support for building v0.3 bundles

Signed-off-by: Brian DeHamer <[email protected]>
sigstore · Mar 27, 2024 · 18b6f9f · 18b6f9f
1 parent ae5a819
commit 18b6f9f
Show file tree

Hide file tree

Showing 8 changed files with 363 additions and 113 deletions.
diff --git a/.changeset/six-baboons-cry.md b/.changeset/six-baboons-cry.md
@@ -0,0 +1,5 @@
+---
+"@sigstore/bundle": minor
+---
+
+Add support for building v0.3 bundles
diff --git a/packages/bundle/src/__tests__/__snapshots__/build.test.ts.snap b/packages/bundle/src/__tests__/__snapshots__/build.test.ts.snap
@@ -0,0 +1,203 @@
+// Jest Snapshot v1, https://goo.gl/fbAQLP
+
+exports[`toDSSEBundle when the singleCertificate option is true when a certificate chain provided returns a valid DSSE bundle 1`] = `
+{
+  "dsseEnvelope": {
+    "payload": "ZGF0YQ==",
+    "payloadType": "text/plain",
+    "signatures": [
+      {
+        "keyid": "",
+        "sig": "c2lnbmF0dXJl",
+      },
+    ],
+  },
+  "mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json",
+  "verificationMaterial": {
+    "certificate": {
+      "rawBytes": "Y2VydGlmaWNhdGU=",
+    },
+    "timestampVerificationData": {
+      "rfc3161Timestamps": [],
+    },
+    "tlogEntries": [],
+  },
+}
+`;
+
+exports[`toDSSEBundle when the singleCertificate option is true when a public key w/ hint is provided returns a valid DSSE bundle 1`] = `
+{
+  "dsseEnvelope": {
+    "payload": "ZGF0YQ==",
+    "payloadType": "text/plain",
+    "signatures": [
+      {
+        "keyid": "hint",
+        "sig": "c2lnbmF0dXJl",
+      },
+    ],
+  },
+  "mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json",
+  "verificationMaterial": {
+    "publicKey": {
+      "hint": "hint",
+    },
+    "timestampVerificationData": {
+      "rfc3161Timestamps": [],
+    },
+    "tlogEntries": [],
+  },
+}
+`;
+
+exports[`toDSSEBundle when the singleCertificate option is true when a public key w/o hint is provided returns a valid DSSE bundle 1`] = `
+{
+  "dsseEnvelope": {
+    "payload": "ZGF0YQ==",
+    "payloadType": "text/plain",
+    "signatures": [
+      {
+        "keyid": "",
+        "sig": "c2lnbmF0dXJl",
+      },
+    ],
+  },
+  "mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json",
+  "verificationMaterial": {
+    "publicKey": {
+      "hint": "",
+    },
+    "timestampVerificationData": {
+      "rfc3161Timestamps": [],
+    },
+    "tlogEntries": [],
+  },
+}
+`;
+
+exports[`toDSSEBundle when the singleCertificate option is undefined/false when a certificate chain provided returns a valid DSSE bundle 1`] = `
+{
+  "dsseEnvelope": {
+    "payload": "ZGF0YQ==",
+    "payloadType": "text/plain",
+    "signatures": [
+      {
+        "keyid": "",
+        "sig": "c2lnbmF0dXJl",
+      },
+    ],
+  },
+  "mediaType": "application/vnd.dev.sigstore.bundle+json;version=0.2",
+  "verificationMaterial": {
+    "timestampVerificationData": {
+      "rfc3161Timestamps": [],
+    },
+    "tlogEntries": [],
+    "x509CertificateChain": {
+      "certificates": [
+        {
+          "rawBytes": "Y2VydGlmaWNhdGU=",
+        },
+      ],
+    },
+  },
+}
+`;
+
+exports[`toDSSEBundle when the singleCertificate option is undefined/false when a public key w/ hint is provided returns a valid DSSE bundle 1`] = `
+{
+  "dsseEnvelope": {
+    "payload": "ZGF0YQ==",
+    "payloadType": "text/plain",
+    "signatures": [
+      {
+        "keyid": "hint",
+        "sig": "c2lnbmF0dXJl",
+      },
+    ],
+  },
+  "mediaType": "application/vnd.dev.sigstore.bundle+json;version=0.2",
+  "verificationMaterial": {
+    "publicKey": {
+      "hint": "hint",
+    },
+    "timestampVerificationData": {
+      "rfc3161Timestamps": [],
+    },
+    "tlogEntries": [],
+  },
+}
+`;
+
+exports[`toDSSEBundle when the singleCertificate option is undefined/false when a public key w/o hint is provided returns a valid DSSE bundle 1`] = `
+{
+  "dsseEnvelope": {
+    "payload": "ZGF0YQ==",
+    "payloadType": "text/plain",
+    "signatures": [
+      {
+        "keyid": "",
+        "sig": "c2lnbmF0dXJl",
+      },
+    ],
+  },
+  "mediaType": "application/vnd.dev.sigstore.bundle+json;version=0.2",
+  "verificationMaterial": {
+    "publicKey": {
+      "hint": "",
+    },
+    "timestampVerificationData": {
+      "rfc3161Timestamps": [],
+    },
+    "tlogEntries": [],
+  },
+}
+`;
+
+exports[`toMessageSignatureBundle when the singleCertificate option is true returns a valid message signature bundle 1`] = `
+{
+  "mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json",
+  "messageSignature": {
+    "messageDigest": {
+      "algorithm": "SHA2_256",
+      "digest": "ZGlnZXN0",
+    },
+    "signature": "c2lnbmF0dXJl",
+  },
+  "verificationMaterial": {
+    "certificate": {
+      "rawBytes": "Y2VydGlmaWNhdGU=",
+    },
+    "timestampVerificationData": {
+      "rfc3161Timestamps": [],
+    },
+    "tlogEntries": [],
+  },
+}
+`;
+
+exports[`toMessageSignatureBundle when the singleCertificate option is undefined returns a valid message signature bundle 1`] = `
+{
+  "mediaType": "application/vnd.dev.sigstore.bundle+json;version=0.2",
+  "messageSignature": {
+    "messageDigest": {
+      "algorithm": "SHA2_256",
+      "digest": "ZGlnZXN0",
+    },
+    "signature": "c2lnbmF0dXJl",
+  },
+  "verificationMaterial": {
+    "timestampVerificationData": {
+      "rfc3161Timestamps": [],
+    },
+    "tlogEntries": [],
+    "x509CertificateChain": {
+      "certificates": [
+        {
+          "rawBytes": "Y2VydGlmaWNhdGU=",
+        },
+      ],
+    },
+  },
+}
+`;