diff --git a/sigstore-java/src/main/java/dev/sigstore/bundle/Bundle.java b/sigstore-java/src/main/java/dev/sigstore/bundle/Bundle.java index de9a7e04..7c63f767 100644 --- a/sigstore-java/src/main/java/dev/sigstore/bundle/Bundle.java +++ b/sigstore-java/src/main/java/dev/sigstore/bundle/Bundle.java @@ -138,7 +138,7 @@ public interface MessageDigest { public interface DsseEnvelope { /** An arbitrary payload that does not need to be parsed to be validated */ - String getPayload(); + byte[] getPayload(); /** Information on how to interpret the payload */ String getPayloadType(); @@ -158,12 +158,18 @@ default byte[] getPAE() { + " " + getPayloadType() + " " - + getPayload().length() + + getPayloadAsString().length() + " " - + getPayload()) + + getPayloadAsString()) .getBytes(StandardCharsets.UTF_8); } + @Lazy + @Gson.Ignore + default String getPayloadAsString() { + return new String(getPayload(), StandardCharsets.UTF_8); + } + @Lazy @Gson.Ignore default byte[] getSignature() { diff --git a/sigstore-java/src/main/java/dev/sigstore/bundle/BundleReader.java b/sigstore-java/src/main/java/dev/sigstore/bundle/BundleReader.java index 4f71f864..73ef6f6a 100644 --- a/sigstore-java/src/main/java/dev/sigstore/bundle/BundleReader.java +++ b/sigstore-java/src/main/java/dev/sigstore/bundle/BundleReader.java @@ -103,7 +103,7 @@ static Bundle readBundle(Reader jsonReader) throws BundleParseException { var dsseEnvelopeProto = protoBundle.getDsseEnvelope(); var dsseEnvelopeBuilder = ImmutableDsseEnvelope.builder() - .payload(dsseEnvelopeProto.getPayload().toStringUtf8()) + .payload(dsseEnvelopeProto.getPayload().toByteArray()) .payloadType(dsseEnvelopeProto.getPayloadType()); for (int sigIndex = 0; sigIndex < dsseEnvelopeProto.getSignaturesCount(); sigIndex++) { dsseEnvelopeBuilder.addSignatures( diff --git a/sigstore-java/src/main/java/dev/sigstore/dsse/InTotoPayload.java b/sigstore-java/src/main/java/dev/sigstore/dsse/InTotoPayload.java index 8e381ae4..79d309e5 100644 --- a/sigstore-java/src/main/java/dev/sigstore/dsse/InTotoPayload.java +++ b/sigstore-java/src/main/java/dev/sigstore/dsse/InTotoPayload.java @@ -52,6 +52,6 @@ interface Subject { } static InTotoPayload from(DsseEnvelope dsseEnvelope) { - return GSON.get().fromJson(dsseEnvelope.getPayload(), InTotoPayload.class); + return GSON.get().fromJson(dsseEnvelope.getPayloadAsString(), InTotoPayload.class); } }