...

Source file src/github.com/sigstore/cosign/v2/pkg/oci/signatures.go

Documentation: github.com/sigstore/cosign/v2/pkg/oci 

     1  //
     2  // Copyright 2021 The Sigstore Authors.
     3  //
     4  // Licensed under the Apache License, Version 2.0 (the "License");
     5  // you may not use this file except in compliance with the License.
     6  // You may obtain a copy of the License at
     7  //
     8  //     http://www.apache.org/licenses/LICENSE-2.0
     9  //
    10  // Unless required by applicable law or agreed to in writing, software
    11  // distributed under the License is distributed on an "AS IS" BASIS,
    12  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13  // See the License for the specific language governing permissions and
    14  // limitations under the License.
    15  
    16  package oci
    17  
    18  import (
    19  	"crypto/x509"
    20  
    21  	v1 "github.com/google/go-containerregistry/pkg/v1"
    22  	"github.com/sigstore/cosign/v2/pkg/cosign/bundle"
    23  )
    24  
    25  // Signatures represents a set of signatures that are associated with a particular
    26  // v1.Image.
    27  type Signatures interface {
    28  	v1.Image // The low-level representation of the signatures
    29  
    30  	// Get retrieves the list of signatures stored.
    31  	Get() ([]Signature, error)
    32  }
    33  
    34  // Signature holds a single image signature.
    35  type Signature interface {
    36  	v1.Layer
    37  
    38  	// Annotations returns the annotations associated with this layer.
    39  	Annotations() (map[string]string, error)
    40  
    41  	// Payload fetches the opaque data that is being signed.
    42  	// This will always return data when there is no error.
    43  	Payload() ([]byte, error)
    44  
    45  	// Signature fetches the raw signature
    46  	// of the payload.  This will always return data when
    47  	// there is no error.
    48  	Signature() ([]byte, error)
    49  
    50  	// Base64Signature fetches the base64 encoded signature
    51  	// of the payload.  This will always return data when
    52  	// there is no error.
    53  	Base64Signature() (string, error)
    54  
    55  	// Cert fetches the optional public key from the key pair that
    56  	// was used to sign the payload.
    57  	Cert() (*x509.Certificate, error)
    58  
    59  	// Chain fetches the optional "full certificate chain" rooted
    60  	// at a Fulcio CA, the leaf of which was used to sign the
    61  	// payload.
    62  	Chain() ([]*x509.Certificate, error)
    63  
    64  	// Bundle fetches the optional metadata that records the ephemeral
    65  	// Fulcio key in the transparency log.
    66  	Bundle() (*bundle.RekorBundle, error)
    67  
    68  	// RFC3161Timestamp() fetches the optional metadata that records a
    69  	// RFC3161 signed timestamp.
    70  	RFC3161Timestamp() (*bundle.RFC3161Timestamp, error)
    71  }
    72  

View as plain text