Verifier
Verification API machinery.
Verifier(*, rekor, trusted_root)
The primary API for verification operations.
Create a new Verifier
.
rekor
is a RekorClient
capable of connecting to a Rekor instance
containing logs for the file(s) being verified.
trusted_root
is the TrustedRoot
object containing the root of trust
for the verification process.
Source code in sigstore/verify/verifier.py
72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 |
|
production(*, offline=False)
classmethod
Return a Verifier
instance configured against Sigstore's production-level services.
offline
controls the Trusted Root refresh behavior: if True
,
the verifier uses the Trusted Root in the local TUF cache. If False
,
a TUF repository refresh is attempted.
Source code in sigstore/verify/verifier.py
89 90 91 92 93 94 95 96 97 98 99 100 101 |
|
staging(*, offline=False)
classmethod
Return a Verifier
instance configured against Sigstore's staging-level services.
offline
controls the Trusted Root refresh behavior: if True
,
the verifier uses the Trusted Root in the local TUF cache. If False
,
a TUF repository refresh is attempted.
Source code in sigstore/verify/verifier.py
103 104 105 106 107 108 109 110 111 112 113 114 115 |
|
verify_dsse(bundle, policy)
Verifies an bundle's DSSE envelope, returning the encapsulated payload and its content type.
This method is only for DSSE-enveloped payloads. To verify
an arbitrary input against a bundle, use the verify_artifact
method.
bundle
is the Sigstore Bundle
to both verify and verify against.
policy
is the VerificationPolicy
to verify against.
Returns a tuple of (type, payload)
, where type
is the payload's
type as encoded in the DSSE envelope and payload
is the raw bytes
of the payload. No validation of either type
or payload
is
performed; users of this API must assert that type
is known
to them before proceeding to handle payload
in an application-dependent
manner.
Source code in sigstore/verify/verifier.py
396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 |
|
verify_artifact(input_, bundle, policy)
Public API for verifying.
input_
is the input to verify, either as a buffer of contents or as
a prehashed Hashed
object.
bundle
is the Sigstore Bundle
to verify against.
policy
is the VerificationPolicy
to verify against.
On failure, this method raises VerificationError
.
Source code in sigstore/verify/verifier.py
474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 |
|