Package dev.sigstore.proto.trustroot.v1

Class TrustedRoot

  • All Implemented Interfaces:
    com.google.protobuf.Message, com.google.protobuf.MessageLite, com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder, TrustedRootOrBuilder, java.io.Serializable
    public final class TrustedRoot
extends com.google.protobuf.GeneratedMessage
implements TrustedRootOrBuilder
     TrustedRoot describes the client's complete set of trusted entities.
 How the TrustedRoot is populated is not specified, but can be a
 combination of many sources such as TUF repositories, files on disk etc.

 The TrustedRoot is not meant to be used for any artifact verification, only
 to capture the complete/global set of trusted verification materials.
 When verifying an artifact, based on the artifact and policies, a selection
 of keys/authorities are expected to be extracted and provided to the
 verification function. This way the set of keys/authorities can be kept to
 a minimal set by the policy to gain better control over what signatures
 that are allowed.

 The embedded transparency logs, CT logs, CAs and TSAs MUST include any
 previously used instance -- otherwise signatures made in the past cannot
 be verified.

 All the listed instances SHOULD be sorted by the 'valid_for' in ascending
 order, that is, the oldest instance first. Only the last instance is
 allowed to have their 'end' timestamp unset. All previous instances MUST
 have a closed interval of validity. The last instance MAY have a closed
 interval. Clients MUST accept instances that overlaps in time, if not
 clients may experience problems during rotations of verification
 materials.

 To be able to manage planned rotations of either transparency logs or
 certificate authorities, clienst MUST accept lists of instances where
 the last instance have a 'valid_for' that belongs to the future.
 This should not be a problem as clients SHOULD first seek the trust root
 for a suitable instance before creating a per artifact trust root (that
 is, a sub-set of the complete trust root) that is used for verification.
    Protobuf type dev.sigstore.trustroot.v1.TrustedRoot
    See Also:
    Serialized Form

    • Field Detail

      • MEDIA_TYPE_FIELD_NUMBER

        public static final int MEDIA_TYPE_FIELD_NUMBER
        See Also:
        Constant Field Values

      • CERTIFICATE_AUTHORITIES_FIELD_NUMBER

        public static final int CERTIFICATE_AUTHORITIES_FIELD_NUMBER
        See Also:
        Constant Field Values

      • TIMESTAMP_AUTHORITIES_FIELD_NUMBER

        public static final int TIMESTAMP_AUTHORITIES_FIELD_NUMBER
        See Also:
        Constant Field Values

    • Method Detail

      • getDescriptor

        public static final com.google.protobuf.Descriptors.Descriptor getDescriptor()

      • internalGetFieldAccessorTable

        protected com.google.protobuf.GeneratedMessage.FieldAccessorTable internalGetFieldAccessorTable()
        Specified by:
        internalGetFieldAccessorTable in class com.google.protobuf.GeneratedMessage

      • getMediaType

        public java.lang.String getMediaType()
         MUST be application/vnd.dev.sigstore.trustedroot.v0.1+json
 when encoded as JSON.
 Clients MUST be able to process and parse content with the media
 type defined in the old format:
 application/vnd.dev.sigstore.trustedroot+json;version=0.1
        string media_type = 1;
        Specified by:
        getMediaType in interface TrustedRootOrBuilder
        Returns:
        The mediaType.

      • getMediaTypeBytes

        public com.google.protobuf.ByteString getMediaTypeBytes()
         MUST be application/vnd.dev.sigstore.trustedroot.v0.1+json
 when encoded as JSON.
 Clients MUST be able to process and parse content with the media
 type defined in the old format:
 application/vnd.dev.sigstore.trustedroot+json;version=0.1
        string media_type = 1;
        Specified by:
        getMediaTypeBytes in interface TrustedRootOrBuilder
        Returns:
        The bytes for mediaType.

      • getTlogsCount

        public int getTlogsCount()
         A set of trusted Rekor servers.
        repeated .dev.sigstore.trustroot.v1.TransparencyLogInstance tlogs = 2;
        Specified by:
        getTlogsCount in interface TrustedRootOrBuilder

      • getCertificateAuthoritiesList

        public java.util.List<CertificateAuthority> getCertificateAuthoritiesList()
         A set of trusted certificate authorities (e.g Fulcio), and any
 intermediate certificates they provide.
 If a CA is issuing multiple intermediate certificate, each
 combination shall be represented as separate chain. I.e, a single
 root cert may appear in multiple chains but with different
 intermediate and/or leaf certificates.
 The certificates are intended to be used for verifying artifact
 signatures.
        repeated .dev.sigstore.trustroot.v1.CertificateAuthority certificate_authorities = 3;
        Specified by:
        getCertificateAuthoritiesList in interface TrustedRootOrBuilder

      • getCertificateAuthoritiesOrBuilderList

        public java.util.List<? extends CertificateAuthorityOrBuilder> getCertificateAuthoritiesOrBuilderList()
         A set of trusted certificate authorities (e.g Fulcio), and any
 intermediate certificates they provide.
 If a CA is issuing multiple intermediate certificate, each
 combination shall be represented as separate chain. I.e, a single
 root cert may appear in multiple chains but with different
 intermediate and/or leaf certificates.
 The certificates are intended to be used for verifying artifact
 signatures.
        repeated .dev.sigstore.trustroot.v1.CertificateAuthority certificate_authorities = 3;
        Specified by:
        getCertificateAuthoritiesOrBuilderList in interface TrustedRootOrBuilder

      • getCertificateAuthoritiesCount

        public int getCertificateAuthoritiesCount()
         A set of trusted certificate authorities (e.g Fulcio), and any
 intermediate certificates they provide.
 If a CA is issuing multiple intermediate certificate, each
 combination shall be represented as separate chain. I.e, a single
 root cert may appear in multiple chains but with different
 intermediate and/or leaf certificates.
 The certificates are intended to be used for verifying artifact
 signatures.
        repeated .dev.sigstore.trustroot.v1.CertificateAuthority certificate_authorities = 3;
        Specified by:
        getCertificateAuthoritiesCount in interface TrustedRootOrBuilder

      • getCertificateAuthorities

        public CertificateAuthority getCertificateAuthorities​(int index)
         A set of trusted certificate authorities (e.g Fulcio), and any
 intermediate certificates they provide.
 If a CA is issuing multiple intermediate certificate, each
 combination shall be represented as separate chain. I.e, a single
 root cert may appear in multiple chains but with different
 intermediate and/or leaf certificates.
 The certificates are intended to be used for verifying artifact
 signatures.
        repeated .dev.sigstore.trustroot.v1.CertificateAuthority certificate_authorities = 3;
        Specified by:
        getCertificateAuthorities in interface TrustedRootOrBuilder

      • getCertificateAuthoritiesOrBuilder

        public CertificateAuthorityOrBuilder getCertificateAuthoritiesOrBuilder​(int index)
         A set of trusted certificate authorities (e.g Fulcio), and any
 intermediate certificates they provide.
 If a CA is issuing multiple intermediate certificate, each
 combination shall be represented as separate chain. I.e, a single
 root cert may appear in multiple chains but with different
 intermediate and/or leaf certificates.
 The certificates are intended to be used for verifying artifact
 signatures.
        repeated .dev.sigstore.trustroot.v1.CertificateAuthority certificate_authorities = 3;
        Specified by:
        getCertificateAuthoritiesOrBuilder in interface TrustedRootOrBuilder

      • getCtlogsCount

        public int getCtlogsCount()
         A set of trusted certificate transparency logs.
        repeated .dev.sigstore.trustroot.v1.TransparencyLogInstance ctlogs = 4;
        Specified by:
        getCtlogsCount in interface TrustedRootOrBuilder

      • getTimestampAuthoritiesCount

        public int getTimestampAuthoritiesCount()
         A set of trusted timestamping authorities.
        repeated .dev.sigstore.trustroot.v1.CertificateAuthority timestamp_authorities = 5;
        Specified by:
        getTimestampAuthoritiesCount in interface TrustedRootOrBuilder

      • isInitialized

        public final boolean isInitialized()
        Specified by:
        isInitialized in interface com.google.protobuf.MessageLiteOrBuilder
        Overrides:
        isInitialized in class com.google.protobuf.GeneratedMessage

      • writeTo

        public void writeTo​(com.google.protobuf.CodedOutputStream output)
             throws java.io.IOException
        Specified by:
        writeTo in interface com.google.protobuf.MessageLite
        Overrides:
        writeTo in class com.google.protobuf.GeneratedMessage
        Throws:
        java.io.IOException

      • getSerializedSize

        public int getSerializedSize()
        Specified by:
        getSerializedSize in interface com.google.protobuf.MessageLite
        Overrides:
        getSerializedSize in class com.google.protobuf.GeneratedMessage

      • equals

        public boolean equals​(java.lang.Object obj)
        Specified by:
        equals in interface com.google.protobuf.Message
        Overrides:
        equals in class com.google.protobuf.AbstractMessage

      • hashCode

        public int hashCode()
        Specified by:
        hashCode in interface com.google.protobuf.Message
        Overrides:
        hashCode in class com.google.protobuf.AbstractMessage

      • parseFrom

        public static TrustedRoot parseFrom​(java.nio.ByteBuffer data)
                             throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static TrustedRoot parseFrom​(java.nio.ByteBuffer data,
                                    com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                             throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static TrustedRoot parseFrom​(com.google.protobuf.ByteString data)
                             throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static TrustedRoot parseFrom​(com.google.protobuf.ByteString data,
                                    com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                             throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static TrustedRoot parseFrom​(byte[] data)
                             throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static TrustedRoot parseFrom​(byte[] data,
                                    com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                             throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static TrustedRoot parseFrom​(java.io.InputStream input)
                             throws java.io.IOException
        Throws:
        java.io.IOException

      • parseFrom

        public static TrustedRoot parseFrom​(java.io.InputStream input,
                                    com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                             throws java.io.IOException
        Throws:
        java.io.IOException

      • parseDelimitedFrom

        public static TrustedRoot parseDelimitedFrom​(java.io.InputStream input)
                                      throws java.io.IOException
        Throws:
        java.io.IOException

      • parseDelimitedFrom

        public static TrustedRoot parseDelimitedFrom​(java.io.InputStream input,
                                             com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                                      throws java.io.IOException
        Throws:
        java.io.IOException

      • parseFrom

        public static TrustedRoot parseFrom​(com.google.protobuf.CodedInputStream input)
                             throws java.io.IOException
        Throws:
        java.io.IOException

      • parseFrom

        public static TrustedRoot parseFrom​(com.google.protobuf.CodedInputStream input,
                                    com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                             throws java.io.IOException
        Throws:
        java.io.IOException

      • newBuilderForType

        public TrustedRoot.Builder newBuilderForType()
        Specified by:
        newBuilderForType in interface com.google.protobuf.Message
        Specified by:
        newBuilderForType in interface com.google.protobuf.MessageLite

      • toBuilder

        public TrustedRoot.Builder toBuilder()
        Specified by:
        toBuilder in interface com.google.protobuf.Message
        Specified by:
        toBuilder in interface com.google.protobuf.MessageLite

      • newBuilderForType

        protected TrustedRoot.Builder newBuilderForType​(com.google.protobuf.AbstractMessage.BuilderParent parent)
        Overrides:
        newBuilderForType in class com.google.protobuf.AbstractMessage

      • getDefaultInstance

        public static TrustedRoot getDefaultInstance()

      • parser

        public static com.google.protobuf.Parser<TrustedRoot> parser()

      • getParserForType

        public com.google.protobuf.Parser<TrustedRoot> getParserForType()
        Specified by:
        getParserForType in interface com.google.protobuf.Message
        Specified by:
        getParserForType in interface com.google.protobuf.MessageLite
        Overrides:
        getParserForType in class com.google.protobuf.GeneratedMessage

      • getDefaultInstanceForType

        public TrustedRoot getDefaultInstanceForType()
        Specified by:
        getDefaultInstanceForType in interface com.google.protobuf.MessageLiteOrBuilder
        Specified by:
        getDefaultInstanceForType in interface com.google.protobuf.MessageOrBuilder