diff --git a/gen/jsonschema/schemas/ArtifactVerificationOptions.schema.json b/gen/jsonschema/schemas/ArtifactVerificationOptions.schema.json index a67d26f5..a36bcb98 100644 --- a/gen/jsonschema/schemas/ArtifactVerificationOptions.schema.json +++ b/gen/jsonschema/schemas/ArtifactVerificationOptions.schema.json @@ -26,7 +26,17 @@ "tsaOptions": { "$ref": "#/definitions/dev.sigstore.verification.v1.ArtifactVerificationOptions.TimestampAuthorityOptions", "additionalProperties": false, - "description": "Optional options for certificate signed timestamp verification. If none is provided, the default verification options are: Threshold: 1 Disable: false" + "description": "Optional options for certificate signed timestamp verification. If none is provided, the default verification options are: Threshold: 0 Disable: true" + }, + "integratedTsOptions": { + "$ref": "#/definitions/dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogIntegratedTimestampOptions", + "additionalProperties": false, + "description": "Optional options for integrated timestamp verification. If none is provided, the default verification options are: Threshold: 0 Disable: true" + }, + "observerOptions": { + "$ref": "#/definitions/dev.sigstore.verification.v1.ArtifactVerificationOptions.ObserverTimestampOptions", + "additionalProperties": false, + "description": "Optional options for observed timestamp verification. If none is provided, the default verification options are: Threshold 1 Disable: false" } }, "additionalProperties": false, @@ -56,6 +66,16 @@ "required": [ "tsa_options" ] + }, + { + "required": [ + "integrated_ts_options" + ] + }, + { + "required": [ + "observer_options" + ] } ], "title": "Artifact Verification Options", @@ -212,6 +232,21 @@ "type": "object", "title": "Ctlog Options" }, + "dev.sigstore.verification.v1.ArtifactVerificationOptions.ObserverTimestampOptions": { + "properties": { + "threshold": { + "type": "integer", + "description": "The number of external observers of the timestamp. This is a union of RFC3161 signed timestamps, and integrated timestamps from a transparency log, that could include additional timestamp sources in the future." + }, + "disable": { + "type": "boolean", + "description": "Disable observer timestamp verification." + } + }, + "additionalProperties": false, + "type": "object", + "title": "Observer Timestamp Options" + }, "dev.sigstore.verification.v1.ArtifactVerificationOptions.TimestampAuthorityOptions": { "properties": { "threshold": { @@ -227,6 +262,21 @@ "type": "object", "title": "Timestamp Authority Options" }, + "dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogIntegratedTimestampOptions": { + "properties": { + "threshold": { + "type": "integer", + "description": "The number of integrated timestamps that are expected." + }, + "disable": { + "type": "boolean", + "description": "Disable integrated timestamp verification." + } + }, + "additionalProperties": false, + "type": "object", + "title": "Tlog Integrated Timestamp Options" + }, "dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogOptions": { "properties": { "threshold": { diff --git a/gen/jsonschema/schemas/Input.schema.json b/gen/jsonschema/schemas/Input.schema.json index b5fe5060..83a625e6 100644 --- a/gen/jsonschema/schemas/Input.schema.json +++ b/gen/jsonschema/schemas/Input.schema.json @@ -662,7 +662,17 @@ "tsaOptions": { "$ref": "#/definitions/dev.sigstore.verification.v1.ArtifactVerificationOptions.TimestampAuthorityOptions", "additionalProperties": false, - "description": "Optional options for certificate signed timestamp verification. If none is provided, the default verification options are: Threshold: 1 Disable: false" + "description": "Optional options for certificate signed timestamp verification. If none is provided, the default verification options are: Threshold: 0 Disable: true" + }, + "integratedTsOptions": { + "$ref": "#/definitions/dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogIntegratedTimestampOptions", + "additionalProperties": false, + "description": "Optional options for integrated timestamp verification. If none is provided, the default verification options are: Threshold: 0 Disable: true" + }, + "observerOptions": { + "$ref": "#/definitions/dev.sigstore.verification.v1.ArtifactVerificationOptions.ObserverTimestampOptions", + "additionalProperties": false, + "description": "Optional options for observed timestamp verification. If none is provided, the default verification options are: Threshold 1 Disable: false" } }, "additionalProperties": false, @@ -692,6 +702,16 @@ "required": [ "tsa_options" ] + }, + { + "required": [ + "integrated_ts_options" + ] + }, + { + "required": [ + "observer_options" + ] } ], "title": "Artifact Verification Options", @@ -712,6 +732,21 @@ "type": "object", "title": "Ctlog Options" }, + "dev.sigstore.verification.v1.ArtifactVerificationOptions.ObserverTimestampOptions": { + "properties": { + "threshold": { + "type": "integer", + "description": "The number of external observers of the timestamp. This is a union of RFC3161 signed timestamps, and integrated timestamps from a transparency log, that could include additional timestamp sources in the future." + }, + "disable": { + "type": "boolean", + "description": "Disable observer timestamp verification." + } + }, + "additionalProperties": false, + "type": "object", + "title": "Observer Timestamp Options" + }, "dev.sigstore.verification.v1.ArtifactVerificationOptions.TimestampAuthorityOptions": { "properties": { "threshold": { @@ -727,6 +762,21 @@ "type": "object", "title": "Timestamp Authority Options" }, + "dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogIntegratedTimestampOptions": { + "properties": { + "threshold": { + "type": "integer", + "description": "The number of integrated timestamps that are expected." + }, + "disable": { + "type": "boolean", + "description": "Disable integrated timestamp verification." + } + }, + "additionalProperties": false, + "type": "object", + "title": "Tlog Integrated Timestamp Options" + }, "dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogOptions": { "properties": { "threshold": { diff --git a/gen/pb-go/verification/v1/sigstore_verification.pb.go b/gen/pb-go/verification/v1/sigstore_verification.pb.go index ea752053..95099784 100644 --- a/gen/pb-go/verification/v1/sigstore_verification.pb.go +++ b/gen/pb-go/verification/v1/sigstore_verification.pb.go @@ -228,9 +228,19 @@ type ArtifactVerificationOptions struct { CtlogOptions *ArtifactVerificationOptions_CtlogOptions `protobuf:"bytes,4,opt,name=ctlog_options,json=ctlogOptions,proto3,oneof" json:"ctlog_options,omitempty"` // Optional options for certificate signed timestamp verification. // If none is provided, the default verification options are: - // Threshold: 1 - // Disable: false + // Threshold: 0 + // Disable: true TsaOptions *ArtifactVerificationOptions_TimestampAuthorityOptions `protobuf:"bytes,5,opt,name=tsa_options,json=tsaOptions,proto3,oneof" json:"tsa_options,omitempty"` + // Optional options for integrated timestamp verification. + // If none is provided, the default verification options are: + // Threshold: 0 + // Disable: true + IntegratedTsOptions *ArtifactVerificationOptions_TlogIntegratedTimestampOptions `protobuf:"bytes,6,opt,name=integrated_ts_options,json=integratedTsOptions,proto3,oneof" json:"integrated_ts_options,omitempty"` + // Optional options for observed timestamp verification. + // If none is provided, the default verification options are: + // Threshold 1 + // Disable: false + ObserverOptions *ArtifactVerificationOptions_ObserverTimestampOptions `protobuf:"bytes,7,opt,name=observer_options,json=observerOptions,proto3,oneof" json:"observer_options,omitempty"` } func (x *ArtifactVerificationOptions) Reset() { @@ -307,6 +317,20 @@ func (x *ArtifactVerificationOptions) GetTsaOptions() *ArtifactVerificationOptio return nil } +func (x *ArtifactVerificationOptions) GetIntegratedTsOptions() *ArtifactVerificationOptions_TlogIntegratedTimestampOptions { + if x != nil { + return x.IntegratedTsOptions + } + return nil +} + +func (x *ArtifactVerificationOptions) GetObserverOptions() *ArtifactVerificationOptions_ObserverTimestampOptions { + if x != nil { + return x.ObserverOptions + } + return nil +} + type isArtifactVerificationOptions_Signers interface { isArtifactVerificationOptions_Signers() } @@ -679,6 +703,124 @@ func (x *ArtifactVerificationOptions_TimestampAuthorityOptions) GetDisable() boo return false } +type ArtifactVerificationOptions_TlogIntegratedTimestampOptions struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The number of integrated timestamps that are expected. + Threshold int32 `protobuf:"varint,1,opt,name=threshold,proto3" json:"threshold,omitempty"` + // Disable integrated timestamp verification. + Disable bool `protobuf:"varint,2,opt,name=disable,proto3" json:"disable,omitempty"` +} + +func (x *ArtifactVerificationOptions_TlogIntegratedTimestampOptions) Reset() { + *x = ArtifactVerificationOptions_TlogIntegratedTimestampOptions{} + if protoimpl.UnsafeEnabled { + mi := &file_sigstore_verification_proto_msgTypes[9] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ArtifactVerificationOptions_TlogIntegratedTimestampOptions) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ArtifactVerificationOptions_TlogIntegratedTimestampOptions) ProtoMessage() {} + +func (x *ArtifactVerificationOptions_TlogIntegratedTimestampOptions) ProtoReflect() protoreflect.Message { + mi := &file_sigstore_verification_proto_msgTypes[9] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ArtifactVerificationOptions_TlogIntegratedTimestampOptions.ProtoReflect.Descriptor instead. +func (*ArtifactVerificationOptions_TlogIntegratedTimestampOptions) Descriptor() ([]byte, []int) { + return file_sigstore_verification_proto_rawDescGZIP(), []int{3, 3} +} + +func (x *ArtifactVerificationOptions_TlogIntegratedTimestampOptions) GetThreshold() int32 { + if x != nil { + return x.Threshold + } + return 0 +} + +func (x *ArtifactVerificationOptions_TlogIntegratedTimestampOptions) GetDisable() bool { + if x != nil { + return x.Disable + } + return false +} + +type ArtifactVerificationOptions_ObserverTimestampOptions struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The number of external observers of the timestamp. + // This is a union of RFC3161 signed timestamps, and + // integrated timestamps from a transparency log, that + // could include additional timestamp sources in the + // future. + Threshold int32 `protobuf:"varint,1,opt,name=threshold,proto3" json:"threshold,omitempty"` + // Disable observer timestamp verification. + Disable bool `protobuf:"varint,2,opt,name=disable,proto3" json:"disable,omitempty"` +} + +func (x *ArtifactVerificationOptions_ObserverTimestampOptions) Reset() { + *x = ArtifactVerificationOptions_ObserverTimestampOptions{} + if protoimpl.UnsafeEnabled { + mi := &file_sigstore_verification_proto_msgTypes[10] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ArtifactVerificationOptions_ObserverTimestampOptions) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ArtifactVerificationOptions_ObserverTimestampOptions) ProtoMessage() {} + +func (x *ArtifactVerificationOptions_ObserverTimestampOptions) ProtoReflect() protoreflect.Message { + mi := &file_sigstore_verification_proto_msgTypes[10] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ArtifactVerificationOptions_ObserverTimestampOptions.ProtoReflect.Descriptor instead. +func (*ArtifactVerificationOptions_ObserverTimestampOptions) Descriptor() ([]byte, []int) { + return file_sigstore_verification_proto_rawDescGZIP(), []int{3, 4} +} + +func (x *ArtifactVerificationOptions_ObserverTimestampOptions) GetThreshold() int32 { + if x != nil { + return x.Threshold + } + return 0 +} + +func (x *ArtifactVerificationOptions_ObserverTimestampOptions) GetDisable() bool { + if x != nil { + return x.Disable + } + return false +} + var File_sigstore_verification_proto protoreflect.FileDescriptor var file_sigstore_verification_proto_rawDesc = []byte{ @@ -714,7 +856,7 @@ var file_sigstore_verification_proto_rawDesc = []byte{ 0x20, 0x03, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x52, 0x0a, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, - 0x65, 0x79, 0x73, 0x22, 0xa6, 0x07, 0x0a, 0x1b, 0x41, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, + 0x65, 0x79, 0x73, 0x22, 0x9c, 0x0b, 0x0a, 0x1b, 0x41, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x6c, 0x0a, 0x16, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x69, 0x65, 0x73, 0x18, 0x01, 0x20, @@ -750,68 +892,99 @@ var file_sigstore_verification_proto_rawDesc = []byte{ 0x6e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x48, 0x03, 0x52, 0x0a, 0x74, 0x73, 0x61, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, - 0x88, 0x01, 0x01, 0x1a, 0x85, 0x01, 0x0a, 0x0b, 0x54, 0x6c, 0x6f, 0x67, 0x4f, 0x70, 0x74, 0x69, - 0x6f, 0x6e, 0x73, 0x12, 0x1c, 0x0a, 0x09, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x09, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, - 0x64, 0x12, 0x3e, 0x0a, 0x1b, 0x70, 0x65, 0x72, 0x66, 0x6f, 0x72, 0x6d, 0x5f, 0x6f, 0x6e, 0x6c, - 0x69, 0x6e, 0x65, 0x5f, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x19, 0x70, 0x65, 0x72, 0x66, 0x6f, 0x72, 0x6d, 0x4f, - 0x6e, 0x6c, 0x69, 0x6e, 0x65, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x12, 0x18, 0x0a, 0x07, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x18, 0x03, 0x20, 0x01, - 0x28, 0x08, 0x52, 0x07, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x1a, 0x4c, 0x0a, 0x0c, 0x43, - 0x74, 0x6c, 0x6f, 0x67, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x1c, 0x0a, 0x09, 0x74, - 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x09, - 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x12, 0x18, 0x0a, 0x07, 0x64, 0x69, 0x73, - 0x61, 0x62, 0x6c, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x64, 0x69, 0x73, 0x61, - 0x62, 0x6c, 0x65, 0x4a, 0x04, 0x08, 0x02, 0x10, 0x03, 0x1a, 0x53, 0x0a, 0x19, 0x54, 0x69, 0x6d, - 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x4f, - 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x1c, 0x0a, 0x09, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, - 0x6f, 0x6c, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x09, 0x74, 0x68, 0x72, 0x65, 0x73, - 0x68, 0x6f, 0x6c, 0x64, 0x12, 0x18, 0x0a, 0x07, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x18, - 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x42, 0x09, - 0x0a, 0x07, 0x73, 0x69, 0x67, 0x6e, 0x65, 0x72, 0x73, 0x42, 0x0f, 0x0a, 0x0d, 0x5f, 0x74, 0x6c, - 0x6f, 0x67, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x42, 0x10, 0x0a, 0x0e, 0x5f, 0x63, - 0x74, 0x6c, 0x6f, 0x67, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x42, 0x0e, 0x0a, 0x0c, - 0x5f, 0x74, 0x73, 0x61, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0x55, 0x0a, 0x08, - 0x41, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x12, 0x23, 0x0a, 0x0c, 0x61, 0x72, 0x74, 0x69, - 0x66, 0x61, 0x63, 0x74, 0x5f, 0x75, 0x72, 0x69, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, - 0x52, 0x0b, 0x61, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x55, 0x72, 0x69, 0x12, 0x1c, 0x0a, - 0x08, 0x61, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x48, - 0x00, 0x52, 0x08, 0x61, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x42, 0x06, 0x0a, 0x04, 0x64, - 0x61, 0x74, 0x61, 0x22, 0xec, 0x02, 0x0a, 0x05, 0x49, 0x6e, 0x70, 0x75, 0x74, 0x12, 0x56, 0x0a, - 0x13, 0x61, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x5f, 0x74, 0x72, 0x75, 0x73, 0x74, 0x5f, - 0x72, 0x6f, 0x6f, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x64, 0x65, 0x76, - 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x72, - 0x6f, 0x6f, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x52, 0x6f, - 0x6f, 0x74, 0x52, 0x11, 0x61, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x54, 0x72, 0x75, 0x73, - 0x74, 0x52, 0x6f, 0x6f, 0x74, 0x12, 0x7d, 0x0a, 0x1d, 0x61, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, - 0x74, 0x5f, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6f, - 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x64, - 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x76, 0x65, 0x72, 0x69, - 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x72, 0x74, 0x69, - 0x66, 0x61, 0x63, 0x74, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x1b, 0x61, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, - 0x74, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4f, 0x70, 0x74, - 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x36, 0x0a, 0x06, 0x62, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x18, 0x03, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, - 0x6f, 0x72, 0x65, 0x2e, 0x62, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x42, 0x75, - 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x06, 0x62, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x12, 0x47, 0x0a, 0x08, - 0x61, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, - 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x76, 0x65, - 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x72, - 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x48, 0x00, 0x52, 0x08, 0x61, 0x72, 0x74, 0x69, 0x66, 0x61, - 0x63, 0x74, 0x88, 0x01, 0x01, 0x42, 0x0b, 0x0a, 0x09, 0x5f, 0x61, 0x72, 0x74, 0x69, 0x66, 0x61, - 0x63, 0x74, 0x42, 0x94, 0x01, 0x0a, 0x22, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, - 0x6f, 0x72, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, - 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x42, 0x11, 0x56, 0x65, 0x72, 0x69, 0x66, - 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x3c, - 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x69, 0x67, 0x73, 0x74, - 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2d, 0x73, 0x70, 0x65, - 0x63, 0x73, 0x2f, 0x67, 0x65, 0x6e, 0x2f, 0x70, 0x62, 0x2d, 0x67, 0x6f, 0x2f, 0x76, 0x65, 0x72, - 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2f, 0x76, 0x31, 0xea, 0x02, 0x1a, 0x53, - 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x3a, 0x3a, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x3a, 0x3a, 0x56, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x33, + 0x88, 0x01, 0x01, 0x12, 0x91, 0x01, 0x0a, 0x15, 0x69, 0x6e, 0x74, 0x65, 0x67, 0x72, 0x61, 0x74, + 0x65, 0x64, 0x5f, 0x74, 0x73, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x06, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x58, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, + 0x72, 0x65, 0x2e, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, + 0x76, 0x31, 0x2e, 0x41, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x56, 0x65, 0x72, 0x69, 0x66, + 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x54, + 0x6c, 0x6f, 0x67, 0x49, 0x6e, 0x74, 0x65, 0x67, 0x72, 0x61, 0x74, 0x65, 0x64, 0x54, 0x69, 0x6d, + 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x48, 0x04, 0x52, + 0x13, 0x69, 0x6e, 0x74, 0x65, 0x67, 0x72, 0x61, 0x74, 0x65, 0x64, 0x54, 0x73, 0x4f, 0x70, 0x74, + 0x69, 0x6f, 0x6e, 0x73, 0x88, 0x01, 0x01, 0x12, 0x82, 0x01, 0x0a, 0x10, 0x6f, 0x62, 0x73, 0x65, + 0x72, 0x76, 0x65, 0x72, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x07, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x52, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, + 0x65, 0x2e, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x76, + 0x31, 0x2e, 0x41, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, + 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x4f, 0x62, + 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x4f, + 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x48, 0x05, 0x52, 0x0f, 0x6f, 0x62, 0x73, 0x65, 0x72, 0x76, + 0x65, 0x72, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x88, 0x01, 0x01, 0x1a, 0x85, 0x01, 0x0a, + 0x0b, 0x54, 0x6c, 0x6f, 0x67, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x1c, 0x0a, 0x09, + 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, + 0x09, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x12, 0x3e, 0x0a, 0x1b, 0x70, 0x65, + 0x72, 0x66, 0x6f, 0x72, 0x6d, 0x5f, 0x6f, 0x6e, 0x6c, 0x69, 0x6e, 0x65, 0x5f, 0x76, 0x65, 0x72, + 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, + 0x19, 0x70, 0x65, 0x72, 0x66, 0x6f, 0x72, 0x6d, 0x4f, 0x6e, 0x6c, 0x69, 0x6e, 0x65, 0x56, 0x65, + 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x18, 0x0a, 0x07, 0x64, 0x69, + 0x73, 0x61, 0x62, 0x6c, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x64, 0x69, 0x73, + 0x61, 0x62, 0x6c, 0x65, 0x1a, 0x4c, 0x0a, 0x0c, 0x43, 0x74, 0x6c, 0x6f, 0x67, 0x4f, 0x70, 0x74, + 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x1c, 0x0a, 0x09, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, + 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x09, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, + 0x6c, 0x64, 0x12, 0x18, 0x0a, 0x07, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x18, 0x03, 0x20, + 0x01, 0x28, 0x08, 0x52, 0x07, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x4a, 0x04, 0x08, 0x02, + 0x10, 0x03, 0x1a, 0x53, 0x0a, 0x19, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x41, + 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, + 0x1c, 0x0a, 0x09, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x05, 0x52, 0x09, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x12, 0x18, 0x0a, + 0x07, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, + 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x1a, 0x58, 0x0a, 0x1e, 0x54, 0x6c, 0x6f, 0x67, 0x49, + 0x6e, 0x74, 0x65, 0x67, 0x72, 0x61, 0x74, 0x65, 0x64, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, + 0x6d, 0x70, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x1c, 0x0a, 0x09, 0x74, 0x68, 0x72, + 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x09, 0x74, 0x68, + 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x12, 0x18, 0x0a, 0x07, 0x64, 0x69, 0x73, 0x61, 0x62, + 0x6c, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, + 0x65, 0x1a, 0x52, 0x0a, 0x18, 0x4f, 0x62, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x54, 0x69, 0x6d, + 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x1c, 0x0a, + 0x09, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, + 0x52, 0x09, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x12, 0x18, 0x0a, 0x07, 0x64, + 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x64, 0x69, + 0x73, 0x61, 0x62, 0x6c, 0x65, 0x42, 0x09, 0x0a, 0x07, 0x73, 0x69, 0x67, 0x6e, 0x65, 0x72, 0x73, + 0x42, 0x0f, 0x0a, 0x0d, 0x5f, 0x74, 0x6c, 0x6f, 0x67, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, + 0x73, 0x42, 0x10, 0x0a, 0x0e, 0x5f, 0x63, 0x74, 0x6c, 0x6f, 0x67, 0x5f, 0x6f, 0x70, 0x74, 0x69, + 0x6f, 0x6e, 0x73, 0x42, 0x0e, 0x0a, 0x0c, 0x5f, 0x74, 0x73, 0x61, 0x5f, 0x6f, 0x70, 0x74, 0x69, + 0x6f, 0x6e, 0x73, 0x42, 0x18, 0x0a, 0x16, 0x5f, 0x69, 0x6e, 0x74, 0x65, 0x67, 0x72, 0x61, 0x74, + 0x65, 0x64, 0x5f, 0x74, 0x73, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x42, 0x13, 0x0a, + 0x11, 0x5f, 0x6f, 0x62, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, + 0x6e, 0x73, 0x22, 0x55, 0x0a, 0x08, 0x41, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x12, 0x23, + 0x0a, 0x0c, 0x61, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x5f, 0x75, 0x72, 0x69, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x0b, 0x61, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, + 0x55, 0x72, 0x69, 0x12, 0x1c, 0x0a, 0x08, 0x61, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x0c, 0x48, 0x00, 0x52, 0x08, 0x61, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, + 0x74, 0x42, 0x06, 0x0a, 0x04, 0x64, 0x61, 0x74, 0x61, 0x22, 0xec, 0x02, 0x0a, 0x05, 0x49, 0x6e, + 0x70, 0x75, 0x74, 0x12, 0x56, 0x0a, 0x13, 0x61, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x5f, + 0x74, 0x72, 0x75, 0x73, 0x74, 0x5f, 0x72, 0x6f, 0x6f, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x26, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, + 0x74, 0x72, 0x75, 0x73, 0x74, 0x72, 0x6f, 0x6f, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x72, 0x75, + 0x73, 0x74, 0x65, 0x64, 0x52, 0x6f, 0x6f, 0x74, 0x52, 0x11, 0x61, 0x72, 0x74, 0x69, 0x66, 0x61, + 0x63, 0x74, 0x54, 0x72, 0x75, 0x73, 0x74, 0x52, 0x6f, 0x6f, 0x74, 0x12, 0x7d, 0x0a, 0x1d, 0x61, + 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x5f, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x02, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, + 0x65, 0x2e, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x76, + 0x31, 0x2e, 0x41, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, + 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x1b, 0x61, + 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x36, 0x0a, 0x06, 0x62, 0x75, + 0x6e, 0x64, 0x6c, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x64, 0x65, 0x76, + 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x62, 0x75, 0x6e, 0x64, 0x6c, 0x65, + 0x2e, 0x76, 0x31, 0x2e, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x06, 0x62, 0x75, 0x6e, 0x64, + 0x6c, 0x65, 0x12, 0x47, 0x0a, 0x08, 0x61, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x18, 0x04, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, + 0x6f, 0x72, 0x65, 0x2e, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x48, 0x00, 0x52, 0x08, + 0x61, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x88, 0x01, 0x01, 0x42, 0x0b, 0x0a, 0x09, 0x5f, + 0x61, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x42, 0x94, 0x01, 0x0a, 0x22, 0x64, 0x65, 0x76, + 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, + 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x42, + 0x11, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x6f, + 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x3c, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, + 0x2f, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, + 0x75, 0x66, 0x2d, 0x73, 0x70, 0x65, 0x63, 0x73, 0x2f, 0x67, 0x65, 0x6e, 0x2f, 0x70, 0x62, 0x2d, + 0x67, 0x6f, 0x2f, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2f, + 0x76, 0x31, 0xea, 0x02, 0x1a, 0x53, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x3a, 0x3a, 0x56, + 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x3a, 0x3a, 0x56, 0x31, 0x62, + 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -826,42 +999,46 @@ func file_sigstore_verification_proto_rawDescGZIP() []byte { return file_sigstore_verification_proto_rawDescData } -var file_sigstore_verification_proto_msgTypes = make([]protoimpl.MessageInfo, 9) +var file_sigstore_verification_proto_msgTypes = make([]protoimpl.MessageInfo, 11) var file_sigstore_verification_proto_goTypes = []interface{}{ - (*CertificateIdentity)(nil), // 0: dev.sigstore.verification.v1.CertificateIdentity - (*CertificateIdentities)(nil), // 1: dev.sigstore.verification.v1.CertificateIdentities - (*PublicKeyIdentities)(nil), // 2: dev.sigstore.verification.v1.PublicKeyIdentities - (*ArtifactVerificationOptions)(nil), // 3: dev.sigstore.verification.v1.ArtifactVerificationOptions - (*Artifact)(nil), // 4: dev.sigstore.verification.v1.Artifact - (*Input)(nil), // 5: dev.sigstore.verification.v1.Input - (*ArtifactVerificationOptions_TlogOptions)(nil), // 6: dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogOptions - (*ArtifactVerificationOptions_CtlogOptions)(nil), // 7: dev.sigstore.verification.v1.ArtifactVerificationOptions.CtlogOptions - (*ArtifactVerificationOptions_TimestampAuthorityOptions)(nil), // 8: dev.sigstore.verification.v1.ArtifactVerificationOptions.TimestampAuthorityOptions - (*v1.SubjectAlternativeName)(nil), // 9: dev.sigstore.common.v1.SubjectAlternativeName - (*v1.ObjectIdentifierValuePair)(nil), // 10: dev.sigstore.common.v1.ObjectIdentifierValuePair - (*v1.PublicKey)(nil), // 11: dev.sigstore.common.v1.PublicKey - (*v11.TrustedRoot)(nil), // 12: dev.sigstore.trustroot.v1.TrustedRoot - (*v12.Bundle)(nil), // 13: dev.sigstore.bundle.v1.Bundle + (*CertificateIdentity)(nil), // 0: dev.sigstore.verification.v1.CertificateIdentity + (*CertificateIdentities)(nil), // 1: dev.sigstore.verification.v1.CertificateIdentities + (*PublicKeyIdentities)(nil), // 2: dev.sigstore.verification.v1.PublicKeyIdentities + (*ArtifactVerificationOptions)(nil), // 3: dev.sigstore.verification.v1.ArtifactVerificationOptions + (*Artifact)(nil), // 4: dev.sigstore.verification.v1.Artifact + (*Input)(nil), // 5: dev.sigstore.verification.v1.Input + (*ArtifactVerificationOptions_TlogOptions)(nil), // 6: dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogOptions + (*ArtifactVerificationOptions_CtlogOptions)(nil), // 7: dev.sigstore.verification.v1.ArtifactVerificationOptions.CtlogOptions + (*ArtifactVerificationOptions_TimestampAuthorityOptions)(nil), // 8: dev.sigstore.verification.v1.ArtifactVerificationOptions.TimestampAuthorityOptions + (*ArtifactVerificationOptions_TlogIntegratedTimestampOptions)(nil), // 9: dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogIntegratedTimestampOptions + (*ArtifactVerificationOptions_ObserverTimestampOptions)(nil), // 10: dev.sigstore.verification.v1.ArtifactVerificationOptions.ObserverTimestampOptions + (*v1.SubjectAlternativeName)(nil), // 11: dev.sigstore.common.v1.SubjectAlternativeName + (*v1.ObjectIdentifierValuePair)(nil), // 12: dev.sigstore.common.v1.ObjectIdentifierValuePair + (*v1.PublicKey)(nil), // 13: dev.sigstore.common.v1.PublicKey + (*v11.TrustedRoot)(nil), // 14: dev.sigstore.trustroot.v1.TrustedRoot + (*v12.Bundle)(nil), // 15: dev.sigstore.bundle.v1.Bundle } var file_sigstore_verification_proto_depIdxs = []int32{ - 9, // 0: dev.sigstore.verification.v1.CertificateIdentity.san:type_name -> dev.sigstore.common.v1.SubjectAlternativeName - 10, // 1: dev.sigstore.verification.v1.CertificateIdentity.oids:type_name -> dev.sigstore.common.v1.ObjectIdentifierValuePair + 11, // 0: dev.sigstore.verification.v1.CertificateIdentity.san:type_name -> dev.sigstore.common.v1.SubjectAlternativeName + 12, // 1: dev.sigstore.verification.v1.CertificateIdentity.oids:type_name -> dev.sigstore.common.v1.ObjectIdentifierValuePair 0, // 2: dev.sigstore.verification.v1.CertificateIdentities.identities:type_name -> dev.sigstore.verification.v1.CertificateIdentity - 11, // 3: dev.sigstore.verification.v1.PublicKeyIdentities.public_keys:type_name -> dev.sigstore.common.v1.PublicKey + 13, // 3: dev.sigstore.verification.v1.PublicKeyIdentities.public_keys:type_name -> dev.sigstore.common.v1.PublicKey 1, // 4: dev.sigstore.verification.v1.ArtifactVerificationOptions.certificate_identities:type_name -> dev.sigstore.verification.v1.CertificateIdentities 2, // 5: dev.sigstore.verification.v1.ArtifactVerificationOptions.public_keys:type_name -> dev.sigstore.verification.v1.PublicKeyIdentities 6, // 6: dev.sigstore.verification.v1.ArtifactVerificationOptions.tlog_options:type_name -> dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogOptions 7, // 7: dev.sigstore.verification.v1.ArtifactVerificationOptions.ctlog_options:type_name -> dev.sigstore.verification.v1.ArtifactVerificationOptions.CtlogOptions 8, // 8: dev.sigstore.verification.v1.ArtifactVerificationOptions.tsa_options:type_name -> dev.sigstore.verification.v1.ArtifactVerificationOptions.TimestampAuthorityOptions - 12, // 9: dev.sigstore.verification.v1.Input.artifact_trust_root:type_name -> dev.sigstore.trustroot.v1.TrustedRoot - 3, // 10: dev.sigstore.verification.v1.Input.artifact_verification_options:type_name -> dev.sigstore.verification.v1.ArtifactVerificationOptions - 13, // 11: dev.sigstore.verification.v1.Input.bundle:type_name -> dev.sigstore.bundle.v1.Bundle - 4, // 12: dev.sigstore.verification.v1.Input.artifact:type_name -> dev.sigstore.verification.v1.Artifact - 13, // [13:13] is the sub-list for method output_type - 13, // [13:13] is the sub-list for method input_type - 13, // [13:13] is the sub-list for extension type_name - 13, // [13:13] is the sub-list for extension extendee - 0, // [0:13] is the sub-list for field type_name + 9, // 9: dev.sigstore.verification.v1.ArtifactVerificationOptions.integrated_ts_options:type_name -> dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogIntegratedTimestampOptions + 10, // 10: dev.sigstore.verification.v1.ArtifactVerificationOptions.observer_options:type_name -> dev.sigstore.verification.v1.ArtifactVerificationOptions.ObserverTimestampOptions + 14, // 11: dev.sigstore.verification.v1.Input.artifact_trust_root:type_name -> dev.sigstore.trustroot.v1.TrustedRoot + 3, // 12: dev.sigstore.verification.v1.Input.artifact_verification_options:type_name -> dev.sigstore.verification.v1.ArtifactVerificationOptions + 15, // 13: dev.sigstore.verification.v1.Input.bundle:type_name -> dev.sigstore.bundle.v1.Bundle + 4, // 14: dev.sigstore.verification.v1.Input.artifact:type_name -> dev.sigstore.verification.v1.Artifact + 15, // [15:15] is the sub-list for method output_type + 15, // [15:15] is the sub-list for method input_type + 15, // [15:15] is the sub-list for extension type_name + 15, // [15:15] is the sub-list for extension extendee + 0, // [0:15] is the sub-list for field type_name } func init() { file_sigstore_verification_proto_init() } @@ -978,6 +1155,30 @@ func file_sigstore_verification_proto_init() { return nil } } + file_sigstore_verification_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ArtifactVerificationOptions_TlogIntegratedTimestampOptions); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_sigstore_verification_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ArtifactVerificationOptions_ObserverTimestampOptions); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } } file_sigstore_verification_proto_msgTypes[3].OneofWrappers = []interface{}{ (*ArtifactVerificationOptions_CertificateIdentities)(nil), @@ -994,7 +1195,7 @@ func file_sigstore_verification_proto_init() { GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_sigstore_verification_proto_rawDesc, NumEnums: 0, - NumMessages: 9, + NumMessages: 11, NumExtensions: 0, NumServices: 0, }, diff --git a/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/verification/v1/__init__.py b/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/verification/v1/__init__.py index 81344696..ffebc310 100644 --- a/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/verification/v1/__init__.py +++ b/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/verification/v1/__init__.py @@ -83,7 +83,23 @@ class ArtifactVerificationOptions(betterproto.Message): ) """ Optional options for certificate signed timestamp verification. If none is - provided, the default verification options are: Threshold: 1 Disable: false + provided, the default verification options are: Threshold: 0 Disable: true + """ + + integrated_ts_options: Optional[ + "ArtifactVerificationOptionsTlogIntegratedTimestampOptions" + ] = betterproto.message_field(6, optional=True, group="_integrated_ts_options") + """ + Optional options for integrated timestamp verification. If none is + provided, the default verification options are: Threshold: 0 Disable: true + """ + + observer_options: Optional[ + "ArtifactVerificationOptionsObserverTimestampOptions" + ] = betterproto.message_field(7, optional=True, group="_observer_options") + """ + Optional options for observed timestamp verification. If none is provided, + the default verification options are: Threshold 1 Disable: false """ @@ -117,6 +133,28 @@ class ArtifactVerificationOptionsTimestampAuthorityOptions(betterproto.Message): """Disable signed timestamp verification.""" +@dataclass(eq=False, repr=False) +class ArtifactVerificationOptionsTlogIntegratedTimestampOptions(betterproto.Message): + threshold: int = betterproto.int32_field(1) + """The number of integrated timestamps that are expected.""" + + disable: bool = betterproto.bool_field(2) + """Disable integrated timestamp verification.""" + + +@dataclass(eq=False, repr=False) +class ArtifactVerificationOptionsObserverTimestampOptions(betterproto.Message): + threshold: int = betterproto.int32_field(1) + """ + The number of external observers of the timestamp. This is a union of + RFC3161 signed timestamps, and integrated timestamps from a transparency + log, that could include additional timestamp sources in the future. + """ + + disable: bool = betterproto.bool_field(2) + """Disable observer timestamp verification.""" + + @dataclass(eq=False, repr=False) class Artifact(betterproto.Message): artifact_uri: str = betterproto.string_field(1, group="data") diff --git a/gen/pb-ruby/lib/sigstore_verification_pb.rb b/gen/pb-ruby/lib/sigstore_verification_pb.rb index 5d92821e..56a88150 100644 --- a/gen/pb-ruby/lib/sigstore_verification_pb.rb +++ b/gen/pb-ruby/lib/sigstore_verification_pb.rb @@ -24,6 +24,8 @@ proto3_optional :tlog_options, :message, 3, "dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogOptions" proto3_optional :ctlog_options, :message, 4, "dev.sigstore.verification.v1.ArtifactVerificationOptions.CtlogOptions" proto3_optional :tsa_options, :message, 5, "dev.sigstore.verification.v1.ArtifactVerificationOptions.TimestampAuthorityOptions" + proto3_optional :integrated_ts_options, :message, 6, "dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogIntegratedTimestampOptions" + proto3_optional :observer_options, :message, 7, "dev.sigstore.verification.v1.ArtifactVerificationOptions.ObserverTimestampOptions" oneof :signers do optional :certificate_identities, :message, 1, "dev.sigstore.verification.v1.CertificateIdentities" optional :public_keys, :message, 2, "dev.sigstore.verification.v1.PublicKeyIdentities" @@ -42,6 +44,14 @@ optional :threshold, :int32, 1 optional :disable, :bool, 2 end + add_message "dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogIntegratedTimestampOptions" do + optional :threshold, :int32, 1 + optional :disable, :bool, 2 + end + add_message "dev.sigstore.verification.v1.ArtifactVerificationOptions.ObserverTimestampOptions" do + optional :threshold, :int32, 1 + optional :disable, :bool, 2 + end add_message "dev.sigstore.verification.v1.Artifact" do oneof :data do optional :artifact_uri, :string, 1 @@ -67,6 +77,8 @@ module V1 ArtifactVerificationOptions::TlogOptions = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogOptions").msgclass ArtifactVerificationOptions::CtlogOptions = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("dev.sigstore.verification.v1.ArtifactVerificationOptions.CtlogOptions").msgclass ArtifactVerificationOptions::TimestampAuthorityOptions = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("dev.sigstore.verification.v1.ArtifactVerificationOptions.TimestampAuthorityOptions").msgclass + ArtifactVerificationOptions::TlogIntegratedTimestampOptions = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogIntegratedTimestampOptions").msgclass + ArtifactVerificationOptions::ObserverTimestampOptions = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("dev.sigstore.verification.v1.ArtifactVerificationOptions.ObserverTimestampOptions").msgclass Artifact = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("dev.sigstore.verification.v1.Artifact").msgclass Input = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("dev.sigstore.verification.v1.Input").msgclass end diff --git a/gen/pb-rust/schemas/ArtifactVerificationOptions.schema.json b/gen/pb-rust/schemas/ArtifactVerificationOptions.schema.json index a67d26f5..a36bcb98 100644 --- a/gen/pb-rust/schemas/ArtifactVerificationOptions.schema.json +++ b/gen/pb-rust/schemas/ArtifactVerificationOptions.schema.json @@ -26,7 +26,17 @@ "tsaOptions": { "$ref": "#/definitions/dev.sigstore.verification.v1.ArtifactVerificationOptions.TimestampAuthorityOptions", "additionalProperties": false, - "description": "Optional options for certificate signed timestamp verification. If none is provided, the default verification options are: Threshold: 1 Disable: false" + "description": "Optional options for certificate signed timestamp verification. If none is provided, the default verification options are: Threshold: 0 Disable: true" + }, + "integratedTsOptions": { + "$ref": "#/definitions/dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogIntegratedTimestampOptions", + "additionalProperties": false, + "description": "Optional options for integrated timestamp verification. If none is provided, the default verification options are: Threshold: 0 Disable: true" + }, + "observerOptions": { + "$ref": "#/definitions/dev.sigstore.verification.v1.ArtifactVerificationOptions.ObserverTimestampOptions", + "additionalProperties": false, + "description": "Optional options for observed timestamp verification. If none is provided, the default verification options are: Threshold 1 Disable: false" } }, "additionalProperties": false, @@ -56,6 +66,16 @@ "required": [ "tsa_options" ] + }, + { + "required": [ + "integrated_ts_options" + ] + }, + { + "required": [ + "observer_options" + ] } ], "title": "Artifact Verification Options", @@ -212,6 +232,21 @@ "type": "object", "title": "Ctlog Options" }, + "dev.sigstore.verification.v1.ArtifactVerificationOptions.ObserverTimestampOptions": { + "properties": { + "threshold": { + "type": "integer", + "description": "The number of external observers of the timestamp. This is a union of RFC3161 signed timestamps, and integrated timestamps from a transparency log, that could include additional timestamp sources in the future." + }, + "disable": { + "type": "boolean", + "description": "Disable observer timestamp verification." + } + }, + "additionalProperties": false, + "type": "object", + "title": "Observer Timestamp Options" + }, "dev.sigstore.verification.v1.ArtifactVerificationOptions.TimestampAuthorityOptions": { "properties": { "threshold": { @@ -227,6 +262,21 @@ "type": "object", "title": "Timestamp Authority Options" }, + "dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogIntegratedTimestampOptions": { + "properties": { + "threshold": { + "type": "integer", + "description": "The number of integrated timestamps that are expected." + }, + "disable": { + "type": "boolean", + "description": "Disable integrated timestamp verification." + } + }, + "additionalProperties": false, + "type": "object", + "title": "Tlog Integrated Timestamp Options" + }, "dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogOptions": { "properties": { "threshold": { diff --git a/gen/pb-rust/schemas/Input.schema.json b/gen/pb-rust/schemas/Input.schema.json index b5fe5060..83a625e6 100644 --- a/gen/pb-rust/schemas/Input.schema.json +++ b/gen/pb-rust/schemas/Input.schema.json @@ -662,7 +662,17 @@ "tsaOptions": { "$ref": "#/definitions/dev.sigstore.verification.v1.ArtifactVerificationOptions.TimestampAuthorityOptions", "additionalProperties": false, - "description": "Optional options for certificate signed timestamp verification. If none is provided, the default verification options are: Threshold: 1 Disable: false" + "description": "Optional options for certificate signed timestamp verification. If none is provided, the default verification options are: Threshold: 0 Disable: true" + }, + "integratedTsOptions": { + "$ref": "#/definitions/dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogIntegratedTimestampOptions", + "additionalProperties": false, + "description": "Optional options for integrated timestamp verification. If none is provided, the default verification options are: Threshold: 0 Disable: true" + }, + "observerOptions": { + "$ref": "#/definitions/dev.sigstore.verification.v1.ArtifactVerificationOptions.ObserverTimestampOptions", + "additionalProperties": false, + "description": "Optional options for observed timestamp verification. If none is provided, the default verification options are: Threshold 1 Disable: false" } }, "additionalProperties": false, @@ -692,6 +702,16 @@ "required": [ "tsa_options" ] + }, + { + "required": [ + "integrated_ts_options" + ] + }, + { + "required": [ + "observer_options" + ] } ], "title": "Artifact Verification Options", @@ -712,6 +732,21 @@ "type": "object", "title": "Ctlog Options" }, + "dev.sigstore.verification.v1.ArtifactVerificationOptions.ObserverTimestampOptions": { + "properties": { + "threshold": { + "type": "integer", + "description": "The number of external observers of the timestamp. This is a union of RFC3161 signed timestamps, and integrated timestamps from a transparency log, that could include additional timestamp sources in the future." + }, + "disable": { + "type": "boolean", + "description": "Disable observer timestamp verification." + } + }, + "additionalProperties": false, + "type": "object", + "title": "Observer Timestamp Options" + }, "dev.sigstore.verification.v1.ArtifactVerificationOptions.TimestampAuthorityOptions": { "properties": { "threshold": { @@ -727,6 +762,21 @@ "type": "object", "title": "Timestamp Authority Options" }, + "dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogIntegratedTimestampOptions": { + "properties": { + "threshold": { + "type": "integer", + "description": "The number of integrated timestamps that are expected." + }, + "disable": { + "type": "boolean", + "description": "Disable integrated timestamp verification." + } + }, + "additionalProperties": false, + "type": "object", + "title": "Tlog Integrated Timestamp Options" + }, "dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogOptions": { "properties": { "threshold": { diff --git a/gen/pb-typescript/src/__generated__/sigstore_verification.ts b/gen/pb-typescript/src/__generated__/sigstore_verification.ts index c9110ccd..b7620398 100644 --- a/gen/pb-typescript/src/__generated__/sigstore_verification.ts +++ b/gen/pb-typescript/src/__generated__/sigstore_verification.ts @@ -56,10 +56,28 @@ export interface ArtifactVerificationOptions { /** * Optional options for certificate signed timestamp verification. * If none is provided, the default verification options are: - * Threshold: 1 + * Threshold: 0 + * Disable: true + */ + tsaOptions?: + | ArtifactVerificationOptions_TimestampAuthorityOptions + | undefined; + /** + * Optional options for integrated timestamp verification. + * If none is provided, the default verification options are: + * Threshold: 0 + * Disable: true + */ + integratedTsOptions?: + | ArtifactVerificationOptions_TlogIntegratedTimestampOptions + | undefined; + /** + * Optional options for observed timestamp verification. + * If none is provided, the default verification options are: + * Threshold 1 * Disable: false */ - tsaOptions?: ArtifactVerificationOptions_TimestampAuthorityOptions | undefined; + observerOptions?: ArtifactVerificationOptions_ObserverTimestampOptions | undefined; } export interface ArtifactVerificationOptions_TlogOptions { @@ -88,6 +106,26 @@ export interface ArtifactVerificationOptions_TimestampAuthorityOptions { disable: boolean; } +export interface ArtifactVerificationOptions_TlogIntegratedTimestampOptions { + /** The number of integrated timestamps that are expected. */ + threshold: number; + /** Disable integrated timestamp verification. */ + disable: boolean; +} + +export interface ArtifactVerificationOptions_ObserverTimestampOptions { + /** + * The number of external observers of the timestamp. + * This is a union of RFC3161 signed timestamps, and + * integrated timestamps from a transparency log, that + * could include additional timestamp sources in the + * future. + */ + threshold: number; + /** Disable observer timestamp verification. */ + disable: boolean; +} + export interface Artifact { data?: { $case: "artifactUri"; artifactUri: string } | { $case: "artifact"; artifact: Buffer }; } @@ -192,7 +230,14 @@ export const PublicKeyIdentities = { }; function createBaseArtifactVerificationOptions(): ArtifactVerificationOptions { - return { signers: undefined, tlogOptions: undefined, ctlogOptions: undefined, tsaOptions: undefined }; + return { + signers: undefined, + tlogOptions: undefined, + ctlogOptions: undefined, + tsaOptions: undefined, + integratedTsOptions: undefined, + observerOptions: undefined, + }; } export const ArtifactVerificationOptions = { @@ -215,6 +260,12 @@ export const ArtifactVerificationOptions = { tsaOptions: isSet(object.tsaOptions) ? ArtifactVerificationOptions_TimestampAuthorityOptions.fromJSON(object.tsaOptions) : undefined, + integratedTsOptions: isSet(object.integratedTsOptions) + ? ArtifactVerificationOptions_TlogIntegratedTimestampOptions.fromJSON(object.integratedTsOptions) + : undefined, + observerOptions: isSet(object.observerOptions) + ? ArtifactVerificationOptions_ObserverTimestampOptions.fromJSON(object.observerOptions) + : undefined, }; }, @@ -236,6 +287,12 @@ export const ArtifactVerificationOptions = { message.tsaOptions !== undefined && (obj.tsaOptions = message.tsaOptions ? ArtifactVerificationOptions_TimestampAuthorityOptions.toJSON(message.tsaOptions) : undefined); + message.integratedTsOptions !== undefined && (obj.integratedTsOptions = message.integratedTsOptions + ? ArtifactVerificationOptions_TlogIntegratedTimestampOptions.toJSON(message.integratedTsOptions) + : undefined); + message.observerOptions !== undefined && (obj.observerOptions = message.observerOptions + ? ArtifactVerificationOptions_ObserverTimestampOptions.toJSON(message.observerOptions) + : undefined); return obj; }, }; @@ -305,6 +362,46 @@ export const ArtifactVerificationOptions_TimestampAuthorityOptions = { }, }; +function createBaseArtifactVerificationOptions_TlogIntegratedTimestampOptions(): ArtifactVerificationOptions_TlogIntegratedTimestampOptions { + return { threshold: 0, disable: false }; +} + +export const ArtifactVerificationOptions_TlogIntegratedTimestampOptions = { + fromJSON(object: any): ArtifactVerificationOptions_TlogIntegratedTimestampOptions { + return { + threshold: isSet(object.threshold) ? Number(object.threshold) : 0, + disable: isSet(object.disable) ? Boolean(object.disable) : false, + }; + }, + + toJSON(message: ArtifactVerificationOptions_TlogIntegratedTimestampOptions): unknown { + const obj: any = {}; + message.threshold !== undefined && (obj.threshold = Math.round(message.threshold)); + message.disable !== undefined && (obj.disable = message.disable); + return obj; + }, +}; + +function createBaseArtifactVerificationOptions_ObserverTimestampOptions(): ArtifactVerificationOptions_ObserverTimestampOptions { + return { threshold: 0, disable: false }; +} + +export const ArtifactVerificationOptions_ObserverTimestampOptions = { + fromJSON(object: any): ArtifactVerificationOptions_ObserverTimestampOptions { + return { + threshold: isSet(object.threshold) ? Number(object.threshold) : 0, + disable: isSet(object.disable) ? Boolean(object.disable) : false, + }; + }, + + toJSON(message: ArtifactVerificationOptions_ObserverTimestampOptions): unknown { + const obj: any = {}; + message.threshold !== undefined && (obj.threshold = Math.round(message.threshold)); + message.disable !== undefined && (obj.disable = message.disable); + return obj; + }, +}; + function createBaseArtifact(): Artifact { return { data: undefined }; } diff --git a/protos/sigstore_verification.proto b/protos/sigstore_verification.proto index 7233365f..7f811dd2 100644 --- a/protos/sigstore_verification.proto +++ b/protos/sigstore_verification.proto @@ -69,6 +69,22 @@ message ArtifactVerificationOptions { // Disable signed timestamp verification. bool disable = 2; } + message TlogIntegratedTimestampOptions{ + // The number of integrated timestamps that are expected. + int32 threshold = 1; + // Disable integrated timestamp verification. + bool disable = 2; + } + message ObserverTimestampOptions { + // The number of external observers of the timestamp. + // This is a union of RFC3161 signed timestamps, and + // integrated timestamps from a transparency log, that + // could include additional timestamp sources in the + // future. + int32 threshold = 1; + // Disable observer timestamp verification. + bool disable = 2; + } // At least one identity MUST be provided. Providing zero identities // is an error. If at least one provided identity is found as a @@ -99,9 +115,19 @@ message ArtifactVerificationOptions { optional CtlogOptions ctlog_options = 4; // Optional options for certificate signed timestamp verification. // If none is provided, the default verification options are: - // Threshold: 1 - // Disable: false + // Threshold: 0 + // Disable: true optional TimestampAuthorityOptions tsa_options = 5; + // Optional options for integrated timestamp verification. + // If none is provided, the default verification options are: + // Threshold: 0 + // Disable: true + optional TlogIntegratedTimestampOptions integrated_ts_options = 6; + // Optional options for observed timestamp verification. + // If none is provided, the default verification options are: + // Threshold 1 + // Disable: false + optional ObserverTimestampOptions observer_options = 7; } message Artifact {