From 3d1cb32f5102746c20bdaae2499b60cc447171e5 Mon Sep 17 00:00:00 2001 From: Appu Goundan Date: Wed, 11 Oct 2023 11:21:52 -0400 Subject: [PATCH] Update protobuf-spec to 0.2.1 - We now publish only v0.2 bundle specs (inclusion proof required) - v0.1 bundles can still be read (for now) but the behavior isn't super well defined - Message digest is optional in the bundle Signed-off-by: Appu Goundan --- sigstore-java/build.gradle.kts | 2 +- .../java/dev/sigstore/KeylessSignature.java | 5 +- .../java/dev/sigstore/KeylessVerifier.java | 17 +++-- .../bundle/BundleFactoryInternal.java | 74 ++++++++++++------- .../bundle/BundleVerifierInternal.java | 7 ++ .../test/java/dev/sigstore/KeylessTest.java | 4 +- .../dev/sigstore/KeylessVerifierTest.java | 18 +++++ .../bundle/AllRequiredFieldsInBundleTest.java | 26 ++++++- .../samples/bundles/bundle-no-digest.sigstore | 1 + .../sigstore/samples/bundles/bundle.sigstore | 2 +- .../dev/sigstore/testkit/BaseGradleTest.kt | 2 +- 11 files changed, 116 insertions(+), 42 deletions(-) create mode 100644 sigstore-java/src/test/resources/dev/sigstore/samples/bundles/bundle-no-digest.sigstore diff --git a/sigstore-java/build.gradle.kts b/sigstore-java/build.gradle.kts index 2d1388e2..1303b718 100644 --- a/sigstore-java/build.gradle.kts +++ b/sigstore-java/build.gradle.kts @@ -20,7 +20,7 @@ dependencies { implementation("io.github.erdtman:java-json-canonicalization:1.1") - implementation("dev.sigstore:protobuf-specs:0.1.0") { + implementation("dev.sigstore:protobuf-specs:0.2.1") { because("It generates Sigstore Bundle file") } implementation(platform("com.google.protobuf:protobuf-bom:3.24.3")) diff --git a/sigstore-java/src/main/java/dev/sigstore/KeylessSignature.java b/sigstore-java/src/main/java/dev/sigstore/KeylessSignature.java index b3ad5483..e4874611 100644 --- a/sigstore-java/src/main/java/dev/sigstore/KeylessSignature.java +++ b/sigstore-java/src/main/java/dev/sigstore/KeylessSignature.java @@ -22,7 +22,10 @@ @Value.Immutable public interface KeylessSignature { - /** The sha256 hash digest of the artifact */ + /** + * The sha256 hash digest of the artifact, this may be empty and should be treated as not present + * in that case. + */ byte[] getDigest(); /** diff --git a/sigstore-java/src/main/java/dev/sigstore/KeylessVerifier.java b/sigstore-java/src/main/java/dev/sigstore/KeylessVerifier.java index 77d0a7ec..16e4f3e9 100644 --- a/sigstore-java/src/main/java/dev/sigstore/KeylessVerifier.java +++ b/sigstore-java/src/main/java/dev/sigstore/KeylessVerifier.java @@ -146,13 +146,16 @@ public void verify(byte[] artifactDigest, KeylessVerificationRequest request) // this ensures the provided artifact digest matches what may have come from a bundle (in // keyless signature) - if (!Arrays.equals(artifactDigest, request.getKeylessSignature().getDigest())) { - throw new KeylessVerificationException( - "Provided artifact sha256 digest does not match digest used for verification" - + "\nprovided(hex) : " - + Hex.toHexString(artifactDigest) - + "\nverification : " - + Hex.toHexString(request.getKeylessSignature().getDigest())); + var digest = request.getKeylessSignature().getDigest(); + if (digest.length > 0) { + if (!Arrays.equals(artifactDigest, digest)) { + throw new KeylessVerificationException( + "Provided artifact sha256 digest does not match digest used for verification" + + "\nprovided(hex) : " + + Hex.toHexString(artifactDigest) + + "\nverification : " + + Hex.toHexString(digest)); + } } // verify the certificate chains up to a trusted root (fulcio) and contains a valid SCT from diff --git a/sigstore-java/src/main/java/dev/sigstore/bundle/BundleFactoryInternal.java b/sigstore-java/src/main/java/dev/sigstore/bundle/BundleFactoryInternal.java index 26b278fd..c3a9b27b 100644 --- a/sigstore-java/src/main/java/dev/sigstore/bundle/BundleFactoryInternal.java +++ b/sigstore-java/src/main/java/dev/sigstore/bundle/BundleFactoryInternal.java @@ -46,7 +46,6 @@ import java.util.ArrayList; import java.util.Base64; import java.util.List; -import java.util.Optional; import java.util.stream.Collectors; import org.bouncycastle.util.encoders.Hex; @@ -68,8 +67,12 @@ class BundleFactoryInternal { * @return Sigstore Bundle in protobuf builder format */ static Bundle.Builder createBundleBuilder(KeylessSignature signingResult) { + if (signingResult.getDigest().length == 0) { + throw new IllegalStateException( + "keyless signature must have artifact digest when serializing to bundle"); + } return Bundle.newBuilder() - .setMediaType("application/vnd.dev.sigstore.bundle+json;version=0.1") + .setMediaType("application/vnd.dev.sigstore.bundle+json;version=0.2") .setVerificationMaterial(buildVerificationMaterial(signingResult)) .setMessageSignature( MessageSignature.newBuilder() @@ -157,27 +160,39 @@ static KeylessSignature readBundle(Reader jsonReader) throws BundleParseExceptio } Bundle bundle = bundleBuilder.build(); + // TODO: only allow v0.2 bundles at some point, we will only be producing v0.2 bundles + // TODO: in our GA release. + // var supportedMediaType = "application/vnd.dev.sigstore.bundle+json;version=0.2"; + // if (!supportedMediaType.equals(bundle.getMediaType())) { + // throw new BundleParseException( + // "Unsupported media type '" + // + bundle.getMediaType() + // + "', only '" + // + supportedMediaType + // + "' is supported"); + // } + if (bundle.getVerificationMaterial().getTlogEntriesCount() == 0) { throw new BundleParseException("Could not find any tlog entries in bundle json"); } var bundleEntry = bundle.getVerificationMaterial().getTlogEntries(0); + if (!bundleEntry.hasInclusionProof()) { + throw new BundleParseException("Could not find an inclusion proof"); + } var bundleInclusionProof = bundleEntry.getInclusionProof(); - ImmutableInclusionProof inclusionProof = null; - if (bundleEntry.hasInclusionProof()) { - inclusionProof = - ImmutableInclusionProof.builder() - .logIndex(bundleInclusionProof.getLogIndex()) - .rootHash(Hex.toHexString(bundleInclusionProof.getRootHash().toByteArray())) - .treeSize(bundleInclusionProof.getTreeSize()) - .checkpoint(bundleInclusionProof.getCheckpoint().getEnvelope()) - .addAllHashes( - bundleInclusionProof.getHashesList().stream() - .map(ByteString::toByteArray) - .map(Hex::toHexString) - .collect(Collectors.toList())) - .build(); - } + ImmutableInclusionProof inclusionProof = + ImmutableInclusionProof.builder() + .logIndex(bundleInclusionProof.getLogIndex()) + .rootHash(Hex.toHexString(bundleInclusionProof.getRootHash().toByteArray())) + .treeSize(bundleInclusionProof.getTreeSize()) + .checkpoint(bundleInclusionProof.getCheckpoint().getEnvelope()) + .addAllHashes( + bundleInclusionProof.getHashesList().stream() + .map(ByteString::toByteArray) + .map(Hex::toHexString) + .collect(Collectors.toList())) + .build(); var verification = ImmutableVerification.builder() @@ -185,7 +200,7 @@ static KeylessSignature readBundle(Reader jsonReader) throws BundleParseExceptio Base64.getEncoder() .encodeToString( bundleEntry.getInclusionPromise().getSignedEntryTimestamp().toByteArray())) - .inclusionProof(Optional.ofNullable(inclusionProof)) + .inclusionProof(inclusionProof) .build(); var rekorEntry = @@ -199,18 +214,23 @@ static KeylessSignature readBundle(Reader jsonReader) throws BundleParseExceptio .verification(verification) .build(); - var hashAlgorithm = bundle.getMessageSignature().getMessageDigest().getAlgorithm(); - if (hashAlgorithm != HashAlgorithm.SHA2_256) { - throw new BundleParseException( - "Cannot read message digests of type " - + hashAlgorithm - + ", only " - + HashAlgorithm.SHA2_256 - + " is supported"); + var digest = new byte[] {}; + if (bundle.getMessageSignature().hasMessageDigest()) { + var hashAlgorithm = bundle.getMessageSignature().getMessageDigest().getAlgorithm(); + if (hashAlgorithm != HashAlgorithm.SHA2_256) { + throw new BundleParseException( + "Cannot read message digests of type " + + hashAlgorithm + + ", only " + + HashAlgorithm.SHA2_256 + + " is supported"); + } + digest = bundle.getMessageSignature().getMessageDigest().getDigest().toByteArray(); } + try { return KeylessSignature.builder() - .digest(bundle.getMessageSignature().getMessageDigest().getDigest().toByteArray()) + .digest(digest) .certPath( toCertPath( bundle.getVerificationMaterial().getX509CertificateChain().getCertificatesList())) diff --git a/sigstore-java/src/main/java/dev/sigstore/bundle/BundleVerifierInternal.java b/sigstore-java/src/main/java/dev/sigstore/bundle/BundleVerifierInternal.java index 64674a97..81cd427d 100644 --- a/sigstore-java/src/main/java/dev/sigstore/bundle/BundleVerifierInternal.java +++ b/sigstore-java/src/main/java/dev/sigstore/bundle/BundleVerifierInternal.java @@ -128,6 +128,13 @@ private static String subMessagePrefix( } static boolean isRequired(Descriptors.FieldDescriptor field) { + // while this isn't configured into the spec, we do not support rfc3161 timestamps in java yet, + // so make SETs from rekor required in code here + if (field + .getFullName() + .equals("dev.sigstore.rekor.v1.TransparencyLogEntry.inclusion_promise")) { + return true; + } return field.isRequired() || field .toProto() diff --git a/sigstore-java/src/test/java/dev/sigstore/KeylessTest.java b/sigstore-java/src/test/java/dev/sigstore/KeylessTest.java index 5362194e..4fd66012 100644 --- a/sigstore-java/src/test/java/dev/sigstore/KeylessTest.java +++ b/sigstore-java/src/test/java/dev/sigstore/KeylessTest.java @@ -59,7 +59,6 @@ public static void setupArtifact() throws IOException { } @Test - @SuppressWarnings("deprecation") @EnabledIfOidcExists(provider = OidcProviderType.ANY) public void sign_production() throws Exception { var signer = KeylessSigner.builder().sigstorePublicDefaults().build(); @@ -78,7 +77,6 @@ public void sign_production() throws Exception { } @Test - @SuppressWarnings("deprecation") @EnabledIfOidcExists(provider = OidcProviderType.ANY) public void sign_staging() throws Exception { var signer = KeylessSigner.builder().sigstoreStagingDefaults().build(); @@ -108,7 +106,7 @@ private void verifySigningResult(List results) Assertions.assertNotNull(result.getSignature()); var hr = RekorTypes.getHashedRekord(result.getEntry().get()); - // check if ht rekor entry has the digest we sent + // check if the rekor entry has the digest we sent Assertions.assertArrayEquals(artifactDigest, result.getDigest()); // check if the rekor entry has the signature we sent Assertions.assertArrayEquals( diff --git a/sigstore-java/src/test/java/dev/sigstore/KeylessVerifierTest.java b/sigstore-java/src/test/java/dev/sigstore/KeylessVerifierTest.java index ee4ed4f4..6127a61d 100644 --- a/sigstore-java/src/test/java/dev/sigstore/KeylessVerifierTest.java +++ b/sigstore-java/src/test/java/dev/sigstore/KeylessVerifierTest.java @@ -45,6 +45,24 @@ public void testVerify(boolean isOnline) throws Exception { verifier.verify(Path.of(artifact), verificationReq); } + @ParameterizedTest + @ValueSource(booleans = {true, false}) + public void testVerify_noDigestInBundle(boolean isOnline) throws Exception { + var bundleFile = + Resources.toString( + Resources.getResource("dev/sigstore/samples/bundles/bundle-no-digest.sigstore"), + StandardCharsets.UTF_8); + var artifact = Resources.getResource("dev/sigstore/samples/bundles/artifact.txt").getPath(); + + var verifier = KeylessVerifier.builder().sigstorePublicDefaults().build(); + var verificationReq = + KeylessVerificationRequest.builder() + .keylessSignature(BundleFactory.readBundle(new StringReader(bundleFile))) + .verificationOptions(VerificationOptions.builder().isOnline(isOnline).build()) + .build(); + verifier.verify(Path.of(artifact), verificationReq); + } + @ParameterizedTest @ValueSource(booleans = {true, false}) public void testVerify_mismatchedSet(boolean isOnline) throws Exception { diff --git a/sigstore-java/src/test/java/dev/sigstore/bundle/AllRequiredFieldsInBundleTest.java b/sigstore-java/src/test/java/dev/sigstore/bundle/AllRequiredFieldsInBundleTest.java index b8882ff9..8e030f8d 100644 --- a/sigstore-java/src/test/java/dev/sigstore/bundle/AllRequiredFieldsInBundleTest.java +++ b/sigstore-java/src/test/java/dev/sigstore/bundle/AllRequiredFieldsInBundleTest.java @@ -63,6 +63,31 @@ void allRequiredFieldsInBundle() { + "dev.sigstore.common.v1.LogId\n" + " key_id\n" + "\n" + + "dev.sigstore.rekor.v1.KindVersion\n" + + " kind\n" + + " version\n" + + "\n" + + "dev.sigstore.rekor.v1.InclusionPromise\n" + + " signed_entry_timestamp\n" + + "\n" + + "dev.sigstore.rekor.v1.Checkpoint\n" + + " envelope\n" + + "\n" + + "dev.sigstore.rekor.v1.InclusionProof\n" + + " log_index\n" + + " root_hash\n" + + " tree_size\n" + + " hashes\n" + + " checkpoint\n" + + "\n" + + "dev.sigstore.rekor.v1.TransparencyLogEntry\n" + + " log_index\n" + + " log_id\n" + + " kind_version\n" + + " integrated_time\n" + + " inclusion_promise\n" + + " inclusion_proof\n" + + "\n" + "dev.sigstore.common.v1.RFC3161SignedTimestamp\n" + " signed_timestamp\n" + "\n" @@ -70,7 +95,6 @@ void allRequiredFieldsInBundle() { + " content\n" + "\n" + "dev.sigstore.common.v1.MessageSignature\n" - + " message_digest\n" + " signature\n" + "\n" + "dev.sigstore.bundle.v1.Bundle\n" diff --git a/sigstore-java/src/test/resources/dev/sigstore/samples/bundles/bundle-no-digest.sigstore b/sigstore-java/src/test/resources/dev/sigstore/samples/bundles/bundle-no-digest.sigstore new file mode 100644 index 00000000..53873e1b --- /dev/null +++ b/sigstore-java/src/test/resources/dev/sigstore/samples/bundles/bundle-no-digest.sigstore @@ -0,0 +1 @@ +{"mediaType":"application/vnd.dev.sigstore.bundle+json;version=0.2","verificationMaterial":{"x509CertificateChain":{"certificates":[{"rawBytes":"MIICyDCCAk6gAwIBAgIUenpCAKVU2BcGqhnsCe0doys6ibwwCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjMxMDExMTQyODAzWhcNMjMxMDExMTQzODAzWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEC0NNg9GUBzDJz2+i3Ffl1RiCwBekqVQvaYdjXJu6O7zd0WOofuc9zaBQ3WhE8o3EXH0Y5prD6bGajd2XEaMW6KOCAW0wggFpMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQULM+gqZePC3pfVoEclUSrtVPwGwgwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wHQYDVR0RAQH/BBMwEYEPYXBwdUBnb29nbGUuY29tMCkGCisGAQQBg78wAQEEG2h0dHBzOi8vYWNjb3VudHMuZ29vZ2xlLmNvbTArBgorBgEEAYO/MAEIBB0MG2h0dHBzOi8vYWNjb3VudHMuZ29vZ2xlLmNvbTCBigYKKwYBBAHWeQIEAgR8BHoAeAB2AN09MGrGxxEyYxkeHJlnNwKiSl643jyt/4eKcoAvKe6OAAABix8jOOQAAAQDAEcwRQIhANeveOTEE7bNqX0UyaSYlSoOXtOntGNsEAO9FUaa/p/XAiBaMNu8aUovaFnoY+e3VIwsLfKoQls17tZbbH6sY+RZQjAKBggqhkjOPQQDAwNoADBlAjB63/BTZjqtZFoKpilCsvEzz4a6eBGf0dbnqhhDS/9ELuKjj2H7jQuNICxqED5p9vECMQDxUugt9pitEpNkOR4gnHdEAS726LUKhCic2QUhwbNJt/+Th+O7MyvyfoDjdlgGGMI="}]},"tlogEntries":[{"logIndex":"41958702","logId":{"keyId":"wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="},"kindVersion":{"kind":"hashedrekord","version":"0.0.1"},"integratedTime":"1697034484","inclusionPromise":{"signedEntryTimestamp":"MEUCIFJST52F75FnhiyWApcgiQWgszyb/rf6J5wIRHEFb6LiAiEAgK/el1WsJLdpoRn0Pp9np9LPbY4ebQyyX03j8325Q48="},"inclusionProof":{"logIndex":"37795271","rootHash":"60ll7idWI1jYRZzxc+jKflYoW+4jWxgZaGR15ASsWt4=","treeSize":"37795272","hashes":["ZIU3md9RFYeb/QLydGOwhQ3ND+W4anIY65AcncCDATg=","FW20NiNv2Sqj0JVrVV0jxM2orMbQ9xh+VP1lTkSDl/Q=","S+iI/+iSshhUyd1Q7CAhJL1r0ztj4VmlB+Mz6EIYVnc=","IarfFu1ExpVVeg2h4fG1IWKYMs6BKCBnp46dlDN+iRA=","lMgRhGHIJoON6m0fp7dqo58UDMgHbflIjryXEw8/6GI=","wFBMBVQ5HXrKMuf5XOphsNlin7vSAfDFJnQq5YDxVrY=","FBAwNrNC3qhOjCcwdeB59P7bwQ40jtBUib0Y/j87xpE=","FTHlMv8QQyKAsmnkVAwWZSzP3mApzQXkiZrN+bQGg08=","5Lrnz5mdl9fOisdC44l0ljBJi9bwDSb/ArXsvCpgCiQ=","dA4IFz5UaTwkR83x1QUkZLq0UZJu9kRZJuSDsU7kVkE=","EqXDaDjlrIheY/2CQ/d0+pp4EBeqLlaq2/0ociyo5AY=","aWnEm9c/Gb8operqvTMd3WBQLe+yzT2W4Xt0HICt7Gw="],"checkpoint":{"envelope":"rekor.sigstore.dev - 2605736670972794746\n37795272\n60ll7idWI1jYRZzxc+jKflYoW+4jWxgZaGR15ASsWt4=\nTimestamp: 1697034484441201852\n\n— rekor.sigstore.dev wNI9ajBGAiEAlWUH2HSPa6IMIRBgFcIXph3Mj9xM70WR0VVADvGIl/oCIQCgfvUUjR/X5jewlqpAWI8NuJIicKpTG64vo6UM5fpSgQ==\n"}},"canonicalizedBody":"eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiJhMGNmYzcxMjcxZDZlMjc4ZTU3Y2QzMzJmZjk1N2MzZjcwNDNmZGRhMzU0YzRjYmIxOTBhMzBkNTZlZmEwMWJmIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FVUNJRG9xaGp4NWJ6Z1EwS3dNRDFtNzJDTGR4bTZMRHNhWU9oWE94L1NkS0NiRkFpRUExalY0V3kxUkhSN0pWS1FHUmZ5UGpLQTVzRUhWb0M0VUJnRHhpZjJ2Nmx3PSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjVSRU5EUVdzMlowRjNTVUpCWjBsVlpXNXdRMEZMVmxVeVFtTkhjV2h1YzBObE1HUnZlWE0yYVdKM2QwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcE5lRTFFUlhoTlZGRjVUMFJCZWxkb1kwNU5hazE0VFVSRmVFMVVVWHBQUkVGNlYycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZETUU1T1p6bEhWVUo2UkVwNk1pdHBNMFptYkRGU2FVTjNRbVZyY1ZaUmRtRlpaR29LV0VwMU5rODNlbVF3VjA5dlpuVmpPWHBoUWxFelYyaEZPRzh6UlZoSU1GazFjSEpFTm1KSFlXcGtNbGhGWVUxWE5rdFBRMEZYTUhkblowWndUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlZNVFN0bkNuRmFaVkJETTNCbVZtOUZZMnhWVTNKMFZsQjNSM2RuZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBoUldVUldVakJTUVZGSUwwSkNUWGRGV1VWUVdWaENkMlJWUW01aU1qbHVZa2RWZFZreU9YUk5RMnRIUTJselIwRlJVVUpuTnpoM1FWRkZSUXBITW1nd1pFaENlazlwT0haWlYwNXFZak5XZFdSSVRYVmFNamwyV2pKNGJFeHRUblppVkVGeVFtZHZja0puUlVWQldVOHZUVUZGU1VKQ01FMUhNbWd3Q21SSVFucFBhVGgyV1ZkT2FtSXpWblZrU0UxMVdqSTVkbG95ZUd4TWJVNTJZbFJEUW1sbldVdExkMWxDUWtGSVYyVlJTVVZCWjFJNFFraHZRV1ZCUWpJS1FVNHdPVTFIY2tkNGVFVjVXWGhyWlVoS2JHNU9kMHRwVTJ3Mk5ETnFlWFF2TkdWTFkyOUJka3RsTms5QlFVRkNhWGc0YWs5UFVVRkJRVkZFUVVWamR3cFNVVWxvUVU1bGRtVlBWRVZGTjJKT2NWZ3dWWGxoVTFsc1UyOVBXSFJQYm5SSFRuTkZRVTg1UmxWaFlTOXdMMWhCYVVKaFRVNTFPR0ZWYjNaaFJtNXZDbGtyWlROV1NYZHpUR1pMYjFGc2N6RTNkRnBpWWtnMmMxa3JVbHBSYWtGTFFtZG5jV2hyYWs5UVVWRkVRWGRPYjBGRVFteEJha0kyTXk5Q1ZGcHFjWFFLV2tadlMzQnBiRU56ZGtWNmVqUmhObVZDUjJZd1pHSnVjV2hvUkZNdk9VVk1kVXRxYWpKSU4ycFJkVTVKUTNoeFJVUTFjRGwyUlVOTlVVUjRWWFZuZEFvNWNHbDBSWEJPYTA5U05HZHVTR1JGUVZNM01qWk1WVXRvUTJsak1sRlZhSGRpVGtwMEx5dFVhQ3RQTjAxNWRubG1iMFJxWkd4blIwZE5TVDBLTFMwdExTMUZUa1FnUTBWU1ZFbEdTVU5CVkVVdExTMHRMUW89In19fX0="}]},"messageSignature":{"signature":"MEUCIDoqhjx5bzgQ0KwMD1m72CLdxm6LDsaYOhXOx/SdKCbFAiEA1jV4Wy1RHR7JVKQGRfyPjKA5sEHVoC4UBgDxif2v6lw="}} diff --git a/sigstore-java/src/test/resources/dev/sigstore/samples/bundles/bundle.sigstore b/sigstore-java/src/test/resources/dev/sigstore/samples/bundles/bundle.sigstore index d56e381a..2775608e 100644 --- a/sigstore-java/src/test/resources/dev/sigstore/samples/bundles/bundle.sigstore +++ b/sigstore-java/src/test/resources/dev/sigstore/samples/bundles/bundle.sigstore @@ -1 +1 @@ -{"mediaType": "application/vnd.dev.sigstore.bundle+json;version=0.1", "verificationMaterial": {"x509CertificateChain": {"certificates": [{"rawBytes": "MIIIGTCCB5+gAwIBAgIUBPWs4OPN1kte0mUMGZrZ6ozMVRkwCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjMwNzEyMTU1NjM1WhcNMjMwNzEyMTYwNjM1WjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEVr33uVAPA1SpA5w/mmBF9ariW8E7oizIQKqiYfxwSb1zftqZZX045y3tPbRkIWe+t7MUYliQknQ954rDDEASnKOCBr4wgga6MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUx2TNZkruHC2aCdyIXscI8N/8q2owHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wgaUGA1UdEQEB/wSBmjCBl4aBlGh0dHBzOi8vZ2l0aHViLmNvbS9zaWdzdG9yZS1jb25mb3JtYW5jZS9leHRyZW1lbHktZGFuZ2Vyb3VzLXB1YmxpYy1vaWRjLWJlYWNvbi8uZ2l0aHViL3dvcmtmbG93cy9leHRyZW1lbHktZGFuZ2Vyb3VzLW9pZGMtYmVhY29uLnltbEByZWZzL2hlYWRzL21haW4wOQYKKwYBBAGDvzABAQQraHR0cHM6Ly90b2tlbi5hY3Rpb25zLmdpdGh1YnVzZXJjb250ZW50LmNvbTAfBgorBgEEAYO/MAECBBF3b3JrZmxvd19kaXNwYXRjaDA2BgorBgEEAYO/MAEDBChhZjc4NWI2ZDNiMGZhMGMwYWExMzA1ZmFlZTdjZTYwMzZlOGQ5MGM0MC0GCisGAQQBg78wAQQEH0V4dHJlbWVseSBkYW5nZXJvdXMgT0lEQyBiZWFjb24wSQYKKwYBBAGDvzABBQQ7c2lnc3RvcmUtY29uZm9ybWFuY2UvZXh0cmVtZWx5LWRhbmdlcm91cy1wdWJsaWMtb2lkYy1iZWFjb24wHQYKKwYBBAGDvzABBgQPcmVmcy9oZWFkcy9tYWluMDsGCisGAQQBg78wAQgELQwraHR0cHM6Ly90b2tlbi5hY3Rpb25zLmdpdGh1YnVzZXJjb250ZW50LmNvbTCBpgYKKwYBBAGDvzABCQSBlwyBlGh0dHBzOi8vZ2l0aHViLmNvbS9zaWdzdG9yZS1jb25mb3JtYW5jZS9leHRyZW1lbHktZGFuZ2Vyb3VzLXB1YmxpYy1vaWRjLWJlYWNvbi8uZ2l0aHViL3dvcmtmbG93cy9leHRyZW1lbHktZGFuZ2Vyb3VzLW9pZGMtYmVhY29uLnltbEByZWZzL2hlYWRzL21haW4wOAYKKwYBBAGDvzABCgQqDChhZjc4NWI2ZDNiMGZhMGMwYWExMzA1ZmFlZTdjZTYwMzZlOGQ5MGM0MB0GCisGAQQBg78wAQsEDwwNZ2l0aHViLWhvc3RlZDBeBgorBgEEAYO/MAEMBFAMTmh0dHBzOi8vZ2l0aHViLmNvbS9zaWdzdG9yZS1jb25mb3JtYW5jZS9leHRyZW1lbHktZGFuZ2Vyb3VzLXB1YmxpYy1vaWRjLWJlYWNvbjA4BgorBgEEAYO/MAENBCoMKGFmNzg1YjZkM2IwZmEwYzBhYTEzMDVmYWVlN2NlNjAzNmU4ZDkwYzQwHwYKKwYBBAGDvzABDgQRDA9yZWZzL2hlYWRzL21haW4wGQYKKwYBBAGDvzABDwQLDAk2MzI1OTY4OTcwNwYKKwYBBAGDvzABEAQpDCdodHRwczovL2dpdGh1Yi5jb20vc2lnc3RvcmUtY29uZm9ybWFuY2UwGQYKKwYBBAGDvzABEQQLDAkxMzE4MDQ1NjMwgaYGCisGAQQBg78wARIEgZcMgZRodHRwczovL2dpdGh1Yi5jb20vc2lnc3RvcmUtY29uZm9ybWFuY2UvZXh0cmVtZWx5LWRhbmdlcm91cy1wdWJsaWMtb2lkYy1iZWFjb24vLmdpdGh1Yi93b3JrZmxvd3MvZXh0cmVtZWx5LWRhbmdlcm91cy1vaWRjLWJlYWNvbi55bWxAcmVmcy9oZWFkcy9tYWluMDgGCisGAQQBg78wARMEKgwoYWY3ODViNmQzYjBmYTBjMGFhMTMwNWZhZWU3Y2U2MDM2ZThkOTBjNDAhBgorBgEEAYO/MAEUBBMMEXdvcmtmbG93X2Rpc3BhdGNoMIGBBgorBgEEAYO/MAEVBHMMcWh0dHBzOi8vZ2l0aHViLmNvbS9zaWdzdG9yZS1jb25mb3JtYW5jZS9leHRyZW1lbHktZGFuZ2Vyb3VzLXB1YmxpYy1vaWRjLWJlYWNvbi9hY3Rpb25zL3J1bnMvNTUzMzc0MTQ5Ny9hdHRlbXB0cy8xMIGKBgorBgEEAdZ5AgQCBHwEegB4AHYA3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p7o4AAAGJStGTCwAABAMARzBFAiBCA4jZQP4CwMiWoeS7WMW46QkI4e7OsNH3yVhf5wdBvgIhAPJYxdsi9NqOXVZsEUtCup8m1m/2zG39FTGlgE0MorDFMAoGCCqGSM49BAMDA2gAMGUCMEYWRwI5QJeOwNCuV4tnZ0n5QNlUlP0BtX5V2ZTQLqcQbWtneC7tLptiYgr0Z62UDQIxAO6ItXAH+sbZcsbj08xr3GApM6hjvyTAl39pS3Y3sZwAz8lfQDHNL4eALEo1heAYVg=="}]}, "tlogEntries": [{"logIndex": "27246492", "logId": {"keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="}, "kindVersion": {"kind": "hashedrekord", "version": "0.0.1"}, "integratedTime": "1689177396", "inclusionPromise": {"signedEntryTimestamp": "MEUCIQCvkqgP1sCP3BiNYQ+36o79yGXZP5CNeo7OmpmVT6kehgIgegEh0UlZwjMj2KEi/X0nm9cyq+vuG8uOGqG4i//nqgM="}, "inclusionProof": {"logIndex": "23083061", "rootHash": "dauhleYK4YyAdxwwDtR0l0KnSOWZdG2bwqHftlanvcI=", "treeSize": "23083062", "hashes": ["/vK4Da3g7ZhRgme8FxCi8QIBL7DSlwpSwyERyIV+uS8=", "k9N2htTx+7tA55tT0tiB/BO4uqaqSxqTV34ouZgCBWk=", "/ArdEa96pCZQOyrxyKhOHxd2HHEsXBldxS8p23CNIkk=", "5GQbI53IAmYSDjLtEjG0PNzp0hk2+W/eEkCbJlNqTKc=", "O86OnjaE1s+pcHWna1/xdeZ7ubCXgVmtV1f7nWlWYLI=", "Hj0TEef/bwMHB10DPoFLu5+RSLTGJ5YRaQWqwwVIp0s=", "aRtyVlt3GYDP4qaYrEAWqiGqcYDELxyk7Fl3icGXOoA=", "ZdynT2d4F3NFQNBurFDaZBoYMVRjbQjlTnSL1hL67+s=", "3VHoQOiS1wCTrX4dseLeo9UDNMc0XTYORE0i/Entn14=", "rXEsmEJN4PEoTU8US4qVtdIsGB1MCiRlGOepoiC99kM="], "checkpoint": {"envelope": "rekor.sigstore.dev - 2605736670972794746\n23083062\ndauhleYK4YyAdxwwDtR0l0KnSOWZdG2bwqHftlanvcI=\nTimestamp: 1689177396617352539\n\n\u2014 rekor.sigstore.dev wNI9ajBFAiBxaGyEtxkzFLkaCSEJqFuSS3dJjEZCNiyByVs1CNVQ8gIhAOoNnXtmMtTctV2oRnSRUZAo4EWUYPK/vBsqOzAU6TMs\n"}}, "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiJhMGNmYzcxMjcxZDZlMjc4ZTU3Y2QzMzJmZjk1N2MzZjcwNDNmZGRhMzU0YzRjYmIxOTBhMzBkNTZlZmEwMWJmIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FUUNJRk9wYVhLV3Z2QkR3VGhEalRIWDd0RkY4bGlSb1N4TFpJc1Nlb1VNLzZENEFpQnhWOS9SblRNTXcxdDZubmlYMHJDdXdyZjhWaCtmZUxGdTk5bTRpciszeUE9PSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVbEhWRU5EUWpVclowRjNTVUpCWjBsVlFsQlhjelJQVUU0eGEzUmxNRzFWVFVkYWNsbzJiM3BOVmxKcmQwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcE5kMDU2UlhsTlZGVXhUbXBOTVZkb1kwNU5hazEzVG5wRmVVMVVXWGRPYWsweFYycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZXY2pNemRWWkJVRUV4VTNCQk5YY3ZiVzFDUmpsaGNtbFhPRVUzYjJsNlNWRkxjV2tLV1daNGQxTmlNWHBtZEhGYVdsZ3dORFY1TTNSUVlsSnJTVmRsSzNRM1RWVlpiR2xSYTI1Uk9UVTBja1JFUlVGVGJrdFBRMEp5TkhkbloyRTJUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlY0TWxST0NscHJjblZJUXpKaFEyUjVTVmh6WTBrNFRpODRjVEp2ZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDJkaFZVZEJNVlZrUlZGRlFpOTNVMEp0YWtOQ2JEUmhRbXhIYURCa1NFSjZUMms0ZGxveWJEQmhTRlpwVEcxT2RtSlRPWHBoVjJSNlpFYzVlUXBhVXpGcVlqSTFiV0l6U25SWlZ6VnFXbE01YkdWSVVubGFWekZzWWtocmRGcEhSblZhTWxaNVlqTldla3hZUWpGWmJYaHdXWGt4ZG1GWFVtcE1WMHBzQ2xsWFRuWmlhVGgxV2pKc01HRklWbWxNTTJSMlkyMTBiV0pIT1ROamVUbHNaVWhTZVZwWE1XeGlTR3QwV2tkR2RWb3lWbmxpTTFaNlRGYzVjRnBIVFhRS1dXMVdhRmt5T1hWTWJteDBZa1ZDZVZwWFducE1NbWhzV1ZkU2Vrd3lNV2hoVnpSM1QxRlpTMHQzV1VKQ1FVZEVkbnBCUWtGUlVYSmhTRkl3WTBoTk5ncE1lVGt3WWpKMGJHSnBOV2haTTFKd1lqSTFla3h0WkhCa1IyZ3hXVzVXZWxwWVNtcGlNalV3V2xjMU1FeHRUblppVkVGbVFtZHZja0puUlVWQldVOHZDazFCUlVOQ1FrWXpZak5LY2xwdGVIWmtNVGxyWVZoT2QxbFlVbXBoUkVFeVFtZHZja0puUlVWQldVOHZUVUZGUkVKRGFHaGFhbU0wVGxkSk1scEVUbWtLVFVkYWFFMUhUWGRaVjBWNFRYcEJNVnB0Um14YVZHUnFXbFJaZDAxNldteFBSMUUxVFVkTk1FMURNRWREYVhOSFFWRlJRbWMzT0hkQlVWRkZTREJXTkFwa1NFcHNZbGRXYzJWVFFtdFpWelZ1V2xoS2RtUllUV2RVTUd4RlVYbENhVnBYUm1waU1qUjNVMUZaUzB0M1dVSkNRVWRFZG5wQlFrSlJVVGRqTW14dUNtTXpVblpqYlZWMFdUSTVkVnB0T1hsaVYwWjFXVEpWZGxwWWFEQmpiVlowV2xkNE5VeFhVbWhpYldSc1kyMDVNV041TVhka1YwcHpZVmROZEdJeWJHc0tXWGt4YVZwWFJtcGlNalIzU0ZGWlMwdDNXVUpDUVVkRWRucEJRa0puVVZCamJWWnRZM2s1YjFwWFJtdGplVGwwV1Zkc2RVMUVjMGREYVhOSFFWRlJRZ3BuTnpoM1FWRm5SVXhSZDNKaFNGSXdZMGhOTmt4NU9UQmlNblJzWW1rMWFGa3pVbkJpTWpWNlRHMWtjR1JIYURGWmJsWjZXbGhLYW1JeU5UQmFWelV3Q2t4dFRuWmlWRU5DY0dkWlMwdDNXVUpDUVVkRWRucEJRa05SVTBKc2QzbENiRWRvTUdSSVFucFBhVGgyV2pKc01HRklWbWxNYlU1MllsTTVlbUZYWkhvS1pFYzVlVnBUTVdwaU1qVnRZak5LZEZsWE5XcGFVemxzWlVoU2VWcFhNV3hpU0d0MFdrZEdkVm95Vm5saU0xWjZURmhDTVZsdGVIQlplVEYyWVZkU2FncE1WMHBzV1ZkT2RtSnBPSFZhTW13d1lVaFdhVXd6WkhaamJYUnRZa2M1TTJONU9XeGxTRko1V2xjeGJHSklhM1JhUjBaMVdqSldlV0l6Vm5wTVZ6bHdDbHBIVFhSWmJWWm9XVEk1ZFV4dWJIUmlSVUo1V2xkYWVrd3lhR3haVjFKNlRESXhhR0ZYTkhkUFFWbExTM2RaUWtKQlIwUjJla0ZDUTJkUmNVUkRhR2dLV21wak5FNVhTVEphUkU1cFRVZGFhRTFIVFhkWlYwVjRUWHBCTVZwdFJteGFWR1JxV2xSWmQwMTZXbXhQUjFFMVRVZE5NRTFDTUVkRGFYTkhRVkZSUWdwbk56aDNRVkZ6UlVSM2QwNWFNbXd3WVVoV2FVeFhhSFpqTTFKc1drUkNaVUpuYjNKQ1owVkZRVmxQTDAxQlJVMUNSa0ZOVkcxb01HUklRbnBQYVRoMkNsb3liREJoU0ZacFRHMU9kbUpUT1hwaFYyUjZaRWM1ZVZwVE1XcGlNalZ0WWpOS2RGbFhOV3BhVXpsc1pVaFNlVnBYTVd4aVNHdDBXa2RHZFZveVZua0tZak5XZWt4WVFqRlpiWGh3V1hreGRtRlhVbXBNVjBwc1dWZE9kbUpxUVRSQ1oyOXlRbWRGUlVGWlR5OU5RVVZPUWtOdlRVdEhSbTFPZW1jeFdXcGFhd3BOTWtsM1dtMUZkMWw2UW1oWlZFVjZUVVJXYlZsWFZteE9NazVzVG1wQmVrNXRWVFJhUkd0M1dYcFJkMGgzV1V0TGQxbENRa0ZIUkhaNlFVSkVaMUZTQ2tSQk9YbGFWMXA2VERKb2JGbFhVbnBNTWpGb1lWYzBkMGRSV1V0TGQxbENRa0ZIUkhaNlFVSkVkMUZNUkVGck1rMTZTVEZQVkZrMFQxUmpkMDUzV1VzS1MzZFpRa0pCUjBSMmVrRkNSVUZSY0VSRFpHOWtTRkozWTNwdmRrd3laSEJrUjJneFdXazFhbUl5TUhaak1teHVZek5TZG1OdFZYUlpNamwxV20wNWVRcGlWMFoxV1RKVmQwZFJXVXRMZDFsQ1FrRkhSSFo2UVVKRlVWRk1SRUZyZUUxNlJUUk5SRkV4VG1wTmQyZGhXVWREYVhOSFFWRlJRbWMzT0hkQlVrbEZDbWRhWTAxbldsSnZaRWhTZDJONmIzWk1NbVJ3WkVkb01WbHBOV3BpTWpCMll6SnNibU16VW5aamJWVjBXVEk1ZFZwdE9YbGlWMFoxV1RKVmRscFlhREFLWTIxV2RGcFhlRFZNVjFKb1ltMWtiR050T1RGamVURjNaRmRLYzJGWFRYUmlNbXhyV1hreGFWcFhSbXBpTWpSMlRHMWtjR1JIYURGWmFUa3pZak5LY2dwYWJYaDJaRE5OZGxwWWFEQmpiVlowV2xkNE5VeFhVbWhpYldSc1kyMDVNV041TVhaaFYxSnFURmRLYkZsWFRuWmlhVFUxWWxkNFFXTnRWbTFqZVRsdkNscFhSbXRqZVRsMFdWZHNkVTFFWjBkRGFYTkhRVkZSUW1jM09IZEJVazFGUzJkM2IxbFhXVE5QUkZacFRtMVJlbGxxUW0xWlZFSnFUVWRHYUUxVVRYY0tUbGRhYUZwWFZUTlpNbFV5VFVSTk1scFVhR3RQVkVKcVRrUkJhRUpuYjNKQ1owVkZRVmxQTDAxQlJWVkNRazFOUlZoa2RtTnRkRzFpUnpreldESlNjQXBqTTBKb1pFZE9iMDFKUjBKQ1oyOXlRbWRGUlVGWlR5OU5RVVZXUWtoTlRXTlhhREJrU0VKNlQyazRkbG95YkRCaFNGWnBURzFPZG1KVE9YcGhWMlI2Q21SSE9YbGFVekZxWWpJMWJXSXpTblJaVnpWcVdsTTViR1ZJVW5sYVZ6RnNZa2hyZEZwSFJuVmFNbFo1WWpOV2VreFlRakZaYlhod1dYa3hkbUZYVW1vS1RGZEtiRmxYVG5aaWFUbG9XVE5TY0dJeU5YcE1NMG94WW01TmRrNVVWWHBOZW1Nd1RWUlJOVTU1T1doa1NGSnNZbGhDTUdONU9IaE5TVWRMUW1kdmNncENaMFZGUVdSYU5VRm5VVU5DU0hkRlpXZENORUZJV1VFelZEQjNZWE5pU0VWVVNtcEhValJqYlZkak0wRnhTa3RZY21wbFVFc3pMMmcwY0hsblF6aHdDamR2TkVGQlFVZEtVM1JIVkVOM1FVRkNRVTFCVW5wQ1JrRnBRa05CTkdwYVVWQTBRM2ROYVZkdlpWTTNWMDFYTkRaUmEwazBaVGRQYzA1SU0zbFdhR1lLTlhka1FuWm5TV2hCVUVwWmVHUnphVGxPY1U5WVZscHpSVlYwUTNWd09HMHhiUzh5ZWtjek9VWlVSMnhuUlRCTmIzSkVSazFCYjBkRFEzRkhVMDAwT1FwQ1FVMUVRVEpuUVUxSFZVTk5SVmxYVW5kSk5WRktaVTkzVGtOMVZqUjBibG93YmpWUlRteFZiRkF3UW5SWU5WWXlXbFJSVEhGalVXSlhkRzVsUXpkMENreHdkR2xaWjNJd1dqWXlWVVJSU1hoQlR6WkpkRmhCU0N0ellscGpjMkpxTURoNGNqTkhRWEJOTm1ocWRubFVRV3d6T1hCVE0xa3pjMXAzUVhvNGJHWUtVVVJJVGt3MFpVRk1SVzh4YUdWQldWWm5QVDBLTFMwdExTMUZUa1FnUTBWU1ZFbEdTVU5CVkVVdExTMHRMUW89In19fX0="}]}, "messageSignature": {"messageDigest": {"algorithm": "SHA2_256", "digest": "oM/HEnHW4njlfNMy/5V8P3BD/do1TEy7GQow1W76Ab8="}, "signature": "MEQCIFOpaXKWvvBDwThDjTHX7tFF8liRoSxLZIsSeoUM/6D4AiBxV9/RnTMMw1t6nniX0rCuwrf8Vh+feLFu99m4ir+3yA=="}} +{"mediaType":"application/vnd.dev.sigstore.bundle+json;version=0.2","verificationMaterial":{"x509CertificateChain":{"certificates":[{"rawBytes":"MIICyDCCAk6gAwIBAgIUenpCAKVU2BcGqhnsCe0doys6ibwwCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjMxMDExMTQyODAzWhcNMjMxMDExMTQzODAzWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEC0NNg9GUBzDJz2+i3Ffl1RiCwBekqVQvaYdjXJu6O7zd0WOofuc9zaBQ3WhE8o3EXH0Y5prD6bGajd2XEaMW6KOCAW0wggFpMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQULM+gqZePC3pfVoEclUSrtVPwGwgwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wHQYDVR0RAQH/BBMwEYEPYXBwdUBnb29nbGUuY29tMCkGCisGAQQBg78wAQEEG2h0dHBzOi8vYWNjb3VudHMuZ29vZ2xlLmNvbTArBgorBgEEAYO/MAEIBB0MG2h0dHBzOi8vYWNjb3VudHMuZ29vZ2xlLmNvbTCBigYKKwYBBAHWeQIEAgR8BHoAeAB2AN09MGrGxxEyYxkeHJlnNwKiSl643jyt/4eKcoAvKe6OAAABix8jOOQAAAQDAEcwRQIhANeveOTEE7bNqX0UyaSYlSoOXtOntGNsEAO9FUaa/p/XAiBaMNu8aUovaFnoY+e3VIwsLfKoQls17tZbbH6sY+RZQjAKBggqhkjOPQQDAwNoADBlAjB63/BTZjqtZFoKpilCsvEzz4a6eBGf0dbnqhhDS/9ELuKjj2H7jQuNICxqED5p9vECMQDxUugt9pitEpNkOR4gnHdEAS726LUKhCic2QUhwbNJt/+Th+O7MyvyfoDjdlgGGMI="}]},"tlogEntries":[{"logIndex":"41958702","logId":{"keyId":"wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="},"kindVersion":{"kind":"hashedrekord","version":"0.0.1"},"integratedTime":"1697034484","inclusionPromise":{"signedEntryTimestamp":"MEUCIFJST52F75FnhiyWApcgiQWgszyb/rf6J5wIRHEFb6LiAiEAgK/el1WsJLdpoRn0Pp9np9LPbY4ebQyyX03j8325Q48="},"inclusionProof":{"logIndex":"37795271","rootHash":"60ll7idWI1jYRZzxc+jKflYoW+4jWxgZaGR15ASsWt4=","treeSize":"37795272","hashes":["ZIU3md9RFYeb/QLydGOwhQ3ND+W4anIY65AcncCDATg=","FW20NiNv2Sqj0JVrVV0jxM2orMbQ9xh+VP1lTkSDl/Q=","S+iI/+iSshhUyd1Q7CAhJL1r0ztj4VmlB+Mz6EIYVnc=","IarfFu1ExpVVeg2h4fG1IWKYMs6BKCBnp46dlDN+iRA=","lMgRhGHIJoON6m0fp7dqo58UDMgHbflIjryXEw8/6GI=","wFBMBVQ5HXrKMuf5XOphsNlin7vSAfDFJnQq5YDxVrY=","FBAwNrNC3qhOjCcwdeB59P7bwQ40jtBUib0Y/j87xpE=","FTHlMv8QQyKAsmnkVAwWZSzP3mApzQXkiZrN+bQGg08=","5Lrnz5mdl9fOisdC44l0ljBJi9bwDSb/ArXsvCpgCiQ=","dA4IFz5UaTwkR83x1QUkZLq0UZJu9kRZJuSDsU7kVkE=","EqXDaDjlrIheY/2CQ/d0+pp4EBeqLlaq2/0ociyo5AY=","aWnEm9c/Gb8operqvTMd3WBQLe+yzT2W4Xt0HICt7Gw="],"checkpoint":{"envelope":"rekor.sigstore.dev - 2605736670972794746\n37795272\n60ll7idWI1jYRZzxc+jKflYoW+4jWxgZaGR15ASsWt4=\nTimestamp: 1697034484441201852\n\n— rekor.sigstore.dev wNI9ajBGAiEAlWUH2HSPa6IMIRBgFcIXph3Mj9xM70WR0VVADvGIl/oCIQCgfvUUjR/X5jewlqpAWI8NuJIicKpTG64vo6UM5fpSgQ==\n"}},"canonicalizedBody":"eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiJhMGNmYzcxMjcxZDZlMjc4ZTU3Y2QzMzJmZjk1N2MzZjcwNDNmZGRhMzU0YzRjYmIxOTBhMzBkNTZlZmEwMWJmIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FVUNJRG9xaGp4NWJ6Z1EwS3dNRDFtNzJDTGR4bTZMRHNhWU9oWE94L1NkS0NiRkFpRUExalY0V3kxUkhSN0pWS1FHUmZ5UGpLQTVzRUhWb0M0VUJnRHhpZjJ2Nmx3PSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjVSRU5EUVdzMlowRjNTVUpCWjBsVlpXNXdRMEZMVmxVeVFtTkhjV2h1YzBObE1HUnZlWE0yYVdKM2QwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcE5lRTFFUlhoTlZGRjVUMFJCZWxkb1kwNU5hazE0VFVSRmVFMVVVWHBQUkVGNlYycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZETUU1T1p6bEhWVUo2UkVwNk1pdHBNMFptYkRGU2FVTjNRbVZyY1ZaUmRtRlpaR29LV0VwMU5rODNlbVF3VjA5dlpuVmpPWHBoUWxFelYyaEZPRzh6UlZoSU1GazFjSEpFTm1KSFlXcGtNbGhGWVUxWE5rdFBRMEZYTUhkblowWndUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlZNVFN0bkNuRmFaVkJETTNCbVZtOUZZMnhWVTNKMFZsQjNSM2RuZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBoUldVUldVakJTUVZGSUwwSkNUWGRGV1VWUVdWaENkMlJWUW01aU1qbHVZa2RWZFZreU9YUk5RMnRIUTJselIwRlJVVUpuTnpoM1FWRkZSUXBITW1nd1pFaENlazlwT0haWlYwNXFZak5XZFdSSVRYVmFNamwyV2pKNGJFeHRUblppVkVGeVFtZHZja0puUlVWQldVOHZUVUZGU1VKQ01FMUhNbWd3Q21SSVFucFBhVGgyV1ZkT2FtSXpWblZrU0UxMVdqSTVkbG95ZUd4TWJVNTJZbFJEUW1sbldVdExkMWxDUWtGSVYyVlJTVVZCWjFJNFFraHZRV1ZCUWpJS1FVNHdPVTFIY2tkNGVFVjVXWGhyWlVoS2JHNU9kMHRwVTJ3Mk5ETnFlWFF2TkdWTFkyOUJka3RsTms5QlFVRkNhWGc0YWs5UFVVRkJRVkZFUVVWamR3cFNVVWxvUVU1bGRtVlBWRVZGTjJKT2NWZ3dWWGxoVTFsc1UyOVBXSFJQYm5SSFRuTkZRVTg1UmxWaFlTOXdMMWhCYVVKaFRVNTFPR0ZWYjNaaFJtNXZDbGtyWlROV1NYZHpUR1pMYjFGc2N6RTNkRnBpWWtnMmMxa3JVbHBSYWtGTFFtZG5jV2hyYWs5UVVWRkVRWGRPYjBGRVFteEJha0kyTXk5Q1ZGcHFjWFFLV2tadlMzQnBiRU56ZGtWNmVqUmhObVZDUjJZd1pHSnVjV2hvUkZNdk9VVk1kVXRxYWpKSU4ycFJkVTVKUTNoeFJVUTFjRGwyUlVOTlVVUjRWWFZuZEFvNWNHbDBSWEJPYTA5U05HZHVTR1JGUVZNM01qWk1WVXRvUTJsak1sRlZhSGRpVGtwMEx5dFVhQ3RQTjAxNWRubG1iMFJxWkd4blIwZE5TVDBLTFMwdExTMUZUa1FnUTBWU1ZFbEdTVU5CVkVVdExTMHRMUW89In19fX0="}]},"messageSignature":{"messageDigest":{"algorithm":"SHA2_256","digest":"oM/HEnHW4njlfNMy/5V8P3BD/do1TEy7GQow1W76Ab8="},"signature":"MEUCIDoqhjx5bzgQ0KwMD1m72CLdxm6LDsaYOhXOx/SdKCbFAiEA1jV4Wy1RHR7JVKQGRfyPjKA5sEHVoC4UBgDxif2v6lw="}} diff --git a/sigstore-testkit/src/main/kotlin/dev/sigstore/testkit/BaseGradleTest.kt b/sigstore-testkit/src/main/kotlin/dev/sigstore/testkit/BaseGradleTest.kt index 99477233..1ae7971f 100644 --- a/sigstore-testkit/src/main/kotlin/dev/sigstore/testkit/BaseGradleTest.kt +++ b/sigstore-testkit/src/main/kotlin/dev/sigstore/testkit/BaseGradleTest.kt @@ -191,7 +191,7 @@ open class BaseGradleTest { protected fun , ACTUAL : CharSequence> AbstractCharSequenceAssert.basicSigstoreStructure() = contains( - """"mediaType": "application/vnd.dev.sigstore.bundle+json;version\u003d0.1"""", + """"mediaType": "application/vnd.dev.sigstore.bundle+json;version\u003d0.2"""", """"algorithm": "SHA2_256"""", ) }