-
Notifications
You must be signed in to change notification settings - Fork 31
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
trustroot: initial client config messages (#277)
* trustroot: initial client config messages Signed-off-by: William Woodruff <[email protected]> * trustroot: docs Signed-off-by: William Woodruff <[email protected]> * codegen Signed-off-by: William Woodruff <[email protected]> * add TSA url, rename Signed-off-by: William Woodruff <[email protected]> * tweak tsa_url Signed-off-by: William Woodruff <[email protected]> * gen, protos: multiple tlogs and tsas Signed-off-by: William Woodruff <[email protected]> * Apply suggestions from code review Co-authored-by: Fredrik Skogman <[email protected]> Signed-off-by: William Woodruff <[email protected]> * gen: regenerate Signed-off-by: William Woodruff <[email protected]> --------- Signed-off-by: William Woodruff <[email protected]> Signed-off-by: William Woodruff <[email protected]> Co-authored-by: Fredrik Skogman <[email protected]>
- Loading branch information
1 parent
0d09353
commit 58ba3ec
Showing
9 changed files
with
943 additions
and
85 deletions.
There are no files selected for viewing
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
{ | ||
"$schema": "http://json-schema.org/draft-04/schema#", | ||
"$ref": "#/definitions/SigningConfig", | ||
"definitions": { | ||
"SigningConfig": { | ||
"properties": { | ||
"caUrl": { | ||
"type": "string", | ||
"description": "A URL to a Fulcio-compatible CA, capable of receiving Certificate Signing Requests (CSRs) and responding with issued certificates. This URL **MUST** be the \"base\" URL for the CA, which clients should construct an appropriate CSR endpoint on top of. For example, if `ca_url` is `https://example.com/ca`, then the client **MAY** construct the CSR endpoint as `https://example.com/ca/api/v2/signingCert`." | ||
}, | ||
"oidcUrl": { | ||
"type": "string", | ||
"description": "A URL to an OpenID Connect identity provider. This URL **MUST** be the \"base\" URL for the OIDC IdP, which clients should perform well-known OpenID Connect discovery against." | ||
}, | ||
"tlogUrls": { | ||
"items": { | ||
"type": "string" | ||
}, | ||
"type": "array", | ||
"description": "One or more URLs to Rekor-compatible transparency log. Each URL **MUST** be the \"base\" URL for the transparency log, which clients should construct appropriate API endpoints on top of." | ||
}, | ||
"tsaUrls": { | ||
"items": { | ||
"type": "string" | ||
}, | ||
"type": "array", | ||
"description": "One ore more URLs to RFC 3161 Time Stamping Authority (TSA). Each URL **MUST** be the **full** URL for the TSA, meaning that it should be suitable for submitting Time Stamp Requests (TSRs) to via HTTP, per RFC 3161." | ||
} | ||
}, | ||
"additionalProperties": false, | ||
"type": "object", | ||
"title": "Signing Config", | ||
"description": "SigningConfig represents the trusted entities/state needed by Sigstore signing. In particular, it primarily contains service URLs that a Sigstore signer may need to connect to for the online aspects of signing." | ||
} | ||
} | ||
} |
Large diffs are not rendered by default.
Oops, something went wrong.
59 changes: 59 additions & 0 deletions
59
gen/pb-python/sigstore_protobuf_specs/dev/sigstore/trustroot/v1/__init__.py
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Binary file modified
BIN
+2.47 KB
(100%)
gen/pb-rust/sigstore-protobuf-specs/src/generated/file_descriptor_set.bin
Binary file not shown.
114 changes: 114 additions & 0 deletions
114
gen/pb-typescript/src/__generated__/sigstore_trustroot.ts
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters