-
Notifications
You must be signed in to change notification settings - Fork 33
/
Copy pathsigstore_trustroot.proto
100 lines (94 loc) · 4.8 KB
/
sigstore_trustroot.proto
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
// Copyright 2022 The Sigstore Authors.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
syntax = "proto3";
package dev.sigstore.trustroot.v1;
import "sigstore_common.proto";
option go_package = "github.com/sigstore/protobuf-specs/gen/pb-go/trustroot/v1";
option java_package = "dev.sigstore.proto.trustroot.v1";
option java_multiple_files = true;
option java_outer_classname = "TrustRootProto";
// TransparencyLogInstance describes the immutable parameters from a
// transparency log.
// See https://www.rfc-editor.org/rfc/rfc9162.html#name-log-parameters
// for more details.
// The included parameters are the minimal set required to identify a log,
// and verify an inclusion promise.
message TransparencyLogInstance {
// The base URL at which can be used to URLs for the client.
string base_url = 1;
// The hash algorithm used for the Merkle Tree.
dev.sigstore.common.v1.HashAlgorithm hash_algorithm = 2;
// The public key used to verify signatures generated by the log.
// This attribute contains the signature algorithm used by the log.
dev.sigstore.common.v1.PublicKey public_key = 3;
// The unique identifier for this transparency log.
dev.sigstore.common.v1.LogId log_id = 4;
}
// CertificateAuthority enlists the information required to identify which
// CA to use and perform signature verification.
message CertificateAuthority {
// The root certificate MUST be self-signed, and so the subject and
// issuer are the same.
dev.sigstore.common.v1.DistinguishedName subject = 1;
// The URI at which the CA can be accessed.
string uri = 2;
// The certificate chain for this CA.
dev.sigstore.common.v1.X509CertificateChain cert_chain = 3;
// The time the *entire* chain was valid. This is at max the
// longest interval when *all* certificates in the chain were valid,
// but it MAY be shorter. Clients MUST check timestamps against *both*
// the `valid_for` time range *and* the entire certificate chain.
//
// The TimeRange should be considered valid *inclusive* of the
// endpoints.
dev.sigstore.common.v1.TimeRange valid_for = 4;
}
// TrustedRoot describes the client's complete set of trusted entities.
// How the TrustedRoot is populated is not specified, but can be a
// combination of many sources such as TUF repositories, files on disk etc.
//
// The TrustedRoot is not meant to be used for any artifact verification, only
// to capture the complete/global set of trusted verification materials.
// When verifying an artifact, based on the artifact and policies, a selection
// of keys/authorities are expected to be extracted and provided to the
// verification function. This way the set of keys/authorities can be kept to
// a minimal set by the policy to gain better control over what signatures
// that are allowed.
//
// The embedded transparency logs, CT logs, CAs and TSAs MUST include any
// previously used instance -- otherwise signatures made in the past cannot
// be verified.
// The currently used instances MUST NOT have their 'end' timestamp set in
// their 'valid_for' attribute for easy identification.
// All the listed instances SHOULD be sorted by the 'valid_for' in ascending
// order, that is, the oldest instance first and the current instance last.
message TrustedRoot {
// MUST be application/vnd.dev.sigstore.trustedroot+json;version=0.1
string media_type = 1;
// A set of trusted Rekor servers.
repeated TransparencyLogInstance tlogs = 2;
// A set of trusted certificate authorities (e.g Fulcio), and any
// intermediate certificates they provide.
// If a CA is issuing multiple intermediate certificate, each
// combination shall be represented as separate chain. I.e, a single
// root cert may appear in multiple chains but with different
// intermediate and/or leaf certificates.
// The certificates are intended to be used for verifying artifact
// signatures.
repeated CertificateAuthority certificate_authorities = 3;
// A set of trusted certificate transparency logs.
repeated TransparencyLogInstance ctlogs = 4;
// A set of trusted timestamping authorities.
repeated CertificateAuthority timestamp_authorities = 5;
}