Skip to content

Commit dd06849

Browse files
CBOM: add custom fingerprints (#903)
Extend the `fingerprint` definition in `cyclonedx-cryptography-2.0.schema.json` to support custom fingerprint algorithms alongside standard hash algorithms. ### Changes - Replace the flat `$ref: hash` on `certificateProperties.fingerprint` and `relatedCryptoMaterialProperties.fingerprint` with a single central `$defs/fingerprint` definition - `$defs/fingerprint` uses `oneOf` with two branches: - **Standard Hash** — `alg` + `content` (refs to existing `hashAlgorithm` / `hashValue`); fully backward compatible - **Custom Fingerprint** — `customAlg` + `customContent` for non-standard algorithms ### Backward Compatibility Existing documents with `{"alg": "SHA-256", "content": "..."}` satisfy the Standard Hash branch unchanged.
2 parents 522d5b7 + d54f9a0 commit dd06849

2 files changed

Lines changed: 47 additions & 6 deletions

File tree

schema/2.0/model/cyclonedx-common-2.0.schema.json

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -54,10 +54,14 @@
5454
"additionalProperties": false,
5555
"properties": {
5656
"alg": {
57-
"$ref": "#/$defs/hashAlgorithm"
57+
"$ref": "#/$defs/hashAlgorithm",
58+
"title": "Hash Algorithm",
59+
"description": "The standard, well-known algorithm used to compute the hash."
5860
},
5961
"content": {
60-
"$ref": "#/$defs/hashValue"
62+
"$ref": "#/$defs/hashValue",
63+
"title": "Hash Value",
64+
"description": "The value of the hash computed using the standard, well-known algorithm."
6165
}
6266
}
6367
},

schema/2.0/model/cyclonedx-cryptography-2.0.schema.json

Lines changed: 41 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -416,7 +416,7 @@
416416
]
417417
},
418418
"fingerprint": {
419-
"$ref": "cyclonedx-common-2.0.schema.json#/$defs/hash",
419+
"$ref": "#/$defs/fingerprint",
420420
"title": "Certificate Fingerprint",
421421
"description": "The fingerprint is a cryptographic hash of the certificate excluding it's signature."
422422
},
@@ -718,9 +718,7 @@
718718
"description": "The mechanism by which the cryptographic asset is secured by."
719719
},
720720
"fingerprint": {
721-
"$ref": "cyclonedx-common-2.0.schema.json#/$defs/hash",
722-
"title": "Fingerprint",
723-
"description": "The fingerprint is a cryptographic hash of the asset."
721+
"$ref": "#/$defs/fingerprint"
724722
},
725723
"relatedCryptographicAssets": {
726724
"$ref": "#/$defs/relatedCryptographicAssets"
@@ -1119,6 +1117,45 @@
11191117
}
11201118
}
11211119
},
1120+
"fingerprint": {
1121+
"type": "object",
1122+
"title": "Fingerprint",
1123+
"description": "The fingerprint is a cryptographic hash of the asset.",
1124+
"oneOf": [
1125+
{
1126+
"title": "Standard Hash",
1127+
"description": "A fingerprint computed using a standard, well-known hash algorithm.",
1128+
"required": ["alg", "content"],
1129+
"additionalProperties": false,
1130+
"properties": {
1131+
"alg": {
1132+
"$ref": "cyclonedx-common-2.0.schema.json#/$defs/hashAlgorithm"
1133+
},
1134+
"content": {
1135+
"$ref": "cyclonedx-common-2.0.schema.json#/$defs/hashValue"
1136+
}
1137+
}
1138+
},
1139+
{
1140+
"title": "Custom Fingerprint",
1141+
"description": "A fingerprint computed with a custom or non-standard algorithm not covered by the standard hash algorithms.",
1142+
"required": ["customAlg", "customContent"],
1143+
"additionalProperties": false,
1144+
"properties": {
1145+
"customAlg": {
1146+
"type": "string",
1147+
"title": "Custom Fingerprint Algorithm",
1148+
"description": "The name of the custom algorithm used to compute the fingerprint."
1149+
},
1150+
"customContent": {
1151+
"type": "string",
1152+
"title": "Custom Fingerprint Content",
1153+
"description": "The value of the fingerprint computed using the custom algorithm."
1154+
}
1155+
}
1156+
}
1157+
]
1158+
},
11221159
"securedBy": {
11231160
"type": "object",
11241161
"title": "Secured By",

0 commit comments

Comments
 (0)