Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

gen, protos: 0.3, single cert #191

Merged
merged 6 commits into from
Jan 15, 2024
Merged

gen, protos: 0.3, single cert #191

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
924b051
gen, protos: 0.3, single cert
woodruffw Jan 10, 2024
dfb746f
gen, protos: feedback
woodruffw Jan 10, 2024
6d2a288
clarify order with a SHOULD
woodruffw Jan 11, 2024
ac7a831
fix rust tests
woodruffw Jan 11, 2024
dbe405d
Update protos/sigstore_common.proto
woodruffw Jan 12, 2024
501a181
gen: bump
woodruffw Jan 12, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 14 additions & 5 deletions gen/jsonschema/schemas/Bundle.schema.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
"properties": {
"mediaType": {
"type": "string",
"description": "MUST be application/vnd.dev.sigstore.bundle+json;version=0.1 or application/vnd.dev.sigstore.bundle+json;version=0.2 when encoded as JSON."
"description": "MUST be application/vnd.dev.sigstore.bundle+json;version=0.1 or application/vnd.dev.sigstore.bundle+json;version=0.2 or application/vnd.dev.sigstore.bundle+json;version=0.3 when encoded as JSON."
},
"verificationMaterial": {
"$ref": "#/definitions/dev.sigstore.bundle.v1.VerificationMaterial",
Expand Down Expand Up @@ -52,8 +52,8 @@
},
"additionalProperties": false,
"type": "object",
"title": "Notes on versioning.\n The primary message ('Bundle') MUST be versioned, by populating the\n 'media_type' field. Semver-ish (only major/minor versions) scheme MUST\n be used. The current version as specified by this file is:\n application/vnd.dev.sigstore.bundle+json;version=0.2\n The semantic version is thus '0.2'.",
"description": "Notes on versioning. The primary message ('Bundle') MUST be versioned, by populating the 'media_type' field. Semver-ish (only major/minor versions) scheme MUST be used. The current version as specified by this file is: application/vnd.dev.sigstore.bundle+json;version=0.2 The semantic version is thus '0.2'. Various timestamped counter signatures over the artifacts signature. Currently only RFC3161 signatures are provided. More formats may be added in the future."
"title": "Notes on versioning.\n The primary message ('Bundle') MUST be versioned, by populating the\n 'media_type' field. Semver-ish (only major/minor versions) scheme MUST\n be used. The current version as specified by this file is:\n application/vnd.dev.sigstore.bundle+json;version=0.3\n The semantic version is thus '0.3'.",
"description": "Notes on versioning. The primary message ('Bundle') MUST be versioned, by populating the 'media_type' field. Semver-ish (only major/minor versions) scheme MUST be used. The current version as specified by this file is: application/vnd.dev.sigstore.bundle+json;version=0.3 The semantic version is thus '0.3'. Various timestamped counter signatures over the artifacts signature. Currently only RFC3161 signatures are provided. More formats may be added in the future."
},
"dev.sigstore.bundle.v1.VerificationMaterial": {
"properties": {
Expand All @@ -65,6 +65,10 @@
"$ref": "#/definitions/dev.sigstore.common.v1.X509CertificateChain",
"additionalProperties": false
},
"certificate": {
woodruffw marked this conversation as resolved.
Show resolved Hide resolved
"$ref": "#/definitions/dev.sigstore.common.v1.X509Certificate",
"additionalProperties": false
},
"tlogEntries": {
"items": {
"$ref": "#/definitions/dev.sigstore.rekor.v1.TransparencyLogEntry"
Expand All @@ -91,6 +95,11 @@
"required": [
"x509_certificate_chain"
]
},
{
"required": [
"certificate"
]
}
],
"title": "Verification Material",
Expand Down Expand Up @@ -199,13 +208,13 @@
},
"additionalProperties": false,
"type": "array",
"description": "The chain of certificates, with indices 0 to n. The first certificate in the array must be the leaf certificate used for signing. Signers MUST NOT include their root CA certificates in their embedded certificate chains, and SHOULD NOT include intermediate CA certificates that appear in independent roots of trust. Verifiers MUST validate the chain carefully to ensure that it chains up to a root CA certificate that they trust, regardless of whether the chain includes additional intermediate/root CA certificates. Verifiers MAY enforce additional constraints, such as requiring that all intermediate CA certificates appear in an independent root of trust. Verifiers SHOULD handle old or non-complying bundles that have additional intermediate/root CA certificates."
"description": "One or more DER-encoded certificates. In some contexts (such as `VerificationMaterial.certificate`), this sequence has an imposed order. Unless explicitly specified, there is otherwise no guaranteed order."
}
},
"additionalProperties": false,
"type": "object",
"title": "X 509 Certificate Chain",
"description": "A chain of X.509 certificates."
"description": "A collection of X.509 certificates. NOTE: \"Chain\" is a misnomer in this context, since there is no one true certificate chain in most PKI schemes. This message should be treated as a generic collection of certificates for path construction."
},
"dev.sigstore.rekor.v1.Checkpoint": {
"properties": {
Expand Down
4 changes: 2 additions & 2 deletions gen/jsonschema/schemas/CertificateAuthority.schema.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -86,13 +86,13 @@
},
"additionalProperties": false,
"type": "array",
"description": "The chain of certificates, with indices 0 to n. The first certificate in the array must be the leaf certificate used for signing. Signers MUST NOT include their root CA certificates in their embedded certificate chains, and SHOULD NOT include intermediate CA certificates that appear in independent roots of trust. Verifiers MUST validate the chain carefully to ensure that it chains up to a root CA certificate that they trust, regardless of whether the chain includes additional intermediate/root CA certificates. Verifiers MAY enforce additional constraints, such as requiring that all intermediate CA certificates appear in an independent root of trust. Verifiers SHOULD handle old or non-complying bundles that have additional intermediate/root CA certificates."
"description": "One or more DER-encoded certificates. In some contexts (such as `VerificationMaterial.certificate`), this sequence has an imposed order. Unless explicitly specified, there is otherwise no guaranteed order."
}
},
"additionalProperties": false,
"type": "object",
"title": "X 509 Certificate Chain",
"description": "A chain of X.509 certificates."
"description": "A collection of X.509 certificates. NOTE: \"Chain\" is a misnomer in this context, since there is no one true certificate chain in most PKI schemes. This message should be treated as a generic collection of certificates for path construction."
}
}
}
19 changes: 14 additions & 5 deletions gen/jsonschema/schemas/Input.schema.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@
"properties": {
"mediaType": {
"type": "string",
"description": "MUST be application/vnd.dev.sigstore.bundle+json;version=0.1 or application/vnd.dev.sigstore.bundle+json;version=0.2 when encoded as JSON."
"description": "MUST be application/vnd.dev.sigstore.bundle+json;version=0.1 or application/vnd.dev.sigstore.bundle+json;version=0.2 or application/vnd.dev.sigstore.bundle+json;version=0.3 when encoded as JSON."
},
"verificationMaterial": {
"$ref": "#/definitions/dev.sigstore.bundle.v1.VerificationMaterial",
Expand Down Expand Up @@ -85,8 +85,8 @@
},
"additionalProperties": false,
"type": "object",
"title": "Notes on versioning.\n The primary message ('Bundle') MUST be versioned, by populating the\n 'media_type' field. Semver-ish (only major/minor versions) scheme MUST\n be used. The current version as specified by this file is:\n application/vnd.dev.sigstore.bundle+json;version=0.2\n The semantic version is thus '0.2'.",
"description": "Notes on versioning. The primary message ('Bundle') MUST be versioned, by populating the 'media_type' field. Semver-ish (only major/minor versions) scheme MUST be used. The current version as specified by this file is: application/vnd.dev.sigstore.bundle+json;version=0.2 The semantic version is thus '0.2'. Various timestamped counter signatures over the artifacts signature. Currently only RFC3161 signatures are provided. More formats may be added in the future."
"title": "Notes on versioning.\n The primary message ('Bundle') MUST be versioned, by populating the\n 'media_type' field. Semver-ish (only major/minor versions) scheme MUST\n be used. The current version as specified by this file is:\n application/vnd.dev.sigstore.bundle+json;version=0.3\n The semantic version is thus '0.3'.",
"description": "Notes on versioning. The primary message ('Bundle') MUST be versioned, by populating the 'media_type' field. Semver-ish (only major/minor versions) scheme MUST be used. The current version as specified by this file is: application/vnd.dev.sigstore.bundle+json;version=0.3 The semantic version is thus '0.3'. Various timestamped counter signatures over the artifacts signature. Currently only RFC3161 signatures are provided. More formats may be added in the future."
},
"dev.sigstore.bundle.v1.VerificationMaterial": {
"properties": {
Expand All @@ -98,6 +98,10 @@
"$ref": "#/definitions/dev.sigstore.common.v1.X509CertificateChain",
"additionalProperties": false
},
"certificate": {
"$ref": "#/definitions/dev.sigstore.common.v1.X509Certificate",
"additionalProperties": false
},
"tlogEntries": {
"items": {
"$ref": "#/definitions/dev.sigstore.rekor.v1.TransparencyLogEntry"
Expand All @@ -124,6 +128,11 @@
"required": [
"x509_certificate_chain"
]
},
{
"required": [
"certificate"
]
}
],
"title": "Verification Material",
Expand Down Expand Up @@ -381,13 +390,13 @@
},
"additionalProperties": false,
"type": "array",
"description": "The chain of certificates, with indices 0 to n. The first certificate in the array must be the leaf certificate used for signing. Signers MUST NOT include their root CA certificates in their embedded certificate chains, and SHOULD NOT include intermediate CA certificates that appear in independent roots of trust. Verifiers MUST validate the chain carefully to ensure that it chains up to a root CA certificate that they trust, regardless of whether the chain includes additional intermediate/root CA certificates. Verifiers MAY enforce additional constraints, such as requiring that all intermediate CA certificates appear in an independent root of trust. Verifiers SHOULD handle old or non-complying bundles that have additional intermediate/root CA certificates."
"description": "One or more DER-encoded certificates. In some contexts (such as `VerificationMaterial.certificate`), this sequence has an imposed order. Unless explicitly specified, there is otherwise no guaranteed order."
}
},
"additionalProperties": false,
"type": "object",
"title": "X 509 Certificate Chain",
"description": "A chain of X.509 certificates."
"description": "A collection of X.509 certificates. NOTE: \"Chain\" is a misnomer in this context, since there is no one true certificate chain in most PKI schemes. This message should be treated as a generic collection of certificates for path construction."
},
"dev.sigstore.rekor.v1.Checkpoint": {
"properties": {
Expand Down
4 changes: 2 additions & 2 deletions gen/jsonschema/schemas/TimestampVerificationData.schema.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,8 +15,8 @@
},
"additionalProperties": false,
"type": "object",
"title": "Notes on versioning.\n The primary message ('Bundle') MUST be versioned, by populating the\n 'media_type' field. Semver-ish (only major/minor versions) scheme MUST\n be used. The current version as specified by this file is:\n application/vnd.dev.sigstore.bundle+json;version=0.2\n The semantic version is thus '0.2'.",
"description": "Notes on versioning. The primary message ('Bundle') MUST be versioned, by populating the 'media_type' field. Semver-ish (only major/minor versions) scheme MUST be used. The current version as specified by this file is: application/vnd.dev.sigstore.bundle+json;version=0.2 The semantic version is thus '0.2'. Various timestamped counter signatures over the artifacts signature. Currently only RFC3161 signatures are provided. More formats may be added in the future."
"title": "Notes on versioning.\n The primary message ('Bundle') MUST be versioned, by populating the\n 'media_type' field. Semver-ish (only major/minor versions) scheme MUST\n be used. The current version as specified by this file is:\n application/vnd.dev.sigstore.bundle+json;version=0.3\n The semantic version is thus '0.3'.",
"description": "Notes on versioning. The primary message ('Bundle') MUST be versioned, by populating the 'media_type' field. Semver-ish (only major/minor versions) scheme MUST be used. The current version as specified by this file is: application/vnd.dev.sigstore.bundle+json;version=0.3 The semantic version is thus '0.3'. Various timestamped counter signatures over the artifacts signature. Currently only RFC3161 signatures are provided. More formats may be added in the future."
},
"dev.sigstore.common.v1.RFC3161SignedTimestamp": {
"properties": {
Expand Down
4 changes: 2 additions & 2 deletions gen/jsonschema/schemas/TrustedRoot.schema.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -162,13 +162,13 @@
},
"additionalProperties": false,
"type": "array",
"description": "The chain of certificates, with indices 0 to n. The first certificate in the array must be the leaf certificate used for signing. Signers MUST NOT include their root CA certificates in their embedded certificate chains, and SHOULD NOT include intermediate CA certificates that appear in independent roots of trust. Verifiers MUST validate the chain carefully to ensure that it chains up to a root CA certificate that they trust, regardless of whether the chain includes additional intermediate/root CA certificates. Verifiers MAY enforce additional constraints, such as requiring that all intermediate CA certificates appear in an independent root of trust. Verifiers SHOULD handle old or non-complying bundles that have additional intermediate/root CA certificates."
"description": "One or more DER-encoded certificates. In some contexts (such as `VerificationMaterial.certificate`), this sequence has an imposed order. Unless explicitly specified, there is otherwise no guaranteed order."
}
},
"additionalProperties": false,
"type": "object",
"title": "X 509 Certificate Chain",
"description": "A chain of X.509 certificates."
"description": "A collection of X.509 certificates. NOTE: \"Chain\" is a misnomer in this context, since there is no one true certificate chain in most PKI schemes. This message should be treated as a generic collection of certificates for path construction."
},
"dev.sigstore.trustroot.v1.CertificateAuthority": {
"properties": {
Expand Down
17 changes: 13 additions & 4 deletions gen/jsonschema/schemas/VerificationMaterial.schema.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,10 @@
"$ref": "#/definitions/dev.sigstore.common.v1.X509CertificateChain",
"additionalProperties": false
},
"certificate": {
"$ref": "#/definitions/dev.sigstore.common.v1.X509Certificate",
"additionalProperties": false
},
"tlogEntries": {
"items": {
"$ref": "#/definitions/dev.sigstore.rekor.v1.TransparencyLogEntry"
Expand All @@ -38,6 +42,11 @@
"required": [
"x509_certificate_chain"
]
},
{
"required": [
"certificate"
]
}
],
"title": "Verification Material",
Expand All @@ -56,8 +65,8 @@
},
"additionalProperties": false,
"type": "object",
"title": "Notes on versioning.\n The primary message ('Bundle') MUST be versioned, by populating the\n 'media_type' field. Semver-ish (only major/minor versions) scheme MUST\n be used. The current version as specified by this file is:\n application/vnd.dev.sigstore.bundle+json;version=0.2\n The semantic version is thus '0.2'.",
"description": "Notes on versioning. The primary message ('Bundle') MUST be versioned, by populating the 'media_type' field. Semver-ish (only major/minor versions) scheme MUST be used. The current version as specified by this file is: application/vnd.dev.sigstore.bundle+json;version=0.2 The semantic version is thus '0.2'. Various timestamped counter signatures over the artifacts signature. Currently only RFC3161 signatures are provided. More formats may be added in the future."
"title": "Notes on versioning.\n The primary message ('Bundle') MUST be versioned, by populating the\n 'media_type' field. Semver-ish (only major/minor versions) scheme MUST\n be used. The current version as specified by this file is:\n application/vnd.dev.sigstore.bundle+json;version=0.3\n The semantic version is thus '0.3'.",
"description": "Notes on versioning. The primary message ('Bundle') MUST be versioned, by populating the 'media_type' field. Semver-ish (only major/minor versions) scheme MUST be used. The current version as specified by this file is: application/vnd.dev.sigstore.bundle+json;version=0.3 The semantic version is thus '0.3'. Various timestamped counter signatures over the artifacts signature. Currently only RFC3161 signatures are provided. More formats may be added in the future."
},
"dev.sigstore.common.v1.LogId": {
"properties": {
Expand Down Expand Up @@ -120,13 +129,13 @@
},
"additionalProperties": false,
"type": "array",
"description": "The chain of certificates, with indices 0 to n. The first certificate in the array must be the leaf certificate used for signing. Signers MUST NOT include their root CA certificates in their embedded certificate chains, and SHOULD NOT include intermediate CA certificates that appear in independent roots of trust. Verifiers MUST validate the chain carefully to ensure that it chains up to a root CA certificate that they trust, regardless of whether the chain includes additional intermediate/root CA certificates. Verifiers MAY enforce additional constraints, such as requiring that all intermediate CA certificates appear in an independent root of trust. Verifiers SHOULD handle old or non-complying bundles that have additional intermediate/root CA certificates."
"description": "One or more DER-encoded certificates. In some contexts (such as `VerificationMaterial.certificate`), this sequence has an imposed order. Unless explicitly specified, there is otherwise no guaranteed order."
}
},
"additionalProperties": false,
"type": "object",
"title": "X 509 Certificate Chain",
"description": "A chain of X.509 certificates."
"description": "A collection of X.509 certificates. NOTE: \"Chain\" is a misnomer in this context, since there is no one true certificate chain in most PKI schemes. This message should be treated as a generic collection of certificates for path construction."
},
"dev.sigstore.rekor.v1.Checkpoint": {
"properties": {
Expand Down
Loading
Loading