Sigstore: Add an import method with no args

This way the user has to authenticate to the identity they want to sign with later * removes possibility of typos or misunderstanding * Still allows storing the identity and issuer in the URI (this is not implemented here)
secure-systems-lab · Oct 2, 2023 · 1434f83 · 1434f83
1 parent 95c3c79
commit 1434f83
Showing 1 changed file with 19 additions and 0 deletions.
diff --git a/securesystemslib/signer/_sigstore_signer.py b/securesystemslib/signer/_sigstore_signer.py
@@ -215,6 +215,25 @@ def import_(
 
         return uri, key
 
+    @classmethod
+    def import_via_auth(cls) -> Tuple[str, SigstoreKey]:
+        """Create public key and signer URI by interactive authentication
+
+        Returns a private key URI (for Signer.from_priv_key_uri()) and a public
+        key. This method always uses the interactive authentication.
+        """
+        # pylint: disable=import-outside-toplevel
+        try:
+            from sigstore.oidc import Issuer
+        except ImportError as e:
+            raise UnsupportedLibraryError(IMPORT_ERROR) from e
+
+        # authenticate to get the identity and issuer
+        token = Issuer.production().identity_token()
+        return cls.import_(
+            token.identity, token.expected_certificate_subject, False
+        )
+
     def sign(self, payload: bytes) -> Signature:
         """Signs payload using the OIDC token on the signer instance.