-
Notifications
You must be signed in to change notification settings - Fork 162
/
intoto_v0_0_3_schema.json
96 lines (96 loc) · 3.83 KB
/
intoto_v0_0_3_schema.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
{
"$schema": "http://json-schema.org/draft-07/schema#",
"$id": "http://rekor.sigstore.dev/types/intoto/intoto_v0_0_3_schema.json",
"title": "intoto v0.0.3 Schema",
"description": "Schema for intoto object",
"type": "object",
"properties": {
"proposedContent": {
"type": "object",
"properties": {
"envelope": {
"description": "DSSE envelope specified as a stringified JSON object; payloadType in the envelope MUST be set to 'application/vnd.in-toto+json'",
"type": "string",
"writeOnly": true
},
"publicKeys": {
"description": "collection of all public keys used to verify signatures over envelope's payload",
"type": "array",
"minItems": 1,
"items": {
"type": "string",
"format": "byte"
},
"writeOnly": true
}
},
"writeOnly": true,
"required": [ "envelope", "publicKeys" ]
},
"signatures": {
"description": "extracted collection of all signatures of the envelope's payload; elements will be sorted by lexicographical order of the base64 encoded signature strings",
"type": "array",
"minItems": 1,
"items": {
"description": "a signature of the envelope's payload along with the public key for the signature",
"type": "object",
"properties": {
"signature": {
"description": "base64 encoded signature of the payload",
"type": "string",
"pattern": "^(?:[A-Za-z0-9+\\/]{4})*(?:[A-Za-z0-9+\\/]{2}==|[A-Za-z0-9+\\/]{3}=|[A-Za-z0-9+\\/]{4})$"
},
"publicKey": {
"description": "public key that was used to verify the corresponding signature",
"type": "string",
"format": "byte"
}
},
"required": [ "signature", "publicKey" ]
},
"readOnly": true
},
"envelopeHash": {
"description": "Specifies the hash algorithm and value encompassing the entire envelope sent to Rekor",
"type": "object",
"properties": {
"algorithm": {
"description": "The hashing function used to compute the hash value",
"type": "string",
"enum": [ "sha256" ]
},
"value": {
"description": "The value of the computed digest over the entire envelope",
"type": "string"
}
},
"required": [ "algorithm", "value" ],
"readOnly": true
},
"payloadHash": {
"description": "Specifies the hash algorithm and value covering the payload within the DSSE envelope",
"type": "object",
"properties": {
"algorithm": {
"description": "The hashing function used to compute the hash value",
"type": "string",
"enum": [ "sha256" ]
},
"value": {
"description": "The value of the computed digest over the payload within the envelope",
"type": "string"
}
},
"required": [ "algorithm", "value" ],
"readOnly": true
}
},
"oneOf": [
{
"required": [ "proposedContent" ]
},
{
"required": [ "signatures", "envelopeHash", "payloadHash" ]
}
]
}