Merge pull request #984 from sigstore/minor-tweaks

Use service helper to create temp services

Author: loosebazooka

sigstore-gradle/sigstore-gradle-sign-base-plugin/src/main/kotlin/dev/sigstore/sign/WebOidc.kt

@@ -17,13 +17,11 @@
 package dev.sigstore.sign
 
 import dev.sigstore.oidc.client.WebOidcClient
-import dev.sigstore.trustroot.ImmutableService
-import dev.sigstore.trustroot.ImmutableValidFor
+import dev.sigstore.trustroot.Service
 import org.gradle.api.provider.Property
 import org.gradle.util.GradleVersion
 import java.io.Serializable
 import java.net.URI
-import java.time.Instant
 import javax.inject.Inject
 
 abstract class WebOidc @Inject constructor() : OidcClientConfiguration, Serializable {
@@ -47,13 +45,7 @@ abstract class WebOidc @Inject constructor() : OidcClientConfiguration, Serializ
     override fun build(): Any =
         WebOidcClient.builder()
             .setClientId(clientId.get())
-            .setIssuer(
-                ImmutableService.builder().apiVersion(1).url(URI.create(issuer.get())).validFor(
-                    ImmutableValidFor.builder().start(
-                        Instant.now()
-                    ).build()
-                ).build()
-            )
+            .setIssuer(Service.of(URI.create(issuer.get()), 1))
             .build()
 
     override fun key(): Any = Pair(clientId.get(), issuer.get())

sigstore-java/src/main/java/dev/sigstore/rekor/client/RekorEntryFetcher.java

@@ -18,18 +18,14 @@
 import dev.sigstore.KeylessVerificationException;
 import dev.sigstore.TrustedRootProvider;
 import dev.sigstore.encryption.certificates.Certificates;
-import dev.sigstore.trustroot.ImmutableService;
-import dev.sigstore.trustroot.ImmutableValidFor;
-import dev.sigstore.trustroot.SigstoreConfigurationException;
-import dev.sigstore.trustroot.TransparencyLog;
+import dev.sigstore.trustroot.*;
 import dev.sigstore.tuf.SigstoreTufClient;
 import java.io.IOException;
 import java.nio.file.Path;
 import java.security.cert.CertificateExpiredException;
 import java.security.cert.CertificateNotYetValidException;
 import java.security.cert.X509Certificate;
 import java.sql.Date;
-import java.time.Instant;
 import java.util.List;
 import java.util.Optional;
 import java.util.stream.Collectors;
@@ -65,16 +61,7 @@ public static RekorEntryFetcher fromTrustedRoot(TrustedRootProvider trustedRootP
         trustedRoot.getTLogs().stream()
             .map(TransparencyLog::getBaseUrl)
             .distinct()
-            .map(
-                uri ->
-                    RekorClientHttp.builder()
-                        .setService(
-                            ImmutableService.builder()
-                                .url(uri)
-                                .apiVersion(1)
-                                .validFor(ImmutableValidFor.builder().start(Instant.now()).build())
-                                .build())
-                        .build())
+            .map(uri -> RekorClientHttp.builder().setService(Service.of(uri, 1)).build())
             .collect(Collectors.<RekorClient>toList());
     return new RekorEntryFetcher(rekorClients);
   }

sigstore-java/src/main/java/dev/sigstore/trustroot/LegacySigningConfig.java

@@ -47,13 +47,11 @@ static SigstoreSigningConfig from(URI fulcioUrl, URI rekorUrl, URI dexUrl, @Null
         ImmutableSigstoreSigningConfig.builder()
             .tLogConfig(anySelector)
             .tsaConfig(anySelector)
-            .addCas(ImmutableService.builder().apiVersion(1).url(fulcioUrl).validFor(now).build())
-            .addTLogs(ImmutableService.builder().apiVersion(1).url(rekorUrl).validFor(now).build())
-            .addOidcProviders(
-                ImmutableService.builder().apiVersion(1).url(dexUrl).validFor(now).build());
+            .addCas(Service.of(fulcioUrl, 1))
+            .addTLogs(Service.of(rekorUrl, 1))
+            .addOidcProviders(Service.of(dexUrl, 1));
     if (tsaUrl != null) {
-      signingConfigBuilder.addTsas(
-          ImmutableService.builder().apiVersion(1).url(tsaUrl).validFor(now).build());
+      signingConfigBuilder.addTsas(Service.of(tsaUrl, 1));
     }
     return signingConfigBuilder.build();
   }

sigstore-java/src/test/java/dev/sigstore/oidc/client/WebOidcClientTest.java

@@ -17,12 +17,10 @@
 
 import com.gargoylesoftware.htmlunit.WebClient;
 import dev.sigstore.testing.MockOAuth2ServerExtension;
-import dev.sigstore.trustroot.ImmutableService;
-import dev.sigstore.trustroot.ImmutableValidFor;
 import dev.sigstore.trustroot.LegacySigningConfig;
+import dev.sigstore.trustroot.Service;
 import io.github.netmikey.logunit.api.LogCapturer;
 import java.net.URI;
-import java.time.Instant;
 import java.util.Map;
 import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.Test;
@@ -42,12 +40,7 @@ public void testAuthFlow() throws OidcException {
     try (var webClient = new WebClient()) {
       var oidcClient =
           WebOidcClient.builder()
-              .setIssuer(
-                  ImmutableService.builder()
-                      .url(URI.create(server.getIssuer()))
-                      .apiVersion(1)
-                      .validFor(ImmutableValidFor.builder().start(Instant.now()).build())
-                      .build())
+              .setIssuer(Service.of(URI.create(server.getIssuer()), 1))
               .setBrowser(webClient::getPage)
               .build();
 

sigstore-java/src/test/java/dev/sigstore/testing/FulcioWrapper.java

@@ -17,8 +17,6 @@
 
 import com.google.gson.Gson;
 import dev.sigstore.encryption.certificates.Certificates;
-import dev.sigstore.trustroot.ImmutableService;
-import dev.sigstore.trustroot.ImmutableValidFor;
 import dev.sigstore.trustroot.Service;
 import java.io.IOException;
 import java.net.URI;
@@ -30,7 +28,6 @@
 import java.nio.file.Path;
 import java.security.cert.CertPath;
 import java.security.cert.CertificateException;
-import java.time.Instant;
 import java.util.List;
 import java.util.Locale;
 import org.junit.jupiter.api.extension.*;
@@ -54,11 +51,7 @@ public URI getURI() {
   }
 
   public Service getGrpcService() {
-    return ImmutableService.builder()
-        .apiVersion(1)
-        .url(URI.create("http://localhost:5554"))
-        .validFor(ImmutableValidFor.builder().start(Instant.now()).build())
-        .build();
+    return Service.of(URI.create("http://localhost:5554"), 1);
   }
 
   public CertPath getTrustBundle() throws CertificateException, IOException, InterruptedException {

sigstore-java/src/test/java/dev/sigstore/testing/MockOAuth2ServerExtension.java

@@ -21,10 +21,8 @@
 import dev.sigstore.oidc.client.OidcException;
 import dev.sigstore.oidc.client.OidcToken;
 import dev.sigstore.oidc.client.WebOidcClient;
-import dev.sigstore.trustroot.ImmutableService;
-import dev.sigstore.trustroot.ImmutableValidFor;
+import dev.sigstore.trustroot.Service;
 import java.io.IOException;
-import java.time.Instant;
 import no.nav.security.mock.oauth2.MockOAuth2Server;
 import no.nav.security.mock.oauth2.OAuth2Config;
 import org.junit.jupiter.api.extension.*;
@@ -69,12 +67,7 @@ public OidcToken getOidcToken() throws OidcException {
     try (var webClient = new WebClient()) {
       var oidcClient =
           WebOidcClient.builder()
-              .setIssuer(
-                  ImmutableService.builder()
-                      .url(mockOAuthServer.issuerUrl(OAUTH_ISSUER_ID).uri())
-                      .apiVersion(1)
-                      .validFor(ImmutableValidFor.builder().start(Instant.now()).build())
-                      .build())
+              .setIssuer(Service.of(mockOAuthServer.issuerUrl(OAUTH_ISSUER_ID).uri(), 1))
               .setBrowser(webClient::getPage)
               .build();