Merge pull request #1021 from sigstore/rekor-entry-proto

Move TLogEntry-to-RekorEntry converter to ProtoMutators

Author: aaronlew02

sigstore-java/src/main/java/dev/sigstore/proto/ProtoMutators.java

@@ -21,14 +21,23 @@
 import dev.sigstore.encryption.certificates.Certificates;
 import dev.sigstore.proto.common.v1.HashAlgorithm;
 import dev.sigstore.proto.common.v1.X509Certificate;
+import dev.sigstore.proto.rekor.v1.InclusionProof;
+import dev.sigstore.proto.rekor.v1.TransparencyLogEntry;
+import dev.sigstore.rekor.client.ImmutableInclusionProof;
+import dev.sigstore.rekor.client.ImmutableRekorEntry;
+import dev.sigstore.rekor.client.ImmutableVerification;
+import dev.sigstore.rekor.client.RekorEntry;
+import dev.sigstore.rekor.client.RekorParseException;
 import java.security.cert.CertPath;
 import java.security.cert.Certificate;
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
 import java.time.Instant;
 import java.util.ArrayList;
+import java.util.Base64;
 import java.util.List;
+import org.bouncycastle.util.encoders.Hex;
 
 public class ProtoMutators {
 
@@ -59,4 +68,41 @@ public static HashAlgorithm from(Bundle.HashAlgorithm algorithm) {
     }
     throw new IllegalStateException("Unknown hash algorithm: " + algorithm);
   }
+
+  public static RekorEntry toRekorEntry(TransparencyLogEntry tle) throws RekorParseException {
+    ImmutableRekorEntry.Builder builder = ImmutableRekorEntry.builder();
+
+    builder.logIndex(tle.getLogIndex());
+    builder.logID(Hex.toHexString(tle.getLogId().getKeyId().toByteArray()));
+    builder.integratedTime(tle.getIntegratedTime());
+
+    // The body of a RekorEntry is Base64 encoded
+    builder.body(Base64.getEncoder().encodeToString(tle.getCanonicalizedBody().toByteArray()));
+
+    ImmutableVerification.Builder verificationBuilder = ImmutableVerification.builder();
+
+    // Rekor v2 entries won't have an InclusionPromise/SET
+    if (tle.hasInclusionPromise()
+        && !tle.getInclusionPromise().getSignedEntryTimestamp().isEmpty()) {
+      verificationBuilder.signedEntryTimestamp(
+          Base64.getEncoder()
+              .encodeToString(tle.getInclusionPromise().getSignedEntryTimestamp().toByteArray()));
+    }
+
+    if (tle.hasInclusionProof()) {
+      InclusionProof ipProto = tle.getInclusionProof();
+      ImmutableInclusionProof.Builder ipBuilder = ImmutableInclusionProof.builder();
+      ipBuilder.logIndex(ipProto.getLogIndex());
+      ipBuilder.rootHash(Hex.toHexString(ipProto.getRootHash().toByteArray()));
+      ipBuilder.treeSize(ipProto.getTreeSize());
+      ipBuilder.checkpoint(ipProto.getCheckpoint().getEnvelope());
+      ipProto
+          .getHashesList()
+          .forEach(hash -> ipBuilder.addHashes(Hex.toHexString(hash.toByteArray())));
+      verificationBuilder.inclusionProof(ipBuilder.build());
+    }
+    builder.verification(verificationBuilder.build());
+
+    return builder.build();
+  }
 }

sigstore-java/src/main/java/dev/sigstore/rekor/client/RekorEntry.java

@@ -20,12 +20,12 @@
 
 import com.google.protobuf.InvalidProtocolBufferException;
 import dev.sigstore.json.ProtoJson;
+import dev.sigstore.proto.ProtoMutators;
 import dev.sigstore.proto.rekor.v1.TransparencyLogEntry;
 import java.io.IOException;
 import java.time.Instant;
 import java.util.*;
 import javax.annotation.Nullable;
-import org.bouncycastle.util.encoders.Hex;
 import org.erdtman.jcs.JsonCanonicalizer;
 import org.immutables.gson.Gson;
 import org.immutables.value.Value;
@@ -173,49 +173,9 @@ static RekorEntry fromTLogEntryJson(String json) throws RekorParseException {
     try {
       TransparencyLogEntry.Builder builder = TransparencyLogEntry.newBuilder();
       ProtoJson.parser().ignoringUnknownFields().merge(json, builder);
-      return RekorEntry.fromTLogEntry(builder.build());
+      return ProtoMutators.toRekorEntry(builder.build());
     } catch (InvalidProtocolBufferException e) {
       throw new RekorParseException("Failed to parse Rekor response JSON", e);
     }
   }
-
-  /** Returns a RekorEntry from a TransparencyLogEntry */
-  public static RekorEntry fromTLogEntry(TransparencyLogEntry tle) throws RekorParseException {
-    ImmutableRekorEntry.Builder builder = ImmutableRekorEntry.builder();
-
-    builder.logIndex(tle.getLogIndex());
-    builder.logID(Hex.toHexString(tle.getLogId().getKeyId().toByteArray()));
-    builder.integratedTime(tle.getIntegratedTime());
-
-    // The body of a RekorEntry is Base64 encoded
-    builder.body(
-        java.util.Base64.getEncoder().encodeToString(tle.getCanonicalizedBody().toByteArray()));
-
-    ImmutableVerification.Builder verificationBuilder = ImmutableVerification.builder();
-
-    // Rekor v2 entries won't have an InclusionPromise/SET
-    if (tle.hasInclusionPromise()
-        && !tle.getInclusionPromise().getSignedEntryTimestamp().isEmpty()) {
-      verificationBuilder.signedEntryTimestamp(
-          java.util.Base64.getEncoder()
-              .encodeToString(tle.getInclusionPromise().getSignedEntryTimestamp().toByteArray()));
-    }
-
-    if (tle.hasInclusionProof()) {
-      dev.sigstore.proto.rekor.v1.InclusionProof ipProto = tle.getInclusionProof();
-      ImmutableInclusionProof.Builder ipBuilder = ImmutableInclusionProof.builder();
-      ipBuilder.logIndex(ipProto.getLogIndex());
-      ipBuilder.rootHash(
-          org.bouncycastle.util.encoders.Hex.toHexString(ipProto.getRootHash().toByteArray()));
-      ipBuilder.treeSize(ipProto.getTreeSize());
-      ipBuilder.checkpoint(ipProto.getCheckpoint().getEnvelope());
-      ipProto
-          .getHashesList()
-          .forEach(hash -> ipBuilder.addHashes(Hex.toHexString(hash.toByteArray())));
-      verificationBuilder.inclusionProof(ipBuilder.build());
-    }
-    builder.verification(verificationBuilder.build());
-
-    return builder.build();
-  }
 }

sigstore-java/src/test/java/dev/sigstore/rekor/client/RekorEntryTest.java

@@ -17,6 +17,7 @@
 
 import com.google.protobuf.ByteString;
 import com.google.protobuf.util.JsonFormat;
+import dev.sigstore.proto.ProtoMutators;
 import dev.sigstore.proto.common.v1.LogId;
 import dev.sigstore.proto.rekor.v1.Checkpoint;
 import dev.sigstore.proto.rekor.v1.InclusionPromise;
@@ -60,7 +61,7 @@ public void fromTLogEntry_full() throws Exception {
                     .addHashes(ByteString.fromHex("02")))
             .build();
 
-    var entry = RekorEntry.fromTLogEntry(tle);
+    var entry = ProtoMutators.toRekorEntry(tle);
 
     Assertions.assertEquals(123, entry.getLogIndex());
     Assertions.assertEquals("abcdef", entry.getLogID());
@@ -94,7 +95,7 @@ public void fromTLogEntry_minimal() throws Exception {
             .setCanonicalizedBody(MOCK_BODY_BYTESTRING)
             .build();
 
-    var entry = RekorEntry.fromTLogEntry(tle);
+    var entry = ProtoMutators.toRekorEntry(tle);
     Assertions.assertEquals(123, entry.getLogIndex());
     Assertions.assertEquals("abcdef", entry.getLogID());
     Assertions.assertEquals(456, entry.getIntegratedTime());

sigstore-java/src/test/java/dev/sigstore/rekor/client/RekorVerifierTest.java

@@ -21,6 +21,7 @@
 import com.google.protobuf.InvalidProtocolBufferException;
 import dev.sigstore.json.GsonSupplier;
 import dev.sigstore.json.ProtoJson;
+import dev.sigstore.proto.ProtoMutators;
 import dev.sigstore.proto.rekor.v1.TransparencyLogEntry;
 import dev.sigstore.trustroot.SigstoreTrustedRoot;
 import java.io.IOException;
@@ -280,7 +281,7 @@ private RekorEntry getV2RekorEntry(String json)
       throws InvalidProtocolBufferException, RekorParseException {
     var transparencyLogEntryBuilder = TransparencyLogEntry.newBuilder();
     ProtoJson.parser().merge(json, transparencyLogEntryBuilder);
-    return RekorEntry.fromTLogEntry(transparencyLogEntryBuilder.build());
+    return ProtoMutators.toRekorEntry(transparencyLogEntryBuilder.build());
   }
 
   private RekorEntry getV1RekorEntry(String json) throws Exception {