sigstore_protobuf_specs/generated/dev.sigstore.bundle.v1.rs
1// This file is @generated by prost-build.
2/// Various timestamped counter signatures over the artifacts signature.
3/// Currently only RFC3161 signatures are provided. More formats may be added
4/// in the future.
5#[derive(
6 sigstore_protobuf_specs_derive::Deserialize_proto,
7 sigstore_protobuf_specs_derive::Serialize_proto
8)]
9#[derive(::prost_reflect::ReflectMessage)]
10#[prost_reflect(message_name = "dev.sigstore.bundle.v1.TimestampVerificationData")]
11#[prost_reflect(file_descriptor_set_bytes = "crate::FILE_DESCRIPTOR_SET_BYTES")]
12#[derive(Clone, PartialEq, ::prost::Message)]
13pub struct TimestampVerificationData {
14 /// A list of RFC3161 signed timestamps provided by the user.
15 /// This can be used when the entry has not been stored on a
16 /// transparency log, or in conjunction for a stronger trust model.
17 /// Clients MUST verify the hashed message in the message imprint
18 /// against the signature in the bundle.
19 #[prost(message, repeated, tag = "1")]
20 pub rfc3161_timestamps: ::prost::alloc::vec::Vec<
21 super::super::common::v1::Rfc3161SignedTimestamp,
22 >,
23}
24/// VerificationMaterial captures details on the materials used to verify
25/// signatures. This message may be embedded in a DSSE envelope as a signature
26/// extension. Specifically, the `ext` field of the extension will expect this
27/// message when the signature extension is for Sigstore. This is identified by
28/// the `kind` field in the extension, which must be set to
29/// application/vnd.dev.sigstore.verificationmaterial;version=0.1 for Sigstore.
30/// When used as a DSSE extension, if the `public_key` field is used to indicate
31/// the key identifier, it MUST match the `keyid` field of the signature the
32/// extension is attached to.
33#[derive(
34 sigstore_protobuf_specs_derive::Deserialize_proto,
35 sigstore_protobuf_specs_derive::Serialize_proto
36)]
37#[derive(::prost_reflect::ReflectMessage)]
38#[prost_reflect(message_name = "dev.sigstore.bundle.v1.VerificationMaterial")]
39#[prost_reflect(file_descriptor_set_bytes = "crate::FILE_DESCRIPTOR_SET_BYTES")]
40#[derive(Clone, PartialEq, ::prost::Message)]
41pub struct VerificationMaterial {
42 /// An inclusion proof and an optional signed timestamp from the log.
43 /// Client verification libraries MAY provide an option to support v0.1
44 /// bundles for backwards compatibility, which may contain an inclusion
45 /// promise and not an inclusion proof. In this case, the client MUST
46 /// validate the promise.
47 /// Verifiers SHOULD NOT allow v0.1 bundles if they're used in an
48 /// ecosystem which never produced them.
49 #[prost(message, repeated, tag = "3")]
50 pub tlog_entries: ::prost::alloc::vec::Vec<
51 super::super::rekor::v1::TransparencyLogEntry,
52 >,
53 /// Timestamp may also come from
54 /// tlog_entries.inclusion_promise.signed_entry_timestamp.
55 #[prost(message, optional, tag = "4")]
56 pub timestamp_verification_data: ::core::option::Option<TimestampVerificationData>,
57 /// The key material for verification purposes.
58 ///
59 /// This allows key material to be conveyed in one of three forms:
60 ///
61 /// 1. An unspecified public key identifier, for retrieving a key
62 /// from an out-of-band mechanism (such as a keyring);
63 ///
64 /// 2. A sequence of one or more X.509 certificates, of which the first member
65 /// MUST be a leaf certificate conveying the signing key. Subsequent members
66 /// SHOULD be in issuing order, meaning that `n + 1` should be an issuer for `n`.
67 ///
68 /// Signers MUST NOT include root CA certificates in bundles, and SHOULD NOT
69 /// include intermediate CA certificates that appear in an independent root of trust
70 /// (such as the Public Good Instance's trusted root).
71 ///
72 /// Verifiers MUST validate the chain carefully to ensure that it chains up
73 /// to a CA certificate that they independently trust. Verifiers SHOULD
74 /// handle old or non-complying bundles that have superfluous intermediate and/or
75 /// root CA certificates by either ignoring them or explicitly considering them
76 /// untrusted for the purposes of chain building.
77 ///
78 /// 3. A single X.509 certificate, which MUST be a leaf certificate conveying
79 /// the signing key.
80 ///
81 /// When used with the Public Good Instance (PGI) of Sigstore for "keyless" signing
82 /// via Fulcio, form (1) MUST NOT be used, regardless of bundle version. Form (1)
83 /// MAY be used with the PGI for self-managed keys.
84 ///
85 /// When used in a `0.1` or `0.2` bundle with the PGI and "keyless" signing,
86 /// form (2) MUST be used.
87 ///
88 /// When used in a `0.3` bundle with the PGI and "keyless" signing,
89 /// form (3) MUST be used.
90 #[prost(oneof = "verification_material::Content", tags = "1, 2, 5")]
91 pub content: ::core::option::Option<verification_material::Content>,
92}
93/// Nested message and enum types in `VerificationMaterial`.
94pub mod verification_material {
95 /// The key material for verification purposes.
96 ///
97 /// This allows key material to be conveyed in one of three forms:
98 ///
99 /// 1. An unspecified public key identifier, for retrieving a key
100 /// from an out-of-band mechanism (such as a keyring);
101 ///
102 /// 2. A sequence of one or more X.509 certificates, of which the first member
103 /// MUST be a leaf certificate conveying the signing key. Subsequent members
104 /// SHOULD be in issuing order, meaning that `n + 1` should be an issuer for `n`.
105 ///
106 /// Signers MUST NOT include root CA certificates in bundles, and SHOULD NOT
107 /// include intermediate CA certificates that appear in an independent root of trust
108 /// (such as the Public Good Instance's trusted root).
109 ///
110 /// Verifiers MUST validate the chain carefully to ensure that it chains up
111 /// to a CA certificate that they independently trust. Verifiers SHOULD
112 /// handle old or non-complying bundles that have superfluous intermediate and/or
113 /// root CA certificates by either ignoring them or explicitly considering them
114 /// untrusted for the purposes of chain building.
115 ///
116 /// 3. A single X.509 certificate, which MUST be a leaf certificate conveying
117 /// the signing key.
118 ///
119 /// When used with the Public Good Instance (PGI) of Sigstore for "keyless" signing
120 /// via Fulcio, form (1) MUST NOT be used, regardless of bundle version. Form (1)
121 /// MAY be used with the PGI for self-managed keys.
122 ///
123 /// When used in a `0.1` or `0.2` bundle with the PGI and "keyless" signing,
124 /// form (2) MUST be used.
125 ///
126 /// When used in a `0.3` bundle with the PGI and "keyless" signing,
127 /// form (3) MUST be used.
128 #[derive(
129 sigstore_protobuf_specs_derive::Deserialize_proto,
130 sigstore_protobuf_specs_derive::Serialize_proto
131 )]
132 #[derive(Clone, PartialEq, ::prost::Oneof)]
133 pub enum Content {
134 #[prost(message, tag = "1")]
135 PublicKey(super::super::super::common::v1::PublicKeyIdentifier),
136 #[prost(message, tag = "2")]
137 X509CertificateChain(super::super::super::common::v1::X509CertificateChain),
138 #[prost(message, tag = "5")]
139 Certificate(super::super::super::common::v1::X509Certificate),
140 }
141}
142#[derive(
143 sigstore_protobuf_specs_derive::Deserialize_proto,
144 sigstore_protobuf_specs_derive::Serialize_proto
145)]
146#[derive(::prost_reflect::ReflectMessage)]
147#[prost_reflect(message_name = "dev.sigstore.bundle.v1.Bundle")]
148#[prost_reflect(file_descriptor_set_bytes = "crate::FILE_DESCRIPTOR_SET_BYTES")]
149#[derive(Clone, PartialEq, ::prost::Message)]
150pub struct Bundle {
151 /// MUST be application/vnd.dev.sigstore.bundle.v0.3+json when
152 /// when encoded as JSON.
153 /// Clients must to be able to accept media type using the previously
154 /// defined formats:
155 /// * application/vnd.dev.sigstore.bundle+json;version=0.1
156 /// * application/vnd.dev.sigstore.bundle+json;version=0.2
157 /// * application/vnd.dev.sigstore.bundle+json;version=0.3
158 #[prost(string, tag = "1")]
159 pub media_type: ::prost::alloc::string::String,
160 /// When a signer is identified by a X.509 certificate, a verifier MUST
161 /// verify that the signature was computed at the time the certificate
162 /// was valid as described in the Sigstore client spec: "Verification
163 /// using a Bundle".
164 /// <<https://docs.google.com/document/d/1kbhK2qyPPk8SLavHzYSDM8-Ueul9_oxIMVFuWMWKz0E/edit#heading=h.x8bduppe89ln>>
165 /// If the verification material contains a public key identifier
166 /// (key hint) and the `content` is a DSSE envelope, the key hints
167 /// MUST be exactly the same in the verification material and in the
168 /// DSSE envelope.
169 #[prost(message, optional, tag = "2")]
170 pub verification_material: ::core::option::Option<VerificationMaterial>,
171 #[prost(oneof = "bundle::Content", tags = "3, 4")]
172 pub content: ::core::option::Option<bundle::Content>,
173}
174/// Nested message and enum types in `Bundle`.
175pub mod bundle {
176 #[derive(
177 sigstore_protobuf_specs_derive::Deserialize_proto,
178 sigstore_protobuf_specs_derive::Serialize_proto
179 )]
180 #[derive(Clone, PartialEq, ::prost::Oneof)]
181 pub enum Content {
182 #[prost(message, tag = "3")]
183 MessageSignature(super::super::super::common::v1::MessageSignature),
184 /// A DSSE envelope can contain arbitrary payloads.
185 /// Verifiers must verify that the payload type is a
186 /// supported and expected type. This is part of the DSSE
187 /// protocol which is defined here:
188 /// <<https://github.com/secure-systems-lab/dsse/blob/master/protocol.md>>
189 /// DSSE envelopes in a bundle MUST have exactly one signature.
190 /// This is a limitation from the DSSE spec, as it can contain
191 /// multiple signatures. There are two primary reasons:
192 /// 1. It simplifies the verification logic and policy
193 /// 2. The bundle (currently) can only contain a single
194 /// instance of the required verification materials
195 /// During verification a client MUST reject an envelope if
196 /// the number of signatures is not equal to one.
197 #[prost(message, tag = "4")]
198 DsseEnvelope(super::super::super::super::super::io::intoto::Envelope),
199 }
200}