Azure.Security.CodeTransparency Namespace

Classes

Name Description
AzureSecurityCodeTransparencyContext

Context class which will be filled in by the System.ClientModel.SourceGeneration. For more information https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/core/System.ClientModel/src/docs/ModelReaderWriterContext.md

CborUtils

Utility methods for reading simple string values from CBOR-encoded maps used within Signing Transparency receipts and responses. Methods are defensive: on invalid input, key absence, or unexpected CBOR shapes they return an empty string instead of throwing, allowing callers to decide whether absence is an error condition.

CcfReceipt

CcfReceipt class which enables encoding, decoding and verification of receipts issued from the Signing Transparency Service. This class encapsulates the representation and the available operations of CBOR encoded CCF SCITT receipts. This is a reference implementation for a proposed draft IETF specification: https://datatracker.ietf.org/doc/draft-birkholz-scitt-receipts/03/ .

CcfReceiptVerifier

CcfReceiptVerifier class contains the methods to verify the CCF SCITT receipt integrity and the inclusion in the Signing Transparency Service. The verification requires the receipt, the COSE_Sign1 envelope and the service certificate. The COSE_Sign1 envelope is the payload that was submitted to the Signing Transparency Service. The receipt is a cryptographic proof issued by the Signing Transparency Service after the successful submission of the signature. The service certificate is the public key of the Signing Transparency Service that was used to endorse the receipt. The receipt can also be embedded in the COSE_Sign1 envelope.

CodeTransparencyCertificateClient

The client to fetch the service certificate for the use in TLS connection. Very similar to the one used in Azure.Security.ConfidentialLedger. Certificate responses get cached for a configured time.

CodeTransparencyClient

The CodeTransparencyClient.

CodeTransparencyClientHostExtensions

Extension methods to add CodeTransparencyClient to an IHostApplicationBuilder.

CodeTransparencyClientOptions

These options are used in both the certificate client and the regular client.

CodeTransparencyClientSettings

Represents the settings used to configure a CodeTransparencyClient that can be loaded from an IConfigurationSection.

CodeTransparencyModelFactory

A factory class for creating instances of the models for mocking.

CodeTransparencyOfflineKeys

A case-insensitive dictionary mapping ledger domains to their JWKS documents for offline verification.

CodeTransparencyVerificationOptions

Options controlling VerifyTransparentStatement(Byte[], CodeTransparencyVerificationOptions, CodeTransparencyClientOptions).

JsonWebKey

rfc7517 JSON Web Key representation adapted from a shared swagger definition in the common types.

JwksDocument

A JWKS like document.

ServiceIdentityResult

Response from the identity service containing the TLS cert.

Enums

Name Description
AuthorizedReceiptBehavior

Specifies how receipts whose issuer domains ARE in the authorized list should be enforced.

CodeTransparencyClientOptions.ServiceVersion

The version of the service to use.

CodeTransparencyOperationStatus

Represents the status of an operation in CTS.

OfflineKeysBehavior

Specifies behaviors for the use of offline keys contained in OfflineKeys.

UnauthorizedReceiptBehavior

Specifies behaviors for receipts whose issuer domains are not contained in AuthorizedDomains.