SYMBOL INDEX (569 symbols across 49 files) FILE: docs/scripts/gen_ref_pages.py function main (line 24) | def main(args: argparse.Namespace) -> None: FILE: sigstore/_cli.py class SigningOutputs (line 75) | class SigningOutputs: class VerificationUnbundledMaterials (line 82) | class VerificationUnbundledMaterials: class VerificationBundledMaterials (line 88) | class VerificationBundledMaterials: function _fatal (line 100) | def _fatal(message: str) -> NoReturn: function _invalid_arguments (line 108) | def _invalid_arguments(args: argparse.Namespace, message: str) -> NoReturn: function _boolify_env (line 117) | def _boolify_env(envvar: str) -> bool: function _add_shared_verify_input_options (line 138) | def _add_shared_verify_input_options(group: argparse._ArgumentGroup) -> ... function _add_shared_verification_options (line 189) | def _add_shared_verification_options(group: argparse._ArgumentGroup) -> ... function _add_shared_oidc_options (line 198) | def _add_shared_oidc_options( function _parser (line 239) | def _parser() -> argparse.ArgumentParser: function main (line 626) | def main(args: list[str] | None = None) -> None: function _trust_instance (line 670) | def _trust_instance(args: argparse.Namespace) -> None: function _get_identity_token (line 686) | def _get_identity_token(args: argparse.Namespace) -> None: function _sign_file_threaded (line 697) | def _sign_file_threaded( function _sign_common (line 748) | def _sign_common( function _attest (line 812) | def _attest(args: argparse.Namespace) -> None: function _sign (line 867) | def _sign(args: argparse.Namespace) -> None: function _collect_verification_state (line 947) | def _collect_verification_state( function _verify_identity (line 1139) | def _verify_identity(args: argparse.Namespace) -> None: function _verify_github (line 1163) | def _verify_github(args: argparse.Namespace) -> None: function _verify_common (line 1216) | def _verify_common( function _get_trust_config (line 1254) | def _get_trust_config(args: argparse.Namespace) -> ClientTrustConfig: function _get_identity (line 1279) | def _get_identity( function _fix_bundle (line 1307) | def _fix_bundle(args: argparse.Namespace) -> None: function _update_trust_root (line 1346) | def _update_trust_root(args: argparse.Namespace) -> None: FILE: sigstore/_internal/fulcio/client.py class ExpiredCertificate (line 46) | class ExpiredCertificate(Exception): class FulcioCertificateSigningResponse (line 51) | class FulcioCertificateSigningResponse: class FulcioTrustBundleResponse (line 59) | class FulcioTrustBundleResponse: class FulcioClientError (line 65) | class FulcioClientError(Exception): class _Endpoint (line 73) | class _Endpoint(ABC): method __init__ (line 74) | def __init__(self, url: str, session: requests.Session) -> None: function _serialize_cert_request (line 79) | def _serialize_cert_request(req: CertificateSigningRequest) -> str: class FulcioSigningCert (line 88) | class FulcioSigningCert(_Endpoint): method post (line 93) | def post( class FulcioTrustBundle (line 137) | class FulcioTrustBundle(_Endpoint): method get (line 142) | def get(self) -> FulcioTrustBundleResponse: class FulcioClient (line 161) | class FulcioClient: method __init__ (line 164) | def __init__(self, url: str) -> None: method __del__ (line 175) | def __del__(self) -> None: method signing_cert (line 182) | def signing_cert(self) -> FulcioSigningCert: method trust_bundle (line 191) | def trust_bundle(self) -> FulcioTrustBundle: FILE: sigstore/_internal/key_details.py function _get_key_details (line 24) | def _get_key_details(certificate: Certificate) -> PublicKeyDetails: FILE: sigstore/_internal/merkle.py function _decomp_inclusion_proof (line 40) | def _decomp_inclusion_proof(index: int, size: int) -> tuple[int, int]: function _chain_inner (line 55) | def _chain_inner(seed: bytes, hashes: list[bytes], log_index: int) -> by... function _chain_border_right (line 71) | def _chain_border_right(seed: bytes, hashes: list[bytes]) -> bytes: function _hash_children (line 82) | def _hash_children(lhs: bytes, rhs: bytes) -> bytes: function _hash_leaf (line 88) | def _hash_leaf(leaf: bytes) -> bytes: function verify_merkle_inclusion (line 94) | def verify_merkle_inclusion(entry: TransparencyLogEntry) -> None: FILE: sigstore/_internal/oidc/oauth.py class _OAuthFlow (line 104) | class _OAuthFlow: method __init__ (line 105) | def __init__(self, client_id: str, client_secret: str, issuer: Issuer): method __enter__ (line 117) | def __enter__(self) -> _OAuthRedirectServer: method __exit__ (line 122) | def __exit__( class _OAuthRedirectHandler (line 132) | class _OAuthRedirectHandler(http.server.BaseHTTPRequestHandler): method log_message (line 136) | def log_message(self, format: str, *_args: Any) -> None: method do_GET (line 139) | def do_GET(self) -> None: class _OAuthSession (line 181) | class _OAuthSession: method __init__ (line 182) | def __init__(self, client_id: str, client_secret: str, issuer: Issuer): method state (line 195) | def state(self) -> str: method code_challenge (line 199) | def code_challenge(self) -> str: method auth_endpoint (line 208) | def auth_endpoint(self, redirect_uri: str) -> str: method _auth_params (line 221) | def _auth_params(self, redirect_uri: str) -> dict[str, Any]: class _OAuthRedirectServer (line 234) | class _OAuthRedirectServer(http.server.HTTPServer): method __init__ (line 235) | def __init__(self, client_id: str, client_secret: str, issuer: Issuer)... method base_uri (line 242) | def base_uri(self) -> str: method auth_request_path (line 248) | def auth_request_path(self) -> str: method redirect_path (line 253) | def redirect_path(self) -> str: method redirect_uri (line 257) | def redirect_uri(self) -> str: method auth_endpoint (line 265) | def auth_endpoint(self) -> str: method enable_oob (line 268) | def enable_oob(self) -> None: method is_oob (line 272) | def is_oob(self) -> bool: FILE: sigstore/_internal/rekor/__init__.py class RekorClientError (line 43) | class RekorClientError(Exception): method __init__ (line 48) | def __init__(self, http_error: requests.HTTPError): class RekorLogSubmitter (line 64) | class RekorLogSubmitter(ABC): method create_entry (line 72) | def create_entry( method _build_hashed_rekord_request (line 83) | def _build_hashed_rekord_request( method _build_dsse_request (line 93) | def _build_dsse_request( function _hashedrekord_from_parts (line 103) | def _hashedrekord_from_parts( FILE: sigstore/_internal/rekor/checkpoint.py class RekorSignature (line 38) | class RekorSignature: class LogCheckpoint (line 52) | class LogCheckpoint(BaseModel): method from_text (line 70) | def from_text(cls, text: str) -> LogCheckpoint: method to_text (line 94) | def to_text(self) -> str: class SignedNote (line 105) | class SignedNote: method from_text (line 114) | def from_text(cls, text: str) -> SignedNote: method verify (line 166) | def verify(self, rekor_keyring: RekorKeyring, key_id: KeyID) -> None: class SignedCheckpoint (line 191) | class SignedCheckpoint: method from_text (line 200) | def from_text(cls, text: str) -> SignedCheckpoint: function verify_checkpoint (line 210) | def verify_checkpoint(rekor_keyring: RekorKeyring, entry: TransparencyLo... FILE: sigstore/_internal/rekor/client.py class RekorLogInfo (line 51) | class RekorLogInfo: method from_response (line 63) | def from_response(cls, dict_: dict[str, Any]) -> RekorLogInfo: class _Endpoint (line 76) | class _Endpoint(ABC): method __init__ (line 77) | def __init__(self, url: str, session: requests.Session) -> None: class RekorLog (line 84) | class RekorLog(_Endpoint): method get (line 89) | def get(self) -> RekorLogInfo: method entries (line 101) | def entries(self) -> RekorEntries: class RekorEntries (line 109) | class RekorEntries(_Endpoint): method get (line 114) | def get( method post (line 138) | def post( method retrieve (line 159) | def retrieve(self) -> RekorEntriesRetrieve: class RekorEntriesRetrieve (line 166) | class RekorEntriesRetrieve(_Endpoint): method post (line 171) | def post( class RekorClient (line 217) | class RekorClient(RekorLogSubmitter): method __init__ (line 220) | def __init__(self, url: str) -> None: method production (line 228) | def production(cls) -> RekorClient: method staging (line 237) | def staging(cls) -> RekorClient: method _session (line 244) | def _session(self) -> requests.Session: method log (line 261) | def log(self) -> RekorLog: method create_entry (line 268) | def create_entry(self, request: EntryRequestBody) -> TransparencyLogEn... method _build_hashed_rekord_request (line 276) | def _build_hashed_rekord_request( # type: ignore[override] method _build_dsse_request (line 304) | def _build_dsse_request( # type: ignore[override] FILE: sigstore/_internal/rekor/client_v2.py class RekorV2Client (line 47) | class RekorV2Client(RekorLogSubmitter): method __init__ (line 54) | def __init__(self, base_url: str) -> None: method _session (line 62) | def _session(self) -> requests.Session: method create_entry (line 78) | def create_entry(self, payload: EntryRequestBody) -> TransparencyLogEn... method _build_hashed_rekord_request (line 106) | def _build_hashed_rekord_request( method _build_dsse_request (line 136) | def _build_dsse_request( FILE: sigstore/_internal/sct.py function _pack_signed_entry (line 48) | def _pack_signed_entry( function _pack_digitally_signed (line 91) | def _pack_digitally_signed( function _is_preissuer (line 129) | def _is_preissuer(issuer: Certificate) -> bool: function _get_issuer_cert (line 139) | def _get_issuer_cert(chain: list[Certificate]) -> Certificate: function _get_signed_certificate_timestamp (line 146) | def _get_signed_certificate_timestamp( function _cert_is_ca (line 170) | def _cert_is_ca(cert: Certificate) -> bool: function verify_sct (line 180) | def verify_sct( FILE: sigstore/_internal/timestamp.py class TimestampSource (line 37) | class TimestampSource(enum.Enum): class TimestampVerificationResult (line 45) | class TimestampVerificationResult: class TimestampError (line 56) | class TimestampError(Exception): class TimestampAuthorityClient (line 64) | class TimestampAuthorityClient: method __init__ (line 67) | def __init__(self, url: str) -> None: method _session (line 75) | def _session(self) -> requests.Session: method request_timestamp (line 90) | def request_timestamp(self, signature: bytes) -> TimeStampResponse: FILE: sigstore/_internal/trust.py class Key (line 58) | class Key: method __init__ (line 80) | def __init__(self, public_key: common_v1.PublicKey) -> None: method verify (line 111) | def verify(self, signature: bytes, data: bytes) -> None: class Keyring (line 145) | class Keyring: method __init__ (line 150) | def __init__(self, public_keys: list[common_v1.PublicKey] = []): method verify (line 163) | def verify(self, *, key_id: KeyID, signature: bytes, data: bytes) -> N... class KeyringPurpose (line 197) | class KeyringPurpose(str, Enum): method __str__ (line 205) | def __str__(self) -> str: class CertificateAuthority (line 210) | class CertificateAuthority: method __init__ (line 215) | def __init__(self, inner: trustroot_v1.CertificateAuthority): method from_json (line 226) | def from_json(cls, path: str) -> CertificateAuthority: method _verify (line 233) | def _verify(self) -> None: method validity_period_start (line 246) | def validity_period_start(self) -> datetime: method validity_period_end (line 253) | def validity_period_end(self) -> datetime | None: method certificates (line 259) | def certificates(self, *, allow_expired: bool) -> list[Certificate]: FILE: sigstore/_internal/tuf.py function _get_dirs (line 40) | def _get_dirs(url: str) -> tuple[Path, Path]: class TrustUpdater (line 58) | class TrustUpdater: method __init__ (line 69) | def __init__( method get_trusted_root_path (line 132) | def get_trusted_root_path(self) -> str: method get_signing_config_path (line 155) | def get_signing_config_path(self) -> str: FILE: sigstore/_utils.py function load_pem_public_key (line 70) | def load_pem_public_key( function load_der_public_key (line 96) | def load_der_public_key( function base64_encode_pem_cert (line 120) | def base64_encode_pem_cert(cert: Certificate) -> B64Str: function cert_der_to_pem (line 130) | def cert_der_to_pem(der: bytes) -> str: function key_id (line 143) | def key_id(key: PublicKey) -> KeyID: function sha256_digest (line 157) | def sha256_digest( function _sha256_streaming (line 179) | def _sha256_streaming(io: IO[bytes]) -> bytes: function read_embedded (line 212) | def read_embedded(name: str, url: str) -> bytes: function cert_is_ca (line 222) | def cert_is_ca(cert: Certificate) -> bool: function cert_is_root_ca (line 286) | def cert_is_root_ca(cert: Certificate) -> bool: function cert_is_leaf (line 316) | def cert_is_leaf(cert: Certificate) -> bool: function is_timerange_valid (line 360) | def is_timerange_valid(period: TimeRange | None, *, allow_expired: bool)... FILE: sigstore/dsse/__init__.py class Subject (line 53) | class Subject(BaseModel): class _Statement (line 62) | class _Statement(BaseModel): class Statement (line 75) | class Statement: method __init__ (line 86) | def __init__(self, contents: bytes | _Statement) -> None: method _matches_digest (line 104) | def _matches_digest(self, digest: Hashed) -> bool: method _pae (line 123) | def _pae(self) -> bytes: class StatementBuilder (line 131) | class StatementBuilder: method __init__ (line 136) | def __init__( method subjects (line 149) | def subjects(self, subjects: list[Subject]) -> StatementBuilder: method predicate_type (line 156) | def predicate_type(self, predicate_type: str) -> StatementBuilder: method predicate (line 163) | def predicate(self, predicate: dict[str, Any]) -> StatementBuilder: method build (line 170) | def build(self) -> Statement: class InvalidEnvelope (line 187) | class InvalidEnvelope(Error): class Envelope (line 193) | class Envelope: method __init__ (line 204) | def __init__(self, inner: _Envelope) -> None: method _verify (line 212) | def _verify(self) -> None: method _from_json (line 225) | def _from_json(cls, contents: bytes | str) -> Envelope: method to_json (line 230) | def to_json(self) -> str: method __eq__ (line 236) | def __eq__(self, other: object) -> bool: method signature (line 245) | def signature(self) -> bytes: function _pae (line 250) | def _pae(type_: str, body: bytes) -> bytes: function _sign (line 263) | def _sign(key: ec.EllipticCurvePrivateKey, stmt: Statement) -> Envelope: function _verify (line 281) | def _verify(key: ec.EllipticCurvePublicKey, evp: Envelope) -> bytes: FILE: sigstore/dsse/_predicate.py class PredicateType (line 36) | class PredicateType(str, enum.Enum): class Predicate (line 57) | class Predicate(BaseModel): class _SLSAConfigBase (line 65) | class _SLSAConfigBase(BaseModel): class BuilderV0_1 (line 76) | class BuilderV0_1(_SLSAConfigBase): class ConfigSource (line 84) | class ConfigSource(_SLSAConfigBase): class Invocation (line 94) | class Invocation(_SLSAConfigBase): class Completeness (line 104) | class Completeness(_SLSAConfigBase): class Material (line 114) | class Material(_SLSAConfigBase): class Metadata (line 123) | class Metadata(_SLSAConfigBase): class SLSAPredicateV0_2 (line 135) | class SLSAPredicateV0_2(Predicate, _SLSAConfigBase): class ResourceDescriptor (line 151) | class ResourceDescriptor(_SLSAConfigBase): method check_required_fields (line 165) | def check_required_fields(self: Self) -> Self: class BuilderV1_0 (line 177) | class BuilderV1_0(_SLSAConfigBase): class BuildMetadata (line 187) | class BuildMetadata(_SLSAConfigBase): class RunDetails (line 197) | class RunDetails(_SLSAConfigBase): class BuildDefinition (line 207) | class BuildDefinition(_SLSAConfigBase): class SLSAPredicateV1_0 (line 218) | class SLSAPredicateV1_0(Predicate, _SLSAConfigBase): FILE: sigstore/errors.py class Error (line 25) | class Error(Exception): method diagnostics (line 28) | def diagnostics(self) -> str: method log_and_exit (line 33) | def log_and_exit(self, logger: Logger, raise_error: bool = False) -> N... class NetworkError (line 52) | class NetworkError(Error): method diagnostics (line 55) | def diagnostics(self) -> str: class TUFError (line 78) | class TUFError(Error): method __init__ (line 81) | def __init__(self, message: str): method diagnostics (line 91) | def diagnostics(self) -> str: class MetadataError (line 106) | class MetadataError(Error): method diagnostics (line 109) | def diagnostics(self) -> str: class RootError (line 114) | class RootError(Error): method diagnostics (line 117) | def diagnostics(self) -> str: class VerificationError (line 125) | class VerificationError(Error): class CertValidationError (line 131) | class CertValidationError(VerificationError): FILE: sigstore/hashes.py class Hashed (line 28) | class Hashed(BaseModel, frozen=True): method _as_hashedrekord_algorithm (line 43) | def _as_hashedrekord_algorithm(self) -> rekor_types.hashedrekord.Algor... method _as_prehashed (line 51) | def _as_prehashed(self) -> Prehashed: method __str__ (line 59) | def __str__(self) -> str: FILE: sigstore/models.py class TransparencyLogEntry (line 78) | class TransparencyLogEntry: method __init__ (line 83) | def __init__(self, inner: _TransparencyLogEntry) -> None: method _validate (line 92) | def _validate(self) -> None: method __eq__ (line 104) | def __eq__(self, value: object) -> bool: method _from_v1_response (line 116) | def _from_v1_response(cls, dict_: dict[str, Any]) -> TransparencyLogEn... method _encode_canonical (line 170) | def _encode_canonical(self) -> bytes: method _verify_set (line 194) | def _verify_set(self, keyring: RekorKeyring) -> None: method _verify (line 216) | def _verify(self, keyring: RekorKeyring) -> None: class TimestampVerificationData (line 242) | class TimestampVerificationData: method __init__ (line 249) | def __init__(self, inner: _TimestampVerificationData) -> None: method _verify (line 254) | def _verify(self) -> None: method rfc3161_timestamps (line 272) | def rfc3161_timestamps(self) -> list[TimeStampResponse]: method from_json (line 277) | def from_json(cls, raw: str | bytes) -> TimestampVerificationData: class VerificationMaterial (line 285) | class VerificationMaterial: method __init__ (line 290) | def __init__(self, inner: _VerificationMaterial) -> None: method timestamp_verification_data (line 295) | def timestamp_verification_data(self) -> TimestampVerificationData | N... class InvalidBundle (line 307) | class InvalidBundle(Error): method diagnostics (line 312) | def diagnostics(self) -> str: class IncompatibleEntry (line 328) | class IncompatibleEntry(InvalidBundle): method diagnostics (line 333) | def diagnostics(self) -> str: class Bundle (line 347) | class Bundle: class BundleType (line 352) | class BundleType(str, Enum): method __str__ (line 362) | def __str__(self) -> str: method __init__ (line 366) | def __init__(self, inner: _Bundle) -> None: method _verify (line 376) | def _verify(self) -> None: method signing_certificate (line 497) | def signing_certificate(self) -> Certificate: method log_entry (line 502) | def log_entry(self) -> TransparencyLogEntry: method _dsse_envelope (line 510) | def _dsse_envelope(self) -> dsse.Envelope | None: method signature (line 521) | def signature(self) -> bytes: method verification_material (line 533) | def verification_material(self) -> VerificationMaterial: method from_json (line 540) | def from_json(cls, raw: bytes | str) -> Bundle: method to_json (line 550) | def to_json(self) -> str: method _to_parts (line 556) | def _to_parts( method from_parts (line 574) | def from_parts( method _from_parts (line 587) | def _from_parts( class SigningConfig (line 635) | class SigningConfig: class SigningConfigType (line 640) | class SigningConfigType(str, Enum): method __str__ (line 647) | def __str__(self) -> str: method __init__ (line 651) | def __init__( method from_file (line 698) | def from_file( method _get_valid_services (line 707) | def _get_valid_services( method get_tlogs (line 753) | def get_tlogs(self) -> list[RekorLogSubmitter]: method get_fulcio (line 771) | def get_fulcio(self) -> FulcioClient: method get_oidc_url (line 777) | def get_oidc_url(self) -> str: method get_tsas (line 786) | def get_tsas(self) -> list[TimestampAuthorityClient]: class TrustedRoot (line 793) | class TrustedRoot: class TrustedRootType (line 798) | class TrustedRootType(str, Enum): method __str__ (line 805) | def __str__(self) -> str: method __init__ (line 809) | def __init__(self, inner: trustroot_v1.TrustedRoot): method _verify (line 818) | def _verify(self) -> None: method from_file (line 831) | def from_file( method _get_tlog_keys (line 839) | def _get_tlog_keys( method rekor_keyring (line 855) | def rekor_keyring(self, purpose: KeyringPurpose) -> RekorKeyring: method ct_keyring (line 865) | def ct_keyring(self, purpose: KeyringPurpose) -> CTKeyring: method get_fulcio_certs (line 874) | def get_fulcio_certs(self) -> list[Certificate]: method get_timestamp_authorities (line 889) | def get_timestamp_authorities(self) -> list[CertificateAuthority]: class ClientTrustConfig (line 903) | class ClientTrustConfig: class ClientTrustConfigType (line 908) | class ClientTrustConfigType(str, Enum): method __str__ (line 915) | def __str__(self) -> str: method from_json (line 920) | def from_json(cls, raw: str) -> ClientTrustConfig: method production (line 928) | def production( method staging (line 940) | def staging( method from_tuf (line 952) | def from_tuf( method __init__ (line 982) | def __init__(self, inner: trustroot_v1.ClientTrustConfig) -> None: method trusted_root (line 992) | def trusted_root(self) -> TrustedRoot: method signing_config (line 999) | def signing_config(self) -> SigningConfig: FILE: sigstore/oidc.py class _OpenIDConfiguration (line 48) | class _OpenIDConfiguration(BaseModel): class ExpiredIdentity (line 60) | class ExpiredIdentity(Exception): class IdentityToken (line 64) | class IdentityToken: method __init__ (line 70) | def __init__(self, raw_token: str, client_id: str = _DEFAULT_CLIENT_ID... method in_validity_period (line 160) | def in_validity_period(self) -> bool: method identity (line 177) | def identity(self) -> str: method issuer (line 189) | def issuer(self) -> str: method federated_issuer (line 196) | def federated_issuer(self) -> str: method __str__ (line 217) | def __str__(self) -> str: class IssuerError (line 226) | class IssuerError(Exception): class Issuer (line 234) | class Issuer: method __init__ (line 239) | def __init__(self, base_url: str) -> None: method identity_token (line 272) | def identity_token( # nosec: B107 class IdentityError (line 361) | class IdentityError(Error): method raise_from_id (line 367) | def raise_from_id(cls, exc: id.IdentityError) -> NoReturn: method diagnostics (line 371) | def diagnostics(self) -> str: function detect_credential (line 410) | def detect_credential(client_id: str = _DEFAULT_CLIENT_ID) -> str | None: FILE: sigstore/sign.py class Signer (line 77) | class Signer: method __init__ (line 82) | def __init__( method _private_key (line 112) | def _private_key(self) -> ec.EllipticCurvePrivateKey: method _signing_cert (line 119) | def _signing_cert( method _finalize_sign (line 177) | def _finalize_sign( method sign_dsse (line 204) | def sign_dsse( method sign_artifact (line 227) | def sign_artifact( class SigningContext (line 270) | class SigningContext: method __init__ (line 275) | def __init__( method from_trust_config (line 298) | def from_trust_config(cls, trust_config: ClientTrustConfig) -> Signing... method signer (line 313) | def signer( FILE: sigstore/verify/policy.py class _SingleX509ExtPolicy (line 69) | class _SingleX509ExtPolicy(ABC): method __init__ (line 80) | def __init__(self, value: str) -> None: method verify (line 87) | def verify(self, cert: Certificate) -> None: class _SingleX509ExtPolicyV2 (line 111) | class _SingleX509ExtPolicyV2(_SingleX509ExtPolicy): method verify (line 118) | def verify(self, cert: Certificate) -> None: class OIDCIssuer (line 142) | class OIDCIssuer(_SingleX509ExtPolicy): class GitHubWorkflowTrigger (line 151) | class GitHubWorkflowTrigger(_SingleX509ExtPolicy): class GitHubWorkflowSHA (line 160) | class GitHubWorkflowSHA(_SingleX509ExtPolicy): class GitHubWorkflowName (line 169) | class GitHubWorkflowName(_SingleX509ExtPolicy): class GitHubWorkflowRepository (line 178) | class GitHubWorkflowRepository(_SingleX509ExtPolicy): class GitHubWorkflowRef (line 187) | class GitHubWorkflowRef(_SingleX509ExtPolicy): class OIDCIssuerV2 (line 196) | class OIDCIssuerV2(_SingleX509ExtPolicyV2): class OIDCBuildSignerURI (line 208) | class OIDCBuildSignerURI(_SingleX509ExtPolicyV2): class OIDCBuildSignerDigest (line 217) | class OIDCBuildSignerDigest(_SingleX509ExtPolicyV2): class OIDCRunnerEnvironment (line 226) | class OIDCRunnerEnvironment(_SingleX509ExtPolicyV2): class OIDCSourceRepositoryURI (line 235) | class OIDCSourceRepositoryURI(_SingleX509ExtPolicyV2): class OIDCSourceRepositoryDigest (line 244) | class OIDCSourceRepositoryDigest(_SingleX509ExtPolicyV2): class OIDCSourceRepositoryRef (line 253) | class OIDCSourceRepositoryRef(_SingleX509ExtPolicyV2): class OIDCSourceRepositoryIdentifier (line 262) | class OIDCSourceRepositoryIdentifier(_SingleX509ExtPolicyV2): class OIDCSourceRepositoryOwnerURI (line 271) | class OIDCSourceRepositoryOwnerURI(_SingleX509ExtPolicyV2): class OIDCSourceRepositoryOwnerIdentifier (line 280) | class OIDCSourceRepositoryOwnerIdentifier(_SingleX509ExtPolicyV2): class OIDCBuildConfigURI (line 289) | class OIDCBuildConfigURI(_SingleX509ExtPolicyV2): class OIDCBuildConfigDigest (line 298) | class OIDCBuildConfigDigest(_SingleX509ExtPolicyV2): class OIDCBuildTrigger (line 307) | class OIDCBuildTrigger(_SingleX509ExtPolicyV2): class OIDCRunInvocationURI (line 316) | class OIDCRunInvocationURI(_SingleX509ExtPolicyV2): class OIDCSourceRepositoryVisibility (line 325) | class OIDCSourceRepositoryVisibility(_SingleX509ExtPolicyV2): class VerificationPolicy (line 335) | class VerificationPolicy(Protocol): method verify (line 342) | def verify(self, cert: Certificate) -> None: class AnyOf (line 350) | class AnyOf: method __init__ (line 357) | def __init__(self, children: list[VerificationPolicy]): method verify (line 363) | def verify(self, cert: Certificate) -> None: class AllOf (line 381) | class AllOf: method __init__ (line 389) | def __init__(self, children: list[VerificationPolicy]): method verify (line 396) | def verify(self, cert: Certificate) -> None: class UnsafeNoOp (line 411) | class UnsafeNoOp: method verify (line 423) | def verify(self, cert: Certificate) -> None: class Identity (line 433) | class Identity: method __init__ (line 445) | def __init__(self, *, identity: str, issuer: str | None = None): method verify (line 456) | def verify(self, cert: Certificate) -> None: FILE: sigstore/verify/verifier.py class Verifier (line 70) | class Verifier: method __init__ (line 75) | def __init__(self, *, trusted_root: TrustedRoot): method production (line 94) | def production(cls, *, offline: bool = False) -> Verifier: method staging (line 108) | def staging(cls, *, offline: bool = False) -> Verifier: method _verify_signed_timestamp (line 121) | def _verify_signed_timestamp( method _verify_timestamp_authority (line 168) | def _verify_timestamp_authority( method _establish_time (line 200) | def _establish_time(self, bundle: Bundle) -> list[TimestampVerificatio... method _verify_chain_at_time (line 245) | def _verify_chain_at_time( method _verify_common_signing_cert (line 279) | def _verify_common_signing_cert( method verify_dsse (line 388) | def verify_dsse( method verify_artifact (line 450) | def verify_artifact( function _validate_dsse_v001_entry_body (line 517) | def _validate_dsse_v001_entry_body(bundle: Bundle) -> None: function _validate_dsse_v002_entry_body (line 557) | def _validate_dsse_v002_entry_body(bundle: Bundle) -> None: function _validate_hashedrekord_v001_entry_body (line 593) | def _validate_hashedrekord_v001_entry_body( function _validate_hashedrekord_v002_entry_body (line 614) | def _validate_hashedrekord_v002_entry_body( function _v2_verifier_from_certificate (line 648) | def _v2_verifier_from_certificate(certificate: Certificate) -> v2.verifi... FILE: test/assets/x509/build-testcases.py function _keypair (line 41) | def _keypair(priv_key_file: Path): function _builder (line 57) | def _builder() -> x509.CertificateBuilder: function _finalize (line 82) | def _finalize( function _dump (line 89) | def _dump(cert: x509.Certificate, filename: Path): function bogus_root (line 98) | def bogus_root() -> x509.Certificate: function bogus_root_noncritical_bc (line 125) | def bogus_root_noncritical_bc() -> x509.Certificate: function bogus_root_missing_ku (line 153) | def bogus_root_missing_ku() -> x509.Certificate: function bogus_root_invalid_ku (line 167) | def bogus_root_invalid_ku() -> x509.Certificate: function bogus_intermediate (line 195) | def bogus_intermediate() -> x509.Certificate: function bogus_intermediate_with_eku (line 223) | def bogus_intermediate_with_eku() -> x509.Certificate: function bogus_leaf (line 259) | def bogus_leaf() -> x509.Certificate: function bogus_leaf_invalid_ku (line 291) | def bogus_leaf_invalid_ku() -> x509.Certificate: function bogus_leaf_invalid_eku (line 324) | def bogus_leaf_invalid_eku() -> x509.Certificate: function bogus_leaf_missing_eku (line 357) | def bogus_leaf_missing_eku() -> x509.Certificate: FILE: test/conftest.py function asset (line 32) | def asset(): function _has_oidc_id (line 39) | def _has_oidc_id(): function _has_timestamp_authority_configured (line 72) | def _has_timestamp_authority_configured() -> bool: function pytest_addoption (line 79) | def pytest_addoption(parser): function pytest_runtest_setup (line 92) | def pytest_runtest_setup(item): function pytest_configure (line 118) | def pytest_configure(config): FILE: test/integration/cli/conftest.py function asset_integration (line 23) | def asset_integration(asset): function sigstore (line 31) | def sigstore() -> Callable: FILE: test/integration/cli/test_attest.py function get_cli_params (line 24) | def get_cli_params( function test_attest_success_default_output_bundle (line 57) | def test_attest_success_default_output_bundle( function test_attest_success_custom_output_bundle (line 89) | def test_attest_success_custom_output_bundle( function test_attest_overwrite_existing_bundle (line 115) | def test_attest_overwrite_existing_bundle( function test_attest_invalid_predicate_type (line 154) | def test_attest_invalid_predicate_type(capsys, sigstore, asset_integrati... function test_attest_mismatching_predicate (line 178) | def test_attest_mismatching_predicate(capsys, sigstore, asset_integratio... function test_attest_missing_predicate (line 202) | def test_attest_missing_predicate(capsys, sigstore, asset_integration, t... function test_attest_invalid_json_predicate (line 226) | def test_attest_invalid_json_predicate(capsys, sigstore, asset_integrati... FILE: test/integration/cli/test_plumbing.py function test_fix_bundle_fixes_missing_checkpoint (line 25) | def test_fix_bundle_fixes_missing_checkpoint(capsys, sigstore, asset_int... function test_fix_bundle_upgrades_bundle (line 67) | def test_fix_bundle_upgrades_bundle(capsys, sigstore, asset_integration): FILE: test/integration/cli/test_sign.py function get_cli_params (line 23) | def get_cli_params( function test_sign_success_default_output_bundle (line 58) | def test_sign_success_default_output_bundle( function test_sign_success_multiple_artifacts (line 90) | def test_sign_success_multiple_artifacts(capsys, sigstore, asset_integra... function test_sign_success_multiple_artifacts_rekor_v2 (line 125) | def test_sign_success_multiple_artifacts_rekor_v2( function test_sign_success_custom_outputs (line 167) | def test_sign_success_custom_outputs(capsys, sigstore, asset_integration... function test_sign_success_custom_output_dir (line 194) | def test_sign_success_custom_output_dir(capsys, sigstore, asset_integrat... function test_sign_success_no_default_files (line 215) | def test_sign_success_no_default_files(capsys, sigstore, asset_integrati... function test_sign_overwrite_existing_bundle (line 241) | def test_sign_overwrite_existing_bundle(capsys, sigstore, asset_integrat... function test_sign_fails_with_default_files_and_bundle_options (line 279) | def test_sign_fails_with_default_files_and_bundle_options( function test_sign_fails_with_multiple_inputs_and_custom_output (line 301) | def test_sign_fails_with_multiple_inputs_and_custom_output( function test_sign_fails_with_output_dir_and_custom_output_files (line 346) | def test_sign_fails_with_output_dir_and_custom_output_files( function test_sign_fails_without_both_output_cert_and_signature (line 394) | def test_sign_fails_without_both_output_cert_and_signature( FILE: test/integration/cli/test_verify.py function test_regression_verify_legacy_bundle (line 18) | def test_regression_verify_legacy_bundle(capsys, caplog, asset_integrati... FILE: test/unit/conftest.py function x509_testcase (line 52) | def x509_testcase(asset): function tuf_asset (line 61) | def tuf_asset(): function signing_materials (line 93) | def signing_materials(asset) -> Callable[[str, RekorClient], tuple[Path,... function signing_bundle (line 118) | def signing_bundle(asset) -> Callable[[str], tuple[Path, Bundle]]: function null_policy (line 132) | def null_policy(): function mock_staging_tuf (line 141) | def mock_staging_tuf(monkeypatch, tuf_dirs): function tuf_dirs (line 177) | def tuf_dirs(monkeypatch, tmp_path): function sign_ctx_and_ident_for_env (line 188) | def sign_ctx_and_ident_for_env( function staging (line 218) | def staging() -> tuple[type[SigningContext], type[Verifier], IdentityTok... function dummy_jwt (line 239) | def dummy_jwt(): function tsa_url (line 247) | def tsa_url(): FILE: test/unit/internal/oidc/test_issuer.py function test_fail_init_url (line 23) | def test_fail_init_url(): function test_init_url (line 29) | def test_init_url(): function test_get_identity_token_bad_code (line 34) | def test_get_identity_token_bad_code(monkeypatch): function test_identity_token_csrf_protection (line 41) | def test_identity_token_csrf_protection(): FILE: test/unit/internal/rekor/test_client_v2.py function test_rekor_v2_create_entry_dsse (line 25) | def test_rekor_v2_create_entry_dsse(staging): function test_rekor_v2_create_entry_hashed_rekord (line 57) | def test_rekor_v2_create_entry_hashed_rekord(staging): FILE: test/unit/internal/test_key_details.py function test_get_key_details (line 80) | def test_get_key_details(mock_certificate): function delayed_crypto_mock (line 88) | def delayed_crypto_mock(mock_func, error_msg): class DummyCurve (line 102) | class DummyCurve(ec.EllipticCurve): method key_size (line 106) | def key_size(self): method group_order (line 110) | def group_order(self): function test_get_key_details_unsupported (line 192) | def test_get_key_details_unsupported(mock_certificate, error_msg): FILE: test/unit/internal/test_sct.py function test_pack_digitally_signed_precertificate (line 34) | def test_pack_digitally_signed_precertificate(precert_bytes_len): FILE: test/unit/internal/test_timestamping.py class TestTimestampAuthorityClient (line 22) | class TestTimestampAuthorityClient: method test_sign_request (line 23) | def test_sign_request(self, tsa_url: str): method test_sign_request_invalid_url (line 35) | def test_sign_request_invalid_url(self): method test_sign_request_invalid_request (line 40) | def test_sign_request_invalid_request(self, tsa_url): method test_invalid_response (line 45) | def test_invalid_response(self, tsa_url, monkeypatch): FILE: test/unit/internal/test_trust.py class TestCertificateAuthority (line 57) | class TestCertificateAuthority: method test_good (line 58) | def test_good(self, asset): method test_missing_root (line 66) | def test_missing_root(self, asset): class TestSigningConfig (line 72) | class TestSigningConfig: method test_good (line 73) | def test_good(self, asset): method test_good_only_v1_rekor (line 98) | def test_good_only_v1_rekor(self, asset): method test_get_valid_services (line 183) | def test_get_valid_services(self, services, versions, config, expected... method test_get_valid_services_fail (line 198) | def test_get_valid_services_fail(self, services, versions, config): class TestTrustedRoot (line 203) | class TestTrustedRoot: method test_good (line 211) | def test_good(self, asset, file): method test_bad_media_type (line 232) | def test_bad_media_type(self, asset): function test_trust_root_tuf_offline (line 245) | def test_trust_root_tuf_offline(mock_staging_tuf, tuf_dirs): function test_is_timerange_valid (line 267) | def test_is_timerange_valid(): function test_trust_root_tuf_instance_error (line 296) | def test_trust_root_tuf_instance_error(): function test_trust_root_tuf_ctfe_keys_error (line 302) | def test_trust_root_tuf_ctfe_keys_error(monkeypatch): function test_trust_root_fulcio_certs_error (line 309) | def test_trust_root_fulcio_certs_error(tuf_asset, monkeypatch): class TestClientTrustConfig (line 318) | class TestClientTrustConfig: method test_good (line 319) | def test_good(self, asset): method test_bad_media_type (line 326) | def test_bad_media_type(self, asset): FILE: test/unit/test_dsse.py class TestEnvelope (line 24) | class TestEnvelope: method test_roundtrip (line 25) | def test_roundtrip(self): method test_missing_signature (line 47) | def test_missing_signature(self): method test_empty_signature (line 59) | def test_empty_signature(self): method test_multiple_signatures (line 73) | def test_multiple_signatures(self): FILE: test/unit/test_hashes.py class TestHashes (line 22) | class TestHashes: method test_hashed_repr (line 33) | def test_hashed_repr(self, algorithm, digest): FILE: test/unit/test_models.py class TestTransparencyLogEntry (line 32) | class TestTransparencyLogEntry: method test_missing_inclusion_proof (line 34) | def test_missing_inclusion_proof(self, integrated_time: int): method test_logentry_roundtrip (line 65) | def test_logentry_roundtrip(self, signing_bundle): class TestTimestampVerificationData (line 76) | class TestTimestampVerificationData: method test_valid_timestamp (line 81) | def test_valid_timestamp(self, asset): method test_no_timestamp (line 96) | def test_no_timestamp(self, asset): method test_invalid_timestamp (line 104) | def test_invalid_timestamp(self, asset): class TestVerificationMaterial (line 110) | class TestVerificationMaterial: method test_valid_verification_material (line 115) | def test_valid_verification_material(self, asset): class TestBundle (line 124) | class TestBundle: method test_invalid_bundle_version (line 129) | def test_invalid_bundle_version(self, signing_bundle): method test_invalid_empty_cert_chain (line 133) | def test_invalid_empty_cert_chain(self, signing_bundle): method test_invalid_no_log_entry (line 139) | def test_invalid_no_log_entry(self, signing_bundle): method test_verification_materials_offline_no_checkpoint (line 145) | def test_verification_materials_offline_no_checkpoint(self, signing_bu... method test_bundle_roundtrip (line 151) | def test_bundle_roundtrip(self, signing_bundle): method test_bundle_missing_signed_time (line 160) | def test_bundle_missing_signed_time(self, signing_bundle): class TestKnownBundleTypes (line 168) | class TestKnownBundleTypes: method test_str (line 169) | def test_str(self): FILE: test/unit/test_oidc.py class TestIdentityToken (line 22) | class TestIdentityToken: method test_invalid_jwt (line 23) | def test_invalid_jwt(self): method test_missing_iss (line 29) | def test_missing_iss(self, dummy_jwt): method test_missing_aud (line 46) | def test_missing_aud(self, dummy_jwt): method test_invalid_aud (line 64) | def test_invalid_aud(self, dummy_jwt, aud): method test_missing_iat (line 82) | def test_missing_iat(self, dummy_jwt): method test_invalid_iat (line 100) | def test_invalid_iat(self, dummy_jwt, iat): method test_missing_nbf_ok (line 118) | def test_missing_nbf_ok(self, dummy_jwt): method test_invalid_nbf (line 132) | def test_invalid_nbf(self, dummy_jwt): method test_missing_exp (line 151) | def test_missing_exp(self, dummy_jwt): method test_invalid_exp (line 168) | def test_invalid_exp(self, dummy_jwt): method test_missing_identity_claim (line 190) | def test_missing_identity_claim(self, dummy_jwt, iss): method test_invalid_federated_claims (line 210) | def test_invalid_federated_claims(self, dummy_jwt, fed): method test_ok (line 251) | def test_ok(self, dummy_jwt, iss, identity_claim, identity_value, fed_... FILE: test/unit/test_session_reuse.py function test_rekor_v1_session_reuse_public_api (line 23) | def test_rekor_v1_session_reuse_public_api(): function test_rekor_v2_session_reuse_public_api (line 39) | def test_rekor_v2_session_reuse_public_api(): function test_timestamp_client_session_reuse_public_api (line 62) | def test_timestamp_client_session_reuse_public_api(): FILE: test/unit/test_sign.py function test_sign_rekor_entry_consistent (line 34) | def test_sign_rekor_entry_consistent(request, sign_ctx_and_ident_for_env): function test_sign_with_staging (line 59) | def test_sign_with_staging(staging, null_policy): function test_sct_verify_keyring_lookup_error (line 75) | def test_sct_verify_keyring_lookup_error(sign_ctx_and_ident_for_env, mon... function test_sct_verify_keyring_error (line 94) | def test_sct_verify_keyring_error(sign_ctx_and_ident_for_env, monkeypatch): function test_identity_proof_fallback_claim (line 114) | def test_identity_proof_fallback_claim(sign_ctx_and_ident_for_env, monke... function test_sign_prehashed (line 132) | def test_sign_prehashed(staging): function test_sign_dsse (line 157) | def test_sign_dsse(staging): FILE: test/unit/test_store.py function test_store_reads_root_json (line 29) | def test_store_reads_root_json(env): function test_store_reads_targets_json (line 41) | def test_store_reads_targets_json(env): FILE: test/unit/test_utils.py function test_key_id (line 28) | def test_key_id(): function test_sha256_streaming (line 68) | def test_sha256_streaming(size): function test_load_pem_public_key_format (line 77) | def test_load_pem_public_key_format(): function test_load_pem_public_key_serialization (line 85) | def test_load_pem_public_key_serialization(monkeypatch): function test_cert_is_ca (line 109) | def test_cert_is_ca(x509_testcase, testcase, valid): function test_cert_is_ca_invalid_states (line 123) | def test_cert_is_ca_invalid_states(x509_testcase, testcase): function test_cert_is_root_ca (line 139) | def test_cert_is_root_ca(x509_testcase, testcase, valid): function test_cert_is_leaf (line 155) | def test_cert_is_leaf(x509_testcase, testcase, valid): function test_cert_is_leaf_invalid_states (line 170) | def test_cert_is_leaf_invalid_states(x509_testcase, testcase): function test_cert_is_leaf_invalid_version (line 180) | def test_cert_is_leaf_invalid_version(helper): FILE: test/unit/test_version.py function test_version (line 18) | def test_version(): FILE: test/unit/verify/test_policy.py class TestVerificationPolicy (line 25) | class TestVerificationPolicy: method test_does_not_init (line 26) | def test_does_not_init(self): class TestUnsafeNoOp (line 31) | class TestUnsafeNoOp: method test_succeeds (line 32) | def test_succeeds(self, monkeypatch): class TestAnyOf (line 45) | class TestAnyOf: method test_trivially_false (line 46) | def test_trivially_false(self): method test_fails_no_children_match (line 52) | def test_fails_no_children_match(self, signing_bundle): method test_succeeds (line 64) | def test_succeeds(self, signing_bundle): class TestAllOf (line 80) | class TestAllOf: method test_trivially_false (line 81) | def test_trivially_false(self): method test_certificate_extension_not_found (line 87) | def test_certificate_extension_not_found(self): method test_fails_not_all_children_match (line 103) | def test_fails_not_all_children_match(self, signing_bundle): method test_succeeds (line 122) | def test_succeeds(self, signing_bundle): class TestIdentity (line 140) | class TestIdentity: method test_fails_no_san_match (line 141) | def test_fails_no_san_match(self, signing_bundle): class TestSingleExtPolicy (line 155) | class TestSingleExtPolicy: method test_succeeds (line 156) | def test_succeeds(self, signing_bundle): FILE: test/unit/verify/test_verifier.py function test_verifier_production (line 34) | def test_verifier_production(): function test_verifier_staging (line 40) | def test_verifier_staging(): function test_verifier_one_verification (line 46) | def test_verifier_one_verification(signing_materials, null_policy): function test_verifier_inconsistent_log_entry (line 55) | def test_verifier_inconsistent_log_entry(signing_bundle, null_policy): function test_verifier_digest_mismatch (line 68) | def test_verifier_digest_mismatch(signing_bundle, null_policy): function test_verifier_multiple_verifications (line 82) | def test_verifier_multiple_verifications(signing_materials, null_policy): function test_verifier_bundle_artifact (line 97) | def test_verifier_bundle_artifact(signing_bundle, null_policy, filename): function test_verifier_bundle_dsse (line 109) | def test_verifier_bundle_dsse(signing_bundle, null_policy, filename): function test_verifier_bundle_offline (line 119) | def test_verifier_bundle_offline(signing_bundle, null_policy, filename): function test_verifier_email_identity (line 127) | def test_verifier_email_identity(signing_materials): function test_verifier_uri_identity (line 144) | def test_verifier_uri_identity(signing_materials): function test_verifier_policy_check (line 163) | def test_verifier_policy_check(signing_materials): function test_verifier_fail_expiry (line 180) | def test_verifier_fail_expiry(signing_materials, null_policy, monkeypatch): function test_verifier_dsse_roundtrip (line 201) | def test_verifier_dsse_roundtrip(staging): class TestVerifierWithTimestamp (line 228) | class TestVerifierWithTimestamp: method verifier (line 230) | def verifier(self, asset) -> Verifier: method test_verifier_verify_timestamp (line 237) | def test_verifier_verify_timestamp(self, verifier, asset, null_policy,... method test_verifier_no_validity_end (line 248) | def test_verifier_no_validity_end(self, verifier, asset, null_policy): method test_verifier_verify_no_inclusion_promise_and_integrated_time (line 268) | def test_verifier_verify_no_inclusion_promise_and_integrated_time( method test_verifier_without_timestamp (line 289) | def test_verifier_without_timestamp( method test_verifier_too_many_timestamp (line 300) | def test_verifier_too_many_timestamp(self, verifier, asset, null_policy): method test_verifier_duplicate_timestamp (line 310) | def test_verifier_duplicate_timestamp(self, verifier, asset, null_poli... method test_verifier_outside_validity_range (line 318) | def test_verifier_outside_validity_range( method test_verifier_rfc3161_error (line 345) | def test_verifier_rfc3161_error( method test_verifier_no_authorities (line 369) | def test_verifier_no_authorities(self, asset, null_policy): method test_late_timestamp (line 380) | def test_late_timestamp(self, caplog, verifier, asset, null_policy, mo... method test_verifier_not_enough_timestamp (line 403) | def test_verifier_not_enough_timestamp( method test_verify_signed_timestamp_regression (line 418) | def test_verify_signed_timestamp_regression(self, asset):