Module: Sigstore::Internal::SET

Defined in:
lib/sigstore/internal/set.rb

Class Method Summary collapse

Class Method Details

.verify_set(keyring:, entry:) ⇒ Object

Raises:



20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
 
# File 'lib/sigstore/internal/set.rb', line 20

def self.verify_set(keyring:, entry:)
  raise Error, "invalid log entry: no inclusion promise" unless entry.inclusion_promise

  signed_entry_timestamp = entry.inclusion_promise.signed_entry_timestamp
  log_id = Util.hex_encode(entry.log_id.key_id)

  # https://www.rfc-editor.org/rfc/rfc8785
  canonical_entry = ::JSON.dump({
                                  body: Internal::Util.base64_encode(entry.canonicalized_body),
                                  integratedTime: entry.integrated_time,
                                  logID: log_id,
                                  logIndex: entry.log_index
                                })

  keyring.verify(
    key_id: log_id,
    signature: signed_entry_timestamp,
    data: canonical_entry
  )
end