File: certificate_transparency.proto

package info (click to toggle)
chromium 139.0.7258.127-1
  • links: PTS, VCS
  • area: main
  • in suites:
  • size: 6,122,068 kB
  • sloc: cpp: 35,100,771; ansic: 7,163,530; javascript: 4,103,002; python: 1,436,920; asm: 946,517; xml: 746,709; pascal: 187,653; perl: 88,691; sh: 88,436; objc: 79,953; sql: 51,488; cs: 44,583; fortran: 24,137; makefile: 22,147; tcl: 15,277; php: 13,980; yacc: 8,984; ruby: 7,485; awk: 3,720; lisp: 3,096; lex: 1,327; ada: 727; jsp: 228; sed: 36
file content (136 lines) | stat: -rw-r--r-- 4,668 bytes parent folder | download | duplicates (6) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
 
// Copyright 2021 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

syntax = "proto3";

package chrome_browser_certificate_transparency;

import "ct_timestamp.proto";

option optimize_for = LITE_RUNTIME;

// Represents the final state of a log at the time it was made read-only.
message FinalTreeHead {
  // Size of the log at the time it was made read-only.
  uint64 tree_size = 1;
  // Root hash of the log (base64-encoded) at the time it was made read-only.
  string sha256_root_hash = 2;
}

message CTLog {
  // Human-readable description to identify log.
  string description = 1;
  // Public key of the log, as a DER-encoded ASN.1 SubjectPublicKeyInfo
  // structure, then encoded as base64
  // (https://tools.ietf.org/html/rfc5280#section-4.1.2.7).
  string key = 2;
  // The base64-encoded LogID found in SCTs issued by this log
  // (https://tools.ietf.org/html/rfc6962#section-3.2).
  string log_id = 3;
  // Maximum merge delay, in seconds. The log should not take longer than this
  // to incorporate a certificate.
  uint64 mmd_secs = 4;
  // URL of the log's HTTP API.
  string url = 5;

  message Interval {
    CTTimestamp start = 1;
    CTTimestamp end = 2;
  }
  // The log will only accept certificates that expire between those dates.
  // Start time is inclusive, end time is not inclusive.
  Interval temporal_interval = 6;

  enum Purpose {
    UNSET_PURPOSE = 0;
    // The log is for production purposes. These logs appear in both
    // https://www.gstatic.com/ct/log_list/v3/log_list.json and
    // https://www.gstatic.com/ct/log_list/v3/all_logs_list.json
    // They are actively monitored, they have their availability metrics
    // published and they trigger incidents.
    PROD = 1;

    // The log is for test purposes. These logs appear in all_logs_list.json
    // but not in log_list.json.
    TEST = 2;

    // The log is for monitoring purposes only. These logs are not trusted. They
    // are included in availability metrics and all_logs_list.json but not in
    // log_list.json.
    MONITORING_ONLY = 3;
  }
  Purpose purpose = 7;

  enum CurrentState {
    UNSET_STATE = 0;
    PENDING = 1;
    QUALIFIED = 2;
    USABLE = 3;
    READ_ONLY = 4;
    RETIRED = 5;
    REJECTED = 6;
  }
  message State {
    // Current state of the log.
    CurrentState current_state = 1;
    // Time at which the log entered this state.
    CTTimestamp state_start = 2;
  }
  // State history of the log. Inverse chronological order, first element should
  // be the current state.
  repeated State state = 8;

  message OperatorChange {
    // Name of the log operator.
    string name = 1;
    // Timestamp at which this operator started operating this log.
    CTTimestamp operator_start = 2;
  }
  // History of all log operators that have ever operated this log, including
  // the timestamp at which each started operating it. Inverse chronological
  // order, first element should be the current operator.
  repeated OperatorChange operator_history = 9;

  // State of the log at the time it was made read-only. Should only be set if
  // state is READ_ONLY.
  FinalTreeHead read_only_info = 16;

  enum LogType {
    LOG_TYPE_UNSPECIFIED = 0;
    RFC6962 = 1;
    STATIC_CT_API = 2;
  }
  // Type of the log.
  LogType log_type = 18;
}

message LogOperator {
  // Name of this log operator.
  string name = 1;
  // Email addresses at which the log operator can be reached.
  repeated string email = 2;
}

message CTLogList {
  // Major version of the list, incremented any time there are changes in the
  // list, except for trivial (i.e. timestamp-only) changes.
  uint64 list_version_major = 1;
  // Minor version of the list, incremented any time the list is modified with
  // only trivial (i.e. timestamp-only) changes. Allows consumers to determine
  // the timestamp at which certain changes occur; for example, if a log is
  // rejected, a consumer can look at the minor version 1 of that major version
  // to determine at what timestamp that change was made.
  uint64 list_version_minor = 2;
  // Log list timestamp. This is meant to be used for freshness checks, and is
  // updated periodically regardless of whether the list contents' have changed.
  // Use list_version_major instead if monitoring for list contents' changes.
  CTTimestamp timestamp = 3;
  // Compatibility version, incremented if the list structure is changed in a
  // non-backwards-compatible way.
  uint64 compatibility_version = 4;
  // Contains all known log operators.
  repeated LogOperator operators = 5;
  // Contains all known logs.
  repeated CTLog logs = 6;
}