Documentation ¶
Index ¶
- func EnvelopeFromBytes(payload []byte) (env *dsselib.Envelope, err error)
- func FindSigningCertificate(ctx context.Context, uuids []string, dssePayload dsselib.Envelope, ...) (*x509.Certificate, error)
- func GetRekorEntries(rClient *client.Rekor, artifactHash string) ([]string, error)
- func VerifyProvenance(env *dsselib.Envelope, expectedHash string) error
- func VerifyWorkflowIdentity(id *WorkflowIdentity, source string) error
- type WorkflowIdentity
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func FindSigningCertificate ¶
func FindSigningCertificate(ctx context.Context, uuids []string, dssePayload dsselib.Envelope, rClient *client.Rekor) (*x509.Certificate, error)
FindSigningCertificate finds and verifies a matching signing certificate from a list of Rekor entry UUIDs.
func GetRekorEntries ¶
GetRekorEntries finds all entry UUIDs by the digest of the artifact binary.
func VerifyWorkflowIdentity ¶
func VerifyWorkflowIdentity(id *WorkflowIdentity, source string) error
VerifyWorkflowIdentity verifies the signing certificate information
Types ¶
type WorkflowIdentity ¶
type WorkflowIdentity struct { // The caller repository CallerRepository string `json:"caller"` // The commit SHA where the workflow was triggered CallerHash string `json:"commit"` // Current workflow (reuseable workflow) ref JobWobWorkflowRef string `json:"job_workflow_ref"` // Trigger Trigger string `json:"trigger"` // Issuer Issuer string `json:"issuer"` }
func GetWorkflowInfoFromCertificate ¶
func GetWorkflowInfoFromCertificate(cert *x509.Certificate) (*WorkflowIdentity, error)
GetWorkflowFromCertificate gets the workflow identity from the Fulcio authenticated content.
Click to show internal directories.
Click to hide internal directories.