thephpf/attestation
最新稳定版本:0.0.5
Composer 安装命令:
composer require thephpf/attestation
包简介
A PHP library to aid in verifying artifact attestations
README 文档
README
A PHP library to aid in verifying artifact attestations. This tool will carry out some basic verifications that the given file is genuine. The checks it carries out are:
- Verifies the attestation certificate was signed by a trusted root
- Verifies the given OID extensions match what you expect
- Checks the digest in the attestation record matches the actual file given
- Verifies the DSSE envelope signature
Example usage
<?php use ThePhpFoundation\Attestation\FulcioSigstoreOidExtensions; use ThePhpFoundation\Attestation\FilenameWithChecksum; use ThePhpFoundation\Attestation\Verification\Exception\FailedToVerifyArtifact; use ThePhpFoundation\Attestation\Verification\VerifyAttestationWithOpenSsl; try { VerifyAttestationWithOpenSsl::factory() ->verify( FilenameWithChecksum::fromFilename($fileYouWantToVerify), 'your-org', // the org/user in your GH URL, e.g. https://github.com/your-org 'the-filename', // the filename of the subject when it was built [ FulcioSigstoreOidExtensions::ISSUER_V2 => 'https://token.actions.githubusercontent.com', FulcioSigstoreOidExtensions::SOURCE_REPOSITORY_URI => 'https://github.com/your-org/your-repo', FulcioSigstoreOidExtensions::SOURCE_REPOSITORY_OWNER_URI => 'https://github.com/your-org', ], ); } catch (FailedToVerifyArtifact $issue) { // Handle verification failure in the way you see fit... }
统计信息
- 总下载量: 7.89k
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 4
- 点击次数: 1
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: BSD-3-Clause
- 更新时间: 2026-01-04