Documentation
¶
Index ¶
- type BundleOptsFunc
- type DefaultSigner
- func (bs *DefaultSigner) BuildMessage(data []byte) *sign.PlainData
- func (bs *DefaultSigner) BuildSigstoreSignerOptions(opts *options.Signer) (*sign.BundleOptions, error)
- func (bs *DefaultSigner) GetAmbientTokens(opts *options.Signer) error
- func (bs *DefaultSigner) GetKeyPair(opts *options.Signer) (*sign.EphemeralKeypair, error)
- func (bs *DefaultSigner) GetOidcToken(opts *options.Signer) error
- func (bs *DefaultSigner) SignBundle(content sign.Content, keypair sign.Keypair, opts *sign.BundleOptions) (*protobundle.Bundle, error)
- func (bs *DefaultSigner) VerifyAttestationContent(_ *options.Signer, data []byte) error
- func (bs *DefaultSigner) WrapData(payloadType string, data []byte) *sign.DSSEData
- type DefaultVerifier
- func (bv *DefaultVerifier) BuildSigstoreVerifier(conf *sigstore.InstanceConfig) (VerifyCapable, error)
- func (bv *DefaultVerifier) OpenBundle(path string) (*bundle.Bundle, error)
- func (bv *DefaultVerifier) RunVerification(opts *options.SigstoreVerification, sigstoreVerifier VerifyCapable, ...) (*verify.VerificationResult, error)
- func (bv *DefaultVerifier) Verify(opts *options.Verification, bndl *bundle.Bundle) (*verify.VerificationResult, error)
- type Signer
- type Verifier
- type VerifyCapable
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type BundleOptsFunc ¶ added in v0.3.0
type BundleOptsFunc func(*DefaultVerifier) error
func WithSigstoreRootsData ¶ added in v0.3.0
func WithSigstoreRootsData(data []byte) BundleOptsFunc
WithSigstoreRootsData sets the raw json data holding the sigstore instances configuration
type DefaultSigner ¶
type DefaultSigner struct{}
DefaultSigner implements the BundleSigner interface for the signer
func (*DefaultSigner) BuildMessage ¶
func (bs *DefaultSigner) BuildMessage(data []byte) *sign.PlainData
BuildMessage is the alternative to WrapData.
func (*DefaultSigner) BuildSigstoreSignerOptions ¶
func (bs *DefaultSigner) BuildSigstoreSignerOptions(opts *options.Signer) (*sign.BundleOptions, error)
BuildSigstoreSignerOptions builds the signer options by reading the TUF roots and configuration from the local system (or defaults).
func (*DefaultSigner) GetAmbientTokens ¶
func (bs *DefaultSigner) GetAmbientTokens(opts *options.Signer) error
func (*DefaultSigner) GetKeyPair ¶
func (bs *DefaultSigner) GetKeyPair(opts *options.Signer) (*sign.EphemeralKeypair, error)
GetKeyPair calls the configured key generator and returns a keypair which will be used to sign
func (*DefaultSigner) GetOidcToken ¶
func (bs *DefaultSigner) GetOidcToken(opts *options.Signer) error
func (*DefaultSigner) SignBundle ¶
func (bs *DefaultSigner) SignBundle(content sign.Content, keypair sign.Keypair, opts *sign.BundleOptions) (*protobundle.Bundle, error)
SignBundle signs the DSSE envelop and returns the new bundle
func (*DefaultSigner) VerifyAttestationContent ¶
func (bs *DefaultSigner) VerifyAttestationContent(_ *options.Signer, data []byte) error
VerifyContent checka that the attestation is in good shape to sign
type DefaultVerifier ¶
type DefaultVerifier struct {
Verifiers []VerifyCapable
}
DefaultVerifier implements the BundleVerifier interface.
func (*DefaultVerifier) BuildSigstoreVerifier ¶
func (bv *DefaultVerifier) BuildSigstoreVerifier(conf *sigstore.InstanceConfig) (VerifyCapable, error)
BuildSigstoreVerifier creates a configured sigstore verifier from the configured options. TODO(puerco): Abstract the returned verifier
func (*DefaultVerifier) OpenBundle ¶
func (bv *DefaultVerifier) OpenBundle(path string) (*bundle.Bundle, error)
OpenBundle opens a bundle file
func (*DefaultVerifier) RunVerification ¶
func (bv *DefaultVerifier) RunVerification( opts *options.SigstoreVerification, sigstoreVerifier VerifyCapable, bndl *bundle.Bundle, ) (*verify.VerificationResult, error)
RunVerification verifies an artifact using the provided verifier
func (*DefaultVerifier) Verify ¶ added in v0.3.0
func (bv *DefaultVerifier) Verify(opts *options.Verification, bndl *bundle.Bundle) (*verify.VerificationResult, error)
Verify is the main verification function to check bundles
type Signer ¶
type Signer interface {
VerifyAttestationContent(*options.Signer, []byte) error
WrapData(payloadType string, data []byte) *sign.DSSEData
BuildMessage(data []byte) *sign.PlainData
GetKeyPair(*options.Signer) (*sign.EphemeralKeypair, error)
GetAmbientTokens(*options.Signer) error
GetOidcToken(*options.Signer) error
BuildSigstoreSignerOptions(*options.Signer) (*sign.BundleOptions, error)
SignBundle(content sign.Content, keypair sign.Keypair, opts *sign.BundleOptions) (*protobundle.Bundle, error)
}
BundleSigner abstracts the signer implementation to make it easy to mock
type Verifier ¶
type Verifier interface {
Verify(*options.Verification, *bundle.Bundle) (*verify.VerificationResult, error)
OpenBundle(string) (*bundle.Bundle, error)
BuildSigstoreVerifier(*sigstore.InstanceConfig) (VerifyCapable, error)
RunVerification(*options.SigstoreVerification, VerifyCapable, *bundle.Bundle) (*verify.VerificationResult, error)
}
BundleVerifier abstracts the verification implementation to make it easy to mock for testing.
func New ¶ added in v0.3.0
func New(funcs ...BundleOptsFunc) Verifier
New creates a new verifier. Initialization errors are logged to stderr but not returned. Use NewWithError if you need to handle errors.
func NewWithError ¶ added in v0.4.3
func NewWithError(funcs ...BundleOptsFunc) (Verifier, error)
NewWithError creates a new verifier and returns any initialization error.
type VerifyCapable ¶
type VerifyCapable interface {
Verify(verify.SignedEntity, verify.PolicyBuilder) (*verify.VerificationResult, error)
}
VerifyCapable abstracts the verifier to mock
Source Files
Directories