41
41
CertificateAuthority ,
42
42
TransparencyLogInstance ,
43
43
)
44
+ from sigstore_protobuf_specs .dev .sigstore .trustroot .v1 import (
45
+ ClientTrustConfig as _ClientTrustConfig ,
46
+ )
44
47
from sigstore_protobuf_specs .dev .sigstore .trustroot .v1 import (
45
48
TrustedRoot as _TrustedRoot ,
46
49
)
@@ -266,15 +269,14 @@ def staging(
266
269
"""
267
270
return cls .from_tuf (STAGING_TUF_URL , offline , purpose )
268
271
269
- @staticmethod
270
272
def _get_tlog_keys (
271
- tlogs : list [TransparencyLogInstance ], purpose : KeyringPurpose
273
+ self , tlogs : list [TransparencyLogInstance ]
272
274
) -> Iterable [_PublicKey ]:
273
275
"""
274
276
Yields an iterator of public keys for transparency log instances that
275
277
are suitable for `purpose`.
276
278
"""
277
- allow_expired = purpose is KeyringPurpose .VERIFY
279
+ allow_expired = self . purpose is KeyringPurpose .VERIFY
278
280
for tlog in tlogs :
279
281
if not _is_timerange_valid (
280
282
tlog .public_key .valid_for , allow_expired = allow_expired
@@ -298,14 +300,14 @@ def _get_ca_keys(
298
300
def rekor_keyring (self ) -> RekorKeyring :
299
301
"""Return keyring with keys for Rekor."""
300
302
301
- keys : list [_PublicKey ] = list (self ._get_tlog_keys (self .tlogs , self . purpose ))
303
+ keys : list [_PublicKey ] = list (self ._get_tlog_keys (self .tlogs ))
302
304
if len (keys ) != 1 :
303
305
raise MetadataError ("Did not find one Rekor key in trusted root" )
304
306
return RekorKeyring (Keyring (keys ))
305
307
306
308
def ct_keyring (self ) -> CTKeyring :
307
309
"""Return keyring with key for CTFE."""
308
- ctfes : list [_PublicKey ] = list (self ._get_tlog_keys (self .ctlogs , self . purpose ))
310
+ ctfes : list [_PublicKey ] = list (self ._get_tlog_keys (self .ctlogs ))
309
311
if not ctfes :
310
312
raise MetadataError ("CTFE keys not found in trusted root" )
311
313
return CTKeyring (Keyring (ctfes ))
@@ -324,3 +326,28 @@ def get_fulcio_certs(self) -> list[Certificate]:
324
326
if not certs :
325
327
raise MetadataError ("Fulcio certificates not found in trusted root" )
326
328
return certs
329
+
330
+
331
+ class ClientTrustConfig :
332
+ """
333
+ Represents a Sigstore client's trust configuration, including a root of trust.
334
+ """
335
+
336
+ @classmethod
337
+ def from_json (cls , raw : str ) -> None :
338
+ """
339
+ Deserialize the given client trust config.
340
+ """
341
+ inner = _ClientTrustConfig ().from_json (raw )
342
+ cls (inner )
343
+
344
+ def __init__ (self , inner : _ClientTrustConfig ) -> None :
345
+ """
346
+ @api private
347
+ """
348
+ self ._inner = inner
349
+ # self._
350
+
351
+ # @property
352
+ # def trusted_root(self) -> TrustedRoot:
353
+ # pass
0 commit comments