Class: Google::Apis::BinaryauthorizationV1::Signature

Inherits:
Object
  • Object
show all
Includes:
Core::Hashable, Core::JsonObjectSupport
Defined in:
lib/google/apis/binaryauthorization_v1/classes.rb,
lib/google/apis/binaryauthorization_v1/representations.rb,
lib/google/apis/binaryauthorization_v1/representations.rb

Overview

Verifiers (e.g. Kritis implementations) MUST verify signatures with respect to the trust anchors defined in policy (e.g. a Kritis policy). Typically this means that the verifier has been configured with a map from public_key_id to public key material (and any required parameters, e.g. signing algorithm). In particular, verification implementations MUST NOT treat the signature public_key_id as anything more than a key lookup hint. The public_key_id DOES NOT validate or authenticate a public key; it only provides a mechanism for quickly selecting a public key ALREADY CONFIGURED on the verifier through a trusted channel. Verification implementations MUST reject signatures in any of the following circumstances: * The public_key_id is not recognized by the verifier. * The public key that public_key_id refers to does not verify the signature with respect to the payload. The signature contents SHOULD NOT be " attached" (where the payload is included with the serialized signature bytes) . Verifiers MUST ignore any "attached" payload and only verify signatures with respect to explicitly provided payload (e.g. a payload field on the proto message that holds this Signature, or the canonical serialization of the proto message that holds this signature).

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(**args) ⇒ Signature

Returns a new instance of Signature.



1451
1452
1453
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 1451

def initialize(**args)
   update!(**args)
end

Instance Attribute Details

#public_key_idString

The identifier for the public key that verifies this signature. * The public_key_id is required. * The public_key_id SHOULD be an RFC3986 conformant URI. * When possible, the public_key_id SHOULD be an immutable reference, such as a cryptographic digest. Examples of valid public_key_ids: OpenPGP V4 public key fingerprint: * "openpgp4fpr: 74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA" See https://www.iana.org/assignments/ uri-schemes/prov/openpgp4fpr for more details on this scheme. RFC6920 digest- named SubjectPublicKeyInfo (digest of the DER serialization): * "ni:///sha-256; cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU" * "nih:///sha-256; 703f68f42aba2c6de30f488a5ea122fef76324679c9bf89791ba95a1271589a5" Corresponds to the JSON property publicKeyId

Returns:

  • (String)


1439
1440
1441
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 1439

def public_key_id
  @public_key_id
end

#signatureString

The content of the signature, an opaque bytestring. The payload that this signature verifies MUST be unambiguously provided with the Signature during verification. A wrapper message might provide the payload explicitly. Alternatively, a message might have a canonical serialization that can always be unambiguously computed to derive the payload. Corresponds to the JSON property signature NOTE: Values are automatically base64 encoded/decoded in the client library.

Returns:

  • (String)


1449
1450
1451
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 1449

def signature
  @signature
end

Instance Method Details

#update!(**args) ⇒ Object

Update properties of this object



1456
1457
1458
1459
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 1456

def update!(**args)
  @public_key_id = args[:public_key_id] if args.key?(:public_key_id)
  @signature = args[:signature] if args.key?(:signature)
end