v1

package
v0.3.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 10, 2024 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var File_sigstore_verification_proto protoreflect.FileDescriptor

Functions

This section is empty.

Types

type Artifact 

type Artifact struct {

	// Types that are assignable to Data:
	//
	//	*Artifact_ArtifactUri
	//	*Artifact_Artifact
	Data isArtifact_Data `protobuf_oneof:"data"`
	// contains filtered or unexported fields
}

func (*Artifact) Descriptor deprecated 

func (*Artifact) Descriptor() ([]byte, []int)

Deprecated: Use Artifact.ProtoReflect.Descriptor instead.

func (*Artifact) GetArtifact 

func (x *Artifact) GetArtifact() []byte

func (*Artifact) GetArtifactUri 

func (x *Artifact) GetArtifactUri() string

func (*Artifact) GetData 

func (m *Artifact) GetData() isArtifact_Data

func (*Artifact) ProtoMessage 

func (*Artifact) ProtoMessage()

func (*Artifact) ProtoReflect 

func (x *Artifact) ProtoReflect() protoreflect.Message

func (*Artifact) Reset 

func (x *Artifact) Reset()

func (*Artifact) String 

func (x *Artifact) String() string

type ArtifactVerificationOptions 

type ArtifactVerificationOptions struct {

	// At least one identity MUST be provided. Providing zero identities
	// is an error. If at least one provided identity is found as a
	// signer, the verification is considered successful.
	//
	// Types that are assignable to Signers:
	//
	//	*ArtifactVerificationOptions_CertificateIdentities
	//	*ArtifactVerificationOptions_PublicKeys
	Signers isArtifactVerificationOptions_Signers `protobuf_oneof:"signers"`
	// Optional options for artifact transparency log verification.
	// If none is provided, the default verification options are:
	// Threshold: 1
	// Online verification: false
	// Disable: false
	TlogOptions *ArtifactVerificationOptions_TlogOptions `protobuf:"bytes,3,opt,name=tlog_options,json=tlogOptions,proto3,oneof" json:"tlog_options,omitempty"`
	// Optional options for certificate transparency log verification.
	// If none is provided, the default verification options are:
	// Threshold: 1
	// Disable: false
	CtlogOptions *ArtifactVerificationOptions_CtlogOptions `protobuf:"bytes,4,opt,name=ctlog_options,json=ctlogOptions,proto3,oneof" json:"ctlog_options,omitempty"`
	// Optional options for certificate signed timestamp verification.
	// If none is provided, the default verification options are:
	// Threshold: 0
	// Disable: true
	TsaOptions *ArtifactVerificationOptions_TimestampAuthorityOptions `protobuf:"bytes,5,opt,name=tsa_options,json=tsaOptions,proto3,oneof" json:"tsa_options,omitempty"`
	// Optional options for integrated timestamp verification.
	// If none is provided, the default verification options are:
	// Threshold: 0
	// Disable: true
	IntegratedTsOptions *ArtifactVerificationOptions_TlogIntegratedTimestampOptions `` /* 126-byte string literal not displayed */
	// Optional options for observed timestamp verification.
	// If none is provided, the default verification options are:
	// Threshold 1
	// Disable: false
	ObserverOptions *ArtifactVerificationOptions_ObserverTimestampOptions `protobuf:"bytes,7,opt,name=observer_options,json=observerOptions,proto3,oneof" json:"observer_options,omitempty"`
	// contains filtered or unexported fields
}

A light-weight set of options/policies for identifying trusted signers, used during verification of a single artifact.

func (*ArtifactVerificationOptions) Descriptor deprecated 

func (*ArtifactVerificationOptions) Descriptor() ([]byte, []int)

Deprecated: Use ArtifactVerificationOptions.ProtoReflect.Descriptor instead.

func (*ArtifactVerificationOptions) GetCertificateIdentities 

func (x *ArtifactVerificationOptions) GetCertificateIdentities() *CertificateIdentities

func (*ArtifactVerificationOptions) GetCtlogOptions 

func (x *ArtifactVerificationOptions) GetCtlogOptions() *ArtifactVerificationOptions_CtlogOptions

func (*ArtifactVerificationOptions) GetIntegratedTsOptions added in v0.3.0 

func (x *ArtifactVerificationOptions) GetIntegratedTsOptions() *ArtifactVerificationOptions_TlogIntegratedTimestampOptions

func (*ArtifactVerificationOptions) GetObserverOptions added in v0.3.0 

func (x *ArtifactVerificationOptions) GetObserverOptions() *ArtifactVerificationOptions_ObserverTimestampOptions

func (*ArtifactVerificationOptions) GetPublicKeys 

func (x *ArtifactVerificationOptions) GetPublicKeys() *PublicKeyIdentities

func (*ArtifactVerificationOptions) GetSigners 

func (m *ArtifactVerificationOptions) GetSigners() isArtifactVerificationOptions_Signers

func (*ArtifactVerificationOptions) GetTlogOptions 

func (x *ArtifactVerificationOptions) GetTlogOptions() *ArtifactVerificationOptions_TlogOptions

func (*ArtifactVerificationOptions) GetTsaOptions 

func (x *ArtifactVerificationOptions) GetTsaOptions() *ArtifactVerificationOptions_TimestampAuthorityOptions

func (*ArtifactVerificationOptions) ProtoMessage 

func (*ArtifactVerificationOptions) ProtoMessage()

func (*ArtifactVerificationOptions) ProtoReflect 

func (x *ArtifactVerificationOptions) ProtoReflect() protoreflect.Message

func (*ArtifactVerificationOptions) Reset 

func (x *ArtifactVerificationOptions) Reset()

func (*ArtifactVerificationOptions) String 

func (x *ArtifactVerificationOptions) String() string

type ArtifactVerificationOptions_CertificateIdentities 

type ArtifactVerificationOptions_CertificateIdentities struct {
	CertificateIdentities *CertificateIdentities `protobuf:"bytes,1,opt,name=certificate_identities,json=certificateIdentities,proto3,oneof"`
}

type ArtifactVerificationOptions_CtlogOptions 

type ArtifactVerificationOptions_CtlogOptions struct {

	// The number of ct transparency logs the certificate must
	// appear on.
	Threshold int32 `protobuf:"varint,1,opt,name=threshold,proto3" json:"threshold,omitempty"`
	// Disable ct transparency log verification
	Disable bool `protobuf:"varint,3,opt,name=disable,proto3" json:"disable,omitempty"`
	// contains filtered or unexported fields
}

func (*ArtifactVerificationOptions_CtlogOptions) Descriptor deprecated 

func (*ArtifactVerificationOptions_CtlogOptions) Descriptor() ([]byte, []int)

Deprecated: Use ArtifactVerificationOptions_CtlogOptions.ProtoReflect.Descriptor instead.

func (*ArtifactVerificationOptions_CtlogOptions) GetDisable 

func (x *ArtifactVerificationOptions_CtlogOptions) GetDisable() bool

func (*ArtifactVerificationOptions_CtlogOptions) GetThreshold 

func (x *ArtifactVerificationOptions_CtlogOptions) GetThreshold() int32

func (*ArtifactVerificationOptions_CtlogOptions) ProtoMessage 

func (*ArtifactVerificationOptions_CtlogOptions) ProtoMessage()

func (*ArtifactVerificationOptions_CtlogOptions) ProtoReflect 

func (x *ArtifactVerificationOptions_CtlogOptions) ProtoReflect() protoreflect.Message

func (*ArtifactVerificationOptions_CtlogOptions) Reset 

func (x *ArtifactVerificationOptions_CtlogOptions) Reset()

func (*ArtifactVerificationOptions_CtlogOptions) String 

func (x *ArtifactVerificationOptions_CtlogOptions) String() string

type ArtifactVerificationOptions_ObserverTimestampOptions added in v0.3.0 

type ArtifactVerificationOptions_ObserverTimestampOptions struct {

	// The number of external observers of the timestamp.
	// This is a union of RFC3161 signed timestamps, and
	// integrated timestamps from a transparency log, that
	// could include additional timestamp sources in the
	// future.
	Threshold int32 `protobuf:"varint,1,opt,name=threshold,proto3" json:"threshold,omitempty"`
	// Disable observer timestamp verification.
	Disable bool `protobuf:"varint,2,opt,name=disable,proto3" json:"disable,omitempty"`
	// contains filtered or unexported fields
}

func (*ArtifactVerificationOptions_ObserverTimestampOptions) Descriptor deprecated added in v0.3.0 

func (*ArtifactVerificationOptions_ObserverTimestampOptions) Descriptor() ([]byte, []int)

Deprecated: Use ArtifactVerificationOptions_ObserverTimestampOptions.ProtoReflect.Descriptor instead.

func (*ArtifactVerificationOptions_ObserverTimestampOptions) GetDisable added in v0.3.0 

func (x *ArtifactVerificationOptions_ObserverTimestampOptions) GetDisable() bool

func (*ArtifactVerificationOptions_ObserverTimestampOptions) GetThreshold added in v0.3.0 

func (x *ArtifactVerificationOptions_ObserverTimestampOptions) GetThreshold() int32

func (*ArtifactVerificationOptions_ObserverTimestampOptions) ProtoMessage added in v0.3.0 

func (*ArtifactVerificationOptions_ObserverTimestampOptions) ProtoMessage()

func (*ArtifactVerificationOptions_ObserverTimestampOptions) ProtoReflect added in v0.3.0 

func (x *ArtifactVerificationOptions_ObserverTimestampOptions) ProtoReflect() protoreflect.Message

func (*ArtifactVerificationOptions_ObserverTimestampOptions) Reset added in v0.3.0 

func (x *ArtifactVerificationOptions_ObserverTimestampOptions) Reset()

func (*ArtifactVerificationOptions_ObserverTimestampOptions) String added in v0.3.0 

func (x *ArtifactVerificationOptions_ObserverTimestampOptions) String() string

type ArtifactVerificationOptions_PublicKeys 

type ArtifactVerificationOptions_PublicKeys struct {
	// To simplify verification implementation, the logic for
	// bundle verification should be implemented as a
	// higher-order function, where one of argument should be an
	// interface over the set of trusted public keys, like this:
	// `Verify(bytes artifact, bytes signature, string key_id)`.
	// This way the caller is in full control of mapping the
	// identified (or hinted) key in the bundle to one of the
	// trusted keys, as this process is inherently application
	// specific.
	PublicKeys *PublicKeyIdentities `protobuf:"bytes,2,opt,name=public_keys,json=publicKeys,proto3,oneof"`
}

type ArtifactVerificationOptions_TimestampAuthorityOptions 

type ArtifactVerificationOptions_TimestampAuthorityOptions struct {

	// The number of signed timestamps that are expected.
	Threshold int32 `protobuf:"varint,1,opt,name=threshold,proto3" json:"threshold,omitempty"`
	// Disable signed timestamp verification.
	Disable bool `protobuf:"varint,2,opt,name=disable,proto3" json:"disable,omitempty"`
	// contains filtered or unexported fields
}

func (*ArtifactVerificationOptions_TimestampAuthorityOptions) Descriptor deprecated 

func (*ArtifactVerificationOptions_TimestampAuthorityOptions) Descriptor() ([]byte, []int)

Deprecated: Use ArtifactVerificationOptions_TimestampAuthorityOptions.ProtoReflect.Descriptor instead.

func (*ArtifactVerificationOptions_TimestampAuthorityOptions) GetDisable 

func (x *ArtifactVerificationOptions_TimestampAuthorityOptions) GetDisable() bool

func (*ArtifactVerificationOptions_TimestampAuthorityOptions) GetThreshold 

func (x *ArtifactVerificationOptions_TimestampAuthorityOptions) GetThreshold() int32

func (*ArtifactVerificationOptions_TimestampAuthorityOptions) ProtoMessage 

func (*ArtifactVerificationOptions_TimestampAuthorityOptions) ProtoMessage()

func (*ArtifactVerificationOptions_TimestampAuthorityOptions) ProtoReflect 

func (x *ArtifactVerificationOptions_TimestampAuthorityOptions) ProtoReflect() protoreflect.Message

func (*ArtifactVerificationOptions_TimestampAuthorityOptions) Reset 

func (x *ArtifactVerificationOptions_TimestampAuthorityOptions) Reset()

func (*ArtifactVerificationOptions_TimestampAuthorityOptions) String 

func (x *ArtifactVerificationOptions_TimestampAuthorityOptions) String() string

type ArtifactVerificationOptions_TlogIntegratedTimestampOptions added in v0.3.0 

type ArtifactVerificationOptions_TlogIntegratedTimestampOptions struct {

	// The number of integrated timestamps that are expected.
	Threshold int32 `protobuf:"varint,1,opt,name=threshold,proto3" json:"threshold,omitempty"`
	// Disable integrated timestamp verification.
	Disable bool `protobuf:"varint,2,opt,name=disable,proto3" json:"disable,omitempty"`
	// contains filtered or unexported fields
}

func (*ArtifactVerificationOptions_TlogIntegratedTimestampOptions) Descriptor deprecated added in v0.3.0 

func (*ArtifactVerificationOptions_TlogIntegratedTimestampOptions) Descriptor() ([]byte, []int)

Deprecated: Use ArtifactVerificationOptions_TlogIntegratedTimestampOptions.ProtoReflect.Descriptor instead.

func (*ArtifactVerificationOptions_TlogIntegratedTimestampOptions) GetDisable added in v0.3.0 

func (x *ArtifactVerificationOptions_TlogIntegratedTimestampOptions) GetDisable() bool

func (*ArtifactVerificationOptions_TlogIntegratedTimestampOptions) GetThreshold added in v0.3.0 

func (x *ArtifactVerificationOptions_TlogIntegratedTimestampOptions) GetThreshold() int32

func (*ArtifactVerificationOptions_TlogIntegratedTimestampOptions) ProtoMessage added in v0.3.0 

func (*ArtifactVerificationOptions_TlogIntegratedTimestampOptions) ProtoMessage()

func (*ArtifactVerificationOptions_TlogIntegratedTimestampOptions) ProtoReflect added in v0.3.0 

func (x *ArtifactVerificationOptions_TlogIntegratedTimestampOptions) ProtoReflect() protoreflect.Message

func (*ArtifactVerificationOptions_TlogIntegratedTimestampOptions) Reset added in v0.3.0 

func (x *ArtifactVerificationOptions_TlogIntegratedTimestampOptions) Reset()

func (*ArtifactVerificationOptions_TlogIntegratedTimestampOptions) String added in v0.3.0 

func (x *ArtifactVerificationOptions_TlogIntegratedTimestampOptions) String() string

type ArtifactVerificationOptions_TlogOptions 

type ArtifactVerificationOptions_TlogOptions struct {

	// Number of transparency logs the entry must appear on.
	Threshold int32 `protobuf:"varint,1,opt,name=threshold,proto3" json:"threshold,omitempty"`
	// Perform an online inclusion proof.
	PerformOnlineVerification bool `` /* 139-byte string literal not displayed */
	// Disable verification for transparency logs.
	Disable bool `protobuf:"varint,3,opt,name=disable,proto3" json:"disable,omitempty"`
	// contains filtered or unexported fields
}

func (*ArtifactVerificationOptions_TlogOptions) Descriptor deprecated 

func (*ArtifactVerificationOptions_TlogOptions) Descriptor() ([]byte, []int)

Deprecated: Use ArtifactVerificationOptions_TlogOptions.ProtoReflect.Descriptor instead.

func (*ArtifactVerificationOptions_TlogOptions) GetDisable 

func (x *ArtifactVerificationOptions_TlogOptions) GetDisable() bool

func (*ArtifactVerificationOptions_TlogOptions) GetPerformOnlineVerification 

func (x *ArtifactVerificationOptions_TlogOptions) GetPerformOnlineVerification() bool

func (*ArtifactVerificationOptions_TlogOptions) GetThreshold 

func (x *ArtifactVerificationOptions_TlogOptions) GetThreshold() int32

func (*ArtifactVerificationOptions_TlogOptions) ProtoMessage 

func (*ArtifactVerificationOptions_TlogOptions) ProtoMessage()

func (*ArtifactVerificationOptions_TlogOptions) ProtoReflect 

func (x *ArtifactVerificationOptions_TlogOptions) ProtoReflect() protoreflect.Message

func (*ArtifactVerificationOptions_TlogOptions) Reset 

func (x *ArtifactVerificationOptions_TlogOptions) Reset()

func (*ArtifactVerificationOptions_TlogOptions) String 

func (x *ArtifactVerificationOptions_TlogOptions) String() string

type Artifact_Artifact 

type Artifact_Artifact struct {
	// The raw bytes of the artifact
	Artifact []byte `protobuf:"bytes,2,opt,name=artifact,proto3,oneof"`
}

type Artifact_ArtifactUri 

type Artifact_ArtifactUri struct {
	// Location of the artifact
	ArtifactUri string `protobuf:"bytes,1,opt,name=artifact_uri,json=artifactUri,proto3,oneof"`
}

type CertificateIdentities 

type CertificateIdentities struct {
	Identities []*CertificateIdentity `protobuf:"bytes,1,rep,name=identities,proto3" json:"identities,omitempty"`
	// contains filtered or unexported fields
}

func (*CertificateIdentities) Descriptor deprecated 

func (*CertificateIdentities) Descriptor() ([]byte, []int)

Deprecated: Use CertificateIdentities.ProtoReflect.Descriptor instead.

func (*CertificateIdentities) GetIdentities 

func (x *CertificateIdentities) GetIdentities() []*CertificateIdentity

func (*CertificateIdentities) ProtoMessage 

func (*CertificateIdentities) ProtoMessage()

func (*CertificateIdentities) ProtoReflect 

func (x *CertificateIdentities) ProtoReflect() protoreflect.Message

func (*CertificateIdentities) Reset 

func (x *CertificateIdentities) Reset()

func (*CertificateIdentities) String 

func (x *CertificateIdentities) String() string

type CertificateIdentity 

type CertificateIdentity struct {

	// The X.509v3 issuer extension (OID 1.3.6.1.4.1.57264.1.1)
	Issuer string                     `protobuf:"bytes,1,opt,name=issuer,proto3" json:"issuer,omitempty"`
	San    *v1.SubjectAlternativeName `protobuf:"bytes,2,opt,name=san,proto3" json:"san,omitempty"`
	// An unordered list of OIDs that must be verified.
	// All OID/values provided in this list MUST exactly match against
	// the values in the certificate for verification to be successful.
	Oids []*v1.ObjectIdentifierValuePair `protobuf:"bytes,3,rep,name=oids,proto3" json:"oids,omitempty"`
	// contains filtered or unexported fields
}

The identity of a X.509 Certificate signer.

func (*CertificateIdentity) Descriptor deprecated 

func (*CertificateIdentity) Descriptor() ([]byte, []int)

Deprecated: Use CertificateIdentity.ProtoReflect.Descriptor instead.

func (*CertificateIdentity) GetIssuer 

func (x *CertificateIdentity) GetIssuer() string

func (*CertificateIdentity) GetOids 

func (x *CertificateIdentity) GetOids() []*v1.ObjectIdentifierValuePair

func (*CertificateIdentity) GetSan 

func (x *CertificateIdentity) GetSan() *v1.SubjectAlternativeName

func (*CertificateIdentity) ProtoMessage 

func (*CertificateIdentity) ProtoMessage()

func (*CertificateIdentity) ProtoReflect 

func (x *CertificateIdentity) ProtoReflect() protoreflect.Message

func (*CertificateIdentity) Reset 

func (x *CertificateIdentity) Reset()

func (*CertificateIdentity) String 

func (x *CertificateIdentity) String() string

type Input 

type Input struct {

	// The verification materials provided during a bundle verification.
	// The running process is usually preloaded with a "global"
	// dev.sisgtore.trustroot.TrustedRoot.v1 instance. Prior to
	// verifying an artifact (i.e a bundle), and/or based on current
	// policy, some selection is expected to happen, to filter out the
	// exact certificate authority to use, which transparency logs are
	// relevant etc. The result should b ecaptured in the
	// `artifact_trust_root`.
	ArtifactTrustRoot           *v11.TrustedRoot             `protobuf:"bytes,1,opt,name=artifact_trust_root,json=artifactTrustRoot,proto3" json:"artifact_trust_root,omitempty"`
	ArtifactVerificationOptions *ArtifactVerificationOptions `` /* 144-byte string literal not displayed */
	Bundle                      *v12.Bundle                  `protobuf:"bytes,3,opt,name=bundle,proto3" json:"bundle,omitempty"`
	// If the bundle contains a message signature, the artifact must be
	// provided.
	Artifact *Artifact `protobuf:"bytes,4,opt,name=artifact,proto3,oneof" json:"artifact,omitempty"`
	// contains filtered or unexported fields
}

Input captures all that is needed to call the bundle verification method, to verify a single artifact referenced by the bundle.

func (*Input) Descriptor deprecated 

func (*Input) Descriptor() ([]byte, []int)

Deprecated: Use Input.ProtoReflect.Descriptor instead.

func (*Input) GetArtifact 

func (x *Input) GetArtifact() *Artifact

func (*Input) GetArtifactTrustRoot 

func (x *Input) GetArtifactTrustRoot() *v11.TrustedRoot

func (*Input) GetArtifactVerificationOptions 

func (x *Input) GetArtifactVerificationOptions() *ArtifactVerificationOptions

func (*Input) GetBundle 

func (x *Input) GetBundle() *v12.Bundle

func (*Input) ProtoMessage 

func (*Input) ProtoMessage()

func (*Input) ProtoReflect 

func (x *Input) ProtoReflect() protoreflect.Message

func (*Input) Reset 

func (x *Input) Reset()

func (*Input) String 

func (x *Input) String() string

type PublicKeyIdentities 

type PublicKeyIdentities struct {
	PublicKeys []*v1.PublicKey `protobuf:"bytes,1,rep,name=public_keys,json=publicKeys,proto3" json:"public_keys,omitempty"`
	// contains filtered or unexported fields
}

func (*PublicKeyIdentities) Descriptor deprecated 

func (*PublicKeyIdentities) Descriptor() ([]byte, []int)

Deprecated: Use PublicKeyIdentities.ProtoReflect.Descriptor instead.

func (*PublicKeyIdentities) GetPublicKeys 

func (x *PublicKeyIdentities) GetPublicKeys() []*v1.PublicKey

func (*PublicKeyIdentities) ProtoMessage 

func (*PublicKeyIdentities) ProtoMessage()

func (*PublicKeyIdentities) ProtoReflect 

func (x *PublicKeyIdentities) ProtoReflect() protoreflect.Message

func (*PublicKeyIdentities) Reset 

func (x *PublicKeyIdentities) Reset()

func (*PublicKeyIdentities) String 

func (x *PublicKeyIdentities) String() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.