diff --git a/Makefile b/Makefile index 05d81d00..e3fdad05 100644 --- a/Makefile +++ b/Makefile @@ -15,7 +15,6 @@ PROTOC_IMAGE = protoc-base PROTOC_GO_IMAGE = protoc-go -PROTOC_JSONSCHEMA_IMAGE = protoc-jsonschema PROTOC_PYTHON_IMAGE = protoc-python PROTOC_RUBY_IMAGE = protoc-ruby PROTOC_RUST_IMAGE = protoc-rust @@ -32,24 +31,24 @@ GID ?= $(shell id -g) DOCKER_BUILD = docker build --platform ${PLATFORM} --build-arg UID=${UID} DOCKER_RUN = docker run --platform ${PLATFORM} --user ${UID}:${GID} -PROTOS = $(shell find protos/ -iname "*.proto" | sed 's|^|/defs/|') +PROTOS = $(shell find protos/ service-protos/ -iname "*.proto" | sed 's|^|/defs/|') +PROTO_INCLUDES=-I/opt/include -I/googleapis -I/defs/protos -I/defs/service-protos include protoc-builder/versions.mk # generate all language protobuf code -all: go python typescript ruby jsonschema rust +all: go python typescript ruby rust # generate Go protobuf code go: base-image-go @echo "Generating go proto Docker image" cd protoc-builder && ${DOCKER_BUILD} -t ${PROTOC_GO_IMAGE} -f Dockerfile.go . @echo "Generating go protobuf files" - ${DOCKER_RUN} -v ${PWD}:/defs ${PROTOC_GO_IMAGE} \ - -I/opt/include -I/googleapis -I/defs/protos \ + ${DOCKER_RUN} -v ${PWD}:/defs ${PROTOC_GO_IMAGE} ${PROTO_INCLUDES}\ --go_opt=module=github.com/sigstore/protobuf-specs/gen/pb-go --go_out=/defs/gen/pb-go ${PROTOS} # an image on ghcr for generating defintions for sigstore services -services-image: go +services-image: base-image-go @echo "Generating go proto base image" cd protoc-builder && ${DOCKER_BUILD} -t ${PROTOC_GO_IMAGE} -f Dockerfile.go . @echo "Generating services Docker image" @@ -60,33 +59,22 @@ python: base-image-python @echo "Generating python proto Docker image" cd protoc-builder && ${DOCKER_BUILD} -t ${PROTOC_PYTHON_IMAGE} -f Dockerfile.python . @echo "Generating python protobuf files" - ${DOCKER_RUN} -v ${PWD}:/defs ${PROTOC_PYTHON_IMAGE} \ - -I/opt/include -I/googleapis -I/defs/protos \ + ${DOCKER_RUN} -v ${PWD}:/defs ${PROTOC_PYTHON_IMAGE} ${PROTO_INCLUDES}\ --python_betterproto_opt=pydantic_dataclasses --python_betterproto_out=/defs/gen/pb-python/sigstore_protobuf_specs ${PROTOS} typescript: base-image-typescript @echo "Generating typescript proto Docker image" cd protoc-builder && ${DOCKER_BUILD} -t ${PROTOC_TYPESCRIPT_IMAGE} -f Dockerfile.typescript . @echo "Generating javascript protobuf files" - ${DOCKER_RUN} -v ${PWD}:/defs ${PROTOC_TYPESCRIPT_IMAGE} \ - -I/opt/include -I/googleapis -I/defs/protos \ + ${DOCKER_RUN} -v ${PWD}:/defs ${PROTOC_TYPESCRIPT_IMAGE} ${PROTO_INCLUDES}\ --ts_proto_out=/defs/gen/pb-typescript/src/__generated__ --ts_proto_opt=oneof=unions,forceLong=string,env=node,exportCommonSymbols=false,outputPartialMethods=false,outputEncodeMethods=false,unrecognizedEnum=false ${PROTOS} ruby: base-image-ruby @echo "Generating ruby proto Docker image" cd protoc-builder && ${DOCKER_BUILD} -t ${PROTOC_RUBY_IMAGE} -f Dockerfile.ruby . @echo "Generating ruby protobuf files" - ${DOCKER_RUN} -v ${PWD}:/defs ${PROTOC_RUBY_IMAGE} \ - -I/opt/include -I/googleapis -I/defs/protos --ruby_out=/defs/gen/pb-ruby/lib ${PROTOS} - -jsonschema: base-image-jsonschema - @echo "Generating jsonschema proto Docker image" - cd protoc-builder && ${DOCKER_BUILD} -t ${PROTOC_JSONSCHEMA_IMAGE} -f Dockerfile.jsonschema . - @echo "Generating JSON schema files" - mkdir -p gen/jsonschema/schemas - ${DOCKER_RUN} -v ${PWD}:/defs ${PROTOC_JSONSCHEMA_IMAGE} \ - -I/opt/include -I/googleapis -I/defs/protos \ - --jsonschema_out=/defs/gen/jsonschema/schemas --jsonschema_opt=disallow_additional_properties --jsonschema_opt=enforce_oneof --jsonschema_opt=enums_as_strings_only --jsonschema_opt=file_extension=schema.json --jsonschema_opt=json_fieldnames ${PROTOS} + ${DOCKER_RUN} -v ${PWD}:/defs ${PROTOC_RUBY_IMAGE} ${PROTO_INCLUDES}\ + --ruby_out=/defs/gen/pb-ruby/lib ${PROTOS} rust: base-image-rust @echo "Generating rust proto Docker image" @@ -103,14 +91,6 @@ base-image-go: --build-arg PROTOC_CHECKSUM=${GO_PROTOC_CHECKSUM} \ --build-arg GOOGLEAPIS_COMMIT=${GO_GOOGLEAPIS_COMMIT} . -.PHONY: base-image-jsonschema -base-image-jsonschema: - @echo "Building base docker image for jsonschema" - cd protoc-builder && ${DOCKER_BUILD} ${DOCKER_CACHE} -t ${PROTOC_IMAGE}:jsonschema -f Dockerfile.protoc \ - --build-arg PROTOC_VERSION=${JSONSCHEMA_PROTOC_VERSION} \ - --build-arg PROTOC_CHECKSUM=${JSONSCHEMA_PROTOC_CHECKSUM} \ - --build-arg GOOGLEAPIS_COMMIT=${JSONSCHEMA_GOOGLEAPIS_COMMIT} . - .PHONY: base-image-python base-image-python: @echo "Building base docker image for Python" @@ -150,7 +130,6 @@ base-image-typescript: base-image-no-cache: @echo "Building development docker images with disabled cache" @DOCKER_CACHE="--no-cache" make base-image-go - @DOCKER_CACHE="--no-cache" make base-image-jsonschema @DOCKER_CACHE="--no-cache" make base-image-python @DOCKER_CACHE="--no-cache" make base-image-ruby @DOCKER_CACHE="--no-cache" make base-image-rust @@ -162,10 +141,9 @@ clean: gen/pb-typescript/src/__generated__/* \ gen/pb-python/sigstore_protobuf_specs/dev \ gen/pb-python/sigstore_protobuf_specs/io \ - gen/pb-rust/target \ - gen/jsonschema/schemas + gen/pb-rust/target + find gen/pb-ruby/ -type f -name '*_pb.rb' -delete docker rmi -f ${PROTOC_IMAGE}:go ${PROTOC_GO_IMAGE} \ - ${PROTOC_IMAGE}:jsonschema ${PROTOC_JSONSCHEMA_IMAGE} \ ${PROTOC_IMAGE}:python ${PROTOC_PYTHON_IMAGE} \ ${PROTOC_IMAGE}:ruby ${PROTOC_RUBY_IMAGE} \ ${PROTOC_IMAGE}:rust ${PROTOC_RUST_IMAGE} \ diff --git a/gen/pb-go/rekor/v2/dsse.pb.go b/gen/pb-go/rekor/v2/dsse.pb.go new file mode 100644 index 00000000..75390c31 --- /dev/null +++ b/gen/pb-go/rekor/v2/dsse.pb.go @@ -0,0 +1,248 @@ +// Copyright 2025 The Sigstore Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.36.5 +// protoc v6.30.2 +// source: rekor/v2/dsse.proto + +package v2 + +import ( + v1 "github.com/sigstore/protobuf-specs/gen/pb-go/common/v1" + dsse "github.com/sigstore/protobuf-specs/gen/pb-go/dsse" + _ "google.golang.org/genproto/googleapis/api/annotations" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" + unsafe "unsafe" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// A request to add a DSSE v0.0.2 entry to the log +type DSSERequestV002 struct { + state protoimpl.MessageState `protogen:"open.v1"` + // A DSSE envelope + Envelope *dsse.Envelope `protobuf:"bytes,1,opt,name=envelope,proto3" json:"envelope,omitempty"` + // All necessary verification material to verify all signatures embedded in the envelope + Verifiers []*Verifier `protobuf:"bytes,2,rep,name=verifiers,proto3" json:"verifiers,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *DSSERequestV002) Reset() { + *x = DSSERequestV002{} + mi := &file_rekor_v2_dsse_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *DSSERequestV002) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*DSSERequestV002) ProtoMessage() {} + +func (x *DSSERequestV002) ProtoReflect() protoreflect.Message { + mi := &file_rekor_v2_dsse_proto_msgTypes[0] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use DSSERequestV002.ProtoReflect.Descriptor instead. +func (*DSSERequestV002) Descriptor() ([]byte, []int) { + return file_rekor_v2_dsse_proto_rawDescGZIP(), []int{0} +} + +func (x *DSSERequestV002) GetEnvelope() *dsse.Envelope { + if x != nil { + return x.Envelope + } + return nil +} + +func (x *DSSERequestV002) GetVerifiers() []*Verifier { + if x != nil { + return x.Verifiers + } + return nil +} + +type DSSELogEntryV002 struct { + state protoimpl.MessageState `protogen:"open.v1"` + // The hash of the DSSE payload + PayloadHash *v1.HashOutput `protobuf:"bytes,1,opt,name=payloadHash,proto3" json:"payloadHash,omitempty"` + // Signatures and their associated verification material used to verify the payload + Signatures []*Signature `protobuf:"bytes,2,rep,name=signatures,proto3" json:"signatures,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *DSSELogEntryV002) Reset() { + *x = DSSELogEntryV002{} + mi := &file_rekor_v2_dsse_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *DSSELogEntryV002) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*DSSELogEntryV002) ProtoMessage() {} + +func (x *DSSELogEntryV002) ProtoReflect() protoreflect.Message { + mi := &file_rekor_v2_dsse_proto_msgTypes[1] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use DSSELogEntryV002.ProtoReflect.Descriptor instead. +func (*DSSELogEntryV002) Descriptor() ([]byte, []int) { + return file_rekor_v2_dsse_proto_rawDescGZIP(), []int{1} +} + +func (x *DSSELogEntryV002) GetPayloadHash() *v1.HashOutput { + if x != nil { + return x.PayloadHash + } + return nil +} + +func (x *DSSELogEntryV002) GetSignatures() []*Signature { + if x != nil { + return x.Signatures + } + return nil +} + +var File_rekor_v2_dsse_proto protoreflect.FileDescriptor + +var file_rekor_v2_dsse_proto_rawDesc = string([]byte{ + 0x0a, 0x13, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2f, 0x76, 0x32, 0x2f, 0x64, 0x73, 0x73, 0x65, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x15, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, + 0x6f, 0x72, 0x65, 0x2e, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x1a, 0x1f, 0x67, 0x6f, + 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x62, + 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x15, 0x73, + 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x5f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0e, 0x65, 0x6e, 0x76, 0x65, 0x6c, 0x6f, 0x70, 0x65, 0x2e, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x17, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2f, 0x76, 0x32, 0x2f, 0x76, + 0x65, 0x72, 0x69, 0x66, 0x69, 0x65, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x8b, 0x01, + 0x0a, 0x0f, 0x44, 0x53, 0x53, 0x45, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x56, 0x30, 0x30, + 0x32, 0x12, 0x34, 0x0a, 0x08, 0x65, 0x6e, 0x76, 0x65, 0x6c, 0x6f, 0x70, 0x65, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x69, 0x6f, 0x2e, 0x69, 0x6e, 0x74, 0x6f, 0x74, 0x6f, 0x2e, + 0x45, 0x6e, 0x76, 0x65, 0x6c, 0x6f, 0x70, 0x65, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x08, 0x65, + 0x6e, 0x76, 0x65, 0x6c, 0x6f, 0x70, 0x65, 0x12, 0x42, 0x0a, 0x09, 0x76, 0x65, 0x72, 0x69, 0x66, + 0x69, 0x65, 0x72, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x64, 0x65, 0x76, + 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2e, + 0x76, 0x32, 0x2e, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x65, 0x72, 0x42, 0x03, 0xe0, 0x41, 0x02, + 0x52, 0x09, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x65, 0x72, 0x73, 0x22, 0xa4, 0x01, 0x0a, 0x10, + 0x44, 0x53, 0x53, 0x45, 0x4c, 0x6f, 0x67, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x56, 0x30, 0x30, 0x32, + 0x12, 0x49, 0x0a, 0x0b, 0x70, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x48, 0x61, 0x73, 0x68, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, + 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x48, + 0x61, 0x73, 0x68, 0x4f, 0x75, 0x74, 0x70, 0x75, 0x74, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x0b, + 0x70, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x48, 0x61, 0x73, 0x68, 0x12, 0x45, 0x0a, 0x0a, 0x73, + 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, + 0x20, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x72, + 0x65, 0x6b, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, + 0x65, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x0a, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, + 0x65, 0x73, 0x42, 0x79, 0x0a, 0x1b, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, + 0x72, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2e, 0x76, + 0x32, 0x42, 0x0b, 0x52, 0x65, 0x6b, 0x6f, 0x72, 0x56, 0x32, 0x44, 0x73, 0x73, 0x65, 0x50, 0x01, + 0x5a, 0x35, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x69, 0x67, + 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2d, 0x73, + 0x70, 0x65, 0x63, 0x73, 0x2f, 0x67, 0x65, 0x6e, 0x2f, 0x70, 0x62, 0x2d, 0x67, 0x6f, 0x2f, 0x72, + 0x65, 0x6b, 0x6f, 0x72, 0x2f, 0x76, 0x32, 0xea, 0x02, 0x13, 0x53, 0x69, 0x67, 0x73, 0x74, 0x6f, + 0x72, 0x65, 0x3a, 0x3a, 0x52, 0x65, 0x6b, 0x6f, 0x72, 0x3a, 0x3a, 0x56, 0x32, 0x62, 0x06, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x33, +}) + +var ( + file_rekor_v2_dsse_proto_rawDescOnce sync.Once + file_rekor_v2_dsse_proto_rawDescData []byte +) + +func file_rekor_v2_dsse_proto_rawDescGZIP() []byte { + file_rekor_v2_dsse_proto_rawDescOnce.Do(func() { + file_rekor_v2_dsse_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_rekor_v2_dsse_proto_rawDesc), len(file_rekor_v2_dsse_proto_rawDesc))) + }) + return file_rekor_v2_dsse_proto_rawDescData +} + +var file_rekor_v2_dsse_proto_msgTypes = make([]protoimpl.MessageInfo, 2) +var file_rekor_v2_dsse_proto_goTypes = []any{ + (*DSSERequestV002)(nil), // 0: dev.sigstore.rekor.v2.DSSERequestV002 + (*DSSELogEntryV002)(nil), // 1: dev.sigstore.rekor.v2.DSSELogEntryV002 + (*dsse.Envelope)(nil), // 2: io.intoto.Envelope + (*Verifier)(nil), // 3: dev.sigstore.rekor.v2.Verifier + (*v1.HashOutput)(nil), // 4: dev.sigstore.common.v1.HashOutput + (*Signature)(nil), // 5: dev.sigstore.rekor.v2.Signature +} +var file_rekor_v2_dsse_proto_depIdxs = []int32{ + 2, // 0: dev.sigstore.rekor.v2.DSSERequestV002.envelope:type_name -> io.intoto.Envelope + 3, // 1: dev.sigstore.rekor.v2.DSSERequestV002.verifiers:type_name -> dev.sigstore.rekor.v2.Verifier + 4, // 2: dev.sigstore.rekor.v2.DSSELogEntryV002.payloadHash:type_name -> dev.sigstore.common.v1.HashOutput + 5, // 3: dev.sigstore.rekor.v2.DSSELogEntryV002.signatures:type_name -> dev.sigstore.rekor.v2.Signature + 4, // [4:4] is the sub-list for method output_type + 4, // [4:4] is the sub-list for method input_type + 4, // [4:4] is the sub-list for extension type_name + 4, // [4:4] is the sub-list for extension extendee + 0, // [0:4] is the sub-list for field type_name +} + +func init() { file_rekor_v2_dsse_proto_init() } +func file_rekor_v2_dsse_proto_init() { + if File_rekor_v2_dsse_proto != nil { + return + } + file_rekor_v2_verifier_proto_init() + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: unsafe.Slice(unsafe.StringData(file_rekor_v2_dsse_proto_rawDesc), len(file_rekor_v2_dsse_proto_rawDesc)), + NumEnums: 0, + NumMessages: 2, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_rekor_v2_dsse_proto_goTypes, + DependencyIndexes: file_rekor_v2_dsse_proto_depIdxs, + MessageInfos: file_rekor_v2_dsse_proto_msgTypes, + }.Build() + File_rekor_v2_dsse_proto = out.File + file_rekor_v2_dsse_proto_goTypes = nil + file_rekor_v2_dsse_proto_depIdxs = nil +} diff --git a/gen/pb-go/rekor/v2/entry.pb.go b/gen/pb-go/rekor/v2/entry.pb.go new file mode 100644 index 00000000..3e18f8fc --- /dev/null +++ b/gen/pb-go/rekor/v2/entry.pb.go @@ -0,0 +1,288 @@ +// Copyright 2025 The Sigstore Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.36.5 +// protoc v6.30.2 +// source: rekor/v2/entry.proto + +package v2 + +import ( + _ "google.golang.org/genproto/googleapis/api/annotations" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" + unsafe "unsafe" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// Entry is the message that is canonicalized and uploaded to the log. +// This format is meant to be compliant with Rekor v1 entries in that +// the `apiVersion` and `kind` can be parsed before parsing the spec. +// Clients are expected to understand and handle the differences in the +// contents of `spec` between Rekor v1 (a polymorphic OpenAPI defintion) +// and Rekor v2 (a typed proto defintion). +type Entry struct { + state protoimpl.MessageState `protogen:"open.v1"` + Kind string `protobuf:"bytes,1,opt,name=kind,proto3" json:"kind,omitempty"` + ApiVersion string `protobuf:"bytes,2,opt,name=api_version,json=apiVersion,proto3" json:"api_version,omitempty"` + Spec *Spec `protobuf:"bytes,3,opt,name=spec,proto3" json:"spec,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *Entry) Reset() { + *x = Entry{} + mi := &file_rekor_v2_entry_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *Entry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Entry) ProtoMessage() {} + +func (x *Entry) ProtoReflect() protoreflect.Message { + mi := &file_rekor_v2_entry_proto_msgTypes[0] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Entry.ProtoReflect.Descriptor instead. +func (*Entry) Descriptor() ([]byte, []int) { + return file_rekor_v2_entry_proto_rawDescGZIP(), []int{0} +} + +func (x *Entry) GetKind() string { + if x != nil { + return x.Kind + } + return "" +} + +func (x *Entry) GetApiVersion() string { + if x != nil { + return x.ApiVersion + } + return "" +} + +func (x *Entry) GetSpec() *Spec { + if x != nil { + return x.Spec + } + return nil +} + +// Spec contains one of the Rekor entry types. +type Spec struct { + state protoimpl.MessageState `protogen:"open.v1"` + // Types that are valid to be assigned to Spec: + // + // *Spec_HashedRekordV002 + // *Spec_DsseV002 + Spec isSpec_Spec `protobuf_oneof:"spec"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *Spec) Reset() { + *x = Spec{} + mi := &file_rekor_v2_entry_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *Spec) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Spec) ProtoMessage() {} + +func (x *Spec) ProtoReflect() protoreflect.Message { + mi := &file_rekor_v2_entry_proto_msgTypes[1] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Spec.ProtoReflect.Descriptor instead. +func (*Spec) Descriptor() ([]byte, []int) { + return file_rekor_v2_entry_proto_rawDescGZIP(), []int{1} +} + +func (x *Spec) GetSpec() isSpec_Spec { + if x != nil { + return x.Spec + } + return nil +} + +func (x *Spec) GetHashedRekordV002() *HashedRekordLogEntryV002 { + if x != nil { + if x, ok := x.Spec.(*Spec_HashedRekordV002); ok { + return x.HashedRekordV002 + } + } + return nil +} + +func (x *Spec) GetDsseV002() *DSSELogEntryV002 { + if x != nil { + if x, ok := x.Spec.(*Spec_DsseV002); ok { + return x.DsseV002 + } + } + return nil +} + +type isSpec_Spec interface { + isSpec_Spec() +} + +type Spec_HashedRekordV002 struct { + HashedRekordV002 *HashedRekordLogEntryV002 `protobuf:"bytes,1,opt,name=hashed_rekord_v002,json=hashedRekordV002,proto3,oneof"` +} + +type Spec_DsseV002 struct { + DsseV002 *DSSELogEntryV002 `protobuf:"bytes,2,opt,name=dsse_v002,json=dsseV002,proto3,oneof"` +} + +func (*Spec_HashedRekordV002) isSpec_Spec() {} + +func (*Spec_DsseV002) isSpec_Spec() {} + +var File_rekor_v2_entry_proto protoreflect.FileDescriptor + +var file_rekor_v2_entry_proto_rawDesc = string([]byte{ + 0x0a, 0x14, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2f, 0x76, 0x32, 0x2f, 0x65, 0x6e, 0x74, 0x72, 0x79, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x15, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, + 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x1a, 0x1f, 0x67, + 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f, + 0x62, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x13, + 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2f, 0x76, 0x32, 0x2f, 0x64, 0x73, 0x73, 0x65, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x1a, 0x1b, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2f, 0x76, 0x32, 0x2f, 0x68, 0x61, + 0x73, 0x68, 0x65, 0x64, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x64, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x22, 0x7c, 0x0a, 0x05, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x17, 0x0a, 0x04, 0x6b, 0x69, 0x6e, + 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x04, 0x6b, 0x69, + 0x6e, 0x64, 0x12, 0x24, 0x0a, 0x0b, 0x61, 0x70, 0x69, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, + 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x0a, 0x61, 0x70, + 0x69, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x34, 0x0a, 0x04, 0x73, 0x70, 0x65, 0x63, + 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, + 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x53, + 0x70, 0x65, 0x63, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x04, 0x73, 0x70, 0x65, 0x63, 0x22, 0xc1, + 0x01, 0x0a, 0x04, 0x53, 0x70, 0x65, 0x63, 0x12, 0x64, 0x0a, 0x12, 0x68, 0x61, 0x73, 0x68, 0x65, + 0x64, 0x5f, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x64, 0x5f, 0x76, 0x30, 0x30, 0x32, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, + 0x72, 0x65, 0x2e, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x48, 0x61, 0x73, 0x68, + 0x65, 0x64, 0x52, 0x65, 0x6b, 0x6f, 0x72, 0x64, 0x4c, 0x6f, 0x67, 0x45, 0x6e, 0x74, 0x72, 0x79, + 0x56, 0x30, 0x30, 0x32, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x48, 0x00, 0x52, 0x10, 0x68, 0x61, 0x73, + 0x68, 0x65, 0x64, 0x52, 0x65, 0x6b, 0x6f, 0x72, 0x64, 0x56, 0x30, 0x30, 0x32, 0x12, 0x4b, 0x0a, + 0x09, 0x64, 0x73, 0x73, 0x65, 0x5f, 0x76, 0x30, 0x30, 0x32, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x27, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, + 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x44, 0x53, 0x53, 0x45, 0x4c, 0x6f, 0x67, + 0x45, 0x6e, 0x74, 0x72, 0x79, 0x56, 0x30, 0x30, 0x32, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x48, 0x00, + 0x52, 0x08, 0x64, 0x73, 0x73, 0x65, 0x56, 0x30, 0x30, 0x32, 0x42, 0x06, 0x0a, 0x04, 0x73, 0x70, + 0x65, 0x63, 0x42, 0x7a, 0x0a, 0x1b, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, + 0x72, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2e, 0x76, + 0x32, 0x42, 0x0c, 0x52, 0x65, 0x6b, 0x6f, 0x72, 0x56, 0x32, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x50, + 0x01, 0x5a, 0x35, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x69, + 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2d, + 0x73, 0x70, 0x65, 0x63, 0x73, 0x2f, 0x67, 0x65, 0x6e, 0x2f, 0x70, 0x62, 0x2d, 0x67, 0x6f, 0x2f, + 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2f, 0x76, 0x32, 0xea, 0x02, 0x13, 0x53, 0x69, 0x67, 0x73, 0x74, + 0x6f, 0x72, 0x65, 0x3a, 0x3a, 0x52, 0x65, 0x6b, 0x6f, 0x72, 0x3a, 0x3a, 0x56, 0x32, 0x62, 0x06, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, +}) + +var ( + file_rekor_v2_entry_proto_rawDescOnce sync.Once + file_rekor_v2_entry_proto_rawDescData []byte +) + +func file_rekor_v2_entry_proto_rawDescGZIP() []byte { + file_rekor_v2_entry_proto_rawDescOnce.Do(func() { + file_rekor_v2_entry_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_rekor_v2_entry_proto_rawDesc), len(file_rekor_v2_entry_proto_rawDesc))) + }) + return file_rekor_v2_entry_proto_rawDescData +} + +var file_rekor_v2_entry_proto_msgTypes = make([]protoimpl.MessageInfo, 2) +var file_rekor_v2_entry_proto_goTypes = []any{ + (*Entry)(nil), // 0: dev.sigstore.rekor.v2.Entry + (*Spec)(nil), // 1: dev.sigstore.rekor.v2.Spec + (*HashedRekordLogEntryV002)(nil), // 2: dev.sigstore.rekor.v2.HashedRekordLogEntryV002 + (*DSSELogEntryV002)(nil), // 3: dev.sigstore.rekor.v2.DSSELogEntryV002 +} +var file_rekor_v2_entry_proto_depIdxs = []int32{ + 1, // 0: dev.sigstore.rekor.v2.Entry.spec:type_name -> dev.sigstore.rekor.v2.Spec + 2, // 1: dev.sigstore.rekor.v2.Spec.hashed_rekord_v002:type_name -> dev.sigstore.rekor.v2.HashedRekordLogEntryV002 + 3, // 2: dev.sigstore.rekor.v2.Spec.dsse_v002:type_name -> dev.sigstore.rekor.v2.DSSELogEntryV002 + 3, // [3:3] is the sub-list for method output_type + 3, // [3:3] is the sub-list for method input_type + 3, // [3:3] is the sub-list for extension type_name + 3, // [3:3] is the sub-list for extension extendee + 0, // [0:3] is the sub-list for field type_name +} + +func init() { file_rekor_v2_entry_proto_init() } +func file_rekor_v2_entry_proto_init() { + if File_rekor_v2_entry_proto != nil { + return + } + file_rekor_v2_dsse_proto_init() + file_rekor_v2_hashedrekord_proto_init() + file_rekor_v2_entry_proto_msgTypes[1].OneofWrappers = []any{ + (*Spec_HashedRekordV002)(nil), + (*Spec_DsseV002)(nil), + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: unsafe.Slice(unsafe.StringData(file_rekor_v2_entry_proto_rawDesc), len(file_rekor_v2_entry_proto_rawDesc)), + NumEnums: 0, + NumMessages: 2, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_rekor_v2_entry_proto_goTypes, + DependencyIndexes: file_rekor_v2_entry_proto_depIdxs, + MessageInfos: file_rekor_v2_entry_proto_msgTypes, + }.Build() + File_rekor_v2_entry_proto = out.File + file_rekor_v2_entry_proto_goTypes = nil + file_rekor_v2_entry_proto_depIdxs = nil +} diff --git a/gen/pb-go/rekor/v2/hashedrekord.pb.go b/gen/pb-go/rekor/v2/hashedrekord.pb.go new file mode 100644 index 00000000..ca519b67 --- /dev/null +++ b/gen/pb-go/rekor/v2/hashedrekord.pb.go @@ -0,0 +1,242 @@ +// Copyright 2025 The Sigstore Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.36.5 +// protoc v6.30.2 +// source: rekor/v2/hashedrekord.proto + +package v2 + +import ( + v1 "github.com/sigstore/protobuf-specs/gen/pb-go/common/v1" + _ "google.golang.org/genproto/googleapis/api/annotations" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" + unsafe "unsafe" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// A request to add a hashedrekord v0.0.2 to the log +type HashedRekordRequestV002 struct { + state protoimpl.MessageState `protogen:"open.v1"` + // The hashed data + Digest []byte `protobuf:"bytes,1,opt,name=digest,proto3" json:"digest,omitempty"` + // A single signature over the hashed data with the verifier needed to validate it + Signature *Signature `protobuf:"bytes,2,opt,name=signature,proto3" json:"signature,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *HashedRekordRequestV002) Reset() { + *x = HashedRekordRequestV002{} + mi := &file_rekor_v2_hashedrekord_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *HashedRekordRequestV002) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*HashedRekordRequestV002) ProtoMessage() {} + +func (x *HashedRekordRequestV002) ProtoReflect() protoreflect.Message { + mi := &file_rekor_v2_hashedrekord_proto_msgTypes[0] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use HashedRekordRequestV002.ProtoReflect.Descriptor instead. +func (*HashedRekordRequestV002) Descriptor() ([]byte, []int) { + return file_rekor_v2_hashedrekord_proto_rawDescGZIP(), []int{0} +} + +func (x *HashedRekordRequestV002) GetDigest() []byte { + if x != nil { + return x.Digest + } + return nil +} + +func (x *HashedRekordRequestV002) GetSignature() *Signature { + if x != nil { + return x.Signature + } + return nil +} + +type HashedRekordLogEntryV002 struct { + state protoimpl.MessageState `protogen:"open.v1"` + // The hashed data + Data *v1.HashOutput `protobuf:"bytes,1,opt,name=data,proto3" json:"data,omitempty"` + // A single signature over the hashed data with the verifier needed to validate it + Signature *Signature `protobuf:"bytes,2,opt,name=signature,proto3" json:"signature,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *HashedRekordLogEntryV002) Reset() { + *x = HashedRekordLogEntryV002{} + mi := &file_rekor_v2_hashedrekord_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *HashedRekordLogEntryV002) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*HashedRekordLogEntryV002) ProtoMessage() {} + +func (x *HashedRekordLogEntryV002) ProtoReflect() protoreflect.Message { + mi := &file_rekor_v2_hashedrekord_proto_msgTypes[1] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use HashedRekordLogEntryV002.ProtoReflect.Descriptor instead. +func (*HashedRekordLogEntryV002) Descriptor() ([]byte, []int) { + return file_rekor_v2_hashedrekord_proto_rawDescGZIP(), []int{1} +} + +func (x *HashedRekordLogEntryV002) GetData() *v1.HashOutput { + if x != nil { + return x.Data + } + return nil +} + +func (x *HashedRekordLogEntryV002) GetSignature() *Signature { + if x != nil { + return x.Signature + } + return nil +} + +var File_rekor_v2_hashedrekord_proto protoreflect.FileDescriptor + +var file_rekor_v2_hashedrekord_proto_rawDesc = string([]byte{ + 0x0a, 0x1b, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2f, 0x76, 0x32, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x65, + 0x64, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x64, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x15, 0x64, + 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x72, 0x65, 0x6b, 0x6f, + 0x72, 0x2e, 0x76, 0x32, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, + 0x2f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x62, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x15, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x5f, + 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x17, 0x72, 0x65, + 0x6b, 0x6f, 0x72, 0x2f, 0x76, 0x32, 0x2f, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x65, 0x72, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x7b, 0x0a, 0x17, 0x48, 0x61, 0x73, 0x68, 0x65, 0x64, 0x52, + 0x65, 0x6b, 0x6f, 0x72, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x56, 0x30, 0x30, 0x32, + 0x12, 0x1b, 0x0a, 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, + 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x12, 0x43, 0x0a, + 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x20, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, + 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, + 0x72, 0x65, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, + 0x72, 0x65, 0x22, 0x9c, 0x01, 0x0a, 0x18, 0x48, 0x61, 0x73, 0x68, 0x65, 0x64, 0x52, 0x65, 0x6b, + 0x6f, 0x72, 0x64, 0x4c, 0x6f, 0x67, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x56, 0x30, 0x30, 0x32, 0x12, + 0x3b, 0x0a, 0x04, 0x64, 0x61, 0x74, 0x61, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, + 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, + 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x48, 0x61, 0x73, 0x68, 0x4f, 0x75, 0x74, 0x70, 0x75, + 0x74, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x04, 0x64, 0x61, 0x74, 0x61, 0x12, 0x43, 0x0a, 0x09, + 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x20, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x72, + 0x65, 0x6b, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, + 0x65, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, + 0x65, 0x42, 0x81, 0x01, 0x0a, 0x1b, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, + 0x72, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2e, 0x76, + 0x32, 0x42, 0x13, 0x52, 0x65, 0x6b, 0x6f, 0x72, 0x56, 0x32, 0x48, 0x61, 0x73, 0x68, 0x65, 0x64, + 0x52, 0x65, 0x6b, 0x6f, 0x72, 0x64, 0x50, 0x01, 0x5a, 0x35, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, + 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2d, 0x73, 0x70, 0x65, 0x63, 0x73, 0x2f, 0x67, 0x65, 0x6e, + 0x2f, 0x70, 0x62, 0x2d, 0x67, 0x6f, 0x2f, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2f, 0x76, 0x32, 0xea, + 0x02, 0x13, 0x53, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x3a, 0x3a, 0x52, 0x65, 0x6b, 0x6f, + 0x72, 0x3a, 0x3a, 0x56, 0x32, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, +}) + +var ( + file_rekor_v2_hashedrekord_proto_rawDescOnce sync.Once + file_rekor_v2_hashedrekord_proto_rawDescData []byte +) + +func file_rekor_v2_hashedrekord_proto_rawDescGZIP() []byte { + file_rekor_v2_hashedrekord_proto_rawDescOnce.Do(func() { + file_rekor_v2_hashedrekord_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_rekor_v2_hashedrekord_proto_rawDesc), len(file_rekor_v2_hashedrekord_proto_rawDesc))) + }) + return file_rekor_v2_hashedrekord_proto_rawDescData +} + +var file_rekor_v2_hashedrekord_proto_msgTypes = make([]protoimpl.MessageInfo, 2) +var file_rekor_v2_hashedrekord_proto_goTypes = []any{ + (*HashedRekordRequestV002)(nil), // 0: dev.sigstore.rekor.v2.HashedRekordRequestV002 + (*HashedRekordLogEntryV002)(nil), // 1: dev.sigstore.rekor.v2.HashedRekordLogEntryV002 + (*Signature)(nil), // 2: dev.sigstore.rekor.v2.Signature + (*v1.HashOutput)(nil), // 3: dev.sigstore.common.v1.HashOutput +} +var file_rekor_v2_hashedrekord_proto_depIdxs = []int32{ + 2, // 0: dev.sigstore.rekor.v2.HashedRekordRequestV002.signature:type_name -> dev.sigstore.rekor.v2.Signature + 3, // 1: dev.sigstore.rekor.v2.HashedRekordLogEntryV002.data:type_name -> dev.sigstore.common.v1.HashOutput + 2, // 2: dev.sigstore.rekor.v2.HashedRekordLogEntryV002.signature:type_name -> dev.sigstore.rekor.v2.Signature + 3, // [3:3] is the sub-list for method output_type + 3, // [3:3] is the sub-list for method input_type + 3, // [3:3] is the sub-list for extension type_name + 3, // [3:3] is the sub-list for extension extendee + 0, // [0:3] is the sub-list for field type_name +} + +func init() { file_rekor_v2_hashedrekord_proto_init() } +func file_rekor_v2_hashedrekord_proto_init() { + if File_rekor_v2_hashedrekord_proto != nil { + return + } + file_rekor_v2_verifier_proto_init() + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: unsafe.Slice(unsafe.StringData(file_rekor_v2_hashedrekord_proto_rawDesc), len(file_rekor_v2_hashedrekord_proto_rawDesc)), + NumEnums: 0, + NumMessages: 2, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_rekor_v2_hashedrekord_proto_goTypes, + DependencyIndexes: file_rekor_v2_hashedrekord_proto_depIdxs, + MessageInfos: file_rekor_v2_hashedrekord_proto_msgTypes, + }.Build() + File_rekor_v2_hashedrekord_proto = out.File + file_rekor_v2_hashedrekord_proto_goTypes = nil + file_rekor_v2_hashedrekord_proto_depIdxs = nil +} diff --git a/gen/pb-go/rekor/v2/verifier.pb.go b/gen/pb-go/rekor/v2/verifier.pb.go new file mode 100644 index 00000000..098e6078 --- /dev/null +++ b/gen/pb-go/rekor/v2/verifier.pb.go @@ -0,0 +1,338 @@ +// Copyright 2025 The Sigstore Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.36.5 +// protoc v6.30.2 +// source: rekor/v2/verifier.proto + +package v2 + +import ( + v1 "github.com/sigstore/protobuf-specs/gen/pb-go/common/v1" + _ "google.golang.org/genproto/googleapis/api/annotations" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" + unsafe "unsafe" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// PublicKey contains an encoded public key +type PublicKey struct { + state protoimpl.MessageState `protogen:"open.v1"` + // DER-encoded public key + RawBytes []byte `protobuf:"bytes,1,opt,name=raw_bytes,json=rawBytes,proto3" json:"raw_bytes,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *PublicKey) Reset() { + *x = PublicKey{} + mi := &file_rekor_v2_verifier_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *PublicKey) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*PublicKey) ProtoMessage() {} + +func (x *PublicKey) ProtoReflect() protoreflect.Message { + mi := &file_rekor_v2_verifier_proto_msgTypes[0] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use PublicKey.ProtoReflect.Descriptor instead. +func (*PublicKey) Descriptor() ([]byte, []int) { + return file_rekor_v2_verifier_proto_rawDescGZIP(), []int{0} +} + +func (x *PublicKey) GetRawBytes() []byte { + if x != nil { + return x.RawBytes + } + return nil +} + +// Either a public key or a X.509 cerificiate with an embedded public key +type Verifier struct { + state protoimpl.MessageState `protogen:"open.v1"` + // Types that are valid to be assigned to Verifier: + // + // *Verifier_PublicKey + // *Verifier_X509Certificate + Verifier isVerifier_Verifier `protobuf_oneof:"verifier"` + // Key encoding and signature algorithm to use for this key + KeyDetails v1.PublicKeyDetails `protobuf:"varint,3,opt,name=key_details,json=keyDetails,proto3,enum=dev.sigstore.common.v1.PublicKeyDetails" json:"key_details,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *Verifier) Reset() { + *x = Verifier{} + mi := &file_rekor_v2_verifier_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *Verifier) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Verifier) ProtoMessage() {} + +func (x *Verifier) ProtoReflect() protoreflect.Message { + mi := &file_rekor_v2_verifier_proto_msgTypes[1] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Verifier.ProtoReflect.Descriptor instead. +func (*Verifier) Descriptor() ([]byte, []int) { + return file_rekor_v2_verifier_proto_rawDescGZIP(), []int{1} +} + +func (x *Verifier) GetVerifier() isVerifier_Verifier { + if x != nil { + return x.Verifier + } + return nil +} + +func (x *Verifier) GetPublicKey() *PublicKey { + if x != nil { + if x, ok := x.Verifier.(*Verifier_PublicKey); ok { + return x.PublicKey + } + } + return nil +} + +func (x *Verifier) GetX509Certificate() *v1.X509Certificate { + if x != nil { + if x, ok := x.Verifier.(*Verifier_X509Certificate); ok { + return x.X509Certificate + } + } + return nil +} + +func (x *Verifier) GetKeyDetails() v1.PublicKeyDetails { + if x != nil { + return x.KeyDetails + } + return v1.PublicKeyDetails(0) +} + +type isVerifier_Verifier interface { + isVerifier_Verifier() +} + +type Verifier_PublicKey struct { + // DER-encoded public key. Encoding method is specified by the key_details attribute + PublicKey *PublicKey `protobuf:"bytes,1,opt,name=public_key,json=publicKey,proto3,oneof"` +} + +type Verifier_X509Certificate struct { + // DER-encoded certificate + X509Certificate *v1.X509Certificate `protobuf:"bytes,2,opt,name=x509_certificate,json=x509Certificate,proto3,oneof"` +} + +func (*Verifier_PublicKey) isVerifier_Verifier() {} + +func (*Verifier_X509Certificate) isVerifier_Verifier() {} + +// A signature and an associated verifier +type Signature struct { + state protoimpl.MessageState `protogen:"open.v1"` + Content []byte `protobuf:"bytes,1,opt,name=content,proto3" json:"content,omitempty"` + Verifier *Verifier `protobuf:"bytes,2,opt,name=verifier,proto3" json:"verifier,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *Signature) Reset() { + *x = Signature{} + mi := &file_rekor_v2_verifier_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *Signature) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Signature) ProtoMessage() {} + +func (x *Signature) ProtoReflect() protoreflect.Message { + mi := &file_rekor_v2_verifier_proto_msgTypes[2] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Signature.ProtoReflect.Descriptor instead. +func (*Signature) Descriptor() ([]byte, []int) { + return file_rekor_v2_verifier_proto_rawDescGZIP(), []int{2} +} + +func (x *Signature) GetContent() []byte { + if x != nil { + return x.Content + } + return nil +} + +func (x *Signature) GetVerifier() *Verifier { + if x != nil { + return x.Verifier + } + return nil +} + +var File_rekor_v2_verifier_proto protoreflect.FileDescriptor + +var file_rekor_v2_verifier_proto_rawDesc = string([]byte{ + 0x0a, 0x17, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2f, 0x76, 0x32, 0x2f, 0x76, 0x65, 0x72, 0x69, 0x66, + 0x69, 0x65, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x15, 0x64, 0x65, 0x76, 0x2e, 0x73, + 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2e, 0x76, 0x32, + 0x1a, 0x15, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x5f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, + 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, + 0x61, 0x70, 0x69, 0x2f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x62, 0x65, 0x68, 0x61, 0x76, 0x69, + 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x2d, 0x0a, 0x09, 0x50, 0x75, 0x62, 0x6c, + 0x69, 0x63, 0x4b, 0x65, 0x79, 0x12, 0x20, 0x0a, 0x09, 0x72, 0x61, 0x77, 0x5f, 0x62, 0x79, 0x74, + 0x65, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x08, 0x72, + 0x61, 0x77, 0x42, 0x79, 0x74, 0x65, 0x73, 0x22, 0x89, 0x02, 0x0a, 0x08, 0x56, 0x65, 0x72, 0x69, + 0x66, 0x69, 0x65, 0x72, 0x12, 0x46, 0x0a, 0x0a, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x5f, 0x6b, + 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, + 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2e, 0x76, 0x32, + 0x2e, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x48, + 0x00, 0x52, 0x09, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x12, 0x59, 0x0a, 0x10, + 0x78, 0x35, 0x30, 0x39, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, + 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, + 0x58, 0x35, 0x30, 0x39, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x42, + 0x03, 0xe0, 0x41, 0x02, 0x48, 0x00, 0x52, 0x0f, 0x78, 0x35, 0x30, 0x39, 0x43, 0x65, 0x72, 0x74, + 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x4e, 0x0a, 0x0b, 0x6b, 0x65, 0x79, 0x5f, 0x64, + 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x28, 0x2e, 0x64, + 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, + 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x44, + 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x0a, 0x6b, 0x65, 0x79, + 0x44, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x42, 0x0a, 0x0a, 0x08, 0x76, 0x65, 0x72, 0x69, 0x66, + 0x69, 0x65, 0x72, 0x22, 0x6c, 0x0a, 0x09, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, + 0x12, 0x1d, 0x0a, 0x07, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x0c, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x07, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x12, + 0x40, 0x0a, 0x08, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x1f, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, + 0x2e, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, + 0x65, 0x72, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x08, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x65, + 0x72, 0x42, 0x7d, 0x0a, 0x1b, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, + 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2e, 0x76, 0x32, + 0x42, 0x0f, 0x52, 0x65, 0x6b, 0x6f, 0x72, 0x56, 0x32, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x65, + 0x72, 0x50, 0x01, 0x5a, 0x35, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, + 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, + 0x66, 0x2d, 0x73, 0x70, 0x65, 0x63, 0x73, 0x2f, 0x67, 0x65, 0x6e, 0x2f, 0x70, 0x62, 0x2d, 0x67, + 0x6f, 0x2f, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2f, 0x76, 0x32, 0xea, 0x02, 0x13, 0x53, 0x69, 0x67, + 0x73, 0x74, 0x6f, 0x72, 0x65, 0x3a, 0x3a, 0x52, 0x65, 0x6b, 0x6f, 0x72, 0x3a, 0x3a, 0x56, 0x32, + 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, +}) + +var ( + file_rekor_v2_verifier_proto_rawDescOnce sync.Once + file_rekor_v2_verifier_proto_rawDescData []byte +) + +func file_rekor_v2_verifier_proto_rawDescGZIP() []byte { + file_rekor_v2_verifier_proto_rawDescOnce.Do(func() { + file_rekor_v2_verifier_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_rekor_v2_verifier_proto_rawDesc), len(file_rekor_v2_verifier_proto_rawDesc))) + }) + return file_rekor_v2_verifier_proto_rawDescData +} + +var file_rekor_v2_verifier_proto_msgTypes = make([]protoimpl.MessageInfo, 3) +var file_rekor_v2_verifier_proto_goTypes = []any{ + (*PublicKey)(nil), // 0: dev.sigstore.rekor.v2.PublicKey + (*Verifier)(nil), // 1: dev.sigstore.rekor.v2.Verifier + (*Signature)(nil), // 2: dev.sigstore.rekor.v2.Signature + (*v1.X509Certificate)(nil), // 3: dev.sigstore.common.v1.X509Certificate + (v1.PublicKeyDetails)(0), // 4: dev.sigstore.common.v1.PublicKeyDetails +} +var file_rekor_v2_verifier_proto_depIdxs = []int32{ + 0, // 0: dev.sigstore.rekor.v2.Verifier.public_key:type_name -> dev.sigstore.rekor.v2.PublicKey + 3, // 1: dev.sigstore.rekor.v2.Verifier.x509_certificate:type_name -> dev.sigstore.common.v1.X509Certificate + 4, // 2: dev.sigstore.rekor.v2.Verifier.key_details:type_name -> dev.sigstore.common.v1.PublicKeyDetails + 1, // 3: dev.sigstore.rekor.v2.Signature.verifier:type_name -> dev.sigstore.rekor.v2.Verifier + 4, // [4:4] is the sub-list for method output_type + 4, // [4:4] is the sub-list for method input_type + 4, // [4:4] is the sub-list for extension type_name + 4, // [4:4] is the sub-list for extension extendee + 0, // [0:4] is the sub-list for field type_name +} + +func init() { file_rekor_v2_verifier_proto_init() } +func file_rekor_v2_verifier_proto_init() { + if File_rekor_v2_verifier_proto != nil { + return + } + file_rekor_v2_verifier_proto_msgTypes[1].OneofWrappers = []any{ + (*Verifier_PublicKey)(nil), + (*Verifier_X509Certificate)(nil), + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: unsafe.Slice(unsafe.StringData(file_rekor_v2_verifier_proto_rawDesc), len(file_rekor_v2_verifier_proto_rawDesc)), + NumEnums: 0, + NumMessages: 3, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_rekor_v2_verifier_proto_goTypes, + DependencyIndexes: file_rekor_v2_verifier_proto_depIdxs, + MessageInfos: file_rekor_v2_verifier_proto_msgTypes, + }.Build() + File_rekor_v2_verifier_proto = out.File + file_rekor_v2_verifier_proto_goTypes = nil + file_rekor_v2_verifier_proto_depIdxs = nil +} diff --git a/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/rekor/v2/__init__.py b/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/rekor/v2/__init__.py new file mode 100644 index 00000000..b32b7c6a --- /dev/null +++ b/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/rekor/v2/__init__.py @@ -0,0 +1,156 @@ +# Generated by the protocol buffer compiler. DO NOT EDIT! +# sources: rekor/v2/dsse.proto, rekor/v2/entry.proto, rekor/v2/hashedrekord.proto, rekor/v2/verifier.proto +# plugin: python-betterproto +# This file has been @generated + +from typing import TYPE_CHECKING + + +if TYPE_CHECKING: + from dataclasses import dataclass +else: + from pydantic.dataclasses import dataclass + +from typing import ( + List, + Optional, +) + +import betterproto +from pydantic import model_validator +from pydantic.dataclasses import rebuild_dataclass + +from .....io import intoto as ____io_intoto__ +from ...common import v1 as __common_v1__ + + +@dataclass(eq=False, repr=False) +class PublicKey(betterproto.Message): + """PublicKey contains an encoded public key""" + + raw_bytes: bytes = betterproto.bytes_field(1) + """DER-encoded public key""" + + +@dataclass(eq=False, repr=False) +class Verifier(betterproto.Message): + """ + Either a public key or a X.509 cerificiate with an embedded public key + """ + + public_key: Optional["PublicKey"] = betterproto.message_field( + 1, optional=True, group="verifier" + ) + """ + DER-encoded public key. Encoding method is specified by the key_details attribute + """ + + x509_certificate: Optional["__common_v1__.X509Certificate"] = ( + betterproto.message_field(2, optional=True, group="verifier") + ) + """DER-encoded certificate""" + + key_details: "__common_v1__.PublicKeyDetails" = betterproto.enum_field(3) + """Key encoding and signature algorithm to use for this key""" + + @model_validator(mode="after") + def check_oneof(cls, values): + return cls._validate_field_groups(values) + + +@dataclass(eq=False, repr=False) +class Signature(betterproto.Message): + """A signature and an associated verifier""" + + content: bytes = betterproto.bytes_field(1) + verifier: "Verifier" = betterproto.message_field(2) + + +@dataclass(eq=False, repr=False) +class DsseRequestV002(betterproto.Message): + """A request to add a DSSE v0.0.2 entry to the log""" + + envelope: "____io_intoto__.Envelope" = betterproto.message_field(1) + """A DSSE envelope""" + + verifiers: List["Verifier"] = betterproto.message_field(2) + """ + All necessary verification material to verify all signatures embedded in the envelope + """ + + +@dataclass(eq=False, repr=False) +class DsseLogEntryV002(betterproto.Message): + payload_hash: "__common_v1__.HashOutput" = betterproto.message_field(1) + """The hash of the DSSE payload""" + + signatures: List["Signature"] = betterproto.message_field(2) + """ + Signatures and their associated verification material used to verify the payload + """ + + +@dataclass(eq=False, repr=False) +class HashedRekordRequestV002(betterproto.Message): + """A request to add a hashedrekord v0.0.2 to the log""" + + digest: bytes = betterproto.bytes_field(1) + """The hashed data""" + + signature: "Signature" = betterproto.message_field(2) + """ + A single signature over the hashed data with the verifier needed to validate it + """ + + +@dataclass(eq=False, repr=False) +class HashedRekordLogEntryV002(betterproto.Message): + data: "__common_v1__.HashOutput" = betterproto.message_field(1) + """The hashed data""" + + signature: "Signature" = betterproto.message_field(2) + """ + A single signature over the hashed data with the verifier needed to validate it + """ + + +@dataclass(eq=False, repr=False) +class Entry(betterproto.Message): + """ + Entry is the message that is canonicalized and uploaded to the log. + This format is meant to be compliant with Rekor v1 entries in that + the `apiVersion` and `kind` can be parsed before parsing the spec. + Clients are expected to understand and handle the differences in the + contents of `spec` between Rekor v1 (a polymorphic OpenAPI defintion) + and Rekor v2 (a typed proto defintion). + """ + + kind: str = betterproto.string_field(1) + api_version: str = betterproto.string_field(2) + spec: "Spec" = betterproto.message_field(3) + + +@dataclass(eq=False, repr=False) +class Spec(betterproto.Message): + """Spec contains one of the Rekor entry types.""" + + hashed_rekord_v002: Optional["HashedRekordLogEntryV002"] = ( + betterproto.message_field(1, optional=True, group="spec") + ) + dsse_v002: Optional["DsseLogEntryV002"] = betterproto.message_field( + 2, optional=True, group="spec" + ) + + @model_validator(mode="after") + def check_oneof(cls, values): + return cls._validate_field_groups(values) + + +rebuild_dataclass(Verifier) # type: ignore +rebuild_dataclass(Signature) # type: ignore +rebuild_dataclass(DsseRequestV002) # type: ignore +rebuild_dataclass(DsseLogEntryV002) # type: ignore +rebuild_dataclass(HashedRekordRequestV002) # type: ignore +rebuild_dataclass(HashedRekordLogEntryV002) # type: ignore +rebuild_dataclass(Entry) # type: ignore +rebuild_dataclass(Spec) # type: ignore diff --git a/gen/pb-ruby/lib/rekor/v2/dsse_pb.rb b/gen/pb-ruby/lib/rekor/v2/dsse_pb.rb new file mode 100644 index 00000000..4af755fe --- /dev/null +++ b/gen/pb-ruby/lib/rekor/v2/dsse_pb.rb @@ -0,0 +1,25 @@ +# frozen_string_literal: true +# Generated by the protocol buffer compiler. DO NOT EDIT! +# source: rekor/v2/dsse.proto + +require 'google/protobuf' + +require 'google/api/field_behavior_pb' +require 'sigstore_common_pb' +require 'envelope_pb' +require 'rekor/v2/verifier_pb' + + +descriptor_data = "\n\x13rekor/v2/dsse.proto\x12\x15\x64\x65v.sigstore.rekor.v2\x1a\x1fgoogle/api/field_behavior.proto\x1a\x15sigstore_common.proto\x1a\x0e\x65nvelope.proto\x1a\x17rekor/v2/verifier.proto\"v\n\x0f\x44SSERequestV002\x12*\n\x08\x65nvelope\x18\x01 \x01(\x0b\x32\x13.io.intoto.EnvelopeB\x03\xe0\x41\x02\x12\x37\n\tverifiers\x18\x02 \x03(\x0b\x32\x1f.dev.sigstore.rekor.v2.VerifierB\x03\xe0\x41\x02\"\x8b\x01\n\x10\x44SSELogEntryV002\x12<\n\x0bpayloadHash\x18\x01 \x01(\x0b\x32\".dev.sigstore.common.v1.HashOutputB\x03\xe0\x41\x02\x12\x39\n\nsignatures\x18\x02 \x03(\x0b\x32 .dev.sigstore.rekor.v2.SignatureB\x03\xe0\x41\x02\x42y\n\x1b\x64\x65v.sigstore.proto.rekor.v2B\x0bRekorV2DsseP\x01Z5github.com/sigstore/protobuf-specs/gen/pb-go/rekor/v2\xea\x02\x13Sigstore::Rekor::V2b\x06proto3" + +pool = Google::Protobuf::DescriptorPool.generated_pool +pool.add_serialized_file(descriptor_data) + +module Sigstore + module Rekor + module V2 + DSSERequestV002 = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("dev.sigstore.rekor.v2.DSSERequestV002").msgclass + DSSELogEntryV002 = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("dev.sigstore.rekor.v2.DSSELogEntryV002").msgclass + end + end +end diff --git a/gen/pb-ruby/lib/rekor/v2/entry_pb.rb b/gen/pb-ruby/lib/rekor/v2/entry_pb.rb new file mode 100644 index 00000000..5f025ab4 --- /dev/null +++ b/gen/pb-ruby/lib/rekor/v2/entry_pb.rb @@ -0,0 +1,24 @@ +# frozen_string_literal: true +# Generated by the protocol buffer compiler. DO NOT EDIT! +# source: rekor/v2/entry.proto + +require 'google/protobuf' + +require 'google/api/field_behavior_pb' +require 'rekor/v2/dsse_pb' +require 'rekor/v2/hashedrekord_pb' + + +descriptor_data = "\n\x14rekor/v2/entry.proto\x12\x15\x64\x65v.sigstore.rekor.v2\x1a\x1fgoogle/api/field_behavior.proto\x1a\x13rekor/v2/dsse.proto\x1a\x1brekor/v2/hashedrekord.proto\"d\n\x05\x45ntry\x12\x11\n\x04kind\x18\x01 \x01(\tB\x03\xe0\x41\x02\x12\x18\n\x0b\x61pi_version\x18\x02 \x01(\tB\x03\xe0\x41\x02\x12.\n\x04spec\x18\x03 \x01(\x0b\x32\x1b.dev.sigstore.rekor.v2.SpecB\x03\xe0\x41\x02\"\xa5\x01\n\x04Spec\x12R\n\x12hashed_rekord_v002\x18\x01 \x01(\x0b\x32/.dev.sigstore.rekor.v2.HashedRekordLogEntryV002B\x03\xe0\x41\x02H\x00\x12\x41\n\tdsse_v002\x18\x02 \x01(\x0b\x32\'.dev.sigstore.rekor.v2.DSSELogEntryV002B\x03\xe0\x41\x02H\x00\x42\x06\n\x04specBz\n\x1b\x64\x65v.sigstore.proto.rekor.v2B\x0cRekorV2EntryP\x01Z5github.com/sigstore/protobuf-specs/gen/pb-go/rekor/v2\xea\x02\x13Sigstore::Rekor::V2b\x06proto3" + +pool = Google::Protobuf::DescriptorPool.generated_pool +pool.add_serialized_file(descriptor_data) + +module Sigstore + module Rekor + module V2 + Entry = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("dev.sigstore.rekor.v2.Entry").msgclass + Spec = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("dev.sigstore.rekor.v2.Spec").msgclass + end + end +end diff --git a/gen/pb-ruby/lib/rekor/v2/hashedrekord_pb.rb b/gen/pb-ruby/lib/rekor/v2/hashedrekord_pb.rb new file mode 100644 index 00000000..38bcabf4 --- /dev/null +++ b/gen/pb-ruby/lib/rekor/v2/hashedrekord_pb.rb @@ -0,0 +1,24 @@ +# frozen_string_literal: true +# Generated by the protocol buffer compiler. DO NOT EDIT! +# source: rekor/v2/hashedrekord.proto + +require 'google/protobuf' + +require 'google/api/field_behavior_pb' +require 'sigstore_common_pb' +require 'rekor/v2/verifier_pb' + + +descriptor_data = "\n\x1brekor/v2/hashedrekord.proto\x12\x15\x64\x65v.sigstore.rekor.v2\x1a\x1fgoogle/api/field_behavior.proto\x1a\x15sigstore_common.proto\x1a\x17rekor/v2/verifier.proto\"h\n\x17HashedRekordRequestV002\x12\x13\n\x06\x64igest\x18\x01 \x01(\x0c\x42\x03\xe0\x41\x02\x12\x38\n\tsignature\x18\x02 \x01(\x0b\x32 .dev.sigstore.rekor.v2.SignatureB\x03\xe0\x41\x02\"\x8b\x01\n\x18HashedRekordLogEntryV002\x12\x35\n\x04\x64\x61ta\x18\x01 \x01(\x0b\x32\".dev.sigstore.common.v1.HashOutputB\x03\xe0\x41\x02\x12\x38\n\tsignature\x18\x02 \x01(\x0b\x32 .dev.sigstore.rekor.v2.SignatureB\x03\xe0\x41\x02\x42\x81\x01\n\x1b\x64\x65v.sigstore.proto.rekor.v2B\x13RekorV2HashedRekordP\x01Z5github.com/sigstore/protobuf-specs/gen/pb-go/rekor/v2\xea\x02\x13Sigstore::Rekor::V2b\x06proto3" + +pool = Google::Protobuf::DescriptorPool.generated_pool +pool.add_serialized_file(descriptor_data) + +module Sigstore + module Rekor + module V2 + HashedRekordRequestV002 = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("dev.sigstore.rekor.v2.HashedRekordRequestV002").msgclass + HashedRekordLogEntryV002 = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("dev.sigstore.rekor.v2.HashedRekordLogEntryV002").msgclass + end + end +end diff --git a/gen/pb-ruby/lib/rekor/v2/verifier_pb.rb b/gen/pb-ruby/lib/rekor/v2/verifier_pb.rb new file mode 100644 index 00000000..82b97a66 --- /dev/null +++ b/gen/pb-ruby/lib/rekor/v2/verifier_pb.rb @@ -0,0 +1,24 @@ +# frozen_string_literal: true +# Generated by the protocol buffer compiler. DO NOT EDIT! +# source: rekor/v2/verifier.proto + +require 'google/protobuf' + +require 'sigstore_common_pb' +require 'google/api/field_behavior_pb' + + +descriptor_data = "\n\x17rekor/v2/verifier.proto\x12\x15\x64\x65v.sigstore.rekor.v2\x1a\x15sigstore_common.proto\x1a\x1fgoogle/api/field_behavior.proto\"#\n\tPublicKey\x12\x16\n\traw_bytes\x18\x01 \x01(\x0c\x42\x03\xe0\x41\x02\"\xe1\x01\n\x08Verifier\x12;\n\npublic_key\x18\x01 \x01(\x0b\x32 .dev.sigstore.rekor.v2.PublicKeyB\x03\xe0\x41\x02H\x00\x12H\n\x10x509_certificate\x18\x02 \x01(\x0b\x32\'.dev.sigstore.common.v1.X509CertificateB\x03\xe0\x41\x02H\x00\x12\x42\n\x0bkey_details\x18\x03 \x01(\x0e\x32(.dev.sigstore.common.v1.PublicKeyDetailsB\x03\xe0\x41\x02\x42\n\n\x08verifier\"Y\n\tSignature\x12\x14\n\x07\x63ontent\x18\x01 \x01(\x0c\x42\x03\xe0\x41\x02\x12\x36\n\x08verifier\x18\x02 \x01(\x0b\x32\x1f.dev.sigstore.rekor.v2.VerifierB\x03\xe0\x41\x02\x42}\n\x1b\x64\x65v.sigstore.proto.rekor.v2B\x0fRekorV2VerifierP\x01Z5github.com/sigstore/protobuf-specs/gen/pb-go/rekor/v2\xea\x02\x13Sigstore::Rekor::V2b\x06proto3" + +pool = Google::Protobuf::DescriptorPool.generated_pool +pool.add_serialized_file(descriptor_data) + +module Sigstore + module Rekor + module V2 + PublicKey = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("dev.sigstore.rekor.v2.PublicKey").msgclass + Verifier = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("dev.sigstore.rekor.v2.Verifier").msgclass + Signature = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("dev.sigstore.rekor.v2.Signature").msgclass + end + end +end diff --git a/gen/pb-rust/sigstore-protobuf-specs-codegen/src/main.rs b/gen/pb-rust/sigstore-protobuf-specs-codegen/src/main.rs index 842c6deb..a1d33b81 100644 --- a/gen/pb-rust/sigstore-protobuf-specs-codegen/src/main.rs +++ b/gen/pb-rust/sigstore-protobuf-specs-codegen/src/main.rs @@ -14,6 +14,7 @@ fn protobuf_include_path() -> String { fn main() -> anyhow::Result<()> { let includes = vec![ concat!(env!("CARGO_MANIFEST_DIR"), "/../../../protos").to_owned(), + concat!(env!("CARGO_MANIFEST_DIR"), "/../../../service-protos").to_owned(), // WKTs path protobuf_include_path(), "/googleapis".to_owned(), @@ -39,18 +40,26 @@ fn main() -> anyhow::Result<()> { .disable_comments([".io.intoto.Envelope"]) .out_dir("sigstore-protobuf-specs/src/generated/"); + let protos = glob::glob(concat!( + env!("CARGO_MANIFEST_DIR"), + "/../../../protos/*.proto" + )) + .expect("no protos found!") + .flatten(); + + let service_protos = glob::glob(concat!( + env!("CARGO_MANIFEST_DIR"), + "/../../../service-protos/rekor/v2/*.proto" + )) + .expect("no service protos found!") + .flatten(); + prost_reflect_build::Builder::new() .file_descriptor_set_bytes("crate::FILE_DESCRIPTOR_SET_BYTES") .file_descriptor_set_path("sigstore-protobuf-specs/src/generated/file_descriptor_set.bin") .compile_protos_with_config( config, - &glob::glob(concat!( - env!("CARGO_MANIFEST_DIR"), - "/../../../protos/*.proto" - )) - .expect("no protos found!") - .flatten() - .collect::>(), + &protos.chain(service_protos).collect::>(), &includes, )?; diff --git a/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.rekor.v2.rs b/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.rekor.v2.rs new file mode 100644 index 00000000..a9c32a85 --- /dev/null +++ b/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.rekor.v2.rs @@ -0,0 +1,179 @@ +// This file is @generated by prost-build. +/// PublicKey contains an encoded public key +#[derive( + sigstore_protobuf_specs_derive::Deserialize_proto, + sigstore_protobuf_specs_derive::Serialize_proto +)] +#[derive(::prost_reflect::ReflectMessage)] +#[prost_reflect(message_name = "dev.sigstore.rekor.v2.PublicKey")] +#[prost_reflect(file_descriptor_set_bytes = "crate::FILE_DESCRIPTOR_SET_BYTES")] +#[derive(Clone, PartialEq, ::prost::Message)] +pub struct PublicKey { + /// DER-encoded public key + #[prost(bytes = "vec", tag = "1")] + pub raw_bytes: ::prost::alloc::vec::Vec, +} +/// Either a public key or a X.509 cerificiate with an embedded public key +#[derive( + sigstore_protobuf_specs_derive::Deserialize_proto, + sigstore_protobuf_specs_derive::Serialize_proto +)] +#[derive(::prost_reflect::ReflectMessage)] +#[prost_reflect(message_name = "dev.sigstore.rekor.v2.Verifier")] +#[prost_reflect(file_descriptor_set_bytes = "crate::FILE_DESCRIPTOR_SET_BYTES")] +#[derive(Clone, PartialEq, ::prost::Message)] +pub struct Verifier { + /// Key encoding and signature algorithm to use for this key + #[prost(enumeration = "super::super::common::v1::PublicKeyDetails", tag = "3")] + pub key_details: i32, + #[prost(oneof = "verifier::Verifier", tags = "1, 2")] + pub verifier: ::core::option::Option, +} +/// Nested message and enum types in `Verifier`. +pub mod verifier { + #[derive( + sigstore_protobuf_specs_derive::Deserialize_proto, + sigstore_protobuf_specs_derive::Serialize_proto + )] + #[derive(Clone, PartialEq, ::prost::Oneof)] + pub enum Verifier { + /// DER-encoded public key. Encoding method is specified by the key_details attribute + #[prost(message, tag = "1")] + PublicKey(super::PublicKey), + /// DER-encoded certificate + #[prost(message, tag = "2")] + X509Certificate(super::super::super::common::v1::X509Certificate), + } +} +/// A signature and an associated verifier +#[derive( + sigstore_protobuf_specs_derive::Deserialize_proto, + sigstore_protobuf_specs_derive::Serialize_proto +)] +#[derive(::prost_reflect::ReflectMessage)] +#[prost_reflect(message_name = "dev.sigstore.rekor.v2.Signature")] +#[prost_reflect(file_descriptor_set_bytes = "crate::FILE_DESCRIPTOR_SET_BYTES")] +#[derive(Clone, PartialEq, ::prost::Message)] +pub struct Signature { + #[prost(bytes = "vec", tag = "1")] + pub content: ::prost::alloc::vec::Vec, + #[prost(message, optional, tag = "2")] + pub verifier: ::core::option::Option, +} +/// A request to add a DSSE v0.0.2 entry to the log +#[derive( + sigstore_protobuf_specs_derive::Deserialize_proto, + sigstore_protobuf_specs_derive::Serialize_proto +)] +#[derive(::prost_reflect::ReflectMessage)] +#[prost_reflect(message_name = "dev.sigstore.rekor.v2.DSSERequestV002")] +#[prost_reflect(file_descriptor_set_bytes = "crate::FILE_DESCRIPTOR_SET_BYTES")] +#[derive(Clone, PartialEq, ::prost::Message)] +pub struct DsseRequestV002 { + /// A DSSE envelope + #[prost(message, optional, tag = "1")] + pub envelope: ::core::option::Option< + super::super::super::super::io::intoto::Envelope, + >, + /// All necessary verification material to verify all signatures embedded in the envelope + #[prost(message, repeated, tag = "2")] + pub verifiers: ::prost::alloc::vec::Vec, +} +#[derive( + sigstore_protobuf_specs_derive::Deserialize_proto, + sigstore_protobuf_specs_derive::Serialize_proto +)] +#[derive(::prost_reflect::ReflectMessage)] +#[prost_reflect(message_name = "dev.sigstore.rekor.v2.DSSELogEntryV002")] +#[prost_reflect(file_descriptor_set_bytes = "crate::FILE_DESCRIPTOR_SET_BYTES")] +#[derive(Clone, PartialEq, ::prost::Message)] +pub struct DsseLogEntryV002 { + /// The hash of the DSSE payload + #[prost(message, optional, tag = "1")] + pub payload_hash: ::core::option::Option, + /// Signatures and their associated verification material used to verify the payload + #[prost(message, repeated, tag = "2")] + pub signatures: ::prost::alloc::vec::Vec, +} +/// A request to add a hashedrekord v0.0.2 to the log +#[derive( + sigstore_protobuf_specs_derive::Deserialize_proto, + sigstore_protobuf_specs_derive::Serialize_proto +)] +#[derive(::prost_reflect::ReflectMessage)] +#[prost_reflect(message_name = "dev.sigstore.rekor.v2.HashedRekordRequestV002")] +#[prost_reflect(file_descriptor_set_bytes = "crate::FILE_DESCRIPTOR_SET_BYTES")] +#[derive(Clone, PartialEq, ::prost::Message)] +pub struct HashedRekordRequestV002 { + /// The hashed data + #[prost(bytes = "vec", tag = "1")] + pub digest: ::prost::alloc::vec::Vec, + /// A single signature over the hashed data with the verifier needed to validate it + #[prost(message, optional, tag = "2")] + pub signature: ::core::option::Option, +} +#[derive( + sigstore_protobuf_specs_derive::Deserialize_proto, + sigstore_protobuf_specs_derive::Serialize_proto +)] +#[derive(::prost_reflect::ReflectMessage)] +#[prost_reflect(message_name = "dev.sigstore.rekor.v2.HashedRekordLogEntryV002")] +#[prost_reflect(file_descriptor_set_bytes = "crate::FILE_DESCRIPTOR_SET_BYTES")] +#[derive(Clone, PartialEq, ::prost::Message)] +pub struct HashedRekordLogEntryV002 { + /// The hashed data + #[prost(message, optional, tag = "1")] + pub data: ::core::option::Option, + /// A single signature over the hashed data with the verifier needed to validate it + #[prost(message, optional, tag = "2")] + pub signature: ::core::option::Option, +} +/// Entry is the message that is canonicalized and uploaded to the log. +/// This format is meant to be compliant with Rekor v1 entries in that +/// the `apiVersion` and `kind` can be parsed before parsing the spec. +/// Clients are expected to understand and handle the differences in the +/// contents of `spec` between Rekor v1 (a polymorphic OpenAPI defintion) +/// and Rekor v2 (a typed proto defintion). +#[derive( + sigstore_protobuf_specs_derive::Deserialize_proto, + sigstore_protobuf_specs_derive::Serialize_proto +)] +#[derive(::prost_reflect::ReflectMessage)] +#[prost_reflect(message_name = "dev.sigstore.rekor.v2.Entry")] +#[prost_reflect(file_descriptor_set_bytes = "crate::FILE_DESCRIPTOR_SET_BYTES")] +#[derive(Clone, PartialEq, ::prost::Message)] +pub struct Entry { + #[prost(string, tag = "1")] + pub kind: ::prost::alloc::string::String, + #[prost(string, tag = "2")] + pub api_version: ::prost::alloc::string::String, + #[prost(message, optional, tag = "3")] + pub spec: ::core::option::Option, +} +/// Spec contains one of the Rekor entry types. +#[derive( + sigstore_protobuf_specs_derive::Deserialize_proto, + sigstore_protobuf_specs_derive::Serialize_proto +)] +#[derive(::prost_reflect::ReflectMessage)] +#[prost_reflect(message_name = "dev.sigstore.rekor.v2.Spec")] +#[prost_reflect(file_descriptor_set_bytes = "crate::FILE_DESCRIPTOR_SET_BYTES")] +#[derive(Clone, PartialEq, ::prost::Message)] +pub struct Spec { + #[prost(oneof = "spec::Spec", tags = "1, 2")] + pub spec: ::core::option::Option, +} +/// Nested message and enum types in `Spec`. +pub mod spec { + #[derive( + sigstore_protobuf_specs_derive::Deserialize_proto, + sigstore_protobuf_specs_derive::Serialize_proto + )] + #[derive(Clone, PartialEq, ::prost::Oneof)] + pub enum Spec { + #[prost(message, tag = "1")] + HashedRekordV002(super::HashedRekordLogEntryV002), + #[prost(message, tag = "2")] + DsseV002(super::DsseLogEntryV002), + } +} diff --git a/gen/pb-rust/sigstore-protobuf-specs/src/generated/file_descriptor_set.bin b/gen/pb-rust/sigstore-protobuf-specs/src/generated/file_descriptor_set.bin index 8880fde8..51dca7a5 100644 Binary files a/gen/pb-rust/sigstore-protobuf-specs/src/generated/file_descriptor_set.bin and b/gen/pb-rust/sigstore-protobuf-specs/src/generated/file_descriptor_set.bin differ diff --git a/gen/pb-rust/sigstore-protobuf-specs/src/generated/mod.rs b/gen/pb-rust/sigstore-protobuf-specs/src/generated/mod.rs index bb579230..b2b44b47 100644 --- a/gen/pb-rust/sigstore-protobuf-specs/src/generated/mod.rs +++ b/gen/pb-rust/sigstore-protobuf-specs/src/generated/mod.rs @@ -20,6 +20,9 @@ pub mod dev { pub mod v1 { include!("dev.sigstore.rekor.v1.rs"); } + pub mod v2 { + include!("dev.sigstore.rekor.v2.rs"); + } } pub mod trustroot { pub mod v1 { diff --git a/gen/pb-typescript/src/__generated__/rekor/v2/dsse.ts b/gen/pb-typescript/src/__generated__/rekor/v2/dsse.ts new file mode 100644 index 00000000..801dc640 --- /dev/null +++ b/gen/pb-typescript/src/__generated__/rekor/v2/dsse.ts @@ -0,0 +1,82 @@ +// Code generated by protoc-gen-ts_proto. DO NOT EDIT. +// versions: +// protoc-gen-ts_proto v2.7.0 +// protoc v6.30.2 +// source: rekor/v2/dsse.proto + +/* eslint-disable */ +import { Envelope } from "../../envelope"; +import { HashOutput } from "../../sigstore_common"; +import { Signature, Verifier } from "./verifier"; + +/** A request to add a DSSE v0.0.2 entry to the log */ +export interface DSSERequestV002 { + /** A DSSE envelope */ + envelope: + | Envelope + | undefined; + /** All necessary verification material to verify all signatures embedded in the envelope */ + verifiers: Verifier[]; +} + +export interface DSSELogEntryV002 { + /** The hash of the DSSE payload */ + payloadHash: + | HashOutput + | undefined; + /** Signatures and their associated verification material used to verify the payload */ + signatures: Signature[]; +} + +export const DSSERequestV002: MessageFns = { + fromJSON(object: any): DSSERequestV002 { + return { + envelope: isSet(object.envelope) ? Envelope.fromJSON(object.envelope) : undefined, + verifiers: globalThis.Array.isArray(object?.verifiers) + ? object.verifiers.map((e: any) => Verifier.fromJSON(e)) + : [], + }; + }, + + toJSON(message: DSSERequestV002): unknown { + const obj: any = {}; + if (message.envelope !== undefined) { + obj.envelope = Envelope.toJSON(message.envelope); + } + if (message.verifiers?.length) { + obj.verifiers = message.verifiers.map((e) => Verifier.toJSON(e)); + } + return obj; + }, +}; + +export const DSSELogEntryV002: MessageFns = { + fromJSON(object: any): DSSELogEntryV002 { + return { + payloadHash: isSet(object.payloadHash) ? HashOutput.fromJSON(object.payloadHash) : undefined, + signatures: globalThis.Array.isArray(object?.signatures) + ? object.signatures.map((e: any) => Signature.fromJSON(e)) + : [], + }; + }, + + toJSON(message: DSSELogEntryV002): unknown { + const obj: any = {}; + if (message.payloadHash !== undefined) { + obj.payloadHash = HashOutput.toJSON(message.payloadHash); + } + if (message.signatures?.length) { + obj.signatures = message.signatures.map((e) => Signature.toJSON(e)); + } + return obj; + }, +}; + +function isSet(value: any): boolean { + return value !== null && value !== undefined; +} + +interface MessageFns { + fromJSON(object: any): T; + toJSON(message: T): unknown; +} diff --git a/gen/pb-typescript/src/__generated__/rekor/v2/entry.ts b/gen/pb-typescript/src/__generated__/rekor/v2/entry.ts new file mode 100644 index 00000000..bf0ab75b --- /dev/null +++ b/gen/pb-typescript/src/__generated__/rekor/v2/entry.ts @@ -0,0 +1,86 @@ +// Code generated by protoc-gen-ts_proto. DO NOT EDIT. +// versions: +// protoc-gen-ts_proto v2.7.0 +// protoc v6.30.2 +// source: rekor/v2/entry.proto + +/* eslint-disable */ +import { DSSELogEntryV002 } from "./dsse"; +import { HashedRekordLogEntryV002 } from "./hashedrekord"; + +/** + * Entry is the message that is canonicalized and uploaded to the log. + * This format is meant to be compliant with Rekor v1 entries in that + * the `apiVersion` and `kind` can be parsed before parsing the spec. + * Clients are expected to understand and handle the differences in the + * contents of `spec` between Rekor v1 (a polymorphic OpenAPI defintion) + * and Rekor v2 (a typed proto defintion). + */ +export interface Entry { + kind: string; + apiVersion: string; + spec: Spec | undefined; +} + +/** Spec contains one of the Rekor entry types. */ +export interface Spec { + spec?: { $case: "hashedRekordV002"; hashedRekordV002: HashedRekordLogEntryV002 } | { + $case: "dsseV002"; + dsseV002: DSSELogEntryV002; + } | undefined; +} + +export const Entry: MessageFns = { + fromJSON(object: any): Entry { + return { + kind: isSet(object.kind) ? globalThis.String(object.kind) : "", + apiVersion: isSet(object.apiVersion) ? globalThis.String(object.apiVersion) : "", + spec: isSet(object.spec) ? Spec.fromJSON(object.spec) : undefined, + }; + }, + + toJSON(message: Entry): unknown { + const obj: any = {}; + if (message.kind !== "") { + obj.kind = message.kind; + } + if (message.apiVersion !== "") { + obj.apiVersion = message.apiVersion; + } + if (message.spec !== undefined) { + obj.spec = Spec.toJSON(message.spec); + } + return obj; + }, +}; + +export const Spec: MessageFns = { + fromJSON(object: any): Spec { + return { + spec: isSet(object.hashedRekordV002) + ? { $case: "hashedRekordV002", hashedRekordV002: HashedRekordLogEntryV002.fromJSON(object.hashedRekordV002) } + : isSet(object.dsseV002) + ? { $case: "dsseV002", dsseV002: DSSELogEntryV002.fromJSON(object.dsseV002) } + : undefined, + }; + }, + + toJSON(message: Spec): unknown { + const obj: any = {}; + if (message.spec?.$case === "hashedRekordV002") { + obj.hashedRekordV002 = HashedRekordLogEntryV002.toJSON(message.spec.hashedRekordV002); + } else if (message.spec?.$case === "dsseV002") { + obj.dsseV002 = DSSELogEntryV002.toJSON(message.spec.dsseV002); + } + return obj; + }, +}; + +function isSet(value: any): boolean { + return value !== null && value !== undefined; +} + +interface MessageFns { + fromJSON(object: any): T; + toJSON(message: T): unknown; +} diff --git a/gen/pb-typescript/src/__generated__/rekor/v2/hashedrekord.ts b/gen/pb-typescript/src/__generated__/rekor/v2/hashedrekord.ts new file mode 100644 index 00000000..87dc0254 --- /dev/null +++ b/gen/pb-typescript/src/__generated__/rekor/v2/hashedrekord.ts @@ -0,0 +1,83 @@ +// Code generated by protoc-gen-ts_proto. DO NOT EDIT. +// versions: +// protoc-gen-ts_proto v2.7.0 +// protoc v6.30.2 +// source: rekor/v2/hashedrekord.proto + +/* eslint-disable */ +import { HashOutput } from "../../sigstore_common"; +import { Signature } from "./verifier"; + +/** A request to add a hashedrekord v0.0.2 to the log */ +export interface HashedRekordRequestV002 { + /** The hashed data */ + digest: Buffer; + /** A single signature over the hashed data with the verifier needed to validate it */ + signature: Signature | undefined; +} + +export interface HashedRekordLogEntryV002 { + /** The hashed data */ + data: + | HashOutput + | undefined; + /** A single signature over the hashed data with the verifier needed to validate it */ + signature: Signature | undefined; +} + +export const HashedRekordRequestV002: MessageFns = { + fromJSON(object: any): HashedRekordRequestV002 { + return { + digest: isSet(object.digest) ? Buffer.from(bytesFromBase64(object.digest)) : Buffer.alloc(0), + signature: isSet(object.signature) ? Signature.fromJSON(object.signature) : undefined, + }; + }, + + toJSON(message: HashedRekordRequestV002): unknown { + const obj: any = {}; + if (message.digest.length !== 0) { + obj.digest = base64FromBytes(message.digest); + } + if (message.signature !== undefined) { + obj.signature = Signature.toJSON(message.signature); + } + return obj; + }, +}; + +export const HashedRekordLogEntryV002: MessageFns = { + fromJSON(object: any): HashedRekordLogEntryV002 { + return { + data: isSet(object.data) ? HashOutput.fromJSON(object.data) : undefined, + signature: isSet(object.signature) ? Signature.fromJSON(object.signature) : undefined, + }; + }, + + toJSON(message: HashedRekordLogEntryV002): unknown { + const obj: any = {}; + if (message.data !== undefined) { + obj.data = HashOutput.toJSON(message.data); + } + if (message.signature !== undefined) { + obj.signature = Signature.toJSON(message.signature); + } + return obj; + }, +}; + +function bytesFromBase64(b64: string): Uint8Array { + return Uint8Array.from(globalThis.Buffer.from(b64, "base64")); +} + +function base64FromBytes(arr: Uint8Array): string { + return globalThis.Buffer.from(arr).toString("base64"); +} + +function isSet(value: any): boolean { + return value !== null && value !== undefined; +} + +interface MessageFns { + fromJSON(object: any): T; + toJSON(message: T): unknown; +} diff --git a/gen/pb-typescript/src/__generated__/rekor/v2/verifier.ts b/gen/pb-typescript/src/__generated__/rekor/v2/verifier.ts new file mode 100644 index 00000000..097bfe08 --- /dev/null +++ b/gen/pb-typescript/src/__generated__/rekor/v2/verifier.ts @@ -0,0 +1,116 @@ +// Code generated by protoc-gen-ts_proto. DO NOT EDIT. +// versions: +// protoc-gen-ts_proto v2.7.0 +// protoc v6.30.2 +// source: rekor/v2/verifier.proto + +/* eslint-disable */ +import { + PublicKeyDetails, + publicKeyDetailsFromJSON, + publicKeyDetailsToJSON, + X509Certificate, +} from "../../sigstore_common"; + +/** PublicKey contains an encoded public key */ +export interface PublicKey { + /** DER-encoded public key */ + rawBytes: Buffer; +} + +/** Either a public key or a X.509 cerificiate with an embedded public key */ +export interface Verifier { + verifier?: + | // + /** DER-encoded public key. Encoding method is specified by the key_details attribute */ + { $case: "publicKey"; publicKey: PublicKey } + | // + /** DER-encoded certificate */ + { $case: "x509Certificate"; x509Certificate: X509Certificate } + | undefined; + /** Key encoding and signature algorithm to use for this key */ + keyDetails: PublicKeyDetails; +} + +/** A signature and an associated verifier */ +export interface Signature { + content: Buffer; + verifier: Verifier | undefined; +} + +export const PublicKey: MessageFns = { + fromJSON(object: any): PublicKey { + return { rawBytes: isSet(object.rawBytes) ? Buffer.from(bytesFromBase64(object.rawBytes)) : Buffer.alloc(0) }; + }, + + toJSON(message: PublicKey): unknown { + const obj: any = {}; + if (message.rawBytes.length !== 0) { + obj.rawBytes = base64FromBytes(message.rawBytes); + } + return obj; + }, +}; + +export const Verifier: MessageFns = { + fromJSON(object: any): Verifier { + return { + verifier: isSet(object.publicKey) + ? { $case: "publicKey", publicKey: PublicKey.fromJSON(object.publicKey) } + : isSet(object.x509Certificate) + ? { $case: "x509Certificate", x509Certificate: X509Certificate.fromJSON(object.x509Certificate) } + : undefined, + keyDetails: isSet(object.keyDetails) ? publicKeyDetailsFromJSON(object.keyDetails) : 0, + }; + }, + + toJSON(message: Verifier): unknown { + const obj: any = {}; + if (message.verifier?.$case === "publicKey") { + obj.publicKey = PublicKey.toJSON(message.verifier.publicKey); + } else if (message.verifier?.$case === "x509Certificate") { + obj.x509Certificate = X509Certificate.toJSON(message.verifier.x509Certificate); + } + if (message.keyDetails !== 0) { + obj.keyDetails = publicKeyDetailsToJSON(message.keyDetails); + } + return obj; + }, +}; + +export const Signature: MessageFns = { + fromJSON(object: any): Signature { + return { + content: isSet(object.content) ? Buffer.from(bytesFromBase64(object.content)) : Buffer.alloc(0), + verifier: isSet(object.verifier) ? Verifier.fromJSON(object.verifier) : undefined, + }; + }, + + toJSON(message: Signature): unknown { + const obj: any = {}; + if (message.content.length !== 0) { + obj.content = base64FromBytes(message.content); + } + if (message.verifier !== undefined) { + obj.verifier = Verifier.toJSON(message.verifier); + } + return obj; + }, +}; + +function bytesFromBase64(b64: string): Uint8Array { + return Uint8Array.from(globalThis.Buffer.from(b64, "base64")); +} + +function base64FromBytes(arr: Uint8Array): string { + return globalThis.Buffer.from(arr).toString("base64"); +} + +function isSet(value: any): boolean { + return value !== null && value !== undefined; +} + +interface MessageFns { + fromJSON(object: any): T; + toJSON(message: T): unknown; +} diff --git a/java/build.gradle.kts b/java/build.gradle.kts index fa20639b..92a0b231 100644 --- a/java/build.gradle.kts +++ b/java/build.gradle.kts @@ -15,7 +15,8 @@ repositories { sourceSets { main { resources { - srcDirs("../protos") + srcDirs("../protos", "../service-protos") + include("**/*.proto") } } } diff --git a/service-protos/README.md b/service-protos/README.md new file mode 100644 index 00000000..a0d891d5 --- /dev/null +++ b/service-protos/README.md @@ -0,0 +1,4 @@ +## Service Protos + +A mirror of proto defintions from various sigstore services +- `./rekor/v2`: `https://github.com/sigstore/rekor-tiles/api/proto/"rekor/v2/*.proto"` diff --git a/service-protos/rekor/v2/dsse.proto b/service-protos/rekor/v2/dsse.proto new file mode 100644 index 00000000..944ad806 --- /dev/null +++ b/service-protos/rekor/v2/dsse.proto @@ -0,0 +1,45 @@ +// Copyright 2025 The Sigstore Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; +package dev.sigstore.rekor.v2; + +import "google/api/field_behavior.proto"; +import "sigstore_common.proto"; +import "envelope.proto"; + +import "rekor/v2/verifier.proto"; + +option go_package = "github.com/sigstore/protobuf-specs/gen/pb-go/rekor/v2"; + +option java_package = "dev.sigstore.proto.rekor.v2"; +option java_multiple_files = true; +option java_outer_classname = "RekorV2Dsse"; +option ruby_package = "Sigstore::Rekor::V2"; + +// A request to add a DSSE v0.0.2 entry to the log +message DSSERequestV002 { + // A DSSE envelope + io.intoto.Envelope envelope = 1 [(google.api.field_behavior) = REQUIRED]; + // All necessary verification material to verify all signatures embedded in the envelope + repeated Verifier verifiers = 2 [(google.api.field_behavior) = REQUIRED]; +} + + +message DSSELogEntryV002 { + // The hash of the DSSE payload + dev.sigstore.common.v1.HashOutput payloadHash = 1 [(google.api.field_behavior) = REQUIRED]; + // Signatures and their associated verification material used to verify the payload + repeated Signature signatures = 2 [(google.api.field_behavior) = REQUIRED]; +} diff --git a/service-protos/rekor/v2/entry.proto b/service-protos/rekor/v2/entry.proto new file mode 100644 index 00000000..8acff158 --- /dev/null +++ b/service-protos/rekor/v2/entry.proto @@ -0,0 +1,48 @@ +// Copyright 2025 The Sigstore Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; +package dev.sigstore.rekor.v2; + +import "google/api/field_behavior.proto"; + +import "rekor/v2/dsse.proto"; +import "rekor/v2/hashedrekord.proto"; + +option go_package = "github.com/sigstore/protobuf-specs/gen/pb-go/rekor/v2"; + +option java_package = "dev.sigstore.proto.rekor.v2"; +option java_multiple_files = true; +option java_outer_classname = "RekorV2Entry"; +option ruby_package = "Sigstore::Rekor::V2"; + +// Entry is the message that is canonicalized and uploaded to the log. +// This format is meant to be compliant with Rekor v1 entries in that +// the `apiVersion` and `kind` can be parsed before parsing the spec. +// Clients are expected to understand and handle the differences in the +// contents of `spec` between Rekor v1 (a polymorphic OpenAPI defintion) +// and Rekor v2 (a typed proto defintion). +message Entry { + string kind = 1 [(google.api.field_behavior) = REQUIRED]; + string api_version = 2 [(google.api.field_behavior) = REQUIRED]; + Spec spec = 3 [(google.api.field_behavior) = REQUIRED]; +} + +// Spec contains one of the Rekor entry types. +message Spec { + oneof spec { + HashedRekordLogEntryV002 hashed_rekord_v002 = 1 [(google.api.field_behavior) = REQUIRED]; + DSSELogEntryV002 dsse_v002 = 2 [(google.api.field_behavior) = REQUIRED]; + } +} diff --git a/service-protos/rekor/v2/hashedrekord.proto b/service-protos/rekor/v2/hashedrekord.proto new file mode 100644 index 00000000..d442cec4 --- /dev/null +++ b/service-protos/rekor/v2/hashedrekord.proto @@ -0,0 +1,43 @@ +// Copyright 2025 The Sigstore Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; +package dev.sigstore.rekor.v2; + +import "google/api/field_behavior.proto"; +import "sigstore_common.proto"; + +import "rekor/v2/verifier.proto"; + +option go_package = "github.com/sigstore/protobuf-specs/gen/pb-go/rekor/v2"; + +option java_package = "dev.sigstore.proto.rekor.v2"; +option java_multiple_files = true; +option java_outer_classname = "RekorV2HashedRekord"; +option ruby_package = "Sigstore::Rekor::V2"; + +// A request to add a hashedrekord v0.0.2 to the log +message HashedRekordRequestV002 { + // The hashed data + bytes digest = 1 [(google.api.field_behavior) = REQUIRED]; + // A single signature over the hashed data with the verifier needed to validate it + Signature signature = 2 [(google.api.field_behavior) = REQUIRED]; +} + +message HashedRekordLogEntryV002 { + // The hashed data + dev.sigstore.common.v1.HashOutput data = 1 [(google.api.field_behavior) = REQUIRED]; + // A single signature over the hashed data with the verifier needed to validate it + Signature signature = 2 [(google.api.field_behavior) = REQUIRED]; +} diff --git a/service-protos/rekor/v2/verifier.proto b/service-protos/rekor/v2/verifier.proto new file mode 100644 index 00000000..aa244b9f --- /dev/null +++ b/service-protos/rekor/v2/verifier.proto @@ -0,0 +1,50 @@ +// Copyright 2025 The Sigstore Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; +package dev.sigstore.rekor.v2; + +import "sigstore_common.proto"; +import "google/api/field_behavior.proto"; + +option go_package = "github.com/sigstore/protobuf-specs/gen/pb-go/rekor/v2"; + +option java_package = "dev.sigstore.proto.rekor.v2"; +option java_multiple_files = true; +option java_outer_classname = "RekorV2Verifier"; +option ruby_package = "Sigstore::Rekor::V2"; + +// PublicKey contains an encoded public key +message PublicKey { + // DER-encoded public key + bytes raw_bytes = 1 [(google.api.field_behavior) = REQUIRED]; +} + +// Either a public key or a X.509 cerificiate with an embedded public key +message Verifier { + oneof verifier { + // DER-encoded public key. Encoding method is specified by the key_details attribute + PublicKey public_key = 1 [(google.api.field_behavior) = REQUIRED]; + // DER-encoded certificate + dev.sigstore.common.v1.X509Certificate x509_certificate = 2 [(google.api.field_behavior) = REQUIRED]; + } + // Key encoding and signature algorithm to use for this key + dev.sigstore.common.v1.PublicKeyDetails key_details = 3 [(google.api.field_behavior) = REQUIRED]; +} + +// A signature and an associated verifier +message Signature { + bytes content = 1 [(google.api.field_behavior) = REQUIRED]; + Verifier verifier = 2 [(google.api.field_behavior) = REQUIRED]; +} diff --git a/service-protos/sync-rekor-tiles.sh b/service-protos/sync-rekor-tiles.sh new file mode 100755 index 00000000..4ed8b404 --- /dev/null +++ b/service-protos/sync-rekor-tiles.sh @@ -0,0 +1,34 @@ +#!/usr/bin/env bash + +# A simple utility to copy protos from the rekor-tiles repository into protobuf specs for distribution +set -o pipefail -o errexit -o nounset + +command -v gh &>/dev/null || { echo "gh not found" 1>&2; exit 1; } + +latest_tag=$(gh api graphql -f query='{repository(owner: "sigstore", name: "rekor-tiles"){refs(refPrefix: "refs/tags/", last: 1){nodes{name}}}}' --jq '.data.repository.refs.nodes[].name') + +if [ -z "$latest_tag" ]; then + echo "latest tag not found" + exit 1 +fi + +# clean up last sync +rm ./rekor/v2/*.proto || echo "nothing to clean up" + +# mkdir just in case +mkdir -p ./rekor/v2 + +# copy all protos over except rekor_service.proto +echo "syncing protos with ${latest_tag}" +git clone --filter=blob:none --no-checkout --depth=1 https://github.com/sigstore/rekor-tiles.git ./rekor-tiles +cd ./rekor-tiles +git sparse-checkout set --no-cone '/api/proto/rekor/v2/*.proto' '!**/rekor_service.proto' +git fetch origin tag "$latest_tag" --no-tags +git checkout "$latest_tag" +cd ../ +cp -R ./rekor-tiles/api/proto/* . +rm -rf ./rekor-tiles + +# replace the go package from the service definition to the protobuf out +echo "replacing go-package" +sed -i -e 's|^option go_package.*$|option go_package = "github.com/sigstore/protobuf-specs/gen/pb-go/rekor/v2";|' ./rekor/v2/*.proto