1{
2 "signed": {
3 "_type": "layout",
4 "steps": [
5 {
6 "_type": "step",
7 "pubkeys": [
8 "b7d643dec0a051096ee5d87221b5d91a33daa658699d30903e1cefb90c418401"
9 ],
10 "cert_constraints": [
11 {
12 "common_name": "write-code.example.com",
13 "dns_names": [],
14 "emails": [],
15 "organizations": [
16 "example"
17 ],
18 "roots": [
19 "da6360ef818d52b11f891132609f34907bd48521b33fc96927979b7fce876136"
20 ],
21 "uris": [
22 "spiffe://example.com/write-code"
23 ]
24 }
25 ],
26 "expected_command": [],
27 "threshold": 1,
28 "name": "write-code",
29 "expected_materials": [],
30 "expected_products": [
31 [
32 "ALLOW",
33 "foo.py"
34 ]
35 ]
36 },
37 {
38 "_type": "step",
39 "pubkeys": [
40 "d3ffd1086938b3698618adf088bf14b13db4c8ae19e4e78d73da49ee88492710"
41 ],
42 "expected_command": [
43 "tar",
44 "zcvf",
45 "foo.tar.gz",
46 "foo.py"
47 ],
48 "threshold": 1,
49 "name": "package",
50 "expected_materials": [
51 [
52 "MATCH",
53 "foo.py",
54 "WITH",
55 "PRODUCTS",
56 "FROM",
57 "write-code"
58 ],
59 [
60 "DISALLOW",
61 "*"
62 ]
63 ],
64 "expected_products": [
65 [
66 "ALLOW",
67 "foo.tar.gz"
68 ],
69 [
70 "ALLOW",
71 "foo.py"
72 ]
73 ]
74 }
75 ],
76 "inspect": [
77 {
78 "_type": "inspection",
79 "run": [
80 "tar",
81 "xfz",
82 "foo.tar.gz"
83 ],
84 "name": "untar",
85 "expected_materials": [
86 [
87 "MATCH",
88 "foo.tar.gz",
89 "WITH",
90 "PRODUCTS",
91 "FROM",
92 "package"
93 ],
94 [
95 "DISALLOW",
96 "foo.tar.gz"
97 ]
98 ],
99 "expected_products": [
100 [
101 "MATCH",
102 "foo.py",
103 "WITH",
104 "PRODUCTS",
105 "FROM",
106 "write-code"
107 ],
108 [
109 "DISALLOW",
110 "foo.py"
111 ]
112 ]
113 }
114 ],
115 "keys": {
116 "b7d643dec0a051096ee5d87221b5d91a33daa658699d30903e1cefb90c418401": {
117 "keyid": "b7d643dec0a051096ee5d87221b5d91a33daa658699d30903e1cefb90c418401",
118 "keyid_hash_algorithms": [
119 "sha256",
120 "sha512"
121 ],
122 "keytype": "rsa",
123 "keyval": {
124 "public": "-----BEGIN PUBLIC KEY-----\nMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAyCTik98953hKl6+B6n5l\n8DVIDwDnvrJfpasbJ3+Rw66YcawOZinRpMxPTqWBKs7sRop7jqsQNcslUoIZLrXP\nr3foPHF455TlrqPVfCZiFQ+O4CafxWOB4mL1NddvpFXTEjmUiwFrrL7PcvQKMbYz\neUHH4tH9MNzqKWbbJoekBsDpCDIxp1NbgivGBKwjRGa281sClKgpd0Q0ebl+RTcT\nvpfZVDbXazQ7VqZkidt7geWq2BidOXZp/cjoXyVneKx/gYiOUv8x94svQMzSEhw2\nLFMQ04A1KnGn1jxO35/fd6/OW32njyWs96RKu9UQVacYHsQfsACPWwmVqgnX/sp5\nujlvSDjyfZu7c5yUQ2asYfQPLvnjG+u7QcBukGf8hAfVgsezzX9QPiK35BKDgBU/\nVk43riJs165TJGYGVuLUhIEhHgiQtwo8pUTJS5npEe5XMDuZoighNdzoWY2nfsBf\np8348k6vJtDMB093/t6V9sTGYQcSbgKPyEQo5Pk6Wd4ZAgMBAAE=\n-----END PUBLIC KEY-----"
125 },
126 "scheme": "rsassa-pss-sha256"
127 },
128 "d3ffd1086938b3698618adf088bf14b13db4c8ae19e4e78d73da49ee88492710": {
129 "keyid": "d3ffd1086938b3698618adf088bf14b13db4c8ae19e4e78d73da49ee88492710",
130 "keyid_hash_algorithms": [
131 "sha256",
132 "sha512"
133 ],
134 "keytype": "rsa",
135 "keyval": {
136 "public": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxcz9AucNbkJbQpwTHlEH\nRB+h+MkYKQjw06IgZ8TXlXGqp5pdwTHI5n5iFol0/rksmiZxatHwhth7ryYNC3Vk\n9g/LAs9E60yWytiSgV93EKv65bmhYqiSAkJdyaPKvCb7cG979B4e+HVpdVx6s7Ex\nIoaDRYcX3VIt6V25/SQz5iNUeVlb++QtSfQFEf3lHauoFhWZoCse24nWtYZo+3Ut\nuTmxygp7tU/9NmYb2BXEfUCdgjoCQ1UsFLBQQ4haIdJNOtRFl8KNY09zbMUijKIe\nX0ZvgT877LUtMyydKPEo04/u3DEr9Zba/SkHw43jYE/ojlXeik5uVjLSr3sJLDSP\nHwIDAQAB\n-----END PUBLIC KEY-----"
137 },
138 "scheme": "rsassa-pss-sha256"
139 }
140 },
141 "rootcas": {
142 "da6360ef818d52b11f891132609f34907bd48521b33fc96927979b7fce876136": {
143 "keyid": "da6360ef818d52b11f891132609f34907bd48521b33fc96927979b7fce876136",
144 "keyid_hash_algorithms": [
145 "sha256",
146 "sha512"
147 ],
148 "keytype": "rsa",
149 "keyval": {
150 "public": "",
151 "certificate": "-----BEGIN CERTIFICATE-----\nMIIDqjCCApKgAwIBAgIUPwvv/M1i/cE9Uz5YjGlwmowdez4wDQYJKoZIhvcNAQEN\nBQAwKzEQMA4GA1UECgwHZXhhbXBsZTEXMBUGA1UECwwOZXhhbXBsZUNOPXJvb3Qw\nHhcNMjEwODMxMTgzMjIyWhcNMzEwODI5MTgzMjIyWjArMRAwDgYDVQQKDAdleGFt\ncGxlMRcwFQYDVQQLDA5leGFtcGxlQ049cm9vdDCCASIwDQYJKoZIhvcNAQEBBQAD\nggEPADCCAQoCggEBAOXNjGvdiCQwbm8Hx7gyVtSOmG7ka3aqXYYaMBQiuDf+zIDn\nG7ckQcDPtruqwiJ34Q/xaABuHPhPUI8Urbal7g/BZMIPu5OBL7MFq2l0zPjBhERZ\n1fzNqgR5OjkbBqdfnpiAkYLP3HuCZLueRQylM4uJ4dOMRZkvJIjqUxMfwPUYe8dq\nQLe8hWd+Qpg6iLnqe5KxYqzyh7Lx8xX5nvGhPF7pi8cU7J5iFD9gs+BFeWG1GBQK\natftyJCkcHizlhdey6TviC1eEWsUWHMdRv+HOqLA02BspVROL0H5a4ztkC8KtjYf\nixSLKZYLMe61YU0qCU90xwb/fYwA6Xf/KjY1bX0CAwEAAaOBxTCBwjAdBgNVHQ4E\nFgQUP+lTty3ZA4ioQ9Xxnhy2IgktOAkwZgYDVR0jBF8wXYAUP+lTty3ZA4ioQ9Xx\nnhy2IgktOAmhL6QtMCsxEDAOBgNVBAoMB2V4YW1wbGUxFzAVBgNVBAsMDmV4YW1w\nbGVDTj1yb290ghQ/C+/8zWL9wT1TPliMaXCajB17PjAPBgNVHRMBAf8EBTADAQH/\nMA4GA1UdDwEB/wQEAwIBBjAYBgNVHREEETAPhg1zcGlmZmU6Ly9yb290MA0GCSqG\nSIb3DQEBDQUAA4IBAQDaji2jL7pXjRGk5SoiEEukJC8aPBSewd9OWPv0GoCG7Izf\nu4JFEpdSXS6HaA7IJ/xoQcAoCkBT9Ez+3WR8WhARkzHH7GD93bbg0SBVDPhSNsaN\nTigrz4/QAgDZw4wx7JbwPdJqnSYcf56sjon6bv8P1MPvrq7aUlQaKfqaW8cAPOO+\nppozqHKDN73hwB3Lt9rELAaJcmC9101U4pZlfXifp4tSXcasGG99YWORRbfb8ErK\nHKWaC7Au8PPyVZzfkohEj9/IvRBrqLpkkXApPaYOS++jhtPnxXA5vtK0x7Si1/d4\nqIZsuS6rjTJQGyQ0P1bpOcnMZI26ixuDpkwj6mPe\n-----END CERTIFICATE-----\n"
152 },
153 "scheme": "rsassa-pss-sha256"
154 }
155 },
156 "intermediatecas": {
157 "a6c9536bc35adcd7fefde347b89a6c6d03da63d2955733eb15774b29c7fdb25f": {
158 "keyid": "a6c9536bc35adcd7fefde347b89a6c6d03da63d2955733eb15774b29c7fdb25f",
159 "keyid_hash_algorithms": [
160 "sha256",
161 "sha512"
162 ],
163 "keytype": "rsa",
164 "keyval": {
165 "public": "",
166 "certificate": "-----BEGIN CERTIFICATE-----\nMIIDuDCCAqCgAwIBAgIUVuEf/cwQDxh80PJf90rs6meSzSYwDQYJKoZIhvcNAQEL\nBQAwKzEQMA4GA1UECgwHZXhhbXBsZTEXMBUGA1UECwwOZXhhbXBsZUNOPXJvb3Qw\nHhcNMjEwODMxMTgzMjIzWhcNMzEwODI5MTgzMjIzWjAyMRAwDgYDVQQKDAdleGFt\ncGxlMR4wHAYDVQQLDBVleGFtcGxlQ049ZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3\nDQEBAQUAA4IBDwAwggEKAoIBAQC8PzbidS8jxlfJiE1FC4Q8LdxUDrbEMrcp8pP9\n+rcmOxRyypWU1ZX8I90RQ0wZyQeoRHHaPFt80DNsEGeiDL4pmNUkATaz7jmdK9ZM\n4uWD0bgnZnC2UWAiS8GjJaUBKOxmiQIma/d0xFt6p0yLzxd5jMP+U7VdH2GLEK4H\nDsXqWoWB2J82J2z4+amWB0ACaH0Euf2uL9f3iJ54XI0uQPZsmctMiIfEHMeZT5CV\nSoqvvM4LEVB+soQj2nfkXrsjc+shNGYdTYME1dIeVCMibU8/Cu9sgVlyOs8J9Cu6\nG261N40xYcRBldnj5pRILKcYqSpFIqu1+US/jVovRURDi1uPAgMBAAGjgcwwgckw\nHQYDVR0OBBYEFCKp/wOzXuZVbIPtm1v9C40JqUqNMGYGA1UdIwRfMF2AFD/pU7ct\n2QOIqEPV8Z4ctiIJLTgJoS+kLTArMRAwDgYDVQQKDAdleGFtcGxlMRcwFQYDVQQL\nDA5leGFtcGxlQ049cm9vdIIUPwvv/M1i/cE9Uz5YjGlwmowdez4wDwYDVR0TAQH/\nBAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHwYDVR0RBBgwFoYUc3BpZmZlOi8vZXhh\nbXBsZS5jb20wDQYJKoZIhvcNAQELBQADggEBAFKt6CN1Oy2kLVQsLOxDtu5JPS9V\nIWtACL8c1WbznWV0xqg7Oordbq/wSiMKOjP2t92LdVR8hv1DbIcIqEsWRVaOfLPW\nSk/xgSXFZAQONal34oY/dySHqM2LJ+nMTBwhdX9cyYWgY0eiRys9wVp90MxJ8Ngv\nBc2YHqSL52Pid3SxQrM3dAeGeEOms5uaNxPGPJwvIHMtZLgCFumQO+cu10QWCiXA\n038MKmge74U9L7XxRBKobYbDSCooyhD8oBOTwmHRvd1dPLD62a7EtgP17ndzvqvs\nCeVm1a82NWpujW8QtnNdFE2b5043lrMtKS3CjVT+SSUMRtN6WKAmAH6CRko=\n-----END CERTIFICATE-----\n"
167 },
168 "scheme": "rsassa-pss-sha256"
169 }
170 },
171 "expires": "2030-11-18T16:06:36Z",
172 "readme": ""
173 },
174 "signatures": [
175 {
176 "keyid": "70ca5750c2eda80b18f41f4ec5f92146789b5d68dd09577be422a0159bd13680",
177 "sig": "a096ec3af4c36ef1f3ce2318cee08ab1460c20268dc88c8c60dc6e3838a21f38891f9010a0d209498fde287244e7f06c87525275449794364519472ac07f9622eb78199ac9c3b1329b9de0db80b962a221123f51b6db65b0618dc244912c0f27d2d55fe5a5e2501ed93190459dd3ddf451cac8c417f4081c4ccea533b3f8ef1f53a6e484a29162e9ceaf5c3983701e2018e2a5b0b4e53c36e685036a538a3c00dba9e288c446b229af11d64928f22276c466ad34fa69b6d0bbbd28fbca58789cf6af4e9b79c88ef597e15e1da4dd121e851781b6a2821605ef2e63c181cd53b894b922351175928a8dbaeedc1127dbbe3e359e6e7ce120ad7bb43593f14dfb0b",
178 "cert": ""
179 }
180 ]
181}View as plain text