Package land.oras.policy
Class PolicyContext
java.lang.Object
land.oras.policy.PolicyContext
Carries the data a
PolicyRequirement needs to evaluate an image.-
Constructor Summary
ConstructorsConstructorDescriptionPolicyContext(Transport transport, String scope, String imageDigest, String reference, SigstoreSignatureFetcher sigstoreSignatureFetcher) Create a content-bound policy context for a resolved image. -
Method Summary
Modifier and TypeMethodDescriptionList<byte[]>Fetch the bundles attached to the image.static PolicyContextCreate a content-free policy context that carries only the transport and scope.@Nullable StringReturn the resolved image digest, ornullfor a content-free context.@Nullable StringReturn the full image reference being pulled, ornullfor a content-free context.getScope()Return the matched image scope.Return the transport.booleanWhether this context carries resolved image content (a digest and a signature fetcher) and can therefore be used to verify signatures.
-
Constructor Details
-
PolicyContext
public PolicyContext(Transport transport, String scope, String imageDigest, String reference, SigstoreSignatureFetcher sigstoreSignatureFetcher) Create a content-bound policy context for a resolved image.- Parameters:
transport- the transport (e.g.Transport.DOCKER).scope- the matched image scope (registry + path, without tag/digest).imageDigest- the resolved image digest, e.g."sha256:abc...".reference- the full image reference being pulled (for diagnostics).sigstoreSignatureFetcher- supplies the attached signatures for verification.
-
-
Method Details
-
forScope
Create a content-free policy context that carries only the transport and scope. Signature-based requirements cannot be verified against it.- Parameters:
transport- the transport (e.g.Transport.DOCKER).scope- the matched image scope.- Returns:
- a content-free context.
-
hasContent
public boolean hasContent()Whether this context carries resolved image content (a digest and a signature fetcher) and can therefore be used to verify signatures.- Returns:
trueif a resolved digest is available.
-
getTransport
Return the transport.- Returns:
- the transport, e.g.
Transport.DOCKER.
-
getScope
Return the matched image scope.- Returns:
- the scope (registry + path, without tag or digest).
-
getImageDigest
Return the resolved image digest, ornullfor a content-free context.- Returns:
- the digest, e.g.
"sha256:abc...", ornull.
-
getReference
Return the full image reference being pulled, ornullfor a content-free context.- Returns:
- the reference for diagnostics, or
null.
-
fetchSignatureBundle
Fetch the bundles attached to the image.- Returns:
- the bundle blob bytes; empty if no signatures are attached.
-