{ "openapi": "3.0.1", "info": { "title": "Rekor", "description": "Rekor is a cryptographically secure, immutable transparency log for signed software releases.", "version": "1.0.0" }, "servers": [ { "url": "http://rekor.sigstore.dev/" } ], "paths": { "/api/v1/index/retrieve": { "post": { "tags": [ "index" ], "summary": "Searches index by entry metadata", "description": "EXPERIMENTAL - this endpoint is offered as best effort only and may be changed or removed in future releases.\nThe results returned from this endpoint may be incomplete.\n", "operationId": "searchIndex", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SearchIndex" } } }, "required": false }, "responses": { "2XX": { "description": "Returns zero or more entry UUIDs from the transparency log based on search query", "content": { "application/json": { "schema": { "type": "array", "items": { "pattern": "^([0-9a-fA-F]{64}|[0-9a-fA-F]{80})$", "type": "string", "description": "Entry UUID in transparency log" } } } } }, "default": { "description": "An issue occurred while processing the request.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } } }, "x-codegen-request-body-name": "query" } }, "/api/v1/log": { "get": { "tags": [ "tlog" ], "summary": "Get information about the current state of the transparency log", "description": "Returns the current root hash and size of the merkle tree used to store the log entries.", "operationId": "getLogInfo", "parameters": [ { "name": "stable", "in": "query", "description": "Whether to return a stable checkpoint for the active shard", "schema": { "type": "boolean" } } ], "responses": { "2XX": { "description": "A JSON object with the root hash and tree size as properties", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/LogInfo" } } } }, "default": { "description": "An issue occurred while processing the request.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } } } } }, "/api/v1/log/entries": { "get": { "tags": [ "entries" ], "summary": "Retrieves an entry and inclusion proof from the transparency log (if it exists) by index", "operationId": "getLogEntryByIndex", "parameters": [ { "name": "logIndex", "in": "query", "description": "specifies the index of the entry in the transparency log to be retrieved", "schema": { "minimum": 0, "type": "integer" } } ], "responses": { "2XX": { "description": "the entry in the transparency log requested along with an inclusion proof", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/LogEntry" } } } }, "default": { "description": "An issue occurred while processing the request.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } } } }, "post": { "tags": [ "entries" ], "summary": "Creates an entry in the transparency log", "description": "Creates an entry in the transparency log for a detached signature, public key, and content. Items can be included in the request or fetched by the server when URLs are specified.\n", "operationId": "createLogEntry", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ProposedEntry" } } }, "required": false }, "responses": { "2XX": { "description": "Returns the entry created in the transparency log", "headers": { "ETag": { "description": "UUID of log entry", "schema": { "type": "string" } }, "Location": { "description": "URI location of log entry", "schema": { "type": "string", "format": "uri" } } }, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/LogEntry" } } } }, "default": { "description": "An issue occurred while processing the request.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } } }, "x-codegen-request-body-name": "proposedEntry" } }, "/api/v1/log/entries/retrieve": { "post": { "tags": [ "entries" ], "summary": "Searches transparency log for one or more log entries", "operationId": "searchLogQuery", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SearchLogQuery" } } }, "required": false }, "responses": { "2XX": { "description": "Returns zero or more entries from the transparency log, according to how many were included in request query", "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/LogEntry" } } } } }, "default": { "description": "An issue occurred while processing the request.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } } }, "x-codegen-request-body-name": "entry" } }, "/api/v1/log/entries/{entryUUID}": { "get": { "tags": [ "entries" ], "summary": "Get log entry and information required to generate an inclusion proof for the entry in the transparency log", "description": "Returns the entry, root hash, tree size, and a list of hashes that can be used to calculate proof of an entry being included in the transparency log", "operationId": "getLogEntryByUUID", "parameters": [ { "name": "entryUUID", "in": "path", "description": "the UUID of the entry for which the inclusion proof information should be returned", "required": true, "schema": { "pattern": "^([0-9a-fA-F]{64}|[0-9a-fA-F]{80})$", "type": "string" } } ], "responses": { "2XX": { "description": "Information needed for a client to compute the inclusion proof", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/LogEntry" } } } }, "default": { "description": "An issue occurred while processing the request.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } } } } }, "/api/v1/log/proof": { "get": { "tags": [ "tlog" ], "summary": "Get information required to generate a consistency proof for the transparency log", "description": "Returns a list of hashes for specified tree sizes that can be used to confirm the consistency of the transparency log", "operationId": "getLogProof", "parameters": [ { "name": "firstSize", "in": "query", "description": "The size of the tree that you wish to prove consistency from (1 means the beginning of the log) Defaults to 1 if not specified\n", "schema": { "minimum": 1, "type": "integer", "default": 1 } }, { "name": "lastSize", "in": "query", "description": "The size of the tree that you wish to prove consistency to", "schema": { "minimum": 1, "type": "integer" } }, { "name": "treeID", "in": "query", "description": "The tree ID of the tree that you wish to prove consistency for", "schema": { "pattern": "^[0-9]+$", "type": "string" } } ], "responses": { "2XX": { "description": "All hashes required to compute the consistency proof", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ConsistencyProof" } } } }, "default": { "description": "An issue occurred while processing the request.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } } } } }, "/api/v1/log/publicKey": { "get": { "tags": [ "pubkey" ], "summary": "Retrieve the public key that can be used to validate the signed tree head", "description": "Returns the public key that can be used to validate the signed tree head", "operationId": "getPublicKey", "parameters": [ { "name": "treeID", "in": "query", "description": "The tree ID of the tree you wish to get a public key for", "schema": { "pattern": "^[0-9]+$", "type": "string" } } ], "responses": { "2XX": { "description": "The public key", "content": { "application/x-pem-file": { "schema": { "type": "string" } } } }, "default": { "description": "An issue occurred while processing the request.", "content": { "application/x-pem-file": { "schema": { "$ref": "#/components/schemas/Error" } } } } } } } }, "components": { "schemas": { "ConsistencyProof": { "required": [ "hashes", "rootHash" ], "type": "object", "properties": { "hashes": { "type": "array", "items": { "pattern": "^[0-9a-fA-F]{64}$", "type": "string", "description": "SHA256 hash value expressed in hexadecimal format" } }, "rootHash": { "pattern": "^[0-9a-fA-F]{64}$", "type": "string", "description": "The hash value stored at the root of the merkle tree at the time the proof was generated" } } }, "Error": { "type": "object", "properties": { "code": { "type": "integer" }, "message": { "type": "string" } } }, "InactiveShardLogInfo": { "required": [ "rootHash", "signedTreeHead", "treeID", "treeSize" ], "type": "object", "properties": { "rootHash": { "pattern": "^[0-9a-fA-F]{64}$", "type": "string", "description": "The current hash value stored at the root of the merkle tree" }, "signedTreeHead": { "type": "string", "description": "The current signed tree head", "format": "signedCheckpoint" }, "treeID": { "pattern": "^[0-9]+$", "type": "string", "description": "The current treeID" }, "treeSize": { "minimum": 1, "type": "integer", "description": "The current number of nodes in the merkle tree" } } }, "InclusionProof": { "required": [ "checkpoint", "hashes", "logIndex", "rootHash", "treeSize" ], "type": "object", "properties": { "checkpoint": { "type": "string", "description": "The checkpoint (signed tree head) that the inclusion proof is based on", "format": "signedCheckpoint" }, "hashes": { "type": "array", "description": "A list of hashes required to compute the inclusion proof, sorted in order from leaf to root", "items": { "pattern": "^[0-9a-fA-F]{64}$", "type": "string", "description": "SHA256 hash value expressed in hexadecimal format" } }, "logIndex": { "minimum": 0, "type": "integer", "description": "The index of the entry in the transparency log" }, "rootHash": { "pattern": "^[0-9a-fA-F]{64}$", "type": "string", "description": "The hash value stored at the root of the merkle tree at the time the proof was generated" }, "treeSize": { "minimum": 1, "type": "integer", "description": "The size of the merkle tree at the time the inclusion proof was generated" } } }, "LogEntry": { "type": "object", "additionalProperties": { "required": [ "body", "integratedTime", "logID", "logIndex" ], "type": "object", "properties": { "attestation": { "type": "object", "properties": { "data": { "pattern": "^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$", "type": "string", "format": "byte" } } }, "body": { "type": "string" }, "integratedTime": { "type": "integer", "description": "The time the entry was added to the log as a Unix timestamp in seconds" }, "logID": { "pattern": "^[0-9a-fA-F]{64}$", "type": "string", "description": "This is the SHA256 hash of the DER-encoded public key for the log at the time the entry was included in the log" }, "logIndex": { "minimum": 0, "type": "integer" }, "verification": { "type": "object", "properties": { "inclusionProof": { "$ref": "#/components/schemas/InclusionProof" }, "signedEntryTimestamp": { "pattern": "^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$", "type": "string", "description": "Signature over the logID, logIndex, body and integratedTime.", "format": "byte" } } } } } }, "LogInfo": { "required": [ "rootHash", "signedTreeHead", "treeID", "treeSize" ], "type": "object", "properties": { "inactiveShards": { "type": "array", "items": { "$ref": "#/components/schemas/InactiveShardLogInfo" } }, "rootHash": { "pattern": "^[0-9a-fA-F]{64}$", "type": "string", "description": "The current hash value stored at the root of the merkle tree" }, "signedTreeHead": { "type": "string", "description": "The current signed tree head", "format": "signedCheckpoint" }, "treeID": { "pattern": "^[0-9]+$", "type": "string", "description": "The current treeID" }, "treeSize": { "minimum": 1, "type": "integer", "description": "The current number of nodes in the merkle tree" } } }, "ProposedEntry": { "required": [ "kind" ], "type": "object", "properties": { "kind": { "type": "string" } }, "discriminator": { "propertyName": "kind" } }, "SearchIndex": { "type": "object", "properties": { "email": { "type": "string", "format": "email" }, "hash": { "pattern": "^(sha512:)?[0-9a-fA-F]{128}$|^(sha256:)?[0-9a-fA-F]{64}$|^(sha1:)?[0-9a-fA-F]{40}$", "type": "string" }, "operator": { "type": "string", "enum": [ "and", "or" ] }, "publicKey": { "required": [ "format" ], "type": "object", "properties": { "content": { "pattern": "^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$", "type": "string", "format": "byte" }, "format": { "type": "string", "enum": [ "pgp", "x509", "minisign", "ssh", "tuf" ] }, "url": { "type": "string", "format": "uri" } } } } }, "SearchLogQuery": { "type": "object", "properties": { "entries": { "maxItems": 10, "minItems": 1, "type": "array", "items": { "$ref": "#/components/schemas/ProposedEntry" } }, "entryUUIDs": { "maxItems": 10, "minItems": 1, "type": "array", "items": { "pattern": "^([0-9a-fA-F]{64}|[0-9a-fA-F]{80})$", "type": "string" } }, "logIndexes": { "maxItems": 10, "minItems": 1, "type": "array", "items": { "minimum": 0, "type": "integer" } } } }, "alpine": { "required": [ "apiVersion", "kind", "spec" ], "type": "object", "properties": { "kind": { "type": "string" }, "apiVersion": { "pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$", "type": "string" }, "spec": { "$ref": "#/components/schemas/AlpinePackageSchema" } }, "description": "Alpine package", "discriminator": { "propertyName": "kind" } }, "cose": { "required": [ "apiVersion", "kind", "spec" ], "type": "object", "properties": { "kind": { "type": "string" }, "apiVersion": { "pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$", "type": "string" }, "spec": { "$ref": "#/components/schemas/COSESchema" } }, "description": "COSE object", "discriminator": { "propertyName": "kind" } }, "dsse": { "required": [ "apiVersion", "kind", "spec" ], "type": "object", "properties": { "kind": { "type": "string" }, "apiVersion": { "pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$", "type": "string" }, "spec": { "$ref": "#/components/schemas/DSSESchema" } }, "description": "DSSE envelope", "discriminator": { "propertyName": "kind" } }, "hashedrekord": { "required": [ "apiVersion", "kind", "spec" ], "type": "object", "properties": { "kind": { "type": "string" }, "apiVersion": { "pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$", "type": "string" }, "spec": { "$ref": "#/components/schemas/HashedrekordSchema" } }, "description": "Hashed Rekord object", "discriminator": { "propertyName": "kind" } }, "helm": { "required": [ "apiVersion", "kind", "spec" ], "type": "object", "properties": { "kind": { "type": "string" }, "apiVersion": { "pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$", "type": "string" }, "spec": { "$ref": "#/components/schemas/HelmSchema" } }, "description": "Helm chart", "discriminator": { "propertyName": "kind" } }, "intoto": { "required": [ "apiVersion", "kind", "spec" ], "type": "object", "properties": { "kind": { "type": "string" }, "apiVersion": { "pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$", "type": "string" }, "spec": { "$ref": "#/components/schemas/IntotoSchema" } }, "description": "Intoto object", "discriminator": { "propertyName": "kind" } }, "jar": { "required": [ "apiVersion", "kind", "spec" ], "type": "object", "properties": { "kind": { "type": "string" }, "apiVersion": { "pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$", "type": "string" }, "spec": { "$ref": "#/components/schemas/JARSchema" } }, "description": "Java Archive (JAR)", "discriminator": { "propertyName": "kind" } }, "rekord": { "required": [ "apiVersion", "kind", "spec" ], "type": "object", "properties": { "kind": { "type": "string" }, "apiVersion": { "pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$", "type": "string" }, "spec": { "$ref": "#/components/schemas/RekorSchema" } }, "description": "Rekord object", "discriminator": { "propertyName": "kind" } }, "rfc3161": { "required": [ "apiVersion", "kind", "spec" ], "type": "object", "properties": { "kind": { "type": "string" }, "apiVersion": { "pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$", "type": "string" }, "spec": { "$ref": "#/components/schemas/TimestampSchema" } }, "description": "RFC3161 Timestamp", "discriminator": { "propertyName": "kind" } }, "rpm": { "required": [ "apiVersion", "kind", "spec" ], "type": "object", "properties": { "kind": { "type": "string" }, "apiVersion": { "pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$", "type": "string" }, "spec": { "$ref": "#/components/schemas/RPMSchema" } }, "description": "RPM package", "discriminator": { "propertyName": "kind" } }, "tuf": { "required": [ "apiVersion", "kind", "spec" ], "type": "object", "properties": { "kind": { "type": "string" }, "apiVersion": { "pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$", "type": "string" }, "spec": { "$ref": "#/components/schemas/TUFSchema" } }, "description": "TUF metadata", "discriminator": { "propertyName": "kind" } }, "HelmSchema": { "$schema": "http://json-schema.org/draft-07/schema#", "$id": "http://rekor.sigstore.dev/types/helm/helm_schema.json", "title": "Helm Schema", "description": "Schema for Helm objects", "type": "object", "oneOf": [ { "$schema": "http://json-schema.org/draft-07/schema#", "$id": "http://rekor.sigstore.dev/types/helm/helm_v0_0_1_schema.json", "title": "Helm v0.0.1 Schema", "description": "Schema for Helm object", "type": "object", "properties": { "publicKey": { "description": "The public key that can verify the package signature", "type": "object", "properties": { "content": { "description": "Specifies the content of the public key inline within the document", "type": "string", "format": "byte" } }, "required": [ "content" ] }, "chart": { "description": "Information about the Helm chart associated with the entry", "type": "object", "properties": { "hash": { "description": "Specifies the hash algorithm and value for the chart", "type": "object", "properties": { "algorithm": { "description": "The hashing function used to compute the hash value", "type": "string", "enum": [ "sha256" ] }, "value": { "description": "The hash value for the chart", "type": "string" } }, "required": [ "algorithm", "value" ], "readOnly": true }, "provenance": { "description": "The provenance entry associated with the signed Helm Chart", "type": "object", "properties": { "signature": { "description": "Information about the included signature in the provenance file", "type": "object", "properties": { "content": { "description": "Specifies the signature embedded within the provenance file ", "type": "string", "format": "byte", "readOnly": true } }, "required": [ "content" ], "readOnly": true }, "content": { "description": "Specifies the content of the provenance file inline within the document", "type": "string", "format": "byte", "writeOnly": true } }, "oneOf": [ { "required": [ "signature" ] }, { "required": [ "content" ] } ] } }, "required": [ "provenance" ] } }, "required": [ "publicKey", "chart" ] } ] }, "IntotoSchema": { "$schema": "http://json-schema.org/draft-07/schema#", "$id": "http://rekor.sigstore.dev/types/intoto/intoto_schema.json", "title": "Intoto Schema", "description": "Intoto for Rekord objects", "type": "object", "oneOf": [ { "$schema": "http://json-schema.org/draft-07/schema#", "$id": "http://rekor.sigstore.dev/types/intoto/intoto_v0_0_1_schema.json", "title": "intoto v0.0.1 Schema", "description": "Schema for intoto object", "type": "object", "properties": { "content": { "type": "object", "properties": { "envelope": { "description": "envelope", "type": "string", "writeOnly": true }, "hash": { "description": "Specifies the hash algorithm and value encompassing the entire signed envelope; this is computed by the rekor server, client-provided values are ignored", "type": "object", "properties": { "algorithm": { "description": "The hashing function used to compute the hash value", "type": "string", "enum": [ "sha256" ] }, "value": { "description": "The hash value for the archive", "type": "string" } }, "required": [ "algorithm", "value" ], "readOnly": true }, "payloadHash": { "description": "Specifies the hash algorithm and value covering the payload within the DSSE envelope; this is computed by the rekor server, client-provided values are ignored", "type": "object", "properties": { "algorithm": { "description": "The hashing function used to compute the hash value", "type": "string", "enum": [ "sha256" ] }, "value": { "description": "The hash value for the envelope's payload", "type": "string" } }, "required": [ "algorithm", "value" ], "readOnly": true } } }, "publicKey": { "description": "The public key that can verify the signature", "type": "string", "format": "byte" } }, "required": [ "publicKey", "content" ] }, { "$schema": "http://json-schema.org/draft-07/schema#", "$id": "http://rekor.sigstore.dev/types/intoto/intoto_v0_0_2_schema.json", "title": "intoto v0.0.2 Schema", "description": "Schema for intoto object", "type": "object", "properties": { "content": { "type": "object", "properties": { "envelope": { "description": "dsse envelope", "type": "object", "properties": { "payload": { "description": "payload of the envelope", "type": "string", "format": "byte", "writeOnly": true }, "payloadType": { "description": "type describing the payload", "type": "string" }, "signatures": { "description": "collection of all signatures of the envelope's payload", "type": "array", "minItems": 1, "items": { "description": "a signature of the envelope's payload along with the public key for the signature", "type": "object", "properties": { "keyid": { "description": "optional id of the key used to create the signature", "type": "string" }, "sig": { "description": "signature of the payload", "type": "string", "format": "byte" }, "publicKey": { "description": "public key that corresponds to this signature", "type": "string", "format": "byte" } }, "required": [ "sig", "publicKey" ] } } }, "required": [ "payloadType", "signatures" ] }, "hash": { "description": "Specifies the hash algorithm and value encompassing the entire signed envelope", "type": "object", "properties": { "algorithm": { "description": "The hashing function used to compute the hash value", "type": "string", "enum": [ "sha256" ] }, "value": { "description": "The hash value for the archive", "type": "string" } }, "required": [ "algorithm", "value" ], "readOnly": true }, "payloadHash": { "description": "Specifies the hash algorithm and value covering the payload within the DSSE envelope", "type": "object", "properties": { "algorithm": { "description": "The hashing function used to compute the hash value", "type": "string", "enum": [ "sha256" ] }, "value": { "description": "The hash value of the payload", "type": "string" } }, "required": [ "algorithm", "value" ], "readOnly": true } }, "required": [ "envelope" ] } }, "required": [ "content" ] } ] }, "DSSESchema": { "$schema": "http://json-schema.org/draft-07/schema#", "$id": "http://rekor.sigstore.dev/types/dsse/dsse_schema.json", "title": "DSSE Schema", "description": "log entry schema for dsse envelopes", "type": "object", "oneOf": [ { "$schema": "http://json-schema.org/draft-07/schema#", "$id": "http://rekor.sigstore.dev/types/dsse/dsse_v0_0_1_schema.json", "title": "DSSE v0.0.1 Schema", "description": "Schema for DSSE envelopes", "type": "object", "properties": { "proposedContent": { "type": "object", "properties": { "envelope": { "description": "DSSE envelope specified as a stringified JSON object", "type": "string", "writeOnly": true }, "verifiers": { "description": "collection of all verification material (e.g. public keys or certificates) used to verify signatures over envelope's payload, specified as base64-encoded strings", "type": "array", "minItems": 1, "items": { "type": "string", "format": "byte" }, "writeOnly": true } }, "writeOnly": true, "required": [ "envelope", "verifiers" ] }, "signatures": { "description": "extracted collection of all signatures of the envelope's payload; elements will be sorted by lexicographical order of the base64 encoded signature strings", "type": "array", "minItems": 1, "items": { "description": "a signature of the envelope's payload along with the verification material for the signature", "type": "object", "properties": { "signature": { "description": "base64 encoded signature of the payload", "type": "string", "pattern": "^(?:[A-Za-z0-9+\\/]{4})*(?:[A-Za-z0-9+\\/]{2}==|[A-Za-z0-9+\\/]{3}=|[A-Za-z0-9+\\/]{4})$" }, "verifier": { "description": "verification material that was used to verify the corresponding signature, specified as a base64 encoded string", "type": "string", "format": "byte" } }, "required": [ "signature", "verifier" ] }, "readOnly": true }, "envelopeHash": { "description": "Specifies the hash algorithm and value encompassing the entire envelope sent to Rekor", "type": "object", "properties": { "algorithm": { "description": "The hashing function used to compute the hash value", "type": "string", "enum": [ "sha256" ] }, "value": { "description": "The value of the computed digest over the entire envelope", "type": "string" } }, "required": [ "algorithm", "value" ], "readOnly": true }, "payloadHash": { "description": "Specifies the hash algorithm and value covering the payload within the DSSE envelope", "type": "object", "properties": { "algorithm": { "description": "The hashing function used to compute the hash value", "type": "string", "enum": [ "sha256" ] }, "value": { "description": "The value of the computed digest over the payload within the envelope", "type": "string" } }, "required": [ "algorithm", "value" ], "readOnly": true } }, "oneOf": [ { "required": [ "proposedContent" ] }, { "required": [ "signatures", "envelopeHash", "payloadHash" ] } ] } ] }, "AlpinePackageSchema": { "$schema": "http://json-schema.org/draft-07/schema#", "$id": "http://rekor.sigstore.dev/types/alpine/alpine_schema.json", "title": "Alpine Package Schema", "description": "Schema for Alpine package objects", "type": "object", "oneOf": [ { "$schema": "http://json-schema.org/draft-07/schema#", "$id": "http://rekor.sigstore.dev/types/alpine/alpine_v0_0_1_schema.json", "title": "Alpine v0.0.1 Schema", "description": "Schema for Alpine Package entries", "type": "object", "properties": { "publicKey": { "description": "The public key that can verify the package signature", "type": "object", "properties": { "content": { "description": "Specifies the content of the public key inline within the document", "type": "string", "format": "byte" } }, "required": [ "content" ] }, "package": { "description": "Information about the package associated with the entry", "type": "object", "properties": { "pkginfo": { "description": "Values of the .PKGINFO key / value pairs", "type": "object", "additionalProperties": { "type": "string" }, "readOnly": true }, "hash": { "description": "Specifies the hash algorithm and value for the package", "type": "object", "properties": { "algorithm": { "description": "The hashing function used to compute the hash value", "type": "string", "enum": [ "sha256" ] }, "value": { "description": "The hash value for the package", "type": "string" } }, "readOnly": true, "required": [ "algorithm", "value" ] }, "content": { "description": "Specifies the package inline within the document", "type": "string", "format": "byte", "writeOnly": true } }, "oneOf": [ { "required": [ "hash" ] }, { "required": [ "content" ] } ] } }, "required": [ "publicKey", "package" ] } ] }, "COSESchema": { "$schema": "http://json-schema.org/draft-07/schema#", "$id": "http://rekor.sigstore.dev/types/cose/cose_schema.json", "title": "COSE Schema", "description": "COSE for Rekord objects", "type": "object", "oneOf": [ { "$schema": "http://json-schema.org/draft-07/schema#", "$id": "http://rekor.sigstore.dev/types/cose/cose_v0_0_1_schema.json", "title": "cose v0.0.1 Schema", "description": "Schema for cose object", "type": "object", "properties": { "message": { "description": "The COSE Sign1 Message", "type": "string", "format": "byte", "writeOnly": true }, "publicKey": { "description": "The public key that can verify the signature", "type": "string", "format": "byte" }, "data": { "description": "Information about the content associated with the entry", "type": "object", "properties": { "payloadHash": { "description": "Specifies the hash algorithm and value for the content", "type": "object", "readOnly": true, "properties": { "algorithm": { "description": "The hashing function used to compute the hash value", "type": "string", "enum": [ "sha256" ] }, "value": { "description": "The hash value for the content", "type": "string" } }, "required": [ "algorithm", "value" ] }, "envelopeHash": { "description": "Specifies the hash algorithm and value for the COSE envelope", "type": "object", "readOnly": true, "properties": { "algorithm": { "description": "The hashing function used to compute the hash value", "type": "string", "enum": [ "sha256" ] }, "value": { "description": "The hash value for the envelope", "type": "string" } }, "required": [ "algorithm", "value" ] }, "aad": { "description": "Specifies the additional authenticated data required to verify the signature", "type": "string", "format": "byte", "writeOnly": true } }, "required": [] } }, "required": [ "publicKey" ] } ] }, "HashedrekordSchema": { "$schema": "http://json-schema.org/draft-07/schema#", "$id": "http://rekor.sigstore.dev/types/hashedrekord/hasehedrekord_schema.json", "title": "Hashedrekord Schema", "description": "Schema for Hashedrekord objects", "type": "object", "oneOf": [ { "$schema": "http://json-schema.org/draft-07/schema#", "$id": "http://rekor.sigstore.dev/types/rekord/hashedrekord_v0_0_1_schema.json", "title": "Hashed Rekor v0.0.1 Schema", "description": "Schema for Hashed Rekord object", "type": "object", "properties": { "signature": { "description": "Information about the detached signature associated with the entry", "type": "object", "properties": { "content": { "description": "Specifies the content of the signature inline within the document", "type": "string", "format": "byte" }, "publicKey": { "description": "The public key that can verify the signature; this can also be an X509 code signing certificate that contains the raw public key information", "type": "object", "properties": { "content": { "description": "Specifies the content of the public key or code signing certificate inline within the document", "type": "string", "format": "byte" } } } } }, "data": { "description": "Information about the content associated with the entry", "type": "object", "properties": { "hash": { "description": "Specifies the hash algorithm and value for the content", "type": "object", "properties": { "algorithm": { "description": "The hashing function used to compute the hash value", "type": "string", "enum": [ "sha256", "sha384", "sha512" ] }, "value": { "description": "The hash value for the content, as represented by a lower case hexadecimal string", "type": "string" } }, "required": [ "algorithm", "value" ] } } } }, "required": [ "signature", "data" ] } ] }, "JARSchema": { "$schema": "http://json-schema.org/draft-07/schema#", "$id": "http://rekor.sigstore.dev/types/jar/jar_schema.json", "title": "JAR Schema", "description": "Schema for JAR objects", "type": "object", "oneOf": [ { "$schema": "http://json-schema.org/draft-07/schema#", "$id": "http://rekor.sigstore.dev/types/jar/jar_v0_0_1_schema.json", "title": "JAR v0.0.1 Schema", "description": "Schema for JAR entries", "type": "object", "properties": { "signature": { "description": "Information about the included signature in the JAR file", "type": "object", "properties": { "content": { "description": "Specifies the PKCS7 signature embedded within the JAR file ", "type": "string", "format": "byte", "readOnly": true }, "publicKey": { "description": "The X509 certificate containing the public key JAR which verifies the signature of the JAR", "type": "object", "properties": { "content": { "description": "Specifies the content of the X509 certificate containing the public key used to verify the signature", "type": "string", "format": "byte" } }, "required": [ "content" ], "readOnly": true } }, "required": [ "publicKey", "content" ] }, "archive": { "description": "Information about the archive associated with the entry", "type": "object", "properties": { "hash": { "description": "Specifies the hash algorithm and value encompassing the entire signed archive", "type": "object", "properties": { "algorithm": { "description": "The hashing function used to compute the hash value", "type": "string", "enum": [ "sha256" ] }, "value": { "description": "The hash value for the archive", "type": "string" } }, "required": [ "algorithm", "value" ] }, "content": { "description": "Specifies the archive inline within the document", "type": "string", "format": "byte", "writeOnly": true } }, "oneOf": [ { "required": [ "hash" ] }, { "required": [ "content" ] } ] } }, "required": [ "archive" ] } ] }, "TUFSchema": { "$schema": "http://json-schema.org/draft-07/schema#", "$id": "http://rekor.sigstore.dev/types/tuf/tuf_schema.json", "title": "TUF Schema", "description": "Schema for TUF metadata objects", "type": "object", "oneOf": [ { "$schema": "http://json-schema.org/draft-07/schema#", "$id": "http://rekor.sigstore.dev/types/tuf/tuf_v0_0_1_schema.json", "title": "TUF v0.0.1 Schema", "description": "Schema for TUF metadata entries", "type": "object", "properties": { "spec_version": { "description": "TUF specification version", "type": "string", "readOnly": true }, "metadata": { "description": "TUF metadata", "type": "object", "properties": { "content": { "description": "Specifies the metadata inline within the document", "type": "object", "additionalProperties": true } }, "required": [ "content" ] }, "root": { "description": "root metadata containing about the public keys used to sign the manifest", "type": "object", "properties": { "content": { "description": "Specifies the metadata inline within the document", "type": "object", "additionalProperties": true } }, "required": [ "content" ] } }, "required": [ "metadata", "root" ] } ] }, "RekorSchema": { "$schema": "http://json-schema.org/draft-07/schema#", "$id": "http://rekor.sigstore.dev/types/rekord/rekord_schema.json", "title": "Rekor Schema", "description": "Schema for Rekord objects", "type": "object", "oneOf": [ { "$schema": "http://json-schema.org/draft-07/schema#", "$id": "http://rekor.sigstore.dev/types/rekord/rekord_v0_0_1_schema.json", "title": "Rekor v0.0.1 Schema", "description": "Schema for Rekord object", "type": "object", "properties": { "signature": { "description": "Information about the detached signature associated with the entry", "type": "object", "properties": { "format": { "description": "Specifies the format of the signature", "type": "string", "enum": [ "pgp", "minisign", "x509", "ssh" ] }, "content": { "description": "Specifies the content of the signature inline within the document", "type": "string", "format": "byte" }, "publicKey": { "description": "The public key that can verify the signature", "type": "object", "properties": { "content": { "description": "Specifies the content of the public key inline within the document", "type": "string", "format": "byte" } }, "required": [ "content" ] } }, "required": [ "format", "publicKey", "content" ] }, "data": { "description": "Information about the content associated with the entry", "type": "object", "properties": { "hash": { "description": "Specifies the hash algorithm and value for the content", "type": "object", "properties": { "algorithm": { "description": "The hashing function used to compute the hash value", "type": "string", "enum": [ "sha256" ] }, "value": { "description": "The hash value for the content", "type": "string" } }, "required": [ "algorithm", "value" ], "readOnly": true }, "content": { "description": "Specifies the content inline within the document", "type": "string", "format": "byte", "writeOnly": true } }, "oneOf": [ { "required": [ "hash" ] }, { "required": [ "content" ] } ] } }, "required": [ "signature", "data" ] } ] }, "TimestampSchema": { "$schema": "http://json-schema.org/draft-07/schema#", "$id": "http://rekor.sigstore.dev/types/rfc3161/rfc3161_schema.json", "title": "Timestamp Schema", "description": "Schema for RFC 3161 timestamp objects", "type": "object", "oneOf": [ { "$schema": "http://json-schema.org/draft-07/schema#", "$id": "http://rekor.sigstore.dev/types/timestamp/timestamp_v0_0_1_schema.json", "title": "Timestamp v0.0.1 Schema", "description": "Schema for RFC3161 entries", "type": "object", "properties": { "tsr": { "description": "Information about the tsr file associated with the entry", "type": "object", "properties": { "content": { "description": "Specifies the tsr file content inline within the document", "type": "string", "format": "byte" } }, "required": [ "content" ] } }, "required": [ "tsr" ] } ] }, "RPMSchema": { "$schema": "http://json-schema.org/draft-07/schema#", "$id": "http://rekor.sigstore.dev/types/rpm/rpm_schema.json", "title": "RPM Schema", "description": "Schema for RPM objects", "type": "object", "oneOf": [ { "$schema": "http://json-schema.org/draft-07/schema#", "$id": "http://rekor.sigstore.dev/types/rpm/rpm_v0_0_1_schema.json", "title": "RPM v0.0.1 Schema", "description": "Schema for RPM entries", "type": "object", "properties": { "publicKey": { "description": "The PGP public key that can verify the RPM signature", "type": "object", "properties": { "content": { "description": "Specifies the content of the public key inline within the document", "type": "string", "format": "byte" } }, "required": [ "content" ] }, "package": { "description": "Information about the package associated with the entry", "type": "object", "properties": { "headers": { "description": "Values of the RPM headers", "type": "object", "additionalProperties": { "type": "string" }, "readOnly": true }, "hash": { "description": "Specifies the hash algorithm and value for the package", "type": "object", "properties": { "algorithm": { "description": "The hashing function used to compute the hash value", "type": "string", "enum": [ "sha256" ] }, "value": { "description": "The hash value for the package", "type": "string" } }, "required": [ "algorithm", "value" ] }, "content": { "description": "Specifies the package inline within the document", "type": "string", "format": "byte", "writeOnly": true } }, "oneOf": [ { "required": [ "hash" ] }, { "required": [ "content" ] } ] } }, "required": [ "publicKey", "package" ] } ] } }, "responses": { "BadContent": { "description": "The content supplied to the server was invalid", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "Conflict": { "description": "The request conflicts with the current state of the transparency log", "headers": { "Location": { "schema": { "type": "string", "format": "uri" } } }, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "InternalServerError": { "description": "There was an internal error in the server while processing the request", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "NotFound": { "description": "The content requested could not be found", "content": {} }, "UnprocessableEntity": { "description": "The server understood the request but is unable to process the contained instructions", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } } } }, "x-original-swagger-version": "2.0" }