Class TrustPolicy
Namespace: Cephalon.Engine.Configuration
Assembly: Cephalon.Engine.dll
Defines package-trust and capability-governance rules for a Cephalon runtime.
public sealed class TrustPolicyInheritance
Section titled “Inheritance”Inherited Members
Section titled “Inherited Members”object.Equals(object?), object.Equals(object?, object?), object.GetHashCode(), object.GetType(), object.ReferenceEquals(object?, object?), object.ToString()
Remarks
Section titled “Remarks”
Package-loading decisions use this policy together with package metadata from
cephalon.package.json, cryptographic signature verification results, and the active
package policy. Capability access decisions then flow into runtime introspection and optional
HTTP request-time enforcement through the ASP.NET Core host adapters.
Constructors
Section titled “Constructors”TrustPolicy(bool, CapabilityAccess, IReadOnlyList<string>?, IReadOnlyList<string>?, IReadOnlyList<string>?, IReadOnlyList<string>?, IReadOnlyDictionary<string, string>?, IReadOnlyDictionary<string, string>?, IReadOnlyList<string>?, IReadOnlyDictionary<string, CapabilityAccess>?, IReadOnlyDictionary<string, IReadOnlyList<string>>?)
Section titled “ TrustPolicy(bool, CapabilityAccess, IReadOnlyList<string>?, IReadOnlyList<string>?, IReadOnlyList<string>?, IReadOnlyList<string>?, IReadOnlyDictionary<string, string>?, IReadOnlyDictionary<string, string>?, IReadOnlyList<string>?, IReadOnlyDictionary<string, CapabilityAccess>?, IReadOnlyDictionary<string, IReadOnlyList<string>>?)”Creates a trust policy.
public TrustPolicy(bool requireTrustedPackages = false, CapabilityAccess defaultCapabilityAccess = CapabilityAccess.Allowed, IReadOnlyList<string>? trustedPackages = null, IReadOnlyList<string>? trustedAssemblies = null, IReadOnlyList<string>? trustedPublishers = null, IReadOnlyList<string>? trustedSignerFingerprints = null, IReadOnlyDictionary<string, string>? trustedSignaturePublicKeys = null, IReadOnlyDictionary<string, string>? trustedSignatureCertificates = null, IReadOnlyList<string>? trustedSignatureCertificateAuthorities = null, IReadOnlyDictionary<string, CapabilityAccess>? capabilities = null, IReadOnlyDictionary<string, IReadOnlyList<string>>? allowedPackageChecksums = null)Parameters
Section titled “Parameters”requireTrustedPackages bool
true to require independently loaded packages to match at least one trust rule; otherwise package loads may proceed without an explicit trust match.
defaultCapabilityAccess CapabilityAccess
The default access applied when a capability key does not appear in capabilities.
trustedPackages IReadOnlyList<string>?
Package identifiers that should be treated as trusted when package-level allow-listing is in use.
trustedAssemblies IReadOnlyList<string>?
Assembly names that should be treated as trusted when assembly-level allow-listing is in use.
trustedPublishers IReadOnlyList<string>?
Stable publisher identifiers that should be treated as trusted for independently shipped packages.
trustedSignerFingerprints IReadOnlyList<string>?
Signer fingerprints that should be treated as trusted for detached-signature provenance checks.
trustedSignaturePublicKeys IReadOnlyDictionary<string, string>?
Public keys keyed by signing identity or signer fingerprint, used for cryptographic signature verification.
trustedSignatureCertificates IReadOnlyDictionary<string, string>?
Signing certificates keyed by signing identity or signer fingerprint, used for certificate-backed cryptographic signature verification.
trustedSignatureCertificateAuthorities IReadOnlyList<string>?
Root or intermediate certificate authorities used to validate configured signing certificates when certificate-chain verification is enabled.
capabilities IReadOnlyDictionary<string, CapabilityAccess>?
Explicit per-capability access overrides keyed by capability key.
allowedPackageChecksums IReadOnlyDictionary<string, IReadOnlyList<string>>?
Explicit package checksum allow-lists keyed by package identifier.
Properties
Section titled “Properties”AllowedPackageChecksums
Section titled “ AllowedPackageChecksums”Gets the package checksum allow-lists keyed by package identifier.
public IReadOnlyDictionary<string, IReadOnlyList<string>> AllowedPackageChecksums { get; }Property Value
Section titled “Property Value”IReadOnlyDictionary<string, IReadOnlyList<string>>
Capabilities
Section titled “ Capabilities”Gets the explicit per-capability access rules.
public IReadOnlyDictionary<string, CapabilityAccess> Capabilities { get; }Property Value
Section titled “Property Value”IReadOnlyDictionary<string, CapabilityAccess>
Default
Section titled “ Default”Gets the default trust policy.
public static TrustPolicy Default { get; }Property Value
Section titled “Property Value”DefaultCapabilityAccess
Section titled “ DefaultCapabilityAccess”Gets the default access applied to capability keys without an explicit override.
public CapabilityAccess DefaultCapabilityAccess { get; }Property Value
Section titled “Property Value”CapabilityAccess
HasValues
Section titled “ HasValues”Gets a value indicating whether the policy differs from the default baseline.
public bool HasValues { get; }Property Value
Section titled “Property Value”RequireTrustedPackages
Section titled “ RequireTrustedPackages”Gets a value indicating whether explicitly discovered packages must satisfy a trust rule.
public bool RequireTrustedPackages { get; }Property Value
Section titled “Property Value”TrustedAssemblies
Section titled “ TrustedAssemblies”Gets the trusted assembly-name allow-list.
public IReadOnlyList<string> TrustedAssemblies { get; }Property Value
Section titled “Property Value”TrustedPackages
Section titled “ TrustedPackages”Gets the trusted package identifier allow-list.
public IReadOnlyList<string> TrustedPackages { get; }Property Value
Section titled “Property Value”TrustedPublishers
Section titled “ TrustedPublishers”Gets the trusted publisher identifier allow-list.
public IReadOnlyList<string> TrustedPublishers { get; }Property Value
Section titled “Property Value”TrustedSignatureCertificateAuthorities
Section titled “ TrustedSignatureCertificateAuthorities”Gets the configured certificate authorities used to validate trusted signing certificate chains.
public IReadOnlyList<string> TrustedSignatureCertificateAuthorities { get; }Property Value
Section titled “Property Value”TrustedSignatureCertificates
Section titled “ TrustedSignatureCertificates”Gets the configured trusted signing certificates used for certificate-backed detached-signature verification.
public IReadOnlyDictionary<string, string> TrustedSignatureCertificates { get; }Property Value
Section titled “Property Value”IReadOnlyDictionary<string, string>
TrustedSignaturePublicKeys
Section titled “ TrustedSignaturePublicKeys”Gets the configured trusted public keys used for detached-signature verification.
public IReadOnlyDictionary<string, string> TrustedSignaturePublicKeys { get; }Property Value
Section titled “Property Value”IReadOnlyDictionary<string, string>
TrustedSignerFingerprints
Section titled “ TrustedSignerFingerprints”Gets the trusted signer fingerprint allow-list.
public IReadOnlyList<string> TrustedSignerFingerprints { get; }Property Value
Section titled “Property Value”Methods
Section titled “Methods”FromConfiguration(IConfiguration, string)
Section titled “ FromConfiguration(IConfiguration, string)”Reads a trust policy from configuration.
public static TrustPolicy FromConfiguration(IConfiguration configuration, string sectionPath = "Engine")Parameters
Section titled “Parameters”configuration IConfiguration
The root configuration that contains the engine section.
sectionPath string
The configuration path that should be interpreted as the engine settings section.
The default value is
Returns
Section titled “Returns”The configured trust policy, or
Merge(TrustPolicy?)
Section titled “ Merge(TrustPolicy?)”Merges another trust policy into the current policy.
public TrustPolicy Merge(TrustPolicy? other)Parameters
Section titled “Parameters”other TrustPolicy?
The policy to merge on top of the current instance.
Returns
Section titled “Returns”A merged trust policy where allow-lists are unioned, keyed rules are overwritten by
other, and stricter package-trust requirements remain enabled.
ResolveCapabilityAccess(string)
Section titled “ ResolveCapabilityAccess(string)”Resolves the effective access for a capability key.
public CapabilityAccess ResolveCapabilityAccess(string capabilityKey)Parameters
Section titled “Parameters”capabilityKey string
The capability key to evaluate.
Returns
Section titled “Returns”CapabilityAccess
The explicit access configured for capabilityKey, or