Merge pull request #1014 from sigstore/rekor-v2-staging

Add Rekor v2 staging URI to LegacySigningConfig

Author: aaronlew02

sigstore-java/src/main/java/dev/sigstore/trustroot/LegacySigningConfig.java

@@ -28,6 +28,7 @@ public class LegacySigningConfig {
 
   static final URI REKOR_PUBLIC_GOOD_URI = URI.create("https://rekor.sigstore.dev");
   static final URI REKOR_STAGING_URI = URI.create("https://rekor.sigstage.dev");
+  static final URI REKOR_V2_STAGING_URI = URI.create("https://log2025-alpha1.rekor.sigstage.dev");
 
   static final URI FULCIO_PUBLIC_GOOD_URI = URI.create("https://fulcio.sigstore.dev");
   static final URI FULCIO_STAGING_URI = URI.create("https://fulcio.sigstage.dev");
@@ -40,24 +41,36 @@ public class LegacySigningConfig {
   // URI.create("https://timestamp.sigstore.dev/api/v1/timestamp");
   static final URI TSA_STAGING_URI = URI.create("https://timestamp.sigstage.dev/api/v1/timestamp");
 
-  static SigstoreSigningConfig from(URI fulcioUrl, URI rekorUrl, URI dexUrl, @Nullable URI tsaUrl) {
+  static SigstoreSigningConfig from(
+      URI fulcioUrl, Service rekorService, URI dexUrl, @Nullable URI tsaUrl) {
     var anySelector = ImmutableConfig.builder().selector(Selector.ANY).build();
     var now = ImmutableValidFor.builder().start(Instant.now()).build();
     var signingConfigBuilder =
         ImmutableSigstoreSigningConfig.builder()
             .tLogConfig(anySelector)
             .tsaConfig(anySelector)
             .addCas(Service.of(fulcioUrl, 1))
-            .addTLogs(Service.of(rekorUrl, 1))
+            .addTLogs(rekorService)
             .addOidcProviders(Service.of(dexUrl, 1));
+
     if (tsaUrl != null) {
       signingConfigBuilder.addTsas(Service.of(tsaUrl, 1));
     }
     return signingConfigBuilder.build();
   }
 
   public static final SigstoreSigningConfig PUBLIC_GOOD =
-      from(FULCIO_PUBLIC_GOOD_URI, REKOR_PUBLIC_GOOD_URI, DEX_PUBLIC_GOOD_URI, null);
+      from(FULCIO_PUBLIC_GOOD_URI, Service.of(REKOR_PUBLIC_GOOD_URI, 1), DEX_PUBLIC_GOOD_URI, null);
   public static SigstoreSigningConfig STAGING =
-      from(FULCIO_STAGING_URI, REKOR_STAGING_URI, DEX_STAGING_GOOD_URI, TSA_STAGING_URI);
+      from(
+          FULCIO_STAGING_URI,
+          Service.of(REKOR_PUBLIC_GOOD_URI, 1),
+          DEX_STAGING_GOOD_URI,
+          TSA_STAGING_URI);
+  public static SigstoreSigningConfig STAGING_REKOR_V2 =
+      from(
+          FULCIO_STAGING_URI,
+          Service.of(REKOR_V2_STAGING_URI, 2),
+          DEX_STAGING_GOOD_URI,
+          TSA_STAGING_URI);
 }

sigstore-java/src/test/java/dev/sigstore/rekor/v2/client/RekorV2ClientHttpTest.java

@@ -27,9 +27,8 @@
 import dev.sigstore.proto.rekor.v2.Signature;
 import dev.sigstore.proto.rekor.v2.Verifier;
 import dev.sigstore.testing.CertGenerator;
-import dev.sigstore.trustroot.Service;
+import dev.sigstore.trustroot.LegacySigningConfig;
 import java.io.IOException;
-import java.net.URI;
 import java.nio.charset.StandardCharsets;
 import java.security.InvalidKeyException;
 import java.security.MessageDigest;
@@ -49,8 +48,10 @@ public class RekorV2ClientHttpTest {
 
   @BeforeAll
   public static void setupClient() throws Exception {
-    var service = Service.of(URI.create("https://log2025-alpha1.rekor.sigstage.dev/"), 2);
-    client = RekorV2ClientHttp.builder().setService(service).build();
+    client =
+        RekorV2ClientHttp.builder()
+            .setService(LegacySigningConfig.STAGING_REKOR_V2.getTLogs().get(0))
+            .build();
     req = createdRekorRequest();
     entry = client.putEntry(req);
   }