Class PolicyRequirement.SigstoreSigned

java.lang.Object
land.oras.policy.PolicyRequirement
land.oras.policy.PolicyRequirement.SigstoreSigned
Enclosing class:
PolicyRequirement

public static final class PolicyRequirement.SigstoreSigned extends PolicyRequirement
Require a valid keyed Sigstore/Cosign signature attached to the image as an OCI referrer. Only public keys on keyPath or keyData are supported; keyless verification is not supported

JSON example (signedIdentity, if present, is ignored):


 {
   "type": "sigstoreSigned",
   "keyPath": "/etc/pki/containers/cosign.pub"
 }
 
  • Field Details

  • Constructor Details

    • SigstoreSigned

      public SigstoreSigned(@Nullable String keyPath, @Nullable String keyData)
      Creates a new PolicyRequirement.SigstoreSigned requirement.
      Parameters:
      keyPath - path to a Sigstore/Cosign public key file (mutually exclusive with keyData).
      keyData - base64-encoded Sigstore/Cosign public key (mutually exclusive with keyPath).
  • Method Details

    • getType

      public String getType()
      Description copied from class: PolicyRequirement
      Return the type name of this requirement as it appears in the policy JSON.
      Specified by:
      getType in class PolicyRequirement
      Returns:
      the type string, e.g. "insecureAcceptAnything".
    • getKeyPath

      public @Nullable String getKeyPath()
      Return the path to the Sigstore/Cosign public key file, or null if not set.
      Returns:
      the key path, may be null.
    • getKeyData

      public @Nullable String getKeyData()
      Return the base64-encoded Sigstore/Cosign public key, or null if not set.
      Returns:
      the key data, may be null.