Package dev.sigstore.proto.trustroot.v1

Class TrustedRoot

java.lang.Object
com.google.protobuf.AbstractMessageLite
com.google.protobuf.AbstractMessage
com.google.protobuf.GeneratedMessage
dev.sigstore.proto.trustroot.v1.TrustedRoot
All Implemented Interfaces:
com.google.protobuf.Message, com.google.protobuf.MessageLite, com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder, TrustedRootOrBuilder, Serializable
public final class TrustedRoot extends com.google.protobuf.GeneratedMessage implements TrustedRootOrBuilder
 TrustedRoot describes the client's complete set of trusted entities.
 How the TrustedRoot is populated is not specified, but can be a
 combination of many sources such as TUF repositories, files on disk etc.

 The TrustedRoot is not meant to be used for any artifact verification, only
 to capture the complete/global set of trusted verification materials.
 When verifying an artifact, based on the artifact and policies, a selection
 of keys/authorities are expected to be extracted and provided to the
 verification function. This way the set of keys/authorities can be kept to
 a minimal set by the policy to gain better control over what signatures
 that are allowed.

 The embedded transparency logs, CT logs, CAs and TSAs MUST include any
 previously used instance -- otherwise signatures made in the past cannot
 be verified.

 All the listed instances SHOULD be sorted by the 'valid_for' in ascending
 order, that is, the oldest instance first. Only the last instance is
 allowed to have their 'end' timestamp unset. All previous instances MUST
 have a closed interval of validity. The last instance MAY have a closed
 interval. Clients MUST accept instances that overlaps in time, if not
 clients may experience problems during rotations of verification
 materials.

 To be able to manage planned rotations of either transparency logs or
 certificate authorities, clienst MUST accept lists of instances where
 the last instance have a 'valid_for' that belongs to the future.
 This should not be a problem as clients SHOULD first seek the trust root
 for a suitable instance before creating a per artifact trust root (that
 is, a sub-set of the complete trust root) that is used for verification.
Protobuf type dev.sigstore.trustroot.v1.TrustedRoot
See Also:

  • Field Details

    • MEDIA_TYPE_FIELD_NUMBER

      public static final int MEDIA_TYPE_FIELD_NUMBER
      See Also:

    • TLOGS_FIELD_NUMBER

      public static final int TLOGS_FIELD_NUMBER
      See Also:

    • CERTIFICATE_AUTHORITIES_FIELD_NUMBER

      public static final int CERTIFICATE_AUTHORITIES_FIELD_NUMBER
      See Also:

    • CTLOGS_FIELD_NUMBER

      public static final int CTLOGS_FIELD_NUMBER
      See Also:

    • TIMESTAMP_AUTHORITIES_FIELD_NUMBER

      public static final int TIMESTAMP_AUTHORITIES_FIELD_NUMBER
      See Also:

  • Method Details

    • getDescriptor

      public static final com.google.protobuf.Descriptors.Descriptor getDescriptor()

    • internalGetFieldAccessorTable

      protected com.google.protobuf.GeneratedMessage.FieldAccessorTable internalGetFieldAccessorTable()
      Specified by:
      internalGetFieldAccessorTable in class com.google.protobuf.GeneratedMessage

    • getMediaType

      public String getMediaType()
       MUST be application/vnd.dev.sigstore.trustedroot.v0.1+json
 when encoded as JSON.
 Clients MUST be able to process and parse content with the media
 type defined in the old format:
 application/vnd.dev.sigstore.trustedroot+json;version=0.1
      string media_type = 1;
      Specified by:
      getMediaType in interface TrustedRootOrBuilder
      Returns:
      The mediaType.

    • getMediaTypeBytes

      public com.google.protobuf.ByteString getMediaTypeBytes()
       MUST be application/vnd.dev.sigstore.trustedroot.v0.1+json
 when encoded as JSON.
 Clients MUST be able to process and parse content with the media
 type defined in the old format:
 application/vnd.dev.sigstore.trustedroot+json;version=0.1
      string media_type = 1;
      Specified by:
      getMediaTypeBytes in interface TrustedRootOrBuilder
      Returns:
      The bytes for mediaType.

    • getTlogsList

      public List<TransparencyLogInstance> getTlogsList()
       A set of trusted Rekor servers.
      repeated .dev.sigstore.trustroot.v1.TransparencyLogInstance tlogs = 2;
      Specified by:
      getTlogsList in interface TrustedRootOrBuilder

    • getTlogsOrBuilderList

      public List<? extends TransparencyLogInstanceOrBuilder> getTlogsOrBuilderList()
       A set of trusted Rekor servers.
      repeated .dev.sigstore.trustroot.v1.TransparencyLogInstance tlogs = 2;
      Specified by:
      getTlogsOrBuilderList in interface TrustedRootOrBuilder

    • getTlogsCount

      public int getTlogsCount()
       A set of trusted Rekor servers.
      repeated .dev.sigstore.trustroot.v1.TransparencyLogInstance tlogs = 2;
      Specified by:
      getTlogsCount in interface TrustedRootOrBuilder

    • getTlogs

      public TransparencyLogInstance getTlogs(int index)
       A set of trusted Rekor servers.
      repeated .dev.sigstore.trustroot.v1.TransparencyLogInstance tlogs = 2;
      Specified by:
      getTlogs in interface TrustedRootOrBuilder

    • getTlogsOrBuilder

      public TransparencyLogInstanceOrBuilder getTlogsOrBuilder(int index)
       A set of trusted Rekor servers.
      repeated .dev.sigstore.trustroot.v1.TransparencyLogInstance tlogs = 2;
      Specified by:
      getTlogsOrBuilder in interface TrustedRootOrBuilder

    • getCertificateAuthoritiesList

      public List<CertificateAuthority> getCertificateAuthoritiesList()
       A set of trusted certificate authorities (e.g Fulcio), and any
 intermediate certificates they provide.
 If a CA is issuing multiple intermediate certificate, each
 combination shall be represented as separate chain. I.e, a single
 root cert may appear in multiple chains but with different
 intermediate and/or leaf certificates.
 The certificates are intended to be used for verifying artifact
 signatures.
      repeated .dev.sigstore.trustroot.v1.CertificateAuthority certificate_authorities = 3;
      Specified by:
      getCertificateAuthoritiesList in interface TrustedRootOrBuilder

    • getCertificateAuthoritiesOrBuilderList

      public List<? extends CertificateAuthorityOrBuilder> getCertificateAuthoritiesOrBuilderList()
       A set of trusted certificate authorities (e.g Fulcio), and any
 intermediate certificates they provide.
 If a CA is issuing multiple intermediate certificate, each
 combination shall be represented as separate chain. I.e, a single
 root cert may appear in multiple chains but with different
 intermediate and/or leaf certificates.
 The certificates are intended to be used for verifying artifact
 signatures.
      repeated .dev.sigstore.trustroot.v1.CertificateAuthority certificate_authorities = 3;
      Specified by:
      getCertificateAuthoritiesOrBuilderList in interface TrustedRootOrBuilder

    • getCertificateAuthoritiesCount

      public int getCertificateAuthoritiesCount()
       A set of trusted certificate authorities (e.g Fulcio), and any
 intermediate certificates they provide.
 If a CA is issuing multiple intermediate certificate, each
 combination shall be represented as separate chain. I.e, a single
 root cert may appear in multiple chains but with different
 intermediate and/or leaf certificates.
 The certificates are intended to be used for verifying artifact
 signatures.
      repeated .dev.sigstore.trustroot.v1.CertificateAuthority certificate_authorities = 3;
      Specified by:
      getCertificateAuthoritiesCount in interface TrustedRootOrBuilder

    • getCertificateAuthorities

      public CertificateAuthority getCertificateAuthorities(int index)
       A set of trusted certificate authorities (e.g Fulcio), and any
 intermediate certificates they provide.
 If a CA is issuing multiple intermediate certificate, each
 combination shall be represented as separate chain. I.e, a single
 root cert may appear in multiple chains but with different
 intermediate and/or leaf certificates.
 The certificates are intended to be used for verifying artifact
 signatures.
      repeated .dev.sigstore.trustroot.v1.CertificateAuthority certificate_authorities = 3;
      Specified by:
      getCertificateAuthorities in interface TrustedRootOrBuilder

    • getCertificateAuthoritiesOrBuilder

      public CertificateAuthorityOrBuilder getCertificateAuthoritiesOrBuilder(int index)
       A set of trusted certificate authorities (e.g Fulcio), and any
 intermediate certificates they provide.
 If a CA is issuing multiple intermediate certificate, each
 combination shall be represented as separate chain. I.e, a single
 root cert may appear in multiple chains but with different
 intermediate and/or leaf certificates.
 The certificates are intended to be used for verifying artifact
 signatures.
      repeated .dev.sigstore.trustroot.v1.CertificateAuthority certificate_authorities = 3;
      Specified by:
      getCertificateAuthoritiesOrBuilder in interface TrustedRootOrBuilder

    • getCtlogsList

      public List<TransparencyLogInstance> getCtlogsList()
       A set of trusted certificate transparency logs.
      repeated .dev.sigstore.trustroot.v1.TransparencyLogInstance ctlogs = 4;
      Specified by:
      getCtlogsList in interface TrustedRootOrBuilder

    • getCtlogsOrBuilderList

      public List<? extends TransparencyLogInstanceOrBuilder> getCtlogsOrBuilderList()
       A set of trusted certificate transparency logs.
      repeated .dev.sigstore.trustroot.v1.TransparencyLogInstance ctlogs = 4;
      Specified by:
      getCtlogsOrBuilderList in interface TrustedRootOrBuilder

    • getCtlogsCount

      public int getCtlogsCount()
       A set of trusted certificate transparency logs.
      repeated .dev.sigstore.trustroot.v1.TransparencyLogInstance ctlogs = 4;
      Specified by:
      getCtlogsCount in interface TrustedRootOrBuilder

    • getCtlogs

      public TransparencyLogInstance getCtlogs(int index)
       A set of trusted certificate transparency logs.
      repeated .dev.sigstore.trustroot.v1.TransparencyLogInstance ctlogs = 4;
      Specified by:
      getCtlogs in interface TrustedRootOrBuilder

    • getCtlogsOrBuilder

      public TransparencyLogInstanceOrBuilder getCtlogsOrBuilder(int index)
       A set of trusted certificate transparency logs.
      repeated .dev.sigstore.trustroot.v1.TransparencyLogInstance ctlogs = 4;
      Specified by:
      getCtlogsOrBuilder in interface TrustedRootOrBuilder

    • getTimestampAuthoritiesList

      public List<CertificateAuthority> getTimestampAuthoritiesList()
       A set of trusted timestamping authorities.
      repeated .dev.sigstore.trustroot.v1.CertificateAuthority timestamp_authorities = 5;
      Specified by:
      getTimestampAuthoritiesList in interface TrustedRootOrBuilder

    • getTimestampAuthoritiesOrBuilderList

      public List<? extends CertificateAuthorityOrBuilder> getTimestampAuthoritiesOrBuilderList()
       A set of trusted timestamping authorities.
      repeated .dev.sigstore.trustroot.v1.CertificateAuthority timestamp_authorities = 5;
      Specified by:
      getTimestampAuthoritiesOrBuilderList in interface TrustedRootOrBuilder

    • getTimestampAuthoritiesCount

      public int getTimestampAuthoritiesCount()
       A set of trusted timestamping authorities.
      repeated .dev.sigstore.trustroot.v1.CertificateAuthority timestamp_authorities = 5;
      Specified by:
      getTimestampAuthoritiesCount in interface TrustedRootOrBuilder

    • getTimestampAuthorities

      public CertificateAuthority getTimestampAuthorities(int index)
       A set of trusted timestamping authorities.
      repeated .dev.sigstore.trustroot.v1.CertificateAuthority timestamp_authorities = 5;
      Specified by:
      getTimestampAuthorities in interface TrustedRootOrBuilder

    • getTimestampAuthoritiesOrBuilder

      public CertificateAuthorityOrBuilder getTimestampAuthoritiesOrBuilder(int index)
       A set of trusted timestamping authorities.
      repeated .dev.sigstore.trustroot.v1.CertificateAuthority timestamp_authorities = 5;
      Specified by:
      getTimestampAuthoritiesOrBuilder in interface TrustedRootOrBuilder

    • isInitialized

      public final boolean isInitialized()
      Specified by:
      isInitialized in interface com.google.protobuf.MessageLiteOrBuilder
      Overrides:
      isInitialized in class com.google.protobuf.GeneratedMessage

    • writeTo

      public void writeTo(com.google.protobuf.CodedOutputStream output) throws IOException
      Specified by:
      writeTo in interface com.google.protobuf.MessageLite
      Overrides:
      writeTo in class com.google.protobuf.GeneratedMessage
      Throws:
      IOException

    • getSerializedSize

      public int getSerializedSize()
      Specified by:
      getSerializedSize in interface com.google.protobuf.MessageLite
      Overrides:
      getSerializedSize in class com.google.protobuf.GeneratedMessage

    • equals

      public boolean equals(Object obj)
      Specified by:
      equals in interface com.google.protobuf.Message
      Overrides:
      equals in class com.google.protobuf.AbstractMessage

    • hashCode

      public int hashCode()
      Specified by:
      hashCode in interface com.google.protobuf.Message
      Overrides:
      hashCode in class com.google.protobuf.AbstractMessage

    • parseFrom

      public static TrustedRoot parseFrom(ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException
      Throws:
      com.google.protobuf.InvalidProtocolBufferException

    • parseFrom

      public static TrustedRoot parseFrom(ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws com.google.protobuf.InvalidProtocolBufferException
      Throws:
      com.google.protobuf.InvalidProtocolBufferException

    • parseFrom

      public static TrustedRoot parseFrom(com.google.protobuf.ByteString data) throws com.google.protobuf.InvalidProtocolBufferException
      Throws:
      com.google.protobuf.InvalidProtocolBufferException

    • parseFrom

      public static TrustedRoot parseFrom(com.google.protobuf.ByteString data, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws com.google.protobuf.InvalidProtocolBufferException
      Throws:
      com.google.protobuf.InvalidProtocolBufferException

    • parseFrom

      public static TrustedRoot parseFrom(byte[] data) throws com.google.protobuf.InvalidProtocolBufferException
      Throws:
      com.google.protobuf.InvalidProtocolBufferException

    • parseFrom

      public static TrustedRoot parseFrom(byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws com.google.protobuf.InvalidProtocolBufferException
      Throws:
      com.google.protobuf.InvalidProtocolBufferException

    • parseFrom

      public static TrustedRoot parseFrom(InputStream input) throws IOException
      Throws:
      IOException

    • parseFrom

      public static TrustedRoot parseFrom(InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws IOException
      Throws:
      IOException

    • parseDelimitedFrom

      public static TrustedRoot parseDelimitedFrom(InputStream input) throws IOException
      Throws:
      IOException

    • parseDelimitedFrom

      public static TrustedRoot parseDelimitedFrom(InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws IOException
      Throws:
      IOException

    • parseFrom

      public static TrustedRoot parseFrom(com.google.protobuf.CodedInputStream input) throws IOException
      Throws:
      IOException

    • parseFrom

      public static TrustedRoot parseFrom(com.google.protobuf.CodedInputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws IOException
      Throws:
      IOException

    • newBuilderForType

      public TrustedRoot.Builder newBuilderForType()
      Specified by:
      newBuilderForType in interface com.google.protobuf.Message
      Specified by:
      newBuilderForType in interface com.google.protobuf.MessageLite

    • newBuilder

      public static TrustedRoot.Builder newBuilder()

    • newBuilder

      public static TrustedRoot.Builder newBuilder(TrustedRoot prototype)

    • toBuilder

      public TrustedRoot.Builder toBuilder()
      Specified by:
      toBuilder in interface com.google.protobuf.Message
      Specified by:
      toBuilder in interface com.google.protobuf.MessageLite

    • newBuilderForType

      protected TrustedRoot.Builder newBuilderForType(com.google.protobuf.AbstractMessage.BuilderParent parent)
      Overrides:
      newBuilderForType in class com.google.protobuf.AbstractMessage

    • getDefaultInstance

      public static TrustedRoot getDefaultInstance()

    • parser

      public static com.google.protobuf.Parser<TrustedRoot> parser()

    • getParserForType

      public com.google.protobuf.Parser<TrustedRoot> getParserForType()
      Specified by:
      getParserForType in interface com.google.protobuf.Message
      Specified by:
      getParserForType in interface com.google.protobuf.MessageLite
      Overrides:
      getParserForType in class com.google.protobuf.GeneratedMessage

    • getDefaultInstanceForType

      public TrustedRoot getDefaultInstanceForType()
      Specified by:
      getDefaultInstanceForType in interface com.google.protobuf.MessageLiteOrBuilder
      Specified by:
      getDefaultInstanceForType in interface com.google.protobuf.MessageOrBuilder