Models
Common models shared between signing and verification.
TransparencyLogEntry(inner)
Represents a transparency log entry.
Creates a new TransparencyLogEntry
from the given inner object.
@private
Source code in sigstore/models.py
83 84 85 86 87 88 89 90 |
|
TimestampVerificationData(inner)
Represents a TimestampVerificationData structure.
@private
Init method.
Source code in sigstore/models.py
249 250 251 252 |
|
rfc3161_timestamps
property
Returns a list of signed timestamp.
from_json(raw)
classmethod
Deserialize the given timestamp verification data.
Source code in sigstore/models.py
276 277 278 279 280 281 282 |
|
VerificationMaterial(inner)
Represents a VerificationMaterial structure.
Init method.
Source code in sigstore/models.py
290 291 292 |
|
timestamp_verification_data
property
Returns the Timestamp Verification Data, if present.
InvalidBundle
Bases: Error
Raised when the associated Bundle
is invalid in some way.
diagnostics()
Returns diagnostics for the error.
Source code in sigstore/models.py
312 313 314 315 316 317 318 319 320 321 322 323 324 325 |
|
Bundle(inner)
Represents a Sigstore bundle.
Creates a new bundle. This is not a public API; use
from_json
instead.
@private
Source code in sigstore/models.py
347 348 349 350 351 352 353 354 355 |
|
signing_certificate
property
Returns the bundle's contained signing (i.e. leaf) certificate.
log_entry
property
Returns the bundle's log entry, containing an inclusion proof (with checkpoint) and an inclusion promise (if the latter is present).
signature
property
Returns the signature bytes of this bundle. Either from the DSSE Envelope or from the message itself.
verification_material
property
Returns the bundle's verification material.
BundleType
Bases: str
, Enum
Known Sigstore bundle media types.
from_json(raw)
classmethod
Deserialize the given Sigstore bundle.
Source code in sigstore/models.py
515 516 517 518 519 520 521 522 523 524 |
|
to_json()
Return a JSON encoding of this bundle.
Source code in sigstore/models.py
526 527 528 529 530 |
|
from_parts(cert, sig, log_entry)
classmethod
Construct a Sigstore bundle (of hashedrekord
type) from its
constituent parts.
Source code in sigstore/models.py
549 550 551 552 553 554 555 556 557 558 559 560 |
|
SigningConfig(inner, tlog_version=None)
Signing configuration for a Sigstore instance.
Construct a new SigningConfig
.
tlog_version is an optional argument that enforces that only specified versions of rekor are included in the transparency logs.
@api private
Source code in sigstore/models.py
627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 |
|
SigningConfigType
Bases: str
, Enum
Known Sigstore signing config media types.
from_file(path)
classmethod
Create a new signing config from file
Source code in sigstore/models.py
673 674 675 676 677 678 679 680 |
|
get_tlogs()
Returns the rekor transparency log clients to sign with.
Source code in sigstore/models.py
729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 |
|
get_fulcio()
Returns a Fulcio client to get a signing certificate from
Source code in sigstore/models.py
747 748 749 750 751 |
|
get_oidc_url()
Returns url for the OIDC provider that client should use to interactively authenticate.
Source code in sigstore/models.py
753 754 755 756 757 758 759 760 |
|
get_tsas()
Returns timestamp authority clients for urls configured in signing config.
Source code in sigstore/models.py
762 763 764 765 766 |
|
TrustedRoot(inner)
The cryptographic root(s) of trust for a Sigstore instance.
Construct a new TrustedRoot
.
@api private
Source code in sigstore/models.py
785 786 787 788 789 790 791 792 |
|
TrustedRootType
Bases: str
, Enum
Known Sigstore trusted root media types.
from_file(path)
classmethod
Create a new trust root from file
Source code in sigstore/models.py
806 807 808 809 810 811 812 813 |
|
rekor_keyring(purpose)
Return keyring with keys for Rekor.
Source code in sigstore/models.py
831 832 833 834 835 836 837 838 839 |
|
ct_keyring(purpose)
Return keyring with key for CTFE.
Source code in sigstore/models.py
841 842 843 844 845 846 847 848 |
|
get_fulcio_certs()
Return the Fulcio certificates.
Source code in sigstore/models.py
850 851 852 853 854 855 856 857 858 859 860 861 862 863 |
|
get_timestamp_authorities()
Return the TSA present in the trusted root.
This list may be empty and in this case, no timestamp verification can be performed.
Source code in sigstore/models.py
865 866 867 868 869 870 871 872 873 874 875 876 |
|
ClientTrustConfig(inner)
Represents a Sigstore client's trust configuration, including a root of trust.
@api private
Source code in sigstore/models.py
957 958 959 960 961 962 963 964 |
|
trusted_root
property
Return the interior root of trust, as a TrustedRoot
.
signing_config
property
Return the interior root of trust, as a SigningConfig
.
ClientTrustConfigType
Bases: str
, Enum
Known Sigstore client trust config media types.
from_json(raw)
classmethod
Deserialize the given client trust config.
Source code in sigstore/models.py
895 896 897 898 899 900 901 |
|
production(offline=False)
classmethod
Create new trust config from Sigstore production TUF repository.
If offline
, will use data in local TUF cache. Otherwise will
update the data from remote TUF repository.
Source code in sigstore/models.py
903 904 905 906 907 908 909 910 911 912 913 |
|
staging(offline=False)
classmethod
Create new trust config from Sigstore staging TUF repository.
If offline
, will use data in local TUF cache. Otherwise will
update the data from remote TUF repository.
Source code in sigstore/models.py
915 916 917 918 919 920 921 922 923 924 925 |
|
from_tuf(url, offline=False)
classmethod
Create a new trust config from a TUF repository.
If offline
, will use data in local TUF cache. Otherwise will
update the trust config from remote TUF repository.
Source code in sigstore/models.py
927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 955 |
|