Package dev.sigstore.bundle
Class Bundle
- java.lang.Object
-
- dev.sigstore.bundle.Bundle
-
@Immutable public abstract class Bundle extends java.lang.ObjectA representation of sigstore signing materials. See protobuf-specs
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static interfaceBundle.DSSESignaturestatic classBundle.HashAlgorithmstatic interfaceBundle.MessageDigeststatic interfaceBundle.MessageSignaturestatic interfaceBundle.Timestamp
-
Constructor Summary
Constructors Constructor Description Bundle()
-
Method Summary
All Methods Static Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description protected voidcheckAtLeastOneTimestamp()protected voidcheckOnlyOneSignature()static Bundlefrom(java.io.Reader bundleJson)Read a json formatted bundle.static Bundlefrom(java.nio.file.Path file, java.nio.charset.Charset cs)Read a json formatted bundle from a file.abstract java.security.cert.CertPathgetCertPath()The partial certificate chain provided by fulcio for the public key and identity used to sign the artifact, this should NOT contain the trusted root or any trusted intermediates.abstract java.util.Optional<Bundle.DSSESignature>getDSSESignature()A DSSE envelope signature type that may contain an arbitrary payloadabstract java.util.List<RekorEntry>getEntries()The entry in the rekor transparency log (represented as a list for future compatibility, but currently only allow for at most one entry.java.lang.StringgetMediaType()The bundle versionabstract java.util.Optional<Bundle.MessageSignature>getMessageSignature()A signature represented as a signature and digestabstract java.util.List<Bundle.Timestamp>getTimestamps()A list of timestamps to verify the time of signing.java.lang.StringtoJson()
-
-
-
Method Detail
-
getMediaType
@Default public java.lang.String getMediaType()
The bundle version
-
getMessageSignature
public abstract java.util.Optional<Bundle.MessageSignature> getMessageSignature()
A signature represented as a signature and digest
-
getDSSESignature
public abstract java.util.Optional<Bundle.DSSESignature> getDSSESignature()
A DSSE envelope signature type that may contain an arbitrary payload
-
checkOnlyOneSignature
@Check protected void checkOnlyOneSignature()
-
checkAtLeastOneTimestamp
@Check protected void checkAtLeastOneTimestamp()
-
getCertPath
public abstract java.security.cert.CertPath getCertPath()
The partial certificate chain provided by fulcio for the public key and identity used to sign the artifact, this should NOT contain the trusted root or any trusted intermediates. But users of this object should understand that older signatures may include the full chain.
-
getEntries
public abstract java.util.List<RekorEntry> getEntries()
The entry in the rekor transparency log (represented as a list for future compatibility, but currently only allow for at most one entry.
-
getTimestamps
public abstract java.util.List<Bundle.Timestamp> getTimestamps()
A list of timestamps to verify the time of signing. Currently, allows rfc3161 timestamps.
-
from
public static Bundle from(java.io.Reader bundleJson) throws BundleParseException
Read a json formatted bundle.- Throws:
BundleParseException
-
from
public static Bundle from(java.nio.file.Path file, java.nio.charset.Charset cs) throws BundleParseException, java.io.IOException
Read a json formatted bundle from a file.- Throws:
BundleParseExceptionjava.io.IOException
-
toJson
@Lazy public java.lang.String toJson()
-
-