Documentation ¶
Index ¶
- func Sign(r io.Reader, dataType string, w io.Writer, opts ...dsse.SignOption) error
- func VerifySignature(r io.Reader, verifiers ...cryptoutil.Verifier) (dsse.Envelope, error)
- type RunOption
- func RunWithAttestationOpts(opts ...attestation.AttestationContextOption) RunOption
- func RunWithAttestors(attestors []attestation.Attestor) RunOption
- func RunWithInsecure(insecure bool) RunOption
- func RunWithSigners(signers ...cryptoutil.Signer) RunOption
- func RunWithTimestampers(ts ...timestamp.Timestamper) RunOption
- type RunResult
- type VerifyOption
- func VerifyWithAttestorOptions(opts ...policyverify.Option) VerifyOption
- func VerifyWithCollectionSource(source source.Sourcer) VerifyOption
- func VerifyWithKMSProviderOptions(opts map[string][]func(signer.SignerProvider) (signer.SignerProvider, error)) VerifyOption
- func VerifyWithPolicyCAIntermediates(certs []*x509.Certificate) VerifyOption
- func VerifyWithPolicyCARoots(certs []*x509.Certificate) VerifyOption
- func VerifyWithPolicyCertConstraints(commonName string, dnsNames []string, emails []string, organizations []string, ...) VerifyOption
- func VerifyWithPolicyFulcioCertExtensions(extensions certificate.Extensions) VerifyOption
- func VerifyWithPolicyTimestampAuthorities(verifiers []timestamp.TimestampVerifier) VerifyOption
- func VerifyWithRunOptions(opts ...RunOption) VerifyOption
- func VerifyWithSigners(signers ...cryptoutil.Signer) VerifyOption
- func VerifyWithSubjectDigests(subjectDigests []cryptoutil.DigestSet) VerifyOption
- type VerifyResult
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func VerifySignature ¶
Types ¶
type RunOption ¶
type RunOption func(ro *runOptions)
func RunWithAttestationOpts ¶
func RunWithAttestationOpts(opts ...attestation.AttestationContextOption) RunOption
RunWithAttestationOpts takes in any AttestationContextOptions and forwards them to the context that Run creates
func RunWithAttestors ¶
func RunWithAttestors(attestors []attestation.Attestor) RunOption
RunWithAttestors defines which attestors should be run and added to the resulting AttestationCollection
func RunWithInsecure ¶ added in v0.4.0
RunWithInsecure will allow attestations to be generated unsigned. If insecure is true, RunResult will not contain a signed DSSE envelope
func RunWithSigners ¶ added in v0.4.0
func RunWithSigners(signers ...cryptoutil.Signer) RunOption
RunWithSigners configures the signers that will be used to sign the DSSE envelope containing the generated attestation collection.
func RunWithTimestampers ¶
func RunWithTimestampers(ts ...timestamp.Timestamper) RunOption
RunWithTimestampers will timestamp any signatures created on the DSSE time envelope with the provided timestampers
type RunResult ¶
type RunResult struct { Collection attestation.Collection SignedEnvelope dsse.Envelope AttestorName string }
RunResult contains the generated attestation collection as well as the signed DSSE envelope, if one was created.
type VerifyOption ¶
type VerifyOption func(*verifyOptions)
func VerifyWithAttestorOptions ¶ added in v0.4.0
func VerifyWithAttestorOptions(opts ...policyverify.Option) VerifyOption
VerifyWithAttestorOptions forwards the provided options to the policyverify attestor.
func VerifyWithCollectionSource ¶
func VerifyWithCollectionSource(source source.Sourcer) VerifyOption
VerifyWithCollectionSource configures the policy engine's sources for signed attestation collections. For example: disk or archivista are two typical sources.
func VerifyWithKMSProviderOptions ¶ added in v0.7.0
func VerifyWithKMSProviderOptions(opts map[string][]func(signer.SignerProvider) (signer.SignerProvider, error)) VerifyOption
func VerifyWithPolicyCAIntermediates ¶ added in v0.2.3
func VerifyWithPolicyCAIntermediates(certs []*x509.Certificate) VerifyOption
func VerifyWithPolicyCARoots ¶ added in v0.2.2
func VerifyWithPolicyCARoots(certs []*x509.Certificate) VerifyOption
func VerifyWithPolicyCertConstraints ¶ added in v0.3.0
func VerifyWithPolicyFulcioCertExtensions ¶ added in v0.4.0
func VerifyWithPolicyFulcioCertExtensions(extensions certificate.Extensions) VerifyOption
func VerifyWithPolicyTimestampAuthorities ¶ added in v0.2.2
func VerifyWithPolicyTimestampAuthorities(verifiers []timestamp.TimestampVerifier) VerifyOption
func VerifyWithRunOptions ¶ added in v0.4.0
func VerifyWithRunOptions(opts ...RunOption) VerifyOption
VerifyWithRunOptions forwards the provided RunOptions to the Run function that Verify calls.
func VerifyWithSigners ¶ added in v0.4.0
func VerifyWithSigners(signers ...cryptoutil.Signer) VerifyOption
VerifyWithSigners will configure the provided signers to be used to sign a DSSE envelope with the resulting policyverify attestor. See VerifyWithRunOptions for additional options.
func VerifyWithSubjectDigests ¶
func VerifyWithSubjectDigests(subjectDigests []cryptoutil.DigestSet) VerifyOption
VerifyWithSubjectDigests configured the "seed" subject digests to start evaluating a policy. This is typically the digest of the software artifact or some other identifying digest.
type VerifyResult ¶ added in v0.4.0
type VerifyResult struct { RunResult VerificationSummary slsa.VerificationSummary StepResults map[string]policy.StepResult }
func Verify ¶
func Verify(ctx context.Context, policyEnvelope dsse.Envelope, policyVerifiers []cryptoutil.Verifier, opts ...VerifyOption) (VerifyResult, error)
Verify verifies a set of attestations against a provided policy. The set of attestations that satisfy the policy will be returned if verifiation is successful.