@@ -154,13 +154,21 @@ def _from_v1_response(cls, dict_: dict[str, Any]) -> TransparencyLogEntry:
154154
155155 return cls (inner )
156156
157- def encode_canonical (self ) -> bytes :
157+ def _encode_canonical (self ) -> bytes :
158158 """
159159 Returns a canonicalized JSON (RFC 8785) representation of the transparency log entry.
160160
161161 This encoded representation is suitable for verification against
162162 the Signed Entry Timestamp.
163163 """
164+ # We might not have an integrated time if our log entry is from rekor
165+ # v2, i.e. was integrated synchronously instead of via an
166+ # inclusion promise.
167+ if self ._inner .integrated_time is None :
168+ raise ValueError (
169+ "can't encode canonical form for SET without integrated time"
170+ )
171+
164172 payload : dict [str , int | str ] = {
165173 "body" : base64 .b64encode (self ._inner .canonicalized_body ).decode (),
166174 "integratedTime" : self ._inner .integrated_time ,
@@ -187,7 +195,7 @@ def _verify_set(self, keyring: RekorKeyring) -> None:
187195 keyring .verify (
188196 key_id = KeyID (self ._inner .log_id .key_id ),
189197 signature = signed_entry_ts ,
190- data = self .encode_canonical (),
198+ data = self ._encode_canonical (),
191199 )
192200 except VerificationError as exc :
193201 raise VerificationError (f"SET: invalid inclusion promise: { exc } )
@@ -211,7 +219,7 @@ def _verify(self, keyring: RekorKeyring) -> None:
211219 f"successfully verified inclusion proof: index={ self ._inner .log_index }
212220 )
213221
214- if self ._inner .inclusion_promise :
222+ if self ._inner .inclusion_promise and self . _inner . integrated_time :
215223 self ._verify_set (keyring )
216224 _logger .debug (
217225 f"successfully verified inclusion promise: index={ self ._inner .log_index }
0 commit comments