Allow storage of delegated targets

Signed-off-by: Appu Goundan <[email protected]>

Author: loosebazooka

sigstore-java/src/main/java/dev/sigstore/tuf/FileSystemTufStore.java

@@ -88,6 +88,11 @@ public Optional<Targets> loadTargets() throws IOException {
     return loadRole(RootRole.TARGETS, Targets.class);
   }
 
+  @Override
+  public Optional<Targets> loadDelegatedTargets(String roleName) throws IOException {
+    return loadRole(roleName, Targets.class);
+  }
+
   @Override
   public void storeTargetFile(String targetName, byte[] targetContents) throws IOException {
     Files.write(targetsCache.resolve(targetName), targetContents);
@@ -99,8 +104,8 @@ public byte[] getTargetFile(String targetName) throws IOException {
   }
 
   @Override
-  public void storeMeta(SignedTufMeta<?> timestamp) throws IOException {
-    storeRole(timestamp);
+  public void storeMeta(String roleName, SignedTufMeta<?> meta) throws IOException {
+    storeRole(roleName, meta);
   }
 
   <T extends SignedTufMeta<?>> Optional<T> loadRole(String roleName, Class<T> tClass)
@@ -112,9 +117,9 @@ <T extends SignedTufMeta<?>> Optional<T> loadRole(String roleName, Class<T> tCla
     return Optional.of(GSON.get().fromJson(Files.readString(roleFile), tClass));
   }
 
-  <T extends SignedTufMeta<?>> void storeRole(T role) throws IOException {
+  <T extends SignedTufMeta<?>> void storeRole(String roleName, T role) throws IOException {
     try (BufferedWriter fileWriter =
-        Files.newBufferedWriter(repoBaseDir.resolve(role.getSignedMeta().getType() + ".json"))) {
+        Files.newBufferedWriter(repoBaseDir.resolve(roleName + ".json"))) {
       GSON.get().toJson(role, fileWriter);
     }
   }
@@ -132,7 +137,7 @@ public void storeTrustedRoot(Root root) throws IOException {
         // The file is already backed-up. continue.
       }
     }
-    storeRole(root);
+    storeRole(RootRole.ROOT, root);
   }
 
   @Override

sigstore-java/src/main/java/dev/sigstore/tuf/MutableTufStore.java

@@ -32,10 +32,11 @@ public interface MutableTufStore extends TufStore {
   /**
    * Generic method to store one of the {@link SignedTufMeta} resources in the local tuf store.
    *
+   * @param roleName the name of the role
    * @param meta the metadata to store
    * @throws IOException if writing the resource causes an IO error
    */
-  void storeMeta(SignedTufMeta<?> meta) throws IOException;
+  void storeMeta(String roleName, SignedTufMeta<?> meta) throws IOException;
 
   /**
    * Once you have ascertained that your root is trustworthy use this method to persist it to your

sigstore-java/src/main/java/dev/sigstore/tuf/TufStore.java

@@ -42,6 +42,9 @@ public interface TufStore {
   /** Return the local trusted targets metadata if there is any. */
   Optional<Targets> loadTargets() throws IOException;
 
+  /** Return a named local delegated targets metadata if there is any. */
+  Optional<Targets> loadDelegatedTargets(String roleName) throws IOException;
+
   /**
    * Reads a TUF target file from the local TUF store
    *

sigstore-java/src/main/java/dev/sigstore/tuf/Updater.java

@@ -295,7 +295,7 @@ Optional<Timestamp> updateTimestamp(Root root)
     // 4) check expiration timestamp is after tuf update start time, else fail.
     throwIfExpired(timestamp.getSignedMeta().getExpiresAsDate());
     // 5) persist timestamp.json
-    localStore.storeMeta(timestamp);
+    localStore.storeMeta(RootRole.TIMESTAMP, timestamp);
     return Optional.of(timestamp);
   }
 
@@ -356,7 +356,7 @@ Snapshot updateSnapshot(Root root, Timestamp timestamp)
     // 6) Ensure expiration timestamp of snapshot is later than tuf update start time.
     throwIfExpired(snapshot.getMetaResource().getSignedMeta().getExpiresAsDate());
     // 7) persist snapshot.
-    localStore.storeMeta(snapshot.getMetaResource());
+    localStore.storeMeta(RootRole.SNAPSHOT, snapshot.getMetaResource());
     return snapshot.getMetaResource();
   }
 
@@ -426,7 +426,7 @@ Targets updateTargets(Root root, Snapshot snapshot)
     throwIfExpired(targetsResult.getMetaResource().getSignedMeta().getExpiresAsDate());
     // 6) persist targets metadata
     // why do we persist the
-    localStore.storeMeta(targetsResult.getMetaResource());
+    localStore.storeMeta(RootRole.TARGETS, targetsResult.getMetaResource());
     return targetsResult.getMetaResource();
   }