|
154
|
+
json_name: "ceUriRef",
|
155
|
+
oneof: :attr,
|
156
|
+
proto3_optional: false
|
157
|
+
)
|
158
|
+
optional(
|
159
|
+
7,
|
160
|
+
"ce_timestamp",
|
161
|
+
type: :message,
|
162
|
+
message_type: "google.protobuf.Timestamp",
|
163
|
+
json_name: "ceTimestamp",
|
164
|
+
oneof: :attr,
|
165
|
+
proto3_optional: false
|
166
|
+
)
|
167
|
+
end
|
168
|
+
end
|
169
|
+
|
170
|
+
# *
|
171
|
+
# CloudEvent Protobuf Batch Format
|
172
|
+
|
173
|
+
class CloudEventBatch
|
174
|
+
extend Protobug::Message
|
175
|
+
|
176
|
+
self.full_name = "dev.sigstore.events.v1.CloudEventBatch"
|
177
|
+
|
178
|
+
repeated(
|
179
|
+
1,
|
180
|
+
"events",
|
181
|
+
type: :message,
|
182
|
+
message_type: "dev.sigstore.events.v1.CloudEvent"
|
183
|
+
)
|
184
|
+
end
|
185
|
+
|
186
|
+
def self.register_events_protos(registry)
|
187
|
+
Google::Protobuf.register_any_protos(registry)
|
188
|
+
Google::Protobuf.register_timestamp_protos(registry)
|
189
|
+
registry.register(Sigstore::Events::CloudEvent)
|
190
|
+
registry.register(Sigstore::Events::CloudEvent::CloudEventAttributeValue)
|
191
|
+
registry.register(Sigstore::Events::CloudEventBatch)
|
192
|
+
end
|
193
|
+
end
|
194
|
+
end
|