diff --git a/fuzzing/src/main/java/fuzzing/TufKeysFuzzer.java b/fuzzing/src/main/java/fuzzing/TufVerifierFuzzer.java similarity index 54% rename from fuzzing/src/main/java/fuzzing/TufKeysFuzzer.java rename to fuzzing/src/main/java/fuzzing/TufVerifierFuzzer.java index b38b14d8..8cb8efa0 100644 --- a/fuzzing/src/main/java/fuzzing/TufKeysFuzzer.java +++ b/fuzzing/src/main/java/fuzzing/TufVerifierFuzzer.java @@ -16,24 +16,30 @@ package fuzzing; import com.code_intelligence.jazzer.api.FuzzedDataProvider; -import dev.sigstore.encryption.Keys; -import java.security.NoSuchAlgorithmException; -import java.security.spec.InvalidKeySpecException; +import dev.sigstore.tuf.encryption.Verifiers; +import dev.sigstore.tuf.model.ImmutableKey; +import dev.sigstore.tuf.model.Key; +import java.io.IOException; +import java.security.InvalidKeyException; +import java.util.Map; -public class TufKeysFuzzer { +public class TufVerifierFuzzer { public static void fuzzerTestOneInput(FuzzedDataProvider data) { try { - String[] schemes = {"rsassa-pss-sha256", "ed25519", "ecdsa-sha2-nistp256", "ecdsa"}; - String scheme = data.pickValue(schemes); - byte[] byteArray = data.consumeRemainingAsBytes(); + String keyType = data.consumeString(10); + String scheme = data.consumeString(20); + String keyData = data.consumeRemainingAsString(); - Keys.constructTufPublicKey(byteArray, scheme); - } catch (InvalidKeySpecException | NoSuchAlgorithmException e) { + Key key = + ImmutableKey.builder() + .keyType(keyType) + .keyVal(Map.of("public", keyData)) + .scheme(scheme) + .build(); + + Verifiers.newVerifier(key); + } catch (IOException | InvalidKeyException e) { // known exceptions - } catch (RuntimeException e) { - if (!e.toString().contains("not currently supported")) { - throw e; - } } } } diff --git a/sigstore-java/src/main/java/dev/sigstore/encryption/Keys.java b/sigstore-java/src/main/java/dev/sigstore/encryption/Keys.java index 9fbe8a8a..13440b0e 100644 --- a/sigstore-java/src/main/java/dev/sigstore/encryption/Keys.java +++ b/sigstore-java/src/main/java/dev/sigstore/encryption/Keys.java @@ -15,32 +15,22 @@ */ package dev.sigstore.encryption; -import static org.bouncycastle.jce.ECPointUtil.decodePoint; - import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStreamReader; import java.nio.charset.StandardCharsets; import java.security.KeyFactory; import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; import java.security.PublicKey; import java.security.Security; -import java.security.spec.ECPoint; -import java.security.spec.ECPublicKeySpec; import java.security.spec.InvalidKeySpecException; import java.security.spec.RSAPublicKeySpec; import java.security.spec.X509EncodedKeySpec; import java.util.List; import org.bouncycastle.asn1.ASN1Integer; import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.edec.EdECObjectIdentifiers; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.jce.ECNamedCurveTable; import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec; -import org.bouncycastle.jce.spec.ECNamedCurveSpec; import org.bouncycastle.openssl.PEMParser; import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter; import org.bouncycastle.util.encoders.DecoderException; @@ -74,6 +64,7 @@ public static PublicKey parsePublicKey(byte[] keyBytes) "sigstore public keys must be only a single PEM encoded public key"); } JcaPEMKeyConverter converter = new JcaPEMKeyConverter(); + converter.setProvider(BouncyCastleProvider.PROVIDER_NAME); if (keyObj instanceof SubjectPublicKeyInfo) { PublicKey pk = converter.getPublicKey((SubjectPublicKeyInfo) keyObj); if (!SUPPORTED_KEY_TYPES.contains(pk.getAlgorithm())) { @@ -115,78 +106,4 @@ public static PublicKey parsePkcs1RsaPublicKey(byte[] contents) KeyFactory factory = KeyFactory.getInstance("RSA"); return factory.generatePublic(keySpec); } - - /** - * Valid values for scheme are: - * - *
    - *
  1. ed25519 - *
  2. ecdsa-sha2-nistp256 - *
- * - * @see spec - * @param contents keyBytes - * @param scheme signing scheme - * @return java {link PublicKey} - * @throws NoSuchAlgorithmException if we don't support the scheme provided - * @throws InvalidKeySpecException if the public key material is invalid - */ - public static PublicKey constructTufPublicKey(byte[] contents, String scheme) - throws NoSuchAlgorithmException, InvalidKeySpecException { - if (contents == null || contents.length == 0) { - throw new InvalidKeySpecException("key contents was empty"); - } - switch (scheme) { - case "ed25519": - { - final KeyFactory kf = KeyFactory.getInstance("Ed25519"); - X509EncodedKeySpec keySpec; - // tuf allows raw keys only for ed25519 (non PEM): - // https://github.com/theupdateframework/specification/blob/c51875f445d8a57efca9dadfbd5dbdece06d87e6/tuf-spec.md#key-objects--file-formats-keys - if (contents.length == 32) { - var params = - new SubjectPublicKeyInfo( - new AlgorithmIdentifier(EdECObjectIdentifiers.id_Ed25519), contents); - try { - keySpec = new X509EncodedKeySpec(params.getEncoded()); - } catch (IOException e) { - throw new RuntimeException(e); - } - } else { - keySpec = new X509EncodedKeySpec(contents); - } - return kf.generatePublic(keySpec); - } - case "ecdsa": - case "ecdsa-sha2-nistp256": - { - // spec for P-256 curve - ECNamedCurveParameterSpec spec = ECNamedCurveTable.getParameterSpec("P-256"); - // create a KeyFactory with ECDSA (Elliptic Curve Diffie-Hellman) algorithm and use - // BouncyCastle as the provider - KeyFactory kf = null; - try { - kf = KeyFactory.getInstance("ECDSA", BouncyCastleProvider.PROVIDER_NAME); - } catch (NoSuchProviderException e) { - throw new RuntimeException(e); - } - - // code below just creates the public key from key contents using the curve parameters - // (spec variable) - try { - ECNamedCurveSpec params = - new ECNamedCurveSpec("P-256", spec.getCurve(), spec.getG(), spec.getN()); - ECPoint point = decodePoint(params.getCurve(), contents); - ECPublicKeySpec pubKeySpec = new ECPublicKeySpec(point, params); - return kf.generatePublic(pubKeySpec); - } catch (IllegalArgumentException | NullPointerException ex) { - throw new InvalidKeySpecException("ecdsa key was not parseable", ex); - } - } - default: - throw new RuntimeException(scheme + " not currently supported"); - } - } } diff --git a/sigstore-java/src/main/java/dev/sigstore/encryption/signers/Verifiers.java b/sigstore-java/src/main/java/dev/sigstore/encryption/signers/Verifiers.java index 7ebcdb92..9cfb93fd 100644 --- a/sigstore-java/src/main/java/dev/sigstore/encryption/signers/Verifiers.java +++ b/sigstore-java/src/main/java/dev/sigstore/encryption/signers/Verifiers.java @@ -20,11 +20,6 @@ /** Autodetection for verification algorithms based on public keys used. */ public class Verifiers { - @FunctionalInterface - public interface Supplier { - public Verifier newVerifier(PublicKey publicKey) throws NoSuchAlgorithmException; - } - /** Returns a new verifier for the provided public key to use during verification. */ public static Verifier newVerifier(PublicKey publicKey) throws NoSuchAlgorithmException { if (publicKey.getAlgorithm().equals("RSA")) { diff --git a/sigstore-java/src/main/java/dev/sigstore/fulcio/client/CertificateRequest.java b/sigstore-java/src/main/java/dev/sigstore/fulcio/client/CertificateRequest.java index 07cb48d1..375d02d6 100644 --- a/sigstore-java/src/main/java/dev/sigstore/fulcio/client/CertificateRequest.java +++ b/sigstore-java/src/main/java/dev/sigstore/fulcio/client/CertificateRequest.java @@ -23,6 +23,8 @@ @Value.Immutable public interface CertificateRequest { + // Really Fuclio PublicKeyAlgorithm.RSA_PSS is not a PSS signature scheme, it's a PKCS1 scheme. + // https://github.com/sigstore/fulcio/issues/1858 Map SUPPORTED_ALGORITHMS = ImmutableMap.of("EC", PublicKeyAlgorithm.ECDSA, "RSA", PublicKeyAlgorithm.RSA_PSS); diff --git a/sigstore-java/src/main/java/dev/sigstore/trustroot/PublicKey.java b/sigstore-java/src/main/java/dev/sigstore/trustroot/PublicKey.java index 5fb7d357..cf8d5acc 100644 --- a/sigstore-java/src/main/java/dev/sigstore/trustroot/PublicKey.java +++ b/sigstore-java/src/main/java/dev/sigstore/trustroot/PublicKey.java @@ -35,6 +35,9 @@ public java.security.PublicKey toJavaPublicKey() if (getKeyDetails().equals("PKIX_ECDSA_P256_SHA_256")) { return Keys.parsePkixPublicKey(getRawBytes(), "EC"); } + if (getKeyDetails().startsWith("PKIX_RSA")) { + return Keys.parsePkixPublicKey(getRawBytes(), "RSA"); + } if (getKeyDetails().equals("PKCS1_RSA_PKCS1V5")) { return Keys.parsePkcs1RsaPublicKey(getRawBytes()); } diff --git a/sigstore-java/src/main/java/dev/sigstore/tuf/Updater.java b/sigstore-java/src/main/java/dev/sigstore/tuf/Updater.java index 071a8f39..fb4c3e77 100644 --- a/sigstore-java/src/main/java/dev/sigstore/tuf/Updater.java +++ b/sigstore-java/src/main/java/dev/sigstore/tuf/Updater.java @@ -19,15 +19,15 @@ import com.google.common.annotations.VisibleForTesting; import com.google.common.hash.Hashing; -import dev.sigstore.encryption.Keys; -import dev.sigstore.encryption.signers.Verifiers; +import dev.sigstore.tuf.encryption.Verifiers; import dev.sigstore.tuf.model.*; import dev.sigstore.tuf.model.TargetMeta.TargetData; +import dev.sigstore.tuf.model.Targets; +import dev.sigstore.tuf.model.Timestamp; +import dev.sigstore.tuf.model.TufMeta; import java.io.IOException; -import java.nio.charset.StandardCharsets; import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; -import java.security.PublicKey; import java.security.SignatureException; import java.security.spec.InvalidKeySpecException; import java.time.Clock; @@ -247,24 +247,23 @@ void verifyDelegate( // look for the public key that matches the key ID and use it for verification. var key = publicKeys.get(signature.getKeyId()); if (key != null) { - String publicKeyContents = key.getKeyVal().get("public"); - PublicKey pubKey; - // TUF root version 4 and less is raw hex encoded key while 5+ is PEM. - // TODO(patrick@chainguard.dev): remove hex handling code once we upgrade the trusted root - // to v5. - if (publicKeyContents.startsWith("-----BEGIN PUBLIC KEY-----")) { - pubKey = Keys.parsePublicKey(publicKeyContents.getBytes(StandardCharsets.UTF_8)); - } else { - pubKey = Keys.constructTufPublicKey(Hex.decode(publicKeyContents), key.getScheme()); - } try { // while we error on keys that are not readable, we are intentionally more permissive // about signatures. If for ANY reason (except unparsed keys) we cannot validate a // signature, we continue as long as we find enough valid signatures within the // threshold. We still warn the user as this could be an indicator of data issues byte[] signatureBytes = Hex.decode(signature.getSignature()); - if (verifiers.newVerifier(pubKey).verify(verificationMaterial, signatureBytes)) { + if (verifiers.newVerifier(key).verify(verificationMaterial, signatureBytes)) { goodSigs.add(signature.getKeyId()); + } else { + log.log( + Level.FINE, + () -> + String.format( + Locale.ROOT, + "TUF: ignored failed signature verification: '%s' for keyid: '%s'", + signature.getSignature(), + signature.getKeyId())); } } catch (SignatureException e) { log.log( @@ -272,9 +271,10 @@ void verifyDelegate( () -> String.format( Locale.ROOT, - "TUF: ignored unverifiable signature: '%s' for keyid: '%s'", + "TUF: ignored unverifiable signature: '%s' for keyid: '%s', because '%s'", signature.getSignature(), - signature.getKeyId())); + signature.getKeyId(), + e.getMessage())); } catch (DecoderException | NoSuchAlgorithmException | InvalidKeyException e) { log.log( Level.WARNING, diff --git a/sigstore-java/src/main/java/dev/sigstore/tuf/encryption/EcdsaVerifier.java b/sigstore-java/src/main/java/dev/sigstore/tuf/encryption/EcdsaVerifier.java new file mode 100644 index 00000000..2b4bfe3e --- /dev/null +++ b/sigstore-java/src/main/java/dev/sigstore/tuf/encryption/EcdsaVerifier.java @@ -0,0 +1,41 @@ +/* + * Copyright 2022 The Sigstore Authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package dev.sigstore.tuf.encryption; + +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; +import java.security.PublicKey; +import java.security.Signature; +import java.security.SignatureException; + +/** ECDSA verifier, instantiated in {@link Verifiers}. */ +class EcdsaVerifier implements Verifier { + + private final PublicKey publicKey; + + EcdsaVerifier(PublicKey publicKey) { + this.publicKey = publicKey; + } + + @Override + public boolean verify(byte[] artifact, byte[] signature) + throws NoSuchAlgorithmException, InvalidKeyException, SignatureException { + var verifier = Signature.getInstance("SHA256withECDSA"); + verifier.initVerify(publicKey); + verifier.update(artifact); + return verifier.verify(signature); + } +} diff --git a/sigstore-java/src/main/java/dev/sigstore/tuf/encryption/Ed25519Verifier.java b/sigstore-java/src/main/java/dev/sigstore/tuf/encryption/Ed25519Verifier.java new file mode 100644 index 00000000..ad29e6f9 --- /dev/null +++ b/sigstore-java/src/main/java/dev/sigstore/tuf/encryption/Ed25519Verifier.java @@ -0,0 +1,42 @@ +/* + * Copyright 2022 The Sigstore Authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package dev.sigstore.tuf.encryption; + +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; +import java.security.PublicKey; +import java.security.Signature; +import java.security.SignatureException; + +/** Ed25519 verifier, instantiated by {@link Verifiers}. */ +class Ed25519Verifier implements Verifier { + + private final PublicKey publicKey; + + Ed25519Verifier(PublicKey publicKey) { + this.publicKey = publicKey; + } + + /** EdDSA verifiers hash implicitly for ed25519 keys. */ + @Override + public boolean verify(byte[] artifact, byte[] signature) + throws NoSuchAlgorithmException, InvalidKeyException, SignatureException { + var verifier = Signature.getInstance("Ed25519"); + verifier.initVerify(publicKey); + verifier.update(artifact); + return verifier.verify(signature); + } +} diff --git a/sigstore-java/src/main/java/dev/sigstore/tuf/encryption/RsaPssVerifier.java b/sigstore-java/src/main/java/dev/sigstore/tuf/encryption/RsaPssVerifier.java new file mode 100644 index 00000000..7b0f11e1 --- /dev/null +++ b/sigstore-java/src/main/java/dev/sigstore/tuf/encryption/RsaPssVerifier.java @@ -0,0 +1,41 @@ +/* + * Copyright 2022 The Sigstore Authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package dev.sigstore.tuf.encryption; + +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; +import java.security.PublicKey; +import java.security.Signature; +import java.security.SignatureException; + +/** RSA verifier using PSS and MGF1, instantiated by {@link Verifiers}. */ +class RsaPssVerifier implements Verifier { + + private final PublicKey publicKey; + + RsaPssVerifier(PublicKey publicKey) { + this.publicKey = publicKey; + } + + @Override + public boolean verify(byte[] artifact, byte[] signature) + throws NoSuchAlgorithmException, InvalidKeyException, SignatureException { + var verifier = Signature.getInstance("SHA256withRSAandMGF1"); + verifier.initVerify(publicKey); + verifier.update(artifact); + return verifier.verify(signature); + } +} diff --git a/sigstore-java/src/main/java/dev/sigstore/tuf/encryption/Verifier.java b/sigstore-java/src/main/java/dev/sigstore/tuf/encryption/Verifier.java new file mode 100644 index 00000000..1398c1ca --- /dev/null +++ b/sigstore-java/src/main/java/dev/sigstore/tuf/encryption/Verifier.java @@ -0,0 +1,35 @@ +/* + * Copyright 2022 The Sigstore Authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package dev.sigstore.tuf.encryption; + +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; +import java.security.SignatureException; + +/** A verifier interface specifying verification for a raw artifact (no hashing). */ +public interface Verifier { + + /** + * Verify an artifact. Implementations may hash the artifact with sha256 before verifying unless + * they have an implicit hashing algorithm. + * + * @param artifact the artifact that was signed + * @param signature the signature associated with the artifact + * @return true if the signature is valid, false otherwise + */ + boolean verify(byte[] artifact, byte[] signature) + throws NoSuchAlgorithmException, InvalidKeyException, SignatureException; +} diff --git a/sigstore-java/src/main/java/dev/sigstore/tuf/encryption/Verifiers.java b/sigstore-java/src/main/java/dev/sigstore/tuf/encryption/Verifiers.java new file mode 100644 index 00000000..16494540 --- /dev/null +++ b/sigstore-java/src/main/java/dev/sigstore/tuf/encryption/Verifiers.java @@ -0,0 +1,113 @@ +/* + * Copyright 2024 The Sigstore Authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package dev.sigstore.tuf.encryption; + +import dev.sigstore.tuf.model.Key; +import java.io.IOException; +import java.io.StringReader; +import java.security.InvalidKeyException; +import java.security.PublicKey; +import java.security.Security; +import org.bouncycastle.asn1.edec.EdECObjectIdentifiers; +import org.bouncycastle.asn1.x509.AlgorithmIdentifier; +import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; +import org.bouncycastle.crypto.params.ECKeyParameters; +import org.bouncycastle.crypto.params.RSAKeyParameters; +import org.bouncycastle.crypto.util.PublicKeyFactory; +import org.bouncycastle.jce.provider.BouncyCastleProvider; +import org.bouncycastle.openssl.PEMParser; +import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter; +import org.bouncycastle.util.encoders.DecoderException; +import org.bouncycastle.util.encoders.Hex; + +public class Verifiers { + + static { + Security.addProvider(new BouncyCastleProvider()); + } + + @FunctionalInterface + public interface Supplier { + Verifier newVerifier(Key key) throws IOException, InvalidKeyException; + } + + public static Verifier newVerifier(Key key) throws IOException, InvalidKeyException { + + PublicKey publicKey = parsePublicKey(key); + if (key.getKeyType().equals("rsa") && key.getScheme().equals("rsassa-pss-sha256")) { + return new RsaPssVerifier(publicKey); + } + if (isEcdsaKey(key) && key.getScheme().equals("ecdsa-sha2-nistp256")) { + return new EcdsaVerifier(publicKey); + } + if (key.getKeyType().equals("ed25519") && key.getScheme().equals("ed25519")) { + return new Ed25519Verifier(publicKey); + } + throw new InvalidKeyException( + "Unsupported tuf key type and scheme combination: " + + key.getKeyType() + + "/" + + key.getScheme()); + } + + private static PublicKey parsePublicKey(Key key) throws IOException, InvalidKeyException { + var keyType = key.getKeyType(); + if (keyType.equals("rsa") || isEcdsaKey(key)) { + try (PEMParser pemParser = new PEMParser(new StringReader(key.getKeyVal().get("public")))) { + var keyObj = pemParser.readObject(); // throws DecoderException + if (keyObj == null) { + throw new InvalidKeyException( + "tuf " + key.getKeyType() + " keys must be a single PEM encoded section"); + } + if (keyObj instanceof SubjectPublicKeyInfo) { + var keyInfo = PublicKeyFactory.createKey((SubjectPublicKeyInfo) keyObj); + if ((keyType.equals("rsa") && keyInfo instanceof RSAKeyParameters) + || (isEcdsaKey(key) && keyInfo instanceof ECKeyParameters)) { + JcaPEMKeyConverter converter = new JcaPEMKeyConverter(); + return converter.getPublicKey((SubjectPublicKeyInfo) keyObj); + } + } + throw new InvalidKeyException( + "Could not parse PEM section into " + keyType + " public key"); + } catch (DecoderException e) { + throw new InvalidKeyException("Could not parse PEM section in " + keyType + " public key"); + } + } + // tuf allows raw keys only for ed25519 (non PEM): + // https://github.com/theupdateframework/specification/blob/c51875f445d8a57efca9dadfbd5dbdece06d87e6/tuf-spec.md#key-objects--file-formats-keys + else if (keyType.equals("ed25519")) { + byte[] keyContents; + try { + keyContents = Hex.decode(key.getKeyVal().get("public")); + } catch (DecoderException e) { + throw new InvalidKeyException("Could not parse hex encoded ed25519 public key"); + } + var params = + new SubjectPublicKeyInfo( + new AlgorithmIdentifier(EdECObjectIdentifiers.id_Ed25519), keyContents); + JcaPEMKeyConverter converter = new JcaPEMKeyConverter(); + return converter.getPublicKey(params); + } else { + throw new InvalidKeyException("Unsupported tuf key type" + key.getKeyType()); + } + } + + // this is a hack to handle keytypes of ecdsa-sha2-nistp256 + // context: https://github.com/awslabs/tough/issues/754 + private static boolean isEcdsaKey(Key key) { + return key.getKeyType().equals("ecdsa-sha2-nistp256") || key.getKeyType().equals("ecdsa"); + } +} diff --git a/sigstore-java/src/main/resources/dev/sigstore/tuf/sigstore-tuf-root/root.json b/sigstore-java/src/main/resources/dev/sigstore/tuf/sigstore-tuf-root/root.json index 7abd5fda..a904807f 100644 --- a/sigstore-java/src/main/resources/dev/sigstore/tuf/sigstore-tuf-root/root.json +++ b/sigstore-java/src/main/resources/dev/sigstore/tuf/sigstore-tuf-root/root.json @@ -1,156 +1,165 @@ { + "signatures": [ + { + "keyid": "6f260089d5923daf20166ca657c543af618346ab971884a99962b01988bbe0c3", + "sig": "30460221008ab1f6f17d4f9e6d7dcf1c88912b6b53cc10388644ae1f09bc37a082cd06003e022100e145ef4c7b782d4e8107b53437e669d0476892ce999903ae33d14448366996e7" + }, + { + "keyid": "e71a54d543835ba86adad9460379c7641fb8726d164ea766801a1c522aba7ea2", + "sig": "3045022100c768b2f86da99569019c160a081da54ae36c34c0a3120d3cb69b53b7d113758e02204f671518f617b20d46537fae6c3b63bae8913f4f1962156105cc4f019ac35c6a" + }, + { + "keyid": "22f4caec6d8e6f9555af66b3d4c3cb06a3bb23fdc7e39c916c61f462e6f52b06", + "sig": "3045022100b4434e6995d368d23e74759acd0cb9013c83a5d3511f0f997ec54c456ae4350a022015b0e265d182d2b61dc74e155d98b3c3fbe564ba05286aa14c8df02c9b756516" + }, + { + "keyid": "61643838125b440b40db6942f5cb5a31c0dc04368316eb2aaa58b95904a58222", + "sig": "304502210082c58411d989eb9f861410857d42381590ec9424dbdaa51e78ed13515431904e0220118185da6a6c2947131c17797e2bb7620ce26e5f301d1ceac5f2a7e58f9dcf2e" + }, + { + "keyid": "a687e5bf4fab82b0ee58d46e05c9535145a2c9afb458f43d42b45ca0fdce2a70", + "sig": "3046022100c78513854cae9c32eaa6b88e18912f48006c2757a258f917312caba75948eb9e022100d9e1b4ce0adfe9fd2e2148d7fa27a2f40ba1122bd69da7612d8d1776b013c91d" + }, + { + "keyid": "fdfa83a07b5a83589b87ded41f77f39d232ad91f7cce52868dacd06ba089849f", + "sig": "3045022056483a2d5d9ea9cec6e11eadfb33c484b614298faca15acf1c431b11ed7f734c022100d0c1d726af92a87e4e66459ca5adf38a05b44e1f94318423f954bae8bca5bb2e" + }, + { + "keyid": "e2f59acb9488519407e18cbfc9329510be03c04aca9929d2f0301343fec85523", + "sig": "3046022100d004de88024c32dc5653a9f4843cfc5215427048ad9600d2cf9c969e6edff3d2022100d9ebb798f5fc66af10899dece014a8628ccf3c5402cd4a4270207472f8f6e712" + }, + { + "keyid": "3c344aa068fd4cc4e87dc50b612c02431fbc771e95003993683a2b0bf260cf0e", + "sig": "3046022100b7b09996c45ca2d4b05603e56baefa29718a0b71147cf8c6e66349baa61477df022100c4da80c717b4fa7bba0fd5c72da8a0499358b01358b2309f41d1456ea1e7e1d9" + }, + { + "keyid": "ec81669734e017996c5b85f3d02c3de1dd4637a152019fe1af125d2f9368b95e", + "sig": "3046022100be9782c30744e411a82fa85b5138d601ce148bc19258aec64e7ec24478f38812022100caef63dcaf1a4b9a500d3bd0e3f164ec18f1b63d7a9460d9acab1066db0f016d" + }, + { + "keyid": "1e1d65ce98b10addad4764febf7dda2d0436b3d3a3893579c0dddaea20e54849", + "sig": "30450220746ec3f8534ce55531d0d01ff64964ef440d1e7d2c4c142409b8e9769f1ada6f022100e3b929fcd93ea18feaa0825887a7210489879a66780c07a83f4bd46e2f09ab3b" + } + ], "signed": { "_type": "root", - "spec_version": "1.0", - "version": 5, - "expires": "2023-04-18T18:13:43Z", + "consistent_snapshot": true, + "expires": "2025-02-19T08:04:32Z", "keys": { - "25a0eb450fd3ee2bd79218c963dce3f1cc6118badf251bf149f0bd07d5cabe99": { - "keytype": "ecdsa-sha2-nistp256", - "scheme": "ecdsa-sha2-nistp256", + "22f4caec6d8e6f9555af66b3d4c3cb06a3bb23fdc7e39c916c61f462e6f52b06": { "keyid_hash_algorithms": [ "sha256", "sha512" ], + "keytype": "ecdsa", "keyval": { - "public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEEXsz3SZXFb8jMV42j6pJlyjbjR8K\nN3Bwocexq6LMIb5qsWKOQvLN16NUefLc4HswOoumRsVVaajSpQS6fobkRw==\n-----END PUBLIC KEY-----\n" - } - }, - "2e61cd0cbf4a8f45809bda9f7f78c0d33ad11842ff94ae340873e2664dc843de": { - "keytype": "ecdsa-sha2-nistp256", + "public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEzBzVOmHCPojMVLSI364WiiV8NPrD\n6IgRxVliskz/v+y3JER5mcVGcONliDcWMC5J2lfHmjPNPhb4H7xm8LzfSA==\n-----END PUBLIC KEY-----\n" + }, "scheme": "ecdsa-sha2-nistp256", - "keyid_hash_algorithms": [ - "sha256", - "sha512" - ], - "keyval": { - "public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0ghrh92Lw1Yr3idGV5WqCtMDB8Cx\n+D8hdC4w2ZLNIplVRoVGLskYa3gheMyOjiJ8kPi15aQ2//7P+oj7UvJPGw==\n-----END PUBLIC KEY-----\n" - } + "x-tuf-on-ci-keyowner": "@santiagotorres" }, - "45b283825eb184cabd582eb17b74fc8ed404f68cf452acabdad2ed6f90ce216b": { - "keytype": "ecdsa-sha2-nistp256", - "scheme": "ecdsa-sha2-nistp256", + "61643838125b440b40db6942f5cb5a31c0dc04368316eb2aaa58b95904a58222": { "keyid_hash_algorithms": [ "sha256", "sha512" ], + "keytype": "ecdsa", "keyval": { - "public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAELrWvNt94v4R085ELeeCMxHp7PldF\n0/T1GxukUh2ODuggLGJE0pc1e8CSBf6CS91Fwo9FUOuRsjBUld+VqSyCdQ==\n-----END PUBLIC KEY-----\n" - } - }, - "7f7513b25429a64473e10ce3ad2f3da372bbdd14b65d07bbaf547e7c8bbbe62b": { - "keytype": "ecdsa-sha2-nistp256", + "public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEinikSsAQmYkNeH5eYq/CnIzLaacO\nxlSaawQDOwqKy/tCqxq5xxPSJc21K4WIhs9GyOkKfzueY3GILzcMJZ4cWw==\n-----END PUBLIC KEY-----\n" + }, "scheme": "ecdsa-sha2-nistp256", + "x-tuf-on-ci-keyowner": "@bobcallaway" + }, + "6f260089d5923daf20166ca657c543af618346ab971884a99962b01988bbe0c3": { "keyid_hash_algorithms": [ "sha256", "sha512" ], + "keytype": "ecdsa", "keyval": { - "public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEinikSsAQmYkNeH5eYq/CnIzLaacO\nxlSaawQDOwqKy/tCqxq5xxPSJc21K4WIhs9GyOkKfzueY3GILzcMJZ4cWw==\n-----END PUBLIC KEY-----\n" - } - }, - "e1863ba02070322ebc626dcecf9d881a3a38c35c3b41a83765b6ad6c37eaec2a": { - "keytype": "ecdsa-sha2-nistp256", + "public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEy8XKsmhBYDI8Jc0GwzBxeKax0cm5\nSTKEU65HPFunUn41sT8pi0FjM4IkHz/YUmwmLUO0Wt7lxhj6BkLIK4qYAw==\n-----END PUBLIC KEY-----\n" + }, "scheme": "ecdsa-sha2-nistp256", + "x-tuf-on-ci-keyowner": "@dlorenc" + }, + "7247f0dbad85b147e1863bade761243cc785dcb7aa410e7105dd3d2b61a36d2c": { "keyid_hash_algorithms": [ "sha256", "sha512" ], + "keytype": "ecdsa", "keyval": { "public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEWRiGr5+j+3J5SsH+Ztr5nE2H2wO7\nBV+nO3s93gLca18qTOzHY1oWyAGDykMSsGTUBSt9D+An0KfKsD2mfSM42Q==\n-----END PUBLIC KEY-----\n" - } - }, - "f5312f542c21273d9485a49394386c4575804770667f2ddb59b3bf0669fddd2f": { - "keytype": "ecdsa-sha2-nistp256", + }, "scheme": "ecdsa-sha2-nistp256", + "x-tuf-on-ci-online-uri": "gcpkms://projects/sigstore-root-signing/locations/global/keyRings/root/cryptoKeys/timestamp" + }, + "a687e5bf4fab82b0ee58d46e05c9535145a2c9afb458f43d42b45ca0fdce2a70": { "keyid_hash_algorithms": [ "sha256", "sha512" ], + "keytype": "ecdsa", "keyval": { - "public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEzBzVOmHCPojMVLSI364WiiV8NPrD\n6IgRxVliskz/v+y3JER5mcVGcONliDcWMC5J2lfHmjPNPhb4H7xm8LzfSA==\n-----END PUBLIC KEY-----\n" - } - }, - "ff51e17fcf253119b7033f6f57512631da4a0969442afcf9fc8b141c7f2be99c": { - "keytype": "ecdsa-sha2-nistp256", + "public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0ghrh92Lw1Yr3idGV5WqCtMDB8Cx\n+D8hdC4w2ZLNIplVRoVGLskYa3gheMyOjiJ8kPi15aQ2//7P+oj7UvJPGw==\n-----END PUBLIC KEY-----\n" + }, "scheme": "ecdsa-sha2-nistp256", + "x-tuf-on-ci-keyowner": "@joshuagl" + }, + "e71a54d543835ba86adad9460379c7641fb8726d164ea766801a1c522aba7ea2": { "keyid_hash_algorithms": [ "sha256", "sha512" ], + "keytype": "ecdsa", "keyval": { - "public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEy8XKsmhBYDI8Jc0GwzBxeKax0cm5\nSTKEU65HPFunUn41sT8pi0FjM4IkHz/YUmwmLUO0Wt7lxhj6BkLIK4qYAw==\n-----END PUBLIC KEY-----\n" - } + "public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEEXsz3SZXFb8jMV42j6pJlyjbjR8K\nN3Bwocexq6LMIb5qsWKOQvLN16NUefLc4HswOoumRsVVaajSpQS6fobkRw==\n-----END PUBLIC KEY-----\n" + }, + "scheme": "ecdsa-sha2-nistp256", + "x-tuf-on-ci-keyowner": "@mnm678" } }, "roles": { "root": { "keyids": [ - "ff51e17fcf253119b7033f6f57512631da4a0969442afcf9fc8b141c7f2be99c", - "25a0eb450fd3ee2bd79218c963dce3f1cc6118badf251bf149f0bd07d5cabe99", - "f5312f542c21273d9485a49394386c4575804770667f2ddb59b3bf0669fddd2f", - "7f7513b25429a64473e10ce3ad2f3da372bbdd14b65d07bbaf547e7c8bbbe62b", - "2e61cd0cbf4a8f45809bda9f7f78c0d33ad11842ff94ae340873e2664dc843de" + "6f260089d5923daf20166ca657c543af618346ab971884a99962b01988bbe0c3", + "e71a54d543835ba86adad9460379c7641fb8726d164ea766801a1c522aba7ea2", + "22f4caec6d8e6f9555af66b3d4c3cb06a3bb23fdc7e39c916c61f462e6f52b06", + "61643838125b440b40db6942f5cb5a31c0dc04368316eb2aaa58b95904a58222", + "a687e5bf4fab82b0ee58d46e05c9535145a2c9afb458f43d42b45ca0fdce2a70" ], "threshold": 3 }, "snapshot": { "keyids": [ - "45b283825eb184cabd582eb17b74fc8ed404f68cf452acabdad2ed6f90ce216b" + "7247f0dbad85b147e1863bade761243cc785dcb7aa410e7105dd3d2b61a36d2c" ], - "threshold": 1 + "threshold": 1, + "x-tuf-on-ci-expiry-period": 3650, + "x-tuf-on-ci-signing-period": 365 }, "targets": { "keyids": [ - "ff51e17fcf253119b7033f6f57512631da4a0969442afcf9fc8b141c7f2be99c", - "25a0eb450fd3ee2bd79218c963dce3f1cc6118badf251bf149f0bd07d5cabe99", - "f5312f542c21273d9485a49394386c4575804770667f2ddb59b3bf0669fddd2f", - "7f7513b25429a64473e10ce3ad2f3da372bbdd14b65d07bbaf547e7c8bbbe62b", - "2e61cd0cbf4a8f45809bda9f7f78c0d33ad11842ff94ae340873e2664dc843de" + "6f260089d5923daf20166ca657c543af618346ab971884a99962b01988bbe0c3", + "e71a54d543835ba86adad9460379c7641fb8726d164ea766801a1c522aba7ea2", + "22f4caec6d8e6f9555af66b3d4c3cb06a3bb23fdc7e39c916c61f462e6f52b06", + "61643838125b440b40db6942f5cb5a31c0dc04368316eb2aaa58b95904a58222", + "a687e5bf4fab82b0ee58d46e05c9535145a2c9afb458f43d42b45ca0fdce2a70" ], "threshold": 3 }, "timestamp": { "keyids": [ - "e1863ba02070322ebc626dcecf9d881a3a38c35c3b41a83765b6ad6c37eaec2a" + "7247f0dbad85b147e1863bade761243cc785dcb7aa410e7105dd3d2b61a36d2c" ], - "threshold": 1 + "threshold": 1, + "x-tuf-on-ci-expiry-period": 7, + "x-tuf-on-ci-signing-period": 4 } }, - "consistent_snapshot": true - }, - "signatures": [ - { - "keyid": "ff51e17fcf253119b7033f6f57512631da4a0969442afcf9fc8b141c7f2be99c", - "sig": "3045022100fc1c2be509ce50ea917bbad1d9efe9d96c8c2ebea04af2717aa3d9c6fe617a75022012eef282a19f2d8bd4818aa333ef48a06489f49d4d34a20b8fe8fc867bb25a7a" - }, - { - "keyid": "25a0eb450fd3ee2bd79218c963dce3f1cc6118badf251bf149f0bd07d5cabe99", - "sig": "30450221008a4392ae5057fc00778b651e61fea244766a4ae58db84d9f1d3810720ab0f3b702207c49e59e8031318caf02252ecea1281cecc1e5986c309a9cef61f455ecf7165d" - }, - { - "keyid": "7f7513b25429a64473e10ce3ad2f3da372bbdd14b65d07bbaf547e7c8bbbe62b", - "sig": "3046022100da1b8dc5d53aaffbbfac98de3e23ee2d2ad3446a7bed09fac0f88bae19be2587022100b681c046afc3919097dfe794e0d819be891e2e850aade315bec06b0c4dea221b" - }, - { - "keyid": "2e61cd0cbf4a8f45809bda9f7f78c0d33ad11842ff94ae340873e2664dc843de", - "sig": "3046022100b534e0030e1b271133ecfbdf3ba9fbf3becb3689abea079a2150afbb63cdb7c70221008c39a718fd9495f249b4ab8788d5b9dc269f0868dbe38b272f48207359d3ded9" - }, - { - "keyid": "2f64fb5eac0cf94dd39bb45308b98920055e9a0d8e012a7220787834c60aef97", - "sig": "3045022100fc1c2be509ce50ea917bbad1d9efe9d96c8c2ebea04af2717aa3d9c6fe617a75022012eef282a19f2d8bd4818aa333ef48a06489f49d4d34a20b8fe8fc867bb25a7a" - }, - { - "keyid": "eaf22372f417dd618a46f6c627dbc276e9fd30a004fc94f9be946e73f8bd090b", - "sig": "30450221008a4392ae5057fc00778b651e61fea244766a4ae58db84d9f1d3810720ab0f3b702207c49e59e8031318caf02252ecea1281cecc1e5986c309a9cef61f455ecf7165d" - }, - { - "keyid": "f505595165a177a41750a8e864ed1719b1edfccd5a426fd2c0ffda33ce7ff209", - "sig": "3046022100da1b8dc5d53aaffbbfac98de3e23ee2d2ad3446a7bed09fac0f88bae19be2587022100b681c046afc3919097dfe794e0d819be891e2e850aade315bec06b0c4dea221b" - }, - { - "keyid": "75e867ab10e121fdef32094af634707f43ddd79c6bab8ad6c5ab9f03f4ea8c90", - "sig": "3046022100b534e0030e1b271133ecfbdf3ba9fbf3becb3689abea079a2150afbb63cdb7c70221008c39a718fd9495f249b4ab8788d5b9dc269f0868dbe38b272f48207359d3ded9" - } - ] + "spec_version": "1.0", + "version": 10, + "x-tuf-on-ci-expiry-period": 182, + "x-tuf-on-ci-signing-period": 31 + } } \ No newline at end of file diff --git a/sigstore-java/src/main/resources/dev/sigstore/tuf/tuf-root-staging/root.json b/sigstore-java/src/main/resources/dev/sigstore/tuf/tuf-root-staging/root.json index 27291656..9e3a01d2 100644 --- a/sigstore-java/src/main/resources/dev/sigstore/tuf/tuf-root-staging/root.json +++ b/sigstore-java/src/main/resources/dev/sigstore/tuf/tuf-root-staging/root.json @@ -1,65 +1,107 @@ { - "signed": { - "_type": "root", - "spec_version": "1.0", - "version": 3, - "expires": "2029-02-17T23:05:14Z", - "keys": { - "314ae73abd3012fc73bfcc3783e31d03852716597642b891d6a33155c4baf600": { - "keytype": "ecdsa-sha2-nistp256", - "scheme": "ecdsa-sha2-nistp256", - "keyid_hash_algorithms": [ - "sha256", - "sha512" - ], - "keyval": { - "public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEXMZ7rD8tWDE4lK/+naJN7INMxNC7\nbMMANDqTQE7WpzyzffWOg59hc/MwbvJtvuxhO9mEu3GD3Cn0HffFlmVRiA==\n-----END PUBLIC KEY-----\n" - } - }, - "c8e09a68b5821b75462ae0df52151c81deb7f1838246dc1da8c34cc91ec12bda": { - "keytype": "ecdsa-sha2-nistp256", - "scheme": "ecdsa-sha2-nistp256", - "keyid_hash_algorithms": [ - "sha256", - "sha512" - ], - "keyval": { - "public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEL3vL/VeaH6nBbo4rekyO4cc/QthS\n+nlyJXCXSnyIMAtLmVTa8Pf0qG6YIVaR0TmLkyk9YoSVsZakxuMTuaEwrg==\n-----END PUBLIC KEY-----\n" - } - } - }, - "roles": { - "root": { - "keyids": [ - "c8e09a68b5821b75462ae0df52151c81deb7f1838246dc1da8c34cc91ec12bda" - ], - "threshold": 1 - }, - "snapshot": { - "keyids": [ - "314ae73abd3012fc73bfcc3783e31d03852716597642b891d6a33155c4baf600" - ], - "threshold": 1 - }, - "targets": { - "keyids": [ - "c8e09a68b5821b75462ae0df52151c81deb7f1838246dc1da8c34cc91ec12bda" - ], - "threshold": 1 - }, - "timestamp": { - "keyids": [ - "314ae73abd3012fc73bfcc3783e31d03852716597642b891d6a33155c4baf600" - ], - "threshold": 1 - } - }, - "consistent_snapshot": true - }, - "signatures": [ - { - "keyid": "c8e09a68b5821b75462ae0df52151c81deb7f1838246dc1da8c34cc91ec12bda", - "sig": "3045022061a67fc07a5dd88f0087f394d4d3ef15237115d2ee24261f2d35db07715da097022100a0efc621c0b0ba697ae75827e579dd90eef30f7bc5fdbef2c44338f791a67eeb" - } - ] + "signatures": [ + { + "keyid": "aa61e09f6af7662ac686cf0c6364079f63d3e7a86836684eeced93eace3acd81", + "sig": "304502204d5d01c2ae4b846cc6d29d7c5676f5d99ea464a69bd464fef16a5d0cdd4a616d022100bf73b2b11b68bf7a7047480bf0d5961a3a40c524f64a82e2c90f59d4083e498e" + }, + { + "keyid": "61f9609d2655b346fcebccd66b509d5828168d5e447110e261f0bcc8553624bc", + "sig": "3044022005a8e904d484b7f4c3bac53ed6babeee303f6308f81f9ea29a7a1f6ad51068c20220641303f1e5ab14b151525c63ca95b35df64ffc905c8883f96cbee703ed45a2df" + }, + { + "keyid": "9471fbda95411d10109e467ad526082d15f14a38de54ea2ada9687ab39d8e237", + "sig": "" + }, + { + "keyid": "0374a9e18a20a2103736cb4277e2fdd7f8453642c7d9eaf4ad8aee9cf2d47bb5", + "sig": "" + } + ], + "signed": { + "_type": "root", + "consistent_snapshot": true, + "expires": "2025-03-07T07:44:40Z", + "keys": { + "0374a9e18a20a2103736cb4277e2fdd7f8453642c7d9eaf4ad8aee9cf2d47bb5": { + "keytype": "ecdsa", + "keyval": { + "public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEoxkvDOmtGEknB3M+ZkPts8joDM0X\nIH5JZwPlgC2CXs/eqOuNF8AcEWwGYRiDhV/IMlQw5bg8PLICQcgsbrDiKg==\n-----END PUBLIC KEY-----\n" + }, + "scheme": "ecdsa-sha2-nistp256", + "x-tuf-on-ci-keyowner": "@mnm678" + }, + "61f9609d2655b346fcebccd66b509d5828168d5e447110e261f0bcc8553624bc": { + "keytype": "ecdsa", + "keyval": { + "public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE++Wv+DcLRk+mfkmlpCwl1GUi9EMh\npBUTz8K0fH7bE4mQuViGSyWA/eyMc0HvzZi6Xr0diHw0/lUPBvok214YQw==\n-----END PUBLIC KEY-----\n" + }, + "scheme": "ecdsa-sha2-nistp256", + "x-tuf-on-ci-keyowner": "@kommendorkapten" + }, + "9471fbda95411d10109e467ad526082d15f14a38de54ea2ada9687ab39d8e237": { + "keytype": "ecdsa", + "keyval": { + "public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFHDb85JH+JYR1LQmxiz4UMokVMnP\nxKoWpaEnFCKXH8W4Fc/DfIxMnkpjCuvWUBdJXkO0aDIxwsij8TOFh2R7dw==\n-----END PUBLIC KEY-----\n" + }, + "scheme": "ecdsa-sha2-nistp256", + "x-tuf-on-ci-keyowner": "@joshuagl" + }, + "aa61e09f6af7662ac686cf0c6364079f63d3e7a86836684eeced93eace3acd81": { + "keytype": "ecdsa", + "keyval": { + "public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEohqIdE+yTl4OxpX8ZxNUPrg3SL9H\nBDnhZuceKkxy2oMhUOxhWweZeG3bfM1T4ZLnJimC6CAYVU5+F5jZCoftRw==\n-----END PUBLIC KEY-----\n" + }, + "scheme": "ecdsa-sha2-nistp256", + "x-tuf-on-ci-keyowner": "@jku" + }, + "c3479007e861445ce5dc109d9661ed77b35bbc0e3f161852c46114266fc2daa4": { + "keytype": "ecdsa", + "keyval": { + "public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAExxmEtmhF5U+i+v/6he4BcSLzCgMx\n/0qSrvDg6bUWwUrkSKS2vDpcJrhGy5fmmhRrGawjPp1ALpC3y1kqFTpXDg==\n-----END PUBLIC KEY-----\n" + }, + "scheme": "ecdsa-sha2-nistp256", + "x-tuf-on-ci-online-uri": "gcpkms:projects/projectsigstore-staging/locations/global/keyRings/tuf-keyring/cryptoKeys/tuf-key/cryptoKeyVersions/2" + } + }, + "roles": { + "root": { + "keyids": [ + "aa61e09f6af7662ac686cf0c6364079f63d3e7a86836684eeced93eace3acd81", + "61f9609d2655b346fcebccd66b509d5828168d5e447110e261f0bcc8553624bc", + "9471fbda95411d10109e467ad526082d15f14a38de54ea2ada9687ab39d8e237", + "0374a9e18a20a2103736cb4277e2fdd7f8453642c7d9eaf4ad8aee9cf2d47bb5" + ], + "threshold": 2 + }, + "snapshot": { + "keyids": [ + "c3479007e861445ce5dc109d9661ed77b35bbc0e3f161852c46114266fc2daa4" + ], + "threshold": 1, + "x-tuf-on-ci-expiry-period": 3650, + "x-tuf-on-ci-signing-period": 365 + }, + "targets": { + "keyids": [ + "aa61e09f6af7662ac686cf0c6364079f63d3e7a86836684eeced93eace3acd81", + "61f9609d2655b346fcebccd66b509d5828168d5e447110e261f0bcc8553624bc", + "9471fbda95411d10109e467ad526082d15f14a38de54ea2ada9687ab39d8e237", + "0374a9e18a20a2103736cb4277e2fdd7f8453642c7d9eaf4ad8aee9cf2d47bb5" + ], + "threshold": 1 + }, + "timestamp": { + "keyids": [ + "c3479007e861445ce5dc109d9661ed77b35bbc0e3f161852c46114266fc2daa4" + ], + "threshold": 1, + "x-tuf-on-ci-expiry-period": 7, + "x-tuf-on-ci-signing-period": 6 + } + }, + "spec_version": "1.0", + "version": 10, + "x-tuf-on-ci-expiry-period": 182, + "x-tuf-on-ci-signing-period": 35 + } } \ No newline at end of file diff --git a/sigstore-java/src/test/java/dev/sigstore/encryption/KeysTest.java b/sigstore-java/src/test/java/dev/sigstore/encryption/KeysTest.java index 139e39c0..5c8081ad 100644 --- a/sigstore-java/src/test/java/dev/sigstore/encryption/KeysTest.java +++ b/sigstore-java/src/test/java/dev/sigstore/encryption/KeysTest.java @@ -21,15 +21,11 @@ import java.io.IOException; import java.nio.charset.StandardCharsets; import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; import java.security.PublicKey; import java.security.spec.InvalidKeySpecException; import org.bouncycastle.util.encoders.Base64; -import org.bouncycastle.util.encoders.Hex; import org.junit.jupiter.api.Assertions; import org.junit.jupiter.api.Test; -import org.junit.jupiter.api.condition.EnabledForJreRange; -import org.junit.jupiter.api.condition.JRE; class KeysTest { @@ -73,24 +69,15 @@ void parsePublicKey_ec() throws IOException, InvalidKeySpecException, NoSuchAlgo } @Test - @EnabledForJreRange(max = JRE.JAVA_14) - void parsePublicKey_ed25519_withBouncyCastle() + void parsePublicKey_ed25519() throws IOException, InvalidKeySpecException, NoSuchAlgorithmException { PublicKey result = Keys.parsePublicKey(Resources.toByteArray(Resources.getResource(ED25519_PUB_PATH))); - // BouncyCastle names the algorithm differently than the JDK (Ed25519 vs EdDSA) + // BouncyCastle names the algorithm differently than the JDK (Ed25519 vs EdDSA) but we + // force the converter to use BouncyCastle always. assertEquals("Ed25519", result.getAlgorithm()); } - @Test - @EnabledForJreRange(min = JRE.JAVA_15) - void parsePublicKey_ed25519_withStdLib() - throws IOException, InvalidKeySpecException, NoSuchAlgorithmException { - PublicKey result = - Keys.parsePublicKey(Resources.toByteArray(Resources.getResource(ED25519_PUB_PATH))); - assertEquals("EdDSA", result.getAlgorithm()); - } - @Test void parsePublicKey_dsaShouldFail() { Assertions.assertThrows( @@ -106,108 +93,6 @@ void parseTufPublicKeyPemEncoded_sha2_nistp256() assertEquals("ECDSA", result.getAlgorithm()); } - @Test - void parseTufPublicKey_ecdsa() throws NoSuchAlgorithmException, InvalidKeySpecException { - PublicKey key = - Keys.constructTufPublicKey( - Hex.decode( - "04cbc5cab2684160323c25cd06c3307178a6b1d1c9b949328453ae473c5ba7527e35b13f298b41633382241f3fd8526c262d43b45adee5c618fa0642c82b8a9803"), - "ecdsa-sha2-nistp256"); - assertNotNull(key); - assertEquals("ECDSA", key.getAlgorithm()); - } - - @Test - void parseTufPublicKey_ecdsaBad() { - Assertions.assertThrows( - InvalidKeySpecException.class, - () -> { - Keys.constructTufPublicKey( - Hex.decode( - "04cbcdcab2684160323c25cd06c3307178a6b1d1c9b949328453ae473c5ba7527e35b13f298b41633382241f3fd8526c262d43b45adee5c618fa0642c82b8a9803"), - "ecdsa-sha2-nistp256"); - }); - } - - @Test - @EnabledForJreRange(min = JRE.JAVA_15) - void parseTufPublicKey_ed25519_java15Plus() - throws NoSuchAlgorithmException, InvalidKeySpecException { - // {@code step crypto keypair ed25519.pub /dev/null --kty OKP --curve Ed25519} - // copy just the key part out of ed25519.pub removing PEM header and footer - // {@code echo $(copied content) | base64 -d | hexdump -v -e '/1 "%02x" '} - PublicKey key = - Keys.constructTufPublicKey( - Hex.decode( - "302a300506032b65700321008b2e369230c3b97f4627fd6a59eb054a83ec15ed929ab3d983a40ffd322a223d"), - "ed25519"); - assertNotNull(key); - assertEquals("EdDSA", key.getAlgorithm()); - } - - @Test - @EnabledForJreRange(max = JRE.JAVA_14) - void parseTufPublicKey_ed25519_lteJava14() - throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchProviderException { - // {@code step crypto keypair ed25519.pub /dev/null --kty OKP --curve Ed25519} - // copy just the key part out of ed25519.pub removing PEM header and footer - // {@code echo $(copied content) | base64 -d | hexdump -v -e '/1 "%02x" '} - PublicKey key = - Keys.constructTufPublicKey( - Hex.decode( - "302a300506032b65700321008b2e369230c3b97f4627fd6a59eb054a83ec15ed929ab3d983a40ffd322a223d"), - "ed25519"); - assertNotNull(key); - assertEquals("Ed25519", key.getAlgorithm()); - } - - @Test - @EnabledForJreRange(min = JRE.JAVA_15) - void parseTufPublicKey_ed25519_rawBytes_java15plus() throws Exception { - PublicKey key = - Keys.constructTufPublicKey( - Hex.decode("2d7218ce609f85de4b0d29d9e679cfd73e96756652f7069a0cf00acb752e5d3c"), - "ed25519"); - assertNotNull(key); - assertEquals("EdDSA", key.getAlgorithm()); - } - - @Test - @EnabledForJreRange(max = JRE.JAVA_14) - void parseTufPublicKey_ed25519_rawBytes_lteJava14() throws Exception { - PublicKey key = - Keys.constructTufPublicKey( - Hex.decode("2d7218ce609f85de4b0d29d9e679cfd73e96756652f7069a0cf00acb752e5d3c"), - "ed25519"); - assertNotNull(key); - assertEquals("Ed25519", key.getAlgorithm()); - } - - @Test - void parseTufPublicKey_ed25519Bad() { - Assertions.assertThrows( - InvalidKeySpecException.class, - () -> - Keys.constructTufPublicKey( - Hex.decode( - "302b300506032b65700321008b2e369230c3b97f4627fd6a59eb054a83ec15ed929ab3d983a40ffd322a223d"), - "ed25519")); - } - - @Test - void parseTufPublicKey_rsa() throws NoSuchAlgorithmException, InvalidKeySpecException { - // {@code step crypto keypair ed25519.pub /dev/null --kty OKP --curve Ed25519} - // copy just the key part out of ed25519.pub removing PEM header and footer - // {@code echo $(copied content) | base64 -d | hexdump -v -e '/1 "%02x" '} - Assertions.assertThrows( - RuntimeException.class, - () -> - Keys.constructTufPublicKey( - Hex.decode( - "302a300506032b65700321008b2e369230c3b97f4627fd6a59eb054a83ec15ed929ab3d983a40ffd322a223d"), - "rsassa-pss-sha256")); - } - @Test void parsePkixPublicKey_rsa() throws NoSuchAlgorithmException, InvalidKeySpecException { var base64Key = diff --git a/sigstore-java/src/test/java/dev/sigstore/tuf/FileSystemTufStoreTest.java b/sigstore-java/src/test/java/dev/sigstore/tuf/FileSystemTufStoreTest.java index d6d28042..7e36a52e 100644 --- a/sigstore-java/src/test/java/dev/sigstore/tuf/FileSystemTufStoreTest.java +++ b/sigstore-java/src/test/java/dev/sigstore/tuf/FileSystemTufStoreTest.java @@ -27,7 +27,7 @@ class FileSystemTufStoreTest { - public static final String PROD_REPO = "real/prod"; + public static final String REPO = "synthetic/test-template"; @Test void newFileSystemStore_empty(@TempDir Path repoBase) throws IOException { @@ -37,7 +37,7 @@ void newFileSystemStore_empty(@TempDir Path repoBase) throws IOException { @Test void newFileSystemStore_hasRepo(@TempDir Path repoBase) throws IOException { - TestResources.setupRepoFiles(PROD_REPO, repoBase, "root.json"); + TestResources.setupRepoFiles(REPO, repoBase, "root.json"); FileSystemTufStore tufStore = FileSystemTufStore.newFileSystemStore(repoBase); assertTrue(tufStore.readMeta(RootRole.ROOT, Root.class).isPresent()); } @@ -47,7 +47,7 @@ void writeMeta(@TempDir Path repoBase) throws IOException { FileSystemTufStore tufStore = FileSystemTufStore.newFileSystemStore(repoBase); assertFalse(repoBase.resolve("root.json").toFile().exists()); tufStore.writeMeta( - RootRole.ROOT, TestResources.loadRoot(TestResources.UPDATER_REAL_TRUSTED_ROOT)); + RootRole.ROOT, TestResources.loadRoot(TestResources.UPDATER_SYNTHETIC_TRUSTED_ROOT)); assertEquals(2, repoBase.toFile().list().length, "Expect 2: root.json plus the /targets dir."); assertTrue(repoBase.resolve("root.json").toFile().exists()); assertTrue(repoBase.resolve("targets").toFile().isDirectory()); @@ -55,7 +55,7 @@ void writeMeta(@TempDir Path repoBase) throws IOException { @Test void clearMeta(@TempDir Path repoBase) throws IOException { - TestResources.setupRepoFiles(PROD_REPO, repoBase, "snapshot.json", "timestamp.json"); + TestResources.setupRepoFiles(REPO, repoBase, "snapshot.json", "timestamp.json"); FileSystemTufStore tufStore = FileSystemTufStore.newFileSystemStore(repoBase); assertTrue(repoBase.resolve("snapshot.json").toFile().exists()); assertTrue(repoBase.resolve("timestamp.json").toFile().exists()); diff --git a/sigstore-java/src/test/java/dev/sigstore/tuf/PassthroughCacheMetaStoreTest.java b/sigstore-java/src/test/java/dev/sigstore/tuf/PassthroughCacheMetaStoreTest.java index 3596b905..8fc22b81 100644 --- a/sigstore-java/src/test/java/dev/sigstore/tuf/PassthroughCacheMetaStoreTest.java +++ b/sigstore-java/src/test/java/dev/sigstore/tuf/PassthroughCacheMetaStoreTest.java @@ -42,7 +42,9 @@ class PassthroughCacheMetaStoreTest { @BeforeAll public static void readAllMeta() throws IOException { Path timestampResource = - Path.of(Resources.getResource("dev/sigstore/tuf/real/prod/timestamp.json").getPath()); + Path.of( + Resources.getResource("dev/sigstore/tuf/synthetic/test/repository/timestamp.json") + .getPath()); timestamp = GSON.get().fromJson(Files.newBufferedReader(timestampResource), Timestamp.class); } diff --git a/sigstore-java/src/test/java/dev/sigstore/tuf/UpdaterTest.java b/sigstore-java/src/test/java/dev/sigstore/tuf/UpdaterTest.java index 841e25c1..8bdeb7e9 100644 --- a/sigstore-java/src/test/java/dev/sigstore/tuf/UpdaterTest.java +++ b/sigstore-java/src/test/java/dev/sigstore/tuf/UpdaterTest.java @@ -16,7 +16,6 @@ package dev.sigstore.tuf; import static dev.sigstore.json.GsonSupplier.GSON; -import static dev.sigstore.testkit.tuf.TestResources.UPDATER_REAL_TRUSTED_ROOT; import static dev.sigstore.testkit.tuf.TestResources.UPDATER_SYNTHETIC_TRUSTED_ROOT; import static org.junit.jupiter.api.Assertions.assertDoesNotThrow; import static org.junit.jupiter.api.Assertions.assertEquals; @@ -27,12 +26,11 @@ import com.google.common.collect.ImmutableList; import com.google.common.collect.ImmutableMap; -import com.google.common.hash.Hashing; import com.google.common.io.Resources; import com.google.gson.JsonSyntaxException; -import dev.sigstore.encryption.signers.Verifier; -import dev.sigstore.encryption.signers.Verifiers; import dev.sigstore.testkit.tuf.TestResources; +import dev.sigstore.tuf.encryption.Verifier; +import dev.sigstore.tuf.encryption.Verifiers; import dev.sigstore.tuf.model.Hashes; import dev.sigstore.tuf.model.ImmutableKey; import dev.sigstore.tuf.model.ImmutableRootRole; @@ -41,7 +39,6 @@ import dev.sigstore.tuf.model.Role; import dev.sigstore.tuf.model.Root; import dev.sigstore.tuf.model.Signature; -import dev.sigstore.tuf.model.TargetMeta; import dev.sigstore.tuf.model.Targets; import io.github.netmikey.logunit.api.LogCapturer; import java.io.File; @@ -52,8 +49,6 @@ import java.nio.file.Path; import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; -import java.security.PublicKey; -import java.security.SignatureException; import java.security.spec.InvalidKeySpecException; import java.time.Clock; import java.time.Instant; @@ -123,19 +118,6 @@ static void startRemoteResourceServer() throws Exception { System.out.println("TUF local server listening on: " + remoteUrl); } - @Test - public void testRootUpdate_fromProdData() throws Exception { - setupMirror( - "real/prod", "1.root.json", "2.root.json", "3.root.json", "4.root.json", "5.root.json"); - var updater = createTimeStaticUpdater(localStorePath, UPDATER_REAL_TRUSTED_ROOT); - updater.updateRoot(); - assertStoreContains("root.json"); - Root oldRoot = TestResources.loadRoot(UPDATER_REAL_TRUSTED_ROOT); - Root newRoot = TestResources.loadRoot(localStorePath.resolve("root.json")); - assertRootVersionIncreased(oldRoot, newRoot); - assertRootNotExpired(newRoot); - } - @Test public void testRootUpdate_notEnoughSignatures() throws IOException, NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException { @@ -603,50 +585,6 @@ public void testTargetsDownload_sha256Only() throws Exception { assertDoesNotThrow(updater::update); } - // End to end sanity test on the actual prod sigstore repo. - @Test - public void testUpdate_fromProdData() - throws IOException, NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException { - setupMirror( - "real/prod", - "1.root.json", - "2.root.json", - "3.root.json", - "4.root.json", - "5.root.json", - "69.snapshot.json", - "5.targets.json", - "timestamp.json", - "snapshot.json", - "targets.json", - "root.json", - "targets/0ae7705e02db33e814329746a4a0e5603c5bdcd91c96d072158d71011a2695788866565a2fec0fe363eb72cbcaeda39e54c5fe8d416daf9f3101fdba4217ef35.rekor.pub", - "targets/0f99f47dbc26c5f1e3cba0bfd9af4245a26e5cb735d6ef005792ec7e603f66fdb897de985973a6e50940ca7eff5e1849719e967b5ad2dac74a29115a41cf6f21.fulcio_intermediate_v1.crt.pem", - "targets/4b20747d1afe2544238ad38cc0cc3010921b177d60ac743767e0ef675b915489bd01a36606c0ff83c06448622d7160f0d866c83d20f0c0f44653dcc3f9aa0bd4.ctfe.pub", - "targets/308fd1d1d95d7f80aa33b837795251cc3e886792982275e062409e13e4e236ffc34d676682aa96fdc751414de99c864bf132dde71581fa651c6343905e3bf988.artifact.pub", - "targets/0713252a7fd17f7f3ab12f88a64accf2eb14b8ad40ca711d7fe8b4ecba3b24db9e9dffadb997b196d3867b8f9ff217faf930d80e4dab4e235c7fc3f07be69224.fulcio.crt.pem", - "targets/e83fa4f427b24ee7728637fad1b4aa45ebde2ba02751fa860694b1bb16059a490328f9985e51cc70e4d237545315a1bc866dc4fdeef2f6248d99cc7a6077bf85.ctfe_2022.pub", - "targets/f2e33a6dc208cee1f51d33bbea675ab0f0ced269617497985f9a0680689ee7073e4b6f8fef64c91bda590d30c129b3070dddce824c05bc165ac9802f0705cab6.fulcio_v1.crt.pem"); - var updater = createTimeStaticUpdater(localStorePath, UPDATER_REAL_TRUSTED_ROOT); - updater.update(); - - Root oldRoot = TestResources.loadRoot(UPDATER_REAL_TRUSTED_ROOT); - TrustedMetaStore metaStore = updater.getMetaStore(); - TargetStore targetStore = updater.getTargetStore(); - Root newRoot = metaStore.getRoot(); // should be present - assertRootVersionIncreased(oldRoot, newRoot); - Targets targets = metaStore.getTargets(); // should be present - Map targetsData = targets.getSignedMeta().getTargets(); - for (String file : targetsData.keySet()) { - TargetMeta.TargetData fileData = targetsData.get(file); - byte[] fileBytes = targetStore.readTarget(file); - assertNotNull(fileBytes, "each file from targets data should be present"); - assertEquals(fileData.getLength(), fileBytes.length, "file length should match metadata"); - assertEquals( - fileData.getHashes().getSha512(), Hashing.sha512().hashBytes(fileBytes).toString()); - } - } - private static final byte[] TEST_HASH_VERIFYIER_BYTES = "testdata".getBytes(StandardCharsets.UTF_8); private static final String GOOD_256_HASH = @@ -941,8 +879,8 @@ public void testUpdate_snapshotsAndTimestampHaveNoSizeAndNoHashesInMeta() throws @Test public void canCreateMultipleUpdaters() throws IOException { - createTimeStaticUpdater(localStorePath, UPDATER_REAL_TRUSTED_ROOT); - createTimeStaticUpdater(localStorePath, UPDATER_REAL_TRUSTED_ROOT); + createTimeStaticUpdater(localStorePath, UPDATER_SYNTHETIC_TRUSTED_ROOT); + createTimeStaticUpdater(localStorePath, UPDATER_SYNTHETIC_TRUSTED_ROOT); } static Key newKey(String keyContents) { @@ -1027,43 +965,7 @@ static void shutdownRemoteResourceServer() throws Exception { } public static final Verifiers.Supplier ALWAYS_VERIFIES = - publicKey -> - new Verifier() { - @Override - public PublicKey getPublicKey() { - return null; - } - - @Override - public boolean verify(byte[] artifact, byte[] signature) - throws NoSuchAlgorithmException, InvalidKeyException, SignatureException { - return true; - } - - @Override - public boolean verifyDigest(byte[] artifactDigest, byte[] signature) - throws NoSuchAlgorithmException, InvalidKeyException, SignatureException { - return true; - } - }; + (key) -> (Verifier) (artifactDigest, signature) -> true; public static final Verifiers.Supplier ALWAYS_FAILS = - publicKey -> - new Verifier() { - @Override - public PublicKey getPublicKey() { - return null; - } - - @Override - public boolean verify(byte[] artifact, byte[] signature) - throws NoSuchAlgorithmException, InvalidKeyException, SignatureException { - return false; - } - - @Override - public boolean verifyDigest(byte[] artifactDigest, byte[] signature) - throws NoSuchAlgorithmException, InvalidKeyException, SignatureException { - return false; - } - }; + (key) -> (Verifier) (artifactDigest, signature) -> false; } diff --git a/sigstore-java/src/test/java/dev/sigstore/tuf/encryption/EcdsaVerifierTest.java b/sigstore-java/src/test/java/dev/sigstore/tuf/encryption/EcdsaVerifierTest.java new file mode 100644 index 00000000..95becd64 --- /dev/null +++ b/sigstore-java/src/test/java/dev/sigstore/tuf/encryption/EcdsaVerifierTest.java @@ -0,0 +1,53 @@ +/* + * Copyright 2024 The Sigstore Authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package dev.sigstore.tuf.encryption; + +import java.nio.charset.StandardCharsets; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.Security; +import java.security.Signature; +import org.bouncycastle.jce.provider.BouncyCastleProvider; +import org.junit.jupiter.api.Assertions; +import org.junit.jupiter.api.Test; + +class EcdsaVerifierTest { + + private static final byte[] CONTENT = "abcdef".getBytes(StandardCharsets.UTF_8); + + @Test + public void testVerify_ECDSA() throws Exception { + Security.addProvider(new BouncyCastleProvider()); + + var keyPair = genKeyPair(); + var signature = genSignature(keyPair); + var verifier = new EcdsaVerifier(keyPair.getPublic()); + Assertions.assertTrue(verifier.verify(CONTENT, signature)); + } + + private KeyPair genKeyPair() throws Exception { + KeyPairGenerator keyGen = KeyPairGenerator.getInstance("ECDSA"); + keyGen.initialize(256); + return keyGen.generateKeyPair(); + } + + private byte[] genSignature(KeyPair keyPair) throws Exception { + Signature signature = Signature.getInstance("SHA256withECDSA"); + signature.initSign(keyPair.getPrivate()); + signature.update(CONTENT); + return signature.sign(); + } +} diff --git a/sigstore-java/src/test/java/dev/sigstore/tuf/encryption/Ed25519VerifierTest.java b/sigstore-java/src/test/java/dev/sigstore/tuf/encryption/Ed25519VerifierTest.java new file mode 100644 index 00000000..27843cde --- /dev/null +++ b/sigstore-java/src/test/java/dev/sigstore/tuf/encryption/Ed25519VerifierTest.java @@ -0,0 +1,52 @@ +/* + * Copyright 2024 The Sigstore Authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package dev.sigstore.tuf.encryption; + +import java.nio.charset.StandardCharsets; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.Security; +import java.security.Signature; +import org.bouncycastle.jce.provider.BouncyCastleProvider; +import org.junit.jupiter.api.Assertions; +import org.junit.jupiter.api.Test; + +class Ed25519VerifierTest { + + private static final byte[] CONTENT = "abcdef".getBytes(StandardCharsets.UTF_8); + + @Test + public void testVerify_EdDSA() throws Exception { + Security.addProvider(new BouncyCastleProvider()); + + var keyPair = genKeyPair(); + var signature = genSignature(keyPair); + var verifier = new Ed25519Verifier(keyPair.getPublic()); + Assertions.assertTrue(verifier.verify(CONTENT, signature)); + } + + private KeyPair genKeyPair() throws Exception { + KeyPairGenerator kpGen = KeyPairGenerator.getInstance("ed25519"); + return kpGen.generateKeyPair(); + } + + private byte[] genSignature(KeyPair keyPair) throws Exception { + Signature signature = Signature.getInstance("ed25519"); + signature.initSign(keyPair.getPrivate()); + signature.update(CONTENT); + return signature.sign(); + } +} diff --git a/sigstore-java/src/test/java/dev/sigstore/tuf/encryption/RsaPssVerifierTest.java b/sigstore-java/src/test/java/dev/sigstore/tuf/encryption/RsaPssVerifierTest.java new file mode 100644 index 00000000..54d856f5 --- /dev/null +++ b/sigstore-java/src/test/java/dev/sigstore/tuf/encryption/RsaPssVerifierTest.java @@ -0,0 +1,53 @@ +/* + * Copyright 2024 The Sigstore Authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package dev.sigstore.tuf.encryption; + +import java.nio.charset.StandardCharsets; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.Security; +import java.security.Signature; +import org.bouncycastle.jce.provider.BouncyCastleProvider; +import org.junit.jupiter.api.Assertions; +import org.junit.jupiter.api.Test; + +class RsaPssVerifierTest { + + private static final byte[] CONTENT = "abcdef".getBytes(StandardCharsets.UTF_8); + + @Test + public void testVerify_RsaPss() throws Exception { + Security.addProvider(new BouncyCastleProvider()); + + var keyPair = genKeyPair(); + var signature = genSignature(keyPair); + var verifier = new RsaPssVerifier(keyPair.getPublic()); + Assertions.assertTrue(verifier.verify(CONTENT, signature)); + } + + private KeyPair genKeyPair() throws Exception { + KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA"); + keyGen.initialize(2048); + return keyGen.genKeyPair(); + } + + private byte[] genSignature(KeyPair keyPair) throws Exception { + Signature signature = Signature.getInstance("SHA256withRSAandMGF1"); + signature.initSign(keyPair.getPrivate()); + signature.update(CONTENT); + return signature.sign(); + } +} diff --git a/sigstore-java/src/test/java/dev/sigstore/tuf/encryption/VerifiersTest.java b/sigstore-java/src/test/java/dev/sigstore/tuf/encryption/VerifiersTest.java new file mode 100644 index 00000000..8c8eebb9 --- /dev/null +++ b/sigstore-java/src/test/java/dev/sigstore/tuf/encryption/VerifiersTest.java @@ -0,0 +1,118 @@ +/* + * Copyright 2024 The Sigstore Authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package dev.sigstore.tuf.encryption; + +import com.google.common.io.Resources; +import dev.sigstore.tuf.model.ImmutableKey; +import java.nio.charset.StandardCharsets; +import java.security.InvalidKeyException; +import java.util.Map; +import org.junit.jupiter.api.Assertions; +import org.junit.jupiter.api.Test; + +public class VerifiersTest { + + static final String RSA_PUB_PATH = "dev/sigstore/samples/keys/test-rsa.pub"; + static final String EC_PUB_PATH = "dev/sigstore/samples/keys/test-ec.pub"; + + @Test + public void newVerifierRSA() throws Exception { + var key = + ImmutableKey.builder() + .keyType("rsa") + .keyVal( + Map.of( + "public", + Resources.toString( + Resources.getResource(RSA_PUB_PATH), StandardCharsets.UTF_8))) + .scheme("rsassa-pss-sha256") + .build(); + var verifier = Verifiers.newVerifier(key); + Assertions.assertTrue(verifier instanceof RsaPssVerifier); + } + + @Test + public void newVerifierRSA_unsupportedScheme() throws Exception { + var key = + ImmutableKey.builder() + .keyType("rsa") + .keyVal( + Map.of( + "public", + Resources.toString( + Resources.getResource(RSA_PUB_PATH), StandardCharsets.UTF_8))) + .scheme("rsa-junk") + .build(); + Assertions.assertThrows(InvalidKeyException.class, () -> Verifiers.newVerifier(key)); + } + + @Test + public void newVerifierECDSA() throws Exception { + var key = + ImmutableKey.builder() + .keyType("ecdsa") + .keyVal( + Map.of( + "public", + Resources.toString(Resources.getResource(EC_PUB_PATH), StandardCharsets.UTF_8))) + .scheme("ecdsa-sha2-nistp256") + .build(); + var verifier = Verifiers.newVerifier(key); + Assertions.assertTrue(verifier instanceof EcdsaVerifier); + } + + @Test + public void newVerifierECDSA_unsupportedScheme() throws Exception { + var key = + ImmutableKey.builder() + .keyType("ecdsa") + .keyVal( + Map.of( + "public", + Resources.toString( + Resources.getResource(RSA_PUB_PATH), StandardCharsets.UTF_8))) + .scheme("ecdsa-junk") + .build(); + Assertions.assertThrows(InvalidKeyException.class, () -> Verifiers.newVerifier(key)); + } + + @Test + public void newVerifierEd25519() throws Exception { + var key = + ImmutableKey.builder() + .keyType("ed25519") + .keyVal( + Map.of( + "public", "2d7218ce609f85de4b0d29d9e679cfd73e96756652f7069a0cf00acb752e5d3c")) + .scheme("ed25519") + .build(); + var verifier = Verifiers.newVerifier(key); + Assertions.assertTrue(verifier instanceof Ed25519Verifier); + } + + @Test + public void newVerifierEd25519_unsupportedScheme() { + var key = + ImmutableKey.builder() + .keyType("ed25519") + .keyVal( + Map.of( + "public", "2d7218ce609f85de4b0d29d9e679cfd73e96756652f7069a0cf00acb752e5d3c")) + .scheme("ed25519junk") + .build(); + Assertions.assertThrows(InvalidKeyException.class, () -> Verifiers.newVerifier(key)); + } +} diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/1.root.json b/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/1.root.json deleted file mode 100644 index dcc71f96..00000000 --- a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/1.root.json +++ /dev/null @@ -1,130 +0,0 @@ -{ - "signatures": [ - { - "keyid": "2f64fb5eac0cf94dd39bb45308b98920055e9a0d8e012a7220787834c60aef97", - "sig": "30450221008a35d51da0f845301a5eac98ad0df00a934f59b709c1eaf81c86be734d9356f80220742942325599749800f52675f6efe124345980a2a636c0dc76f9caf9fc3123b0" - }, - { - "keyid": "bdde902f5ec668179ff5ca0dabf7657109287d690bf97e230c21d65f99155c62", - "sig": "3045022100ef9157ece2a09baec1eab80adfc00b04da20b1f9a0d1b47c5dabc4506719ef2c022074f72acd57398e4ddc8c2a5040df902961e9615dca48f3fbe38cbb506e500066" - }, - { - "keyid": "eaf22372f417dd618a46f6c627dbc276e9fd30a004fc94f9be946e73f8bd090b", - "sig": "30450220420fdc9a09cd069b8b15fd8db9cedf7d0dee75871bd1cfee77c926d4120a770002210097553b5ad0d6b4a13902ed37509638bb63a9009f78230cd56c802909ffbfead7" - }, - { - "keyid": "f40f32044071a9365505da3d1e3be6561f6f22d0e60cf51df783999f6c3429cb", - "sig": "304502202aaf32e66f90752f658672b085ecfe45cc1ad31ee6cf5c9ad05f3267685f8d88022100b5df02acdaa371123db9d7a42219553fe079b230b168833e951be7ee56ded347" - }, - { - "keyid": "f505595165a177a41750a8e864ed1719b1edfccd5a426fd2c0ffda33ce7ff209", - "sig": "304402205d420c7d05c58980c1c9f7d221f53b5334aae27a447d2a91c2ceddd685269749022039ec83e51f8e1779d7f0142dfa4a5bbecfe327fc0b91b7416090fea2416fd53a" - } - ], - "signed": { - "_type": "root", - "consistent_snapshot": false, - "expires": "2021-12-18T13:28:12.99008-06:00", - "keys": { - "2f64fb5eac0cf94dd39bb45308b98920055e9a0d8e012a7220787834c60aef97": { - "keyid_hash_algorithms": [ - "sha256", - "sha512" - ], - "keytype": "ecdsa-sha2-nistp256", - "keyval": { - "public": "04cbc5cab2684160323c25cd06c3307178a6b1d1c9b949328453ae473c5ba7527e35b13f298b41633382241f3fd8526c262d43b45adee5c618fa0642c82b8a9803" - }, - "scheme": "ecdsa-sha2-nistp256" - }, - "bdde902f5ec668179ff5ca0dabf7657109287d690bf97e230c21d65f99155c62": { - "keyid_hash_algorithms": [ - "sha256", - "sha512" - ], - "keytype": "ecdsa-sha2-nistp256", - "keyval": { - "public": "04a71aacd835dc170ba6db3fa33a1a33dee751d4f8b0217b805b9bd3242921ee93672fdcfd840576c5bb0dc0ed815edf394c1ee48c2b5e02485e59bfc512f3adc7" - }, - "scheme": "ecdsa-sha2-nistp256" - }, - "eaf22372f417dd618a46f6c627dbc276e9fd30a004fc94f9be946e73f8bd090b": { - "keyid_hash_algorithms": [ - "sha256", - "sha512" - ], - "keytype": "ecdsa-sha2-nistp256", - "keyval": { - "public": "04117b33dd265715bf23315e368faa499728db8d1f0a377070a1c7b1aba2cc21be6ab1628e42f2cdd7a35479f2dce07b303a8ba646c55569a8d2a504ba7e86e447" - }, - "scheme": "ecdsa-sha2-nistp256" - }, - "f40f32044071a9365505da3d1e3be6561f6f22d0e60cf51df783999f6c3429cb": { - "keyid_hash_algorithms": [ - "sha256", - "sha512" - ], - "keytype": "ecdsa-sha2-nistp256", - "keyval": { - "public": "04cc1cd53a61c23e88cc54b488dfae168a257c34fac3e88811c55962b24cffbfecb724447999c54670e365883716302e49da57c79a33cd3e16f81fbc66f0bcdf48" - }, - "scheme": "ecdsa-sha2-nistp256" - }, - "f505595165a177a41750a8e864ed1719b1edfccd5a426fd2c0ffda33ce7ff209": { - "keyid_hash_algorithms": [ - "sha256", - "sha512" - ], - "keytype": "ecdsa-sha2-nistp256", - "keyval": { - "public": "048a78a44ac01099890d787e5e62afc29c8ccb69a70ec6549a6b04033b0a8acbfb42ab1ab9c713d225cdb52b858886cf46c8e90a7f3b9e6371882f370c259e1c5b" - }, - "scheme": "ecdsa-sha2-nistp256" - } - }, - "roles": { - "root": { - "keyids": [ - "2f64fb5eac0cf94dd39bb45308b98920055e9a0d8e012a7220787834c60aef97", - "bdde902f5ec668179ff5ca0dabf7657109287d690bf97e230c21d65f99155c62", - "eaf22372f417dd618a46f6c627dbc276e9fd30a004fc94f9be946e73f8bd090b", - "f40f32044071a9365505da3d1e3be6561f6f22d0e60cf51df783999f6c3429cb", - "f505595165a177a41750a8e864ed1719b1edfccd5a426fd2c0ffda33ce7ff209" - ], - "threshold": 3 - }, - "snapshot": { - "keyids": [ - "2f64fb5eac0cf94dd39bb45308b98920055e9a0d8e012a7220787834c60aef97", - "bdde902f5ec668179ff5ca0dabf7657109287d690bf97e230c21d65f99155c62", - "eaf22372f417dd618a46f6c627dbc276e9fd30a004fc94f9be946e73f8bd090b", - "f40f32044071a9365505da3d1e3be6561f6f22d0e60cf51df783999f6c3429cb", - "f505595165a177a41750a8e864ed1719b1edfccd5a426fd2c0ffda33ce7ff209" - ], - "threshold": 3 - }, - "targets": { - "keyids": [ - "2f64fb5eac0cf94dd39bb45308b98920055e9a0d8e012a7220787834c60aef97", - "bdde902f5ec668179ff5ca0dabf7657109287d690bf97e230c21d65f99155c62", - "eaf22372f417dd618a46f6c627dbc276e9fd30a004fc94f9be946e73f8bd090b", - "f40f32044071a9365505da3d1e3be6561f6f22d0e60cf51df783999f6c3429cb", - "f505595165a177a41750a8e864ed1719b1edfccd5a426fd2c0ffda33ce7ff209" - ], - "threshold": 3 - }, - "timestamp": { - "keyids": [ - "2f64fb5eac0cf94dd39bb45308b98920055e9a0d8e012a7220787834c60aef97", - "bdde902f5ec668179ff5ca0dabf7657109287d690bf97e230c21d65f99155c62", - "eaf22372f417dd618a46f6c627dbc276e9fd30a004fc94f9be946e73f8bd090b", - "f40f32044071a9365505da3d1e3be6561f6f22d0e60cf51df783999f6c3429cb", - "f505595165a177a41750a8e864ed1719b1edfccd5a426fd2c0ffda33ce7ff209" - ], - "threshold": 3 - } - }, - "spec_version": "1.0", - "version": 1 - } -} \ No newline at end of file diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/2.root.json b/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/2.root.json deleted file mode 100644 index 386ebe62..00000000 --- a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/2.root.json +++ /dev/null @@ -1,144 +0,0 @@ -{ - "signatures": [ - { - "keyid": "2f64fb5eac0cf94dd39bb45308b98920055e9a0d8e012a7220787834c60aef97", - "sig": "3046022100d3ea59490b253beae0926c6fa63f54336dea1ed700555be9f27ff55cd347639c0221009157d1ba012cead81948a4ab777d355451d57f5c4a2d333fc68d2e3f358093c2" - }, - { - "keyid": "bdde902f5ec668179ff5ca0dabf7657109287d690bf97e230c21d65f99155c62", - "sig": "304502206eaef40564403ce572c6d062e0c9b0aab5e0223576133e081e1b495e8deb9efd02210080fd6f3464d759601b4afec596bbd5952f3a224cd06ed1cdfc3c399118752ba2" - }, - { - "keyid": "eaf22372f417dd618a46f6c627dbc276e9fd30a004fc94f9be946e73f8bd090b", - "sig": "304502207baace02f56d8e6069f10b6ff098a26e7f53a7f9324ad62cffa0557bdeb9036c022100fb3032baaa090d0040c3f2fd872571c84479309b773208601d65948df87a9720" - }, - { - "keyid": "f40f32044071a9365505da3d1e3be6561f6f22d0e60cf51df783999f6c3429cb", - "sig": "304402205180c01905505dd88acd7a2dad979dd75c979b3722513a7bdedac88c6ae8dbeb022056d1ddf7a192f0b1c2c90ff487de2fb3ec9f0c03f66ea937c78d3b6a493504ca" - }, - { - "keyid": "f505595165a177a41750a8e864ed1719b1edfccd5a426fd2c0ffda33ce7ff209", - "sig": "3046022100c8806d4647c514d80fd8f707d3369444c4fd1d0812a2d25f828e564c99790e3f022100bb51f12e862ef17a7d3da2ac103bebc5c7e792237006c4cafacd76267b249c2f" - } - ], - "signed": { - "_type": "root", - "consistent_snapshot": false, - "expires": "2022-05-11T19:09:02.663975009Z", - "keys": { - "2f64fb5eac0cf94dd39bb45308b98920055e9a0d8e012a7220787834c60aef97": { - "keyid_hash_algorithms": [ - "sha256", - "sha512" - ], - "keytype": "ecdsa-sha2-nistp256", - "keyval": { - "public": "04cbc5cab2684160323c25cd06c3307178a6b1d1c9b949328453ae473c5ba7527e35b13f298b41633382241f3fd8526c262d43b45adee5c618fa0642c82b8a9803" - }, - "scheme": "ecdsa-sha2-nistp256" - }, - "b6710623a30c010738e64c5209d367df1c0a18cf90e6ab5292fb01680f83453d": { - "keyid_hash_algorithms": [ - "sha256", - "sha512" - ], - "keytype": "ecdsa-sha2-nistp256", - "keyval": { - "public": "04fa1a3e42f2300cd3c5487a61509348feb1e936920fef2f83b7cd5dbe7ba045f538725ab8f18a666e6233edb7e0db8766c8dc336633449c5e1bbe0c182b02df0b" - }, - "scheme": "ecdsa-sha2-nistp256" - }, - "bdde902f5ec668179ff5ca0dabf7657109287d690bf97e230c21d65f99155c62": { - "keyid_hash_algorithms": [ - "sha256", - "sha512" - ], - "keytype": "ecdsa-sha2-nistp256", - "keyval": { - "public": "04a71aacd835dc170ba6db3fa33a1a33dee751d4f8b0217b805b9bd3242921ee93672fdcfd840576c5bb0dc0ed815edf394c1ee48c2b5e02485e59bfc512f3adc7" - }, - "scheme": "ecdsa-sha2-nistp256" - }, - "eaf22372f417dd618a46f6c627dbc276e9fd30a004fc94f9be946e73f8bd090b": { - "keyid_hash_algorithms": [ - "sha256", - "sha512" - ], - "keytype": "ecdsa-sha2-nistp256", - "keyval": { - "public": "04117b33dd265715bf23315e368faa499728db8d1f0a377070a1c7b1aba2cc21be6ab1628e42f2cdd7a35479f2dce07b303a8ba646c55569a8d2a504ba7e86e447" - }, - "scheme": "ecdsa-sha2-nistp256" - }, - "f40f32044071a9365505da3d1e3be6561f6f22d0e60cf51df783999f6c3429cb": { - "keyid_hash_algorithms": [ - "sha256", - "sha512" - ], - "keytype": "ecdsa-sha2-nistp256", - "keyval": { - "public": "04cc1cd53a61c23e88cc54b488dfae168a257c34fac3e88811c55962b24cffbfecb724447999c54670e365883716302e49da57c79a33cd3e16f81fbc66f0bcdf48" - }, - "scheme": "ecdsa-sha2-nistp256" - }, - "f505595165a177a41750a8e864ed1719b1edfccd5a426fd2c0ffda33ce7ff209": { - "keyid_hash_algorithms": [ - "sha256", - "sha512" - ], - "keytype": "ecdsa-sha2-nistp256", - "keyval": { - "public": "048a78a44ac01099890d787e5e62afc29c8ccb69a70ec6549a6b04033b0a8acbfb42ab1ab9c713d225cdb52b858886cf46c8e90a7f3b9e6371882f370c259e1c5b" - }, - "scheme": "ecdsa-sha2-nistp256" - }, - "fc61191ba8a516fe386c7d6c97d918e1d241e1589729add09b122725b8c32451": { - "keyid_hash_algorithms": [ - "sha256", - "sha512" - ], - "keytype": "ecdsa-sha2-nistp256", - "keyval": { - "public": "044c7793ab74b9ddd713054e587b8d9c75c5f6025633d0fef7ca855ed5b8d5a474b23598fe33eb4a63630d526f74d4bdaec8adcb51993ed65652d651d7c49203eb" - }, - "scheme": "ecdsa-sha2-nistp256" - } - }, - "roles": { - "root": { - "keyids": [ - "2f64fb5eac0cf94dd39bb45308b98920055e9a0d8e012a7220787834c60aef97", - "bdde902f5ec668179ff5ca0dabf7657109287d690bf97e230c21d65f99155c62", - "eaf22372f417dd618a46f6c627dbc276e9fd30a004fc94f9be946e73f8bd090b", - "f40f32044071a9365505da3d1e3be6561f6f22d0e60cf51df783999f6c3429cb", - "f505595165a177a41750a8e864ed1719b1edfccd5a426fd2c0ffda33ce7ff209" - ], - "threshold": 3 - }, - "snapshot": { - "keyids": [ - "fc61191ba8a516fe386c7d6c97d918e1d241e1589729add09b122725b8c32451" - ], - "threshold": 1 - }, - "targets": { - "keyids": [ - "2f64fb5eac0cf94dd39bb45308b98920055e9a0d8e012a7220787834c60aef97", - "bdde902f5ec668179ff5ca0dabf7657109287d690bf97e230c21d65f99155c62", - "eaf22372f417dd618a46f6c627dbc276e9fd30a004fc94f9be946e73f8bd090b", - "f40f32044071a9365505da3d1e3be6561f6f22d0e60cf51df783999f6c3429cb", - "f505595165a177a41750a8e864ed1719b1edfccd5a426fd2c0ffda33ce7ff209" - ], - "threshold": 3 - }, - "timestamp": { - "keyids": [ - "b6710623a30c010738e64c5209d367df1c0a18cf90e6ab5292fb01680f83453d" - ], - "threshold": 1 - } - }, - "spec_version": "1.0", - "version": 2 - } -} \ No newline at end of file diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/3.root.json b/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/3.root.json deleted file mode 100644 index 8d69c515..00000000 --- a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/3.root.json +++ /dev/null @@ -1,136 +0,0 @@ -{ - "signatures": [ - { - "keyid": "2f64fb5eac0cf94dd39bb45308b98920055e9a0d8e012a7220787834c60aef97", - "sig": "3046022100e7a80e4b03eb8768999d20f104925fd9149faf3f6f73ee80f8c2e8d5f998f48c022100d3f01eb8effee202a244e710dca09530b9c57c5e510ab35172bd5eddd373ccc8" - }, - { - "keyid": "eaf22372f417dd618a46f6c627dbc276e9fd30a004fc94f9be946e73f8bd090b", - "sig": "304502200e45fde5cf750f8c533c4f259eb1469510600993b98ae2c3cb8f1922cda96e27022100f5151760d0ef0882a96c2531ccd9f5e4a7ff2b259d8eb34ead8bfdf60cb52fee" - }, - { - "keyid": "f40f32044071a9365505da3d1e3be6561f6f22d0e60cf51df783999f6c3429cb", - "sig": "304502205a7ebeac3617bfb1aca957a6f74d37a02f2854afa54e5103fb3c891bb25836db022100f06614ca8d21f968e45edc29f826d8dbeed07c51d4cb473a734a2036171900de" - } - ], - "signed": { - "_type": "root", - "consistent_snapshot": false, - "expires": "2022-11-10T21:58:09.733402317Z", - "keys": { - "2f64fb5eac0cf94dd39bb45308b98920055e9a0d8e012a7220787834c60aef97": { - "keyid_hash_algorithms": [ - "sha256", - "sha512" - ], - "keytype": "ecdsa-sha2-nistp256", - "keyval": { - "public": "04cbc5cab2684160323c25cd06c3307178a6b1d1c9b949328453ae473c5ba7527e35b13f298b41633382241f3fd8526c262d43b45adee5c618fa0642c82b8a9803" - }, - "scheme": "ecdsa-sha2-nistp256" - }, - "b6710623a30c010738e64c5209d367df1c0a18cf90e6ab5292fb01680f83453d": { - "keyid_hash_algorithms": [ - "sha256", - "sha512" - ], - "keytype": "ecdsa-sha2-nistp256", - "keyval": { - "public": "04fa1a3e42f2300cd3c5487a61509348feb1e936920fef2f83b7cd5dbe7ba045f538725ab8f18a666e6233edb7e0db8766c8dc336633449c5e1bbe0c182b02df0b" - }, - "scheme": "ecdsa-sha2-nistp256" - }, - "bdde902f5ec668179ff5ca0dabf7657109287d690bf97e230c21d65f99155c62": { - "keyid_hash_algorithms": [ - "sha256", - "sha512" - ], - "keytype": "ecdsa-sha2-nistp256", - "keyval": { - "public": "04a71aacd835dc170ba6db3fa33a1a33dee751d4f8b0217b805b9bd3242921ee93672fdcfd840576c5bb0dc0ed815edf394c1ee48c2b5e02485e59bfc512f3adc7" - }, - "scheme": "ecdsa-sha2-nistp256" - }, - "eaf22372f417dd618a46f6c627dbc276e9fd30a004fc94f9be946e73f8bd090b": { - "keyid_hash_algorithms": [ - "sha256", - "sha512" - ], - "keytype": "ecdsa-sha2-nistp256", - "keyval": { - "public": "04117b33dd265715bf23315e368faa499728db8d1f0a377070a1c7b1aba2cc21be6ab1628e42f2cdd7a35479f2dce07b303a8ba646c55569a8d2a504ba7e86e447" - }, - "scheme": "ecdsa-sha2-nistp256" - }, - "f40f32044071a9365505da3d1e3be6561f6f22d0e60cf51df783999f6c3429cb": { - "keyid_hash_algorithms": [ - "sha256", - "sha512" - ], - "keytype": "ecdsa-sha2-nistp256", - "keyval": { - "public": "04cc1cd53a61c23e88cc54b488dfae168a257c34fac3e88811c55962b24cffbfecb724447999c54670e365883716302e49da57c79a33cd3e16f81fbc66f0bcdf48" - }, - "scheme": "ecdsa-sha2-nistp256" - }, - "f505595165a177a41750a8e864ed1719b1edfccd5a426fd2c0ffda33ce7ff209": { - "keyid_hash_algorithms": [ - "sha256", - "sha512" - ], - "keytype": "ecdsa-sha2-nistp256", - "keyval": { - "public": "048a78a44ac01099890d787e5e62afc29c8ccb69a70ec6549a6b04033b0a8acbfb42ab1ab9c713d225cdb52b858886cf46c8e90a7f3b9e6371882f370c259e1c5b" - }, - "scheme": "ecdsa-sha2-nistp256" - }, - "fc61191ba8a516fe386c7d6c97d918e1d241e1589729add09b122725b8c32451": { - "keyid_hash_algorithms": [ - "sha256", - "sha512" - ], - "keytype": "ecdsa-sha2-nistp256", - "keyval": { - "public": "044c7793ab74b9ddd713054e587b8d9c75c5f6025633d0fef7ca855ed5b8d5a474b23598fe33eb4a63630d526f74d4bdaec8adcb51993ed65652d651d7c49203eb" - }, - "scheme": "ecdsa-sha2-nistp256" - } - }, - "roles": { - "root": { - "keyids": [ - "2f64fb5eac0cf94dd39bb45308b98920055e9a0d8e012a7220787834c60aef97", - "bdde902f5ec668179ff5ca0dabf7657109287d690bf97e230c21d65f99155c62", - "eaf22372f417dd618a46f6c627dbc276e9fd30a004fc94f9be946e73f8bd090b", - "f40f32044071a9365505da3d1e3be6561f6f22d0e60cf51df783999f6c3429cb", - "f505595165a177a41750a8e864ed1719b1edfccd5a426fd2c0ffda33ce7ff209" - ], - "threshold": 3 - }, - "snapshot": { - "keyids": [ - "fc61191ba8a516fe386c7d6c97d918e1d241e1589729add09b122725b8c32451" - ], - "threshold": 1 - }, - "targets": { - "keyids": [ - "2f64fb5eac0cf94dd39bb45308b98920055e9a0d8e012a7220787834c60aef97", - "bdde902f5ec668179ff5ca0dabf7657109287d690bf97e230c21d65f99155c62", - "eaf22372f417dd618a46f6c627dbc276e9fd30a004fc94f9be946e73f8bd090b", - "f40f32044071a9365505da3d1e3be6561f6f22d0e60cf51df783999f6c3429cb", - "f505595165a177a41750a8e864ed1719b1edfccd5a426fd2c0ffda33ce7ff209" - ], - "threshold": 3 - }, - "timestamp": { - "keyids": [ - "b6710623a30c010738e64c5209d367df1c0a18cf90e6ab5292fb01680f83453d" - ], - "threshold": 1 - } - }, - "spec_version": "1.0", - "version": 3 - } -} \ No newline at end of file diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/4.root.json b/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/4.root.json deleted file mode 100644 index 0a055fc7..00000000 --- a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/4.root.json +++ /dev/null @@ -1,144 +0,0 @@ -{ - "signed": { - "_type": "root", - "consistent_snapshot": false, - "expires": "2023-01-12T18:22:02Z", - "keys": { - "2f64fb5eac0cf94dd39bb45308b98920055e9a0d8e012a7220787834c60aef97": { - "keyid_hash_algorithms": [ - "sha256", - "sha512" - ], - "keytype": "ecdsa-sha2-nistp256", - "keyval": { - "public": "04cbc5cab2684160323c25cd06c3307178a6b1d1c9b949328453ae473c5ba7527e35b13f298b41633382241f3fd8526c262d43b45adee5c618fa0642c82b8a9803" - }, - "scheme": "ecdsa-sha2-nistp256" - }, - "75e867ab10e121fdef32094af634707f43ddd79c6bab8ad6c5ab9f03f4ea8c90": { - "keyid_hash_algorithms": [ - "sha256", - "sha512" - ], - "keytype": "ecdsa-sha2-nistp256", - "keyval": { - "public": "04d2086b87dd8bc3562bde27465795aa0ad30307c0b1f83f21742e30d992cd2299554685462ec9186b782178cc8e8e227c90f8b5e5a436fffecffa88fb52f24f1b" - }, - "scheme": "ecdsa-sha2-nistp256" - }, - "b6710623a30c010738e64c5209d367df1c0a18cf90e6ab5292fb01680f83453d": { - "keyid_hash_algorithms": [ - "sha256", - "sha512" - ], - "keytype": "ecdsa-sha2-nistp256", - "keyval": { - "public": "04fa1a3e42f2300cd3c5487a61509348feb1e936920fef2f83b7cd5dbe7ba045f538725ab8f18a666e6233edb7e0db8766c8dc336633449c5e1bbe0c182b02df0b" - }, - "scheme": "ecdsa-sha2-nistp256" - }, - "eaf22372f417dd618a46f6c627dbc276e9fd30a004fc94f9be946e73f8bd090b": { - "keyid_hash_algorithms": [ - "sha256", - "sha512" - ], - "keytype": "ecdsa-sha2-nistp256", - "keyval": { - "public": "04117b33dd265715bf23315e368faa499728db8d1f0a377070a1c7b1aba2cc21be6ab1628e42f2cdd7a35479f2dce07b303a8ba646c55569a8d2a504ba7e86e447" - }, - "scheme": "ecdsa-sha2-nistp256" - }, - "f40f32044071a9365505da3d1e3be6561f6f22d0e60cf51df783999f6c3429cb": { - "keyid_hash_algorithms": [ - "sha256", - "sha512" - ], - "keytype": "ecdsa-sha2-nistp256", - "keyval": { - "public": "04cc1cd53a61c23e88cc54b488dfae168a257c34fac3e88811c55962b24cffbfecb724447999c54670e365883716302e49da57c79a33cd3e16f81fbc66f0bcdf48" - }, - "scheme": "ecdsa-sha2-nistp256" - }, - "f505595165a177a41750a8e864ed1719b1edfccd5a426fd2c0ffda33ce7ff209": { - "keyid_hash_algorithms": [ - "sha256", - "sha512" - ], - "keytype": "ecdsa-sha2-nistp256", - "keyval": { - "public": "048a78a44ac01099890d787e5e62afc29c8ccb69a70ec6549a6b04033b0a8acbfb42ab1ab9c713d225cdb52b858886cf46c8e90a7f3b9e6371882f370c259e1c5b" - }, - "scheme": "ecdsa-sha2-nistp256" - }, - "fc61191ba8a516fe386c7d6c97d918e1d241e1589729add09b122725b8c32451": { - "keyid_hash_algorithms": [ - "sha256", - "sha512" - ], - "keytype": "ecdsa-sha2-nistp256", - "keyval": { - "public": "044c7793ab74b9ddd713054e587b8d9c75c5f6025633d0fef7ca855ed5b8d5a474b23598fe33eb4a63630d526f74d4bdaec8adcb51993ed65652d651d7c49203eb" - }, - "scheme": "ecdsa-sha2-nistp256" - } - }, - "roles": { - "root": { - "keyids": [ - "2f64fb5eac0cf94dd39bb45308b98920055e9a0d8e012a7220787834c60aef97", - "eaf22372f417dd618a46f6c627dbc276e9fd30a004fc94f9be946e73f8bd090b", - "f40f32044071a9365505da3d1e3be6561f6f22d0e60cf51df783999f6c3429cb", - "f505595165a177a41750a8e864ed1719b1edfccd5a426fd2c0ffda33ce7ff209", - "75e867ab10e121fdef32094af634707f43ddd79c6bab8ad6c5ab9f03f4ea8c90" - ], - "threshold": 3 - }, - "snapshot": { - "keyids": [ - "fc61191ba8a516fe386c7d6c97d918e1d241e1589729add09b122725b8c32451" - ], - "threshold": 1 - }, - "targets": { - "keyids": [ - "2f64fb5eac0cf94dd39bb45308b98920055e9a0d8e012a7220787834c60aef97", - "eaf22372f417dd618a46f6c627dbc276e9fd30a004fc94f9be946e73f8bd090b", - "f40f32044071a9365505da3d1e3be6561f6f22d0e60cf51df783999f6c3429cb", - "f505595165a177a41750a8e864ed1719b1edfccd5a426fd2c0ffda33ce7ff209", - "75e867ab10e121fdef32094af634707f43ddd79c6bab8ad6c5ab9f03f4ea8c90" - ], - "threshold": 3 - }, - "timestamp": { - "keyids": [ - "b6710623a30c010738e64c5209d367df1c0a18cf90e6ab5292fb01680f83453d" - ], - "threshold": 1 - } - }, - "spec_version": "1.0", - "version": 4 - }, - "signatures": [ - { - "keyid": "2f64fb5eac0cf94dd39bb45308b98920055e9a0d8e012a7220787834c60aef97", - "sig": "3046022100f7d4abde3d694fba01af172466629249a6743efd04c3999f958494842a7aee1f022100d19a295f9225247f17650fdb4ad50b99c2326700aadd0afaec4ae418941c7c59" - }, - { - "keyid": "eaf22372f417dd618a46f6c627dbc276e9fd30a004fc94f9be946e73f8bd090b", - "sig": "3045022075ec28360b3e310db9d3de281a5286e37884aefd9f0b7193ad67c68ab6ee95a2022100aa08a93c58d74d9cb128cea765cae378efe86092f253b75fd427aede48ac7e22" - }, - { - "keyid": "f40f32044071a9365505da3d1e3be6561f6f22d0e60cf51df783999f6c3429cb", - "sig": "304502201de38b2a56a58ae046f26e3be8673063cdde8f8b6a8733bc025ebaf0e09569c50221008f8620c960fa6f9cb52b7c39ce84a5ac18224be4a876a35e1bc8f5d76aa24e86" - }, - { - "keyid": "f505595165a177a41750a8e864ed1719b1edfccd5a426fd2c0ffda33ce7ff209", - "sig": "3044022070d86c3fbc3fb69783d54a451187e43776d97effe500c51f2558939c80ab2bb902201fb14ce51c6c4f40e8f2db792c3d56da18fe0c39499fa3fca9e841fc8bee17f1" - }, - { - "keyid": "75e867ab10e121fdef32094af634707f43ddd79c6bab8ad6c5ab9f03f4ea8c90", - "sig": "3046022100aa1ff582569287b5160864e20bb343eff92dec316940cebe5742e47a56e8cabd0221009dc18bad12920a39b7427914ecb46e2ead58f17136935afbba488b7d6f3160ff" - } - ] -} \ No newline at end of file diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/5.root.json b/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/5.root.json deleted file mode 100644 index 38f80f94..00000000 --- a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/5.root.json +++ /dev/null @@ -1,156 +0,0 @@ -{ - "signed": { - "_type": "root", - "spec_version": "1.0", - "version": 5, - "expires": "2023-04-18T18:13:43Z", - "keys": { - "25a0eb450fd3ee2bd79218c963dce3f1cc6118badf251bf149f0bd07d5cabe99": { - "keytype": "ecdsa-sha2-nistp256", - "scheme": "ecdsa-sha2-nistp256", - "keyid_hash_algorithms": [ - "sha256", - "sha512" - ], - "keyval": { - "public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEEXsz3SZXFb8jMV42j6pJlyjbjR8K\nN3Bwocexq6LMIb5qsWKOQvLN16NUefLc4HswOoumRsVVaajSpQS6fobkRw==\n-----END PUBLIC KEY-----\n" - } - }, - "2e61cd0cbf4a8f45809bda9f7f78c0d33ad11842ff94ae340873e2664dc843de": { - "keytype": "ecdsa-sha2-nistp256", - "scheme": "ecdsa-sha2-nistp256", - "keyid_hash_algorithms": [ - "sha256", - "sha512" - ], - "keyval": { - "public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0ghrh92Lw1Yr3idGV5WqCtMDB8Cx\n+D8hdC4w2ZLNIplVRoVGLskYa3gheMyOjiJ8kPi15aQ2//7P+oj7UvJPGw==\n-----END PUBLIC KEY-----\n" - } - }, - "45b283825eb184cabd582eb17b74fc8ed404f68cf452acabdad2ed6f90ce216b": { - "keytype": "ecdsa-sha2-nistp256", - "scheme": "ecdsa-sha2-nistp256", - "keyid_hash_algorithms": [ - "sha256", - "sha512" - ], - "keyval": { - "public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAELrWvNt94v4R085ELeeCMxHp7PldF\n0/T1GxukUh2ODuggLGJE0pc1e8CSBf6CS91Fwo9FUOuRsjBUld+VqSyCdQ==\n-----END PUBLIC KEY-----\n" - } - }, - "7f7513b25429a64473e10ce3ad2f3da372bbdd14b65d07bbaf547e7c8bbbe62b": { - "keytype": "ecdsa-sha2-nistp256", - "scheme": "ecdsa-sha2-nistp256", - "keyid_hash_algorithms": [ - "sha256", - "sha512" - ], - "keyval": { - "public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEinikSsAQmYkNeH5eYq/CnIzLaacO\nxlSaawQDOwqKy/tCqxq5xxPSJc21K4WIhs9GyOkKfzueY3GILzcMJZ4cWw==\n-----END PUBLIC KEY-----\n" - } - }, - "e1863ba02070322ebc626dcecf9d881a3a38c35c3b41a83765b6ad6c37eaec2a": { - "keytype": "ecdsa-sha2-nistp256", - "scheme": "ecdsa-sha2-nistp256", - "keyid_hash_algorithms": [ - "sha256", - "sha512" - ], - "keyval": { - "public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEWRiGr5+j+3J5SsH+Ztr5nE2H2wO7\nBV+nO3s93gLca18qTOzHY1oWyAGDykMSsGTUBSt9D+An0KfKsD2mfSM42Q==\n-----END PUBLIC KEY-----\n" - } - }, - "f5312f542c21273d9485a49394386c4575804770667f2ddb59b3bf0669fddd2f": { - "keytype": "ecdsa-sha2-nistp256", - "scheme": "ecdsa-sha2-nistp256", - "keyid_hash_algorithms": [ - "sha256", - "sha512" - ], - "keyval": { - "public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEzBzVOmHCPojMVLSI364WiiV8NPrD\n6IgRxVliskz/v+y3JER5mcVGcONliDcWMC5J2lfHmjPNPhb4H7xm8LzfSA==\n-----END PUBLIC KEY-----\n" - } - }, - "ff51e17fcf253119b7033f6f57512631da4a0969442afcf9fc8b141c7f2be99c": { - "keytype": "ecdsa-sha2-nistp256", - "scheme": "ecdsa-sha2-nistp256", - "keyid_hash_algorithms": [ - "sha256", - "sha512" - ], - "keyval": { - "public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEy8XKsmhBYDI8Jc0GwzBxeKax0cm5\nSTKEU65HPFunUn41sT8pi0FjM4IkHz/YUmwmLUO0Wt7lxhj6BkLIK4qYAw==\n-----END PUBLIC KEY-----\n" - } - } - }, - "roles": { - "root": { - "keyids": [ - "ff51e17fcf253119b7033f6f57512631da4a0969442afcf9fc8b141c7f2be99c", - "25a0eb450fd3ee2bd79218c963dce3f1cc6118badf251bf149f0bd07d5cabe99", - "f5312f542c21273d9485a49394386c4575804770667f2ddb59b3bf0669fddd2f", - "7f7513b25429a64473e10ce3ad2f3da372bbdd14b65d07bbaf547e7c8bbbe62b", - "2e61cd0cbf4a8f45809bda9f7f78c0d33ad11842ff94ae340873e2664dc843de" - ], - "threshold": 3 - }, - "snapshot": { - "keyids": [ - "45b283825eb184cabd582eb17b74fc8ed404f68cf452acabdad2ed6f90ce216b" - ], - "threshold": 1 - }, - "targets": { - "keyids": [ - "ff51e17fcf253119b7033f6f57512631da4a0969442afcf9fc8b141c7f2be99c", - "25a0eb450fd3ee2bd79218c963dce3f1cc6118badf251bf149f0bd07d5cabe99", - "f5312f542c21273d9485a49394386c4575804770667f2ddb59b3bf0669fddd2f", - "7f7513b25429a64473e10ce3ad2f3da372bbdd14b65d07bbaf547e7c8bbbe62b", - "2e61cd0cbf4a8f45809bda9f7f78c0d33ad11842ff94ae340873e2664dc843de" - ], - "threshold": 3 - }, - "timestamp": { - "keyids": [ - "e1863ba02070322ebc626dcecf9d881a3a38c35c3b41a83765b6ad6c37eaec2a" - ], - "threshold": 1 - } - }, - "consistent_snapshot": true - }, - "signatures": [ - { - "keyid": "ff51e17fcf253119b7033f6f57512631da4a0969442afcf9fc8b141c7f2be99c", - "sig": "3045022100fc1c2be509ce50ea917bbad1d9efe9d96c8c2ebea04af2717aa3d9c6fe617a75022012eef282a19f2d8bd4818aa333ef48a06489f49d4d34a20b8fe8fc867bb25a7a" - }, - { - "keyid": "25a0eb450fd3ee2bd79218c963dce3f1cc6118badf251bf149f0bd07d5cabe99", - "sig": "30450221008a4392ae5057fc00778b651e61fea244766a4ae58db84d9f1d3810720ab0f3b702207c49e59e8031318caf02252ecea1281cecc1e5986c309a9cef61f455ecf7165d" - }, - { - "keyid": "7f7513b25429a64473e10ce3ad2f3da372bbdd14b65d07bbaf547e7c8bbbe62b", - "sig": "3046022100da1b8dc5d53aaffbbfac98de3e23ee2d2ad3446a7bed09fac0f88bae19be2587022100b681c046afc3919097dfe794e0d819be891e2e850aade315bec06b0c4dea221b" - }, - { - "keyid": "2e61cd0cbf4a8f45809bda9f7f78c0d33ad11842ff94ae340873e2664dc843de", - "sig": "3046022100b534e0030e1b271133ecfbdf3ba9fbf3becb3689abea079a2150afbb63cdb7c70221008c39a718fd9495f249b4ab8788d5b9dc269f0868dbe38b272f48207359d3ded9" - }, - { - "keyid": "2f64fb5eac0cf94dd39bb45308b98920055e9a0d8e012a7220787834c60aef97", - "sig": "3045022100fc1c2be509ce50ea917bbad1d9efe9d96c8c2ebea04af2717aa3d9c6fe617a75022012eef282a19f2d8bd4818aa333ef48a06489f49d4d34a20b8fe8fc867bb25a7a" - }, - { - "keyid": "eaf22372f417dd618a46f6c627dbc276e9fd30a004fc94f9be946e73f8bd090b", - "sig": "30450221008a4392ae5057fc00778b651e61fea244766a4ae58db84d9f1d3810720ab0f3b702207c49e59e8031318caf02252ecea1281cecc1e5986c309a9cef61f455ecf7165d" - }, - { - "keyid": "f505595165a177a41750a8e864ed1719b1edfccd5a426fd2c0ffda33ce7ff209", - "sig": "3046022100da1b8dc5d53aaffbbfac98de3e23ee2d2ad3446a7bed09fac0f88bae19be2587022100b681c046afc3919097dfe794e0d819be891e2e850aade315bec06b0c4dea221b" - }, - { - "keyid": "75e867ab10e121fdef32094af634707f43ddd79c6bab8ad6c5ab9f03f4ea8c90", - "sig": "3046022100b534e0030e1b271133ecfbdf3ba9fbf3becb3689abea079a2150afbb63cdb7c70221008c39a718fd9495f249b4ab8788d5b9dc269f0868dbe38b272f48207359d3ded9" - } - ] -} \ No newline at end of file diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/5.targets.json b/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/5.targets.json deleted file mode 100644 index 35985780..00000000 --- a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/5.targets.json +++ /dev/null @@ -1,125 +0,0 @@ -{ - "signed": { - "_type": "targets", - "spec_version": "1.0", - "version": 5, - "expires": "2023-04-18T18:13:43Z", - "targets": { - "artifact.pub": { - "length": 177, - "hashes": { - "sha256": "59ebf97a9850aecec4bc39c1f5c1dc46e6490a6b5fd2a6cacdcac0c3a6fc4cbf", - "sha512": "308fd1d1d95d7f80aa33b837795251cc3e886792982275e062409e13e4e236ffc34d676682aa96fdc751414de99c864bf132dde71581fa651c6343905e3bf988" - }, - "custom": { - "sigstore": { - "status": "Active", - "usage": "Unknown" - } - } - }, - "ctfe.pub": { - "length": 177, - "hashes": { - "sha256": "7fcb94a5d0ed541260473b990b99a6c39864c1fb16f3f3e594a5a3cebbfe138a", - "sha512": "4b20747d1afe2544238ad38cc0cc3010921b177d60ac743767e0ef675b915489bd01a36606c0ff83c06448622d7160f0d866c83d20f0c0f44653dcc3f9aa0bd4" - }, - "custom": { - "sigstore": { - "status": "Active", - "uri": "https://ctfe.sigstore.dev/test", - "usage": "CTFE" - } - } - }, - "ctfe_2022.pub": { - "length": 178, - "hashes": { - "sha256": "270488a309d22e804eeb245493e87c667658d749006b9fee9cc614572d4fbbdc", - "sha512": "e83fa4f427b24ee7728637fad1b4aa45ebde2ba02751fa860694b1bb16059a490328f9985e51cc70e4d237545315a1bc866dc4fdeef2f6248d99cc7a6077bf85" - }, - "custom": { - "sigstore": { - "status": "Active", - "uri": "https://ctfe.sigstore.dev/2022", - "usage": "CTFE" - } - } - }, - "fulcio.crt.pem": { - "length": 744, - "hashes": { - "sha256": "f360c53b2e13495a628b9b8096455badcb6d375b185c4816d95a5d746ff29908", - "sha512": "0713252a7fd17f7f3ab12f88a64accf2eb14b8ad40ca711d7fe8b4ecba3b24db9e9dffadb997b196d3867b8f9ff217faf930d80e4dab4e235c7fc3f07be69224" - }, - "custom": { - "sigstore": { - "status": "Expired", - "uri": "https://fulcio.sigstore.dev", - "usage": "Fulcio" - } - } - }, - "fulcio_intermediate_v1.crt.pem": { - "length": 789, - "hashes": { - "sha256": "f8cbecf186db7714624a5f4e99da31a917cbef70a94dd6921f5c3ca969dfe30a", - "sha512": "0f99f47dbc26c5f1e3cba0bfd9af4245a26e5cb735d6ef005792ec7e603f66fdb897de985973a6e50940ca7eff5e1849719e967b5ad2dac74a29115a41cf6f21" - }, - "custom": { - "sigstore": { - "status": "Active", - "uri": "https://fulcio.sigstore.dev", - "usage": "Fulcio" - } - } - }, - "fulcio_v1.crt.pem": { - "length": 740, - "hashes": { - "sha256": "f989aa23def87c549404eadba767768d2a3c8d6d30a8b793f9f518a8eafd2cf5", - "sha512": "f2e33a6dc208cee1f51d33bbea675ab0f0ced269617497985f9a0680689ee7073e4b6f8fef64c91bda590d30c129b3070dddce824c05bc165ac9802f0705cab6" - }, - "custom": { - "sigstore": { - "status": "Active", - "uri": "https://fulcio.sigstore.dev", - "usage": "Fulcio" - } - } - }, - "rekor.pub": { - "length": 178, - "hashes": { - "sha256": "dce5ef715502ec9f3cdfd11f8cc384b31a6141023d3e7595e9908a81cb6241bd", - "sha512": "0ae7705e02db33e814329746a4a0e5603c5bdcd91c96d072158d71011a2695788866565a2fec0fe363eb72cbcaeda39e54c5fe8d416daf9f3101fdba4217ef35" - }, - "custom": { - "sigstore": { - "status": "Active", - "uri": "https://rekor.sigstore.dev", - "usage": "Rekor" - } - } - } - } - }, - "signatures": [ - { - "keyid": "7f7513b25429a64473e10ce3ad2f3da372bbdd14b65d07bbaf547e7c8bbbe62b", - "sig": "3045022100bf03c32b59f65285b91118172503c9f7e5f65fea0d4647f31adfb6cf18ed09db022069778e655e4198a3346ea9239dacb111571c7e7ed4c96d166ddce06306486a9c" - }, - { - "keyid": "2e61cd0cbf4a8f45809bda9f7f78c0d33ad11842ff94ae340873e2664dc843de", - "sig": "30440220562f52b2243e66d8dff72dbf67a29faf82ad60ecbe0638acd4ab00338244f0b102206051db1fbe5a7815b4076096d5f8002c0dc1ecce8d9ef9d696cdacff50c7463a" - }, - { - "keyid": "ff51e17fcf253119b7033f6f57512631da4a0969442afcf9fc8b141c7f2be99c", - "sig": "3045022100df19bbbabed7672c8e797152d6b97aa1f14fdcd6e10ce0e41703d5e7ad37c2e502200583577549f561079273460afe2b827b16d5e76a63616390bf956ee5f24d60eb" - }, - { - "keyid": "25a0eb450fd3ee2bd79218c963dce3f1cc6118badf251bf149f0bd07d5cabe99", - "sig": "304502207d79f0ee8965f82c24fc5b96d6fbfa760b1f7192fd829a64a32ec03c579220310221008498a536dcc7aefd267875267f08cb27f8ae455dc6d8c53fe628e2fda2772dd4" - } - ] -} \ No newline at end of file diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/53.snapshot.json b/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/53.snapshot.json deleted file mode 100644 index 4b53ecc4..00000000 --- a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/53.snapshot.json +++ /dev/null @@ -1,56 +0,0 @@ -{ - "signed": { - "_type": "snapshot", - "spec_version": "1.0", - "version": 53, - "expires": "2022-11-10T21:10:22Z", - "meta": { - "rekor.json": { - "length": 797, - "hashes": { - "sha256": "9d2e1a5842937d8e0d3e3759170b0ad15c56c5df36afc5cf73583ddd283a463b", - "sha512": "176e9e710ddddd1b357a7d7970831bae59763395a0c18976110cbd35b25e5412dc50f356ec421a7a30265670cf7aec9ed84ee944ba700ec2394b9c876645b960" - }, - "version": 3 - }, - "revocation.json": { - "length": 800, - "hashes": { - "sha256": "6f60848ba8fb0955a02abfd1232fb3845dc9ee9f418bf03521a7ddb48217e040", - "sha512": "a965dddd0d0edef6c59e84cf02ecf5a53299f633fd339b2b61814a4219ab4df672a6390f265b8b29e1c8cea9368ea3440df013790759d50231a30df1c1f02551" - }, - "version": 2 - }, - "root.json": { - "length": 5297, - "hashes": { - "sha256": "f5ad897c9414cca99629f400ac3585e41bd8ebb44c5af07fb08dd636a9eced9c", - "sha512": "7445ddfdd338ef786c324fc3d68f75be28cb95b7fb581d2a383e3e5dde18aa17029a5636ec0a22e9631931bbcb34057788311718ea41e21e7cdd3c0de13ede42" - }, - "version": 2 - }, - "staging.json": { - "length": 401, - "hashes": { - "sha256": "cda57759abac5375397eea3531d7ca51e3a67da9a2dc93f2cdab749e2ae73149", - "sha512": "e9e59587bde453144c7079884a880c706f1d43f26e8bb23fac2b96a99569a2a30ae6cf51ec51c2454f760ce83d4c20915e062aede7f319b3da6a6ed1d26ca281" - }, - "version": 2 - }, - "targets.json": { - "length": 4188, - "hashes": { - "sha256": "5dbc142fcda89c914175b4e8570a2745d41f8ff799625b8890e6e56e009038ca", - "sha512": "e9397f3c1b84c7c7e52f91e4e62409c66af42bde74f93e12005054ee5fc00a1811685306276bea115dc1e4679cd8e6d9aeb49115e9493872b0c1c9308f93714a" - }, - "version": 5 - } - } - }, - "signatures": [ - { - "keyid": "45b283825eb184cabd582eb17b74fc8ed404f68cf452acabdad2ed6f90ce216b", - "sig": "30440220767eb9e8911edc8e2d4822d7f13d3adc03f32ab6388c3531935777fa33f7089e02202732bb45bc09801a9a547d834d1706f5fc89ccc8506d119a4303ab6af264a7f4" - } - ] -} \ No newline at end of file diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/54.snapshot.json b/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/54.snapshot.json deleted file mode 100644 index 3fd67fa5..00000000 --- a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/54.snapshot.json +++ /dev/null @@ -1,56 +0,0 @@ -{ - "signed": { - "_type": "snapshot", - "spec_version": "1.0", - "version": 54, - "expires": "2022-11-21T15:59:09Z", - "meta": { - "rekor.json": { - "length": 797, - "hashes": { - "sha256": "9d2e1a5842937d8e0d3e3759170b0ad15c56c5df36afc5cf73583ddd283a463b", - "sha512": "176e9e710ddddd1b357a7d7970831bae59763395a0c18976110cbd35b25e5412dc50f356ec421a7a30265670cf7aec9ed84ee944ba700ec2394b9c876645b960" - }, - "version": 3 - }, - "revocation.json": { - "length": 800, - "hashes": { - "sha256": "6f60848ba8fb0955a02abfd1232fb3845dc9ee9f418bf03521a7ddb48217e040", - "sha512": "a965dddd0d0edef6c59e84cf02ecf5a53299f633fd339b2b61814a4219ab4df672a6390f265b8b29e1c8cea9368ea3440df013790759d50231a30df1c1f02551" - }, - "version": 2 - }, - "root.json": { - "length": 5297, - "hashes": { - "sha256": "f5ad897c9414cca99629f400ac3585e41bd8ebb44c5af07fb08dd636a9eced9c", - "sha512": "7445ddfdd338ef786c324fc3d68f75be28cb95b7fb581d2a383e3e5dde18aa17029a5636ec0a22e9631931bbcb34057788311718ea41e21e7cdd3c0de13ede42" - }, - "version": 2 - }, - "staging.json": { - "length": 401, - "hashes": { - "sha256": "cda57759abac5375397eea3531d7ca51e3a67da9a2dc93f2cdab749e2ae73149", - "sha512": "e9e59587bde453144c7079884a880c706f1d43f26e8bb23fac2b96a99569a2a30ae6cf51ec51c2454f760ce83d4c20915e062aede7f319b3da6a6ed1d26ca281" - }, - "version": 2 - }, - "targets.json": { - "length": 4188, - "hashes": { - "sha256": "5dbc142fcda89c914175b4e8570a2745d41f8ff799625b8890e6e56e009038ca", - "sha512": "e9397f3c1b84c7c7e52f91e4e62409c66af42bde74f93e12005054ee5fc00a1811685306276bea115dc1e4679cd8e6d9aeb49115e9493872b0c1c9308f93714a" - }, - "version": 5 - } - } - }, - "signatures": [ - { - "keyid": "45b283825eb184cabd582eb17b74fc8ed404f68cf452acabdad2ed6f90ce216b", - "sig": "3046022100975026a9594db91b921d6f1190306f38f06f55ca3393194eec896b64acfe7761022100fe9f9133ba25915262beba54074cd45a70d0e4b6da699e59d479af04aa34eddf" - } - ] -} \ No newline at end of file diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/55.snapshot.json b/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/55.snapshot.json deleted file mode 100644 index e4efef80..00000000 --- a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/55.snapshot.json +++ /dev/null @@ -1,56 +0,0 @@ -{ - "signed": { - "_type": "snapshot", - "spec_version": "1.0", - "version": 55, - "expires": "2022-11-29T17:02:57Z", - "meta": { - "rekor.json": { - "length": 797, - "hashes": { - "sha256": "9d2e1a5842937d8e0d3e3759170b0ad15c56c5df36afc5cf73583ddd283a463b", - "sha512": "176e9e710ddddd1b357a7d7970831bae59763395a0c18976110cbd35b25e5412dc50f356ec421a7a30265670cf7aec9ed84ee944ba700ec2394b9c876645b960" - }, - "version": 3 - }, - "revocation.json": { - "length": 800, - "hashes": { - "sha256": "6f60848ba8fb0955a02abfd1232fb3845dc9ee9f418bf03521a7ddb48217e040", - "sha512": "a965dddd0d0edef6c59e84cf02ecf5a53299f633fd339b2b61814a4219ab4df672a6390f265b8b29e1c8cea9368ea3440df013790759d50231a30df1c1f02551" - }, - "version": 2 - }, - "root.json": { - "length": 5297, - "hashes": { - "sha256": "f5ad897c9414cca99629f400ac3585e41bd8ebb44c5af07fb08dd636a9eced9c", - "sha512": "7445ddfdd338ef786c324fc3d68f75be28cb95b7fb581d2a383e3e5dde18aa17029a5636ec0a22e9631931bbcb34057788311718ea41e21e7cdd3c0de13ede42" - }, - "version": 2 - }, - "staging.json": { - "length": 401, - "hashes": { - "sha256": "cda57759abac5375397eea3531d7ca51e3a67da9a2dc93f2cdab749e2ae73149", - "sha512": "e9e59587bde453144c7079884a880c706f1d43f26e8bb23fac2b96a99569a2a30ae6cf51ec51c2454f760ce83d4c20915e062aede7f319b3da6a6ed1d26ca281" - }, - "version": 2 - }, - "targets.json": { - "length": 4188, - "hashes": { - "sha256": "5dbc142fcda89c914175b4e8570a2745d41f8ff799625b8890e6e56e009038ca", - "sha512": "e9397f3c1b84c7c7e52f91e4e62409c66af42bde74f93e12005054ee5fc00a1811685306276bea115dc1e4679cd8e6d9aeb49115e9493872b0c1c9308f93714a" - }, - "version": 5 - } - } - }, - "signatures": [ - { - "keyid": "45b283825eb184cabd582eb17b74fc8ed404f68cf452acabdad2ed6f90ce216b", - "sig": "30450220148c56d2ccd33c80b529d02a2c11aa9effc793034829b1fe028b03482aeacf0d022100b3f729dd106451df9b8d6c3bc32bd4729fc5cd00c69af0ae37c38a027c13a703" - } - ] -} \ No newline at end of file diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/56.snapshot.json b/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/56.snapshot.json deleted file mode 100644 index 92d0bc95..00000000 --- a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/56.snapshot.json +++ /dev/null @@ -1,56 +0,0 @@ -{ - "signed": { - "_type": "snapshot", - "spec_version": "1.0", - "version": 56, - "expires": "2022-12-07T23:40:52Z", - "meta": { - "rekor.json": { - "length": 797, - "hashes": { - "sha256": "9d2e1a5842937d8e0d3e3759170b0ad15c56c5df36afc5cf73583ddd283a463b", - "sha512": "176e9e710ddddd1b357a7d7970831bae59763395a0c18976110cbd35b25e5412dc50f356ec421a7a30265670cf7aec9ed84ee944ba700ec2394b9c876645b960" - }, - "version": 3 - }, - "revocation.json": { - "length": 800, - "hashes": { - "sha256": "6f60848ba8fb0955a02abfd1232fb3845dc9ee9f418bf03521a7ddb48217e040", - "sha512": "a965dddd0d0edef6c59e84cf02ecf5a53299f633fd339b2b61814a4219ab4df672a6390f265b8b29e1c8cea9368ea3440df013790759d50231a30df1c1f02551" - }, - "version": 2 - }, - "root.json": { - "length": 5297, - "hashes": { - "sha256": "f5ad897c9414cca99629f400ac3585e41bd8ebb44c5af07fb08dd636a9eced9c", - "sha512": "7445ddfdd338ef786c324fc3d68f75be28cb95b7fb581d2a383e3e5dde18aa17029a5636ec0a22e9631931bbcb34057788311718ea41e21e7cdd3c0de13ede42" - }, - "version": 2 - }, - "staging.json": { - "length": 401, - "hashes": { - "sha256": "cda57759abac5375397eea3531d7ca51e3a67da9a2dc93f2cdab749e2ae73149", - "sha512": "e9e59587bde453144c7079884a880c706f1d43f26e8bb23fac2b96a99569a2a30ae6cf51ec51c2454f760ce83d4c20915e062aede7f319b3da6a6ed1d26ca281" - }, - "version": 2 - }, - "targets.json": { - "length": 4188, - "hashes": { - "sha256": "5dbc142fcda89c914175b4e8570a2745d41f8ff799625b8890e6e56e009038ca", - "sha512": "e9397f3c1b84c7c7e52f91e4e62409c66af42bde74f93e12005054ee5fc00a1811685306276bea115dc1e4679cd8e6d9aeb49115e9493872b0c1c9308f93714a" - }, - "version": 5 - } - } - }, - "signatures": [ - { - "keyid": "45b283825eb184cabd582eb17b74fc8ed404f68cf452acabdad2ed6f90ce216b", - "sig": "304402200712a5ebf1b62689573594dac0c145051bc75e5e2e1b3e19eae2df0034ed6a2c022044d3eda32870f54333604a2d6298c271645a6eec91f1964dd583e7bc5231d3b0" - } - ] -} \ No newline at end of file diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/57.snapshot.json b/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/57.snapshot.json deleted file mode 100644 index b14c4326..00000000 --- a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/57.snapshot.json +++ /dev/null @@ -1,56 +0,0 @@ -{ - "signed": { - "_type": "snapshot", - "spec_version": "1.0", - "version": 57, - "expires": "2022-12-19T14:36:29Z", - "meta": { - "rekor.json": { - "length": 797, - "hashes": { - "sha256": "9d2e1a5842937d8e0d3e3759170b0ad15c56c5df36afc5cf73583ddd283a463b", - "sha512": "176e9e710ddddd1b357a7d7970831bae59763395a0c18976110cbd35b25e5412dc50f356ec421a7a30265670cf7aec9ed84ee944ba700ec2394b9c876645b960" - }, - "version": 3 - }, - "revocation.json": { - "length": 800, - "hashes": { - "sha256": "6f60848ba8fb0955a02abfd1232fb3845dc9ee9f418bf03521a7ddb48217e040", - "sha512": "a965dddd0d0edef6c59e84cf02ecf5a53299f633fd339b2b61814a4219ab4df672a6390f265b8b29e1c8cea9368ea3440df013790759d50231a30df1c1f02551" - }, - "version": 2 - }, - "root.json": { - "length": 5297, - "hashes": { - "sha256": "f5ad897c9414cca99629f400ac3585e41bd8ebb44c5af07fb08dd636a9eced9c", - "sha512": "7445ddfdd338ef786c324fc3d68f75be28cb95b7fb581d2a383e3e5dde18aa17029a5636ec0a22e9631931bbcb34057788311718ea41e21e7cdd3c0de13ede42" - }, - "version": 2 - }, - "staging.json": { - "length": 401, - "hashes": { - "sha256": "cda57759abac5375397eea3531d7ca51e3a67da9a2dc93f2cdab749e2ae73149", - "sha512": "e9e59587bde453144c7079884a880c706f1d43f26e8bb23fac2b96a99569a2a30ae6cf51ec51c2454f760ce83d4c20915e062aede7f319b3da6a6ed1d26ca281" - }, - "version": 2 - }, - "targets.json": { - "length": 4188, - "hashes": { - "sha256": "5dbc142fcda89c914175b4e8570a2745d41f8ff799625b8890e6e56e009038ca", - "sha512": "e9397f3c1b84c7c7e52f91e4e62409c66af42bde74f93e12005054ee5fc00a1811685306276bea115dc1e4679cd8e6d9aeb49115e9493872b0c1c9308f93714a" - }, - "version": 5 - } - } - }, - "signatures": [ - { - "keyid": "45b283825eb184cabd582eb17b74fc8ed404f68cf452acabdad2ed6f90ce216b", - "sig": "3045022100be618734bbebbc4d42fc94c067efd46aeaea417514cb294186812a6bd6f568560220191080395e4c99c4169f41981086df959f2f2ae46b52c009a4633b4e45d1d2a8" - } - ] -} \ No newline at end of file diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/58.snapshot.json b/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/58.snapshot.json deleted file mode 100644 index d7b4fe9b..00000000 --- a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/58.snapshot.json +++ /dev/null @@ -1,56 +0,0 @@ -{ - "signed": { - "_type": "snapshot", - "spec_version": "1.0", - "version": 58, - "expires": "2022-12-22T00:10:10Z", - "meta": { - "rekor.json": { - "length": 797, - "hashes": { - "sha256": "9d2e1a5842937d8e0d3e3759170b0ad15c56c5df36afc5cf73583ddd283a463b", - "sha512": "176e9e710ddddd1b357a7d7970831bae59763395a0c18976110cbd35b25e5412dc50f356ec421a7a30265670cf7aec9ed84ee944ba700ec2394b9c876645b960" - }, - "version": 3 - }, - "revocation.json": { - "length": 800, - "hashes": { - "sha256": "6f60848ba8fb0955a02abfd1232fb3845dc9ee9f418bf03521a7ddb48217e040", - "sha512": "a965dddd0d0edef6c59e84cf02ecf5a53299f633fd339b2b61814a4219ab4df672a6390f265b8b29e1c8cea9368ea3440df013790759d50231a30df1c1f02551" - }, - "version": 2 - }, - "root.json": { - "length": 5297, - "hashes": { - "sha256": "f5ad897c9414cca99629f400ac3585e41bd8ebb44c5af07fb08dd636a9eced9c", - "sha512": "7445ddfdd338ef786c324fc3d68f75be28cb95b7fb581d2a383e3e5dde18aa17029a5636ec0a22e9631931bbcb34057788311718ea41e21e7cdd3c0de13ede42" - }, - "version": 2 - }, - "staging.json": { - "length": 401, - "hashes": { - "sha256": "cda57759abac5375397eea3531d7ca51e3a67da9a2dc93f2cdab749e2ae73149", - "sha512": "e9e59587bde453144c7079884a880c706f1d43f26e8bb23fac2b96a99569a2a30ae6cf51ec51c2454f760ce83d4c20915e062aede7f319b3da6a6ed1d26ca281" - }, - "version": 2 - }, - "targets.json": { - "length": 4188, - "hashes": { - "sha256": "5dbc142fcda89c914175b4e8570a2745d41f8ff799625b8890e6e56e009038ca", - "sha512": "e9397f3c1b84c7c7e52f91e4e62409c66af42bde74f93e12005054ee5fc00a1811685306276bea115dc1e4679cd8e6d9aeb49115e9493872b0c1c9308f93714a" - }, - "version": 5 - } - } - }, - "signatures": [ - { - "keyid": "45b283825eb184cabd582eb17b74fc8ed404f68cf452acabdad2ed6f90ce216b", - "sig": "3045022100f54aca630ec8f6ae230e000a852a62ea6a11b1147fd2e592c11f06265ea5af22022055ef211955f24b3086a7eaf7025398bb6f2a8026b436b0c60c6e7bda3285e4ed" - } - ] -} \ No newline at end of file diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/59.snapshot.json b/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/59.snapshot.json deleted file mode 100644 index a2b78783..00000000 --- a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/59.snapshot.json +++ /dev/null @@ -1,56 +0,0 @@ -{ - "signed": { - "_type": "snapshot", - "spec_version": "1.0", - "version": 59, - "expires": "2022-12-29T00:08:14Z", - "meta": { - "rekor.json": { - "length": 797, - "hashes": { - "sha256": "9d2e1a5842937d8e0d3e3759170b0ad15c56c5df36afc5cf73583ddd283a463b", - "sha512": "176e9e710ddddd1b357a7d7970831bae59763395a0c18976110cbd35b25e5412dc50f356ec421a7a30265670cf7aec9ed84ee944ba700ec2394b9c876645b960" - }, - "version": 3 - }, - "revocation.json": { - "length": 800, - "hashes": { - "sha256": "6f60848ba8fb0955a02abfd1232fb3845dc9ee9f418bf03521a7ddb48217e040", - "sha512": "a965dddd0d0edef6c59e84cf02ecf5a53299f633fd339b2b61814a4219ab4df672a6390f265b8b29e1c8cea9368ea3440df013790759d50231a30df1c1f02551" - }, - "version": 2 - }, - "root.json": { - "length": 5297, - "hashes": { - "sha256": "f5ad897c9414cca99629f400ac3585e41bd8ebb44c5af07fb08dd636a9eced9c", - "sha512": "7445ddfdd338ef786c324fc3d68f75be28cb95b7fb581d2a383e3e5dde18aa17029a5636ec0a22e9631931bbcb34057788311718ea41e21e7cdd3c0de13ede42" - }, - "version": 2 - }, - "staging.json": { - "length": 401, - "hashes": { - "sha256": "cda57759abac5375397eea3531d7ca51e3a67da9a2dc93f2cdab749e2ae73149", - "sha512": "e9e59587bde453144c7079884a880c706f1d43f26e8bb23fac2b96a99569a2a30ae6cf51ec51c2454f760ce83d4c20915e062aede7f319b3da6a6ed1d26ca281" - }, - "version": 2 - }, - "targets.json": { - "length": 4188, - "hashes": { - "sha256": "5dbc142fcda89c914175b4e8570a2745d41f8ff799625b8890e6e56e009038ca", - "sha512": "e9397f3c1b84c7c7e52f91e4e62409c66af42bde74f93e12005054ee5fc00a1811685306276bea115dc1e4679cd8e6d9aeb49115e9493872b0c1c9308f93714a" - }, - "version": 5 - } - } - }, - "signatures": [ - { - "keyid": "45b283825eb184cabd582eb17b74fc8ed404f68cf452acabdad2ed6f90ce216b", - "sig": "3045022038dc30edbab3494a9a1325cbb162d0c6ed83f31439dc8d9d0a0d9621a11cfdc602210083f5a12fa4f63d669c098fe6de1f6a2c46e7bed2dfb6b757d58667a001ec277c" - } - ] -} \ No newline at end of file diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/60.snapshot.json b/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/60.snapshot.json deleted file mode 100644 index 7a81803a..00000000 --- a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/60.snapshot.json +++ /dev/null @@ -1,56 +0,0 @@ -{ - "signed": { - "_type": "snapshot", - "spec_version": "1.0", - "version": 60, - "expires": "2023-01-05T00:08:27Z", - "meta": { - "rekor.json": { - "length": 797, - "hashes": { - "sha256": "9d2e1a5842937d8e0d3e3759170b0ad15c56c5df36afc5cf73583ddd283a463b", - "sha512": "176e9e710ddddd1b357a7d7970831bae59763395a0c18976110cbd35b25e5412dc50f356ec421a7a30265670cf7aec9ed84ee944ba700ec2394b9c876645b960" - }, - "version": 3 - }, - "revocation.json": { - "length": 800, - "hashes": { - "sha256": "6f60848ba8fb0955a02abfd1232fb3845dc9ee9f418bf03521a7ddb48217e040", - "sha512": "a965dddd0d0edef6c59e84cf02ecf5a53299f633fd339b2b61814a4219ab4df672a6390f265b8b29e1c8cea9368ea3440df013790759d50231a30df1c1f02551" - }, - "version": 2 - }, - "root.json": { - "length": 5297, - "hashes": { - "sha256": "f5ad897c9414cca99629f400ac3585e41bd8ebb44c5af07fb08dd636a9eced9c", - "sha512": "7445ddfdd338ef786c324fc3d68f75be28cb95b7fb581d2a383e3e5dde18aa17029a5636ec0a22e9631931bbcb34057788311718ea41e21e7cdd3c0de13ede42" - }, - "version": 2 - }, - "staging.json": { - "length": 401, - "hashes": { - "sha256": "cda57759abac5375397eea3531d7ca51e3a67da9a2dc93f2cdab749e2ae73149", - "sha512": "e9e59587bde453144c7079884a880c706f1d43f26e8bb23fac2b96a99569a2a30ae6cf51ec51c2454f760ce83d4c20915e062aede7f319b3da6a6ed1d26ca281" - }, - "version": 2 - }, - "targets.json": { - "length": 4188, - "hashes": { - "sha256": "5dbc142fcda89c914175b4e8570a2745d41f8ff799625b8890e6e56e009038ca", - "sha512": "e9397f3c1b84c7c7e52f91e4e62409c66af42bde74f93e12005054ee5fc00a1811685306276bea115dc1e4679cd8e6d9aeb49115e9493872b0c1c9308f93714a" - }, - "version": 5 - } - } - }, - "signatures": [ - { - "keyid": "45b283825eb184cabd582eb17b74fc8ed404f68cf452acabdad2ed6f90ce216b", - "sig": "3045022064943e143665125a93e0646bd24516f7d8b950caf644a13a129d415d5a557f8d022100d6409dbaafb5d8698974dfe987dc84d6c49a364b1bd20641bfeebb002285e18d" - } - ] -} \ No newline at end of file diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/61.snapshot.json b/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/61.snapshot.json deleted file mode 100644 index 1589f1c9..00000000 --- a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/61.snapshot.json +++ /dev/null @@ -1,56 +0,0 @@ -{ - "signed": { - "_type": "snapshot", - "spec_version": "1.0", - "version": 61, - "expires": "2023-01-12T00:07:59Z", - "meta": { - "rekor.json": { - "length": 797, - "hashes": { - "sha256": "9d2e1a5842937d8e0d3e3759170b0ad15c56c5df36afc5cf73583ddd283a463b", - "sha512": "176e9e710ddddd1b357a7d7970831bae59763395a0c18976110cbd35b25e5412dc50f356ec421a7a30265670cf7aec9ed84ee944ba700ec2394b9c876645b960" - }, - "version": 3 - }, - "revocation.json": { - "length": 800, - "hashes": { - "sha256": "6f60848ba8fb0955a02abfd1232fb3845dc9ee9f418bf03521a7ddb48217e040", - "sha512": "a965dddd0d0edef6c59e84cf02ecf5a53299f633fd339b2b61814a4219ab4df672a6390f265b8b29e1c8cea9368ea3440df013790759d50231a30df1c1f02551" - }, - "version": 2 - }, - "root.json": { - "length": 5297, - "hashes": { - "sha256": "f5ad897c9414cca99629f400ac3585e41bd8ebb44c5af07fb08dd636a9eced9c", - "sha512": "7445ddfdd338ef786c324fc3d68f75be28cb95b7fb581d2a383e3e5dde18aa17029a5636ec0a22e9631931bbcb34057788311718ea41e21e7cdd3c0de13ede42" - }, - "version": 2 - }, - "staging.json": { - "length": 401, - "hashes": { - "sha256": "cda57759abac5375397eea3531d7ca51e3a67da9a2dc93f2cdab749e2ae73149", - "sha512": "e9e59587bde453144c7079884a880c706f1d43f26e8bb23fac2b96a99569a2a30ae6cf51ec51c2454f760ce83d4c20915e062aede7f319b3da6a6ed1d26ca281" - }, - "version": 2 - }, - "targets.json": { - "length": 4188, - "hashes": { - "sha256": "5dbc142fcda89c914175b4e8570a2745d41f8ff799625b8890e6e56e009038ca", - "sha512": "e9397f3c1b84c7c7e52f91e4e62409c66af42bde74f93e12005054ee5fc00a1811685306276bea115dc1e4679cd8e6d9aeb49115e9493872b0c1c9308f93714a" - }, - "version": 5 - } - } - }, - "signatures": [ - { - "keyid": "45b283825eb184cabd582eb17b74fc8ed404f68cf452acabdad2ed6f90ce216b", - "sig": "30440220437f105a861bf1c828c9fd016557688e095e630b61e3f1707961300e63f0894c022012f7f4f292e2f01ca32351571c0cf3e2ef20e7f3ea69b00dba539d45d6f1ea0b" - } - ] -} \ No newline at end of file diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/62.snapshot.json b/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/62.snapshot.json deleted file mode 100644 index 059b5a95..00000000 --- a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/62.snapshot.json +++ /dev/null @@ -1,56 +0,0 @@ -{ - "signed": { - "_type": "snapshot", - "spec_version": "1.0", - "version": 62, - "expires": "2023-01-19T01:12:57Z", - "meta": { - "rekor.json": { - "length": 797, - "hashes": { - "sha256": "9d2e1a5842937d8e0d3e3759170b0ad15c56c5df36afc5cf73583ddd283a463b", - "sha512": "176e9e710ddddd1b357a7d7970831bae59763395a0c18976110cbd35b25e5412dc50f356ec421a7a30265670cf7aec9ed84ee944ba700ec2394b9c876645b960" - }, - "version": 3 - }, - "revocation.json": { - "length": 800, - "hashes": { - "sha256": "6f60848ba8fb0955a02abfd1232fb3845dc9ee9f418bf03521a7ddb48217e040", - "sha512": "a965dddd0d0edef6c59e84cf02ecf5a53299f633fd339b2b61814a4219ab4df672a6390f265b8b29e1c8cea9368ea3440df013790759d50231a30df1c1f02551" - }, - "version": 2 - }, - "root.json": { - "length": 5297, - "hashes": { - "sha256": "f5ad897c9414cca99629f400ac3585e41bd8ebb44c5af07fb08dd636a9eced9c", - "sha512": "7445ddfdd338ef786c324fc3d68f75be28cb95b7fb581d2a383e3e5dde18aa17029a5636ec0a22e9631931bbcb34057788311718ea41e21e7cdd3c0de13ede42" - }, - "version": 2 - }, - "staging.json": { - "length": 401, - "hashes": { - "sha256": "cda57759abac5375397eea3531d7ca51e3a67da9a2dc93f2cdab749e2ae73149", - "sha512": "e9e59587bde453144c7079884a880c706f1d43f26e8bb23fac2b96a99569a2a30ae6cf51ec51c2454f760ce83d4c20915e062aede7f319b3da6a6ed1d26ca281" - }, - "version": 2 - }, - "targets.json": { - "length": 4188, - "hashes": { - "sha256": "5dbc142fcda89c914175b4e8570a2745d41f8ff799625b8890e6e56e009038ca", - "sha512": "e9397f3c1b84c7c7e52f91e4e62409c66af42bde74f93e12005054ee5fc00a1811685306276bea115dc1e4679cd8e6d9aeb49115e9493872b0c1c9308f93714a" - }, - "version": 5 - } - } - }, - "signatures": [ - { - "keyid": "45b283825eb184cabd582eb17b74fc8ed404f68cf452acabdad2ed6f90ce216b", - "sig": "3046022100ec02beec8d301be4f160045deac81122a6c3a84fd7df825293118db93ebb80c6022100cbfe25f7034c834d0d06a734e7c33810a8797fa9b0f3448674bf6289b88d7250" - } - ] -} \ No newline at end of file diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/63.snapshot.json b/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/63.snapshot.json deleted file mode 100644 index 06a5a1c2..00000000 --- a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/63.snapshot.json +++ /dev/null @@ -1,56 +0,0 @@ -{ - "signed": { - "_type": "snapshot", - "spec_version": "1.0", - "version": 63, - "expires": "2023-01-22T00:08:42Z", - "meta": { - "rekor.json": { - "length": 797, - "hashes": { - "sha256": "9d2e1a5842937d8e0d3e3759170b0ad15c56c5df36afc5cf73583ddd283a463b", - "sha512": "176e9e710ddddd1b357a7d7970831bae59763395a0c18976110cbd35b25e5412dc50f356ec421a7a30265670cf7aec9ed84ee944ba700ec2394b9c876645b960" - }, - "version": 3 - }, - "revocation.json": { - "length": 800, - "hashes": { - "sha256": "6f60848ba8fb0955a02abfd1232fb3845dc9ee9f418bf03521a7ddb48217e040", - "sha512": "a965dddd0d0edef6c59e84cf02ecf5a53299f633fd339b2b61814a4219ab4df672a6390f265b8b29e1c8cea9368ea3440df013790759d50231a30df1c1f02551" - }, - "version": 2 - }, - "root.json": { - "length": 5297, - "hashes": { - "sha256": "f5ad897c9414cca99629f400ac3585e41bd8ebb44c5af07fb08dd636a9eced9c", - "sha512": "7445ddfdd338ef786c324fc3d68f75be28cb95b7fb581d2a383e3e5dde18aa17029a5636ec0a22e9631931bbcb34057788311718ea41e21e7cdd3c0de13ede42" - }, - "version": 2 - }, - "staging.json": { - "length": 401, - "hashes": { - "sha256": "cda57759abac5375397eea3531d7ca51e3a67da9a2dc93f2cdab749e2ae73149", - "sha512": "e9e59587bde453144c7079884a880c706f1d43f26e8bb23fac2b96a99569a2a30ae6cf51ec51c2454f760ce83d4c20915e062aede7f319b3da6a6ed1d26ca281" - }, - "version": 2 - }, - "targets.json": { - "length": 4188, - "hashes": { - "sha256": "5dbc142fcda89c914175b4e8570a2745d41f8ff799625b8890e6e56e009038ca", - "sha512": "e9397f3c1b84c7c7e52f91e4e62409c66af42bde74f93e12005054ee5fc00a1811685306276bea115dc1e4679cd8e6d9aeb49115e9493872b0c1c9308f93714a" - }, - "version": 5 - } - } - }, - "signatures": [ - { - "keyid": "45b283825eb184cabd582eb17b74fc8ed404f68cf452acabdad2ed6f90ce216b", - "sig": "3045022100c829b6534ee82724a771ab77791d794ea210cf33549ccdab103795adc0875bdf0220577bbd2b892481d5da8fa0fd32238ad07b25995c31e1222108b021c400ff4813" - } - ] -} \ No newline at end of file diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/64.snapshot.json b/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/64.snapshot.json deleted file mode 100644 index 39726ce2..00000000 --- a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/64.snapshot.json +++ /dev/null @@ -1,56 +0,0 @@ -{ - "signed": { - "_type": "snapshot", - "spec_version": "1.0", - "version": 64, - "expires": "2023-01-29T00:08:48Z", - "meta": { - "rekor.json": { - "length": 797, - "hashes": { - "sha256": "9d2e1a5842937d8e0d3e3759170b0ad15c56c5df36afc5cf73583ddd283a463b", - "sha512": "176e9e710ddddd1b357a7d7970831bae59763395a0c18976110cbd35b25e5412dc50f356ec421a7a30265670cf7aec9ed84ee944ba700ec2394b9c876645b960" - }, - "version": 3 - }, - "revocation.json": { - "length": 800, - "hashes": { - "sha256": "6f60848ba8fb0955a02abfd1232fb3845dc9ee9f418bf03521a7ddb48217e040", - "sha512": "a965dddd0d0edef6c59e84cf02ecf5a53299f633fd339b2b61814a4219ab4df672a6390f265b8b29e1c8cea9368ea3440df013790759d50231a30df1c1f02551" - }, - "version": 2 - }, - "root.json": { - "length": 5297, - "hashes": { - "sha256": "f5ad897c9414cca99629f400ac3585e41bd8ebb44c5af07fb08dd636a9eced9c", - "sha512": "7445ddfdd338ef786c324fc3d68f75be28cb95b7fb581d2a383e3e5dde18aa17029a5636ec0a22e9631931bbcb34057788311718ea41e21e7cdd3c0de13ede42" - }, - "version": 2 - }, - "staging.json": { - "length": 401, - "hashes": { - "sha256": "cda57759abac5375397eea3531d7ca51e3a67da9a2dc93f2cdab749e2ae73149", - "sha512": "e9e59587bde453144c7079884a880c706f1d43f26e8bb23fac2b96a99569a2a30ae6cf51ec51c2454f760ce83d4c20915e062aede7f319b3da6a6ed1d26ca281" - }, - "version": 2 - }, - "targets.json": { - "length": 4188, - "hashes": { - "sha256": "5dbc142fcda89c914175b4e8570a2745d41f8ff799625b8890e6e56e009038ca", - "sha512": "e9397f3c1b84c7c7e52f91e4e62409c66af42bde74f93e12005054ee5fc00a1811685306276bea115dc1e4679cd8e6d9aeb49115e9493872b0c1c9308f93714a" - }, - "version": 5 - } - } - }, - "signatures": [ - { - "keyid": "45b283825eb184cabd582eb17b74fc8ed404f68cf452acabdad2ed6f90ce216b", - "sig": "30450221008cd2c0e3aa7cf586237d0ad60651db27e0fd7369f6939a6b11ebe5006283f44a02200be12170e98f1e0e7b4796c514bf7fda2a174aaeb32dae8c6e44a87d2bc3d5aa" - } - ] -} \ No newline at end of file diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/65.snapshot.json b/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/65.snapshot.json deleted file mode 100644 index 099fef63..00000000 --- a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/65.snapshot.json +++ /dev/null @@ -1,56 +0,0 @@ -{ - "signed": { - "_type": "snapshot", - "spec_version": "1.0", - "version": 65, - "expires": "2023-02-05T00:08:38Z", - "meta": { - "rekor.json": { - "length": 797, - "hashes": { - "sha256": "9d2e1a5842937d8e0d3e3759170b0ad15c56c5df36afc5cf73583ddd283a463b", - "sha512": "176e9e710ddddd1b357a7d7970831bae59763395a0c18976110cbd35b25e5412dc50f356ec421a7a30265670cf7aec9ed84ee944ba700ec2394b9c876645b960" - }, - "version": 3 - }, - "revocation.json": { - "length": 800, - "hashes": { - "sha256": "6f60848ba8fb0955a02abfd1232fb3845dc9ee9f418bf03521a7ddb48217e040", - "sha512": "a965dddd0d0edef6c59e84cf02ecf5a53299f633fd339b2b61814a4219ab4df672a6390f265b8b29e1c8cea9368ea3440df013790759d50231a30df1c1f02551" - }, - "version": 2 - }, - "root.json": { - "length": 5297, - "hashes": { - "sha256": "f5ad897c9414cca99629f400ac3585e41bd8ebb44c5af07fb08dd636a9eced9c", - "sha512": "7445ddfdd338ef786c324fc3d68f75be28cb95b7fb581d2a383e3e5dde18aa17029a5636ec0a22e9631931bbcb34057788311718ea41e21e7cdd3c0de13ede42" - }, - "version": 2 - }, - "staging.json": { - "length": 401, - "hashes": { - "sha256": "cda57759abac5375397eea3531d7ca51e3a67da9a2dc93f2cdab749e2ae73149", - "sha512": "e9e59587bde453144c7079884a880c706f1d43f26e8bb23fac2b96a99569a2a30ae6cf51ec51c2454f760ce83d4c20915e062aede7f319b3da6a6ed1d26ca281" - }, - "version": 2 - }, - "targets.json": { - "length": 4188, - "hashes": { - "sha256": "5dbc142fcda89c914175b4e8570a2745d41f8ff799625b8890e6e56e009038ca", - "sha512": "e9397f3c1b84c7c7e52f91e4e62409c66af42bde74f93e12005054ee5fc00a1811685306276bea115dc1e4679cd8e6d9aeb49115e9493872b0c1c9308f93714a" - }, - "version": 5 - } - } - }, - "signatures": [ - { - "keyid": "45b283825eb184cabd582eb17b74fc8ed404f68cf452acabdad2ed6f90ce216b", - "sig": "30440220190e4f5c1fa91fcb4da0598dae9606d1145ee26dde02038383b19f93c7db2aa602205c566db8f3c786ab572db379fa15a49ae8e3626d666e76cd95ab07eb9d05e4b6" - } - ] -} \ No newline at end of file diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/66.snapshot.json b/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/66.snapshot.json deleted file mode 100644 index 5009336a..00000000 --- a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/66.snapshot.json +++ /dev/null @@ -1,56 +0,0 @@ -{ - "signed": { - "_type": "snapshot", - "spec_version": "1.0", - "version": 66, - "expires": "2023-02-12T00:08:53Z", - "meta": { - "rekor.json": { - "length": 797, - "hashes": { - "sha256": "9d2e1a5842937d8e0d3e3759170b0ad15c56c5df36afc5cf73583ddd283a463b", - "sha512": "176e9e710ddddd1b357a7d7970831bae59763395a0c18976110cbd35b25e5412dc50f356ec421a7a30265670cf7aec9ed84ee944ba700ec2394b9c876645b960" - }, - "version": 3 - }, - "revocation.json": { - "length": 800, - "hashes": { - "sha256": "6f60848ba8fb0955a02abfd1232fb3845dc9ee9f418bf03521a7ddb48217e040", - "sha512": "a965dddd0d0edef6c59e84cf02ecf5a53299f633fd339b2b61814a4219ab4df672a6390f265b8b29e1c8cea9368ea3440df013790759d50231a30df1c1f02551" - }, - "version": 2 - }, - "root.json": { - "length": 5297, - "hashes": { - "sha256": "f5ad897c9414cca99629f400ac3585e41bd8ebb44c5af07fb08dd636a9eced9c", - "sha512": "7445ddfdd338ef786c324fc3d68f75be28cb95b7fb581d2a383e3e5dde18aa17029a5636ec0a22e9631931bbcb34057788311718ea41e21e7cdd3c0de13ede42" - }, - "version": 2 - }, - "staging.json": { - "length": 401, - "hashes": { - "sha256": "cda57759abac5375397eea3531d7ca51e3a67da9a2dc93f2cdab749e2ae73149", - "sha512": "e9e59587bde453144c7079884a880c706f1d43f26e8bb23fac2b96a99569a2a30ae6cf51ec51c2454f760ce83d4c20915e062aede7f319b3da6a6ed1d26ca281" - }, - "version": 2 - }, - "targets.json": { - "length": 4188, - "hashes": { - "sha256": "5dbc142fcda89c914175b4e8570a2745d41f8ff799625b8890e6e56e009038ca", - "sha512": "e9397f3c1b84c7c7e52f91e4e62409c66af42bde74f93e12005054ee5fc00a1811685306276bea115dc1e4679cd8e6d9aeb49115e9493872b0c1c9308f93714a" - }, - "version": 5 - } - } - }, - "signatures": [ - { - "keyid": "45b283825eb184cabd582eb17b74fc8ed404f68cf452acabdad2ed6f90ce216b", - "sig": "3044022069a7ea2db1987ee76884ed5350840d95909b9c655c8f62deccb6e3ac23dde58a02207344d3fa328df12d9a33acf62076a33776965569e2d1f685273343dfb7efa0a2" - } - ] -} \ No newline at end of file diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/67.snapshot.json b/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/67.snapshot.json deleted file mode 100644 index 5800e645..00000000 --- a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/67.snapshot.json +++ /dev/null @@ -1,56 +0,0 @@ -{ - "signed": { - "_type": "snapshot", - "spec_version": "1.0", - "version": 67, - "expires": "2023-02-19T00:08:44Z", - "meta": { - "rekor.json": { - "length": 797, - "hashes": { - "sha256": "9d2e1a5842937d8e0d3e3759170b0ad15c56c5df36afc5cf73583ddd283a463b", - "sha512": "176e9e710ddddd1b357a7d7970831bae59763395a0c18976110cbd35b25e5412dc50f356ec421a7a30265670cf7aec9ed84ee944ba700ec2394b9c876645b960" - }, - "version": 3 - }, - "revocation.json": { - "length": 800, - "hashes": { - "sha256": "6f60848ba8fb0955a02abfd1232fb3845dc9ee9f418bf03521a7ddb48217e040", - "sha512": "a965dddd0d0edef6c59e84cf02ecf5a53299f633fd339b2b61814a4219ab4df672a6390f265b8b29e1c8cea9368ea3440df013790759d50231a30df1c1f02551" - }, - "version": 2 - }, - "root.json": { - "length": 5297, - "hashes": { - "sha256": "f5ad897c9414cca99629f400ac3585e41bd8ebb44c5af07fb08dd636a9eced9c", - "sha512": "7445ddfdd338ef786c324fc3d68f75be28cb95b7fb581d2a383e3e5dde18aa17029a5636ec0a22e9631931bbcb34057788311718ea41e21e7cdd3c0de13ede42" - }, - "version": 2 - }, - "staging.json": { - "length": 401, - "hashes": { - "sha256": "cda57759abac5375397eea3531d7ca51e3a67da9a2dc93f2cdab749e2ae73149", - "sha512": "e9e59587bde453144c7079884a880c706f1d43f26e8bb23fac2b96a99569a2a30ae6cf51ec51c2454f760ce83d4c20915e062aede7f319b3da6a6ed1d26ca281" - }, - "version": 2 - }, - "targets.json": { - "length": 4188, - "hashes": { - "sha256": "5dbc142fcda89c914175b4e8570a2745d41f8ff799625b8890e6e56e009038ca", - "sha512": "e9397f3c1b84c7c7e52f91e4e62409c66af42bde74f93e12005054ee5fc00a1811685306276bea115dc1e4679cd8e6d9aeb49115e9493872b0c1c9308f93714a" - }, - "version": 5 - } - } - }, - "signatures": [ - { - "keyid": "45b283825eb184cabd582eb17b74fc8ed404f68cf452acabdad2ed6f90ce216b", - "sig": "3045022100b39e717d8629d1c291ab2d77e1c16facbda14e7fc9132910b240f0e4f4efab79022003becd79ee922bb2f76c38c84fd9ad1688578737333799307e2013fe3631860c" - } - ] -} \ No newline at end of file diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/68.snapshot.json b/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/68.snapshot.json deleted file mode 100644 index 7b327883..00000000 --- a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/68.snapshot.json +++ /dev/null @@ -1,56 +0,0 @@ -{ - "signed": { - "_type": "snapshot", - "spec_version": "1.0", - "version": 68, - "expires": "2023-02-22T00:09:16Z", - "meta": { - "rekor.json": { - "length": 797, - "hashes": { - "sha256": "9d2e1a5842937d8e0d3e3759170b0ad15c56c5df36afc5cf73583ddd283a463b", - "sha512": "176e9e710ddddd1b357a7d7970831bae59763395a0c18976110cbd35b25e5412dc50f356ec421a7a30265670cf7aec9ed84ee944ba700ec2394b9c876645b960" - }, - "version": 3 - }, - "revocation.json": { - "length": 800, - "hashes": { - "sha256": "6f60848ba8fb0955a02abfd1232fb3845dc9ee9f418bf03521a7ddb48217e040", - "sha512": "a965dddd0d0edef6c59e84cf02ecf5a53299f633fd339b2b61814a4219ab4df672a6390f265b8b29e1c8cea9368ea3440df013790759d50231a30df1c1f02551" - }, - "version": 2 - }, - "root.json": { - "length": 5297, - "hashes": { - "sha256": "f5ad897c9414cca99629f400ac3585e41bd8ebb44c5af07fb08dd636a9eced9c", - "sha512": "7445ddfdd338ef786c324fc3d68f75be28cb95b7fb581d2a383e3e5dde18aa17029a5636ec0a22e9631931bbcb34057788311718ea41e21e7cdd3c0de13ede42" - }, - "version": 2 - }, - "staging.json": { - "length": 401, - "hashes": { - "sha256": "cda57759abac5375397eea3531d7ca51e3a67da9a2dc93f2cdab749e2ae73149", - "sha512": "e9e59587bde453144c7079884a880c706f1d43f26e8bb23fac2b96a99569a2a30ae6cf51ec51c2454f760ce83d4c20915e062aede7f319b3da6a6ed1d26ca281" - }, - "version": 2 - }, - "targets.json": { - "length": 4188, - "hashes": { - "sha256": "5dbc142fcda89c914175b4e8570a2745d41f8ff799625b8890e6e56e009038ca", - "sha512": "e9397f3c1b84c7c7e52f91e4e62409c66af42bde74f93e12005054ee5fc00a1811685306276bea115dc1e4679cd8e6d9aeb49115e9493872b0c1c9308f93714a" - }, - "version": 5 - } - } - }, - "signatures": [ - { - "keyid": "45b283825eb184cabd582eb17b74fc8ed404f68cf452acabdad2ed6f90ce216b", - "sig": "3046022100c1304df9ba6f3d1c28b7f5fd31e2f874b29f7b163bffe3f096847594924f1aeb022100e33ee32d9334668ee2af6b609ca58e1b158b5472b7e04be5c8207b783138a838" - } - ] -} \ No newline at end of file diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/69.snapshot.json b/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/69.snapshot.json deleted file mode 100644 index 4a23bf30..00000000 --- a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/69.snapshot.json +++ /dev/null @@ -1,56 +0,0 @@ -{ - "signed": { - "_type": "snapshot", - "spec_version": "1.0", - "version": 69, - "expires": "2023-03-01T00:07:52Z", - "meta": { - "rekor.json": { - "length": 797, - "hashes": { - "sha256": "9d2e1a5842937d8e0d3e3759170b0ad15c56c5df36afc5cf73583ddd283a463b", - "sha512": "176e9e710ddddd1b357a7d7970831bae59763395a0c18976110cbd35b25e5412dc50f356ec421a7a30265670cf7aec9ed84ee944ba700ec2394b9c876645b960" - }, - "version": 3 - }, - "revocation.json": { - "length": 800, - "hashes": { - "sha256": "6f60848ba8fb0955a02abfd1232fb3845dc9ee9f418bf03521a7ddb48217e040", - "sha512": "a965dddd0d0edef6c59e84cf02ecf5a53299f633fd339b2b61814a4219ab4df672a6390f265b8b29e1c8cea9368ea3440df013790759d50231a30df1c1f02551" - }, - "version": 2 - }, - "root.json": { - "length": 5297, - "hashes": { - "sha256": "f5ad897c9414cca99629f400ac3585e41bd8ebb44c5af07fb08dd636a9eced9c", - "sha512": "7445ddfdd338ef786c324fc3d68f75be28cb95b7fb581d2a383e3e5dde18aa17029a5636ec0a22e9631931bbcb34057788311718ea41e21e7cdd3c0de13ede42" - }, - "version": 2 - }, - "staging.json": { - "length": 401, - "hashes": { - "sha256": "cda57759abac5375397eea3531d7ca51e3a67da9a2dc93f2cdab749e2ae73149", - "sha512": "e9e59587bde453144c7079884a880c706f1d43f26e8bb23fac2b96a99569a2a30ae6cf51ec51c2454f760ce83d4c20915e062aede7f319b3da6a6ed1d26ca281" - }, - "version": 2 - }, - "targets.json": { - "length": 4188, - "hashes": { - "sha256": "5dbc142fcda89c914175b4e8570a2745d41f8ff799625b8890e6e56e009038ca", - "sha512": "e9397f3c1b84c7c7e52f91e4e62409c66af42bde74f93e12005054ee5fc00a1811685306276bea115dc1e4679cd8e6d9aeb49115e9493872b0c1c9308f93714a" - }, - "version": 5 - } - } - }, - "signatures": [ - { - "keyid": "45b283825eb184cabd582eb17b74fc8ed404f68cf452acabdad2ed6f90ce216b", - "sig": "3044022056f506140374dda69b810c22673b3facb5ed298a5168cc935abb76854ac70aa30220530e72f5b2bb824e772a1d14ebc8137ff4677792f1ae861b115b5cc06426d251" - } - ] -} \ No newline at end of file diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/root.json b/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/root.json deleted file mode 100644 index 38f80f94..00000000 --- a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/root.json +++ /dev/null @@ -1,156 +0,0 @@ -{ - "signed": { - "_type": "root", - "spec_version": "1.0", - "version": 5, - "expires": "2023-04-18T18:13:43Z", - "keys": { - "25a0eb450fd3ee2bd79218c963dce3f1cc6118badf251bf149f0bd07d5cabe99": { - "keytype": "ecdsa-sha2-nistp256", - "scheme": "ecdsa-sha2-nistp256", - "keyid_hash_algorithms": [ - "sha256", - "sha512" - ], - "keyval": { - "public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEEXsz3SZXFb8jMV42j6pJlyjbjR8K\nN3Bwocexq6LMIb5qsWKOQvLN16NUefLc4HswOoumRsVVaajSpQS6fobkRw==\n-----END PUBLIC KEY-----\n" - } - }, - "2e61cd0cbf4a8f45809bda9f7f78c0d33ad11842ff94ae340873e2664dc843de": { - "keytype": "ecdsa-sha2-nistp256", - "scheme": "ecdsa-sha2-nistp256", - "keyid_hash_algorithms": [ - "sha256", - "sha512" - ], - "keyval": { - "public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0ghrh92Lw1Yr3idGV5WqCtMDB8Cx\n+D8hdC4w2ZLNIplVRoVGLskYa3gheMyOjiJ8kPi15aQ2//7P+oj7UvJPGw==\n-----END PUBLIC KEY-----\n" - } - }, - "45b283825eb184cabd582eb17b74fc8ed404f68cf452acabdad2ed6f90ce216b": { - "keytype": "ecdsa-sha2-nistp256", - "scheme": "ecdsa-sha2-nistp256", - "keyid_hash_algorithms": [ - "sha256", - "sha512" - ], - "keyval": { - "public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAELrWvNt94v4R085ELeeCMxHp7PldF\n0/T1GxukUh2ODuggLGJE0pc1e8CSBf6CS91Fwo9FUOuRsjBUld+VqSyCdQ==\n-----END PUBLIC KEY-----\n" - } - }, - "7f7513b25429a64473e10ce3ad2f3da372bbdd14b65d07bbaf547e7c8bbbe62b": { - "keytype": "ecdsa-sha2-nistp256", - "scheme": "ecdsa-sha2-nistp256", - "keyid_hash_algorithms": [ - "sha256", - "sha512" - ], - "keyval": { - "public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEinikSsAQmYkNeH5eYq/CnIzLaacO\nxlSaawQDOwqKy/tCqxq5xxPSJc21K4WIhs9GyOkKfzueY3GILzcMJZ4cWw==\n-----END PUBLIC KEY-----\n" - } - }, - "e1863ba02070322ebc626dcecf9d881a3a38c35c3b41a83765b6ad6c37eaec2a": { - "keytype": "ecdsa-sha2-nistp256", - "scheme": "ecdsa-sha2-nistp256", - "keyid_hash_algorithms": [ - "sha256", - "sha512" - ], - "keyval": { - "public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEWRiGr5+j+3J5SsH+Ztr5nE2H2wO7\nBV+nO3s93gLca18qTOzHY1oWyAGDykMSsGTUBSt9D+An0KfKsD2mfSM42Q==\n-----END PUBLIC KEY-----\n" - } - }, - "f5312f542c21273d9485a49394386c4575804770667f2ddb59b3bf0669fddd2f": { - "keytype": "ecdsa-sha2-nistp256", - "scheme": "ecdsa-sha2-nistp256", - "keyid_hash_algorithms": [ - "sha256", - "sha512" - ], - "keyval": { - "public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEzBzVOmHCPojMVLSI364WiiV8NPrD\n6IgRxVliskz/v+y3JER5mcVGcONliDcWMC5J2lfHmjPNPhb4H7xm8LzfSA==\n-----END PUBLIC KEY-----\n" - } - }, - "ff51e17fcf253119b7033f6f57512631da4a0969442afcf9fc8b141c7f2be99c": { - "keytype": "ecdsa-sha2-nistp256", - "scheme": "ecdsa-sha2-nistp256", - "keyid_hash_algorithms": [ - "sha256", - "sha512" - ], - "keyval": { - "public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEy8XKsmhBYDI8Jc0GwzBxeKax0cm5\nSTKEU65HPFunUn41sT8pi0FjM4IkHz/YUmwmLUO0Wt7lxhj6BkLIK4qYAw==\n-----END PUBLIC KEY-----\n" - } - } - }, - "roles": { - "root": { - "keyids": [ - "ff51e17fcf253119b7033f6f57512631da4a0969442afcf9fc8b141c7f2be99c", - "25a0eb450fd3ee2bd79218c963dce3f1cc6118badf251bf149f0bd07d5cabe99", - "f5312f542c21273d9485a49394386c4575804770667f2ddb59b3bf0669fddd2f", - "7f7513b25429a64473e10ce3ad2f3da372bbdd14b65d07bbaf547e7c8bbbe62b", - "2e61cd0cbf4a8f45809bda9f7f78c0d33ad11842ff94ae340873e2664dc843de" - ], - "threshold": 3 - }, - "snapshot": { - "keyids": [ - "45b283825eb184cabd582eb17b74fc8ed404f68cf452acabdad2ed6f90ce216b" - ], - "threshold": 1 - }, - "targets": { - "keyids": [ - "ff51e17fcf253119b7033f6f57512631da4a0969442afcf9fc8b141c7f2be99c", - "25a0eb450fd3ee2bd79218c963dce3f1cc6118badf251bf149f0bd07d5cabe99", - "f5312f542c21273d9485a49394386c4575804770667f2ddb59b3bf0669fddd2f", - "7f7513b25429a64473e10ce3ad2f3da372bbdd14b65d07bbaf547e7c8bbbe62b", - "2e61cd0cbf4a8f45809bda9f7f78c0d33ad11842ff94ae340873e2664dc843de" - ], - "threshold": 3 - }, - "timestamp": { - "keyids": [ - "e1863ba02070322ebc626dcecf9d881a3a38c35c3b41a83765b6ad6c37eaec2a" - ], - "threshold": 1 - } - }, - "consistent_snapshot": true - }, - "signatures": [ - { - "keyid": "ff51e17fcf253119b7033f6f57512631da4a0969442afcf9fc8b141c7f2be99c", - "sig": "3045022100fc1c2be509ce50ea917bbad1d9efe9d96c8c2ebea04af2717aa3d9c6fe617a75022012eef282a19f2d8bd4818aa333ef48a06489f49d4d34a20b8fe8fc867bb25a7a" - }, - { - "keyid": "25a0eb450fd3ee2bd79218c963dce3f1cc6118badf251bf149f0bd07d5cabe99", - "sig": "30450221008a4392ae5057fc00778b651e61fea244766a4ae58db84d9f1d3810720ab0f3b702207c49e59e8031318caf02252ecea1281cecc1e5986c309a9cef61f455ecf7165d" - }, - { - "keyid": "7f7513b25429a64473e10ce3ad2f3da372bbdd14b65d07bbaf547e7c8bbbe62b", - "sig": "3046022100da1b8dc5d53aaffbbfac98de3e23ee2d2ad3446a7bed09fac0f88bae19be2587022100b681c046afc3919097dfe794e0d819be891e2e850aade315bec06b0c4dea221b" - }, - { - "keyid": "2e61cd0cbf4a8f45809bda9f7f78c0d33ad11842ff94ae340873e2664dc843de", - "sig": "3046022100b534e0030e1b271133ecfbdf3ba9fbf3becb3689abea079a2150afbb63cdb7c70221008c39a718fd9495f249b4ab8788d5b9dc269f0868dbe38b272f48207359d3ded9" - }, - { - "keyid": "2f64fb5eac0cf94dd39bb45308b98920055e9a0d8e012a7220787834c60aef97", - "sig": "3045022100fc1c2be509ce50ea917bbad1d9efe9d96c8c2ebea04af2717aa3d9c6fe617a75022012eef282a19f2d8bd4818aa333ef48a06489f49d4d34a20b8fe8fc867bb25a7a" - }, - { - "keyid": "eaf22372f417dd618a46f6c627dbc276e9fd30a004fc94f9be946e73f8bd090b", - "sig": "30450221008a4392ae5057fc00778b651e61fea244766a4ae58db84d9f1d3810720ab0f3b702207c49e59e8031318caf02252ecea1281cecc1e5986c309a9cef61f455ecf7165d" - }, - { - "keyid": "f505595165a177a41750a8e864ed1719b1edfccd5a426fd2c0ffda33ce7ff209", - "sig": "3046022100da1b8dc5d53aaffbbfac98de3e23ee2d2ad3446a7bed09fac0f88bae19be2587022100b681c046afc3919097dfe794e0d819be891e2e850aade315bec06b0c4dea221b" - }, - { - "keyid": "75e867ab10e121fdef32094af634707f43ddd79c6bab8ad6c5ab9f03f4ea8c90", - "sig": "3046022100b534e0030e1b271133ecfbdf3ba9fbf3becb3689abea079a2150afbb63cdb7c70221008c39a718fd9495f249b4ab8788d5b9dc269f0868dbe38b272f48207359d3ded9" - } - ] -} \ No newline at end of file diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/snapshot.json b/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/snapshot.json deleted file mode 100644 index 4a23bf30..00000000 --- a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/snapshot.json +++ /dev/null @@ -1,56 +0,0 @@ -{ - "signed": { - "_type": "snapshot", - "spec_version": "1.0", - "version": 69, - "expires": "2023-03-01T00:07:52Z", - "meta": { - "rekor.json": { - "length": 797, - "hashes": { - "sha256": "9d2e1a5842937d8e0d3e3759170b0ad15c56c5df36afc5cf73583ddd283a463b", - "sha512": "176e9e710ddddd1b357a7d7970831bae59763395a0c18976110cbd35b25e5412dc50f356ec421a7a30265670cf7aec9ed84ee944ba700ec2394b9c876645b960" - }, - "version": 3 - }, - "revocation.json": { - "length": 800, - "hashes": { - "sha256": "6f60848ba8fb0955a02abfd1232fb3845dc9ee9f418bf03521a7ddb48217e040", - "sha512": "a965dddd0d0edef6c59e84cf02ecf5a53299f633fd339b2b61814a4219ab4df672a6390f265b8b29e1c8cea9368ea3440df013790759d50231a30df1c1f02551" - }, - "version": 2 - }, - "root.json": { - "length": 5297, - "hashes": { - "sha256": "f5ad897c9414cca99629f400ac3585e41bd8ebb44c5af07fb08dd636a9eced9c", - "sha512": "7445ddfdd338ef786c324fc3d68f75be28cb95b7fb581d2a383e3e5dde18aa17029a5636ec0a22e9631931bbcb34057788311718ea41e21e7cdd3c0de13ede42" - }, - "version": 2 - }, - "staging.json": { - "length": 401, - "hashes": { - "sha256": "cda57759abac5375397eea3531d7ca51e3a67da9a2dc93f2cdab749e2ae73149", - "sha512": "e9e59587bde453144c7079884a880c706f1d43f26e8bb23fac2b96a99569a2a30ae6cf51ec51c2454f760ce83d4c20915e062aede7f319b3da6a6ed1d26ca281" - }, - "version": 2 - }, - "targets.json": { - "length": 4188, - "hashes": { - "sha256": "5dbc142fcda89c914175b4e8570a2745d41f8ff799625b8890e6e56e009038ca", - "sha512": "e9397f3c1b84c7c7e52f91e4e62409c66af42bde74f93e12005054ee5fc00a1811685306276bea115dc1e4679cd8e6d9aeb49115e9493872b0c1c9308f93714a" - }, - "version": 5 - } - } - }, - "signatures": [ - { - "keyid": "45b283825eb184cabd582eb17b74fc8ed404f68cf452acabdad2ed6f90ce216b", - "sig": "3044022056f506140374dda69b810c22673b3facb5ed298a5168cc935abb76854ac70aa30220530e72f5b2bb824e772a1d14ebc8137ff4677792f1ae861b115b5cc06426d251" - } - ] -} \ No newline at end of file diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/targets.json b/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/targets.json deleted file mode 100644 index 35985780..00000000 --- a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/targets.json +++ /dev/null @@ -1,125 +0,0 @@ -{ - "signed": { - "_type": "targets", - "spec_version": "1.0", - "version": 5, - "expires": "2023-04-18T18:13:43Z", - "targets": { - "artifact.pub": { - "length": 177, - "hashes": { - "sha256": "59ebf97a9850aecec4bc39c1f5c1dc46e6490a6b5fd2a6cacdcac0c3a6fc4cbf", - "sha512": "308fd1d1d95d7f80aa33b837795251cc3e886792982275e062409e13e4e236ffc34d676682aa96fdc751414de99c864bf132dde71581fa651c6343905e3bf988" - }, - "custom": { - "sigstore": { - "status": "Active", - "usage": "Unknown" - } - } - }, - "ctfe.pub": { - "length": 177, - "hashes": { - "sha256": "7fcb94a5d0ed541260473b990b99a6c39864c1fb16f3f3e594a5a3cebbfe138a", - "sha512": "4b20747d1afe2544238ad38cc0cc3010921b177d60ac743767e0ef675b915489bd01a36606c0ff83c06448622d7160f0d866c83d20f0c0f44653dcc3f9aa0bd4" - }, - "custom": { - "sigstore": { - "status": "Active", - "uri": "https://ctfe.sigstore.dev/test", - "usage": "CTFE" - } - } - }, - "ctfe_2022.pub": { - "length": 178, - "hashes": { - "sha256": "270488a309d22e804eeb245493e87c667658d749006b9fee9cc614572d4fbbdc", - "sha512": "e83fa4f427b24ee7728637fad1b4aa45ebde2ba02751fa860694b1bb16059a490328f9985e51cc70e4d237545315a1bc866dc4fdeef2f6248d99cc7a6077bf85" - }, - "custom": { - "sigstore": { - "status": "Active", - "uri": "https://ctfe.sigstore.dev/2022", - "usage": "CTFE" - } - } - }, - "fulcio.crt.pem": { - "length": 744, - "hashes": { - "sha256": "f360c53b2e13495a628b9b8096455badcb6d375b185c4816d95a5d746ff29908", - "sha512": "0713252a7fd17f7f3ab12f88a64accf2eb14b8ad40ca711d7fe8b4ecba3b24db9e9dffadb997b196d3867b8f9ff217faf930d80e4dab4e235c7fc3f07be69224" - }, - "custom": { - "sigstore": { - "status": "Expired", - "uri": "https://fulcio.sigstore.dev", - "usage": "Fulcio" - } - } - }, - "fulcio_intermediate_v1.crt.pem": { - "length": 789, - "hashes": { - "sha256": "f8cbecf186db7714624a5f4e99da31a917cbef70a94dd6921f5c3ca969dfe30a", - "sha512": "0f99f47dbc26c5f1e3cba0bfd9af4245a26e5cb735d6ef005792ec7e603f66fdb897de985973a6e50940ca7eff5e1849719e967b5ad2dac74a29115a41cf6f21" - }, - "custom": { - "sigstore": { - "status": "Active", - "uri": "https://fulcio.sigstore.dev", - "usage": "Fulcio" - } - } - }, - "fulcio_v1.crt.pem": { - "length": 740, - "hashes": { - "sha256": "f989aa23def87c549404eadba767768d2a3c8d6d30a8b793f9f518a8eafd2cf5", - "sha512": "f2e33a6dc208cee1f51d33bbea675ab0f0ced269617497985f9a0680689ee7073e4b6f8fef64c91bda590d30c129b3070dddce824c05bc165ac9802f0705cab6" - }, - "custom": { - "sigstore": { - "status": "Active", - "uri": "https://fulcio.sigstore.dev", - "usage": "Fulcio" - } - } - }, - "rekor.pub": { - "length": 178, - "hashes": { - "sha256": "dce5ef715502ec9f3cdfd11f8cc384b31a6141023d3e7595e9908a81cb6241bd", - "sha512": "0ae7705e02db33e814329746a4a0e5603c5bdcd91c96d072158d71011a2695788866565a2fec0fe363eb72cbcaeda39e54c5fe8d416daf9f3101fdba4217ef35" - }, - "custom": { - "sigstore": { - "status": "Active", - "uri": "https://rekor.sigstore.dev", - "usage": "Rekor" - } - } - } - } - }, - "signatures": [ - { - "keyid": "7f7513b25429a64473e10ce3ad2f3da372bbdd14b65d07bbaf547e7c8bbbe62b", - "sig": "3045022100bf03c32b59f65285b91118172503c9f7e5f65fea0d4647f31adfb6cf18ed09db022069778e655e4198a3346ea9239dacb111571c7e7ed4c96d166ddce06306486a9c" - }, - { - "keyid": "2e61cd0cbf4a8f45809bda9f7f78c0d33ad11842ff94ae340873e2664dc843de", - "sig": "30440220562f52b2243e66d8dff72dbf67a29faf82ad60ecbe0638acd4ab00338244f0b102206051db1fbe5a7815b4076096d5f8002c0dc1ecce8d9ef9d696cdacff50c7463a" - }, - { - "keyid": "ff51e17fcf253119b7033f6f57512631da4a0969442afcf9fc8b141c7f2be99c", - "sig": "3045022100df19bbbabed7672c8e797152d6b97aa1f14fdcd6e10ce0e41703d5e7ad37c2e502200583577549f561079273460afe2b827b16d5e76a63616390bf956ee5f24d60eb" - }, - { - "keyid": "25a0eb450fd3ee2bd79218c963dce3f1cc6118badf251bf149f0bd07d5cabe99", - "sig": "304502207d79f0ee8965f82c24fc5b96d6fbfa760b1f7192fd829a64a32ec03c579220310221008498a536dcc7aefd267875267f08cb27f8ae455dc6d8c53fe628e2fda2772dd4" - } - ] -} \ No newline at end of file diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/targets/0713252a7fd17f7f3ab12f88a64accf2eb14b8ad40ca711d7fe8b4ecba3b24db9e9dffadb997b196d3867b8f9ff217faf930d80e4dab4e235c7fc3f07be69224.fulcio.crt.pem b/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/targets/0713252a7fd17f7f3ab12f88a64accf2eb14b8ad40ca711d7fe8b4ecba3b24db9e9dffadb997b196d3867b8f9ff217faf930d80e4dab4e235c7fc3f07be69224.fulcio.crt.pem deleted file mode 100644 index 6a06ff30..00000000 --- a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/targets/0713252a7fd17f7f3ab12f88a64accf2eb14b8ad40ca711d7fe8b4ecba3b24db9e9dffadb997b196d3867b8f9ff217faf930d80e4dab4e235c7fc3f07be69224.fulcio.crt.pem +++ /dev/null @@ -1,13 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIB+DCCAX6gAwIBAgITNVkDZoCiofPDsy7dfm6geLbuhzAKBggqhkjOPQQDAzAq -MRUwEwYDVQQKEwxzaWdzdG9yZS5kZXYxETAPBgNVBAMTCHNpZ3N0b3JlMB4XDTIx -MDMwNzAzMjAyOVoXDTMxMDIyMzAzMjAyOVowKjEVMBMGA1UEChMMc2lnc3RvcmUu -ZGV2MREwDwYDVQQDEwhzaWdzdG9yZTB2MBAGByqGSM49AgEGBSuBBAAiA2IABLSy -A7Ii5k+pNO8ZEWY0ylemWDowOkNa3kL+GZE5Z5GWehL9/A9bRNA3RbrsZ5i0Jcas -taRL7Sp5fp/jD5dxqc/UdTVnlvS16an+2Yfswe/QuLolRUCrcOE2+2iA5+tzd6Nm -MGQwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQEwHQYDVR0OBBYE -FMjFHQBBmiQpMlEk6w2uSu1KBtPsMB8GA1UdIwQYMBaAFMjFHQBBmiQpMlEk6w2u -Su1KBtPsMAoGCCqGSM49BAMDA2gAMGUCMH8liWJfMui6vXXBhjDgY4MwslmN/TJx -Ve/83WrFomwmNf056y1X48F9c4m3a3ozXAIxAKjRay5/aj/jsKKGIkmQatjI8uup -Hr/+CxFvaJWmpYqNkLDGRU+9orzh5hI2RrcuaQ== ------END CERTIFICATE----- \ No newline at end of file diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/targets/0ae7705e02db33e814329746a4a0e5603c5bdcd91c96d072158d71011a2695788866565a2fec0fe363eb72cbcaeda39e54c5fe8d416daf9f3101fdba4217ef35.rekor.pub b/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/targets/0ae7705e02db33e814329746a4a0e5603c5bdcd91c96d072158d71011a2695788866565a2fec0fe363eb72cbcaeda39e54c5fe8d416daf9f3101fdba4217ef35.rekor.pub deleted file mode 100644 index 050ef601..00000000 --- a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/targets/0ae7705e02db33e814329746a4a0e5603c5bdcd91c96d072158d71011a2695788866565a2fec0fe363eb72cbcaeda39e54c5fe8d416daf9f3101fdba4217ef35.rekor.pub +++ /dev/null @@ -1,4 +0,0 @@ ------BEGIN PUBLIC KEY----- -MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE2G2Y+2tabdTV5BcGiBIx0a9fAFwr -kBbmLSGtks4L3qX6yYY0zufBnhC8Ur/iy55GhWP/9A/bY2LhC30M9+RYtw== ------END PUBLIC KEY----- diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/targets/0f99f47dbc26c5f1e3cba0bfd9af4245a26e5cb735d6ef005792ec7e603f66fdb897de985973a6e50940ca7eff5e1849719e967b5ad2dac74a29115a41cf6f21.fulcio_intermediate_v1.crt.pem b/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/targets/0f99f47dbc26c5f1e3cba0bfd9af4245a26e5cb735d6ef005792ec7e603f66fdb897de985973a6e50940ca7eff5e1849719e967b5ad2dac74a29115a41cf6f21.fulcio_intermediate_v1.crt.pem deleted file mode 100644 index 6d1c298b..00000000 --- a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/targets/0f99f47dbc26c5f1e3cba0bfd9af4245a26e5cb735d6ef005792ec7e603f66fdb897de985973a6e50940ca7eff5e1849719e967b5ad2dac74a29115a41cf6f21.fulcio_intermediate_v1.crt.pem +++ /dev/null @@ -1,14 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICGjCCAaGgAwIBAgIUALnViVfnU0brJasmRkHrn/UnfaQwCgYIKoZIzj0EAwMw -KjEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MREwDwYDVQQDEwhzaWdzdG9yZTAeFw0y -MjA0MTMyMDA2MTVaFw0zMTEwMDUxMzU2NThaMDcxFTATBgNVBAoTDHNpZ3N0b3Jl -LmRldjEeMBwGA1UEAxMVc2lnc3RvcmUtaW50ZXJtZWRpYXRlMHYwEAYHKoZIzj0C -AQYFK4EEACIDYgAE8RVS/ysH+NOvuDZyPIZtilgUF9NlarYpAd9HP1vBBH1U5CV7 -7LSS7s0ZiH4nE7Hv7ptS6LvvR/STk798LVgMzLlJ4HeIfF3tHSaexLcYpSASr1kS -0N/RgBJz/9jWCiXno3sweTAOBgNVHQ8BAf8EBAMCAQYwEwYDVR0lBAwwCgYIKwYB -BQUHAwMwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQU39Ppz1YkEZb5qNjp -KFWixi4YZD8wHwYDVR0jBBgwFoAUWMAeX5FFpWapesyQoZMi0CrFxfowCgYIKoZI -zj0EAwMDZwAwZAIwPCsQK4DYiZYDPIaDi5HFKnfxXx6ASSVmERfsynYBiX2X6SJR -nZU84/9DZdnFvvxmAjBOt6QpBlc4J/0DxvkTCqpclvziL6BCCPnjdlIB3Pu3BxsP -mygUY7Ii2zbdCdliiow= ------END CERTIFICATE----- \ No newline at end of file diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/targets/270488a309d22e804eeb245493e87c667658d749006b9fee9cc614572d4fbbdc.ctfe_2022.pub b/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/targets/270488a309d22e804eeb245493e87c667658d749006b9fee9cc614572d4fbbdc.ctfe_2022.pub deleted file mode 100644 index 32fa2ad1..00000000 --- a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/targets/270488a309d22e804eeb245493e87c667658d749006b9fee9cc614572d4fbbdc.ctfe_2022.pub +++ /dev/null @@ -1,4 +0,0 @@ ------BEGIN PUBLIC KEY----- -MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEiPSlFi0CmFTfEjCUqF9HuCEcYXNK -AaYalIJmBZ8yyezPjTqhxrKBpMnaocVtLJBI1eM3uXnQzQGAJdJ4gs9Fyw== ------END PUBLIC KEY----- diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/targets/308fd1d1d95d7f80aa33b837795251cc3e886792982275e062409e13e4e236ffc34d676682aa96fdc751414de99c864bf132dde71581fa651c6343905e3bf988.artifact.pub b/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/targets/308fd1d1d95d7f80aa33b837795251cc3e886792982275e062409e13e4e236ffc34d676682aa96fdc751414de99c864bf132dde71581fa651c6343905e3bf988.artifact.pub deleted file mode 100644 index d6e745bd..00000000 --- a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/targets/308fd1d1d95d7f80aa33b837795251cc3e886792982275e062409e13e4e236ffc34d676682aa96fdc751414de99c864bf132dde71581fa651c6343905e3bf988.artifact.pub +++ /dev/null @@ -1,4 +0,0 @@ ------BEGIN PUBLIC KEY----- -MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEhyQCx0E9wQWSFI9ULGwy3BuRklnt -IqozONbbdbqz11hlRJy9c7SG+hdcFl9jE9uE/dwtuwU2MqU9T/cN0YkWww== ------END PUBLIC KEY----- \ No newline at end of file diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/targets/4b20747d1afe2544238ad38cc0cc3010921b177d60ac743767e0ef675b915489bd01a36606c0ff83c06448622d7160f0d866c83d20f0c0f44653dcc3f9aa0bd4.ctfe.pub b/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/targets/4b20747d1afe2544238ad38cc0cc3010921b177d60ac743767e0ef675b915489bd01a36606c0ff83c06448622d7160f0d866c83d20f0c0f44653dcc3f9aa0bd4.ctfe.pub deleted file mode 100644 index 1bb1488c..00000000 --- a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/targets/4b20747d1afe2544238ad38cc0cc3010921b177d60ac743767e0ef675b915489bd01a36606c0ff83c06448622d7160f0d866c83d20f0c0f44653dcc3f9aa0bd4.ctfe.pub +++ /dev/null @@ -1,4 +0,0 @@ ------BEGIN PUBLIC KEY----- -MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEbfwR+RJudXscgRBRpKX1XFDy3Pyu -dDxz/SfnRi1fT8ekpfBd2O1uoz7jr3Z8nKzxA69EUQ+eFCFI3zeubPWU7w== ------END PUBLIC KEY----- \ No newline at end of file diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/targets/59ebf97a9850aecec4bc39c1f5c1dc46e6490a6b5fd2a6cacdcac0c3a6fc4cbf.artifact.pub b/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/targets/59ebf97a9850aecec4bc39c1f5c1dc46e6490a6b5fd2a6cacdcac0c3a6fc4cbf.artifact.pub deleted file mode 100644 index d6e745bd..00000000 --- a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/targets/59ebf97a9850aecec4bc39c1f5c1dc46e6490a6b5fd2a6cacdcac0c3a6fc4cbf.artifact.pub +++ /dev/null @@ -1,4 +0,0 @@ ------BEGIN PUBLIC KEY----- -MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEhyQCx0E9wQWSFI9ULGwy3BuRklnt -IqozONbbdbqz11hlRJy9c7SG+hdcFl9jE9uE/dwtuwU2MqU9T/cN0YkWww== ------END PUBLIC KEY----- \ No newline at end of file diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/targets/7fcb94a5d0ed541260473b990b99a6c39864c1fb16f3f3e594a5a3cebbfe138a.ctfe.pub b/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/targets/7fcb94a5d0ed541260473b990b99a6c39864c1fb16f3f3e594a5a3cebbfe138a.ctfe.pub deleted file mode 100644 index 1bb1488c..00000000 --- a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/targets/7fcb94a5d0ed541260473b990b99a6c39864c1fb16f3f3e594a5a3cebbfe138a.ctfe.pub +++ /dev/null @@ -1,4 +0,0 @@ ------BEGIN PUBLIC KEY----- -MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEbfwR+RJudXscgRBRpKX1XFDy3Pyu -dDxz/SfnRi1fT8ekpfBd2O1uoz7jr3Z8nKzxA69EUQ+eFCFI3zeubPWU7w== ------END PUBLIC KEY----- \ No newline at end of file diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/targets/dce5ef715502ec9f3cdfd11f8cc384b31a6141023d3e7595e9908a81cb6241bd.rekor.pub b/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/targets/dce5ef715502ec9f3cdfd11f8cc384b31a6141023d3e7595e9908a81cb6241bd.rekor.pub deleted file mode 100644 index 050ef601..00000000 --- a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/targets/dce5ef715502ec9f3cdfd11f8cc384b31a6141023d3e7595e9908a81cb6241bd.rekor.pub +++ /dev/null @@ -1,4 +0,0 @@ ------BEGIN PUBLIC KEY----- -MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE2G2Y+2tabdTV5BcGiBIx0a9fAFwr -kBbmLSGtks4L3qX6yYY0zufBnhC8Ur/iy55GhWP/9A/bY2LhC30M9+RYtw== ------END PUBLIC KEY----- diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/targets/e83fa4f427b24ee7728637fad1b4aa45ebde2ba02751fa860694b1bb16059a490328f9985e51cc70e4d237545315a1bc866dc4fdeef2f6248d99cc7a6077bf85.ctfe_2022.pub b/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/targets/e83fa4f427b24ee7728637fad1b4aa45ebde2ba02751fa860694b1bb16059a490328f9985e51cc70e4d237545315a1bc866dc4fdeef2f6248d99cc7a6077bf85.ctfe_2022.pub deleted file mode 100644 index 32fa2ad1..00000000 --- a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/targets/e83fa4f427b24ee7728637fad1b4aa45ebde2ba02751fa860694b1bb16059a490328f9985e51cc70e4d237545315a1bc866dc4fdeef2f6248d99cc7a6077bf85.ctfe_2022.pub +++ /dev/null @@ -1,4 +0,0 @@ ------BEGIN PUBLIC KEY----- -MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEiPSlFi0CmFTfEjCUqF9HuCEcYXNK -AaYalIJmBZ8yyezPjTqhxrKBpMnaocVtLJBI1eM3uXnQzQGAJdJ4gs9Fyw== ------END PUBLIC KEY----- diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/targets/f2e33a6dc208cee1f51d33bbea675ab0f0ced269617497985f9a0680689ee7073e4b6f8fef64c91bda590d30c129b3070dddce824c05bc165ac9802f0705cab6.fulcio_v1.crt.pem b/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/targets/f2e33a6dc208cee1f51d33bbea675ab0f0ced269617497985f9a0680689ee7073e4b6f8fef64c91bda590d30c129b3070dddce824c05bc165ac9802f0705cab6.fulcio_v1.crt.pem deleted file mode 100644 index 3afc46bb..00000000 --- a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/targets/f2e33a6dc208cee1f51d33bbea675ab0f0ced269617497985f9a0680689ee7073e4b6f8fef64c91bda590d30c129b3070dddce824c05bc165ac9802f0705cab6.fulcio_v1.crt.pem +++ /dev/null @@ -1,13 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIB9zCCAXygAwIBAgIUALZNAPFdxHPwjeDloDwyYChAO/4wCgYIKoZIzj0EAwMw -KjEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MREwDwYDVQQDEwhzaWdzdG9yZTAeFw0y -MTEwMDcxMzU2NTlaFw0zMTEwMDUxMzU2NThaMCoxFTATBgNVBAoTDHNpZ3N0b3Jl -LmRldjERMA8GA1UEAxMIc2lnc3RvcmUwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAT7 -XeFT4rb3PQGwS4IajtLk3/OlnpgangaBclYpsYBr5i+4ynB07ceb3LP0OIOZdxex -X69c5iVuyJRQ+Hz05yi+UF3uBWAlHpiS5sh0+H2GHE7SXrk1EC5m1Tr19L9gg92j -YzBhMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRY -wB5fkUWlZql6zJChkyLQKsXF+jAfBgNVHSMEGDAWgBRYwB5fkUWlZql6zJChkyLQ -KsXF+jAKBggqhkjOPQQDAwNpADBmAjEAj1nHeXZp+13NWBNa+EDsDP8G1WWg1tCM -WP/WHPqpaVo0jhsweNFZgSs0eE7wYI4qAjEA2WB9ot98sIkoF3vZYdd3/VtWB5b9 -TNMea7Ix/stJ5TfcLLeABLE4BNJOsQ4vnBHJ ------END CERTIFICATE----- \ No newline at end of file diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/targets/f360c53b2e13495a628b9b8096455badcb6d375b185c4816d95a5d746ff29908.fulcio.crt.pem b/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/targets/f360c53b2e13495a628b9b8096455badcb6d375b185c4816d95a5d746ff29908.fulcio.crt.pem deleted file mode 100644 index 6a06ff30..00000000 --- a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/targets/f360c53b2e13495a628b9b8096455badcb6d375b185c4816d95a5d746ff29908.fulcio.crt.pem +++ /dev/null @@ -1,13 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIB+DCCAX6gAwIBAgITNVkDZoCiofPDsy7dfm6geLbuhzAKBggqhkjOPQQDAzAq -MRUwEwYDVQQKEwxzaWdzdG9yZS5kZXYxETAPBgNVBAMTCHNpZ3N0b3JlMB4XDTIx -MDMwNzAzMjAyOVoXDTMxMDIyMzAzMjAyOVowKjEVMBMGA1UEChMMc2lnc3RvcmUu -ZGV2MREwDwYDVQQDEwhzaWdzdG9yZTB2MBAGByqGSM49AgEGBSuBBAAiA2IABLSy -A7Ii5k+pNO8ZEWY0ylemWDowOkNa3kL+GZE5Z5GWehL9/A9bRNA3RbrsZ5i0Jcas -taRL7Sp5fp/jD5dxqc/UdTVnlvS16an+2Yfswe/QuLolRUCrcOE2+2iA5+tzd6Nm -MGQwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQEwHQYDVR0OBBYE -FMjFHQBBmiQpMlEk6w2uSu1KBtPsMB8GA1UdIwQYMBaAFMjFHQBBmiQpMlEk6w2u -Su1KBtPsMAoGCCqGSM49BAMDA2gAMGUCMH8liWJfMui6vXXBhjDgY4MwslmN/TJx -Ve/83WrFomwmNf056y1X48F9c4m3a3ozXAIxAKjRay5/aj/jsKKGIkmQatjI8uup -Hr/+CxFvaJWmpYqNkLDGRU+9orzh5hI2RrcuaQ== ------END CERTIFICATE----- \ No newline at end of file diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/targets/f8cbecf186db7714624a5f4e99da31a917cbef70a94dd6921f5c3ca969dfe30a.fulcio_intermediate_v1.crt.pem b/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/targets/f8cbecf186db7714624a5f4e99da31a917cbef70a94dd6921f5c3ca969dfe30a.fulcio_intermediate_v1.crt.pem deleted file mode 100644 index 6d1c298b..00000000 --- a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/targets/f8cbecf186db7714624a5f4e99da31a917cbef70a94dd6921f5c3ca969dfe30a.fulcio_intermediate_v1.crt.pem +++ /dev/null @@ -1,14 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICGjCCAaGgAwIBAgIUALnViVfnU0brJasmRkHrn/UnfaQwCgYIKoZIzj0EAwMw -KjEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MREwDwYDVQQDEwhzaWdzdG9yZTAeFw0y -MjA0MTMyMDA2MTVaFw0zMTEwMDUxMzU2NThaMDcxFTATBgNVBAoTDHNpZ3N0b3Jl -LmRldjEeMBwGA1UEAxMVc2lnc3RvcmUtaW50ZXJtZWRpYXRlMHYwEAYHKoZIzj0C -AQYFK4EEACIDYgAE8RVS/ysH+NOvuDZyPIZtilgUF9NlarYpAd9HP1vBBH1U5CV7 -7LSS7s0ZiH4nE7Hv7ptS6LvvR/STk798LVgMzLlJ4HeIfF3tHSaexLcYpSASr1kS -0N/RgBJz/9jWCiXno3sweTAOBgNVHQ8BAf8EBAMCAQYwEwYDVR0lBAwwCgYIKwYB -BQUHAwMwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQU39Ppz1YkEZb5qNjp -KFWixi4YZD8wHwYDVR0jBBgwFoAUWMAeX5FFpWapesyQoZMi0CrFxfowCgYIKoZI -zj0EAwMDZwAwZAIwPCsQK4DYiZYDPIaDi5HFKnfxXx6ASSVmERfsynYBiX2X6SJR -nZU84/9DZdnFvvxmAjBOt6QpBlc4J/0DxvkTCqpclvziL6BCCPnjdlIB3Pu3BxsP -mygUY7Ii2zbdCdliiow= ------END CERTIFICATE----- \ No newline at end of file diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/targets/f989aa23def87c549404eadba767768d2a3c8d6d30a8b793f9f518a8eafd2cf5.fulcio_v1.crt.pem b/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/targets/f989aa23def87c549404eadba767768d2a3c8d6d30a8b793f9f518a8eafd2cf5.fulcio_v1.crt.pem deleted file mode 100644 index 3afc46bb..00000000 --- a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/targets/f989aa23def87c549404eadba767768d2a3c8d6d30a8b793f9f518a8eafd2cf5.fulcio_v1.crt.pem +++ /dev/null @@ -1,13 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIB9zCCAXygAwIBAgIUALZNAPFdxHPwjeDloDwyYChAO/4wCgYIKoZIzj0EAwMw -KjEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MREwDwYDVQQDEwhzaWdzdG9yZTAeFw0y -MTEwMDcxMzU2NTlaFw0zMTEwMDUxMzU2NThaMCoxFTATBgNVBAoTDHNpZ3N0b3Jl -LmRldjERMA8GA1UEAxMIc2lnc3RvcmUwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAT7 -XeFT4rb3PQGwS4IajtLk3/OlnpgangaBclYpsYBr5i+4ynB07ceb3LP0OIOZdxex -X69c5iVuyJRQ+Hz05yi+UF3uBWAlHpiS5sh0+H2GHE7SXrk1EC5m1Tr19L9gg92j -YzBhMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRY -wB5fkUWlZql6zJChkyLQKsXF+jAfBgNVHSMEGDAWgBRYwB5fkUWlZql6zJChkyLQ -KsXF+jAKBggqhkjOPQQDAwNpADBmAjEAj1nHeXZp+13NWBNa+EDsDP8G1WWg1tCM -WP/WHPqpaVo0jhsweNFZgSs0eE7wYI4qAjEA2WB9ot98sIkoF3vZYdd3/VtWB5b9 -TNMea7Ix/stJ5TfcLLeABLE4BNJOsQ4vnBHJ ------END CERTIFICATE----- \ No newline at end of file diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/timestamp.json b/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/timestamp.json deleted file mode 100644 index 2b668631..00000000 --- a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/prod/timestamp.json +++ /dev/null @@ -1,24 +0,0 @@ -{ - "signed": { - "_type": "timestamp", - "spec_version": "1.0", - "version": 69, - "expires": "2023-02-22T00:07:53Z", - "meta": { - "snapshot.json": { - "length": 1973, - "hashes": { - "sha256": "d3e322db21efa64a599f92791651b1d37ceb004236a4b4a2ccba3d20472e1ad7", - "sha512": "560e618d8427b56c525a141048a1afc1184ad8c6c6e809e1f232c431d86e4d47bde20e43fa38c9c9ac3760853e7cf881a5e88d9c585213a92ae9d49b34f8cdca" - }, - "version": 69 - } - } - }, - "signatures": [ - { - "keyid": "e1863ba02070322ebc626dcecf9d881a3a38c35c3b41a83765b6ad6c37eaec2a", - "sig": "3044022073b652eb461c152f2efa1a36fd495ebbc2de0d2ac58167056134a2154ff11fea02204bbf6773e3233d1e43e90f2a56c03d38455f009468e8b2547a64dcba6f982549" - } - ] -} \ No newline at end of file diff --git a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/trusted-root.json b/sigstore-java/src/test/resources/dev/sigstore/tuf/real/trusted-root.json deleted file mode 100644 index 8073ddbd..00000000 --- a/sigstore-java/src/test/resources/dev/sigstore/tuf/real/trusted-root.json +++ /dev/null @@ -1,130 +0,0 @@ -{ - "signatures": [ - { - "keyid": "2f64fb5eac0cf94dd39bb45308b98920055e9a0d8e012a7220787834c60aef97", - "sig": "30450221008a35d51da0f845301a5eac98ad0df00a934f59b709c1eaf81c86be734d9356f80220742942325599749800f52675f6efe124345980a2a636c0dc76f9caf9fc3123b0" - }, - { - "keyid": "bdde902f5ec668179ff5ca0dabf7657109287d690bf97e230c21d65f99155c62", - "sig": "3045022100ef9157ece2a09baec1eab80adfc00b04da20b1f9a0d1b47c5dabc4506719ef2c022074f72acd57398e4ddc8c2a5040df902961e9615dca48f3fbe38cbb506e500066" - }, - { - "keyid": "eaf22372f417dd618a46f6c627dbc276e9fd30a004fc94f9be946e73f8bd090b", - "sig": "30450220420fdc9a09cd069b8b15fd8db9cedf7d0dee75871bd1cfee77c926d4120a770002210097553b5ad0d6b4a13902ed37509638bb63a9009f78230cd56c802909ffbfead7" - }, - { - "keyid": "f40f32044071a9365505da3d1e3be6561f6f22d0e60cf51df783999f6c3429cb", - "sig": "304502202aaf32e66f90752f658672b085ecfe45cc1ad31ee6cf5c9ad05f3267685f8d88022100b5df02acdaa371123db9d7a42219553fe079b230b168833e951be7ee56ded347" - }, - { - "keyid": "f505595165a177a41750a8e864ed1719b1edfccd5a426fd2c0ffda33ce7ff209", - "sig": "304402205d420c7d05c58980c1c9f7d221f53b5334aae27a447d2a91c2ceddd685269749022039ec83e51f8e1779d7f0142dfa4a5bbecfe327fc0b91b7416090fea2416fd53a" - } - ], - "signed": { - "_type": "root", - "consistent_snapshot": false, - "expires": "2021-12-18T13:28:12.99008-06:00", - "keys": { - "2f64fb5eac0cf94dd39bb45308b98920055e9a0d8e012a7220787834c60aef97": { - "keyid_hash_algorithms": [ - "sha256", - "sha512" - ], - "keytype": "ecdsa-sha2-nistp256", - "keyval": { - "public": "04cbc5cab2684160323c25cd06c3307178a6b1d1c9b949328453ae473c5ba7527e35b13f298b41633382241f3fd8526c262d43b45adee5c618fa0642c82b8a9803" - }, - "scheme": "ecdsa-sha2-nistp256" - }, - "bdde902f5ec668179ff5ca0dabf7657109287d690bf97e230c21d65f99155c62": { - "keyid_hash_algorithms": [ - "sha256", - "sha512" - ], - "keytype": "ecdsa-sha2-nistp256", - "keyval": { - "public": "04a71aacd835dc170ba6db3fa33a1a33dee751d4f8b0217b805b9bd3242921ee93672fdcfd840576c5bb0dc0ed815edf394c1ee48c2b5e02485e59bfc512f3adc7" - }, - "scheme": "ecdsa-sha2-nistp256" - }, - "eaf22372f417dd618a46f6c627dbc276e9fd30a004fc94f9be946e73f8bd090b": { - "keyid_hash_algorithms": [ - "sha256", - "sha512" - ], - "keytype": "ecdsa-sha2-nistp256", - "keyval": { - "public": "04117b33dd265715bf23315e368faa499728db8d1f0a377070a1c7b1aba2cc21be6ab1628e42f2cdd7a35479f2dce07b303a8ba646c55569a8d2a504ba7e86e447" - }, - "scheme": "ecdsa-sha2-nistp256" - }, - "f40f32044071a9365505da3d1e3be6561f6f22d0e60cf51df783999f6c3429cb": { - "keyid_hash_algorithms": [ - "sha256", - "sha512" - ], - "keytype": "ecdsa-sha2-nistp256", - "keyval": { - "public": "04cc1cd53a61c23e88cc54b488dfae168a257c34fac3e88811c55962b24cffbfecb724447999c54670e365883716302e49da57c79a33cd3e16f81fbc66f0bcdf48" - }, - "scheme": "ecdsa-sha2-nistp256" - }, - "f505595165a177a41750a8e864ed1719b1edfccd5a426fd2c0ffda33ce7ff209": { - "keyid_hash_algorithms": [ - "sha256", - "sha512" - ], - "keytype": "ecdsa-sha2-nistp256", - "keyval": { - "public": "048a78a44ac01099890d787e5e62afc29c8ccb69a70ec6549a6b04033b0a8acbfb42ab1ab9c713d225cdb52b858886cf46c8e90a7f3b9e6371882f370c259e1c5b" - }, - "scheme": "ecdsa-sha2-nistp256" - } - }, - "roles": { - "root": { - "keyids": [ - "2f64fb5eac0cf94dd39bb45308b98920055e9a0d8e012a7220787834c60aef97", - "bdde902f5ec668179ff5ca0dabf7657109287d690bf97e230c21d65f99155c62", - "eaf22372f417dd618a46f6c627dbc276e9fd30a004fc94f9be946e73f8bd090b", - "f40f32044071a9365505da3d1e3be6561f6f22d0e60cf51df783999f6c3429cb", - "f505595165a177a41750a8e864ed1719b1edfccd5a426fd2c0ffda33ce7ff209" - ], - "threshold": 3 - }, - "snapshot": { - "keyids": [ - "2f64fb5eac0cf94dd39bb45308b98920055e9a0d8e012a7220787834c60aef97", - "bdde902f5ec668179ff5ca0dabf7657109287d690bf97e230c21d65f99155c62", - "eaf22372f417dd618a46f6c627dbc276e9fd30a004fc94f9be946e73f8bd090b", - "f40f32044071a9365505da3d1e3be6561f6f22d0e60cf51df783999f6c3429cb", - "f505595165a177a41750a8e864ed1719b1edfccd5a426fd2c0ffda33ce7ff209" - ], - "threshold": 3 - }, - "targets": { - "keyids": [ - "2f64fb5eac0cf94dd39bb45308b98920055e9a0d8e012a7220787834c60aef97", - "bdde902f5ec668179ff5ca0dabf7657109287d690bf97e230c21d65f99155c62", - "eaf22372f417dd618a46f6c627dbc276e9fd30a004fc94f9be946e73f8bd090b", - "f40f32044071a9365505da3d1e3be6561f6f22d0e60cf51df783999f6c3429cb", - "f505595165a177a41750a8e864ed1719b1edfccd5a426fd2c0ffda33ce7ff209" - ], - "threshold": 3 - }, - "timestamp": { - "keyids": [ - "2f64fb5eac0cf94dd39bb45308b98920055e9a0d8e012a7220787834c60aef97", - "bdde902f5ec668179ff5ca0dabf7657109287d690bf97e230c21d65f99155c62", - "eaf22372f417dd618a46f6c627dbc276e9fd30a004fc94f9be946e73f8bd090b", - "f40f32044071a9365505da3d1e3be6561f6f22d0e60cf51df783999f6c3429cb", - "f505595165a177a41750a8e864ed1719b1edfccd5a426fd2c0ffda33ce7ff209" - ], - "threshold": 3 - } - }, - "spec_version": "1.0", - "version": 1 - } -} diff --git a/sigstore-testkit/src/main/java/dev/sigstore/testkit/tuf/TestResources.java b/sigstore-testkit/src/main/java/dev/sigstore/testkit/tuf/TestResources.java index 99151e6d..660f9943 100644 --- a/sigstore-testkit/src/main/java/dev/sigstore/testkit/tuf/TestResources.java +++ b/sigstore-testkit/src/main/java/dev/sigstore/testkit/tuf/TestResources.java @@ -24,8 +24,6 @@ public class TestResources { - public static final Path UPDATER_REAL_TRUSTED_ROOT = - Path.of(Resources.getResource("dev/sigstore/tuf/real/trusted-root.json").getPath()); public static final Path UPDATER_SYNTHETIC_TRUSTED_ROOT = Path.of(Resources.getResource("dev/sigstore/tuf/synthetic/trusted-root.json").getPath()); @@ -33,7 +31,7 @@ public class TestResources { // dev/sigstore/tuf folder in the classes/ dir. // TODO(patrick@chainguard.dev): cleanup after we move the v5 root into main. public static final Path TUF_TEST_DATA_DIRECTORY = - Path.of(Resources.getResource("dev/sigstore/tuf/real").getPath()).getParent(); + Path.of(Resources.getResource("dev/sigstore/tuf/synthetic").getPath()).getParent(); public static void setupRepoFiles(String repoName, Path destinationDir, String... files) throws IOException { diff --git a/tuf-cli/tuf-cli.xfails b/tuf-cli/tuf-cli.xfails index c3298724..e22c464f 100644 --- a/tuf-cli/tuf-cli.xfails +++ b/tuf-cli/tuf-cli.xfails @@ -1,8 +1,6 @@ test_metadata_bytes_match test_client_downloads_expected_file_in_sub_dir test_duplicate_sig_keyids -test_keytype_and_scheme[rsa/rsassa-pss-sha256] -test_keytype_and_scheme[ed25519/ed25519] test_unusual_role_name[?] test_unusual_role_name[#] test_unusual_role_name[/delegatedrole] @@ -26,20 +24,4 @@ test_targetfile_search[targetpath matches wildcard] test_targetfile_search[targetpath with separators x] test_targetfile_search[targetpath with separators y] test_targetfile_search[targetpath is not delegated by all roles in the chain] -test_root_rotation[1-of-1-key-rotation] -test_root_rotation[1-of-1-key-rotation-unused-signatures] -test_root_rotation[3-of-5-sign-with-different-keycombos] -test_root_rotation[3-of-5-one-key-rotated] -test_root_rotation[3-of-5-one-key-rotated-with-intermediate-step] -test_root_rotation[3-of-5-all-keys-rotated-with-intermediate-step] -test_root_rotation[1-of-3-threshold-increase-to-2-of-3] -test_root_rotation[2-of-3-threshold-decrease-to-1-of-3] -test_root_rotation[1-of-2-threshold-increase-to-2-of-2] -test_non_root_rotations[1-of-1-key-rotation] -test_non_root_rotations[1-of-1-key-rotation-unused-signatures] -test_non_root_rotations[3-of-5-sign-first-combo] -test_non_root_rotations[3-of-5-sign-second-combo] -test_non_root_rotations[3-of-5-sign-third-combo] -test_non_root_rotations[3-of-5-sign-fourth-combo] -test_non_root_rotations[3-of-5-sign-fifth-combo] test_snapshot_rollback[with hashes]