Class SigningConfig

Namespace

Dev.Sigstore.Trustroot.V1

Assembly

Sigstore.dll

SigningConfig represents the trusted entities/state needed by Sigstore signing. In particular, it primarily contains service URLs that a Sigstore signer may need to connect to for the online aspects of signing.

public sealed class SigningConfig : IMessage<SigningConfig>, IEquatable<SigningConfig>, IDeepCloneable<SigningConfig>, IBufferMessage, IMessage

Inheritance

object

SigningConfig

Implements

IMessage<SigningConfig>

IEquatable<SigningConfig>

IDeepCloneable<SigningConfig>

IBufferMessage

IMessage

Inherited Members

object.Equals(object, object)

object.GetType()

object.ReferenceEquals(object, object)

Constructors

SigningConfig()

public SigningConfig()

SigningConfig(SigningConfig)

public SigningConfig(SigningConfig other)

Parameters

other SigningConfig

Fields

CaUrlsFieldNumber

Field number for the "ca_urls" field.

public const int CaUrlsFieldNumber = 6

Field Value

int

MediaTypeFieldNumber

Field number for the "media_type" field.

public const int MediaTypeFieldNumber = 5

Field Value

int

OidcUrlsFieldNumber

Field number for the "oidc_urls" field.

public const int OidcUrlsFieldNumber = 7

Field Value

int

RekorTlogConfigFieldNumber

Field number for the "rekor_tlog_config" field.

public const int RekorTlogConfigFieldNumber = 9

Field Value

int

RekorTlogUrlsFieldNumber

Field number for the "rekor_tlog_urls" field.

public const int RekorTlogUrlsFieldNumber = 8

Field Value

int

TsaConfigFieldNumber

Field number for the "tsa_config" field.

public const int TsaConfigFieldNumber = 11

Field Value

int

TsaUrlsFieldNumber

Field number for the "tsa_urls" field.

public const int TsaUrlsFieldNumber = 10

Field Value

int

Properties

CaUrls

URLs to Fulcio-compatible CAs, capable of receiving Certificate Signing Requests (CSRs) and responding with issued certificates.

These URLs MUST be the "base" URL for the CAs, which clients should construct an appropriate CSR endpoint on top of. For example, if a CA URL is https://example.com/ca, then the client MAY construct the CSR endpoint as https://example.com/ca/api/v2/signingCert.

Clients MUST select only one Service with the highest API version that the client is compatible with, that is within its validity period, and has the newest validity start date. Client SHOULD select the first Service that meets this requirement. All listed Services SHOULD be sorted by the valid_for window in descending order, with the newest instance first.

public RepeatedField<Service> CaUrls { get; }

Property Value

RepeatedField<Service>

Descriptor

public static MessageDescriptor Descriptor { get; }

Property Value

MessageDescriptor

MediaType

MUST be application/vnd.dev.sigstore.signingconfig.v0.2+json Clients MAY choose to also support application/vnd.dev.sigstore.signingconfig.v0.1+json

public string MediaType { get; set; }

Property Value

string

OidcUrls

URLs to OpenID Connect identity providers.

These URLs MUST be the "base" URLs for the OIDC IdPs, which clients should perform well-known OpenID Connect discovery against.

Clients MUST select only one Service with the highest API version that the client is compatible with, that is within its validity period, and has the newest validity start date. Client SHOULD select the first Service that meets this requirement. All listed Services SHOULD be sorted by the valid_for window in descending order, with the newest instance first.

public RepeatedField<Service> OidcUrls { get; }

Property Value

RepeatedField<Service>

Parser

public static MessageParser<SigningConfig> Parser { get; }

Property Value

MessageParser<SigningConfig>

RekorTlogConfig

Specifies how a client should select the set of Rekor transparency logs to write to.

public ServiceConfiguration RekorTlogConfig { get; set; }

Property Value

ServiceConfiguration

RekorTlogUrls

URLs to Rekor transparency logs.

These URL MUST be the "base" URLs for the transparency logs, which clients should construct appropriate API endpoints on top of.

Clients MUST group Services by operator and select at most one Service from each operator. Clients MUST select Services with the highest API version that the client is compatible with, that are within its validity period, and have the newest validity start dates. All listed Services SHOULD be sorted by the valid_for window in descending order, with the newest instance first.

Clients MUST select Services based on the selector value of rekor_tlog_config.

public RepeatedField<Service> RekorTlogUrls { get; }

Property Value

RepeatedField<Service>

TsaConfig

Specifies how a client should select the set of TSAs to request signed timestamps from.

public ServiceConfiguration TsaConfig { get; set; }

Property Value

ServiceConfiguration

TsaUrls

URLs to RFC 3161 Time Stamping Authorities (TSA).

These URLs MUST be the full URL for the TSA, meaning that it should be suitable for submitting Time Stamp Requests (TSRs) to via HTTP, per RFC 3161.

Clients MUST group Services by operator and select at most one Service from each operator. Clients MUST select Services with the highest API version that the client is compatible with, that are within its validity period, and have the newest validity start dates. All listed Services SHOULD be sorted by the valid_for window in descending order, with the newest instance first.

Clients MUST select Services based on the selector value of tsa_config.

public RepeatedField<Service> TsaUrls { get; }

Property Value

RepeatedField<Service>

Methods

CalculateSize()

Calculates the size of this message in Protocol Buffer wire format, in bytes.

public int CalculateSize()

Returns

int

The number of bytes required to write this message to a coded output stream.

Clone()

Creates a deep clone of this object.

public SigningConfig Clone()

Returns

SigningConfig

A deep clone of this object.

Equals(SigningConfig)

Indicates whether the current object is equal to another object of the same type.

public bool Equals(SigningConfig other)

Parameters

other SigningConfig

An object to compare with this object.

Returns

bool

true if the current object is equal to the other parameter; otherwise, false.

Equals(object)

Determines whether the specified object is equal to the current object.

public override bool Equals(object other)

Parameters

other object

Returns

bool

true if the specified object is equal to the current object; otherwise, false.

GetHashCode()

Serves as the default hash function.

public override int GetHashCode()

Returns

int

A hash code for the current object.

MergeFrom(SigningConfig)

Merges the given message into this one.

public void MergeFrom(SigningConfig other)

Parameters

other SigningConfig

Remarks

See the user guide for precise merge semantics.

MergeFrom(CodedInputStream)

Merges the data from the specified coded input stream with the current message.

public void MergeFrom(CodedInputStream input)

Parameters

input CodedInputStream

Remarks

See the user guide for precise merge semantics.

ToString()

Returns a string that represents the current object.

public override string ToString()

Returns

string

A string that represents the current object.

WriteTo(CodedOutputStream)

Writes the data to the given coded output stream.

public void WriteTo(CodedOutputStream output)

Parameters

output CodedOutputStream

Coded output stream to write the data to. Must not be null.