Revert "rekor v2: Cope without CreateEntryRequest"

jku · jku · commit b942f9078a25 · 2025-06-07T12:12:00.000+03:00
This reverts commit 3d9a1b8. protobuf-specs now contains CreateEntryRequest: no need to workaround Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
diff --git a/sigstore/_internal/rekor/__init__.py b/sigstore/_internal/rekor/__init__.py
@@ -20,7 +20,7 @@
 
 import base64
 from abc import ABC, abstractmethod
-from typing import Any
+from typing import Any, NewType
 
 import rekor_types
 from cryptography.x509 import Certificate
@@ -34,11 +34,7 @@
     "_hashedrekord_from_parts",
 ]
 
-
-class EntryRequest(dict[str, Any]):
-    """Entry request payload, for either rekor v1 or v2"""
-
-    pass
+EntryRequest = NewType("EntryRequest", dict[str, Any])
 
 
 class RekorLogSubmitter(ABC):
diff --git a/sigstore/_internal/rekor/client_v2.py b/sigstore/_internal/rekor/client_v2.py
@@ -40,16 +40,6 @@
 _logger = logging.getLogger(__name__)
 
 
-class _V2EntryRequest(EntryRequest):
-    @classmethod
-    def from_hashed_rekord(cls, req: v2.HashedRekordRequestV002) -> _V2EntryRequest:
-        return cls({"hashedRekordRequestV002": req.to_dict()})
-
-    @classmethod
-    def from_dsse(cls, req: v2.DsseRequestV002) -> _V2EntryRequest:
-        return cls({"dsseRequestV002": req.to_dict()})
-
-
 class RekorV2Client(RekorLogSubmitter):
     """The internal Rekor client for the v2 API
 
@@ -124,22 +114,23 @@ def _build_hashed_rekord_request(
         """
         Construct a hashed rekord request to submit to Rekor.
         """
-
-        req = v2.HashedRekordRequestV002(
-            digest=hashed_input.digest,
-            signature=v2.Signature(
-                content=signature,
-                verifier=v2.Verifier(
-                    x509_certificate=common_v1.X509Certificate(
-                        raw_bytes=certificate.public_bytes(
-                            encoding=serialization.Encoding.DER
-                        )
+        req = v2.CreateEntryRequest(
+            hashed_rekord_request_v002=v2.HashedRekordRequestV002(
+                digest=hashed_input.digest,
+                signature=v2.Signature(
+                    content=signature,
+                    verifier=v2.Verifier(
+                        x509_certificate=common_v1.X509Certificate(
+                            raw_bytes=certificate.public_bytes(
+                                encoding=serialization.Encoding.DER
+                            )
+                        ),
+                        key_details=cls._get_key_details(certificate),
                     ),
-                    key_details=cls._get_key_details(certificate),
                 ),
-            ),
+            )
         )
-        return _V2EntryRequest.from_hashed_rekord(req)
+        return EntryRequest(req.to_dict())
 
     @classmethod
     def _build_dsse_request(
@@ -148,30 +139,32 @@ def _build_dsse_request(
         """
         Construct a dsse request to submit to Rekor.
         """
-        req = v2.DsseRequestV002(
-            envelope=intoto.Envelope(
-                payload=envelope._inner.payload,
-                payload_type=envelope._inner.payload_type,
-                signatures=[
-                    intoto.Signature(
-                        keyid=signature.keyid,
-                        sig=signature.sig,
+        req = v2.CreateEntryRequest(
+            dsse_request_v002=v2.DsseRequestV002(
+                envelope=intoto.Envelope(
+                    payload=envelope._inner.payload,
+                    payload_type=envelope._inner.payload_type,
+                    signatures=[
+                        intoto.Signature(
+                            keyid=signature.keyid,
+                            sig=signature.sig,
+                        )
+                        for signature in envelope._inner.signatures
+                    ],
+                ),
+                verifiers=[
+                    v2.Verifier(
+                        x509_certificate=common_v1.X509Certificate(
+                            raw_bytes=certificate.public_bytes(
+                                encoding=serialization.Encoding.DER
+                            )
+                        ),
+                        key_details=cls._get_key_details(certificate)
                     )
-                    for signature in envelope._inner.signatures
                 ],
-            ),
-            verifiers=[
-                v2.Verifier(
-                    x509_certificate=common_v1.X509Certificate(
-                        raw_bytes=certificate.public_bytes(
-                            encoding=serialization.Encoding.DER
-                        )
-                    ),
-                    key_details=cls._get_key_details(certificate),
-                )
-            ],
+            )
         )
-        return _V2EntryRequest.from_dsse(req)
+        return EntryRequest(req.to_dict())
 
 
 class RekorClientError(Exception):
