rfgen.attestation¶
rfgen.attestation is the closed, fail-closed boundary between rfgen’s
in-toto statement contract and Sigstore DSSE signing or verification. It
validates statement shape, canonical RFC 8785 JSON bytes, the exact subject
and predicate policy, and the signer identity; it delegates cryptography and
trust-root verification to the pinned sigstore==4.4.0 package.
This is a sealed service, not a plugin interface. Callers provide a configured Sigstore signer or verifier and a typed policy; they do not subclass or replace the adapter. It does not publish attestations, make a domain-policy decision, or authorize a release.
Pinning seam¶
SIGSTORE_VERSION¶
SIGSTORE_VERSION: Literal["4.4.0"] = "4.4.0" records the exact Sigstore API
version used by the boundary. The adapter relies on this version’s public
Signer.sign_dsse, Verifier.verify_dsse, and Identity APIs.
SIGSTORE_WHEEL_SHA256¶
SIGSTORE_WHEEL_SHA256 is the SHA-256 of the verified
sigstore-4.4.0-py3-none-any.whl artifact:
80c36d08b02479e2a282d0bea93de68fe0d43a93b0d58e4d9ac6bb9f8425957c.
Changing the pin requires revalidating this package seam and its real DSSE
verification evidence.
SigstoreDSSEAdapter also reads Sigstore’s retained Statement._contents
bytes. Sigstore 4.4.0 supplies no public accessor for the exact bytes passed to
Signer.sign_dsse; this narrowly scoped private seam fails closed when the
pinned implementation no longer provides bytes.
Policy and result models¶
AttestationPredicate¶
The closed StrEnum of accepted predicate URIs:
RUN_MANIFEST_V1, PRICING_V1, BENCHMARK_BASELINE_V1,
BUDGET_APPROVAL_V1, and RELEASE_MANIFEST_V1. A statement whose
predicateType is not exactly the requested enum value is rejected.
AttestationPolicyV1¶
class AttestationPolicyV1(BaseModel):
identity: str
issuer: str
predicate: AttestationPredicate
subject_name: str
subject_sha256: Sha256
An immutable, strict policy for one verification or signing request. It binds
the Sigstore certificate identity and issuer, a predicate type, and exactly one
subject name plus lowercase SHA-256 digest. The adapter constructs Sigstore’s
identity policy directly from identity and issuer before it accepts a
verified statement.
VerifiedStatementV1¶
class VerifiedStatementV1(BaseModel, Generic[PredicateT]):
payload_type: Literal["application/vnd.in-toto+json"]
statement_type: Literal["https://in-toto.io/Statement/v1"]
predicate_type: AttestationPredicate
subject_name: str
subject_sha256: Sha256
predicate: PredicateT
bundle_sha256: Sha256
The immutable result of successful verification. Its predicate is the
caller-supplied strict, frozen Pydantic predicate model and bundle_sha256 is
the SHA-256 of the Sigstore bundle JSON bytes.
Failure contract¶
AttestationValidationCode¶
The machine-readable rejection enum. PAYLOAD_TYPE, UTF8, JSON,
STATEMENT_TYPE, SUBJECT, PREDICATE_TYPE, PREDICATE_SCHEMA, and
NONCANONICAL identify statement-boundary failures. IDENTITY identifies a
Sigstore identity, issuer, or SAN policy failure; SIGNATURE identifies the
remaining Sigstore verification failures.
AttestationValidationError¶
class AttestationValidationError(_RfgenAttestationValidationError):
code: AttestationValidationCode
Raised for every closed attestation-boundary rejection. code is stable for
programmatic handling; callers must treat any such error as a failed
attestation rather than attempting a permissive fallback. The private base
alias above is rfgen.errors.AttestationValidationError in the implementation.
Sealed adapter¶
SigstoreDSSEAdapter¶
class SigstoreDSSEAdapter:
def __init__(self, *, signer: Signer, verifier: Verifier) -> None
def sign(
self,
statement: dsse.Statement,
*,
expected: AttestationPolicyV1,
predicate_model: type[PredicateT],
) -> Bundle
def verify(
self,
bundle: Bundle,
*,
policy: AttestationPolicyV1,
predicate_model: type[PredicateT],
) -> VerifiedStatementV1[PredicateT]
sign() first parses and checks the requested policy and predicate model,
requires the statement bytes to be RFC 8785 canonical JSON, then delegates
once to Signer.sign_dsse. verify() first delegates bundle verification with
the exact Sigstore Identity(identity=..., issuer=...) policy. It then requires
the in-toto payload type, UTF-8 JSON, Statement v1 type, one exact subject,
the requested predicate URI, a strict frozen predicate model, and byte-for-byte
canonical JSON before returning VerifiedStatementV1.
Type aliases¶
Sha256¶
Sha256 is an annotated string constrained to exactly 64 lowercase hexadecimal
characters. It is used for subject and bundle digests.
PredicateT¶
PredicateT is the Pydantic-model type parameter used by
SigstoreDSSEAdapter and
VerifiedStatementV1.
The supplied model must forbid unknown fields and be frozen; otherwise the
adapter raises AttestationValidationError with
PREDICATE_SCHEMA.
See Also¶
Execution Evidence:
DSSE_ROUNDTRIPis the trust-root gate that records this boundary’s engineering evidence.Build and CI: exact dependency pin and local validation policy.