Package land.oras.policy
Class PolicyRequirement.SigstoreSigned
java.lang.Object
land.oras.policy.PolicyRequirement
land.oras.policy.PolicyRequirement.SigstoreSigned
- Enclosing class:
- PolicyRequirement
Require a valid keyed Sigstore/Cosign signature attached to the image as an OCI referrer.
Only public keys on keyPath or keyData are supported; keyless verification is not supported
JSON example (signedIdentity, if present, is ignored):
{
"type": "sigstoreSigned",
"keyPath": "/etc/pki/containers/cosign.pub"
}
-
Nested Class Summary
Nested classes/interfaces inherited from class land.oras.policy.PolicyRequirement
PolicyRequirement.InsecureAcceptAnything, PolicyRequirement.Reject, PolicyRequirement.SignedBy, PolicyRequirement.SigstoreSigned -
Field Summary
Fields -
Constructor Summary
ConstructorsConstructorDescriptionSigstoreSigned(@Nullable String keyPath, @Nullable String keyData) Creates a newPolicyRequirement.SigstoreSignedrequirement. -
Method Summary
Modifier and TypeMethodDescription@Nullable StringReturn the base64-encoded Sigstore/Cosign public key, ornullif not set.@Nullable StringReturn the path to the Sigstore/Cosign public key file, ornullif not set.getType()Return the type name of this requirement as it appears in the policy JSON.Methods inherited from class land.oras.policy.PolicyRequirement
toString
-
Field Details
-
TYPE
The"type"value of this requirement in the policy JSON.- See Also:
-
-
Constructor Details
-
SigstoreSigned
Creates a newPolicyRequirement.SigstoreSignedrequirement.- Parameters:
keyPath- path to a Sigstore/Cosign public key file (mutually exclusive withkeyData).keyData- base64-encoded Sigstore/Cosign public key (mutually exclusive withkeyPath).
-
-
Method Details
-
getType
Description copied from class:PolicyRequirementReturn the type name of this requirement as it appears in the policy JSON.- Specified by:
getTypein classPolicyRequirement- Returns:
- the type string, e.g.
"insecureAcceptAnything".
-
getKeyPath
Return the path to the Sigstore/Cosign public key file, ornullif not set.- Returns:
- the key path, may be
null.
-
getKeyData
Return the base64-encoded Sigstore/Cosign public key, ornullif not set.- Returns:
- the key data, may be
null.
-