= SrSSKrSSKrSSKrSSKrSSKrSSKJrJrJ r SSK J r SSK J r SSK Jr SSK Jr SSK Jr SS K Jr SS KJr SS KJr SS KJr SS KJr SSKrS rSrSrSrSrSr SSjr!"SS\RD5r#g)zLTool and utils for creating Sigstore attestations stored as a Docker images.N)ListOptionalText) docker_creds) docker_name) docker_digest) docker_http) docker_image)docker_session)metadata)util)Errorz%application/vnd.dsse.envelope.v1+jsonzChttps://binaryauthorization.googleapis.com/policy_verification/v0.1cNURU5(aU[U5S$U$N) startswithlen)textprefixs Clib/googlecloudsdk/command_lib/container/binauthz/sigstore_image.py _RemovePrefixr+s' __V F  +c,USS[U5*S--$)Nz===)rencodeds rAddMissingBase64Paddingr1s 5,CL=1,- --rc[R"U5$![Ra" [R"[ U55s$f=fr)base64 b64decodebinasciirurlsafe_b64decoderrs rStandardOrUrlsafeBase64Decoder"5sEF   G $$ F  # #$;G$D EEFs3A Ac[R"[U55n[R"[US55nSRUSSSUSSSS5$)auExtract the image url from a DSSE of predicate type https://binaryauthorization.googleapis.com/policy_verification/*. This is a helper function for mapping attestations back to their respective images. Do not use this for signature verification. Args: attestation: The attestation in base64 encoded string form. Returns: The image url referenced in the attestation. payloadz {}@sha256:{}subjectrnamedigestsha256)jsonloadsr"format) attestation deser_att deser_payloads rAttestationToImageUrlr/=sqjj6{CD)**#Ii$89-   Iq!&)Iq!(+H5 rc [R"5n[R"[R "USS95n[R "SRURUR[URS555nSnU(aW[RnU(aURU5 UR[R "UR55nUb[#U[R$5(a[&R("5n[*R,"UUU[.R0S9n U R35(a=[5U/U 5n [6R8"XgU5R;U 5 SSS5 gSSS5 [5U/5n [6R8"XgU5R;U 5 g!,(df  NA=f)afUploads a DSSE attestation to the registry. Args: image_url: The image url of the target image. attestation: The attestation referencing the target image in JSON DSSE form. use_docker_creds: Whether to use the Docker configuration file for authenticating to the registry. docker_config_dir: Directory where Docker saves authentication settings. )schemez{}/{}:sha256-{}.attsha256:N)accepted_mimes)httplib2HttprDigest binauthz_utilReplaceImageUrlSchemeTagr+registry repositoryrr'rDefaultKeychainsetCustomConfigDirResolveRegistry isinstance Anonymousr CredentialProviderr FromRegistryr SUPPORTED_MANIFEST_MIMESexistsSigstoreAttestationImager Pushupload) image_urlr,use_docker_credsdocker_config_dirhttp_obj target_imageattestation_tagcredskeychain v2_2_image new_images rUploadAttestationToRegistryrTUs]]_(##)))B?, OO""     ! !  ++Y 7/ %++H!!"34   [11,2G2GH IE ]j (>(>??  # # %E     99  *K=*Ei/(;BB9M   ' }5)oh7>>yIs A G G'c\rSrSrSrSS\\S\\R4Sjjr S\SS4S jr S\ 4S jr S\ 4S jrS \ S\4S jrSrSrSrg)rGzCreates a new image or appends a layers on top of an existing image. Adheres to the Sigstore Attestation spec: https://github.com/sigstore/cosign/blob/main/specs/ATTESTATION_SPEC.md. Nadditional_blobsbasec[R"SU55UlUbmX l[R "URR 55Ul[R "URR55Ul gSUl[RSS[RSS./S.Ul[5Ul g)zCreates a new Sigstore style image or extends a base image. Args: additional_blobs: additional attestations to be appended to the image. base: optional base DockerImage. c3R# UHn[R"U5U4v M g7fr)rSHA256).0blobs r 4SigstoreAttestationImage.__init__..s$57Gt  d #T*7Gs%'Nr1r)r' mediaTypesize)ra schemaVersionconfiglayers) collections OrderedDict_additional_blobs_baser)r*manifest_base_manifest config_file_base_config_filer OCI_MANIFEST_MIMECONFIG_JSON_MIMEdict)selfrWrXs r__init__!SigstoreAttestationImage.__init__s)4457G5D j JJtzz':':'<=d#zz$***@*@*BCddj"44&77  d $vdrr]returncHXR[R"U5'gr)rhrr[)rqr]s r add_layer"SigstoreAttestationImage.add_layers9==//56rcfURn[R"5nUR[R S9nUR R5Vs/sHn[US5PM nnURUS9n[R"UUSSS9n[R"USS9$s snf) Override.) created_byr3)rer1)options architectureoperating_systemT sort_keys) rmr OverridesOverrider USER_AGENTrhkeysrr)dumps)rqrl overridesblob_sumres rrl$SigstoreAttestationImage.config_files((K""$I""k.D.D"EI..3355H h *5  ""#I ## K ::kT 22#sB.c [R"UR5nURR 5H2up#USR U[ [U5S[S.S.5 M4 UR5nURS5n[R"U5USS'[U5USS'[R"US S 9$) ryrer1)z"dev.cosignproject.cosign/signature predicateType)r'rarb annotationsutf8rdr'rbTr~)copydeepcopyrkrhitemsappendDSSE_PAYLOAD_TYPErBINAUTHZ_CUSTOM_PREDICATErlencoderr[r)r)rqrjrr]rlutf8_encoded_configs rrj!SigstoreAttestationImage.manifests}}T001H00668x(d)468 ! 9""$K%,,V4#0#7#78K#LHXx !$%8!9HXv ::h$ //rr'cXR;aURU$UR(aURRU5$[SR U55e)z$Override. Returns uncompressed blob.zDigest not found: {})rhrir]rr+)rqr's rr]SigstoreAttestationImage.blobsP '''  # #F ++ zz ZZ__V $$ &--f5 66rcU$)ry)rqs r __enter__"SigstoreAttestationImage.__enter__s Krcg)ryNr)rq unused_type unused_valueunused_tracebacks r__exit__!SigstoreAttestationImage.__exit__s r)rhrirmrkr)__name__ __module__ __qualname____firstlineno____doc__rbytesrr DockerImagerrrvrrlrjr]rr__static_attributes__rrrrGrGs{26&U & \-- .&@>E>d>343200(77%7 rrG)NN)$rrr rfrr)typingrrrcontainerregistry.clientrrcontainerregistry.client.v2_2rr r r containerregistry.transform.v2_2r 'googlecloudsdk.api_lib.container.imagesr -googlecloudsdk.command_lib.container.binauthzr8googlecloudsdk.core.exceptionsrr5rrrrr"r/rTrrGrrrrsS  ''10756858O0<I  .F2FJ6Jrf |77f r