fulcio

package

v0.1.0 Latest Latest Go to latest Published: Sep 30, 2025 License: MPL-2.0 Imports: 24 Imported by: 0

Documentation ¶

Index ¶

type OIDCProvider
type SignerVerifier
- func NewSigner(provider OIDCProvider, fulcioClient api.LegacyClient) (*SignerVerifier, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type OIDCProvider ¶

type OIDCProvider interface {
	// Enabled returns true if the provider is enabled.
	Enabled(ctx context.Context) bool

	// Provide returns an OIDC token scoped to the provided audience.
	Provide(ctx context.Context, audience string) (string, error)
}

OIDCProvider is what providers need to implement to participate in furnishing OIDC tokens.

type SignerVerifier ¶

type SignerVerifier struct {

	// Protects these fields from mutating from refresh().
	sync.Mutex
	// contains filtered or unexported fields
}

SignerVerifier implements types.CosignerSignerVerifier using "keyless" signatures. If its signing certificate expires, it will refresh it by requesting a new cert from fulcio using the same key.

func NewSigner ¶

func NewSigner(provider OIDCProvider, fulcioClient api.LegacyClient) (*SignerVerifier, error)

NewSigner returns a "keyless" fulcio signer.

func (*SignerVerifier) Cosign ¶

func (sv *SignerVerifier) Cosign(ctx context.Context, payload io.Reader) (oci.Signature, error)

func (*SignerVerifier) PublicKey ¶

func (sv *SignerVerifier) PublicKey(opts ...signature.PublicKeyOption) (crypto.PublicKey, error)

func (*SignerVerifier) SignMessage ¶

func (sv *SignerVerifier) SignMessage(message io.Reader, opts ...signature.SignOption) ([]byte, error)

func (*SignerVerifier) VerifySignature ¶

func (sv *SignerVerifier) VerifySignature(signature, message io.Reader, opts ...signature.VerifyOption) error

Source Files ¶

View all Source files

fulcio.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL