// Copyright 2021 The Grafeas Authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//    http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

syntax = "proto3";

package grafeas.v1;

import "grafeas/v1/intoto_provenance.proto";
import "grafeas/v1/slsa_provenance.proto";
import "grafeas/v1/slsa_provenance_zero_two.proto";

option go_package = "google.golang.org/genproto/googleapis/grafeas/v1;grafeas";
option java_multiple_files = true;
option java_package = "io.grafeas.v1";
option objc_class_prefix = "GRA";
option java_outer_classname = "InTotoStatementProto";

// Spec defined at
// https://github.com/in-toto/attestation/tree/main/spec#statement The
// serialized InTotoStatement will be stored as Envelope.payload.
// Envelope.payloadType is always "application/vnd.in-toto+json".
message InTotoStatement {
  // Always `https://in-toto.io/Statement/v0.1`.
  string type = 1 [json_name = "_type"];
  repeated Subject subject = 2;
  // `https://slsa.dev/provenance/v0.1` for SlsaProvenance.
  string predicate_type = 3;
  oneof predicate {
    InTotoProvenance provenance = 4;
    SlsaProvenance slsa_provenance = 5;
    SlsaProvenanceZeroTwo slsa_provenance_zero_two = 6;
  }
}
message Subject {
  string name = 1;
  // `"<ALGORITHM>": "<HEX_VALUE>"`
  // Algorithms can be e.g. sha256, sha512
  // See
  // https://github.com/in-toto/attestation/blob/main/spec/field_types.md#DigestSet
  map<string, string> digest = 2;
}