protobug_sigstore_protos 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/lib/protobug_sigstore_protos.rb +11 -0
- data/lib/sigstore/bundle/v1/sigstore_bundle_pb.rb +244 -0
- data/lib/sigstore/common/v1/sigstore_common_pb.rb +441 -0
- data/lib/sigstore/dsse/envelope_pb.rb +77 -0
- data/lib/sigstore/events/events_pb.rb +194 -0
- data/lib/sigstore/rekor/v1/sigstore_rekor_pb.rb +252 -0
- data/lib/sigstore/trustroot/v1/sigstore_trustroot_pb.rb +346 -0
- data/lib/sigstore/verification/v1/sigstore_verification_pb.rb +365 -0
- metadata +95 -0
@@ -0,0 +1,441 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# Code generated by protoc-gen-protobug. DO NOT EDIT.
|
4
|
+
|
5
|
+
# source: sigstore_common.proto
|
6
|
+
# syntax: proto3
|
7
|
+
# package: dev.sigstore.common.v1
|
8
|
+
# options:
|
9
|
+
# java_package: "dev.sigstore.proto.common.v1"
|
10
|
+
# java_outer_classname: "CommonProto"
|
11
|
+
# java_multiple_files: true
|
12
|
+
# go_package: "github.com/sigstore/protobuf-specs/gen/pb-go/common/v1"
|
13
|
+
# ruby_package: "Sigstore::Common::V1"
|
14
|
+
|
15
|
+
# Copyright 2022 The Sigstore Authors.
|
16
|
+
#
|
17
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
18
|
+
# you may not use this file except in compliance with the License.
|
19
|
+
# You may obtain a copy of the License at
|
20
|
+
#
|
21
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
22
|
+
#
|
23
|
+
# Unless required by applicable law or agreed to in writing, software
|
24
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
25
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
26
|
+
# See the License for the specific language governing permissions and
|
27
|
+
# limitations under the License.
|
28
|
+
|
29
|
+
require "protobug"
|
30
|
+
|
31
|
+
require "google/api/field_behavior_pb"
|
32
|
+
require "google/protobuf/timestamp_pb"
|
33
|
+
|
34
|
+
module Sigstore
|
35
|
+
module Common
|
36
|
+
module V1
|
37
|
+
# This package defines commonly used message types within the Sigstore
|
38
|
+
# community.
|
39
|
+
|
40
|
+
# Only a subset of the secure hash standard algorithms are supported.
|
41
|
+
# See <https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf> for more
|
42
|
+
# details.
|
43
|
+
# UNSPECIFIED SHOULD not be used, primary reason for inclusion is to force
|
44
|
+
# any proto JSON serialization to emit the used hash algorithm, as default
|
45
|
+
# option is to *omit* the default value of an enum (which is the first
|
46
|
+
# value, represented by '0'.
|
47
|
+
class HashAlgorithm
|
48
|
+
extend Protobug::Enum
|
49
|
+
|
50
|
+
self.full_name = "dev.sigstore.common.v1.HashAlgorithm"
|
51
|
+
|
52
|
+
HASH_ALGORITHM_UNSPECIFIED = new("HASH_ALGORITHM_UNSPECIFIED", 0).freeze
|
53
|
+
SHA2_256 = new("SHA2_256", 1).freeze
|
54
|
+
SHA2_384 = new("SHA2_384", 2).freeze
|
55
|
+
SHA2_512 = new("SHA2_512", 3).freeze
|
56
|
+
SHA3_256 = new("SHA3_256", 4).freeze
|
57
|
+
SHA3_384 = new("SHA3_384", 5).freeze
|
58
|
+
end
|
59
|
+
|
60
|
+
# Details of a specific public key, capturing the the key encoding method,
|
61
|
+
# and signature algorithm.
|
62
|
+
#
|
63
|
+
# PublicKeyDetails captures the public key/hash algorithm combinations
|
64
|
+
# recommended in the Sigstore ecosystem.
|
65
|
+
#
|
66
|
+
# This is modelled as a linear set as we want to provide a small number of
|
67
|
+
# opinionated options instead of allowing every possible permutation.
|
68
|
+
#
|
69
|
+
# Any changes to this enum MUST be reflected in the algorithm registry.
|
70
|
+
# See: docs/algorithm-registry.md
|
71
|
+
#
|
72
|
+
# To avoid the possibility of contradicting formats such as PKCS1 with
|
73
|
+
# ED25519 the valid permutations are listed as a linear set instead of a
|
74
|
+
# cartesian set (i.e one combined variable instead of two, one for encoding
|
75
|
+
# and one for the signature algorithm).
|
76
|
+
class PublicKeyDetails
|
77
|
+
extend Protobug::Enum
|
78
|
+
|
79
|
+
self.full_name = "dev.sigstore.common.v1.PublicKeyDetails"
|
80
|
+
|
81
|
+
PUBLIC_KEY_DETAILS_UNSPECIFIED = new(
|
82
|
+
"PUBLIC_KEY_DETAILS_UNSPECIFIED",
|
83
|
+
0
|
84
|
+
).freeze
|
85
|
+
# RSA
|
86
|
+
PKCS1_RSA_PKCS1V5 = new("PKCS1_RSA_PKCS1V5", 1).freeze # See RFC8017
|
87
|
+
PKCS1_RSA_PSS = new("PKCS1_RSA_PSS", 2).freeze # See RFC8017
|
88
|
+
PKIX_RSA_PKCS1V5 = new("PKIX_RSA_PKCS1V5", 3).freeze
|
89
|
+
PKIX_RSA_PSS = new("PKIX_RSA_PSS", 4).freeze
|
90
|
+
# RSA public key in PKIX format, PKCS#1v1.5 signature
|
91
|
+
PKIX_RSA_PKCS1V15_2048_SHA256 = new(
|
92
|
+
"PKIX_RSA_PKCS1V15_2048_SHA256",
|
93
|
+
9
|
94
|
+
).freeze
|
95
|
+
PKIX_RSA_PKCS1V15_3072_SHA256 = new(
|
96
|
+
"PKIX_RSA_PKCS1V15_3072_SHA256",
|
97
|
+
10
|
98
|
+
).freeze
|
99
|
+
PKIX_RSA_PKCS1V15_4096_SHA256 = new(
|
100
|
+
"PKIX_RSA_PKCS1V15_4096_SHA256",
|
101
|
+
11
|
102
|
+
).freeze
|
103
|
+
# RSA public key in PKIX format, RSASSA-PSS signature
|
104
|
+
PKIX_RSA_PSS_2048_SHA256 = new(
|
105
|
+
"PKIX_RSA_PSS_2048_SHA256",
|
106
|
+
16
|
107
|
+
).freeze # See RFC4055
|
108
|
+
PKIX_RSA_PSS_3072_SHA256 = new("PKIX_RSA_PSS_3072_SHA256", 17).freeze
|
109
|
+
PKIX_RSA_PSS_4096_SHA256 = new("PKIX_RSA_PSS_4096_SHA256", 18).freeze
|
110
|
+
# ECDSA
|
111
|
+
PKIX_ECDSA_P256_HMAC_SHA_256 = new(
|
112
|
+
"PKIX_ECDSA_P256_HMAC_SHA_256",
|
113
|
+
6
|
114
|
+
).freeze # See RFC6979
|
115
|
+
PKIX_ECDSA_P256_SHA_256 = new(
|
116
|
+
"PKIX_ECDSA_P256_SHA_256",
|
117
|
+
5
|
118
|
+
).freeze # See NIST FIPS 186-4
|
119
|
+
PKIX_ECDSA_P384_SHA_384 = new("PKIX_ECDSA_P384_SHA_384", 12).freeze
|
120
|
+
PKIX_ECDSA_P521_SHA_512 = new("PKIX_ECDSA_P521_SHA_512", 13).freeze
|
121
|
+
# Ed 25519
|
122
|
+
PKIX_ED25519 = new("PKIX_ED25519", 7).freeze # See RFC8032
|
123
|
+
PKIX_ED25519_PH = new("PKIX_ED25519_PH", 8).freeze
|
124
|
+
# LMS and LM-OTS
|
125
|
+
#
|
126
|
+
# These keys and signatures may be used by private Sigstore
|
127
|
+
# deployments, but are not currently supported by the public
|
128
|
+
# good instance.
|
129
|
+
#
|
130
|
+
# USER WARNING: LMS and LM-OTS are both stateful signature schemes.
|
131
|
+
# Using them correctly requires discretion and careful consideration
|
132
|
+
# to ensure that individual secret keys are not used more than once.
|
133
|
+
# In addition, LM-OTS is a single-use scheme, meaning that it
|
134
|
+
# MUST NOT be used for more than one signature per LM-OTS key.
|
135
|
+
# If you cannot maintain these invariants, you MUST NOT use these
|
136
|
+
# schemes.
|
137
|
+
LMS_SHA256 = new("LMS_SHA256", 14).freeze
|
138
|
+
LMOTS_SHA256 = new("LMOTS_SHA256", 15).freeze
|
139
|
+
|
140
|
+
reserved_range(19..49)
|
141
|
+
end
|
142
|
+
|
143
|
+
# HashOutput captures a digest of a 'message' (generic octet sequence)
|
144
|
+
# and the corresponding hash algorithm used.
|
145
|
+
class HashOutput
|
146
|
+
extend Protobug::Message
|
147
|
+
|
148
|
+
self.full_name = "dev.sigstore.common.v1.HashOutput"
|
149
|
+
|
150
|
+
optional(
|
151
|
+
1,
|
152
|
+
"algorithm",
|
153
|
+
type: :enum,
|
154
|
+
enum_type: "dev.sigstore.common.v1.HashAlgorithm",
|
155
|
+
proto3_optional: false
|
156
|
+
)
|
157
|
+
# This is the raw octets of the message digest as computed by
|
158
|
+
# the hash algorithm.
|
159
|
+
optional(2, "digest", type: :bytes, proto3_optional: false)
|
160
|
+
end
|
161
|
+
|
162
|
+
# MessageSignature stores the computed signature over a message.
|
163
|
+
class MessageSignature
|
164
|
+
extend Protobug::Message
|
165
|
+
|
166
|
+
self.full_name = "dev.sigstore.common.v1.MessageSignature"
|
167
|
+
|
168
|
+
# Message digest can be used to identify the artifact.
|
169
|
+
# Clients MUST NOT attempt to use this digest to verify the associated
|
170
|
+
# signature; it is intended solely for identification.
|
171
|
+
optional(
|
172
|
+
1,
|
173
|
+
"message_digest",
|
174
|
+
type: :message,
|
175
|
+
message_type: "dev.sigstore.common.v1.HashOutput",
|
176
|
+
json_name: "messageDigest",
|
177
|
+
proto3_optional: false
|
178
|
+
)
|
179
|
+
# The raw bytes as returned from the signature algorithm.
|
180
|
+
# The signature algorithm (and so the format of the signature bytes)
|
181
|
+
# are determined by the contents of the 'verification_material',
|
182
|
+
# either a key-pair or a certificate. If using a certificate, the
|
183
|
+
# certificate contains the required information on the signature
|
184
|
+
# algorithm.
|
185
|
+
# When using a key pair, the algorithm MUST be part of the public
|
186
|
+
# key, which MUST be communicated out-of-band.
|
187
|
+
optional(2, "signature", type: :bytes, proto3_optional: false)
|
188
|
+
end
|
189
|
+
|
190
|
+
# LogId captures the identity of a transparency log.
|
191
|
+
class LogId
|
192
|
+
extend Protobug::Message
|
193
|
+
|
194
|
+
self.full_name = "dev.sigstore.common.v1.LogId"
|
195
|
+
|
196
|
+
# The unique identity of the log, represented by its public key.
|
197
|
+
optional(
|
198
|
+
1,
|
199
|
+
"key_id",
|
200
|
+
type: :bytes,
|
201
|
+
json_name: "keyId",
|
202
|
+
proto3_optional: false
|
203
|
+
)
|
204
|
+
end
|
205
|
+
|
206
|
+
# This message holds a RFC 3161 timestamp.
|
207
|
+
class RFC3161SignedTimestamp
|
208
|
+
extend Protobug::Message
|
209
|
+
|
210
|
+
self.full_name = "dev.sigstore.common.v1.RFC3161SignedTimestamp"
|
211
|
+
|
212
|
+
# Signed timestamp is the DER encoded TimeStampResponse.
|
213
|
+
# See https://www.rfc-editor.org/rfc/rfc3161.html#section-2.4.2
|
214
|
+
optional(
|
215
|
+
1,
|
216
|
+
"signed_timestamp",
|
217
|
+
type: :bytes,
|
218
|
+
json_name: "signedTimestamp",
|
219
|
+
proto3_optional: false
|
220
|
+
)
|
221
|
+
end
|
222
|
+
|
223
|
+
class PublicKey
|
224
|
+
extend Protobug::Message
|
225
|
+
|
226
|
+
self.full_name = "dev.sigstore.common.v1.PublicKey"
|
227
|
+
|
228
|
+
# DER-encoded public key, encoding method is specified by the
|
229
|
+
# key_details attribute.
|
230
|
+
optional(1, "raw_bytes", type: :bytes, json_name: "rawBytes")
|
231
|
+
# Key encoding and signature algorithm to use for this key.
|
232
|
+
optional(
|
233
|
+
2,
|
234
|
+
"key_details",
|
235
|
+
type: :enum,
|
236
|
+
enum_type: "dev.sigstore.common.v1.PublicKeyDetails",
|
237
|
+
json_name: "keyDetails",
|
238
|
+
proto3_optional: false
|
239
|
+
)
|
240
|
+
# Optional validity period for this key, *inclusive* of the endpoints.
|
241
|
+
optional(
|
242
|
+
3,
|
243
|
+
"valid_for",
|
244
|
+
type: :message,
|
245
|
+
message_type: "dev.sigstore.common.v1.TimeRange",
|
246
|
+
json_name: "validFor"
|
247
|
+
)
|
248
|
+
end
|
249
|
+
|
250
|
+
# PublicKeyIdentifier can be used to identify an (out of band) delivered
|
251
|
+
# key, to verify a signature.
|
252
|
+
class PublicKeyIdentifier
|
253
|
+
extend Protobug::Message
|
254
|
+
|
255
|
+
self.full_name = "dev.sigstore.common.v1.PublicKeyIdentifier"
|
256
|
+
|
257
|
+
# Optional unauthenticated hint on which key to use.
|
258
|
+
# The format of the hint must be agreed upon out of band by the
|
259
|
+
# signer and the verifiers, and so is not subject to this
|
260
|
+
# specification.
|
261
|
+
# Example use-case is to specify the public key to use, from a
|
262
|
+
# trusted key-ring.
|
263
|
+
# Implementors are RECOMMENDED to derive the value from the public
|
264
|
+
# key as described in RFC 6962.
|
265
|
+
# See: <https://www.rfc-editor.org/rfc/rfc6962#section-3.2>
|
266
|
+
optional(1, "hint", type: :string, proto3_optional: false)
|
267
|
+
end
|
268
|
+
|
269
|
+
# An ASN.1 OBJECT IDENTIFIER
|
270
|
+
class ObjectIdentifier
|
271
|
+
extend Protobug::Message
|
272
|
+
|
273
|
+
self.full_name = "dev.sigstore.common.v1.ObjectIdentifier"
|
274
|
+
|
275
|
+
repeated(1, "id", type: :int32, packed: true)
|
276
|
+
end
|
277
|
+
|
278
|
+
# An OID and the corresponding (byte) value.
|
279
|
+
class ObjectIdentifierValuePair
|
280
|
+
extend Protobug::Message
|
281
|
+
|
282
|
+
self.full_name = "dev.sigstore.common.v1.ObjectIdentifierValuePair"
|
283
|
+
|
284
|
+
optional(
|
285
|
+
1,
|
286
|
+
"oid",
|
287
|
+
type: :message,
|
288
|
+
message_type: "dev.sigstore.common.v1.ObjectIdentifier",
|
289
|
+
proto3_optional: false
|
290
|
+
)
|
291
|
+
optional(2, "value", type: :bytes, proto3_optional: false)
|
292
|
+
end
|
293
|
+
|
294
|
+
class DistinguishedName
|
295
|
+
extend Protobug::Message
|
296
|
+
|
297
|
+
self.full_name = "dev.sigstore.common.v1.DistinguishedName"
|
298
|
+
|
299
|
+
optional(1, "organization", type: :string, proto3_optional: false)
|
300
|
+
optional(
|
301
|
+
2,
|
302
|
+
"common_name",
|
303
|
+
type: :string,
|
304
|
+
json_name: "commonName",
|
305
|
+
proto3_optional: false
|
306
|
+
)
|
307
|
+
end
|
308
|
+
|
309
|
+
class X509Certificate
|
310
|
+
extend Protobug::Message
|
311
|
+
|
312
|
+
self.full_name = "dev.sigstore.common.v1.X509Certificate"
|
313
|
+
|
314
|
+
# DER-encoded X.509 certificate.
|
315
|
+
optional(
|
316
|
+
1,
|
317
|
+
"raw_bytes",
|
318
|
+
type: :bytes,
|
319
|
+
json_name: "rawBytes",
|
320
|
+
proto3_optional: false
|
321
|
+
)
|
322
|
+
end
|
323
|
+
|
324
|
+
class SubjectAlternativeNameType
|
325
|
+
extend Protobug::Enum
|
326
|
+
|
327
|
+
self.full_name = "dev.sigstore.common.v1.SubjectAlternativeNameType"
|
328
|
+
|
329
|
+
SUBJECT_ALTERNATIVE_NAME_TYPE_UNSPECIFIED = new(
|
330
|
+
"SUBJECT_ALTERNATIVE_NAME_TYPE_UNSPECIFIED",
|
331
|
+
0
|
332
|
+
).freeze
|
333
|
+
EMAIL = new("EMAIL", 1).freeze
|
334
|
+
URI = new("URI", 2).freeze
|
335
|
+
# OID 1.3.6.1.4.1.57264.1.7
|
336
|
+
# See https://github.com/sigstore/fulcio/blob/main/docs/oid-info.md#1361415726417--othername-san
|
337
|
+
# for more details.
|
338
|
+
OTHER_NAME = new("OTHER_NAME", 3).freeze
|
339
|
+
end
|
340
|
+
|
341
|
+
class SubjectAlternativeName
|
342
|
+
extend Protobug::Message
|
343
|
+
|
344
|
+
self.full_name = "dev.sigstore.common.v1.SubjectAlternativeName"
|
345
|
+
|
346
|
+
optional(
|
347
|
+
1,
|
348
|
+
"type",
|
349
|
+
type: :enum,
|
350
|
+
enum_type: "dev.sigstore.common.v1.SubjectAlternativeNameType",
|
351
|
+
proto3_optional: false
|
352
|
+
)
|
353
|
+
# A regular expression describing the expected value for
|
354
|
+
# the SAN.
|
355
|
+
optional(
|
356
|
+
2,
|
357
|
+
"regexp",
|
358
|
+
type: :string,
|
359
|
+
oneof: :identity,
|
360
|
+
proto3_optional: false
|
361
|
+
)
|
362
|
+
# The exact value to match against.
|
363
|
+
optional(
|
364
|
+
3,
|
365
|
+
"value",
|
366
|
+
type: :string,
|
367
|
+
oneof: :identity,
|
368
|
+
proto3_optional: false
|
369
|
+
)
|
370
|
+
end
|
371
|
+
|
372
|
+
# A collection of X.509 certificates.
|
373
|
+
#
|
374
|
+
# This "chain" can be used in multiple contexts, such as providing a root CA
|
375
|
+
# certificate within a TUF root of trust or multiple untrusted certificates for
|
376
|
+
# the purpose of chain building.
|
377
|
+
class X509CertificateChain
|
378
|
+
extend Protobug::Message
|
379
|
+
|
380
|
+
self.full_name = "dev.sigstore.common.v1.X509CertificateChain"
|
381
|
+
|
382
|
+
# One or more DER-encoded certificates.
|
383
|
+
#
|
384
|
+
# In some contexts (such as `VerificationMaterial.x509_certificate_chain`), this sequence
|
385
|
+
# has an imposed order. Unless explicitly specified, there is otherwise no
|
386
|
+
# guaranteed order.
|
387
|
+
repeated(
|
388
|
+
1,
|
389
|
+
"certificates",
|
390
|
+
type: :message,
|
391
|
+
message_type: "dev.sigstore.common.v1.X509Certificate"
|
392
|
+
)
|
393
|
+
end
|
394
|
+
|
395
|
+
# The time range is closed and includes both the start and end times,
|
396
|
+
# (i.e., [start, end]).
|
397
|
+
# End is optional to be able to capture a period that has started but
|
398
|
+
# has no known end.
|
399
|
+
class TimeRange
|
400
|
+
extend Protobug::Message
|
401
|
+
|
402
|
+
self.full_name = "dev.sigstore.common.v1.TimeRange"
|
403
|
+
|
404
|
+
optional(
|
405
|
+
1,
|
406
|
+
"start",
|
407
|
+
type: :message,
|
408
|
+
message_type: "google.protobuf.Timestamp",
|
409
|
+
proto3_optional: false
|
410
|
+
)
|
411
|
+
optional(
|
412
|
+
2,
|
413
|
+
"end",
|
414
|
+
type: :message,
|
415
|
+
message_type: "google.protobuf.Timestamp"
|
416
|
+
)
|
417
|
+
end
|
418
|
+
|
419
|
+
def self.register_sigstore_common_protos(registry)
|
420
|
+
Google::Api.register_field_behavior_protos(registry)
|
421
|
+
Google::Protobuf.register_timestamp_protos(registry)
|
422
|
+
registry.register(Sigstore::Common::V1::HashAlgorithm)
|
423
|
+
registry.register(Sigstore::Common::V1::PublicKeyDetails)
|
424
|
+
registry.register(Sigstore::Common::V1::HashOutput)
|
425
|
+
registry.register(Sigstore::Common::V1::MessageSignature)
|
426
|
+
registry.register(Sigstore::Common::V1::LogId)
|
427
|
+
registry.register(Sigstore::Common::V1::RFC3161SignedTimestamp)
|
428
|
+
registry.register(Sigstore::Common::V1::PublicKey)
|
429
|
+
registry.register(Sigstore::Common::V1::PublicKeyIdentifier)
|
430
|
+
registry.register(Sigstore::Common::V1::ObjectIdentifier)
|
431
|
+
registry.register(Sigstore::Common::V1::ObjectIdentifierValuePair)
|
432
|
+
registry.register(Sigstore::Common::V1::DistinguishedName)
|
433
|
+
registry.register(Sigstore::Common::V1::X509Certificate)
|
434
|
+
registry.register(Sigstore::Common::V1::SubjectAlternativeNameType)
|
435
|
+
registry.register(Sigstore::Common::V1::SubjectAlternativeName)
|
436
|
+
registry.register(Sigstore::Common::V1::X509CertificateChain)
|
437
|
+
registry.register(Sigstore::Common::V1::TimeRange)
|
438
|
+
end
|
439
|
+
end
|
440
|
+
end
|
441
|
+
end
|
@@ -0,0 +1,77 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# Code generated by protoc-gen-protobug. DO NOT EDIT.
|
4
|
+
|
5
|
+
# source: envelope.proto
|
6
|
+
# syntax: proto3
|
7
|
+
# package: io.intoto
|
8
|
+
# options:
|
9
|
+
# go_package: "github.com/sigstore/protobuf-specs/gen/pb-go/dsse"
|
10
|
+
# ruby_package: "Sigstore::DSSE"
|
11
|
+
|
12
|
+
# https://raw.githubusercontent.com/secure-systems-lab/dsse/9c813476bd36de70a5738c72e784f123ecea16af/envelope.proto
|
13
|
+
|
14
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
15
|
+
# you may not use this file except in compliance with the License.
|
16
|
+
# You may obtain a copy of the License at
|
17
|
+
#
|
18
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
19
|
+
#
|
20
|
+
# Unless required by applicable law or agreed to in writing, software
|
21
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
22
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
23
|
+
# See the License for the specific language governing permissions and
|
24
|
+
# limitations under the License.
|
25
|
+
|
26
|
+
require "protobug"
|
27
|
+
|
28
|
+
module Sigstore
|
29
|
+
module DSSE
|
30
|
+
# An authenticated message of arbitrary type.
|
31
|
+
class Envelope
|
32
|
+
extend Protobug::Message
|
33
|
+
|
34
|
+
self.full_name = "io.intoto.Envelope"
|
35
|
+
|
36
|
+
# Message to be signed. (In JSON, this is encoded as base64.)
|
37
|
+
# REQUIRED.
|
38
|
+
optional(1, "payload", type: :bytes, proto3_optional: false)
|
39
|
+
# String unambiguously identifying how to interpret payload.
|
40
|
+
# REQUIRED.
|
41
|
+
optional(2, "payloadType", type: :string, proto3_optional: false)
|
42
|
+
# Signature over:
|
43
|
+
# PAE(type, payload)
|
44
|
+
# Where PAE is defined as:
|
45
|
+
# PAE(type, payload) = "DSSEv1" + SP + LEN(type) + SP + type + SP + LEN(payload) + SP + payload
|
46
|
+
# + = concatenation
|
47
|
+
# SP = ASCII space [0x20]
|
48
|
+
# "DSSEv1" = ASCII [0x44, 0x53, 0x53, 0x45, 0x76, 0x31]
|
49
|
+
# LEN(s) = ASCII decimal encoding of the byte length of s, with no leading zeros
|
50
|
+
# REQUIRED (length >= 1).
|
51
|
+
repeated(
|
52
|
+
3,
|
53
|
+
"signatures",
|
54
|
+
type: :message,
|
55
|
+
message_type: "io.intoto.Signature"
|
56
|
+
)
|
57
|
+
end
|
58
|
+
|
59
|
+
class Signature
|
60
|
+
extend Protobug::Message
|
61
|
+
|
62
|
+
self.full_name = "io.intoto.Signature"
|
63
|
+
|
64
|
+
# Signature itself. (In JSON, this is encoded as base64.)
|
65
|
+
# REQUIRED.
|
66
|
+
optional(1, "sig", type: :bytes, proto3_optional: false)
|
67
|
+
# *Unauthenticated* hint identifying which public key was used.
|
68
|
+
# OPTIONAL.
|
69
|
+
optional(2, "keyid", type: :string, proto3_optional: false)
|
70
|
+
end
|
71
|
+
|
72
|
+
def self.register_envelope_protos(registry)
|
73
|
+
registry.register(Sigstore::DSSE::Envelope)
|
74
|
+
registry.register(Sigstore::DSSE::Signature)
|
75
|
+
end
|
76
|
+
end
|
77
|
+
end
|
@@ -0,0 +1,194 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# Code generated by protoc-gen-protobug. DO NOT EDIT.
|
4
|
+
|
5
|
+
# source: events.proto
|
6
|
+
# syntax: proto3
|
7
|
+
# package: dev.sigstore.events.v1
|
8
|
+
# options:
|
9
|
+
# java_package: "dev.sigstore.proto.events.v1"
|
10
|
+
# java_multiple_files: true
|
11
|
+
# go_package: "github.com/sigstore/protobuf-specs/gen/pb-go/events/v1"
|
12
|
+
# ruby_package: "Sigstore::Events"
|
13
|
+
|
14
|
+
# https://github.com/cloudevents/spec/blob/v1.0.2/cloudevents/formats/cloudevents.proto
|
15
|
+
|
16
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
17
|
+
# you may not use this file except in compliance with the License.
|
18
|
+
# You may obtain a copy of the License at
|
19
|
+
#
|
20
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
21
|
+
#
|
22
|
+
# Unless required by applicable law or agreed to in writing, software
|
23
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
24
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
25
|
+
# See the License for the specific language governing permissions and
|
26
|
+
# limitations under the License.
|
27
|
+
|
28
|
+
# *
|
29
|
+
# CloudEvent Protobuf Format
|
30
|
+
#
|
31
|
+
# - Required context attributes are explicity represented.
|
32
|
+
# - Optional and Extension context attributes are carried in a map structure.
|
33
|
+
# - Data may be represented as binary, text, or protobuf messages.
|
34
|
+
|
35
|
+
require "protobug"
|
36
|
+
|
37
|
+
require "google/protobuf/any_pb"
|
38
|
+
require "google/protobuf/timestamp_pb"
|
39
|
+
|
40
|
+
module Sigstore
|
41
|
+
module Events
|
42
|
+
class CloudEvent
|
43
|
+
extend Protobug::Message
|
44
|
+
|
45
|
+
self.full_name = "dev.sigstore.events.v1.CloudEvent"
|
46
|
+
|
47
|
+
# -- CloudEvent Context Attributes
|
48
|
+
|
49
|
+
# Required Attributes
|
50
|
+
optional(1, "id", type: :string, proto3_optional: false)
|
51
|
+
optional(
|
52
|
+
2,
|
53
|
+
"source",
|
54
|
+
type: :string,
|
55
|
+
proto3_optional: false
|
56
|
+
) # URI-reference
|
57
|
+
optional(
|
58
|
+
3,
|
59
|
+
"spec_version",
|
60
|
+
type: :string,
|
61
|
+
json_name: "specVersion",
|
62
|
+
proto3_optional: false
|
63
|
+
)
|
64
|
+
optional(4, "type", type: :string, proto3_optional: false)
|
65
|
+
# Optional & Extension Attributes
|
66
|
+
map(
|
67
|
+
5,
|
68
|
+
"attributes",
|
69
|
+
key_type: :string,
|
70
|
+
value_type: :message,
|
71
|
+
message_type:
|
72
|
+
"dev.sigstore.events.v1.CloudEvent.CloudEventAttributeValue"
|
73
|
+
)
|
74
|
+
# -- CloudEvent Data (Bytes, Text, or Proto)
|
75
|
+
|
76
|
+
optional(
|
77
|
+
6,
|
78
|
+
"binary_data",
|
79
|
+
type: :bytes,
|
80
|
+
json_name: "binaryData",
|
81
|
+
oneof: :data,
|
82
|
+
proto3_optional: false
|
83
|
+
)
|
84
|
+
optional(
|
85
|
+
7,
|
86
|
+
"text_data",
|
87
|
+
type: :string,
|
88
|
+
json_name: "textData",
|
89
|
+
oneof: :data,
|
90
|
+
proto3_optional: false
|
91
|
+
)
|
92
|
+
optional(
|
93
|
+
8,
|
94
|
+
"proto_data",
|
95
|
+
type: :message,
|
96
|
+
message_type: "google.protobuf.Any",
|
97
|
+
json_name: "protoData",
|
98
|
+
oneof: :data,
|
99
|
+
proto3_optional: false
|
100
|
+
)
|
101
|
+
# *
|
102
|
+
# The CloudEvent specification defines
|
103
|
+
# seven attribute value types...
|
104
|
+
|
105
|
+
class CloudEventAttributeValue
|
106
|
+
extend Protobug::Message
|
107
|
+
|
108
|
+
self.full_name = "dev.sigstore.events.v1.CloudEvent.CloudEventAttributeValue"
|
109
|
+
|
110
|
+
optional(
|
111
|
+
1,
|
112
|
+
"ce_boolean",
|
113
|
+
type: :bool,
|
114
|
+
json_name: "ceBoolean",
|
115
|
+
oneof: :attr,
|
116
|
+
proto3_optional: false
|
117
|
+
)
|
118
|
+
optional(
|
119
|
+
2,
|
120
|
+
"ce_integer",
|
121
|
+
type: :int32,
|
122
|
+
json_name: "ceInteger",
|
123
|
+
oneof: :attr,
|
124
|
+
proto3_optional: false
|
125
|
+
)
|
126
|
+
optional(
|
127
|
+
3,
|
128
|
+
"ce_string",
|
129
|
+
type: :string,
|
130
|
+
json_name: "ceString",
|
131
|
+
oneof: :attr,
|
132
|
+
proto3_optional: false
|
133
|
+
)
|
134
|
+
optional(
|
135
|
+
4,
|
136
|
+
"ce_bytes",
|
137
|
+
type: :bytes,
|
138
|
+
json_name: "ceBytes",
|
139
|
+
oneof: :attr,
|
140
|
+
proto3_optional: false
|
141
|
+
)
|
142
|
+
optional(
|
143
|
+
5,
|
144
|
+
"ce_uri",
|
145
|
+
type: :string,
|
146
|
+
json_name: "ceUri",
|
147
|
+
oneof: :attr,
|
148
|
+
proto3_optional: false
|
149
|
+
)
|
150
|
+
optional(
|
151
|
+
6,
|
152
|
+
"ce_uri_ref",
|
153
|
+
type: :string,
|
154
|
+
json_name: "ceUriRef",
|
155
|
+
oneof: :attr,
|
156
|
+
proto3_optional: false
|
157
|
+
)
|
158
|
+
optional(
|
159
|
+
7,
|
160
|
+
"ce_timestamp",
|
161
|
+
type: :message,
|
162
|
+
message_type: "google.protobuf.Timestamp",
|
163
|
+
json_name: "ceTimestamp",
|
164
|
+
oneof: :attr,
|
165
|
+
proto3_optional: false
|
166
|
+
)
|
167
|
+
end
|
168
|
+
end
|
169
|
+
|
170
|
+
# *
|
171
|
+
# CloudEvent Protobuf Batch Format
|
172
|
+
|
173
|
+
class CloudEventBatch
|
174
|
+
extend Protobug::Message
|
175
|
+
|
176
|
+
self.full_name = "dev.sigstore.events.v1.CloudEventBatch"
|
177
|
+
|
178
|
+
repeated(
|
179
|
+
1,
|
180
|
+
"events",
|
181
|
+
type: :message,
|
182
|
+
message_type: "dev.sigstore.events.v1.CloudEvent"
|
183
|
+
)
|
184
|
+
end
|
185
|
+
|
186
|
+
def self.register_events_protos(registry)
|
187
|
+
Google::Protobuf.register_any_protos(registry)
|
188
|
+
Google::Protobuf.register_timestamp_protos(registry)
|
189
|
+
registry.register(Sigstore::Events::CloudEvent)
|
190
|
+
registry.register(Sigstore::Events::CloudEvent::CloudEventAttributeValue)
|
191
|
+
registry.register(Sigstore::Events::CloudEventBatch)
|
192
|
+
end
|
193
|
+
end
|
194
|
+
end
|