From 6314f67c333ebfbd4ed6457585b9e197e926154c Mon Sep 17 00:00:00 2001 From: Appu Goundan Date: Thu, 22 Feb 2024 16:21:43 -0500 Subject: [PATCH] Update protobuf-spec to 0.3.0 Generated sigstore bundles are now 0.3 Bundle parser can read 0.1, 0.2 and 0.3 bundles Signed-off-by: Appu Goundan --- sigstore-java/build.gradle.kts | 2 +- .../sigstore/KeylessVerificationRequest.java | 5 +- .../bundle/BundleFactoryInternal.java | 151 +++++++++--------- .../dev/sigstore/proto/ProtoMutators.java | 9 ++ .../dev/sigstore/KeylessVerifierTest.java | 39 ++++- .../sigstore/bundle/BundleFactoryTest.java | 78 +++++++++ .../samples/bundles/bundle.dsse.sigstore | 1 + .../samples/bundles/bundle.v1.sigstore | 1 + .../bundles/bundle.v2.no.inclusion.sigstore | 1 + .../samples/bundles/bundle.v2.sigstore | 1 + .../bundles/bundle.v3.no.inclusion.sigstore | 1 + .../samples/bundles/bundle.v3.sigstore | 1 + .../dev/sigstore/testkit/BaseGradleTest.kt | 2 +- 13 files changed, 208 insertions(+), 84 deletions(-) create mode 100644 sigstore-java/src/test/java/dev/sigstore/bundle/BundleFactoryTest.java create mode 100644 sigstore-java/src/test/resources/dev/sigstore/samples/bundles/bundle.dsse.sigstore create mode 100644 sigstore-java/src/test/resources/dev/sigstore/samples/bundles/bundle.v1.sigstore create mode 100644 sigstore-java/src/test/resources/dev/sigstore/samples/bundles/bundle.v2.no.inclusion.sigstore create mode 100644 sigstore-java/src/test/resources/dev/sigstore/samples/bundles/bundle.v2.sigstore create mode 100644 sigstore-java/src/test/resources/dev/sigstore/samples/bundles/bundle.v3.no.inclusion.sigstore create mode 100644 sigstore-java/src/test/resources/dev/sigstore/samples/bundles/bundle.v3.sigstore diff --git a/sigstore-java/build.gradle.kts b/sigstore-java/build.gradle.kts index 0383ab1c..bf655488 100644 --- a/sigstore-java/build.gradle.kts +++ b/sigstore-java/build.gradle.kts @@ -20,7 +20,7 @@ dependencies { implementation("io.github.erdtman:java-json-canonicalization:1.1") - implementation("dev.sigstore:protobuf-specs:0.2.1") { + implementation("dev.sigstore:protobuf-specs:0.3.0") { because("It generates Sigstore Bundle file") } implementation(platform("com.google.protobuf:protobuf-bom:3.25.2")) diff --git a/sigstore-java/src/main/java/dev/sigstore/KeylessVerificationRequest.java b/sigstore-java/src/main/java/dev/sigstore/KeylessVerificationRequest.java index 15c2559e..0640b141 100644 --- a/sigstore-java/src/main/java/dev/sigstore/KeylessVerificationRequest.java +++ b/sigstore-java/src/main/java/dev/sigstore/KeylessVerificationRequest.java @@ -37,7 +37,10 @@ interface VerificationOptions { * rekor entry in a {@link KeylessSignature}. Verifier may still connect to Rekor to obtain an * entry if no {@link KeylessSignature#getEntry()} is empty. */ - boolean alwaysUseRemoteRekorEntry(); + @Default + default boolean alwaysUseRemoteRekorEntry() { + return false; + } List getCertificateIdentities(); diff --git a/sigstore-java/src/main/java/dev/sigstore/bundle/BundleFactoryInternal.java b/sigstore-java/src/main/java/dev/sigstore/bundle/BundleFactoryInternal.java index c3a9b27b..087e5e19 100644 --- a/sigstore-java/src/main/java/dev/sigstore/bundle/BundleFactoryInternal.java +++ b/sigstore-java/src/main/java/dev/sigstore/bundle/BundleFactoryInternal.java @@ -15,10 +15,11 @@ */ package dev.sigstore.bundle; +import com.google.common.collect.Iterables; import com.google.protobuf.ByteString; import com.google.protobuf.util.JsonFormat; import dev.sigstore.KeylessSignature; -import dev.sigstore.encryption.certificates.Certificates; +import dev.sigstore.proto.ProtoMutators; import dev.sigstore.proto.bundle.v1.Bundle; import dev.sigstore.proto.bundle.v1.VerificationMaterial; import dev.sigstore.proto.common.v1.HashAlgorithm; @@ -26,7 +27,6 @@ import dev.sigstore.proto.common.v1.LogId; import dev.sigstore.proto.common.v1.MessageSignature; import dev.sigstore.proto.common.v1.X509Certificate; -import dev.sigstore.proto.common.v1.X509CertificateChain; import dev.sigstore.proto.rekor.v1.Checkpoint; import dev.sigstore.proto.rekor.v1.InclusionPromise; import dev.sigstore.proto.rekor.v1.InclusionProof; @@ -39,13 +39,11 @@ import java.io.IOException; import java.io.Reader; import java.security.cert.CertPath; -import java.security.cert.Certificate; import java.security.cert.CertificateEncodingException; import java.security.cert.CertificateException; -import java.security.cert.CertificateFactory; -import java.util.ArrayList; import java.util.Base64; import java.util.List; +import java.util.Optional; import java.util.stream.Collectors; import org.bouncycastle.util.encoders.Hex; @@ -59,6 +57,12 @@ class BundleFactoryInternal { static final JsonFormat.Printer JSON_PRINTER = JsonFormat.printer(); + private static final String BUNDLE_V_0_1 = "application/vnd.dev.sigstore.bundle+json;version=0.1"; + private static final String BUNDLE_V_0_2 = "application/vnd.dev.sigstore.bundle+json;version=0.2"; + private static final String BUNDLE_V_0_3 = "application/vnd.dev.sigstore.bundle+json;version=0.3"; + private static final List SUPPORTED_MEDIA_TYPES = + List.of(BUNDLE_V_0_1, BUNDLE_V_0_2, BUNDLE_V_0_3); + /** * Generates Sigstore Bundle Builder from {@link KeylessSignature}. This might be useful in case * you want to add additional information to the bundle. @@ -72,7 +76,7 @@ static Bundle.Builder createBundleBuilder(KeylessSignature signingResult) { "keyless signature must have artifact digest when serializing to bundle"); } return Bundle.newBuilder() - .setMediaType("application/vnd.dev.sigstore.bundle+json;version=0.2") + .setMediaType(BUNDLE_V_0_3) .setVerificationMaterial(buildVerificationMaterial(signingResult)) .setMessageSignature( MessageSignature.newBuilder() @@ -85,29 +89,18 @@ static Bundle.Builder createBundleBuilder(KeylessSignature signingResult) { private static VerificationMaterial.Builder buildVerificationMaterial( KeylessSignature signingResult) { - var builder = - VerificationMaterial.newBuilder() - .setX509CertificateChain( - X509CertificateChain.newBuilder() - .addAllCertificates( - signingResult.getCertPath().getCertificates().stream() - .map( - c -> { - byte[] encoded; - try { - encoded = c.getEncoded(); - } catch (CertificateEncodingException e) { - throw new IllegalArgumentException( - "Cannot encode certificate " + c, e); - } - return X509Certificate.newBuilder() - .setRawBytes(ByteString.copyFrom(encoded)) - .build(); - }) - .collect(Collectors.toList()))); - if (signingResult.getEntry().isPresent()) { - builder.addTlogEntries(buildTlogEntries(signingResult.getEntry().get())); + X509Certificate cert; + var javaCert = Iterables.getLast(signingResult.getCertPath().getCertificates()); + try { + cert = ProtoMutators.fromCert((java.security.cert.X509Certificate) javaCert); + } catch (CertificateEncodingException ce) { + throw new IllegalArgumentException("Cannot encode certificate " + javaCert, ce); + } + var builder = VerificationMaterial.newBuilder().setCertificate(cert); + if (signingResult.getEntry().isEmpty()) { + throw new IllegalArgumentException("A log entry must be present in the signing result"); } + builder.addTlogEntries(buildTlogEntries(signingResult.getEntry().get())); return builder; } @@ -135,10 +128,13 @@ private static TransparencyLogEntry.Builder buildTlogEntries(RekorEntry entry) { private static void addInclusionProof( TransparencyLogEntry.Builder transparencyLogEntry, RekorEntry entry) { RekorEntry.InclusionProof inclusionProof = - entry.getVerification().getInclusionProof().orElse(null); - if (inclusionProof == null) { - return; - } + entry + .getVerification() + .getInclusionProof() + .orElseThrow( + () -> + new IllegalArgumentException( + "An inclusion proof must be present in the log entry in the signing result")); transparencyLogEntry.setInclusionProof( InclusionProof.newBuilder() .setLogIndex(inclusionProof.getLogIndex()) @@ -156,43 +152,39 @@ static KeylessSignature readBundle(Reader jsonReader) throws BundleParseExceptio try { JsonFormat.parser().merge(jsonReader, bundleBuilder); } catch (IOException ioe) { - throw new BundleParseException("Could not read bundle json", ioe); + throw new BundleParseException("Could not process bundle json", ioe); } - Bundle bundle = bundleBuilder.build(); - // TODO: only allow v0.2 bundles at some point, we will only be producing v0.2 bundles - // TODO: in our GA release. - // var supportedMediaType = "application/vnd.dev.sigstore.bundle+json;version=0.2"; - // if (!supportedMediaType.equals(bundle.getMediaType())) { - // throw new BundleParseException( - // "Unsupported media type '" - // + bundle.getMediaType() - // + "', only '" - // + supportedMediaType - // + "' is supported"); - // } + Bundle bundle = bundleBuilder.build(); + if (!SUPPORTED_MEDIA_TYPES.contains(bundle.getMediaType())) { + throw new BundleParseException("Unsupported bundle media type: " + bundle.getMediaType()); + } if (bundle.getVerificationMaterial().getTlogEntriesCount() == 0) { throw new BundleParseException("Could not find any tlog entries in bundle json"); } var bundleEntry = bundle.getVerificationMaterial().getTlogEntries(0); + RekorEntry.InclusionProof inclusionProof = null; if (!bundleEntry.hasInclusionProof()) { - throw new BundleParseException("Could not find an inclusion proof"); + if (!bundle.getMediaType().equals(BUNDLE_V_0_1)) { + throw new BundleParseException("Could not find an inclusion proof"); + } + } else { + var bundleInclusionProof = bundleEntry.getInclusionProof(); + + inclusionProof = + ImmutableInclusionProof.builder() + .logIndex(bundleInclusionProof.getLogIndex()) + .rootHash(Hex.toHexString(bundleInclusionProof.getRootHash().toByteArray())) + .treeSize(bundleInclusionProof.getTreeSize()) + .checkpoint(bundleInclusionProof.getCheckpoint().getEnvelope()) + .addAllHashes( + bundleInclusionProof.getHashesList().stream() + .map(ByteString::toByteArray) + .map(Hex::toHexString) + .collect(Collectors.toList())) + .build(); } - var bundleInclusionProof = bundleEntry.getInclusionProof(); - - ImmutableInclusionProof inclusionProof = - ImmutableInclusionProof.builder() - .logIndex(bundleInclusionProof.getLogIndex()) - .rootHash(Hex.toHexString(bundleInclusionProof.getRootHash().toByteArray())) - .treeSize(bundleInclusionProof.getTreeSize()) - .checkpoint(bundleInclusionProof.getCheckpoint().getEnvelope()) - .addAllHashes( - bundleInclusionProof.getHashesList().stream() - .map(ByteString::toByteArray) - .map(Hex::toHexString) - .collect(Collectors.toList())) - .build(); var verification = ImmutableVerification.builder() @@ -200,7 +192,7 @@ static KeylessSignature readBundle(Reader jsonReader) throws BundleParseExceptio Base64.getEncoder() .encodeToString( bundleEntry.getInclusionPromise().getSignedEntryTimestamp().toByteArray())) - .inclusionProof(inclusionProof) + .inclusionProof(Optional.ofNullable(inclusionProof)) .build(); var rekorEntry = @@ -214,6 +206,10 @@ static KeylessSignature readBundle(Reader jsonReader) throws BundleParseExceptio .verification(verification) .build(); + if (bundle.hasDsseEnvelope()) { + throw new BundleParseException("DSSE envelope signatures are not supported by this client"); + } + var digest = new byte[] {}; if (bundle.getMessageSignature().hasMessageDigest()) { var hashAlgorithm = bundle.getMessageSignature().getMessageDigest().getAlgorithm(); @@ -228,27 +224,24 @@ static KeylessSignature readBundle(Reader jsonReader) throws BundleParseExceptio digest = bundle.getMessageSignature().getMessageDigest().getDigest().toByteArray(); } + CertPath certPath; try { - return KeylessSignature.builder() - .digest(digest) - .certPath( - toCertPath( - bundle.getVerificationMaterial().getX509CertificateChain().getCertificatesList())) - .signature(bundle.getMessageSignature().getSignature().toByteArray()) - .entry(rekorEntry) - .build(); + if (bundle.getVerificationMaterial().hasCertificate()) { + certPath = + ProtoMutators.toCertPath(List.of(bundle.getVerificationMaterial().getCertificate())); + } else { + certPath = + ProtoMutators.toCertPath( + bundle.getVerificationMaterial().getX509CertificateChain().getCertificatesList()); + } } catch (CertificateException ce) { throw new BundleParseException("Could not parse bundle certificate chain", ce); } - } - - private static CertPath toCertPath(List certificates) - throws CertificateException { - CertificateFactory cf = CertificateFactory.getInstance("X.509"); - List converted = new ArrayList<>(certificates.size()); - for (var cert : certificates) { - converted.add(Certificates.fromDer(cert.getRawBytes().toByteArray())); - } - return cf.generateCertPath(converted); + return KeylessSignature.builder() + .digest(digest) + .certPath(certPath) + .signature(bundle.getMessageSignature().getSignature().toByteArray()) + .entry(rekorEntry) + .build(); } } diff --git a/sigstore-java/src/main/java/dev/sigstore/proto/ProtoMutators.java b/sigstore-java/src/main/java/dev/sigstore/proto/ProtoMutators.java index afa7bf9a..5303132a 100644 --- a/sigstore-java/src/main/java/dev/sigstore/proto/ProtoMutators.java +++ b/sigstore-java/src/main/java/dev/sigstore/proto/ProtoMutators.java @@ -15,11 +15,13 @@ */ package dev.sigstore.proto; +import com.google.protobuf.ByteString; import com.google.protobuf.Timestamp; import dev.sigstore.encryption.certificates.Certificates; import dev.sigstore.proto.common.v1.X509Certificate; import java.security.cert.CertPath; import java.security.cert.Certificate; +import java.security.cert.CertificateEncodingException; import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; import java.time.Instant; @@ -41,4 +43,11 @@ public static CertPath toCertPath(List certificates) public static Instant toInstant(Timestamp timestamp) { return Instant.ofEpochSecond(timestamp.getSeconds(), timestamp.getNanos()); } + + public static X509Certificate fromCert(java.security.cert.X509Certificate certificate) + throws CertificateEncodingException { + byte[] encoded; + encoded = certificate.getEncoded(); + return X509Certificate.newBuilder().setRawBytes(ByteString.copyFrom(encoded)).build(); + } } diff --git a/sigstore-java/src/test/java/dev/sigstore/KeylessVerifierTest.java b/sigstore-java/src/test/java/dev/sigstore/KeylessVerifierTest.java index 82108100..32829720 100644 --- a/sigstore-java/src/test/java/dev/sigstore/KeylessVerifierTest.java +++ b/sigstore-java/src/test/java/dev/sigstore/KeylessVerifierTest.java @@ -61,11 +61,46 @@ public void testVerify_mismatchedSet() throws Exception { var verificationReq = KeylessVerificationRequest.builder() .keylessSignature(BundleFactory.readBundle(new StringReader(bundleFile))) - .verificationOptions( - VerificationOptions.builder().alwaysUseRemoteRekorEntry(false).build()) .build(); Assertions.assertThrows( KeylessVerificationException.class, () -> verifier.verify(Path.of(artifact), verificationReq)); } + + @Test + public void testVerify_canVerifyV01Bundle() throws Exception { + verifyBundle( + "dev/sigstore/samples/bundles/artifact.txt", + "dev/sigstore/samples/bundles/bundle.v1.sigstore"); + } + + @Test + public void testVerify_canVerifyV02Bundle() throws Exception { + verifyBundle( + "dev/sigstore/samples/bundles/artifact.txt", + "dev/sigstore/samples/bundles/bundle.v2.sigstore"); + } + + @Test + public void testVerify_canVerifyV03Bundle() throws Exception { + verifyBundle( + "dev/sigstore/samples/bundles/artifact.txt", + "dev/sigstore/samples/bundles/bundle.v3.sigstore"); + } + + public void verifyBundle(String artifactResourcePath, String bundleResourcePath) + throws Exception { + var artifact = Resources.getResource(artifactResourcePath).getPath(); + var bundleFile = + Resources.toString(Resources.getResource(bundleResourcePath), StandardCharsets.UTF_8); + + var verifier = KeylessVerifier.builder().sigstorePublicDefaults().build(); + var verificationReq = + KeylessVerificationRequest.builder() + .keylessSignature(BundleFactory.readBundle(new StringReader(bundleFile))) + .verificationOptions(VerificationOptions.builder().build()) + .build(); + + verifier.verify(Path.of(artifact), verificationReq); + } } diff --git a/sigstore-java/src/test/java/dev/sigstore/bundle/BundleFactoryTest.java b/sigstore-java/src/test/java/dev/sigstore/bundle/BundleFactoryTest.java new file mode 100644 index 00000000..b4de1627 --- /dev/null +++ b/sigstore-java/src/test/java/dev/sigstore/bundle/BundleFactoryTest.java @@ -0,0 +1,78 @@ +/* + * Copyright 2024 The Sigstore Authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package dev.sigstore.bundle; + +import com.google.common.io.Resources; +import dev.sigstore.KeylessSignature; +import java.io.IOException; +import java.io.InputStreamReader; +import java.nio.charset.StandardCharsets; +import org.junit.jupiter.api.Assertions; +import org.junit.jupiter.api.Test; + +class BundleFactoryTest { + @Test + public void readV1Bundle() throws Exception { + readBundle("dev/sigstore/samples/bundles/bundle.v1.sigstore"); + } + + @Test + public void readV2Bundle() throws Exception { + readBundle("dev/sigstore/samples/bundles/bundle.v2.sigstore"); + } + + @Test + public void readV2Bundle_noInclusion() { + var ex = + Assertions.assertThrows( + BundleParseException.class, + () -> readBundle("dev/sigstore/samples/bundles/bundle.v2.no.inclusion.sigstore")); + Assertions.assertEquals("Could not find an inclusion proof", ex.getMessage()); + } + + @Test + public void readV3Bundle() throws Exception { + readBundle("dev/sigstore/samples/bundles/bundle.v3.sigstore"); + } + + @Test + public void readV3Bundle_noInclusion() { + var ex = + Assertions.assertThrows( + BundleParseException.class, + () -> readBundle("dev/sigstore/samples/bundles/bundle.v3.no.inclusion.sigstore")); + Assertions.assertEquals("Could not find an inclusion proof", ex.getMessage()); + } + + @Test + public void readDSSEBundle() throws Exception { + var ex = + Assertions.assertThrows( + BundleParseException.class, + () -> readBundle("dev/sigstore/samples/bundles/bundle.dsse.sigstore")); + Assertions.assertEquals( + "DSSE envelope signatures are not supported by this client", ex.getMessage()); + } + + private KeylessSignature readBundle(String resourcePath) + throws IOException, BundleParseException { + try (var reader = + new InputStreamReader( + Resources.getResource(resourcePath).openStream(), StandardCharsets.UTF_8)) { + return BundleFactory.readBundle(reader); + } + } +} diff --git a/sigstore-java/src/test/resources/dev/sigstore/samples/bundles/bundle.dsse.sigstore b/sigstore-java/src/test/resources/dev/sigstore/samples/bundles/bundle.dsse.sigstore new file mode 100644 index 00000000..c6823da8 --- /dev/null +++ b/sigstore-java/src/test/resources/dev/sigstore/samples/bundles/bundle.dsse.sigstore @@ -0,0 +1 @@ +{"mediaType":"application/vnd.dev.sigstore.bundle+json;version=0.2","verificationMaterial":{"x509CertificateChain":{"certificates":[{"rawBytes":"MIIC+TCCAp+gAwIBAgIEERggBDAKBggqhkjOPQQDAzArMREwDwYDVQQDEwhzaWdzdG9yZTEWMBQGA1UEChMNc2lnc3RvcmUubW9jazAeFw0yMzAyMDEwMDAwMDBaFw0yMzAyMDEwMDEwMDBaMAAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASQM2eJPe5oBjDG7hTsPcRBcKhRrjgC9zMWJ2RTSmfzEBI8T1vTF4Lz6KP6pygxdrmCHHW6SXqJGGmgBzo1ok9Wo4IB2jCCAdYwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMDMIGlBgNVHREBAf8EgZowgZeGgZRodHRwczovL2dpdGh1Yi5jb20vc2lnc3RvcmUtY29uZm9ybWFuY2UvZXh0cmVtZWx5LWRhbmdlcm91cy1wdWJsaWMtb2lkYy1iZWFjb24vLmdpdGh1Yi93b3JrZmxvd3MvZXh0cmVtZWx5LWRhbmdlcm91cy1vaWRjLWJlYWNvbi55bWxAcmVmcy9oZWFkcy9tYWluMB0GA1UdDgQWBBRZgwYbV93/5qITdbmTqIdG0v8b0DAfBgNVHSMEGDAWgBQ/FFxk7FUxt/oE8lDZEF0s7kasuDA7BgorBgEEAYO/MAEIBC0MK2h0dHBzOi8vdG9rZW4uYWN0aW9ucy5naXRodWJ1c2VyY29udGVudC5jb20wgYkGCisGAQQB1nkCBAIEewR5AHcAdQD3JsqjQRe6kWVErzc06SDNTEku91zmIo/cBO7/Lz8n3QAAAYYKRewAAAAEAwBGMEQCIFnuWBVFYgMX4H3ZRCMC1I+ATbvxbL6seQjQzCcg/5GaAiA3ZaogbHzdd5iogGIAH4ie375BHoWHZ5ULhBnHjyiBnjAKBggqhkjOPQQDAwNIADBFAiEApzWL0OZPurv9/AZp1Mvq6SDFWR3ywLnGcCT8/7aae0UCIDD6vUdxofuJBJgvj/QJo+nsYg+w78CamL+2xAO6VP/S"}]},"tlogEntries":[{"logIndex":"6283476","logId":{"keyId":"9ybKo0EXupFlRK83NOkgzUxJLvdc5iKP3ATu/y8/J90="},"kindVersion":{"kind":"intoto","version":"0.0.2"},"integratedTime":"1675209600","inclusionPromise":{"signedEntryTimestamp":"MEUCIQDgJNIaJoa/5HBTw2l7kULeKvV3fGKJ+NNuYdaQjr1HcwIgUKlKhwKDR5gJdpkIDmT/itxDfyBML39MMD5isQrVqoo="},"inclusionProof":{"logIndex":"0","rootHash":"VAy6NoRBsD4ZU/VFHRYmqBxhdxDQ+baDonVh7Nadrfo=","treeSize":"1","hashes":[],"checkpoint":{"envelope":"localhost:8000 - 56600746402783\n1\nVAy6NoRBsD4ZU/VFHRYmqBxhdxDQ+baDonVh7Nadrfo=\nTimestamp: 1675209600000000000\n\n— localhost:8000 9ybKozBFAiAxmlqJ7gtz+ZJE2Mtn3s7HJQCV5y3JmJ6cGhlH4VWCqgIhAPy6ZWBrJZnHgZqCLehTgWmu6+95EAhsnAcpMyFqQPjt\n"}},"canonicalizedBody":"eyJhcGlWZXJzaW9uIjoiMC4wLjIiLCJraW5kIjoiaW50b3RvIiwic3BlYyI6eyJjb250ZW50Ijp7ImVudmVsb3BlIjp7InBheWxvYWQiOiJaWGR2WjBsRFNtWmtTR3gzV2xOSk5rbERTbTlrU0ZKM1kzcHZka3d5YkhWTVdGSjJaRWM0ZFdGWE9IWlZNMUpvWkVkV2RGcFhOVEJNTTFsNFNXbDNTMGxEUVdsak0xWnBZVzFXYW1SRFNUWkpSbk5MU1VOQlowbEljMHRKUTBGblNVTkJaMGx0TldoaVYxVnBUMmxCYVZwRE5UQmxTRkZwVEVGdlowbERRV2RKUTBGcFdrZHNibHBZVGpCSmFtOW5aWGR2WjBsRFFXZEpRMEZuU1VOS2VtRkhSWGxPVkZscFQybEJhVTE2VFhkWlZFRXdUWHBKZVUxSFdtaE5WRTVzVFVSR2EwNXFhR2hPTWxKcFRYcHNhazlFYkd4TlZFcHBUVWROTUZsNlRtbE9iVVYzVFhwUk1scHRWVEpOYWxKcFRVUnJkMDB5V1hoTmVrRjZXV3BXYVUxcFNVdEpRMEZuU1VOQloyWlJiMmRKUTBGblpsRnZaMGxHTUhORGFVRm5TVzVDZVZwWFVuQlpNa1l3V2xaU05XTkhWV2xQYVVGcFlVaFNNR05JVFRaTWVUbDZZa2hPYUV4dFVteGthVGwzWTIwNU1scFhOV2hpYlU1c1RETlplRWxwZDB0SlEwRnBZMGhLYkZwSGJHcFpXRkpzU1dwdloyVjNiMmRKUTBGblNXMUtNV0ZYZUd0U1IxWnRZVmMxY0dSSGJIWmlhVWsyU1VoelMwbERRV2RKUTBGblNXMUtNV0ZYZUd0V1NHeDNXbE5KTmtsRFNtOWtTRkozWTNwdmRrd3pUbk5qTWtWMFdtNUthR0pYVmpOaU0wcHlURzFrY0dSSGFERlphVFZ3WW5rNWJtRllVbTlrVjBsMFdWZE9NR0ZYT1hWamVURnBaRmRzYzFwSVVqVmpSMVo2VEROa2RtTnRkRzFpUnprelRETlplRWxwZDB0SlEwRm5TVU5CWjBsdFZqUmtSMVo1WW0xR2MxVkhSbmxaVnpGc1pFZFdlV041U1RaSlNITkxTVU5CWjBsRFFXZEpRMEZwWkRJNWVXRXlXbk5pTTJOcFQybENOME5wUVdkSlEwRm5TVU5CWjBsRFFXbGpiVlp0U1dwdlowbHVTbXhhYmsxMllVZFdhRnBJVFhaaVYwWndZbWxKYzBOcFFXZEpRMEZuU1VOQlowbERRV2xqYlZaM1lqTk9jR1JIT1hsbFUwazJTVU5LYjJSSVVuZGplbTkyVERKa2NHUkhhREZaYVRWcVlqSXdkbU15Ykc1ak0xSjJZMjFWZG1NeWJHNWpNMUoyWTIxVmRGa3lPWFZhYlRsNVlsZEdkVmt5VldsTVFXOW5TVU5CWjBsRFFXZEpRMEZuU1c1Q2FHUkhaMmxQYVVGcFRHMWtjR1JIYURGWmFUa3pZak5LY2xwdGVIWmtNMDEyV1RJNWRWcHRPWGxpVjBaMVdUSlZkV1ZYTVhOSloyOW5TVU5CWjBsRFFXZEpTREJMU1VOQlowbERRV2RtVTNkTFNVTkJaMGxEUVdkSmJXeDFaRWRXZVdKdFJuTlZSMFo1V1ZjeGJHUkhWbmxqZVVrMlNVaHpTMGxEUVdkSlEwRm5TVU5CYVZveWJEQmhTRlpwU1dwdloyVjNiMmRKUTBGblNVTkJaMGxEUVdkSmJWWXlXbGMxTUZneU5XaGlWMVZwVDJsQmFXTklWbnBoUTBselEybEJaMGxEUVdkSlEwRm5TVU5CYVdOdFZuZGlNMDV3WkVjNWVXVldPWEJhUTBrMlNVTkpNVTVFUlRSUFZFMTRUMFJaYVV4QmIyZEpRMEZuU1VOQlowbERRV2RKYmtwc1kwYzVlbUZZVW5aamJteG1Zak5rZFZwWVNtWmhWMUZwVDJsQmFVNTZSWGRQVkZsNlRsUk5hVU5wUVdkSlEwRm5TVU5CWjJaUmIyZEpRMEZuU1VOQ09VeEJiMmRKUTBGblNVTkJhV050Vm5waU1uZ3lXbGRTUlZwWVFteGliVkpzWW0xT2NGcFlUV2xQYVVKaVEybEJaMGxEUVdkSlEwRm5aWGR2WjBsRFFXZEpRMEZuU1VOQlowbHVWbmxoVTBrMlNVTktibUZZVVhKaFNGSXdZMGhOTmt4NU9XNWhXRkp2WkZkSmRWa3lPWFJNTTA1d1dqTk9NR0l6U214TU0wNXdXak5PTUdJelNteE1WMDUyWW0xYWRtTnRNV2hpYlU1c1VVaEtiRnB1VFhaaFIxWm9Xa2hOZG1KWFJuQmlhVWx6UTJsQlowbERRV2RKUTBGblNVTkJhVnBIYkc1YVdFNHdTV3B2WjJWM2IyZEpRMEZuU1VOQlowbERRV2RKUTBGcFdqSnNNRkV5T1hSaVYyd3dTV3B2WjBsdFRURmFhbFp0V1dwSk1VNVVSVEpOTWxaclQwUldhMXBIU1hwTmJWRXhUa2RTYWxwSFVUTk5WRUpvV1hwT2JVMUVVVEpOUkUxcFEybEJaMGxEUVdkSlEwRm5TVU5DT1VOcFFXZEpRMEZuU1VOQloyWlJiMmRKUTBGblNVTkNaRU5wUVdkSlEwSTVURUZ2WjBsRFFXZEpia294WW10U2JHUkhSbkJpU0UxcFQybENOME5wUVdkSlEwRm5TVU5LYVdSWGJITmFSMVo1U1dwdloyVjNiMmRKUTBGblNVTkJaMGxEU25CYVEwazJTVU5LYjJSSVVuZGplbTkyVERKa2NHUkhhREZaYVRWcVlqSXdkbGxYVGpCaFZ6bDFZM2s1ZVdSWE5YVmFXRWwyV2pKc01HRklWbWxNVjJoMll6TlNiRnBEU1V0SlEwRm5TVU5CWjJaVGQwdEpRMEZuU1VOQlowbHRNV3hrUjBacldWaFNhRWxxYjJkbGQyOW5TVU5CWjBsRFFXZEpRMHB3WW01YWRsa3lSakJoVnpsMVUxZFJhVTlwUVdsaFNGSXdZMGhOTmt4NU9XNWhXRkp2WkZkSmRWa3lPWFJNTTA1d1dqTk9NR0l6U214TU0wNXdXak5PTUdJelNteE1WMDUyWW0xYWRtTnRNV2hpYlU1c1RESkdhbVJIYkhaaWJrMTJZMjVXZFdONU9ETk5WR042VG1wSmQwOVVSWGRNTWtZd1pFZFdkR05JVW5wTWVrVnBRMmxCWjBsRFFXZEpTREJMU1VOQlowbElNRXRKUTBJNVEyNHdTdz09IiwicGF5bG9hZFR5cGUiOiJhcHBsaWNhdGlvbi92bmQuaW4tdG90bytqc29uIiwic2lnbmF0dXJlcyI6W3sicHVibGljS2V5IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTXJWRU5EUVhBclowRjNTVUpCWjBsRlJWSm5aMEpFUVV0Q1oyZHhhR3RxVDFCUlVVUkJla0Z5VFZKRmQwUjNXVVJXVVZGRVJYZG9lbUZYWkhwa1J6bDVXbFJGVjAxQ1VVZEJNVlZGUTJoTlRtTXliRzVqTTFKMlkyMVZkV0pYT1dwaGVrRmxSbmN3ZVUxNlFYbE5SRVYzVFVSQmQwMUVRbUZHZHpCNVRYcEJlVTFFUlhkTlJFVjNUVVJDWVUxQlFYZFhWRUZVUW1kamNXaHJhazlRVVVsQ1FtZG5jV2hyYWs5UVVVMUNRbmRPUTBGQlUxRk5NbVZLVUdVMWIwSnFSRWMzYUZSelVHTlNRbU5MYUZKeWFtZERPWHBOVjBveVVsUlRiV1o2UlVKSk9GUXhkbFJHTkV4Nk5rdFFObkI1WjNoa2NtMURTRWhYTmxOWWNVcEhSMjFuUW5wdk1XOXJPVmR2TkVsQ01tcERRMEZrV1hkRVoxbEVWbEl3VUVGUlNDOUNRVkZFUVdkbFFVMUNUVWRCTVZWa1NsRlJUVTFCYjBkRFEzTkhRVkZWUmtKM1RVUk5TVWRzUW1kT1ZraFNSVUpCWmpoRloxcHZkMmRhWlVkbldsSnZaRWhTZDJONmIzWk1NbVJ3WkVkb01WbHBOV3BpTWpCMll6SnNibU16VW5aamJWVjBXVEk1ZFZwdE9YbGlWMFoxV1RKVmRscFlhREJqYlZaMFdsZDROVXhYVW1oaWJXUnNZMjA1TVdONU1YZGtWMHB6WVZkTmRHSXliR3RaZVRGcFdsZEdhbUl5TkhaTWJXUndaRWRvTVZscE9UTmlNMHB5V20xNGRtUXpUWFphV0dnd1kyMVdkRnBYZURWTVYxSm9ZbTFrYkdOdE9URmplVEYyWVZkU2FreFhTbXhaVjA1MlltazFOV0pYZUVGamJWWnRZM2s1YjFwWFJtdGplVGwwV1Zkc2RVMUNNRWRCTVZWa1JHZFJWMEpDVWxwbmQxbGlWamt6THpWeFNWUmtZbTFVY1Vsa1J6QjJPR0l3UkVGbVFtZE9Wa2hUVFVWSFJFRlhaMEpSTDBaR2VHczNSbFY0ZEM5dlJUaHNSRnBGUmpCek4ydGhjM1ZFUVRkQ1oyOXlRbWRGUlVGWlR5OU5RVVZKUWtNd1RVc3lhREJrU0VKNlQyazRkbVJIT1hKYVZ6UjFXVmRPTUdGWE9YVmplVFZ1WVZoU2IyUlhTakZqTWxaNVdUSTVkV1JIVm5Wa1F6VnFZakl3ZDJkWmEwZERhWE5IUVZGUlFqRnVhME5DUVVsRlpYZFNOVUZJWTBGa1VVUXpTbk54YWxGU1pUWnJWMVpGY25wak1EWlRSRTVVUld0MU9URjZiVWx2TDJOQ1R6Y3ZUSG80YmpOUlFVRkJXVmxMVW1WM1FVRkJRVVZCZDBKSFRVVlJRMGxHYm5WWFFsWkdXV2ROV0RSSU0xcFNRMDFETVVrclFWUmlkbmhpVERaelpWRnFVWHBEWTJjdk5VZGhRV2xCTTFwaGIyZGlTSHBrWkRWcGIyZEhTVUZJTkdsbE16YzFRa2h2VjBoYU5WVk1hRUp1U0dwNWFVSnVha0ZMUW1kbmNXaHJhazlRVVZGRVFYZE9TVUZFUWtaQmFVVkJjSHBYVERCUFdsQjFjblk1TDBGYWNERk5kbkUyVTBSR1YxSXplWGRNYmtkalExUTRMemRoWVdVd1ZVTkpSRVEyZGxWa2VHOW1kVXBDU21kMmFpOVJTbThyYm5OWlp5dDNOemhEWVcxTUt6SjRRVTgyVmxBdlV3b3RMUzB0TFVWT1JDQkRSVkpVU1VaSlEwRlVSUzB0TFMwdENnPT0iLCJzaWciOiJUVVZWUTBsRWJWbFZZamRvUm5RNVQyUnRjRGh1WlhGV2FsVTRNVlZtVjFSbk5qRlJUMVZ1ZVZKdE9FRlpaVXRtUVdsRlFUUm9XbWw0ZUhaTmNFUlFRMWRyWnpCU1kzRklkRWQzVlZWbGFUWnVSbkZDU2xaclkyWnVRVkoyV0VrOSJ9XX0sImhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiI5ZTk3Y2RiZTRlODg1Yjk4OWE0MDI1YmY4NTFjOGE3NTkwNzA2MmM4YmNhNmYwNDZkNDRlZGI5YTc1NThmNTE4In0sInBheWxvYWRIYXNoIjp7ImFsZ29yaXRobSI6InNoYTI1NiIsInZhbHVlIjoiMGViYmRiYzIxZDE4MjAwN2I3OGI1NzcwZGVhMjQ5ZjExMDk0NmI3ZGVkODU3YTRlYzAwY2NiNjkyYzFlMjVhZiJ9fX19"}],"timestampVerificationData":{"rfc3161Timestamps":[{"signedTimestamp":"MIICHDADAgEAMIICEwYJKoZIhvcNAQcCoIICBDCCAgACAQMxDzANBglghkgBZQMEAgEFADB0BgsqhkiG9w0BCRABBKBlBGMwYQIBAQYJKwYBBAGDvzACMC8wCwYJYIZIAWUDBAIBBCDzcX7M5GHmAKza2P4d69jjJRypS9e+mMaKdYjEU9Ki0gIE3q2+7xgPMjAyMzAyMDEwMDAwMDBaMAMCAQECBEmWAtKgADGCAXAwggFsAgEBMCswJjEMMAoGA1UEAxMDdHNhMRYwFAYDVQQKEw1zaWdzdG9yZS5tb2NrAgECMA0GCWCGSAFlAwQCAQUAoIHVMBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRABBDAcBgkqhkiG9w0BCQUxDxcNMjMwMjAxMDAwMDAwWjAvBgkqhkiG9w0BCQQxIgQgT8kHw9BxP0p9LFMwc8fr2PhmNt2DzmF26qJBAzHxjIgwaAYLKoZIhvcNAQkQAi8xWTBXMFUwUwQgAA4hfcjNjQJC6U7kl1KxL3VHVkxZbFxM+eqk9sPXbJAwLzAqpCgwJjEMMAoGA1UEAxMDdHNhMRYwFAYDVQQKEw1zaWdzdG9yZS5tb2NrAgECMAoGCCqGSM49BAMCBEcwRQIhAOAxDCA1QjNKsiE0WnAh+qxiLwqMFM+BubZ28pbn9+wIAiBk6DdCY6cFcOVzED5E1O6vhS8641fT1nmwkgbLfCIQwg=="}]}},"dsseEnvelope":{"payload":"ewogICJfdHlwZSI6ICJodHRwczovL2luLXRvdG8uaW8vU3RhdGVtZW50L3YxIiwKICAic3ViamVjdCI6IFsKICAgIHsKICAgICAgIm5hbWUiOiAiZC50eHQiLAogICAgICAiZGlnZXN0IjogewogICAgICAgICJzaGEyNTYiOiAiMzMwYTA0MzIyMGZhMTNlMDFkNjhhN2RiMzljODllMTJiMGM0YzNiNmEwMzQ2ZmU2MjRiMDkwM2YxMzAzYjViMiIKICAgICAgfQogICAgfQogIF0sCiAgInByZWRpY2F0ZVR5cGUiOiAiaHR0cHM6Ly9zbHNhLmRldi9wcm92ZW5hbmNlL3YxIiwKICAicHJlZGljYXRlIjogewogICAgImJ1aWxkRGVmaW5pdGlvbiI6IHsKICAgICAgImJ1aWxkVHlwZSI6ICJodHRwczovL3Nsc2EtZnJhbWV3b3JrLmdpdGh1Yi5pby9naXRodWItYWN0aW9ucy1idWlsZHR5cGVzL3dvcmtmbG93L3YxIiwKICAgICAgImV4dGVybmFsUGFyYW1ldGVycyI6IHsKICAgICAgICAid29ya2Zsb3ciOiB7CiAgICAgICAgICAicmVmIjogInJlZnMvaGVhZHMvbWFpbiIsCiAgICAgICAgICAicmVwb3NpdG9yeSI6ICJodHRwczovL2dpdGh1Yi5jb20vc2lnc3RvcmUvc2lnc3RvcmUtY29uZm9ybWFuY2UiLAogICAgICAgICAgInBhdGgiOiAiLmdpdGh1Yi93b3JrZmxvd3MvY29uZm9ybWFuY2UueW1sIgogICAgICAgIH0KICAgICAgfSwKICAgICAgImludGVybmFsUGFyYW1ldGVycyI6IHsKICAgICAgICAiZ2l0aHViIjogewogICAgICAgICAgImV2ZW50X25hbWUiOiAicHVzaCIsCiAgICAgICAgICAicmVwb3NpdG9yeV9pZCI6ICI1NDE4OTMxODYiLAogICAgICAgICAgInJlcG9zaXRvcnlfb3duZXJfaWQiOiAiNzEwOTYzNTMiCiAgICAgICAgfQogICAgICB9LAogICAgICAicmVzb2x2ZWREZXBlbmRlbmNpZXMiOiBbCiAgICAgICAgewogICAgICAgICAgInVyaSI6ICJnaXQraHR0cHM6Ly9naXRodWIuY29tL3NpZ3N0b3JlL3NpZ3N0b3JlLWNvbmZvcm1hbmNlQHJlZnMvaGVhZHMvbWFpbiIsCiAgICAgICAgICAiZGlnZXN0IjogewogICAgICAgICAgICAiZ2l0Q29tbWl0IjogImM1ZjVmYjI1NTE2M2VkODVkZGIzMmQ1NGRjZGQ3MTBhYzNmMDQ2MDMiCiAgICAgICAgICB9CiAgICAgICAgfQogICAgICBdCiAgICB9LAogICAgInJ1bkRldGFpbHMiOiB7CiAgICAgICJidWlsZGVyIjogewogICAgICAgICJpZCI6ICJodHRwczovL2dpdGh1Yi5jb20vYWN0aW9ucy9ydW5uZXIvZ2l0aHViLWhvc3RlZCIKICAgICAgfSwKICAgICAgIm1ldGFkYXRhIjogewogICAgICAgICJpbnZvY2F0aW9uSWQiOiAiaHR0cHM6Ly9naXRodWIuY29tL3NpZ3N0b3JlL3NpZ3N0b3JlLWNvbmZvcm1hbmNlL2FjdGlvbnMvcnVucy83MTczNjIwOTEwL2F0dGVtcHRzLzEiCiAgICAgIH0KICAgIH0KICB9Cn0K","payloadType":"application/vnd.in-toto+json","signatures":[{"sig":"MEUCIDmYUb7hFt9Odmp8neqVjU81UfWTg61QOUnyRm8AYeKfAiEA4hZixxvMpDPCWkg0RcqHtGwUUei6nFqBJVkcfnARvXI=","keyid":""}]}} diff --git a/sigstore-java/src/test/resources/dev/sigstore/samples/bundles/bundle.v1.sigstore b/sigstore-java/src/test/resources/dev/sigstore/samples/bundles/bundle.v1.sigstore new file mode 100644 index 00000000..98123a3c --- /dev/null +++ b/sigstore-java/src/test/resources/dev/sigstore/samples/bundles/bundle.v1.sigstore @@ -0,0 +1 @@ +{"mediaType":"application/vnd.dev.sigstore.bundle+json;version=0.1","verificationMaterial":{"x509CertificateChain":{"certificates":[{"rawBytes":"MIICyDCCAk6gAwIBAgIUenpCAKVU2BcGqhnsCe0doys6ibwwCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjMxMDExMTQyODAzWhcNMjMxMDExMTQzODAzWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEC0NNg9GUBzDJz2+i3Ffl1RiCwBekqVQvaYdjXJu6O7zd0WOofuc9zaBQ3WhE8o3EXH0Y5prD6bGajd2XEaMW6KOCAW0wggFpMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQULM+gqZePC3pfVoEclUSrtVPwGwgwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wHQYDVR0RAQH/BBMwEYEPYXBwdUBnb29nbGUuY29tMCkGCisGAQQBg78wAQEEG2h0dHBzOi8vYWNjb3VudHMuZ29vZ2xlLmNvbTArBgorBgEEAYO/MAEIBB0MG2h0dHBzOi8vYWNjb3VudHMuZ29vZ2xlLmNvbTCBigYKKwYBBAHWeQIEAgR8BHoAeAB2AN09MGrGxxEyYxkeHJlnNwKiSl643jyt/4eKcoAvKe6OAAABix8jOOQAAAQDAEcwRQIhANeveOTEE7bNqX0UyaSYlSoOXtOntGNsEAO9FUaa/p/XAiBaMNu8aUovaFnoY+e3VIwsLfKoQls17tZbbH6sY+RZQjAKBggqhkjOPQQDAwNoADBlAjB63/BTZjqtZFoKpilCsvEzz4a6eBGf0dbnqhhDS/9ELuKjj2H7jQuNICxqED5p9vECMQDxUugt9pitEpNkOR4gnHdEAS726LUKhCic2QUhwbNJt/+Th+O7MyvyfoDjdlgGGMI="}]},"tlogEntries":[{"logIndex":"41958702","logId":{"keyId":"wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="},"kindVersion":{"kind":"hashedrekord","version":"0.0.1"},"integratedTime":"1697034484","inclusionPromise":{"signedEntryTimestamp":"MEUCIFJST52F75FnhiyWApcgiQWgszyb/rf6J5wIRHEFb6LiAiEAgK/el1WsJLdpoRn0Pp9np9LPbY4ebQyyX03j8325Q48="},"canonicalizedBody":"eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiJhMGNmYzcxMjcxZDZlMjc4ZTU3Y2QzMzJmZjk1N2MzZjcwNDNmZGRhMzU0YzRjYmIxOTBhMzBkNTZlZmEwMWJmIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FVUNJRG9xaGp4NWJ6Z1EwS3dNRDFtNzJDTGR4bTZMRHNhWU9oWE94L1NkS0NiRkFpRUExalY0V3kxUkhSN0pWS1FHUmZ5UGpLQTVzRUhWb0M0VUJnRHhpZjJ2Nmx3PSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjVSRU5EUVdzMlowRjNTVUpCWjBsVlpXNXdRMEZMVmxVeVFtTkhjV2h1YzBObE1HUnZlWE0yYVdKM2QwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcE5lRTFFUlhoTlZGRjVUMFJCZWxkb1kwNU5hazE0VFVSRmVFMVVVWHBQUkVGNlYycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZETUU1T1p6bEhWVUo2UkVwNk1pdHBNMFptYkRGU2FVTjNRbVZyY1ZaUmRtRlpaR29LV0VwMU5rODNlbVF3VjA5dlpuVmpPWHBoUWxFelYyaEZPRzh6UlZoSU1GazFjSEpFTm1KSFlXcGtNbGhGWVUxWE5rdFBRMEZYTUhkblowWndUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlZNVFN0bkNuRmFaVkJETTNCbVZtOUZZMnhWVTNKMFZsQjNSM2RuZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBoUldVUldVakJTUVZGSUwwSkNUWGRGV1VWUVdWaENkMlJWUW01aU1qbHVZa2RWZFZreU9YUk5RMnRIUTJselIwRlJVVUpuTnpoM1FWRkZSUXBITW1nd1pFaENlazlwT0haWlYwNXFZak5XZFdSSVRYVmFNamwyV2pKNGJFeHRUblppVkVGeVFtZHZja0puUlVWQldVOHZUVUZGU1VKQ01FMUhNbWd3Q21SSVFucFBhVGgyV1ZkT2FtSXpWblZrU0UxMVdqSTVkbG95ZUd4TWJVNTJZbFJEUW1sbldVdExkMWxDUWtGSVYyVlJTVVZCWjFJNFFraHZRV1ZCUWpJS1FVNHdPVTFIY2tkNGVFVjVXWGhyWlVoS2JHNU9kMHRwVTJ3Mk5ETnFlWFF2TkdWTFkyOUJka3RsTms5QlFVRkNhWGc0YWs5UFVVRkJRVkZFUVVWamR3cFNVVWxvUVU1bGRtVlBWRVZGTjJKT2NWZ3dWWGxoVTFsc1UyOVBXSFJQYm5SSFRuTkZRVTg1UmxWaFlTOXdMMWhCYVVKaFRVNTFPR0ZWYjNaaFJtNXZDbGtyWlROV1NYZHpUR1pMYjFGc2N6RTNkRnBpWWtnMmMxa3JVbHBSYWtGTFFtZG5jV2hyYWs5UVVWRkVRWGRPYjBGRVFteEJha0kyTXk5Q1ZGcHFjWFFLV2tadlMzQnBiRU56ZGtWNmVqUmhObVZDUjJZd1pHSnVjV2hvUkZNdk9VVk1kVXRxYWpKSU4ycFJkVTVKUTNoeFJVUTFjRGwyUlVOTlVVUjRWWFZuZEFvNWNHbDBSWEJPYTA5U05HZHVTR1JGUVZNM01qWk1WVXRvUTJsak1sRlZhSGRpVGtwMEx5dFVhQ3RQTjAxNWRubG1iMFJxWkd4blIwZE5TVDBLTFMwdExTMUZUa1FnUTBWU1ZFbEdTVU5CVkVVdExTMHRMUW89In19fX0="}]},"messageSignature":{"messageDigest":{"algorithm":"SHA2_256","digest":"oM/HEnHW4njlfNMy/5V8P3BD/do1TEy7GQow1W76Ab8="},"signature":"MEUCIDoqhjx5bzgQ0KwMD1m72CLdxm6LDsaYOhXOx/SdKCbFAiEA1jV4Wy1RHR7JVKQGRfyPjKA5sEHVoC4UBgDxif2v6lw="}} diff --git a/sigstore-java/src/test/resources/dev/sigstore/samples/bundles/bundle.v2.no.inclusion.sigstore b/sigstore-java/src/test/resources/dev/sigstore/samples/bundles/bundle.v2.no.inclusion.sigstore new file mode 100644 index 00000000..84e5ead2 --- /dev/null +++ b/sigstore-java/src/test/resources/dev/sigstore/samples/bundles/bundle.v2.no.inclusion.sigstore @@ -0,0 +1 @@ +{"mediaType":"application/vnd.dev.sigstore.bundle+json;version=0.2","verificationMaterial":{"x509CertificateChain":{"certificates":[{"rawBytes":"MIICyDCCAk6gAwIBAgIUenpCAKVU2BcGqhnsCe0doys6ibwwCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjMxMDExMTQyODAzWhcNMjMxMDExMTQzODAzWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEC0NNg9GUBzDJz2+i3Ffl1RiCwBekqVQvaYdjXJu6O7zd0WOofuc9zaBQ3WhE8o3EXH0Y5prD6bGajd2XEaMW6KOCAW0wggFpMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQULM+gqZePC3pfVoEclUSrtVPwGwgwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wHQYDVR0RAQH/BBMwEYEPYXBwdUBnb29nbGUuY29tMCkGCisGAQQBg78wAQEEG2h0dHBzOi8vYWNjb3VudHMuZ29vZ2xlLmNvbTArBgorBgEEAYO/MAEIBB0MG2h0dHBzOi8vYWNjb3VudHMuZ29vZ2xlLmNvbTCBigYKKwYBBAHWeQIEAgR8BHoAeAB2AN09MGrGxxEyYxkeHJlnNwKiSl643jyt/4eKcoAvKe6OAAABix8jOOQAAAQDAEcwRQIhANeveOTEE7bNqX0UyaSYlSoOXtOntGNsEAO9FUaa/p/XAiBaMNu8aUovaFnoY+e3VIwsLfKoQls17tZbbH6sY+RZQjAKBggqhkjOPQQDAwNoADBlAjB63/BTZjqtZFoKpilCsvEzz4a6eBGf0dbnqhhDS/9ELuKjj2H7jQuNICxqED5p9vECMQDxUugt9pitEpNkOR4gnHdEAS726LUKhCic2QUhwbNJt/+Th+O7MyvyfoDjdlgGGMI="}]},"tlogEntries":[{"logIndex":"41958702","logId":{"keyId":"wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="},"kindVersion":{"kind":"hashedrekord","version":"0.0.1"},"integratedTime":"1697034484","inclusionPromise":{"signedEntryTimestamp":"MEUCIFJST52F75FnhiyWApcgiQWgszyb/rf6J5wIRHEFb6LiAiEAgK/el1WsJLdpoRn0Pp9np9LPbY4ebQyyX03j8325Q48="},"canonicalizedBody":"eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiJhMGNmYzcxMjcxZDZlMjc4ZTU3Y2QzMzJmZjk1N2MzZjcwNDNmZGRhMzU0YzRjYmIxOTBhMzBkNTZlZmEwMWJmIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FVUNJRG9xaGp4NWJ6Z1EwS3dNRDFtNzJDTGR4bTZMRHNhWU9oWE94L1NkS0NiRkFpRUExalY0V3kxUkhSN0pWS1FHUmZ5UGpLQTVzRUhWb0M0VUJnRHhpZjJ2Nmx3PSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjVSRU5EUVdzMlowRjNTVUpCWjBsVlpXNXdRMEZMVmxVeVFtTkhjV2h1YzBObE1HUnZlWE0yYVdKM2QwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcE5lRTFFUlhoTlZGRjVUMFJCZWxkb1kwNU5hazE0VFVSRmVFMVVVWHBQUkVGNlYycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZETUU1T1p6bEhWVUo2UkVwNk1pdHBNMFptYkRGU2FVTjNRbVZyY1ZaUmRtRlpaR29LV0VwMU5rODNlbVF3VjA5dlpuVmpPWHBoUWxFelYyaEZPRzh6UlZoSU1GazFjSEpFTm1KSFlXcGtNbGhGWVUxWE5rdFBRMEZYTUhkblowWndUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlZNVFN0bkNuRmFaVkJETTNCbVZtOUZZMnhWVTNKMFZsQjNSM2RuZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBoUldVUldVakJTUVZGSUwwSkNUWGRGV1VWUVdWaENkMlJWUW01aU1qbHVZa2RWZFZreU9YUk5RMnRIUTJselIwRlJVVUpuTnpoM1FWRkZSUXBITW1nd1pFaENlazlwT0haWlYwNXFZak5XZFdSSVRYVmFNamwyV2pKNGJFeHRUblppVkVGeVFtZHZja0puUlVWQldVOHZUVUZGU1VKQ01FMUhNbWd3Q21SSVFucFBhVGgyV1ZkT2FtSXpWblZrU0UxMVdqSTVkbG95ZUd4TWJVNTJZbFJEUW1sbldVdExkMWxDUWtGSVYyVlJTVVZCWjFJNFFraHZRV1ZCUWpJS1FVNHdPVTFIY2tkNGVFVjVXWGhyWlVoS2JHNU9kMHRwVTJ3Mk5ETnFlWFF2TkdWTFkyOUJka3RsTms5QlFVRkNhWGc0YWs5UFVVRkJRVkZFUVVWamR3cFNVVWxvUVU1bGRtVlBWRVZGTjJKT2NWZ3dWWGxoVTFsc1UyOVBXSFJQYm5SSFRuTkZRVTg1UmxWaFlTOXdMMWhCYVVKaFRVNTFPR0ZWYjNaaFJtNXZDbGtyWlROV1NYZHpUR1pMYjFGc2N6RTNkRnBpWWtnMmMxa3JVbHBSYWtGTFFtZG5jV2hyYWs5UVVWRkVRWGRPYjBGRVFteEJha0kyTXk5Q1ZGcHFjWFFLV2tadlMzQnBiRU56ZGtWNmVqUmhObVZDUjJZd1pHSnVjV2hvUkZNdk9VVk1kVXRxYWpKSU4ycFJkVTVKUTNoeFJVUTFjRGwyUlVOTlVVUjRWWFZuZEFvNWNHbDBSWEJPYTA5U05HZHVTR1JGUVZNM01qWk1WVXRvUTJsak1sRlZhSGRpVGtwMEx5dFVhQ3RQTjAxNWRubG1iMFJxWkd4blIwZE5TVDBLTFMwdExTMUZUa1FnUTBWU1ZFbEdTVU5CVkVVdExTMHRMUW89In19fX0="}]},"messageSignature":{"messageDigest":{"algorithm":"SHA2_256","digest":"oM/HEnHW4njlfNMy/5V8P3BD/do1TEy7GQow1W76Ab8="},"signature":"MEUCIDoqhjx5bzgQ0KwMD1m72CLdxm6LDsaYOhXOx/SdKCbFAiEA1jV4Wy1RHR7JVKQGRfyPjKA5sEHVoC4UBgDxif2v6lw="}} diff --git a/sigstore-java/src/test/resources/dev/sigstore/samples/bundles/bundle.v2.sigstore b/sigstore-java/src/test/resources/dev/sigstore/samples/bundles/bundle.v2.sigstore new file mode 100644 index 00000000..2775608e --- /dev/null +++ b/sigstore-java/src/test/resources/dev/sigstore/samples/bundles/bundle.v2.sigstore @@ -0,0 +1 @@ +{"mediaType":"application/vnd.dev.sigstore.bundle+json;version=0.2","verificationMaterial":{"x509CertificateChain":{"certificates":[{"rawBytes":"MIICyDCCAk6gAwIBAgIUenpCAKVU2BcGqhnsCe0doys6ibwwCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjMxMDExMTQyODAzWhcNMjMxMDExMTQzODAzWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEC0NNg9GUBzDJz2+i3Ffl1RiCwBekqVQvaYdjXJu6O7zd0WOofuc9zaBQ3WhE8o3EXH0Y5prD6bGajd2XEaMW6KOCAW0wggFpMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQULM+gqZePC3pfVoEclUSrtVPwGwgwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wHQYDVR0RAQH/BBMwEYEPYXBwdUBnb29nbGUuY29tMCkGCisGAQQBg78wAQEEG2h0dHBzOi8vYWNjb3VudHMuZ29vZ2xlLmNvbTArBgorBgEEAYO/MAEIBB0MG2h0dHBzOi8vYWNjb3VudHMuZ29vZ2xlLmNvbTCBigYKKwYBBAHWeQIEAgR8BHoAeAB2AN09MGrGxxEyYxkeHJlnNwKiSl643jyt/4eKcoAvKe6OAAABix8jOOQAAAQDAEcwRQIhANeveOTEE7bNqX0UyaSYlSoOXtOntGNsEAO9FUaa/p/XAiBaMNu8aUovaFnoY+e3VIwsLfKoQls17tZbbH6sY+RZQjAKBggqhkjOPQQDAwNoADBlAjB63/BTZjqtZFoKpilCsvEzz4a6eBGf0dbnqhhDS/9ELuKjj2H7jQuNICxqED5p9vECMQDxUugt9pitEpNkOR4gnHdEAS726LUKhCic2QUhwbNJt/+Th+O7MyvyfoDjdlgGGMI="}]},"tlogEntries":[{"logIndex":"41958702","logId":{"keyId":"wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="},"kindVersion":{"kind":"hashedrekord","version":"0.0.1"},"integratedTime":"1697034484","inclusionPromise":{"signedEntryTimestamp":"MEUCIFJST52F75FnhiyWApcgiQWgszyb/rf6J5wIRHEFb6LiAiEAgK/el1WsJLdpoRn0Pp9np9LPbY4ebQyyX03j8325Q48="},"inclusionProof":{"logIndex":"37795271","rootHash":"60ll7idWI1jYRZzxc+jKflYoW+4jWxgZaGR15ASsWt4=","treeSize":"37795272","hashes":["ZIU3md9RFYeb/QLydGOwhQ3ND+W4anIY65AcncCDATg=","FW20NiNv2Sqj0JVrVV0jxM2orMbQ9xh+VP1lTkSDl/Q=","S+iI/+iSshhUyd1Q7CAhJL1r0ztj4VmlB+Mz6EIYVnc=","IarfFu1ExpVVeg2h4fG1IWKYMs6BKCBnp46dlDN+iRA=","lMgRhGHIJoON6m0fp7dqo58UDMgHbflIjryXEw8/6GI=","wFBMBVQ5HXrKMuf5XOphsNlin7vSAfDFJnQq5YDxVrY=","FBAwNrNC3qhOjCcwdeB59P7bwQ40jtBUib0Y/j87xpE=","FTHlMv8QQyKAsmnkVAwWZSzP3mApzQXkiZrN+bQGg08=","5Lrnz5mdl9fOisdC44l0ljBJi9bwDSb/ArXsvCpgCiQ=","dA4IFz5UaTwkR83x1QUkZLq0UZJu9kRZJuSDsU7kVkE=","EqXDaDjlrIheY/2CQ/d0+pp4EBeqLlaq2/0ociyo5AY=","aWnEm9c/Gb8operqvTMd3WBQLe+yzT2W4Xt0HICt7Gw="],"checkpoint":{"envelope":"rekor.sigstore.dev - 2605736670972794746\n37795272\n60ll7idWI1jYRZzxc+jKflYoW+4jWxgZaGR15ASsWt4=\nTimestamp: 1697034484441201852\n\n— rekor.sigstore.dev wNI9ajBGAiEAlWUH2HSPa6IMIRBgFcIXph3Mj9xM70WR0VVADvGIl/oCIQCgfvUUjR/X5jewlqpAWI8NuJIicKpTG64vo6UM5fpSgQ==\n"}},"canonicalizedBody":"eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiJhMGNmYzcxMjcxZDZlMjc4ZTU3Y2QzMzJmZjk1N2MzZjcwNDNmZGRhMzU0YzRjYmIxOTBhMzBkNTZlZmEwMWJmIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FVUNJRG9xaGp4NWJ6Z1EwS3dNRDFtNzJDTGR4bTZMRHNhWU9oWE94L1NkS0NiRkFpRUExalY0V3kxUkhSN0pWS1FHUmZ5UGpLQTVzRUhWb0M0VUJnRHhpZjJ2Nmx3PSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjVSRU5EUVdzMlowRjNTVUpCWjBsVlpXNXdRMEZMVmxVeVFtTkhjV2h1YzBObE1HUnZlWE0yYVdKM2QwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcE5lRTFFUlhoTlZGRjVUMFJCZWxkb1kwNU5hazE0VFVSRmVFMVVVWHBQUkVGNlYycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZETUU1T1p6bEhWVUo2UkVwNk1pdHBNMFptYkRGU2FVTjNRbVZyY1ZaUmRtRlpaR29LV0VwMU5rODNlbVF3VjA5dlpuVmpPWHBoUWxFelYyaEZPRzh6UlZoSU1GazFjSEpFTm1KSFlXcGtNbGhGWVUxWE5rdFBRMEZYTUhkblowWndUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlZNVFN0bkNuRmFaVkJETTNCbVZtOUZZMnhWVTNKMFZsQjNSM2RuZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBoUldVUldVakJTUVZGSUwwSkNUWGRGV1VWUVdWaENkMlJWUW01aU1qbHVZa2RWZFZreU9YUk5RMnRIUTJselIwRlJVVUpuTnpoM1FWRkZSUXBITW1nd1pFaENlazlwT0haWlYwNXFZak5XZFdSSVRYVmFNamwyV2pKNGJFeHRUblppVkVGeVFtZHZja0puUlVWQldVOHZUVUZGU1VKQ01FMUhNbWd3Q21SSVFucFBhVGgyV1ZkT2FtSXpWblZrU0UxMVdqSTVkbG95ZUd4TWJVNTJZbFJEUW1sbldVdExkMWxDUWtGSVYyVlJTVVZCWjFJNFFraHZRV1ZCUWpJS1FVNHdPVTFIY2tkNGVFVjVXWGhyWlVoS2JHNU9kMHRwVTJ3Mk5ETnFlWFF2TkdWTFkyOUJka3RsTms5QlFVRkNhWGc0YWs5UFVVRkJRVkZFUVVWamR3cFNVVWxvUVU1bGRtVlBWRVZGTjJKT2NWZ3dWWGxoVTFsc1UyOVBXSFJQYm5SSFRuTkZRVTg1UmxWaFlTOXdMMWhCYVVKaFRVNTFPR0ZWYjNaaFJtNXZDbGtyWlROV1NYZHpUR1pMYjFGc2N6RTNkRnBpWWtnMmMxa3JVbHBSYWtGTFFtZG5jV2hyYWs5UVVWRkVRWGRPYjBGRVFteEJha0kyTXk5Q1ZGcHFjWFFLV2tadlMzQnBiRU56ZGtWNmVqUmhObVZDUjJZd1pHSnVjV2hvUkZNdk9VVk1kVXRxYWpKSU4ycFJkVTVKUTNoeFJVUTFjRGwyUlVOTlVVUjRWWFZuZEFvNWNHbDBSWEJPYTA5U05HZHVTR1JGUVZNM01qWk1WVXRvUTJsak1sRlZhSGRpVGtwMEx5dFVhQ3RQTjAxNWRubG1iMFJxWkd4blIwZE5TVDBLTFMwdExTMUZUa1FnUTBWU1ZFbEdTVU5CVkVVdExTMHRMUW89In19fX0="}]},"messageSignature":{"messageDigest":{"algorithm":"SHA2_256","digest":"oM/HEnHW4njlfNMy/5V8P3BD/do1TEy7GQow1W76Ab8="},"signature":"MEUCIDoqhjx5bzgQ0KwMD1m72CLdxm6LDsaYOhXOx/SdKCbFAiEA1jV4Wy1RHR7JVKQGRfyPjKA5sEHVoC4UBgDxif2v6lw="}} diff --git a/sigstore-java/src/test/resources/dev/sigstore/samples/bundles/bundle.v3.no.inclusion.sigstore b/sigstore-java/src/test/resources/dev/sigstore/samples/bundles/bundle.v3.no.inclusion.sigstore new file mode 100644 index 00000000..3711e36f --- /dev/null +++ b/sigstore-java/src/test/resources/dev/sigstore/samples/bundles/bundle.v3.no.inclusion.sigstore @@ -0,0 +1 @@ +{"mediaType":"application/vnd.dev.sigstore.bundle+json;version=0.3","verificationMaterial":{"certificate":{"rawBytes":"MIICyDCCAk6gAwIBAgIUenpCAKVU2BcGqhnsCe0doys6ibwwCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjMxMDExMTQyODAzWhcNMjMxMDExMTQzODAzWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEC0NNg9GUBzDJz2+i3Ffl1RiCwBekqVQvaYdjXJu6O7zd0WOofuc9zaBQ3WhE8o3EXH0Y5prD6bGajd2XEaMW6KOCAW0wggFpMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQULM+gqZePC3pfVoEclUSrtVPwGwgwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wHQYDVR0RAQH/BBMwEYEPYXBwdUBnb29nbGUuY29tMCkGCisGAQQBg78wAQEEG2h0dHBzOi8vYWNjb3VudHMuZ29vZ2xlLmNvbTArBgorBgEEAYO/MAEIBB0MG2h0dHBzOi8vYWNjb3VudHMuZ29vZ2xlLmNvbTCBigYKKwYBBAHWeQIEAgR8BHoAeAB2AN09MGrGxxEyYxkeHJlnNwKiSl643jyt/4eKcoAvKe6OAAABix8jOOQAAAQDAEcwRQIhANeveOTEE7bNqX0UyaSYlSoOXtOntGNsEAO9FUaa/p/XAiBaMNu8aUovaFnoY+e3VIwsLfKoQls17tZbbH6sY+RZQjAKBggqhkjOPQQDAwNoADBlAjB63/BTZjqtZFoKpilCsvEzz4a6eBGf0dbnqhhDS/9ELuKjj2H7jQuNICxqED5p9vECMQDxUugt9pitEpNkOR4gnHdEAS726LUKhCic2QUhwbNJt/+Th+O7MyvyfoDjdlgGGMI="},"tlogEntries":[{"logIndex":"41958702","logId":{"keyId":"wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="},"kindVersion":{"kind":"hashedrekord","version":"0.0.1"},"integratedTime":"1697034484","inclusionPromise":{"signedEntryTimestamp":"MEUCIFJST52F75FnhiyWApcgiQWgszyb/rf6J5wIRHEFb6LiAiEAgK/el1WsJLdpoRn0Pp9np9LPbY4ebQyyX03j8325Q48="},"canonicalizedBody":"eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiJhMGNmYzcxMjcxZDZlMjc4ZTU3Y2QzMzJmZjk1N2MzZjcwNDNmZGRhMzU0YzRjYmIxOTBhMzBkNTZlZmEwMWJmIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FVUNJRG9xaGp4NWJ6Z1EwS3dNRDFtNzJDTGR4bTZMRHNhWU9oWE94L1NkS0NiRkFpRUExalY0V3kxUkhSN0pWS1FHUmZ5UGpLQTVzRUhWb0M0VUJnRHhpZjJ2Nmx3PSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjVSRU5EUVdzMlowRjNTVUpCWjBsVlpXNXdRMEZMVmxVeVFtTkhjV2h1YzBObE1HUnZlWE0yYVdKM2QwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcE5lRTFFUlhoTlZGRjVUMFJCZWxkb1kwNU5hazE0VFVSRmVFMVVVWHBQUkVGNlYycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZETUU1T1p6bEhWVUo2UkVwNk1pdHBNMFptYkRGU2FVTjNRbVZyY1ZaUmRtRlpaR29LV0VwMU5rODNlbVF3VjA5dlpuVmpPWHBoUWxFelYyaEZPRzh6UlZoSU1GazFjSEpFTm1KSFlXcGtNbGhGWVUxWE5rdFBRMEZYTUhkblowWndUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlZNVFN0bkNuRmFaVkJETTNCbVZtOUZZMnhWVTNKMFZsQjNSM2RuZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBoUldVUldVakJTUVZGSUwwSkNUWGRGV1VWUVdWaENkMlJWUW01aU1qbHVZa2RWZFZreU9YUk5RMnRIUTJselIwRlJVVUpuTnpoM1FWRkZSUXBITW1nd1pFaENlazlwT0haWlYwNXFZak5XZFdSSVRYVmFNamwyV2pKNGJFeHRUblppVkVGeVFtZHZja0puUlVWQldVOHZUVUZGU1VKQ01FMUhNbWd3Q21SSVFucFBhVGgyV1ZkT2FtSXpWblZrU0UxMVdqSTVkbG95ZUd4TWJVNTJZbFJEUW1sbldVdExkMWxDUWtGSVYyVlJTVVZCWjFJNFFraHZRV1ZCUWpJS1FVNHdPVTFIY2tkNGVFVjVXWGhyWlVoS2JHNU9kMHRwVTJ3Mk5ETnFlWFF2TkdWTFkyOUJka3RsTms5QlFVRkNhWGc0YWs5UFVVRkJRVkZFUVVWamR3cFNVVWxvUVU1bGRtVlBWRVZGTjJKT2NWZ3dWWGxoVTFsc1UyOVBXSFJQYm5SSFRuTkZRVTg1UmxWaFlTOXdMMWhCYVVKaFRVNTFPR0ZWYjNaaFJtNXZDbGtyWlROV1NYZHpUR1pMYjFGc2N6RTNkRnBpWWtnMmMxa3JVbHBSYWtGTFFtZG5jV2hyYWs5UVVWRkVRWGRPYjBGRVFteEJha0kyTXk5Q1ZGcHFjWFFLV2tadlMzQnBiRU56ZGtWNmVqUmhObVZDUjJZd1pHSnVjV2hvUkZNdk9VVk1kVXRxYWpKSU4ycFJkVTVKUTNoeFJVUTFjRGwyUlVOTlVVUjRWWFZuZEFvNWNHbDBSWEJPYTA5U05HZHVTR1JGUVZNM01qWk1WVXRvUTJsak1sRlZhSGRpVGtwMEx5dFVhQ3RQTjAxNWRubG1iMFJxWkd4blIwZE5TVDBLTFMwdExTMUZUa1FnUTBWU1ZFbEdTVU5CVkVVdExTMHRMUW89In19fX0="}]},"messageSignature":{"messageDigest":{"algorithm":"SHA2_256","digest":"oM/HEnHW4njlfNMy/5V8P3BD/do1TEy7GQow1W76Ab8="},"signature":"MEUCIDoqhjx5bzgQ0KwMD1m72CLdxm6LDsaYOhXOx/SdKCbFAiEA1jV4Wy1RHR7JVKQGRfyPjKA5sEHVoC4UBgDxif2v6lw="}} diff --git a/sigstore-java/src/test/resources/dev/sigstore/samples/bundles/bundle.v3.sigstore b/sigstore-java/src/test/resources/dev/sigstore/samples/bundles/bundle.v3.sigstore new file mode 100644 index 00000000..0e63ec3e --- /dev/null +++ b/sigstore-java/src/test/resources/dev/sigstore/samples/bundles/bundle.v3.sigstore @@ -0,0 +1 @@ +{"mediaType":"application/vnd.dev.sigstore.bundle+json;version=0.3","verificationMaterial":{"certificate":{"rawBytes":"MIICyDCCAk6gAwIBAgIUenpCAKVU2BcGqhnsCe0doys6ibwwCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjMxMDExMTQyODAzWhcNMjMxMDExMTQzODAzWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEC0NNg9GUBzDJz2+i3Ffl1RiCwBekqVQvaYdjXJu6O7zd0WOofuc9zaBQ3WhE8o3EXH0Y5prD6bGajd2XEaMW6KOCAW0wggFpMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQULM+gqZePC3pfVoEclUSrtVPwGwgwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wHQYDVR0RAQH/BBMwEYEPYXBwdUBnb29nbGUuY29tMCkGCisGAQQBg78wAQEEG2h0dHBzOi8vYWNjb3VudHMuZ29vZ2xlLmNvbTArBgorBgEEAYO/MAEIBB0MG2h0dHBzOi8vYWNjb3VudHMuZ29vZ2xlLmNvbTCBigYKKwYBBAHWeQIEAgR8BHoAeAB2AN09MGrGxxEyYxkeHJlnNwKiSl643jyt/4eKcoAvKe6OAAABix8jOOQAAAQDAEcwRQIhANeveOTEE7bNqX0UyaSYlSoOXtOntGNsEAO9FUaa/p/XAiBaMNu8aUovaFnoY+e3VIwsLfKoQls17tZbbH6sY+RZQjAKBggqhkjOPQQDAwNoADBlAjB63/BTZjqtZFoKpilCsvEzz4a6eBGf0dbnqhhDS/9ELuKjj2H7jQuNICxqED5p9vECMQDxUugt9pitEpNkOR4gnHdEAS726LUKhCic2QUhwbNJt/+Th+O7MyvyfoDjdlgGGMI="},"tlogEntries":[{"logIndex":"41958702","logId":{"keyId":"wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="},"kindVersion":{"kind":"hashedrekord","version":"0.0.1"},"integratedTime":"1697034484","inclusionPromise":{"signedEntryTimestamp":"MEUCIFJST52F75FnhiyWApcgiQWgszyb/rf6J5wIRHEFb6LiAiEAgK/el1WsJLdpoRn0Pp9np9LPbY4ebQyyX03j8325Q48="},"inclusionProof":{"logIndex":"37795271","rootHash":"60ll7idWI1jYRZzxc+jKflYoW+4jWxgZaGR15ASsWt4=","treeSize":"37795272","hashes":["ZIU3md9RFYeb/QLydGOwhQ3ND+W4anIY65AcncCDATg=","FW20NiNv2Sqj0JVrVV0jxM2orMbQ9xh+VP1lTkSDl/Q=","S+iI/+iSshhUyd1Q7CAhJL1r0ztj4VmlB+Mz6EIYVnc=","IarfFu1ExpVVeg2h4fG1IWKYMs6BKCBnp46dlDN+iRA=","lMgRhGHIJoON6m0fp7dqo58UDMgHbflIjryXEw8/6GI=","wFBMBVQ5HXrKMuf5XOphsNlin7vSAfDFJnQq5YDxVrY=","FBAwNrNC3qhOjCcwdeB59P7bwQ40jtBUib0Y/j87xpE=","FTHlMv8QQyKAsmnkVAwWZSzP3mApzQXkiZrN+bQGg08=","5Lrnz5mdl9fOisdC44l0ljBJi9bwDSb/ArXsvCpgCiQ=","dA4IFz5UaTwkR83x1QUkZLq0UZJu9kRZJuSDsU7kVkE=","EqXDaDjlrIheY/2CQ/d0+pp4EBeqLlaq2/0ociyo5AY=","aWnEm9c/Gb8operqvTMd3WBQLe+yzT2W4Xt0HICt7Gw="],"checkpoint":{"envelope":"rekor.sigstore.dev - 2605736670972794746\n37795272\n60ll7idWI1jYRZzxc+jKflYoW+4jWxgZaGR15ASsWt4=\nTimestamp: 1697034484441201852\n\n— rekor.sigstore.dev wNI9ajBGAiEAlWUH2HSPa6IMIRBgFcIXph3Mj9xM70WR0VVADvGIl/oCIQCgfvUUjR/X5jewlqpAWI8NuJIicKpTG64vo6UM5fpSgQ==\n"}},"canonicalizedBody":"eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiJhMGNmYzcxMjcxZDZlMjc4ZTU3Y2QzMzJmZjk1N2MzZjcwNDNmZGRhMzU0YzRjYmIxOTBhMzBkNTZlZmEwMWJmIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FVUNJRG9xaGp4NWJ6Z1EwS3dNRDFtNzJDTGR4bTZMRHNhWU9oWE94L1NkS0NiRkFpRUExalY0V3kxUkhSN0pWS1FHUmZ5UGpLQTVzRUhWb0M0VUJnRHhpZjJ2Nmx3PSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjVSRU5EUVdzMlowRjNTVUpCWjBsVlpXNXdRMEZMVmxVeVFtTkhjV2h1YzBObE1HUnZlWE0yYVdKM2QwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcE5lRTFFUlhoTlZGRjVUMFJCZWxkb1kwNU5hazE0VFVSRmVFMVVVWHBQUkVGNlYycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZETUU1T1p6bEhWVUo2UkVwNk1pdHBNMFptYkRGU2FVTjNRbVZyY1ZaUmRtRlpaR29LV0VwMU5rODNlbVF3VjA5dlpuVmpPWHBoUWxFelYyaEZPRzh6UlZoSU1GazFjSEpFTm1KSFlXcGtNbGhGWVUxWE5rdFBRMEZYTUhkblowWndUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlZNVFN0bkNuRmFaVkJETTNCbVZtOUZZMnhWVTNKMFZsQjNSM2RuZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBoUldVUldVakJTUVZGSUwwSkNUWGRGV1VWUVdWaENkMlJWUW01aU1qbHVZa2RWZFZreU9YUk5RMnRIUTJselIwRlJVVUpuTnpoM1FWRkZSUXBITW1nd1pFaENlazlwT0haWlYwNXFZak5XZFdSSVRYVmFNamwyV2pKNGJFeHRUblppVkVGeVFtZHZja0puUlVWQldVOHZUVUZGU1VKQ01FMUhNbWd3Q21SSVFucFBhVGgyV1ZkT2FtSXpWblZrU0UxMVdqSTVkbG95ZUd4TWJVNTJZbFJEUW1sbldVdExkMWxDUWtGSVYyVlJTVVZCWjFJNFFraHZRV1ZCUWpJS1FVNHdPVTFIY2tkNGVFVjVXWGhyWlVoS2JHNU9kMHRwVTJ3Mk5ETnFlWFF2TkdWTFkyOUJka3RsTms5QlFVRkNhWGc0YWs5UFVVRkJRVkZFUVVWamR3cFNVVWxvUVU1bGRtVlBWRVZGTjJKT2NWZ3dWWGxoVTFsc1UyOVBXSFJQYm5SSFRuTkZRVTg1UmxWaFlTOXdMMWhCYVVKaFRVNTFPR0ZWYjNaaFJtNXZDbGtyWlROV1NYZHpUR1pMYjFGc2N6RTNkRnBpWWtnMmMxa3JVbHBSYWtGTFFtZG5jV2hyYWs5UVVWRkVRWGRPYjBGRVFteEJha0kyTXk5Q1ZGcHFjWFFLV2tadlMzQnBiRU56ZGtWNmVqUmhObVZDUjJZd1pHSnVjV2hvUkZNdk9VVk1kVXRxYWpKSU4ycFJkVTVKUTNoeFJVUTFjRGwyUlVOTlVVUjRWWFZuZEFvNWNHbDBSWEJPYTA5U05HZHVTR1JGUVZNM01qWk1WVXRvUTJsak1sRlZhSGRpVGtwMEx5dFVhQ3RQTjAxNWRubG1iMFJxWkd4blIwZE5TVDBLTFMwdExTMUZUa1FnUTBWU1ZFbEdTVU5CVkVVdExTMHRMUW89In19fX0="}]},"messageSignature":{"messageDigest":{"algorithm":"SHA2_256","digest":"oM/HEnHW4njlfNMy/5V8P3BD/do1TEy7GQow1W76Ab8="},"signature":"MEUCIDoqhjx5bzgQ0KwMD1m72CLdxm6LDsaYOhXOx/SdKCbFAiEA1jV4Wy1RHR7JVKQGRfyPjKA5sEHVoC4UBgDxif2v6lw="}} diff --git a/sigstore-testkit/src/main/kotlin/dev/sigstore/testkit/BaseGradleTest.kt b/sigstore-testkit/src/main/kotlin/dev/sigstore/testkit/BaseGradleTest.kt index f17170d6..8f4fc603 100644 --- a/sigstore-testkit/src/main/kotlin/dev/sigstore/testkit/BaseGradleTest.kt +++ b/sigstore-testkit/src/main/kotlin/dev/sigstore/testkit/BaseGradleTest.kt @@ -206,7 +206,7 @@ open class BaseGradleTest { protected fun , ACTUAL : CharSequence> AbstractCharSequenceAssert.basicSigstoreStructure() = contains( - """"mediaType": "application/vnd.dev.sigstore.bundle+json;version\u003d0.2"""", + """"mediaType": "application/vnd.dev.sigstore.bundle+json;version\u003d0.3"""", """"algorithm": "SHA2_256"""", ) }