Bases: CipherSuiteBase
Sigstore / Cosign policy bundle.
Source code in swarmauri_cipher_suite_sigstore/SigstoreCipherSuite.py
| def suite_id(self) -> str:
return "sigstore"
|
Source code in swarmauri_cipher_suite_sigstore/SigstoreCipherSuite.py
| def supports(self) -> Mapping[CipherOp, Iterable[Alg]]:
return {"sign": _SIG_ALGS, "verify": _SIG_ALGS}
|
default_alg(op, *, for_key=None)
Source code in swarmauri_cipher_suite_sigstore/SigstoreCipherSuite.py
| def default_alg(self, op: CipherOp, *, for_key: Optional[KeyRef] = None) -> Alg:
return "ES256"
|
Source code in swarmauri_cipher_suite_sigstore/SigstoreCipherSuite.py
32
33
34
35
36
37
38
39
40
41 | def features(self) -> Features:
return {
"suite": "sigstore",
"version": 1,
"dialects": {"jwa": list(_SIG_ALGS), "sigstore": ["rekor", "tsa:rfc3161"]},
"ops": {"sign": {"default": "ES256", "allowed": list(_SIG_ALGS)}},
"constraints": {"tsa": {"required": False}},
"compliance": {"fips": False},
"notes": ["Cosign-style transparency log + optional TSA"],
}
|
normalize(
*, op, alg=None, key=None, params=None, dialect=None
)
Source code in swarmauri_cipher_suite_sigstore/SigstoreCipherSuite.py
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66 | def normalize(
self,
*,
op: CipherOp,
alg: Optional[Alg] = None,
key: Optional[KeyRef] = None,
params: Optional[ParamMapping] = None,
dialect: Optional[str] = None,
) -> NormalizedDescriptor:
allowed = set(self.supports().get(op, ()))
chosen = alg or self.default_alg(op)
if chosen not in allowed:
raise ValueError(f"{chosen=} not supported in Sigstore suite")
mapped = {"jwa": chosen, "sigstore": chosen, "provider": chosen}
return {
"op": op,
"alg": chosen,
"dialect": "jwa" if dialect is None else dialect,
"mapped": mapped,
"params": dict(params or {}),
"constraints": {},
"policy": self.policy(),
}
|