From d19d61a7f07895ad9043922af98d3967cf9959ab Mon Sep 17 00:00:00 2001 From: Appu Goundan Date: Thu, 22 Aug 2024 09:45:26 -0400 Subject: [PATCH] TargetData should work on sha256 or sha512 Only of them is required by spec, so if one's missing we should continue to work and determine the target file correctly based on the available hash. Signed-off-by: Appu Goundan --- .github/workflows/ci.yaml | 4 +- .../main/java/dev/sigstore/tuf/Updater.java | 10 +++-- .../dev/sigstore/tuf/model/TargetMeta.java | 13 +++++- .../java/dev/sigstore/tuf/UpdaterTest.java | 26 ++++++++++++ .../tuf/model/TestTufJsonLoading.java | 40 ++++++++++++++++--- .../targets-sha256-or-sha512/1.root.json | 1 + .../targets-sha256-or-sha512/1.targets.json | 1 + .../targets-sha256-or-sha512/2.root.json | 1 + .../targets-sha256-or-sha512/2.snapshot.json | 1 + .../targets-sha256-or-sha512/root.json | 1 + ...13df7c4f71b4ee21d362152d4618d514.test2.txt | 1 + ...107a266e19f7a311039d1035f180b22d4.test.txt | 1 + .../targets-sha256-or-sha512/timestamp.json | 1 + .../tuf/synthetic/test/keys/root.json | 29 ++++++++++++++ .../tuf/synthetic/test/keys/snapshot.json | 17 ++++++++ .../tuf/synthetic/test/keys/targets.json | 17 ++++++++ .../tuf/synthetic/test/keys/timestamp.json | 17 ++++++++ .../tuf/synthetic/test/repository/1.root.json | 1 + .../tuf/synthetic/test/repository/2.root.json | 1 + .../tuf/synthetic/test/repository/root.json | 1 + .../synthetic/test/repository/snapshot.json | 1 + .../synthetic/test/repository/targets.json | 1 + ...13df7c4f71b4ee21d362152d4618d514.test2.txt | 1 + ...107a266e19f7a311039d1035f180b22d4.test.txt | 1 + .../synthetic/test/repository/timestamp.json | 1 + 25 files changed, 177 insertions(+), 12 deletions(-) create mode 100644 sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/targets-sha256-or-sha512/1.root.json create mode 100644 sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/targets-sha256-or-sha512/1.targets.json create mode 100644 sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/targets-sha256-or-sha512/2.root.json create mode 100644 sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/targets-sha256-or-sha512/2.snapshot.json create mode 100644 sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/targets-sha256-or-sha512/root.json create mode 100644 sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/targets-sha256-or-sha512/targets/2dff935df7d1e1221ef52c753091c487c6fdaabbb0b0e2b193764de8cd7c1222776c61d7ef21f20a4d031a6a6bfa631713df7c4f71b4ee21d362152d4618d514.test2.txt create mode 100644 sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/targets-sha256-or-sha512/targets/55f8718109829bf506b09d8af615b9f107a266e19f7a311039d1035f180b22d4.test.txt create mode 100644 sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/targets-sha256-or-sha512/timestamp.json create mode 100644 sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/keys/root.json create mode 100644 sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/keys/snapshot.json create mode 100644 sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/keys/targets.json create mode 100644 sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/keys/timestamp.json create mode 100644 sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/repository/1.root.json create mode 100644 sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/repository/2.root.json create mode 100644 sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/repository/root.json create mode 100644 sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/repository/snapshot.json create mode 100644 sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/repository/targets.json create mode 100644 sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/repository/targets/2dff935df7d1e1221ef52c753091c487c6fdaabbb0b0e2b193764de8cd7c1222776c61d7ef21f20a4d031a6a6bfa631713df7c4f71b4ee21d362152d4618d514.test2.txt create mode 100644 sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/repository/targets/55f8718109829bf506b09d8af615b9f107a266e19f7a311039d1035f180b22d4.test.txt create mode 100644 sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/repository/timestamp.json diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 98004998..56923e8b 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -54,9 +54,9 @@ jobs: - name: Setup Gradle uses: gradle/actions/setup-gradle@af1da67850ed9a4cedd57bfd976089dd991e2582 # v4.0.0 - # tests that hit staging are current disabled due to flakiness (-PskipStaging) + # if you need to skip staging due to flakiness use "-PskipStaging" - name: Test sigstore-java - run: ./gradlew build -PskipStaging + run: ./gradlew build - name: Ensure sigstore-java self signing still works run: ./gradlew sigstore-java:publishToMavenLocal -Prelease -PskipPgpSigning diff --git a/sigstore-java/src/main/java/dev/sigstore/tuf/Updater.java b/sigstore-java/src/main/java/dev/sigstore/tuf/Updater.java index 63a816bc..a8734d97 100644 --- a/sigstore-java/src/main/java/dev/sigstore/tuf/Updater.java +++ b/sigstore-java/src/main/java/dev/sigstore/tuf/Updater.java @@ -438,14 +438,18 @@ void downloadTargets(Targets targets) String targetName = entry.getKey(); // 8) If target is missing metadata fail. // Note: This can't actually happen due to the way GSON is setup the targets.json would fail - // to parse. Leaving - // this code in in-case we eventually allow it in de-serialization. + // to parse. Leaving this code in in-case we eventually allow it in de-serialization. if (entry.getValue() == null) { throw new TargetMetadataMissingException(targetName); } TargetMeta.TargetData targetData = entry.getValue(); // 9) Download target up to length specified in bytes. verify against hash. - var versionedTargetName = targetData.getHashes().getSha512() + "." + targetName; + String versionedTargetName; + if (targetData.getHashes().getSha512() != null) { + versionedTargetName = targetData.getHashes().getSha512() + "." + targetName; + } else { + versionedTargetName = targetData.getHashes().getSha256() + "." + targetName; + } var targetBytes = fetcher.fetchResource("targets/" + versionedTargetName, targetData.getLength()); diff --git a/sigstore-java/src/main/java/dev/sigstore/tuf/model/TargetMeta.java b/sigstore-java/src/main/java/dev/sigstore/tuf/model/TargetMeta.java index b7426491..abe1dd44 100644 --- a/sigstore-java/src/main/java/dev/sigstore/tuf/model/TargetMeta.java +++ b/sigstore-java/src/main/java/dev/sigstore/tuf/model/TargetMeta.java @@ -41,11 +41,22 @@ interface TargetData { /** Custom application specific metadata about the target. */ Optional getCustom(); - /** Hash values of the target metadata. */ + /** + * Hash values of the target metadata. One or both of sha256 or sha512 is required to be + * present. + */ Hashes getHashes(); /** Length in bytes of the metadata. */ int getLength(); + + @Value.Check + default void check() { + if (getHashes().getSha256() == null && getHashes().getSha512() == null) { + throw new IllegalStateException( + "No hashes (sha256 or sha512) found for target data: " + this); + } + } } /** Field to store use-case specific labels/data. */ diff --git a/sigstore-java/src/test/java/dev/sigstore/tuf/UpdaterTest.java b/sigstore-java/src/test/java/dev/sigstore/tuf/UpdaterTest.java index b42cba53..8b045e85 100644 --- a/sigstore-java/src/test/java/dev/sigstore/tuf/UpdaterTest.java +++ b/sigstore-java/src/test/java/dev/sigstore/tuf/UpdaterTest.java @@ -17,6 +17,7 @@ import static dev.sigstore.testkit.tuf.TestResources.UPDATER_REAL_TRUSTED_ROOT; import static dev.sigstore.testkit.tuf.TestResources.UPDATER_SYNTHETIC_TRUSTED_ROOT; +import static org.junit.jupiter.api.Assertions.assertDoesNotThrow; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertNotNull; import static org.junit.jupiter.api.Assertions.assertThrows; @@ -658,6 +659,31 @@ public void testTargetsDownload_success() assertTrue(updater.getLocalStore().getTargetFile("test2.txt") != null); } + // Ensure we accept sha256 or sha512 on hashes for targets + @Test + public void testTargetsDownload_sha256Only() + throws IOException, NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException { + setupMirror( + "synthetic/targets-sha256-or-sha512", + "1.root.json", + "2.root.json", + "2.snapshot.json", + "1.targets.json", + "timestamp.json", + "targets/2dff935df7d1e1221ef52c753091c487c6fdaabbb0b0e2b193764de8cd7c1222776c61d7ef21f20a4d031a6a6bfa631713df7c4f71b4ee21d362152d4618d514.test2.txt", + "targets/55f8718109829bf506b09d8af615b9f107a266e19f7a311039d1035f180b22d4.test.txt"); + var UPDATER_ROOT = + Path.of( + Resources.getResource("dev/sigstore/tuf/synthetic/targets-sha256-or-sha512/root.json") + .getPath()); + var updater = createTimeStaticUpdater(localStorePath, UPDATER_ROOT); + var root = updater.updateRoot(); + var timestamp = updater.updateTimestamp(root); + var snapshot = updater.updateSnapshot(root, timestamp.get()); + var targets = updater.updateTargets(root, snapshot); + assertDoesNotThrow(() -> updater.downloadTargets(targets)); + } + // End to end sanity test on the actual prod sigstore repo. @Test public void testUpdate_fromProdData() diff --git a/sigstore-java/src/test/java/dev/sigstore/tuf/model/TestTufJsonLoading.java b/sigstore-java/src/test/java/dev/sigstore/tuf/model/TestTufJsonLoading.java index c8d62ff6..5400e054 100644 --- a/sigstore-java/src/test/java/dev/sigstore/tuf/model/TestTufJsonLoading.java +++ b/sigstore-java/src/test/java/dev/sigstore/tuf/model/TestTufJsonLoading.java @@ -20,12 +20,15 @@ import static org.junit.jupiter.api.Assertions.assertNotNull; import com.google.common.io.Resources; +import com.google.gson.JsonSyntaxException; +import dev.sigstore.tuf.model.TargetMeta.TargetData; import java.io.IOException; import java.io.Reader; import java.nio.charset.Charset; import java.time.ZonedDateTime; import java.util.List; import java.util.Map; +import org.junit.jupiter.api.Assertions; import org.junit.jupiter.api.Test; public class TestTufJsonLoading { @@ -163,12 +166,37 @@ public void loadTargetsJson() throws IOException { assertEquals("Expired", custom.getSigstoreMeta().getStatus()); assertEquals("https://fulcio.dev", custom.getSigstoreMeta().getUri().get()); assertEquals("Fulcio", custom.getSigstoreMeta().getUsage()); - assertEquals( - "f360c53b2e13495a628b9b8096455badcb6d375b185c4816d95a5d746ff29908", - targetData.getHashes().getSha256()); - assertEquals( - "0713252a7fd17f7f3ab12f88a64accf2eb14b8ad40ca711d7fe8b4ecba3b24db9e9dffadb997b196d3867b8f9ff217faf930d80e4dab4e235c7fc3f07be69224", - targetData.getHashes().getSha512()); assertEquals(744, targetData.getLength()); } + + @Test + public void loadTargetData_oneHash() { + Assertions.assertDoesNotThrow( + () -> + GSON.get() + .fromJson( + "{\"custom\":{\"sigstore\":{\"status\":\"Active\",\"usage\":\"CTFE\"}},\"hashes\":{\"sha256\": \"7fcb94a5d0ed541260473b990b99a6c39864c1fb16f3f3e594a5a3cebbfe138a\"},\"length\":177}", + TargetData.class)); + Assertions.assertDoesNotThrow( + () -> + GSON.get() + .fromJson( + "{\"custom\":{\"sigstore\":{\"status\":\"Active\",\"usage\":\"CTFE\"}},\"hashes\":{\"sha512\": \"4b20747d1afe2544238ad38cc0cc3010921b177d60ac743767e0ef675b915489bd01a36606c0ff83c06448622d7160f0d866c83d20f0c0f44653dcc3f9aa0bd4\"},\"length\":177}", + TargetData.class)); + } + + @Test + public void loadTargetData_failNoHashes() { + var error = + Assertions.assertThrows( + JsonSyntaxException.class, + () -> + GSON.get() + .fromJson( + "{\"custom\":{\"sigstore\":{\"status\":\"Active\",\"usage\":\"CTFE\"}},\"hashes\":{},\"length\":177}", + TargetData.class)); + Assertions.assertEquals( + "No hashes (sha256 or sha512) found for target data: TargetData{custom=Custom{sigstoreMeta=SigstoreMeta{status=Active, usage=CTFE}}, hashes=Hashes{}, length=177}", + error.getCause().getMessage()); + } } diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/targets-sha256-or-sha512/1.root.json b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/targets-sha256-or-sha512/1.root.json new file mode 100644 index 00000000..17f23cd1 --- /dev/null +++ b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/targets-sha256-or-sha512/1.root.json @@ -0,0 +1 @@ +{"signed":{"_type":"root","spec_version":"1.0","version":1,"expires":"2024-11-20T19:22:57Z","keys":{"09511bfa91a3dc7186789e61110733724c18b8debf2255623ed3202b70acd759":{"keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZd80ry+aWsYUuNgxh6A9MqZX7I03\nnP0sEfTHTBKYn+mHvmd7iNE3jT6ccTmvSmPR593Y59zPxuxVxVxNluI/Sw==\n-----END PUBLIC KEY-----\n"}},"1dec63309978fb7e4f8264f403798fce160174c65ac85398ae39b07daeaa2482":{"keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE+iObJwvwNaRlcYTWQm06PwkG/JXZ\nHbs3NbF6q88yX8/9cFWkPM7fe6ywqnUPvjB3SB/TRBA247JOorXq9GnkoA==\n-----END PUBLIC KEY-----\n"}},"5e284914a20f614e375b4f82808333a687afeee15d7f43d187dc173353682fd5":{"keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEidXjF3GT4NNDHaqLnAHmKHNcYM+v\nCtWgjXPUxZ/ra6X3JWDIAxySTW8kIxqBDuZjdPx2Cb3iGsYKvv1uU2ACTw==\n-----END PUBLIC KEY-----\n"}},"f48d3de6cc0c9f9dbb6b8af8f3de96a1f12d24c9f5980f2d8ce7afdf19b07e03":{"keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEDYVTdtFRilKwjrgFU4BmfC+3dN7B\nnxvAzhcHNKr1BtgjlbD4ih10lM3mMfMy6xXEIgHG08hpz12NePg1JPaHFw==\n-----END PUBLIC KEY-----\n"}}},"roles":{"root":{"keyids":["09511bfa91a3dc7186789e61110733724c18b8debf2255623ed3202b70acd759"],"threshold":1},"snapshot":{"keyids":["1dec63309978fb7e4f8264f403798fce160174c65ac85398ae39b07daeaa2482"],"threshold":1},"targets":{"keyids":["5e284914a20f614e375b4f82808333a687afeee15d7f43d187dc173353682fd5"],"threshold":1},"timestamp":{"keyids":["f48d3de6cc0c9f9dbb6b8af8f3de96a1f12d24c9f5980f2d8ce7afdf19b07e03"],"threshold":1}},"consistent_snapshot":false},"signatures":[{"keyid":"09511bfa91a3dc7186789e61110733724c18b8debf2255623ed3202b70acd759","sig":"304502203b45b43d7049423433231073438bead62726d99266a80c1ba5b3a7fb7866fca3022100a0b1e10b9c3d0b92e9d3277f36e3154485996f83be6463e530b622e5af74bcc7"}]} \ No newline at end of file diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/targets-sha256-or-sha512/1.targets.json b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/targets-sha256-or-sha512/1.targets.json new file mode 100644 index 00000000..c24e637b --- /dev/null +++ b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/targets-sha256-or-sha512/1.targets.json @@ -0,0 +1 @@ +{"signed":{"_type":"targets","spec_version":"1.0","version":1,"expires":"2024-11-22T21:34:24Z","targets":{"test.txt":{"length":10,"hashes":{"sha256":"55f8718109829bf506b09d8af615b9f107a266e19f7a311039d1035f180b22d4"}},"test2.txt":{"length":6,"hashes":{"sha512":"2dff935df7d1e1221ef52c753091c487c6fdaabbb0b0e2b193764de8cd7c1222776c61d7ef21f20a4d031a6a6bfa631713df7c4f71b4ee21d362152d4618d514"}}}},"signatures":[{"keyid":"5e284914a20f614e375b4f82808333a687afeee15d7f43d187dc173353682fd5","sig":"304602210092fbb2a4cfc04497f640314d41207d79a17ea5b3331faf157e24da738c124dbc022100b237f54ea3d3fb5687b3e47fbc3549a216dbda9c0ab05e94196f2ab6990894da"}]} diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/targets-sha256-or-sha512/2.root.json b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/targets-sha256-or-sha512/2.root.json new file mode 100644 index 00000000..c0a3c063 --- /dev/null +++ b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/targets-sha256-or-sha512/2.root.json @@ -0,0 +1 @@ +{"signed":{"_type":"root","spec_version":"1.0","version":2,"expires":"2024-12-20T21:37:40Z","keys":{"09511bfa91a3dc7186789e61110733724c18b8debf2255623ed3202b70acd759":{"keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZd80ry+aWsYUuNgxh6A9MqZX7I03\nnP0sEfTHTBKYn+mHvmd7iNE3jT6ccTmvSmPR593Y59zPxuxVxVxNluI/Sw==\n-----END PUBLIC KEY-----\n"}},"1dec63309978fb7e4f8264f403798fce160174c65ac85398ae39b07daeaa2482":{"keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE+iObJwvwNaRlcYTWQm06PwkG/JXZ\nHbs3NbF6q88yX8/9cFWkPM7fe6ywqnUPvjB3SB/TRBA247JOorXq9GnkoA==\n-----END PUBLIC KEY-----\n"}},"5e284914a20f614e375b4f82808333a687afeee15d7f43d187dc173353682fd5":{"keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEidXjF3GT4NNDHaqLnAHmKHNcYM+v\nCtWgjXPUxZ/ra6X3JWDIAxySTW8kIxqBDuZjdPx2Cb3iGsYKvv1uU2ACTw==\n-----END PUBLIC KEY-----\n"}},"61491d12afe41a1fc2c2204046d0857f9950115b4f2dfff758bb556c8fa38b2c":{"keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEwQbpOfC51o+7QQYdEKgRGyA53MAk\n+kpoHN4u+vBiRX6gtElBG+08uHZ+hYGVuZkrYS3RY2e4FE6S8V67aYVg2g==\n-----END PUBLIC KEY-----\n"}},"f48d3de6cc0c9f9dbb6b8af8f3de96a1f12d24c9f5980f2d8ce7afdf19b07e03":{"keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEDYVTdtFRilKwjrgFU4BmfC+3dN7B\nnxvAzhcHNKr1BtgjlbD4ih10lM3mMfMy6xXEIgHG08hpz12NePg1JPaHFw==\n-----END PUBLIC KEY-----\n"}}},"roles":{"root":{"keyids":["09511bfa91a3dc7186789e61110733724c18b8debf2255623ed3202b70acd759","61491d12afe41a1fc2c2204046d0857f9950115b4f2dfff758bb556c8fa38b2c"],"threshold":2},"snapshot":{"keyids":["1dec63309978fb7e4f8264f403798fce160174c65ac85398ae39b07daeaa2482"],"threshold":1},"targets":{"keyids":["5e284914a20f614e375b4f82808333a687afeee15d7f43d187dc173353682fd5"],"threshold":1},"timestamp":{"keyids":["f48d3de6cc0c9f9dbb6b8af8f3de96a1f12d24c9f5980f2d8ce7afdf19b07e03"],"threshold":1}},"consistent_snapshot":false},"signatures":[{"keyid":"09511bfa91a3dc7186789e61110733724c18b8debf2255623ed3202b70acd759","sig":"3046022100aceb849b04e33e1ff3bfa2ed7ee9fee11bcfb1e2e99ebcb1b3ae945215b8a42c022100c157930d70bc3d94075f1bc7e2b0d42cee5ea5c0adca235e5f4ce16ce88b2c46"},{"keyid":"61491d12afe41a1fc2c2204046d0857f9950115b4f2dfff758bb556c8fa38b2c","sig":"304502204f83ccbcfaf1e086b02172f0d0d13bdf8fb96fda3b6e4c6e71934af30099211802210085ed4b98bb8f93784286dd80eb8d272686ac5a9c89c589f59bffa0dac4a1ce48"}]} \ No newline at end of file diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/targets-sha256-or-sha512/2.snapshot.json b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/targets-sha256-or-sha512/2.snapshot.json new file mode 100644 index 00000000..b8b37805 --- /dev/null +++ b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/targets-sha256-or-sha512/2.snapshot.json @@ -0,0 +1 @@ +{"signed":{"_type":"snapshot","spec_version":"1.0","version":2,"expires":"2024-08-29T20:36:55Z","meta":{"targets.json":{"length":642,"hashes":{"sha512":"4cdbc10a77607ab1effe79645e367c61d1195af568995b9ce0dec5fd684af4359198add5597e92e61aa8f2c96598ed48552847ad14fe35354868446b60a0e498"},"version":1}}},"signatures":[{"keyid":"1dec63309978fb7e4f8264f403798fce160174c65ac85398ae39b07daeaa2482","sig":"30460221008fa6b790fb813c483b9672afc045b5bd3e0c719bb8ddf63ab7f97ae632015a3b022100bcaa73f6b2de9e67cdd1d336cb31a0d86f73ec935d3bd03a9fd0a08fbb516754"}]} \ No newline at end of file diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/targets-sha256-or-sha512/root.json b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/targets-sha256-or-sha512/root.json new file mode 100644 index 00000000..c0a3c063 --- /dev/null +++ b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/targets-sha256-or-sha512/root.json @@ -0,0 +1 @@ +{"signed":{"_type":"root","spec_version":"1.0","version":2,"expires":"2024-12-20T21:37:40Z","keys":{"09511bfa91a3dc7186789e61110733724c18b8debf2255623ed3202b70acd759":{"keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZd80ry+aWsYUuNgxh6A9MqZX7I03\nnP0sEfTHTBKYn+mHvmd7iNE3jT6ccTmvSmPR593Y59zPxuxVxVxNluI/Sw==\n-----END PUBLIC KEY-----\n"}},"1dec63309978fb7e4f8264f403798fce160174c65ac85398ae39b07daeaa2482":{"keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE+iObJwvwNaRlcYTWQm06PwkG/JXZ\nHbs3NbF6q88yX8/9cFWkPM7fe6ywqnUPvjB3SB/TRBA247JOorXq9GnkoA==\n-----END PUBLIC KEY-----\n"}},"5e284914a20f614e375b4f82808333a687afeee15d7f43d187dc173353682fd5":{"keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEidXjF3GT4NNDHaqLnAHmKHNcYM+v\nCtWgjXPUxZ/ra6X3JWDIAxySTW8kIxqBDuZjdPx2Cb3iGsYKvv1uU2ACTw==\n-----END PUBLIC KEY-----\n"}},"61491d12afe41a1fc2c2204046d0857f9950115b4f2dfff758bb556c8fa38b2c":{"keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEwQbpOfC51o+7QQYdEKgRGyA53MAk\n+kpoHN4u+vBiRX6gtElBG+08uHZ+hYGVuZkrYS3RY2e4FE6S8V67aYVg2g==\n-----END PUBLIC KEY-----\n"}},"f48d3de6cc0c9f9dbb6b8af8f3de96a1f12d24c9f5980f2d8ce7afdf19b07e03":{"keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEDYVTdtFRilKwjrgFU4BmfC+3dN7B\nnxvAzhcHNKr1BtgjlbD4ih10lM3mMfMy6xXEIgHG08hpz12NePg1JPaHFw==\n-----END PUBLIC KEY-----\n"}}},"roles":{"root":{"keyids":["09511bfa91a3dc7186789e61110733724c18b8debf2255623ed3202b70acd759","61491d12afe41a1fc2c2204046d0857f9950115b4f2dfff758bb556c8fa38b2c"],"threshold":2},"snapshot":{"keyids":["1dec63309978fb7e4f8264f403798fce160174c65ac85398ae39b07daeaa2482"],"threshold":1},"targets":{"keyids":["5e284914a20f614e375b4f82808333a687afeee15d7f43d187dc173353682fd5"],"threshold":1},"timestamp":{"keyids":["f48d3de6cc0c9f9dbb6b8af8f3de96a1f12d24c9f5980f2d8ce7afdf19b07e03"],"threshold":1}},"consistent_snapshot":false},"signatures":[{"keyid":"09511bfa91a3dc7186789e61110733724c18b8debf2255623ed3202b70acd759","sig":"3046022100aceb849b04e33e1ff3bfa2ed7ee9fee11bcfb1e2e99ebcb1b3ae945215b8a42c022100c157930d70bc3d94075f1bc7e2b0d42cee5ea5c0adca235e5f4ce16ce88b2c46"},{"keyid":"61491d12afe41a1fc2c2204046d0857f9950115b4f2dfff758bb556c8fa38b2c","sig":"304502204f83ccbcfaf1e086b02172f0d0d13bdf8fb96fda3b6e4c6e71934af30099211802210085ed4b98bb8f93784286dd80eb8d272686ac5a9c89c589f59bffa0dac4a1ce48"}]} \ No newline at end of file diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/targets-sha256-or-sha512/targets/2dff935df7d1e1221ef52c753091c487c6fdaabbb0b0e2b193764de8cd7c1222776c61d7ef21f20a4d031a6a6bfa631713df7c4f71b4ee21d362152d4618d514.test2.txt b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/targets-sha256-or-sha512/targets/2dff935df7d1e1221ef52c753091c487c6fdaabbb0b0e2b193764de8cd7c1222776c61d7ef21f20a4d031a6a6bfa631713df7c4f71b4ee21d362152d4618d514.test2.txt new file mode 100644 index 00000000..180cf832 --- /dev/null +++ b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/targets-sha256-or-sha512/targets/2dff935df7d1e1221ef52c753091c487c6fdaabbb0b0e2b193764de8cd7c1222776c61d7ef21f20a4d031a6a6bfa631713df7c4f71b4ee21d362152d4618d514.test2.txt @@ -0,0 +1 @@ +test2 diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/targets-sha256-or-sha512/targets/55f8718109829bf506b09d8af615b9f107a266e19f7a311039d1035f180b22d4.test.txt b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/targets-sha256-or-sha512/targets/55f8718109829bf506b09d8af615b9f107a266e19f7a311039d1035f180b22d4.test.txt new file mode 100644 index 00000000..16b14f5d --- /dev/null +++ b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/targets-sha256-or-sha512/targets/55f8718109829bf506b09d8af615b9f107a266e19f7a311039d1035f180b22d4.test.txt @@ -0,0 +1 @@ +test file diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/targets-sha256-or-sha512/timestamp.json b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/targets-sha256-or-sha512/timestamp.json new file mode 100644 index 00000000..dd39a9c7 --- /dev/null +++ b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/targets-sha256-or-sha512/timestamp.json @@ -0,0 +1 @@ +{"signed":{"_type":"timestamp","spec_version":"1.0","version":2,"expires":"2024-08-23T20:36:58Z","meta":{"snapshot.json":{"length":544,"hashes":{"sha512":"03f128cfbfe1892a698079944a1c849f88997af2d4a82934063b007da42a3ec934c78965faa2d5a93cbda0ee06f952fbefe156d7416e89f8c0ff1cbf5b5169d2"},"version":2}}},"signatures":[{"keyid":"f48d3de6cc0c9f9dbb6b8af8f3de96a1f12d24c9f5980f2d8ce7afdf19b07e03","sig":"3046022100d9147f558bcb36b33fe10456529457d841d04efec9a0f6f00dcefd907d01e6e7022100b5ffac27ce56a2977c6c5b107ee4b97b07b0bf5ed1bb39789058b794e68fe6a5"}]} \ No newline at end of file diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/keys/root.json b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/keys/root.json new file mode 100644 index 00000000..509425fd --- /dev/null +++ b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/keys/root.json @@ -0,0 +1,29 @@ +{ + "encrypted": false, + "data": [ + { + "keytype": "ecdsa-sha2-nistp256", + "scheme": "ecdsa-sha2-nistp256", + "keyid_hash_algorithms": [ + "sha256", + "sha512" + ], + "keyval": { + "private": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIPHps+8+Nr1GrQuXYXSCaoNfP8dDyOk5kifGkT3NKRRhoAoGCCqGSM49\nAwEHoUQDQgAEZd80ry+aWsYUuNgxh6A9MqZX7I03nP0sEfTHTBKYn+mHvmd7iNE3\njT6ccTmvSmPR593Y59zPxuxVxVxNluI/Sw==\n-----END EC PRIVATE KEY-----\n", + "public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZd80ry+aWsYUuNgxh6A9MqZX7I03\nnP0sEfTHTBKYn+mHvmd7iNE3jT6ccTmvSmPR593Y59zPxuxVxVxNluI/Sw==\n-----END PUBLIC KEY-----\n" + } + }, + { + "keytype": "ecdsa-sha2-nistp256", + "scheme": "ecdsa-sha2-nistp256", + "keyid_hash_algorithms": [ + "sha256", + "sha512" + ], + "keyval": { + "private": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEINL0jyObd8rzLl/rYIb14wHKYMer7URnrxMbPycAVYeroAoGCCqGSM49\nAwEHoUQDQgAEwQbpOfC51o+7QQYdEKgRGyA53MAk+kpoHN4u+vBiRX6gtElBG+08\nuHZ+hYGVuZkrYS3RY2e4FE6S8V67aYVg2g==\n-----END EC PRIVATE KEY-----\n", + "public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEwQbpOfC51o+7QQYdEKgRGyA53MAk\n+kpoHN4u+vBiRX6gtElBG+08uHZ+hYGVuZkrYS3RY2e4FE6S8V67aYVg2g==\n-----END PUBLIC KEY-----\n" + } + } + ] +} diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/keys/snapshot.json b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/keys/snapshot.json new file mode 100644 index 00000000..e4fe820a --- /dev/null +++ b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/keys/snapshot.json @@ -0,0 +1,17 @@ +{ + "encrypted": false, + "data": [ + { + "keytype": "ecdsa-sha2-nistp256", + "scheme": "ecdsa-sha2-nistp256", + "keyid_hash_algorithms": [ + "sha256", + "sha512" + ], + "keyval": { + "private": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIE+0DoWvedC/M6PszNPKVSj3Y6JF7n/+yMgGF8LhJPBzoAoGCCqGSM49\nAwEHoUQDQgAE+iObJwvwNaRlcYTWQm06PwkG/JXZHbs3NbF6q88yX8/9cFWkPM7f\ne6ywqnUPvjB3SB/TRBA247JOorXq9GnkoA==\n-----END EC PRIVATE KEY-----\n", + "public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE+iObJwvwNaRlcYTWQm06PwkG/JXZ\nHbs3NbF6q88yX8/9cFWkPM7fe6ywqnUPvjB3SB/TRBA247JOorXq9GnkoA==\n-----END PUBLIC KEY-----\n" + } + } + ] +} diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/keys/targets.json b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/keys/targets.json new file mode 100644 index 00000000..c484d41e --- /dev/null +++ b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/keys/targets.json @@ -0,0 +1,17 @@ +{ + "encrypted": false, + "data": [ + { + "keytype": "ecdsa-sha2-nistp256", + "scheme": "ecdsa-sha2-nistp256", + "keyid_hash_algorithms": [ + "sha256", + "sha512" + ], + "keyval": { + "private": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIOk/sjjYbsFJxa/eoiY2/JusnCB+HWbREB3PUYYSRDhSoAoGCCqGSM49\nAwEHoUQDQgAEidXjF3GT4NNDHaqLnAHmKHNcYM+vCtWgjXPUxZ/ra6X3JWDIAxyS\nTW8kIxqBDuZjdPx2Cb3iGsYKvv1uU2ACTw==\n-----END EC PRIVATE KEY-----\n", + "public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEidXjF3GT4NNDHaqLnAHmKHNcYM+v\nCtWgjXPUxZ/ra6X3JWDIAxySTW8kIxqBDuZjdPx2Cb3iGsYKvv1uU2ACTw==\n-----END PUBLIC KEY-----\n" + } + } + ] +} diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/keys/timestamp.json b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/keys/timestamp.json new file mode 100644 index 00000000..0623185c --- /dev/null +++ b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/keys/timestamp.json @@ -0,0 +1,17 @@ +{ + "encrypted": false, + "data": [ + { + "keytype": "ecdsa-sha2-nistp256", + "scheme": "ecdsa-sha2-nistp256", + "keyid_hash_algorithms": [ + "sha256", + "sha512" + ], + "keyval": { + "private": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIGUllPXu7zZF6G0fs545XhxHZYdQ0kEdPfCnwQhvYQLJoAoGCCqGSM49\nAwEHoUQDQgAEDYVTdtFRilKwjrgFU4BmfC+3dN7BnxvAzhcHNKr1BtgjlbD4ih10\nlM3mMfMy6xXEIgHG08hpz12NePg1JPaHFw==\n-----END EC PRIVATE KEY-----\n", + "public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEDYVTdtFRilKwjrgFU4BmfC+3dN7B\nnxvAzhcHNKr1BtgjlbD4ih10lM3mMfMy6xXEIgHG08hpz12NePg1JPaHFw==\n-----END PUBLIC KEY-----\n" + } + } + ] +} diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/repository/1.root.json b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/repository/1.root.json new file mode 100644 index 00000000..17f23cd1 --- /dev/null +++ b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/repository/1.root.json @@ -0,0 +1 @@ +{"signed":{"_type":"root","spec_version":"1.0","version":1,"expires":"2024-11-20T19:22:57Z","keys":{"09511bfa91a3dc7186789e61110733724c18b8debf2255623ed3202b70acd759":{"keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZd80ry+aWsYUuNgxh6A9MqZX7I03\nnP0sEfTHTBKYn+mHvmd7iNE3jT6ccTmvSmPR593Y59zPxuxVxVxNluI/Sw==\n-----END PUBLIC KEY-----\n"}},"1dec63309978fb7e4f8264f403798fce160174c65ac85398ae39b07daeaa2482":{"keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE+iObJwvwNaRlcYTWQm06PwkG/JXZ\nHbs3NbF6q88yX8/9cFWkPM7fe6ywqnUPvjB3SB/TRBA247JOorXq9GnkoA==\n-----END PUBLIC KEY-----\n"}},"5e284914a20f614e375b4f82808333a687afeee15d7f43d187dc173353682fd5":{"keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEidXjF3GT4NNDHaqLnAHmKHNcYM+v\nCtWgjXPUxZ/ra6X3JWDIAxySTW8kIxqBDuZjdPx2Cb3iGsYKvv1uU2ACTw==\n-----END PUBLIC KEY-----\n"}},"f48d3de6cc0c9f9dbb6b8af8f3de96a1f12d24c9f5980f2d8ce7afdf19b07e03":{"keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEDYVTdtFRilKwjrgFU4BmfC+3dN7B\nnxvAzhcHNKr1BtgjlbD4ih10lM3mMfMy6xXEIgHG08hpz12NePg1JPaHFw==\n-----END PUBLIC KEY-----\n"}}},"roles":{"root":{"keyids":["09511bfa91a3dc7186789e61110733724c18b8debf2255623ed3202b70acd759"],"threshold":1},"snapshot":{"keyids":["1dec63309978fb7e4f8264f403798fce160174c65ac85398ae39b07daeaa2482"],"threshold":1},"targets":{"keyids":["5e284914a20f614e375b4f82808333a687afeee15d7f43d187dc173353682fd5"],"threshold":1},"timestamp":{"keyids":["f48d3de6cc0c9f9dbb6b8af8f3de96a1f12d24c9f5980f2d8ce7afdf19b07e03"],"threshold":1}},"consistent_snapshot":false},"signatures":[{"keyid":"09511bfa91a3dc7186789e61110733724c18b8debf2255623ed3202b70acd759","sig":"304502203b45b43d7049423433231073438bead62726d99266a80c1ba5b3a7fb7866fca3022100a0b1e10b9c3d0b92e9d3277f36e3154485996f83be6463e530b622e5af74bcc7"}]} \ No newline at end of file diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/repository/2.root.json b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/repository/2.root.json new file mode 100644 index 00000000..c0a3c063 --- /dev/null +++ b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/repository/2.root.json @@ -0,0 +1 @@ +{"signed":{"_type":"root","spec_version":"1.0","version":2,"expires":"2024-12-20T21:37:40Z","keys":{"09511bfa91a3dc7186789e61110733724c18b8debf2255623ed3202b70acd759":{"keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZd80ry+aWsYUuNgxh6A9MqZX7I03\nnP0sEfTHTBKYn+mHvmd7iNE3jT6ccTmvSmPR593Y59zPxuxVxVxNluI/Sw==\n-----END PUBLIC KEY-----\n"}},"1dec63309978fb7e4f8264f403798fce160174c65ac85398ae39b07daeaa2482":{"keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE+iObJwvwNaRlcYTWQm06PwkG/JXZ\nHbs3NbF6q88yX8/9cFWkPM7fe6ywqnUPvjB3SB/TRBA247JOorXq9GnkoA==\n-----END PUBLIC KEY-----\n"}},"5e284914a20f614e375b4f82808333a687afeee15d7f43d187dc173353682fd5":{"keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEidXjF3GT4NNDHaqLnAHmKHNcYM+v\nCtWgjXPUxZ/ra6X3JWDIAxySTW8kIxqBDuZjdPx2Cb3iGsYKvv1uU2ACTw==\n-----END PUBLIC KEY-----\n"}},"61491d12afe41a1fc2c2204046d0857f9950115b4f2dfff758bb556c8fa38b2c":{"keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEwQbpOfC51o+7QQYdEKgRGyA53MAk\n+kpoHN4u+vBiRX6gtElBG+08uHZ+hYGVuZkrYS3RY2e4FE6S8V67aYVg2g==\n-----END PUBLIC KEY-----\n"}},"f48d3de6cc0c9f9dbb6b8af8f3de96a1f12d24c9f5980f2d8ce7afdf19b07e03":{"keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEDYVTdtFRilKwjrgFU4BmfC+3dN7B\nnxvAzhcHNKr1BtgjlbD4ih10lM3mMfMy6xXEIgHG08hpz12NePg1JPaHFw==\n-----END PUBLIC KEY-----\n"}}},"roles":{"root":{"keyids":["09511bfa91a3dc7186789e61110733724c18b8debf2255623ed3202b70acd759","61491d12afe41a1fc2c2204046d0857f9950115b4f2dfff758bb556c8fa38b2c"],"threshold":2},"snapshot":{"keyids":["1dec63309978fb7e4f8264f403798fce160174c65ac85398ae39b07daeaa2482"],"threshold":1},"targets":{"keyids":["5e284914a20f614e375b4f82808333a687afeee15d7f43d187dc173353682fd5"],"threshold":1},"timestamp":{"keyids":["f48d3de6cc0c9f9dbb6b8af8f3de96a1f12d24c9f5980f2d8ce7afdf19b07e03"],"threshold":1}},"consistent_snapshot":false},"signatures":[{"keyid":"09511bfa91a3dc7186789e61110733724c18b8debf2255623ed3202b70acd759","sig":"3046022100aceb849b04e33e1ff3bfa2ed7ee9fee11bcfb1e2e99ebcb1b3ae945215b8a42c022100c157930d70bc3d94075f1bc7e2b0d42cee5ea5c0adca235e5f4ce16ce88b2c46"},{"keyid":"61491d12afe41a1fc2c2204046d0857f9950115b4f2dfff758bb556c8fa38b2c","sig":"304502204f83ccbcfaf1e086b02172f0d0d13bdf8fb96fda3b6e4c6e71934af30099211802210085ed4b98bb8f93784286dd80eb8d272686ac5a9c89c589f59bffa0dac4a1ce48"}]} \ No newline at end of file diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/repository/root.json b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/repository/root.json new file mode 100644 index 00000000..c0a3c063 --- /dev/null +++ b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/repository/root.json @@ -0,0 +1 @@ +{"signed":{"_type":"root","spec_version":"1.0","version":2,"expires":"2024-12-20T21:37:40Z","keys":{"09511bfa91a3dc7186789e61110733724c18b8debf2255623ed3202b70acd759":{"keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZd80ry+aWsYUuNgxh6A9MqZX7I03\nnP0sEfTHTBKYn+mHvmd7iNE3jT6ccTmvSmPR593Y59zPxuxVxVxNluI/Sw==\n-----END PUBLIC KEY-----\n"}},"1dec63309978fb7e4f8264f403798fce160174c65ac85398ae39b07daeaa2482":{"keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE+iObJwvwNaRlcYTWQm06PwkG/JXZ\nHbs3NbF6q88yX8/9cFWkPM7fe6ywqnUPvjB3SB/TRBA247JOorXq9GnkoA==\n-----END PUBLIC KEY-----\n"}},"5e284914a20f614e375b4f82808333a687afeee15d7f43d187dc173353682fd5":{"keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEidXjF3GT4NNDHaqLnAHmKHNcYM+v\nCtWgjXPUxZ/ra6X3JWDIAxySTW8kIxqBDuZjdPx2Cb3iGsYKvv1uU2ACTw==\n-----END PUBLIC KEY-----\n"}},"61491d12afe41a1fc2c2204046d0857f9950115b4f2dfff758bb556c8fa38b2c":{"keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEwQbpOfC51o+7QQYdEKgRGyA53MAk\n+kpoHN4u+vBiRX6gtElBG+08uHZ+hYGVuZkrYS3RY2e4FE6S8V67aYVg2g==\n-----END PUBLIC KEY-----\n"}},"f48d3de6cc0c9f9dbb6b8af8f3de96a1f12d24c9f5980f2d8ce7afdf19b07e03":{"keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEDYVTdtFRilKwjrgFU4BmfC+3dN7B\nnxvAzhcHNKr1BtgjlbD4ih10lM3mMfMy6xXEIgHG08hpz12NePg1JPaHFw==\n-----END PUBLIC KEY-----\n"}}},"roles":{"root":{"keyids":["09511bfa91a3dc7186789e61110733724c18b8debf2255623ed3202b70acd759","61491d12afe41a1fc2c2204046d0857f9950115b4f2dfff758bb556c8fa38b2c"],"threshold":2},"snapshot":{"keyids":["1dec63309978fb7e4f8264f403798fce160174c65ac85398ae39b07daeaa2482"],"threshold":1},"targets":{"keyids":["5e284914a20f614e375b4f82808333a687afeee15d7f43d187dc173353682fd5"],"threshold":1},"timestamp":{"keyids":["f48d3de6cc0c9f9dbb6b8af8f3de96a1f12d24c9f5980f2d8ce7afdf19b07e03"],"threshold":1}},"consistent_snapshot":false},"signatures":[{"keyid":"09511bfa91a3dc7186789e61110733724c18b8debf2255623ed3202b70acd759","sig":"3046022100aceb849b04e33e1ff3bfa2ed7ee9fee11bcfb1e2e99ebcb1b3ae945215b8a42c022100c157930d70bc3d94075f1bc7e2b0d42cee5ea5c0adca235e5f4ce16ce88b2c46"},{"keyid":"61491d12afe41a1fc2c2204046d0857f9950115b4f2dfff758bb556c8fa38b2c","sig":"304502204f83ccbcfaf1e086b02172f0d0d13bdf8fb96fda3b6e4c6e71934af30099211802210085ed4b98bb8f93784286dd80eb8d272686ac5a9c89c589f59bffa0dac4a1ce48"}]} \ No newline at end of file diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/repository/snapshot.json b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/repository/snapshot.json new file mode 100644 index 00000000..b8b37805 --- /dev/null +++ b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/repository/snapshot.json @@ -0,0 +1 @@ +{"signed":{"_type":"snapshot","spec_version":"1.0","version":2,"expires":"2024-08-29T20:36:55Z","meta":{"targets.json":{"length":642,"hashes":{"sha512":"4cdbc10a77607ab1effe79645e367c61d1195af568995b9ce0dec5fd684af4359198add5597e92e61aa8f2c96598ed48552847ad14fe35354868446b60a0e498"},"version":1}}},"signatures":[{"keyid":"1dec63309978fb7e4f8264f403798fce160174c65ac85398ae39b07daeaa2482","sig":"30460221008fa6b790fb813c483b9672afc045b5bd3e0c719bb8ddf63ab7f97ae632015a3b022100bcaa73f6b2de9e67cdd1d336cb31a0d86f73ec935d3bd03a9fd0a08fbb516754"}]} \ No newline at end of file diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/repository/targets.json b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/repository/targets.json new file mode 100644 index 00000000..c24e637b --- /dev/null +++ b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/repository/targets.json @@ -0,0 +1 @@ +{"signed":{"_type":"targets","spec_version":"1.0","version":1,"expires":"2024-11-22T21:34:24Z","targets":{"test.txt":{"length":10,"hashes":{"sha256":"55f8718109829bf506b09d8af615b9f107a266e19f7a311039d1035f180b22d4"}},"test2.txt":{"length":6,"hashes":{"sha512":"2dff935df7d1e1221ef52c753091c487c6fdaabbb0b0e2b193764de8cd7c1222776c61d7ef21f20a4d031a6a6bfa631713df7c4f71b4ee21d362152d4618d514"}}}},"signatures":[{"keyid":"5e284914a20f614e375b4f82808333a687afeee15d7f43d187dc173353682fd5","sig":"304602210092fbb2a4cfc04497f640314d41207d79a17ea5b3331faf157e24da738c124dbc022100b237f54ea3d3fb5687b3e47fbc3549a216dbda9c0ab05e94196f2ab6990894da"}]} diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/repository/targets/2dff935df7d1e1221ef52c753091c487c6fdaabbb0b0e2b193764de8cd7c1222776c61d7ef21f20a4d031a6a6bfa631713df7c4f71b4ee21d362152d4618d514.test2.txt b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/repository/targets/2dff935df7d1e1221ef52c753091c487c6fdaabbb0b0e2b193764de8cd7c1222776c61d7ef21f20a4d031a6a6bfa631713df7c4f71b4ee21d362152d4618d514.test2.txt new file mode 100644 index 00000000..180cf832 --- /dev/null +++ b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/repository/targets/2dff935df7d1e1221ef52c753091c487c6fdaabbb0b0e2b193764de8cd7c1222776c61d7ef21f20a4d031a6a6bfa631713df7c4f71b4ee21d362152d4618d514.test2.txt @@ -0,0 +1 @@ +test2 diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/repository/targets/55f8718109829bf506b09d8af615b9f107a266e19f7a311039d1035f180b22d4.test.txt b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/repository/targets/55f8718109829bf506b09d8af615b9f107a266e19f7a311039d1035f180b22d4.test.txt new file mode 100644 index 00000000..16b14f5d --- /dev/null +++ b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/repository/targets/55f8718109829bf506b09d8af615b9f107a266e19f7a311039d1035f180b22d4.test.txt @@ -0,0 +1 @@ +test file diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/repository/timestamp.json b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/repository/timestamp.json new file mode 100644 index 00000000..dd39a9c7 --- /dev/null +++ b/sigstore-java/src/test/resources/dev/sigstore/tuf/synthetic/test/repository/timestamp.json @@ -0,0 +1 @@ +{"signed":{"_type":"timestamp","spec_version":"1.0","version":2,"expires":"2024-08-23T20:36:58Z","meta":{"snapshot.json":{"length":544,"hashes":{"sha512":"03f128cfbfe1892a698079944a1c849f88997af2d4a82934063b007da42a3ec934c78965faa2d5a93cbda0ee06f952fbefe156d7416e89f8c0ff1cbf5b5169d2"},"version":2}}},"signatures":[{"keyid":"f48d3de6cc0c9f9dbb6b8af8f3de96a1f12d24c9f5980f2d8ce7afdf19b07e03","sig":"3046022100d9147f558bcb36b33fe10456529457d841d04efec9a0f6f00dcefd907d01e6e7022100b5ffac27ce56a2977c6c5b107ee4b97b07b0bf5ed1bb39789058b794e68fe6a5"}]} \ No newline at end of file