Package dev.sigstore

Class KeylessVerifier

java.lang.Object

dev.sigstore.KeylessVerifier

public class KeylessVerifier
extends Object

Verify hashedrekords from rekor signed using the keyless signing flow with fulcio certificates.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	KeylessVerifier.Builder

Method Summary

Modifier and Type	Method	Description
static KeylessVerifier.Builder	builder()
void	verify(byte[] artifactDigest, Bundle bundle, VerificationOptions options)	Verify that the inputs can attest to the validity of a signature using sigstore's keyless infrastructure.
void	verify(Path artifact, Bundle bundle, VerificationOptions options)	Convenience wrapper around verify(byte[], Bundle, VerificationOptions).

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details

builder

public static KeylessVerifier.Builder builder()

verify

public void verify(Path artifact,
 Bundle bundle,
 VerificationOptions options)
            throws KeylessVerificationException

Convenience wrapper around verify(byte[], Bundle, VerificationOptions).

Throws:

KeylessVerificationException

verify

public void verify(byte[] artifactDigest,
 Bundle bundle,
 VerificationOptions options)
            throws KeylessVerificationException

Verify that the inputs can attest to the validity of a signature using sigstore's keyless infrastructure. If no exception is thrown, it should be assumed verification has passed.

Parameters:

artifactDigest - the sha256 digest of the artifact that is being verified

bundle - the sigstore signature bundle to verify

options - the keyless verification data and options

Throws:

KeylessVerificationException - if the signing information could not be verified