Skip to content

Commit

Permalink
add TSA url, rename
Browse files Browse the repository at this point in the history 
Signed-off-by: William Woodruff <[email protected]>
  • Loading branch information
@woodruffw
woodruffw committed Mar 26, 2024
1 parent 3e375c5 commit 32b066c
Show file tree
Hide file tree
Showing 9 changed files with 111 additions and 61 deletions.
10 changes: 7 additions & 3 deletions gen/jsonschema/schemas/ClientTrustConfig.schema.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -184,17 +184,21 @@
},
"dev.sigstore.trustroot.v1.SigningConfig": {
"properties": {
"fulcioUrl": {
"caUrl": {
"type": "string",
"description": "A URL to a Fulcio-compatible CA, capable of receiving Certificate Signing Requests (CSRs) and responding with issued certificates. This URL **MUST** be the \"base\" URL for the CA, which clients should construct an appropriate CSR endpoint on top of. For example, if `fulcio_url` is `https://example.com/ca`, then the client **MAY** construct the CSR endpoint as `https://example.com/ca/api/v2/signingCert`."
"description": "A URL to a Fulcio-compatible CA, capable of receiving Certificate Signing Requests (CSRs) and responding with issued certificates. This URL **MUST** be the \"base\" URL for the CA, which clients should construct an appropriate CSR endpoint on top of. For example, if `ca_url` is `https://example.com/ca`, then the client **MAY** construct the CSR endpoint as `https://example.com/ca/api/v2/signingCert`."
},
"oidcUrl": {
"type": "string",
"description": "A URL to an OpenID Connect identity provider. This URL **MUST** be the \"base\" URL for the OIDC IdP, which clients should perform well-known OpenID Connect discovery against."
},
"rekorUrl": {
"tlogUrl": {
"type": "string",
"description": "A URL to a Rekor-compatible transparency log. This URL **MUST** be the \"base\" URL for the transparency log, which clients should construct appropriate API endpoints on top of."
},
"tsaUrl": {
"type": "string",
"description": "A URL to a Sigstore-compatible Time Stamping Authority (TSA). This URL **MUST** be the \"base\" URL for the TSA, which clients should construct appropriate API endpoints on top of."
}
},
"additionalProperties": false,
Expand Down
10 changes: 7 additions & 3 deletions gen/jsonschema/schemas/SigningConfig.schema.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,17 +4,21 @@
"definitions": {
"SigningConfig": {
"properties": {
"fulcioUrl": {
"caUrl": {
"type": "string",
"description": "A URL to a Fulcio-compatible CA, capable of receiving Certificate Signing Requests (CSRs) and responding with issued certificates. This URL **MUST** be the \"base\" URL for the CA, which clients should construct an appropriate CSR endpoint on top of. For example, if `fulcio_url` is `https://example.com/ca`, then the client **MAY** construct the CSR endpoint as `https://example.com/ca/api/v2/signingCert`."
"description": "A URL to a Fulcio-compatible CA, capable of receiving Certificate Signing Requests (CSRs) and responding with issued certificates. This URL **MUST** be the \"base\" URL for the CA, which clients should construct an appropriate CSR endpoint on top of. For example, if `ca_url` is `https://example.com/ca`, then the client **MAY** construct the CSR endpoint as `https://example.com/ca/api/v2/signingCert`."
},
"oidcUrl": {
"type": "string",
"description": "A URL to an OpenID Connect identity provider. This URL **MUST** be the \"base\" URL for the OIDC IdP, which clients should perform well-known OpenID Connect discovery against."
},
"rekorUrl": {
"tlogUrl": {
"type": "string",
"description": "A URL to a Rekor-compatible transparency log. This URL **MUST** be the \"base\" URL for the transparency log, which clients should construct appropriate API endpoints on top of."
},
"tsaUrl": {
"type": "string",
"description": "A URL to a Sigstore-compatible Time Stamping Authority (TSA). This URL **MUST** be the \"base\" URL for the TSA, which clients should construct appropriate API endpoints on top of."
}
},
"additionalProperties": false,
Expand Down
85 changes: 49 additions & 36 deletions gen/pb-go/trustroot/v1/sigstore_trustroot.pb.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

13 changes: 10 additions & 3 deletions gen/pb-python/sigstore_protobuf_specs/dev/sigstore/trustroot/v1/__init__.py
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

5 changes: 3 additions & 2 deletions gen/pb-ruby/lib/sigstore_trustroot_pb.rb
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

12 changes: 9 additions & 3 deletions gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.trustroot.v1.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -151,11 +151,11 @@ pub struct SigningConfig {
///
/// This URL **MUST** be the "base" URL for the CA, which clients
/// should construct an appropriate CSR endpoint on top of.
/// For example, if `fulcio_url` is `<https://example.com/ca`,> then
/// For example, if `ca_url` is `<https://example.com/ca`,> then
/// the client **MAY** construct the CSR endpoint as
/// `<https://example.com/ca/api/v2/signingCert`.>
#[prost(string, tag = "1")]
pub fulcio_url: ::prost::alloc::string::String,
pub ca_url: ::prost::alloc::string::String,
/// A URL to an OpenID Connect identity provider.
///
/// This URL **MUST** be the "base" URL for the OIDC IdP, which clients
Expand All @@ -167,7 +167,13 @@ pub struct SigningConfig {
/// This URL **MUST** be the "base" URL for the transparency log,
/// which clients should construct appropriate API endpoints on top of.
#[prost(string, tag = "3")]
pub rekor_url: ::prost::alloc::string::String,
pub tlog_url: ::prost::alloc::string::String,
/// A URL to a Sigstore-compatible Time Stamping Authority (TSA).
///
/// This URL **MUST** be the "base" URL for the TSA, which clients
/// should construct appropriate API endpoints on top of.
#[prost(string, tag = "4")]
pub tsa_url: ::prost::alloc::string::String,
}
/// ClientTrustConfig describes the complete state needed by a client
/// to perform both signing and verification operations against a particular
Expand Down
Binary file modified gen/pb-rust/sigstore-protobuf-specs/src/generated/file_descriptor_set.bin
View file
Binary file not shown.
25 changes: 17 additions & 8 deletions gen/pb-typescript/src/__generated__/sigstore_trustroot.ts
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

12 changes: 9 additions & 3 deletions protos/sigstore_trustroot.proto
View file
Original file line number Diff line number Diff line change
Expand Up @@ -130,10 +130,10 @@ message SigningConfig {
//
// This URL **MUST** be the "base" URL for the CA, which clients
// should construct an appropriate CSR endpoint on top of.
// For example, if `fulcio_url` is `https://example.com/ca`, then
// For example, if `ca_url` is `https://example.com/ca`, then
// the client **MAY** construct the CSR endpoint as
// `https://example.com/ca/api/v2/signingCert`.
string fulcio_url = 1;
string ca_url = 1;

// A URL to an OpenID Connect identity provider.
//
Expand All @@ -145,7 +145,13 @@ message SigningConfig {
//
// This URL **MUST** be the "base" URL for the transparency log,
// which clients should construct appropriate API endpoints on top of.
string rekor_url = 3;
string tlog_url = 3;

// A URL to a Sigstore-compatible Time Stamping Authority (TSA).
//
// This URL **MUST** be the "base" URL for the TSA, which clients
// should construct appropriate API endpoints on top of.
string tsa_url = 4;
}

// ClientTrustConfig describes the complete state needed by a client
Expand Down

0 comments on commit 32b066c

Please sign in to comment.