diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 98004998..56923e8b 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -54,9 +54,9 @@ jobs: - name: Setup Gradle uses: gradle/actions/setup-gradle@af1da67850ed9a4cedd57bfd976089dd991e2582 # v4.0.0 - # tests that hit staging are current disabled due to flakiness (-PskipStaging) + # if you need to skip staging due to flakiness use "-PskipStaging" - name: Test sigstore-java - run: ./gradlew build -PskipStaging + run: ./gradlew build - name: Ensure sigstore-java self signing still works run: ./gradlew sigstore-java:publishToMavenLocal -Prelease -PskipPgpSigning diff --git a/sigstore-java/src/main/java/dev/sigstore/tuf/Updater.java b/sigstore-java/src/main/java/dev/sigstore/tuf/Updater.java index 63a816bc..a8734d97 100644 --- a/sigstore-java/src/main/java/dev/sigstore/tuf/Updater.java +++ b/sigstore-java/src/main/java/dev/sigstore/tuf/Updater.java @@ -438,14 +438,18 @@ void downloadTargets(Targets targets) String targetName = entry.getKey(); // 8) If target is missing metadata fail. // Note: This can't actually happen due to the way GSON is setup the targets.json would fail - // to parse. Leaving - // this code in in-case we eventually allow it in de-serialization. + // to parse. Leaving this code in in-case we eventually allow it in de-serialization. if (entry.getValue() == null) { throw new TargetMetadataMissingException(targetName); } TargetMeta.TargetData targetData = entry.getValue(); // 9) Download target up to length specified in bytes. verify against hash. - var versionedTargetName = targetData.getHashes().getSha512() + "." + targetName; + String versionedTargetName; + if (targetData.getHashes().getSha512() != null) { + versionedTargetName = targetData.getHashes().getSha512() + "." + targetName; + } else { + versionedTargetName = targetData.getHashes().getSha256() + "." + targetName; + } var targetBytes = fetcher.fetchResource("targets/" + versionedTargetName, targetData.getLength()); diff --git a/sigstore-java/src/main/java/dev/sigstore/tuf/model/TargetMeta.java b/sigstore-java/src/main/java/dev/sigstore/tuf/model/TargetMeta.java index b7426491..abe1dd44 100644 --- a/sigstore-java/src/main/java/dev/sigstore/tuf/model/TargetMeta.java +++ b/sigstore-java/src/main/java/dev/sigstore/tuf/model/TargetMeta.java @@ -41,11 +41,22 @@ interface TargetData { /** Custom application specific metadata about the target. */ Optional getCustom(); - /** Hash values of the target metadata. */ + /** + * Hash values of the target metadata. One or both of sha256 or sha512 is required to be + * present. + */ Hashes getHashes(); /** Length in bytes of the metadata. */ int getLength(); + + @Value.Check + default void check() { + if (getHashes().getSha256() == null && getHashes().getSha512() == null) { + throw new IllegalStateException( + "No hashes (sha256 or sha512) found for target data: " + this); + } + } } /** Field to store use-case specific labels/data. */ diff --git a/sigstore-java/src/test/java/dev/sigstore/tuf/UpdaterTest.java b/sigstore-java/src/test/java/dev/sigstore/tuf/UpdaterTest.java index b42cba53..8b045e85 100644 --- a/sigstore-java/src/test/java/dev/sigstore/tuf/UpdaterTest.java +++ b/sigstore-java/src/test/java/dev/sigstore/tuf/UpdaterTest.java @@ -17,6 +17,7 @@ import static dev.sigstore.testkit.tuf.TestResources.UPDATER_REAL_TRUSTED_ROOT; import static dev.sigstore.testkit.tuf.TestResources.UPDATER_SYNTHETIC_TRUSTED_ROOT; +import static org.junit.jupiter.api.Assertions.assertDoesNotThrow; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertNotNull; import static org.junit.jupiter.api.Assertions.assertThrows; @@ -658,6 +659,31 @@ public void testTargetsDownload_success() assertTrue(updater.getLocalStore().getTargetFile("test2.txt") != null); } + // Ensure we accept sha256 or sha512 on hashes for targets + @Test + public void testTargetsDownload_sha256Only() + throws IOException, NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException { + setupMirror( + "synthetic/targets-sha256-or-sha512", + "1.root.json", + "2.root.json", + "2.snapshot.json", + "1.targets.json", + "timestamp.json", + "targets/2dff935df7d1e1221ef52c753091c487c6fdaabbb0b0e2b193764de8cd7c1222776c61d7ef21f20a4d031a6a6bfa631713df7c4f71b4ee21d362152d4618d514.test2.txt", + "targets/55f8718109829bf506b09d8af615b9f107a266e19f7a311039d1035f180b22d4.test.txt"); + var UPDATER_ROOT = + Path.of( + Resources.getResource("dev/sigstore/tuf/synthetic/targets-sha256-or-sha512/root.json") + .getPath()); + var updater = createTimeStaticUpdater(localStorePath, UPDATER_ROOT); + var root = updater.updateRoot(); + var timestamp = updater.updateTimestamp(root); + var snapshot = updater.updateSnapshot(root, timestamp.get()); + var targets = updater.updateTargets(root, snapshot); + assertDoesNotThrow(() -> updater.downloadTargets(targets)); + } + // End to end sanity test on the actual prod sigstore repo. @Test public void testUpdate_fromProdData() diff --git a/sigstore-java/src/test/java/dev/sigstore/tuf/model/TestTufJsonLoading.java b/sigstore-java/src/test/java/dev/sigstore/tuf/model/TestTufJsonLoading.java index c8d62ff6..5400e054 100644 --- a/sigstore-java/src/test/java/dev/sigstore/tuf/model/TestTufJsonLoading.java +++ b/sigstore-java/src/test/java/dev/sigstore/tuf/model/TestTufJsonLoading.java @@ -20,12 +20,15 @@ import static org.junit.jupiter.api.Assertions.assertNotNull; import com.google.common.io.Resources; +import com.google.gson.JsonSyntaxException; +import dev.sigstore.tuf.model.TargetMeta.TargetData; import java.io.IOException; import java.io.Reader; import java.nio.charset.Charset; import java.time.ZonedDateTime; import java.util.List; import java.util.Map; +import org.junit.jupiter.api.Assertions; import org.junit.jupiter.api.Test; public class TestTufJsonLoading { @@ -163,12 +166,37 @@ public void loadTargetsJson() throws IOException { assertEquals("Expired", custom.getSigstoreMeta().getStatus()); assertEquals("https://fulcio.dev", custom.getSigstoreMeta().getUri().get()); assertEquals("Fulcio", custom.getSigstoreMeta().getUsage()); - assertEquals( - "f360c53b2e13495a628b9b8096455badcb6d375b185c4816d95a5d746ff29908", - targetData.getHashes().getSha256()); - assertEquals( - "0713252a7fd17f7f3ab12f88a64accf2eb14b8ad40ca711d7fe8b4ecba3b24db9e9dffadb997b196d3867b8f9ff217faf930d80e4dab4e235c7fc3f07be69224", - targetData.getHashes().getSha512()); assertEquals(744, targetData.getLength()); } + + @Test + public void loadTargetData_oneHash() { + Assertions.assertDoesNotThrow( + () -> + GSON.get() + .fromJson( + "{\"custom\":{\"sigstore\":{\"status\":\"Active\",\"usage\":\"CTFE\"}},\"hashes\":{\"sha256\": \"7fcb94a5d0ed541260473b990b99a6c39864c1fb16f3f3e594a5a3cebbfe138a\"},\"length\":177}", + TargetData.class)); + Assertions.assertDoesNotThrow( + () -> + GSON.get() + .fromJson( + "{\"custom\":{\"sigstore\":{\"status\":\"Active\",\"usage\":\"CTFE\"}},\"hashes\":{\"sha512\": \"4b20747d1afe2544238ad38cc0cc3010921b177d60ac743767e0ef675b915489bd01a36606c0ff83c06448622d7160f0d866c83d20f0c0f44653dcc3f9aa0bd4\"},\"length\":177}", + TargetData.class)); + } + + @Test + public void loadTargetData_failNoHashes() { + var error = + Assertions.assertThrows( + JsonSyntaxException.class, + () -> + GSON.get() + .fromJson( + "{\"custom\":{\"sigstore\":{\"status\":\"Active\",\"usage\":\"CTFE\"}},\"hashes\":{},\"length\":177}", + TargetData.class)); + Assertions.assertEquals( + "No hashes (sha256 or sha512) found for target data: TargetData{custom=Custom{sigstoreMeta=SigstoreMeta{status=Active, usage=CTFE}}, hashes=Hashes{}, length=177}", + error.getCause().getMessage()); + } } diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/targets-sha256-or-sha512/1.root.json b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/targets-sha256-or-sha512/1.root.json new file mode 100644 index 00000000..17f23cd1 --- /dev/null +++ b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/targets-sha256-or-sha512/1.root.json @@ -0,0 +1 @@ +{"signed":{"_type":"root","spec_version":"1.0","version":1,"expires":"2024-11-20T19:22:57Z","keys":{"09511bfa91a3dc7186789e61110733724c18b8debf2255623ed3202b70acd759":{"keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZd80ry+aWsYUuNgxh6A9MqZX7I03\nnP0sEfTHTBKYn+mHvmd7iNE3jT6ccTmvSmPR593Y59zPxuxVxVxNluI/Sw==\n-----END PUBLIC KEY-----\n"}},"1dec63309978fb7e4f8264f403798fce160174c65ac85398ae39b07daeaa2482":{"keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE+iObJwvwNaRlcYTWQm06PwkG/JXZ\nHbs3NbF6q88yX8/9cFWkPM7fe6ywqnUPvjB3SB/TRBA247JOorXq9GnkoA==\n-----END PUBLIC KEY-----\n"}},"5e284914a20f614e375b4f82808333a687afeee15d7f43d187dc173353682fd5":{"keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEidXjF3GT4NNDHaqLnAHmKHNcYM+v\nCtWgjXPUxZ/ra6X3JWDIAxySTW8kIxqBDuZjdPx2Cb3iGsYKvv1uU2ACTw==\n-----END PUBLIC KEY-----\n"}},"f48d3de6cc0c9f9dbb6b8af8f3de96a1f12d24c9f5980f2d8ce7afdf19b07e03":{"keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEDYVTdtFRilKwjrgFU4BmfC+3dN7B\nnxvAzhcHNKr1BtgjlbD4ih10lM3mMfMy6xXEIgHG08hpz12NePg1JPaHFw==\n-----END PUBLIC KEY-----\n"}}},"roles":{"root":{"keyids":["09511bfa91a3dc7186789e61110733724c18b8debf2255623ed3202b70acd759"],"threshold":1},"snapshot":{"keyids":["1dec63309978fb7e4f8264f403798fce160174c65ac85398ae39b07daeaa2482"],"threshold":1},"targets":{"keyids":["5e284914a20f614e375b4f82808333a687afeee15d7f43d187dc173353682fd5"],"threshold":1},"timestamp":{"keyids":["f48d3de6cc0c9f9dbb6b8af8f3de96a1f12d24c9f5980f2d8ce7afdf19b07e03"],"threshold":1}},"consistent_snapshot":false},"signatures":[{"keyid":"09511bfa91a3dc7186789e61110733724c18b8debf2255623ed3202b70acd759","sig":"304502203b45b43d7049423433231073438bead62726d99266a80c1ba5b3a7fb7866fca3022100a0b1e10b9c3d0b92e9d3277f36e3154485996f83be6463e530b622e5af74bcc7"}]} \ No newline at end of file diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/targets-sha256-or-sha512/1.targets.json b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/targets-sha256-or-sha512/1.targets.json new file mode 100644 index 00000000..c24e637b --- /dev/null +++ b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/targets-sha256-or-sha512/1.targets.json @@ -0,0 +1 @@ +{"signed":{"_type":"targets","spec_version":"1.0","version":1,"expires":"2024-11-22T21:34:24Z","targets":{"test.txt":{"length":10,"hashes":{"sha256":"55f8718109829bf506b09d8af615b9f107a266e19f7a311039d1035f180b22d4"}},"test2.txt":{"length":6,"hashes":{"sha512":"2dff935df7d1e1221ef52c753091c487c6fdaabbb0b0e2b193764de8cd7c1222776c61d7ef21f20a4d031a6a6bfa631713df7c4f71b4ee21d362152d4618d514"}}}},"signatures":[{"keyid":"5e284914a20f614e375b4f82808333a687afeee15d7f43d187dc173353682fd5","sig":"304602210092fbb2a4cfc04497f640314d41207d79a17ea5b3331faf157e24da738c124dbc022100b237f54ea3d3fb5687b3e47fbc3549a216dbda9c0ab05e94196f2ab6990894da"}]} diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/targets-sha256-or-sha512/2.root.json b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/targets-sha256-or-sha512/2.root.json new file mode 100644 index 00000000..c0a3c063 --- /dev/null +++ b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/targets-sha256-or-sha512/2.root.json @@ -0,0 +1 @@ +{"signed":{"_type":"root","spec_version":"1.0","version":2,"expires":"2024-12-20T21:37:40Z","keys":{"09511bfa91a3dc7186789e61110733724c18b8debf2255623ed3202b70acd759":{"keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZd80ry+aWsYUuNgxh6A9MqZX7I03\nnP0sEfTHTBKYn+mHvmd7iNE3jT6ccTmvSmPR593Y59zPxuxVxVxNluI/Sw==\n-----END PUBLIC KEY-----\n"}},"1dec63309978fb7e4f8264f403798fce160174c65ac85398ae39b07daeaa2482":{"keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE+iObJwvwNaRlcYTWQm06PwkG/JXZ\nHbs3NbF6q88yX8/9cFWkPM7fe6ywqnUPvjB3SB/TRBA247JOorXq9GnkoA==\n-----END PUBLIC KEY-----\n"}},"5e284914a20f614e375b4f82808333a687afeee15d7f43d187dc173353682fd5":{"keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEidXjF3GT4NNDHaqLnAHmKHNcYM+v\nCtWgjXPUxZ/ra6X3JWDIAxySTW8kIxqBDuZjdPx2Cb3iGsYKvv1uU2ACTw==\n-----END PUBLIC KEY-----\n"}},"61491d12afe41a1fc2c2204046d0857f9950115b4f2dfff758bb556c8fa38b2c":{"keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEwQbpOfC51o+7QQYdEKgRGyA53MAk\n+kpoHN4u+vBiRX6gtElBG+08uHZ+hYGVuZkrYS3RY2e4FE6S8V67aYVg2g==\n-----END PUBLIC KEY-----\n"}},"f48d3de6cc0c9f9dbb6b8af8f3de96a1f12d24c9f5980f2d8ce7afdf19b07e03":{"keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEDYVTdtFRilKwjrgFU4BmfC+3dN7B\nnxvAzhcHNKr1BtgjlbD4ih10lM3mMfMy6xXEIgHG08hpz12NePg1JPaHFw==\n-----END PUBLIC KEY-----\n"}}},"roles":{"root":{"keyids":["09511bfa91a3dc7186789e61110733724c18b8debf2255623ed3202b70acd759","61491d12afe41a1fc2c2204046d0857f9950115b4f2dfff758bb556c8fa38b2c"],"threshold":2},"snapshot":{"keyids":["1dec63309978fb7e4f8264f403798fce160174c65ac85398ae39b07daeaa2482"],"threshold":1},"targets":{"keyids":["5e284914a20f614e375b4f82808333a687afeee15d7f43d187dc173353682fd5"],"threshold":1},"timestamp":{"keyids":["f48d3de6cc0c9f9dbb6b8af8f3de96a1f12d24c9f5980f2d8ce7afdf19b07e03"],"threshold":1}},"consistent_snapshot":false},"signatures":[{"keyid":"09511bfa91a3dc7186789e61110733724c18b8debf2255623ed3202b70acd759","sig":"3046022100aceb849b04e33e1ff3bfa2ed7ee9fee11bcfb1e2e99ebcb1b3ae945215b8a42c022100c157930d70bc3d94075f1bc7e2b0d42cee5ea5c0adca235e5f4ce16ce88b2c46"},{"keyid":"61491d12afe41a1fc2c2204046d0857f9950115b4f2dfff758bb556c8fa38b2c","sig":"304502204f83ccbcfaf1e086b02172f0d0d13bdf8fb96fda3b6e4c6e71934af30099211802210085ed4b98bb8f93784286dd80eb8d272686ac5a9c89c589f59bffa0dac4a1ce48"}]} \ No newline at end of file diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/targets-sha256-or-sha512/2.snapshot.json b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/targets-sha256-or-sha512/2.snapshot.json new file mode 100644 index 00000000..b8b37805 --- /dev/null +++ b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/targets-sha256-or-sha512/2.snapshot.json @@ -0,0 +1 @@ +{"signed":{"_type":"snapshot","spec_version":"1.0","version":2,"expires":"2024-08-29T20:36:55Z","meta":{"targets.json":{"length":642,"hashes":{"sha512":"4cdbc10a77607ab1effe79645e367c61d1195af568995b9ce0dec5fd684af4359198add5597e92e61aa8f2c96598ed48552847ad14fe35354868446b60a0e498"},"version":1}}},"signatures":[{"keyid":"1dec63309978fb7e4f8264f403798fce160174c65ac85398ae39b07daeaa2482","sig":"30460221008fa6b790fb813c483b9672afc045b5bd3e0c719bb8ddf63ab7f97ae632015a3b022100bcaa73f6b2de9e67cdd1d336cb31a0d86f73ec935d3bd03a9fd0a08fbb516754"}]} \ No newline at end of file diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/targets-sha256-or-sha512/root.json b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/targets-sha256-or-sha512/root.json new file mode 100644 index 00000000..c0a3c063 --- /dev/null +++ b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/targets-sha256-or-sha512/root.json @@ -0,0 +1 @@ +{"signed":{"_type":"root","spec_version":"1.0","version":2,"expires":"2024-12-20T21:37:40Z","keys":{"09511bfa91a3dc7186789e61110733724c18b8debf2255623ed3202b70acd759":{"keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZd80ry+aWsYUuNgxh6A9MqZX7I03\nnP0sEfTHTBKYn+mHvmd7iNE3jT6ccTmvSmPR593Y59zPxuxVxVxNluI/Sw==\n-----END PUBLIC KEY-----\n"}},"1dec63309978fb7e4f8264f403798fce160174c65ac85398ae39b07daeaa2482":{"keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE+iObJwvwNaRlcYTWQm06PwkG/JXZ\nHbs3NbF6q88yX8/9cFWkPM7fe6ywqnUPvjB3SB/TRBA247JOorXq9GnkoA==\n-----END PUBLIC KEY-----\n"}},"5e284914a20f614e375b4f82808333a687afeee15d7f43d187dc173353682fd5":{"keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEidXjF3GT4NNDHaqLnAHmKHNcYM+v\nCtWgjXPUxZ/ra6X3JWDIAxySTW8kIxqBDuZjdPx2Cb3iGsYKvv1uU2ACTw==\n-----END PUBLIC KEY-----\n"}},"61491d12afe41a1fc2c2204046d0857f9950115b4f2dfff758bb556c8fa38b2c":{"keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEwQbpOfC51o+7QQYdEKgRGyA53MAk\n+kpoHN4u+vBiRX6gtElBG+08uHZ+hYGVuZkrYS3RY2e4FE6S8V67aYVg2g==\n-----END PUBLIC KEY-----\n"}},"f48d3de6cc0c9f9dbb6b8af8f3de96a1f12d24c9f5980f2d8ce7afdf19b07e03":{"keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEDYVTdtFRilKwjrgFU4BmfC+3dN7B\nnxvAzhcHNKr1BtgjlbD4ih10lM3mMfMy6xXEIgHG08hpz12NePg1JPaHFw==\n-----END PUBLIC KEY-----\n"}}},"roles":{"root":{"keyids":["09511bfa91a3dc7186789e61110733724c18b8debf2255623ed3202b70acd759","61491d12afe41a1fc2c2204046d0857f9950115b4f2dfff758bb556c8fa38b2c"],"threshold":2},"snapshot":{"keyids":["1dec63309978fb7e4f8264f403798fce160174c65ac85398ae39b07daeaa2482"],"threshold":1},"targets":{"keyids":["5e284914a20f614e375b4f82808333a687afeee15d7f43d187dc173353682fd5"],"threshold":1},"timestamp":{"keyids":["f48d3de6cc0c9f9dbb6b8af8f3de96a1f12d24c9f5980f2d8ce7afdf19b07e03"],"threshold":1}},"consistent_snapshot":false},"signatures":[{"keyid":"09511bfa91a3dc7186789e61110733724c18b8debf2255623ed3202b70acd759","sig":"3046022100aceb849b04e33e1ff3bfa2ed7ee9fee11bcfb1e2e99ebcb1b3ae945215b8a42c022100c157930d70bc3d94075f1bc7e2b0d42cee5ea5c0adca235e5f4ce16ce88b2c46"},{"keyid":"61491d12afe41a1fc2c2204046d0857f9950115b4f2dfff758bb556c8fa38b2c","sig":"304502204f83ccbcfaf1e086b02172f0d0d13bdf8fb96fda3b6e4c6e71934af30099211802210085ed4b98bb8f93784286dd80eb8d272686ac5a9c89c589f59bffa0dac4a1ce48"}]} \ No newline at end of file diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/targets-sha256-or-sha512/targets/2dff935df7d1e1221ef52c753091c487c6fdaabbb0b0e2b193764de8cd7c1222776c61d7ef21f20a4d031a6a6bfa631713df7c4f71b4ee21d362152d4618d514.test2.txt b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/targets-sha256-or-sha512/targets/2dff935df7d1e1221ef52c753091c487c6fdaabbb0b0e2b193764de8cd7c1222776c61d7ef21f20a4d031a6a6bfa631713df7c4f71b4ee21d362152d4618d514.test2.txt new file mode 100644 index 00000000..180cf832 --- /dev/null +++ b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/targets-sha256-or-sha512/targets/2dff935df7d1e1221ef52c753091c487c6fdaabbb0b0e2b193764de8cd7c1222776c61d7ef21f20a4d031a6a6bfa631713df7c4f71b4ee21d362152d4618d514.test2.txt @@ -0,0 +1 @@ +test2 diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/targets-sha256-or-sha512/targets/55f8718109829bf506b09d8af615b9f107a266e19f7a311039d1035f180b22d4.test.txt b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/targets-sha256-or-sha512/targets/55f8718109829bf506b09d8af615b9f107a266e19f7a311039d1035f180b22d4.test.txt new file mode 100644 index 00000000..16b14f5d --- /dev/null +++ b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/targets-sha256-or-sha512/targets/55f8718109829bf506b09d8af615b9f107a266e19f7a311039d1035f180b22d4.test.txt @@ -0,0 +1 @@ +test file diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/targets-sha256-or-sha512/timestamp.json b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/targets-sha256-or-sha512/timestamp.json new file mode 100644 index 00000000..dd39a9c7 --- /dev/null +++ b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/targets-sha256-or-sha512/timestamp.json @@ -0,0 +1 @@ +{"signed":{"_type":"timestamp","spec_version":"1.0","version":2,"expires":"2024-08-23T20:36:58Z","meta":{"snapshot.json":{"length":544,"hashes":{"sha512":"03f128cfbfe1892a698079944a1c849f88997af2d4a82934063b007da42a3ec934c78965faa2d5a93cbda0ee06f952fbefe156d7416e89f8c0ff1cbf5b5169d2"},"version":2}}},"signatures":[{"keyid":"f48d3de6cc0c9f9dbb6b8af8f3de96a1f12d24c9f5980f2d8ce7afdf19b07e03","sig":"3046022100d9147f558bcb36b33fe10456529457d841d04efec9a0f6f00dcefd907d01e6e7022100b5ffac27ce56a2977c6c5b107ee4b97b07b0bf5ed1bb39789058b794e68fe6a5"}]} \ No newline at end of file diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/keys/root.json b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/keys/root.json new file mode 100644 index 00000000..509425fd --- /dev/null +++ b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/keys/root.json @@ -0,0 +1,29 @@ +{ + "encrypted": false, + "data": [ + { + "keytype": "ecdsa-sha2-nistp256", + "scheme": "ecdsa-sha2-nistp256", + "keyid_hash_algorithms": [ + "sha256", + "sha512" + ], + "keyval": { + "private": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIPHps+8+Nr1GrQuXYXSCaoNfP8dDyOk5kifGkT3NKRRhoAoGCCqGSM49\nAwEHoUQDQgAEZd80ry+aWsYUuNgxh6A9MqZX7I03nP0sEfTHTBKYn+mHvmd7iNE3\njT6ccTmvSmPR593Y59zPxuxVxVxNluI/Sw==\n-----END EC PRIVATE KEY-----\n", + "public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZd80ry+aWsYUuNgxh6A9MqZX7I03\nnP0sEfTHTBKYn+mHvmd7iNE3jT6ccTmvSmPR593Y59zPxuxVxVxNluI/Sw==\n-----END PUBLIC KEY-----\n" + } + }, + { + "keytype": "ecdsa-sha2-nistp256", + "scheme": "ecdsa-sha2-nistp256", + "keyid_hash_algorithms": [ + "sha256", + "sha512" + ], + "keyval": { + "private": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEINL0jyObd8rzLl/rYIb14wHKYMer7URnrxMbPycAVYeroAoGCCqGSM49\nAwEHoUQDQgAEwQbpOfC51o+7QQYdEKgRGyA53MAk+kpoHN4u+vBiRX6gtElBG+08\nuHZ+hYGVuZkrYS3RY2e4FE6S8V67aYVg2g==\n-----END EC PRIVATE KEY-----\n", + "public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEwQbpOfC51o+7QQYdEKgRGyA53MAk\n+kpoHN4u+vBiRX6gtElBG+08uHZ+hYGVuZkrYS3RY2e4FE6S8V67aYVg2g==\n-----END PUBLIC KEY-----\n" + } + } + ] +} diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/keys/snapshot.json b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/keys/snapshot.json new file mode 100644 index 00000000..e4fe820a --- /dev/null +++ b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/keys/snapshot.json @@ -0,0 +1,17 @@ +{ + "encrypted": false, + "data": [ + { + "keytype": "ecdsa-sha2-nistp256", + "scheme": "ecdsa-sha2-nistp256", + "keyid_hash_algorithms": [ + "sha256", + "sha512" + ], + "keyval": { + "private": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIE+0DoWvedC/M6PszNPKVSj3Y6JF7n/+yMgGF8LhJPBzoAoGCCqGSM49\nAwEHoUQDQgAE+iObJwvwNaRlcYTWQm06PwkG/JXZHbs3NbF6q88yX8/9cFWkPM7f\ne6ywqnUPvjB3SB/TRBA247JOorXq9GnkoA==\n-----END EC PRIVATE KEY-----\n", + "public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE+iObJwvwNaRlcYTWQm06PwkG/JXZ\nHbs3NbF6q88yX8/9cFWkPM7fe6ywqnUPvjB3SB/TRBA247JOorXq9GnkoA==\n-----END PUBLIC KEY-----\n" + } + } + ] +} diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/keys/targets.json b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/keys/targets.json new file mode 100644 index 00000000..c484d41e --- /dev/null +++ b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/keys/targets.json @@ -0,0 +1,17 @@ +{ + "encrypted": false, + "data": [ + { + "keytype": "ecdsa-sha2-nistp256", + "scheme": "ecdsa-sha2-nistp256", + "keyid_hash_algorithms": [ + "sha256", + "sha512" + ], + "keyval": { + "private": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIOk/sjjYbsFJxa/eoiY2/JusnCB+HWbREB3PUYYSRDhSoAoGCCqGSM49\nAwEHoUQDQgAEidXjF3GT4NNDHaqLnAHmKHNcYM+vCtWgjXPUxZ/ra6X3JWDIAxyS\nTW8kIxqBDuZjdPx2Cb3iGsYKvv1uU2ACTw==\n-----END EC PRIVATE KEY-----\n", + "public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEidXjF3GT4NNDHaqLnAHmKHNcYM+v\nCtWgjXPUxZ/ra6X3JWDIAxySTW8kIxqBDuZjdPx2Cb3iGsYKvv1uU2ACTw==\n-----END PUBLIC KEY-----\n" + } + } + ] +} diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/keys/timestamp.json b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/keys/timestamp.json new file mode 100644 index 00000000..0623185c --- /dev/null +++ b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/keys/timestamp.json @@ -0,0 +1,17 @@ +{ + "encrypted": false, + "data": [ + { + "keytype": "ecdsa-sha2-nistp256", + "scheme": "ecdsa-sha2-nistp256", + "keyid_hash_algorithms": [ + "sha256", + "sha512" + ], + "keyval": { + "private": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIGUllPXu7zZF6G0fs545XhxHZYdQ0kEdPfCnwQhvYQLJoAoGCCqGSM49\nAwEHoUQDQgAEDYVTdtFRilKwjrgFU4BmfC+3dN7BnxvAzhcHNKr1BtgjlbD4ih10\nlM3mMfMy6xXEIgHG08hpz12NePg1JPaHFw==\n-----END EC PRIVATE KEY-----\n", + "public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEDYVTdtFRilKwjrgFU4BmfC+3dN7B\nnxvAzhcHNKr1BtgjlbD4ih10lM3mMfMy6xXEIgHG08hpz12NePg1JPaHFw==\n-----END PUBLIC KEY-----\n" + } + } + ] +} diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/repository/1.root.json b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/repository/1.root.json new file mode 100644 index 00000000..17f23cd1 --- /dev/null +++ b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/repository/1.root.json @@ -0,0 +1 @@ +{"signed":{"_type":"root","spec_version":"1.0","version":1,"expires":"2024-11-20T19:22:57Z","keys":{"09511bfa91a3dc7186789e61110733724c18b8debf2255623ed3202b70acd759":{"keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZd80ry+aWsYUuNgxh6A9MqZX7I03\nnP0sEfTHTBKYn+mHvmd7iNE3jT6ccTmvSmPR593Y59zPxuxVxVxNluI/Sw==\n-----END PUBLIC KEY-----\n"}},"1dec63309978fb7e4f8264f403798fce160174c65ac85398ae39b07daeaa2482":{"keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE+iObJwvwNaRlcYTWQm06PwkG/JXZ\nHbs3NbF6q88yX8/9cFWkPM7fe6ywqnUPvjB3SB/TRBA247JOorXq9GnkoA==\n-----END PUBLIC KEY-----\n"}},"5e284914a20f614e375b4f82808333a687afeee15d7f43d187dc173353682fd5":{"keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEidXjF3GT4NNDHaqLnAHmKHNcYM+v\nCtWgjXPUxZ/ra6X3JWDIAxySTW8kIxqBDuZjdPx2Cb3iGsYKvv1uU2ACTw==\n-----END PUBLIC KEY-----\n"}},"f48d3de6cc0c9f9dbb6b8af8f3de96a1f12d24c9f5980f2d8ce7afdf19b07e03":{"keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEDYVTdtFRilKwjrgFU4BmfC+3dN7B\nnxvAzhcHNKr1BtgjlbD4ih10lM3mMfMy6xXEIgHG08hpz12NePg1JPaHFw==\n-----END PUBLIC KEY-----\n"}}},"roles":{"root":{"keyids":["09511bfa91a3dc7186789e61110733724c18b8debf2255623ed3202b70acd759"],"threshold":1},"snapshot":{"keyids":["1dec63309978fb7e4f8264f403798fce160174c65ac85398ae39b07daeaa2482"],"threshold":1},"targets":{"keyids":["5e284914a20f614e375b4f82808333a687afeee15d7f43d187dc173353682fd5"],"threshold":1},"timestamp":{"keyids":["f48d3de6cc0c9f9dbb6b8af8f3de96a1f12d24c9f5980f2d8ce7afdf19b07e03"],"threshold":1}},"consistent_snapshot":false},"signatures":[{"keyid":"09511bfa91a3dc7186789e61110733724c18b8debf2255623ed3202b70acd759","sig":"304502203b45b43d7049423433231073438bead62726d99266a80c1ba5b3a7fb7866fca3022100a0b1e10b9c3d0b92e9d3277f36e3154485996f83be6463e530b622e5af74bcc7"}]} \ No newline at end of file diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/repository/2.root.json b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/repository/2.root.json new file mode 100644 index 00000000..c0a3c063 --- /dev/null +++ b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/repository/2.root.json @@ -0,0 +1 @@ +{"signed":{"_type":"root","spec_version":"1.0","version":2,"expires":"2024-12-20T21:37:40Z","keys":{"09511bfa91a3dc7186789e61110733724c18b8debf2255623ed3202b70acd759":{"keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZd80ry+aWsYUuNgxh6A9MqZX7I03\nnP0sEfTHTBKYn+mHvmd7iNE3jT6ccTmvSmPR593Y59zPxuxVxVxNluI/Sw==\n-----END PUBLIC KEY-----\n"}},"1dec63309978fb7e4f8264f403798fce160174c65ac85398ae39b07daeaa2482":{"keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE+iObJwvwNaRlcYTWQm06PwkG/JXZ\nHbs3NbF6q88yX8/9cFWkPM7fe6ywqnUPvjB3SB/TRBA247JOorXq9GnkoA==\n-----END PUBLIC KEY-----\n"}},"5e284914a20f614e375b4f82808333a687afeee15d7f43d187dc173353682fd5":{"keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEidXjF3GT4NNDHaqLnAHmKHNcYM+v\nCtWgjXPUxZ/ra6X3JWDIAxySTW8kIxqBDuZjdPx2Cb3iGsYKvv1uU2ACTw==\n-----END PUBLIC KEY-----\n"}},"61491d12afe41a1fc2c2204046d0857f9950115b4f2dfff758bb556c8fa38b2c":{"keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEwQbpOfC51o+7QQYdEKgRGyA53MAk\n+kpoHN4u+vBiRX6gtElBG+08uHZ+hYGVuZkrYS3RY2e4FE6S8V67aYVg2g==\n-----END PUBLIC KEY-----\n"}},"f48d3de6cc0c9f9dbb6b8af8f3de96a1f12d24c9f5980f2d8ce7afdf19b07e03":{"keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEDYVTdtFRilKwjrgFU4BmfC+3dN7B\nnxvAzhcHNKr1BtgjlbD4ih10lM3mMfMy6xXEIgHG08hpz12NePg1JPaHFw==\n-----END PUBLIC KEY-----\n"}}},"roles":{"root":{"keyids":["09511bfa91a3dc7186789e61110733724c18b8debf2255623ed3202b70acd759","61491d12afe41a1fc2c2204046d0857f9950115b4f2dfff758bb556c8fa38b2c"],"threshold":2},"snapshot":{"keyids":["1dec63309978fb7e4f8264f403798fce160174c65ac85398ae39b07daeaa2482"],"threshold":1},"targets":{"keyids":["5e284914a20f614e375b4f82808333a687afeee15d7f43d187dc173353682fd5"],"threshold":1},"timestamp":{"keyids":["f48d3de6cc0c9f9dbb6b8af8f3de96a1f12d24c9f5980f2d8ce7afdf19b07e03"],"threshold":1}},"consistent_snapshot":false},"signatures":[{"keyid":"09511bfa91a3dc7186789e61110733724c18b8debf2255623ed3202b70acd759","sig":"3046022100aceb849b04e33e1ff3bfa2ed7ee9fee11bcfb1e2e99ebcb1b3ae945215b8a42c022100c157930d70bc3d94075f1bc7e2b0d42cee5ea5c0adca235e5f4ce16ce88b2c46"},{"keyid":"61491d12afe41a1fc2c2204046d0857f9950115b4f2dfff758bb556c8fa38b2c","sig":"304502204f83ccbcfaf1e086b02172f0d0d13bdf8fb96fda3b6e4c6e71934af30099211802210085ed4b98bb8f93784286dd80eb8d272686ac5a9c89c589f59bffa0dac4a1ce48"}]} \ No newline at end of file diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/repository/root.json b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/repository/root.json new file mode 100644 index 00000000..c0a3c063 --- /dev/null +++ b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/repository/root.json @@ -0,0 +1 @@ +{"signed":{"_type":"root","spec_version":"1.0","version":2,"expires":"2024-12-20T21:37:40Z","keys":{"09511bfa91a3dc7186789e61110733724c18b8debf2255623ed3202b70acd759":{"keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZd80ry+aWsYUuNgxh6A9MqZX7I03\nnP0sEfTHTBKYn+mHvmd7iNE3jT6ccTmvSmPR593Y59zPxuxVxVxNluI/Sw==\n-----END PUBLIC KEY-----\n"}},"1dec63309978fb7e4f8264f403798fce160174c65ac85398ae39b07daeaa2482":{"keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE+iObJwvwNaRlcYTWQm06PwkG/JXZ\nHbs3NbF6q88yX8/9cFWkPM7fe6ywqnUPvjB3SB/TRBA247JOorXq9GnkoA==\n-----END PUBLIC KEY-----\n"}},"5e284914a20f614e375b4f82808333a687afeee15d7f43d187dc173353682fd5":{"keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEidXjF3GT4NNDHaqLnAHmKHNcYM+v\nCtWgjXPUxZ/ra6X3JWDIAxySTW8kIxqBDuZjdPx2Cb3iGsYKvv1uU2ACTw==\n-----END PUBLIC KEY-----\n"}},"61491d12afe41a1fc2c2204046d0857f9950115b4f2dfff758bb556c8fa38b2c":{"keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEwQbpOfC51o+7QQYdEKgRGyA53MAk\n+kpoHN4u+vBiRX6gtElBG+08uHZ+hYGVuZkrYS3RY2e4FE6S8V67aYVg2g==\n-----END PUBLIC KEY-----\n"}},"f48d3de6cc0c9f9dbb6b8af8f3de96a1f12d24c9f5980f2d8ce7afdf19b07e03":{"keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEDYVTdtFRilKwjrgFU4BmfC+3dN7B\nnxvAzhcHNKr1BtgjlbD4ih10lM3mMfMy6xXEIgHG08hpz12NePg1JPaHFw==\n-----END PUBLIC KEY-----\n"}}},"roles":{"root":{"keyids":["09511bfa91a3dc7186789e61110733724c18b8debf2255623ed3202b70acd759","61491d12afe41a1fc2c2204046d0857f9950115b4f2dfff758bb556c8fa38b2c"],"threshold":2},"snapshot":{"keyids":["1dec63309978fb7e4f8264f403798fce160174c65ac85398ae39b07daeaa2482"],"threshold":1},"targets":{"keyids":["5e284914a20f614e375b4f82808333a687afeee15d7f43d187dc173353682fd5"],"threshold":1},"timestamp":{"keyids":["f48d3de6cc0c9f9dbb6b8af8f3de96a1f12d24c9f5980f2d8ce7afdf19b07e03"],"threshold":1}},"consistent_snapshot":false},"signatures":[{"keyid":"09511bfa91a3dc7186789e61110733724c18b8debf2255623ed3202b70acd759","sig":"3046022100aceb849b04e33e1ff3bfa2ed7ee9fee11bcfb1e2e99ebcb1b3ae945215b8a42c022100c157930d70bc3d94075f1bc7e2b0d42cee5ea5c0adca235e5f4ce16ce88b2c46"},{"keyid":"61491d12afe41a1fc2c2204046d0857f9950115b4f2dfff758bb556c8fa38b2c","sig":"304502204f83ccbcfaf1e086b02172f0d0d13bdf8fb96fda3b6e4c6e71934af30099211802210085ed4b98bb8f93784286dd80eb8d272686ac5a9c89c589f59bffa0dac4a1ce48"}]} \ No newline at end of file diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/repository/snapshot.json b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/repository/snapshot.json new file mode 100644 index 00000000..b8b37805 --- /dev/null +++ b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/repository/snapshot.json @@ -0,0 +1 @@ +{"signed":{"_type":"snapshot","spec_version":"1.0","version":2,"expires":"2024-08-29T20:36:55Z","meta":{"targets.json":{"length":642,"hashes":{"sha512":"4cdbc10a77607ab1effe79645e367c61d1195af568995b9ce0dec5fd684af4359198add5597e92e61aa8f2c96598ed48552847ad14fe35354868446b60a0e498"},"version":1}}},"signatures":[{"keyid":"1dec63309978fb7e4f8264f403798fce160174c65ac85398ae39b07daeaa2482","sig":"30460221008fa6b790fb813c483b9672afc045b5bd3e0c719bb8ddf63ab7f97ae632015a3b022100bcaa73f6b2de9e67cdd1d336cb31a0d86f73ec935d3bd03a9fd0a08fbb516754"}]} \ No newline at end of file diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/repository/targets.json b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/repository/targets.json new file mode 100644 index 00000000..c24e637b --- /dev/null +++ b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/repository/targets.json @@ -0,0 +1 @@ +{"signed":{"_type":"targets","spec_version":"1.0","version":1,"expires":"2024-11-22T21:34:24Z","targets":{"test.txt":{"length":10,"hashes":{"sha256":"55f8718109829bf506b09d8af615b9f107a266e19f7a311039d1035f180b22d4"}},"test2.txt":{"length":6,"hashes":{"sha512":"2dff935df7d1e1221ef52c753091c487c6fdaabbb0b0e2b193764de8cd7c1222776c61d7ef21f20a4d031a6a6bfa631713df7c4f71b4ee21d362152d4618d514"}}}},"signatures":[{"keyid":"5e284914a20f614e375b4f82808333a687afeee15d7f43d187dc173353682fd5","sig":"304602210092fbb2a4cfc04497f640314d41207d79a17ea5b3331faf157e24da738c124dbc022100b237f54ea3d3fb5687b3e47fbc3549a216dbda9c0ab05e94196f2ab6990894da"}]} diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/repository/targets/2dff935df7d1e1221ef52c753091c487c6fdaabbb0b0e2b193764de8cd7c1222776c61d7ef21f20a4d031a6a6bfa631713df7c4f71b4ee21d362152d4618d514.test2.txt b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/repository/targets/2dff935df7d1e1221ef52c753091c487c6fdaabbb0b0e2b193764de8cd7c1222776c61d7ef21f20a4d031a6a6bfa631713df7c4f71b4ee21d362152d4618d514.test2.txt new file mode 100644 index 00000000..180cf832 --- /dev/null +++ b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/repository/targets/2dff935df7d1e1221ef52c753091c487c6fdaabbb0b0e2b193764de8cd7c1222776c61d7ef21f20a4d031a6a6bfa631713df7c4f71b4ee21d362152d4618d514.test2.txt @@ -0,0 +1 @@ +test2 diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/repository/targets/55f8718109829bf506b09d8af615b9f107a266e19f7a311039d1035f180b22d4.test.txt b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/repository/targets/55f8718109829bf506b09d8af615b9f107a266e19f7a311039d1035f180b22d4.test.txt new file mode 100644 index 00000000..16b14f5d --- /dev/null +++ b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/repository/targets/55f8718109829bf506b09d8af615b9f107a266e19f7a311039d1035f180b22d4.test.txt @@ -0,0 +1 @@ +test file diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/repository/timestamp.json b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/repository/timestamp.json new file mode 100644 index 00000000..dd39a9c7 --- /dev/null +++ b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/repository/timestamp.json @@ -0,0 +1 @@ +{"signed":{"_type":"timestamp","spec_version":"1.0","version":2,"expires":"2024-08-23T20:36:58Z","meta":{"snapshot.json":{"length":544,"hashes":{"sha512":"03f128cfbfe1892a698079944a1c849f88997af2d4a82934063b007da42a3ec934c78965faa2d5a93cbda0ee06f952fbefe156d7416e89f8c0ff1cbf5b5169d2"},"version":2}}},"signatures":[{"keyid":"f48d3de6cc0c9f9dbb6b8af8f3de96a1f12d24c9f5980f2d8ce7afdf19b07e03","sig":"3046022100d9147f558bcb36b33fe10456529457d841d04efec9a0f6f00dcefd907d01e6e7022100b5ffac27ce56a2977c6c5b107ee4b97b07b0bf5ed1bb39789058b794e68fe6a5"}]} \ No newline at end of file