sigstore 0.14.0

An experimental crate to interact with sigstore
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60

//
// Copyright 2024 The Sigstore Authors.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

use std::collections::BTreeMap;

use pki_types::CertificateDer;

#[cfg_attr(docsrs, doc(cfg(feature = "sigstore-trust-root")))]
#[cfg(feature = "sigstore-trust-root")]
pub mod sigstore;

/// A `TrustRoot` owns all key material necessary for establishing a root of trust.
pub trait TrustRoot {
    fn fulcio_certs(&self) -> crate::errors::Result<Vec<CertificateDer<'_>>>;
    fn rekor_keys(&self) -> crate::errors::Result<BTreeMap<String, &[u8]>>;
    fn ctfe_keys(&self) -> crate::errors::Result<BTreeMap<String, &[u8]>>;
}

/// A `ManualTrustRoot` is a [TrustRoot] with out-of-band trust materials.
/// As it does not establish a trust root with TUF, users must initialize its materials themselves.
#[derive(Debug, Default)]
pub struct ManualTrustRoot<'a> {
    pub fulcio_certs: Vec<CertificateDer<'a>>,
    pub rekor_keys: BTreeMap<String, Vec<u8>>,
    pub ctfe_keys: BTreeMap<String, Vec<u8>>,
}

impl<'a> TrustRoot for ManualTrustRoot<'a> {
    fn fulcio_certs(&self) -> crate::errors::Result<Vec<CertificateDer<'a>>> {
        Ok(self.fulcio_certs.clone())
    }

    fn rekor_keys(&self) -> crate::errors::Result<BTreeMap<String, &[u8]>> {
        Ok(self
            .rekor_keys
            .iter()
            .map(|(k, v)| (k.clone(), v.as_slice()))
            .collect())
    }

    fn ctfe_keys(&self) -> crate::errors::Result<BTreeMap<String, &[u8]>> {
        Ok(self
            .ctfe_keys
            .iter()
            .map(|(k, v)| (k.clone(), v.as_slice()))
            .collect())
    }
}