send the cert, not only the public key

ramonpetgrave64 · ramonpetgrave64 · commit 53c91131a417 · 2025-05-21T15:30:42.000Z
Signed-off-by: Ramon Petgrave &lt;ramon.petgrave64@gmail.com&gt;
diff --git a/sigstore/_internal/rekor/client_v2.py b/sigstore/_internal/rekor/client_v2.py
@@ -27,7 +27,7 @@
 from cryptography.x509 import Certificate
 
 from sigstore._internal import USER_AGENT
-from sigstore._internal.rekor.v2_types.dev.sigstore.common.v1 import PublicKeyDetails
+from sigstore._internal.rekor.v2_types.dev.sigstore.common import v1 as common_v1
 from sigstore._internal.rekor.v2_types.dev.sigstore.rekor import v2
 from sigstore._internal.rekor.v2_types.io import intoto as v2_intoto
 from sigstore.dsse import Envelope
@@ -39,7 +39,7 @@
 DEFAULT_REKOR_URL = "https://rekor.sigstore.dev"
 STAGING_REKOR_URL = "https://rekor.sigstage.dev"
 
-DEFAULT_KEY_DETAILS = PublicKeyDetails.PKIX_ECDSA_P384_SHA_256
+DEFAULT_KEY_DETAILS = common_v1.PublicKeyDetails.PKIX_ECDSA_P384_SHA_256
 
 
 class RekorV2Client:
@@ -98,18 +98,17 @@ def _build_hashed_rekord_create_entry_request(
         cls,
         artifact_hashed_input: Hashed,
         artifact_signature: bytes,
-        signining_certificate: Certificate,
+        signing_certificate: Certificate,
     ) -> v2.CreateEntryRequest:
         return v2.CreateEntryRequest(
             hashed_rekord_request_v0_0_2=v2.HashedRekordRequestV002(
                 digest=artifact_hashed_input.digest,
                 signature=v2.Signature(
                     content=artifact_signature,
                     verifier=v2.Verifier(
-                        public_key=v2.PublicKey(
-                            raw_bytes=signining_certificate.public_key().public_bytes(
-                                encoding=serialization.Encoding.DER,
-                                format=serialization.PublicFormat.SubjectPublicKeyInfo,
+                        x509_certificate=common_v1.X509Certificate(
+                            raw_bytes=signing_certificate.public_bytes(
+                                encoding=serialization.Encoding.DER
                             )
                         ),
                         key_details=DEFAULT_KEY_DETAILS,  # type: ignore[arg-type]
@@ -137,10 +136,9 @@ def _build_dsse_create_entry_request(
                 ),
                 verifiers=[
                     v2.Verifier(
-                        public_key=v2.PublicKey(
-                            raw_bytes=signing_certificate.public_key().public_bytes(
-                                encoding=serialization.Encoding.DER,
-                                format=serialization.PublicFormat.SubjectPublicKeyInfo,
+                        x509_certificate=common_v1.X509Certificate(
+                            raw_bytes=signing_certificate.public_bytes(
+                                encoding=serialization.Encoding.DER
                             )
                         ),
                         key_details=DEFAULT_KEY_DETAILS,  # type: ignore[arg-type]
diff --git a/test/unit/internal/rekor/test_client_v2.py b/test/unit/internal/rekor/test_client_v2.py
@@ -12,6 +12,7 @@
     Hashed,
     LogEntry,
     RekorV2Client,
+    common_v1,
     serialization,
     v2,
     v2_intoto,
@@ -72,7 +73,7 @@ def sample_hashed_rekord_create_entry_request(
     return RekorV2Client._build_hashed_rekord_create_entry_request(
         artifact_hashed_input=hashed_input,
         artifact_signature=signature,
-        signining_certificate=cert,
+        signing_certificate=cert,
     )
 
 
@@ -145,11 +146,8 @@ def test_build_hashed_rekord_create_entry_request(
             signature=v2.Signature(
                 content=signature,
                 verifier=v2.Verifier(
-                    public_key=v2.PublicKey(
-                        raw_bytes=cert.public_key().public_bytes(
-                            encoding=serialization.Encoding.DER,
-                            format=serialization.PublicFormat.SubjectPublicKeyInfo,
-                        )
+                    x509_certificate=common_v1.X509Certificate(
+                        raw_bytes=cert.public_bytes(encoding=serialization.Encoding.DER)
                     ),
                     key_details=DEFAULT_KEY_DETAILS,
                 ),
@@ -159,7 +157,7 @@ def test_build_hashed_rekord_create_entry_request(
     actual_request = RekorV2Client._build_hashed_rekord_create_entry_request(
         artifact_hashed_input=hashed_input,
         artifact_signature=signature,
-        signining_certificate=cert,
+        signing_certificate=cert,
     )
     assert expected_request == actual_request
 
@@ -185,11 +183,8 @@ def test_build_dsse_create_entry_request(sample_dsse_request_materials):
             ),
             verifiers=[
                 v2.Verifier(
-                    public_key=v2.PublicKey(
-                        raw_bytes=cert.public_key().public_bytes(
-                            encoding=serialization.Encoding.DER,
-                            format=serialization.PublicFormat.SubjectPublicKeyInfo,
-                        )
+                    x509_certificate=common_v1.X509Certificate(
+                        raw_bytes=cert.public_bytes(encoding=serialization.Encoding.DER)
                     ),
                     key_details=DEFAULT_KEY_DETAILS,
                 )
