Open
Description
import json
import requests
from sigstore.models import Bundle
from sigstore.verify import Verifier
class DummyPolicy:
def verify(self, cert) -> None:
pass
url = "https://registry.npmjs.org/-/npm/v1/attestations/sigstore@3.1.0"
data = requests.get(url).json()
attestation = [a for a in data["attestations"] if a["predicateType"] == "https://slsa.dev/provenance/v1"][0]
bundle = Bundle.from_json(json.dumps(attestation["bundle"]))
verifier = Verifier.production()
policy = DummyPolicy()
type_, payload = verifier.verify_dsse(bundle, policy)
# Output:
# pydantic_core._pydantic_core.ValidationError: 5 validation errors for Dsse
# kind
# Input should be 'dsse' [type=literal_error, input_value='intoto', input_type=str]
# For further information visit https://errors.pydantic.dev/2.11/v/literal_error
# spec.DsseV001Schema1.proposedContent
# Field required [type=missing, input_value={'content': {'envelope': ...d8d17c23fdca569f6efa'}}}, input_type=dict]
# For further information visit https://errors.pydantic.dev/2.11/v/missing
# spec.DsseV001Schema2.signatures
# Field required [type=missing, input_value={'content': {'envelope': ...d8d17c23fdca569f6efa'}}}, input_type=dict]
# For further information visit https://errors.pydantic.dev/2.11/v/missing
# spec.DsseV001Schema2.envelopeHash
# Field required [type=missing, input_value={'content': {'envelope': ...d8d17c23fdca569f6efa'}}}, input_type=dict]
# For further information visit https://errors.pydantic.dev/2.11/v/missing
# spec.DsseV001Schema2.payloadHash
# Field required [type=missing, input_value={'content': {'envelope': ...d8d17c23fdca569f6efa'}}}, input_type=dict]
# For further information visit https://errors.pydantic.dev/2.11/v/missingsigstore==3.6.2
sigstore-protobuf-specs==0.3.2
sigstore-rekor-types==0.0.18