1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package restapi
20
21
22
23
24 import (
25 "encoding/json"
26 )
27
28 var (
29
30 SwaggerJSON json.RawMessage
31
32 FlatSwaggerJSON json.RawMessage
33 )
34
35 func init() {
36 SwaggerJSON = json.RawMessage([]byte(`{
37 "consumes": [
38 "application/json"
39 ],
40 "produces": [
41 "application/json"
42 ],
43 "schemes": [
44 "http"
45 ],
46 "swagger": "2.0",
47 "info": {
48 "description": "Rekor is a cryptographically secure, immutable transparency log for signed software releases.",
49 "title": "Rekor",
50 "version": "1.0.0"
51 },
52 "host": "rekor.sigstore.dev",
53 "paths": {
54 "/api/v1/index/retrieve": {
55 "post": {
56 "description": "EXPERIMENTAL - this endpoint is offered as best effort only and may be changed or removed in future releases.\nThe results returned from this endpoint may be incomplete.\n",
57 "tags": [
58 "index"
59 ],
60 "summary": "Searches index by entry metadata",
61 "operationId": "searchIndex",
62 "deprecated": true,
63 "parameters": [
64 {
65 "name": "query",
66 "in": "body",
67 "required": true,
68 "schema": {
69 "$ref": "#/definitions/SearchIndex"
70 }
71 }
72 ],
73 "responses": {
74 "200": {
75 "description": "Returns zero or more entry UUIDs from the transparency log based on search query",
76 "schema": {
77 "type": "array",
78 "items": {
79 "description": "Entry UUID in transparency log",
80 "type": "string",
81 "pattern": "^([0-9a-fA-F]{64}|[0-9a-fA-F]{80})$"
82 }
83 }
84 },
85 "400": {
86 "$ref": "#/responses/BadContent"
87 },
88 "default": {
89 "$ref": "#/responses/InternalServerError"
90 }
91 }
92 }
93 },
94 "/api/v1/log": {
95 "get": {
96 "description": "Returns the current root hash and size of the merkle tree used to store the log entries.",
97 "tags": [
98 "tlog"
99 ],
100 "summary": "Get information about the current state of the transparency log",
101 "operationId": "getLogInfo",
102 "parameters": [
103 {
104 "type": "boolean",
105 "default": false,
106 "description": "Whether to return a stable checkpoint for the active shard",
107 "name": "stable",
108 "in": "query"
109 }
110 ],
111 "responses": {
112 "200": {
113 "description": "A JSON object with the root hash and tree size as properties",
114 "schema": {
115 "$ref": "#/definitions/LogInfo"
116 }
117 },
118 "default": {
119 "$ref": "#/responses/InternalServerError"
120 }
121 }
122 }
123 },
124 "/api/v1/log/entries": {
125 "get": {
126 "tags": [
127 "entries"
128 ],
129 "summary": "Retrieves an entry and inclusion proof from the transparency log (if it exists) by index",
130 "operationId": "getLogEntryByIndex",
131 "parameters": [
132 {
133 "type": "integer",
134 "description": "specifies the index of the entry in the transparency log to be retrieved",
135 "name": "logIndex",
136 "in": "query",
137 "required": true
138 }
139 ],
140 "responses": {
141 "200": {
142 "description": "the entry in the transparency log requested along with an inclusion proof",
143 "schema": {
144 "$ref": "#/definitions/LogEntry"
145 }
146 },
147 "404": {
148 "$ref": "#/responses/NotFound"
149 },
150 "default": {
151 "$ref": "#/responses/InternalServerError"
152 }
153 }
154 },
155 "post": {
156 "description": "Creates an entry in the transparency log for a detached signature, public key, and content. Items can be included in the request or fetched by the server when URLs are specified.\n",
157 "tags": [
158 "entries"
159 ],
160 "summary": "Creates an entry in the transparency log",
161 "operationId": "createLogEntry",
162 "parameters": [
163 {
164 "name": "proposedEntry",
165 "in": "body",
166 "required": true,
167 "schema": {
168 "$ref": "#/definitions/ProposedEntry"
169 }
170 }
171 ],
172 "responses": {
173 "201": {
174 "description": "Returns the entry created in the transparency log",
175 "schema": {
176 "$ref": "#/definitions/LogEntry"
177 },
178 "headers": {
179 "ETag": {
180 "type": "string",
181 "description": "UUID of log entry"
182 },
183 "Location": {
184 "type": "string",
185 "format": "uri",
186 "description": "URI location of log entry"
187 }
188 }
189 },
190 "400": {
191 "$ref": "#/responses/BadContent"
192 },
193 "409": {
194 "$ref": "#/responses/Conflict"
195 },
196 "default": {
197 "$ref": "#/responses/InternalServerError"
198 }
199 }
200 }
201 },
202 "/api/v1/log/entries/retrieve": {
203 "post": {
204 "tags": [
205 "entries"
206 ],
207 "summary": "Searches transparency log for one or more log entries",
208 "operationId": "searchLogQuery",
209 "parameters": [
210 {
211 "name": "entry",
212 "in": "body",
213 "required": true,
214 "schema": {
215 "$ref": "#/definitions/SearchLogQuery"
216 }
217 }
218 ],
219 "responses": {
220 "200": {
221 "description": "Returns zero or more entries from the transparency log, according to how many were included in request query",
222 "schema": {
223 "type": "array",
224 "items": {
225 "$ref": "#/definitions/LogEntry"
226 }
227 }
228 },
229 "400": {
230 "$ref": "#/responses/BadContent"
231 },
232 "422": {
233 "$ref": "#/responses/UnprocessableEntity"
234 },
235 "default": {
236 "$ref": "#/responses/InternalServerError"
237 }
238 }
239 }
240 },
241 "/api/v1/log/entries/{entryUUID}": {
242 "get": {
243 "description": "Returns the entry, root hash, tree size, and a list of hashes that can be used to calculate proof of an entry being included in the transparency log",
244 "tags": [
245 "entries"
246 ],
247 "summary": "Get log entry and information required to generate an inclusion proof for the entry in the transparency log",
248 "operationId": "getLogEntryByUUID",
249 "parameters": [
250 {
251 "pattern": "^([0-9a-fA-F]{64}|[0-9a-fA-F]{80})$",
252 "type": "string",
253 "description": "the UUID of the entry for which the inclusion proof information should be returned",
254 "name": "entryUUID",
255 "in": "path",
256 "required": true
257 }
258 ],
259 "responses": {
260 "200": {
261 "description": "Information needed for a client to compute the inclusion proof",
262 "schema": {
263 "$ref": "#/definitions/LogEntry"
264 }
265 },
266 "404": {
267 "$ref": "#/responses/NotFound"
268 },
269 "default": {
270 "$ref": "#/responses/InternalServerError"
271 }
272 }
273 }
274 },
275 "/api/v1/log/proof": {
276 "get": {
277 "description": "Returns a list of hashes for specified tree sizes that can be used to confirm the consistency of the transparency log",
278 "tags": [
279 "tlog"
280 ],
281 "summary": "Get information required to generate a consistency proof for the transparency log",
282 "operationId": "getLogProof",
283 "parameters": [
284 {
285 "minimum": 1,
286 "type": "integer",
287 "default": 1,
288 "description": "The size of the tree that you wish to prove consistency from (1 means the beginning of the log) Defaults to 1 if not specified\n",
289 "name": "firstSize",
290 "in": "query"
291 },
292 {
293 "minimum": 1,
294 "type": "integer",
295 "description": "The size of the tree that you wish to prove consistency to",
296 "name": "lastSize",
297 "in": "query",
298 "required": true
299 },
300 {
301 "pattern": "^[0-9]+$",
302 "type": "string",
303 "description": "The tree ID of the tree that you wish to prove consistency for",
304 "name": "treeID",
305 "in": "query"
306 }
307 ],
308 "responses": {
309 "200": {
310 "description": "All hashes required to compute the consistency proof",
311 "schema": {
312 "$ref": "#/definitions/ConsistencyProof"
313 }
314 },
315 "400": {
316 "$ref": "#/responses/BadContent"
317 },
318 "default": {
319 "$ref": "#/responses/InternalServerError"
320 }
321 }
322 }
323 },
324 "/api/v1/log/publicKey": {
325 "get": {
326 "description": "Returns the public key that can be used to validate the signed tree head",
327 "produces": [
328 "application/x-pem-file"
329 ],
330 "tags": [
331 "pubkey"
332 ],
333 "summary": "Retrieve the public key that can be used to validate the signed tree head",
334 "operationId": "getPublicKey",
335 "parameters": [
336 {
337 "pattern": "^[0-9]+$",
338 "type": "string",
339 "description": "The tree ID of the tree you wish to get a public key for",
340 "name": "treeID",
341 "in": "query"
342 }
343 ],
344 "responses": {
345 "200": {
346 "description": "The public key",
347 "schema": {
348 "type": "string"
349 }
350 },
351 "default": {
352 "$ref": "#/responses/InternalServerError"
353 }
354 }
355 }
356 }
357 },
358 "definitions": {
359 "ConsistencyProof": {
360 "type": "object",
361 "required": [
362 "rootHash",
363 "hashes"
364 ],
365 "properties": {
366 "hashes": {
367 "type": "array",
368 "items": {
369 "description": "SHA256 hash value expressed in hexadecimal format",
370 "type": "string",
371 "pattern": "^[0-9a-fA-F]{64}$"
372 }
373 },
374 "rootHash": {
375 "description": "The hash value stored at the root of the merkle tree at the time the proof was generated",
376 "type": "string",
377 "pattern": "^[0-9a-fA-F]{64}$"
378 }
379 }
380 },
381 "Error": {
382 "type": "object",
383 "properties": {
384 "code": {
385 "type": "integer"
386 },
387 "message": {
388 "type": "string"
389 }
390 }
391 },
392 "InactiveShardLogInfo": {
393 "type": "object",
394 "required": [
395 "rootHash",
396 "treeSize",
397 "signedTreeHead",
398 "treeID"
399 ],
400 "properties": {
401 "rootHash": {
402 "description": "The current hash value stored at the root of the merkle tree",
403 "type": "string",
404 "pattern": "^[0-9a-fA-F]{64}$"
405 },
406 "signedTreeHead": {
407 "description": "The current signed tree head",
408 "type": "string",
409 "format": "signedCheckpoint"
410 },
411 "treeID": {
412 "description": "The current treeID",
413 "type": "string",
414 "pattern": "^[0-9]+$"
415 },
416 "treeSize": {
417 "description": "The current number of nodes in the merkle tree",
418 "type": "integer",
419 "minimum": 1
420 }
421 }
422 },
423 "InclusionProof": {
424 "type": "object",
425 "required": [
426 "logIndex",
427 "rootHash",
428 "treeSize",
429 "hashes",
430 "checkpoint"
431 ],
432 "properties": {
433 "checkpoint": {
434 "description": "The checkpoint (signed tree head) that the inclusion proof is based on",
435 "type": "string",
436 "format": "signedCheckpoint"
437 },
438 "hashes": {
439 "description": "A list of hashes required to compute the inclusion proof, sorted in order from leaf to root",
440 "type": "array",
441 "items": {
442 "description": "SHA256 hash value expressed in hexadecimal format",
443 "type": "string",
444 "pattern": "^[0-9a-fA-F]{64}$"
445 }
446 },
447 "logIndex": {
448 "description": "The index of the entry in the transparency log",
449 "type": "integer"
450 },
451 "rootHash": {
452 "description": "The hash value stored at the root of the merkle tree at the time the proof was generated",
453 "type": "string",
454 "pattern": "^[0-9a-fA-F]{64}$"
455 },
456 "treeSize": {
457 "description": "The size of the merkle tree at the time the inclusion proof was generated",
458 "type": "integer",
459 "minimum": 1
460 }
461 }
462 },
463 "LogEntry": {
464 "type": "object",
465 "additionalProperties": {
466 "type": "object",
467 "required": [
468 "logID",
469 "logIndex",
470 "body",
471 "integratedTime"
472 ],
473 "properties": {
474 "attestation": {
475 "type": "object",
476 "format": "byte",
477 "properties": {
478 "data": {
479 "format": "byte"
480 }
481 }
482 },
483 "body": {
484 "type": "object",
485 "additionalProperties": true
486 },
487 "integratedTime": {
488 "description": "The time the entry was added to the log as a Unix timestamp in seconds",
489 "type": "integer"
490 },
491 "logID": {
492 "description": "This is the SHA256 hash of the DER-encoded public key for the log at the time the entry was included in the log",
493 "type": "string",
494 "pattern": "^[0-9a-fA-F]{64}$"
495 },
496 "logIndex": {
497 "type": "integer"
498 },
499 "verification": {
500 "type": "object",
501 "properties": {
502 "inclusionProof": {
503 "$ref": "#/definitions/InclusionProof"
504 },
505 "signedEntryTimestamp": {
506 "description": "Signature over the logID, logIndex, body and integratedTime.",
507 "type": "string",
508 "format": "byte"
509 }
510 }
511 }
512 }
513 }
514 },
515 "LogInfo": {
516 "type": "object",
517 "required": [
518 "rootHash",
519 "treeSize",
520 "signedTreeHead",
521 "treeID"
522 ],
523 "properties": {
524 "inactiveShards": {
525 "type": "array",
526 "items": {
527 "$ref": "#/definitions/InactiveShardLogInfo"
528 }
529 },
530 "rootHash": {
531 "description": "The current hash value stored at the root of the merkle tree",
532 "type": "string",
533 "pattern": "^[0-9a-fA-F]{64}$"
534 },
535 "signedTreeHead": {
536 "description": "The current signed tree head",
537 "type": "string",
538 "format": "signedCheckpoint"
539 },
540 "treeID": {
541 "description": "The current treeID",
542 "type": "string",
543 "pattern": "^[0-9]+$"
544 },
545 "treeSize": {
546 "description": "The current number of nodes in the merkle tree",
547 "type": "integer",
548 "minimum": 1
549 }
550 }
551 },
552 "ProposedEntry": {
553 "type": "object",
554 "required": [
555 "kind"
556 ],
557 "properties": {
558 "kind": {
559 "type": "string"
560 }
561 },
562 "discriminator": "kind"
563 },
564 "SearchIndex": {
565 "type": "object",
566 "properties": {
567 "email": {
568 "type": "string",
569 "format": "email"
570 },
571 "hash": {
572 "type": "string",
573 "pattern": "^(sha512:)?[0-9a-fA-F]{128}$|^(sha256:)?[0-9a-fA-F]{64}$|^(sha1:)?[0-9a-fA-F]{40}$"
574 },
575 "operator": {
576 "type": "string",
577 "enum": [
578 "and",
579 "or"
580 ]
581 },
582 "publicKey": {
583 "type": "object",
584 "required": [
585 "format"
586 ],
587 "properties": {
588 "content": {
589 "type": "string",
590 "format": "byte"
591 },
592 "format": {
593 "type": "string",
594 "enum": [
595 "pgp",
596 "x509",
597 "minisign",
598 "ssh",
599 "tuf"
600 ]
601 },
602 "url": {
603 "type": "string",
604 "format": "uri"
605 }
606 }
607 }
608 }
609 },
610 "SearchLogQuery": {
611 "type": "object",
612 "properties": {
613 "entries": {
614 "type": "array",
615 "maxItems": 10,
616 "minItems": 1,
617 "items": {
618 "$ref": "#/definitions/ProposedEntry"
619 }
620 },
621 "entryUUIDs": {
622 "type": "array",
623 "maxItems": 10,
624 "minItems": 1,
625 "items": {
626 "type": "string",
627 "pattern": "^([0-9a-fA-F]{64}|[0-9a-fA-F]{80})$"
628 }
629 },
630 "logIndexes": {
631 "type": "array",
632 "maxItems": 10,
633 "minItems": 1,
634 "items": {
635 "type": "integer"
636 }
637 }
638 }
639 },
640 "alpine": {
641 "description": "Alpine package",
642 "type": "object",
643 "allOf": [
644 {
645 "$ref": "#/definitions/ProposedEntry"
646 },
647 {
648 "required": [
649 "apiVersion",
650 "spec"
651 ],
652 "properties": {
653 "apiVersion": {
654 "type": "string",
655 "pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$"
656 },
657 "spec": {
658 "type": "object",
659 "$ref": "pkg/types/alpine/alpine_schema.json"
660 }
661 },
662 "additionalProperties": false
663 }
664 ]
665 },
666 "cose": {
667 "description": "COSE object",
668 "type": "object",
669 "allOf": [
670 {
671 "$ref": "#/definitions/ProposedEntry"
672 },
673 {
674 "required": [
675 "apiVersion",
676 "spec"
677 ],
678 "properties": {
679 "apiVersion": {
680 "type": "string",
681 "pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$"
682 },
683 "spec": {
684 "type": "object",
685 "$ref": "pkg/types/cose/cose_schema.json"
686 }
687 },
688 "additionalProperties": false
689 }
690 ]
691 },
692 "dsse": {
693 "description": "DSSE envelope",
694 "type": "object",
695 "allOf": [
696 {
697 "$ref": "#/definitions/ProposedEntry"
698 },
699 {
700 "required": [
701 "apiVersion",
702 "spec"
703 ],
704 "properties": {
705 "apiVersion": {
706 "type": "string",
707 "pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$"
708 },
709 "spec": {
710 "type": "object",
711 "$ref": "pkg/types/dsse/dsse_schema.json"
712 }
713 },
714 "additionalProperties": false
715 }
716 ]
717 },
718 "hashedrekord": {
719 "description": "Hashed Rekord object",
720 "type": "object",
721 "allOf": [
722 {
723 "$ref": "#/definitions/ProposedEntry"
724 },
725 {
726 "required": [
727 "apiVersion",
728 "spec"
729 ],
730 "properties": {
731 "apiVersion": {
732 "type": "string",
733 "pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$"
734 },
735 "spec": {
736 "type": "object",
737 "$ref": "pkg/types/hashedrekord/hashedrekord_schema.json"
738 }
739 },
740 "additionalProperties": false
741 }
742 ]
743 },
744 "helm": {
745 "description": "Helm chart",
746 "type": "object",
747 "allOf": [
748 {
749 "$ref": "#/definitions/ProposedEntry"
750 },
751 {
752 "required": [
753 "apiVersion",
754 "spec"
755 ],
756 "properties": {
757 "apiVersion": {
758 "type": "string",
759 "pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$"
760 },
761 "spec": {
762 "type": "object",
763 "$ref": "pkg/types/helm/helm_schema.json"
764 }
765 }
766 }
767 ]
768 },
769 "intoto": {
770 "description": "Intoto object",
771 "type": "object",
772 "allOf": [
773 {
774 "$ref": "#/definitions/ProposedEntry"
775 },
776 {
777 "required": [
778 "apiVersion",
779 "spec"
780 ],
781 "properties": {
782 "apiVersion": {
783 "type": "string",
784 "pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$"
785 },
786 "spec": {
787 "type": "object",
788 "$ref": "pkg/types/intoto/intoto_schema.json"
789 }
790 },
791 "additionalProperties": false
792 }
793 ]
794 },
795 "jar": {
796 "description": "Java Archive (JAR)",
797 "type": "object",
798 "allOf": [
799 {
800 "$ref": "#/definitions/ProposedEntry"
801 },
802 {
803 "required": [
804 "apiVersion",
805 "spec"
806 ],
807 "properties": {
808 "apiVersion": {
809 "type": "string",
810 "pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$"
811 },
812 "spec": {
813 "type": "object",
814 "$ref": "pkg/types/jar/jar_schema.json"
815 }
816 },
817 "additionalProperties": false
818 }
819 ]
820 },
821 "rekord": {
822 "description": "Rekord object",
823 "type": "object",
824 "allOf": [
825 {
826 "$ref": "#/definitions/ProposedEntry"
827 },
828 {
829 "required": [
830 "apiVersion",
831 "spec"
832 ],
833 "properties": {
834 "apiVersion": {
835 "type": "string",
836 "pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$"
837 },
838 "spec": {
839 "type": "object",
840 "$ref": "pkg/types/rekord/rekord_schema.json"
841 }
842 },
843 "additionalProperties": false
844 }
845 ]
846 },
847 "rfc3161": {
848 "description": "RFC3161 Timestamp",
849 "type": "object",
850 "allOf": [
851 {
852 "$ref": "#/definitions/ProposedEntry"
853 },
854 {
855 "required": [
856 "apiVersion",
857 "spec"
858 ],
859 "properties": {
860 "apiVersion": {
861 "type": "string",
862 "pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$"
863 },
864 "spec": {
865 "type": "object",
866 "$ref": "pkg/types/rfc3161/rfc3161_schema.json"
867 }
868 },
869 "additionalProperties": false
870 }
871 ]
872 },
873 "rpm": {
874 "description": "RPM package",
875 "type": "object",
876 "allOf": [
877 {
878 "$ref": "#/definitions/ProposedEntry"
879 },
880 {
881 "required": [
882 "apiVersion",
883 "spec"
884 ],
885 "properties": {
886 "apiVersion": {
887 "type": "string",
888 "pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$"
889 },
890 "spec": {
891 "type": "object",
892 "$ref": "pkg/types/rpm/rpm_schema.json"
893 }
894 },
895 "additionalProperties": false
896 }
897 ]
898 },
899 "tuf": {
900 "description": "TUF metadata",
901 "type": "object",
902 "allOf": [
903 {
904 "$ref": "#/definitions/ProposedEntry"
905 },
906 {
907 "required": [
908 "apiVersion",
909 "spec"
910 ],
911 "properties": {
912 "apiVersion": {
913 "type": "string",
914 "pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$"
915 },
916 "spec": {
917 "type": "object",
918 "$ref": "pkg/types/tuf/tuf_schema.json"
919 }
920 },
921 "additionalProperties": false
922 }
923 ]
924 }
925 },
926 "responses": {
927 "BadContent": {
928 "description": "The content supplied to the server was invalid",
929 "schema": {
930 "$ref": "#/definitions/Error"
931 }
932 },
933 "Conflict": {
934 "description": "The request conflicts with the current state of the transparency log",
935 "schema": {
936 "$ref": "#/definitions/Error"
937 },
938 "headers": {
939 "Location": {
940 "type": "string",
941 "format": "uri"
942 }
943 }
944 },
945 "InternalServerError": {
946 "description": "There was an internal error in the server while processing the request",
947 "schema": {
948 "$ref": "#/definitions/Error"
949 }
950 },
951 "NotFound": {
952 "description": "The content requested could not be found"
953 },
954 "UnprocessableEntity": {
955 "description": "The server understood the request but is unable to process the contained instructions",
956 "schema": {
957 "$ref": "#/definitions/Error"
958 }
959 }
960 }
961 }`))
962 FlatSwaggerJSON = json.RawMessage([]byte(`{
963 "consumes": [
964 "application/json"
965 ],
966 "produces": [
967 "application/json"
968 ],
969 "schemes": [
970 "http"
971 ],
972 "swagger": "2.0",
973 "info": {
974 "description": "Rekor is a cryptographically secure, immutable transparency log for signed software releases.",
975 "title": "Rekor",
976 "version": "1.0.0"
977 },
978 "host": "rekor.sigstore.dev",
979 "paths": {
980 "/api/v1/index/retrieve": {
981 "post": {
982 "description": "EXPERIMENTAL - this endpoint is offered as best effort only and may be changed or removed in future releases.\nThe results returned from this endpoint may be incomplete.\n",
983 "tags": [
984 "index"
985 ],
986 "summary": "Searches index by entry metadata",
987 "operationId": "searchIndex",
988 "deprecated": true,
989 "parameters": [
990 {
991 "name": "query",
992 "in": "body",
993 "required": true,
994 "schema": {
995 "$ref": "#/definitions/SearchIndex"
996 }
997 }
998 ],
999 "responses": {
1000 "200": {
1001 "description": "Returns zero or more entry UUIDs from the transparency log based on search query",
1002 "schema": {
1003 "type": "array",
1004 "items": {
1005 "description": "Entry UUID in transparency log",
1006 "type": "string",
1007 "pattern": "^([0-9a-fA-F]{64}|[0-9a-fA-F]{80})$"
1008 }
1009 }
1010 },
1011 "400": {
1012 "description": "The content supplied to the server was invalid",
1013 "schema": {
1014 "$ref": "#/definitions/Error"
1015 }
1016 },
1017 "default": {
1018 "description": "There was an internal error in the server while processing the request",
1019 "schema": {
1020 "$ref": "#/definitions/Error"
1021 }
1022 }
1023 }
1024 }
1025 },
1026 "/api/v1/log": {
1027 "get": {
1028 "description": "Returns the current root hash and size of the merkle tree used to store the log entries.",
1029 "tags": [
1030 "tlog"
1031 ],
1032 "summary": "Get information about the current state of the transparency log",
1033 "operationId": "getLogInfo",
1034 "parameters": [
1035 {
1036 "type": "boolean",
1037 "default": false,
1038 "description": "Whether to return a stable checkpoint for the active shard",
1039 "name": "stable",
1040 "in": "query"
1041 }
1042 ],
1043 "responses": {
1044 "200": {
1045 "description": "A JSON object with the root hash and tree size as properties",
1046 "schema": {
1047 "$ref": "#/definitions/LogInfo"
1048 }
1049 },
1050 "default": {
1051 "description": "There was an internal error in the server while processing the request",
1052 "schema": {
1053 "$ref": "#/definitions/Error"
1054 }
1055 }
1056 }
1057 }
1058 },
1059 "/api/v1/log/entries": {
1060 "get": {
1061 "tags": [
1062 "entries"
1063 ],
1064 "summary": "Retrieves an entry and inclusion proof from the transparency log (if it exists) by index",
1065 "operationId": "getLogEntryByIndex",
1066 "parameters": [
1067 {
1068 "minimum": 0,
1069 "type": "integer",
1070 "description": "specifies the index of the entry in the transparency log to be retrieved",
1071 "name": "logIndex",
1072 "in": "query",
1073 "required": true
1074 }
1075 ],
1076 "responses": {
1077 "200": {
1078 "description": "the entry in the transparency log requested along with an inclusion proof",
1079 "schema": {
1080 "$ref": "#/definitions/LogEntry"
1081 }
1082 },
1083 "404": {
1084 "description": "The content requested could not be found"
1085 },
1086 "default": {
1087 "description": "There was an internal error in the server while processing the request",
1088 "schema": {
1089 "$ref": "#/definitions/Error"
1090 }
1091 }
1092 }
1093 },
1094 "post": {
1095 "description": "Creates an entry in the transparency log for a detached signature, public key, and content. Items can be included in the request or fetched by the server when URLs are specified.\n",
1096 "tags": [
1097 "entries"
1098 ],
1099 "summary": "Creates an entry in the transparency log",
1100 "operationId": "createLogEntry",
1101 "parameters": [
1102 {
1103 "name": "proposedEntry",
1104 "in": "body",
1105 "required": true,
1106 "schema": {
1107 "$ref": "#/definitions/ProposedEntry"
1108 }
1109 }
1110 ],
1111 "responses": {
1112 "201": {
1113 "description": "Returns the entry created in the transparency log",
1114 "schema": {
1115 "$ref": "#/definitions/LogEntry"
1116 },
1117 "headers": {
1118 "ETag": {
1119 "type": "string",
1120 "description": "UUID of log entry"
1121 },
1122 "Location": {
1123 "type": "string",
1124 "format": "uri",
1125 "description": "URI location of log entry"
1126 }
1127 }
1128 },
1129 "400": {
1130 "description": "The content supplied to the server was invalid",
1131 "schema": {
1132 "$ref": "#/definitions/Error"
1133 }
1134 },
1135 "409": {
1136 "description": "The request conflicts with the current state of the transparency log",
1137 "schema": {
1138 "$ref": "#/definitions/Error"
1139 },
1140 "headers": {
1141 "Location": {
1142 "type": "string",
1143 "format": "uri"
1144 }
1145 }
1146 },
1147 "default": {
1148 "description": "There was an internal error in the server while processing the request",
1149 "schema": {
1150 "$ref": "#/definitions/Error"
1151 }
1152 }
1153 }
1154 }
1155 },
1156 "/api/v1/log/entries/retrieve": {
1157 "post": {
1158 "tags": [
1159 "entries"
1160 ],
1161 "summary": "Searches transparency log for one or more log entries",
1162 "operationId": "searchLogQuery",
1163 "parameters": [
1164 {
1165 "name": "entry",
1166 "in": "body",
1167 "required": true,
1168 "schema": {
1169 "$ref": "#/definitions/SearchLogQuery"
1170 }
1171 }
1172 ],
1173 "responses": {
1174 "200": {
1175 "description": "Returns zero or more entries from the transparency log, according to how many were included in request query",
1176 "schema": {
1177 "type": "array",
1178 "items": {
1179 "$ref": "#/definitions/LogEntry"
1180 }
1181 }
1182 },
1183 "400": {
1184 "description": "The content supplied to the server was invalid",
1185 "schema": {
1186 "$ref": "#/definitions/Error"
1187 }
1188 },
1189 "422": {
1190 "description": "The server understood the request but is unable to process the contained instructions",
1191 "schema": {
1192 "$ref": "#/definitions/Error"
1193 }
1194 },
1195 "default": {
1196 "description": "There was an internal error in the server while processing the request",
1197 "schema": {
1198 "$ref": "#/definitions/Error"
1199 }
1200 }
1201 }
1202 }
1203 },
1204 "/api/v1/log/entries/{entryUUID}": {
1205 "get": {
1206 "description": "Returns the entry, root hash, tree size, and a list of hashes that can be used to calculate proof of an entry being included in the transparency log",
1207 "tags": [
1208 "entries"
1209 ],
1210 "summary": "Get log entry and information required to generate an inclusion proof for the entry in the transparency log",
1211 "operationId": "getLogEntryByUUID",
1212 "parameters": [
1213 {
1214 "pattern": "^([0-9a-fA-F]{64}|[0-9a-fA-F]{80})$",
1215 "type": "string",
1216 "description": "the UUID of the entry for which the inclusion proof information should be returned",
1217 "name": "entryUUID",
1218 "in": "path",
1219 "required": true
1220 }
1221 ],
1222 "responses": {
1223 "200": {
1224 "description": "Information needed for a client to compute the inclusion proof",
1225 "schema": {
1226 "$ref": "#/definitions/LogEntry"
1227 }
1228 },
1229 "404": {
1230 "description": "The content requested could not be found"
1231 },
1232 "default": {
1233 "description": "There was an internal error in the server while processing the request",
1234 "schema": {
1235 "$ref": "#/definitions/Error"
1236 }
1237 }
1238 }
1239 }
1240 },
1241 "/api/v1/log/proof": {
1242 "get": {
1243 "description": "Returns a list of hashes for specified tree sizes that can be used to confirm the consistency of the transparency log",
1244 "tags": [
1245 "tlog"
1246 ],
1247 "summary": "Get information required to generate a consistency proof for the transparency log",
1248 "operationId": "getLogProof",
1249 "parameters": [
1250 {
1251 "minimum": 1,
1252 "type": "integer",
1253 "default": 1,
1254 "description": "The size of the tree that you wish to prove consistency from (1 means the beginning of the log) Defaults to 1 if not specified\n",
1255 "name": "firstSize",
1256 "in": "query"
1257 },
1258 {
1259 "minimum": 1,
1260 "type": "integer",
1261 "description": "The size of the tree that you wish to prove consistency to",
1262 "name": "lastSize",
1263 "in": "query",
1264 "required": true
1265 },
1266 {
1267 "pattern": "^[0-9]+$",
1268 "type": "string",
1269 "description": "The tree ID of the tree that you wish to prove consistency for",
1270 "name": "treeID",
1271 "in": "query"
1272 }
1273 ],
1274 "responses": {
1275 "200": {
1276 "description": "All hashes required to compute the consistency proof",
1277 "schema": {
1278 "$ref": "#/definitions/ConsistencyProof"
1279 }
1280 },
1281 "400": {
1282 "description": "The content supplied to the server was invalid",
1283 "schema": {
1284 "$ref": "#/definitions/Error"
1285 }
1286 },
1287 "default": {
1288 "description": "There was an internal error in the server while processing the request",
1289 "schema": {
1290 "$ref": "#/definitions/Error"
1291 }
1292 }
1293 }
1294 }
1295 },
1296 "/api/v1/log/publicKey": {
1297 "get": {
1298 "description": "Returns the public key that can be used to validate the signed tree head",
1299 "produces": [
1300 "application/x-pem-file"
1301 ],
1302 "tags": [
1303 "pubkey"
1304 ],
1305 "summary": "Retrieve the public key that can be used to validate the signed tree head",
1306 "operationId": "getPublicKey",
1307 "parameters": [
1308 {
1309 "pattern": "^[0-9]+$",
1310 "type": "string",
1311 "description": "The tree ID of the tree you wish to get a public key for",
1312 "name": "treeID",
1313 "in": "query"
1314 }
1315 ],
1316 "responses": {
1317 "200": {
1318 "description": "The public key",
1319 "schema": {
1320 "type": "string"
1321 }
1322 },
1323 "default": {
1324 "description": "There was an internal error in the server while processing the request",
1325 "schema": {
1326 "$ref": "#/definitions/Error"
1327 }
1328 }
1329 }
1330 }
1331 }
1332 },
1333 "definitions": {
1334 "AlpineV001SchemaPackage": {
1335 "description": "Information about the package associated with the entry",
1336 "type": "object",
1337 "oneOf": [
1338 {
1339 "required": [
1340 "hash"
1341 ]
1342 },
1343 {
1344 "required": [
1345 "content"
1346 ]
1347 }
1348 ],
1349 "properties": {
1350 "content": {
1351 "description": "Specifies the package inline within the document",
1352 "type": "string",
1353 "format": "byte",
1354 "writeOnly": true
1355 },
1356 "hash": {
1357 "description": "Specifies the hash algorithm and value for the package",
1358 "type": "object",
1359 "required": [
1360 "algorithm",
1361 "value"
1362 ],
1363 "properties": {
1364 "algorithm": {
1365 "description": "The hashing function used to compute the hash value",
1366 "type": "string",
1367 "enum": [
1368 "sha256"
1369 ]
1370 },
1371 "value": {
1372 "description": "The hash value for the package",
1373 "type": "string"
1374 }
1375 },
1376 "readOnly": true
1377 },
1378 "pkginfo": {
1379 "description": "Values of the .PKGINFO key / value pairs",
1380 "type": "object",
1381 "additionalProperties": {
1382 "type": "string"
1383 },
1384 "readOnly": true
1385 }
1386 }
1387 },
1388 "AlpineV001SchemaPackageHash": {
1389 "description": "Specifies the hash algorithm and value for the package",
1390 "type": "object",
1391 "required": [
1392 "algorithm",
1393 "value"
1394 ],
1395 "properties": {
1396 "algorithm": {
1397 "description": "The hashing function used to compute the hash value",
1398 "type": "string",
1399 "enum": [
1400 "sha256"
1401 ]
1402 },
1403 "value": {
1404 "description": "The hash value for the package",
1405 "type": "string"
1406 }
1407 },
1408 "readOnly": true
1409 },
1410 "AlpineV001SchemaPublicKey": {
1411 "description": "The public key that can verify the package signature",
1412 "type": "object",
1413 "required": [
1414 "content"
1415 ],
1416 "properties": {
1417 "content": {
1418 "description": "Specifies the content of the public key inline within the document",
1419 "type": "string",
1420 "format": "byte"
1421 }
1422 }
1423 },
1424 "ConsistencyProof": {
1425 "type": "object",
1426 "required": [
1427 "rootHash",
1428 "hashes"
1429 ],
1430 "properties": {
1431 "hashes": {
1432 "type": "array",
1433 "items": {
1434 "description": "SHA256 hash value expressed in hexadecimal format",
1435 "type": "string",
1436 "pattern": "^[0-9a-fA-F]{64}$"
1437 }
1438 },
1439 "rootHash": {
1440 "description": "The hash value stored at the root of the merkle tree at the time the proof was generated",
1441 "type": "string",
1442 "pattern": "^[0-9a-fA-F]{64}$"
1443 }
1444 }
1445 },
1446 "CoseV001SchemaData": {
1447 "description": "Information about the content associated with the entry",
1448 "type": "object",
1449 "properties": {
1450 "aad": {
1451 "description": "Specifies the additional authenticated data required to verify the signature",
1452 "type": "string",
1453 "format": "byte",
1454 "writeOnly": true
1455 },
1456 "envelopeHash": {
1457 "description": "Specifies the hash algorithm and value for the COSE envelope",
1458 "type": "object",
1459 "required": [
1460 "algorithm",
1461 "value"
1462 ],
1463 "properties": {
1464 "algorithm": {
1465 "description": "The hashing function used to compute the hash value",
1466 "type": "string",
1467 "enum": [
1468 "sha256"
1469 ]
1470 },
1471 "value": {
1472 "description": "The hash value for the envelope",
1473 "type": "string"
1474 }
1475 },
1476 "readOnly": true
1477 },
1478 "payloadHash": {
1479 "description": "Specifies the hash algorithm and value for the content",
1480 "type": "object",
1481 "required": [
1482 "algorithm",
1483 "value"
1484 ],
1485 "properties": {
1486 "algorithm": {
1487 "description": "The hashing function used to compute the hash value",
1488 "type": "string",
1489 "enum": [
1490 "sha256"
1491 ]
1492 },
1493 "value": {
1494 "description": "The hash value for the content",
1495 "type": "string"
1496 }
1497 },
1498 "readOnly": true
1499 }
1500 }
1501 },
1502 "CoseV001SchemaDataEnvelopeHash": {
1503 "description": "Specifies the hash algorithm and value for the COSE envelope",
1504 "type": "object",
1505 "required": [
1506 "algorithm",
1507 "value"
1508 ],
1509 "properties": {
1510 "algorithm": {
1511 "description": "The hashing function used to compute the hash value",
1512 "type": "string",
1513 "enum": [
1514 "sha256"
1515 ]
1516 },
1517 "value": {
1518 "description": "The hash value for the envelope",
1519 "type": "string"
1520 }
1521 },
1522 "readOnly": true
1523 },
1524 "CoseV001SchemaDataPayloadHash": {
1525 "description": "Specifies the hash algorithm and value for the content",
1526 "type": "object",
1527 "required": [
1528 "algorithm",
1529 "value"
1530 ],
1531 "properties": {
1532 "algorithm": {
1533 "description": "The hashing function used to compute the hash value",
1534 "type": "string",
1535 "enum": [
1536 "sha256"
1537 ]
1538 },
1539 "value": {
1540 "description": "The hash value for the content",
1541 "type": "string"
1542 }
1543 },
1544 "readOnly": true
1545 },
1546 "DSSEV001SchemaEnvelopeHash": {
1547 "description": "Specifies the hash algorithm and value encompassing the entire envelope sent to Rekor",
1548 "type": "object",
1549 "required": [
1550 "algorithm",
1551 "value"
1552 ],
1553 "properties": {
1554 "algorithm": {
1555 "description": "The hashing function used to compute the hash value",
1556 "type": "string",
1557 "enum": [
1558 "sha256"
1559 ]
1560 },
1561 "value": {
1562 "description": "The value of the computed digest over the entire envelope",
1563 "type": "string"
1564 }
1565 },
1566 "readOnly": true
1567 },
1568 "DSSEV001SchemaPayloadHash": {
1569 "description": "Specifies the hash algorithm and value covering the payload within the DSSE envelope",
1570 "type": "object",
1571 "required": [
1572 "algorithm",
1573 "value"
1574 ],
1575 "properties": {
1576 "algorithm": {
1577 "description": "The hashing function used to compute the hash value",
1578 "type": "string",
1579 "enum": [
1580 "sha256"
1581 ]
1582 },
1583 "value": {
1584 "description": "The value of the computed digest over the payload within the envelope",
1585 "type": "string"
1586 }
1587 },
1588 "readOnly": true
1589 },
1590 "DSSEV001SchemaProposedContent": {
1591 "type": "object",
1592 "required": [
1593 "envelope",
1594 "verifiers"
1595 ],
1596 "properties": {
1597 "envelope": {
1598 "description": "DSSE envelope specified as a stringified JSON object",
1599 "type": "string",
1600 "writeOnly": true
1601 },
1602 "verifiers": {
1603 "description": "collection of all verification material (e.g. public keys or certificates) used to verify signatures over envelope's payload, specified as base64-encoded strings",
1604 "type": "array",
1605 "minItems": 1,
1606 "items": {
1607 "type": "string",
1608 "format": "byte"
1609 },
1610 "writeOnly": true
1611 }
1612 },
1613 "writeOnly": true
1614 },
1615 "DSSEV001SchemaSignaturesItems0": {
1616 "description": "a signature of the envelope's payload along with the verification material for the signature",
1617 "type": "object",
1618 "required": [
1619 "signature",
1620 "verifier"
1621 ],
1622 "properties": {
1623 "signature": {
1624 "description": "base64 encoded signature of the payload",
1625 "type": "string",
1626 "pattern": "^(?:[A-Za-z0-9+\\/]{4})*(?:[A-Za-z0-9+\\/]{2}==|[A-Za-z0-9+\\/]{3}=|[A-Za-z0-9+\\/]{4})$"
1627 },
1628 "verifier": {
1629 "description": "verification material that was used to verify the corresponding signature, specified as a base64 encoded string",
1630 "type": "string",
1631 "format": "byte"
1632 }
1633 }
1634 },
1635 "Error": {
1636 "type": "object",
1637 "properties": {
1638 "code": {
1639 "type": "integer"
1640 },
1641 "message": {
1642 "type": "string"
1643 }
1644 }
1645 },
1646 "HashedrekordV001SchemaData": {
1647 "description": "Information about the content associated with the entry",
1648 "type": "object",
1649 "properties": {
1650 "hash": {
1651 "description": "Specifies the hash algorithm and value for the content",
1652 "type": "object",
1653 "required": [
1654 "algorithm",
1655 "value"
1656 ],
1657 "properties": {
1658 "algorithm": {
1659 "description": "The hashing function used to compute the hash value",
1660 "type": "string",
1661 "enum": [
1662 "sha256",
1663 "sha384",
1664 "sha512"
1665 ]
1666 },
1667 "value": {
1668 "description": "The hash value for the content, as represented by a lower case hexadecimal string",
1669 "type": "string"
1670 }
1671 }
1672 }
1673 }
1674 },
1675 "HashedrekordV001SchemaDataHash": {
1676 "description": "Specifies the hash algorithm and value for the content",
1677 "type": "object",
1678 "required": [
1679 "algorithm",
1680 "value"
1681 ],
1682 "properties": {
1683 "algorithm": {
1684 "description": "The hashing function used to compute the hash value",
1685 "type": "string",
1686 "enum": [
1687 "sha256",
1688 "sha384",
1689 "sha512"
1690 ]
1691 },
1692 "value": {
1693 "description": "The hash value for the content, as represented by a lower case hexadecimal string",
1694 "type": "string"
1695 }
1696 }
1697 },
1698 "HashedrekordV001SchemaSignature": {
1699 "description": "Information about the detached signature associated with the entry",
1700 "type": "object",
1701 "properties": {
1702 "content": {
1703 "description": "Specifies the content of the signature inline within the document",
1704 "type": "string",
1705 "format": "byte"
1706 },
1707 "publicKey": {
1708 "description": "The public key that can verify the signature; this can also be an X509 code signing certificate that contains the raw public key information",
1709 "type": "object",
1710 "properties": {
1711 "content": {
1712 "description": "Specifies the content of the public key or code signing certificate inline within the document",
1713 "type": "string",
1714 "format": "byte"
1715 }
1716 }
1717 }
1718 }
1719 },
1720 "HashedrekordV001SchemaSignaturePublicKey": {
1721 "description": "The public key that can verify the signature; this can also be an X509 code signing certificate that contains the raw public key information",
1722 "type": "object",
1723 "properties": {
1724 "content": {
1725 "description": "Specifies the content of the public key or code signing certificate inline within the document",
1726 "type": "string",
1727 "format": "byte"
1728 }
1729 }
1730 },
1731 "HelmV001SchemaChart": {
1732 "description": "Information about the Helm chart associated with the entry",
1733 "type": "object",
1734 "required": [
1735 "provenance"
1736 ],
1737 "properties": {
1738 "hash": {
1739 "description": "Specifies the hash algorithm and value for the chart",
1740 "type": "object",
1741 "required": [
1742 "algorithm",
1743 "value"
1744 ],
1745 "properties": {
1746 "algorithm": {
1747 "description": "The hashing function used to compute the hash value",
1748 "type": "string",
1749 "enum": [
1750 "sha256"
1751 ]
1752 },
1753 "value": {
1754 "description": "The hash value for the chart",
1755 "type": "string"
1756 }
1757 },
1758 "readOnly": true
1759 },
1760 "provenance": {
1761 "description": "The provenance entry associated with the signed Helm Chart",
1762 "type": "object",
1763 "oneOf": [
1764 {
1765 "required": [
1766 "signature"
1767 ]
1768 },
1769 {
1770 "required": [
1771 "content"
1772 ]
1773 }
1774 ],
1775 "properties": {
1776 "content": {
1777 "description": "Specifies the content of the provenance file inline within the document",
1778 "type": "string",
1779 "format": "byte",
1780 "writeOnly": true
1781 },
1782 "signature": {
1783 "description": "Information about the included signature in the provenance file",
1784 "type": "object",
1785 "required": [
1786 "content"
1787 ],
1788 "properties": {
1789 "content": {
1790 "description": "Specifies the signature embedded within the provenance file ",
1791 "type": "string",
1792 "format": "byte",
1793 "readOnly": true
1794 }
1795 },
1796 "readOnly": true
1797 }
1798 }
1799 }
1800 }
1801 },
1802 "HelmV001SchemaChartHash": {
1803 "description": "Specifies the hash algorithm and value for the chart",
1804 "type": "object",
1805 "required": [
1806 "algorithm",
1807 "value"
1808 ],
1809 "properties": {
1810 "algorithm": {
1811 "description": "The hashing function used to compute the hash value",
1812 "type": "string",
1813 "enum": [
1814 "sha256"
1815 ]
1816 },
1817 "value": {
1818 "description": "The hash value for the chart",
1819 "type": "string"
1820 }
1821 },
1822 "readOnly": true
1823 },
1824 "HelmV001SchemaChartProvenance": {
1825 "description": "The provenance entry associated with the signed Helm Chart",
1826 "type": "object",
1827 "oneOf": [
1828 {
1829 "required": [
1830 "signature"
1831 ]
1832 },
1833 {
1834 "required": [
1835 "content"
1836 ]
1837 }
1838 ],
1839 "properties": {
1840 "content": {
1841 "description": "Specifies the content of the provenance file inline within the document",
1842 "type": "string",
1843 "format": "byte",
1844 "writeOnly": true
1845 },
1846 "signature": {
1847 "description": "Information about the included signature in the provenance file",
1848 "type": "object",
1849 "required": [
1850 "content"
1851 ],
1852 "properties": {
1853 "content": {
1854 "description": "Specifies the signature embedded within the provenance file ",
1855 "type": "string",
1856 "format": "byte",
1857 "readOnly": true
1858 }
1859 },
1860 "readOnly": true
1861 }
1862 }
1863 },
1864 "HelmV001SchemaChartProvenanceSignature": {
1865 "description": "Information about the included signature in the provenance file",
1866 "type": "object",
1867 "required": [
1868 "content"
1869 ],
1870 "properties": {
1871 "content": {
1872 "description": "Specifies the signature embedded within the provenance file ",
1873 "type": "string",
1874 "format": "byte",
1875 "readOnly": true
1876 }
1877 },
1878 "readOnly": true
1879 },
1880 "HelmV001SchemaPublicKey": {
1881 "description": "The public key that can verify the package signature",
1882 "type": "object",
1883 "required": [
1884 "content"
1885 ],
1886 "properties": {
1887 "content": {
1888 "description": "Specifies the content of the public key inline within the document",
1889 "type": "string",
1890 "format": "byte"
1891 }
1892 }
1893 },
1894 "InactiveShardLogInfo": {
1895 "type": "object",
1896 "required": [
1897 "rootHash",
1898 "treeSize",
1899 "signedTreeHead",
1900 "treeID"
1901 ],
1902 "properties": {
1903 "rootHash": {
1904 "description": "The current hash value stored at the root of the merkle tree",
1905 "type": "string",
1906 "pattern": "^[0-9a-fA-F]{64}$"
1907 },
1908 "signedTreeHead": {
1909 "description": "The current signed tree head",
1910 "type": "string",
1911 "format": "signedCheckpoint"
1912 },
1913 "treeID": {
1914 "description": "The current treeID",
1915 "type": "string",
1916 "pattern": "^[0-9]+$"
1917 },
1918 "treeSize": {
1919 "description": "The current number of nodes in the merkle tree",
1920 "type": "integer",
1921 "minimum": 1
1922 }
1923 }
1924 },
1925 "InclusionProof": {
1926 "type": "object",
1927 "required": [
1928 "logIndex",
1929 "rootHash",
1930 "treeSize",
1931 "hashes",
1932 "checkpoint"
1933 ],
1934 "properties": {
1935 "checkpoint": {
1936 "description": "The checkpoint (signed tree head) that the inclusion proof is based on",
1937 "type": "string",
1938 "format": "signedCheckpoint"
1939 },
1940 "hashes": {
1941 "description": "A list of hashes required to compute the inclusion proof, sorted in order from leaf to root",
1942 "type": "array",
1943 "items": {
1944 "description": "SHA256 hash value expressed in hexadecimal format",
1945 "type": "string",
1946 "pattern": "^[0-9a-fA-F]{64}$"
1947 }
1948 },
1949 "logIndex": {
1950 "description": "The index of the entry in the transparency log",
1951 "type": "integer",
1952 "minimum": 0
1953 },
1954 "rootHash": {
1955 "description": "The hash value stored at the root of the merkle tree at the time the proof was generated",
1956 "type": "string",
1957 "pattern": "^[0-9a-fA-F]{64}$"
1958 },
1959 "treeSize": {
1960 "description": "The size of the merkle tree at the time the inclusion proof was generated",
1961 "type": "integer",
1962 "minimum": 1
1963 }
1964 }
1965 },
1966 "IntotoV001SchemaContent": {
1967 "type": "object",
1968 "properties": {
1969 "envelope": {
1970 "description": "envelope",
1971 "type": "string",
1972 "writeOnly": true
1973 },
1974 "hash": {
1975 "description": "Specifies the hash algorithm and value encompassing the entire signed envelope; this is computed by the rekor server, client-provided values are ignored",
1976 "type": "object",
1977 "required": [
1978 "algorithm",
1979 "value"
1980 ],
1981 "properties": {
1982 "algorithm": {
1983 "description": "The hashing function used to compute the hash value",
1984 "type": "string",
1985 "enum": [
1986 "sha256"
1987 ]
1988 },
1989 "value": {
1990 "description": "The hash value for the archive",
1991 "type": "string"
1992 }
1993 },
1994 "readOnly": true
1995 },
1996 "payloadHash": {
1997 "description": "Specifies the hash algorithm and value covering the payload within the DSSE envelope; this is computed by the rekor server, client-provided values are ignored",
1998 "type": "object",
1999 "required": [
2000 "algorithm",
2001 "value"
2002 ],
2003 "properties": {
2004 "algorithm": {
2005 "description": "The hashing function used to compute the hash value",
2006 "type": "string",
2007 "enum": [
2008 "sha256"
2009 ]
2010 },
2011 "value": {
2012 "description": "The hash value for the envelope's payload",
2013 "type": "string"
2014 }
2015 },
2016 "readOnly": true
2017 }
2018 }
2019 },
2020 "IntotoV001SchemaContentHash": {
2021 "description": "Specifies the hash algorithm and value encompassing the entire signed envelope; this is computed by the rekor server, client-provided values are ignored",
2022 "type": "object",
2023 "required": [
2024 "algorithm",
2025 "value"
2026 ],
2027 "properties": {
2028 "algorithm": {
2029 "description": "The hashing function used to compute the hash value",
2030 "type": "string",
2031 "enum": [
2032 "sha256"
2033 ]
2034 },
2035 "value": {
2036 "description": "The hash value for the archive",
2037 "type": "string"
2038 }
2039 },
2040 "readOnly": true
2041 },
2042 "IntotoV001SchemaContentPayloadHash": {
2043 "description": "Specifies the hash algorithm and value covering the payload within the DSSE envelope; this is computed by the rekor server, client-provided values are ignored",
2044 "type": "object",
2045 "required": [
2046 "algorithm",
2047 "value"
2048 ],
2049 "properties": {
2050 "algorithm": {
2051 "description": "The hashing function used to compute the hash value",
2052 "type": "string",
2053 "enum": [
2054 "sha256"
2055 ]
2056 },
2057 "value": {
2058 "description": "The hash value for the envelope's payload",
2059 "type": "string"
2060 }
2061 },
2062 "readOnly": true
2063 },
2064 "IntotoV002SchemaContent": {
2065 "type": "object",
2066 "required": [
2067 "envelope"
2068 ],
2069 "properties": {
2070 "envelope": {
2071 "description": "dsse envelope",
2072 "type": "object",
2073 "required": [
2074 "payloadType",
2075 "signatures"
2076 ],
2077 "properties": {
2078 "payload": {
2079 "description": "payload of the envelope",
2080 "type": "string",
2081 "format": "byte",
2082 "writeOnly": true
2083 },
2084 "payloadType": {
2085 "description": "type describing the payload",
2086 "type": "string"
2087 },
2088 "signatures": {
2089 "description": "collection of all signatures of the envelope's payload",
2090 "type": "array",
2091 "minItems": 1,
2092 "items": {
2093 "$ref": "#/definitions/IntotoV002SchemaContentEnvelopeSignaturesItems0"
2094 }
2095 }
2096 }
2097 },
2098 "hash": {
2099 "description": "Specifies the hash algorithm and value encompassing the entire signed envelope",
2100 "type": "object",
2101 "required": [
2102 "algorithm",
2103 "value"
2104 ],
2105 "properties": {
2106 "algorithm": {
2107 "description": "The hashing function used to compute the hash value",
2108 "type": "string",
2109 "enum": [
2110 "sha256"
2111 ]
2112 },
2113 "value": {
2114 "description": "The hash value for the archive",
2115 "type": "string"
2116 }
2117 },
2118 "readOnly": true
2119 },
2120 "payloadHash": {
2121 "description": "Specifies the hash algorithm and value covering the payload within the DSSE envelope",
2122 "type": "object",
2123 "required": [
2124 "algorithm",
2125 "value"
2126 ],
2127 "properties": {
2128 "algorithm": {
2129 "description": "The hashing function used to compute the hash value",
2130 "type": "string",
2131 "enum": [
2132 "sha256"
2133 ]
2134 },
2135 "value": {
2136 "description": "The hash value of the payload",
2137 "type": "string"
2138 }
2139 },
2140 "readOnly": true
2141 }
2142 }
2143 },
2144 "IntotoV002SchemaContentEnvelope": {
2145 "description": "dsse envelope",
2146 "type": "object",
2147 "required": [
2148 "payloadType",
2149 "signatures"
2150 ],
2151 "properties": {
2152 "payload": {
2153 "description": "payload of the envelope",
2154 "type": "string",
2155 "format": "byte",
2156 "writeOnly": true
2157 },
2158 "payloadType": {
2159 "description": "type describing the payload",
2160 "type": "string"
2161 },
2162 "signatures": {
2163 "description": "collection of all signatures of the envelope's payload",
2164 "type": "array",
2165 "minItems": 1,
2166 "items": {
2167 "$ref": "#/definitions/IntotoV002SchemaContentEnvelopeSignaturesItems0"
2168 }
2169 }
2170 }
2171 },
2172 "IntotoV002SchemaContentEnvelopeSignaturesItems0": {
2173 "description": "a signature of the envelope's payload along with the public key for the signature",
2174 "type": "object",
2175 "required": [
2176 "sig",
2177 "publicKey"
2178 ],
2179 "properties": {
2180 "keyid": {
2181 "description": "optional id of the key used to create the signature",
2182 "type": "string"
2183 },
2184 "publicKey": {
2185 "description": "public key that corresponds to this signature",
2186 "type": "string",
2187 "format": "byte"
2188 },
2189 "sig": {
2190 "description": "signature of the payload",
2191 "type": "string",
2192 "format": "byte"
2193 }
2194 }
2195 },
2196 "IntotoV002SchemaContentHash": {
2197 "description": "Specifies the hash algorithm and value encompassing the entire signed envelope",
2198 "type": "object",
2199 "required": [
2200 "algorithm",
2201 "value"
2202 ],
2203 "properties": {
2204 "algorithm": {
2205 "description": "The hashing function used to compute the hash value",
2206 "type": "string",
2207 "enum": [
2208 "sha256"
2209 ]
2210 },
2211 "value": {
2212 "description": "The hash value for the archive",
2213 "type": "string"
2214 }
2215 },
2216 "readOnly": true
2217 },
2218 "IntotoV002SchemaContentPayloadHash": {
2219 "description": "Specifies the hash algorithm and value covering the payload within the DSSE envelope",
2220 "type": "object",
2221 "required": [
2222 "algorithm",
2223 "value"
2224 ],
2225 "properties": {
2226 "algorithm": {
2227 "description": "The hashing function used to compute the hash value",
2228 "type": "string",
2229 "enum": [
2230 "sha256"
2231 ]
2232 },
2233 "value": {
2234 "description": "The hash value of the payload",
2235 "type": "string"
2236 }
2237 },
2238 "readOnly": true
2239 },
2240 "JarV001SchemaArchive": {
2241 "description": "Information about the archive associated with the entry",
2242 "type": "object",
2243 "oneOf": [
2244 {
2245 "required": [
2246 "hash"
2247 ]
2248 },
2249 {
2250 "required": [
2251 "content"
2252 ]
2253 }
2254 ],
2255 "properties": {
2256 "content": {
2257 "description": "Specifies the archive inline within the document",
2258 "type": "string",
2259 "format": "byte",
2260 "writeOnly": true
2261 },
2262 "hash": {
2263 "description": "Specifies the hash algorithm and value encompassing the entire signed archive",
2264 "type": "object",
2265 "required": [
2266 "algorithm",
2267 "value"
2268 ],
2269 "properties": {
2270 "algorithm": {
2271 "description": "The hashing function used to compute the hash value",
2272 "type": "string",
2273 "enum": [
2274 "sha256"
2275 ]
2276 },
2277 "value": {
2278 "description": "The hash value for the archive",
2279 "type": "string"
2280 }
2281 }
2282 }
2283 }
2284 },
2285 "JarV001SchemaArchiveHash": {
2286 "description": "Specifies the hash algorithm and value encompassing the entire signed archive",
2287 "type": "object",
2288 "required": [
2289 "algorithm",
2290 "value"
2291 ],
2292 "properties": {
2293 "algorithm": {
2294 "description": "The hashing function used to compute the hash value",
2295 "type": "string",
2296 "enum": [
2297 "sha256"
2298 ]
2299 },
2300 "value": {
2301 "description": "The hash value for the archive",
2302 "type": "string"
2303 }
2304 }
2305 },
2306 "JarV001SchemaSignature": {
2307 "description": "Information about the included signature in the JAR file",
2308 "type": "object",
2309 "required": [
2310 "publicKey",
2311 "content"
2312 ],
2313 "properties": {
2314 "content": {
2315 "description": "Specifies the PKCS7 signature embedded within the JAR file ",
2316 "type": "string",
2317 "format": "byte",
2318 "readOnly": true
2319 },
2320 "publicKey": {
2321 "description": "The X509 certificate containing the public key JAR which verifies the signature of the JAR",
2322 "type": "object",
2323 "required": [
2324 "content"
2325 ],
2326 "properties": {
2327 "content": {
2328 "description": "Specifies the content of the X509 certificate containing the public key used to verify the signature",
2329 "type": "string",
2330 "format": "byte"
2331 }
2332 },
2333 "readOnly": true
2334 }
2335 }
2336 },
2337 "JarV001SchemaSignaturePublicKey": {
2338 "description": "The X509 certificate containing the public key JAR which verifies the signature of the JAR",
2339 "type": "object",
2340 "required": [
2341 "content"
2342 ],
2343 "properties": {
2344 "content": {
2345 "description": "Specifies the content of the X509 certificate containing the public key used to verify the signature",
2346 "type": "string",
2347 "format": "byte"
2348 }
2349 },
2350 "readOnly": true
2351 },
2352 "LogEntry": {
2353 "type": "object",
2354 "additionalProperties": {
2355 "$ref": "#/definitions/LogEntryAnon"
2356 }
2357 },
2358 "LogEntryAnon": {
2359 "type": "object",
2360 "required": [
2361 "logID",
2362 "logIndex",
2363 "body",
2364 "integratedTime"
2365 ],
2366 "properties": {
2367 "attestation": {
2368 "type": "object",
2369 "format": "byte",
2370 "properties": {
2371 "data": {
2372 "format": "byte"
2373 }
2374 }
2375 },
2376 "body": {
2377 "type": "object",
2378 "additionalProperties": true
2379 },
2380 "integratedTime": {
2381 "description": "The time the entry was added to the log as a Unix timestamp in seconds",
2382 "type": "integer"
2383 },
2384 "logID": {
2385 "description": "This is the SHA256 hash of the DER-encoded public key for the log at the time the entry was included in the log",
2386 "type": "string",
2387 "pattern": "^[0-9a-fA-F]{64}$"
2388 },
2389 "logIndex": {
2390 "type": "integer",
2391 "minimum": 0
2392 },
2393 "verification": {
2394 "type": "object",
2395 "properties": {
2396 "inclusionProof": {
2397 "$ref": "#/definitions/InclusionProof"
2398 },
2399 "signedEntryTimestamp": {
2400 "description": "Signature over the logID, logIndex, body and integratedTime.",
2401 "type": "string",
2402 "format": "byte"
2403 }
2404 }
2405 }
2406 }
2407 },
2408 "LogEntryAnonAttestation": {
2409 "type": "object",
2410 "format": "byte",
2411 "properties": {
2412 "data": {
2413 "format": "byte"
2414 }
2415 }
2416 },
2417 "LogEntryAnonVerification": {
2418 "type": "object",
2419 "properties": {
2420 "inclusionProof": {
2421 "$ref": "#/definitions/InclusionProof"
2422 },
2423 "signedEntryTimestamp": {
2424 "description": "Signature over the logID, logIndex, body and integratedTime.",
2425 "type": "string",
2426 "format": "byte"
2427 }
2428 }
2429 },
2430 "LogInfo": {
2431 "type": "object",
2432 "required": [
2433 "rootHash",
2434 "treeSize",
2435 "signedTreeHead",
2436 "treeID"
2437 ],
2438 "properties": {
2439 "inactiveShards": {
2440 "type": "array",
2441 "items": {
2442 "$ref": "#/definitions/InactiveShardLogInfo"
2443 }
2444 },
2445 "rootHash": {
2446 "description": "The current hash value stored at the root of the merkle tree",
2447 "type": "string",
2448 "pattern": "^[0-9a-fA-F]{64}$"
2449 },
2450 "signedTreeHead": {
2451 "description": "The current signed tree head",
2452 "type": "string",
2453 "format": "signedCheckpoint"
2454 },
2455 "treeID": {
2456 "description": "The current treeID",
2457 "type": "string",
2458 "pattern": "^[0-9]+$"
2459 },
2460 "treeSize": {
2461 "description": "The current number of nodes in the merkle tree",
2462 "type": "integer",
2463 "minimum": 1
2464 }
2465 }
2466 },
2467 "ProposedEntry": {
2468 "type": "object",
2469 "required": [
2470 "kind"
2471 ],
2472 "properties": {
2473 "kind": {
2474 "type": "string"
2475 }
2476 },
2477 "discriminator": "kind"
2478 },
2479 "RekordV001SchemaData": {
2480 "description": "Information about the content associated with the entry",
2481 "type": "object",
2482 "oneOf": [
2483 {
2484 "required": [
2485 "hash"
2486 ]
2487 },
2488 {
2489 "required": [
2490 "content"
2491 ]
2492 }
2493 ],
2494 "properties": {
2495 "content": {
2496 "description": "Specifies the content inline within the document",
2497 "type": "string",
2498 "format": "byte",
2499 "writeOnly": true
2500 },
2501 "hash": {
2502 "description": "Specifies the hash algorithm and value for the content",
2503 "type": "object",
2504 "required": [
2505 "algorithm",
2506 "value"
2507 ],
2508 "properties": {
2509 "algorithm": {
2510 "description": "The hashing function used to compute the hash value",
2511 "type": "string",
2512 "enum": [
2513 "sha256"
2514 ]
2515 },
2516 "value": {
2517 "description": "The hash value for the content",
2518 "type": "string"
2519 }
2520 },
2521 "readOnly": true
2522 }
2523 }
2524 },
2525 "RekordV001SchemaDataHash": {
2526 "description": "Specifies the hash algorithm and value for the content",
2527 "type": "object",
2528 "required": [
2529 "algorithm",
2530 "value"
2531 ],
2532 "properties": {
2533 "algorithm": {
2534 "description": "The hashing function used to compute the hash value",
2535 "type": "string",
2536 "enum": [
2537 "sha256"
2538 ]
2539 },
2540 "value": {
2541 "description": "The hash value for the content",
2542 "type": "string"
2543 }
2544 },
2545 "readOnly": true
2546 },
2547 "RekordV001SchemaSignature": {
2548 "description": "Information about the detached signature associated with the entry",
2549 "type": "object",
2550 "required": [
2551 "format",
2552 "publicKey",
2553 "content"
2554 ],
2555 "properties": {
2556 "content": {
2557 "description": "Specifies the content of the signature inline within the document",
2558 "type": "string",
2559 "format": "byte"
2560 },
2561 "format": {
2562 "description": "Specifies the format of the signature",
2563 "type": "string",
2564 "enum": [
2565 "pgp",
2566 "minisign",
2567 "x509",
2568 "ssh"
2569 ]
2570 },
2571 "publicKey": {
2572 "description": "The public key that can verify the signature",
2573 "type": "object",
2574 "required": [
2575 "content"
2576 ],
2577 "properties": {
2578 "content": {
2579 "description": "Specifies the content of the public key inline within the document",
2580 "type": "string",
2581 "format": "byte"
2582 }
2583 }
2584 }
2585 }
2586 },
2587 "RekordV001SchemaSignaturePublicKey": {
2588 "description": "The public key that can verify the signature",
2589 "type": "object",
2590 "required": [
2591 "content"
2592 ],
2593 "properties": {
2594 "content": {
2595 "description": "Specifies the content of the public key inline within the document",
2596 "type": "string",
2597 "format": "byte"
2598 }
2599 }
2600 },
2601 "Rfc3161V001SchemaTsr": {
2602 "description": "Information about the tsr file associated with the entry",
2603 "type": "object",
2604 "required": [
2605 "content"
2606 ],
2607 "properties": {
2608 "content": {
2609 "description": "Specifies the tsr file content inline within the document",
2610 "type": "string",
2611 "format": "byte"
2612 }
2613 }
2614 },
2615 "RpmV001SchemaPackage": {
2616 "description": "Information about the package associated with the entry",
2617 "type": "object",
2618 "oneOf": [
2619 {
2620 "required": [
2621 "hash"
2622 ]
2623 },
2624 {
2625 "required": [
2626 "content"
2627 ]
2628 }
2629 ],
2630 "properties": {
2631 "content": {
2632 "description": "Specifies the package inline within the document",
2633 "type": "string",
2634 "format": "byte",
2635 "writeOnly": true
2636 },
2637 "hash": {
2638 "description": "Specifies the hash algorithm and value for the package",
2639 "type": "object",
2640 "required": [
2641 "algorithm",
2642 "value"
2643 ],
2644 "properties": {
2645 "algorithm": {
2646 "description": "The hashing function used to compute the hash value",
2647 "type": "string",
2648 "enum": [
2649 "sha256"
2650 ]
2651 },
2652 "value": {
2653 "description": "The hash value for the package",
2654 "type": "string"
2655 }
2656 }
2657 },
2658 "headers": {
2659 "description": "Values of the RPM headers",
2660 "type": "object",
2661 "additionalProperties": {
2662 "type": "string"
2663 },
2664 "readOnly": true
2665 }
2666 }
2667 },
2668 "RpmV001SchemaPackageHash": {
2669 "description": "Specifies the hash algorithm and value for the package",
2670 "type": "object",
2671 "required": [
2672 "algorithm",
2673 "value"
2674 ],
2675 "properties": {
2676 "algorithm": {
2677 "description": "The hashing function used to compute the hash value",
2678 "type": "string",
2679 "enum": [
2680 "sha256"
2681 ]
2682 },
2683 "value": {
2684 "description": "The hash value for the package",
2685 "type": "string"
2686 }
2687 }
2688 },
2689 "RpmV001SchemaPublicKey": {
2690 "description": "The PGP public key that can verify the RPM signature",
2691 "type": "object",
2692 "required": [
2693 "content"
2694 ],
2695 "properties": {
2696 "content": {
2697 "description": "Specifies the content of the public key inline within the document",
2698 "type": "string",
2699 "format": "byte"
2700 }
2701 }
2702 },
2703 "SearchIndex": {
2704 "type": "object",
2705 "properties": {
2706 "email": {
2707 "type": "string",
2708 "format": "email"
2709 },
2710 "hash": {
2711 "type": "string",
2712 "pattern": "^(sha512:)?[0-9a-fA-F]{128}$|^(sha256:)?[0-9a-fA-F]{64}$|^(sha1:)?[0-9a-fA-F]{40}$"
2713 },
2714 "operator": {
2715 "type": "string",
2716 "enum": [
2717 "and",
2718 "or"
2719 ]
2720 },
2721 "publicKey": {
2722 "type": "object",
2723 "required": [
2724 "format"
2725 ],
2726 "properties": {
2727 "content": {
2728 "type": "string",
2729 "format": "byte"
2730 },
2731 "format": {
2732 "type": "string",
2733 "enum": [
2734 "pgp",
2735 "x509",
2736 "minisign",
2737 "ssh",
2738 "tuf"
2739 ]
2740 },
2741 "url": {
2742 "type": "string",
2743 "format": "uri"
2744 }
2745 }
2746 }
2747 }
2748 },
2749 "SearchIndexPublicKey": {
2750 "type": "object",
2751 "required": [
2752 "format"
2753 ],
2754 "properties": {
2755 "content": {
2756 "type": "string",
2757 "format": "byte"
2758 },
2759 "format": {
2760 "type": "string",
2761 "enum": [
2762 "pgp",
2763 "x509",
2764 "minisign",
2765 "ssh",
2766 "tuf"
2767 ]
2768 },
2769 "url": {
2770 "type": "string",
2771 "format": "uri"
2772 }
2773 }
2774 },
2775 "SearchLogQuery": {
2776 "type": "object",
2777 "properties": {
2778 "entries": {
2779 "type": "array",
2780 "maxItems": 10,
2781 "minItems": 1,
2782 "items": {
2783 "$ref": "#/definitions/ProposedEntry"
2784 }
2785 },
2786 "entryUUIDs": {
2787 "type": "array",
2788 "maxItems": 10,
2789 "minItems": 1,
2790 "items": {
2791 "type": "string",
2792 "pattern": "^([0-9a-fA-F]{64}|[0-9a-fA-F]{80})$"
2793 }
2794 },
2795 "logIndexes": {
2796 "type": "array",
2797 "maxItems": 10,
2798 "minItems": 1,
2799 "items": {
2800 "type": "integer",
2801 "minimum": 0
2802 }
2803 }
2804 }
2805 },
2806 "TUFV001SchemaMetadata": {
2807 "description": "TUF metadata",
2808 "type": "object",
2809 "required": [
2810 "content"
2811 ],
2812 "properties": {
2813 "content": {
2814 "description": "Specifies the metadata inline within the document",
2815 "type": "object",
2816 "additionalProperties": true
2817 }
2818 }
2819 },
2820 "TUFV001SchemaRoot": {
2821 "description": "root metadata containing about the public keys used to sign the manifest",
2822 "type": "object",
2823 "required": [
2824 "content"
2825 ],
2826 "properties": {
2827 "content": {
2828 "description": "Specifies the metadata inline within the document",
2829 "type": "object",
2830 "additionalProperties": true
2831 }
2832 }
2833 },
2834 "alpine": {
2835 "description": "Alpine package",
2836 "type": "object",
2837 "allOf": [
2838 {
2839 "$ref": "#/definitions/ProposedEntry"
2840 },
2841 {
2842 "required": [
2843 "apiVersion",
2844 "spec"
2845 ],
2846 "properties": {
2847 "apiVersion": {
2848 "type": "string",
2849 "pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$"
2850 },
2851 "spec": {
2852 "$ref": "#/definitions/alpineSchema"
2853 }
2854 },
2855 "additionalProperties": false
2856 }
2857 ]
2858 },
2859 "alpineSchema": {
2860 "description": "Schema for Alpine package objects",
2861 "type": "object",
2862 "title": "Alpine Package Schema",
2863 "oneOf": [
2864 {
2865 "$ref": "#/definitions/alpineV001Schema"
2866 }
2867 ],
2868 "$schema": "http://json-schema.org/draft-07/schema",
2869 "$id": "http://rekor.sigstore.dev/types/alpine/alpine_schema.json"
2870 },
2871 "alpineV001Schema": {
2872 "description": "Schema for Alpine Package entries",
2873 "type": "object",
2874 "title": "Alpine v0.0.1 Schema",
2875 "required": [
2876 "publicKey",
2877 "package"
2878 ],
2879 "properties": {
2880 "package": {
2881 "description": "Information about the package associated with the entry",
2882 "type": "object",
2883 "oneOf": [
2884 {
2885 "required": [
2886 "hash"
2887 ]
2888 },
2889 {
2890 "required": [
2891 "content"
2892 ]
2893 }
2894 ],
2895 "properties": {
2896 "content": {
2897 "description": "Specifies the package inline within the document",
2898 "type": "string",
2899 "format": "byte",
2900 "writeOnly": true
2901 },
2902 "hash": {
2903 "description": "Specifies the hash algorithm and value for the package",
2904 "type": "object",
2905 "required": [
2906 "algorithm",
2907 "value"
2908 ],
2909 "properties": {
2910 "algorithm": {
2911 "description": "The hashing function used to compute the hash value",
2912 "type": "string",
2913 "enum": [
2914 "sha256"
2915 ]
2916 },
2917 "value": {
2918 "description": "The hash value for the package",
2919 "type": "string"
2920 }
2921 },
2922 "readOnly": true
2923 },
2924 "pkginfo": {
2925 "description": "Values of the .PKGINFO key / value pairs",
2926 "type": "object",
2927 "additionalProperties": {
2928 "type": "string"
2929 },
2930 "readOnly": true
2931 }
2932 }
2933 },
2934 "publicKey": {
2935 "description": "The public key that can verify the package signature",
2936 "type": "object",
2937 "required": [
2938 "content"
2939 ],
2940 "properties": {
2941 "content": {
2942 "description": "Specifies the content of the public key inline within the document",
2943 "type": "string",
2944 "format": "byte"
2945 }
2946 }
2947 }
2948 },
2949 "$schema": "http://json-schema.org/draft-07/schema",
2950 "$id": "http://rekor.sigstore.dev/types/alpine/alpine_v0_0_1_schema.json"
2951 },
2952 "cose": {
2953 "description": "COSE object",
2954 "type": "object",
2955 "allOf": [
2956 {
2957 "$ref": "#/definitions/ProposedEntry"
2958 },
2959 {
2960 "required": [
2961 "apiVersion",
2962 "spec"
2963 ],
2964 "properties": {
2965 "apiVersion": {
2966 "type": "string",
2967 "pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$"
2968 },
2969 "spec": {
2970 "$ref": "#/definitions/coseSchema"
2971 }
2972 },
2973 "additionalProperties": false
2974 }
2975 ]
2976 },
2977 "coseSchema": {
2978 "description": "COSE for Rekord objects",
2979 "type": "object",
2980 "title": "COSE Schema",
2981 "oneOf": [
2982 {
2983 "$ref": "#/definitions/coseV001Schema"
2984 }
2985 ],
2986 "$schema": "http://json-schema.org/draft-07/schema",
2987 "$id": "http://rekor.sigstore.dev/types/cose/cose_schema.json"
2988 },
2989 "coseV001Schema": {
2990 "description": "Schema for cose object",
2991 "type": "object",
2992 "title": "cose v0.0.1 Schema",
2993 "required": [
2994 "publicKey"
2995 ],
2996 "properties": {
2997 "data": {
2998 "description": "Information about the content associated with the entry",
2999 "type": "object",
3000 "properties": {
3001 "aad": {
3002 "description": "Specifies the additional authenticated data required to verify the signature",
3003 "type": "string",
3004 "format": "byte",
3005 "writeOnly": true
3006 },
3007 "envelopeHash": {
3008 "description": "Specifies the hash algorithm and value for the COSE envelope",
3009 "type": "object",
3010 "required": [
3011 "algorithm",
3012 "value"
3013 ],
3014 "properties": {
3015 "algorithm": {
3016 "description": "The hashing function used to compute the hash value",
3017 "type": "string",
3018 "enum": [
3019 "sha256"
3020 ]
3021 },
3022 "value": {
3023 "description": "The hash value for the envelope",
3024 "type": "string"
3025 }
3026 },
3027 "readOnly": true
3028 },
3029 "payloadHash": {
3030 "description": "Specifies the hash algorithm and value for the content",
3031 "type": "object",
3032 "required": [
3033 "algorithm",
3034 "value"
3035 ],
3036 "properties": {
3037 "algorithm": {
3038 "description": "The hashing function used to compute the hash value",
3039 "type": "string",
3040 "enum": [
3041 "sha256"
3042 ]
3043 },
3044 "value": {
3045 "description": "The hash value for the content",
3046 "type": "string"
3047 }
3048 },
3049 "readOnly": true
3050 }
3051 }
3052 },
3053 "message": {
3054 "description": "The COSE Sign1 Message",
3055 "type": "string",
3056 "format": "byte",
3057 "writeOnly": true
3058 },
3059 "publicKey": {
3060 "description": "The public key that can verify the signature",
3061 "type": "string",
3062 "format": "byte"
3063 }
3064 },
3065 "$schema": "http://json-schema.org/draft-07/schema",
3066 "$id": "http://rekor.sigstore.dev/types/cose/cose_v0_0_1_schema.json"
3067 },
3068 "dsse": {
3069 "description": "DSSE envelope",
3070 "type": "object",
3071 "allOf": [
3072 {
3073 "$ref": "#/definitions/ProposedEntry"
3074 },
3075 {
3076 "required": [
3077 "apiVersion",
3078 "spec"
3079 ],
3080 "properties": {
3081 "apiVersion": {
3082 "type": "string",
3083 "pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$"
3084 },
3085 "spec": {
3086 "$ref": "#/definitions/dsseSchema"
3087 }
3088 },
3089 "additionalProperties": false
3090 }
3091 ]
3092 },
3093 "dsseSchema": {
3094 "description": "log entry schema for dsse envelopes",
3095 "type": "object",
3096 "title": "DSSE Schema",
3097 "oneOf": [
3098 {
3099 "$ref": "#/definitions/dsseV001Schema"
3100 }
3101 ],
3102 "$schema": "http://json-schema.org/draft-07/schema",
3103 "$id": "http://rekor.sigstore.dev/types/dsse/dsse_schema.json"
3104 },
3105 "dsseV001Schema": {
3106 "description": "Schema for DSSE envelopes",
3107 "type": "object",
3108 "title": "DSSE v0.0.1 Schema",
3109 "oneOf": [
3110 {
3111 "required": [
3112 "proposedContent"
3113 ]
3114 },
3115 {
3116 "required": [
3117 "signatures",
3118 "envelopeHash",
3119 "payloadHash"
3120 ]
3121 }
3122 ],
3123 "properties": {
3124 "envelopeHash": {
3125 "description": "Specifies the hash algorithm and value encompassing the entire envelope sent to Rekor",
3126 "type": "object",
3127 "required": [
3128 "algorithm",
3129 "value"
3130 ],
3131 "properties": {
3132 "algorithm": {
3133 "description": "The hashing function used to compute the hash value",
3134 "type": "string",
3135 "enum": [
3136 "sha256"
3137 ]
3138 },
3139 "value": {
3140 "description": "The value of the computed digest over the entire envelope",
3141 "type": "string"
3142 }
3143 },
3144 "readOnly": true
3145 },
3146 "payloadHash": {
3147 "description": "Specifies the hash algorithm and value covering the payload within the DSSE envelope",
3148 "type": "object",
3149 "required": [
3150 "algorithm",
3151 "value"
3152 ],
3153 "properties": {
3154 "algorithm": {
3155 "description": "The hashing function used to compute the hash value",
3156 "type": "string",
3157 "enum": [
3158 "sha256"
3159 ]
3160 },
3161 "value": {
3162 "description": "The value of the computed digest over the payload within the envelope",
3163 "type": "string"
3164 }
3165 },
3166 "readOnly": true
3167 },
3168 "proposedContent": {
3169 "type": "object",
3170 "required": [
3171 "envelope",
3172 "verifiers"
3173 ],
3174 "properties": {
3175 "envelope": {
3176 "description": "DSSE envelope specified as a stringified JSON object",
3177 "type": "string",
3178 "writeOnly": true
3179 },
3180 "verifiers": {
3181 "description": "collection of all verification material (e.g. public keys or certificates) used to verify signatures over envelope's payload, specified as base64-encoded strings",
3182 "type": "array",
3183 "minItems": 1,
3184 "items": {
3185 "type": "string",
3186 "format": "byte"
3187 },
3188 "writeOnly": true
3189 }
3190 },
3191 "writeOnly": true
3192 },
3193 "signatures": {
3194 "description": "extracted collection of all signatures of the envelope's payload; elements will be sorted by lexicographical order of the base64 encoded signature strings",
3195 "type": "array",
3196 "minItems": 1,
3197 "items": {
3198 "$ref": "#/definitions/DSSEV001SchemaSignaturesItems0"
3199 },
3200 "readOnly": true
3201 }
3202 },
3203 "$schema": "http://json-schema.org/draft-07/schema",
3204 "$id": "http://rekor.sigstore.dev/types/dsse/dsse_v0_0_1_schema.json"
3205 },
3206 "hashedrekord": {
3207 "description": "Hashed Rekord object",
3208 "type": "object",
3209 "allOf": [
3210 {
3211 "$ref": "#/definitions/ProposedEntry"
3212 },
3213 {
3214 "required": [
3215 "apiVersion",
3216 "spec"
3217 ],
3218 "properties": {
3219 "apiVersion": {
3220 "type": "string",
3221 "pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$"
3222 },
3223 "spec": {
3224 "$ref": "#/definitions/hashedrekordSchema"
3225 }
3226 },
3227 "additionalProperties": false
3228 }
3229 ]
3230 },
3231 "hashedrekordSchema": {
3232 "description": "Schema for Rekord objects",
3233 "type": "object",
3234 "title": "Rekor Schema",
3235 "oneOf": [
3236 {
3237 "$ref": "#/definitions/hashedrekordV001Schema"
3238 }
3239 ],
3240 "$schema": "http://json-schema.org/draft-07/schema",
3241 "$id": "http://rekor.sigstore.dev/types/hashedrekord/hasehedrekord_schema.json"
3242 },
3243 "hashedrekordV001Schema": {
3244 "description": "Schema for Hashed Rekord object",
3245 "type": "object",
3246 "title": "Hashed Rekor v0.0.1 Schema",
3247 "required": [
3248 "signature",
3249 "data"
3250 ],
3251 "properties": {
3252 "data": {
3253 "description": "Information about the content associated with the entry",
3254 "type": "object",
3255 "properties": {
3256 "hash": {
3257 "description": "Specifies the hash algorithm and value for the content",
3258 "type": "object",
3259 "required": [
3260 "algorithm",
3261 "value"
3262 ],
3263 "properties": {
3264 "algorithm": {
3265 "description": "The hashing function used to compute the hash value",
3266 "type": "string",
3267 "enum": [
3268 "sha256",
3269 "sha384",
3270 "sha512"
3271 ]
3272 },
3273 "value": {
3274 "description": "The hash value for the content, as represented by a lower case hexadecimal string",
3275 "type": "string"
3276 }
3277 }
3278 }
3279 }
3280 },
3281 "signature": {
3282 "description": "Information about the detached signature associated with the entry",
3283 "type": "object",
3284 "properties": {
3285 "content": {
3286 "description": "Specifies the content of the signature inline within the document",
3287 "type": "string",
3288 "format": "byte"
3289 },
3290 "publicKey": {
3291 "description": "The public key that can verify the signature; this can also be an X509 code signing certificate that contains the raw public key information",
3292 "type": "object",
3293 "properties": {
3294 "content": {
3295 "description": "Specifies the content of the public key or code signing certificate inline within the document",
3296 "type": "string",
3297 "format": "byte"
3298 }
3299 }
3300 }
3301 }
3302 }
3303 },
3304 "$schema": "http://json-schema.org/draft-07/schema",
3305 "$id": "http://rekor.sigstore.dev/types/rekord/rekord_v0_0_1_schema.json"
3306 },
3307 "helm": {
3308 "description": "Helm chart",
3309 "type": "object",
3310 "allOf": [
3311 {
3312 "$ref": "#/definitions/ProposedEntry"
3313 },
3314 {
3315 "required": [
3316 "apiVersion",
3317 "spec"
3318 ],
3319 "properties": {
3320 "apiVersion": {
3321 "type": "string",
3322 "pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$"
3323 },
3324 "spec": {
3325 "$ref": "#/definitions/helmSchema"
3326 }
3327 }
3328 }
3329 ]
3330 },
3331 "helmSchema": {
3332 "description": "Schema for Helm objects",
3333 "type": "object",
3334 "title": "Helm Schema",
3335 "oneOf": [
3336 {
3337 "$ref": "#/definitions/helmV001Schema"
3338 }
3339 ],
3340 "$schema": "http://json-schema.org/draft-07/schema",
3341 "$id": "http://rekor.sigstore.dev/types/helm/helm_schema.json"
3342 },
3343 "helmV001Schema": {
3344 "description": "Schema for Helm object",
3345 "type": "object",
3346 "title": "Helm v0.0.1 Schema",
3347 "required": [
3348 "publicKey",
3349 "chart"
3350 ],
3351 "properties": {
3352 "chart": {
3353 "description": "Information about the Helm chart associated with the entry",
3354 "type": "object",
3355 "required": [
3356 "provenance"
3357 ],
3358 "properties": {
3359 "hash": {
3360 "description": "Specifies the hash algorithm and value for the chart",
3361 "type": "object",
3362 "required": [
3363 "algorithm",
3364 "value"
3365 ],
3366 "properties": {
3367 "algorithm": {
3368 "description": "The hashing function used to compute the hash value",
3369 "type": "string",
3370 "enum": [
3371 "sha256"
3372 ]
3373 },
3374 "value": {
3375 "description": "The hash value for the chart",
3376 "type": "string"
3377 }
3378 },
3379 "readOnly": true
3380 },
3381 "provenance": {
3382 "description": "The provenance entry associated with the signed Helm Chart",
3383 "type": "object",
3384 "oneOf": [
3385 {
3386 "required": [
3387 "signature"
3388 ]
3389 },
3390 {
3391 "required": [
3392 "content"
3393 ]
3394 }
3395 ],
3396 "properties": {
3397 "content": {
3398 "description": "Specifies the content of the provenance file inline within the document",
3399 "type": "string",
3400 "format": "byte",
3401 "writeOnly": true
3402 },
3403 "signature": {
3404 "description": "Information about the included signature in the provenance file",
3405 "type": "object",
3406 "required": [
3407 "content"
3408 ],
3409 "properties": {
3410 "content": {
3411 "description": "Specifies the signature embedded within the provenance file ",
3412 "type": "string",
3413 "format": "byte",
3414 "readOnly": true
3415 }
3416 },
3417 "readOnly": true
3418 }
3419 }
3420 }
3421 }
3422 },
3423 "publicKey": {
3424 "description": "The public key that can verify the package signature",
3425 "type": "object",
3426 "required": [
3427 "content"
3428 ],
3429 "properties": {
3430 "content": {
3431 "description": "Specifies the content of the public key inline within the document",
3432 "type": "string",
3433 "format": "byte"
3434 }
3435 }
3436 }
3437 },
3438 "$schema": "http://json-schema.org/draft-07/schema",
3439 "$id": "http://rekor.sigstore.dev/types/helm/helm_v0_0_1_schema.json"
3440 },
3441 "intoto": {
3442 "description": "Intoto object",
3443 "type": "object",
3444 "allOf": [
3445 {
3446 "$ref": "#/definitions/ProposedEntry"
3447 },
3448 {
3449 "required": [
3450 "apiVersion",
3451 "spec"
3452 ],
3453 "properties": {
3454 "apiVersion": {
3455 "type": "string",
3456 "pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$"
3457 },
3458 "spec": {
3459 "$ref": "#/definitions/intotoSchema"
3460 }
3461 },
3462 "additionalProperties": false
3463 }
3464 ]
3465 },
3466 "intotoSchema": {
3467 "description": "Intoto for Rekord objects",
3468 "type": "object",
3469 "title": "Intoto Schema",
3470 "oneOf": [
3471 {
3472 "$ref": "#/definitions/intotoV001Schema"
3473 },
3474 {
3475 "$ref": "#/definitions/intotoV002Schema"
3476 }
3477 ],
3478 "$schema": "http://json-schema.org/draft-07/schema",
3479 "$id": "http://rekor.sigstore.dev/types/intoto/intoto_schema.json"
3480 },
3481 "intotoV001Schema": {
3482 "description": "Schema for intoto object",
3483 "type": "object",
3484 "title": "intoto v0.0.1 Schema",
3485 "required": [
3486 "publicKey",
3487 "content"
3488 ],
3489 "properties": {
3490 "content": {
3491 "type": "object",
3492 "properties": {
3493 "envelope": {
3494 "description": "envelope",
3495 "type": "string",
3496 "writeOnly": true
3497 },
3498 "hash": {
3499 "description": "Specifies the hash algorithm and value encompassing the entire signed envelope; this is computed by the rekor server, client-provided values are ignored",
3500 "type": "object",
3501 "required": [
3502 "algorithm",
3503 "value"
3504 ],
3505 "properties": {
3506 "algorithm": {
3507 "description": "The hashing function used to compute the hash value",
3508 "type": "string",
3509 "enum": [
3510 "sha256"
3511 ]
3512 },
3513 "value": {
3514 "description": "The hash value for the archive",
3515 "type": "string"
3516 }
3517 },
3518 "readOnly": true
3519 },
3520 "payloadHash": {
3521 "description": "Specifies the hash algorithm and value covering the payload within the DSSE envelope; this is computed by the rekor server, client-provided values are ignored",
3522 "type": "object",
3523 "required": [
3524 "algorithm",
3525 "value"
3526 ],
3527 "properties": {
3528 "algorithm": {
3529 "description": "The hashing function used to compute the hash value",
3530 "type": "string",
3531 "enum": [
3532 "sha256"
3533 ]
3534 },
3535 "value": {
3536 "description": "The hash value for the envelope's payload",
3537 "type": "string"
3538 }
3539 },
3540 "readOnly": true
3541 }
3542 }
3543 },
3544 "publicKey": {
3545 "description": "The public key that can verify the signature",
3546 "type": "string",
3547 "format": "byte"
3548 }
3549 },
3550 "$schema": "http://json-schema.org/draft-07/schema",
3551 "$id": "http://rekor.sigstore.dev/types/intoto/intoto_v0_0_1_schema.json"
3552 },
3553 "intotoV002Schema": {
3554 "description": "Schema for intoto object",
3555 "type": "object",
3556 "title": "intoto v0.0.2 Schema",
3557 "required": [
3558 "content"
3559 ],
3560 "properties": {
3561 "content": {
3562 "type": "object",
3563 "required": [
3564 "envelope"
3565 ],
3566 "properties": {
3567 "envelope": {
3568 "description": "dsse envelope",
3569 "type": "object",
3570 "required": [
3571 "payloadType",
3572 "signatures"
3573 ],
3574 "properties": {
3575 "payload": {
3576 "description": "payload of the envelope",
3577 "type": "string",
3578 "format": "byte",
3579 "writeOnly": true
3580 },
3581 "payloadType": {
3582 "description": "type describing the payload",
3583 "type": "string"
3584 },
3585 "signatures": {
3586 "description": "collection of all signatures of the envelope's payload",
3587 "type": "array",
3588 "minItems": 1,
3589 "items": {
3590 "$ref": "#/definitions/IntotoV002SchemaContentEnvelopeSignaturesItems0"
3591 }
3592 }
3593 }
3594 },
3595 "hash": {
3596 "description": "Specifies the hash algorithm and value encompassing the entire signed envelope",
3597 "type": "object",
3598 "required": [
3599 "algorithm",
3600 "value"
3601 ],
3602 "properties": {
3603 "algorithm": {
3604 "description": "The hashing function used to compute the hash value",
3605 "type": "string",
3606 "enum": [
3607 "sha256"
3608 ]
3609 },
3610 "value": {
3611 "description": "The hash value for the archive",
3612 "type": "string"
3613 }
3614 },
3615 "readOnly": true
3616 },
3617 "payloadHash": {
3618 "description": "Specifies the hash algorithm and value covering the payload within the DSSE envelope",
3619 "type": "object",
3620 "required": [
3621 "algorithm",
3622 "value"
3623 ],
3624 "properties": {
3625 "algorithm": {
3626 "description": "The hashing function used to compute the hash value",
3627 "type": "string",
3628 "enum": [
3629 "sha256"
3630 ]
3631 },
3632 "value": {
3633 "description": "The hash value of the payload",
3634 "type": "string"
3635 }
3636 },
3637 "readOnly": true
3638 }
3639 }
3640 }
3641 },
3642 "$schema": "http://json-schema.org/draft-07/schema",
3643 "$id": "http://rekor.sigstore.dev/types/intoto/intoto_v0_0_2_schema.json"
3644 },
3645 "jar": {
3646 "description": "Java Archive (JAR)",
3647 "type": "object",
3648 "allOf": [
3649 {
3650 "$ref": "#/definitions/ProposedEntry"
3651 },
3652 {
3653 "required": [
3654 "apiVersion",
3655 "spec"
3656 ],
3657 "properties": {
3658 "apiVersion": {
3659 "type": "string",
3660 "pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$"
3661 },
3662 "spec": {
3663 "$ref": "#/definitions/jarSchema"
3664 }
3665 },
3666 "additionalProperties": false
3667 }
3668 ]
3669 },
3670 "jarSchema": {
3671 "description": "Schema for JAR objects",
3672 "type": "object",
3673 "title": "JAR Schema",
3674 "oneOf": [
3675 {
3676 "$ref": "#/definitions/jarV001Schema"
3677 }
3678 ],
3679 "$schema": "http://json-schema.org/draft-07/schema",
3680 "$id": "http://rekor.sigstore.dev/types/jar/jar_schema.json"
3681 },
3682 "jarV001Schema": {
3683 "description": "Schema for JAR entries",
3684 "type": "object",
3685 "title": "JAR v0.0.1 Schema",
3686 "required": [
3687 "archive"
3688 ],
3689 "properties": {
3690 "archive": {
3691 "description": "Information about the archive associated with the entry",
3692 "type": "object",
3693 "oneOf": [
3694 {
3695 "required": [
3696 "hash"
3697 ]
3698 },
3699 {
3700 "required": [
3701 "content"
3702 ]
3703 }
3704 ],
3705 "properties": {
3706 "content": {
3707 "description": "Specifies the archive inline within the document",
3708 "type": "string",
3709 "format": "byte",
3710 "writeOnly": true
3711 },
3712 "hash": {
3713 "description": "Specifies the hash algorithm and value encompassing the entire signed archive",
3714 "type": "object",
3715 "required": [
3716 "algorithm",
3717 "value"
3718 ],
3719 "properties": {
3720 "algorithm": {
3721 "description": "The hashing function used to compute the hash value",
3722 "type": "string",
3723 "enum": [
3724 "sha256"
3725 ]
3726 },
3727 "value": {
3728 "description": "The hash value for the archive",
3729 "type": "string"
3730 }
3731 }
3732 }
3733 }
3734 },
3735 "signature": {
3736 "description": "Information about the included signature in the JAR file",
3737 "type": "object",
3738 "required": [
3739 "publicKey",
3740 "content"
3741 ],
3742 "properties": {
3743 "content": {
3744 "description": "Specifies the PKCS7 signature embedded within the JAR file ",
3745 "type": "string",
3746 "format": "byte",
3747 "readOnly": true
3748 },
3749 "publicKey": {
3750 "description": "The X509 certificate containing the public key JAR which verifies the signature of the JAR",
3751 "type": "object",
3752 "required": [
3753 "content"
3754 ],
3755 "properties": {
3756 "content": {
3757 "description": "Specifies the content of the X509 certificate containing the public key used to verify the signature",
3758 "type": "string",
3759 "format": "byte"
3760 }
3761 },
3762 "readOnly": true
3763 }
3764 }
3765 }
3766 },
3767 "$schema": "http://json-schema.org/draft-07/schema",
3768 "$id": "http://rekor.sigstore.dev/types/jar/jar_v0_0_1_schema.json"
3769 },
3770 "rekord": {
3771 "description": "Rekord object",
3772 "type": "object",
3773 "allOf": [
3774 {
3775 "$ref": "#/definitions/ProposedEntry"
3776 },
3777 {
3778 "required": [
3779 "apiVersion",
3780 "spec"
3781 ],
3782 "properties": {
3783 "apiVersion": {
3784 "type": "string",
3785 "pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$"
3786 },
3787 "spec": {
3788 "$ref": "#/definitions/rekordSchema"
3789 }
3790 },
3791 "additionalProperties": false
3792 }
3793 ]
3794 },
3795 "rekordSchema": {
3796 "description": "Schema for Rekord objects",
3797 "type": "object",
3798 "title": "Rekor Schema",
3799 "oneOf": [
3800 {
3801 "$ref": "#/definitions/rekordV001Schema"
3802 }
3803 ],
3804 "$schema": "http://json-schema.org/draft-07/schema",
3805 "$id": "http://rekor.sigstore.dev/types/rekord/rekord_schema.json"
3806 },
3807 "rekordV001Schema": {
3808 "description": "Schema for Rekord object",
3809 "type": "object",
3810 "title": "Rekor v0.0.1 Schema",
3811 "required": [
3812 "signature",
3813 "data"
3814 ],
3815 "properties": {
3816 "data": {
3817 "description": "Information about the content associated with the entry",
3818 "type": "object",
3819 "oneOf": [
3820 {
3821 "required": [
3822 "hash"
3823 ]
3824 },
3825 {
3826 "required": [
3827 "content"
3828 ]
3829 }
3830 ],
3831 "properties": {
3832 "content": {
3833 "description": "Specifies the content inline within the document",
3834 "type": "string",
3835 "format": "byte",
3836 "writeOnly": true
3837 },
3838 "hash": {
3839 "description": "Specifies the hash algorithm and value for the content",
3840 "type": "object",
3841 "required": [
3842 "algorithm",
3843 "value"
3844 ],
3845 "properties": {
3846 "algorithm": {
3847 "description": "The hashing function used to compute the hash value",
3848 "type": "string",
3849 "enum": [
3850 "sha256"
3851 ]
3852 },
3853 "value": {
3854 "description": "The hash value for the content",
3855 "type": "string"
3856 }
3857 },
3858 "readOnly": true
3859 }
3860 }
3861 },
3862 "signature": {
3863 "description": "Information about the detached signature associated with the entry",
3864 "type": "object",
3865 "required": [
3866 "format",
3867 "publicKey",
3868 "content"
3869 ],
3870 "properties": {
3871 "content": {
3872 "description": "Specifies the content of the signature inline within the document",
3873 "type": "string",
3874 "format": "byte"
3875 },
3876 "format": {
3877 "description": "Specifies the format of the signature",
3878 "type": "string",
3879 "enum": [
3880 "pgp",
3881 "minisign",
3882 "x509",
3883 "ssh"
3884 ]
3885 },
3886 "publicKey": {
3887 "description": "The public key that can verify the signature",
3888 "type": "object",
3889 "required": [
3890 "content"
3891 ],
3892 "properties": {
3893 "content": {
3894 "description": "Specifies the content of the public key inline within the document",
3895 "type": "string",
3896 "format": "byte"
3897 }
3898 }
3899 }
3900 }
3901 }
3902 },
3903 "$schema": "http://json-schema.org/draft-07/schema",
3904 "$id": "http://rekor.sigstore.dev/types/rekord/rekord_v0_0_1_schema.json"
3905 },
3906 "rfc3161": {
3907 "description": "RFC3161 Timestamp",
3908 "type": "object",
3909 "allOf": [
3910 {
3911 "$ref": "#/definitions/ProposedEntry"
3912 },
3913 {
3914 "required": [
3915 "apiVersion",
3916 "spec"
3917 ],
3918 "properties": {
3919 "apiVersion": {
3920 "type": "string",
3921 "pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$"
3922 },
3923 "spec": {
3924 "$ref": "#/definitions/rfc3161Schema"
3925 }
3926 },
3927 "additionalProperties": false
3928 }
3929 ]
3930 },
3931 "rfc3161Schema": {
3932 "description": "Schema for RFC 3161 timestamp objects",
3933 "type": "object",
3934 "title": "Timestamp Schema",
3935 "oneOf": [
3936 {
3937 "$ref": "#/definitions/rfc3161V001Schema"
3938 }
3939 ],
3940 "$schema": "http://json-schema.org/draft-07/schema",
3941 "$id": "http://rekor.sigstore.dev/types/rfc3161/rfc3161_schema.json"
3942 },
3943 "rfc3161V001Schema": {
3944 "description": "Schema for RFC3161 entries",
3945 "type": "object",
3946 "title": "Timestamp v0.0.1 Schema",
3947 "required": [
3948 "tsr"
3949 ],
3950 "properties": {
3951 "tsr": {
3952 "description": "Information about the tsr file associated with the entry",
3953 "type": "object",
3954 "required": [
3955 "content"
3956 ],
3957 "properties": {
3958 "content": {
3959 "description": "Specifies the tsr file content inline within the document",
3960 "type": "string",
3961 "format": "byte"
3962 }
3963 }
3964 }
3965 },
3966 "$schema": "http://json-schema.org/draft-07/schema",
3967 "$id": "http://rekor.sigstore.dev/types/timestamp/timestamp_v0_0_1_schema.json"
3968 },
3969 "rpm": {
3970 "description": "RPM package",
3971 "type": "object",
3972 "allOf": [
3973 {
3974 "$ref": "#/definitions/ProposedEntry"
3975 },
3976 {
3977 "required": [
3978 "apiVersion",
3979 "spec"
3980 ],
3981 "properties": {
3982 "apiVersion": {
3983 "type": "string",
3984 "pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$"
3985 },
3986 "spec": {
3987 "$ref": "#/definitions/rpmSchema"
3988 }
3989 },
3990 "additionalProperties": false
3991 }
3992 ]
3993 },
3994 "rpmSchema": {
3995 "description": "Schema for RPM objects",
3996 "type": "object",
3997 "title": "RPM Schema",
3998 "oneOf": [
3999 {
4000 "$ref": "#/definitions/rpmV001Schema"
4001 }
4002 ],
4003 "$schema": "http://json-schema.org/draft-07/schema",
4004 "$id": "http://rekor.sigstore.dev/types/rpm/rpm_schema.json"
4005 },
4006 "rpmV001Schema": {
4007 "description": "Schema for RPM entries",
4008 "type": "object",
4009 "title": "RPM v0.0.1 Schema",
4010 "required": [
4011 "publicKey",
4012 "package"
4013 ],
4014 "properties": {
4015 "package": {
4016 "description": "Information about the package associated with the entry",
4017 "type": "object",
4018 "oneOf": [
4019 {
4020 "required": [
4021 "hash"
4022 ]
4023 },
4024 {
4025 "required": [
4026 "content"
4027 ]
4028 }
4029 ],
4030 "properties": {
4031 "content": {
4032 "description": "Specifies the package inline within the document",
4033 "type": "string",
4034 "format": "byte",
4035 "writeOnly": true
4036 },
4037 "hash": {
4038 "description": "Specifies the hash algorithm and value for the package",
4039 "type": "object",
4040 "required": [
4041 "algorithm",
4042 "value"
4043 ],
4044 "properties": {
4045 "algorithm": {
4046 "description": "The hashing function used to compute the hash value",
4047 "type": "string",
4048 "enum": [
4049 "sha256"
4050 ]
4051 },
4052 "value": {
4053 "description": "The hash value for the package",
4054 "type": "string"
4055 }
4056 }
4057 },
4058 "headers": {
4059 "description": "Values of the RPM headers",
4060 "type": "object",
4061 "additionalProperties": {
4062 "type": "string"
4063 },
4064 "readOnly": true
4065 }
4066 }
4067 },
4068 "publicKey": {
4069 "description": "The PGP public key that can verify the RPM signature",
4070 "type": "object",
4071 "required": [
4072 "content"
4073 ],
4074 "properties": {
4075 "content": {
4076 "description": "Specifies the content of the public key inline within the document",
4077 "type": "string",
4078 "format": "byte"
4079 }
4080 }
4081 }
4082 },
4083 "$schema": "http://json-schema.org/draft-07/schema",
4084 "$id": "http://rekor.sigstore.dev/types/rpm/rpm_v0_0_1_schema.json"
4085 },
4086 "tuf": {
4087 "description": "TUF metadata",
4088 "type": "object",
4089 "allOf": [
4090 {
4091 "$ref": "#/definitions/ProposedEntry"
4092 },
4093 {
4094 "required": [
4095 "apiVersion",
4096 "spec"
4097 ],
4098 "properties": {
4099 "apiVersion": {
4100 "type": "string",
4101 "pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$"
4102 },
4103 "spec": {
4104 "$ref": "#/definitions/tufSchema"
4105 }
4106 },
4107 "additionalProperties": false
4108 }
4109 ]
4110 },
4111 "tufSchema": {
4112 "description": "Schema for TUF metadata objects",
4113 "type": "object",
4114 "title": "TUF Schema",
4115 "oneOf": [
4116 {
4117 "$ref": "#/definitions/tufV001Schema"
4118 }
4119 ],
4120 "$schema": "http://json-schema.org/draft-07/schema",
4121 "$id": "http://rekor.sigstore.dev/types/tuf/tuf_schema.json"
4122 },
4123 "tufV001Schema": {
4124 "description": "Schema for TUF metadata entries",
4125 "type": "object",
4126 "title": "TUF v0.0.1 Schema",
4127 "required": [
4128 "metadata",
4129 "root"
4130 ],
4131 "properties": {
4132 "metadata": {
4133 "description": "TUF metadata",
4134 "type": "object",
4135 "required": [
4136 "content"
4137 ],
4138 "properties": {
4139 "content": {
4140 "description": "Specifies the metadata inline within the document",
4141 "type": "object",
4142 "additionalProperties": true
4143 }
4144 }
4145 },
4146 "root": {
4147 "description": "root metadata containing about the public keys used to sign the manifest",
4148 "type": "object",
4149 "required": [
4150 "content"
4151 ],
4152 "properties": {
4153 "content": {
4154 "description": "Specifies the metadata inline within the document",
4155 "type": "object",
4156 "additionalProperties": true
4157 }
4158 }
4159 },
4160 "spec_version": {
4161 "description": "TUF specification version",
4162 "type": "string",
4163 "readOnly": true
4164 }
4165 },
4166 "$schema": "http://json-schema.org/draft-07/schema",
4167 "$id": "http://rekor.sigstore.dev/types/tuf/tuf_v0_0_1_schema.json"
4168 }
4169 },
4170 "responses": {
4171 "BadContent": {
4172 "description": "The content supplied to the server was invalid",
4173 "schema": {
4174 "$ref": "#/definitions/Error"
4175 }
4176 },
4177 "Conflict": {
4178 "description": "The request conflicts with the current state of the transparency log",
4179 "schema": {
4180 "$ref": "#/definitions/Error"
4181 },
4182 "headers": {
4183 "Location": {
4184 "type": "string",
4185 "format": "uri"
4186 }
4187 }
4188 },
4189 "InternalServerError": {
4190 "description": "There was an internal error in the server while processing the request",
4191 "schema": {
4192 "$ref": "#/definitions/Error"
4193 }
4194 },
4195 "NotFound": {
4196 "description": "The content requested could not be found"
4197 },
4198 "UnprocessableEntity": {
4199 "description": "The server understood the request but is unable to process the contained instructions",
4200 "schema": {
4201 "$ref": "#/definitions/Error"
4202 }
4203 }
4204 }
4205 }`))
4206 }
4207
View as plain text