Class PolicyContext

java.lang.Object
land.oras.policy.PolicyContext

@NullMarked public final class PolicyContext extends Object
Carries the data a PolicyRequirement needs to evaluate an image.
  • Constructor Details

    • PolicyContext

      public PolicyContext(Transport transport, String scope, String imageDigest, String reference, SigstoreSignatureFetcher sigstoreSignatureFetcher)
      Create a content-bound policy context for a resolved image.
      Parameters:
      transport - the transport (e.g. Transport.DOCKER).
      scope - the matched image scope (registry + path, without tag/digest).
      imageDigest - the resolved image digest, e.g. "sha256:abc...".
      reference - the full image reference being pulled (for diagnostics).
      sigstoreSignatureFetcher - supplies the attached signatures for verification.
  • Method Details

    • forScope

      public static PolicyContext forScope(Transport transport, String scope)
      Create a content-free policy context that carries only the transport and scope. Signature-based requirements cannot be verified against it.
      Parameters:
      transport - the transport (e.g. Transport.DOCKER).
      scope - the matched image scope.
      Returns:
      a content-free context.
    • hasContent

      public boolean hasContent()
      Whether this context carries resolved image content (a digest and a signature fetcher) and can therefore be used to verify signatures.
      Returns:
      true if a resolved digest is available.
    • getTransport

      public Transport getTransport()
      Return the transport.
      Returns:
      the transport, e.g. Transport.DOCKER.
    • getScope

      public String getScope()
      Return the matched image scope.
      Returns:
      the scope (registry + path, without tag or digest).
    • getImageDigest

      public @Nullable String getImageDigest()
      Return the resolved image digest, or null for a content-free context.
      Returns:
      the digest, e.g. "sha256:abc...", or null.
    • getReference

      public @Nullable String getReference()
      Return the full image reference being pulled, or null for a content-free context.
      Returns:
      the reference for diagnostics, or null.
    • fetchSignatureBundle

      public List<byte[]> fetchSignatureBundle()
      Fetch the bundles attached to the image.
      Returns:
      the bundle blob bytes; empty if no signatures are attached.