protobug_sigstore_protos 0.1.0

data/lib/sigstore/rekor/v1/sigstore_rekor_pb.rb

@@ -0,0 +1,252 @@
+# frozen_string_literal: true
+
+# Code generated by protoc-gen-protobug. DO NOT EDIT.
+
+# source: sigstore_rekor.proto
+# syntax: proto3
+# package: dev.sigstore.rekor.v1
+# options:
+#   java_package: "dev.sigstore.proto.rekor.v1"
+#   java_outer_classname: "RekorProto"
+#   java_multiple_files: true
+#   go_package: "github.com/sigstore/protobuf-specs/gen/pb-go/rekor/v1"
+#   ruby_package: "Sigstore::Rekor::V1"
+
+# Copyright 2022 The Sigstore Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require "protobug"
+
+require "google/api/field_behavior_pb"
+
+require_relative "../../common/v1/sigstore_common_pb"
+
+module Sigstore
+  module Rekor
+    module V1
+      # KindVersion contains the entry's kind and api version.
+      class KindVersion
+        extend Protobug::Message
+
+        self.full_name = "dev.sigstore.rekor.v1.KindVersion"
+
+        # Kind is the type of entry being stored in the log.
+        # See here for a list: https://github.com/sigstore/rekor/tree/main/pkg/types
+        optional(1, "kind", type: :string, proto3_optional: false)
+        # The specific api version of the type.
+        optional(2, "version", type: :string, proto3_optional: false)
+      end
+
+      # The checkpoint MUST contain an origin string as a unique log identifier,
+      # the tree size, and the root hash. It MAY also be followed by optional data,
+      # and clients MUST NOT assume optional data. The checkpoint MUST also contain
+      # a signature over the root hash (tree head). The checkpoint MAY contain additional
+      # signatures, but the first SHOULD be the signature from the log. Checkpoint contents
+      # are concatenated with newlines into a single string.
+      # The checkpoint format is described in
+      # https://github.com/transparency-dev/formats/blob/main/log/README.md
+      # and https://github.com/C2SP/C2SP/blob/main/tlog-checkpoint.md.
+      # An example implementation can be found in https://github.com/sigstore/rekor/blob/main/pkg/util/signed_note.go
+      class Checkpoint
+        extend Protobug::Message
+
+        self.full_name = "dev.sigstore.rekor.v1.Checkpoint"
+
+        optional(1, "envelope", type: :string, proto3_optional: false)
+      end
+
+      # InclusionProof is the proof returned from the transparency log. Can
+      # be used for offline or online verification against the log.
+      class InclusionProof
+        extend Protobug::Message
+
+        self.full_name = "dev.sigstore.rekor.v1.InclusionProof"
+
+        # The index of the entry in the tree it was written to.
+        optional(
+          1,
+          "log_index",
+          type: :int64,
+          json_name: "logIndex",
+          proto3_optional: false
+        )
+        # The hash digest stored at the root of the merkle tree at the time
+        # the proof was generated.
+        optional(
+          2,
+          "root_hash",
+          type: :bytes,
+          json_name: "rootHash",
+          proto3_optional: false
+        )
+        # The size of the merkle tree at the time the proof was generated.
+        optional(
+          3,
+          "tree_size",
+          type: :int64,
+          json_name: "treeSize",
+          proto3_optional: false
+        )
+        # A list of hashes required to compute the inclusion proof, sorted
+        # in order from leaf to root.
+        # Note that leaf and root hashes are not included.
+        # The root hash is available separately in this message, and the
+        # leaf hash should be calculated by the client.
+        repeated(4, "hashes", type: :bytes)
+        # Signature of the tree head, as of the time of this proof was
+        # generated. See above info on 'Checkpoint' for more details.
+        optional(
+          5,
+          "checkpoint",
+          type: :message,
+          message_type: "dev.sigstore.rekor.v1.Checkpoint",
+          proto3_optional: false
+        )
+      end
+
+      # The inclusion promise is calculated by Rekor. It's calculated as a
+      # signature over a canonical JSON serialization of the persisted entry, the
+      # log ID, log index and the integration timestamp.
+      # See https://github.com/sigstore/rekor/blob/a6e58f72b6b18cc06cefe61808efd562b9726330/pkg/api/entries.go#L54
+      # The format of the signature depends on the transparency log's public key.
+      # If the signature algorithm requires a hash function and/or a signature
+      # scheme (e.g. RSA) those has to be retrieved out-of-band from the log's
+      # operators, together with the public key.
+      # This is used to verify the integration timestamp's value and that the log
+      # has promised to include the entry.
+      class InclusionPromise
+        extend Protobug::Message
+
+        self.full_name = "dev.sigstore.rekor.v1.InclusionPromise"
+
+        optional(
+          1,
+          "signed_entry_timestamp",
+          type: :bytes,
+          json_name: "signedEntryTimestamp",
+          proto3_optional: false
+        )
+      end
+
+      # TransparencyLogEntry captures all the details required from Rekor to
+      # reconstruct an entry, given that the payload is provided via other means.
+      # This type can easily be created from the existing response from Rekor.
+      # Future iterations could rely on Rekor returning the minimal set of
+      # attributes (excluding the payload) that are required for verifying the
+      # inclusion promise. The inclusion promise (called SignedEntryTimestamp in
+      # the response from Rekor) is similar to a Signed Certificate Timestamp
+      # as described here https://www.rfc-editor.org/rfc/rfc6962.html#section-3.2.
+      class TransparencyLogEntry
+        extend Protobug::Message
+
+        self.full_name = "dev.sigstore.rekor.v1.TransparencyLogEntry"
+
+        # The global index of the entry, used when querying the log by index.
+        optional(
+          1,
+          "log_index",
+          type: :int64,
+          json_name: "logIndex",
+          proto3_optional: false
+        )
+        # The unique identifier of the log.
+        optional(
+          2,
+          "log_id",
+          type: :message,
+          message_type: "dev.sigstore.common.v1.LogId",
+          json_name: "logId",
+          proto3_optional: false
+        )
+        # The kind (type) and version of the object associated with this
+        # entry. These values are required to construct the entry during
+        # verification.
+        optional(
+          3,
+          "kind_version",
+          type: :message,
+          message_type: "dev.sigstore.rekor.v1.KindVersion",
+          json_name: "kindVersion",
+          proto3_optional: false
+        )
+        # The UNIX timestamp from the log when the entry was persisted.
+        optional(
+          4,
+          "integrated_time",
+          type: :int64,
+          json_name: "integratedTime",
+          proto3_optional: false
+        )
+        # The inclusion promise/signed entry timestamp from the log.
+        # Required for v0.1 bundles, and MUST be verified.
+        # Optional for >= v0.2 bundles, and SHOULD be verified when present.
+        # Also may be used as a signed timestamp.
+        optional(
+          5,
+          "inclusion_promise",
+          type: :message,
+          message_type: "dev.sigstore.rekor.v1.InclusionPromise",
+          json_name: "inclusionPromise",
+          proto3_optional: false
+        )
+        # The inclusion proof can be used for offline or online verification
+        # that the entry was appended to the log, and that the log has not been
+        # altered.
+        optional(
+          6,
+          "inclusion_proof",
+          type: :message,
+          message_type: "dev.sigstore.rekor.v1.InclusionProof",
+          json_name: "inclusionProof",
+          proto3_optional: false
+        )
+        # Optional. The canonicalized transparency log entry, used to
+        # reconstruct the Signed Entry Timestamp (SET) during verification.
+        # The contents of this field are the same as the `body` field in
+        # a Rekor response, meaning that it does **not** include the "full"
+        # canonicalized form (of log index, ID, etc.) which are
+        # exposed as separate fields. The verifier is responsible for
+        # combining the `canonicalized_body`, `log_index`, `log_id`,
+        # and `integrated_time` into the payload that the SET's signature
+        # is generated over.
+        # This field is intended to be used in cases where the SET cannot be
+        # produced determinisitically (e.g. inconsistent JSON field ordering,
+        # differing whitespace, etc).
+        #
+        # If set, clients MUST verify that the signature referenced in the
+        # `canonicalized_body` matches the signature provided in the
+        # `Bundle.content`.
+        # If not set, clients are responsible for constructing an equivalent
+        # payload from other sources to verify the signature.
+        optional(
+          7,
+          "canonicalized_body",
+          type: :bytes,
+          json_name: "canonicalizedBody",
+          proto3_optional: false
+        )
+      end
+
+      def self.register_sigstore_rekor_protos(registry)
+        Google::Api.register_field_behavior_protos(registry)
+        Sigstore::Common::V1.register_sigstore_common_protos(registry)
+        registry.register(Sigstore::Rekor::V1::KindVersion)
+        registry.register(Sigstore::Rekor::V1::Checkpoint)
+        registry.register(Sigstore::Rekor::V1::InclusionProof)
+        registry.register(Sigstore::Rekor::V1::InclusionPromise)
+        registry.register(Sigstore::Rekor::V1::TransparencyLogEntry)
+      end
+    end
+  end
+end

data/lib/sigstore/trustroot/v1/sigstore_trustroot_pb.rb

@@ -0,0 +1,346 @@
+# frozen_string_literal: true
+
+# Code generated by protoc-gen-protobug. DO NOT EDIT.
+
+# source: sigstore_trustroot.proto
+# syntax: proto3
+# package: dev.sigstore.trustroot.v1
+# options:
+#   java_package: "dev.sigstore.proto.trustroot.v1"
+#   java_outer_classname: "TrustRootProto"
+#   java_multiple_files: true
+#   go_package: "github.com/sigstore/protobuf-specs/gen/pb-go/trustroot/v1"
+#   ruby_package: "Sigstore::TrustRoot::V1"
+
+# Copyright 2022 The Sigstore Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require "protobug"
+
+require "google/api/field_behavior_pb"
+
+require_relative "../../common/v1/sigstore_common_pb"
+
+module Sigstore
+  module TrustRoot
+    module V1
+      # TransparencyLogInstance describes the immutable parameters from a
+      # transparency log.
+      # See https://www.rfc-editor.org/rfc/rfc9162.html#name-log-parameters
+      # for more details.
+      # The included parameters are the minimal set required to identify a log,
+      # and verify an inclusion proof/promise.
+      class TransparencyLogInstance
+        extend Protobug::Message
+
+        self.full_name = "dev.sigstore.trustroot.v1.TransparencyLogInstance"
+
+        # The base URL at which can be used to URLs for the client.
+        optional(
+          1,
+          "base_url",
+          type: :string,
+          json_name: "baseUrl",
+          proto3_optional: false
+        )
+        # The hash algorithm used for the Merkle Tree.
+        optional(
+          2,
+          "hash_algorithm",
+          type: :enum,
+          enum_type: "dev.sigstore.common.v1.HashAlgorithm",
+          json_name: "hashAlgorithm",
+          proto3_optional: false
+        )
+        # The public key used to verify signatures generated by the log.
+        # This attribute contains the signature algorithm used by the log.
+        optional(
+          3,
+          "public_key",
+          type: :message,
+          message_type: "dev.sigstore.common.v1.PublicKey",
+          json_name: "publicKey",
+          proto3_optional: false
+        )
+        # The unique identifier for this transparency log.
+        # Represented as the SHA-256 hash of the log's public key,
+        # calculated over the DER encoding of the key represented as
+        # SubjectPublicKeyInfo.
+        # See https://www.rfc-editor.org/rfc/rfc6962#section-3.2
+        optional(
+          4,
+          "log_id",
+          type: :message,
+          message_type: "dev.sigstore.common.v1.LogId",
+          json_name: "logId",
+          proto3_optional: false
+        )
+        # The checkpoint key identifier for the log used in a checkpoint.
+        # Optional, not provided for logs that do not generate checkpoints.
+        # For logs that do generate checkpoints, if not set, assume
+        # log_id equals checkpoint_key_id.
+        # Follows the specification described here
+        # for ECDSA and Ed25519 signatures:
+        # https://github.com/C2SP/C2SP/blob/main/signed-note.md#signatures
+        # For RSA signatures, the key ID will match the ECDSA format, the
+        # hashed DER-encoded SPKI public key. Publicly witnessed logs MUST NOT
+        # use RSA-signed checkpoints, since witnesses do not support
+        # RSA signatures.
+        # This is provided for convenience. Clients can also calculate the
+        # checkpoint key ID given the log's public key.
+        # SHOULD be set for logs generating Ed25519 signatures.
+        # SHOULD be 4 bytes long, as a truncated hash.
+        optional(
+          5,
+          "checkpoint_key_id",
+          type: :message,
+          message_type: "dev.sigstore.common.v1.LogId",
+          json_name: "checkpointKeyId",
+          proto3_optional: false
+        )
+      end
+
+      # CertificateAuthority enlists the information required to identify which
+      # CA to use and perform signature verification.
+      class CertificateAuthority
+        extend Protobug::Message
+
+        self.full_name = "dev.sigstore.trustroot.v1.CertificateAuthority"
+
+        # The root certificate MUST be self-signed, and so the subject and
+        # issuer are the same.
+        optional(
+          1,
+          "subject",
+          type: :message,
+          message_type: "dev.sigstore.common.v1.DistinguishedName",
+          proto3_optional: false
+        )
+        # The URI identifies the certificate authority.
+        #
+        # It is RECOMMENDED that the URI is the base URL for the certificate
+        # authority, that can be provided to any SDK/client provided
+        # by the certificate authority to interact with the certificate
+        # authority.
+        optional(2, "uri", type: :string, proto3_optional: false)
+        # The certificate chain for this CA. The last certificate in the chain
+        # MUST be the trust anchor. The trust anchor MAY be a self-signed root
+        # CA certificate or MAY be an intermediate CA certificate.
+        optional(
+          3,
+          "cert_chain",
+          type: :message,
+          message_type: "dev.sigstore.common.v1.X509CertificateChain",
+          json_name: "certChain",
+          proto3_optional: false
+        )
+        # The time the *entire* chain was valid. This is at max the
+        # longest interval when *all* certificates in the chain were valid,
+        # but it MAY be shorter. Clients MUST check timestamps against *both*
+        # the `valid_for` time range *and* the entire certificate chain.
+        #
+        # The TimeRange should be considered valid *inclusive* of the
+        # endpoints.
+        optional(
+          4,
+          "valid_for",
+          type: :message,
+          message_type: "dev.sigstore.common.v1.TimeRange",
+          json_name: "validFor",
+          proto3_optional: false
+        )
+      end
+
+      # TrustedRoot describes the client's complete set of trusted entities.
+      # How the TrustedRoot is populated is not specified, but can be a
+      # combination of many sources such as TUF repositories, files on disk etc.
+      #
+      # The TrustedRoot is not meant to be used for any artifact verification, only
+      # to capture the complete/global set of trusted verification materials.
+      # When verifying an artifact, based on the artifact and policies, a selection
+      # of keys/authorities are expected to be extracted and provided to the
+      # verification function. This way the set of keys/authorities can be kept to
+      # a minimal set by the policy to gain better control over what signatures
+      # that are allowed.
+      #
+      # The embedded transparency logs, CT logs, CAs and TSAs MUST include any
+      # previously used instance -- otherwise signatures made in the past cannot
+      # be verified.
+      #
+      # All the listed instances SHOULD be sorted by the 'valid_for' in ascending
+      # order, that is, the oldest instance first. Only the last instance is
+      # allowed to have their 'end' timestamp unset. All previous instances MUST
+      # have a closed interval of validity. The last instance MAY have a closed
+      # interval. Clients MUST accept instances that overlaps in time, if not
+      # clients may experience problems during rotations of verification
+      # materials.
+      #
+      # To be able to manage planned rotations of either transparency logs or
+      # certificate authorities, clienst MUST accept lists of instances where
+      # the last instance have a 'valid_for' that belongs to the future.
+      # This should not be a problem as clients SHOULD first seek the trust root
+      # for a suitable instance before creating a per artifact trust root (that
+      # is, a sub-set of the complete trust root) that is used for verification.
+      class TrustedRoot
+        extend Protobug::Message
+
+        self.full_name = "dev.sigstore.trustroot.v1.TrustedRoot"
+
+        # MUST be application/vnd.dev.sigstore.trustedroot.v0.1+json
+        # when encoded as JSON.
+        # Clients MUST be able to process and parse content with the media
+        # type defined in the old format:
+        # application/vnd.dev.sigstore.trustedroot+json;version=0.1
+        optional(
+          1,
+          "media_type",
+          type: :string,
+          json_name: "mediaType",
+          proto3_optional: false
+        )
+        # A set of trusted Rekor servers.
+        repeated(
+          2,
+          "tlogs",
+          type: :message,
+          message_type: "dev.sigstore.trustroot.v1.TransparencyLogInstance"
+        )
+        # A set of trusted certificate authorities (e.g Fulcio), and any
+        # intermediate certificates they provide.
+        # If a CA is issuing multiple intermediate certificate, each
+        # combination shall be represented as separate chain. I.e, a single
+        # root cert may appear in multiple chains but with different
+        # intermediate and/or leaf certificates.
+        # The certificates are intended to be used for verifying artifact
+        # signatures.
+        repeated(
+          3,
+          "certificate_authorities",
+          type: :message,
+          message_type: "dev.sigstore.trustroot.v1.CertificateAuthority",
+          json_name: "certificateAuthorities"
+        )
+        # A set of trusted certificate transparency logs.
+        repeated(
+          4,
+          "ctlogs",
+          type: :message,
+          message_type: "dev.sigstore.trustroot.v1.TransparencyLogInstance"
+        )
+        # A set of trusted timestamping authorities.
+        repeated(
+          5,
+          "timestamp_authorities",
+          type: :message,
+          message_type: "dev.sigstore.trustroot.v1.CertificateAuthority",
+          json_name: "timestampAuthorities"
+        )
+      end
+
+      # SigningConfig represents the trusted entities/state needed by Sigstore
+      # signing. In particular, it primarily contains service URLs that a Sigstore
+      # signer may need to connect to for the online aspects of signing.
+      class SigningConfig
+        extend Protobug::Message
+
+        self.full_name = "dev.sigstore.trustroot.v1.SigningConfig"
+
+        # A URL to a Fulcio-compatible CA, capable of receiving
+        # Certificate Signing Requests (CSRs) and responding with
+        # issued certificates.
+        #
+        # This URL **MUST** be the "base" URL for the CA, which clients
+        # should construct an appropriate CSR endpoint on top of.
+        # For example, if `ca_url` is `https://example.com/ca`, then
+        # the client **MAY** construct the CSR endpoint as
+        # `https://example.com/ca/api/v2/signingCert`.
+        optional(
+          1,
+          "ca_url",
+          type: :string,
+          json_name: "caUrl",
+          proto3_optional: false
+        )
+        # A URL to an OpenID Connect identity provider.
+        #
+        # This URL **MUST** be the "base" URL for the OIDC IdP, which clients
+        # should perform well-known OpenID Connect discovery against.
+        optional(
+          2,
+          "oidc_url",
+          type: :string,
+          json_name: "oidcUrl",
+          proto3_optional: false
+        )
+        # One or more URLs to Rekor-compatible transparency log.
+        #
+        # Each URL **MUST** be the "base" URL for the transparency log,
+        # which clients should construct appropriate API endpoints on top of.
+        repeated(3, "tlog_urls", type: :string, json_name: "tlogUrls")
+        # One ore more URLs to RFC 3161 Time Stamping Authority (TSA).
+        #
+        # Each URL **MUST** be the **full** URL for the TSA, meaning that it
+        # should be suitable for submitting Time Stamp Requests (TSRs) to
+        # via HTTP, per RFC 3161.
+        repeated(4, "tsa_urls", type: :string, json_name: "tsaUrls")
+      end
+
+      # ClientTrustConfig describes the complete state needed by a client
+      # to perform both signing and verification operations against a particular
+      # instance of Sigstore.
+      class ClientTrustConfig
+        extend Protobug::Message
+
+        self.full_name = "dev.sigstore.trustroot.v1.ClientTrustConfig"
+
+        # MUST be application/vnd.dev.sigstore.clienttrustconfig.v0.1+json
+        optional(
+          1,
+          "media_type",
+          type: :string,
+          json_name: "mediaType",
+          proto3_optional: false
+        )
+        # The root of trust, which MUST be present.
+        optional(
+          2,
+          "trusted_root",
+          type: :message,
+          message_type: "dev.sigstore.trustroot.v1.TrustedRoot",
+          json_name: "trustedRoot",
+          proto3_optional: false
+        )
+        # Configuration for signing clients, which MUST be present.
+        optional(
+          3,
+          "signing_config",
+          type: :message,
+          message_type: "dev.sigstore.trustroot.v1.SigningConfig",
+          json_name: "signingConfig",
+          proto3_optional: false
+        )
+      end
+
+      def self.register_sigstore_trustroot_protos(registry)
+        Google::Api.register_field_behavior_protos(registry)
+        Sigstore::Common::V1.register_sigstore_common_protos(registry)
+        registry.register(Sigstore::TrustRoot::V1::TransparencyLogInstance)
+        registry.register(Sigstore::TrustRoot::V1::CertificateAuthority)
+        registry.register(Sigstore::TrustRoot::V1::TrustedRoot)
+        registry.register(Sigstore::TrustRoot::V1::SigningConfig)
+        registry.register(Sigstore::TrustRoot::V1::ClientTrustConfig)
+      end
+    end
+  end
+end