Package dev.sigstore
Class KeylessSigner.Builder
- java.lang.Object
-
- dev.sigstore.KeylessSigner.Builder
-
- Enclosing class:
- KeylessSigner
public static class KeylessSigner.Builder extends java.lang.Object
-
-
Constructor Summary
Constructors Constructor Description Builder()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description KeylessSigner.BuilderallowedOidcIdentities(java.util.List<OidcTokenMatcher> oidcIdentities)An allow list OIDC identities to be used during signing.KeylessSignerbuild()KeylessSigner.BuilderfulcioUrl(java.net.URI uri)KeylessSigner.BuilderminSigningCertificateLifetime(java.time.Duration minSigningCertificateLifetime)The instance of theKeylessSignerwill try to reuse a previously acquired certificate if the expiration time on the certificate is more thanminSigningCertificateLifetimetime away.KeylessSigner.BuilderoidcClients(OidcClients oidcClients)KeylessSigner.BuilderrekorUrl(java.net.URI uri)KeylessSigner.Buildersigner(Signer signer)KeylessSigner.BuildersigstorePublicDefaults()Initialize a builder with the sigstore public good instance tuf root and oidc targets with ecdsa signing.KeylessSigner.BuildersigstoreStagingDefaults()Initialize a builder with the sigstore staging instance tuf root and oidc targets with ecdsa signing.KeylessSigner.BuildertrustedRootProvider(TrustedRootProvider trustedRootProvider)
-
-
-
Method Detail
-
fulcioUrl
@CanIgnoreReturnValue public KeylessSigner.Builder fulcioUrl(java.net.URI uri)
-
rekorUrl
@CanIgnoreReturnValue public KeylessSigner.Builder rekorUrl(java.net.URI uri)
-
trustedRootProvider
@CanIgnoreReturnValue public KeylessSigner.Builder trustedRootProvider(TrustedRootProvider trustedRootProvider)
-
oidcClients
@CanIgnoreReturnValue public KeylessSigner.Builder oidcClients(OidcClients oidcClients)
-
allowedOidcIdentities
@CanIgnoreReturnValue public KeylessSigner.Builder allowedOidcIdentities(java.util.List<OidcTokenMatcher> oidcIdentities)
An allow list OIDC identities to be used during signing. If the OidcClients are misconfigured or pick up unexpected credentials, this should prevent signing from proceeding. Cannot be null but can be an empty list and will allow all identities.
-
signer
@CanIgnoreReturnValue public KeylessSigner.Builder signer(Signer signer)
-
minSigningCertificateLifetime
@CanIgnoreReturnValue public KeylessSigner.Builder minSigningCertificateLifetime(java.time.Duration minSigningCertificateLifetime)
The instance of theKeylessSignerwill try to reuse a previously acquired certificate if the expiration time on the certificate is more thanminSigningCertificateLifetimetime away. Otherwise, it will make a new request (OIDC, Fulcio) to obtain a new updated certificate to use for signing. DefaultminSigningCertificateLifetimeisKeylessSigner.DEFAULT_MIN_SIGNING_CERTIFICATE_LIFETIME".- Parameters:
minSigningCertificateLifetime- the minimum lifetime of the signing certificate before renewal- Returns:
- this builder
- See Also:
- Fulcio certificate validity
-
build
@CheckReturnValue public KeylessSigner build() throws java.security.cert.CertificateException, java.io.IOException, java.security.NoSuchAlgorithmException, java.security.spec.InvalidKeySpecException, java.security.InvalidKeyException, java.security.InvalidAlgorithmParameterException
- Throws:
java.security.cert.CertificateExceptionjava.io.IOExceptionjava.security.NoSuchAlgorithmExceptionjava.security.spec.InvalidKeySpecExceptionjava.security.InvalidKeyExceptionjava.security.InvalidAlgorithmParameterException
-
sigstorePublicDefaults
@CanIgnoreReturnValue public KeylessSigner.Builder sigstorePublicDefaults()
Initialize a builder with the sigstore public good instance tuf root and oidc targets with ecdsa signing.
-
sigstoreStagingDefaults
@CanIgnoreReturnValue public KeylessSigner.Builder sigstoreStagingDefaults()
Initialize a builder with the sigstore staging instance tuf root and oidc targets with ecdsa signing.
-
-