stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
49922dff5ad4435420dac177e832ba4290ceaea9
git.stella-ops.org/docs/schemas/time-anchor.schema.json
StellaOps Bot 05597616d6 feat: Add Go module and workspace test fixtures 
- Created expected JSON files for Go modules and workspaces.
- Added go.mod and go.sum files for example projects.
- Implemented private module structure with expected JSON output.
- Introduced vendored dependencies with corresponding expected JSON.
- Developed PostgresGraphJobStore for managing graph jobs.
- Established SQL migration scripts for graph jobs schema.
- Implemented GraphJobRepository for CRUD operations on graph jobs.
- Created IGraphJobRepository interface for repository abstraction.
- Added unit tests for GraphJobRepository to ensure functionality.
2025-12-06 20:04:03 +02:00

341 lines
8.7 KiB
JSON
Raw Blame History

{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://stellaops.io/schemas/time-anchor.v1.json",
"title": "TimeAnchor",
"description": "Time anchor and TUF trust schema for air-gapped time verification",
"type": "object",
"$defs": {
"TimeAnchor": {
"type": "object",
"description": "Trusted time anchor for offline environments",
"required": ["anchorTime", "source", "format", "tokenDigest"],
"properties": {
"anchorTime": {
"type": "string",
"format": "date-time",
"description": "RFC3339 timestamp of the anchor"
},
"source": {
"$ref": "#/$defs/TimeSource"
},
"format": {
"type": "string",
"description": "Format identifier for the time token",
"examples": ["roughtime-v1", "rfc3161-v1"]
},
"signatureFingerprint": {
"type": "string",
"pattern": "^[a-f0-9]+$",
"description": "Hex-encoded fingerprint of the signing key"
},
"tokenDigest": {
"type": "string",
"pattern": "^[a-f0-9]{64}$",
"description": "SHA-256 hex digest of the time token"
},
"verification": {
"$ref": "#/$defs/VerificationStatus"
}
}
},
"TimeSource": {
"type": "string",
"description": "Source of the time anchor",
"enum": ["roughtime", "rfc3161", "unknown"]
},
"VerificationStatus": {
"type": "object",
"properties": {
"status": {
"type": "string",
"enum": ["unknown", "passed", "failed"]
},
"reason": {
"type": "string"
},
"verifiedAt": {
"type": "string",
"format": "date-time"
}
}
},
"TrustRootsBundle": {
"type": "object",
"description": "Bundle of trusted time sources",
"required": ["version"],
"properties": {
"version": {
"type": "integer",
"minimum": 1
},
"roughtime": {
"type": "array",
"items": {
"$ref": "#/$defs/RoughtimeRoot"
}
},
"rfc3161": {
"type": "array",
"items": {
"$ref": "#/$defs/Rfc3161Root"
}
}
}
},
"RoughtimeRoot": {
"type": "object",
"description": "Roughtime server trust root",
"required": ["name", "publicKeyBase64", "validFrom", "validTo"],
"properties": {
"name": {
"type": "string",
"description": "Human-readable server name"
},
"publicKeyBase64": {
"type": "string",
"description": "Base64-encoded Ed25519 public key"
},
"validFrom": {
"type": "string",
"format": "date-time"
},
"validTo": {
"type": "string",
"format": "date-time"
}
}
},
"Rfc3161Root": {
"type": "object",
"description": "RFC 3161 TSA trust root",
"required": ["name", "certificatePem", "validFrom", "validTo", "fingerprintSha256"],
"properties": {
"name": {
"type": "string"
},
"certificatePem": {
"type": "string",
"description": "PEM-encoded X.509 certificate"
},
"validFrom": {
"type": "string",
"format": "date-time"
},
"validTo": {
"type": "string",
"format": "date-time"
},
"fingerprintSha256": {
"type": "string",
"pattern": "^[A-F0-9]{64}$",
"description": "SHA-256 fingerprint of certificate"
}
}
},
"TufMetadata": {
"type": "object",
"description": "TUF (The Update Framework) metadata for secure updates",
"required": ["specVersion", "version", "expires"],
"properties": {
"specVersion": {
"type": "string",
"const": "1.0.0"
},
"version": {
"type": "integer",
"minimum": 1,
"description": "Monotonically increasing version"
},
"expires": {
"type": "string",
"format": "date-time"
}
}
},
"TufRoot": {
"type": "object",
"description": "TUF root metadata",
"allOf": [
{"$ref": "#/$defs/TufMetadata"},
{
"type": "object",
"required": ["keys", "roles"],
"properties": {
"keys": {
"type": "object",
"additionalProperties": {
"$ref": "#/$defs/TufKey"
}
},
"roles": {
"type": "object",
"properties": {
"root": {"$ref": "#/$defs/TufRole"},
"snapshot": {"$ref": "#/$defs/TufRole"},
"timestamp": {"$ref": "#/$defs/TufRole"},
"targets": {"$ref": "#/$defs/TufRole"}
}
}
}
}
]
},
"TufKey": {
"type": "object",
"required": ["keytype", "scheme", "keyval"],
"properties": {
"keytype": {
"type": "string",
"enum": ["ed25519", "rsa", "ecdsa"]
},
"scheme": {
"type": "string",
"enum": ["ed25519", "rsassa-pss-sha256", "ecdsa-sha2-nistp256"]
},
"keyval": {
"type": "object",
"properties": {
"public": {"type": "string"}
}
}
}
},
"TufRole": {
"type": "object",
"required": ["keyids", "threshold"],
"properties": {
"keyids": {
"type": "array",
"items": {"type": "string"}
},
"threshold": {
"type": "integer",
"minimum": 1
}
}
},
"TufSnapshot": {
"type": "object",
"description": "TUF snapshot metadata",
"allOf": [
{"$ref": "#/$defs/TufMetadata"},
{
"type": "object",
"required": ["meta"],
"properties": {
"meta": {
"type": "object",
"additionalProperties": {
"$ref": "#/$defs/TufFileMeta"
}
}
}
}
]
},
"TufTimestamp": {
"type": "object",
"description": "TUF timestamp metadata",
"allOf": [
{"$ref": "#/$defs/TufMetadata"},
{
"type": "object",
"required": ["meta"],
"properties": {
"meta": {
"type": "object",
"properties": {
"snapshot.json": {
"$ref": "#/$defs/TufFileMeta"
}
}
}
}
}
]
},
"TufFileMeta": {
"type": "object",
"required": ["version"],
"properties": {
"version": {
"type": "integer"
},
"length": {
"type": "integer"
},
"hashes": {
"type": "object",
"properties": {
"sha256": {
"type": "string",
"pattern": "^[a-f0-9]{64}$"
},
"sha512": {
"type": "string",
"pattern": "^[a-f0-9]{128}$"
}
}
}
}
},
"TufValidationResult": {
"type": "object",
"description": "Result of TUF metadata validation",
"required": ["valid"],
"properties": {
"valid": {
"type": "boolean"
},
"failureCode": {
"type": "string",
"enum": [
"tuf-version-invalid",
"tuf-expiry-invalid",
"tuf-snapshot-hash-mismatch",
"tuf-signature-invalid",
"tuf-threshold-not-met"
]
},
"message": {
"type": "string"
}
}
},
"RootRotationPolicy": {
"type": "object",
"description": "Policy for rotating TUF root keys",
"required": ["minApprovers", "pendingKeys"],
"properties": {
"minApprovers": {
"type": "integer",
"minimum": 2,
"description": "Minimum distinct approvers required"
},
"pendingKeys": {
"type": "array",
"items": {"type": "string"},
"minItems": 1,
"description": "Keys pending rotation"
},
"activeKeys": {
"type": "array",
"items": {"type": "string"}
}
}
}
},
"examples": [
{
"anchorTime": "2025-12-06T00:00:00Z",
"source": "roughtime",
"format": "roughtime-v1",
"tokenDigest": "abc123def456789...",
"verification": {
"status": "passed",
"verifiedAt": "2025-12-06T00:00:01Z"
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink