From 8e168d327af370fe5c5e71efd67cdc617f31f6fa Mon Sep 17 00:00:00 2001
From: Arthur Chan <arthur.chan@adalogics.com>
Date: Fri, 28 Apr 2023 14:47:24 +0000
Subject: [PATCH 1/3] Add fuzzer for RekorVerifier

Signed-off-by: Arthur Chan <arthur.chan@adalogics.com>
---
 .../java/fuzzing/RekorVerifierFuzzer.java     | 56 +++++++++++++++++++
 1 file changed, 56 insertions(+)
 create mode 100644 fuzzing/src/main/java/fuzzing/RekorVerifierFuzzer.java

diff --git a/fuzzing/src/main/java/fuzzing/RekorVerifierFuzzer.java b/fuzzing/src/main/java/fuzzing/RekorVerifierFuzzer.java
new file mode 100644
index 00000000..fcf3be67
--- /dev/null
+++ b/fuzzing/src/main/java/fuzzing/RekorVerifierFuzzer.java
@@ -0,0 +1,56 @@
+/*
+ * Copyright 2023 The Sigstore Authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package fuzzing;
+
+import com.code_intelligence.jazzer.api.FuzzedDataProvider;
+import dev.sigstore.rekor.client.RekorEntry;
+import dev.sigstore.rekor.client.RekorResponse;
+import dev.sigstore.rekor.client.RekorVerificationException;
+import dev.sigstore.rekor.client.RekorVerifier;
+import java.io.IOException;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.nio.charset.StandardCharsets;
+import java.security.NoSuchAlgorithmException;
+import java.security.spec.InvalidKeySpecException;
+
+public class RekorVerifierFuzzer {
+  private final static String URL = "https://false.url.for.RekorTypes.fuzzing.com";
+
+  public static void fuzzerTestOneInput(FuzzedDataProvider data) {
+    try {
+      Boolean choice = data.consumeBoolean();
+      byte[] byteArray = data.consumeRemainingAsBytes();
+      String string = new String(byteArray, StandardCharsets.UTF_8);
+
+      URI uri = new URI(URL);
+      RekorEntry entry = RekorResponse.newRekorResponse(uri, string).getEntry();
+      RekorVerifier verifier = RekorVerifier.newRekorVerifier(byteArray);
+
+      if (choice) {
+        verifier.verifyEntry(entry);
+      } else {
+        verifier.verifyInclusionProof(entry);
+      }
+    } catch (URISyntaxException
+        | InvalidKeySpecException
+        | NoSuchAlgorithmException
+        | IOException
+        | RekorVerificationException e) {
+      // Known exception
+    }
+  }
+}

From 9d3349a1eca058e632161eeaa095f6b69fbf2b8f Mon Sep 17 00:00:00 2001
From: Arthur Chan <arthur.chan@adalogics.com>
Date: Fri, 28 Apr 2023 17:38:25 +0000
Subject: [PATCH 2/3] Remove choice logic

Signed-off-by: Arthur Chan <arthur.chan@adalogics.com>
---
 fuzzing/src/main/java/fuzzing/RekorVerifierFuzzer.java | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/fuzzing/src/main/java/fuzzing/RekorVerifierFuzzer.java b/fuzzing/src/main/java/fuzzing/RekorVerifierFuzzer.java
index fcf3be67..6c2c6fdc 100644
--- a/fuzzing/src/main/java/fuzzing/RekorVerifierFuzzer.java
+++ b/fuzzing/src/main/java/fuzzing/RekorVerifierFuzzer.java
@@ -32,7 +32,6 @@ public class RekorVerifierFuzzer {
 
   public static void fuzzerTestOneInput(FuzzedDataProvider data) {
     try {
-      Boolean choice = data.consumeBoolean();
       byte[] byteArray = data.consumeRemainingAsBytes();
       String string = new String(byteArray, StandardCharsets.UTF_8);
 
@@ -40,11 +39,8 @@ public static void fuzzerTestOneInput(FuzzedDataProvider data) {
       RekorEntry entry = RekorResponse.newRekorResponse(uri, string).getEntry();
       RekorVerifier verifier = RekorVerifier.newRekorVerifier(byteArray);
 
-      if (choice) {
-        verifier.verifyEntry(entry);
-      } else {
-        verifier.verifyInclusionProof(entry);
-      }
+      verifier.verifyEntry(entry);
+      verifier.verifyInclusionProof(entry);
     } catch (URISyntaxException
         | InvalidKeySpecException
         | NoSuchAlgorithmException

From 41c4c91be3408440bfc887320041da20f797b66c Mon Sep 17 00:00:00 2001
From: Arthur Chan <arthur.chan@adalogics.com>
Date: Sat, 29 Apr 2023 00:54:30 +0000
Subject: [PATCH 3/3] Fix formatting

Signed-off-by: Arthur Chan <arthur.chan@adalogics.com>
---
 fuzzing/src/main/java/fuzzing/RekorVerifierFuzzer.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fuzzing/src/main/java/fuzzing/RekorVerifierFuzzer.java b/fuzzing/src/main/java/fuzzing/RekorVerifierFuzzer.java
index 6c2c6fdc..9392491c 100644
--- a/fuzzing/src/main/java/fuzzing/RekorVerifierFuzzer.java
+++ b/fuzzing/src/main/java/fuzzing/RekorVerifierFuzzer.java
@@ -28,7 +28,7 @@
 import java.security.spec.InvalidKeySpecException;
 
 public class RekorVerifierFuzzer {
-  private final static String URL = "https://false.url.for.RekorTypes.fuzzing.com";
+  private static final String URL = "https://false.url.for.RekorTypes.fuzzing.com";
 
   public static void fuzzerTestOneInput(FuzzedDataProvider data) {
     try {