Skip to content

Commit 172fc0e

Browse files
committed
_internal: hackety hack
Signed-off-by: William Woodruff <william@trailofbits.com>
1 parent 0be13aa commit 172fc0e

File tree

1 file changed

+32
-5
lines changed

1 file changed

+32
-5
lines changed

sigstore/_internal/trust.py

Lines changed: 32 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -41,6 +41,9 @@
4141
CertificateAuthority,
4242
TransparencyLogInstance,
4343
)
44+
from sigstore_protobuf_specs.dev.sigstore.trustroot.v1 import (
45+
ClientTrustConfig as _ClientTrustConfig,
46+
)
4447
from sigstore_protobuf_specs.dev.sigstore.trustroot.v1 import (
4548
TrustedRoot as _TrustedRoot,
4649
)
@@ -266,15 +269,14 @@ def staging(
266269
"""
267270
return cls.from_tuf(STAGING_TUF_URL, offline, purpose)
268271

269-
@staticmethod
270272
def _get_tlog_keys(
271-
tlogs: list[TransparencyLogInstance], purpose: KeyringPurpose
273+
self, tlogs: list[TransparencyLogInstance]
272274
) -> Iterable[_PublicKey]:
273275
"""
274276
Yields an iterator of public keys for transparency log instances that
275277
are suitable for `purpose`.
276278
"""
277-
allow_expired = purpose is KeyringPurpose.VERIFY
279+
allow_expired = self.purpose is KeyringPurpose.VERIFY
278280
for tlog in tlogs:
279281
if not _is_timerange_valid(
280282
tlog.public_key.valid_for, allow_expired=allow_expired
@@ -298,14 +300,14 @@ def _get_ca_keys(
298300
def rekor_keyring(self) -> RekorKeyring:
299301
"""Return keyring with keys for Rekor."""
300302

301-
keys: list[_PublicKey] = list(self._get_tlog_keys(self.tlogs, self.purpose))
303+
keys: list[_PublicKey] = list(self._get_tlog_keys(self.tlogs))
302304
if len(keys) != 1:
303305
raise MetadataError("Did not find one Rekor key in trusted root")
304306
return RekorKeyring(Keyring(keys))
305307

306308
def ct_keyring(self) -> CTKeyring:
307309
"""Return keyring with key for CTFE."""
308-
ctfes: list[_PublicKey] = list(self._get_tlog_keys(self.ctlogs, self.purpose))
310+
ctfes: list[_PublicKey] = list(self._get_tlog_keys(self.ctlogs))
309311
if not ctfes:
310312
raise MetadataError("CTFE keys not found in trusted root")
311313
return CTKeyring(Keyring(ctfes))
@@ -324,3 +326,28 @@ def get_fulcio_certs(self) -> list[Certificate]:
324326
if not certs:
325327
raise MetadataError("Fulcio certificates not found in trusted root")
326328
return certs
329+
330+
331+
class ClientTrustConfig:
332+
"""
333+
Represents a Sigstore client's trust configuration, including a root of trust.
334+
"""
335+
336+
@classmethod
337+
def from_json(cls, raw: str) -> None:
338+
"""
339+
Deserialize the given client trust config.
340+
"""
341+
inner = _ClientTrustConfig().from_json(raw)
342+
cls(inner)
343+
344+
def __init__(self, inner: _ClientTrustConfig) -> None:
345+
"""
346+
@api private
347+
"""
348+
self._inner = inner
349+
# self._
350+
351+
# @property
352+
# def trusted_root(self) -> TrustedRoot:
353+
# pass

0 commit comments

Comments
 (0)