public
static
final
class
Signature
.
Builder
extends
GeneratedMessage
.
Builder<Signature
.
Builder
>
implements
SignatureOrBuilder
Verifiers (e.g. Kritis implementations) MUST verify signatures
with respect to the trust anchors defined in policy (e.g. a Kritis policy).
Typically this means that the verifier has been configured with a map from public_key_id
to public key material (and any required parameters, e.g.
signing algorithm).
In particular, verification implementations MUST NOT treat the signature public_key_id
as anything more than a key lookup hint. The public_key_id
DOES NOT validate or authenticate a public key; it only provides a mechanism
for quickly selecting a public key ALREADY CONFIGURED on the verifier through
a trusted channel. Verification implementations MUST reject signatures in any
of the following circumstances:
- The
public_key_idis not recognized by the verifier. -
The public key that
public_key_idrefers to does not verify the signature with respect to the payload.The
signaturecontents SHOULD NOT be "attached" (where the payload is included with the serializedsignaturebytes). Verifiers MUST ignore any "attached" payload and only verify signatures with respect to explicitly provided payload (e.g. apayloadfield on the proto message that holds this Signature, or the canonical serialization of the proto message that holds this signature).
Protobuf type grafeas.v1.Signature
Inheritance
java.lang.Object > AbstractMessageLite.Builder<MessageType,BuilderType> > AbstractMessage.Builder<BuilderType> > GeneratedMessage.Builder > Signature.BuilderImplements
SignatureOrBuilderStatic Methods
getDescriptor()
public
static
final
Descriptors
.
Descriptor
getDescriptor
()
Methods
build()
public
Signature
build
()
buildPartial()
public
Signature
buildPartial
()
clear()
public
Signature
.
Builder
clear
()
clearPublicKeyId()
public
Signature
.
Builder
clearPublicKeyId
()
The identifier for the public key that verifies this signature.
- The
public_key_idis required. - The
public_key_idSHOULD be an RFC3986 conformant URI. -
When possible, the
public_key_idSHOULD be an immutable reference, such as a cryptographic digest.Examples of valid
public_key_ids:OpenPGP V4 public key fingerprint:
-
"openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA" See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr for more details on this scheme.
RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER serialization):
- "ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU"
- "nih:///sha-256;703f68f42aba2c6de30f488a5ea122fef76324679c9bf89791ba95a1271589a5"
string public_key_id = 2;
clearSignature()
public
Signature
.
Builder
clearSignature
()
The content of the signature, an opaque bytestring. The payload that this signature verifies MUST be unambiguously provided with the Signature during verification. A wrapper message might provide the payload explicitly. Alternatively, a message might have a canonical serialization that can always be unambiguously computed to derive the payload.
bytes signature = 1;
getDefaultInstanceForType()
public
Signature
getDefaultInstanceForType
()
getDescriptorForType()
public
Descriptors
.
Descriptor
getDescriptorForType
()
getPublicKeyId()
public
String
getPublicKeyId
()
The identifier for the public key that verifies this signature.
- The
public_key_idis required. - The
public_key_idSHOULD be an RFC3986 conformant URI. -
When possible, the
public_key_idSHOULD be an immutable reference, such as a cryptographic digest.Examples of valid
public_key_ids:OpenPGP V4 public key fingerprint:
-
"openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA" See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr for more details on this scheme.
RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER serialization):
- "ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU"
- "nih:///sha-256;703f68f42aba2c6de30f488a5ea122fef76324679c9bf89791ba95a1271589a5"
string public_key_id = 2;
getPublicKeyIdBytes()
public
ByteString
getPublicKeyIdBytes
()
The identifier for the public key that verifies this signature.
- The
public_key_idis required. - The
public_key_idSHOULD be an RFC3986 conformant URI. -
When possible, the
public_key_idSHOULD be an immutable reference, such as a cryptographic digest.Examples of valid
public_key_ids:OpenPGP V4 public key fingerprint:
-
"openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA" See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr for more details on this scheme.
RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER serialization):
- "ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU"
- "nih:///sha-256;703f68f42aba2c6de30f488a5ea122fef76324679c9bf89791ba95a1271589a5"
string public_key_id = 2;
getSignature()
public
ByteString
getSignature
()
The content of the signature, an opaque bytestring. The payload that this signature verifies MUST be unambiguously provided with the Signature during verification. A wrapper message might provide the payload explicitly. Alternatively, a message might have a canonical serialization that can always be unambiguously computed to derive the payload.
bytes signature = 1;
internalGetFieldAccessorTable()
protected
GeneratedMessage
.
FieldAccessorTable
internalGetFieldAccessorTable
()
isInitialized()
public
final
boolean
isInitialized
()
mergeFrom(CodedInputStream input, ExtensionRegistryLite extensionRegistry)
public
Signature
.
Builder
mergeFrom
(
CodedInputStream
input
,
ExtensionRegistryLite
extensionRegistry
)
mergeFrom(Message other)
public
Signature
.
Builder
mergeFrom
(
Message
other
)
mergeFrom(Signature other)
public
Signature
.
Builder
mergeFrom
(
Signature
other
)
setPublicKeyId(String value)
public
Signature
.
Builder
setPublicKeyId
(
String
value
)
The identifier for the public key that verifies this signature.
- The
public_key_idis required. - The
public_key_idSHOULD be an RFC3986 conformant URI. -
When possible, the
public_key_idSHOULD be an immutable reference, such as a cryptographic digest.Examples of valid
public_key_ids:OpenPGP V4 public key fingerprint:
-
"openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA" See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr for more details on this scheme.
RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER serialization):
- "ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU"
- "nih:///sha-256;703f68f42aba2c6de30f488a5ea122fef76324679c9bf89791ba95a1271589a5"
string public_key_id = 2;
setPublicKeyIdBytes(ByteString value)
public
Signature
.
Builder
setPublicKeyIdBytes
(
ByteString
value
)
The identifier for the public key that verifies this signature.
- The
public_key_idis required. - The
public_key_idSHOULD be an RFC3986 conformant URI. -
When possible, the
public_key_idSHOULD be an immutable reference, such as a cryptographic digest.Examples of valid
public_key_ids:OpenPGP V4 public key fingerprint:
-
"openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA" See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr for more details on this scheme.
RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER serialization):
- "ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU"
- "nih:///sha-256;703f68f42aba2c6de30f488a5ea122fef76324679c9bf89791ba95a1271589a5"
string public_key_id = 2;
setSignature(ByteString value)
public
Signature
.
Builder
setSignature
(
ByteString
value
)
The content of the signature, an opaque bytestring. The payload that this signature verifies MUST be unambiguously provided with the Signature during verification. A wrapper message might provide the payload explicitly. Alternatively, a message might have a canonical serialization that can always be unambiguously computed to derive the payload.
bytes signature = 1;
