diff --git a/sigstore-java/src/main/java/dev/sigstore/tuf/FileSystemTufStore.java b/sigstore-java/src/main/java/dev/sigstore/tuf/FileSystemTufStore.java index 7f904823..5fbbd06f 100644 --- a/sigstore-java/src/main/java/dev/sigstore/tuf/FileSystemTufStore.java +++ b/sigstore-java/src/main/java/dev/sigstore/tuf/FileSystemTufStore.java @@ -79,12 +79,12 @@ public byte[] readTarget(String targetName) throws IOException { } @Override - public void setMeta(String roleName, SignedTufMeta meta) throws IOException { + public void writeMeta(String roleName, SignedTufMeta meta) throws IOException { storeRole(roleName, meta); } @Override - public > Optional findMeta(String roleName, Class tClass) + public > Optional readMeta(String roleName, Class tClass) throws IOException { Path roleFile = repoBaseDir.resolve(roleName + ".json"); if (!roleFile.toFile().exists()) { @@ -101,8 +101,8 @@ > void storeRole(String roleName, T role) throws IOEx } @Override - public void setRoot(Root root) throws IOException { - Optional trustedRoot = findMeta(RootRole.ROOT, Root.class); + public void writeRoot(Root root) throws IOException { + Optional trustedRoot = readMeta(RootRole.ROOT, Root.class); if (trustedRoot.isPresent()) { try { Files.move( diff --git a/sigstore-java/src/main/java/dev/sigstore/tuf/MetaReader.java b/sigstore-java/src/main/java/dev/sigstore/tuf/MetaReader.java index 3752ecf8..3863e485 100644 --- a/sigstore-java/src/main/java/dev/sigstore/tuf/MetaReader.java +++ b/sigstore-java/src/main/java/dev/sigstore/tuf/MetaReader.java @@ -20,6 +20,7 @@ import java.io.IOException; import java.util.Optional; +/** Interface that defines reading meta from local storage. */ public interface MetaReader { /** @@ -31,6 +32,6 @@ public interface MetaReader { * @return an instance of the signed metadata for the role if it was found * @throws IOException if an error occurs reading from the backing store */ - > Optional findMeta( + > Optional readMeta( String roleName, Class tClass) throws IOException; } diff --git a/sigstore-java/src/main/java/dev/sigstore/tuf/MetaStore.java b/sigstore-java/src/main/java/dev/sigstore/tuf/MetaStore.java index ca12208b..a3a4b8be 100644 --- a/sigstore-java/src/main/java/dev/sigstore/tuf/MetaStore.java +++ b/sigstore-java/src/main/java/dev/sigstore/tuf/MetaStore.java @@ -20,20 +20,25 @@ import dev.sigstore.tuf.model.TufMeta; import java.io.IOException; -/** Interface that defined a mutable meta store functionality. */ +/** Interface that defines a mutable meta store functionality. */ public interface MetaStore extends MetaReader { + /** + * A generic string for identifying the local store in debug messages. A file system based + * implementation might return the path being used for storage, while an in-memory store may just + * return something like 'in-memory'. + */ String getIdentifier(); /** * Generic method to store one of the {@link SignedTufMeta} resources in the local tuf store. Do - * not use for Root role, use {@link #setRoot(Root)} instead. + * not use for Root role, use {@link #writeRoot(Root)} instead. * * @param roleName the name of the role * @param meta the metadata to store * @throws IOException if writing the resource causes an IO error */ - void setMeta(String roleName, SignedTufMeta meta) throws IOException; + void writeMeta(String roleName, SignedTufMeta meta) throws IOException; /** * Once you have ascertained that your root is trustworthy use this method to persist it to your @@ -46,7 +51,7 @@ public interface MetaStore extends MetaReader { * @see 5.3.8 */ - void setRoot(Root root) throws IOException; + void writeRoot(Root root) throws IOException; /** * This clears out the snapshot and timestamp metadata from the store, as required when snapshot diff --git a/sigstore-java/src/main/java/dev/sigstore/tuf/PassthroughCacheMetaStore.java b/sigstore-java/src/main/java/dev/sigstore/tuf/PassthroughCacheMetaStore.java index a24e9d75..ee6f3314 100644 --- a/sigstore-java/src/main/java/dev/sigstore/tuf/PassthroughCacheMetaStore.java +++ b/sigstore-java/src/main/java/dev/sigstore/tuf/PassthroughCacheMetaStore.java @@ -45,15 +45,15 @@ public static PassthroughCacheMetaStore newPassthroughMetaCache(MetaStore localS } @Override - public void setRoot(Root root) throws IOException { - // call storeRoot instead of generic storeMeta because it does extra work when storing on disk - localStore.setRoot(root); + public void writeRoot(Root root) throws IOException { + // call writeRoot instead of generic writeMeta because it may do extra work when storing on disk + localStore.writeRoot(root); cache.put(RootRole.ROOT, root); } @Override @SuppressWarnings("unchecked") - public > Optional findMeta( + public > Optional readMeta( String roleName, Class tClass) throws IOException { // check memory cache if (cache.containsKey(roleName)) { @@ -61,18 +61,18 @@ public > Optional findMeta( } // check backing storage and write to memory if found - var value = localStore.findMeta(roleName, tClass); + var value = localStore.readMeta(roleName, tClass); value.ifPresent(v -> cache.put(roleName, v)); return value; } @Override - public void setMeta(String roleName, SignedTufMeta meta) throws IOException { + public void writeMeta(String roleName, SignedTufMeta meta) throws IOException { if (Objects.equals(roleName, RootRole.ROOT)) { - throw new IllegalArgumentException("Calling setMeta on root instead of setRoot"); + throw new IllegalArgumentException("Calling writeMeta on root instead of writeRoot"); } - localStore.setMeta(roleName, meta); + localStore.writeMeta(roleName, meta); cache.put(roleName, meta); } diff --git a/sigstore-java/src/main/java/dev/sigstore/tuf/TargetReader.java b/sigstore-java/src/main/java/dev/sigstore/tuf/TargetReader.java index ba336942..0a06ca8f 100644 --- a/sigstore-java/src/main/java/dev/sigstore/tuf/TargetReader.java +++ b/sigstore-java/src/main/java/dev/sigstore/tuf/TargetReader.java @@ -17,6 +17,7 @@ import java.io.IOException; +/** Interface that defines reading targets from local storage. */ public interface TargetReader { /** diff --git a/sigstore-java/src/main/java/dev/sigstore/tuf/TargetStore.java b/sigstore-java/src/main/java/dev/sigstore/tuf/TargetStore.java index 9ffc2f55..2a2bd25b 100644 --- a/sigstore-java/src/main/java/dev/sigstore/tuf/TargetStore.java +++ b/sigstore-java/src/main/java/dev/sigstore/tuf/TargetStore.java @@ -17,9 +17,14 @@ import java.io.IOException; -/** Interface that defined a mutable meta store functionality. */ +/** Interface that defines a mutable target store functionality. */ public interface TargetStore extends TargetReader { + /** + * A generic string for identifying the local store in debug messages. A file system based + * implementation might return the path being used for storage, while an in-memory store may just + * return something like 'in-memory'. + */ String getIdentifier(); /** diff --git a/sigstore-java/src/main/java/dev/sigstore/tuf/TrustedMetaStore.java b/sigstore-java/src/main/java/dev/sigstore/tuf/TrustedMetaStore.java index 6352734a..5471a95b 100644 --- a/sigstore-java/src/main/java/dev/sigstore/tuf/TrustedMetaStore.java +++ b/sigstore-java/src/main/java/dev/sigstore/tuf/TrustedMetaStore.java @@ -60,7 +60,7 @@ public String getIdentifier() { > T getMeta(String roleName, Class tClass) throws IOException { return metaStore - .findMeta(roleName, tClass) + .readMeta(roleName, tClass) .orElseThrow( () -> new IllegalStateException( @@ -70,7 +70,7 @@ > T getMeta(String roleName, Class } public void setRoot(Root root) throws IOException { - metaStore.setRoot(root); + metaStore.writeRoot(root); } public Root getRoot() throws IOException { @@ -78,11 +78,11 @@ public Root getRoot() throws IOException { } public Optional findRoot() throws IOException { - return metaStore.findMeta(RootRole.ROOT, Root.class); + return metaStore.readMeta(RootRole.ROOT, Root.class); } public void setTimestamp(Timestamp timestamp) throws IOException { - metaStore.setMeta(RootRole.TIMESTAMP, timestamp); + metaStore.writeMeta(RootRole.TIMESTAMP, timestamp); } public Timestamp getTimestamp() throws IOException { @@ -90,11 +90,11 @@ public Timestamp getTimestamp() throws IOException { } public Optional findTimestamp() throws IOException { - return metaStore.findMeta(RootRole.TIMESTAMP, Timestamp.class); + return metaStore.readMeta(RootRole.TIMESTAMP, Timestamp.class); } public void setSnapshot(Snapshot snapshot) throws IOException { - metaStore.setMeta(RootRole.SNAPSHOT, snapshot); + metaStore.writeMeta(RootRole.SNAPSHOT, snapshot); } public Snapshot getSnapshot() throws IOException { @@ -102,11 +102,11 @@ public Snapshot getSnapshot() throws IOException { } public Optional findSnapshot() throws IOException { - return metaStore.findMeta(RootRole.SNAPSHOT, Snapshot.class); + return metaStore.readMeta(RootRole.SNAPSHOT, Snapshot.class); } public void setTargets(Targets targets) throws IOException { - metaStore.setMeta(RootRole.TARGETS, targets); + metaStore.writeMeta(RootRole.TARGETS, targets); } public Targets getTargets() throws IOException { @@ -114,7 +114,7 @@ public Targets getTargets() throws IOException { } public Optional findTargets() throws IOException { - return metaStore.findMeta(RootRole.TARGETS, Targets.class); + return metaStore.readMeta(RootRole.TARGETS, Targets.class); } public void clearMetaDueToKeyRotation() throws IOException { diff --git a/sigstore-java/src/test/java/dev/sigstore/tuf/FileSystemTufStoreTest.java b/sigstore-java/src/test/java/dev/sigstore/tuf/FileSystemTufStoreTest.java index 16f227e4..0694b20d 100644 --- a/sigstore-java/src/test/java/dev/sigstore/tuf/FileSystemTufStoreTest.java +++ b/sigstore-java/src/test/java/dev/sigstore/tuf/FileSystemTufStoreTest.java @@ -32,21 +32,21 @@ class FileSystemTufStoreTest { @Test void newFileSystemStore_empty(@TempDir Path repoBase) throws IOException { FileSystemTufStore tufStore = FileSystemTufStore.newFileSystemStore(repoBase); - assertFalse(tufStore.findMeta(RootRole.ROOT, Root.class).isPresent()); + assertFalse(tufStore.readMeta(RootRole.ROOT, Root.class).isPresent()); } @Test void newFileSystemStore_hasRepo(@TempDir Path repoBase) throws IOException { TestResources.setupRepoFiles(PROD_REPO, repoBase, "root.json"); FileSystemTufStore tufStore = FileSystemTufStore.newFileSystemStore(repoBase); - assertTrue(tufStore.findMeta(RootRole.ROOT, Root.class).isPresent()); + assertTrue(tufStore.readMeta(RootRole.ROOT, Root.class).isPresent()); } @Test void setTrustedRoot_noPrevious(@TempDir Path repoBase) throws IOException { FileSystemTufStore tufStore = FileSystemTufStore.newFileSystemStore(repoBase); assertFalse(repoBase.resolve("root.json").toFile().exists()); - tufStore.setRoot(TestResources.loadRoot(TestResources.UPDATER_REAL_TRUSTED_ROOT)); + tufStore.writeRoot(TestResources.loadRoot(TestResources.UPDATER_REAL_TRUSTED_ROOT)); assertEquals(2, repoBase.toFile().list().length, "Expect 2: root.json plus the /targets dir."); assertTrue(repoBase.resolve("root.json").toFile().exists()); assertTrue(repoBase.resolve("targets").toFile().isDirectory()); @@ -56,9 +56,9 @@ void setTrustedRoot_noPrevious(@TempDir Path repoBase) throws IOException { void setTrustedRoot_backupPerformed(@TempDir Path repoBase) throws IOException { TestResources.setupRepoFiles(PROD_REPO, repoBase, "root.json"); FileSystemTufStore tufStore = FileSystemTufStore.newFileSystemStore(repoBase); - int version = tufStore.findMeta(RootRole.ROOT, Root.class).get().getSignedMeta().getVersion(); + int version = tufStore.readMeta(RootRole.ROOT, Root.class).get().getSignedMeta().getVersion(); assertFalse(repoBase.resolve(version + ".root.json").toFile().exists()); - tufStore.setRoot(TestResources.loadRoot(TestResources.UPDATER_REAL_TRUSTED_ROOT)); + tufStore.writeRoot(TestResources.loadRoot(TestResources.UPDATER_REAL_TRUSTED_ROOT)); assertTrue(repoBase.resolve(version + ".root.json").toFile().exists()); } diff --git a/sigstore-java/src/test/java/dev/sigstore/tuf/PassthroughCacheMetaStoreTest.java b/sigstore-java/src/test/java/dev/sigstore/tuf/PassthroughCacheMetaStoreTest.java index 868789e6..d1618782 100644 --- a/sigstore-java/src/test/java/dev/sigstore/tuf/PassthroughCacheMetaStoreTest.java +++ b/sigstore-java/src/test/java/dev/sigstore/tuf/PassthroughCacheMetaStoreTest.java @@ -61,54 +61,54 @@ public void setup() throws IOException { @Test public void root_test() throws Exception { - assertTrue(fileSystemTufStore.findMeta(RootRole.ROOT, Root.class).isEmpty()); - assertTrue(passthroughCacheMetaStore.findMeta(RootRole.ROOT, Root.class).isEmpty()); + assertTrue(fileSystemTufStore.readMeta(RootRole.ROOT, Root.class).isEmpty()); + assertTrue(passthroughCacheMetaStore.readMeta(RootRole.ROOT, Root.class).isEmpty()); - passthroughCacheMetaStore.setRoot(root); + passthroughCacheMetaStore.writeRoot(root); - assertEquals(root, fileSystemTufStore.findMeta(RootRole.ROOT, Root.class).get()); - assertEquals(root, passthroughCacheMetaStore.findMeta(RootRole.ROOT, Root.class).get()); + assertEquals(root, fileSystemTufStore.readMeta(RootRole.ROOT, Root.class).get()); + assertEquals(root, passthroughCacheMetaStore.readMeta(RootRole.ROOT, Root.class).get()); } @Test public void root_canInitFromDisk() throws Exception { - assertTrue(fileSystemTufStore.findMeta(RootRole.ROOT, Root.class).isEmpty()); - assertTrue(passthroughCacheMetaStore.findMeta(RootRole.ROOT, Root.class).isEmpty()); + assertTrue(fileSystemTufStore.readMeta(RootRole.ROOT, Root.class).isEmpty()); + assertTrue(passthroughCacheMetaStore.readMeta(RootRole.ROOT, Root.class).isEmpty()); try (BufferedWriter fileWriter = Files.newBufferedWriter(localStore.resolve("root.json"))) { GSON.get().toJson(root, fileWriter); } - assertEquals(root, fileSystemTufStore.findMeta(RootRole.ROOT, Root.class).get()); - assertEquals(root, passthroughCacheMetaStore.findMeta(RootRole.ROOT, Root.class).get()); + assertEquals(root, fileSystemTufStore.readMeta(RootRole.ROOT, Root.class).get()); + assertEquals(root, passthroughCacheMetaStore.readMeta(RootRole.ROOT, Root.class).get()); } @Test public void meta_test() throws Exception { // root uses special handling for writing, but the rest of them don't, so we just test // timestamp here arbitrarily - assertTrue(fileSystemTufStore.findMeta(RootRole.TIMESTAMP, Timestamp.class).isEmpty()); - assertTrue(passthroughCacheMetaStore.findMeta(RootRole.TIMESTAMP, Timestamp.class).isEmpty()); + assertTrue(fileSystemTufStore.readMeta(RootRole.TIMESTAMP, Timestamp.class).isEmpty()); + assertTrue(passthroughCacheMetaStore.readMeta(RootRole.TIMESTAMP, Timestamp.class).isEmpty()); - passthroughCacheMetaStore.setMeta(RootRole.TIMESTAMP, timestamp); + passthroughCacheMetaStore.writeMeta(RootRole.TIMESTAMP, timestamp); - assertEquals(timestamp, fileSystemTufStore.findMeta(RootRole.TIMESTAMP, Timestamp.class).get()); + assertEquals(timestamp, fileSystemTufStore.readMeta(RootRole.TIMESTAMP, Timestamp.class).get()); assertEquals( - timestamp, passthroughCacheMetaStore.findMeta(RootRole.TIMESTAMP, Timestamp.class).get()); + timestamp, passthroughCacheMetaStore.readMeta(RootRole.TIMESTAMP, Timestamp.class).get()); } @Test public void timestamp_canInitFromDisk() throws Exception { - assertTrue(fileSystemTufStore.findMeta(RootRole.TIMESTAMP, Timestamp.class).isEmpty()); - assertTrue(passthroughCacheMetaStore.findMeta(RootRole.TIMESTAMP, Timestamp.class).isEmpty()); + assertTrue(fileSystemTufStore.readMeta(RootRole.TIMESTAMP, Timestamp.class).isEmpty()); + assertTrue(passthroughCacheMetaStore.readMeta(RootRole.TIMESTAMP, Timestamp.class).isEmpty()); try (BufferedWriter fileWriter = Files.newBufferedWriter(localStore.resolve("timestamp.json"))) { GSON.get().toJson(timestamp, fileWriter); } - assertEquals(timestamp, fileSystemTufStore.findMeta(RootRole.TIMESTAMP, Timestamp.class).get()); + assertEquals(timestamp, fileSystemTufStore.readMeta(RootRole.TIMESTAMP, Timestamp.class).get()); assertEquals( - timestamp, passthroughCacheMetaStore.findMeta(RootRole.TIMESTAMP, Timestamp.class).get()); + timestamp, passthroughCacheMetaStore.readMeta(RootRole.TIMESTAMP, Timestamp.class).get()); } }