Package dev.sigstore.proto.bundle.v1

Interface BundleOrBuilder

  • All Superinterfaces:
    com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder
    All Known Implementing Classes:
    Bundle, Bundle.Builder
    public interface BundleOrBuilder
extends com.google.protobuf.MessageOrBuilder

    • Method Summary

      All Methods Instance Methods Abstract Methods 
      Modifier and Type Method Description
      Bundle.ContentCase getContentCase()  
      EnvelopeOuterClass.Envelope getDsseEnvelope()
      A DSSE envelope can contain arbitrary payloads.
      EnvelopeOuterClass.EnvelopeOrBuilder getDsseEnvelopeOrBuilder()
      A DSSE envelope can contain arbitrary payloads.
      java.lang.String getMediaType()
      MUST be application/vnd.dev.sigstore.bundle.v0.3+json when when encoded as JSON.
      com.google.protobuf.ByteString getMediaTypeBytes()
      MUST be application/vnd.dev.sigstore.bundle.v0.3+json when when encoded as JSON.
      MessageSignature getMessageSignature()
      .dev.sigstore.common.v1.MessageSignature message_signature = 3 [(.google.api.field_behavior) = REQUIRED];
      MessageSignatureOrBuilder getMessageSignatureOrBuilder()
      .dev.sigstore.common.v1.MessageSignature message_signature = 3 [(.google.api.field_behavior) = REQUIRED];
      VerificationMaterial getVerificationMaterial()
      When a signer is identified by a X.509 certificate, a verifier MUST verify that the signature was computed at the time the certificate was valid as described in the Sigstore client spec: "Verification using a Bundle".
      VerificationMaterialOrBuilder getVerificationMaterialOrBuilder()
      When a signer is identified by a X.509 certificate, a verifier MUST verify that the signature was computed at the time the certificate was valid as described in the Sigstore client spec: "Verification using a Bundle".
      boolean hasDsseEnvelope()
      A DSSE envelope can contain arbitrary payloads.
      boolean hasMessageSignature()
      .dev.sigstore.common.v1.MessageSignature message_signature = 3 [(.google.api.field_behavior) = REQUIRED];
      boolean hasVerificationMaterial()
      When a signer is identified by a X.509 certificate, a verifier MUST verify that the signature was computed at the time the certificate was valid as described in the Sigstore client spec: "Verification using a Bundle".

      • Methods inherited from interface com.google.protobuf.MessageLiteOrBuilder

        isInitialized

      • Methods inherited from interface com.google.protobuf.MessageOrBuilder

        findInitializationErrors, getAllFields, getDefaultInstanceForType, getDescriptorForType, getField, getInitializationErrorString, getOneofFieldDescriptor, getRepeatedField, getRepeatedFieldCount, getUnknownFields, hasField, hasOneof

    • Method Detail

      • getMediaType

        java.lang.String getMediaType()
         MUST be application/vnd.dev.sigstore.bundle.v0.3+json when
 when encoded as JSON.
 Clients must to be able to accept media type using the previously
 defined formats:
 * application/vnd.dev.sigstore.bundle+json;version=0.1
 * application/vnd.dev.sigstore.bundle+json;version=0.2
 * application/vnd.dev.sigstore.bundle+json;version=0.3
        string media_type = 1;
        Returns:
        The mediaType.

      • getMediaTypeBytes

        com.google.protobuf.ByteString getMediaTypeBytes()
         MUST be application/vnd.dev.sigstore.bundle.v0.3+json when
 when encoded as JSON.
 Clients must to be able to accept media type using the previously
 defined formats:
 * application/vnd.dev.sigstore.bundle+json;version=0.1
 * application/vnd.dev.sigstore.bundle+json;version=0.2
 * application/vnd.dev.sigstore.bundle+json;version=0.3
        string media_type = 1;
        Returns:
        The bytes for mediaType.

      • hasVerificationMaterial

        boolean hasVerificationMaterial()
         When a signer is identified by a X.509 certificate, a verifier MUST
 verify that the signature was computed at the time the certificate
 was valid as described in the Sigstore client spec: "Verification
 using a Bundle".
 <https://docs.google.com/document/d/1kbhK2qyPPk8SLavHzYSDM8-Ueul9_oxIMVFuWMWKz0E/edit#heading=h.x8bduppe89ln>
 If the verification material contains a public key identifier
 (key hint) and the `content` is a DSSE envelope, the key hints
 MUST be exactly the same in the verification material and in the
 DSSE envelope.
        .dev.sigstore.bundle.v1.VerificationMaterial verification_material = 2 [(.google.api.field_behavior) = REQUIRED];
        Returns:
        Whether the verificationMaterial field is set.

      • getVerificationMaterial

        VerificationMaterial getVerificationMaterial()
         When a signer is identified by a X.509 certificate, a verifier MUST
 verify that the signature was computed at the time the certificate
 was valid as described in the Sigstore client spec: "Verification
 using a Bundle".
 <https://docs.google.com/document/d/1kbhK2qyPPk8SLavHzYSDM8-Ueul9_oxIMVFuWMWKz0E/edit#heading=h.x8bduppe89ln>
 If the verification material contains a public key identifier
 (key hint) and the `content` is a DSSE envelope, the key hints
 MUST be exactly the same in the verification material and in the
 DSSE envelope.
        .dev.sigstore.bundle.v1.VerificationMaterial verification_material = 2 [(.google.api.field_behavior) = REQUIRED];
        Returns:
        The verificationMaterial.

      • getVerificationMaterialOrBuilder

        VerificationMaterialOrBuilder getVerificationMaterialOrBuilder()
         When a signer is identified by a X.509 certificate, a verifier MUST
 verify that the signature was computed at the time the certificate
 was valid as described in the Sigstore client spec: "Verification
 using a Bundle".
 <https://docs.google.com/document/d/1kbhK2qyPPk8SLavHzYSDM8-Ueul9_oxIMVFuWMWKz0E/edit#heading=h.x8bduppe89ln>
 If the verification material contains a public key identifier
 (key hint) and the `content` is a DSSE envelope, the key hints
 MUST be exactly the same in the verification material and in the
 DSSE envelope.
        .dev.sigstore.bundle.v1.VerificationMaterial verification_material = 2 [(.google.api.field_behavior) = REQUIRED];

      • hasMessageSignature

        boolean hasMessageSignature()
        .dev.sigstore.common.v1.MessageSignature message_signature = 3 [(.google.api.field_behavior) = REQUIRED];
        Returns:
        Whether the messageSignature field is set.

      • getMessageSignature

        MessageSignature getMessageSignature()
        .dev.sigstore.common.v1.MessageSignature message_signature = 3 [(.google.api.field_behavior) = REQUIRED];
        Returns:
        The messageSignature.

      • getMessageSignatureOrBuilder

        MessageSignatureOrBuilder getMessageSignatureOrBuilder()
        .dev.sigstore.common.v1.MessageSignature message_signature = 3 [(.google.api.field_behavior) = REQUIRED];

      • hasDsseEnvelope

        boolean hasDsseEnvelope()
         A DSSE envelope can contain arbitrary payloads.
 Verifiers must verify that the payload type is a
 supported and expected type. This is part of the DSSE
 protocol which is defined here:
 <https://github.com/secure-systems-lab/dsse/blob/master/protocol.md>
 DSSE envelopes in a bundle MUST have exactly one signture.
 This is a limitation from the DSSE spec, as it can contain
 multiple signatures. There are two primary reasons:
 1. It simplfies the verification logic and policy
 2. The bundle (currently) can only contain a single
 instance of the required verification materials
 During verification a client MUST reject an envelope if
 the number of signatures is not equal to one.
        .io.intoto.Envelope dsse_envelope = 4 [(.google.api.field_behavior) = REQUIRED];
        Returns:
        Whether the dsseEnvelope field is set.

      • getDsseEnvelope

        EnvelopeOuterClass.Envelope getDsseEnvelope()
         A DSSE envelope can contain arbitrary payloads.
 Verifiers must verify that the payload type is a
 supported and expected type. This is part of the DSSE
 protocol which is defined here:
 <https://github.com/secure-systems-lab/dsse/blob/master/protocol.md>
 DSSE envelopes in a bundle MUST have exactly one signture.
 This is a limitation from the DSSE spec, as it can contain
 multiple signatures. There are two primary reasons:
 1. It simplfies the verification logic and policy
 2. The bundle (currently) can only contain a single
 instance of the required verification materials
 During verification a client MUST reject an envelope if
 the number of signatures is not equal to one.
        .io.intoto.Envelope dsse_envelope = 4 [(.google.api.field_behavior) = REQUIRED];
        Returns:
        The dsseEnvelope.

      • getDsseEnvelopeOrBuilder

        EnvelopeOuterClass.EnvelopeOrBuilder getDsseEnvelopeOrBuilder()
         A DSSE envelope can contain arbitrary payloads.
 Verifiers must verify that the payload type is a
 supported and expected type. This is part of the DSSE
 protocol which is defined here:
 <https://github.com/secure-systems-lab/dsse/blob/master/protocol.md>
 DSSE envelopes in a bundle MUST have exactly one signture.
 This is a limitation from the DSSE spec, as it can contain
 multiple signatures. There are two primary reasons:
 1. It simplfies the verification logic and policy
 2. The bundle (currently) can only contain a single
 instance of the required verification materials
 During verification a client MUST reject an envelope if
 the number of signatures is not equal to one.
        .io.intoto.Envelope dsse_envelope = 4 [(.google.api.field_behavior) = REQUIRED];