Table of Contents

Class VerificationPipeline

Namespace
Sigstore.Verification
Assembly
Sigstore.dll

Implements the Sigstore verification stages described in the client specification (bundle verification).

public sealed class VerificationPipeline
Inheritance
VerificationPipeline
Inherited Members

Constructors

VerificationPipeline(IBundleParser, ICertificateVerifier, ITransparencyLogVerifier, ISignatureVerifier, ISystemClock, ILogger<VerificationPipeline>)

Creates a pipeline instance.

public VerificationPipeline(IBundleParser bundleParser, ICertificateVerifier certificateVerifier, ITransparencyLogVerifier transparencyLogVerifier, ISignatureVerifier signatureVerifier, ISystemClock systemClock, ILogger<VerificationPipeline> logger)

Parameters

bundleParser IBundleParser
certificateVerifier ICertificateVerifier
transparencyLogVerifier ITransparencyLogVerifier
signatureVerifier ISignatureVerifier
systemClock ISystemClock
logger ILogger<VerificationPipeline>

Methods

RunAsync(string, ReadOnlyMemory<byte>, VerificationPolicy, TrustedRoot, CancellationToken)

Runs verification end-to-end.

public Task<VerificationResult> RunAsync(string bundleJson, ReadOnlyMemory<byte> artifact, VerificationPolicy policy, TrustedRoot trustedRoot, CancellationToken cancellationToken)

Parameters

bundleJson string

Bundle JSON text.

artifact ReadOnlyMemory<byte>

Artifact bytes being verified.

policy VerificationPolicy

Identity policy.

trustedRoot TrustedRoot

Trusted root material (from TUF or a file).

cancellationToken CancellationToken

Cancellation token.

Returns

Task<VerificationResult>

Structured verification result.

RunWithKeyAsync(string, ReadOnlyMemory<byte>, string, TrustedRoot, CancellationToken)

Managed-key verification: skip Fulcio chain + identity policy, verify signature directly using the provided public key.

public Task<VerificationResult> RunWithKeyAsync(string bundleJson, ReadOnlyMemory<byte> artifact, string publicKeyPem, TrustedRoot trustedRoot, CancellationToken cancellationToken)

Parameters

bundleJson string
artifact ReadOnlyMemory<byte>
publicKeyPem string
trustedRoot TrustedRoot
cancellationToken CancellationToken

Returns

Task<VerificationResult>
Edit this page