Skip to content

Commit

Permalink
Add documentation for SCT formats (#718)
Browse files Browse the repository at this point in the history
Fixes #539

Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
  • Loading branch information
haydentherapper authored Aug 3, 2022
1 parent c3210c4 commit ab2538a
Show file tree
Hide file tree
Showing 4 changed files with 20 additions and 6 deletions.
9 changes: 8 additions & 1 deletion fulcio.proto
Original file line number Diff line number Diff line change
Expand Up @@ -159,9 +159,12 @@ message SigningCertificateDetachedSCT {
*/
CertificateChain chain = 1;
/*
* The signed certificate timestamp is a promise for including the certificate in
* The Signed Certificate Timestamp (SCT) is a promise for including the certificate in
* a certificate transparency log. It can be "stapled" to verify the inclusion of
* a certificate in the log in an offline fashion.
*
* The SCT format is an AddChainResponse struct, defined in
* https://github.com/google/certificate-transparency-go
*/
bytes signed_certificate_timestamp = 2;
}
Expand All @@ -172,6 +175,10 @@ message SigningCertificateEmbeddedSCT {
* by all intermediate certificates (if present), finishing with the root certificate.
*
* All values are PEM-encoded certificates.
*
* The leaf certificate contains an embedded Signed Certificate Timestamp (SCT) to
* verify inclusion of the certificate in a log. The SCT format is a SignedCertificateTimestampList,
* as defined in https://datatracker.ietf.org/doc/html/rfc6962#section-3.3
*/
CertificateChain chain = 1;
}
Expand Down
4 changes: 2 additions & 2 deletions fulcio.swagger.json
Original file line number Diff line number Diff line change
Expand Up @@ -295,7 +295,7 @@
"signedCertificateTimestamp": {
"type": "string",
"format": "byte",
"description": "The signed certificate timestamp is a promise for including the certificate in\na certificate transparency log. It can be \"stapled\" to verify the inclusion of\na certificate in the log in an offline fashion."
"description": "The Signed Certificate Timestamp (SCT) is a promise for including the certificate in\na certificate transparency log. It can be \"stapled\" to verify the inclusion of\na certificate in the log in an offline fashion.\n\nThe SCT format is an AddChainResponse struct, defined in\nhttps://github.com/google/certificate-transparency-go"
}
},
"title": "(-- api-linter: core::0142::time-field-type=disabled\n aip.dev/not-precedent: SCT is defined in RFC6962 and we keep the name consistent for easier understanding. --)"
Expand All @@ -305,7 +305,7 @@
"properties": {
"chain": {
"$ref": "#/definitions/v2CertificateChain",
"description": "The certificate chain serialized with the leaf certificate first, followed\nby all intermediate certificates (if present), finishing with the root certificate.\n\nAll values are PEM-encoded certificates."
"description": "The certificate chain serialized with the leaf certificate first, followed\nby all intermediate certificates (if present), finishing with the root certificate.\n\nAll values are PEM-encoded certificates.\n\nThe leaf certificate contains an embedded Signed Certificate Timestamp (SCT) to\nverify inclusion of the certificate in a log. The SCT format is a SignedCertificateTimestampList,\nas defined in https://datatracker.ietf.org/doc/html/rfc6962#section-3.3"
}
}
},
Expand Down
11 changes: 9 additions & 2 deletions pkg/generated/protobuf/fulcio.pb.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion pkg/generated/protobuf/legacy/fulcio_legacy.pb.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 comments on commit ab2538a

Please sign in to comment.