diff --git a/sigstore-java/src/main/java/dev/sigstore/KeylessVerifier.java b/sigstore-java/src/main/java/dev/sigstore/KeylessVerifier.java index f08213c1..f24c83b9 100644 --- a/sigstore-java/src/main/java/dev/sigstore/KeylessVerifier.java +++ b/sigstore-java/src/main/java/dev/sigstore/KeylessVerifier.java @@ -122,7 +122,7 @@ public void verify(Path artifact, Bundle bundle, VerificationOptions options) public void verify(byte[] artifactDigest, Bundle bundle, VerificationOptions options) throws KeylessVerificationException { - if (bundle.getDSSESignature().isPresent()) { + if (bundle.getDsseEnvelope().isPresent()) { throw new KeylessVerificationException("Cannot verify DSSE signature based bundles"); } diff --git a/sigstore-java/src/main/java/dev/sigstore/bundle/Bundle.java b/sigstore-java/src/main/java/dev/sigstore/bundle/Bundle.java index 0ba087c0..de9a7e04 100644 --- a/sigstore-java/src/main/java/dev/sigstore/bundle/Bundle.java +++ b/sigstore-java/src/main/java/dev/sigstore/bundle/Bundle.java @@ -20,13 +20,16 @@ import java.io.IOException; import java.io.Reader; import java.nio.charset.Charset; +import java.nio.charset.StandardCharsets; import java.nio.file.Files; import java.nio.file.Path; import java.security.cert.CertPath; import java.util.List; import java.util.Optional; +import org.immutables.gson.Gson; import org.immutables.value.Value; import org.immutables.value.Value.Default; +import org.immutables.value.Value.Derived; import org.immutables.value.Value.Immutable; import org.immutables.value.Value.Lazy; @@ -59,13 +62,13 @@ public String getMediaType() { public abstract Optional getMessageSignature(); /** A DSSE envelope signature type that may contain an arbitrary payload */ - public abstract Optional getDSSESignature(); + public abstract Optional getDsseEnvelope(); @Value.Check protected void checkOnlyOneSignature() { Preconditions.checkState( - (getDSSESignature().isEmpty() && getMessageSignature().isPresent()) - || (getDSSESignature().isPresent() && getMessageSignature().isEmpty())); + (getDsseEnvelope().isEmpty() && getMessageSignature().isPresent()) + || (getDsseEnvelope().isPresent() && getMessageSignature().isEmpty())); } @Value.Check @@ -132,7 +135,7 @@ public interface MessageDigest { } @Immutable - public interface DSSESignature { + public interface DsseEnvelope { /** An arbitrary payload that does not need to be parsed to be validated */ String getPayload(); @@ -141,7 +144,36 @@ public interface DSSESignature { String getPayloadType(); /** DSSE specific signature */ - byte[] getSignature(); + List getSignatures(); + + /** + * The "Pre-Authentication Encoding" of this statement. The signature is generated over this + * content. + */ + @Gson.Ignore + @Derived + default byte[] getPAE() { + return ("DSSEv1 " + + getPayloadType().length() + + " " + + getPayloadType() + + " " + + getPayload().length() + + " " + + getPayload()) + .getBytes(StandardCharsets.UTF_8); + } + + @Lazy + @Gson.Ignore + default byte[] getSignature() { + return getSignatures().get(0).getSig(); + } + + @Immutable + interface Signature { + byte[] getSig(); + } } @Immutable diff --git a/sigstore-java/src/main/java/dev/sigstore/bundle/BundleReader.java b/sigstore-java/src/main/java/dev/sigstore/bundle/BundleReader.java index 23256e1f..4f71f864 100644 --- a/sigstore-java/src/main/java/dev/sigstore/bundle/BundleReader.java +++ b/sigstore-java/src/main/java/dev/sigstore/bundle/BundleReader.java @@ -100,17 +100,18 @@ static Bundle readBundle(Reader jsonReader) throws BundleParseException { } if (protoBundle.hasDsseEnvelope()) { - var dsseEnvelope = protoBundle.getDsseEnvelope(); - if (dsseEnvelope.getSignaturesCount() != 1) { - throw new BundleParseException("DSEE envelopes must contain exactly one signature"); + var dsseEnvelopeProto = protoBundle.getDsseEnvelope(); + var dsseEnvelopeBuilder = + ImmutableDsseEnvelope.builder() + .payload(dsseEnvelopeProto.getPayload().toStringUtf8()) + .payloadType(dsseEnvelopeProto.getPayloadType()); + for (int sigIndex = 0; sigIndex < dsseEnvelopeProto.getSignaturesCount(); sigIndex++) { + dsseEnvelopeBuilder.addSignatures( + ImmutableSignature.builder() + .sig(dsseEnvelopeProto.getSignatures(sigIndex).getSig().toByteArray()) + .build()); } - var dsseSignature = - ImmutableDSSESignature.builder() - .payload(dsseEnvelope.getPayload().toStringUtf8()) - .payloadType(dsseEnvelope.getPayloadType()) - .signature(dsseEnvelope.getSignatures(0).toByteArray()) - .build(); - bundleBuilder.dSSESignature(dsseSignature); + bundleBuilder.dsseEnvelope(dsseEnvelopeBuilder.build()); } else if (protoBundle.hasMessageSignature()) { var signature = protoBundle.getMessageSignature().getSignature().toByteArray(); if (protoBundle.getMessageSignature().hasMessageDigest()) { diff --git a/sigstore-java/src/main/java/dev/sigstore/dsse/InTotoPayload.java b/sigstore-java/src/main/java/dev/sigstore/dsse/InTotoPayload.java new file mode 100644 index 00000000..8e381ae4 --- /dev/null +++ b/sigstore-java/src/main/java/dev/sigstore/dsse/InTotoPayload.java @@ -0,0 +1,57 @@ +/* + * Copyright 2024 The Sigstore Authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package dev.sigstore.dsse; + +import static dev.sigstore.json.GsonSupplier.GSON; + +import com.google.gson.JsonElement; +import dev.sigstore.bundle.Bundle.DsseEnvelope; +import java.util.List; +import java.util.Map; +import org.immutables.gson.Gson; +import org.immutables.value.Value.Immutable; + +@Gson.TypeAdapters +@Immutable +public interface InTotoPayload { + + String PAYLOAD_TYPE = "application/vnd.in-toto+json"; + + @Gson.Named("_type") + String getType(); + + List getSubject(); + + String getPredicateType(); + + /** + * Predicate is not processed by this library, if you want to inspect the contents of an + * attestation, you want to use an attestation parser. + */ + JsonElement getPredicate(); + + @Immutable + interface Subject { + + String getName(); + + Map getDigest(); + } + + static InTotoPayload from(DsseEnvelope dsseEnvelope) { + return GSON.get().fromJson(dsseEnvelope.getPayload(), InTotoPayload.class); + } +} diff --git a/sigstore-java/src/main/java/dev/sigstore/json/GsonSupplier.java b/sigstore-java/src/main/java/dev/sigstore/json/GsonSupplier.java index 401dca94..fa235d0b 100644 --- a/sigstore-java/src/main/java/dev/sigstore/json/GsonSupplier.java +++ b/sigstore-java/src/main/java/dev/sigstore/json/GsonSupplier.java @@ -16,6 +16,7 @@ package dev.sigstore.json; import com.google.gson.*; +import dev.sigstore.dsse.GsonAdaptersInTotoPayload; import dev.sigstore.rekor.client.GsonAdaptersRekorEntry; import dev.sigstore.rekor.client.GsonAdaptersRekorEntryBody; import dev.sigstore.tuf.model.*; @@ -59,6 +60,7 @@ public enum GsonSupplier implements Supplier { .registerTypeAdapterFactory(new GsonAdaptersTargetMeta()) .registerTypeAdapterFactory(new GsonAdaptersTimestamp()) .registerTypeAdapterFactory(new GsonAdaptersTimestampMeta()) + .registerTypeAdapterFactory(new GsonAdaptersInTotoPayload()) .disableHtmlEscaping() .create(); diff --git a/sigstore-java/src/test/java/dev/sigstore/bundle/BundleReaderTest.java b/sigstore-java/src/test/java/dev/sigstore/bundle/BundleReaderTest.java index 41fe2a88..4e2250e4 100644 --- a/sigstore-java/src/test/java/dev/sigstore/bundle/BundleReaderTest.java +++ b/sigstore-java/src/test/java/dev/sigstore/bundle/BundleReaderTest.java @@ -16,6 +16,7 @@ package dev.sigstore.bundle; import com.google.common.io.Resources; +import dev.sigstore.dsse.InTotoPayload; import java.io.InputStreamReader; import java.nio.charset.StandardCharsets; import org.junit.jupiter.api.Assertions; @@ -81,7 +82,9 @@ public void readV3_1Bundle_noInclusion() { @Test public void readDSSEBundle() throws Exception { var bundle = readBundle("dev/sigstore/samples/bundles/bundle.dsse.sigstore"); - Assertions.assertTrue(bundle.getDSSESignature().isPresent()); + Assertions.assertTrue(bundle.getDsseEnvelope().isPresent()); + var intotoPayload = InTotoPayload.from(bundle.getDsseEnvelope().get()); + Assertions.assertEquals("https://slsa.dev/provenance/v1", intotoPayload.getPredicateType()); } private Bundle readBundle(String resourcePath) throws Exception { diff --git a/sigstore-java/src/test/resources/dev/sigstore/samples/bundles/bundle.dsse.sigstore b/sigstore-java/src/test/resources/dev/sigstore/samples/bundles/bundle.dsse.sigstore index c6823da8..6a43a26c 100644 --- a/sigstore-java/src/test/resources/dev/sigstore/samples/bundles/bundle.dsse.sigstore +++ b/sigstore-java/src/test/resources/dev/sigstore/samples/bundles/bundle.dsse.sigstore @@ -1 +1,59 @@ -{"mediaType":"application/vnd.dev.sigstore.bundle+json;version=0.2","verificationMaterial":{"x509CertificateChain":{"certificates":[{"rawBytes":"MIIC+TCCAp+gAwIBAgIEERggBDAKBggqhkjOPQQDAzArMREwDwYDVQQDEwhzaWdzdG9yZTEWMBQGA1UEChMNc2lnc3RvcmUubW9jazAeFw0yMzAyMDEwMDAwMDBaFw0yMzAyMDEwMDEwMDBaMAAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASQM2eJPe5oBjDG7hTsPcRBcKhRrjgC9zMWJ2RTSmfzEBI8T1vTF4Lz6KP6pygxdrmCHHW6SXqJGGmgBzo1ok9Wo4IB2jCCAdYwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMDMIGlBgNVHREBAf8EgZowgZeGgZRodHRwczovL2dpdGh1Yi5jb20vc2lnc3RvcmUtY29uZm9ybWFuY2UvZXh0cmVtZWx5LWRhbmdlcm91cy1wdWJsaWMtb2lkYy1iZWFjb24vLmdpdGh1Yi93b3JrZmxvd3MvZXh0cmVtZWx5LWRhbmdlcm91cy1vaWRjLWJlYWNvbi55bWxAcmVmcy9oZWFkcy9tYWluMB0GA1UdDgQWBBRZgwYbV93/5qITdbmTqIdG0v8b0DAfBgNVHSMEGDAWgBQ/FFxk7FUxt/oE8lDZEF0s7kasuDA7BgorBgEEAYO/MAEIBC0MK2h0dHBzOi8vdG9rZW4uYWN0aW9ucy5naXRodWJ1c2VyY29udGVudC5jb20wgYkGCisGAQQB1nkCBAIEewR5AHcAdQD3JsqjQRe6kWVErzc06SDNTEku91zmIo/cBO7/Lz8n3QAAAYYKRewAAAAEAwBGMEQCIFnuWBVFYgMX4H3ZRCMC1I+ATbvxbL6seQjQzCcg/5GaAiA3ZaogbHzdd5iogGIAH4ie375BHoWHZ5ULhBnHjyiBnjAKBggqhkjOPQQDAwNIADBFAiEApzWL0OZPurv9/AZp1Mvq6SDFWR3ywLnGcCT8/7aae0UCIDD6vUdxofuJBJgvj/QJo+nsYg+w78CamL+2xAO6VP/S"}]},"tlogEntries":[{"logIndex":"6283476","logId":{"keyId":"9ybKo0EXupFlRK83NOkgzUxJLvdc5iKP3ATu/y8/J90="},"kindVersion":{"kind":"intoto","version":"0.0.2"},"integratedTime":"1675209600","inclusionPromise":{"signedEntryTimestamp":"MEUCIQDgJNIaJoa/5HBTw2l7kULeKvV3fGKJ+NNuYdaQjr1HcwIgUKlKhwKDR5gJdpkIDmT/itxDfyBML39MMD5isQrVqoo="},"inclusionProof":{"logIndex":"0","rootHash":"VAy6NoRBsD4ZU/VFHRYmqBxhdxDQ+baDonVh7Nadrfo=","treeSize":"1","hashes":[],"checkpoint":{"envelope":"localhost:8000 - 56600746402783\n1\nVAy6NoRBsD4ZU/VFHRYmqBxhdxDQ+baDonVh7Nadrfo=\nTimestamp: 1675209600000000000\n\n— localhost:8000 9ybKozBFAiAxmlqJ7gtz+ZJE2Mtn3s7HJQCV5y3JmJ6cGhlH4VWCqgIhAPy6ZWBrJZnHgZqCLehTgWmu6+95EAhsnAcpMyFqQPjt\n"}},"canonicalizedBody":"eyJhcGlWZXJzaW9uIjoiMC4wLjIiLCJraW5kIjoiaW50b3RvIiwic3BlYyI6eyJjb250ZW50Ijp7ImVudmVsb3BlIjp7InBheWxvYWQiOiJaWGR2WjBsRFNtWmtTR3gzV2xOSk5rbERTbTlrU0ZKM1kzcHZka3d5YkhWTVdGSjJaRWM0ZFdGWE9IWlZNMUpvWkVkV2RGcFhOVEJNTTFsNFNXbDNTMGxEUVdsak0xWnBZVzFXYW1SRFNUWkpSbk5MU1VOQlowbEljMHRKUTBGblNVTkJaMGx0TldoaVYxVnBUMmxCYVZwRE5UQmxTRkZwVEVGdlowbERRV2RKUTBGcFdrZHNibHBZVGpCSmFtOW5aWGR2WjBsRFFXZEpRMEZuU1VOS2VtRkhSWGxPVkZscFQybEJhVTE2VFhkWlZFRXdUWHBKZVUxSFdtaE5WRTVzVFVSR2EwNXFhR2hPTWxKcFRYcHNhazlFYkd4TlZFcHBUVWROTUZsNlRtbE9iVVYzVFhwUk1scHRWVEpOYWxKcFRVUnJkMDB5V1hoTmVrRjZXV3BXYVUxcFNVdEpRMEZuU1VOQloyWlJiMmRKUTBGblpsRnZaMGxHTUhORGFVRm5TVzVDZVZwWFVuQlpNa1l3V2xaU05XTkhWV2xQYVVGcFlVaFNNR05JVFRaTWVUbDZZa2hPYUV4dFVteGthVGwzWTIwNU1scFhOV2hpYlU1c1RETlplRWxwZDB0SlEwRnBZMGhLYkZwSGJHcFpXRkpzU1dwdloyVjNiMmRKUTBGblNXMUtNV0ZYZUd0U1IxWnRZVmMxY0dSSGJIWmlhVWsyU1VoelMwbERRV2RKUTBGblNXMUtNV0ZYZUd0V1NHeDNXbE5KTmtsRFNtOWtTRkozWTNwdmRrd3pUbk5qTWtWMFdtNUthR0pYVmpOaU0wcHlURzFrY0dSSGFERlphVFZ3WW5rNWJtRllVbTlrVjBsMFdWZE9NR0ZYT1hWamVURnBaRmRzYzFwSVVqVmpSMVo2VEROa2RtTnRkRzFpUnprelRETlplRWxwZDB0SlEwRm5TVU5CWjBsdFZqUmtSMVo1WW0xR2MxVkhSbmxaVnpGc1pFZFdlV041U1RaSlNITkxTVU5CWjBsRFFXZEpRMEZwWkRJNWVXRXlXbk5pTTJOcFQybENOME5wUVdkSlEwRm5TVU5CWjBsRFFXbGpiVlp0U1dwdlowbHVTbXhhYmsxMllVZFdhRnBJVFhaaVYwWndZbWxKYzBOcFFXZEpRMEZuU1VOQlowbERRV2xqYlZaM1lqTk9jR1JIT1hsbFUwazJTVU5LYjJSSVVuZGplbTkyVERKa2NHUkhhREZaYVRWcVlqSXdkbU15Ykc1ak0xSjJZMjFWZG1NeWJHNWpNMUoyWTIxVmRGa3lPWFZhYlRsNVlsZEdkVmt5VldsTVFXOW5TVU5CWjBsRFFXZEpRMEZuU1c1Q2FHUkhaMmxQYVVGcFRHMWtjR1JIYURGWmFUa3pZak5LY2xwdGVIWmtNMDEyV1RJNWRWcHRPWGxpVjBaMVdUSlZkV1ZYTVhOSloyOW5TVU5CWjBsRFFXZEpTREJMU1VOQlowbERRV2RtVTNkTFNVTkJaMGxEUVdkSmJXeDFaRWRXZVdKdFJuTlZSMFo1V1ZjeGJHUkhWbmxqZVVrMlNVaHpTMGxEUVdkSlEwRm5TVU5CYVZveWJEQmhTRlpwU1dwdloyVjNiMmRKUTBGblNVTkJaMGxEUVdkSmJWWXlXbGMxTUZneU5XaGlWMVZwVDJsQmFXTklWbnBoUTBselEybEJaMGxEUVdkSlEwRm5TVU5CYVdOdFZuZGlNMDV3WkVjNWVXVldPWEJhUTBrMlNVTkpNVTVFUlRSUFZFMTRUMFJaYVV4QmIyZEpRMEZuU1VOQlowbERRV2RKYmtwc1kwYzVlbUZZVW5aamJteG1Zak5rZFZwWVNtWmhWMUZwVDJsQmFVNTZSWGRQVkZsNlRsUk5hVU5wUVdkSlEwRm5TVU5CWjJaUmIyZEpRMEZuU1VOQ09VeEJiMmRKUTBGblNVTkJhV050Vm5waU1uZ3lXbGRTUlZwWVFteGliVkpzWW0xT2NGcFlUV2xQYVVKaVEybEJaMGxEUVdkSlEwRm5aWGR2WjBsRFFXZEpRMEZuU1VOQlowbHVWbmxoVTBrMlNVTktibUZZVVhKaFNGSXdZMGhOTmt4NU9XNWhXRkp2WkZkSmRWa3lPWFJNTTA1d1dqTk9NR0l6U214TU0wNXdXak5PTUdJelNteE1WMDUyWW0xYWRtTnRNV2hpYlU1c1VVaEtiRnB1VFhaaFIxWm9Xa2hOZG1KWFJuQmlhVWx6UTJsQlowbERRV2RKUTBGblNVTkJhVnBIYkc1YVdFNHdTV3B2WjJWM2IyZEpRMEZuU1VOQlowbERRV2RKUTBGcFdqSnNNRkV5T1hSaVYyd3dTV3B2WjBsdFRURmFhbFp0V1dwSk1VNVVSVEpOTWxaclQwUldhMXBIU1hwTmJWRXhUa2RTYWxwSFVUTk5WRUpvV1hwT2JVMUVVVEpOUkUxcFEybEJaMGxEUVdkSlEwRm5TVU5DT1VOcFFXZEpRMEZuU1VOQloyWlJiMmRKUTBGblNVTkNaRU5wUVdkSlEwSTVURUZ2WjBsRFFXZEpia294WW10U2JHUkhSbkJpU0UxcFQybENOME5wUVdkSlEwRm5TVU5LYVdSWGJITmFSMVo1U1dwdloyVjNiMmRKUTBGblNVTkJaMGxEU25CYVEwazJTVU5LYjJSSVVuZGplbTkyVERKa2NHUkhhREZaYVRWcVlqSXdkbGxYVGpCaFZ6bDFZM2s1ZVdSWE5YVmFXRWwyV2pKc01HRklWbWxNVjJoMll6TlNiRnBEU1V0SlEwRm5TVU5CWjJaVGQwdEpRMEZuU1VOQlowbHRNV3hrUjBacldWaFNhRWxxYjJkbGQyOW5TVU5CWjBsRFFXZEpRMHB3WW01YWRsa3lSakJoVnpsMVUxZFJhVTlwUVdsaFNGSXdZMGhOTmt4NU9XNWhXRkp2WkZkSmRWa3lPWFJNTTA1d1dqTk9NR0l6U214TU0wNXdXak5PTUdJelNteE1WMDUyWW0xYWRtTnRNV2hpYlU1c1RESkdhbVJIYkhaaWJrMTJZMjVXZFdONU9ETk5WR042VG1wSmQwOVVSWGRNTWtZd1pFZFdkR05JVW5wTWVrVnBRMmxCWjBsRFFXZEpTREJMU1VOQlowbElNRXRKUTBJNVEyNHdTdz09IiwicGF5bG9hZFR5cGUiOiJhcHBsaWNhdGlvbi92bmQuaW4tdG90bytqc29uIiwic2lnbmF0dXJlcyI6W3sicHVibGljS2V5IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTXJWRU5EUVhBclowRjNTVUpCWjBsRlJWSm5aMEpFUVV0Q1oyZHhhR3RxVDFCUlVVUkJla0Z5VFZKRmQwUjNXVVJXVVZGRVJYZG9lbUZYWkhwa1J6bDVXbFJGVjAxQ1VVZEJNVlZGUTJoTlRtTXliRzVqTTFKMlkyMVZkV0pYT1dwaGVrRmxSbmN3ZVUxNlFYbE5SRVYzVFVSQmQwMUVRbUZHZHpCNVRYcEJlVTFFUlhkTlJFVjNUVVJDWVUxQlFYZFhWRUZVUW1kamNXaHJhazlRVVVsQ1FtZG5jV2hyYWs5UVVVMUNRbmRPUTBGQlUxRk5NbVZLVUdVMWIwSnFSRWMzYUZSelVHTlNRbU5MYUZKeWFtZERPWHBOVjBveVVsUlRiV1o2UlVKSk9GUXhkbFJHTkV4Nk5rdFFObkI1WjNoa2NtMURTRWhYTmxOWWNVcEhSMjFuUW5wdk1XOXJPVmR2TkVsQ01tcERRMEZrV1hkRVoxbEVWbEl3VUVGUlNDOUNRVkZFUVdkbFFVMUNUVWRCTVZWa1NsRlJUVTFCYjBkRFEzTkhRVkZWUmtKM1RVUk5TVWRzUW1kT1ZraFNSVUpCWmpoRloxcHZkMmRhWlVkbldsSnZaRWhTZDJONmIzWk1NbVJ3WkVkb01WbHBOV3BpTWpCMll6SnNibU16VW5aamJWVjBXVEk1ZFZwdE9YbGlWMFoxV1RKVmRscFlhREJqYlZaMFdsZDROVXhYVW1oaWJXUnNZMjA1TVdONU1YZGtWMHB6WVZkTmRHSXliR3RaZVRGcFdsZEdhbUl5TkhaTWJXUndaRWRvTVZscE9UTmlNMHB5V20xNGRtUXpUWFphV0dnd1kyMVdkRnBYZURWTVYxSm9ZbTFrYkdOdE9URmplVEYyWVZkU2FreFhTbXhaVjA1MlltazFOV0pYZUVGamJWWnRZM2s1YjFwWFJtdGplVGwwV1Zkc2RVMUNNRWRCTVZWa1JHZFJWMEpDVWxwbmQxbGlWamt6THpWeFNWUmtZbTFVY1Vsa1J6QjJPR0l3UkVGbVFtZE9Wa2hUVFVWSFJFRlhaMEpSTDBaR2VHczNSbFY0ZEM5dlJUaHNSRnBGUmpCek4ydGhjM1ZFUVRkQ1oyOXlRbWRGUlVGWlR5OU5RVVZKUWtNd1RVc3lhREJrU0VKNlQyazRkbVJIT1hKYVZ6UjFXVmRPTUdGWE9YVmplVFZ1WVZoU2IyUlhTakZqTWxaNVdUSTVkV1JIVm5Wa1F6VnFZakl3ZDJkWmEwZERhWE5IUVZGUlFqRnVhME5DUVVsRlpYZFNOVUZJWTBGa1VVUXpTbk54YWxGU1pUWnJWMVpGY25wak1EWlRSRTVVUld0MU9URjZiVWx2TDJOQ1R6Y3ZUSG80YmpOUlFVRkJXVmxMVW1WM1FVRkJRVVZCZDBKSFRVVlJRMGxHYm5WWFFsWkdXV2ROV0RSSU0xcFNRMDFETVVrclFWUmlkbmhpVERaelpWRnFVWHBEWTJjdk5VZGhRV2xCTTFwaGIyZGlTSHBrWkRWcGIyZEhTVUZJTkdsbE16YzFRa2h2VjBoYU5WVk1hRUp1U0dwNWFVSnVha0ZMUW1kbmNXaHJhazlRVVZGRVFYZE9TVUZFUWtaQmFVVkJjSHBYVERCUFdsQjFjblk1TDBGYWNERk5kbkUyVTBSR1YxSXplWGRNYmtkalExUTRMemRoWVdVd1ZVTkpSRVEyZGxWa2VHOW1kVXBDU21kMmFpOVJTbThyYm5OWlp5dDNOemhEWVcxTUt6SjRRVTgyVmxBdlV3b3RMUzB0TFVWT1JDQkRSVkpVU1VaSlEwRlVSUzB0TFMwdENnPT0iLCJzaWciOiJUVVZWUTBsRWJWbFZZamRvUm5RNVQyUnRjRGh1WlhGV2FsVTRNVlZtVjFSbk5qRlJUMVZ1ZVZKdE9FRlpaVXRtUVdsRlFUUm9XbWw0ZUhaTmNFUlFRMWRyWnpCU1kzRklkRWQzVlZWbGFUWnVSbkZDU2xaclkyWnVRVkoyV0VrOSJ9XX0sImhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiI5ZTk3Y2RiZTRlODg1Yjk4OWE0MDI1YmY4NTFjOGE3NTkwNzA2MmM4YmNhNmYwNDZkNDRlZGI5YTc1NThmNTE4In0sInBheWxvYWRIYXNoIjp7ImFsZ29yaXRobSI6InNoYTI1NiIsInZhbHVlIjoiMGViYmRiYzIxZDE4MjAwN2I3OGI1NzcwZGVhMjQ5ZjExMDk0NmI3ZGVkODU3YTRlYzAwY2NiNjkyYzFlMjVhZiJ9fX19"}],"timestampVerificationData":{"rfc3161Timestamps":[{"signedTimestamp":"MIICHDADAgEAMIICEwYJKoZIhvcNAQcCoIICBDCCAgACAQMxDzANBglghkgBZQMEAgEFADB0BgsqhkiG9w0BCRABBKBlBGMwYQIBAQYJKwYBBAGDvzACMC8wCwYJYIZIAWUDBAIBBCDzcX7M5GHmAKza2P4d69jjJRypS9e+mMaKdYjEU9Ki0gIE3q2+7xgPMjAyMzAyMDEwMDAwMDBaMAMCAQECBEmWAtKgADGCAXAwggFsAgEBMCswJjEMMAoGA1UEAxMDdHNhMRYwFAYDVQQKEw1zaWdzdG9yZS5tb2NrAgECMA0GCWCGSAFlAwQCAQUAoIHVMBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRABBDAcBgkqhkiG9w0BCQUxDxcNMjMwMjAxMDAwMDAwWjAvBgkqhkiG9w0BCQQxIgQgT8kHw9BxP0p9LFMwc8fr2PhmNt2DzmF26qJBAzHxjIgwaAYLKoZIhvcNAQkQAi8xWTBXMFUwUwQgAA4hfcjNjQJC6U7kl1KxL3VHVkxZbFxM+eqk9sPXbJAwLzAqpCgwJjEMMAoGA1UEAxMDdHNhMRYwFAYDVQQKEw1zaWdzdG9yZS5tb2NrAgECMAoGCCqGSM49BAMCBEcwRQIhAOAxDCA1QjNKsiE0WnAh+qxiLwqMFM+BubZ28pbn9+wIAiBk6DdCY6cFcOVzED5E1O6vhS8641fT1nmwkgbLfCIQwg=="}]}},"dsseEnvelope":{"payload":"ewogICJfdHlwZSI6ICJodHRwczovL2luLXRvdG8uaW8vU3RhdGVtZW50L3YxIiwKICAic3ViamVjdCI6IFsKICAgIHsKICAgICAgIm5hbWUiOiAiZC50eHQiLAogICAgICAiZGlnZXN0IjogewogICAgICAgICJzaGEyNTYiOiAiMzMwYTA0MzIyMGZhMTNlMDFkNjhhN2RiMzljODllMTJiMGM0YzNiNmEwMzQ2ZmU2MjRiMDkwM2YxMzAzYjViMiIKICAgICAgfQogICAgfQogIF0sCiAgInByZWRpY2F0ZVR5cGUiOiAiaHR0cHM6Ly9zbHNhLmRldi9wcm92ZW5hbmNlL3YxIiwKICAicHJlZGljYXRlIjogewogICAgImJ1aWxkRGVmaW5pdGlvbiI6IHsKICAgICAgImJ1aWxkVHlwZSI6ICJodHRwczovL3Nsc2EtZnJhbWV3b3JrLmdpdGh1Yi5pby9naXRodWItYWN0aW9ucy1idWlsZHR5cGVzL3dvcmtmbG93L3YxIiwKICAgICAgImV4dGVybmFsUGFyYW1ldGVycyI6IHsKICAgICAgICAid29ya2Zsb3ciOiB7CiAgICAgICAgICAicmVmIjogInJlZnMvaGVhZHMvbWFpbiIsCiAgICAgICAgICAicmVwb3NpdG9yeSI6ICJodHRwczovL2dpdGh1Yi5jb20vc2lnc3RvcmUvc2lnc3RvcmUtY29uZm9ybWFuY2UiLAogICAgICAgICAgInBhdGgiOiAiLmdpdGh1Yi93b3JrZmxvd3MvY29uZm9ybWFuY2UueW1sIgogICAgICAgIH0KICAgICAgfSwKICAgICAgImludGVybmFsUGFyYW1ldGVycyI6IHsKICAgICAgICAiZ2l0aHViIjogewogICAgICAgICAgImV2ZW50X25hbWUiOiAicHVzaCIsCiAgICAgICAgICAicmVwb3NpdG9yeV9pZCI6ICI1NDE4OTMxODYiLAogICAgICAgICAgInJlcG9zaXRvcnlfb3duZXJfaWQiOiAiNzEwOTYzNTMiCiAgICAgICAgfQogICAgICB9LAogICAgICAicmVzb2x2ZWREZXBlbmRlbmNpZXMiOiBbCiAgICAgICAgewogICAgICAgICAgInVyaSI6ICJnaXQraHR0cHM6Ly9naXRodWIuY29tL3NpZ3N0b3JlL3NpZ3N0b3JlLWNvbmZvcm1hbmNlQHJlZnMvaGVhZHMvbWFpbiIsCiAgICAgICAgICAiZGlnZXN0IjogewogICAgICAgICAgICAiZ2l0Q29tbWl0IjogImM1ZjVmYjI1NTE2M2VkODVkZGIzMmQ1NGRjZGQ3MTBhYzNmMDQ2MDMiCiAgICAgICAgICB9CiAgICAgICAgfQogICAgICBdCiAgICB9LAogICAgInJ1bkRldGFpbHMiOiB7CiAgICAgICJidWlsZGVyIjogewogICAgICAgICJpZCI6ICJodHRwczovL2dpdGh1Yi5jb20vYWN0aW9ucy9ydW5uZXIvZ2l0aHViLWhvc3RlZCIKICAgICAgfSwKICAgICAgIm1ldGFkYXRhIjogewogICAgICAgICJpbnZvY2F0aW9uSWQiOiAiaHR0cHM6Ly9naXRodWIuY29tL3NpZ3N0b3JlL3NpZ3N0b3JlLWNvbmZvcm1hbmNlL2FjdGlvbnMvcnVucy83MTczNjIwOTEwL2F0dGVtcHRzLzEiCiAgICAgIH0KICAgIH0KICB9Cn0K","payloadType":"application/vnd.in-toto+json","signatures":[{"sig":"MEUCIDmYUb7hFt9Odmp8neqVjU81UfWTg61QOUnyRm8AYeKfAiEA4hZixxvMpDPCWkg0RcqHtGwUUei6nFqBJVkcfnARvXI=","keyid":""}]}} +{ + "mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", + "verificationMaterial": { + "tlogEntries": [ + { + "logIndex": "150322684", + "logId": { + "keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0=" + }, + "kindVersion": { + "kind": "dsse", + "version": "0.0.1" + }, + "integratedTime": "1732135425", + "inclusionPromise": { + "signedEntryTimestamp": "MEUCIF/Y+XbEXKAblX/ohWp+wXIff65mYTzEUf+p557ocUEZAiEAjSHzJCkwJPP+8YF6bvmpuEl+sXb84RL1wf9zVnfLns4=" + }, + "inclusionProof": { + "logIndex": "28418422", + "rootHash": "+QIOalcm4FuDhJj9qII/2u9Nypdzjk0c9NK7hGTgac8=", + "treeSize": "28418423", + "hashes": [ + "wB0Bax3k2EbrDhHe/Am7xWtmsX0kV75PD38gAOQ6V/4=", + "ljcbev25ePyz7Ns8nCGnARFqCQ9gEy0J6nZLllEjx5w=", + "gSbCTgtyNMJHo+eX5BrdCm2lViZxYwdu3F0QVBhcxj8=", + "GdXev4gNvvFgWH0cLpbpKAYhfflAN2k4JyWFw9O5hts=", + "QamBghNmsUsGreZ9zxBhz7ynJzdS8Wt34XSWduDhJe4=", + "QmKt9GDPnFWd2pjpwiF9anMwu0zKnqqd9uSsS+Ghm0E=", + "zGmHsTSEnYk656ZFm3nFkDh/8cEiIYAqh1zD7l6Wl5M=", + "ggdeKtYR4Qf6kMEDhKtGxCnbgcZzb3YtF3fczGIjWCI=", + "iF6rmo01zrn23pMgcPKlXOufqui4F8Q1+hj8PHL6XuY=", + "bulsENariUUsC4xiR1yFtqKzD8evI9p/s+YCpl8t9tE=", + "E2rLOYPJFKiizYiyu07QLqkMVTVL7i2ZgXiQywdI9KQ=", + "4lUF0YOu9XkIDXKXA0wMSzd6VeDY3TZAgmoOeWmS2+Y=", + "gf+9m552B3PnkWnO0o4KdVvjcT3WVHLrCbf1DoVYKFw=" + ], + "checkpoint": { + "envelope": "rekor.sigstore.dev - 1193050959916656506\n28418423\n+QIOalcm4FuDhJj9qII/2u9Nypdzjk0c9NK7hGTgac8=\n\n— rekor.sigstore.dev wNI9ajBGAiEA5TnJBQi/DYgn5WvcQvZi0q5tlOF/h3sxLW2nztOtgfwCIQCrliHf+bgbEvlXQNw3XserTuIeSYrG6aMo8SHVOR7Pmg==\n" + } + }, + "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiZHNzZSIsInNwZWMiOnsiZW52ZWxvcGVIYXNoIjp7ImFsZ29yaXRobSI6InNoYTI1NiIsInZhbHVlIjoiNzhiZmM3ZDNhNGVjOThiZjJlZjMyYmFmOTEyOGU0MTg5ZmZlY2JkOTIzYWIwMjQ2YWU1Y2NiNDE1Y2FmNmY0MSJ9LCJwYXlsb2FkSGFzaCI6eyJhbGdvcml0aG0iOiJzaGEyNTYiLCJ2YWx1ZSI6ImQ2YjIwOWJhOWRkZTNiMWVlNWVkZWJiODhkMWIxYjkxN2I3MmVlYjYxNDMyOGU3YmE2NjdmNWI3YWI3MGU5ODcifSwic2lnbmF0dXJlcyI6W3sic2lnbmF0dXJlIjoiTUVVQ0lRRFZHcFZMc3ZFWTNscHM2MmNMR3ptemdPVlJjZ2d5U0xwQVJObDlaRWp6clFJZ0pZVmlEa3U3RTBKZ1lJMnRPRG1NaXFhNVh6OWVFTHBUbHB3L1JwSmRrV009IiwidmVyaWZpZXIiOiJMUzB0TFMxQ1JVZEpUaUJEUlZKVVNVWkpRMEZVUlMwdExTMHRDazFKU1VjMlZFTkRRbTVEWjBGM1NVSkJaMGxWUlZONk5XWmlWWEY0Y3pKV2EwaG5NbTEyV1ZNNFJuRk9WM1J6ZDBObldVbExiMXBKZW1vd1JVRjNUWGNLVG5wRlZrMUNUVWRCTVZWRlEyaE5UV015Ykc1ak0xSjJZMjFWZFZwSFZqSk5ValIzU0VGWlJGWlJVVVJGZUZaNllWZGtlbVJIT1hsYVV6RndZbTVTYkFwamJURnNXa2RzYUdSSFZYZElhR05PVFdwUmVFMVVTWGROYWtFd1RYcFJNVmRvWTA1TmFsRjRUVlJKZDAxcVFURk5lbEV4VjJwQlFVMUdhM2RGZDFsSUNrdHZXa2w2YWpCRFFWRlpTVXR2V2tsNmFqQkVRVkZqUkZGblFVVkhiRFJzZFVOWVJWVXJOMFJXYVVWaWRuSjNSM3BKUTJONVIyRlRXQ3QyYzBseUwzVUthV1ZZZGxwRmVteG5XWGRoUzJkMFZtWTNZV3RFZUUxQ1ZqQTBNamxOZDJGbGVHVmtUM0paYURoeE5uWkxkRFUwY1hGUFEwSlpPSGRuWjFkTVRVRTBSd3BCTVZWa1JIZEZRaTkzVVVWQmQwbElaMFJCVkVKblRsWklVMVZGUkVSQlMwSm5aM0pDWjBWR1FsRmpSRUY2UVdSQ1owNVdTRkUwUlVablVWVlNXVVpKQ201clZYZENiMVpCYTBsWVUwOHljRmRLZEU5VE0wTjNkMGgzV1VSV1VqQnFRa0puZDBadlFWVXpPVkJ3ZWpGWmEwVmFZalZ4VG1wd1MwWlhhWGhwTkZrS1drUTRkMXAzV1VSV1VqQlNRVkZJTDBKR01IZFhORnBhWVVoU01HTklUVFpNZVRsdVlWaFNiMlJYU1hWWk1qbDBUREo0ZG1JelRteFpiVVkyWWpJNWNncFpVemxvV1ZNeE1GcFlUakJNZVRWdVlWaFNiMlJYU1haa01qbDVZVEphYzJJelpIcE1NMEo1WWpOYWJHSnRSblZaTWxWMVpWZEdkR0pGUW5sYVYxcDZDa3d5YUd4WlYxSjZUREl4YUdGWE5IZFBVVmxMUzNkWlFrSkJSMFIyZWtGQ1FWRlJjbUZJVWpCalNFMDJUSGs1TUdJeWRHeGlhVFZvV1ROU2NHSXlOWG9LVEcxa2NHUkhhREZaYmxaNldsaEthbUl5TlRCYVZ6VXdURzFPZG1KVVFXWkNaMjl5UW1kRlJVRlpUeTlOUVVWRFFrSkdNMkl6U25KYWJYaDJaREU1YXdwaFdFNTNXVmhTYW1GRVFUSkNaMjl5UW1kRlJVRlpUeTlOUVVWRVFrTm9iRmx0V20xUFIxSnRXVzFSTWsxRWJHbE9Na2w1VFdwSmVrNHlUVE5PZWtVMUNsa3lWWGRPTWxsNVdrZE5NMDlVVFRCYWFsWnRUVU5GUjBOcGMwZEJVVkZDWnpjNGQwRlJVVVZGTUdSc1ltMVdlVmxZVW14SlJrSjVZak5hYkdKdFJuVUtXVEpWZDBsbldVdExkMWxDUWtGSFJIWjZRVUpDVVZGVllrYzVkbU15Vm1sWldIQjJZakowYUV3eVJtaE1XRkpzWXpOUmQwaFJXVXRMZDFsQ1FrRkhSQXAyZWtGQ1FtZFJVR050Vm0xamVUbHZXbGRHYTJONU9YUlpWMngxVFVSelIwTnBjMGRCVVZGQ1p6YzRkMEZSWjBWTVVYZHlZVWhTTUdOSVRUWk1lVGt3Q21JeWRHeGlhVFZvV1ROU2NHSXlOWHBNYldSd1pFZG9NVmx1Vm5wYVdFcHFZakkxTUZwWE5UQk1iVTUyWWxSQ2NFSm5iM0pDWjBWRlFWbFBMMDFCUlVvS1FrWnpUVmRYYURCa1NFSjZUMms0ZGxveWJEQmhTRlpwVEcxT2RtSlRPWE5pTWpsNldsZEthR1Z0T1haaE1rVjJXVmRGZEdSSFZucGtRemgxV2pKc01BcGhTRlpwVEROa2RtTnRkRzFpUnprelkzazVkMk50T1RKYVZ6Vm9ZbTFPYkV4dWJHaGlWM2hCWTIxV2JXTjVPVzlhVjBaclkzazVkRmxYYkhWTlJHZEhDa05wYzBkQlVWRkNaemM0ZDBGUmIwVkxaM2R2V2xkS2JWcHFhR3RhYlVwclRtcEJOVmxxWkdsTmFrbDVUWHBrYWs1NlkzaFBWMDVzVFVSa2JVMXRVbW9LVG5wcmVrNUhXVEZhYWtGa1FtZHZja0puUlVWQldVOHZUVUZGVEVKQk9FMUVWMlJ3WkVkb01WbHBNVzlpTTA0d1dsZFJkMDUzV1V0TGQxbENRa0ZIUkFwMmVrRkNSRUZSY0VSRFpHOWtTRkozWTNwdmRrd3laSEJrUjJneFdXazFhbUl5TUhaaVJ6bDJZekpXYVZsWWNIWmlNblJvVERKR2FFeFlVbXhqTTFGM0NrOUJXVXRMZDFsQ1FrRkhSSFo2UVVKRVVWRnhSRU5vYkZsdFdtMVBSMUp0V1cxUk1rMUViR2xPTWtsNVRXcEplazR5VFROT2VrVTFXVEpWZDA0eVdYa0tXa2ROTTA5VVRUQmFhbFp0VFVJNFIwTnBjMGRCVVZGQ1p6YzRkMEZSTkVWRlVYZFFZMjFXYldONU9XOWFWMFpyWTNrNWRGbFhiSFZOUW10SFEybHpSd3BCVVZGQ1p6YzRkMEZST0VWRGQzZEtUMFJyZUU1NlJURk9SRkV3VFVNNFIwTnBjMGRCVVZGQ1p6YzRkMEZTUVVWSlVYZG1ZVWhTTUdOSVRUWk1lVGx1Q21GWVVtOWtWMGwxV1RJNWRFd3llSFppTTA1c1dXMUdObUl5T1hKWlZFRllRbWR2Y2tKblJVVkJXVTh2VFVGRlVrSkJhMDFDZWtWNlRVUlJORTFxV1hjS1lWRlpTMHQzV1VKQ1FVZEVkbnBCUWtWblVtSkVSbXh2WkVoU2QyTjZiM1pNTW1Sd1pFZG9NVmxwTldwaU1qQjJZa2M1ZG1NeVZtbFpXSEIyWWpKMGFBcE1Na1pvVEZoU2JHTXpVWFpNYldSd1pFZG9NVmxwT1ROaU0wcHlXbTE0ZG1RelRYWmpTRXAyWkcxV2RWbFhOV3BhVXpVMVdWY3hjMUZJU214YWJrMTJDbUZIVm1oYVNFMTJZbGRHY0dKcVFUUkNaMjl5UW1kRlJVRlpUeTlOUVVWVVFrTnZUVXRIVm1sYWJWazBXa2RhYVZwRVdYZFBWMGt6V1dwSmVVMXFUVE1LV1hwak0wMVViR3BhVkVFeldtcEthMWw2WXpWTmVsSnRUbGRaZDBsUldVdExkMWxDUWtGSFJIWjZRVUpHUVZGVVJFSkdNMkl6U25KYWJYaDJaREU1YXdwaFdFNTNXVmhTYW1GRVFtSkNaMjl5UW1kRlJVRlpUeTlOUVVWV1FrVXdUVk15YURCa1NFSjZUMms0ZGxveWJEQmhTRlpwVEcxT2RtSlRPWE5pTWpsNkNscFhTbWhsYlRsMllUSkZkbGxYUlhSa1IxWjZaRU01YUZrelVuQmlNalY2VEROS01XSnVUWFpOVkVVMVRrUkZNRTFxVlRCUFJHTjJXVmhTTUZwWE1YY0taRWhOZGsxVVFWZENaMjl5UW1kRlJVRlpUeTlOUVVWWFFrRm5UVUp1UWpGWmJYaHdXWHBEUW1sUldVdExkMWxDUWtGSVYyVlJTVVZCWjFJM1FraHJRUXBrZDBJeFFVNHdPVTFIY2tkNGVFVjVXWGhyWlVoS2JHNU9kMHRwVTJ3Mk5ETnFlWFF2TkdWTFkyOUJka3RsTms5QlFVRkNhekIwVWtaU1kwRkJRVkZFQ2tGRldYZFNRVWxuUlhobE1tdFdlSFExWkdGRVdVUmlZMWh4WjBnemJrTkhkVUl3UVhGVVozVmFTbXhaUTBGMlFVUnRiME5KUTIxT2RuSmtWRXBPY0VZS2JqVnJTbWRyYUdsVVIzWlNNSGxMTWxreFExb3lLelYzWlhNd1pVSmtjMWxOUVc5SFEwTnhSMU5OTkRsQ1FVMUVRVEpqUVUxSFVVTk5Selp5V0d4RlNRcGhTazkzWlhST1RITlVZVVJMTjBod01ITlZkVUoxYTBaVFMwZ3dVbTFQSzA1RU1HRm9jV3hTVmxkYU9ERkJXbUYxVVhjelFreGtSbFpuU1hkVGRESTBDbWswYjBKSWVFVXpNVTlOU1d4M1JVTTVWakJUUzA1SlRGSmljVVZvVG1KdmIyUkpjWHB1TW1kMVFYVTRUbkpWVkhGbGRtdFRTV0pOZHpNdmFnb3RMUzB0TFVWT1JDQkRSVkpVU1VaSlEwRlVSUzB0TFMwdENnPT0ifV19fQ==" + } + ], + "timestampVerificationData": { + }, + "certificate": { + "rawBytes": "MIIG6TCCBnCgAwIBAgIUESz5fbUqxs2VkHg2mvYS8FqNWtswCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjQxMTIwMjA0MzQ1WhcNMjQxMTIwMjA1MzQ1WjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEGl4luCXEU+7DViEbvrwGzICcyGaSX+vsIr/uieXvZEzlgYwaKgtVf7akDxMBV0429MwaexedOrYh8q6vKt54qqOCBY8wggWLMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQURYFInkUwBoVAkIXSO2pWJtOS3CwwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wZwYDVR0RAQH/BF0wW4ZZaHR0cHM6Ly9naXRodWIuY29tL2xvb3NlYmF6b29rYS9hYS10ZXN0Ly5naXRodWIvd29ya2Zsb3dzL3Byb3ZlbmFuY2UueWFtbEByZWZzL2hlYWRzL21haW4wOQYKKwYBBAGDvzABAQQraHR0cHM6Ly90b2tlbi5hY3Rpb25zLmdpdGh1YnVzZXJjb250ZW50LmNvbTAfBgorBgEEAYO/MAECBBF3b3JrZmxvd19kaXNwYXRjaDA2BgorBgEEAYO/MAEDBChlYmZmOGRmYmQ2MDliN2IyMjIzN2M3NzE5Y2UwN2YyZGM3OTM0ZjVmMCEGCisGAQQBg78wAQQEE0dlbmVyYXRlIFByb3ZlbmFuY2UwIgYKKwYBBAGDvzABBQQUbG9vc2ViYXpvb2thL2FhLXRlc3QwHQYKKwYBBAGDvzABBgQPcmVmcy9oZWFkcy9tYWluMDsGCisGAQQBg78wAQgELQwraHR0cHM6Ly90b2tlbi5hY3Rpb25zLmdpdGh1YnVzZXJjb250ZW50LmNvbTBpBgorBgEEAYO/MAEJBFsMWWh0dHBzOi8vZ2l0aHViLmNvbS9sb29zZWJhem9va2EvYWEtdGVzdC8uZ2l0aHViL3dvcmtmbG93cy9wcm92ZW5hbmNlLnlhbWxAcmVmcy9oZWFkcy9tYWluMDgGCisGAQQBg78wAQoEKgwoZWJmZjhkZmJkNjA5YjdiMjIyMzdjNzcxOWNlMDdmMmRjNzkzNGY1ZjAdBgorBgEEAYO/MAELBA8MDWdpdGh1Yi1ob3N0ZWQwNwYKKwYBBAGDvzABDAQpDCdodHRwczovL2dpdGh1Yi5jb20vbG9vc2ViYXpvb2thL2FhLXRlc3QwOAYKKwYBBAGDvzABDQQqDChlYmZmOGRmYmQ2MDliN2IyMjIzN2M3NzE5Y2UwN2YyZGM3OTM0ZjVmMB8GCisGAQQBg78wAQ4EEQwPcmVmcy9oZWFkcy9tYWluMBkGCisGAQQBg78wAQ8ECwwJODkxNzE1NDQ0MC8GCisGAQQBg78wARAEIQwfaHR0cHM6Ly9naXRodWIuY29tL2xvb3NlYmF6b29rYTAXBgorBgEEAYO/MAERBAkMBzEzMDQ4MjYwaQYKKwYBBAGDvzABEgRbDFlodHRwczovL2dpdGh1Yi5jb20vbG9vc2ViYXpvb2thL2FhLXRlc3QvLmdpdGh1Yi93b3JrZmxvd3MvcHJvdmVuYW5jZS55YW1sQHJlZnMvaGVhZHMvbWFpbjA4BgorBgEEAYO/MAETBCoMKGViZmY4ZGZiZDYwOWI3YjIyMjM3Yzc3MTljZTA3ZjJkYzc5MzRmNWYwIQYKKwYBBAGDvzABFAQTDBF3b3JrZmxvd19kaXNwYXRjaDBbBgorBgEEAYO/MAEVBE0MS2h0dHBzOi8vZ2l0aHViLmNvbS9sb29zZWJhem9va2EvYWEtdGVzdC9hY3Rpb25zL3J1bnMvMTE5NDE0MjU0ODcvYXR0ZW1wdHMvMTAWBgorBgEEAYO/MAEWBAgMBnB1YmxpYzCBiQYKKwYBBAHWeQIEAgR7BHkAdwB1AN09MGrGxxEyYxkeHJlnNwKiSl643jyt/4eKcoAvKe6OAAABk0tRFRcAAAQDAEYwRAIgExe2kVxt5daDYDbcXqgH3nCGuB0AqTguZJlYCAvADmoCICmNvrdTJNpFn5kJgkhiTGvR0yK2Y1CZ2+5wes0eBdsYMAoGCCqGSM49BAMDA2cAMGQCMG6rXlEIaJOwetNLsTaDK7Hp0sUuBukFSKH0RmO+ND0ahqlRVWZ81AZauQw3BLdFVgIwSt24i4oBHxE31OMIlwEC9V0SKNILRbqEhNboodIqzn2guAu8NrUTqevkSIbMw3/j" + } + }, + "dsseEnvelope": { + "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjEiLCJzdWJqZWN0IjpbeyJuYW1lIjoiYS50eHQiLCJkaWdlc3QiOnsic2hhMjU2IjoiYTBjZmM3MTI3MWQ2ZTI3OGU1N2NkMzMyZmY5NTdjM2Y3MDQzZmRkYTM1NGM0Y2JiMTkwYTMwZDU2ZWZhMDFiZiJ9fV0sInByZWRpY2F0ZVR5cGUiOiJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjEiLCJwcmVkaWNhdGUiOnsiYnVpbGREZWZpbml0aW9uIjp7ImJ1aWxkVHlwZSI6Imh0dHBzOi8vYWN0aW9ucy5naXRodWIuaW8vYnVpbGR0eXBlcy93b3JrZmxvdy92MSIsImV4dGVybmFsUGFyYW1ldGVycyI6eyJ3b3JrZmxvdyI6eyJyZWYiOiJyZWZzL2hlYWRzL21haW4iLCJyZXBvc2l0b3J5IjoiaHR0cHM6Ly9naXRodWIuY29tL2xvb3NlYmF6b29rYS9hYS10ZXN0IiwicGF0aCI6Ii5naXRodWIvd29ya2Zsb3dzL3Byb3ZlbmFuY2UueWFtbCJ9fSwiaW50ZXJuYWxQYXJhbWV0ZXJzIjp7ImdpdGh1YiI6eyJldmVudF9uYW1lIjoid29ya2Zsb3dfZGlzcGF0Y2giLCJyZXBvc2l0b3J5X2lkIjoiODkxNzE1NDQ0IiwicmVwb3NpdG9yeV9vd25lcl9pZCI6IjEzMDQ4MjYiLCJydW5uZXJfZW52aXJvbm1lbnQiOiJnaXRodWItaG9zdGVkIn19LCJyZXNvbHZlZERlcGVuZGVuY2llcyI6W3sidXJpIjoiZ2l0K2h0dHBzOi8vZ2l0aHViLmNvbS9sb29zZWJhem9va2EvYWEtdGVzdEByZWZzL2hlYWRzL21haW4iLCJkaWdlc3QiOnsiZ2l0Q29tbWl0IjoiZWJmZjhkZmJkNjA5YjdiMjIyMzdjNzcxOWNlMDdmMmRjNzkzNGY1ZiJ9fV19LCJydW5EZXRhaWxzIjp7ImJ1aWxkZXIiOnsiaWQiOiJodHRwczovL2dpdGh1Yi5jb20vbG9vc2ViYXpvb2thL2FhLXRlc3QvLmdpdGh1Yi93b3JrZmxvd3MvcHJvdmVuYW5jZS55YW1sQHJlZnMvaGVhZHMvbWFpbiJ9LCJtZXRhZGF0YSI6eyJpbnZvY2F0aW9uSWQiOiJodHRwczovL2dpdGh1Yi5jb20vbG9vc2ViYXpvb2thL2FhLXRlc3QvYWN0aW9ucy9ydW5zLzExOTQxNDI1NDg3L2F0dGVtcHRzLzEifX19fQ==", + "payloadType": "application/vnd.in-toto+json", + "signatures": [ + { + "sig": "MEUCIQDVGpVLsvEY3lps62cLGzmzgOVRcggySLpARNl9ZEjzrQIgJYViDku7E0JgYI2tODmMiqa5Xz9eELpTlpw/RpJdkWM=" + } + ] + } +}