protobug_sigstore_protos 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/lib/protobug_sigstore_protos.rb +11 -0
- data/lib/sigstore/bundle/v1/sigstore_bundle_pb.rb +244 -0
- data/lib/sigstore/common/v1/sigstore_common_pb.rb +441 -0
- data/lib/sigstore/dsse/envelope_pb.rb +77 -0
- data/lib/sigstore/events/events_pb.rb +194 -0
- data/lib/sigstore/rekor/v1/sigstore_rekor_pb.rb +252 -0
- data/lib/sigstore/trustroot/v1/sigstore_trustroot_pb.rb +346 -0
- data/lib/sigstore/verification/v1/sigstore_verification_pb.rb +365 -0
- metadata +95 -0
@@ -0,0 +1,365 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# Code generated by protoc-gen-protobug. DO NOT EDIT.
|
4
|
+
|
5
|
+
# source: sigstore_verification.proto
|
6
|
+
# syntax: proto3
|
7
|
+
# package: dev.sigstore.verification.v1
|
8
|
+
# options:
|
9
|
+
# java_package: "dev.sigstore.proto.verification.v1"
|
10
|
+
# java_outer_classname: "VerificationProto"
|
11
|
+
# java_multiple_files: true
|
12
|
+
# go_package: "github.com/sigstore/protobuf-specs/gen/pb-go/verification/v1"
|
13
|
+
# ruby_package: "Sigstore::Verification::V1"
|
14
|
+
|
15
|
+
# Copyright 2022 The Sigstore Authors.
|
16
|
+
#
|
17
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
18
|
+
# you may not use this file except in compliance with the License.
|
19
|
+
# You may obtain a copy of the License at
|
20
|
+
#
|
21
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
22
|
+
#
|
23
|
+
# Unless required by applicable law or agreed to in writing, software
|
24
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
25
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
26
|
+
# See the License for the specific language governing permissions and
|
27
|
+
# limitations under the License.
|
28
|
+
|
29
|
+
require "protobug"
|
30
|
+
|
31
|
+
require_relative "../../common/v1/sigstore_common_pb"
|
32
|
+
require_relative "../../trustroot/v1/sigstore_trustroot_pb"
|
33
|
+
require_relative "../../bundle/v1/sigstore_bundle_pb"
|
34
|
+
|
35
|
+
module Sigstore
|
36
|
+
module Verification
|
37
|
+
module V1
|
38
|
+
# The identity of a X.509 Certificate signer.
|
39
|
+
class CertificateIdentity
|
40
|
+
extend Protobug::Message
|
41
|
+
|
42
|
+
self.full_name = "dev.sigstore.verification.v1.CertificateIdentity"
|
43
|
+
|
44
|
+
# The X.509v3 issuer extension (OID 1.3.6.1.4.1.57264.1.1)
|
45
|
+
optional(1, "issuer", type: :string, proto3_optional: false)
|
46
|
+
optional(
|
47
|
+
2,
|
48
|
+
"san",
|
49
|
+
type: :message,
|
50
|
+
message_type: "dev.sigstore.common.v1.SubjectAlternativeName",
|
51
|
+
proto3_optional: false
|
52
|
+
)
|
53
|
+
# An unordered list of OIDs that must be verified.
|
54
|
+
# All OID/values provided in this list MUST exactly match against
|
55
|
+
# the values in the certificate for verification to be successful.
|
56
|
+
repeated(
|
57
|
+
3,
|
58
|
+
"oids",
|
59
|
+
type: :message,
|
60
|
+
message_type: "dev.sigstore.common.v1.ObjectIdentifierValuePair"
|
61
|
+
)
|
62
|
+
end
|
63
|
+
|
64
|
+
class CertificateIdentities
|
65
|
+
extend Protobug::Message
|
66
|
+
|
67
|
+
self.full_name = "dev.sigstore.verification.v1.CertificateIdentities"
|
68
|
+
|
69
|
+
repeated(
|
70
|
+
1,
|
71
|
+
"identities",
|
72
|
+
type: :message,
|
73
|
+
message_type: "dev.sigstore.verification.v1.CertificateIdentity"
|
74
|
+
)
|
75
|
+
end
|
76
|
+
|
77
|
+
class PublicKeyIdentities
|
78
|
+
extend Protobug::Message
|
79
|
+
|
80
|
+
self.full_name = "dev.sigstore.verification.v1.PublicKeyIdentities"
|
81
|
+
|
82
|
+
repeated(
|
83
|
+
1,
|
84
|
+
"public_keys",
|
85
|
+
type: :message,
|
86
|
+
message_type: "dev.sigstore.common.v1.PublicKey",
|
87
|
+
json_name: "publicKeys"
|
88
|
+
)
|
89
|
+
end
|
90
|
+
|
91
|
+
# A light-weight set of options/policies for identifying trusted signers,
|
92
|
+
# used during verification of a single artifact.
|
93
|
+
class ArtifactVerificationOptions
|
94
|
+
extend Protobug::Message
|
95
|
+
|
96
|
+
self.full_name = "dev.sigstore.verification.v1.ArtifactVerificationOptions"
|
97
|
+
|
98
|
+
class TlogOptions
|
99
|
+
extend Protobug::Message
|
100
|
+
|
101
|
+
self.full_name = "dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogOptions"
|
102
|
+
|
103
|
+
# Number of transparency logs the entry must appear on.
|
104
|
+
optional(1, "threshold", type: :int32, proto3_optional: false)
|
105
|
+
# Perform an online inclusion proof.
|
106
|
+
optional(
|
107
|
+
2,
|
108
|
+
"perform_online_verification",
|
109
|
+
type: :bool,
|
110
|
+
json_name: "performOnlineVerification",
|
111
|
+
proto3_optional: false
|
112
|
+
)
|
113
|
+
# Disable verification for transparency logs.
|
114
|
+
optional(3, "disable", type: :bool, proto3_optional: false)
|
115
|
+
end
|
116
|
+
|
117
|
+
class CtlogOptions
|
118
|
+
extend Protobug::Message
|
119
|
+
|
120
|
+
self.full_name = "dev.sigstore.verification.v1.ArtifactVerificationOptions.CtlogOptions"
|
121
|
+
|
122
|
+
# The number of ct transparency logs the certificate must
|
123
|
+
# appear on.
|
124
|
+
optional(1, "threshold", type: :int32, proto3_optional: false)
|
125
|
+
# Disable ct transparency log verification
|
126
|
+
optional(3, "disable", type: :bool, proto3_optional: false)
|
127
|
+
|
128
|
+
reserved_range(2...3)
|
129
|
+
end
|
130
|
+
|
131
|
+
class TimestampAuthorityOptions
|
132
|
+
extend Protobug::Message
|
133
|
+
|
134
|
+
self.full_name = "dev.sigstore.verification.v1.ArtifactVerificationOptions.TimestampAuthorityOptions"
|
135
|
+
|
136
|
+
# The number of signed timestamps that are expected.
|
137
|
+
optional(1, "threshold", type: :int32, proto3_optional: false)
|
138
|
+
# Disable signed timestamp verification.
|
139
|
+
optional(2, "disable", type: :bool, proto3_optional: false)
|
140
|
+
end
|
141
|
+
|
142
|
+
class TlogIntegratedTimestampOptions
|
143
|
+
extend Protobug::Message
|
144
|
+
|
145
|
+
self.full_name = "dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogIntegratedTimestampOptions"
|
146
|
+
|
147
|
+
# The number of integrated timestamps that are expected.
|
148
|
+
optional(1, "threshold", type: :int32, proto3_optional: false)
|
149
|
+
# Disable integrated timestamp verification.
|
150
|
+
optional(2, "disable", type: :bool, proto3_optional: false)
|
151
|
+
end
|
152
|
+
|
153
|
+
class ObserverTimestampOptions
|
154
|
+
extend Protobug::Message
|
155
|
+
|
156
|
+
self.full_name = "dev.sigstore.verification.v1.ArtifactVerificationOptions.ObserverTimestampOptions"
|
157
|
+
|
158
|
+
# The number of external observers of the timestamp.
|
159
|
+
# This is a union of RFC3161 signed timestamps, and
|
160
|
+
# integrated timestamps from a transparency log, that
|
161
|
+
# could include additional timestamp sources in the
|
162
|
+
# future.
|
163
|
+
optional(1, "threshold", type: :int32, proto3_optional: false)
|
164
|
+
# Disable observer timestamp verification.
|
165
|
+
optional(2, "disable", type: :bool, proto3_optional: false)
|
166
|
+
end
|
167
|
+
|
168
|
+
# At least one identity MUST be provided. Providing zero identities
|
169
|
+
# is an error. If at least one provided identity is found as a
|
170
|
+
# signer, the verification is considered successful.
|
171
|
+
|
172
|
+
optional(
|
173
|
+
1,
|
174
|
+
"certificate_identities",
|
175
|
+
type: :message,
|
176
|
+
message_type: "dev.sigstore.verification.v1.CertificateIdentities",
|
177
|
+
json_name: "certificateIdentities",
|
178
|
+
oneof: :signers,
|
179
|
+
proto3_optional: false
|
180
|
+
)
|
181
|
+
# To simplify verification implementation, the logic for
|
182
|
+
# bundle verification should be implemented as a
|
183
|
+
# higher-order function, where one of argument should be an
|
184
|
+
# interface over the set of trusted public keys, like this:
|
185
|
+
# `Verify(bytes artifact, bytes signature, string key_id)`.
|
186
|
+
# This way the caller is in full control of mapping the
|
187
|
+
# identified (or hinted) key in the bundle to one of the
|
188
|
+
# trusted keys, as this process is inherently application
|
189
|
+
# specific.
|
190
|
+
optional(
|
191
|
+
2,
|
192
|
+
"public_keys",
|
193
|
+
type: :message,
|
194
|
+
message_type: "dev.sigstore.verification.v1.PublicKeyIdentities",
|
195
|
+
json_name: "publicKeys",
|
196
|
+
oneof: :signers,
|
197
|
+
proto3_optional: false
|
198
|
+
)
|
199
|
+
# Optional options for artifact transparency log verification.
|
200
|
+
# If none is provided, the default verification options are:
|
201
|
+
# Threshold: 1
|
202
|
+
# Online verification: false
|
203
|
+
# Disable: false
|
204
|
+
optional(
|
205
|
+
3,
|
206
|
+
"tlog_options",
|
207
|
+
type: :message,
|
208
|
+
message_type:
|
209
|
+
"dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogOptions",
|
210
|
+
json_name: "tlogOptions"
|
211
|
+
)
|
212
|
+
# Optional options for certificate transparency log verification.
|
213
|
+
# If none is provided, the default verification options are:
|
214
|
+
# Threshold: 1
|
215
|
+
# Disable: false
|
216
|
+
optional(
|
217
|
+
4,
|
218
|
+
"ctlog_options",
|
219
|
+
type: :message,
|
220
|
+
message_type:
|
221
|
+
"dev.sigstore.verification.v1.ArtifactVerificationOptions.CtlogOptions",
|
222
|
+
json_name: "ctlogOptions"
|
223
|
+
)
|
224
|
+
# Optional options for certificate signed timestamp verification.
|
225
|
+
# If none is provided, the default verification options are:
|
226
|
+
# Threshold: 0
|
227
|
+
# Disable: true
|
228
|
+
optional(
|
229
|
+
5,
|
230
|
+
"tsa_options",
|
231
|
+
type: :message,
|
232
|
+
message_type:
|
233
|
+
"dev.sigstore.verification.v1.ArtifactVerificationOptions.TimestampAuthorityOptions",
|
234
|
+
json_name: "tsaOptions"
|
235
|
+
)
|
236
|
+
# Optional options for integrated timestamp verification.
|
237
|
+
# If none is provided, the default verification options are:
|
238
|
+
# Threshold: 0
|
239
|
+
# Disable: true
|
240
|
+
optional(
|
241
|
+
6,
|
242
|
+
"integrated_ts_options",
|
243
|
+
type: :message,
|
244
|
+
message_type:
|
245
|
+
"dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogIntegratedTimestampOptions",
|
246
|
+
json_name: "integratedTsOptions"
|
247
|
+
)
|
248
|
+
# Optional options for observed timestamp verification.
|
249
|
+
# If none is provided, the default verification options are:
|
250
|
+
# Threshold 1
|
251
|
+
# Disable: false
|
252
|
+
optional(
|
253
|
+
7,
|
254
|
+
"observer_options",
|
255
|
+
type: :message,
|
256
|
+
message_type:
|
257
|
+
"dev.sigstore.verification.v1.ArtifactVerificationOptions.ObserverTimestampOptions",
|
258
|
+
json_name: "observerOptions"
|
259
|
+
)
|
260
|
+
end
|
261
|
+
|
262
|
+
class Artifact
|
263
|
+
extend Protobug::Message
|
264
|
+
|
265
|
+
self.full_name = "dev.sigstore.verification.v1.Artifact"
|
266
|
+
|
267
|
+
# Location of the artifact
|
268
|
+
optional(
|
269
|
+
1,
|
270
|
+
"artifact_uri",
|
271
|
+
type: :string,
|
272
|
+
json_name: "artifactUri",
|
273
|
+
oneof: :data,
|
274
|
+
proto3_optional: false
|
275
|
+
)
|
276
|
+
# The raw bytes of the artifact
|
277
|
+
optional(
|
278
|
+
2,
|
279
|
+
"artifact",
|
280
|
+
type: :bytes,
|
281
|
+
oneof: :data,
|
282
|
+
proto3_optional: false
|
283
|
+
)
|
284
|
+
end
|
285
|
+
|
286
|
+
# Input captures all that is needed to call the bundle verification method,
|
287
|
+
# to verify a single artifact referenced by the bundle.
|
288
|
+
class Input
|
289
|
+
extend Protobug::Message
|
290
|
+
|
291
|
+
self.full_name = "dev.sigstore.verification.v1.Input"
|
292
|
+
|
293
|
+
# The verification materials provided during a bundle verification.
|
294
|
+
# The running process is usually preloaded with a "global"
|
295
|
+
# dev.sisgtore.trustroot.TrustedRoot.v1 instance. Prior to
|
296
|
+
# verifying an artifact (i.e a bundle), and/or based on current
|
297
|
+
# policy, some selection is expected to happen, to filter out the
|
298
|
+
# exact certificate authority to use, which transparency logs are
|
299
|
+
# relevant etc. The result should b ecaptured in the
|
300
|
+
# `artifact_trust_root`.
|
301
|
+
optional(
|
302
|
+
1,
|
303
|
+
"artifact_trust_root",
|
304
|
+
type: :message,
|
305
|
+
message_type: "dev.sigstore.trustroot.v1.TrustedRoot",
|
306
|
+
json_name: "artifactTrustRoot",
|
307
|
+
proto3_optional: false
|
308
|
+
)
|
309
|
+
optional(
|
310
|
+
2,
|
311
|
+
"artifact_verification_options",
|
312
|
+
type: :message,
|
313
|
+
message_type:
|
314
|
+
"dev.sigstore.verification.v1.ArtifactVerificationOptions",
|
315
|
+
json_name: "artifactVerificationOptions",
|
316
|
+
proto3_optional: false
|
317
|
+
)
|
318
|
+
optional(
|
319
|
+
3,
|
320
|
+
"bundle",
|
321
|
+
type: :message,
|
322
|
+
message_type: "dev.sigstore.bundle.v1.Bundle",
|
323
|
+
proto3_optional: false
|
324
|
+
)
|
325
|
+
# If the bundle contains a message signature, the artifact must be
|
326
|
+
# provided.
|
327
|
+
optional(
|
328
|
+
4,
|
329
|
+
"artifact",
|
330
|
+
type: :message,
|
331
|
+
message_type: "dev.sigstore.verification.v1.Artifact"
|
332
|
+
)
|
333
|
+
end
|
334
|
+
|
335
|
+
def self.register_sigstore_verification_protos(registry)
|
336
|
+
Sigstore::Common::V1.register_sigstore_common_protos(registry)
|
337
|
+
Sigstore::TrustRoot::V1.register_sigstore_trustroot_protos(registry)
|
338
|
+
Sigstore::Bundle::V1.register_sigstore_bundle_protos(registry)
|
339
|
+
registry.register(Sigstore::Verification::V1::CertificateIdentity)
|
340
|
+
registry.register(Sigstore::Verification::V1::CertificateIdentities)
|
341
|
+
registry.register(Sigstore::Verification::V1::PublicKeyIdentities)
|
342
|
+
registry.register(
|
343
|
+
Sigstore::Verification::V1::ArtifactVerificationOptions
|
344
|
+
)
|
345
|
+
registry.register(
|
346
|
+
Sigstore::Verification::V1::ArtifactVerificationOptions::TlogOptions
|
347
|
+
)
|
348
|
+
registry.register(
|
349
|
+
Sigstore::Verification::V1::ArtifactVerificationOptions::CtlogOptions
|
350
|
+
)
|
351
|
+
registry.register(
|
352
|
+
Sigstore::Verification::V1::ArtifactVerificationOptions::TimestampAuthorityOptions
|
353
|
+
)
|
354
|
+
registry.register(
|
355
|
+
Sigstore::Verification::V1::ArtifactVerificationOptions::TlogIntegratedTimestampOptions
|
356
|
+
)
|
357
|
+
registry.register(
|
358
|
+
Sigstore::Verification::V1::ArtifactVerificationOptions::ObserverTimestampOptions
|
359
|
+
)
|
360
|
+
registry.register(Sigstore::Verification::V1::Artifact)
|
361
|
+
registry.register(Sigstore::Verification::V1::Input)
|
362
|
+
end
|
363
|
+
end
|
364
|
+
end
|
365
|
+
end
|
metadata
ADDED
@@ -0,0 +1,95 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: protobug_sigstore_protos
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.1.0
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Samuel Giddins
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2024-04-25 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: protobug
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - '='
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: 0.1.0
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - '='
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: 0.1.0
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: protobug_well_known_protos
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - '='
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: 0.1.0
|
34
|
+
type: :runtime
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - '='
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: 0.1.0
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: protobug_googleapis_field_behavior_protos
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - '='
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: 0.1.0
|
48
|
+
type: :runtime
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - '='
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: 0.1.0
|
55
|
+
description:
|
56
|
+
email:
|
57
|
+
- segiddins@segiddins.me
|
58
|
+
executables: []
|
59
|
+
extensions: []
|
60
|
+
extra_rdoc_files: []
|
61
|
+
files:
|
62
|
+
- lib/protobug_sigstore_protos.rb
|
63
|
+
- lib/sigstore/bundle/v1/sigstore_bundle_pb.rb
|
64
|
+
- lib/sigstore/common/v1/sigstore_common_pb.rb
|
65
|
+
- lib/sigstore/dsse/envelope_pb.rb
|
66
|
+
- lib/sigstore/events/events_pb.rb
|
67
|
+
- lib/sigstore/rekor/v1/sigstore_rekor_pb.rb
|
68
|
+
- lib/sigstore/trustroot/v1/sigstore_trustroot_pb.rb
|
69
|
+
- lib/sigstore/verification/v1/sigstore_verification_pb.rb
|
70
|
+
homepage: https://github.com/segiddins/protobug/blob/v0.1.0/gen/protobug_sigstore_protos
|
71
|
+
licenses:
|
72
|
+
- Unlicense
|
73
|
+
metadata:
|
74
|
+
rubygems_mfa_required: 'true'
|
75
|
+
post_install_message:
|
76
|
+
rdoc_options: []
|
77
|
+
require_paths:
|
78
|
+
- lib
|
79
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
80
|
+
requirements:
|
81
|
+
- - ">="
|
82
|
+
- !ruby/object:Gem::Version
|
83
|
+
version: 3.0.0
|
84
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
85
|
+
requirements:
|
86
|
+
- - ">="
|
87
|
+
- !ruby/object:Gem::Version
|
88
|
+
version: '0'
|
89
|
+
requirements: []
|
90
|
+
rubygems_version: 3.5.9
|
91
|
+
signing_key:
|
92
|
+
specification_version: 4
|
93
|
+
summary: Compiled protos for protobug from https://github.com/sigstore/protobuf-specs
|
94
|
+
(sigstore_protos)
|
95
|
+
test_files: []
|