All Classes and Interfaces
Class
Description
Protobuf type
dev.sigstore.verification.v1.ArtifactProtobuf type
dev.sigstore.verification.v1.Artifact
A light-weight set of options/policies for identifying trusted signers,
used during verification of a single artifact.
A light-weight set of options/policies for identifying trusted signers,
used during verification of a single artifact.
Protobuf type
dev.sigstore.verification.v1.ArtifactVerificationOptions.CtlogOptionsProtobuf type
dev.sigstore.verification.v1.ArtifactVerificationOptions.CtlogOptionsProtobuf type
dev.sigstore.verification.v1.ArtifactVerificationOptions.ObserverTimestampOptionsProtobuf type
dev.sigstore.verification.v1.ArtifactVerificationOptions.ObserverTimestampOptionsProtobuf type
dev.sigstore.verification.v1.ArtifactVerificationOptions.TimestampAuthorityOptionsProtobuf type
dev.sigstore.verification.v1.ArtifactVerificationOptions.TimestampAuthorityOptionsProtobuf type
dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogIntegratedTimestampOptionsProtobuf type
dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogIntegratedTimestampOptionsProtobuf type
dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogOptionsProtobuf type
dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogOptionsA representation of sigstore signing materials.
Protobuf type
dev.sigstore.bundle.v1.BundleProtobuf type
dev.sigstore.bundle.v1.BundleImplements Sigstore Bundle verification.
A stub to allow clients to do limited synchronous rpc calls to service CA.
A stub to allow clients to do synchronous rpc calls to service CA.
A stub to allow clients to do ListenableFuture-style rpc calls to service CA.
Base class for the server implementation of the service CA.
A stub to allow clients to do asynchronous rpc calls to service CA.
CertificateAuthority enlists the information required to identify which
CA to use and perform signature verification.
CertificateAuthority enlists the information required to identify which
CA to use and perform signature verification.
Protobuf type
dev.sigstore.fulcio.v2.CertificateChainProtobuf type
dev.sigstore.fulcio.v2.CertificateChainCertificateEntry structure.
Protobuf type
dev.sigstore.verification.v1.CertificateIdentitiesProtobuf type
dev.sigstore.verification.v1.CertificateIdentities
The identity of a X.509 Certificate signer.
The identity of a X.509 Certificate signer.
The checkpoint MUST contain an origin string as a unique log identifier,
the tree size, and the root hash.
The checkpoint MUST contain an origin string as a unique log identifier,
the tree size, and the root hash.
Checkpoint helper class to parse from a string in the format described in
https://github.com/transparency-dev/formats/blob/12bf59947efb7ae227c12f218b4740fb17a87e50/log/README.md
ClientTrustConfig describes the complete state needed by a client
to perform both signing and verification operations against a particular
instance of Sigstore.
ClientTrustConfig describes the complete state needed by a client
to perform both signing and verification operations against a particular
instance of Sigstore.
Protobuf type
dev.sigstore.events.v1.CloudEventProtobuf type
dev.sigstore.events.v1.CloudEventProtobuf type
dev.sigstore.events.v1.CloudEvent.CloudEventAttributeValueProtobuf type
dev.sigstore.events.v1.CloudEvent.CloudEventAttributeValueProtobuf type
dev.sigstore.events.v1.CloudEventBatchProtobuf type
dev.sigstore.events.v1.CloudEventBatch
Create a new HashedRekord or DSSE
Create a new HashedRekord or DSSE
Protobuf type
dev.sigstore.fulcio.v2.CreateSigningCertificateRequestProtobuf type
dev.sigstore.fulcio.v2.CreateSigningCertificateRequestProtobuf type
dev.sigstore.fulcio.v2.CredentialsProtobuf type
dev.sigstore.fulcio.v2.CredentialsProperties about a Certificate Transparency Log.
A custom pattern is used for defining custom HTTP verb.
A custom pattern is used for defining custom HTTP verb.
Information about the content associated with the entry
A metadata file provided by a Delegated Targets role will follow exactly the same format as one
provided by the top-level Targets role.
TUF Delegations.
DigitallySigned structure, as defined by RFC5246 Section 4.7.
Protobuf type
dev.sigstore.common.v1.DistinguishedNameProtobuf type
dev.sigstore.common.v1.DistinguishedNameDSSE v0.0.1 Schema
Protobuf type
dev.sigstore.rekor.v2.DSSELogEntryV002Protobuf type
dev.sigstore.rekor.v2.DSSELogEntryV002
A request to add a DSSE v0.0.2 entry to the log
A request to add a DSSE v0.0.2 entry to the log
Thrown when the metadata has signatures from the same key even if the threshold is met.
ECDSA signer, use
Signers to instantiate}.ECDSA verifier, instantiated by
Verifiers.newVerifier(PublicKey).
Entry is the message that is canonicalized and uploaded to the log.
Entry is the message that is canonicalized and uploaded to the log.
Specifies the hash algorithm and value encompassing the entire envelope sent to Rekor
The hashing function used to compute the hash value
An authenticated message of arbitrary type.
An authenticated message of arbitrary type.
Protobuf type
io.intoto.SignatureProtobuf type
io.intoto.Signature
An indicator of the behavior of a given field (for example, that a field
is required in requests, or given as output but ignored as input).
Thrown when the Meta File exceeds the max allowable file size as configured in the
UpdaterThrown when a metadata resources was unexpectedly missing.
Uses a local file system directory to store the trusted TUF metadata.
A client to communicate with a fulcio service instance.
A client to communicate with a fulcio service instance over gRPC.
Verifier for fulcio generated signing cerificates
This is created for forward compatibility in case we want to add fields to the TrustBundle service in the future
This is created for forward compatibility in case we want to add fields to the TrustBundle service in the future
Obtain an oidc token from the github execution environment.
Supplies a Gson with custom byte to base64 serialization, and no html escaping.
Specifies the hash algorithm and value for the content
The hashing function used to compute the hash value
Only a subset of the secure hash standard algorithms are supported.
Supported hash algorithms for timestamp requests.
Hashed Rekor v0.0.1 Schema
Protobuf type
dev.sigstore.rekor.v2.HashedRekordLogEntryV002Protobuf type
dev.sigstore.rekor.v2.HashedRekordLogEntryV002
A request to add a hashedrekord v0.0.2 to the log
A request to add a hashedrekord v0.0.2 to the log
The Hash values for some given thing.
HashOutput captures a digest of a 'message' (generic octet sequence)
and the corresponding hash algorithm used.
HashOutput captures a digest of a 'message' (generic octet sequence)
and the corresponding hash algorithm used.
Defines the HTTP configuration for an API service.
Defines the HTTP configuration for an API service.
HttpClients generates Google Http Client objects from configuration.
Http parameters for configuring connections to remote services.
# gRPC Transcoding
gRPC Transcoding is a feature for mapping between a gRPC method and one or
more HTTP REST endpoints.
# gRPC Transcoding
gRPC Transcoding is a feature for mapping between a gRPC method and one or
more HTTP REST endpoints.
The inclusion promise is calculated by Rekor.
The inclusion promise is calculated by Rekor.
InclusionProof is the proof returned from the transparency log.
InclusionProof is the proof returned from the transparency log.
Verifier for inclusion proofs.
Input captures all that is needed to call the bundle verification method,
to verify a single artifact referenced by the bundle.
Input captures all that is needed to call the bundle verification method,
to verify a single artifact referenced by the bundle.
Thrown when a hash check fails for a given resource.
JSON Canonicalizer
Information about a key that has been used to sign some TUF content.
A full sigstore keyless signing flow.
Verify hashrekords from rekor signed using the keyless signing flow with fulcio certificates.
For internal use.
KindVersion contains the entry's kind and api version.
KindVersion contains the entry's kind and api version.
LogId captures the identity of a transparency log.
LogId captures the identity of a transparency log.
MessageSignature stores the computed signature over a message.
MessageSignature stores the computed signature over a message.
Result object returned by
MetaFetcher interface.Interface that defines reading meta from local storage.
Interface that defines a mutable meta store functionality.
An implementation of Ryu for serializing IEEE-754 double precision values for JSON as specified
by ES6
An ASN.1 OBJECT IDENTIFIER
An ASN.1 OBJECT IDENTIFIER
An OID and the corresponding (byte) value.
An OID and the corresponding (byte) value.
An ordered list of oidc clients to use when looking for credentials.
A token from a provider with both openid and email scope claims.
An interface for allowing direct string matching or regular expressions on
OidcToken.An in memory cache that will pass through to a provided local tuf store.
Specifies the hash algorithm and value covering the payload within the DSSE envelope
The hashing function used to compute the hash value
Use this instead of JsonFormat to pick up default formatter options for sigstore-java.
Protobuf type
dev.sigstore.fulcio.v2.PublicKeyProtobuf type
dev.sigstore.common.v1.PublicKey
PublicKey contains an encoded public key
The public key that can verify the signature; this can also be an X509 code signing certificate that contains the raw public key information
Protobuf type
dev.sigstore.fulcio.v2.PublicKeyProtobuf type
dev.sigstore.common.v1.PublicKey
PublicKey contains an encoded public key
Protobuf enum
dev.sigstore.fulcio.v2.PublicKeyAlgorithm
Details of a specific public key, capturing the the key encoding method,
and signature algorithm.
PublicKeyIdentifier can be used to identify an (out of band) delivered
key, to verify a signature.
PublicKeyIdentifier can be used to identify an (out of band) delivered
key, to verify a signature.
Protobuf type
dev.sigstore.verification.v1.PublicKeyIdentitiesProtobuf type
dev.sigstore.verification.v1.PublicKeyIdentitiesProtobuf type
dev.sigstore.fulcio.v2.PublicKeyRequestProtobuf type
dev.sigstore.fulcio.v2.PublicKeyRequestCheck exception wrapper around
PatternSyntaxException.A client to communicate with a rekor service instance.
A client to communicate with a rekor service instance over http.
A local representation of a rekor entry in the log.
Inclusion proof to allow verification that the entry is truly part of the Rekor merkle tree.
A class representing verification information for a log entry.
A representation of the body of a
RekorEntry.Compat fetcher of rekor entries for incomplete offline signature separates.
Representation of a rekor response with the log location, raw log string and parsed log
information.
Parser for the body.spec element of
RekorEntry.A client to communicate with a rekor v2 service instance.
A client to communicate with a rekor v2 service instance over http.
Verifier for rekor entries.
This message holds a RFC 3161 timestamp.
This message holds a RFC 3161 timestamp.
TUF uses roles to define the set of actions a party can perform.
Thrown when the local trusted role is expired and no valid un-expired new role is found on the
remote mirror.
Thrown when the version of the latest downloaded role does not match the expectation.
Signed envelope of the Root metadata.
Specifies the other top-level roles.
An interface for providing the tuf root to a client.
Represents the
Role type as contained in the Root list of Roles.RSA signer, use
Signers to instantiate}.RSA verifier, instantiated by
Verifiers.newVerifier(PublicKey).
Service represents an instance of a service that is a part of Sigstore infrastructure.
Service represents an instance of a service that is a part of Sigstore infrastructure.
ServiceConfiguration specifies how a client should select a set of
Services to connect to, along with a count when a specific number
of Services is requested.
ServiceConfiguration specifies how a client should select a set of
Services to connect to, along with a count when a specific number
of Services is requested.
ServiceSelector specifies how a client SHOULD select a set of
Services to connect to.
A signature and an associated verifier
a signature of the envelope's payload along with the verification material for the signature
Information about the detached signature associated with the entry
Represents a signature for a
Role.
A signature and an associated verifier
Thrown when the metadata has not been signed by enough of the allowed keys.
SignedCertificateTimestamp structure, as defined by RFC6962 Section 3.2.
Signed wrapper around
TufMeta.A signing helper that wraps common signing operations for use within this library.
Factory class for creation of signers.
Protobuf type
dev.sigstore.fulcio.v2.SigningCertificateProtobuf type
dev.sigstore.fulcio.v2.SigningCertificate
(-- api-linter: core::0142::time-field-type=disabled
aip.dev/not-precedent: SCT is defined in RFC6962 and we keep the name consistent for easier understanding.
(-- api-linter: core::0142::time-field-type=disabled
aip.dev/not-precedent: SCT is defined in RFC6962 and we keep the name consistent for easier understanding.
Protobuf type
dev.sigstore.fulcio.v2.SigningCertificateEmbeddedSCTProtobuf type
dev.sigstore.fulcio.v2.SigningCertificateEmbeddedSCT
SigningConfig represents the trusted entities/state needed by Sigstore
signing.
SigningConfig represents the trusted entities/state needed by Sigstore
signing.
Sigstore configuration to identify signing infrastructure pieces and the policy for using them
during a singing event.
Wrapper around
Updater that provides access to sigstore specific
metadata items in a convenient API.Signed envelope of the Snapshot metadata.
The snapshot.json metadata file lists version numbers of all metadata files other than
timestamp.json.
Snapshot data to prevent mix and match attacks.
Spec contains one of the Rekor entry types.
Spec contains one of the Rekor entry types.
An interface for allowing direct string matching or regular expressions.
Protobuf type
dev.sigstore.common.v1.SubjectAlternativeNameProtobuf type
dev.sigstore.common.v1.SubjectAlternativeNameProtobuf enum
dev.sigstore.common.v1.SubjectAlternativeNameTypeAnnotation to suppress forbidden apis errors.
Metadata about a TUF target.
Field to store use-case specific labels/data.
Sigstore Metadata.
Data about the target.
Interface that defines reading targets from local storage.
Signed envelope of the Targets metadata.
Interface that defines a mutable target store functionality.
The time range is closed and includes both the start and end times,
(i.e., [start, end]).
The time range is closed and includes both the start and end times,
(i.e., [start, end]).
Signed envelope of the Timestamp metadata.
A client to communicate with a timestamp service instance.
A client to communicate with a timestamp service instance.
To prevent an adversary from replaying an out-of-date signed metadata file whose signature has
not yet expired, an automated process periodically signs a timestamped statement containing the
hash of the snapshot file.
Various timestamped counter signatures over the artifacts signature.
Various timestamped counter signatures over the artifacts signature.
This should only be used when the user has an out of band mechanism for obtaining an OIDC token
to be consumed by a sigstore signing event.
TransparencyLogEntry captures all the details required from Rekor to
reconstruct an entry, given that the payload is provided via other means.
TransparencyLogEntry captures all the details required from Rekor to
reconstruct an entry, given that the payload is provided via other means.
TransparencyLogInstance describes the immutable parameters from a
transparency log.
TransparencyLogInstance describes the immutable parameters from a
transparency log.
Protobuf type
dev.sigstore.fulcio.v2.TrustBundleProtobuf type
dev.sigstore.fulcio.v2.TrustBundleLocal storage for local state of TUF metadata.
TrustedRoot describes the client's complete set of trusted entities.
TrustedRoot describes the client's complete set of trusted entities.
Catch-all TUF Exception.
Generic Tuf Metadata interface for various TUF resources such as Roles, Snapshots, and Targets.
Handler for 429 and standard server errors 5XX.
Tuf metadata updater.
A utility class for formatting URIs, providing predictable path appending.
VerificationMaterial captures details on the materials used to verify
signatures.
VerificationMaterial captures details on the materials used to verify
signatures.
An interface for allowing matching of certificates.
Exceptions thrown by implementations of
VerificationOptions.CertificateMatcher.test(X509Certificate)Verification result for a single SCT.
A verifier helper that wraps common verification operations for use within this library.
Either a public key or a X.509 cerificiate with an embedded public key
A verifier interface specifying verification for a raw artifact (no hashing).
Either a public key or a X.509 cerificiate with an embedded public key
Autodetection for verification algorithms based on public keys used.
A client to obtain oidc tokens from an oauth provider via web workflow for use with sigstore.
Interface for allowing custom browser handlers for OauthClients.
Internal.
Protobuf type
dev.sigstore.common.v1.X509CertificateProtobuf type
dev.sigstore.common.v1.X509Certificate
A collection of X.509 certificates.
A collection of X.509 certificates.