564df71bfb
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
AOC Guard CI / aoc-guard (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Export Center CI / export-ci (push) Has been cancelled
Notify Smoke Test / Notify Unit Tests (push) Has been cancelled
Notify Smoke Test / Notifier Service Tests (push) Has been cancelled
Notify Smoke Test / Notification Smoke Test (push) Has been cancelled
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Scanner Analyzers / Discover Analyzers (push) Has been cancelled
Scanner Analyzers / Build Analyzers (push) Has been cancelled
Scanner Analyzers / Test Language Analyzers (push) Has been cancelled
Scanner Analyzers / Validate Test Fixtures (push) Has been cancelled
Scanner Analyzers / Verify Deterministic Output (push) Has been cancelled
Signals CI & Image / signals-ci (push) Has been cancelled
Signals Reachability Scoring & Events / reachability-smoke (push) Has been cancelled
Signals Reachability Scoring & Events / sign-and-upload (push) Has been cancelled
50 lines
1.7 KiB
C#
50 lines
1.7 KiB
C#
using System;
|
|
using System.Net.Http;
|
|
using System.Net.Http.Json;
|
|
using System.Threading;
|
|
using System.Threading.Tasks;
|
|
using StellaOps.Scanner.Sbomer.BuildXPlugin.Descriptor;
|
|
|
|
namespace StellaOps.Scanner.Sbomer.BuildXPlugin.Attestation;
|
|
|
|
/// <summary>
|
|
/// Sends provenance placeholders to the Attestor service for asynchronous DSSE signing.
|
|
/// </summary>
|
|
public sealed class AttestorClient
|
|
{
|
|
private readonly HttpClient httpClient;
|
|
|
|
public AttestorClient(HttpClient httpClient)
|
|
{
|
|
this.httpClient = httpClient ?? throw new ArgumentNullException(nameof(httpClient));
|
|
}
|
|
|
|
public async Task SendPlaceholderAsync(Uri attestorUri, DescriptorDocument document, CancellationToken cancellationToken)
|
|
{
|
|
if (attestorUri is null)
|
|
{
|
|
throw new ArgumentNullException(nameof(attestorUri));
|
|
}
|
|
|
|
if (document is null)
|
|
{
|
|
throw new ArgumentNullException(nameof(document));
|
|
}
|
|
|
|
var payload = new AttestorProvenanceRequest(
|
|
ImageDigest: document.Subject.Digest,
|
|
SbomDigest: document.Artifact.Digest,
|
|
ExpectedDsseSha256: document.Provenance.ExpectedDsseSha256,
|
|
Nonce: document.Provenance.Nonce,
|
|
PredicateType: document.Provenance.PredicateType,
|
|
Schema: document.Schema);
|
|
|
|
using var response = await httpClient.PostAsJsonAsync(attestorUri, payload, cancellationToken).ConfigureAwait(false);
|
|
if (!response.IsSuccessStatusCode)
|
|
{
|
|
var body = await response.Content.ReadAsStringAsync(cancellationToken).ConfigureAwait(false);
|
|
throw new BuildxPluginException($"Attestor rejected provenance placeholder ({(int)response.StatusCode}): {body}");
|
|
}
|
|
}
|
|
}
|