Skip to content

Commit 53c9113

Browse files
send the cert, not only the public key
Signed-off-by: Ramon Petgrave <[email protected]>
1 parent 1e78607 commit 53c9113

File tree

2 files changed

+16
-23
lines changed

2 files changed

+16
-23
lines changed

sigstore/_internal/rekor/client_v2.py

Lines changed: 9 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,7 @@
2727
from cryptography.x509 import Certificate
2828

2929
from sigstore._internal import USER_AGENT
30-
from sigstore._internal.rekor.v2_types.dev.sigstore.common.v1 import PublicKeyDetails
30+
from sigstore._internal.rekor.v2_types.dev.sigstore.common import v1 as common_v1
3131
from sigstore._internal.rekor.v2_types.dev.sigstore.rekor import v2
3232
from sigstore._internal.rekor.v2_types.io import intoto as v2_intoto
3333
from sigstore.dsse import Envelope
@@ -39,7 +39,7 @@
3939
DEFAULT_REKOR_URL = "https://rekor.sigstore.dev"
4040
STAGING_REKOR_URL = "https://rekor.sigstage.dev"
4141

42-
DEFAULT_KEY_DETAILS = PublicKeyDetails.PKIX_ECDSA_P384_SHA_256
42+
DEFAULT_KEY_DETAILS = common_v1.PublicKeyDetails.PKIX_ECDSA_P384_SHA_256
4343

4444

4545
class RekorV2Client:
@@ -98,18 +98,17 @@ def _build_hashed_rekord_create_entry_request(
9898
cls,
9999
artifact_hashed_input: Hashed,
100100
artifact_signature: bytes,
101-
signining_certificate: Certificate,
101+
signing_certificate: Certificate,
102102
) -> v2.CreateEntryRequest:
103103
return v2.CreateEntryRequest(
104104
hashed_rekord_request_v0_0_2=v2.HashedRekordRequestV002(
105105
digest=artifact_hashed_input.digest,
106106
signature=v2.Signature(
107107
content=artifact_signature,
108108
verifier=v2.Verifier(
109-
public_key=v2.PublicKey(
110-
raw_bytes=signining_certificate.public_key().public_bytes(
111-
encoding=serialization.Encoding.DER,
112-
format=serialization.PublicFormat.SubjectPublicKeyInfo,
109+
x509_certificate=common_v1.X509Certificate(
110+
raw_bytes=signing_certificate.public_bytes(
111+
encoding=serialization.Encoding.DER
113112
)
114113
),
115114
key_details=DEFAULT_KEY_DETAILS, # type: ignore[arg-type]
@@ -137,10 +136,9 @@ def _build_dsse_create_entry_request(
137136
),
138137
verifiers=[
139138
v2.Verifier(
140-
public_key=v2.PublicKey(
141-
raw_bytes=signing_certificate.public_key().public_bytes(
142-
encoding=serialization.Encoding.DER,
143-
format=serialization.PublicFormat.SubjectPublicKeyInfo,
139+
x509_certificate=common_v1.X509Certificate(
140+
raw_bytes=signing_certificate.public_bytes(
141+
encoding=serialization.Encoding.DER
144142
)
145143
),
146144
key_details=DEFAULT_KEY_DETAILS, # type: ignore[arg-type]

test/unit/internal/rekor/test_client_v2.py

Lines changed: 7 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@
1212
Hashed,
1313
LogEntry,
1414
RekorV2Client,
15+
common_v1,
1516
serialization,
1617
v2,
1718
v2_intoto,
@@ -72,7 +73,7 @@ def sample_hashed_rekord_create_entry_request(
7273
return RekorV2Client._build_hashed_rekord_create_entry_request(
7374
artifact_hashed_input=hashed_input,
7475
artifact_signature=signature,
75-
signining_certificate=cert,
76+
signing_certificate=cert,
7677
)
7778

7879

@@ -145,11 +146,8 @@ def test_build_hashed_rekord_create_entry_request(
145146
signature=v2.Signature(
146147
content=signature,
147148
verifier=v2.Verifier(
148-
public_key=v2.PublicKey(
149-
raw_bytes=cert.public_key().public_bytes(
150-
encoding=serialization.Encoding.DER,
151-
format=serialization.PublicFormat.SubjectPublicKeyInfo,
152-
)
149+
x509_certificate=common_v1.X509Certificate(
150+
raw_bytes=cert.public_bytes(encoding=serialization.Encoding.DER)
153151
),
154152
key_details=DEFAULT_KEY_DETAILS,
155153
),
@@ -159,7 +157,7 @@ def test_build_hashed_rekord_create_entry_request(
159157
actual_request = RekorV2Client._build_hashed_rekord_create_entry_request(
160158
artifact_hashed_input=hashed_input,
161159
artifact_signature=signature,
162-
signining_certificate=cert,
160+
signing_certificate=cert,
163161
)
164162
assert expected_request == actual_request
165163

@@ -185,11 +183,8 @@ def test_build_dsse_create_entry_request(sample_dsse_request_materials):
185183
),
186184
verifiers=[
187185
v2.Verifier(
188-
public_key=v2.PublicKey(
189-
raw_bytes=cert.public_key().public_bytes(
190-
encoding=serialization.Encoding.DER,
191-
format=serialization.PublicFormat.SubjectPublicKeyInfo,
192-
)
186+
x509_certificate=common_v1.X509Certificate(
187+
raw_bytes=cert.public_bytes(encoding=serialization.Encoding.DER)
193188
),
194189
key_details=DEFAULT_KEY_DETAILS,
195190
)

0 commit comments

Comments
 (0)