NewSANMatcher provides an easier way to create a SubjectAlternativeNameMatcher.

NewShortCertificateIdentity provides a more convenient way of initializing a CertificiateIdentity with a SAN and the Issuer OID extension.

NewSignedEntityVerifier creates a new SignedEntityVerifier.

VerifyArtifactTransparencyLog verifies that the given entity has been logged in the transparency log and that the log entry is valid.

VerifySignedCertificateTimestamp, given a threshold, TrustedMaterial, and a leaf certificate, will extract SCTs from the leaf certificate and verify the timestamps using the TrustedMaterial's FulcioCertificateAuthorities() and CTLogs().

VerifyTimestampAuthority verifies that the given entity has been timestamped by a trusted timestamp authority and that the timestamp is valid.

VerifyTimestampAuthority verifies that the given entity has been timestamped by a trusted timestamp authority and that the timestamp is valid.

WithArtifact allows the caller of Verify to enforce that the SignedEntity being verified was created from, or references, a given artifact.

WithArtifactDigest allows the caller of Verify to enforce that the SignedEntity being verified was created for a given artifact digest.

WithCertificateIdentity allows the caller of Verify to enforce that the SignedEntity being verified was signed by the given identity, as defined by the Fulcio certificate embedded in the entity.

WithCurrentTime configures the SignedEntityVerifier to not expect any timestamps from either a Timestamp Authority or a Transparency Log.

WithIntegratedTimestamps configures the SignedEntityVerifier to expect log entry integrated timestamps from either SignedEntryTimestamps or live log lookups.

WithKey allows the caller of Verify to require the SignedEntity being verified was signed with a key and not a certificate.

WithObserverTimestamps configures the SignedEntityVerifier to expect timestamps from either an RFC3161 timestamp authority or a log's SignedEntryTimestamp.

WithoutArtifactUnsafe allows the caller of Verify to skip checking whether the SignedEntity was created from, or references, an artifact.

WithoutIdentitiesUnsafe allows the caller of Verify to skip enforcing any checks on the identity that created the SignedEntity being verified.

WithSignedCertificateTimestamps configures the SignedEntityVerifier to expect the Fulcio certificate to have a SignedCertificateTimestamp, and verify it using the TrustedMaterial's CTLogAuthorities().

WithSignedTimestamps configures the SignedEntityVerifier to expect RFC 3161 timestamps from a Timestamp Authority, verify them using the TrustedMaterial's TimestampingAuthorities(), and, if it exists, use the resulting timestamp(s) to verify the Fulcio certificate.

WithTransparencyLog configures the SignedEntityVerifier to expect Transparency Log inclusion proofs or SignedEntryTimestamps, verifying them using the TrustedMaterial's RekorLogs().

BaseSignedEntity is a helper struct that implements all the interfaces of SignedEntity.

PolicyBuilder is responsible for building & validating a PolicyConfig.