diff --git a/sigstore-java/src/main/java/dev/sigstore/tuf/SigstoreTufClient.java b/sigstore-java/src/main/java/dev/sigstore/tuf/SigstoreTufClient.java index daf5d0ad..08938d46 100644 --- a/sigstore-java/src/main/java/dev/sigstore/tuf/SigstoreTufClient.java +++ b/sigstore-java/src/main/java/dev/sigstore/tuf/SigstoreTufClient.java @@ -72,7 +72,7 @@ public Builder usePublicGoodInstance() { } try { tufMirror( - new URL("https://storage.googleapis.com/sigstore-tuf-root/"), + new URL("https://tuf-repo-cdn.sigstore.dev"), Path.of( Resources.getResource("dev/sigstore/tuf/sigstore-tuf-root/root.json").getPath())); } catch (MalformedURLException e) { @@ -81,6 +81,27 @@ public Builder usePublicGoodInstance() { return this; } + public Builder useStagingInstance() { + if (remoteMirror != null || trustedRoot != null) { + throw new IllegalStateException( + "Using staging after configuring remoteMirror and trustedRoot"); + } + try { + tufMirror( + new URL("https://tuf-repo-cdn.sigstage.dev"), + Path.of( + Resources.getResource("dev/sigstore/tuf/tuf-root-staging/root.json").getPath())); + } catch (MalformedURLException e) { + throw new AssertionError(e); + } + tufCacheLocation = + Path.of(System.getProperty("user.home")) + .resolve(".sigstore-java") + .resolve("staging") + .resolve("root"); + return this; + } + public Builder tufMirror(URL mirror, Path trustedRoot) { this.remoteMirror = mirror; this.trustedRoot = trustedRoot; diff --git a/sigstore-java/src/main/resources/dev/sigstore/tuf/tuf-root-staging/1.root.json b/sigstore-java/src/main/resources/dev/sigstore/tuf/tuf-root-staging/1.root.json deleted file mode 100644 index c47c42bc..00000000 --- a/sigstore-java/src/main/resources/dev/sigstore/tuf/tuf-root-staging/1.root.json +++ /dev/null @@ -1,87 +0,0 @@ -{ - "signatures": [ - { - "keyid": "baf73fa38311c699f6b2583a6493afb3e3974b333ed61c4a370d0787e2012093", - "sig": "2f8194ea672740abe0bd38464f35af43ec6de5c8ef8fa43c49525e2bf9ae4dcd243c8f95d1975ea2137e58b7c0e305280ac940fe617b8ac2e37290f4059e6f04" - } - ], - "signed": { - "_type": "root", - "consistent_snapshot": false, - "expires": "2032-04-28T20:21:11Z", - "keys": { - "26599e08a9fe425a8863c9a4bc2b87ba0d55a9540695eb49b8d267f5578f6bc0": { - "keyid_hash_algorithms": [ - "sha256", - "sha512" - ], - "keytype": "ed25519", - "keyval": { - "public": "6625fa57e94e34a2f27a3c486eb88dc69da0162e425a5f16d1b5c9d4dad79aca" - }, - "scheme": "ed25519" - }, - "baf73fa38311c699f6b2583a6493afb3e3974b333ed61c4a370d0787e2012093": { - "keyid_hash_algorithms": [ - "sha256", - "sha512" - ], - "keytype": "ed25519", - "keyval": { - "public": "f10da95f3c08b4906e366e1a9a1222659793bce03ce80a3c448fbedeb8974ef6" - }, - "scheme": "ed25519" - }, - "da02af6aec8ca4c93d4558b83b81ce7deb0ea4566879d017ccfb087a3a031321": { - "keyid_hash_algorithms": [ - "sha256", - "sha512" - ], - "keytype": "ed25519", - "keyval": { - "public": "e66efde4c3db6bfdac5fc4e3f54260f2655afa2aa9167da5b135e4986aeadf5a" - }, - "scheme": "ed25519" - }, - "dbb3cc3a3752fd0a51066f840075262b1fd28d93c3098975e4773f669943507e": { - "keyid_hash_algorithms": [ - "sha256", - "sha512" - ], - "keytype": "ed25519", - "keyval": { - "public": "2af53c16edb6db039cc209b56f8fdbbff9e77a23516823b0f560134803f3a072" - }, - "scheme": "ed25519" - } - }, - "roles": { - "root": { - "keyids": [ - "baf73fa38311c699f6b2583a6493afb3e3974b333ed61c4a370d0787e2012093" - ], - "threshold": 1 - }, - "snapshot": { - "keyids": [ - "da02af6aec8ca4c93d4558b83b81ce7deb0ea4566879d017ccfb087a3a031321" - ], - "threshold": 1 - }, - "targets": { - "keyids": [ - "dbb3cc3a3752fd0a51066f840075262b1fd28d93c3098975e4773f669943507e" - ], - "threshold": 1 - }, - "timestamp": { - "keyids": [ - "26599e08a9fe425a8863c9a4bc2b87ba0d55a9540695eb49b8d267f5578f6bc0" - ], - "threshold": 1 - } - }, - "spec_version": "1.0", - "version": 1 - } -} \ No newline at end of file diff --git a/sigstore-java/src/main/resources/dev/sigstore/tuf/tuf-root-staging/root.json b/sigstore-java/src/main/resources/dev/sigstore/tuf/tuf-root-staging/root.json index c47c42bc..27291656 100644 --- a/sigstore-java/src/main/resources/dev/sigstore/tuf/tuf-root-staging/root.json +++ b/sigstore-java/src/main/resources/dev/sigstore/tuf/tuf-root-staging/root.json @@ -1,87 +1,65 @@ { - "signatures": [ - { - "keyid": "baf73fa38311c699f6b2583a6493afb3e3974b333ed61c4a370d0787e2012093", - "sig": "2f8194ea672740abe0bd38464f35af43ec6de5c8ef8fa43c49525e2bf9ae4dcd243c8f95d1975ea2137e58b7c0e305280ac940fe617b8ac2e37290f4059e6f04" - } - ], - "signed": { - "_type": "root", - "consistent_snapshot": false, - "expires": "2032-04-28T20:21:11Z", - "keys": { - "26599e08a9fe425a8863c9a4bc2b87ba0d55a9540695eb49b8d267f5578f6bc0": { - "keyid_hash_algorithms": [ - "sha256", - "sha512" - ], - "keytype": "ed25519", - "keyval": { - "public": "6625fa57e94e34a2f27a3c486eb88dc69da0162e425a5f16d1b5c9d4dad79aca" - }, - "scheme": "ed25519" - }, - "baf73fa38311c699f6b2583a6493afb3e3974b333ed61c4a370d0787e2012093": { - "keyid_hash_algorithms": [ - "sha256", - "sha512" - ], - "keytype": "ed25519", - "keyval": { - "public": "f10da95f3c08b4906e366e1a9a1222659793bce03ce80a3c448fbedeb8974ef6" - }, - "scheme": "ed25519" - }, - "da02af6aec8ca4c93d4558b83b81ce7deb0ea4566879d017ccfb087a3a031321": { - "keyid_hash_algorithms": [ - "sha256", - "sha512" - ], - "keytype": "ed25519", - "keyval": { - "public": "e66efde4c3db6bfdac5fc4e3f54260f2655afa2aa9167da5b135e4986aeadf5a" - }, - "scheme": "ed25519" - }, - "dbb3cc3a3752fd0a51066f840075262b1fd28d93c3098975e4773f669943507e": { - "keyid_hash_algorithms": [ - "sha256", - "sha512" - ], - "keytype": "ed25519", - "keyval": { - "public": "2af53c16edb6db039cc209b56f8fdbbff9e77a23516823b0f560134803f3a072" - }, - "scheme": "ed25519" - } - }, - "roles": { - "root": { - "keyids": [ - "baf73fa38311c699f6b2583a6493afb3e3974b333ed61c4a370d0787e2012093" - ], - "threshold": 1 - }, - "snapshot": { - "keyids": [ - "da02af6aec8ca4c93d4558b83b81ce7deb0ea4566879d017ccfb087a3a031321" - ], - "threshold": 1 - }, - "targets": { - "keyids": [ - "dbb3cc3a3752fd0a51066f840075262b1fd28d93c3098975e4773f669943507e" - ], - "threshold": 1 - }, - "timestamp": { - "keyids": [ - "26599e08a9fe425a8863c9a4bc2b87ba0d55a9540695eb49b8d267f5578f6bc0" - ], - "threshold": 1 - } - }, - "spec_version": "1.0", - "version": 1 - } + "signed": { + "_type": "root", + "spec_version": "1.0", + "version": 3, + "expires": "2029-02-17T23:05:14Z", + "keys": { + "314ae73abd3012fc73bfcc3783e31d03852716597642b891d6a33155c4baf600": { + "keytype": "ecdsa-sha2-nistp256", + "scheme": "ecdsa-sha2-nistp256", + "keyid_hash_algorithms": [ + "sha256", + "sha512" + ], + "keyval": { + "public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEXMZ7rD8tWDE4lK/+naJN7INMxNC7\nbMMANDqTQE7WpzyzffWOg59hc/MwbvJtvuxhO9mEu3GD3Cn0HffFlmVRiA==\n-----END PUBLIC KEY-----\n" + } + }, + "c8e09a68b5821b75462ae0df52151c81deb7f1838246dc1da8c34cc91ec12bda": { + "keytype": "ecdsa-sha2-nistp256", + "scheme": "ecdsa-sha2-nistp256", + "keyid_hash_algorithms": [ + "sha256", + "sha512" + ], + "keyval": { + "public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEL3vL/VeaH6nBbo4rekyO4cc/QthS\n+nlyJXCXSnyIMAtLmVTa8Pf0qG6YIVaR0TmLkyk9YoSVsZakxuMTuaEwrg==\n-----END PUBLIC KEY-----\n" + } + } + }, + "roles": { + "root": { + "keyids": [ + "c8e09a68b5821b75462ae0df52151c81deb7f1838246dc1da8c34cc91ec12bda" + ], + "threshold": 1 + }, + "snapshot": { + "keyids": [ + "314ae73abd3012fc73bfcc3783e31d03852716597642b891d6a33155c4baf600" + ], + "threshold": 1 + }, + "targets": { + "keyids": [ + "c8e09a68b5821b75462ae0df52151c81deb7f1838246dc1da8c34cc91ec12bda" + ], + "threshold": 1 + }, + "timestamp": { + "keyids": [ + "314ae73abd3012fc73bfcc3783e31d03852716597642b891d6a33155c4baf600" + ], + "threshold": 1 + } + }, + "consistent_snapshot": true + }, + "signatures": [ + { + "keyid": "c8e09a68b5821b75462ae0df52151c81deb7f1838246dc1da8c34cc91ec12bda", + "sig": "3045022061a67fc07a5dd88f0087f394d4d3ef15237115d2ee24261f2d35db07715da097022100a0efc621c0b0ba697ae75827e579dd90eef30f7bc5fdbef2c44338f791a67eeb" + } + ] } \ No newline at end of file diff --git a/sigstore-java/src/main/resources/dev/sigstore/tuf/tuf-root-staging/snapshot.json b/sigstore-java/src/main/resources/dev/sigstore/tuf/tuf-root-staging/snapshot.json deleted file mode 100644 index e171b198..00000000 --- a/sigstore-java/src/main/resources/dev/sigstore/tuf/tuf-root-staging/snapshot.json +++ /dev/null @@ -1,30 +0,0 @@ -{ - "signatures": [ - { - "keyid": "da02af6aec8ca4c93d4558b83b81ce7deb0ea4566879d017ccfb087a3a031321", - "sig": "1b7cb047e1a2a09e41a5dc37774dae0f27231b5601a6a52c2b4bf8c516a1b741a48a6a53205d993c9096b59859df13be4d529d23735882dcb76f5097a0fa7d01" - } - ], - "signed": { - "_type": "snapshot", - "expires": "2032-04-28T20:21:11Z", - "meta": { - "root.json": { - "hashes": { - "sha512": "bd78f27041c3faf2a380ec4d428969bd32d70dbed9cf73ecd8b875135bb33c91c2658cedc23b5172f6d00468e11ecef61b018433d03d4528d95b3aa849d4528d" - }, - "length": 2482, - "version": 1 - }, - "targets.json": { - "hashes": { - "sha512": "1dc4b13b897f701975033ef2642a4b906f0da481a035d44709f9d4ec1e436ddaf03cfaac7e356ccf71aa9238465a618c3f4c91dc2a057b1c31107195301ee05d" - }, - "length": 1884, - "version": 1 - } - }, - "spec_version": "1.0", - "version": 1 - } -} \ No newline at end of file diff --git a/sigstore-java/src/main/resources/dev/sigstore/tuf/tuf-root-staging/targets.json b/sigstore-java/src/main/resources/dev/sigstore/tuf/tuf-root-staging/targets.json deleted file mode 100644 index 56e68afd..00000000 --- a/sigstore-java/src/main/resources/dev/sigstore/tuf/tuf-root-staging/targets.json +++ /dev/null @@ -1,64 +0,0 @@ -{ - "signatures": [ - { - "keyid": "dbb3cc3a3752fd0a51066f840075262b1fd28d93c3098975e4773f669943507e", - "sig": "45df9512c80983656ab7a7890924b85b01ec2a7428af105377684d3ad499107f92f37a2e5ed0e1d2230281bbf36fecfc0ce53829794458dc57fbb899ef96f300" - } - ], - "signed": { - "_type": "targets", - "expires": "2032-04-28T20:21:11Z", - "spec_version": "1.0", - "targets": { - "ctfe.pub": { - "custom": { - "sigstore": { - "status": "Active", - "usage": "CTFE" - } - }, - "hashes": { - "sha512": "b861189e48df51186a39612230fba6b02af951f7b35ad9375e8ca182d0e085d470e26d69f7cd4d7450a0f223991e8e5a4ddf8f1968caa15255de8e37035af43a" - }, - "length": 775 - }, - "fulcio.crt.pem": { - "custom": { - "sigstore": { - "status": "Active", - "usage": "Fulcio" - } - }, - "hashes": { - "sha512": "c69ae618883a0c89c282c0943a1ad0c16b0a7788f74e47a1adefc631dac48a0c4449d8c3de7455ae7d772e43c4a87e341f180b0614a46a86006969f8a7b84532" - }, - "length": 741 - }, - "fulcio_intermediate.crt.pem": { - "custom": { - "sigstore": { - "status": "Active", - "usage": "Fulcio" - } - }, - "hashes": { - "sha512": "90659875a02f73d1026055427c6d857c556e410e23748ff88aeb493227610fd2f5fbdd95ef2a21565f91438dfb3e073f50c4c9dd06f9a601b5d9b064d5cb60b4" - }, - "length": 790 - }, - "rekor.pub": { - "custom": { - "sigstore": { - "status": "Active", - "usage": "Rekor" - } - }, - "hashes": { - "sha512": "09ab08698a67354a95d3b8897d9ce7eaef05f06f5ed5f0202d79c228579858ecc5816b7e1b7cc6786abe7d6aaa758e1fcb05900cb749235186c3bf9522d6d7ce" - }, - "length": 178 - } - }, - "version": 1 - } -} \ No newline at end of file diff --git a/sigstore-java/src/main/resources/dev/sigstore/tuf/tuf-root-staging/targets/ctfe.pub b/sigstore-java/src/main/resources/dev/sigstore/tuf/tuf-root-staging/targets/ctfe.pub deleted file mode 100644 index 39512c21..00000000 --- a/sigstore-java/src/main/resources/dev/sigstore/tuf/tuf-root-staging/targets/ctfe.pub +++ /dev/null @@ -1,13 +0,0 @@ ------BEGIN RSA PUBLIC KEY----- -MIICCgKCAgEA27A2MPQXm0I0v7/Ly5BIauDjRZF5Jor9vU+QheoE2UIIsZHcyYq3 -slHzSSHy2lLj1ZD2d91CtJ492ZXqnBmsr4TwZ9jQ05tW2mGIRI8u2DqN8LpuNYZG -z/f9SZrjhQQmUttqWmtu3UoLfKz6NbNXUnoo+NhZFcFRLXJ8VporVhuiAmL7zqT5 -3cXR3yQfFPCUDeGnRksnlhVIAJc3AHZZSHQJ8DEXMhh35TVv2nYhTI3rID7GwjXX -w4ocz7RGDD37ky6p39Tl5NB71gT1eSqhZhGHEYHIPXraEBd5+3w9qIuLWlp5Ej/K -6Mu4ELioXKCUimCbwy+Cs8UhHFlqcyg4AysOHJwIadXIa8LsY51jnVSGrGOEBZev -opmQPNPtyfFY3dmXSS+6Z3RD2Gd6oDnNGJzpSyEk410Ag5uvNDfYzJLCWX9tU8lI -xNwdFYmIwpd89HijyRyoGnoJ3entd63cvKfuuix5r+GHyKp1Xm1L5j5AWM6P+z0x -igwkiXnt+adexAl1J9wdDxv/pUFEESRF4DG8DFGVtbdH6aR1A5/vD4krO4tC1QYU -SeyL5Mvsw8WRqIFHcXtgybtxylljvNcGMV1KXQC8UFDmpGZVDSHx6v3e/BHMrZ7g -joCCfVMZ/cFcQi0W2AIHPYEMH/C95J2r4XbHMRdYXpovpOoT5Ca78gsCAwEAAQ== ------END RSA PUBLIC KEY----- diff --git a/sigstore-java/src/main/resources/dev/sigstore/tuf/tuf-root-staging/targets/fulcio.crt.pem b/sigstore-java/src/main/resources/dev/sigstore/tuf/tuf-root-staging/targets/fulcio.crt.pem deleted file mode 100644 index 47a5becf..00000000 --- a/sigstore-java/src/main/resources/dev/sigstore/tuf/tuf-root-staging/targets/fulcio.crt.pem +++ /dev/null @@ -1,13 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIB9jCCAXugAwIBAgITDdEJvluliE0AzYaIE4jTMdnFTzAKBggqhkjOPQQDAzAq -MRUwEwYDVQQKEwxzaWdzdG9yZS5kZXYxETAPBgNVBAMTCHNpZ3N0b3JlMB4XDTIy -MDMyNTE2NTA0NloXDTMyMDMyMjE2NTA0NVowKjEVMBMGA1UEChMMc2lnc3RvcmUu -ZGV2MREwDwYDVQQDEwhzaWdzdG9yZTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMo9 -BUNk9QIYisYysC24+2OytoV72YiLonYcqR3yeVnYziPt7Xv++CYE8yoCTiwedUEC -CWKOcvQKRCJZb9ht4Hzy+VvBx36hK+C6sECCSR0x6pPSiz+cTk1f788ZjBlUZaNj -MGEwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFP9C -Mrpofas6cK/cDNQa4j6Hj2ZlMB8GA1UdIwQYMBaAFP9CMrpofas6cK/cDNQa4j6H -j2ZlMAoGCCqGSM49BAMDA2kAMGYCMQD+kojuzMwztNay9Ibzjuk//ZL5m6T2OCsm -45l1lY004pcb984L926BowodoirFMcMCMQDIJtFHhP/1D3a+M3dAGomOb6O4CmTr -y3TTPbPsAFnv22YA0Y+P21NVoxKDjdu0tkw= ------END CERTIFICATE----- diff --git a/sigstore-java/src/main/resources/dev/sigstore/tuf/tuf-root-staging/targets/fulcio_intermediate.crt.pem b/sigstore-java/src/main/resources/dev/sigstore/tuf/tuf-root-staging/targets/fulcio_intermediate.crt.pem deleted file mode 100644 index d94a2aa4..00000000 --- a/sigstore-java/src/main/resources/dev/sigstore/tuf/tuf-root-staging/targets/fulcio_intermediate.crt.pem +++ /dev/null @@ -1,14 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICGTCCAaCgAwIBAgITJta/okfgHvjabGm1BOzuhrwA1TAKBggqhkjOPQQDAzAq -MRUwEwYDVQQKEwxzaWdzdG9yZS5kZXYxETAPBgNVBAMTCHNpZ3N0b3JlMB4XDTIy -MDQxNDIxMzg0MFoXDTMyMDMyMjE2NTA0NVowNzEVMBMGA1UEChMMc2lnc3RvcmUu -ZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwdjAQBgcqhkjOPQIB -BgUrgQQAIgNiAASosAySWJQ/tK5r8T5aHqavk0oI+BKQbnLLdmOMRXHQF/4Hx9Kt -NfpcdjH9hNKQSBxSlLFFN3tvFCco0qFBzWYwZtsYsBe1l91qYn/9VHFTaEVwYQWI -JEEvrs0fvPuAqjajezB5MA4GA1UdDwEB/wQEAwIBBjATBgNVHSUEDDAKBggrBgEF -BQcDAzASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBRxhjCmFHxib/n31vQF -Gn9f/+tvrDAfBgNVHSMEGDAWgBT/QjK6aH2rOnCv3AzUGuI+h49mZTAKBggqhkjO -PQQDAwNnADBkAjAM1lbKkcqQlE/UspMTbWNo1y2TaJ44tx3l/FJFceTSdDZ+0W1O -HHeU4twie/lq8XgCMHQxgEv26xNNiAGyPXbkYgrDPvbOqp0UeWX4mJnLSrBr3aN/ -KX1SBrKQu220FmVL0Q== ------END CERTIFICATE----- diff --git a/sigstore-java/src/main/resources/dev/sigstore/tuf/tuf-root-staging/targets/rekor.pub b/sigstore-java/src/main/resources/dev/sigstore/tuf/tuf-root-staging/targets/rekor.pub deleted file mode 100644 index 4234e16c..00000000 --- a/sigstore-java/src/main/resources/dev/sigstore/tuf/tuf-root-staging/targets/rekor.pub +++ /dev/null @@ -1,4 +0,0 @@ ------BEGIN PUBLIC KEY----- -MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEDODRU688UYGuy54mNUlaEBiQdTE9 -nYLr0lg6RXowI/QV/RE1azBn4Eg5/2uTOMbhB1/gfcHzijzFi9Tk+g1Prg== ------END PUBLIC KEY----- diff --git a/sigstore-java/src/main/resources/dev/sigstore/tuf/tuf-root-staging/timestamp.json b/sigstore-java/src/main/resources/dev/sigstore/tuf/tuf-root-staging/timestamp.json deleted file mode 100644 index 1a0f18f1..00000000 --- a/sigstore-java/src/main/resources/dev/sigstore/tuf/tuf-root-staging/timestamp.json +++ /dev/null @@ -1,23 +0,0 @@ -{ - "signatures": [ - { - "keyid": "26599e08a9fe425a8863c9a4bc2b87ba0d55a9540695eb49b8d267f5578f6bc0", - "sig": "d5617e337ddf0251c2299dedbacd90c8d6a6dc99a2fe093369b068472edf6a2efda8cea17d4dbcad9625d282d3a99deecb4a04eb0a1fe77cc74f9cf28d41a301" - } - ], - "signed": { - "_type": "timestamp", - "expires": "2032-04-28T20:21:11Z", - "meta": { - "snapshot.json": { - "hashes": { - "sha512": "b0aa523fa24a6715b9d4b6cb428410b3b1d06d725af54d9541d12d711a2e292830a6f4e2a14d62ec8c37d0d32fbc7777b18498a1bec2ace2e230dbb2e73c992f" - }, - "length": 928, - "version": 1 - } - }, - "spec_version": "1.0", - "version": 1 - } -} \ No newline at end of file diff --git a/sigstore-java/src/test/java/dev/sigstore/tuf/SigstoreTufClientTest.java b/sigstore-java/src/test/java/dev/sigstore/tuf/SigstoreTufClientTest.java index 8596398d..6104ceaf 100644 --- a/sigstore-java/src/test/java/dev/sigstore/tuf/SigstoreTufClientTest.java +++ b/sigstore-java/src/test/java/dev/sigstore/tuf/SigstoreTufClientTest.java @@ -45,6 +45,18 @@ public void testUpdate_publicGoodHasTrustedRootJson() throws Exception { Assertions.assertDoesNotThrow(() -> client.getSigstoreTrustedRoot().getCAs().current()); } + @Test + public void testUpdate_stagingHasTrustedRootJson() throws Exception { + var client = + SigstoreTufClient.builder().useStagingInstance().tufCacheLocation(localStorePath).build(); + client.forceUpdate(); + Assertions.assertNotNull(client.getSigstoreTrustedRoot()); + + Assertions.assertDoesNotThrow(() -> client.getSigstoreTrustedRoot().getTLogs().current()); + Assertions.assertDoesNotThrow(() -> client.getSigstoreTrustedRoot().getCTLogs().current()); + Assertions.assertDoesNotThrow(() -> client.getSigstoreTrustedRoot().getCAs().current()); + } + @Test public void testUpdate_updateWhenCacheInvalid() throws Exception { var mockUpdater = mockUpdater(); diff --git a/sigstore-java/src/test/resources/dev/sigstore/trustroot/staging_trusted_root.json b/sigstore-java/src/test/resources/dev/sigstore/trustroot/staging_trusted_root.json index 177667ea..f5b8853e 100644 --- a/sigstore-java/src/test/resources/dev/sigstore/trustroot/staging_trusted_root.json +++ b/sigstore-java/src/test/resources/dev/sigstore/trustroot/staging_trusted_root.json @@ -46,7 +46,8 @@ "rawBytes": "MIICCgKCAgEA27A2MPQXm0I0v7/Ly5BIauDjRZF5Jor9vU+QheoE2UIIsZHcyYq3slHzSSHy2lLj1ZD2d91CtJ492ZXqnBmsr4TwZ9jQ05tW2mGIRI8u2DqN8LpuNYZGz/f9SZrjhQQmUttqWmtu3UoLfKz6NbNXUnoo+NhZFcFRLXJ8VporVhuiAmL7zqT53cXR3yQfFPCUDeGnRksnlhVIAJc3AHZZSHQJ8DEXMhh35TVv2nYhTI3rID7GwjXXw4ocz7RGDD37ky6p39Tl5NB71gT1eSqhZhGHEYHIPXraEBd5+3w9qIuLWlp5Ej/K6Mu4ELioXKCUimCbwy+Cs8UhHFlqcyg4AysOHJwIadXIa8LsY51jnVSGrGOEBZevopmQPNPtyfFY3dmXSS+6Z3RD2Gd6oDnNGJzpSyEk410Ag5uvNDfYzJLCWX9tU8lIxNwdFYmIwpd89HijyRyoGnoJ3entd63cvKfuuix5r+GHyKp1Xm1L5j5AWM6P+z0xigwkiXnt+adexAl1J9wdDxv/pUFEESRF4DG8DFGVtbdH6aR1A5/vD4krO4tC1QYUSeyL5Mvsw8WRqIFHcXtgybtxylljvNcGMV1KXQC8UFDmpGZVDSHx6v3e/BHMrZ7gjoCCfVMZ/cFcQi0W2AIHPYEMH/C95J2r4XbHMRdYXpovpOoT5Ca78gsCAwEAAQ==", "keyDetails": "PKCS1_RSA_PKCS1V5", "validFor": { - "start": "2021-03-14T00:00:00.000Z" + "start": "2021-03-14T00:00:00.000Z", + "end": "2022-07-31T00:00:00.000Z" } }, "logId": { @@ -60,7 +61,8 @@ "rawBytes": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEh99xuRi6slBFd8VUJoK/rLigy4bYeSYWO/fE6Br7r0D8NpMI94+A63LR/WvLxpUUGBpY8IJA3iU2telag5CRpA==", "keyDetails": "PKIX_ECDSA_P256_SHA_256", "validFor": { - "start": "2022-07-01T00:00:00.000Z" + "start": "2022-07-01T00:00:00.000Z", + "end": "2022-07-31T00:00:00.000Z" } }, "logId": {