FetchSigningConfig fetches the public-good Sigstore signing configuration from TUF.

FetchSigningConfig fetches the public-good Sigstore signing configuration with the given options from TUF.

FetchTrustedRoot fetches the Sigstore trusted root from TUF and returns it.

FetchTrustedRootWithOptions fetches the trusted root from TUF with the given options and returns it.

FetchSigningConfig fetches the public-good Sigstore signing configuration target from TUF.

GetTrustedRoot returns the trusted root.

NewExpiringKey returns a new ExpiringKey with the given validity period.

NewLiveTrustedRoot returns a LiveTrustedRoot that will periodically refresh the trusted root from TUF.

NewSigningConfig initializes a SigningConfig object from a mediaType string, Fulcio certificate authority URL, OIDC provider URL, list of Rekor transpraency log URLs, and a list of timestamp authorities.

NewSigningConfigFromJSON returns a Sigstore signing configuration from JSON.

NewSigningConfigFromPath returns a Sigstore signing configuration from a file.

NewSigningConfigFromProtobuf returns a Sigstore signing configuration.

NewSigningConfigProtobuf returns a Sigstore signing configuration as a protobuf.

NewTrustedPublicKeyMaterialFromMapping returns a TrustedPublicKeyMaterial from a map of key IDs to ExpiringKeys.

NewTrustedRoot initializes a TrustedRoot object from a mediaType string, list of Fulcio certificate authorities, list of timestamp authorities and maps of ctlogs and rekor transparency log instances.

NewTrustedRootFromJSON returns the Sigstore trusted root.

NewTrustedRootProtobuf returns the Sigstore trusted root as a protobuf.

ExpiringKey is a TimeConstrainedVerifier with a static validity period.

LiveTrustedRoot is a wrapper around TrustedRoot that periodically refreshes the trusted root from TUF.