Table of Contents

Class TransparencyLogInstance

Namespace
Dev.Sigstore.Trustroot.V1
Assembly
Sigstore.dll

TransparencyLogInstance describes the immutable parameters from a transparency log. See https://www.rfc-editor.org/rfc/rfc9162.html#name-log-parameters for more details. The included parameters are the minimal set required to identify a log, and verify an inclusion proof/promise.

public sealed class TransparencyLogInstance : IMessage<TransparencyLogInstance>, IEquatable<TransparencyLogInstance>, IDeepCloneable<TransparencyLogInstance>, IBufferMessage, IMessage
Inheritance
TransparencyLogInstance
Implements
IDeepCloneable<TransparencyLogInstance>
IBufferMessage
IMessage
Inherited Members

Constructors

TransparencyLogInstance() 

public TransparencyLogInstance()

TransparencyLogInstance(TransparencyLogInstance) 

public TransparencyLogInstance(TransparencyLogInstance other)

Parameters

other TransparencyLogInstance

Fields

BaseUrlFieldNumber

Field number for the "base_url" field.

public const int BaseUrlFieldNumber = 1

Field Value

int

CheckpointKeyIdFieldNumber

Field number for the "checkpoint_key_id" field.

public const int CheckpointKeyIdFieldNumber = 5

Field Value

int

HashAlgorithmFieldNumber

Field number for the "hash_algorithm" field.

public const int HashAlgorithmFieldNumber = 2

Field Value

int

LogIdFieldNumber

Field number for the "log_id" field.

public const int LogIdFieldNumber = 4

Field Value

int

OperatorFieldNumber

Field number for the "operator" field.

public const int OperatorFieldNumber = 6

Field Value

int

PublicKeyFieldNumber

Field number for the "public_key" field.

public const int PublicKeyFieldNumber = 3

Field Value

int

Properties

BaseUrl

The base URL at which can be used to URLs for the client. SHOULD match the origin on the log checkpoint: https://github.com/C2SP/C2SP/blob/main/tlog-checkpoint.md#note-text.

public string BaseUrl { get; set; }

Property Value

string

CheckpointKeyId

The unique identifier for the log, used in the checkpoint. Only supported for TrustedRoot media types matching or greater than application/vnd.dev.sigstore.trustedroot.v0.2+json Its calculation is described in https://github.com/C2SP/C2SP/blob/main/signed-note.md#signatures SHOULD be set for all logs. When not set, clients MUST use log_id.

For Ed25519 signatures, the key ID is computed per the C2SP spec: key ID = SHA-256(key name || 0x0A || 0x01 || 32-byte Ed25519 public key)[:4] For ECDSA signatures, the key ID is computed per the C2SP spec: key ID = SHA-256(PKIX ASN.1 DER-encoded public key, in SubjectPublicKeyInfo format)[:4] For RSA signatures, the signature type will be 0xff with an appended identifier for the format, "PKIX-RSA-PKCS#1v1.5": key ID = SHA-256(key name || 0x0A || 0xff || PKIX-RSA-PKCS#1v1.5 || PKIX ASN.1 DER-encoded public key)[:4]

This is provided for convenience. Clients can also calculate the checkpoint key ID given the log's public key. SHOULD be 4 bytes long, as a truncated hash.

To find a matching TransparencyLogInstance in the TrustedRoot, clients will parse the checkpoint, and for each signature line, use the key name (i.e. log origin, base_url from TrustedRoot) and checkpoint key ID (i.e. checkpoint_key_id from TrustedRoot) which can then be compared against the TrustedRoot log instances.

public LogId CheckpointKeyId { get; set; }

Property Value

LogId

Descriptor 

public static MessageDescriptor Descriptor { get; }

Property Value

MessageDescriptor

HashAlgorithm

The hash algorithm used for the Merkle Tree.

public HashAlgorithm HashAlgorithm { get; set; }

Property Value

HashAlgorithm

LogId

The identifier for this transparency log. Represented as the SHA-256 hash of the log's public key, calculated over the DER encoding of the key represented as SubjectPublicKeyInfo. See https://www.rfc-editor.org/rfc/rfc6962#section-3.2 For Rekor v2 instances, log_id and checkpoint_key_id will be set to the same value. It is recommended to use checkpoint_key_id instead, since log_id is not guaranteed to be unique across multiple deployments. Clients must use the key name and key ID, as defined by the signed-note spec linked below, from a checkpoint to determine the correct TransparencyLogInstance to verify a proof. log_id will eventually be deprecated in favor of checkpoint_id.

public LogId LogId { get; set; }

Property Value

LogId

Operator

The name of the operator of this log deployment. Operator MUST be formatted as a scheme-less URI, e.g. sigstore.dev Only supported for TrustedRoot media types matching or greater than application/vnd.dev.sigstore.trustedroot.v0.2+json This MUST be used when there are multiple transparency log instances to determine if log proof verification meets a specified threshold, e.g. two proofs from log deployments operated by the same operator should count as only one valid proof.

public string Operator { get; set; }

Property Value

string

Parser 

public static MessageParser<TransparencyLogInstance> Parser { get; }

Property Value

MessageParser<TransparencyLogInstance>

PublicKey

The public key used to verify signatures generated by the log. This attribute contains the signature algorithm used by the log.

public PublicKey PublicKey { get; set; }

Property Value

PublicKey

Methods

CalculateSize()

Calculates the size of this message in Protocol Buffer wire format, in bytes.

public int CalculateSize()

Returns

int

The number of bytes required to write this message to a coded output stream.

Clone()

Creates a deep clone of this object.

public TransparencyLogInstance Clone()

Returns

TransparencyLogInstance

A deep clone of this object.

Equals(TransparencyLogInstance)

Indicates whether the current object is equal to another object of the same type.

public bool Equals(TransparencyLogInstance other)

Parameters

other TransparencyLogInstance

An object to compare with this object.

Returns

bool

true if the current object is equal to the other parameter; otherwise, false.

Equals(object)

Determines whether the specified object is equal to the current object.

public override bool Equals(object other)

Parameters

other object

Returns

bool

true if the specified object is equal to the current object; otherwise, false.

GetHashCode()

Serves as the default hash function.

public override int GetHashCode()

Returns

int

A hash code for the current object.

MergeFrom(TransparencyLogInstance)

Merges the given message into this one.

public void MergeFrom(TransparencyLogInstance other)

Parameters

other TransparencyLogInstance

Remarks

See the user guide for precise merge semantics.

MergeFrom(CodedInputStream)

Merges the data from the specified coded input stream with the current message.

public void MergeFrom(CodedInputStream input)

Parameters

input CodedInputStream

Remarks

See the user guide for precise merge semantics.

ToString()

Returns a string that represents the current object.

public override string ToString()

Returns

string

A string that represents the current object.

WriteTo(CodedOutputStream)

Writes the data to the given coded output stream.

public void WriteTo(CodedOutputStream output)

Parameters

output CodedOutputStream

Coded output stream to write the data to. Must not be null.