From 8445766a24b4f60c8af3a68fe0e1f75d0e202b79 Mon Sep 17 00:00:00 2001 From: Appu Goundan Date: Thu, 21 Nov 2024 11:40:27 -0500 Subject: [PATCH] Add support for verifying dsse-intoto - Verification should be able to correctly validate a bundle as cryptographically valid (VerificationOptions.empty()) - Verifiers may also include signer identity during verification - Verifiers should extract the embedded attestation to do further analysis on the attestation. Sigstore-java does not process those in any way - There is no signing options for DSSE bundles Signed-off-by: Appu Goundan --- .../java/dev/sigstore/KeylessVerifier.java | 62 ++++++++++----- .../main/java/dev/sigstore/bundle/Bundle.java | 38 ++++++++- .../dev/sigstore/bundle/BundleReader.java | 14 ++-- .../java/dev/sigstore/dsse/InTotoPayload.java | 30 ++++--- .../java/dev/sigstore/json/GsonSupplier.java | 2 + .../dev/sigstore/KeylessVerifierTest.java | 79 ++++++++++++++----- .../bundles/bundle.dsse.bad.sig.sigstore | 59 ++++++++++++++ .../samples/bundles/bundle.dsse.sigstore | 60 +++++++++++++- 8 files changed, 284 insertions(+), 60 deletions(-) create mode 100644 sigstore-java/src/test/resources/dev/sigstore/samples/bundles/bundle.dsse.bad.sig.sigstore diff --git a/sigstore-java/src/main/java/dev/sigstore/KeylessVerifier.java b/sigstore-java/src/main/java/dev/sigstore/KeylessVerifier.java index ba9aba72..718e97fd 100644 --- a/sigstore-java/src/main/java/dev/sigstore/KeylessVerifier.java +++ b/sigstore-java/src/main/java/dev/sigstore/KeylessVerifier.java @@ -181,14 +181,20 @@ public void verify(byte[] artifactDigest, Bundle bundle, VerificationOptions opt } // finally check the supplied signature can be verified by the public key in the certificate - var signature = bundle.getMessageSignature().isPresent() - ? bundle.getMessageSignature().get().getSignature() - : bundle.getDsseEnvelope().get().getSignature(); var publicKey = leafCert.getPublicKey(); try { var verifier = Verifiers.newVerifier(publicKey); - if (!verifier.verifyDigest(artifactDigest, signature)) { - throw new KeylessVerificationException("Artifact signature was not valid"); + if (bundle.getMessageSignature().isPresent()) { + if (!verifier.verifyDigest( + artifactDigest, bundle.getMessageSignature().get().getSignature())) { + throw new KeylessVerificationException("Artifact signature was not valid"); + } + } else { + if (!verifier.verify( + bundle.getDsseEnvelope().get().getPAE(), + bundle.getDsseEnvelope().get().getSignature())) { + throw new KeylessVerificationException("DSSE signature was not valid"); + } } } catch (NoSuchAlgorithmException | InvalidKeyException ex) { throw new RuntimeException(ex); @@ -231,26 +237,42 @@ void checkMessageSignature(MessageSignature messageSignature, byte[] artifactDig } } + // since we don't check dsse signatures over the artifact, we must verify the artifact is in + // the subject list of the envelope void checkDsseEnvelope(DsseEnvelope dsseEnvelope, byte[] artifactDigest) throws KeylessVerificationException { if (!Objects.equals(InTotoPayload.PAYLOAD_TYPE, dsseEnvelope.getPayloadType())) { - throw new KeylessVerificationException("DSSE envelope must have payload type " + InTotoPayload.PAYLOAD_TYPE + ", but found '" + dsseEnvelope.getPayloadType() + "'"); + throw new KeylessVerificationException( + "DSSE envelope must have payload type " + + InTotoPayload.PAYLOAD_TYPE + + ", but found '" + + dsseEnvelope.getPayloadType() + + "'"); } + if (dsseEnvelope.getSignatures().size() != 1) { + throw new KeylessVerificationException( + "DSSE envelope must have exactly 1 signature, but found: " + + dsseEnvelope.getSignatures().size()); + } + // find one sha256 hash in the subject list that matches the artifact hash InTotoPayload payload = InTotoPayload.from(dsseEnvelope); - if (payload.getSubject().stream().noneMatch(subject -> { - if (subject.getDigest().containsKey("sha256")) { - try { - var digestBytes = Hex.decode(subject.getDigest().get("sha256")); - return Arrays.equals(artifactDigest, digestBytes); - } catch (DecoderException de) { - // ignore and return false - } - } - return false; - })) { - var providedHashes = payload.getSubject().stream() - .map(s -> s.getDigest().getOrDefault("sha256", "no-sha256-hash")).collect( - Collectors.joining(",", "[", "]")); + if (payload.getSubject().stream() + .noneMatch( + subject -> { + if (subject.getDigest().containsKey("sha256")) { + try { + var digestBytes = Hex.decode(subject.getDigest().get("sha256")); + return Arrays.equals(artifactDigest, digestBytes); + } catch (DecoderException de) { + // ignore and return false + } + } + return false; + })) { + var providedHashes = + payload.getSubject().stream() + .map(s -> s.getDigest().getOrDefault("sha256", "no-sha256-hash")) + .collect(Collectors.joining(",", "[", "]")); throw new KeylessVerificationException( "Provided artifact digest does not match any subject sha256 digests in DSSE payload" diff --git a/sigstore-java/src/main/java/dev/sigstore/bundle/Bundle.java b/sigstore-java/src/main/java/dev/sigstore/bundle/Bundle.java index 4717948b..59cfd1fe 100644 --- a/sigstore-java/src/main/java/dev/sigstore/bundle/Bundle.java +++ b/sigstore-java/src/main/java/dev/sigstore/bundle/Bundle.java @@ -20,13 +20,16 @@ import java.io.IOException; import java.io.Reader; import java.nio.charset.Charset; +import java.nio.charset.StandardCharsets; import java.nio.file.Files; import java.nio.file.Path; import java.security.cert.CertPath; import java.util.List; import java.util.Optional; +import org.immutables.gson.Gson; import org.immutables.value.Value; import org.immutables.value.Value.Default; +import org.immutables.value.Value.Derived; import org.immutables.value.Value.Immutable; import org.immutables.value.Value.Lazy; @@ -141,7 +144,36 @@ public interface DsseEnvelope { String getPayloadType(); /** DSSE specific signature */ - byte[] getSignature(); + List getSignatures(); + + /** + * The "Pre-Authentication Encoding" of this statement. The signature is generated over this + * content. + */ + @Gson.Ignore + @Derived + default byte[] getPAE() { + return ("DSSEv1 " + + getPayloadType().length() + + " " + + getPayloadType() + + " " + + getPayload().length() + + " " + + getPayload()) + .getBytes(StandardCharsets.UTF_8); + } + + @Lazy + @Gson.Ignore + default byte[] getSignature() { + return getSignatures().get(0).getSig(); + } + + @Immutable + interface Signature { + byte[] getSig(); + } } @Immutable @@ -166,9 +198,7 @@ public String toJson() { return BundleWriter.writeBundle(this); } - /** - * Check if this bundle has MessageSignature, use to determine what verification method to use - */ + /** Check if this bundle has MessageSignature, use to determine what verification method to use */ public static boolean hasMessageSignature(Bundle bundle) { return bundle.getMessageSignature().isPresent(); } diff --git a/sigstore-java/src/main/java/dev/sigstore/bundle/BundleReader.java b/sigstore-java/src/main/java/dev/sigstore/bundle/BundleReader.java index f3968b8a..4f71f864 100644 --- a/sigstore-java/src/main/java/dev/sigstore/bundle/BundleReader.java +++ b/sigstore-java/src/main/java/dev/sigstore/bundle/BundleReader.java @@ -101,13 +101,17 @@ static Bundle readBundle(Reader jsonReader) throws BundleParseException { if (protoBundle.hasDsseEnvelope()) { var dsseEnvelopeProto = protoBundle.getDsseEnvelope(); - var dsseEnvelope = + var dsseEnvelopeBuilder = ImmutableDsseEnvelope.builder() .payload(dsseEnvelopeProto.getPayload().toStringUtf8()) - .payloadType(dsseEnvelopeProto.getPayloadType()) - .signature(dsseEnvelopeProto.getSignatures(0).toByteArray()) - .build(); - bundleBuilder.dsseEnvelope(dsseEnvelope); + .payloadType(dsseEnvelopeProto.getPayloadType()); + for (int sigIndex = 0; sigIndex < dsseEnvelopeProto.getSignaturesCount(); sigIndex++) { + dsseEnvelopeBuilder.addSignatures( + ImmutableSignature.builder() + .sig(dsseEnvelopeProto.getSignatures(sigIndex).getSig().toByteArray()) + .build()); + } + bundleBuilder.dsseEnvelope(dsseEnvelopeBuilder.build()); } else if (protoBundle.hasMessageSignature()) { var signature = protoBundle.getMessageSignature().getSignature().toByteArray(); if (protoBundle.getMessageSignature().hasMessageDigest()) { diff --git a/sigstore-java/src/main/java/dev/sigstore/dsse/InTotoPayload.java b/sigstore-java/src/main/java/dev/sigstore/dsse/InTotoPayload.java index 4e972ad6..8e381ae4 100644 --- a/sigstore-java/src/main/java/dev/sigstore/dsse/InTotoPayload.java +++ b/sigstore-java/src/main/java/dev/sigstore/dsse/InTotoPayload.java @@ -1,3 +1,18 @@ +/* + * Copyright 2024 The Sigstore Authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package dev.sigstore.dsse; import static dev.sigstore.json.GsonSupplier.GSON; @@ -7,12 +22,10 @@ import java.util.List; import java.util.Map; import org.immutables.gson.Gson; -import org.immutables.gson.Gson.Ignore; -import org.immutables.value.Value.Derived; import org.immutables.value.Value.Immutable; -@Immutable @Gson.TypeAdapters +@Immutable public interface InTotoPayload { String PAYLOAD_TYPE = "application/vnd.in-toto+json"; @@ -24,16 +37,13 @@ public interface InTotoPayload { String getPredicateType(); + /** + * Predicate is not processed by this library, if you want to inspect the contents of an + * attestation, you want to use an attestation parser. + */ JsonElement getPredicate(); - @Derived - @Ignore - default String getPredicateAsString() { - return getPredicate().toString(); - } - @Immutable - @Gson.TypeAdapters interface Subject { String getName(); diff --git a/sigstore-java/src/main/java/dev/sigstore/json/GsonSupplier.java b/sigstore-java/src/main/java/dev/sigstore/json/GsonSupplier.java index 401dca94..fa235d0b 100644 --- a/sigstore-java/src/main/java/dev/sigstore/json/GsonSupplier.java +++ b/sigstore-java/src/main/java/dev/sigstore/json/GsonSupplier.java @@ -16,6 +16,7 @@ package dev.sigstore.json; import com.google.gson.*; +import dev.sigstore.dsse.GsonAdaptersInTotoPayload; import dev.sigstore.rekor.client.GsonAdaptersRekorEntry; import dev.sigstore.rekor.client.GsonAdaptersRekorEntryBody; import dev.sigstore.tuf.model.*; @@ -59,6 +60,7 @@ public enum GsonSupplier implements Supplier { .registerTypeAdapterFactory(new GsonAdaptersTargetMeta()) .registerTypeAdapterFactory(new GsonAdaptersTimestamp()) .registerTypeAdapterFactory(new GsonAdaptersTimestampMeta()) + .registerTypeAdapterFactory(new GsonAdaptersInTotoPayload()) .disableHtmlEscaping() .create(); diff --git a/sigstore-java/src/test/java/dev/sigstore/KeylessVerifierTest.java b/sigstore-java/src/test/java/dev/sigstore/KeylessVerifierTest.java index c9549193..af61c7c4 100644 --- a/sigstore-java/src/test/java/dev/sigstore/KeylessVerifierTest.java +++ b/sigstore-java/src/test/java/dev/sigstore/KeylessVerifierTest.java @@ -16,6 +16,7 @@ package dev.sigstore; import com.google.common.collect.ImmutableList; +import com.google.common.hash.Hashing; import com.google.common.io.Resources; import dev.sigstore.VerificationOptions.CertificateMatcher; import dev.sigstore.bundle.Bundle; @@ -27,6 +28,8 @@ import java.nio.file.Path; import java.security.cert.X509Certificate; import java.util.List; +import org.hamcrest.CoreMatchers; +import org.hamcrest.MatcherAssert; import org.junit.jupiter.api.Assertions; import org.junit.jupiter.api.Test; @@ -65,26 +68,6 @@ public void testVerify_mismatchedSet() throws Exception { VerificationOptions.empty())); } - @Test - public void testVerify_errorsOnDSSEBundle() throws Exception { - var bundleFile = - Resources.toString( - Resources.getResource("dev/sigstore/samples/bundles/bundle.dsse.sigstore"), - StandardCharsets.UTF_8); - var artifact = Resources.getResource("dev/sigstore/samples/bundles/artifact.txt").getPath(); - - var verifier = KeylessVerifier.builder().sigstorePublicDefaults().build(); - var ex = - Assertions.assertThrows( - KeylessVerificationException.class, - () -> - verifier.verify( - Path.of(artifact), - Bundle.from(new StringReader(bundleFile)), - VerificationOptions.empty())); - Assertions.assertEquals("Cannot verify DSSE signature based bundles", ex.getMessage()); - } - @Test public void testVerify_canVerifyV01Bundle() throws Exception { // note that this v1 bundle contains an inclusion proof @@ -191,4 +174,60 @@ public void verifyCertificateMatches_noneMatch() throws Exception { "No provided certificate identities matched values in certificate: [{issuer:'String: not-match',san:'String: not-match'},{issuer:'String: not-match-again',san:'String: not-match-again'}]", ex.getMessage()); } + + @Test + public void testVerify_dsseBundle() throws Exception { + var bundleFile = + Resources.toString( + Resources.getResource("dev/sigstore/samples/bundles/bundle.dsse.sigstore"), + StandardCharsets.UTF_8); + var artifact = Resources.getResource("dev/sigstore/samples/bundles/artifact.txt").getPath(); + var verifier = KeylessVerifier.builder().sigstorePublicDefaults().build(); + verifier.verify( + Path.of(artifact), Bundle.from(new StringReader(bundleFile)), VerificationOptions.empty()); + } + + @Test + public void testVerify_dsseBundleBadSignature() throws Exception { + var bundleFile = + Resources.toString( + Resources.getResource("dev/sigstore/samples/bundles/bundle.dsse.bad.sig.sigstore"), + StandardCharsets.UTF_8); + var artifact = Resources.getResource("dev/sigstore/samples/bundles/artifact.txt").getPath(); + var verifier = KeylessVerifier.builder().sigstorePublicDefaults().build(); + + var ex = + Assertions.assertThrows( + KeylessVerificationException.class, + () -> + verifier.verify( + Path.of(artifact), + Bundle.from(new StringReader(bundleFile)), + VerificationOptions.empty())); + Assertions.assertEquals("DSSE signature was not valid", ex.getMessage()); + } + + @Test + public void testVerify_dsseBundleArtifactNotInSubjects() throws Exception { + var bundleFile = + Resources.toString( + Resources.getResource("dev/sigstore/samples/bundles/bundle.dsse.bad.sig.sigstore"), + StandardCharsets.UTF_8); + var badArtifactDigest = + Hashing.sha256().hashString("nonsense", StandardCharsets.UTF_8).asBytes(); + var verifier = KeylessVerifier.builder().sigstorePublicDefaults().build(); + + var ex = + Assertions.assertThrows( + KeylessVerificationException.class, + () -> + verifier.verify( + badArtifactDigest, + Bundle.from(new StringReader(bundleFile)), + VerificationOptions.empty())); + MatcherAssert.assertThat( + ex.getMessage(), + CoreMatchers.startsWith( + "Provided artifact digest does not match any subject sha256 digests in DSSE payload")); + } } diff --git a/sigstore-java/src/test/resources/dev/sigstore/samples/bundles/bundle.dsse.bad.sig.sigstore b/sigstore-java/src/test/resources/dev/sigstore/samples/bundles/bundle.dsse.bad.sig.sigstore new file mode 100644 index 00000000..52d28cda --- /dev/null +++ b/sigstore-java/src/test/resources/dev/sigstore/samples/bundles/bundle.dsse.bad.sig.sigstore @@ -0,0 +1,59 @@ +{ + "mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", + "verificationMaterial": { + "tlogEntries": [ + { + "logIndex": "150322684", + "logId": { + "keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0=" + }, + "kindVersion": { + "kind": "dsse", + "version": "0.0.1" + }, + "integratedTime": "1732135425", + "inclusionPromise": { + "signedEntryTimestamp": "MEUCIF/Y+XbEXKAblX/ohWp+wXIff65mYTzEUf+p557ocUEZAiEAjSHzJCkwJPP+8YF6bvmpuEl+sXb84RL1wf9zVnfLns4=" + }, + "inclusionProof": { + "logIndex": "28418422", + "rootHash": "+QIOalcm4FuDhJj9qII/2u9Nypdzjk0c9NK7hGTgac8=", + "treeSize": "28418423", + "hashes": [ + "wB0Bax3k2EbrDhHe/Am7xWtmsX0kV75PD38gAOQ6V/4=", + "ljcbev25ePyz7Ns8nCGnARFqCQ9gEy0J6nZLllEjx5w=", + "gSbCTgtyNMJHo+eX5BrdCm2lViZxYwdu3F0QVBhcxj8=", + "GdXev4gNvvFgWH0cLpbpKAYhfflAN2k4JyWFw9O5hts=", + "QamBghNmsUsGreZ9zxBhz7ynJzdS8Wt34XSWduDhJe4=", + "QmKt9GDPnFWd2pjpwiF9anMwu0zKnqqd9uSsS+Ghm0E=", + "zGmHsTSEnYk656ZFm3nFkDh/8cEiIYAqh1zD7l6Wl5M=", + "ggdeKtYR4Qf6kMEDhKtGxCnbgcZzb3YtF3fczGIjWCI=", + "iF6rmo01zrn23pMgcPKlXOufqui4F8Q1+hj8PHL6XuY=", + "bulsENariUUsC4xiR1yFtqKzD8evI9p/s+YCpl8t9tE=", + "E2rLOYPJFKiizYiyu07QLqkMVTVL7i2ZgXiQywdI9KQ=", + "4lUF0YOu9XkIDXKXA0wMSzd6VeDY3TZAgmoOeWmS2+Y=", + "gf+9m552B3PnkWnO0o4KdVvjcT3WVHLrCbf1DoVYKFw=" + ], + "checkpoint": { + "envelope": "rekor.sigstore.dev - 1193050959916656506\n28418423\n+QIOalcm4FuDhJj9qII/2u9Nypdzjk0c9NK7hGTgac8=\n\n— rekor.sigstore.dev wNI9ajBGAiEA5TnJBQi/DYgn5WvcQvZi0q5tlOF/h3sxLW2nztOtgfwCIQCrliHf+bgbEvlXQNw3XserTuIeSYrG6aMo8SHVOR7Pmg==\n" + } + }, + "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiZHNzZSIsInNwZWMiOnsiZW52ZWxvcGVIYXNoIjp7ImFsZ29yaXRobSI6InNoYTI1NiIsInZhbHVlIjoiNzhiZmM3ZDNhNGVjOThiZjJlZjMyYmFmOTEyOGU0MTg5ZmZlY2JkOTIzYWIwMjQ2YWU1Y2NiNDE1Y2FmNmY0MSJ9LCJwYXlsb2FkSGFzaCI6eyJhbGdvcml0aG0iOiJzaGEyNTYiLCJ2YWx1ZSI6ImQ2YjIwOWJhOWRkZTNiMWVlNWVkZWJiODhkMWIxYjkxN2I3MmVlYjYxNDMyOGU3YmE2NjdmNWI3YWI3MGU5ODcifSwic2lnbmF0dXJlcyI6W3sic2lnbmF0dXJlIjoiTUVVQ0lRRFZHcFZMc3ZFWTNscHM2MmNMR3ptemdPVlJjZ2d5U0xwQVJObDlaRWp6clFJZ0pZVmlEa3U3RTBKZ1lJMnRPRG1NaXFhNVh6OWVFTHBUbHB3L1JwSmRrV009IiwidmVyaWZpZXIiOiJMUzB0TFMxQ1JVZEpUaUJEUlZKVVNVWkpRMEZVUlMwdExTMHRDazFKU1VjMlZFTkRRbTVEWjBGM1NVSkJaMGxWUlZONk5XWmlWWEY0Y3pKV2EwaG5NbTEyV1ZNNFJuRk9WM1J6ZDBObldVbExiMXBKZW1vd1JVRjNUWGNLVG5wRlZrMUNUVWRCTVZWRlEyaE5UV015Ykc1ak0xSjJZMjFWZFZwSFZqSk5ValIzU0VGWlJGWlJVVVJGZUZaNllWZGtlbVJIT1hsYVV6RndZbTVTYkFwamJURnNXa2RzYUdSSFZYZElhR05PVFdwUmVFMVVTWGROYWtFd1RYcFJNVmRvWTA1TmFsRjRUVlJKZDAxcVFURk5lbEV4VjJwQlFVMUdhM2RGZDFsSUNrdHZXa2w2YWpCRFFWRlpTVXR2V2tsNmFqQkVRVkZqUkZGblFVVkhiRFJzZFVOWVJWVXJOMFJXYVVWaWRuSjNSM3BKUTJONVIyRlRXQ3QyYzBseUwzVUthV1ZZZGxwRmVteG5XWGRoUzJkMFZtWTNZV3RFZUUxQ1ZqQTBNamxOZDJGbGVHVmtUM0paYURoeE5uWkxkRFUwY1hGUFEwSlpPSGRuWjFkTVRVRTBSd3BCTVZWa1JIZEZRaTkzVVVWQmQwbElaMFJCVkVKblRsWklVMVZGUkVSQlMwSm5aM0pDWjBWR1FsRmpSRUY2UVdSQ1owNVdTRkUwUlVablVWVlNXVVpKQ201clZYZENiMVpCYTBsWVUwOHljRmRLZEU5VE0wTjNkMGgzV1VSV1VqQnFRa0puZDBadlFWVXpPVkJ3ZWpGWmEwVmFZalZ4VG1wd1MwWlhhWGhwTkZrS1drUTRkMXAzV1VSV1VqQlNRVkZJTDBKR01IZFhORnBhWVVoU01HTklUVFpNZVRsdVlWaFNiMlJYU1hWWk1qbDBUREo0ZG1JelRteFpiVVkyWWpJNWNncFpVemxvV1ZNeE1GcFlUakJNZVRWdVlWaFNiMlJYU1haa01qbDVZVEphYzJJelpIcE1NMEo1WWpOYWJHSnRSblZaTWxWMVpWZEdkR0pGUW5sYVYxcDZDa3d5YUd4WlYxSjZUREl4YUdGWE5IZFBVVmxMUzNkWlFrSkJSMFIyZWtGQ1FWRlJjbUZJVWpCalNFMDJUSGs1TUdJeWRHeGlhVFZvV1ROU2NHSXlOWG9LVEcxa2NHUkhhREZaYmxaNldsaEthbUl5TlRCYVZ6VXdURzFPZG1KVVFXWkNaMjl5UW1kRlJVRlpUeTlOUVVWRFFrSkdNMkl6U25KYWJYaDJaREU1YXdwaFdFNTNXVmhTYW1GRVFUSkNaMjl5UW1kRlJVRlpUeTlOUVVWRVFrTm9iRmx0V20xUFIxSnRXVzFSTWsxRWJHbE9Na2w1VFdwSmVrNHlUVE5PZWtVMUNsa3lWWGRPTWxsNVdrZE5NMDlVVFRCYWFsWnRUVU5GUjBOcGMwZEJVVkZDWnpjNGQwRlJVVVZGTUdSc1ltMVdlVmxZVW14SlJrSjVZak5hYkdKdFJuVUtXVEpWZDBsbldVdExkMWxDUWtGSFJIWjZRVUpDVVZGVllrYzVkbU15Vm1sWldIQjJZakowYUV3eVJtaE1XRkpzWXpOUmQwaFJXVXRMZDFsQ1FrRkhSQXAyZWtGQ1FtZFJVR050Vm0xamVUbHZXbGRHYTJONU9YUlpWMngxVFVSelIwTnBjMGRCVVZGQ1p6YzRkMEZSWjBWTVVYZHlZVWhTTUdOSVRUWk1lVGt3Q21JeWRHeGlhVFZvV1ROU2NHSXlOWHBNYldSd1pFZG9NVmx1Vm5wYVdFcHFZakkxTUZwWE5UQk1iVTUyWWxSQ2NFSm5iM0pDWjBWRlFWbFBMMDFCUlVvS1FrWnpUVmRYYURCa1NFSjZUMms0ZGxveWJEQmhTRlpwVEcxT2RtSlRPWE5pTWpsNldsZEthR1Z0T1haaE1rVjJXVmRGZEdSSFZucGtRemgxV2pKc01BcGhTRlpwVEROa2RtTnRkRzFpUnprelkzazVkMk50T1RKYVZ6Vm9ZbTFPYkV4dWJHaGlWM2hCWTIxV2JXTjVPVzlhVjBaclkzazVkRmxYYkhWTlJHZEhDa05wYzBkQlVWRkNaemM0ZDBGUmIwVkxaM2R2V2xkS2JWcHFhR3RhYlVwclRtcEJOVmxxWkdsTmFrbDVUWHBrYWs1NlkzaFBWMDVzVFVSa2JVMXRVbW9LVG5wcmVrNUhXVEZhYWtGa1FtZHZja0puUlVWQldVOHZUVUZGVEVKQk9FMUVWMlJ3WkVkb01WbHBNVzlpTTA0d1dsZFJkMDUzV1V0TGQxbENRa0ZIUkFwMmVrRkNSRUZSY0VSRFpHOWtTRkozWTNwdmRrd3laSEJrUjJneFdXazFhbUl5TUhaaVJ6bDJZekpXYVZsWWNIWmlNblJvVERKR2FFeFlVbXhqTTFGM0NrOUJXVXRMZDFsQ1FrRkhSSFo2UVVKRVVWRnhSRU5vYkZsdFdtMVBSMUp0V1cxUk1rMUViR2xPTWtsNVRXcEplazR5VFROT2VrVTFXVEpWZDA0eVdYa0tXa2ROTTA5VVRUQmFhbFp0VFVJNFIwTnBjMGRCVVZGQ1p6YzRkMEZSTkVWRlVYZFFZMjFXYldONU9XOWFWMFpyWTNrNWRGbFhiSFZOUW10SFEybHpSd3BCVVZGQ1p6YzRkMEZST0VWRGQzZEtUMFJyZUU1NlJURk9SRkV3VFVNNFIwTnBjMGRCVVZGQ1p6YzRkMEZTUVVWSlVYZG1ZVWhTTUdOSVRUWk1lVGx1Q21GWVVtOWtWMGwxV1RJNWRFd3llSFppTTA1c1dXMUdObUl5T1hKWlZFRllRbWR2Y2tKblJVVkJXVTh2VFVGRlVrSkJhMDFDZWtWNlRVUlJORTFxV1hjS1lWRlpTMHQzV1VKQ1FVZEVkbnBCUWtWblVtSkVSbXh2WkVoU2QyTjZiM1pNTW1Sd1pFZG9NVmxwTldwaU1qQjJZa2M1ZG1NeVZtbFpXSEIyWWpKMGFBcE1Na1pvVEZoU2JHTXpVWFpNYldSd1pFZG9NVmxwT1ROaU0wcHlXbTE0ZG1RelRYWmpTRXAyWkcxV2RWbFhOV3BhVXpVMVdWY3hjMUZJU214YWJrMTJDbUZIVm1oYVNFMTJZbGRHY0dKcVFUUkNaMjl5UW1kRlJVRlpUeTlOUVVWVVFrTnZUVXRIVm1sYWJWazBXa2RhYVZwRVdYZFBWMGt6V1dwSmVVMXFUVE1LV1hwak0wMVViR3BhVkVFeldtcEthMWw2WXpWTmVsSnRUbGRaZDBsUldVdExkMWxDUWtGSFJIWjZRVUpHUVZGVVJFSkdNMkl6U25KYWJYaDJaREU1YXdwaFdFNTNXVmhTYW1GRVFtSkNaMjl5UW1kRlJVRlpUeTlOUVVWV1FrVXdUVk15YURCa1NFSjZUMms0ZGxveWJEQmhTRlpwVEcxT2RtSlRPWE5pTWpsNkNscFhTbWhsYlRsMllUSkZkbGxYUlhSa1IxWjZaRU01YUZrelVuQmlNalY2VEROS01XSnVUWFpOVkVVMVRrUkZNRTFxVlRCUFJHTjJXVmhTTUZwWE1YY0taRWhOZGsxVVFWZENaMjl5UW1kRlJVRlpUeTlOUVVWWFFrRm5UVUp1UWpGWmJYaHdXWHBEUW1sUldVdExkMWxDUWtGSVYyVlJTVVZCWjFJM1FraHJRUXBrZDBJeFFVNHdPVTFIY2tkNGVFVjVXWGhyWlVoS2JHNU9kMHRwVTJ3Mk5ETnFlWFF2TkdWTFkyOUJka3RsTms5QlFVRkNhekIwVWtaU1kwRkJRVkZFQ2tGRldYZFNRVWxuUlhobE1tdFdlSFExWkdGRVdVUmlZMWh4WjBnemJrTkhkVUl3UVhGVVozVmFTbXhaUTBGMlFVUnRiME5KUTIxT2RuSmtWRXBPY0VZS2JqVnJTbWRyYUdsVVIzWlNNSGxMTWxreFExb3lLelYzWlhNd1pVSmtjMWxOUVc5SFEwTnhSMU5OTkRsQ1FVMUVRVEpqUVUxSFVVTk5Selp5V0d4RlNRcGhTazkzWlhST1RITlVZVVJMTjBod01ITlZkVUoxYTBaVFMwZ3dVbTFQSzA1RU1HRm9jV3hTVmxkYU9ERkJXbUYxVVhjelFreGtSbFpuU1hkVGRESTBDbWswYjBKSWVFVXpNVTlOU1d4M1JVTTVWakJUUzA1SlRGSmljVVZvVG1KdmIyUkpjWHB1TW1kMVFYVTRUbkpWVkhGbGRtdFRTV0pOZHpNdmFnb3RMUzB0TFVWT1JDQkRSVkpVU1VaSlEwRlVSUzB0TFMwdENnPT0ifV19fQ==" + } + ], + "timestampVerificationData": { + }, + "certificate": { + "rawBytes": "MIIG6TCCBnCgAwIBAgIUESz5fbUqxs2VkHg2mvYS8FqNWtswCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjQxMTIwMjA0MzQ1WhcNMjQxMTIwMjA1MzQ1WjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEGl4luCXEU+7DViEbvrwGzICcyGaSX+vsIr/uieXvZEzlgYwaKgtVf7akDxMBV0429MwaexedOrYh8q6vKt54qqOCBY8wggWLMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQURYFInkUwBoVAkIXSO2pWJtOS3CwwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wZwYDVR0RAQH/BF0wW4ZZaHR0cHM6Ly9naXRodWIuY29tL2xvb3NlYmF6b29rYS9hYS10ZXN0Ly5naXRodWIvd29ya2Zsb3dzL3Byb3ZlbmFuY2UueWFtbEByZWZzL2hlYWRzL21haW4wOQYKKwYBBAGDvzABAQQraHR0cHM6Ly90b2tlbi5hY3Rpb25zLmdpdGh1YnVzZXJjb250ZW50LmNvbTAfBgorBgEEAYO/MAECBBF3b3JrZmxvd19kaXNwYXRjaDA2BgorBgEEAYO/MAEDBChlYmZmOGRmYmQ2MDliN2IyMjIzN2M3NzE5Y2UwN2YyZGM3OTM0ZjVmMCEGCisGAQQBg78wAQQEE0dlbmVyYXRlIFByb3ZlbmFuY2UwIgYKKwYBBAGDvzABBQQUbG9vc2ViYXpvb2thL2FhLXRlc3QwHQYKKwYBBAGDvzABBgQPcmVmcy9oZWFkcy9tYWluMDsGCisGAQQBg78wAQgELQwraHR0cHM6Ly90b2tlbi5hY3Rpb25zLmdpdGh1YnVzZXJjb250ZW50LmNvbTBpBgorBgEEAYO/MAEJBFsMWWh0dHBzOi8vZ2l0aHViLmNvbS9sb29zZWJhem9va2EvYWEtdGVzdC8uZ2l0aHViL3dvcmtmbG93cy9wcm92ZW5hbmNlLnlhbWxAcmVmcy9oZWFkcy9tYWluMDgGCisGAQQBg78wAQoEKgwoZWJmZjhkZmJkNjA5YjdiMjIyMzdjNzcxOWNlMDdmMmRjNzkzNGY1ZjAdBgorBgEEAYO/MAELBA8MDWdpdGh1Yi1ob3N0ZWQwNwYKKwYBBAGDvzABDAQpDCdodHRwczovL2dpdGh1Yi5jb20vbG9vc2ViYXpvb2thL2FhLXRlc3QwOAYKKwYBBAGDvzABDQQqDChlYmZmOGRmYmQ2MDliN2IyMjIzN2M3NzE5Y2UwN2YyZGM3OTM0ZjVmMB8GCisGAQQBg78wAQ4EEQwPcmVmcy9oZWFkcy9tYWluMBkGCisGAQQBg78wAQ8ECwwJODkxNzE1NDQ0MC8GCisGAQQBg78wARAEIQwfaHR0cHM6Ly9naXRodWIuY29tL2xvb3NlYmF6b29rYTAXBgorBgEEAYO/MAERBAkMBzEzMDQ4MjYwaQYKKwYBBAGDvzABEgRbDFlodHRwczovL2dpdGh1Yi5jb20vbG9vc2ViYXpvb2thL2FhLXRlc3QvLmdpdGh1Yi93b3JrZmxvd3MvcHJvdmVuYW5jZS55YW1sQHJlZnMvaGVhZHMvbWFpbjA4BgorBgEEAYO/MAETBCoMKGViZmY4ZGZiZDYwOWI3YjIyMjM3Yzc3MTljZTA3ZjJkYzc5MzRmNWYwIQYKKwYBBAGDvzABFAQTDBF3b3JrZmxvd19kaXNwYXRjaDBbBgorBgEEAYO/MAEVBE0MS2h0dHBzOi8vZ2l0aHViLmNvbS9sb29zZWJhem9va2EvYWEtdGVzdC9hY3Rpb25zL3J1bnMvMTE5NDE0MjU0ODcvYXR0ZW1wdHMvMTAWBgorBgEEAYO/MAEWBAgMBnB1YmxpYzCBiQYKKwYBBAHWeQIEAgR7BHkAdwB1AN09MGrGxxEyYxkeHJlnNwKiSl643jyt/4eKcoAvKe6OAAABk0tRFRcAAAQDAEYwRAIgExe2kVxt5daDYDbcXqgH3nCGuB0AqTguZJlYCAvADmoCICmNvrdTJNpFn5kJgkhiTGvR0yK2Y1CZ2+5wes0eBdsYMAoGCCqGSM49BAMDA2cAMGQCMG6rXlEIaJOwetNLsTaDK7Hp0sUuBukFSKH0RmO+ND0ahqlRVWZ81AZauQw3BLdFVgIwSt24i4oBHxE31OMIlwEC9V0SKNILRbqEhNboodIqzn2guAu8NrUTqevkSIbMw3/j" + } + }, + "dsseEnvelope": { + "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjEiLCJzdWJqZWN0IjpbeyJuYW1lIjoiYS50eHQiLCJkaWdlc3QiOnsic2hhMjU2IjoiYTBjZmM3MTI3MWQ2ZTI3OGU1N2NkMzMyZmY5NTdjM2Y3MDQzZmRkYTM1NGM0Y2JiMTkwYTMwZDU2ZWZhMDFiZiJ9fV0sInByZWRpY2F0ZVR5cGUiOiJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjEiLCJwcmVkaWNhdGUiOnsiYnVpbGREZWZpbml0aW9uIjp7ImJ1aWxkVHlwZSI6Imh0dHBzOi8vYWN0aW9ucy5naXRodWIuaW8vYnVpbGR0eXBlcy93b3JrZmxvdy92MSIsImV4dGVybmFsUGFyYW1ldGVycyI6eyJ3b3JrZmxvdyI6eyJyZWYiOiJyZWZzL2hlYWRzL21haW4iLCJyZXBvc2l0b3J5IjoiaHR0cHM6Ly9naXRodWIuY29tL2xvb3NlYmF6b29rYS9hYS10ZXN0IiwicGF0aCI6Ii5naXRodWIvd29ya2Zsb3dzL3Byb3ZlbmFuY2UueWFtbCJ9fSwiaW50ZXJuYWxQYXJhbWV0ZXJzIjp7ImdpdGh1YiI6eyJldmVudF9uYW1lIjoid29ya2Zsb3dfZGlzcGF0Y2giLCJyZXBvc2l0b3J5X2lkIjoiODkxNzE1NDQ0IiwicmVwb3NpdG9yeV9vd25lcl9pZCI6IjEzMDQ4MjYiLCJydW5uZXJfZW52aXJvbm1lbnQiOiJnaXRodWItaG9zdGVkIn19LCJyZXNvbHZlZERlcGVuZGVuY2llcyI6W3sidXJpIjoiZ2l0K2h0dHBzOi8vZ2l0aHViLmNvbS9sb29zZWJhem9va2EvYWEtdGVzdEByZWZzL2hlYWRzL21haW4iLCJkaWdlc3QiOnsiZ2l0Q29tbWl0IjoiZWJmZjhkZmJkNjA5YjdiMjIyMzdjNzcxOWNlMDdmMmRjNzkzNGY1ZiJ9fV19LCJydW5EZXRhaWxzIjp7ImJ1aWxkZXIiOnsiaWQiOiJodHRwczovL2dpdGh1Yi5jb20vbG9vc2ViYXpvb2thL2FhLXRlc3QvLmdpdGh1Yi93b3JrZmxvd3MvcHJvdmVuYW5jZS55YW1sQHJlZnMvaGVhZHMvbWFpbiJ9LCJtZXRhZGF0YSI6eyJpbnZvY2F0aW9uSWQiOiJodHRwczovL2dpdGh1Yi5jb20vbG9vc2ViYXpvb2thL2FhLXRlc3QvYWN0aW9ucy9ydW5zLzExOTQxNDI1NDg3L2F0dGVtcHRzLzEifX19fQ==", + "payloadType": "application/vnd.in-toto+json", + "signatures": [ + { + "sig": "MEUCIQDVGpVLsvEY3lps62cLGzmzgOVRcggySLpARNl9ZEjzcQIgJYViDku7E0JgYI2tODmMiqa5Xz9eELpTlpw/RpJdkWM=" + } + ] + } +} diff --git a/sigstore-java/src/test/resources/dev/sigstore/samples/bundles/bundle.dsse.sigstore b/sigstore-java/src/test/resources/dev/sigstore/samples/bundles/bundle.dsse.sigstore index c6823da8..6a43a26c 100644 --- a/sigstore-java/src/test/resources/dev/sigstore/samples/bundles/bundle.dsse.sigstore +++ b/sigstore-java/src/test/resources/dev/sigstore/samples/bundles/bundle.dsse.sigstore @@ -1 +1,59 @@ -{"mediaType":"application/vnd.dev.sigstore.bundle+json;version=0.2","verificationMaterial":{"x509CertificateChain":{"certificates":[{"rawBytes":"MIIC+TCCAp+gAwIBAgIEERggBDAKBggqhkjOPQQDAzArMREwDwYDVQQDEwhzaWdzdG9yZTEWMBQGA1UEChMNc2lnc3RvcmUubW9jazAeFw0yMzAyMDEwMDAwMDBaFw0yMzAyMDEwMDEwMDBaMAAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASQM2eJPe5oBjDG7hTsPcRBcKhRrjgC9zMWJ2RTSmfzEBI8T1vTF4Lz6KP6pygxdrmCHHW6SXqJGGmgBzo1ok9Wo4IB2jCCAdYwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMDMIGlBgNVHREBAf8EgZowgZeGgZRodHRwczovL2dpdGh1Yi5jb20vc2lnc3RvcmUtY29uZm9ybWFuY2UvZXh0cmVtZWx5LWRhbmdlcm91cy1wdWJsaWMtb2lkYy1iZWFjb24vLmdpdGh1Yi93b3JrZmxvd3MvZXh0cmVtZWx5LWRhbmdlcm91cy1vaWRjLWJlYWNvbi55bWxAcmVmcy9oZWFkcy9tYWluMB0GA1UdDgQWBBRZgwYbV93/5qITdbmTqIdG0v8b0DAfBgNVHSMEGDAWgBQ/FFxk7FUxt/oE8lDZEF0s7kasuDA7BgorBgEEAYO/MAEIBC0MK2h0dHBzOi8vdG9rZW4uYWN0aW9ucy5naXRodWJ1c2VyY29udGVudC5jb20wgYkGCisGAQQB1nkCBAIEewR5AHcAdQD3JsqjQRe6kWVErzc06SDNTEku91zmIo/cBO7/Lz8n3QAAAYYKRewAAAAEAwBGMEQCIFnuWBVFYgMX4H3ZRCMC1I+ATbvxbL6seQjQzCcg/5GaAiA3ZaogbHzdd5iogGIAH4ie375BHoWHZ5ULhBnHjyiBnjAKBggqhkjOPQQDAwNIADBFAiEApzWL0OZPurv9/AZp1Mvq6SDFWR3ywLnGcCT8/7aae0UCIDD6vUdxofuJBJgvj/QJo+nsYg+w78CamL+2xAO6VP/S"}]},"tlogEntries":[{"logIndex":"6283476","logId":{"keyId":"9ybKo0EXupFlRK83NOkgzUxJLvdc5iKP3ATu/y8/J90="},"kindVersion":{"kind":"intoto","version":"0.0.2"},"integratedTime":"1675209600","inclusionPromise":{"signedEntryTimestamp":"MEUCIQDgJNIaJoa/5HBTw2l7kULeKvV3fGKJ+NNuYdaQjr1HcwIgUKlKhwKDR5gJdpkIDmT/itxDfyBML39MMD5isQrVqoo="},"inclusionProof":{"logIndex":"0","rootHash":"VAy6NoRBsD4ZU/VFHRYmqBxhdxDQ+baDonVh7Nadrfo=","treeSize":"1","hashes":[],"checkpoint":{"envelope":"localhost:8000 - 56600746402783\n1\nVAy6NoRBsD4ZU/VFHRYmqBxhdxDQ+baDonVh7Nadrfo=\nTimestamp: 1675209600000000000\n\n— localhost:8000 9ybKozBFAiAxmlqJ7gtz+ZJE2Mtn3s7HJQCV5y3JmJ6cGhlH4VWCqgIhAPy6ZWBrJZnHgZqCLehTgWmu6+95EAhsnAcpMyFqQPjt\n"}},"canonicalizedBody":"eyJhcGlWZXJzaW9uIjoiMC4wLjIiLCJraW5kIjoiaW50b3RvIiwic3BlYyI6eyJjb250ZW50Ijp7ImVudmVsb3BlIjp7InBheWxvYWQiOiJaWGR2WjBsRFNtWmtTR3gzV2xOSk5rbERTbTlrU0ZKM1kzcHZka3d5YkhWTVdGSjJaRWM0ZFdGWE9IWlZNMUpvWkVkV2RGcFhOVEJNTTFsNFNXbDNTMGxEUVdsak0xWnBZVzFXYW1SRFNUWkpSbk5MU1VOQlowbEljMHRKUTBGblNVTkJaMGx0TldoaVYxVnBUMmxCYVZwRE5UQmxTRkZwVEVGdlowbERRV2RKUTBGcFdrZHNibHBZVGpCSmFtOW5aWGR2WjBsRFFXZEpRMEZuU1VOS2VtRkhSWGxPVkZscFQybEJhVTE2VFhkWlZFRXdUWHBKZVUxSFdtaE5WRTVzVFVSR2EwNXFhR2hPTWxKcFRYcHNhazlFYkd4TlZFcHBUVWROTUZsNlRtbE9iVVYzVFhwUk1scHRWVEpOYWxKcFRVUnJkMDB5V1hoTmVrRjZXV3BXYVUxcFNVdEpRMEZuU1VOQloyWlJiMmRKUTBGblpsRnZaMGxHTUhORGFVRm5TVzVDZVZwWFVuQlpNa1l3V2xaU05XTkhWV2xQYVVGcFlVaFNNR05JVFRaTWVUbDZZa2hPYUV4dFVteGthVGwzWTIwNU1scFhOV2hpYlU1c1RETlplRWxwZDB0SlEwRnBZMGhLYkZwSGJHcFpXRkpzU1dwdloyVjNiMmRKUTBGblNXMUtNV0ZYZUd0U1IxWnRZVmMxY0dSSGJIWmlhVWsyU1VoelMwbERRV2RKUTBGblNXMUtNV0ZYZUd0V1NHeDNXbE5KTmtsRFNtOWtTRkozWTNwdmRrd3pUbk5qTWtWMFdtNUthR0pYVmpOaU0wcHlURzFrY0dSSGFERlphVFZ3WW5rNWJtRllVbTlrVjBsMFdWZE9NR0ZYT1hWamVURnBaRmRzYzFwSVVqVmpSMVo2VEROa2RtTnRkRzFpUnprelRETlplRWxwZDB0SlEwRm5TVU5CWjBsdFZqUmtSMVo1WW0xR2MxVkhSbmxaVnpGc1pFZFdlV041U1RaSlNITkxTVU5CWjBsRFFXZEpRMEZwWkRJNWVXRXlXbk5pTTJOcFQybENOME5wUVdkSlEwRm5TVU5CWjBsRFFXbGpiVlp0U1dwdlowbHVTbXhhYmsxMllVZFdhRnBJVFhaaVYwWndZbWxKYzBOcFFXZEpRMEZuU1VOQlowbERRV2xqYlZaM1lqTk9jR1JIT1hsbFUwazJTVU5LYjJSSVVuZGplbTkyVERKa2NHUkhhREZaYVRWcVlqSXdkbU15Ykc1ak0xSjJZMjFWZG1NeWJHNWpNMUoyWTIxVmRGa3lPWFZhYlRsNVlsZEdkVmt5VldsTVFXOW5TVU5CWjBsRFFXZEpRMEZuU1c1Q2FHUkhaMmxQYVVGcFRHMWtjR1JIYURGWmFUa3pZak5LY2xwdGVIWmtNMDEyV1RJNWRWcHRPWGxpVjBaMVdUSlZkV1ZYTVhOSloyOW5TVU5CWjBsRFFXZEpTREJMU1VOQlowbERRV2RtVTNkTFNVTkJaMGxEUVdkSmJXeDFaRWRXZVdKdFJuTlZSMFo1V1ZjeGJHUkhWbmxqZVVrMlNVaHpTMGxEUVdkSlEwRm5TVU5CYVZveWJEQmhTRlpwU1dwdloyVjNiMmRKUTBGblNVTkJaMGxEUVdkSmJWWXlXbGMxTUZneU5XaGlWMVZwVDJsQmFXTklWbnBoUTBselEybEJaMGxEUVdkSlEwRm5TVU5CYVdOdFZuZGlNMDV3WkVjNWVXVldPWEJhUTBrMlNVTkpNVTVFUlRSUFZFMTRUMFJaYVV4QmIyZEpRMEZuU1VOQlowbERRV2RKYmtwc1kwYzVlbUZZVW5aamJteG1Zak5rZFZwWVNtWmhWMUZwVDJsQmFVNTZSWGRQVkZsNlRsUk5hVU5wUVdkSlEwRm5TVU5CWjJaUmIyZEpRMEZuU1VOQ09VeEJiMmRKUTBGblNVTkJhV050Vm5waU1uZ3lXbGRTUlZwWVFteGliVkpzWW0xT2NGcFlUV2xQYVVKaVEybEJaMGxEUVdkSlEwRm5aWGR2WjBsRFFXZEpRMEZuU1VOQlowbHVWbmxoVTBrMlNVTktibUZZVVhKaFNGSXdZMGhOTmt4NU9XNWhXRkp2WkZkSmRWa3lPWFJNTTA1d1dqTk9NR0l6U214TU0wNXdXak5PTUdJelNteE1WMDUyWW0xYWRtTnRNV2hpYlU1c1VVaEtiRnB1VFhaaFIxWm9Xa2hOZG1KWFJuQmlhVWx6UTJsQlowbERRV2RKUTBGblNVTkJhVnBIYkc1YVdFNHdTV3B2WjJWM2IyZEpRMEZuU1VOQlowbERRV2RKUTBGcFdqSnNNRkV5T1hSaVYyd3dTV3B2WjBsdFRURmFhbFp0V1dwSk1VNVVSVEpOTWxaclQwUldhMXBIU1hwTmJWRXhUa2RTYWxwSFVUTk5WRUpvV1hwT2JVMUVVVEpOUkUxcFEybEJaMGxEUVdkSlEwRm5TVU5DT1VOcFFXZEpRMEZuU1VOQloyWlJiMmRKUTBGblNVTkNaRU5wUVdkSlEwSTVURUZ2WjBsRFFXZEpia294WW10U2JHUkhSbkJpU0UxcFQybENOME5wUVdkSlEwRm5TVU5LYVdSWGJITmFSMVo1U1dwdloyVjNiMmRKUTBGblNVTkJaMGxEU25CYVEwazJTVU5LYjJSSVVuZGplbTkyVERKa2NHUkhhREZaYVRWcVlqSXdkbGxYVGpCaFZ6bDFZM2s1ZVdSWE5YVmFXRWwyV2pKc01HRklWbWxNVjJoMll6TlNiRnBEU1V0SlEwRm5TVU5CWjJaVGQwdEpRMEZuU1VOQlowbHRNV3hrUjBacldWaFNhRWxxYjJkbGQyOW5TVU5CWjBsRFFXZEpRMHB3WW01YWRsa3lSakJoVnpsMVUxZFJhVTlwUVdsaFNGSXdZMGhOTmt4NU9XNWhXRkp2WkZkSmRWa3lPWFJNTTA1d1dqTk9NR0l6U214TU0wNXdXak5PTUdJelNteE1WMDUyWW0xYWRtTnRNV2hpYlU1c1RESkdhbVJIYkhaaWJrMTJZMjVXZFdONU9ETk5WR042VG1wSmQwOVVSWGRNTWtZd1pFZFdkR05JVW5wTWVrVnBRMmxCWjBsRFFXZEpTREJMU1VOQlowbElNRXRKUTBJNVEyNHdTdz09IiwicGF5bG9hZFR5cGUiOiJhcHBsaWNhdGlvbi92bmQuaW4tdG90bytqc29uIiwic2lnbmF0dXJlcyI6W3sicHVibGljS2V5IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTXJWRU5EUVhBclowRjNTVUpCWjBsRlJWSm5aMEpFUVV0Q1oyZHhhR3RxVDFCUlVVUkJla0Z5VFZKRmQwUjNXVVJXVVZGRVJYZG9lbUZYWkhwa1J6bDVXbFJGVjAxQ1VVZEJNVlZGUTJoTlRtTXliRzVqTTFKMlkyMVZkV0pYT1dwaGVrRmxSbmN3ZVUxNlFYbE5SRVYzVFVSQmQwMUVRbUZHZHpCNVRYcEJlVTFFUlhkTlJFVjNUVVJDWVUxQlFYZFhWRUZVUW1kamNXaHJhazlRVVVsQ1FtZG5jV2hyYWs5UVVVMUNRbmRPUTBGQlUxRk5NbVZLVUdVMWIwSnFSRWMzYUZSelVHTlNRbU5MYUZKeWFtZERPWHBOVjBveVVsUlRiV1o2UlVKSk9GUXhkbFJHTkV4Nk5rdFFObkI1WjNoa2NtMURTRWhYTmxOWWNVcEhSMjFuUW5wdk1XOXJPVmR2TkVsQ01tcERRMEZrV1hkRVoxbEVWbEl3VUVGUlNDOUNRVkZFUVdkbFFVMUNUVWRCTVZWa1NsRlJUVTFCYjBkRFEzTkhRVkZWUmtKM1RVUk5TVWRzUW1kT1ZraFNSVUpCWmpoRloxcHZkMmRhWlVkbldsSnZaRWhTZDJONmIzWk1NbVJ3WkVkb01WbHBOV3BpTWpCMll6SnNibU16VW5aamJWVjBXVEk1ZFZwdE9YbGlWMFoxV1RKVmRscFlhREJqYlZaMFdsZDROVXhYVW1oaWJXUnNZMjA1TVdONU1YZGtWMHB6WVZkTmRHSXliR3RaZVRGcFdsZEdhbUl5TkhaTWJXUndaRWRvTVZscE9UTmlNMHB5V20xNGRtUXpUWFphV0dnd1kyMVdkRnBYZURWTVYxSm9ZbTFrYkdOdE9URmplVEYyWVZkU2FreFhTbXhaVjA1MlltazFOV0pYZUVGamJWWnRZM2s1YjFwWFJtdGplVGwwV1Zkc2RVMUNNRWRCTVZWa1JHZFJWMEpDVWxwbmQxbGlWamt6THpWeFNWUmtZbTFVY1Vsa1J6QjJPR0l3UkVGbVFtZE9Wa2hUVFVWSFJFRlhaMEpSTDBaR2VHczNSbFY0ZEM5dlJUaHNSRnBGUmpCek4ydGhjM1ZFUVRkQ1oyOXlRbWRGUlVGWlR5OU5RVVZKUWtNd1RVc3lhREJrU0VKNlQyazRkbVJIT1hKYVZ6UjFXVmRPTUdGWE9YVmplVFZ1WVZoU2IyUlhTakZqTWxaNVdUSTVkV1JIVm5Wa1F6VnFZakl3ZDJkWmEwZERhWE5IUVZGUlFqRnVhME5DUVVsRlpYZFNOVUZJWTBGa1VVUXpTbk54YWxGU1pUWnJWMVpGY25wak1EWlRSRTVVUld0MU9URjZiVWx2TDJOQ1R6Y3ZUSG80YmpOUlFVRkJXVmxMVW1WM1FVRkJRVVZCZDBKSFRVVlJRMGxHYm5WWFFsWkdXV2ROV0RSSU0xcFNRMDFETVVrclFWUmlkbmhpVERaelpWRnFVWHBEWTJjdk5VZGhRV2xCTTFwaGIyZGlTSHBrWkRWcGIyZEhTVUZJTkdsbE16YzFRa2h2VjBoYU5WVk1hRUp1U0dwNWFVSnVha0ZMUW1kbmNXaHJhazlRVVZGRVFYZE9TVUZFUWtaQmFVVkJjSHBYVERCUFdsQjFjblk1TDBGYWNERk5kbkUyVTBSR1YxSXplWGRNYmtkalExUTRMemRoWVdVd1ZVTkpSRVEyZGxWa2VHOW1kVXBDU21kMmFpOVJTbThyYm5OWlp5dDNOemhEWVcxTUt6SjRRVTgyVmxBdlV3b3RMUzB0TFVWT1JDQkRSVkpVU1VaSlEwRlVSUzB0TFMwdENnPT0iLCJzaWciOiJUVVZWUTBsRWJWbFZZamRvUm5RNVQyUnRjRGh1WlhGV2FsVTRNVlZtVjFSbk5qRlJUMVZ1ZVZKdE9FRlpaVXRtUVdsRlFUUm9XbWw0ZUhaTmNFUlFRMWRyWnpCU1kzRklkRWQzVlZWbGFUWnVSbkZDU2xaclkyWnVRVkoyV0VrOSJ9XX0sImhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiI5ZTk3Y2RiZTRlODg1Yjk4OWE0MDI1YmY4NTFjOGE3NTkwNzA2MmM4YmNhNmYwNDZkNDRlZGI5YTc1NThmNTE4In0sInBheWxvYWRIYXNoIjp7ImFsZ29yaXRobSI6InNoYTI1NiIsInZhbHVlIjoiMGViYmRiYzIxZDE4MjAwN2I3OGI1NzcwZGVhMjQ5ZjExMDk0NmI3ZGVkODU3YTRlYzAwY2NiNjkyYzFlMjVhZiJ9fX19"}],"timestampVerificationData":{"rfc3161Timestamps":[{"signedTimestamp":"MIICHDADAgEAMIICEwYJKoZIhvcNAQcCoIICBDCCAgACAQMxDzANBglghkgBZQMEAgEFADB0BgsqhkiG9w0BCRABBKBlBGMwYQIBAQYJKwYBBAGDvzACMC8wCwYJYIZIAWUDBAIBBCDzcX7M5GHmAKza2P4d69jjJRypS9e+mMaKdYjEU9Ki0gIE3q2+7xgPMjAyMzAyMDEwMDAwMDBaMAMCAQECBEmWAtKgADGCAXAwggFsAgEBMCswJjEMMAoGA1UEAxMDdHNhMRYwFAYDVQQKEw1zaWdzdG9yZS5tb2NrAgECMA0GCWCGSAFlAwQCAQUAoIHVMBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRABBDAcBgkqhkiG9w0BCQUxDxcNMjMwMjAxMDAwMDAwWjAvBgkqhkiG9w0BCQQxIgQgT8kHw9BxP0p9LFMwc8fr2PhmNt2DzmF26qJBAzHxjIgwaAYLKoZIhvcNAQkQAi8xWTBXMFUwUwQgAA4hfcjNjQJC6U7kl1KxL3VHVkxZbFxM+eqk9sPXbJAwLzAqpCgwJjEMMAoGA1UEAxMDdHNhMRYwFAYDVQQKEw1zaWdzdG9yZS5tb2NrAgECMAoGCCqGSM49BAMCBEcwRQIhAOAxDCA1QjNKsiE0WnAh+qxiLwqMFM+BubZ28pbn9+wIAiBk6DdCY6cFcOVzED5E1O6vhS8641fT1nmwkgbLfCIQwg=="}]}},"dsseEnvelope":{"payload":"ewogICJfdHlwZSI6ICJodHRwczovL2luLXRvdG8uaW8vU3RhdGVtZW50L3YxIiwKICAic3ViamVjdCI6IFsKICAgIHsKICAgICAgIm5hbWUiOiAiZC50eHQiLAogICAgICAiZGlnZXN0IjogewogICAgICAgICJzaGEyNTYiOiAiMzMwYTA0MzIyMGZhMTNlMDFkNjhhN2RiMzljODllMTJiMGM0YzNiNmEwMzQ2ZmU2MjRiMDkwM2YxMzAzYjViMiIKICAgICAgfQogICAgfQogIF0sCiAgInByZWRpY2F0ZVR5cGUiOiAiaHR0cHM6Ly9zbHNhLmRldi9wcm92ZW5hbmNlL3YxIiwKICAicHJlZGljYXRlIjogewogICAgImJ1aWxkRGVmaW5pdGlvbiI6IHsKICAgICAgImJ1aWxkVHlwZSI6ICJodHRwczovL3Nsc2EtZnJhbWV3b3JrLmdpdGh1Yi5pby9naXRodWItYWN0aW9ucy1idWlsZHR5cGVzL3dvcmtmbG93L3YxIiwKICAgICAgImV4dGVybmFsUGFyYW1ldGVycyI6IHsKICAgICAgICAid29ya2Zsb3ciOiB7CiAgICAgICAgICAicmVmIjogInJlZnMvaGVhZHMvbWFpbiIsCiAgICAgICAgICAicmVwb3NpdG9yeSI6ICJodHRwczovL2dpdGh1Yi5jb20vc2lnc3RvcmUvc2lnc3RvcmUtY29uZm9ybWFuY2UiLAogICAgICAgICAgInBhdGgiOiAiLmdpdGh1Yi93b3JrZmxvd3MvY29uZm9ybWFuY2UueW1sIgogICAgICAgIH0KICAgICAgfSwKICAgICAgImludGVybmFsUGFyYW1ldGVycyI6IHsKICAgICAgICAiZ2l0aHViIjogewogICAgICAgICAgImV2ZW50X25hbWUiOiAicHVzaCIsCiAgICAgICAgICAicmVwb3NpdG9yeV9pZCI6ICI1NDE4OTMxODYiLAogICAgICAgICAgInJlcG9zaXRvcnlfb3duZXJfaWQiOiAiNzEwOTYzNTMiCiAgICAgICAgfQogICAgICB9LAogICAgICAicmVzb2x2ZWREZXBlbmRlbmNpZXMiOiBbCiAgICAgICAgewogICAgICAgICAgInVyaSI6ICJnaXQraHR0cHM6Ly9naXRodWIuY29tL3NpZ3N0b3JlL3NpZ3N0b3JlLWNvbmZvcm1hbmNlQHJlZnMvaGVhZHMvbWFpbiIsCiAgICAgICAgICAiZGlnZXN0IjogewogICAgICAgICAgICAiZ2l0Q29tbWl0IjogImM1ZjVmYjI1NTE2M2VkODVkZGIzMmQ1NGRjZGQ3MTBhYzNmMDQ2MDMiCiAgICAgICAgICB9CiAgICAgICAgfQogICAgICBdCiAgICB9LAogICAgInJ1bkRldGFpbHMiOiB7CiAgICAgICJidWlsZGVyIjogewogICAgICAgICJpZCI6ICJodHRwczovL2dpdGh1Yi5jb20vYWN0aW9ucy9ydW5uZXIvZ2l0aHViLWhvc3RlZCIKICAgICAgfSwKICAgICAgIm1ldGFkYXRhIjogewogICAgICAgICJpbnZvY2F0aW9uSWQiOiAiaHR0cHM6Ly9naXRodWIuY29tL3NpZ3N0b3JlL3NpZ3N0b3JlLWNvbmZvcm1hbmNlL2FjdGlvbnMvcnVucy83MTczNjIwOTEwL2F0dGVtcHRzLzEiCiAgICAgIH0KICAgIH0KICB9Cn0K","payloadType":"application/vnd.in-toto+json","signatures":[{"sig":"MEUCIDmYUb7hFt9Odmp8neqVjU81UfWTg61QOUnyRm8AYeKfAiEA4hZixxvMpDPCWkg0RcqHtGwUUei6nFqBJVkcfnARvXI=","keyid":""}]}} +{ + "mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", + "verificationMaterial": { + "tlogEntries": [ + { + "logIndex": "150322684", + "logId": { + "keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0=" + }, + "kindVersion": { + "kind": "dsse", + "version": "0.0.1" + }, + "integratedTime": "1732135425", + "inclusionPromise": { + "signedEntryTimestamp": "MEUCIF/Y+XbEXKAblX/ohWp+wXIff65mYTzEUf+p557ocUEZAiEAjSHzJCkwJPP+8YF6bvmpuEl+sXb84RL1wf9zVnfLns4=" + }, + "inclusionProof": { + "logIndex": "28418422", + "rootHash": "+QIOalcm4FuDhJj9qII/2u9Nypdzjk0c9NK7hGTgac8=", + "treeSize": "28418423", + "hashes": [ + "wB0Bax3k2EbrDhHe/Am7xWtmsX0kV75PD38gAOQ6V/4=", + "ljcbev25ePyz7Ns8nCGnARFqCQ9gEy0J6nZLllEjx5w=", + "gSbCTgtyNMJHo+eX5BrdCm2lViZxYwdu3F0QVBhcxj8=", + "GdXev4gNvvFgWH0cLpbpKAYhfflAN2k4JyWFw9O5hts=", + "QamBghNmsUsGreZ9zxBhz7ynJzdS8Wt34XSWduDhJe4=", + "QmKt9GDPnFWd2pjpwiF9anMwu0zKnqqd9uSsS+Ghm0E=", + "zGmHsTSEnYk656ZFm3nFkDh/8cEiIYAqh1zD7l6Wl5M=", + "ggdeKtYR4Qf6kMEDhKtGxCnbgcZzb3YtF3fczGIjWCI=", + "iF6rmo01zrn23pMgcPKlXOufqui4F8Q1+hj8PHL6XuY=", + "bulsENariUUsC4xiR1yFtqKzD8evI9p/s+YCpl8t9tE=", + "E2rLOYPJFKiizYiyu07QLqkMVTVL7i2ZgXiQywdI9KQ=", + "4lUF0YOu9XkIDXKXA0wMSzd6VeDY3TZAgmoOeWmS2+Y=", + "gf+9m552B3PnkWnO0o4KdVvjcT3WVHLrCbf1DoVYKFw=" + ], + "checkpoint": { + "envelope": "rekor.sigstore.dev - 1193050959916656506\n28418423\n+QIOalcm4FuDhJj9qII/2u9Nypdzjk0c9NK7hGTgac8=\n\n— rekor.sigstore.dev wNI9ajBGAiEA5TnJBQi/DYgn5WvcQvZi0q5tlOF/h3sxLW2nztOtgfwCIQCrliHf+bgbEvlXQNw3XserTuIeSYrG6aMo8SHVOR7Pmg==\n" + } + }, + "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiZHNzZSIsInNwZWMiOnsiZW52ZWxvcGVIYXNoIjp7ImFsZ29yaXRobSI6InNoYTI1NiIsInZhbHVlIjoiNzhiZmM3ZDNhNGVjOThiZjJlZjMyYmFmOTEyOGU0MTg5ZmZlY2JkOTIzYWIwMjQ2YWU1Y2NiNDE1Y2FmNmY0MSJ9LCJwYXlsb2FkSGFzaCI6eyJhbGdvcml0aG0iOiJzaGEyNTYiLCJ2YWx1ZSI6ImQ2YjIwOWJhOWRkZTNiMWVlNWVkZWJiODhkMWIxYjkxN2I3MmVlYjYxNDMyOGU3YmE2NjdmNWI3YWI3MGU5ODcifSwic2lnbmF0dXJlcyI6W3sic2lnbmF0dXJlIjoiTUVVQ0lRRFZHcFZMc3ZFWTNscHM2MmNMR3ptemdPVlJjZ2d5U0xwQVJObDlaRWp6clFJZ0pZVmlEa3U3RTBKZ1lJMnRPRG1NaXFhNVh6OWVFTHBUbHB3L1JwSmRrV009IiwidmVyaWZpZXIiOiJMUzB0TFMxQ1JVZEpUaUJEUlZKVVNVWkpRMEZVUlMwdExTMHRDazFKU1VjMlZFTkRRbTVEWjBGM1NVSkJaMGxWUlZONk5XWmlWWEY0Y3pKV2EwaG5NbTEyV1ZNNFJuRk9WM1J6ZDBObldVbExiMXBKZW1vd1JVRjNUWGNLVG5wRlZrMUNUVWRCTVZWRlEyaE5UV015Ykc1ak0xSjJZMjFWZFZwSFZqSk5ValIzU0VGWlJGWlJVVVJGZUZaNllWZGtlbVJIT1hsYVV6RndZbTVTYkFwamJURnNXa2RzYUdSSFZYZElhR05PVFdwUmVFMVVTWGROYWtFd1RYcFJNVmRvWTA1TmFsRjRUVlJKZDAxcVFURk5lbEV4VjJwQlFVMUdhM2RGZDFsSUNrdHZXa2w2YWpCRFFWRlpTVXR2V2tsNmFqQkVRVkZqUkZGblFVVkhiRFJzZFVOWVJWVXJOMFJXYVVWaWRuSjNSM3BKUTJONVIyRlRXQ3QyYzBseUwzVUthV1ZZZGxwRmVteG5XWGRoUzJkMFZtWTNZV3RFZUUxQ1ZqQTBNamxOZDJGbGVHVmtUM0paYURoeE5uWkxkRFUwY1hGUFEwSlpPSGRuWjFkTVRVRTBSd3BCTVZWa1JIZEZRaTkzVVVWQmQwbElaMFJCVkVKblRsWklVMVZGUkVSQlMwSm5aM0pDWjBWR1FsRmpSRUY2UVdSQ1owNVdTRkUwUlVablVWVlNXVVpKQ201clZYZENiMVpCYTBsWVUwOHljRmRLZEU5VE0wTjNkMGgzV1VSV1VqQnFRa0puZDBadlFWVXpPVkJ3ZWpGWmEwVmFZalZ4VG1wd1MwWlhhWGhwTkZrS1drUTRkMXAzV1VSV1VqQlNRVkZJTDBKR01IZFhORnBhWVVoU01HTklUVFpNZVRsdVlWaFNiMlJYU1hWWk1qbDBUREo0ZG1JelRteFpiVVkyWWpJNWNncFpVemxvV1ZNeE1GcFlUakJNZVRWdVlWaFNiMlJYU1haa01qbDVZVEphYzJJelpIcE1NMEo1WWpOYWJHSnRSblZaTWxWMVpWZEdkR0pGUW5sYVYxcDZDa3d5YUd4WlYxSjZUREl4YUdGWE5IZFBVVmxMUzNkWlFrSkJSMFIyZWtGQ1FWRlJjbUZJVWpCalNFMDJUSGs1TUdJeWRHeGlhVFZvV1ROU2NHSXlOWG9LVEcxa2NHUkhhREZaYmxaNldsaEthbUl5TlRCYVZ6VXdURzFPZG1KVVFXWkNaMjl5UW1kRlJVRlpUeTlOUVVWRFFrSkdNMkl6U25KYWJYaDJaREU1YXdwaFdFNTNXVmhTYW1GRVFUSkNaMjl5UW1kRlJVRlpUeTlOUVVWRVFrTm9iRmx0V20xUFIxSnRXVzFSTWsxRWJHbE9Na2w1VFdwSmVrNHlUVE5PZWtVMUNsa3lWWGRPTWxsNVdrZE5NMDlVVFRCYWFsWnRUVU5GUjBOcGMwZEJVVkZDWnpjNGQwRlJVVVZGTUdSc1ltMVdlVmxZVW14SlJrSjVZak5hYkdKdFJuVUtXVEpWZDBsbldVdExkMWxDUWtGSFJIWjZRVUpDVVZGVllrYzVkbU15Vm1sWldIQjJZakowYUV3eVJtaE1XRkpzWXpOUmQwaFJXVXRMZDFsQ1FrRkhSQXAyZWtGQ1FtZFJVR050Vm0xamVUbHZXbGRHYTJONU9YUlpWMngxVFVSelIwTnBjMGRCVVZGQ1p6YzRkMEZSWjBWTVVYZHlZVWhTTUdOSVRUWk1lVGt3Q21JeWRHeGlhVFZvV1ROU2NHSXlOWHBNYldSd1pFZG9NVmx1Vm5wYVdFcHFZakkxTUZwWE5UQk1iVTUyWWxSQ2NFSm5iM0pDWjBWRlFWbFBMMDFCUlVvS1FrWnpUVmRYYURCa1NFSjZUMms0ZGxveWJEQmhTRlpwVEcxT2RtSlRPWE5pTWpsNldsZEthR1Z0T1haaE1rVjJXVmRGZEdSSFZucGtRemgxV2pKc01BcGhTRlpwVEROa2RtTnRkRzFpUnprelkzazVkMk50T1RKYVZ6Vm9ZbTFPYkV4dWJHaGlWM2hCWTIxV2JXTjVPVzlhVjBaclkzazVkRmxYYkhWTlJHZEhDa05wYzBkQlVWRkNaemM0ZDBGUmIwVkxaM2R2V2xkS2JWcHFhR3RhYlVwclRtcEJOVmxxWkdsTmFrbDVUWHBrYWs1NlkzaFBWMDVzVFVSa2JVMXRVbW9LVG5wcmVrNUhXVEZhYWtGa1FtZHZja0puUlVWQldVOHZUVUZGVEVKQk9FMUVWMlJ3WkVkb01WbHBNVzlpTTA0d1dsZFJkMDUzV1V0TGQxbENRa0ZIUkFwMmVrRkNSRUZSY0VSRFpHOWtTRkozWTNwdmRrd3laSEJrUjJneFdXazFhbUl5TUhaaVJ6bDJZekpXYVZsWWNIWmlNblJvVERKR2FFeFlVbXhqTTFGM0NrOUJXVXRMZDFsQ1FrRkhSSFo2UVVKRVVWRnhSRU5vYkZsdFdtMVBSMUp0V1cxUk1rMUViR2xPTWtsNVRXcEplazR5VFROT2VrVTFXVEpWZDA0eVdYa0tXa2ROTTA5VVRUQmFhbFp0VFVJNFIwTnBjMGRCVVZGQ1p6YzRkMEZSTkVWRlVYZFFZMjFXYldONU9XOWFWMFpyWTNrNWRGbFhiSFZOUW10SFEybHpSd3BCVVZGQ1p6YzRkMEZST0VWRGQzZEtUMFJyZUU1NlJURk9SRkV3VFVNNFIwTnBjMGRCVVZGQ1p6YzRkMEZTUVVWSlVYZG1ZVWhTTUdOSVRUWk1lVGx1Q21GWVVtOWtWMGwxV1RJNWRFd3llSFppTTA1c1dXMUdObUl5T1hKWlZFRllRbWR2Y2tKblJVVkJXVTh2VFVGRlVrSkJhMDFDZWtWNlRVUlJORTFxV1hjS1lWRlpTMHQzV1VKQ1FVZEVkbnBCUWtWblVtSkVSbXh2WkVoU2QyTjZiM1pNTW1Sd1pFZG9NVmxwTldwaU1qQjJZa2M1ZG1NeVZtbFpXSEIyWWpKMGFBcE1Na1pvVEZoU2JHTXpVWFpNYldSd1pFZG9NVmxwT1ROaU0wcHlXbTE0ZG1RelRYWmpTRXAyWkcxV2RWbFhOV3BhVXpVMVdWY3hjMUZJU214YWJrMTJDbUZIVm1oYVNFMTJZbGRHY0dKcVFUUkNaMjl5UW1kRlJVRlpUeTlOUVVWVVFrTnZUVXRIVm1sYWJWazBXa2RhYVZwRVdYZFBWMGt6V1dwSmVVMXFUVE1LV1hwak0wMVViR3BhVkVFeldtcEthMWw2WXpWTmVsSnRUbGRaZDBsUldVdExkMWxDUWtGSFJIWjZRVUpHUVZGVVJFSkdNMkl6U25KYWJYaDJaREU1YXdwaFdFNTNXVmhTYW1GRVFtSkNaMjl5UW1kRlJVRlpUeTlOUVVWV1FrVXdUVk15YURCa1NFSjZUMms0ZGxveWJEQmhTRlpwVEcxT2RtSlRPWE5pTWpsNkNscFhTbWhsYlRsMllUSkZkbGxYUlhSa1IxWjZaRU01YUZrelVuQmlNalY2VEROS01XSnVUWFpOVkVVMVRrUkZNRTFxVlRCUFJHTjJXVmhTTUZwWE1YY0taRWhOZGsxVVFWZENaMjl5UW1kRlJVRlpUeTlOUVVWWFFrRm5UVUp1UWpGWmJYaHdXWHBEUW1sUldVdExkMWxDUWtGSVYyVlJTVVZCWjFJM1FraHJRUXBrZDBJeFFVNHdPVTFIY2tkNGVFVjVXWGhyWlVoS2JHNU9kMHRwVTJ3Mk5ETnFlWFF2TkdWTFkyOUJka3RsTms5QlFVRkNhekIwVWtaU1kwRkJRVkZFQ2tGRldYZFNRVWxuUlhobE1tdFdlSFExWkdGRVdVUmlZMWh4WjBnemJrTkhkVUl3UVhGVVozVmFTbXhaUTBGMlFVUnRiME5KUTIxT2RuSmtWRXBPY0VZS2JqVnJTbWRyYUdsVVIzWlNNSGxMTWxreFExb3lLelYzWlhNd1pVSmtjMWxOUVc5SFEwTnhSMU5OTkRsQ1FVMUVRVEpqUVUxSFVVTk5Selp5V0d4RlNRcGhTazkzWlhST1RITlVZVVJMTjBod01ITlZkVUoxYTBaVFMwZ3dVbTFQSzA1RU1HRm9jV3hTVmxkYU9ERkJXbUYxVVhjelFreGtSbFpuU1hkVGRESTBDbWswYjBKSWVFVXpNVTlOU1d4M1JVTTVWakJUUzA1SlRGSmljVVZvVG1KdmIyUkpjWHB1TW1kMVFYVTRUbkpWVkhGbGRtdFRTV0pOZHpNdmFnb3RMUzB0TFVWT1JDQkRSVkpVU1VaSlEwRlVSUzB0TFMwdENnPT0ifV19fQ==" + } + ], + "timestampVerificationData": { + }, + "certificate": { + "rawBytes": "MIIG6TCCBnCgAwIBAgIUESz5fbUqxs2VkHg2mvYS8FqNWtswCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjQxMTIwMjA0MzQ1WhcNMjQxMTIwMjA1MzQ1WjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEGl4luCXEU+7DViEbvrwGzICcyGaSX+vsIr/uieXvZEzlgYwaKgtVf7akDxMBV0429MwaexedOrYh8q6vKt54qqOCBY8wggWLMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQURYFInkUwBoVAkIXSO2pWJtOS3CwwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wZwYDVR0RAQH/BF0wW4ZZaHR0cHM6Ly9naXRodWIuY29tL2xvb3NlYmF6b29rYS9hYS10ZXN0Ly5naXRodWIvd29ya2Zsb3dzL3Byb3ZlbmFuY2UueWFtbEByZWZzL2hlYWRzL21haW4wOQYKKwYBBAGDvzABAQQraHR0cHM6Ly90b2tlbi5hY3Rpb25zLmdpdGh1YnVzZXJjb250ZW50LmNvbTAfBgorBgEEAYO/MAECBBF3b3JrZmxvd19kaXNwYXRjaDA2BgorBgEEAYO/MAEDBChlYmZmOGRmYmQ2MDliN2IyMjIzN2M3NzE5Y2UwN2YyZGM3OTM0ZjVmMCEGCisGAQQBg78wAQQEE0dlbmVyYXRlIFByb3ZlbmFuY2UwIgYKKwYBBAGDvzABBQQUbG9vc2ViYXpvb2thL2FhLXRlc3QwHQYKKwYBBAGDvzABBgQPcmVmcy9oZWFkcy9tYWluMDsGCisGAQQBg78wAQgELQwraHR0cHM6Ly90b2tlbi5hY3Rpb25zLmdpdGh1YnVzZXJjb250ZW50LmNvbTBpBgorBgEEAYO/MAEJBFsMWWh0dHBzOi8vZ2l0aHViLmNvbS9sb29zZWJhem9va2EvYWEtdGVzdC8uZ2l0aHViL3dvcmtmbG93cy9wcm92ZW5hbmNlLnlhbWxAcmVmcy9oZWFkcy9tYWluMDgGCisGAQQBg78wAQoEKgwoZWJmZjhkZmJkNjA5YjdiMjIyMzdjNzcxOWNlMDdmMmRjNzkzNGY1ZjAdBgorBgEEAYO/MAELBA8MDWdpdGh1Yi1ob3N0ZWQwNwYKKwYBBAGDvzABDAQpDCdodHRwczovL2dpdGh1Yi5jb20vbG9vc2ViYXpvb2thL2FhLXRlc3QwOAYKKwYBBAGDvzABDQQqDChlYmZmOGRmYmQ2MDliN2IyMjIzN2M3NzE5Y2UwN2YyZGM3OTM0ZjVmMB8GCisGAQQBg78wAQ4EEQwPcmVmcy9oZWFkcy9tYWluMBkGCisGAQQBg78wAQ8ECwwJODkxNzE1NDQ0MC8GCisGAQQBg78wARAEIQwfaHR0cHM6Ly9naXRodWIuY29tL2xvb3NlYmF6b29rYTAXBgorBgEEAYO/MAERBAkMBzEzMDQ4MjYwaQYKKwYBBAGDvzABEgRbDFlodHRwczovL2dpdGh1Yi5jb20vbG9vc2ViYXpvb2thL2FhLXRlc3QvLmdpdGh1Yi93b3JrZmxvd3MvcHJvdmVuYW5jZS55YW1sQHJlZnMvaGVhZHMvbWFpbjA4BgorBgEEAYO/MAETBCoMKGViZmY4ZGZiZDYwOWI3YjIyMjM3Yzc3MTljZTA3ZjJkYzc5MzRmNWYwIQYKKwYBBAGDvzABFAQTDBF3b3JrZmxvd19kaXNwYXRjaDBbBgorBgEEAYO/MAEVBE0MS2h0dHBzOi8vZ2l0aHViLmNvbS9sb29zZWJhem9va2EvYWEtdGVzdC9hY3Rpb25zL3J1bnMvMTE5NDE0MjU0ODcvYXR0ZW1wdHMvMTAWBgorBgEEAYO/MAEWBAgMBnB1YmxpYzCBiQYKKwYBBAHWeQIEAgR7BHkAdwB1AN09MGrGxxEyYxkeHJlnNwKiSl643jyt/4eKcoAvKe6OAAABk0tRFRcAAAQDAEYwRAIgExe2kVxt5daDYDbcXqgH3nCGuB0AqTguZJlYCAvADmoCICmNvrdTJNpFn5kJgkhiTGvR0yK2Y1CZ2+5wes0eBdsYMAoGCCqGSM49BAMDA2cAMGQCMG6rXlEIaJOwetNLsTaDK7Hp0sUuBukFSKH0RmO+ND0ahqlRVWZ81AZauQw3BLdFVgIwSt24i4oBHxE31OMIlwEC9V0SKNILRbqEhNboodIqzn2guAu8NrUTqevkSIbMw3/j" + } + }, + "dsseEnvelope": { + "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjEiLCJzdWJqZWN0IjpbeyJuYW1lIjoiYS50eHQiLCJkaWdlc3QiOnsic2hhMjU2IjoiYTBjZmM3MTI3MWQ2ZTI3OGU1N2NkMzMyZmY5NTdjM2Y3MDQzZmRkYTM1NGM0Y2JiMTkwYTMwZDU2ZWZhMDFiZiJ9fV0sInByZWRpY2F0ZVR5cGUiOiJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjEiLCJwcmVkaWNhdGUiOnsiYnVpbGREZWZpbml0aW9uIjp7ImJ1aWxkVHlwZSI6Imh0dHBzOi8vYWN0aW9ucy5naXRodWIuaW8vYnVpbGR0eXBlcy93b3JrZmxvdy92MSIsImV4dGVybmFsUGFyYW1ldGVycyI6eyJ3b3JrZmxvdyI6eyJyZWYiOiJyZWZzL2hlYWRzL21haW4iLCJyZXBvc2l0b3J5IjoiaHR0cHM6Ly9naXRodWIuY29tL2xvb3NlYmF6b29rYS9hYS10ZXN0IiwicGF0aCI6Ii5naXRodWIvd29ya2Zsb3dzL3Byb3ZlbmFuY2UueWFtbCJ9fSwiaW50ZXJuYWxQYXJhbWV0ZXJzIjp7ImdpdGh1YiI6eyJldmVudF9uYW1lIjoid29ya2Zsb3dfZGlzcGF0Y2giLCJyZXBvc2l0b3J5X2lkIjoiODkxNzE1NDQ0IiwicmVwb3NpdG9yeV9vd25lcl9pZCI6IjEzMDQ4MjYiLCJydW5uZXJfZW52aXJvbm1lbnQiOiJnaXRodWItaG9zdGVkIn19LCJyZXNvbHZlZERlcGVuZGVuY2llcyI6W3sidXJpIjoiZ2l0K2h0dHBzOi8vZ2l0aHViLmNvbS9sb29zZWJhem9va2EvYWEtdGVzdEByZWZzL2hlYWRzL21haW4iLCJkaWdlc3QiOnsiZ2l0Q29tbWl0IjoiZWJmZjhkZmJkNjA5YjdiMjIyMzdjNzcxOWNlMDdmMmRjNzkzNGY1ZiJ9fV19LCJydW5EZXRhaWxzIjp7ImJ1aWxkZXIiOnsiaWQiOiJodHRwczovL2dpdGh1Yi5jb20vbG9vc2ViYXpvb2thL2FhLXRlc3QvLmdpdGh1Yi93b3JrZmxvd3MvcHJvdmVuYW5jZS55YW1sQHJlZnMvaGVhZHMvbWFpbiJ9LCJtZXRhZGF0YSI6eyJpbnZvY2F0aW9uSWQiOiJodHRwczovL2dpdGh1Yi5jb20vbG9vc2ViYXpvb2thL2FhLXRlc3QvYWN0aW9ucy9ydW5zLzExOTQxNDI1NDg3L2F0dGVtcHRzLzEifX19fQ==", + "payloadType": "application/vnd.in-toto+json", + "signatures": [ + { + "sig": "MEUCIQDVGpVLsvEY3lps62cLGzmzgOVRcggySLpARNl9ZEjzrQIgJYViDku7E0JgYI2tODmMiqa5Xz9eELpTlpw/RpJdkWM=" + } + ] + } +}