chainloop icon indicating copy to clipboard operation
chainloop copied to clipboard
verified publisher icon chainloop-dev

Use SignServer REST interface

Open jiparis opened this issue 1 year ago • 0 comments

Chainloop is currently using the HTTP interface (older) for signing. However, it's advised to use the new REST interface that provides the verification material after signing. This provides easier verification without needing to provide the signing certificate out of band, and enables the use of ephemeral certificates with SignServer.

OpenAPI spec can be found here, where we can see the process response includes the certificate:

     "ProcessResponse" : {
        "description" : "POJO that represents a process response.",
        "type" : "object",
        "properties" : {
          "data" : {
            "description" : "The resulting data (i.e the signature) in Base64 encoding",
            "type" : "string"
          },
          "requestId" : {
            "type" : "string"
          },
          "archiveId" : {
            "type" : "string"
          },
          "signerCertificate" : {
            "type" : "string"
          },
          "metaData" : {
            "type" : "object",
            "additionalProperties" : {
              "type" : "string"
            }
          }
        }
      },

jiparis avatar Sep 20 '24 07:09 jiparis