From f6af7d3a4df73ef97653e1a73b29d93782560c39 Mon Sep 17 00:00:00 2001 From: Fredrik Skogman Date: Mon, 8 Jan 2024 15:32:42 +0100 Subject: [PATCH] Updated timestamp options: default is to only require one observer of any kind. added missing options to the ArtifactVerificationOptions Signed-off-by: Fredrik Skogman --- .../ArtifactVerificationOptions.schema.json | 35 ++- gen/jsonschema/schemas/Input.schema.json | 35 ++- .../v1/sigstore_verification.pb.go | 219 ++++++++++-------- .../dev/sigstore/verification/v1/__init__.py | 24 +- gen/pb-ruby/lib/sigstore_verification_pb.rb | 3 +- .../ArtifactVerificationOptions.schema.json | 35 ++- gen/pb-rust/schemas/Input.schema.json | 35 ++- .../__generated__/sigstore_verification.ts | 33 ++- protos/sigstore_verification.proto | 22 +- 9 files changed, 299 insertions(+), 142 deletions(-) diff --git a/gen/jsonschema/schemas/ArtifactVerificationOptions.schema.json b/gen/jsonschema/schemas/ArtifactVerificationOptions.schema.json index 4b558a86..a36bcb98 100644 --- a/gen/jsonschema/schemas/ArtifactVerificationOptions.schema.json +++ b/gen/jsonschema/schemas/ArtifactVerificationOptions.schema.json @@ -16,7 +16,7 @@ "tlogOptions": { "$ref": "#/definitions/dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogOptions", "additionalProperties": false, - "description": "Optional options for artifact transparency log verification. If none is provided, the default verification options are: Threshold: 1 Online verification: false Disable: false Verify SET Timestamps: true" + "description": "Optional options for artifact transparency log verification. If none is provided, the default verification options are: Threshold: 1 Online verification: false Disable: false" }, "ctlogOptions": { "$ref": "#/definitions/dev.sigstore.verification.v1.ArtifactVerificationOptions.CtlogOptions", @@ -26,12 +26,17 @@ "tsaOptions": { "$ref": "#/definitions/dev.sigstore.verification.v1.ArtifactVerificationOptions.TimestampAuthorityOptions", "additionalProperties": false, - "description": "Optional options for certificate signed timestamp verification. If none is provided, the default verification options are: Threshold: 1 Disable: false" + "description": "Optional options for certificate signed timestamp verification. If none is provided, the default verification options are: Threshold: 0 Disable: true" + }, + "integratedTsOptions": { + "$ref": "#/definitions/dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogIntegratedTimestampOptions", + "additionalProperties": false, + "description": "Optional options for integrated timestamp verification. If none is provided, the default verification options are: Threshold: 0 Disable: true" }, "observerOptions": { "$ref": "#/definitions/dev.sigstore.verification.v1.ArtifactVerificationOptions.ObserverTimestampOptions", "additionalProperties": false, - "description": "Optional options for timestamp verification. If none is provided, the default verification options are: Threshold 1 Disable: false" + "description": "Optional options for observed timestamp verification. If none is provided, the default verification options are: Threshold 1 Disable: false" } }, "additionalProperties": false, @@ -62,6 +67,11 @@ "tsa_options" ] }, + { + "required": [ + "integrated_ts_options" + ] + }, { "required": [ "observer_options" @@ -226,11 +236,11 @@ "properties": { "threshold": { "type": "integer", - "description": "The number of external ovservers of the timestamp, this is a union of RFC3161 signed timestamps, and integrated timestamps from a transparency log" + "description": "The number of external observers of the timestamp. This is a union of RFC3161 signed timestamps, and integrated timestamps from a transparency log, that could include additional timestamp sources in the future." }, "disable": { "type": "boolean", - "description": "Disable signed timestamp verification." + "description": "Disable observer timestamp verification." } }, "additionalProperties": false, @@ -252,6 +262,21 @@ "type": "object", "title": "Timestamp Authority Options" }, + "dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogIntegratedTimestampOptions": { + "properties": { + "threshold": { + "type": "integer", + "description": "The number of integrated timestamps that are expected." + }, + "disable": { + "type": "boolean", + "description": "Disable integrated timestamp verification." + } + }, + "additionalProperties": false, + "type": "object", + "title": "Tlog Integrated Timestamp Options" + }, "dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogOptions": { "properties": { "threshold": { diff --git a/gen/jsonschema/schemas/Input.schema.json b/gen/jsonschema/schemas/Input.schema.json index 2226a291..83a625e6 100644 --- a/gen/jsonschema/schemas/Input.schema.json +++ b/gen/jsonschema/schemas/Input.schema.json @@ -652,7 +652,7 @@ "tlogOptions": { "$ref": "#/definitions/dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogOptions", "additionalProperties": false, - "description": "Optional options for artifact transparency log verification. If none is provided, the default verification options are: Threshold: 1 Online verification: false Disable: false Verify SET Timestamps: true" + "description": "Optional options for artifact transparency log verification. If none is provided, the default verification options are: Threshold: 1 Online verification: false Disable: false" }, "ctlogOptions": { "$ref": "#/definitions/dev.sigstore.verification.v1.ArtifactVerificationOptions.CtlogOptions", @@ -662,12 +662,17 @@ "tsaOptions": { "$ref": "#/definitions/dev.sigstore.verification.v1.ArtifactVerificationOptions.TimestampAuthorityOptions", "additionalProperties": false, - "description": "Optional options for certificate signed timestamp verification. If none is provided, the default verification options are: Threshold: 1 Disable: false" + "description": "Optional options for certificate signed timestamp verification. If none is provided, the default verification options are: Threshold: 0 Disable: true" + }, + "integratedTsOptions": { + "$ref": "#/definitions/dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogIntegratedTimestampOptions", + "additionalProperties": false, + "description": "Optional options for integrated timestamp verification. If none is provided, the default verification options are: Threshold: 0 Disable: true" }, "observerOptions": { "$ref": "#/definitions/dev.sigstore.verification.v1.ArtifactVerificationOptions.ObserverTimestampOptions", "additionalProperties": false, - "description": "Optional options for timestamp verification. If none is provided, the default verification options are: Threshold 1 Disable: false" + "description": "Optional options for observed timestamp verification. If none is provided, the default verification options are: Threshold 1 Disable: false" } }, "additionalProperties": false, @@ -698,6 +703,11 @@ "tsa_options" ] }, + { + "required": [ + "integrated_ts_options" + ] + }, { "required": [ "observer_options" @@ -726,11 +736,11 @@ "properties": { "threshold": { "type": "integer", - "description": "The number of external ovservers of the timestamp, this is a union of RFC3161 signed timestamps, and integrated timestamps from a transparency log" + "description": "The number of external observers of the timestamp. This is a union of RFC3161 signed timestamps, and integrated timestamps from a transparency log, that could include additional timestamp sources in the future." }, "disable": { "type": "boolean", - "description": "Disable signed timestamp verification." + "description": "Disable observer timestamp verification." } }, "additionalProperties": false, @@ -752,6 +762,21 @@ "type": "object", "title": "Timestamp Authority Options" }, + "dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogIntegratedTimestampOptions": { + "properties": { + "threshold": { + "type": "integer", + "description": "The number of integrated timestamps that are expected." + }, + "disable": { + "type": "boolean", + "description": "Disable integrated timestamp verification." + } + }, + "additionalProperties": false, + "type": "object", + "title": "Tlog Integrated Timestamp Options" + }, "dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogOptions": { "properties": { "threshold": { diff --git a/gen/pb-go/verification/v1/sigstore_verification.pb.go b/gen/pb-go/verification/v1/sigstore_verification.pb.go index 4d0122aa..95099784 100644 --- a/gen/pb-go/verification/v1/sigstore_verification.pb.go +++ b/gen/pb-go/verification/v1/sigstore_verification.pb.go @@ -220,7 +220,6 @@ type ArtifactVerificationOptions struct { // Threshold: 1 // Online verification: false // Disable: false - // Verify SET Timestamps: true TlogOptions *ArtifactVerificationOptions_TlogOptions `protobuf:"bytes,3,opt,name=tlog_options,json=tlogOptions,proto3,oneof" json:"tlog_options,omitempty"` // Optional options for certificate transparency log verification. // If none is provided, the default verification options are: @@ -229,14 +228,19 @@ type ArtifactVerificationOptions struct { CtlogOptions *ArtifactVerificationOptions_CtlogOptions `protobuf:"bytes,4,opt,name=ctlog_options,json=ctlogOptions,proto3,oneof" json:"ctlog_options,omitempty"` // Optional options for certificate signed timestamp verification. // If none is provided, the default verification options are: - // Threshold: 1 - // Disable: false + // Threshold: 0 + // Disable: true TsaOptions *ArtifactVerificationOptions_TimestampAuthorityOptions `protobuf:"bytes,5,opt,name=tsa_options,json=tsaOptions,proto3,oneof" json:"tsa_options,omitempty"` - // Optional options for timestamp verification. + // Optional options for integrated timestamp verification. + // If none is provided, the default verification options are: + // Threshold: 0 + // Disable: true + IntegratedTsOptions *ArtifactVerificationOptions_TlogIntegratedTimestampOptions `protobuf:"bytes,6,opt,name=integrated_ts_options,json=integratedTsOptions,proto3,oneof" json:"integrated_ts_options,omitempty"` + // Optional options for observed timestamp verification. // If none is provided, the default verification options are: // Threshold 1 // Disable: false - ObserverOptions *ArtifactVerificationOptions_ObserverTimestampOptions `protobuf:"bytes,6,opt,name=observer_options,json=observerOptions,proto3,oneof" json:"observer_options,omitempty"` + ObserverOptions *ArtifactVerificationOptions_ObserverTimestampOptions `protobuf:"bytes,7,opt,name=observer_options,json=observerOptions,proto3,oneof" json:"observer_options,omitempty"` } func (x *ArtifactVerificationOptions) Reset() { @@ -313,6 +317,13 @@ func (x *ArtifactVerificationOptions) GetTsaOptions() *ArtifactVerificationOptio return nil } +func (x *ArtifactVerificationOptions) GetIntegratedTsOptions() *ArtifactVerificationOptions_TlogIntegratedTimestampOptions { + if x != nil { + return x.IntegratedTsOptions + } + return nil +} + func (x *ArtifactVerificationOptions) GetObserverOptions() *ArtifactVerificationOptions_ObserverTimestampOptions { if x != nil { return x.ObserverOptions @@ -754,11 +765,13 @@ type ArtifactVerificationOptions_ObserverTimestampOptions struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - // The number of external ovservers of the timestamp, - // this is a union of RFC3161 signed timestamps, and - // integrated timestamps from a transparency log + // The number of external observers of the timestamp. + // This is a union of RFC3161 signed timestamps, and + // integrated timestamps from a transparency log, that + // could include additional timestamp sources in the + // future. Threshold int32 `protobuf:"varint,1,opt,name=threshold,proto3" json:"threshold,omitempty"` - // Disable signed timestamp verification. + // Disable observer timestamp verification. Disable bool `protobuf:"varint,2,opt,name=disable,proto3" json:"disable,omitempty"` } @@ -843,7 +856,7 @@ var file_sigstore_verification_proto_rawDesc = []byte{ 0x20, 0x03, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x52, 0x0a, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, - 0x65, 0x79, 0x73, 0x22, 0xee, 0x09, 0x0a, 0x1b, 0x41, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, + 0x65, 0x79, 0x73, 0x22, 0x9c, 0x0b, 0x0a, 0x1b, 0x41, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x6c, 0x0a, 0x16, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x69, 0x65, 0x73, 0x18, 0x01, 0x20, @@ -879,88 +892,99 @@ var file_sigstore_verification_proto_rawDesc = []byte{ 0x6e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x48, 0x03, 0x52, 0x0a, 0x74, 0x73, 0x61, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, - 0x88, 0x01, 0x01, 0x12, 0x82, 0x01, 0x0a, 0x10, 0x6f, 0x62, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, - 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x52, - 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x76, 0x65, - 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x72, - 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x4f, 0x62, 0x73, 0x65, 0x72, 0x76, - 0x65, 0x72, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x4f, 0x70, 0x74, 0x69, 0x6f, - 0x6e, 0x73, 0x48, 0x04, 0x52, 0x0f, 0x6f, 0x62, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x4f, 0x70, - 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x88, 0x01, 0x01, 0x1a, 0x85, 0x01, 0x0a, 0x0b, 0x54, 0x6c, 0x6f, - 0x67, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x1c, 0x0a, 0x09, 0x74, 0x68, 0x72, 0x65, - 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x09, 0x74, 0x68, 0x72, - 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x12, 0x3e, 0x0a, 0x1b, 0x70, 0x65, 0x72, 0x66, 0x6f, 0x72, - 0x6d, 0x5f, 0x6f, 0x6e, 0x6c, 0x69, 0x6e, 0x65, 0x5f, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x19, 0x70, 0x65, 0x72, - 0x66, 0x6f, 0x72, 0x6d, 0x4f, 0x6e, 0x6c, 0x69, 0x6e, 0x65, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, - 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x18, 0x0a, 0x07, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, - 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, - 0x1a, 0x4c, 0x0a, 0x0c, 0x43, 0x74, 0x6c, 0x6f, 0x67, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, - 0x12, 0x1c, 0x0a, 0x09, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x05, 0x52, 0x09, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x12, 0x18, - 0x0a, 0x07, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, - 0x07, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x4a, 0x04, 0x08, 0x02, 0x10, 0x03, 0x1a, 0x53, - 0x0a, 0x19, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x41, 0x75, 0x74, 0x68, 0x6f, - 0x72, 0x69, 0x74, 0x79, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x1c, 0x0a, 0x09, 0x74, - 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x09, - 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x12, 0x18, 0x0a, 0x07, 0x64, 0x69, 0x73, - 0x61, 0x62, 0x6c, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x64, 0x69, 0x73, 0x61, - 0x62, 0x6c, 0x65, 0x1a, 0x58, 0x0a, 0x1e, 0x54, 0x6c, 0x6f, 0x67, 0x49, 0x6e, 0x74, 0x65, 0x67, - 0x72, 0x61, 0x74, 0x65, 0x64, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x4f, 0x70, - 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x1c, 0x0a, 0x09, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, - 0x6c, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x09, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, - 0x6f, 0x6c, 0x64, 0x12, 0x18, 0x0a, 0x07, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x1a, 0x52, 0x0a, - 0x18, 0x4f, 0x62, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, + 0x88, 0x01, 0x01, 0x12, 0x91, 0x01, 0x0a, 0x15, 0x69, 0x6e, 0x74, 0x65, 0x67, 0x72, 0x61, 0x74, + 0x65, 0x64, 0x5f, 0x74, 0x73, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x06, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x58, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, + 0x72, 0x65, 0x2e, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, + 0x76, 0x31, 0x2e, 0x41, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x56, 0x65, 0x72, 0x69, 0x66, + 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x54, + 0x6c, 0x6f, 0x67, 0x49, 0x6e, 0x74, 0x65, 0x67, 0x72, 0x61, 0x74, 0x65, 0x64, 0x54, 0x69, 0x6d, + 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x48, 0x04, 0x52, + 0x13, 0x69, 0x6e, 0x74, 0x65, 0x67, 0x72, 0x61, 0x74, 0x65, 0x64, 0x54, 0x73, 0x4f, 0x70, 0x74, + 0x69, 0x6f, 0x6e, 0x73, 0x88, 0x01, 0x01, 0x12, 0x82, 0x01, 0x0a, 0x10, 0x6f, 0x62, 0x73, 0x65, + 0x72, 0x76, 0x65, 0x72, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x07, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x52, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, + 0x65, 0x2e, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x76, + 0x31, 0x2e, 0x41, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, + 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x4f, 0x62, + 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x4f, + 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x48, 0x05, 0x52, 0x0f, 0x6f, 0x62, 0x73, 0x65, 0x72, 0x76, + 0x65, 0x72, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x88, 0x01, 0x01, 0x1a, 0x85, 0x01, 0x0a, + 0x0b, 0x54, 0x6c, 0x6f, 0x67, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x1c, 0x0a, 0x09, + 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, + 0x09, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x12, 0x3e, 0x0a, 0x1b, 0x70, 0x65, + 0x72, 0x66, 0x6f, 0x72, 0x6d, 0x5f, 0x6f, 0x6e, 0x6c, 0x69, 0x6e, 0x65, 0x5f, 0x76, 0x65, 0x72, + 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, + 0x19, 0x70, 0x65, 0x72, 0x66, 0x6f, 0x72, 0x6d, 0x4f, 0x6e, 0x6c, 0x69, 0x6e, 0x65, 0x56, 0x65, + 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x18, 0x0a, 0x07, 0x64, 0x69, + 0x73, 0x61, 0x62, 0x6c, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x64, 0x69, 0x73, + 0x61, 0x62, 0x6c, 0x65, 0x1a, 0x4c, 0x0a, 0x0c, 0x43, 0x74, 0x6c, 0x6f, 0x67, 0x4f, 0x70, 0x74, + 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x1c, 0x0a, 0x09, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, + 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x09, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, + 0x6c, 0x64, 0x12, 0x18, 0x0a, 0x07, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x18, 0x03, 0x20, + 0x01, 0x28, 0x08, 0x52, 0x07, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x4a, 0x04, 0x08, 0x02, + 0x10, 0x03, 0x1a, 0x53, 0x0a, 0x19, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x41, + 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, + 0x1c, 0x0a, 0x09, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x05, 0x52, 0x09, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x12, 0x18, 0x0a, + 0x07, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, + 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x1a, 0x58, 0x0a, 0x1e, 0x54, 0x6c, 0x6f, 0x67, 0x49, + 0x6e, 0x74, 0x65, 0x67, 0x72, 0x61, 0x74, 0x65, 0x64, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x1c, 0x0a, 0x09, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x09, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x12, 0x18, 0x0a, 0x07, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, - 0x65, 0x42, 0x09, 0x0a, 0x07, 0x73, 0x69, 0x67, 0x6e, 0x65, 0x72, 0x73, 0x42, 0x0f, 0x0a, 0x0d, - 0x5f, 0x74, 0x6c, 0x6f, 0x67, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x42, 0x10, 0x0a, - 0x0e, 0x5f, 0x63, 0x74, 0x6c, 0x6f, 0x67, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x42, - 0x0e, 0x0a, 0x0c, 0x5f, 0x74, 0x73, 0x61, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x42, - 0x13, 0x0a, 0x11, 0x5f, 0x6f, 0x62, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x6f, 0x70, 0x74, - 0x69, 0x6f, 0x6e, 0x73, 0x22, 0x55, 0x0a, 0x08, 0x41, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, - 0x12, 0x23, 0x0a, 0x0c, 0x61, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x5f, 0x75, 0x72, 0x69, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x0b, 0x61, 0x72, 0x74, 0x69, 0x66, 0x61, - 0x63, 0x74, 0x55, 0x72, 0x69, 0x12, 0x1c, 0x0a, 0x08, 0x61, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, - 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x48, 0x00, 0x52, 0x08, 0x61, 0x72, 0x74, 0x69, 0x66, - 0x61, 0x63, 0x74, 0x42, 0x06, 0x0a, 0x04, 0x64, 0x61, 0x74, 0x61, 0x22, 0xec, 0x02, 0x0a, 0x05, - 0x49, 0x6e, 0x70, 0x75, 0x74, 0x12, 0x56, 0x0a, 0x13, 0x61, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, - 0x74, 0x5f, 0x74, 0x72, 0x75, 0x73, 0x74, 0x5f, 0x72, 0x6f, 0x6f, 0x74, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, - 0x65, 0x2e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x72, 0x6f, 0x6f, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x54, - 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x52, 0x6f, 0x6f, 0x74, 0x52, 0x11, 0x61, 0x72, 0x74, 0x69, - 0x66, 0x61, 0x63, 0x74, 0x54, 0x72, 0x75, 0x73, 0x74, 0x52, 0x6f, 0x6f, 0x74, 0x12, 0x7d, 0x0a, - 0x1d, 0x61, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x5f, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, - 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, + 0x65, 0x1a, 0x52, 0x0a, 0x18, 0x4f, 0x62, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x54, 0x69, 0x6d, + 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x1c, 0x0a, + 0x09, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, + 0x52, 0x09, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x12, 0x18, 0x0a, 0x07, 0x64, + 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x64, 0x69, + 0x73, 0x61, 0x62, 0x6c, 0x65, 0x42, 0x09, 0x0a, 0x07, 0x73, 0x69, 0x67, 0x6e, 0x65, 0x72, 0x73, + 0x42, 0x0f, 0x0a, 0x0d, 0x5f, 0x74, 0x6c, 0x6f, 0x67, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, + 0x73, 0x42, 0x10, 0x0a, 0x0e, 0x5f, 0x63, 0x74, 0x6c, 0x6f, 0x67, 0x5f, 0x6f, 0x70, 0x74, 0x69, + 0x6f, 0x6e, 0x73, 0x42, 0x0e, 0x0a, 0x0c, 0x5f, 0x74, 0x73, 0x61, 0x5f, 0x6f, 0x70, 0x74, 0x69, + 0x6f, 0x6e, 0x73, 0x42, 0x18, 0x0a, 0x16, 0x5f, 0x69, 0x6e, 0x74, 0x65, 0x67, 0x72, 0x61, 0x74, + 0x65, 0x64, 0x5f, 0x74, 0x73, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x42, 0x13, 0x0a, + 0x11, 0x5f, 0x6f, 0x62, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, + 0x6e, 0x73, 0x22, 0x55, 0x0a, 0x08, 0x41, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x12, 0x23, + 0x0a, 0x0c, 0x61, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x5f, 0x75, 0x72, 0x69, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x0b, 0x61, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, + 0x55, 0x72, 0x69, 0x12, 0x1c, 0x0a, 0x08, 0x61, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x0c, 0x48, 0x00, 0x52, 0x08, 0x61, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, + 0x74, 0x42, 0x06, 0x0a, 0x04, 0x64, 0x61, 0x74, 0x61, 0x22, 0xec, 0x02, 0x0a, 0x05, 0x49, 0x6e, + 0x70, 0x75, 0x74, 0x12, 0x56, 0x0a, 0x13, 0x61, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x5f, + 0x74, 0x72, 0x75, 0x73, 0x74, 0x5f, 0x72, 0x6f, 0x6f, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x26, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, + 0x74, 0x72, 0x75, 0x73, 0x74, 0x72, 0x6f, 0x6f, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x72, 0x75, + 0x73, 0x74, 0x65, 0x64, 0x52, 0x6f, 0x6f, 0x74, 0x52, 0x11, 0x61, 0x72, 0x74, 0x69, 0x66, 0x61, + 0x63, 0x74, 0x54, 0x72, 0x75, 0x73, 0x74, 0x52, 0x6f, 0x6f, 0x74, 0x12, 0x7d, 0x0a, 0x1d, 0x61, + 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x5f, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x02, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, + 0x65, 0x2e, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x76, + 0x31, 0x2e, 0x41, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, + 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x1b, 0x61, + 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x36, 0x0a, 0x06, 0x62, 0x75, + 0x6e, 0x64, 0x6c, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x64, 0x65, 0x76, + 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x62, 0x75, 0x6e, 0x64, 0x6c, 0x65, + 0x2e, 0x76, 0x31, 0x2e, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x06, 0x62, 0x75, 0x6e, 0x64, + 0x6c, 0x65, 0x12, 0x47, 0x0a, 0x08, 0x61, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x18, 0x04, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x56, 0x65, 0x72, 0x69, - 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, - 0x1b, 0x61, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x36, 0x0a, 0x06, - 0x62, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x64, - 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x62, 0x75, 0x6e, 0x64, - 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x06, 0x62, 0x75, - 0x6e, 0x64, 0x6c, 0x65, 0x12, 0x47, 0x0a, 0x08, 0x61, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, - 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, - 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x48, 0x00, - 0x52, 0x08, 0x61, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x88, 0x01, 0x01, 0x42, 0x0b, 0x0a, - 0x09, 0x5f, 0x61, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x42, 0x94, 0x01, 0x0a, 0x22, 0x64, - 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x2e, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x76, - 0x31, 0x42, 0x11, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, - 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x3c, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, - 0x6f, 0x6d, 0x2f, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x62, 0x75, 0x66, 0x2d, 0x73, 0x70, 0x65, 0x63, 0x73, 0x2f, 0x67, 0x65, 0x6e, 0x2f, 0x70, - 0x62, 0x2d, 0x67, 0x6f, 0x2f, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x2f, 0x76, 0x31, 0xea, 0x02, 0x1a, 0x53, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x3a, - 0x3a, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x3a, 0x3a, 0x56, - 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x48, 0x00, 0x52, 0x08, + 0x61, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x88, 0x01, 0x01, 0x42, 0x0b, 0x0a, 0x09, 0x5f, + 0x61, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x42, 0x94, 0x01, 0x0a, 0x22, 0x64, 0x65, 0x76, + 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, + 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x42, + 0x11, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x6f, + 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x3c, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, + 0x2f, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, + 0x75, 0x66, 0x2d, 0x73, 0x70, 0x65, 0x63, 0x73, 0x2f, 0x67, 0x65, 0x6e, 0x2f, 0x70, 0x62, 0x2d, + 0x67, 0x6f, 0x2f, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2f, + 0x76, 0x31, 0xea, 0x02, 0x1a, 0x53, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x3a, 0x3a, 0x56, + 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x3a, 0x3a, 0x56, 0x31, 0x62, + 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -1004,16 +1028,17 @@ var file_sigstore_verification_proto_depIdxs = []int32{ 6, // 6: dev.sigstore.verification.v1.ArtifactVerificationOptions.tlog_options:type_name -> dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogOptions 7, // 7: dev.sigstore.verification.v1.ArtifactVerificationOptions.ctlog_options:type_name -> dev.sigstore.verification.v1.ArtifactVerificationOptions.CtlogOptions 8, // 8: dev.sigstore.verification.v1.ArtifactVerificationOptions.tsa_options:type_name -> dev.sigstore.verification.v1.ArtifactVerificationOptions.TimestampAuthorityOptions - 10, // 9: dev.sigstore.verification.v1.ArtifactVerificationOptions.observer_options:type_name -> dev.sigstore.verification.v1.ArtifactVerificationOptions.ObserverTimestampOptions - 14, // 10: dev.sigstore.verification.v1.Input.artifact_trust_root:type_name -> dev.sigstore.trustroot.v1.TrustedRoot - 3, // 11: dev.sigstore.verification.v1.Input.artifact_verification_options:type_name -> dev.sigstore.verification.v1.ArtifactVerificationOptions - 15, // 12: dev.sigstore.verification.v1.Input.bundle:type_name -> dev.sigstore.bundle.v1.Bundle - 4, // 13: dev.sigstore.verification.v1.Input.artifact:type_name -> dev.sigstore.verification.v1.Artifact - 14, // [14:14] is the sub-list for method output_type - 14, // [14:14] is the sub-list for method input_type - 14, // [14:14] is the sub-list for extension type_name - 14, // [14:14] is the sub-list for extension extendee - 0, // [0:14] is the sub-list for field type_name + 9, // 9: dev.sigstore.verification.v1.ArtifactVerificationOptions.integrated_ts_options:type_name -> dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogIntegratedTimestampOptions + 10, // 10: dev.sigstore.verification.v1.ArtifactVerificationOptions.observer_options:type_name -> dev.sigstore.verification.v1.ArtifactVerificationOptions.ObserverTimestampOptions + 14, // 11: dev.sigstore.verification.v1.Input.artifact_trust_root:type_name -> dev.sigstore.trustroot.v1.TrustedRoot + 3, // 12: dev.sigstore.verification.v1.Input.artifact_verification_options:type_name -> dev.sigstore.verification.v1.ArtifactVerificationOptions + 15, // 13: dev.sigstore.verification.v1.Input.bundle:type_name -> dev.sigstore.bundle.v1.Bundle + 4, // 14: dev.sigstore.verification.v1.Input.artifact:type_name -> dev.sigstore.verification.v1.Artifact + 15, // [15:15] is the sub-list for method output_type + 15, // [15:15] is the sub-list for method input_type + 15, // [15:15] is the sub-list for extension type_name + 15, // [15:15] is the sub-list for extension extendee + 0, // [0:15] is the sub-list for field type_name } func init() { file_sigstore_verification_proto_init() } diff --git a/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/verification/v1/__init__.py b/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/verification/v1/__init__.py index 25e456de..ffebc310 100644 --- a/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/verification/v1/__init__.py +++ b/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/verification/v1/__init__.py @@ -67,7 +67,7 @@ class ArtifactVerificationOptions(betterproto.Message): """ Optional options for artifact transparency log verification. If none is provided, the default verification options are: Threshold: 1 Online - verification: false Disable: false Verify SET Timestamps: true + verification: false Disable: false """ ctlog_options: Optional["ArtifactVerificationOptionsCtlogOptions"] = ( @@ -83,15 +83,23 @@ class ArtifactVerificationOptions(betterproto.Message): ) """ Optional options for certificate signed timestamp verification. If none is - provided, the default verification options are: Threshold: 1 Disable: false + provided, the default verification options are: Threshold: 0 Disable: true + """ + + integrated_ts_options: Optional[ + "ArtifactVerificationOptionsTlogIntegratedTimestampOptions" + ] = betterproto.message_field(6, optional=True, group="_integrated_ts_options") + """ + Optional options for integrated timestamp verification. If none is + provided, the default verification options are: Threshold: 0 Disable: true """ observer_options: Optional[ "ArtifactVerificationOptionsObserverTimestampOptions" - ] = betterproto.message_field(6, optional=True, group="_observer_options") + ] = betterproto.message_field(7, optional=True, group="_observer_options") """ - Optional options for timestamp verification. If none is provided, the - default verification options are: Threshold 1 Disable: false + Optional options for observed timestamp verification. If none is provided, + the default verification options are: Threshold 1 Disable: false """ @@ -138,13 +146,13 @@ class ArtifactVerificationOptionsTlogIntegratedTimestampOptions(betterproto.Mess class ArtifactVerificationOptionsObserverTimestampOptions(betterproto.Message): threshold: int = betterproto.int32_field(1) """ - The number of external ovservers of the timestamp, this is a union of + The number of external observers of the timestamp. This is a union of RFC3161 signed timestamps, and integrated timestamps from a transparency - log + log, that could include additional timestamp sources in the future. """ disable: bool = betterproto.bool_field(2) - """Disable signed timestamp verification.""" + """Disable observer timestamp verification.""" @dataclass(eq=False, repr=False) diff --git a/gen/pb-ruby/lib/sigstore_verification_pb.rb b/gen/pb-ruby/lib/sigstore_verification_pb.rb index 5b537c1a..56a88150 100644 --- a/gen/pb-ruby/lib/sigstore_verification_pb.rb +++ b/gen/pb-ruby/lib/sigstore_verification_pb.rb @@ -24,7 +24,8 @@ proto3_optional :tlog_options, :message, 3, "dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogOptions" proto3_optional :ctlog_options, :message, 4, "dev.sigstore.verification.v1.ArtifactVerificationOptions.CtlogOptions" proto3_optional :tsa_options, :message, 5, "dev.sigstore.verification.v1.ArtifactVerificationOptions.TimestampAuthorityOptions" - proto3_optional :observer_options, :message, 6, "dev.sigstore.verification.v1.ArtifactVerificationOptions.ObserverTimestampOptions" + proto3_optional :integrated_ts_options, :message, 6, "dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogIntegratedTimestampOptions" + proto3_optional :observer_options, :message, 7, "dev.sigstore.verification.v1.ArtifactVerificationOptions.ObserverTimestampOptions" oneof :signers do optional :certificate_identities, :message, 1, "dev.sigstore.verification.v1.CertificateIdentities" optional :public_keys, :message, 2, "dev.sigstore.verification.v1.PublicKeyIdentities" diff --git a/gen/pb-rust/schemas/ArtifactVerificationOptions.schema.json b/gen/pb-rust/schemas/ArtifactVerificationOptions.schema.json index 4b558a86..a36bcb98 100644 --- a/gen/pb-rust/schemas/ArtifactVerificationOptions.schema.json +++ b/gen/pb-rust/schemas/ArtifactVerificationOptions.schema.json @@ -16,7 +16,7 @@ "tlogOptions": { "$ref": "#/definitions/dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogOptions", "additionalProperties": false, - "description": "Optional options for artifact transparency log verification. If none is provided, the default verification options are: Threshold: 1 Online verification: false Disable: false Verify SET Timestamps: true" + "description": "Optional options for artifact transparency log verification. If none is provided, the default verification options are: Threshold: 1 Online verification: false Disable: false" }, "ctlogOptions": { "$ref": "#/definitions/dev.sigstore.verification.v1.ArtifactVerificationOptions.CtlogOptions", @@ -26,12 +26,17 @@ "tsaOptions": { "$ref": "#/definitions/dev.sigstore.verification.v1.ArtifactVerificationOptions.TimestampAuthorityOptions", "additionalProperties": false, - "description": "Optional options for certificate signed timestamp verification. If none is provided, the default verification options are: Threshold: 1 Disable: false" + "description": "Optional options for certificate signed timestamp verification. If none is provided, the default verification options are: Threshold: 0 Disable: true" + }, + "integratedTsOptions": { + "$ref": "#/definitions/dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogIntegratedTimestampOptions", + "additionalProperties": false, + "description": "Optional options for integrated timestamp verification. If none is provided, the default verification options are: Threshold: 0 Disable: true" }, "observerOptions": { "$ref": "#/definitions/dev.sigstore.verification.v1.ArtifactVerificationOptions.ObserverTimestampOptions", "additionalProperties": false, - "description": "Optional options for timestamp verification. If none is provided, the default verification options are: Threshold 1 Disable: false" + "description": "Optional options for observed timestamp verification. If none is provided, the default verification options are: Threshold 1 Disable: false" } }, "additionalProperties": false, @@ -62,6 +67,11 @@ "tsa_options" ] }, + { + "required": [ + "integrated_ts_options" + ] + }, { "required": [ "observer_options" @@ -226,11 +236,11 @@ "properties": { "threshold": { "type": "integer", - "description": "The number of external ovservers of the timestamp, this is a union of RFC3161 signed timestamps, and integrated timestamps from a transparency log" + "description": "The number of external observers of the timestamp. This is a union of RFC3161 signed timestamps, and integrated timestamps from a transparency log, that could include additional timestamp sources in the future." }, "disable": { "type": "boolean", - "description": "Disable signed timestamp verification." + "description": "Disable observer timestamp verification." } }, "additionalProperties": false, @@ -252,6 +262,21 @@ "type": "object", "title": "Timestamp Authority Options" }, + "dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogIntegratedTimestampOptions": { + "properties": { + "threshold": { + "type": "integer", + "description": "The number of integrated timestamps that are expected." + }, + "disable": { + "type": "boolean", + "description": "Disable integrated timestamp verification." + } + }, + "additionalProperties": false, + "type": "object", + "title": "Tlog Integrated Timestamp Options" + }, "dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogOptions": { "properties": { "threshold": { diff --git a/gen/pb-rust/schemas/Input.schema.json b/gen/pb-rust/schemas/Input.schema.json index 2226a291..83a625e6 100644 --- a/gen/pb-rust/schemas/Input.schema.json +++ b/gen/pb-rust/schemas/Input.schema.json @@ -652,7 +652,7 @@ "tlogOptions": { "$ref": "#/definitions/dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogOptions", "additionalProperties": false, - "description": "Optional options for artifact transparency log verification. If none is provided, the default verification options are: Threshold: 1 Online verification: false Disable: false Verify SET Timestamps: true" + "description": "Optional options for artifact transparency log verification. If none is provided, the default verification options are: Threshold: 1 Online verification: false Disable: false" }, "ctlogOptions": { "$ref": "#/definitions/dev.sigstore.verification.v1.ArtifactVerificationOptions.CtlogOptions", @@ -662,12 +662,17 @@ "tsaOptions": { "$ref": "#/definitions/dev.sigstore.verification.v1.ArtifactVerificationOptions.TimestampAuthorityOptions", "additionalProperties": false, - "description": "Optional options for certificate signed timestamp verification. If none is provided, the default verification options are: Threshold: 1 Disable: false" + "description": "Optional options for certificate signed timestamp verification. If none is provided, the default verification options are: Threshold: 0 Disable: true" + }, + "integratedTsOptions": { + "$ref": "#/definitions/dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogIntegratedTimestampOptions", + "additionalProperties": false, + "description": "Optional options for integrated timestamp verification. If none is provided, the default verification options are: Threshold: 0 Disable: true" }, "observerOptions": { "$ref": "#/definitions/dev.sigstore.verification.v1.ArtifactVerificationOptions.ObserverTimestampOptions", "additionalProperties": false, - "description": "Optional options for timestamp verification. If none is provided, the default verification options are: Threshold 1 Disable: false" + "description": "Optional options for observed timestamp verification. If none is provided, the default verification options are: Threshold 1 Disable: false" } }, "additionalProperties": false, @@ -698,6 +703,11 @@ "tsa_options" ] }, + { + "required": [ + "integrated_ts_options" + ] + }, { "required": [ "observer_options" @@ -726,11 +736,11 @@ "properties": { "threshold": { "type": "integer", - "description": "The number of external ovservers of the timestamp, this is a union of RFC3161 signed timestamps, and integrated timestamps from a transparency log" + "description": "The number of external observers of the timestamp. This is a union of RFC3161 signed timestamps, and integrated timestamps from a transparency log, that could include additional timestamp sources in the future." }, "disable": { "type": "boolean", - "description": "Disable signed timestamp verification." + "description": "Disable observer timestamp verification." } }, "additionalProperties": false, @@ -752,6 +762,21 @@ "type": "object", "title": "Timestamp Authority Options" }, + "dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogIntegratedTimestampOptions": { + "properties": { + "threshold": { + "type": "integer", + "description": "The number of integrated timestamps that are expected." + }, + "disable": { + "type": "boolean", + "description": "Disable integrated timestamp verification." + } + }, + "additionalProperties": false, + "type": "object", + "title": "Tlog Integrated Timestamp Options" + }, "dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogOptions": { "properties": { "threshold": { diff --git a/gen/pb-typescript/src/__generated__/sigstore_verification.ts b/gen/pb-typescript/src/__generated__/sigstore_verification.ts index 134a38d1..b7620398 100644 --- a/gen/pb-typescript/src/__generated__/sigstore_verification.ts +++ b/gen/pb-typescript/src/__generated__/sigstore_verification.ts @@ -40,7 +40,6 @@ export interface ArtifactVerificationOptions { * Threshold: 1 * Online verification: false * Disable: false - * Verify SET Timestamps: true */ tlogOptions?: | ArtifactVerificationOptions_TlogOptions @@ -57,14 +56,23 @@ export interface ArtifactVerificationOptions { /** * Optional options for certificate signed timestamp verification. * If none is provided, the default verification options are: - * Threshold: 1 - * Disable: false + * Threshold: 0 + * Disable: true */ tsaOptions?: | ArtifactVerificationOptions_TimestampAuthorityOptions | undefined; /** - * Optional options for timestamp verification. + * Optional options for integrated timestamp verification. + * If none is provided, the default verification options are: + * Threshold: 0 + * Disable: true + */ + integratedTsOptions?: + | ArtifactVerificationOptions_TlogIntegratedTimestampOptions + | undefined; + /** + * Optional options for observed timestamp verification. * If none is provided, the default verification options are: * Threshold 1 * Disable: false @@ -107,12 +115,14 @@ export interface ArtifactVerificationOptions_TlogIntegratedTimestampOptions { export interface ArtifactVerificationOptions_ObserverTimestampOptions { /** - * The number of external ovservers of the timestamp, - * this is a union of RFC3161 signed timestamps, and - * integrated timestamps from a transparency log + * The number of external observers of the timestamp. + * This is a union of RFC3161 signed timestamps, and + * integrated timestamps from a transparency log, that + * could include additional timestamp sources in the + * future. */ threshold: number; - /** Disable signed timestamp verification. */ + /** Disable observer timestamp verification. */ disable: boolean; } @@ -225,6 +235,7 @@ function createBaseArtifactVerificationOptions(): ArtifactVerificationOptions { tlogOptions: undefined, ctlogOptions: undefined, tsaOptions: undefined, + integratedTsOptions: undefined, observerOptions: undefined, }; } @@ -249,6 +260,9 @@ export const ArtifactVerificationOptions = { tsaOptions: isSet(object.tsaOptions) ? ArtifactVerificationOptions_TimestampAuthorityOptions.fromJSON(object.tsaOptions) : undefined, + integratedTsOptions: isSet(object.integratedTsOptions) + ? ArtifactVerificationOptions_TlogIntegratedTimestampOptions.fromJSON(object.integratedTsOptions) + : undefined, observerOptions: isSet(object.observerOptions) ? ArtifactVerificationOptions_ObserverTimestampOptions.fromJSON(object.observerOptions) : undefined, @@ -273,6 +287,9 @@ export const ArtifactVerificationOptions = { message.tsaOptions !== undefined && (obj.tsaOptions = message.tsaOptions ? ArtifactVerificationOptions_TimestampAuthorityOptions.toJSON(message.tsaOptions) : undefined); + message.integratedTsOptions !== undefined && (obj.integratedTsOptions = message.integratedTsOptions + ? ArtifactVerificationOptions_TlogIntegratedTimestampOptions.toJSON(message.integratedTsOptions) + : undefined); message.observerOptions !== undefined && (obj.observerOptions = message.observerOptions ? ArtifactVerificationOptions_ObserverTimestampOptions.toJSON(message.observerOptions) : undefined); diff --git a/protos/sigstore_verification.proto b/protos/sigstore_verification.proto index e29de245..7f811dd2 100644 --- a/protos/sigstore_verification.proto +++ b/protos/sigstore_verification.proto @@ -77,10 +77,12 @@ message ArtifactVerificationOptions { } message ObserverTimestampOptions { // The number of external observers of the timestamp. - // this is a union of RFC3161 signed timestamps, and - // integrated timestamps from a transparency log + // This is a union of RFC3161 signed timestamps, and + // integrated timestamps from a transparency log, that + // could include additional timestamp sources in the + // future. int32 threshold = 1; - // Disable signed timestamp verification. + // Disable observer timestamp verification. bool disable = 2; } @@ -105,7 +107,6 @@ message ArtifactVerificationOptions { // Threshold: 1 // Online verification: false // Disable: false - // Verify SET Timestamps: true optional TlogOptions tlog_options = 3; // Optional options for certificate transparency log verification. // If none is provided, the default verification options are: @@ -114,14 +115,19 @@ message ArtifactVerificationOptions { optional CtlogOptions ctlog_options = 4; // Optional options for certificate signed timestamp verification. // If none is provided, the default verification options are: - // Threshold: 1 - // Disable: false + // Threshold: 0 + // Disable: true optional TimestampAuthorityOptions tsa_options = 5; - // Optional options for timestamp verification. + // Optional options for integrated timestamp verification. + // If none is provided, the default verification options are: + // Threshold: 0 + // Disable: true + optional TlogIntegratedTimestampOptions integrated_ts_options = 6; + // Optional options for observed timestamp verification. // If none is provided, the default verification options are: // Threshold 1 // Disable: false - optional ObserverTimestampOptions observer_options = 6; + optional ObserverTimestampOptions observer_options = 7; } message Artifact {