Skip to content

Commit

Permalink
gen, protos: 0.3, single cert
Browse files Browse the repository at this point in the history 
Signed-off-by: William Woodruff <[email protected]>
  • Loading branch information
@woodruffw
woodruffw committed Jan 10, 2024
1 parent d96fa44 commit 924b051
Show file tree
Hide file tree
Showing 23 changed files with 297 additions and 167 deletions.
19 changes: 14 additions & 5 deletions gen/jsonschema/schemas/Bundle.schema.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
"properties": {
"mediaType": {
"type": "string",
"description": "MUST be application/vnd.dev.sigstore.bundle+json;version=0.1 or application/vnd.dev.sigstore.bundle+json;version=0.2 when encoded as JSON."
"description": "MUST be application/vnd.dev.sigstore.bundle+json;version=0.1 or application/vnd.dev.sigstore.bundle+json;version=0.2 or application/vnd.dev.sigstore.bundle+json;version=0.3 when encoded as JSON."
},
"verificationMaterial": {
"$ref": "#/definitions/dev.sigstore.bundle.v1.VerificationMaterial",
Expand Down Expand Up @@ -52,8 +52,8 @@
},
"additionalProperties": false,
"type": "object",
"title": "Notes on versioning.\n The primary message ('Bundle') MUST be versioned, by populating the\n 'media_type' field. Semver-ish (only major/minor versions) scheme MUST\n be used. The current version as specified by this file is:\n application/vnd.dev.sigstore.bundle+json;version=0.2\n The semantic version is thus '0.2'.",
"description": "Notes on versioning. The primary message ('Bundle') MUST be versioned, by populating the 'media_type' field. Semver-ish (only major/minor versions) scheme MUST be used. The current version as specified by this file is: application/vnd.dev.sigstore.bundle+json;version=0.2 The semantic version is thus '0.2'. Various timestamped counter signatures over the artifacts signature. Currently only RFC3161 signatures are provided. More formats may be added in the future."
"title": "Notes on versioning.\n The primary message ('Bundle') MUST be versioned, by populating the\n 'media_type' field. Semver-ish (only major/minor versions) scheme MUST\n be used. The current version as specified by this file is:\n application/vnd.dev.sigstore.bundle+json;version=0.3\n The semantic version is thus '0.3'.",
"description": "Notes on versioning. The primary message ('Bundle') MUST be versioned, by populating the 'media_type' field. Semver-ish (only major/minor versions) scheme MUST be used. The current version as specified by this file is: application/vnd.dev.sigstore.bundle+json;version=0.3 The semantic version is thus '0.3'. Various timestamped counter signatures over the artifacts signature. Currently only RFC3161 signatures are provided. More formats may be added in the future."
},
"dev.sigstore.bundle.v1.VerificationMaterial": {
"properties": {
Expand All @@ -65,6 +65,10 @@
"$ref": "#/definitions/dev.sigstore.common.v1.X509CertificateChain",
"additionalProperties": false
},
"certificate": {
"$ref": "#/definitions/dev.sigstore.common.v1.X509Certificate",
"additionalProperties": false
},
"tlogEntries": {
"items": {
"$ref": "#/definitions/dev.sigstore.rekor.v1.TransparencyLogEntry"
Expand All @@ -91,6 +95,11 @@
"required": [
"x509_certificate_chain"
]
},
{
"required": [
"certificate"
]
}
],
"title": "Verification Material",
Expand Down Expand Up @@ -199,13 +208,13 @@
},
"additionalProperties": false,
"type": "array",
"description": "The chain of certificates, with indices 0 to n. The first certificate in the array must be the leaf certificate used for signing. Signers MUST NOT include their root CA certificates in their embedded certificate chains, and SHOULD NOT include intermediate CA certificates that appear in independent roots of trust. Verifiers MUST validate the chain carefully to ensure that it chains up to a root CA certificate that they trust, regardless of whether the chain includes additional intermediate/root CA certificates. Verifiers MAY enforce additional constraints, such as requiring that all intermediate CA certificates appear in an independent root of trust. Verifiers SHOULD handle old or non-complying bundles that have additional intermediate/root CA certificates."
"description": "One or more DER-encoded certificates. In some contexts (such as `VerificationMaterial.certificate`), this sequence has an imposed order. Unless explicitly specified, there is otherwise no guaranteed order."
}
},
"additionalProperties": false,
"type": "object",
"title": "X 509 Certificate Chain",
"description": "A chain of X.509 certificates."
"description": "A collection of X.509 certificates. NOTE: \"Chain\" is a misnomer in this context, since there is no one true certificate chain in most PKI schemes. This message should be treated as a generic collection of certificates for path construction."
},
"dev.sigstore.rekor.v1.Checkpoint": {
"properties": {
Expand Down
4 changes: 2 additions & 2 deletions gen/jsonschema/schemas/CertificateAuthority.schema.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,13 +86,13 @@
},
"additionalProperties": false,
"type": "array",
"description": "The chain of certificates, with indices 0 to n. The first certificate in the array must be the leaf certificate used for signing. Signers MUST NOT include their root CA certificates in their embedded certificate chains, and SHOULD NOT include intermediate CA certificates that appear in independent roots of trust. Verifiers MUST validate the chain carefully to ensure that it chains up to a root CA certificate that they trust, regardless of whether the chain includes additional intermediate/root CA certificates. Verifiers MAY enforce additional constraints, such as requiring that all intermediate CA certificates appear in an independent root of trust. Verifiers SHOULD handle old or non-complying bundles that have additional intermediate/root CA certificates."
"description": "One or more DER-encoded certificates. In some contexts (such as `VerificationMaterial.certificate`), this sequence has an imposed order. Unless explicitly specified, there is otherwise no guaranteed order."
}
},
"additionalProperties": false,
"type": "object",
"title": "X 509 Certificate Chain",
"description": "A chain of X.509 certificates."
"description": "A collection of X.509 certificates. NOTE: \"Chain\" is a misnomer in this context, since there is no one true certificate chain in most PKI schemes. This message should be treated as a generic collection of certificates for path construction."
}
}
}
19 changes: 14 additions & 5 deletions gen/jsonschema/schemas/Input.schema.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@
"properties": {
"mediaType": {
"type": "string",
"description": "MUST be application/vnd.dev.sigstore.bundle+json;version=0.1 or application/vnd.dev.sigstore.bundle+json;version=0.2 when encoded as JSON."
"description": "MUST be application/vnd.dev.sigstore.bundle+json;version=0.1 or application/vnd.dev.sigstore.bundle+json;version=0.2 or application/vnd.dev.sigstore.bundle+json;version=0.3 when encoded as JSON."
},
"verificationMaterial": {
"$ref": "#/definitions/dev.sigstore.bundle.v1.VerificationMaterial",
Expand Down Expand Up @@ -85,8 +85,8 @@
},
"additionalProperties": false,
"type": "object",
"title": "Notes on versioning.\n The primary message ('Bundle') MUST be versioned, by populating the\n 'media_type' field. Semver-ish (only major/minor versions) scheme MUST\n be used. The current version as specified by this file is:\n application/vnd.dev.sigstore.bundle+json;version=0.2\n The semantic version is thus '0.2'.",
"description": "Notes on versioning. The primary message ('Bundle') MUST be versioned, by populating the 'media_type' field. Semver-ish (only major/minor versions) scheme MUST be used. The current version as specified by this file is: application/vnd.dev.sigstore.bundle+json;version=0.2 The semantic version is thus '0.2'. Various timestamped counter signatures over the artifacts signature. Currently only RFC3161 signatures are provided. More formats may be added in the future."
"title": "Notes on versioning.\n The primary message ('Bundle') MUST be versioned, by populating the\n 'media_type' field. Semver-ish (only major/minor versions) scheme MUST\n be used. The current version as specified by this file is:\n application/vnd.dev.sigstore.bundle+json;version=0.3\n The semantic version is thus '0.3'.",
"description": "Notes on versioning. The primary message ('Bundle') MUST be versioned, by populating the 'media_type' field. Semver-ish (only major/minor versions) scheme MUST be used. The current version as specified by this file is: application/vnd.dev.sigstore.bundle+json;version=0.3 The semantic version is thus '0.3'. Various timestamped counter signatures over the artifacts signature. Currently only RFC3161 signatures are provided. More formats may be added in the future."
},
"dev.sigstore.bundle.v1.VerificationMaterial": {
"properties": {
Expand All @@ -98,6 +98,10 @@
"$ref": "#/definitions/dev.sigstore.common.v1.X509CertificateChain",
"additionalProperties": false
},
"certificate": {
"$ref": "#/definitions/dev.sigstore.common.v1.X509Certificate",
"additionalProperties": false
},
"tlogEntries": {
"items": {
"$ref": "#/definitions/dev.sigstore.rekor.v1.TransparencyLogEntry"
Expand All @@ -124,6 +128,11 @@
"required": [
"x509_certificate_chain"
]
},
{
"required": [
"certificate"
]
}
],
"title": "Verification Material",
Expand Down Expand Up @@ -381,13 +390,13 @@
},
"additionalProperties": false,
"type": "array",
"description": "The chain of certificates, with indices 0 to n. The first certificate in the array must be the leaf certificate used for signing. Signers MUST NOT include their root CA certificates in their embedded certificate chains, and SHOULD NOT include intermediate CA certificates that appear in independent roots of trust. Verifiers MUST validate the chain carefully to ensure that it chains up to a root CA certificate that they trust, regardless of whether the chain includes additional intermediate/root CA certificates. Verifiers MAY enforce additional constraints, such as requiring that all intermediate CA certificates appear in an independent root of trust. Verifiers SHOULD handle old or non-complying bundles that have additional intermediate/root CA certificates."
"description": "One or more DER-encoded certificates. In some contexts (such as `VerificationMaterial.certificate`), this sequence has an imposed order. Unless explicitly specified, there is otherwise no guaranteed order."
}
},
"additionalProperties": false,
"type": "object",
"title": "X 509 Certificate Chain",
"description": "A chain of X.509 certificates."
"description": "A collection of X.509 certificates. NOTE: \"Chain\" is a misnomer in this context, since there is no one true certificate chain in most PKI schemes. This message should be treated as a generic collection of certificates for path construction."
},
"dev.sigstore.rekor.v1.Checkpoint": {
"properties": {
Expand Down
4 changes: 2 additions & 2 deletions gen/jsonschema/schemas/TimestampVerificationData.schema.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,8 +15,8 @@
},
"additionalProperties": false,
"type": "object",
"title": "Notes on versioning.\n The primary message ('Bundle') MUST be versioned, by populating the\n 'media_type' field. Semver-ish (only major/minor versions) scheme MUST\n be used. The current version as specified by this file is:\n application/vnd.dev.sigstore.bundle+json;version=0.2\n The semantic version is thus '0.2'.",
"description": "Notes on versioning. The primary message ('Bundle') MUST be versioned, by populating the 'media_type' field. Semver-ish (only major/minor versions) scheme MUST be used. The current version as specified by this file is: application/vnd.dev.sigstore.bundle+json;version=0.2 The semantic version is thus '0.2'. Various timestamped counter signatures over the artifacts signature. Currently only RFC3161 signatures are provided. More formats may be added in the future."
"title": "Notes on versioning.\n The primary message ('Bundle') MUST be versioned, by populating the\n 'media_type' field. Semver-ish (only major/minor versions) scheme MUST\n be used. The current version as specified by this file is:\n application/vnd.dev.sigstore.bundle+json;version=0.3\n The semantic version is thus '0.3'.",
"description": "Notes on versioning. The primary message ('Bundle') MUST be versioned, by populating the 'media_type' field. Semver-ish (only major/minor versions) scheme MUST be used. The current version as specified by this file is: application/vnd.dev.sigstore.bundle+json;version=0.3 The semantic version is thus '0.3'. Various timestamped counter signatures over the artifacts signature. Currently only RFC3161 signatures are provided. More formats may be added in the future."
},
"dev.sigstore.common.v1.RFC3161SignedTimestamp": {
"properties": {
Expand Down
4 changes: 2 additions & 2 deletions gen/jsonschema/schemas/TrustedRoot.schema.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -162,13 +162,13 @@
},
"additionalProperties": false,
"type": "array",
"description": "The chain of certificates, with indices 0 to n. The first certificate in the array must be the leaf certificate used for signing. Signers MUST NOT include their root CA certificates in their embedded certificate chains, and SHOULD NOT include intermediate CA certificates that appear in independent roots of trust. Verifiers MUST validate the chain carefully to ensure that it chains up to a root CA certificate that they trust, regardless of whether the chain includes additional intermediate/root CA certificates. Verifiers MAY enforce additional constraints, such as requiring that all intermediate CA certificates appear in an independent root of trust. Verifiers SHOULD handle old or non-complying bundles that have additional intermediate/root CA certificates."
"description": "One or more DER-encoded certificates. In some contexts (such as `VerificationMaterial.certificate`), this sequence has an imposed order. Unless explicitly specified, there is otherwise no guaranteed order."
}
},
"additionalProperties": false,
"type": "object",
"title": "X 509 Certificate Chain",
"description": "A chain of X.509 certificates."
"description": "A collection of X.509 certificates. NOTE: \"Chain\" is a misnomer in this context, since there is no one true certificate chain in most PKI schemes. This message should be treated as a generic collection of certificates for path construction."
},
"dev.sigstore.trustroot.v1.CertificateAuthority": {
"properties": {
Expand Down
17 changes: 13 additions & 4 deletions gen/jsonschema/schemas/VerificationMaterial.schema.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,10 @@
"$ref": "#/definitions/dev.sigstore.common.v1.X509CertificateChain",
"additionalProperties": false
},
"certificate": {
"$ref": "#/definitions/dev.sigstore.common.v1.X509Certificate",
"additionalProperties": false
},
"tlogEntries": {
"items": {
"$ref": "#/definitions/dev.sigstore.rekor.v1.TransparencyLogEntry"
Expand All @@ -38,6 +42,11 @@
"required": [
"x509_certificate_chain"
]
},
{
"required": [
"certificate"
]
}
],
"title": "Verification Material",
Expand All @@ -56,8 +65,8 @@
},
"additionalProperties": false,
"type": "object",
"title": "Notes on versioning.\n The primary message ('Bundle') MUST be versioned, by populating the\n 'media_type' field. Semver-ish (only major/minor versions) scheme MUST\n be used. The current version as specified by this file is:\n application/vnd.dev.sigstore.bundle+json;version=0.2\n The semantic version is thus '0.2'.",
"description": "Notes on versioning. The primary message ('Bundle') MUST be versioned, by populating the 'media_type' field. Semver-ish (only major/minor versions) scheme MUST be used. The current version as specified by this file is: application/vnd.dev.sigstore.bundle+json;version=0.2 The semantic version is thus '0.2'. Various timestamped counter signatures over the artifacts signature. Currently only RFC3161 signatures are provided. More formats may be added in the future."
"title": "Notes on versioning.\n The primary message ('Bundle') MUST be versioned, by populating the\n 'media_type' field. Semver-ish (only major/minor versions) scheme MUST\n be used. The current version as specified by this file is:\n application/vnd.dev.sigstore.bundle+json;version=0.3\n The semantic version is thus '0.3'.",
"description": "Notes on versioning. The primary message ('Bundle') MUST be versioned, by populating the 'media_type' field. Semver-ish (only major/minor versions) scheme MUST be used. The current version as specified by this file is: application/vnd.dev.sigstore.bundle+json;version=0.3 The semantic version is thus '0.3'. Various timestamped counter signatures over the artifacts signature. Currently only RFC3161 signatures are provided. More formats may be added in the future."
},
"dev.sigstore.common.v1.LogId": {
"properties": {
Expand Down Expand Up @@ -120,13 +129,13 @@
},
"additionalProperties": false,
"type": "array",
"description": "The chain of certificates, with indices 0 to n. The first certificate in the array must be the leaf certificate used for signing. Signers MUST NOT include their root CA certificates in their embedded certificate chains, and SHOULD NOT include intermediate CA certificates that appear in independent roots of trust. Verifiers MUST validate the chain carefully to ensure that it chains up to a root CA certificate that they trust, regardless of whether the chain includes additional intermediate/root CA certificates. Verifiers MAY enforce additional constraints, such as requiring that all intermediate CA certificates appear in an independent root of trust. Verifiers SHOULD handle old or non-complying bundles that have additional intermediate/root CA certificates."
"description": "One or more DER-encoded certificates. In some contexts (such as `VerificationMaterial.certificate`), this sequence has an imposed order. Unless explicitly specified, there is otherwise no guaranteed order."
}
},
"additionalProperties": false,
"type": "object",
"title": "X 509 Certificate Chain",
"description": "A chain of X.509 certificates."
"description": "A collection of X.509 certificates. NOTE: \"Chain\" is a misnomer in this context, since there is no one true certificate chain in most PKI schemes. This message should be treated as a generic collection of certificates for path construction."
},
"dev.sigstore.rekor.v1.Checkpoint": {
"properties": {
Expand Down
Loading

0 comments on commit 924b051

Please sign in to comment.