var FulcioAPIVersions = []uint32{1}

var RekorAPIVersions = []uint32{1, 2}

var TimestampAuthorityAPIVersions = []uint32{1}

type BundleOptions struct {
	// Optional certificate provider to get code signing certificate from.
	//
	// Typically a Fulcio instance; resulting bundle will contain a certificate
	// for its verification material content instead of a public key.
	CertificateProvider CertificateProvider
	// Optional options for certificate provider
	//
	// Some certificate authorities may require options to be set
	CertificateProviderOptions *CertificateProviderOptions
	// Optional list of timestamp authorities to contact for inclusion in bundle
	TimestampAuthorities []*TimestampAuthority
	// Optional list of Rekor instances to get transparency log entry from.
	//
	// Supports hashedrekord and dsse entry types.
	TransparencyLogs []Transparency
	// Optional context for retrying network requests
	Context context.Context
	// Optional trusted root to verify signed bundle
	TrustedRoot root.TrustedMaterial
}

type CertificateProvider interface {
	GetCertificate(context.Context, Keypair, *CertificateProviderOptions) ([]byte, error)
}

type CertificateProviderOptions struct {
	// Optional OIDC JWT to send to certificate provider; required for Fulcio
	IDToken string
}

type Content interface {
	// Return the data to be signed
	PreAuthEncoding() []byte
	// Add something that satisfies protobundle.isBundle_Content to bundle
	Bundle(bundle *protobundle.Bundle, signature, digest []byte, hashAlgorithm protocommon.HashAlgorithm)
}

type DSSEData struct {
	Data        []byte
	PayloadType string
}

type EphemeralKeypair struct {
	// contains filtered or unexported fields
}

type EphemeralKeypairOptions struct {
	// Optional hint of for signing key
	Hint []byte
}

type Fulcio struct {
	// contains filtered or unexported fields
}

type FulcioOptions struct {
	// URL of Fulcio instance
	BaseURL string
	// Optional timeout for network requests (default 30s; use negative value for no timeout)
	Timeout time.Duration
	// Optional number of times to retry on HTTP 5XX
	Retries uint
	// Optional Transport (for dependency injection)
	Transport http.RoundTripper
}

type Keypair interface {
	GetHashAlgorithm() protocommon.HashAlgorithm
	GetHint() []byte
	GetKeyAlgorithm() string
	GetPublicKeyPem() (string, error)
	SignData(ctx context.Context, data []byte) ([]byte, []byte, error)
}

type PlainData struct {
	Data []byte
}

type Rekor struct {
	// contains filtered or unexported fields
}

type RekorClient interface {
	CreateLogEntry(params *entries.CreateLogEntryParams, opts ...entries.ClientOption) (*entries.CreateLogEntryCreated, error)
}

type RekorOptions struct {
	// URL of Fulcio instance
	BaseURL string
	// Optional timeout for network requests (default 30s; use negative value for no timeout)
	Timeout time.Duration
	// Optional number of times to retry
	Retries uint
	// Optional client (for dependency injection)
	Client   RekorClient
	ClientV2 RekorV2Client
	Version  uint32
}

type RekorV2Client interface {
	Add(ctx context.Context, entry any) (*protorekor.TransparencyLogEntry, error)
}

type TimestampAuthority struct {
	// contains filtered or unexported fields
}

type TimestampAuthorityOptions struct {
	// Full URL (with path) of Timestamp Authority endpoint
	URL string
	// Optional timeout for network requests (default 30s; use negative value for no timeout)
	Timeout time.Duration
	// Optional number of times to retry on HTTP 5XX
	Retries uint
	// Optional Transport (for dependency injection)
	Transport http.RoundTripper
}

type Transparency interface {
	GetTransparencyLogEntry(context.Context, []byte, *protobundle.Bundle) error
}