v1

package
v0.5.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 24, 2025 License: Apache-2.0 Imports: 13 Imported by: 7

Documentation

Index

Constants

View Source 
const (
	SignService_Sign_FullMethodName   = "/agntcy.dir.sign.v1.SignService/Sign"
	SignService_Verify_FullMethodName = "/agntcy.dir.sign.v1.SignService/Verify"
)

Variables

View Source 
var File_agntcy_dir_sign_v1_public_key_proto protoreflect.FileDescriptor
View Source 
var File_agntcy_dir_sign_v1_sign_service_proto protoreflect.FileDescriptor
View Source 
var File_agntcy_dir_sign_v1_signature_proto protoreflect.FileDescriptor
View Source 
var SignService_ServiceDesc = grpc.ServiceDesc{
	ServiceName: "agntcy.dir.sign.v1.SignService",
	HandlerType: (*SignServiceServer)(nil),
	Methods: []grpc.MethodDesc{
		{
			MethodName: "Sign",
			Handler:    _SignService_Sign_Handler,
		},
		{
			MethodName: "Verify",
			Handler:    _SignService_Verify_Handler,
		},
	},
	Streams:  []grpc.StreamDesc{},
	Metadata: "agntcy/dir/sign/v1/sign_service.proto",
}

SignService_ServiceDesc is the grpc.ServiceDesc for SignService service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified (even as a copy)

Functions

func RegisterSignServiceServer 

func RegisterSignServiceServer(s grpc.ServiceRegistrar, srv SignServiceServer)

Types

type PublicKey 

type PublicKey struct {

	// PEM-encoded public key string.
	Key string `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"`
	// contains filtered or unexported fields
}

PublicKey is the public key data associated with a Record. Multiple public keys can be associated with a single Record.

func (*PublicKey) Descriptor deprecated 

func (*PublicKey) Descriptor() ([]byte, []int)

Deprecated: Use PublicKey.ProtoReflect.Descriptor instead.

func (*PublicKey) GetKey 

func (x *PublicKey) GetKey() string

func (*PublicKey) MarshalReferrer 

func (p *PublicKey) MarshalReferrer() (*corev1.RecordReferrer, error)

MarshalReferrer exports the PublicKey into a RecordReferrer.

func (*PublicKey) ProtoMessage 

func (*PublicKey) ProtoMessage()

func (*PublicKey) ProtoReflect 

func (x *PublicKey) ProtoReflect() protoreflect.Message

func (*PublicKey) ReferrerType 

func (p *PublicKey) ReferrerType() string

ReferrerType returns the referrer type for PublicKey.

func (*PublicKey) Reset 

func (x *PublicKey) Reset()

func (*PublicKey) String 

func (x *PublicKey) String() string

func (*PublicKey) UnmarshalReferrer 

func (p *PublicKey) UnmarshalReferrer(ref *corev1.RecordReferrer) error

UnmarshalReferrer loads the PublicKey from a RecordReferrer.

type SignRequest 

type SignRequest struct {

	// Record reference to be signed
	RecordRef *v1.RecordRef `protobuf:"bytes,1,opt,name=record_ref,json=recordRef,proto3" json:"record_ref,omitempty"`
	// Signing provider to use
	Provider *SignRequestProvider `protobuf:"bytes,2,opt,name=provider,proto3" json:"provider,omitempty"`
	// contains filtered or unexported fields
}

func (*SignRequest) Descriptor deprecated 

func (*SignRequest) Descriptor() ([]byte, []int)

Deprecated: Use SignRequest.ProtoReflect.Descriptor instead.

func (*SignRequest) GetProvider 

func (x *SignRequest) GetProvider() *SignRequestProvider

func (*SignRequest) GetRecordRef 

func (x *SignRequest) GetRecordRef() *v1.RecordRef

func (*SignRequest) ProtoMessage 

func (*SignRequest) ProtoMessage()

func (*SignRequest) ProtoReflect 

func (x *SignRequest) ProtoReflect() protoreflect.Message

func (*SignRequest) Reset 

func (x *SignRequest) Reset()

func (*SignRequest) String 

func (x *SignRequest) String() string

type SignRequestProvider 

type SignRequestProvider struct {

	// Types that are valid to be assigned to Request:
	//
	//	*SignRequestProvider_Oidc
	//	*SignRequestProvider_Key
	Request isSignRequestProvider_Request `protobuf_oneof:"request"`
	// contains filtered or unexported fields
}

func (*SignRequestProvider) Descriptor deprecated 

func (*SignRequestProvider) Descriptor() ([]byte, []int)

Deprecated: Use SignRequestProvider.ProtoReflect.Descriptor instead.

func (*SignRequestProvider) GetKey 

func (x *SignRequestProvider) GetKey() *SignWithKey

func (*SignRequestProvider) GetOidc 

func (x *SignRequestProvider) GetOidc() *SignWithOIDC

func (*SignRequestProvider) GetRequest 

func (x *SignRequestProvider) GetRequest() isSignRequestProvider_Request

func (*SignRequestProvider) ProtoMessage 

func (*SignRequestProvider) ProtoMessage()

func (*SignRequestProvider) ProtoReflect 

func (x *SignRequestProvider) ProtoReflect() protoreflect.Message

func (*SignRequestProvider) Reset 

func (x *SignRequestProvider) Reset()

func (*SignRequestProvider) String 

func (x *SignRequestProvider) String() string

type SignRequestProvider_Key 

type SignRequestProvider_Key struct {
	// Sign with PEM-encoded public key
	Key *SignWithKey `protobuf:"bytes,2,opt,name=key,proto3,oneof"`
}

type SignRequestProvider_Oidc 

type SignRequestProvider_Oidc struct {
	// Sign with OIDC provider
	Oidc *SignWithOIDC `protobuf:"bytes,1,opt,name=oidc,proto3,oneof"`
}

type SignResponse 

type SignResponse struct {

	// Cryptographic signature of the record
	Signature *Signature `protobuf:"bytes,1,opt,name=signature,proto3" json:"signature,omitempty"`
	// contains filtered or unexported fields
}

func (*SignResponse) Descriptor deprecated 

func (*SignResponse) Descriptor() ([]byte, []int)

Deprecated: Use SignResponse.ProtoReflect.Descriptor instead.

func (*SignResponse) GetSignature 

func (x *SignResponse) GetSignature() *Signature

func (*SignResponse) ProtoMessage 

func (*SignResponse) ProtoMessage()

func (*SignResponse) ProtoReflect 

func (x *SignResponse) ProtoReflect() protoreflect.Message

func (*SignResponse) Reset 

func (x *SignResponse) Reset()

func (*SignResponse) String 

func (x *SignResponse) String() string

type SignServiceClient 

type SignServiceClient interface {
	// Sign record using keyless OIDC based provider or using PEM-encoded private key with an optional passphrase
	Sign(ctx context.Context, in *SignRequest, opts ...grpc.CallOption) (*SignResponse, error)
	// Verify signed record using keyless OIDC based provider or using PEM-encoded formatted PEM public key encrypted
	Verify(ctx context.Context, in *VerifyRequest, opts ...grpc.CallOption) (*VerifyResponse, error)
}

SignServiceClient is the client API for SignService service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.

SignService provides methods to sign and verify records.

func NewSignServiceClient 

func NewSignServiceClient(cc grpc.ClientConnInterface) SignServiceClient

type SignServiceServer 

type SignServiceServer interface {
	// Sign record using keyless OIDC based provider or using PEM-encoded private key with an optional passphrase
	Sign(context.Context, *SignRequest) (*SignResponse, error)
	// Verify signed record using keyless OIDC based provider or using PEM-encoded formatted PEM public key encrypted
	Verify(context.Context, *VerifyRequest) (*VerifyResponse, error)
}

SignServiceServer is the server API for SignService service. All implementations should embed UnimplementedSignServiceServer for forward compatibility.

SignService provides methods to sign and verify records.

type SignWithKey 

type SignWithKey struct {

	// Private key used for signing
	PrivateKey []byte `protobuf:"bytes,1,opt,name=private_key,json=privateKey,proto3" json:"private_key,omitempty"`
	// Password to unlock the private key
	Password []byte `protobuf:"bytes,2,opt,name=password,proto3,oneof" json:"password,omitempty"`
	// contains filtered or unexported fields
}

func (*SignWithKey) Descriptor deprecated 

func (*SignWithKey) Descriptor() ([]byte, []int)

Deprecated: Use SignWithKey.ProtoReflect.Descriptor instead.

func (*SignWithKey) GetPassword 

func (x *SignWithKey) GetPassword() []byte

func (*SignWithKey) GetPrivateKey 

func (x *SignWithKey) GetPrivateKey() []byte

func (*SignWithKey) ProtoMessage 

func (*SignWithKey) ProtoMessage()

func (*SignWithKey) ProtoReflect 

func (x *SignWithKey) ProtoReflect() protoreflect.Message

func (*SignWithKey) Reset 

func (x *SignWithKey) Reset()

func (*SignWithKey) String 

func (x *SignWithKey) String() string

type SignWithOIDC 

type SignWithOIDC struct {

	// Token for OIDC provider
	IdToken string `protobuf:"bytes,1,opt,name=id_token,json=idToken,proto3" json:"id_token,omitempty"`
	// Signing options for OIDC
	Options *SignWithOIDC_SignOpts `protobuf:"bytes,2,opt,name=options,proto3" json:"options,omitempty"`
	// contains filtered or unexported fields
}

func (*SignWithOIDC) Descriptor deprecated 

func (*SignWithOIDC) Descriptor() ([]byte, []int)

Deprecated: Use SignWithOIDC.ProtoReflect.Descriptor instead.

func (*SignWithOIDC) GetIdToken 

func (x *SignWithOIDC) GetIdToken() string

func (*SignWithOIDC) GetOptions 

func (x *SignWithOIDC) GetOptions() *SignWithOIDC_SignOpts

func (*SignWithOIDC) ProtoMessage 

func (*SignWithOIDC) ProtoMessage()

func (*SignWithOIDC) ProtoReflect 

func (x *SignWithOIDC) ProtoReflect() protoreflect.Message

func (*SignWithOIDC) Reset 

func (x *SignWithOIDC) Reset()

func (*SignWithOIDC) String 

func (x *SignWithOIDC) String() string

type SignWithOIDC_SignOpts 

type SignWithOIDC_SignOpts struct {

	// Fulcio authority access URL (default value: https://fulcio.sigstage.dev)
	FulcioUrl *string `protobuf:"bytes,1,opt,name=fulcio_url,json=fulcioUrl,proto3,oneof" json:"fulcio_url,omitempty"`
	// Rekor validator access URL (default value: https://rekor.sigstage.dev)
	RekorUrl *string `protobuf:"bytes,2,opt,name=rekor_url,json=rekorUrl,proto3,oneof" json:"rekor_url,omitempty"`
	// Timestamp authority access URL (default value: https://timestamp.sigstage.dev/api/v1/timestamp)
	TimestampUrl *string `protobuf:"bytes,3,opt,name=timestamp_url,json=timestampUrl,proto3,oneof" json:"timestamp_url,omitempty"`
	// OIDC provider access URL (default value: https://oauth2.sigstage.dev/auth)
	OidcProviderUrl *string `protobuf:"bytes,4,opt,name=oidc_provider_url,json=oidcProviderUrl,proto3,oneof" json:"oidc_provider_url,omitempty"`
	// contains filtered or unexported fields
}

List of sign options for OIDC

func (*SignWithOIDC_SignOpts) Descriptor deprecated 

func (*SignWithOIDC_SignOpts) Descriptor() ([]byte, []int)

Deprecated: Use SignWithOIDC_SignOpts.ProtoReflect.Descriptor instead.

func (*SignWithOIDC_SignOpts) GetFulcioUrl 

func (x *SignWithOIDC_SignOpts) GetFulcioUrl() string

func (*SignWithOIDC_SignOpts) GetOidcProviderUrl 

func (x *SignWithOIDC_SignOpts) GetOidcProviderUrl() string

func (*SignWithOIDC_SignOpts) GetRekorUrl 

func (x *SignWithOIDC_SignOpts) GetRekorUrl() string

func (*SignWithOIDC_SignOpts) GetTimestampUrl 

func (x *SignWithOIDC_SignOpts) GetTimestampUrl() string

func (*SignWithOIDC_SignOpts) ProtoMessage 

func (*SignWithOIDC_SignOpts) ProtoMessage()

func (*SignWithOIDC_SignOpts) ProtoReflect 

func (x *SignWithOIDC_SignOpts) ProtoReflect() protoreflect.Message

func (*SignWithOIDC_SignOpts) Reset 

func (x *SignWithOIDC_SignOpts) Reset()

func (*SignWithOIDC_SignOpts) String 

func (x *SignWithOIDC_SignOpts) String() string

type Signature 

type Signature struct {

	// Metadata associated with the signature.
	Annotations map[string]string `` /* 149-byte string literal not displayed */
	// Signing timestamp of the record in the RFC3339 format.
	// Specs: https://www.rfc-editor.org/rfc/rfc3339.html
	SignedAt string `protobuf:"bytes,2,opt,name=signed_at,json=signedAt,proto3" json:"signed_at,omitempty"`
	// The signature algorithm used (e.g., "ECDSA_P256_SHA256").
	Algorithm string `protobuf:"bytes,3,opt,name=algorithm,proto3" json:"algorithm,omitempty"`
	// Base64-encoded signature.
	Signature string `protobuf:"bytes,4,opt,name=signature,proto3" json:"signature,omitempty"`
	// Base64-encoded signing certificate.
	Certificate string `protobuf:"bytes,5,opt,name=certificate,proto3" json:"certificate,omitempty"`
	// Type of the signature content bundle.
	ContentType string `protobuf:"bytes,6,opt,name=content_type,json=contentType,proto3" json:"content_type,omitempty"`
	// Base64-encoded signature bundle produced by the signer.
	// It is up to the client to interpret the content of the bundle.
	ContentBundle string `protobuf:"bytes,7,opt,name=content_bundle,json=contentBundle,proto3" json:"content_bundle,omitempty"`
	// contains filtered or unexported fields
}

Signature is the signing data associated with a Record. Multiple signatures can be associated with a single Record, ie 1 record : N record signatures.

Storage and management of signatures is provided via StoreService as a RecordReferrer object.

Signature can be encoded into RecordReferrer object as follows: 

type = "agntcy.dir.sign.v1.Signature"
data = Signature message encoded as JSON

func (*Signature) Descriptor deprecated 

func (*Signature) Descriptor() ([]byte, []int)

Deprecated: Use Signature.ProtoReflect.Descriptor instead.

func (*Signature) GetAlgorithm 

func (x *Signature) GetAlgorithm() string

func (*Signature) GetAnnotations 

func (x *Signature) GetAnnotations() map[string]string

func (*Signature) GetCertificate 

func (x *Signature) GetCertificate() string

func (*Signature) GetContentBundle 

func (x *Signature) GetContentBundle() string

func (*Signature) GetContentType 

func (x *Signature) GetContentType() string

func (*Signature) GetSignature 

func (x *Signature) GetSignature() string

func (*Signature) GetSignedAt 

func (x *Signature) GetSignedAt() string

func (*Signature) MarshalReferrer 

func (s *Signature) MarshalReferrer() (*corev1.RecordReferrer, error)

MarshalReferrer exports the Signature into a RecordReferrer.

func (*Signature) ProtoMessage 

func (*Signature) ProtoMessage()

func (*Signature) ProtoReflect 

func (x *Signature) ProtoReflect() protoreflect.Message

func (*Signature) ReferrerType 

func (s *Signature) ReferrerType() string

ReferrerType returns the type for Signature.

func (*Signature) Reset 

func (x *Signature) Reset()

func (*Signature) String 

func (x *Signature) String() string

func (*Signature) UnmarshalReferrer 

func (s *Signature) UnmarshalReferrer(ref *corev1.RecordReferrer) error

UnmarshalReferrer loads the Signature from a RecordReferrer.

type UnimplementedSignServiceServer 

type UnimplementedSignServiceServer struct{}

UnimplementedSignServiceServer should be embedded to have forward compatible implementations.

NOTE: this should be embedded by value instead of pointer to avoid a nil pointer dereference when methods are called.

func (UnimplementedSignServiceServer) Sign 

func (UnimplementedSignServiceServer) Sign(context.Context, *SignRequest) (*SignResponse, error)

func (UnimplementedSignServiceServer) Verify 

func (UnimplementedSignServiceServer) Verify(context.Context, *VerifyRequest) (*VerifyResponse, error)

type UnsafeSignServiceServer 

type UnsafeSignServiceServer interface {
	// contains filtered or unexported methods
}

UnsafeSignServiceServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to SignServiceServer will result in compilation errors.

type VerifyRequest 

type VerifyRequest struct {

	// Record reference to be verified
	RecordRef *v1.RecordRef `protobuf:"bytes,1,opt,name=record_ref,json=recordRef,proto3" json:"record_ref,omitempty"`
	// contains filtered or unexported fields
}

func (*VerifyRequest) Descriptor deprecated 

func (*VerifyRequest) Descriptor() ([]byte, []int)

Deprecated: Use VerifyRequest.ProtoReflect.Descriptor instead.

func (*VerifyRequest) GetRecordRef 

func (x *VerifyRequest) GetRecordRef() *v1.RecordRef

func (*VerifyRequest) ProtoMessage 

func (*VerifyRequest) ProtoMessage()

func (*VerifyRequest) ProtoReflect 

func (x *VerifyRequest) ProtoReflect() protoreflect.Message

func (*VerifyRequest) Reset 

func (x *VerifyRequest) Reset()

func (*VerifyRequest) String 

func (x *VerifyRequest) String() string

type VerifyResponse 

type VerifyResponse struct {

	// The verify process result
	Success bool `protobuf:"varint,1,opt,name=success,proto3" json:"success,omitempty"`
	// Optional error message if verification failed
	ErrorMessage *string `protobuf:"bytes,2,opt,name=error_message,json=errorMessage,proto3,oneof" json:"error_message,omitempty"`
	// contains filtered or unexported fields
}

func (*VerifyResponse) Descriptor deprecated 

func (*VerifyResponse) Descriptor() ([]byte, []int)

Deprecated: Use VerifyResponse.ProtoReflect.Descriptor instead.

func (*VerifyResponse) GetErrorMessage 

func (x *VerifyResponse) GetErrorMessage() string

func (*VerifyResponse) GetSuccess 

func (x *VerifyResponse) GetSuccess() bool

func (*VerifyResponse) ProtoMessage 

func (*VerifyResponse) ProtoMessage()

func (*VerifyResponse) ProtoReflect 

func (x *VerifyResponse) ProtoReflect() protoreflect.Message

func (*VerifyResponse) Reset 

func (x *VerifyResponse) Reset()

func (*VerifyResponse) String 

func (x *VerifyResponse) String() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.