From 1434f835b3c99dc2bc836370a4a2c148b8da00a8 Mon Sep 17 00:00:00 2001 From: Jussi Kukkonen Date: Thu, 7 Sep 2023 14:00:05 +0300 Subject: [PATCH] Sigstore: Add an import method with no args This way the user has to authenticate to the identity they want to sign with later * removes possibility of typos or misunderstanding * Still allows storing the identity and issuer in the URI (this is not implemented here) --- securesystemslib/signer/_sigstore_signer.py | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/securesystemslib/signer/_sigstore_signer.py b/securesystemslib/signer/_sigstore_signer.py index 95a0b150..a1e32617 100644 --- a/securesystemslib/signer/_sigstore_signer.py +++ b/securesystemslib/signer/_sigstore_signer.py @@ -215,6 +215,25 @@ def import_( return uri, key + @classmethod + def import_via_auth(cls) -> Tuple[str, SigstoreKey]: + """Create public key and signer URI by interactive authentication + + Returns a private key URI (for Signer.from_priv_key_uri()) and a public + key. This method always uses the interactive authentication. + """ + # pylint: disable=import-outside-toplevel + try: + from sigstore.oidc import Issuer + except ImportError as e: + raise UnsupportedLibraryError(IMPORT_ERROR) from e + + # authenticate to get the identity and issuer + token = Issuer.production().identity_token() + return cls.import_( + token.identity, token.expected_certificate_subject, False + ) + def sign(self, payload: bytes) -> Signature: """Signs payload using the OIDC token on the signer instance.