Class: Google::Apis::ContaineranalysisV1beta1::PgpSignedAttestation

Inherits:
Object
  • Object
show all
Includes:
Google::Apis::Core::Hashable, Google::Apis::Core::JsonObjectSupport
Defined in:
generated/google/apis/containeranalysis_v1beta1/classes.rb,
generated/google/apis/containeranalysis_v1beta1/representations.rb,
generated/google/apis/containeranalysis_v1beta1/representations.rb

Overview

An attestation wrapper with a PGP-compatible signature. This message only supports ATTACHED signatures, where the payload that is signed is included alongside the signature itself in the same file.

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from Google::Apis::Core::JsonObjectSupport

#to_json

Methods included from Google::Apis::Core::Hashable

process_value, #to_h

Constructor Details

#initialize(**args) ⇒ PgpSignedAttestation

Returns a new instance of PgpSignedAttestation.



2455
2456
2457
# File 'generated/google/apis/containeranalysis_v1beta1/classes.rb', line 2455

def initialize(**args)
   update!(**args)
end

Instance Attribute Details

#content_typeString

Type (for example schema) of the attestation payload that was signed. The verifier must ensure that the provided type is one that the verifier supports, and that the attestation payload is a valid instantiation of that type (for example by validating a JSON schema). Corresponds to the JSON property contentType

Returns:

  • (String)


2420
2421
2422
# File 'generated/google/apis/containeranalysis_v1beta1/classes.rb', line 2420

def content_type
  @content_type
end

#pgp_key_idString

The cryptographic fingerprint of the key used to generate the signature, as output by, e.g. gpg --list-keys. This should be the version 4, full 160-bit fingerprint, expressed as a 40 character hexidecimal string. See https://tools.ietf.org/html/rfc4880#section-12.2 for details. Implementations may choose to acknowledge "LONG", "SHORT", or other abbreviated key IDs, but only the full fingerprint is guaranteed to work. In gpg, the full fingerprint can be retrieved from the fpr field returned when calling --list-keys with --with-colons. For example:

gpg --with-colons --with-fingerprint --force-v4-certs \
--list-keys attester@example.com
tru::1:1513631572:0:3:1:5
pub:...<SNIP>...
fpr:::::::::24FF6481B76AC91E66A00AC657A93A81EF3AE6FB:

Above, the fingerprint is 24FF6481B76AC91E66A00AC657A93A81EF3AE6FB. Corresponds to the JSON property pgpKeyId

Returns:

  • (String)


2440
2441
2442
# File 'generated/google/apis/containeranalysis_v1beta1/classes.rb', line 2440

def pgp_key_id
  @pgp_key_id
end

#signatureString

Required. The raw content of the signature, as output by GNU Privacy Guard (GPG) or equivalent. Since this message only supports attached signatures, the payload that was signed must be attached. While the signature format supported is dependent on the verification implementation, currently only ASCII-armored (--armor to gpg), non-clearsigned (--sign rather than --clearsign to gpg) are supported. Concretely, gpg --sign --armor --output=signature.gpg payload.json will create the signature content expected in this field in signature.gpg for the payload.json attestation payload. Corresponds to the JSON property signature

Returns:

  • (String)


2453
2454
2455
# File 'generated/google/apis/containeranalysis_v1beta1/classes.rb', line 2453

def signature
  @signature
end

Instance Method Details

#update!(**args) ⇒ Object

Update properties of this object



2460
2461
2462
2463
2464
# File 'generated/google/apis/containeranalysis_v1beta1/classes.rb', line 2460

def update!(**args)
  @content_type = args[:content_type] if args.key?(:content_type)
  @pgp_key_id = args[:pgp_key_id] if args.key?(:pgp_key_id)
  @signature = args[:signature] if args.key?(:signature)
end