diff --git a/.github/workflows/conformance.yml b/.github/workflows/conformance.yml index 9b599396..73d49664 100644 --- a/.github/workflows/conformance.yml +++ b/.github/workflows/conformance.yml @@ -54,7 +54,7 @@ jobs: distribution: 'temurin' - name: Run Conformance Tests (production) - uses: sigstore/sigstore-conformance@4d66ba3cb0c9c95f705c757c0f5e226d3f4d5151 # v0.0.27 + uses: sigstore/sigstore-conformance@21533cde107c734ebc153c3e3a24d75fc9811a36 # v0.0.29 with: entrypoint: ${{ github.workspace }}/sigstore-cli/sigstore-cli-server environment: production @@ -66,7 +66,7 @@ jobs: test_sign_verify_dsse - name: Run Conformance Tests (staging) - uses: sigstore/sigstore-conformance@4d66ba3cb0c9c95f705c757c0f5e226d3f4d5151 # v0.0.27 + uses: sigstore/sigstore-conformance@21533cde107c734ebc153c3e3a24d75fc9811a36 # v0.0.29 with: entrypoint: ${{ github.workspace }}/sigstore-cli/sigstore-cli-server environment: staging diff --git a/fuzzing/src/main/java/fuzzing/RekorTypesFuzzer.java b/fuzzing/src/main/java/fuzzing/RekorTypesFuzzer.java index ff2c12c3..b8b843eb 100644 --- a/fuzzing/src/main/java/fuzzing/RekorTypesFuzzer.java +++ b/fuzzing/src/main/java/fuzzing/RekorTypesFuzzer.java @@ -50,9 +50,6 @@ public static void fuzzerTestOneInput(FuzzedDataProvider data) { case 2: RekorTypes.getHashedRekordV002(entry); break; - case 3: - RekorTypes.getDsseV002(entry); - break; } } catch (URISyntaxException | RekorTypeException | RekorParseException e) { // Known exception diff --git a/sigstore-java/src/main/java/dev/sigstore/KeylessSigner.java b/sigstore-java/src/main/java/dev/sigstore/KeylessSigner.java index 569cb723..218affb8 100644 --- a/sigstore-java/src/main/java/dev/sigstore/KeylessSigner.java +++ b/sigstore-java/src/main/java/dev/sigstore/KeylessSigner.java @@ -45,7 +45,6 @@ import dev.sigstore.oidc.client.OidcTokenMatcher; import dev.sigstore.proto.ProtoMutators; import dev.sigstore.proto.common.v1.X509Certificate; -import dev.sigstore.proto.rekor.v2.DSSERequestV002; import dev.sigstore.proto.rekor.v2.HashedRekordRequestV002; import dev.sigstore.proto.rekor.v2.Signature; import dev.sigstore.proto.rekor.v2.Verifier; @@ -69,7 +68,6 @@ import dev.sigstore.trustroot.Service; import dev.sigstore.trustroot.SigstoreConfigurationException; import dev.sigstore.tuf.SigstoreTufClient; -import io.intoto.EnvelopeOuterClass; import java.io.IOException; import java.nio.charset.StandardCharsets; import java.nio.file.Path; @@ -765,19 +763,21 @@ public Bundle attest(String payload) throws KeylessSignerException { .build(); var pae = dsse.getPAE(); + var paeDigest = Hashers.from(signingAlgorithm).hashBytes(pae).asBytes(); + byte[] signature; - Bundle.DsseEnvelope dsseSigned; try { - var sig = signer.sign(pae); - dsseSigned = - ImmutableDsseEnvelope.builder() - .from(dsse) - .addSignatures(ImmutableSignature.builder().sig(sig).build()) - .build(); + signature = signer.signDigest(paeDigest); } catch (NoSuchAlgorithmException | SignatureException | InvalidKeyException ex) { throw new KeylessSignerException("Failed to sign artifact", ex); } + Bundle.DsseEnvelope dsseSigned = + ImmutableDsseEnvelope.builder() + .from(dsse) + .addSignatures(ImmutableSignature.builder().sig(signature).build()) + .build(); + var verifier = Verifier.newBuilder() .setX509Certificate( @@ -785,17 +785,16 @@ public Bundle attest(String payload) throws KeylessSignerException { .setKeyDetails(ProtoMutators.toPublicKeyDetails(signingAlgorithm)) .build(); - var dsseRequest = - DSSERequestV002.newBuilder() - .setEnvelope( - EnvelopeOuterClass.Envelope.newBuilder() - .setPayload(ByteString.copyFrom(dsseSigned.getPayload())) - .setPayloadType(dsseSigned.getPayloadType()) - .addSignatures( - EnvelopeOuterClass.Signature.newBuilder() - .setSig(ByteString.copyFrom(dsseSigned.getSignature()))) - .build()) - .addVerifiers(verifier) + var reqSignature = + Signature.newBuilder() + .setVerifier(verifier) + .setContent(ByteString.copyFrom(dsseSigned.getSignature())) + .build(); + + var hashedRekordRequest = + HashedRekordRequestV002.newBuilder() + .setSignature(reqSignature) + .setDigest(ByteString.copyFrom(paeDigest)) .build(); var hashFunction = Hashers.from(signingAlgorithm); @@ -827,7 +826,7 @@ public Bundle attest(String payload) throws KeylessSignerException { RekorEntry entry; try { - entry = rekorV2Client.putEntry(dsseRequest); + entry = rekorV2Client.putEntry(hashedRekordRequest); } catch (IOException | RekorParseException ex) { throw new KeylessSignerException("Failed to put entry in rekor", ex); } diff --git a/sigstore-java/src/main/java/dev/sigstore/KeylessVerifier.java b/sigstore-java/src/main/java/dev/sigstore/KeylessVerifier.java index 1763cc81..8c8fa061 100644 --- a/sigstore-java/src/main/java/dev/sigstore/KeylessVerifier.java +++ b/sigstore-java/src/main/java/dev/sigstore/KeylessVerifier.java @@ -31,11 +31,11 @@ import dev.sigstore.fulcio.client.FulcioVerifier; import dev.sigstore.json.JsonParseException; import dev.sigstore.proto.ProtoMutators; -import dev.sigstore.proto.rekor.v2.DSSELogEntryV002; import dev.sigstore.proto.rekor.v2.HashedRekordLogEntryV002; import dev.sigstore.proto.rekor.v2.Signature; import dev.sigstore.rekor.client.HashedRekordRequest; import dev.sigstore.rekor.client.RekorEntry; +import dev.sigstore.rekor.client.RekorEntryBody; import dev.sigstore.rekor.client.RekorTypeException; import dev.sigstore.rekor.client.RekorTypes; import dev.sigstore.rekor.client.RekorVerificationException; @@ -469,13 +469,15 @@ private void checkDsseEnvelope( throw new KeylessVerificationException("Signature could not be processed", se); } - String version; + RekorEntryBody entryBody; try { - version = rekorEntry.getBodyDecoded().getApiVersion(); + entryBody = rekorEntry.getBodyDecoded(); } catch (JsonParseException ex) { throw new KeylessVerificationException("Could not extract body from log entry"); } - if ("0.0.1".equals(version)) { + var kind = entryBody.getKind(); + var version = entryBody.getApiVersion(); + if ("0.0.1".equals(version) && "dsse".equals(kind)) { Dsse rekorDsse; try { rekorDsse = RekorTypes.getDsseV001(rekorEntry); @@ -517,45 +519,30 @@ private void checkDsseEnvelope( throw new KeylessVerificationException( "Provided DSSE signature materials are inconsistent with DSSE log entry"); } - } else if ("0.0.2".equals(version)) { - DSSELogEntryV002 logEntrySpec; + } else if ("0.0.2".equals(version) && "hashedrekord".equals(kind)) { + HashedRekordLogEntryV002 logEntrySpec; try { - logEntrySpec = RekorTypes.getDsseV002(rekorEntry); + logEntrySpec = RekorTypes.getHashedRekordV002(rekorEntry); } catch (RekorTypeException re) { throw new KeylessVerificationException("Could not parse DSSE from log entry body", re); } - try { - ProtoMutators.toHashAlgorithm(logEntrySpec.getPayloadHash().getAlgorithm()); - } catch (UnsupportedAlgorithmException ex) { - throw new KeylessVerificationException("Unsupported digest algorithm in log entry", ex); - } - - // check if the digest over the dsse payload matches the digest in the transparency log entry - byte[] calculatedDigest = hashing.hashBytes(dsseEnvelope.getPayload()).asBytes(); - if (!Arrays.equals( - logEntrySpec.getPayloadHash().getDigest().toByteArray(), calculatedDigest)) { - throw new KeylessVerificationException( - "Digest of DSSE payload in bundle does not match DSSE payload digest in log entry"); - } - - // check if the signature over the dsse payload matches the signature in the rekorEntry - if (logEntrySpec.getSignaturesCount() != 1) { + // check if the digest over the dsse pae matches the digest in the transparency log entry + byte[] calculatedDigest = hashing.hashBytes(dsseEnvelope.getPAE()).asBytes(); + if (!Arrays.equals(logEntrySpec.getData().getDigest().toByteArray(), calculatedDigest)) { throw new KeylessVerificationException( - "Log entry spec must have exactly 1 signature, but found: " - + logEntrySpec.getSignaturesCount()); + "Digest of DSSE.pae in bundle does not match digest in log entry"); } - Signature logSignature = logEntrySpec.getSignatures(0); + Signature logSignature = logEntrySpec.getSignature(); if (!Arrays.equals(dsseEnvelope.getSignature(), logSignature.getContent().toByteArray())) { throw new KeylessVerificationException( - "Signature in DSSE envelope does not match signature in log entry spec"); + "Signature in DSSE envelope does not match signature in log entry"); } var verifier = logSignature.getVerifier(); if (!verifier.hasX509Certificate()) { - throw new KeylessVerificationException( - "Rekor entry DSSE verifier is missing X.509 certificate"); + throw new KeylessVerificationException("Log entry is missing X.509 certificate"); } try { byte[] certFromRekor = verifier.getX509Certificate().getRawBytes().toByteArray(); @@ -569,7 +556,8 @@ private void checkDsseEnvelope( "Could not encode leaf certificate for comparison", e); } } else { - throw new KeylessVerificationException("Unsupported DSSE version: " + version); + throw new KeylessVerificationException( + "Unsupported entry type: '" + kind + ":" + version + "' for DSSE bundle"); } } } diff --git a/sigstore-java/src/main/java/dev/sigstore/rekor/client/RekorTypes.java b/sigstore-java/src/main/java/dev/sigstore/rekor/client/RekorTypes.java index d0b19685..f6ac03e1 100644 --- a/sigstore-java/src/main/java/dev/sigstore/rekor/client/RekorTypes.java +++ b/sigstore-java/src/main/java/dev/sigstore/rekor/client/RekorTypes.java @@ -20,7 +20,6 @@ import com.google.protobuf.InvalidProtocolBufferException; import dev.sigstore.json.JsonParseException; import dev.sigstore.json.ProtoJson; -import dev.sigstore.proto.rekor.v2.DSSELogEntryV002; import dev.sigstore.proto.rekor.v2.HashedRekordLogEntryV002; import dev.sigstore.rekor.dsse.v0_0_1.Dsse; import dev.sigstore.rekor.hashedRekord.v0_0_1.HashedRekord; @@ -91,32 +90,6 @@ public static Dsse getDsseV001(RekorEntry entry) throws RekorTypeException { } } - /** - * Parse a dsse from rekor at api version 0.0.2. - * - * @param entry the rekor entry obtained from rekor - * @return the parsed proto - * @throws RekorTypeException if the dsse:0.0.2 entry could not be parsed - */ - public static DSSELogEntryV002 getDsseV002(RekorEntry entry) throws RekorTypeException { - expect(entry, "dsse", "0.0.2"); - - try { - DSSELogEntryV002.Builder builder = DSSELogEntryV002.newBuilder(); - ProtoJson.parser() - .ignoringUnknownFields() - .merge( - GSON.get().toJson(entry.getBodyDecoded().getSpec().getAsJsonObject().get("dsseV002")), - builder); - return builder.build(); - } catch (InvalidProtocolBufferException - | JsonParseException - | NullPointerException - | IllegalStateException e) { - throw new RekorTypeException("Could not parse dsse:0.0.2", e); - } - } - private static void expect(RekorEntry entry, String expectedKind, String expectedApiVersion) throws RekorTypeException { try { diff --git a/sigstore-java/src/main/java/dev/sigstore/rekor/v2/client/RekorV2Client.java b/sigstore-java/src/main/java/dev/sigstore/rekor/v2/client/RekorV2Client.java index 46cb03e4..b71c8007 100644 --- a/sigstore-java/src/main/java/dev/sigstore/rekor/v2/client/RekorV2Client.java +++ b/sigstore-java/src/main/java/dev/sigstore/rekor/v2/client/RekorV2Client.java @@ -15,7 +15,6 @@ */ package dev.sigstore.rekor.v2.client; -import dev.sigstore.proto.rekor.v2.DSSERequestV002; import dev.sigstore.proto.rekor.v2.HashedRekordRequestV002; import dev.sigstore.rekor.client.RekorEntry; import dev.sigstore.rekor.client.RekorParseException; @@ -31,12 +30,4 @@ public interface RekorV2Client { */ RekorEntry putEntry(HashedRekordRequestV002 hashedRekordRequest) throws IOException, RekorParseException; - - /** - * Put a new dsse entry on the Rekor log. - * - * @param dsseRequest the request to send to rekor - * @return a {@link RekorEntry} with information about the log entry - */ - RekorEntry putEntry(DSSERequestV002 dsseRequest) throws IOException, RekorParseException; } diff --git a/sigstore-java/src/main/java/dev/sigstore/rekor/v2/client/RekorV2ClientHttp.java b/sigstore-java/src/main/java/dev/sigstore/rekor/v2/client/RekorV2ClientHttp.java index c000ae1c..2226475f 100644 --- a/sigstore-java/src/main/java/dev/sigstore/rekor/v2/client/RekorV2ClientHttp.java +++ b/sigstore-java/src/main/java/dev/sigstore/rekor/v2/client/RekorV2ClientHttp.java @@ -26,7 +26,6 @@ import dev.sigstore.http.ImmutableHttpParams; import dev.sigstore.http.URIFormat; import dev.sigstore.proto.rekor.v2.CreateEntryRequest; -import dev.sigstore.proto.rekor.v2.DSSERequestV002; import dev.sigstore.proto.rekor.v2.HashedRekordRequestV002; import dev.sigstore.rekor.client.RekorEntry; import dev.sigstore.rekor.client.RekorParseException; @@ -83,11 +82,6 @@ public RekorEntry putEntry(HashedRekordRequestV002 hashedRekordRequest) CreateEntryRequest.newBuilder().setHashedRekordRequestV002(hashedRekordRequest).build()); } - @Override - public RekorEntry putEntry(DSSERequestV002 dsseRequest) throws IOException, RekorParseException { - return putEntry(CreateEntryRequest.newBuilder().setDsseRequestV002(dsseRequest).build()); - } - private RekorEntry putEntry(CreateEntryRequest request) throws IOException, RekorParseException { URI rekorPutEndpoint = URIFormat.appendPath(uri, REKOR_ENTRIES_PATH); diff --git a/sigstore-java/src/test/java/dev/sigstore/KeylessTest.java b/sigstore-java/src/test/java/dev/sigstore/KeylessTest.java index 1b393adf..77c24f43 100644 --- a/sigstore-java/src/test/java/dev/sigstore/KeylessTest.java +++ b/sigstore-java/src/test/java/dev/sigstore/KeylessTest.java @@ -161,6 +161,7 @@ public void attest_production() throws Exception { Assertions.assertNotNull(result.getDsseEnvelope().get()); Assertions.assertEquals(payload, result.getDsseEnvelope().get().getPayloadAsString()); Assertions.assertEquals(1, result.getEntries().size()); + Assertions.assertEquals("hashedrekord", result.getEntries().get(0).getBodyDecoded().getKind()); Assertions.assertEquals("0.0.2", result.getEntries().get(0).getBodyDecoded().getApiVersion()); var verifier = KeylessVerifier.builder().sigstorePublicDefaults().build(); @@ -190,7 +191,7 @@ public void attest_staging() throws Exception { } private void verifySigningResult(List results, boolean enableRekorV2) - throws IOException, JsonParseException { + throws JsonParseException { Assertions.assertEquals(artifactDigests.size(), results.size()); diff --git a/sigstore-java/src/test/java/dev/sigstore/KeylessVerifierTest.java b/sigstore-java/src/test/java/dev/sigstore/KeylessVerifierTest.java index 7ef6ad96..04ebd68c 100644 --- a/sigstore-java/src/test/java/dev/sigstore/KeylessVerifierTest.java +++ b/sigstore-java/src/test/java/dev/sigstore/KeylessVerifierTest.java @@ -444,16 +444,19 @@ static Stream badDsseProvider() { Arguments.arguments( "bundle.dsse.rekor-v2.bad-signature.sigstore", "DSSE signature was not valid"), Arguments.arguments( - "bundle.dsse.rekor-v2.mismatched-payload.sigstore", - "Digest of DSSE payload in bundle does not match DSSE payload digest in log entry"), + "bundle.dsse.rekor-v2.mismatched-envelope.sigstore", + "Digest of DSSE.pae in bundle does not match digest in log entry"), Arguments.arguments( "bundle.dsse.rekor-v2.mismatched-signature.sigstore", - "Signature in DSSE envelope does not match signature in log entry spec")); + "Signature in DSSE envelope does not match signature in log entry"), + Arguments.arguments( + "bundle.dsse.rekor-v2.bad-entry-type.sigstore", + "Unsupported entry type: 'dsse:0.0.2' for DSSE bundle")); } @ParameterizedTest @MethodSource("badDsseProvider") - public void testVerify_dsseBundleInvalid(String bundleName, String expectedError) + public void testVerify_dsseBundleInvalid_rekor(String bundleName, String expectedError) throws Exception { var bundleFile = Resources.toString( @@ -708,7 +711,7 @@ public void testVerify_dsseBundle_rekorV2() throws Exception { Resources.getResource("dev/sigstore/samples/bundles/bundle.dsse.rekor-v2.sigstore"), StandardCharsets.UTF_8); - var verifier = KeylessVerifier.builder().sigstoreStagingDefaults().build(); + var verifier = KeylessVerifier.builder().sigstorePublicDefaults().build(); verifier.verify( Path.of(artifact), Bundle.from(new StringReader(bundleFile)), VerificationOptions.empty()); } @@ -721,7 +724,7 @@ public void testVerify_dsseBundleArtifactNotInSubjects_rekorV2() throws Exceptio StandardCharsets.UTF_8); var badArtifactDigest = Hashing.sha256().hashString("nonsense", StandardCharsets.UTF_8).asBytes(); - var verifier = KeylessVerifier.builder().sigstoreStagingDefaults().build(); + var verifier = KeylessVerifier.builder().sigstorePublicDefaults().build(); var ex = Assertions.assertThrows( diff --git a/sigstore-java/src/test/java/dev/sigstore/rekor/v2/client/RekorV2ClientHttpTest.java b/sigstore-java/src/test/java/dev/sigstore/rekor/v2/client/RekorV2ClientHttpTest.java index a624e7b8..3586f18d 100644 --- a/sigstore-java/src/test/java/dev/sigstore/rekor/v2/client/RekorV2ClientHttpTest.java +++ b/sigstore-java/src/test/java/dev/sigstore/rekor/v2/client/RekorV2ClientHttpTest.java @@ -20,20 +20,15 @@ import com.google.protobuf.ByteString; import dev.sigstore.AlgorithmRegistry; -import dev.sigstore.bundle.ImmutableDsseEnvelope; -import dev.sigstore.bundle.ImmutableSignature; import dev.sigstore.encryption.signers.Signers; import dev.sigstore.proto.common.v1.PublicKeyDetails; import dev.sigstore.proto.common.v1.X509Certificate; -import dev.sigstore.proto.rekor.v2.DSSERequestV002; import dev.sigstore.proto.rekor.v2.HashedRekordRequestV002; import dev.sigstore.proto.rekor.v2.Signature; import dev.sigstore.proto.rekor.v2.Verifier; -import dev.sigstore.rekor.client.RekorEntry; import dev.sigstore.testing.CertGenerator; import dev.sigstore.trustroot.Service; import dev.sigstore.tuf.SigstoreTufClient; -import io.intoto.EnvelopeOuterClass; import java.io.IOException; import java.nio.charset.StandardCharsets; import java.security.InvalidKeyException; @@ -51,7 +46,6 @@ public class RekorV2ClientHttpTest { private static RekorV2Client client; private static HashedRekordRequestV002 req; - private static RekorEntry entry; @BeforeAll public static void setupClient() throws Exception { @@ -62,7 +56,7 @@ public static void setupClient() throws Exception { client = RekorV2ClientHttp.builder().setService(rekorService).build(); req = createdRekorRequest(); - entry = client.putEntry(req); + client.putEntry(req); } @Test @@ -76,17 +70,6 @@ public void putEntry() throws Exception { assertNotNull(entry.getLogID()); } - @Test - public void putEntry_dsse() throws Exception { - var req = createDsseRequest(); - var entry = client.putEntry(req); - - assertNotNull(entry); - assertNotNull(entry.getVerification().getInclusionProof()); - assertTrue(entry.getLogIndex() >= 0); - assertNotNull(entry.getLogID()); - } - @NotNull private static HashedRekordRequestV002 createdRekorRequest() throws NoSuchAlgorithmException, @@ -127,53 +110,4 @@ private static HashedRekordRequestV002 createdRekorRequest() .setSignature(signature) .build(); } - - @NotNull - private static DSSERequestV002 createDsseRequest() - throws NoSuchAlgorithmException, - InvalidKeyException, - SignatureException, - OperatorCreationException, - CertificateException, - IOException { - var payload = "{\"foo\":\"bar\"}"; - var payloadType = "application/vnd.in-toto+json"; - - // sign the full content (these signers do the artifact hashing themselves) - var signer = Signers.from(AlgorithmRegistry.SigningAlgorithm.PKIX_ECDSA_P256_SHA_256); - - // create a fake signing cert (not fulcio/dex) - var cert = CertGenerator.newCert(signer.getPublicKey()).getEncoded(); - - var dsse = - ImmutableDsseEnvelope.builder() - .payload(payload.getBytes(StandardCharsets.UTF_8)) - .payloadType(payloadType) - .build(); - - var pae = dsse.getPAE(); - var sig = signer.sign(pae); - var dsseSigned = - ImmutableDsseEnvelope.builder() - .from(dsse) - .addSignatures(ImmutableSignature.builder().sig(sig).build()) - .build(); - - Verifier verifier = - Verifier.newBuilder() - .setX509Certificate( - X509Certificate.newBuilder().setRawBytes(ByteString.copyFrom(cert)).build()) - .setKeyDetails(PublicKeyDetails.PKIX_ECDSA_P256_SHA_256) - .build(); - - return DSSERequestV002.newBuilder() - .setEnvelope( - EnvelopeOuterClass.Envelope.newBuilder() - .setPayload(ByteString.copyFrom(dsseSigned.getPayload())) - .setPayloadType(dsseSigned.getPayloadType()) - .addSignatures( - EnvelopeOuterClass.Signature.newBuilder().setSig(ByteString.copyFrom(sig)))) - .addVerifiers(verifier) - .build(); - } } diff --git a/sigstore-java/src/test/resources/dev/sigstore/samples/bundles/bundle.dsse.rekor-v2.bad-entry-type.sigstore b/sigstore-java/src/test/resources/dev/sigstore/samples/bundles/bundle.dsse.rekor-v2.bad-entry-type.sigstore new file mode 100644 index 00000000..2b6b6d02 --- /dev/null +++ b/sigstore-java/src/test/resources/dev/sigstore/samples/bundles/bundle.dsse.rekor-v2.bad-entry-type.sigstore @@ -0,0 +1 @@ +{"mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", "verificationMaterial": {"certificate": {"rawBytes": "MIICyzCCAlKgAwIBAgIUMjDNrL/ZpriwSc+lM+0mnq5EFyIwCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjUwNzIzMTk1MDIyWhcNMjUwNzIzMjAwMDIyWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEE9LbVCgJscxGQF0RtZZWmIbJvkMEKuqQqg1eQsJ/qQK1Nh2VMDjZqfWBoc1u1cBFeBpChVHY83edhztO8Jx52aOCAXEwggFtMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUJvm5ncCyW6avs3RqBIXXtrMRGEswHwYDVR0jBBgwFoAUcYYwphR8Ym/599b0BRp/X//rb6wwIQYDVR0RAQH/BBcwFYETYWFyb25sZXdAZ29vZ2xlLmNvbTApBgorBgEEAYO/MAEBBBtodHRwczovL2FjY291bnRzLmdvb2dsZS5jb20wKwYKKwYBBAGDvzABCAQdDBtodHRwczovL2FjY291bnRzLmdvb2dsZS5jb20wgYoGCisGAQQB1nkCBAIEfAR6AHgAdgArMLzcaIjJ4uHYJiledB9IOTGWAvKcM8teQ0D+sqyGegAAAZg41kFVAAAEAwBHMEUCIEENnFN8ER4UNtH/nSBTirhvUZr7ICsOIBBN9vYAjz4pAiEArtD1UwqX5s5GB2eEFj4K/01Eh2K0wzQIGDa2YeS+hTwwCgYIKoZIzj0EAwMDZwAwZAIwYPr0dXtDc1iEraYMm1FemlXVH2o84E6kz1/RgQ623kyMFQR0XxXWavwCB89k6oecAjAcMKRHly449ScmfECUwUQ+gLxaJkrj4tGkWKIoUJm1J4jyfN6+7GT5T4n1iJLDBVM="}, "tlogEntries": [{"logIndex": "6883", "logId": {"keyId": "8w1amZ2S5mJIQkQmPxdMuOrL/oJkvFg9MnQXmeOCXck="}, "kindVersion": {"kind": "dsse", "version": "0.0.2"}, "inclusionProof": {"logIndex": "6883", "rootHash": "3PBfVgP7khx41FlnyPpz8uHwHgOwAy9eUaEGoJEpWS4=", "treeSize": "6884", "hashes": ["vG3789z3en7YY3+8TOMH3EoNH0l3Z+nEafcCSQla9ac=", "pUx4FWhp5snrjfhiDBFRZn5Ib3Om9PmIJKR/X8FKt6o=", "rul+526SZeq9WeyupR6VYddH+cFHJnCpolYwl1Akbx4=", "/WSx54v3EqBwQlFEzk+ovLearmtjbNDfjNyHfAL0iHk=", "Ezo3FTVCd4Kzk1oPeT3rNLZhvRsGZN/66ONX81DrJ0M=", "tnv06iEfRP1UrMtn7D7v4lA+1VfpdI3ioGcQRJLMoP0=", "Ag03a73jphtOkMBVhp+MkrJwDkx2NE69NESHMFcwcfI=", "xbDsGnxf1siByWHEuiK85p0reQCaKKWUjf8YNl9s/Vo="], "checkpoint": {"envelope": "log2025-alpha1.rekor.sigstage.dev\n6884\n3PBfVgP7khx41FlnyPpz8uHwHgOwAy9eUaEGoJEpWS4=\n\n\u2014 log2025-alpha1.rekor.sigstage.dev 8w1amd9Jy5UcYJbfxsSogkHmrj1wbtv3g4IWtZ4rspPxgWyDUrbQI7W0T4gHrjLM5IUbkoTmKRQoZsXTgmMgZ8B8ywk=\n"}}, "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjIiLCJraW5kIjoiZHNzZSIsInNwZWMiOnsiZHNzZVYwMDIiOnsicGF5bG9hZEhhc2giOnsiYWxnb3JpdGhtIjoiU0hBMl8yNTYiLCJkaWdlc3QiOiI5VmpkVnVPcGN5SEtnOFlsbWhuRjZXWXhrOHVvRXRSWHplS0FmcSt0WnIwPSJ9LCJzaWduYXR1cmVzIjpbeyJjb250ZW50IjoiTUVZQ0lRQ1psOS9laWVMOXdDUVhRY01uSmJYMis2cko5RTF0dm5EZTZPbkFwUFhLMGdJaEFKeUxiek1pZXFiY0o0VWZ6RkxKeG1GNUc3Y1FhRjhKTDZUZFFVd3JpdXY0IiwidmVyaWZpZXIiOnsia2V5RGV0YWlscyI6IlBLSVhfRUNEU0FfUDI1Nl9TSEFfMjU2IiwieDUwOUNlcnRpZmljYXRlIjp7InJhd0J5dGVzIjoiTUlJQ3l6Q0NBbEtnQXdJQkFnSVVNakROckwvWnByaXdTYytsTSswbW5xNUVGeUl3Q2dZSUtvWkl6ajBFQXdNd056RVZNQk1HQTFVRUNoTU1jMmxuYzNSdmNtVXVaR1YyTVI0d0hBWURWUVFERXhWemFXZHpkRzl5WlMxcGJuUmxjbTFsWkdsaGRHVXdIaGNOTWpVd056SXpNVGsxTURJeVdoY05NalV3TnpJek1qQXdNREl5V2pBQU1Ga3dFd1lIS29aSXpqMENBUVlJS29aSXpqMERBUWNEUWdBRUU5TGJWQ2dKc2N4R1FGMFJ0WlpXbUliSnZrTUVLdXFRcWcxZVFzSi9xUUsxTmgyVk1EalpxZldCb2MxdTFjQkZlQnBDaFZIWTgzZWRoenRPOEp4NTJhT0NBWEV3Z2dGdE1BNEdBMVVkRHdFQi93UUVBd0lIZ0RBVEJnTlZIU1VFRERBS0JnZ3JCZ0VGQlFjREF6QWRCZ05WSFE0RUZnUVVKdm01bmNDeVc2YXZzM1JxQklYWHRyTVJHRXN3SHdZRFZSMGpCQmd3Rm9BVWNZWXdwaFI4WW0vNTk5YjBCUnAvWC8vcmI2d3dJUVlEVlIwUkFRSC9CQmN3RllFVFlXRnliMjVzWlhkQVoyOXZaMnhsTG1OdmJUQXBCZ29yQmdFRUFZTy9NQUVCQkJ0b2RIUndjem92TDJGalkyOTFiblJ6TG1kdmIyZHNaUzVqYjIwd0t3WUtLd1lCQkFHRHZ6QUJDQVFkREJ0b2RIUndjem92TDJGalkyOTFiblJ6TG1kdmIyZHNaUzVqYjIwd2dZb0dDaXNHQVFRQjFua0NCQUlFZkFSNkFIZ0FkZ0FyTUx6Y2FJako0dUhZSmlsZWRCOUlPVEdXQXZLY004dGVRMEQrc3F5R2VnQUFBWmc0MWtGVkFBQUVBd0JITUVVQ0lFRU5uRk44RVI0VU50SC9uU0JUaXJodlVacjdJQ3NPSUJCTjl2WUFqejRwQWlFQXJ0RDFVd3FYNXM1R0IyZUVGajRLLzAxRWgySzB3elFJR0RhMlllUytoVHd3Q2dZSUtvWkl6ajBFQXdNRFp3QXdaQUl3WVByMGRYdERjMWlFcmFZTW0xRmVtbFhWSDJvODRFNmt6MS9SZ1E2MjNreU1GUVIwWHhYV2F2d0NCODlrNm9lY0FqQWNNS1JIbHk0NDlTY21mRUNVd1VRK2dMeGFKa3JqNHRHa1dLSW9VSm0xSjRqeWZONis3R1Q1VDRuMWlKTERCVk09In19fV19fX0="}], "timestampVerificationData": {"rfc3161Timestamps": [{"signedTimestamp": "MIIE6TADAgEAMIIE4AYJKoZIhvcNAQcCoIIE0TCCBM0CAQMxDTALBglghkgBZQMEAgEwgcIGCyqGSIb3DQEJEAEEoIGyBIGvMIGsAgEBBgkrBgEEAYO/MAIwMTANBglghkgBZQMEAgEFAAQgGHLmT/+u6DojuoqF81X1QeqgdFuIF0j7UYmOrfaqgiUCFBGYrUgXErfzFv7+j+Caoe5Uagg4GA8yMDI1MDcyMzE5NTAyMlowAwIBAQIJAOa3xjMvK5GjoDKkMDAuMRUwEwYDVQQKEwxzaWdzdG9yZS5kZXYxFTATBgNVBAMTDHNpZ3N0b3JlLXRzYaCCAhMwggIPMIIBlqADAgECAhQKNaEGYdXiQXPGiZan8n3yfgN8pzAKBggqhkjOPQQDAzA5MRUwEwYDVQQKEwxzaWdzdG9yZS5kZXYxIDAeBgNVBAMTF3NpZ3N0b3JlLXRzYS1zZWxmc2lnbmVkMB4XDTI1MDMyODA5MTQwNloXDTM1MDMyNjA4MTQwNlowLjEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MRUwEwYDVQQDEwxzaWdzdG9yZS10c2EwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATHW/kXcekP16Ae6SekEWVHPtAFEMm7hp5XO33MktFjSW+bHWUXtYEzZz0A3xkY9CyYOoeUk3ZH/v5HEuS+UvORzX0g7Hfy3uYYYRwHtqBQN0IX8rLdFMtIrRej/QCAdB2jajBoMA4GA1UdDwEB/wQEAwIHgDAdBgNVHQ4EFgQUqPxk9ijeLuY7c09UjFLE4ZzdU6UwHwYDVR0jBBgwFoAUOyBGWV61Mk1HMM5uY+5zdEfyBH0wFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgwCgYIKoZIzj0EAwMDZwAwZAIwRK9VLoYa0Xff4nX1N/AQ1YleNG/iLT8dAXAtRKRfpN9XuDScbxWeo0cku8SkC06NAjBQPe7LBNeitA/UOBtXT2sX1h6f4ISqz+ISmJ4lY+y3bzRJI5nk1r53I9WT3/xIWToxggHbMIIB1wIBATBRMDkxFTATBgNVBAoTDHNpZ3N0b3JlLmRldjEgMB4GA1UEAxMXc2lnc3RvcmUtdHNhLXNlbGZzaWduZWQCFAo1oQZh1eJBc8aJlqfyffJ+A3ynMAsGCWCGSAFlAwQCAaCB/DAaBgkqhkiG9w0BCQMxDQYLKoZIhvcNAQkQAQQwHAYJKoZIhvcNAQkFMQ8XDTI1MDcyMzE5NTAyMlowLwYJKoZIhvcNAQkEMSIEIOM5iKgzY5WzDUaZZCfd+WqilYB3hPNR5dedubOhel9XMIGOBgsqhkiG9w0BCRACLzF/MH0wezB5BCAG9P/gR/6zWZm3M7DXoyNQHPwY5MAzZqhF13U250snRDBVMD2kOzA5MRUwEwYDVQQKEwxzaWdzdG9yZS5kZXYxIDAeBgNVBAMTF3NpZ3N0b3JlLXRzYS1zZWxmc2lnbmVkAhQKNaEGYdXiQXPGiZan8n3yfgN8pzAKBggqhkjOPQQDAgRnMGUCMQCpzZZXVqicWuWohrGEoJqnxlI56up1QspAzfNwVecr6Kb/WIJpc5thx2/YHlEJMcACMHTGqJy4jBbYWP+vxkzT7smvrTf93MSNvWVuvujkSr+rLau6cLYVjAzK4y6chE0LkA=="}]}}, "dsseEnvelope": {"payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjEiLCJzdWJqZWN0IjpbeyJuYW1lIjoiYXJ0aWZhY3QudHh0IiwiZGlnZXN0Ijp7InNoYTI1NiI6ImEwY2ZjNzEyNzFkNmUyNzhlNTdjZDMzMmZmOTU3YzNmNzA0M2ZkZGEzNTRjNGNiYjE5MGEzMGQ1NmVmYTAxYmYifX1dLCJwcmVkaWNhdGVUeXBlIjoiaHR0cHM6Ly9zbHNhLmRldi9wcm92ZW5hbmNlL3YxIiwicHJlZGljYXRlIjp7ImJ1aWxkRGVmaW5pdGlvbiI6eyJidWlsZFR5cGUiOiJodHRwczovL2FjdGlvbnMuZ2l0aHViLmlvL2J1aWxkdHlwZXMvd29ya2Zsb3cvdjEiLCJleHRlcm5hbFBhcmFtZXRlcnMiOnsid29ya2Zsb3ciOnsicmVmIjoicmVmcy9oZWFkcy9tYWluIiwicmVwb3NpdG9yeSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9sb29zZWJhem9va2EvYWEtdGVzdCIsInBhdGgiOiIuZ2l0aHViL3dvcmtmbG93cy9wcm92ZW5hbmNlLnlhbWwifX0sImludGVybmFsUGFyYW1ldGVycyI6eyJnaXRodWIiOnsiZXZlbnRfbmFtZSI6IndvcmtmbG93X2Rpc3BhdGNoIiwicmVwb3NpdG9yeV9pZCI6Ijg5MTcxNTQ0NCIsInJlcG9zaXRvcnlfb3duZXJfaWQiOiIxMzA0ODI2IiwicnVubmVyX2Vudmlyb25tZW50IjoiZ2l0aHViLWhvc3RlZCJ9fSwicmVzb2x2ZWREZXBlbmRlbmNpZXMiOlt7InVyaSI6ImdpdCtodHRwczovL2dpdGh1Yi5jb20vbG9vc2ViYXpvb2thL2FhLXRlc3RAcmVmcy9oZWFkcy9tYWluIiwiZGlnZXN0Ijp7ImdpdENvbW1pdCI6ImViZmY4ZGZiZDYwOWI3YjIyMjM3Yzc3MTljZTA3ZjJkYzc5MzRmNWYifX1dfSwicnVuRGV0YWlscyI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9naXRodWIuY29tL2xvb3NlYmF6b29rYS9hYS10ZXN0Ly5naXRodWIvd29ya2Zsb3dzL3Byb3ZlbmFuY2UueWFtbEByZWZzL2hlYWRzL21haW4ifSwibWV0YWRhdGEiOnsiaW52b2NhdGlvbklkIjoiaHR0cHM6Ly9naXRodWIuY29tL2xvb3NlYmF6b29rYS9hYS10ZXN0L2FjdGlvbnMvcnVucy8xMTk0MTQyNTQ4Ny9hdHRlbXB0cy8xIn19fX0=", "payloadType": "application/vnd.in-toto+json", "signatures": [{"sig": "MEYCIQCZl9/eieL9wCQXQcMnJbX2+6rJ9E1tvnDe6OnApPXK0gIhAJyLbzMieqbcJ4UfzFLJxmF5G7cQaF8JL6TdQUwriuv4"}]}} diff --git a/sigstore-java/src/test/resources/dev/sigstore/samples/bundles/bundle.dsse.rekor-v2.bad-signature.sigstore b/sigstore-java/src/test/resources/dev/sigstore/samples/bundles/bundle.dsse.rekor-v2.bad-signature.sigstore index 284fcd6b..2c2b99ef 100644 --- a/sigstore-java/src/test/resources/dev/sigstore/samples/bundles/bundle.dsse.rekor-v2.bad-signature.sigstore +++ b/sigstore-java/src/test/resources/dev/sigstore/samples/bundles/bundle.dsse.rekor-v2.bad-signature.sigstore @@ -1 +1,60 @@ -{"mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", "verificationMaterial": {"certificate": {"rawBytes": "MIICyzCCAlKgAwIBAgIUKV93VRE8+giR4U3JmE46FfjWQPEwCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjUwNzIyMTg0NjI4WhcNMjUwNzIyMTg1NjI4WjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEibOnv7mMVdCDKGzvkqnOG6Edv2c3/iGzYezZsyS75ZUtYWh1rnzT7rmrrMdqtetsZ1+lFAYKm8RKY8FmOm9cIqOCAXEwggFtMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUxwW/jGsI9VVYFl8GGAHjP0BeVeMwHwYDVR0jBBgwFoAUcYYwphR8Ym/599b0BRp/X//rb6wwIQYDVR0RAQH/BBcwFYETYWFyb25sZXdAZ29vZ2xlLmNvbTApBgorBgEEAYO/MAEBBBtodHRwczovL2FjY291bnRzLmdvb2dsZS5jb20wKwYKKwYBBAGDvzABCAQdDBtodHRwczovL2FjY291bnRzLmdvb2dsZS5jb20wgYoGCisGAQQB1nkCBAIEfAR6AHgAdgArMLzcaIjJ4uHYJiledB9IOTGWAvKcM8teQ0D+sqyGegAAAZgzdWZsAAAEAwBHMEUCIEKunFqu8GdmhXDsFwg/xbT67q99jPfAxsckPMFVwVgUAiEAvHnFz6h5BCXlyTCj225FD0bWKyDTmz/3fG0SiN51C2IwCgYIKoZIzj0EAwMDZwAwZAIwZeLswpKDDMuxCywKKM+phTSbvHN+024YeOGEoGOevo4GrBMGcm2QXapyN4U+MKY2AjAY8oryNBlotXqECqeYVUHCsBOu2I/G43KjTagDNhTmxPJc4oKsZeEmY8azL6H6QfQ="}, "tlogEntries": [{"logIndex": "6599", "logId": {"keyId": "8w1amZ2S5mJIQkQmPxdMuOrL/oJkvFg9MnQXmeOCXck="}, "kindVersion": {"kind": "dsse", "version": "0.0.2"}, "inclusionProof": {"logIndex": "6599", "rootHash": "dkGnJ+1zBeCDPO3w+CMSyZBL30cTl8vfPPO5OJjgpFk=", "treeSize": "6600", "hashes": ["1o6HtTnpjCIPmqgZaNcQVZO+XD95kYFUyFpIiuQt08c=", "7fw4fFrLFNo4v9ao7ecWVaihhyP1AONn8XqKVlbdMB0=", "63rDNjdnW14mVVe5PB9vf249qu9JU0qCbWtREGFp0Q0=", "A+VlB+XR92aS2txcqdoEfCb3QqZ89UHRDE87bcK7JiU=", "HhgSw1jzUj25LbExsCl8FbDRO6eJnxb9iGu259pM3ms=", "gpAC2IEHOQH0Mluo3QTOJzs2KTswWJ+2JiODSInqpyg=", "Ag03a73jphtOkMBVhp+MkrJwDkx2NE69NESHMFcwcfI=", "xbDsGnxf1siByWHEuiK85p0reQCaKKWUjf8YNl9s/Vo="], "checkpoint": {"envelope": "log2025-alpha1.rekor.sigstage.dev\n6600\ndkGnJ+1zBeCDPO3w+CMSyZBL30cTl8vfPPO5OJjgpFk=\n\n\u2014 log2025-alpha1.rekor.sigstage.dev 8w1amcTOF4cFBuJnrIMtTVD+a7oPZBzShJDajugc2wuxq/cfw+ImFdwU2mnKf+F334vPvOTWzqiK19Frf4q3F45yegI=\n"}}, "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjIiLCJraW5kIjoiZHNzZSIsInNwZWMiOnsiZHNzZVYwMDIiOnsicGF5bG9hZEhhc2giOnsiYWxnb3JpdGhtIjoiU0hBMl8yNTYiLCJkaWdlc3QiOiIxcklKdXAzZU94N2w3ZXU0alJzYmtYdHk3cllVTW81N3BtZjF0NnR3NlljPSJ9LCJzaWduYXR1cmVzIjpbeyJjb250ZW50IjoiTUVZQ0lRRGRXeVBqTUJ4R1YxS1drVURVWm1TR05yVlMzYUN3K3M3S2oxM0tIT1lyaWdJaEFPR2Z4clkyeVhhREpKMUVLQWd0aVdjSEhYY2ZDS09aTHkveDZnYllGYW5KIiwidmVyaWZpZXIiOnsia2V5RGV0YWlscyI6IlBLSVhfRUNEU0FfUDI1Nl9TSEFfMjU2IiwieDUwOUNlcnRpZmljYXRlIjp7InJhd0J5dGVzIjoiTUlJQ3l6Q0NBbEtnQXdJQkFnSVVLVjkzVlJFOCtnaVI0VTNKbUU0NkZmaldRUEV3Q2dZSUtvWkl6ajBFQXdNd056RVZNQk1HQTFVRUNoTU1jMmxuYzNSdmNtVXVaR1YyTVI0d0hBWURWUVFERXhWemFXZHpkRzl5WlMxcGJuUmxjbTFsWkdsaGRHVXdIaGNOTWpVd056SXlNVGcwTmpJNFdoY05NalV3TnpJeU1UZzFOakk0V2pBQU1Ga3dFd1lIS29aSXpqMENBUVlJS29aSXpqMERBUWNEUWdBRWliT252N21NVmRDREtHenZrcW5PRzZFZHYyYzMvaUd6WWV6WnN5Uzc1WlV0WVdoMXJuelQ3cm1yck1kcXRldHNaMStsRkFZS204UktZOEZtT205Y0lxT0NBWEV3Z2dGdE1BNEdBMVVkRHdFQi93UUVBd0lIZ0RBVEJnTlZIU1VFRERBS0JnZ3JCZ0VGQlFjREF6QWRCZ05WSFE0RUZnUVV4d1cvakdzSTlWVllGbDhHR0FIalAwQmVWZU13SHdZRFZSMGpCQmd3Rm9BVWNZWXdwaFI4WW0vNTk5YjBCUnAvWC8vcmI2d3dJUVlEVlIwUkFRSC9CQmN3RllFVFlXRnliMjVzWlhkQVoyOXZaMnhsTG1OdmJUQXBCZ29yQmdFRUFZTy9NQUVCQkJ0b2RIUndjem92TDJGalkyOTFiblJ6TG1kdmIyZHNaUzVqYjIwd0t3WUtLd1lCQkFHRHZ6QUJDQVFkREJ0b2RIUndjem92TDJGalkyOTFiblJ6TG1kdmIyZHNaUzVqYjIwd2dZb0dDaXNHQVFRQjFua0NCQUlFZkFSNkFIZ0FkZ0FyTUx6Y2FJako0dUhZSmlsZWRCOUlPVEdXQXZLY004dGVRMEQrc3F5R2VnQUFBWmd6ZFdac0FBQUVBd0JITUVVQ0lFS3VuRnF1OEdkbWhYRHNGd2cveGJUNjdxOTlqUGZBeHNja1BNRlZ3VmdVQWlFQXZIbkZ6Nmg1QkNYbHlUQ2oyMjVGRDBiV0t5RFRtei8zZkcwU2lONTFDMkl3Q2dZSUtvWkl6ajBFQXdNRFp3QXdaQUl3WmVMc3dwS0RETXV4Q3l3S0tNK3BoVFNidkhOKzAyNFllT0dFb0dPZXZvNEdyQk1HY20yUVhhcHlONFUrTUtZMkFqQVk4b3J5TkJsb3RYcUVDcWVZVlVIQ3NCT3UySS9HNDNLalRhZ0ROaFRteFBKYzRvS3NaZUVtWThhekw2SDZRZlE9In19fV19fX0="}], "timestampVerificationData": {"rfc3161Timestamps": [{"signedTimestamp": "MIIE6DADAgEAMIIE3wYJKoZIhvcNAQcCoIIE0DCCBMwCAQMxDTALBglghkgBZQMEAgEwgcIGCyqGSIb3DQEJEAEEoIGyBIGvMIGsAgEBBgkrBgEEAYO/MAIwMTANBglghkgBZQMEAgEFAAQgLe3+Y0/EGJLgaObiPUd56aqMZHDIPVmcwL4g52XYMmsCFCnmDigcquRsTW0ceewSf7Nu4jatGA8yMDI1MDcyMjE4NDYyOFowAwIBAQIJAO/M+RPO/W6HoDKkMDAuMRUwEwYDVQQKEwxzaWdzdG9yZS5kZXYxFTATBgNVBAMTDHNpZ3N0b3JlLXRzYaCCAhMwggIPMIIBlqADAgECAhQKNaEGYdXiQXPGiZan8n3yfgN8pzAKBggqhkjOPQQDAzA5MRUwEwYDVQQKEwxzaWdzdG9yZS5kZXYxIDAeBgNVBAMTF3NpZ3N0b3JlLXRzYS1zZWxmc2lnbmVkMB4XDTI1MDMyODA5MTQwNloXDTM1MDMyNjA4MTQwNlowLjEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MRUwEwYDVQQDEwxzaWdzdG9yZS10c2EwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATHW/kXcekP16Ae6SekEWVHPtAFEMm7hp5XO33MktFjSW+bHWUXtYEzZz0A3xkY9CyYOoeUk3ZH/v5HEuS+UvORzX0g7Hfy3uYYYRwHtqBQN0IX8rLdFMtIrRej/QCAdB2jajBoMA4GA1UdDwEB/wQEAwIHgDAdBgNVHQ4EFgQUqPxk9ijeLuY7c09UjFLE4ZzdU6UwHwYDVR0jBBgwFoAUOyBGWV61Mk1HMM5uY+5zdEfyBH0wFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgwCgYIKoZIzj0EAwMDZwAwZAIwRK9VLoYa0Xff4nX1N/AQ1YleNG/iLT8dAXAtRKRfpN9XuDScbxWeo0cku8SkC06NAjBQPe7LBNeitA/UOBtXT2sX1h6f4ISqz+ISmJ4lY+y3bzRJI5nk1r53I9WT3/xIWToxggHaMIIB1gIBATBRMDkxFTATBgNVBAoTDHNpZ3N0b3JlLmRldjEgMB4GA1UEAxMXc2lnc3RvcmUtdHNhLXNlbGZzaWduZWQCFAo1oQZh1eJBc8aJlqfyffJ+A3ynMAsGCWCGSAFlAwQCAaCB/DAaBgkqhkiG9w0BCQMxDQYLKoZIhvcNAQkQAQQwHAYJKoZIhvcNAQkFMQ8XDTI1MDcyMjE4NDYyOFowLwYJKoZIhvcNAQkEMSIEIFoIhOeb/JcbKTcAdjaFtJFAJY1EG8InbA7xmYcN4z+mMIGOBgsqhkiG9w0BCRACLzF/MH0wezB5BCAG9P/gR/6zWZm3M7DXoyNQHPwY5MAzZqhF13U250snRDBVMD2kOzA5MRUwEwYDVQQKEwxzaWdzdG9yZS5kZXYxIDAeBgNVBAMTF3NpZ3N0b3JlLXRzYS1zZWxmc2lnbmVkAhQKNaEGYdXiQXPGiZan8n3yfgN8pzAKBggqhkjOPQQDAgRmMGQCMDWotxN6KqroQvcfh9K2D+BAUQu3WhowMAFQYtPpX878/y6s+ingRwDO8773sLoOOAIwWnO0DWUtymNLHKikkq/pr+cKnFry1UMj3udsXHEEkUDpdInnIzlaQi2/re2yPo6o"}]}}, "dsseEnvelope": {"payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjEiLCJzdWJqZWN0IjpbeyJuYW1lIjoiYS50eHQiLCJkaWdlc3QiOnsic2hhMjU2IjoiYTBjZmM3MTI3MWQ2ZTI3OGU1N2NkMzMyZmY5NTdjM2Y3MDQzZmRkYTM1NGM0Y2JiMTkwYTMwZDU2ZWZhMDFiZiJ9fV0sInByZWRpY2F0ZVR5cGUiOiJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjEiLCJwcmVkaWNhdGUiOnsiYnVpbGREZWZpbml0aW9uIjp7ImJ1aWxkVHlwZSI6Imh0dHBzOi8vYWN0aW9ucy5naXRodWIuaW8vYnVpbGR0eXBlcy93b3JrZmxvdy92MSIsImV4dGVybmFsUGFyYW1ldGVycyI6eyJ3b3JrZmxvdyI6eyJyZWYiOiJyZWZzL2hlYWRzL21haW4iLCJyZXBvc2l0b3J5IjoiaHR0cHM6Ly9naXRodWIuY29tL2xvb3NlYmF6b29rYS9hYS10ZXN0IiwicGF0aCI6Ii5naXRodWIvd29ya2Zsb3dzL3Byb3ZlbmFuY2UueWFtbCJ9fSwiaW50ZXJuYWxQYXJhbWV0ZXJzIjp7ImdpdGh1YiI6eyJldmVudF9uYW1lIjoid29ya2Zsb3dfZGlzcGF0Y2giLCJyZXBvc2l0b3J5X2lkIjoiODkxNzE1NDQ0IiwicmVwb3NpdG9yeV9vd25lcl9pZCI6IjEzMDQ4MjYiLCJydW5uZXJfZW52aXJvbm1lbnQiOiJnaXRodWItaG9zdGVkIn19LCJyZXNvbHZlZERlcGVuZGVuY2llcyI6W3sidXJpIjoiZ2l0K2h0dHBzOi8vZ2l0aHViLmNvbS9sb29zZWJhem9va2EvYWEtdGVzdEByZWZzL2hlYWRzL21haW4iLCJkaWdlc3QiOnsiZ2l0Q29tbWl0IjoiZWJmZjhkZmJkNjA5YjdiMjIyMzdjNzcxOWNlMDdmMmRjNzkzNGY1ZiJ9fV19LCJydW5EZXRhaWxzIjp7ImJ1aWxkZXIiOnsiaWQiOiJodHRwczovL2dpdGh1Yi5jb20vbG9vc2ViYXpvb2thL2FhLXRlc3QvLmdpdGh1Yi93b3JrZmxvd3MvcHJvdmVuYW5jZS55YW1sQHJlZnMvaGVhZHMvbWFpbiJ9LCJtZXRhZGF0YSI6eyJpbnZvY2F0aW9uSWQiOiJodHRwczovL2dpdGh1Yi5jb20vbG9vc2ViYXpvb2thL2FhLXRlc3QvYWN0aW9ucy9ydW5zLzExOTQxNDI1NDg3L2F0dGVtcHRzLzEifX19fQ==", "payloadType": "application/vnd.in-toto+json", "signatures": [{"sig": "MEYCIQDdWyPjMBxGV1KWkUDUZmSGNrVS3aCw+s7Kj13KHOYrigIhAOGfxrY2yXaDJJ1EKAgtiWcHHXcfCKOZLy/x6gbYFanK"}]}} +{ + "mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", + "verificationMaterial": { + "certificate": { + "rawBytes": "MIIIPjCCB8OgAwIBAgIUeM3NlSziGqyL9eZI60oZxLb9zagwCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjYwNTEzMTkyMzMyWhcNMjYwNTEzMTkzMzMyWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE1QyGuXvW6qw/A8ZGhPMkTgNtuI5KD78Melrj2MiRes4Q/35YI+tC14XKYjQDQDgIOVODYXt948sJw9zG7gXMkKOCBuIwggbeMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUMz1orfizj2bmeTSSIKuK9zh5iPcwHwYDVR0jBBgwFoAUcYYwphR8Ym/599b0BRp/X//rb6wwgaUGA1UdEQEB/wSBmjCBl4aBlGh0dHBzOi8vZ2l0aHViLmNvbS9zaWdzdG9yZS1jb25mb3JtYW5jZS9leHRyZW1lbHktZGFuZ2Vyb3VzLXB1YmxpYy1vaWRjLWJlYWNvbi8uZ2l0aHViL3dvcmtmbG93cy9leHRyZW1lbHktZGFuZ2Vyb3VzLW9pZGMtYmVhY29uLnltbEByZWZzL2hlYWRzL21haW4wOQYKKwYBBAGDvzABAQQraHR0cHM6Ly90b2tlbi5hY3Rpb25zLmdpdGh1YnVzZXJjb250ZW50LmNvbTAfBgorBgEEAYO/MAECBBF3b3JrZmxvd19kaXNwYXRjaDA2BgorBgEEAYO/MAEDBCg5NzdlOGQwODU1NGNhOWJkYTI3OWM5NmU5MWJlMjExOWZiNjdjNzMwMC0GCisGAQQBg78wAQQEH0V4dHJlbWVseSBkYW5nZXJvdXMgT0lEQyBiZWFjb24wSQYKKwYBBAGDvzABBQQ7c2lnc3RvcmUtY29uZm9ybWFuY2UvZXh0cmVtZWx5LWRhbmdlcm91cy1wdWJsaWMtb2lkYy1iZWFjb24wHQYKKwYBBAGDvzABBgQPcmVmcy9oZWFkcy9tYWluMDsGCisGAQQBg78wAQgELQwraHR0cHM6Ly90b2tlbi5hY3Rpb25zLmdpdGh1YnVzZXJjb250ZW50LmNvbTCBpgYKKwYBBAGDvzABCQSBlwyBlGh0dHBzOi8vZ2l0aHViLmNvbS9zaWdzdG9yZS1jb25mb3JtYW5jZS9leHRyZW1lbHktZGFuZ2Vyb3VzLXB1YmxpYy1vaWRjLWJlYWNvbi8uZ2l0aHViL3dvcmtmbG93cy9leHRyZW1lbHktZGFuZ2Vyb3VzLW9pZGMtYmVhY29uLnltbEByZWZzL2hlYWRzL21haW4wOAYKKwYBBAGDvzABCgQqDCg5NzdlOGQwODU1NGNhOWJkYTI3OWM5NmU5MWJlMjExOWZiNjdjNzMwMB0GCisGAQQBg78wAQsEDwwNZ2l0aHViLWhvc3RlZDBeBgorBgEEAYO/MAEMBFAMTmh0dHBzOi8vZ2l0aHViLmNvbS9zaWdzdG9yZS1jb25mb3JtYW5jZS9leHRyZW1lbHktZGFuZ2Vyb3VzLXB1YmxpYy1vaWRjLWJlYWNvbjA4BgorBgEEAYO/MAENBCoMKDk3N2U4ZDA4NTU0Y2E5YmRhMjc5Yzk2ZTkxYmUyMTE5ZmI2N2M3MzAwHwYKKwYBBAGDvzABDgQRDA9yZWZzL2hlYWRzL21haW4wGQYKKwYBBAGDvzABDwQLDAk2MzI1OTY4OTcwNwYKKwYBBAGDvzABEAQpDCdodHRwczovL2dpdGh1Yi5jb20vc2lnc3RvcmUtY29uZm9ybWFuY2UwGQYKKwYBBAGDvzABEQQLDAkxMzE4MDQ1NjMwgaYGCisGAQQBg78wARIEgZcMgZRodHRwczovL2dpdGh1Yi5jb20vc2lnc3RvcmUtY29uZm9ybWFuY2UvZXh0cmVtZWx5LWRhbmdlcm91cy1wdWJsaWMtb2lkYy1iZWFjb24vLmdpdGh1Yi93b3JrZmxvd3MvZXh0cmVtZWx5LWRhbmdlcm91cy1vaWRjLWJlYWNvbi55bWxAcmVmcy9oZWFkcy9tYWluMDgGCisGAQQBg78wARMEKgwoOTc3ZThkMDg1NTRjYTliZGEyNzljOTZlOTFiZTIxMTlmYjY3YzczMDAhBgorBgEEAYO/MAEUBBMMEXdvcmtmbG93X2Rpc3BhdGNoMIGCBgorBgEEAYO/MAEVBHQMcmh0dHBzOi8vZ2l0aHViLmNvbS9zaWdzdG9yZS1jb25mb3JtYW5jZS9leHRyZW1lbHktZGFuZ2Vyb3VzLXB1YmxpYy1vaWRjLWJlYWNvbi9hY3Rpb25zL3J1bnMvMjU4MjEyODIwNTkvYXR0ZW1wdHMvMTAWBgorBgEEAYO/MAEWBAgMBnB1YmxpYzCBlQYKKwYBBAHWeQIEAgSBhgSBgwCBAH8APmBxU3RuGJLgkLI2sUl2Jy9ntE1vks5vdxFKtyKgprYAAAGeIstZkAAIAAAFAAAN3hQEAwBIMEYCIQC21zfS/kOLTPP8uvSrAJ286X4dw5beF3pgCtHp3FsvbAIhAMR7wwTWf9++dtLPpMlRmvzOC2gwgS4j9f7eRLw2txXMMAoGCCqGSM49BAMDA2kAMGYCMQDoTVmOTK23t5eE/1BMr7GPxiyvF3+D8XJ/Okx7TRHuizJjlNF5dNRWLXRkp9okFrcCMQDQppyt8F1tbFc8mQqirwA90eyEJfBVjG4D0loN6t7JwKrO+K/QuoE8B1mozTZixIc=" + }, + "tlogEntries": [ + { + "logIndex": "4026478", + "logId": { + "keyId": "09OnDKEw7/hpZiYVPoTRzRbglHk0sylsUovegnRUlJY=" + }, + "kindVersion": { + "kind": "hashedrekord", + "version": "0.0.2" + }, + "inclusionProof": { + "logIndex": "4026478", + "rootHash": "5iaX4xK6PMnp4ZFTP4iywMcwLgaTjzgRTkrTOUFIrfY=", + "treeSize": "4026479", + "hashes": [ + "y9eH/Cl/glEuLMKtwV0bgZ+a1P/AjoPyvu/iUeanaIM=", + "nrNQ2vb5JM2No6zELZt05onTYzqQOwDUcs24jAa6lzk=", + "HfZO2uZZbokwORUD/0dMRpBEouo33Ab2nQ2N6r4v688=", + "grMdYn8tE73JvJU8Ixk4hl8/fKu06hUdgpPNsuAfb7o=", + "i1gQ61xe3f9MP09y2e9Z4n5ZnDiFuqQmTK/u7Gji4Ws=", + "TkPA4Mv4plM3c6oejf5r+PqVxfMPk0x+QAjumzaswsU=", + "wGq46RfkA9tCYZ2CCOOMGQttyhHIqMksBAl+soDBgRw=", + "WPWftR+8Qjv3qiIBp48n3PiweejcpuHjokhaSIJaUOo=", + "kgGccNZjCDNKiQBUSPorZcTXoy9T0OIygUNX2V9tF7s=", + "7vMeapYqpjDZc8itt3uF6dGxL5qkbFsQ18jBiblH/5g=", + "ma8nVjhpJ0JmgSzaxhxP7bvHXtiZC6nJXIBmDV8kNAI=", + "CZJWJtYZFYWwC+DsEiCMnWled/ED66viI0Wz/L+9vxk=", + "Y8Q9QaTpqRAlSoWnNwyYGDerVLL1f6b8osmbDYEF6og=" + ], + "checkpoint": { + "envelope": "log2025-alpha3.rekor.sigstage.dev\n4026479\n5iaX4xK6PMnp4ZFTP4iywMcwLgaTjzgRTkrTOUFIrfY=\n\n— log2025-alpha3.rekor.sigstage.dev 09OnDHwVrKeXjBYQ4NJ5EoENdtpBwZcV3X8n+cAZFIk+8LBPKEpZcKqoN2CfjGw0zlQwt+U2pLt5UyYEFv+STPHPmQg=\n— witness.stagemole.eu Z/euoAAAAABqBM+21mV7JbHwWmLP20ZSpNWneHMkITOPopt+Vj1MoJSILqOIPpx93pbRfA0U+Eq5IiJjEUhG1JwGhPCJEUT5yDcFDg==\n— staging.witness.transparency.goog/ring-any-bells LhqNyQAAAABqBM+2Ob9EtpF9h6IUMXc/LTRkkXiNAgbbohBxHekby1oASdDtPLkgZLmBHH73DF25f2L8xGgp/qVwoZK5thKXc6XnCw==\n— witness.navigli.sunlight.geomys.org o+AP4gAAAABqBM+2NoYlK4g3lkC5QltDB6f2F9U8yF6+8kXKjLKHAYvSDJ3u5dZufSU3bz+AtJMdOoMixoFJBkQ397WY/mE0i9tlCg==\n" + } + }, + "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjIiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJoYXNoZWRSZWtvcmRWMDAyIjp7ImRhdGEiOnsiYWxnb3JpdGhtIjoiU0hBMl8yNTYiLCJkaWdlc3QiOiJWL0lUWEZsTWY1Tmc1NXBVSXNLUitJZU5TdVhGT2J3RTNLUmRwajE4TGhFPSJ9LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FVUNJUUNRUTExbnNvVGFPNTIvTUM0OGcwN21qQVRkeEQ4Nnl3ZHUzTnhKVWpIN3lBSWdXR2MrTVIzZUlBb1d1OEpFMVFNMllEc2xwb0ZBek1WV3BOMTE1ZkNLdXFnPSIsInZlcmlmaWVyIjp7ImtleURldGFpbHMiOiJQS0lYX0VDRFNBX1AyNTZfU0hBXzI1NiIsIng1MDlDZXJ0aWZpY2F0ZSI6eyJyYXdCeXRlcyI6Ik1JSUlQakNDQjhPZ0F3SUJBZ0lVZU0zTmxTemlHcXlMOWVaSTYwb1p4TGI5emFnd0NnWUlLb1pJemowRUF3TXdOekVWTUJNR0ExVUVDaE1NYzJsbmMzUnZjbVV1WkdWMk1SNHdIQVlEVlFRREV4VnphV2R6ZEc5eVpTMXBiblJsY20xbFpHbGhkR1V3SGhjTk1qWXdOVEV6TVRreU16TXlXaGNOTWpZd05URXpNVGt6TXpNeVdqQUFNRmt3RXdZSEtvWkl6ajBDQVFZSUtvWkl6ajBEQVFjRFFnQUUxUXlHdVh2VzZxdy9BOFpHaFBNa1RnTnR1STVLRDc4TWVscmoyTWlSZXM0US8zNVlJK3RDMTRYS1lqUURRRGdJT1ZPRFlYdDk0OHNKdzl6RzdnWE1rS09DQnVJd2dnYmVNQTRHQTFVZER3RUIvd1FFQXdJSGdEQVRCZ05WSFNVRUREQUtCZ2dyQmdFRkJRY0RBekFkQmdOVkhRNEVGZ1FVTXoxb3JmaXpqMmJtZVRTU0lLdUs5emg1aVBjd0h3WURWUjBqQkJnd0ZvQVVjWVl3cGhSOFltLzU5OWIwQlJwL1gvL3JiNnd3Z2FVR0ExVWRFUUVCL3dTQm1qQ0JsNGFCbEdoMGRIQnpPaTh2WjJsMGFIVmlMbU52YlM5emFXZHpkRzl5WlMxamIyNW1iM0p0WVc1alpTOWxlSFJ5WlcxbGJIa3RaR0Z1WjJWeWIzVnpMWEIxWW14cFl5MXZhV1JqTFdKbFlXTnZiaTh1WjJsMGFIVmlMM2R2Y210bWJHOTNjeTlsZUhSeVpXMWxiSGt0WkdGdVoyVnliM1Z6TFc5cFpHTXRZbVZoWTI5dUxubHRiRUJ5WldaekwyaGxZV1J6TDIxaGFXNHdPUVlLS3dZQkJBR0R2ekFCQVFRcmFIUjBjSE02THk5MGIydGxiaTVoWTNScGIyNXpMbWRwZEdoMVluVnpaWEpqYjI1MFpXNTBMbU52YlRBZkJnb3JCZ0VFQVlPL01BRUNCQkYzYjNKclpteHZkMTlrYVhOd1lYUmphREEyQmdvckJnRUVBWU8vTUFFREJDZzVOemRsT0dRd09EVTFOR05oT1dKa1lUSTNPV001Tm1VNU1XSmxNakV4T1daaU5qZGpOek13TUMwR0Npc0dBUVFCZzc4d0FRUUVIMFY0ZEhKbGJXVnNlU0JrWVc1blpYSnZkWE1nVDBsRVF5QmlaV0ZqYjI0d1NRWUtLd1lCQkFHRHZ6QUJCUVE3YzJsbmMzUnZjbVV0WTI5dVptOXliV0Z1WTJVdlpYaDBjbVZ0Wld4NUxXUmhibWRsY205MWN5MXdkV0pzYVdNdGIybGtZeTFpWldGamIyNHdIUVlLS3dZQkJBR0R2ekFCQmdRUGNtVm1jeTlvWldGa2N5OXRZV2x1TURzR0Npc0dBUVFCZzc4d0FRZ0VMUXdyYUhSMGNITTZMeTkwYjJ0bGJpNWhZM1JwYjI1ekxtZHBkR2gxWW5WelpYSmpiMjUwWlc1MExtTnZiVENCcGdZS0t3WUJCQUdEdnpBQkNRU0Jsd3lCbEdoMGRIQnpPaTh2WjJsMGFIVmlMbU52YlM5emFXZHpkRzl5WlMxamIyNW1iM0p0WVc1alpTOWxlSFJ5WlcxbGJIa3RaR0Z1WjJWeWIzVnpMWEIxWW14cFl5MXZhV1JqTFdKbFlXTnZiaTh1WjJsMGFIVmlMM2R2Y210bWJHOTNjeTlsZUhSeVpXMWxiSGt0WkdGdVoyVnliM1Z6TFc5cFpHTXRZbVZoWTI5dUxubHRiRUJ5WldaekwyaGxZV1J6TDIxaGFXNHdPQVlLS3dZQkJBR0R2ekFCQ2dRcURDZzVOemRsT0dRd09EVTFOR05oT1dKa1lUSTNPV001Tm1VNU1XSmxNakV4T1daaU5qZGpOek13TUIwR0Npc0dBUVFCZzc4d0FRc0VEd3dOWjJsMGFIVmlMV2h2YzNSbFpEQmVCZ29yQmdFRUFZTy9NQUVNQkZBTVRtaDBkSEJ6T2k4dloybDBhSFZpTG1OdmJTOXphV2R6ZEc5eVpTMWpiMjVtYjNKdFlXNWpaUzlsZUhSeVpXMWxiSGt0WkdGdVoyVnliM1Z6TFhCMVlteHBZeTF2YVdSakxXSmxZV052YmpBNEJnb3JCZ0VFQVlPL01BRU5CQ29NS0RrM04yVTRaREE0TlRVMFkyRTVZbVJoTWpjNVl6azJaVGt4WW1VeU1URTVabUkyTjJNM016QXdId1lLS3dZQkJBR0R2ekFCRGdRUkRBOXlaV1p6TDJobFlXUnpMMjFoYVc0d0dRWUtLd1lCQkFHRHZ6QUJEd1FMREFrMk16STFPVFk0T1Rjd053WUtLd1lCQkFHRHZ6QUJFQVFwRENkb2RIUndjem92TDJkcGRHaDFZaTVqYjIwdmMybG5jM1J2Y21VdFkyOXVabTl5YldGdVkyVXdHUVlLS3dZQkJBR0R2ekFCRVFRTERBa3hNekU0TURRMU5qTXdnYVlHQ2lzR0FRUUJnNzh3QVJJRWdaY01nWlJvZEhSd2N6b3ZMMmRwZEdoMVlpNWpiMjB2YzJsbmMzUnZjbVV0WTI5dVptOXliV0Z1WTJVdlpYaDBjbVZ0Wld4NUxXUmhibWRsY205MWN5MXdkV0pzYVdNdGIybGtZeTFpWldGamIyNHZMbWRwZEdoMVlpOTNiM0pyWm14dmQzTXZaWGgwY21WdFpXeDVMV1JoYm1kbGNtOTFjeTF2YVdSakxXSmxZV052Ymk1NWJXeEFjbVZtY3k5b1pXRmtjeTl0WVdsdU1EZ0dDaXNHQVFRQmc3OHdBUk1FS2d3b09UYzNaVGhrTURnMU5UUmpZVGxpWkdFeU56bGpPVFpsT1RGaVpUSXhNVGxtWWpZM1l6Y3pNREFoQmdvckJnRUVBWU8vTUFFVUJCTU1FWGR2Y210bWJHOTNYMlJwYzNCaGRHTm9NSUdDQmdvckJnRUVBWU8vTUFFVkJIUU1jbWgwZEhCek9pOHZaMmwwYUhWaUxtTnZiUzl6YVdkemRHOXlaUzFqYjI1bWIzSnRZVzVqWlM5bGVIUnlaVzFsYkhrdFpHRnVaMlZ5YjNWekxYQjFZbXhwWXkxdmFXUmpMV0psWVdOdmJpOWhZM1JwYjI1ekwzSjFibk12TWpVNE1qRXlPREl3TlRrdllYUjBaVzF3ZEhNdk1UQVdCZ29yQmdFRUFZTy9NQUVXQkFnTUJuQjFZbXhwWXpDQmxRWUtLd1lCQkFIV2VRSUVBZ1NCaGdTQmd3Q0JBSDhBUG1CeFUzUnVHSkxna0xJMnNVbDJKeTludEUxdmtzNXZkeEZLdHlLZ3ByWUFBQUdlSXN0WmtBQUlBQUFGQUFBTjNoUUVBd0JJTUVZQ0lRQzIxemZTL2tPTFRQUDh1dlNyQUoyODZYNGR3NWJlRjNwZ0N0SHAzRnN2YkFJaEFNUjd3d1RXZjkrK2R0TFBwTWxSbXZ6T0MyZ3dnUzRqOWY3ZVJMdzJ0eFhNTUFvR0NDcUdTTTQ5QkFNREEya0FNR1lDTVFEb1RWbU9USzIzdDVlRS8xQk1yN0dQeGl5dkYzK0Q4WEovT2t4N1RSSHVpekpqbE5GNWROUldMWFJrcDlva0ZyY0NNUURRcHB5dDhGMXRiRmM4bVFxaXJ3QTkwZXlFSmZCVmpHNEQwbG9ONnQ3SndLck8rSy9RdW9FOEIxbW96VFppeEljPSJ9fX19fX0=" + } + ], + "timestampVerificationData": { + "rfc3161Timestamps": [ + { + "signedTimestamp": "MIICyjADAgEAMIICwQYJKoZIhvcNAQcCoIICsjCCAq4CAQMxDTALBglghkgBZQMEAgEwgbgGCyqGSIb3DQEJEAEEoIGoBIGlMIGiAgEBBgkrBgEEAYO/MAIwMTANBglghkgBZQMEAgEFAAQgRXW8rbjklsWKDcJFbuknkfjvdFIBMi3ojw4H29CcgdkCFQDtkvBN6hnmJO23oMzmDmX9yOwfaxgPMjAyNjA1MTMxOTIzNDNaMAMCAQGgMqQwMC4xFTATBgNVBAoTDHNpZ3N0b3JlLmRldjEVMBMGA1UEAxMMc2lnc3RvcmUtdHNhoAAxggHbMIIB1wIBATBRMDkxFTATBgNVBAoTDHNpZ3N0b3JlLmRldjEgMB4GA1UEAxMXc2lnc3RvcmUtdHNhLXNlbGZzaWduZWQCFAo1oQZh1eJBc8aJlqfyffJ+A3ynMAsGCWCGSAFlAwQCAaCB/DAaBgkqhkiG9w0BCQMxDQYLKoZIhvcNAQkQAQQwHAYJKoZIhvcNAQkFMQ8XDTI2MDUxMzE5MjM0M1owLwYJKoZIhvcNAQkEMSIEIOjra37uRbFEfJnttmmwbM8Uh0T8xn+yfCHefVJZjyIAMIGOBgsqhkiG9w0BCRACLzF/MH0wezB5BCAG9P/gR/6zWZm3M7DXoyNQHPwY5MAzZqhF13U250snRDBVMD2kOzA5MRUwEwYDVQQKEwxzaWdzdG9yZS5kZXYxIDAeBgNVBAMTF3NpZ3N0b3JlLXRzYS1zZWxmc2lnbmVkAhQKNaEGYdXiQXPGiZan8n3yfgN8pzAKBggqhkjOPQQDAgRnMGUCMBxMhzj+c5RIcHrbXaop+KaE7U/YLqHZL8Qq7de9raDZ2nSFtMHgx48CiWomLoFJuQIxAN5vzm+NlmN2hYUPL6MT81bzmlfLWsG1NIcpqZ+KqXNhZD6ZV5cfT9wfUBmRf19zpQ==" + } + ] + } + }, + "dsseEnvelope": { + "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjEiLCJzdWJqZWN0IjpbeyJuYW1lIjoiYS50eHQiLCJkaWdlc3QiOnsic2hhMjU2IjoiYTBjZmM3MTI3MWQ2ZTI3OGU1N2NkMzMyZmY5NTdjM2Y3MDQzZmRkYTM1NGM0Y2JiMTkwYTMwZDU2ZWZhMDFiZiJ9fV0sInByZWRpY2F0ZVR5cGUiOiJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjEiLCJwcmVkaWNhdGUiOnsiYnVpbGREZWZpbml0aW9uIjp7ImJ1aWxkVHlwZSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9zaWdzdG9yZS1jb25mb3JtYW5jZS9yZWtvcjItZHNzZS1oYXNoZWRyZWtvcmQtcmVnZW4ifSwicnVuRGV0YWlscyI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9naXRodWIuY29tL3NpZ3N0b3JlLWNvbmZvcm1hbmNlL3Jla29yMi1kc3NlLWhhc2hlZHJla29yZC1yZWdlbiJ9fX19", + "payloadType": "application/vnd.in-toto+json", + "signatures": [ + { + "sig": "MEYCIQC1Xqle9kbwDnYSMqcu9lmyN6zaEL2t8NusgbK/I8SoDgIhANBJ99vGP6KJ4zUBtGEFiw3E7a0AbX3okUKmLUkyKBpZ" + } + ] + } +} \ No newline at end of file diff --git a/sigstore-java/src/test/resources/dev/sigstore/samples/bundles/bundle.dsse.rekor-v2.mismatched-envelope.sigstore b/sigstore-java/src/test/resources/dev/sigstore/samples/bundles/bundle.dsse.rekor-v2.mismatched-envelope.sigstore new file mode 100644 index 00000000..b4f8ee61 --- /dev/null +++ b/sigstore-java/src/test/resources/dev/sigstore/samples/bundles/bundle.dsse.rekor-v2.mismatched-envelope.sigstore @@ -0,0 +1,60 @@ +{ + "mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", + "verificationMaterial": { + "certificate": { + "rawBytes": "MIIIPjCCB8OgAwIBAgIUeM3NlSziGqyL9eZI60oZxLb9zagwCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjYwNTEzMTkyMzMyWhcNMjYwNTEzMTkzMzMyWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE1QyGuXvW6qw/A8ZGhPMkTgNtuI5KD78Melrj2MiRes4Q/35YI+tC14XKYjQDQDgIOVODYXt948sJw9zG7gXMkKOCBuIwggbeMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUMz1orfizj2bmeTSSIKuK9zh5iPcwHwYDVR0jBBgwFoAUcYYwphR8Ym/599b0BRp/X//rb6wwgaUGA1UdEQEB/wSBmjCBl4aBlGh0dHBzOi8vZ2l0aHViLmNvbS9zaWdzdG9yZS1jb25mb3JtYW5jZS9leHRyZW1lbHktZGFuZ2Vyb3VzLXB1YmxpYy1vaWRjLWJlYWNvbi8uZ2l0aHViL3dvcmtmbG93cy9leHRyZW1lbHktZGFuZ2Vyb3VzLW9pZGMtYmVhY29uLnltbEByZWZzL2hlYWRzL21haW4wOQYKKwYBBAGDvzABAQQraHR0cHM6Ly90b2tlbi5hY3Rpb25zLmdpdGh1YnVzZXJjb250ZW50LmNvbTAfBgorBgEEAYO/MAECBBF3b3JrZmxvd19kaXNwYXRjaDA2BgorBgEEAYO/MAEDBCg5NzdlOGQwODU1NGNhOWJkYTI3OWM5NmU5MWJlMjExOWZiNjdjNzMwMC0GCisGAQQBg78wAQQEH0V4dHJlbWVseSBkYW5nZXJvdXMgT0lEQyBiZWFjb24wSQYKKwYBBAGDvzABBQQ7c2lnc3RvcmUtY29uZm9ybWFuY2UvZXh0cmVtZWx5LWRhbmdlcm91cy1wdWJsaWMtb2lkYy1iZWFjb24wHQYKKwYBBAGDvzABBgQPcmVmcy9oZWFkcy9tYWluMDsGCisGAQQBg78wAQgELQwraHR0cHM6Ly90b2tlbi5hY3Rpb25zLmdpdGh1YnVzZXJjb250ZW50LmNvbTCBpgYKKwYBBAGDvzABCQSBlwyBlGh0dHBzOi8vZ2l0aHViLmNvbS9zaWdzdG9yZS1jb25mb3JtYW5jZS9leHRyZW1lbHktZGFuZ2Vyb3VzLXB1YmxpYy1vaWRjLWJlYWNvbi8uZ2l0aHViL3dvcmtmbG93cy9leHRyZW1lbHktZGFuZ2Vyb3VzLW9pZGMtYmVhY29uLnltbEByZWZzL2hlYWRzL21haW4wOAYKKwYBBAGDvzABCgQqDCg5NzdlOGQwODU1NGNhOWJkYTI3OWM5NmU5MWJlMjExOWZiNjdjNzMwMB0GCisGAQQBg78wAQsEDwwNZ2l0aHViLWhvc3RlZDBeBgorBgEEAYO/MAEMBFAMTmh0dHBzOi8vZ2l0aHViLmNvbS9zaWdzdG9yZS1jb25mb3JtYW5jZS9leHRyZW1lbHktZGFuZ2Vyb3VzLXB1YmxpYy1vaWRjLWJlYWNvbjA4BgorBgEEAYO/MAENBCoMKDk3N2U4ZDA4NTU0Y2E5YmRhMjc5Yzk2ZTkxYmUyMTE5ZmI2N2M3MzAwHwYKKwYBBAGDvzABDgQRDA9yZWZzL2hlYWRzL21haW4wGQYKKwYBBAGDvzABDwQLDAk2MzI1OTY4OTcwNwYKKwYBBAGDvzABEAQpDCdodHRwczovL2dpdGh1Yi5jb20vc2lnc3RvcmUtY29uZm9ybWFuY2UwGQYKKwYBBAGDvzABEQQLDAkxMzE4MDQ1NjMwgaYGCisGAQQBg78wARIEgZcMgZRodHRwczovL2dpdGh1Yi5jb20vc2lnc3RvcmUtY29uZm9ybWFuY2UvZXh0cmVtZWx5LWRhbmdlcm91cy1wdWJsaWMtb2lkYy1iZWFjb24vLmdpdGh1Yi93b3JrZmxvd3MvZXh0cmVtZWx5LWRhbmdlcm91cy1vaWRjLWJlYWNvbi55bWxAcmVmcy9oZWFkcy9tYWluMDgGCisGAQQBg78wARMEKgwoOTc3ZThkMDg1NTRjYTliZGEyNzljOTZlOTFiZTIxMTlmYjY3YzczMDAhBgorBgEEAYO/MAEUBBMMEXdvcmtmbG93X2Rpc3BhdGNoMIGCBgorBgEEAYO/MAEVBHQMcmh0dHBzOi8vZ2l0aHViLmNvbS9zaWdzdG9yZS1jb25mb3JtYW5jZS9leHRyZW1lbHktZGFuZ2Vyb3VzLXB1YmxpYy1vaWRjLWJlYWNvbi9hY3Rpb25zL3J1bnMvMjU4MjEyODIwNTkvYXR0ZW1wdHMvMTAWBgorBgEEAYO/MAEWBAgMBnB1YmxpYzCBlQYKKwYBBAHWeQIEAgSBhgSBgwCBAH8APmBxU3RuGJLgkLI2sUl2Jy9ntE1vks5vdxFKtyKgprYAAAGeIstZkAAIAAAFAAAN3hQEAwBIMEYCIQC21zfS/kOLTPP8uvSrAJ286X4dw5beF3pgCtHp3FsvbAIhAMR7wwTWf9++dtLPpMlRmvzOC2gwgS4j9f7eRLw2txXMMAoGCCqGSM49BAMDA2kAMGYCMQDoTVmOTK23t5eE/1BMr7GPxiyvF3+D8XJ/Okx7TRHuizJjlNF5dNRWLXRkp9okFrcCMQDQppyt8F1tbFc8mQqirwA90eyEJfBVjG4D0loN6t7JwKrO+K/QuoE8B1mozTZixIc=" + }, + "tlogEntries": [ + { + "logIndex": "4026478", + "logId": { + "keyId": "09OnDKEw7/hpZiYVPoTRzRbglHk0sylsUovegnRUlJY=" + }, + "kindVersion": { + "kind": "hashedrekord", + "version": "0.0.2" + }, + "inclusionProof": { + "logIndex": "4026478", + "rootHash": "5iaX4xK6PMnp4ZFTP4iywMcwLgaTjzgRTkrTOUFIrfY=", + "treeSize": "4026479", + "hashes": [ + "y9eH/Cl/glEuLMKtwV0bgZ+a1P/AjoPyvu/iUeanaIM=", + "nrNQ2vb5JM2No6zELZt05onTYzqQOwDUcs24jAa6lzk=", + "HfZO2uZZbokwORUD/0dMRpBEouo33Ab2nQ2N6r4v688=", + "grMdYn8tE73JvJU8Ixk4hl8/fKu06hUdgpPNsuAfb7o=", + "i1gQ61xe3f9MP09y2e9Z4n5ZnDiFuqQmTK/u7Gji4Ws=", + "TkPA4Mv4plM3c6oejf5r+PqVxfMPk0x+QAjumzaswsU=", + "wGq46RfkA9tCYZ2CCOOMGQttyhHIqMksBAl+soDBgRw=", + "WPWftR+8Qjv3qiIBp48n3PiweejcpuHjokhaSIJaUOo=", + "kgGccNZjCDNKiQBUSPorZcTXoy9T0OIygUNX2V9tF7s=", + "7vMeapYqpjDZc8itt3uF6dGxL5qkbFsQ18jBiblH/5g=", + "ma8nVjhpJ0JmgSzaxhxP7bvHXtiZC6nJXIBmDV8kNAI=", + "CZJWJtYZFYWwC+DsEiCMnWled/ED66viI0Wz/L+9vxk=", + "Y8Q9QaTpqRAlSoWnNwyYGDerVLL1f6b8osmbDYEF6og=" + ], + "checkpoint": { + "envelope": "log2025-alpha3.rekor.sigstage.dev\n4026479\n5iaX4xK6PMnp4ZFTP4iywMcwLgaTjzgRTkrTOUFIrfY=\n\n— log2025-alpha3.rekor.sigstage.dev 09OnDHwVrKeXjBYQ4NJ5EoENdtpBwZcV3X8n+cAZFIk+8LBPKEpZcKqoN2CfjGw0zlQwt+U2pLt5UyYEFv+STPHPmQg=\n— witness.stagemole.eu Z/euoAAAAABqBM+21mV7JbHwWmLP20ZSpNWneHMkITOPopt+Vj1MoJSILqOIPpx93pbRfA0U+Eq5IiJjEUhG1JwGhPCJEUT5yDcFDg==\n— staging.witness.transparency.goog/ring-any-bells LhqNyQAAAABqBM+2Ob9EtpF9h6IUMXc/LTRkkXiNAgbbohBxHekby1oASdDtPLkgZLmBHH73DF25f2L8xGgp/qVwoZK5thKXc6XnCw==\n— witness.navigli.sunlight.geomys.org o+AP4gAAAABqBM+2NoYlK4g3lkC5QltDB6f2F9U8yF6+8kXKjLKHAYvSDJ3u5dZufSU3bz+AtJMdOoMixoFJBkQ397WY/mE0i9tlCg==\n" + } + }, + "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjIiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJoYXNoZWRSZWtvcmRWMDAyIjp7ImRhdGEiOnsiYWxnb3JpdGhtIjoiU0hBMl8yNTYiLCJkaWdlc3QiOiJWL0lUWEZsTWY1Tmc1NXBVSXNLUitJZU5TdVhGT2J3RTNLUmRwajE4TGhFPSJ9LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FVUNJUUNRUTExbnNvVGFPNTIvTUM0OGcwN21qQVRkeEQ4Nnl3ZHUzTnhKVWpIN3lBSWdXR2MrTVIzZUlBb1d1OEpFMVFNMllEc2xwb0ZBek1WV3BOMTE1ZkNLdXFnPSIsInZlcmlmaWVyIjp7ImtleURldGFpbHMiOiJQS0lYX0VDRFNBX1AyNTZfU0hBXzI1NiIsIng1MDlDZXJ0aWZpY2F0ZSI6eyJyYXdCeXRlcyI6Ik1JSUlQakNDQjhPZ0F3SUJBZ0lVZU0zTmxTemlHcXlMOWVaSTYwb1p4TGI5emFnd0NnWUlLb1pJemowRUF3TXdOekVWTUJNR0ExVUVDaE1NYzJsbmMzUnZjbVV1WkdWMk1SNHdIQVlEVlFRREV4VnphV2R6ZEc5eVpTMXBiblJsY20xbFpHbGhkR1V3SGhjTk1qWXdOVEV6TVRreU16TXlXaGNOTWpZd05URXpNVGt6TXpNeVdqQUFNRmt3RXdZSEtvWkl6ajBDQVFZSUtvWkl6ajBEQVFjRFFnQUUxUXlHdVh2VzZxdy9BOFpHaFBNa1RnTnR1STVLRDc4TWVscmoyTWlSZXM0US8zNVlJK3RDMTRYS1lqUURRRGdJT1ZPRFlYdDk0OHNKdzl6RzdnWE1rS09DQnVJd2dnYmVNQTRHQTFVZER3RUIvd1FFQXdJSGdEQVRCZ05WSFNVRUREQUtCZ2dyQmdFRkJRY0RBekFkQmdOVkhRNEVGZ1FVTXoxb3JmaXpqMmJtZVRTU0lLdUs5emg1aVBjd0h3WURWUjBqQkJnd0ZvQVVjWVl3cGhSOFltLzU5OWIwQlJwL1gvL3JiNnd3Z2FVR0ExVWRFUUVCL3dTQm1qQ0JsNGFCbEdoMGRIQnpPaTh2WjJsMGFIVmlMbU52YlM5emFXZHpkRzl5WlMxamIyNW1iM0p0WVc1alpTOWxlSFJ5WlcxbGJIa3RaR0Z1WjJWeWIzVnpMWEIxWW14cFl5MXZhV1JqTFdKbFlXTnZiaTh1WjJsMGFIVmlMM2R2Y210bWJHOTNjeTlsZUhSeVpXMWxiSGt0WkdGdVoyVnliM1Z6TFc5cFpHTXRZbVZoWTI5dUxubHRiRUJ5WldaekwyaGxZV1J6TDIxaGFXNHdPUVlLS3dZQkJBR0R2ekFCQVFRcmFIUjBjSE02THk5MGIydGxiaTVoWTNScGIyNXpMbWRwZEdoMVluVnpaWEpqYjI1MFpXNTBMbU52YlRBZkJnb3JCZ0VFQVlPL01BRUNCQkYzYjNKclpteHZkMTlrYVhOd1lYUmphREEyQmdvckJnRUVBWU8vTUFFREJDZzVOemRsT0dRd09EVTFOR05oT1dKa1lUSTNPV001Tm1VNU1XSmxNakV4T1daaU5qZGpOek13TUMwR0Npc0dBUVFCZzc4d0FRUUVIMFY0ZEhKbGJXVnNlU0JrWVc1blpYSnZkWE1nVDBsRVF5QmlaV0ZqYjI0d1NRWUtLd1lCQkFHRHZ6QUJCUVE3YzJsbmMzUnZjbVV0WTI5dVptOXliV0Z1WTJVdlpYaDBjbVZ0Wld4NUxXUmhibWRsY205MWN5MXdkV0pzYVdNdGIybGtZeTFpWldGamIyNHdIUVlLS3dZQkJBR0R2ekFCQmdRUGNtVm1jeTlvWldGa2N5OXRZV2x1TURzR0Npc0dBUVFCZzc4d0FRZ0VMUXdyYUhSMGNITTZMeTkwYjJ0bGJpNWhZM1JwYjI1ekxtZHBkR2gxWW5WelpYSmpiMjUwWlc1MExtTnZiVENCcGdZS0t3WUJCQUdEdnpBQkNRU0Jsd3lCbEdoMGRIQnpPaTh2WjJsMGFIVmlMbU52YlM5emFXZHpkRzl5WlMxamIyNW1iM0p0WVc1alpTOWxlSFJ5WlcxbGJIa3RaR0Z1WjJWeWIzVnpMWEIxWW14cFl5MXZhV1JqTFdKbFlXTnZiaTh1WjJsMGFIVmlMM2R2Y210bWJHOTNjeTlsZUhSeVpXMWxiSGt0WkdGdVoyVnliM1Z6TFc5cFpHTXRZbVZoWTI5dUxubHRiRUJ5WldaekwyaGxZV1J6TDIxaGFXNHdPQVlLS3dZQkJBR0R2ekFCQ2dRcURDZzVOemRsT0dRd09EVTFOR05oT1dKa1lUSTNPV001Tm1VNU1XSmxNakV4T1daaU5qZGpOek13TUIwR0Npc0dBUVFCZzc4d0FRc0VEd3dOWjJsMGFIVmlMV2h2YzNSbFpEQmVCZ29yQmdFRUFZTy9NQUVNQkZBTVRtaDBkSEJ6T2k4dloybDBhSFZpTG1OdmJTOXphV2R6ZEc5eVpTMWpiMjVtYjNKdFlXNWpaUzlsZUhSeVpXMWxiSGt0WkdGdVoyVnliM1Z6TFhCMVlteHBZeTF2YVdSakxXSmxZV052YmpBNEJnb3JCZ0VFQVlPL01BRU5CQ29NS0RrM04yVTRaREE0TlRVMFkyRTVZbVJoTWpjNVl6azJaVGt4WW1VeU1URTVabUkyTjJNM016QXdId1lLS3dZQkJBR0R2ekFCRGdRUkRBOXlaV1p6TDJobFlXUnpMMjFoYVc0d0dRWUtLd1lCQkFHRHZ6QUJEd1FMREFrMk16STFPVFk0T1Rjd053WUtLd1lCQkFHRHZ6QUJFQVFwRENkb2RIUndjem92TDJkcGRHaDFZaTVqYjIwdmMybG5jM1J2Y21VdFkyOXVabTl5YldGdVkyVXdHUVlLS3dZQkJBR0R2ekFCRVFRTERBa3hNekU0TURRMU5qTXdnYVlHQ2lzR0FRUUJnNzh3QVJJRWdaY01nWlJvZEhSd2N6b3ZMMmRwZEdoMVlpNWpiMjB2YzJsbmMzUnZjbVV0WTI5dVptOXliV0Z1WTJVdlpYaDBjbVZ0Wld4NUxXUmhibWRsY205MWN5MXdkV0pzYVdNdGIybGtZeTFpWldGamIyNHZMbWRwZEdoMVlpOTNiM0pyWm14dmQzTXZaWGgwY21WdFpXeDVMV1JoYm1kbGNtOTFjeTF2YVdSakxXSmxZV052Ymk1NWJXeEFjbVZtY3k5b1pXRmtjeTl0WVdsdU1EZ0dDaXNHQVFRQmc3OHdBUk1FS2d3b09UYzNaVGhrTURnMU5UUmpZVGxpWkdFeU56bGpPVFpsT1RGaVpUSXhNVGxtWWpZM1l6Y3pNREFoQmdvckJnRUVBWU8vTUFFVUJCTU1FWGR2Y210bWJHOTNYMlJwYzNCaGRHTm9NSUdDQmdvckJnRUVBWU8vTUFFVkJIUU1jbWgwZEhCek9pOHZaMmwwYUhWaUxtTnZiUzl6YVdkemRHOXlaUzFqYjI1bWIzSnRZVzVqWlM5bGVIUnlaVzFsYkhrdFpHRnVaMlZ5YjNWekxYQjFZbXhwWXkxdmFXUmpMV0psWVdOdmJpOWhZM1JwYjI1ekwzSjFibk12TWpVNE1qRXlPREl3TlRrdllYUjBaVzF3ZEhNdk1UQVdCZ29yQmdFRUFZTy9NQUVXQkFnTUJuQjFZbXhwWXpDQmxRWUtLd1lCQkFIV2VRSUVBZ1NCaGdTQmd3Q0JBSDhBUG1CeFUzUnVHSkxna0xJMnNVbDJKeTludEUxdmtzNXZkeEZLdHlLZ3ByWUFBQUdlSXN0WmtBQUlBQUFGQUFBTjNoUUVBd0JJTUVZQ0lRQzIxemZTL2tPTFRQUDh1dlNyQUoyODZYNGR3NWJlRjNwZ0N0SHAzRnN2YkFJaEFNUjd3d1RXZjkrK2R0TFBwTWxSbXZ6T0MyZ3dnUzRqOWY3ZVJMdzJ0eFhNTUFvR0NDcUdTTTQ5QkFNREEya0FNR1lDTVFEb1RWbU9USzIzdDVlRS8xQk1yN0dQeGl5dkYzK0Q4WEovT2t4N1RSSHVpekpqbE5GNWROUldMWFJrcDlva0ZyY0NNUURRcHB5dDhGMXRiRmM4bVFxaXJ3QTkwZXlFSmZCVmpHNEQwbG9ONnQ3SndLck8rSy9RdW9FOEIxbW96VFppeEljPSJ9fX19fX0=" + } + ], + "timestampVerificationData": { + "rfc3161Timestamps": [ + { + "signedTimestamp": "MIICyTADAgEAMIICwAYJKoZIhvcNAQcCoIICsTCCAq0CAQMxDTALBglghkgBZQMEAgEwgbgGCyqGSIb3DQEJEAEEoIGoBIGlMIGiAgEBBgkrBgEEAYO/MAIwMTANBglghkgBZQMEAgEFAAQgazE7B5EcUMfVP4g7Py0R0KJ/cIqcv2ssos6rgpgS3icCFQDldn1hrfcIdQRDSGoP/Jyh3ZnBBRgPMjAyNjA1MTMxOTIzMzhaMAMCAQGgMqQwMC4xFTATBgNVBAoTDHNpZ3N0b3JlLmRldjEVMBMGA1UEAxMMc2lnc3RvcmUtdHNhoAAxggHaMIIB1gIBATBRMDkxFTATBgNVBAoTDHNpZ3N0b3JlLmRldjEgMB4GA1UEAxMXc2lnc3RvcmUtdHNhLXNlbGZzaWduZWQCFAo1oQZh1eJBc8aJlqfyffJ+A3ynMAsGCWCGSAFlAwQCAaCB/DAaBgkqhkiG9w0BCQMxDQYLKoZIhvcNAQkQAQQwHAYJKoZIhvcNAQkFMQ8XDTI2MDUxMzE5MjMzOFowLwYJKoZIhvcNAQkEMSIEIN8PIhiZjXlEP6q7W/1AbeAoVV4jl2k3w2EKbWFmV1HNMIGOBgsqhkiG9w0BCRACLzF/MH0wezB5BCAG9P/gR/6zWZm3M7DXoyNQHPwY5MAzZqhF13U250snRDBVMD2kOzA5MRUwEwYDVQQKEwxzaWdzdG9yZS5kZXYxIDAeBgNVBAMTF3NpZ3N0b3JlLXRzYS1zZWxmc2lnbmVkAhQKNaEGYdXiQXPGiZan8n3yfgN8pzAKBggqhkjOPQQDAgRmMGQCMGdHU26L2sHhFr0usPG/nKSi1e4y8n7qDO+ArBAXZde3MxTv4DdqzmpFTwRHBaM9/wIwM3LCOaWjFkycUkGCxdrjl5qJAYSR31fWv2kiZnKJJ2Dy1p4SY2M5UGUeQ1K8jaay" + } + ] + } + }, + "dsseEnvelope": { + "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjEiLCJzdWJqZWN0IjpbeyJuYW1lIjoiYS50eHQiLCJkaWdlc3QiOnsic2hhMjU2IjoiYTBjZmM3MTI3MWQ2ZTI3OGU1N2NkMzMyZmY5NTdjM2Y3MDQzZmRkYTM1NGM0Y2JiMTkwYTMwZDU2ZWZhMDFiZiJ9fV0sInByZWRpY2F0ZVR5cGUiOiJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjEiLCJwcmVkaWNhdGUiOnsiYnVpbGREZWZpbml0aW9uIjp7ImJ1aWxkVHlwZSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9zaWdzdG9yZS1jb25mb3JtYW5jZS9yZWtvcjItZHNzZS1oYXNoZWRyZWtvcmQtcmVnZW4tQiJ9LCJydW5EZXRhaWxzIjp7ImJ1aWxkZXIiOnsiaWQiOiJodHRwczovL2dpdGh1Yi5jb20vc2lnc3RvcmUtY29uZm9ybWFuY2UvcmVrb3IyLWRzc2UtaGFzaGVkcmVrb3JkLXJlZ2VuIn19fX0=", + "payloadType": "application/vnd.in-toto+json", + "signatures": [ + { + "sig": "MEUCIDwMaP7ZdDdswggkkaJPJpaBqURbByINZX6rYpHNXcWcAiEA/LkKHLTdb2ZUgL4S2mE9+kP7MO63YRNgqBgQXrk3N1s=" + } + ] + } +} diff --git a/sigstore-java/src/test/resources/dev/sigstore/samples/bundles/bundle.dsse.rekor-v2.mismatched-payload.sigstore b/sigstore-java/src/test/resources/dev/sigstore/samples/bundles/bundle.dsse.rekor-v2.mismatched-payload.sigstore deleted file mode 100644 index e3a9cd6a..00000000 --- a/sigstore-java/src/test/resources/dev/sigstore/samples/bundles/bundle.dsse.rekor-v2.mismatched-payload.sigstore +++ /dev/null @@ -1,40 +0,0 @@ -{ - "mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", - "verificationMaterial": { - "tlogEntries": [{ - "logIndex": "6844", - "logId": { - "keyId": "8w1amZ2S5mJIQkQmPxdMuOrL/oJkvFg9MnQXmeOCXck=" - }, - "kindVersion": { - "kind": "dsse", - "version": "0.0.2" - }, - "inclusionProof": { - "logIndex": "6844", - "rootHash": "02OB8dyqde5plQxRi5YRH9W0oGck5q7ARK2iN5SXrGU=", - "treeSize": "6845", - "hashes": ["kBUUZhLrBMTZCfNozIBd2DA+9CnTkE9PBRP0Ld9nDFA=", "D2vBCcgnwglrjVnkLUM8/t1kqEGubtgUU97+EVQUZ28=", "nMiUUOA/Lv/1lgcBYft53KwJdHo/MR2p+M3DSRWr/cY=", "ihByrS/Xgl0QEHjv6rp/AxV6uk+E7c9ncM04J7zbqbU=", "Ezo3FTVCd4Kzk1oPeT3rNLZhvRsGZN/66ONX81DrJ0M=", "tnv06iEfRP1UrMtn7D7v4lA+1VfpdI3ioGcQRJLMoP0=", "Ag03a73jphtOkMBVhp+MkrJwDkx2NE69NESHMFcwcfI=", "xbDsGnxf1siByWHEuiK85p0reQCaKKWUjf8YNl9s/Vo="], - "checkpoint": { - "envelope": "log2025-alpha1.rekor.sigstage.dev\n6845\n02OB8dyqde5plQxRi5YRH9W0oGck5q7ARK2iN5SXrGU\u003d\n\n— log2025-alpha1.rekor.sigstage.dev 8w1amY7vnN7S7KnCOLVV5AJvz1iL+GjoOCh3Gd+CfJbsof5wp+REsZBBygM01BEtvCWLN/HXaWrFAfHCodvFdrIVHA8\u003d\n" - } - }, - "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjIiLCJraW5kIjoiZHNzZSIsInNwZWMiOnsiZHNzZVYwMDIiOnsicGF5bG9hZEhhc2giOnsiYWxnb3JpdGhtIjoiU0hBMl8yNTYiLCJkaWdlc3QiOiIxcklKdXAzZU94N2w3ZXU0alJzYmtYdHk3cllVTW81N3BtZjF0NnR3NlljPSJ9LCJzaWduYXR1cmVzIjpbeyJjb250ZW50IjoiTUVZQ0lRQ0dSYU9OV3FsNlFyUWgvTGVjS3Q0TE5tRVdVc3huWmU2RXprVEthTVRmUVFJaEFOZDk2SWw3S1RFTkFFMHFITSsxK3hvamZaSmY4Z3hoWFFPcHhleGNYY0huIiwidmVyaWZpZXIiOnsia2V5RGV0YWlscyI6IlBLSVhfRUNEU0FfUDI1Nl9TSEFfMjU2IiwieDUwOUNlcnRpZmljYXRlIjp7InJhd0J5dGVzIjoiTUlJQ3lEQ0NBazZnQXdJQkFnSVVhc0FseW53bmc2aktPelFUVEU1b1J0QzhnQ2t3Q2dZSUtvWkl6ajBFQXdNd056RVZNQk1HQTFVRUNoTU1jMmxuYzNSdmNtVXVaR1YyTVI0d0hBWURWUVFERXhWemFXZHpkRzl5WlMxcGJuUmxjbTFsWkdsaGRHVXdIaGNOTWpVd056SXpNVGcxTnpNNFdoY05NalV3TnpJek1Ua3dOek00V2pBQU1Ga3dFd1lIS29aSXpqMENBUVlJS29aSXpqMERBUWNEUWdBRVpwaDM3TmR0c3p0cHcwK2tCWUJnVXZhbkFZalUvem5wREM4ZHpQV2h4WTR5emthbXFRUjlSWGR5TVZOV2JtZktMMHBuTHNzM244K09URWxrYTFJUk02T0NBVzB3Z2dGcE1BNEdBMVVkRHdFQi93UUVBd0lIZ0RBVEJnTlZIU1VFRERBS0JnZ3JCZ0VGQlFjREF6QWRCZ05WSFE0RUZnUVVPLzdsWEg5MWhEcnNtUnFLVG1nSUlXVWRiU013SHdZRFZSMGpCQmd3Rm9BVWNZWXdwaFI4WW0vNTk5YjBCUnAvWC8vcmI2d3dIUVlEVlIwUkFRSC9CQk13RVlFUFlYQndkVUJuYjI5bmJHVXVZMjl0TUNrR0Npc0dBUVFCZzc4d0FRRUVHMmgwZEhCek9pOHZZV05qYjNWdWRITXVaMjl2WjJ4bExtTnZiVEFyQmdvckJnRUVBWU8vTUFFSUJCME1HMmgwZEhCek9pOHZZV05qYjNWdWRITXVaMjl2WjJ4bExtTnZiVENCaWdZS0t3WUJCQUhXZVFJRUFnUjhCSG9BZUFCMkFDc3d2TnhvaU1uaTRkZ21LVjUwSDBnNU1aWUM4cHd6eTE1RFFQNnlySVo2QUFBQm1EaWwrdElBQUFRREFFY3dSUUloQU12a3NTejFlTHFjNktWSGFUVTkyR2l2ZzU2NnNBMUdUZ0ZmdGVNNmtXcmhBaUJUWHhLOUQyTStjam45VlI0V2hvQlBMa3N4MmRYZTFaMGRFMkhnTnBSUkVUQUtCZ2dxaGtqT1BRUURBd05vQURCbEFqQjVtNlgwT1k2TVRBdjhYaWVWaXdRZENKWXdqZ1VmQmtvWk9aL0NNdisvL1BKamw3UlRSZDh5a3NyVUNDMEFHNEFDTVFDalE3WWF5TzlGVXdXOStvTFNHS0s2OXRHZFZabjNaMFBuUllqdDlwRDgvRWFEY2RKZm9iU0ZOVlNiQXUyRVQ5UT0ifX19XX19fQ==" - }], - "timestampVerificationData": { - "rfc3161Timestamps": [{ - "signedTimestamp": "MIIC0zADAgEAMIICygYJKoZIhvcNAQcCoIICuzCCArcCAQMxDTALBglghkgBZQMEAgEwgcEGCyqGSIb3DQEJEAEEoIGxBIGuMIGrAgEBBgkrBgEEAYO/MAIwMTANBglghkgBZQMEAgEFAAQgLoG+mJBA8vAFUybo77C/c7vI/tcNIa2/n0mHtZwvrHkCFC90Y/kHxo5PJlnJITAPKPt3idPVGA8yMDI1MDcyMzE4NTczOFowAwIBAQIIcRfeeghrEbKgMqQwMC4xFTATBgNVBAoTDHNpZ3N0b3JlLmRldjEVMBMGA1UEAxMMc2lnc3RvcmUtdHNhoAAxggHbMIIB1wIBATBRMDkxFTATBgNVBAoTDHNpZ3N0b3JlLmRldjEgMB4GA1UEAxMXc2lnc3RvcmUtdHNhLXNlbGZzaWduZWQCFAo1oQZh1eJBc8aJlqfyffJ+A3ynMAsGCWCGSAFlAwQCAaCB/DAaBgkqhkiG9w0BCQMxDQYLKoZIhvcNAQkQAQQwHAYJKoZIhvcNAQkFMQ8XDTI1MDcyMzE4NTczOFowLwYJKoZIhvcNAQkEMSIEIBLMMNhxlXRVMZtKNbfWDXQW4niE731b9NjYfFVUD9/8MIGOBgsqhkiG9w0BCRACLzF/MH0wezB5BCAG9P/gR/6zWZm3M7DXoyNQHPwY5MAzZqhF13U250snRDBVMD2kOzA5MRUwEwYDVQQKEwxzaWdzdG9yZS5kZXYxIDAeBgNVBAMTF3NpZ3N0b3JlLXRzYS1zZWxmc2lnbmVkAhQKNaEGYdXiQXPGiZan8n3yfgN8pzAKBggqhkjOPQQDAgRnMGUCMBT7UThGRiJKbEvz3MPs3/Gmn9vN+liXlIO2KmzW5zF8QXeze1fyD5kP5+Pwnlf1pgIxAL/qP5C6GKGlPT2ako7yY7kgpEWa8HiL+Q39u8W2vgS3tDSlLrntEzQGU0s0NmJ/zw==" - }] - }, - "certificate": { - "rawBytes": "MIICyDCCAk6gAwIBAgIUasAlynwng6jKOzQTTE5oRtC8gCkwCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjUwNzIzMTg1NzM4WhcNMjUwNzIzMTkwNzM4WjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZph37Ndtsztpw0+kBYBgUvanAYjU/znpDC8dzPWhxY4yzkamqQR9RXdyMVNWbmfKL0pnLss3n8+OTElka1IRM6OCAW0wggFpMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUO/7lXH91hDrsmRqKTmgIIWUdbSMwHwYDVR0jBBgwFoAUcYYwphR8Ym/599b0BRp/X//rb6wwHQYDVR0RAQH/BBMwEYEPYXBwdUBnb29nbGUuY29tMCkGCisGAQQBg78wAQEEG2h0dHBzOi8vYWNjb3VudHMuZ29vZ2xlLmNvbTArBgorBgEEAYO/MAEIBB0MG2h0dHBzOi8vYWNjb3VudHMuZ29vZ2xlLmNvbTCBigYKKwYBBAHWeQIEAgR8BHoAeAB2ACswvNxoiMni4dgmKV50H0g5MZYC8pwzy15DQP6yrIZ6AAABmDil+tIAAAQDAEcwRQIhAMvksSz1eLqc6KVHaTU92Givg566sA1GTgFfteM6kWrhAiBTXxK9D2M+cjn9VR4WhoBPLksx2dXe1Z0dE2HgNpRRETAKBggqhkjOPQQDAwNoADBlAjB5m6X0OY6MTAv8XieViwQdCJYwjgUfBkoZOZ/CMv+//PJjl7RTRd8yksrUCC0AG4ACMQCjQ7YayO9FUwW9+oLSGKK69tGdVZn3Z0PnRYjt9pD8/EaDcdJfobSFNVSbAu2ET9Q=" - } - }, - "dsseEnvelope": { - "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjEiLCJzdWJqZWN0IjpbeyJuYW1lIjoiYS50eHQiLCJkaWdlc3QiOnsic2hhMjU2IjoiYTBjZmM3MTI3MWQ2ZTI3OGU1N2NkMzMyZmY5NTdjM2Y3MDQzZmRkYTM1NGM0Y2JiMTkwYTMwZDU2ZWZhMDFiZiJ9fV0sInByZWRpY2F0ZVR5cGUiOiJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjEiLCJwcmVkaWNhdGUiOnsiYnVpbGREZWZpbml0aW9uIjp7ImJ1aWxkVHlwZSI6Imh0dHBzOi8vYWN0aW9ucy5naXRodWIuaW8vYnVpbGR0eXBlcy93b3JrZmxvdy92MSIsImV4dGVybmFsUGFyYW1ldGVycyI6eyJ3b3JrZmxvdyI6eyJyZWYiOiJyZWZzL2hlYWRzL21haW4iLCJyZXBvc2l0b3J5IjoiaHR0cHM6Ly9naXRodWIuY29tL21vb3NlL2FhLXRlc3QiLCJwYXRoIjoiLmdpdGh1Yi93b3JrZmxvd3MvcHJvdmVuYW5jZS55YW1sIn19LCJpbnRlcm5hbFBhcmFtZXRlcnMiOnsiZ2l0aHViIjp7ImV2ZW50X25hbWUiOiJ3b3JrZmxvd19kaXNwYXRjaCIsInJlcG9zaXRvcnlfaWQiOiI4OTE3MTU0NDQiLCJyZXBvc2l0b3J5X293bmVyX2lkIjoiMTMwNDgyNiIsInJ1bm5lcl9lbnZpcm9ubWVudCI6ImdpdGh1Yi1ob3N0ZWQifX0sInJlc29sdmVkRGVwZW5kZW5jaWVzIjpbeyJ1cmkiOiJnaXQraHR0cHM6Ly9naXRodWIuY29tL21vb3NlL2FhLXRlc3RAcmVmcy9oZWFkcy9tYWluIiwiZGlnZXN0Ijp7ImdpdENvbW1pdCI6ImViZmY4ZGZiZDYwOWI3YjIyMjM3Yzc3MTljZTA3ZjJkYzc5MzRmNWYifX1dfSwicnVuRGV0YWlscyI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9naXRodWIuY29tL21vb3NlL2FhLXRlc3QvLmdpdGh1Yi93b3JrZmxvd3MvcHJvdmVuYW5jZS55YW1sQHJlZnMvaGVhZHMvbWFpbiJ9LCJtZXRhZGF0YSI6eyJpbnZvY2F0aW9uSWQiOiJodHRwczovL2dpdGh1Yi5jb20vbW9vc2UvYWEtdGVzdC9hY3Rpb25zL3J1bnMvMTE5NDE0MjU0ODcvYXR0ZW1wdHMvMSJ9fX19Cg==", - "payloadType": "application/vnd.in-toto+json", - "signatures": [{ - "sig": "MEUCIAClWd1w/CSq1ztmu0LCVMaymV1udltXXIHn27xGsWj1AiEAuz0pr2mhAyrDyzojHwOfHtR2n95zhHFlxgUv3fQ2MMs=" - }] - } -} diff --git a/sigstore-java/src/test/resources/dev/sigstore/samples/bundles/bundle.dsse.rekor-v2.mismatched-signature.sigstore b/sigstore-java/src/test/resources/dev/sigstore/samples/bundles/bundle.dsse.rekor-v2.mismatched-signature.sigstore index d60c16a0..12295d51 100644 --- a/sigstore-java/src/test/resources/dev/sigstore/samples/bundles/bundle.dsse.rekor-v2.mismatched-signature.sigstore +++ b/sigstore-java/src/test/resources/dev/sigstore/samples/bundles/bundle.dsse.rekor-v2.mismatched-signature.sigstore @@ -1,40 +1,60 @@ { "mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", "verificationMaterial": { - "tlogEntries": [{ - "logIndex": "6610", - "logId": { - "keyId": "8w1amZ2S5mJIQkQmPxdMuOrL/oJkvFg9MnQXmeOCXck=" - }, - "kindVersion": { - "kind": "dsse", - "version": "0.0.2" - }, - "inclusionProof": { - "logIndex": "6610", - "rootHash": "oAIwoOiwvcPNs87ZrwYZnoe2nFt4Cei0eyCdvMDyPTI=", - "treeSize": "6611", - "hashes": ["OvbsUnEZXSqqN0viZZwzQIFZZOaez8S/y4s728HMtYE=", "BJfz0qlmgfv4T3PWEdaQDsRGoofPEgoCXCmmLPLaIsY=", "A+VlB+XR92aS2txcqdoEfCb3QqZ89UHRDE87bcK7JiU=", "HhgSw1jzUj25LbExsCl8FbDRO6eJnxb9iGu259pM3ms=", "gpAC2IEHOQH0Mluo3QTOJzs2KTswWJ+2JiODSInqpyg=", "Ag03a73jphtOkMBVhp+MkrJwDkx2NE69NESHMFcwcfI=", "xbDsGnxf1siByWHEuiK85p0reQCaKKWUjf8YNl9s/Vo="], - "checkpoint": { - "envelope": "log2025-alpha1.rekor.sigstage.dev\n6611\noAIwoOiwvcPNs87ZrwYZnoe2nFt4Cei0eyCdvMDyPTI\u003d\n\n— log2025-alpha1.rekor.sigstage.dev 8w1amVKLn3ccD2kYYAyungw1LTii2Cj0aEjUM5XME1qwBLgT46SMOQgbcUcPNjgrrjgKNdYUHnw7gHCok2+vkx0+Xgw\u003d\n" - } - }, - "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjIiLCJraW5kIjoiZHNzZSIsInNwZWMiOnsiZHNzZVYwMDIiOnsicGF5bG9hZEhhc2giOnsiYWxnb3JpdGhtIjoiU0hBMl8yNTYiLCJkaWdlc3QiOiIxcklKdXAzZU94N2w3ZXU0alJzYmtYdHk3cllVTW81N3BtZjF0NnR3NlljPSJ9LCJzaWduYXR1cmVzIjpbeyJjb250ZW50IjoiTUVVQ0lRQ1FkNUdwVkNlZGdld3BjMkpEakdmV2pIYmYycDl4dEEzRWlvWWIvQTVvWHdJZ0RiazdCN3Z0YkNucDl2MStiL3JxeTdhb3NVYXUxODJZZzBlUHJOUG1oRnc9IiwidmVyaWZpZXIiOnsia2V5RGV0YWlscyI6IlBLSVhfRUNEU0FfUDI1Nl9TSEFfMjU2IiwieDUwOUNlcnRpZmljYXRlIjp7InJhd0J5dGVzIjoiTUlJQ3h6Q0NBa3lnQXdJQkFnSVVYSXQ1RjNJUlRKYXdaQThJaW02am5PWXBtRmd3Q2dZSUtvWkl6ajBFQXdNd056RVZNQk1HQTFVRUNoTU1jMmxuYzNSdmNtVXVaR1YyTVI0d0hBWURWUVFERXhWemFXZHpkRzl5WlMxcGJuUmxjbTFsWkdsaGRHVXdIaGNOTWpVd056SXpNREUxTmpNM1doY05NalV3TnpJek1ESXdOak0zV2pBQU1Ga3dFd1lIS29aSXpqMENBUVlJS29aSXpqMERBUWNEUWdBRXo4WWFwb0FOQmRWUGFaeHBzMUVaS1d4RFVnL2dST1F4RDBtVlcxUU9iVTJKVEU3N1JvWDR3U2pIRnE3aDBXUDFDYUd4YktCS0NaUXFjTVlDd0xTc1pxT0NBV3N3Z2dGbk1BNEdBMVVkRHdFQi93UUVBd0lIZ0RBVEJnTlZIU1VFRERBS0JnZ3JCZ0VGQlFjREF6QWRCZ05WSFE0RUZnUVV0UkFIS1Znak9vV3k3UVNBeHJQZFRFQUF2MEl3SHdZRFZSMGpCQmd3Rm9BVWNZWXdwaFI4WW0vNTk5YjBCUnAvWC8vcmI2d3dIUVlEVlIwUkFRSC9CQk13RVlFUFlYQndkVUJuYjI5bmJHVXVZMjl0TUNrR0Npc0dBUVFCZzc4d0FRRUVHMmgwZEhCek9pOHZZV05qYjNWdWRITXVaMjl2WjJ4bExtTnZiVEFyQmdvckJnRUVBWU8vTUFFSUJCME1HMmgwZEhCek9pOHZZV05qYjNWdWRITXVaMjl2WjJ4bExtTnZiVENCaUFZS0t3WUJCQUhXZVFJRUFnUjZCSGdBZGdCMEFDc3d2TnhvaU1uaTRkZ21LVjUwSDBnNU1aWUM4cHd6eTE1RFFQNnlySVo2QUFBQm1EVC9PSDRBQUFRREFFVXdRd0lnWFVzcnJNL05qU2pkOG1pYU5hQmUyeFkweGo2MFBtN1BWQmZPck5COCtUUUNIMWJ1WFBVNnpvWlhieFJFNXcyemZwbWhvK0Y3WjVnQnVxZkt4dUhMc1hrd0NnWUlLb1pJemowRUF3TURhUUF3WmdJeEFJajZiOCswdzQ0b1B2ZmhxUUlQT3p2UWxKWTRBUGt4MlJlNUkzYmxyRFhIMUVzTVA2L0E1dkZueTh6dW1pd2o1Z0l4QUxvU1M4L2tPbXd3cnpINUllZktZd3VNUkNQSkhrajF1QUg3aERxaE4yaTFXSzZUM2NUYWxYaEhDR1dvRXl2NjB3PT0ifX19XX19fQ==" - }], - "timestampVerificationData": { - "rfc3161Timestamps": [{ - "signedTimestamp": "MIIC0zADAgEAMIICygYJKoZIhvcNAQcCoIICuzCCArcCAQMxDTALBglghkgBZQMEAgEwgcIGCyqGSIb3DQEJEAEEoIGyBIGvMIGsAgEBBgkrBgEEAYO/MAIwMTANBglghkgBZQMEAgEFAAQgoH07w11OUpHxP7JvbvGdbbHVUZOs6Io72DvhZwPiqkUCFEIVSsJGdW4IRQl/Gfuzm+xlPZ32GA8yMDI1MDcyMzAxNTYzOFowAwIBAQIJALUNS91gOUJyoDKkMDAuMRUwEwYDVQQKEwxzaWdzdG9yZS5kZXYxFTATBgNVBAMTDHNpZ3N0b3JlLXRzYaAAMYIB2jCCAdYCAQEwUTA5MRUwEwYDVQQKEwxzaWdzdG9yZS5kZXYxIDAeBgNVBAMTF3NpZ3N0b3JlLXRzYS1zZWxmc2lnbmVkAhQKNaEGYdXiQXPGiZan8n3yfgN8pzALBglghkgBZQMEAgGggfwwGgYJKoZIhvcNAQkDMQ0GCyqGSIb3DQEJEAEEMBwGCSqGSIb3DQEJBTEPFw0yNTA3MjMwMTU2MzhaMC8GCSqGSIb3DQEJBDEiBCA9rWes2hX785eWIhdYgCs/c9RM9m6wVfVQRNzZzvhcrzCBjgYLKoZIhvcNAQkQAi8xfzB9MHsweQQgBvT/4Ef+s1mZtzOw16MjUBz8GOTAM2aoRdd1NudLJ0QwVTA9pDswOTEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MSAwHgYDVQQDExdzaWdzdG9yZS10c2Etc2VsZnNpZ25lZAIUCjWhBmHV4kFzxomWp/J98n4DfKcwCgYIKoZIzj0EAwIEZjBkAjB4LnECzOgwVRxF1ne0ZzwZF2hatQkQrzBOjQvZmo5z+urmpG0MR+3idz/EfgDlNUkCMHD0igjYHO4T5XcVoyiIYd9Frkpl1hZfUX7QgQb0WyJLxQcZFgV8r+46bdTowCRb8A==" - }] - }, "certificate": { - "rawBytes": "MIICxzCCAkygAwIBAgIUXIt5F3IRTJawZA8Iim6jnOYpmFgwCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjUwNzIzMDE1NjM3WhcNMjUwNzIzMDIwNjM3WjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEz8YapoANBdVPaZxps1EZKWxDUg/gROQxD0mVW1QObU2JTE77RoX4wSjHFq7h0WP1CaGxbKBKCZQqcMYCwLSsZqOCAWswggFnMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUtRAHKVgjOoWy7QSAxrPdTEAAv0IwHwYDVR0jBBgwFoAUcYYwphR8Ym/599b0BRp/X//rb6wwHQYDVR0RAQH/BBMwEYEPYXBwdUBnb29nbGUuY29tMCkGCisGAQQBg78wAQEEG2h0dHBzOi8vYWNjb3VudHMuZ29vZ2xlLmNvbTArBgorBgEEAYO/MAEIBB0MG2h0dHBzOi8vYWNjb3VudHMuZ29vZ2xlLmNvbTCBiAYKKwYBBAHWeQIEAgR6BHgAdgB0ACswvNxoiMni4dgmKV50H0g5MZYC8pwzy15DQP6yrIZ6AAABmDT/OH4AAAQDAEUwQwIgXUsrrM/NjSjd8miaNaBe2xY0xj60Pm7PVBfOrNB8+TQCH1buXPU6zoZXbxRE5w2zfpmho+F7Z5gBuqfKxuHLsXkwCgYIKoZIzj0EAwMDaQAwZgIxAIj6b8+0w44oPvfhqQIPOzvQlJY4APkx2Re5I3blrDXH1EsMP6/A5vFny8zumiwj5gIxALoSS8/kOmwwrzH5IefKYwuMRCPJHkj1uAH7hDqhN2i1WK6T3cTalXhHCGWoEyv60w==" + "rawBytes": "MIIIPjCCB8OgAwIBAgIUeM3NlSziGqyL9eZI60oZxLb9zagwCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjYwNTEzMTkyMzMyWhcNMjYwNTEzMTkzMzMyWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE1QyGuXvW6qw/A8ZGhPMkTgNtuI5KD78Melrj2MiRes4Q/35YI+tC14XKYjQDQDgIOVODYXt948sJw9zG7gXMkKOCBuIwggbeMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUMz1orfizj2bmeTSSIKuK9zh5iPcwHwYDVR0jBBgwFoAUcYYwphR8Ym/599b0BRp/X//rb6wwgaUGA1UdEQEB/wSBmjCBl4aBlGh0dHBzOi8vZ2l0aHViLmNvbS9zaWdzdG9yZS1jb25mb3JtYW5jZS9leHRyZW1lbHktZGFuZ2Vyb3VzLXB1YmxpYy1vaWRjLWJlYWNvbi8uZ2l0aHViL3dvcmtmbG93cy9leHRyZW1lbHktZGFuZ2Vyb3VzLW9pZGMtYmVhY29uLnltbEByZWZzL2hlYWRzL21haW4wOQYKKwYBBAGDvzABAQQraHR0cHM6Ly90b2tlbi5hY3Rpb25zLmdpdGh1YnVzZXJjb250ZW50LmNvbTAfBgorBgEEAYO/MAECBBF3b3JrZmxvd19kaXNwYXRjaDA2BgorBgEEAYO/MAEDBCg5NzdlOGQwODU1NGNhOWJkYTI3OWM5NmU5MWJlMjExOWZiNjdjNzMwMC0GCisGAQQBg78wAQQEH0V4dHJlbWVseSBkYW5nZXJvdXMgT0lEQyBiZWFjb24wSQYKKwYBBAGDvzABBQQ7c2lnc3RvcmUtY29uZm9ybWFuY2UvZXh0cmVtZWx5LWRhbmdlcm91cy1wdWJsaWMtb2lkYy1iZWFjb24wHQYKKwYBBAGDvzABBgQPcmVmcy9oZWFkcy9tYWluMDsGCisGAQQBg78wAQgELQwraHR0cHM6Ly90b2tlbi5hY3Rpb25zLmdpdGh1YnVzZXJjb250ZW50LmNvbTCBpgYKKwYBBAGDvzABCQSBlwyBlGh0dHBzOi8vZ2l0aHViLmNvbS9zaWdzdG9yZS1jb25mb3JtYW5jZS9leHRyZW1lbHktZGFuZ2Vyb3VzLXB1YmxpYy1vaWRjLWJlYWNvbi8uZ2l0aHViL3dvcmtmbG93cy9leHRyZW1lbHktZGFuZ2Vyb3VzLW9pZGMtYmVhY29uLnltbEByZWZzL2hlYWRzL21haW4wOAYKKwYBBAGDvzABCgQqDCg5NzdlOGQwODU1NGNhOWJkYTI3OWM5NmU5MWJlMjExOWZiNjdjNzMwMB0GCisGAQQBg78wAQsEDwwNZ2l0aHViLWhvc3RlZDBeBgorBgEEAYO/MAEMBFAMTmh0dHBzOi8vZ2l0aHViLmNvbS9zaWdzdG9yZS1jb25mb3JtYW5jZS9leHRyZW1lbHktZGFuZ2Vyb3VzLXB1YmxpYy1vaWRjLWJlYWNvbjA4BgorBgEEAYO/MAENBCoMKDk3N2U4ZDA4NTU0Y2E5YmRhMjc5Yzk2ZTkxYmUyMTE5ZmI2N2M3MzAwHwYKKwYBBAGDvzABDgQRDA9yZWZzL2hlYWRzL21haW4wGQYKKwYBBAGDvzABDwQLDAk2MzI1OTY4OTcwNwYKKwYBBAGDvzABEAQpDCdodHRwczovL2dpdGh1Yi5jb20vc2lnc3RvcmUtY29uZm9ybWFuY2UwGQYKKwYBBAGDvzABEQQLDAkxMzE4MDQ1NjMwgaYGCisGAQQBg78wARIEgZcMgZRodHRwczovL2dpdGh1Yi5jb20vc2lnc3RvcmUtY29uZm9ybWFuY2UvZXh0cmVtZWx5LWRhbmdlcm91cy1wdWJsaWMtb2lkYy1iZWFjb24vLmdpdGh1Yi93b3JrZmxvd3MvZXh0cmVtZWx5LWRhbmdlcm91cy1vaWRjLWJlYWNvbi55bWxAcmVmcy9oZWFkcy9tYWluMDgGCisGAQQBg78wARMEKgwoOTc3ZThkMDg1NTRjYTliZGEyNzljOTZlOTFiZTIxMTlmYjY3YzczMDAhBgorBgEEAYO/MAEUBBMMEXdvcmtmbG93X2Rpc3BhdGNoMIGCBgorBgEEAYO/MAEVBHQMcmh0dHBzOi8vZ2l0aHViLmNvbS9zaWdzdG9yZS1jb25mb3JtYW5jZS9leHRyZW1lbHktZGFuZ2Vyb3VzLXB1YmxpYy1vaWRjLWJlYWNvbi9hY3Rpb25zL3J1bnMvMjU4MjEyODIwNTkvYXR0ZW1wdHMvMTAWBgorBgEEAYO/MAEWBAgMBnB1YmxpYzCBlQYKKwYBBAHWeQIEAgSBhgSBgwCBAH8APmBxU3RuGJLgkLI2sUl2Jy9ntE1vks5vdxFKtyKgprYAAAGeIstZkAAIAAAFAAAN3hQEAwBIMEYCIQC21zfS/kOLTPP8uvSrAJ286X4dw5beF3pgCtHp3FsvbAIhAMR7wwTWf9++dtLPpMlRmvzOC2gwgS4j9f7eRLw2txXMMAoGCCqGSM49BAMDA2kAMGYCMQDoTVmOTK23t5eE/1BMr7GPxiyvF3+D8XJ/Okx7TRHuizJjlNF5dNRWLXRkp9okFrcCMQDQppyt8F1tbFc8mQqirwA90eyEJfBVjG4D0loN6t7JwKrO+K/QuoE8B1mozTZixIc=" + }, + "tlogEntries": [ + { + "logIndex": "4026478", + "logId": { + "keyId": "09OnDKEw7/hpZiYVPoTRzRbglHk0sylsUovegnRUlJY=" + }, + "kindVersion": { + "kind": "hashedrekord", + "version": "0.0.2" + }, + "inclusionProof": { + "logIndex": "4026478", + "rootHash": "5iaX4xK6PMnp4ZFTP4iywMcwLgaTjzgRTkrTOUFIrfY=", + "treeSize": "4026479", + "hashes": [ + "y9eH/Cl/glEuLMKtwV0bgZ+a1P/AjoPyvu/iUeanaIM=", + "nrNQ2vb5JM2No6zELZt05onTYzqQOwDUcs24jAa6lzk=", + "HfZO2uZZbokwORUD/0dMRpBEouo33Ab2nQ2N6r4v688=", + "grMdYn8tE73JvJU8Ixk4hl8/fKu06hUdgpPNsuAfb7o=", + "i1gQ61xe3f9MP09y2e9Z4n5ZnDiFuqQmTK/u7Gji4Ws=", + "TkPA4Mv4plM3c6oejf5r+PqVxfMPk0x+QAjumzaswsU=", + "wGq46RfkA9tCYZ2CCOOMGQttyhHIqMksBAl+soDBgRw=", + "WPWftR+8Qjv3qiIBp48n3PiweejcpuHjokhaSIJaUOo=", + "kgGccNZjCDNKiQBUSPorZcTXoy9T0OIygUNX2V9tF7s=", + "7vMeapYqpjDZc8itt3uF6dGxL5qkbFsQ18jBiblH/5g=", + "ma8nVjhpJ0JmgSzaxhxP7bvHXtiZC6nJXIBmDV8kNAI=", + "CZJWJtYZFYWwC+DsEiCMnWled/ED66viI0Wz/L+9vxk=", + "Y8Q9QaTpqRAlSoWnNwyYGDerVLL1f6b8osmbDYEF6og=" + ], + "checkpoint": { + "envelope": "log2025-alpha3.rekor.sigstage.dev\n4026479\n5iaX4xK6PMnp4ZFTP4iywMcwLgaTjzgRTkrTOUFIrfY=\n\n— log2025-alpha3.rekor.sigstage.dev 09OnDHwVrKeXjBYQ4NJ5EoENdtpBwZcV3X8n+cAZFIk+8LBPKEpZcKqoN2CfjGw0zlQwt+U2pLt5UyYEFv+STPHPmQg=\n— witness.stagemole.eu Z/euoAAAAABqBM+21mV7JbHwWmLP20ZSpNWneHMkITOPopt+Vj1MoJSILqOIPpx93pbRfA0U+Eq5IiJjEUhG1JwGhPCJEUT5yDcFDg==\n— staging.witness.transparency.goog/ring-any-bells LhqNyQAAAABqBM+2Ob9EtpF9h6IUMXc/LTRkkXiNAgbbohBxHekby1oASdDtPLkgZLmBHH73DF25f2L8xGgp/qVwoZK5thKXc6XnCw==\n— witness.navigli.sunlight.geomys.org o+AP4gAAAABqBM+2NoYlK4g3lkC5QltDB6f2F9U8yF6+8kXKjLKHAYvSDJ3u5dZufSU3bz+AtJMdOoMixoFJBkQ397WY/mE0i9tlCg==\n" + } + }, + "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjIiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJoYXNoZWRSZWtvcmRWMDAyIjp7ImRhdGEiOnsiYWxnb3JpdGhtIjoiU0hBMl8yNTYiLCJkaWdlc3QiOiJWL0lUWEZsTWY1Tmc1NXBVSXNLUitJZU5TdVhGT2J3RTNLUmRwajE4TGhFPSJ9LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FVUNJUUNRUTExbnNvVGFPNTIvTUM0OGcwN21qQVRkeEQ4Nnl3ZHUzTnhKVWpIN3lBSWdXR2MrTVIzZUlBb1d1OEpFMVFNMllEc2xwb0ZBek1WV3BOMTE1ZkNLdXFnPSIsInZlcmlmaWVyIjp7ImtleURldGFpbHMiOiJQS0lYX0VDRFNBX1AyNTZfU0hBXzI1NiIsIng1MDlDZXJ0aWZpY2F0ZSI6eyJyYXdCeXRlcyI6Ik1JSUlQakNDQjhPZ0F3SUJBZ0lVZU0zTmxTemlHcXlMOWVaSTYwb1p4TGI5emFnd0NnWUlLb1pJemowRUF3TXdOekVWTUJNR0ExVUVDaE1NYzJsbmMzUnZjbVV1WkdWMk1SNHdIQVlEVlFRREV4VnphV2R6ZEc5eVpTMXBiblJsY20xbFpHbGhkR1V3SGhjTk1qWXdOVEV6TVRreU16TXlXaGNOTWpZd05URXpNVGt6TXpNeVdqQUFNRmt3RXdZSEtvWkl6ajBDQVFZSUtvWkl6ajBEQVFjRFFnQUUxUXlHdVh2VzZxdy9BOFpHaFBNa1RnTnR1STVLRDc4TWVscmoyTWlSZXM0US8zNVlJK3RDMTRYS1lqUURRRGdJT1ZPRFlYdDk0OHNKdzl6RzdnWE1rS09DQnVJd2dnYmVNQTRHQTFVZER3RUIvd1FFQXdJSGdEQVRCZ05WSFNVRUREQUtCZ2dyQmdFRkJRY0RBekFkQmdOVkhRNEVGZ1FVTXoxb3JmaXpqMmJtZVRTU0lLdUs5emg1aVBjd0h3WURWUjBqQkJnd0ZvQVVjWVl3cGhSOFltLzU5OWIwQlJwL1gvL3JiNnd3Z2FVR0ExVWRFUUVCL3dTQm1qQ0JsNGFCbEdoMGRIQnpPaTh2WjJsMGFIVmlMbU52YlM5emFXZHpkRzl5WlMxamIyNW1iM0p0WVc1alpTOWxlSFJ5WlcxbGJIa3RaR0Z1WjJWeWIzVnpMWEIxWW14cFl5MXZhV1JqTFdKbFlXTnZiaTh1WjJsMGFIVmlMM2R2Y210bWJHOTNjeTlsZUhSeVpXMWxiSGt0WkdGdVoyVnliM1Z6TFc5cFpHTXRZbVZoWTI5dUxubHRiRUJ5WldaekwyaGxZV1J6TDIxaGFXNHdPUVlLS3dZQkJBR0R2ekFCQVFRcmFIUjBjSE02THk5MGIydGxiaTVoWTNScGIyNXpMbWRwZEdoMVluVnpaWEpqYjI1MFpXNTBMbU52YlRBZkJnb3JCZ0VFQVlPL01BRUNCQkYzYjNKclpteHZkMTlrYVhOd1lYUmphREEyQmdvckJnRUVBWU8vTUFFREJDZzVOemRsT0dRd09EVTFOR05oT1dKa1lUSTNPV001Tm1VNU1XSmxNakV4T1daaU5qZGpOek13TUMwR0Npc0dBUVFCZzc4d0FRUUVIMFY0ZEhKbGJXVnNlU0JrWVc1blpYSnZkWE1nVDBsRVF5QmlaV0ZqYjI0d1NRWUtLd1lCQkFHRHZ6QUJCUVE3YzJsbmMzUnZjbVV0WTI5dVptOXliV0Z1WTJVdlpYaDBjbVZ0Wld4NUxXUmhibWRsY205MWN5MXdkV0pzYVdNdGIybGtZeTFpWldGamIyNHdIUVlLS3dZQkJBR0R2ekFCQmdRUGNtVm1jeTlvWldGa2N5OXRZV2x1TURzR0Npc0dBUVFCZzc4d0FRZ0VMUXdyYUhSMGNITTZMeTkwYjJ0bGJpNWhZM1JwYjI1ekxtZHBkR2gxWW5WelpYSmpiMjUwWlc1MExtTnZiVENCcGdZS0t3WUJCQUdEdnpBQkNRU0Jsd3lCbEdoMGRIQnpPaTh2WjJsMGFIVmlMbU52YlM5emFXZHpkRzl5WlMxamIyNW1iM0p0WVc1alpTOWxlSFJ5WlcxbGJIa3RaR0Z1WjJWeWIzVnpMWEIxWW14cFl5MXZhV1JqTFdKbFlXTnZiaTh1WjJsMGFIVmlMM2R2Y210bWJHOTNjeTlsZUhSeVpXMWxiSGt0WkdGdVoyVnliM1Z6TFc5cFpHTXRZbVZoWTI5dUxubHRiRUJ5WldaekwyaGxZV1J6TDIxaGFXNHdPQVlLS3dZQkJBR0R2ekFCQ2dRcURDZzVOemRsT0dRd09EVTFOR05oT1dKa1lUSTNPV001Tm1VNU1XSmxNakV4T1daaU5qZGpOek13TUIwR0Npc0dBUVFCZzc4d0FRc0VEd3dOWjJsMGFIVmlMV2h2YzNSbFpEQmVCZ29yQmdFRUFZTy9NQUVNQkZBTVRtaDBkSEJ6T2k4dloybDBhSFZpTG1OdmJTOXphV2R6ZEc5eVpTMWpiMjVtYjNKdFlXNWpaUzlsZUhSeVpXMWxiSGt0WkdGdVoyVnliM1Z6TFhCMVlteHBZeTF2YVdSakxXSmxZV052YmpBNEJnb3JCZ0VFQVlPL01BRU5CQ29NS0RrM04yVTRaREE0TlRVMFkyRTVZbVJoTWpjNVl6azJaVGt4WW1VeU1URTVabUkyTjJNM016QXdId1lLS3dZQkJBR0R2ekFCRGdRUkRBOXlaV1p6TDJobFlXUnpMMjFoYVc0d0dRWUtLd1lCQkFHRHZ6QUJEd1FMREFrMk16STFPVFk0T1Rjd053WUtLd1lCQkFHRHZ6QUJFQVFwRENkb2RIUndjem92TDJkcGRHaDFZaTVqYjIwdmMybG5jM1J2Y21VdFkyOXVabTl5YldGdVkyVXdHUVlLS3dZQkJBR0R2ekFCRVFRTERBa3hNekU0TURRMU5qTXdnYVlHQ2lzR0FRUUJnNzh3QVJJRWdaY01nWlJvZEhSd2N6b3ZMMmRwZEdoMVlpNWpiMjB2YzJsbmMzUnZjbVV0WTI5dVptOXliV0Z1WTJVdlpYaDBjbVZ0Wld4NUxXUmhibWRsY205MWN5MXdkV0pzYVdNdGIybGtZeTFpWldGamIyNHZMbWRwZEdoMVlpOTNiM0pyWm14dmQzTXZaWGgwY21WdFpXeDVMV1JoYm1kbGNtOTFjeTF2YVdSakxXSmxZV052Ymk1NWJXeEFjbVZtY3k5b1pXRmtjeTl0WVdsdU1EZ0dDaXNHQVFRQmc3OHdBUk1FS2d3b09UYzNaVGhrTURnMU5UUmpZVGxpWkdFeU56bGpPVFpsT1RGaVpUSXhNVGxtWWpZM1l6Y3pNREFoQmdvckJnRUVBWU8vTUFFVUJCTU1FWGR2Y210bWJHOTNYMlJwYzNCaGRHTm9NSUdDQmdvckJnRUVBWU8vTUFFVkJIUU1jbWgwZEhCek9pOHZaMmwwYUhWaUxtTnZiUzl6YVdkemRHOXlaUzFqYjI1bWIzSnRZVzVqWlM5bGVIUnlaVzFsYkhrdFpHRnVaMlZ5YjNWekxYQjFZbXhwWXkxdmFXUmpMV0psWVdOdmJpOWhZM1JwYjI1ekwzSjFibk12TWpVNE1qRXlPREl3TlRrdllYUjBaVzF3ZEhNdk1UQVdCZ29yQmdFRUFZTy9NQUVXQkFnTUJuQjFZbXhwWXpDQmxRWUtLd1lCQkFIV2VRSUVBZ1NCaGdTQmd3Q0JBSDhBUG1CeFUzUnVHSkxna0xJMnNVbDJKeTludEUxdmtzNXZkeEZLdHlLZ3ByWUFBQUdlSXN0WmtBQUlBQUFGQUFBTjNoUUVBd0JJTUVZQ0lRQzIxemZTL2tPTFRQUDh1dlNyQUoyODZYNGR3NWJlRjNwZ0N0SHAzRnN2YkFJaEFNUjd3d1RXZjkrK2R0TFBwTWxSbXZ6T0MyZ3dnUzRqOWY3ZVJMdzJ0eFhNTUFvR0NDcUdTTTQ5QkFNREEya0FNR1lDTVFEb1RWbU9USzIzdDVlRS8xQk1yN0dQeGl5dkYzK0Q4WEovT2t4N1RSSHVpekpqbE5GNWROUldMWFJrcDlva0ZyY0NNUURRcHB5dDhGMXRiRmM4bVFxaXJ3QTkwZXlFSmZCVmpHNEQwbG9ONnQ3SndLck8rSy9RdW9FOEIxbW96VFppeEljPSJ9fX19fX0=" + } + ], + "timestampVerificationData": { + "rfc3161Timestamps": [ + { + "signedTimestamp": "MIICyzADAgEAMIICwgYJKoZIhvcNAQcCoIICszCCAq8CAQMxDTALBglghkgBZQMEAgEwgbgGCyqGSIb3DQEJEAEEoIGoBIGlMIGiAgEBBgkrBgEEAYO/MAIwMTANBglghkgBZQMEAgEFAAQgWD/kdb0X6i1+GgKjU90CUYSfx1d7REuAvHJRjTz9hVECFQDl+Rm4z9uwI6k6kxhHO7k3oZ+T3BgPMjAyNjA1MTMxOTIzMzZaMAMCAQGgMqQwMC4xFTATBgNVBAoTDHNpZ3N0b3JlLmRldjEVMBMGA1UEAxMMc2lnc3RvcmUtdHNhoAAxggHcMIIB2AIBATBRMDkxFTATBgNVBAoTDHNpZ3N0b3JlLmRldjEgMB4GA1UEAxMXc2lnc3RvcmUtdHNhLXNlbGZzaWduZWQCFAo1oQZh1eJBc8aJlqfyffJ+A3ynMAsGCWCGSAFlAwQCAaCB/DAaBgkqhkiG9w0BCQMxDQYLKoZIhvcNAQkQAQQwHAYJKoZIhvcNAQkFMQ8XDTI2MDUxMzE5MjMzNlowLwYJKoZIhvcNAQkEMSIEIJwLGQJ8dEmSY92i0AkhXwpJ5J66dYbEr2f5jtQlKrEKMIGOBgsqhkiG9w0BCRACLzF/MH0wezB5BCAG9P/gR/6zWZm3M7DXoyNQHPwY5MAzZqhF13U250snRDBVMD2kOzA5MRUwEwYDVQQKEwxzaWdzdG9yZS5kZXYxIDAeBgNVBAMTF3NpZ3N0b3JlLXRzYS1zZWxmc2lnbmVkAhQKNaEGYdXiQXPGiZan8n3yfgN8pzAKBggqhkjOPQQDAgRoMGYCMQCdtq6trvjr9zZb27XykDqOhSCqBUt5+TtfKkfV50t2AWeJC6bh5oX6D+owAXswT4QCMQCMAY+vbUacSlSjgwyZe5LHk3H19/G4twkIT+1sUY0ZzLZ7mw1Oydm/015e4HkFD3w=" + } + ] } }, "dsseEnvelope": { - "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjEiLCJzdWJqZWN0IjpbeyJuYW1lIjoiYS50eHQiLCJkaWdlc3QiOnsic2hhMjU2IjoiYTBjZmM3MTI3MWQ2ZTI3OGU1N2NkMzMyZmY5NTdjM2Y3MDQzZmRkYTM1NGM0Y2JiMTkwYTMwZDU2ZWZhMDFiZiJ9fV0sInByZWRpY2F0ZVR5cGUiOiJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjEiLCJwcmVkaWNhdGUiOnsiYnVpbGREZWZpbml0aW9uIjp7ImJ1aWxkVHlwZSI6Imh0dHBzOi8vYWN0aW9ucy5naXRodWIuaW8vYnVpbGR0eXBlcy93b3JrZmxvdy92MSIsImV4dGVybmFsUGFyYW1ldGVycyI6eyJ3b3JrZmxvdyI6eyJyZWYiOiJyZWZzL2hlYWRzL21haW4iLCJyZXBvc2l0b3J5IjoiaHR0cHM6Ly9naXRodWIuY29tL2xvb3NlYmF6b29rYS9hYS10ZXN0IiwicGF0aCI6Ii5naXRodWIvd29ya2Zsb3dzL3Byb3ZlbmFuY2UueWFtbCJ9fSwiaW50ZXJuYWxQYXJhbWV0ZXJzIjp7ImdpdGh1YiI6eyJldmVudF9uYW1lIjoid29ya2Zsb3dfZGlzcGF0Y2giLCJyZXBvc2l0b3J5X2lkIjoiODkxNzE1NDQ0IiwicmVwb3NpdG9yeV9vd25lcl9pZCI6IjEzMDQ4MjYiLCJydW5uZXJfZW52aXJvbm1lbnQiOiJnaXRodWItaG9zdGVkIn19LCJyZXNvbHZlZERlcGVuZGVuY2llcyI6W3sidXJpIjoiZ2l0K2h0dHBzOi8vZ2l0aHViLmNvbS9sb29zZWJhem9va2EvYWEtdGVzdEByZWZzL2hlYWRzL21haW4iLCJkaWdlc3QiOnsiZ2l0Q29tbWl0IjoiZWJmZjhkZmJkNjA5YjdiMjIyMzdjNzcxOWNlMDdmMmRjNzkzNGY1ZiJ9fV19LCJydW5EZXRhaWxzIjp7ImJ1aWxkZXIiOnsiaWQiOiJodHRwczovL2dpdGh1Yi5jb20vbG9vc2ViYXpvb2thL2FhLXRlc3QvLmdpdGh1Yi93b3JrZmxvd3MvcHJvdmVuYW5jZS55YW1sQHJlZnMvaGVhZHMvbWFpbiJ9LCJtZXRhZGF0YSI6eyJpbnZvY2F0aW9uSWQiOiJodHRwczovL2dpdGh1Yi5jb20vbG9vc2ViYXpvb2thL2FhLXRlc3QvYWN0aW9ucy9ydW5zLzExOTQxNDI1NDg3L2F0dGVtcHRzLzEifX19fQ==", + "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjEiLCJzdWJqZWN0IjpbeyJuYW1lIjoiYS50eHQiLCJkaWdlc3QiOnsic2hhMjU2IjoiYTBjZmM3MTI3MWQ2ZTI3OGU1N2NkMzMyZmY5NTdjM2Y3MDQzZmRkYTM1NGM0Y2JiMTkwYTMwZDU2ZWZhMDFiZiJ9fV0sInByZWRpY2F0ZVR5cGUiOiJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjEiLCJwcmVkaWNhdGUiOnsiYnVpbGREZWZpbml0aW9uIjp7ImJ1aWxkVHlwZSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9zaWdzdG9yZS1jb25mb3JtYW5jZS9yZWtvcjItZHNzZS1oYXNoZWRyZWtvcmQtcmVnZW4ifSwicnVuRGV0YWlscyI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9naXRodWIuY29tL3NpZ3N0b3JlLWNvbmZvcm1hbmNlL3Jla29yMi1kc3NlLWhhc2hlZHJla29yZC1yZWdlbiJ9fX19", "payloadType": "application/vnd.in-toto+json", - "signatures": [{ - "sig": "MEYCIQCkNCQpMWfAbq+tIwicACgKN+BR+GleQNvdQXB137b+gwIhANp0c1JC8gCSylSG6UFkEXzUwU/Y7Ba0rBrAZAT2yqoe" - }] + "signatures": [ + { + "sig": "MEUCIQCgdnmnfji2dSYZ5Bk/9i6aXcuIRj5uaf9v1WRTD5bsUAIgU206JXzdef4+LtEGMsv2Q3ZyWxykmRY5t/4EbQodlX4=" + } + ] } } diff --git a/sigstore-java/src/test/resources/dev/sigstore/samples/bundles/bundle.dsse.rekor-v2.sigstore b/sigstore-java/src/test/resources/dev/sigstore/samples/bundles/bundle.dsse.rekor-v2.sigstore index 2b6b6d02..ab4ef344 100644 --- a/sigstore-java/src/test/resources/dev/sigstore/samples/bundles/bundle.dsse.rekor-v2.sigstore +++ b/sigstore-java/src/test/resources/dev/sigstore/samples/bundles/bundle.dsse.rekor-v2.sigstore @@ -1 +1,40 @@ -{"mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", "verificationMaterial": {"certificate": {"rawBytes": "MIICyzCCAlKgAwIBAgIUMjDNrL/ZpriwSc+lM+0mnq5EFyIwCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjUwNzIzMTk1MDIyWhcNMjUwNzIzMjAwMDIyWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEE9LbVCgJscxGQF0RtZZWmIbJvkMEKuqQqg1eQsJ/qQK1Nh2VMDjZqfWBoc1u1cBFeBpChVHY83edhztO8Jx52aOCAXEwggFtMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUJvm5ncCyW6avs3RqBIXXtrMRGEswHwYDVR0jBBgwFoAUcYYwphR8Ym/599b0BRp/X//rb6wwIQYDVR0RAQH/BBcwFYETYWFyb25sZXdAZ29vZ2xlLmNvbTApBgorBgEEAYO/MAEBBBtodHRwczovL2FjY291bnRzLmdvb2dsZS5jb20wKwYKKwYBBAGDvzABCAQdDBtodHRwczovL2FjY291bnRzLmdvb2dsZS5jb20wgYoGCisGAQQB1nkCBAIEfAR6AHgAdgArMLzcaIjJ4uHYJiledB9IOTGWAvKcM8teQ0D+sqyGegAAAZg41kFVAAAEAwBHMEUCIEENnFN8ER4UNtH/nSBTirhvUZr7ICsOIBBN9vYAjz4pAiEArtD1UwqX5s5GB2eEFj4K/01Eh2K0wzQIGDa2YeS+hTwwCgYIKoZIzj0EAwMDZwAwZAIwYPr0dXtDc1iEraYMm1FemlXVH2o84E6kz1/RgQ623kyMFQR0XxXWavwCB89k6oecAjAcMKRHly449ScmfECUwUQ+gLxaJkrj4tGkWKIoUJm1J4jyfN6+7GT5T4n1iJLDBVM="}, "tlogEntries": [{"logIndex": "6883", "logId": {"keyId": "8w1amZ2S5mJIQkQmPxdMuOrL/oJkvFg9MnQXmeOCXck="}, "kindVersion": {"kind": "dsse", "version": "0.0.2"}, "inclusionProof": {"logIndex": "6883", "rootHash": "3PBfVgP7khx41FlnyPpz8uHwHgOwAy9eUaEGoJEpWS4=", "treeSize": "6884", "hashes": ["vG3789z3en7YY3+8TOMH3EoNH0l3Z+nEafcCSQla9ac=", "pUx4FWhp5snrjfhiDBFRZn5Ib3Om9PmIJKR/X8FKt6o=", "rul+526SZeq9WeyupR6VYddH+cFHJnCpolYwl1Akbx4=", "/WSx54v3EqBwQlFEzk+ovLearmtjbNDfjNyHfAL0iHk=", "Ezo3FTVCd4Kzk1oPeT3rNLZhvRsGZN/66ONX81DrJ0M=", "tnv06iEfRP1UrMtn7D7v4lA+1VfpdI3ioGcQRJLMoP0=", "Ag03a73jphtOkMBVhp+MkrJwDkx2NE69NESHMFcwcfI=", "xbDsGnxf1siByWHEuiK85p0reQCaKKWUjf8YNl9s/Vo="], "checkpoint": {"envelope": "log2025-alpha1.rekor.sigstage.dev\n6884\n3PBfVgP7khx41FlnyPpz8uHwHgOwAy9eUaEGoJEpWS4=\n\n\u2014 log2025-alpha1.rekor.sigstage.dev 8w1amd9Jy5UcYJbfxsSogkHmrj1wbtv3g4IWtZ4rspPxgWyDUrbQI7W0T4gHrjLM5IUbkoTmKRQoZsXTgmMgZ8B8ywk=\n"}}, "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjIiLCJraW5kIjoiZHNzZSIsInNwZWMiOnsiZHNzZVYwMDIiOnsicGF5bG9hZEhhc2giOnsiYWxnb3JpdGhtIjoiU0hBMl8yNTYiLCJkaWdlc3QiOiI5VmpkVnVPcGN5SEtnOFlsbWhuRjZXWXhrOHVvRXRSWHplS0FmcSt0WnIwPSJ9LCJzaWduYXR1cmVzIjpbeyJjb250ZW50IjoiTUVZQ0lRQ1psOS9laWVMOXdDUVhRY01uSmJYMis2cko5RTF0dm5EZTZPbkFwUFhLMGdJaEFKeUxiek1pZXFiY0o0VWZ6RkxKeG1GNUc3Y1FhRjhKTDZUZFFVd3JpdXY0IiwidmVyaWZpZXIiOnsia2V5RGV0YWlscyI6IlBLSVhfRUNEU0FfUDI1Nl9TSEFfMjU2IiwieDUwOUNlcnRpZmljYXRlIjp7InJhd0J5dGVzIjoiTUlJQ3l6Q0NBbEtnQXdJQkFnSVVNakROckwvWnByaXdTYytsTSswbW5xNUVGeUl3Q2dZSUtvWkl6ajBFQXdNd056RVZNQk1HQTFVRUNoTU1jMmxuYzNSdmNtVXVaR1YyTVI0d0hBWURWUVFERXhWemFXZHpkRzl5WlMxcGJuUmxjbTFsWkdsaGRHVXdIaGNOTWpVd056SXpNVGsxTURJeVdoY05NalV3TnpJek1qQXdNREl5V2pBQU1Ga3dFd1lIS29aSXpqMENBUVlJS29aSXpqMERBUWNEUWdBRUU5TGJWQ2dKc2N4R1FGMFJ0WlpXbUliSnZrTUVLdXFRcWcxZVFzSi9xUUsxTmgyVk1EalpxZldCb2MxdTFjQkZlQnBDaFZIWTgzZWRoenRPOEp4NTJhT0NBWEV3Z2dGdE1BNEdBMVVkRHdFQi93UUVBd0lIZ0RBVEJnTlZIU1VFRERBS0JnZ3JCZ0VGQlFjREF6QWRCZ05WSFE0RUZnUVVKdm01bmNDeVc2YXZzM1JxQklYWHRyTVJHRXN3SHdZRFZSMGpCQmd3Rm9BVWNZWXdwaFI4WW0vNTk5YjBCUnAvWC8vcmI2d3dJUVlEVlIwUkFRSC9CQmN3RllFVFlXRnliMjVzWlhkQVoyOXZaMnhsTG1OdmJUQXBCZ29yQmdFRUFZTy9NQUVCQkJ0b2RIUndjem92TDJGalkyOTFiblJ6TG1kdmIyZHNaUzVqYjIwd0t3WUtLd1lCQkFHRHZ6QUJDQVFkREJ0b2RIUndjem92TDJGalkyOTFiblJ6TG1kdmIyZHNaUzVqYjIwd2dZb0dDaXNHQVFRQjFua0NCQUlFZkFSNkFIZ0FkZ0FyTUx6Y2FJako0dUhZSmlsZWRCOUlPVEdXQXZLY004dGVRMEQrc3F5R2VnQUFBWmc0MWtGVkFBQUVBd0JITUVVQ0lFRU5uRk44RVI0VU50SC9uU0JUaXJodlVacjdJQ3NPSUJCTjl2WUFqejRwQWlFQXJ0RDFVd3FYNXM1R0IyZUVGajRLLzAxRWgySzB3elFJR0RhMlllUytoVHd3Q2dZSUtvWkl6ajBFQXdNRFp3QXdaQUl3WVByMGRYdERjMWlFcmFZTW0xRmVtbFhWSDJvODRFNmt6MS9SZ1E2MjNreU1GUVIwWHhYV2F2d0NCODlrNm9lY0FqQWNNS1JIbHk0NDlTY21mRUNVd1VRK2dMeGFKa3JqNHRHa1dLSW9VSm0xSjRqeWZONis3R1Q1VDRuMWlKTERCVk09In19fV19fX0="}], "timestampVerificationData": {"rfc3161Timestamps": [{"signedTimestamp": "MIIE6TADAgEAMIIE4AYJKoZIhvcNAQcCoIIE0TCCBM0CAQMxDTALBglghkgBZQMEAgEwgcIGCyqGSIb3DQEJEAEEoIGyBIGvMIGsAgEBBgkrBgEEAYO/MAIwMTANBglghkgBZQMEAgEFAAQgGHLmT/+u6DojuoqF81X1QeqgdFuIF0j7UYmOrfaqgiUCFBGYrUgXErfzFv7+j+Caoe5Uagg4GA8yMDI1MDcyMzE5NTAyMlowAwIBAQIJAOa3xjMvK5GjoDKkMDAuMRUwEwYDVQQKEwxzaWdzdG9yZS5kZXYxFTATBgNVBAMTDHNpZ3N0b3JlLXRzYaCCAhMwggIPMIIBlqADAgECAhQKNaEGYdXiQXPGiZan8n3yfgN8pzAKBggqhkjOPQQDAzA5MRUwEwYDVQQKEwxzaWdzdG9yZS5kZXYxIDAeBgNVBAMTF3NpZ3N0b3JlLXRzYS1zZWxmc2lnbmVkMB4XDTI1MDMyODA5MTQwNloXDTM1MDMyNjA4MTQwNlowLjEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MRUwEwYDVQQDEwxzaWdzdG9yZS10c2EwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATHW/kXcekP16Ae6SekEWVHPtAFEMm7hp5XO33MktFjSW+bHWUXtYEzZz0A3xkY9CyYOoeUk3ZH/v5HEuS+UvORzX0g7Hfy3uYYYRwHtqBQN0IX8rLdFMtIrRej/QCAdB2jajBoMA4GA1UdDwEB/wQEAwIHgDAdBgNVHQ4EFgQUqPxk9ijeLuY7c09UjFLE4ZzdU6UwHwYDVR0jBBgwFoAUOyBGWV61Mk1HMM5uY+5zdEfyBH0wFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgwCgYIKoZIzj0EAwMDZwAwZAIwRK9VLoYa0Xff4nX1N/AQ1YleNG/iLT8dAXAtRKRfpN9XuDScbxWeo0cku8SkC06NAjBQPe7LBNeitA/UOBtXT2sX1h6f4ISqz+ISmJ4lY+y3bzRJI5nk1r53I9WT3/xIWToxggHbMIIB1wIBATBRMDkxFTATBgNVBAoTDHNpZ3N0b3JlLmRldjEgMB4GA1UEAxMXc2lnc3RvcmUtdHNhLXNlbGZzaWduZWQCFAo1oQZh1eJBc8aJlqfyffJ+A3ynMAsGCWCGSAFlAwQCAaCB/DAaBgkqhkiG9w0BCQMxDQYLKoZIhvcNAQkQAQQwHAYJKoZIhvcNAQkFMQ8XDTI1MDcyMzE5NTAyMlowLwYJKoZIhvcNAQkEMSIEIOM5iKgzY5WzDUaZZCfd+WqilYB3hPNR5dedubOhel9XMIGOBgsqhkiG9w0BCRACLzF/MH0wezB5BCAG9P/gR/6zWZm3M7DXoyNQHPwY5MAzZqhF13U250snRDBVMD2kOzA5MRUwEwYDVQQKEwxzaWdzdG9yZS5kZXYxIDAeBgNVBAMTF3NpZ3N0b3JlLXRzYS1zZWxmc2lnbmVkAhQKNaEGYdXiQXPGiZan8n3yfgN8pzAKBggqhkjOPQQDAgRnMGUCMQCpzZZXVqicWuWohrGEoJqnxlI56up1QspAzfNwVecr6Kb/WIJpc5thx2/YHlEJMcACMHTGqJy4jBbYWP+vxkzT7smvrTf93MSNvWVuvujkSr+rLau6cLYVjAzK4y6chE0LkA=="}]}}, "dsseEnvelope": {"payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjEiLCJzdWJqZWN0IjpbeyJuYW1lIjoiYXJ0aWZhY3QudHh0IiwiZGlnZXN0Ijp7InNoYTI1NiI6ImEwY2ZjNzEyNzFkNmUyNzhlNTdjZDMzMmZmOTU3YzNmNzA0M2ZkZGEzNTRjNGNiYjE5MGEzMGQ1NmVmYTAxYmYifX1dLCJwcmVkaWNhdGVUeXBlIjoiaHR0cHM6Ly9zbHNhLmRldi9wcm92ZW5hbmNlL3YxIiwicHJlZGljYXRlIjp7ImJ1aWxkRGVmaW5pdGlvbiI6eyJidWlsZFR5cGUiOiJodHRwczovL2FjdGlvbnMuZ2l0aHViLmlvL2J1aWxkdHlwZXMvd29ya2Zsb3cvdjEiLCJleHRlcm5hbFBhcmFtZXRlcnMiOnsid29ya2Zsb3ciOnsicmVmIjoicmVmcy9oZWFkcy9tYWluIiwicmVwb3NpdG9yeSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9sb29zZWJhem9va2EvYWEtdGVzdCIsInBhdGgiOiIuZ2l0aHViL3dvcmtmbG93cy9wcm92ZW5hbmNlLnlhbWwifX0sImludGVybmFsUGFyYW1ldGVycyI6eyJnaXRodWIiOnsiZXZlbnRfbmFtZSI6IndvcmtmbG93X2Rpc3BhdGNoIiwicmVwb3NpdG9yeV9pZCI6Ijg5MTcxNTQ0NCIsInJlcG9zaXRvcnlfb3duZXJfaWQiOiIxMzA0ODI2IiwicnVubmVyX2Vudmlyb25tZW50IjoiZ2l0aHViLWhvc3RlZCJ9fSwicmVzb2x2ZWREZXBlbmRlbmNpZXMiOlt7InVyaSI6ImdpdCtodHRwczovL2dpdGh1Yi5jb20vbG9vc2ViYXpvb2thL2FhLXRlc3RAcmVmcy9oZWFkcy9tYWluIiwiZGlnZXN0Ijp7ImdpdENvbW1pdCI6ImViZmY4ZGZiZDYwOWI3YjIyMjM3Yzc3MTljZTA3ZjJkYzc5MzRmNWYifX1dfSwicnVuRGV0YWlscyI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9naXRodWIuY29tL2xvb3NlYmF6b29rYS9hYS10ZXN0Ly5naXRodWIvd29ya2Zsb3dzL3Byb3ZlbmFuY2UueWFtbEByZWZzL2hlYWRzL21haW4ifSwibWV0YWRhdGEiOnsiaW52b2NhdGlvbklkIjoiaHR0cHM6Ly9naXRodWIuY29tL2xvb3NlYmF6b29rYS9hYS10ZXN0L2FjdGlvbnMvcnVucy8xMTk0MTQyNTQ4Ny9hdHRlbXB0cy8xIn19fX0=", "payloadType": "application/vnd.in-toto+json", "signatures": [{"sig": "MEYCIQCZl9/eieL9wCQXQcMnJbX2+6rJ9E1tvnDe6OnApPXK0gIhAJyLbzMieqbcJ4UfzFLJxmF5G7cQaF8JL6TdQUwriuv4"}]}} +{ + "mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", + "verificationMaterial": { + "tlogEntries": [{ + "logIndex": "4855114", + "logId": { + "keyId": "zxGZFVvd0FEmjR8WrFwMdcAJ9vtaY/QXf44Y1wUeP6A=" + }, + "kindVersion": { + "kind": "hashedrekord", + "version": "0.0.2" + }, + "inclusionProof": { + "logIndex": "4855114", + "rootHash": "gDfQHcPSkLDVUd/xeZWPsqSB7RTR0ho07k15jgzLOpw=", + "treeSize": "4855115", + "hashes": ["aRZL/szw4ux5Z1bkEzjHOFvc0ZZViI2IkA7OTwYpEcM=", "kR4us392eg3w0hRqRnexneIv62Nn36bew88TGoKQD9w=", "zBgMHKQebztMpP9eR2jHuxhkzxMna+vebKTmGZiBjiQ=", "+iue0VkI7SZLyxnVEhBMG8s0J3JVIQU1l3DXbM8L0oI=", "82eSFCN2O3dP0jFRfn+3FucCiP3/fecKSnyOJ0hUCEc=", "ls8yhkXw2PgEuL24MH7kkNhVCOZjQqXU36uPc27hYiI=", "u2qY+l+Ndm3d9uQ/1KcKYeXlTK+jktofNB6nMnFkb2o=", "Rg1QTxC1Ag1H1bj1+44xJ3YzU3+DBayNGdzbbzixNKA=", "9Qzg8F3rbivd2Qo+aEdiFHlxyQZNgXWbIo5JFAUKqA4="], + "checkpoint": { + "envelope": "log2025-1.rekor.sigstore.dev\n4855115\ngDfQHcPSkLDVUd/xeZWPsqSB7RTR0ho07k15jgzLOpw\u003d\n\n— log2025-1.rekor.sigstore.dev zxGZFXYHvtV6cW22YJx1dWx9IiuUHw4BuXZ3X81JAgK8sWX/HBQH2QdlDapqjMkp9GcrITop7jUG979FyKaY7C7VvQM\u003d\n" + } + }, + "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjIiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJoYXNoZWRSZWtvcmRWMDAyIjp7ImRhdGEiOnsiYWxnb3JpdGhtIjoiU0hBMl8yNTYiLCJkaWdlc3QiOiJma1BYSnd0Tm51NHJ6cWZZa1N1ZExrSDRqU3ZldCtKM2dxOUhySHhHY2I0PSJ9LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FUUNJRURDSzJyRXNXTmt4L2tPTzMySHBiZDNvczZ3QkFsS3QxczBWNys3cW1xeEFpQkFmK29rdnluYmZmYVZMcG1nWUlUUHEyeStWQm9RT0NIUWxiVjJjaC9SQmc9PSIsInZlcmlmaWVyIjp7ImtleURldGFpbHMiOiJQS0lYX0VDRFNBX1AyNTZfU0hBXzI1NiIsIng1MDlDZXJ0aWZpY2F0ZSI6eyJyYXdCeXRlcyI6Ik1JSURHVENDQXArZ0F3SUJBZ0lVQjErcXJ5Mjg3S1RyZmVhRlJhanFpbyt5OWZ3d0NnWUlLb1pJemowRUF3TXdOekVWTUJNR0ExVUVDaE1NYzJsbmMzUnZjbVV1WkdWMk1SNHdIQVlEVlFRREV4VnphV2R6ZEc5eVpTMXBiblJsY20xbFpHbGhkR1V3SGhjTk1qWXdOakF6TVRreU16STJXaGNOTWpZd05qQXpNVGt6TXpJMldqQUFNRmt3RXdZSEtvWkl6ajBDQVFZSUtvWkl6ajBEQVFjRFFnQUVERjBZOHRjbTJxOGZUelNvN1FBd0RzbTlQUTFPbmYxeWF3QXhIWEU5RXQzZmFYdGNvb3J2VVlQR2dKZ3RsNTRvb1lHWldvUFozdkRGL3FmczhOaVJQcU9DQWI0d2dnRzZNQTRHQTFVZER3RUIvd1FFQXdJSGdEQVRCZ05WSFNVRUREQUtCZ2dyQmdFRkJRY0RBekFkQmdOVkhRNEVGZ1FVcTduY05uMC9yYUw0dWh1VkQ1QnZubDlJVW9vd0h3WURWUjBqQkJnd0ZvQVUzOVBwejFZa0VaYjVxTmpwS0ZXaXhpNFlaRDh3UndZRFZSMFJBUUgvQkQwd080RTVkVzUwY25WemRHVmtMWE5oUUhOcFozTjBiM0psTFdOdmJtWnZjbTFoYm1ObExtbGhiUzVuYzJWeWRtbGpaV0ZqWTI5MWJuUXVZMjl0TUNrR0Npc0dBUVFCZzc4d0FRRUVHMmgwZEhCek9pOHZZV05qYjNWdWRITXVaMjl2WjJ4bExtTnZiVEFyQmdvckJnRUVBWU8vTUFFSUJCME1HMmgwZEhCek9pOHZZV05qYjNWdWRITXVaMjl2WjJ4bExtTnZiVEFsQmdvckJnRUVBWU8vTUFFWUJCY01GVEV3TlRFME5EWXhPREEwT1RJME9EazJOakUzTnpDQmlnWUtLd1lCQkFIV2VRSUVBZ1I4QkhvQWVBQjJBTjA5TUdyR3h4RXlZeGtlSEpsbk53S2lTbDY0M2p5dC80ZUtjb0F2S2U2T0FBQUJubzd3ekVVQUFBUURBRWN3UlFJaEFKTzVIc1daNnZCU0haazdlWlJsSkJkL3BYVnlocE1zb3IyNnFpWDU4U2pIQWlCNUdqL1hqL3RzeEpNblVEWkxZejFoUVB1akJLYldsbExNM3ZKakQvM0lJakFLQmdncWhrak9QUVFEQXdOb0FEQmxBakJqVk1iVWs2ZTZ1dHcxR1I4LzkrK0JDTmxiQ1kxR01IKzFVOWZpQVZpc3VpSTZGVklIYTVSNTdHUDlkT1V1QzRZQ01RRExEQkdFMURlTG5reEwrN25wcGRmZU1rR0dZOE9OZHRvRGJ0SXpFRHVvZ0xkaURzZ1NxbFVBT1VUY1A2a0t5MWc9In19fX19fQ==" + }], + "timestampVerificationData": { + "rfc3161Timestamps": [{ + "signedTimestamp": "MIIC1jADAgEAMIICzQYJKoZIhvcNAQcCoIICvjCCAroCAQMxDTALBglghkgBZQMEAgEwgcMGCyqGSIb3DQEJEAEEoIGzBIGwMIGtAgEBBgkrBgEEAYO/MAIwMTANBglghkgBZQMEAgEFAAQgvraobS2GVwDcuhIBJmFhc8Ls46OCw3urr+EiVqAbZaACFQChspT9FIXsr4Cewk9LfyWQdbSSaxgPMjAyNjA2MDMxOTIzMjZaMAMCAQECCQDRvg++0VJYZaAypDAwLjEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MRUwEwYDVQQDEwxzaWdzdG9yZS10c2GgADGCAdwwggHYAgEBMFEwOTEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MSAwHgYDVQQDExdzaWdzdG9yZS10c2Etc2VsZnNpZ25lZAIUOhNULwyQYe68wUMvy4qOiyojiwwwCwYJYIZIAWUDBAIBoIH8MBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRABBDAcBgkqhkiG9w0BCQUxDxcNMjYwNjAzMTkyMzI2WjAvBgkqhkiG9w0BCQQxIgQgUdUi6vUAyFZ4xMmjXmdIo/Ff1zCzsS1ihwGCEhf5JdkwgY4GCyqGSIb3DQEJEAIvMX8wfTB7MHkEIIX5J7wHq2LKw7RDVsEO/IGyxog/2nq55thw2dE6zQW3MFUwPaQ7MDkxFTATBgNVBAoTDHNpZ3N0b3JlLmRldjEgMB4GA1UEAxMXc2lnc3RvcmUtdHNhLXNlbGZzaWduZWQCFDoTVC8MkGHuvMFDL8uKjosqI4sMMAoGCCqGSM49BAMCBGgwZgIxAMlnScf/BqEXZlb5SvPdTKCKH9Ys1qK3I3obY3t/C3jmVM2SN7He7sGyBt/2JMdxfwIxANuIZRt25TQN1RopM4R2Lf9VYccaDxMm7kzUYk9QlV1FmZdJrspDSMxarvpOE6W2ag==" + }] + }, + "certificate": { + "rawBytes": "MIIDGTCCAp+gAwIBAgIUB1+qry287KTrfeaFRajqio+y9fwwCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjYwNjAzMTkyMzI2WhcNMjYwNjAzMTkzMzI2WjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEDF0Y8tcm2q8fTzSo7QAwDsm9PQ1Onf1yawAxHXE9Et3faXtcoorvUYPGgJgtl54ooYGZWoPZ3vDF/qfs8NiRPqOCAb4wggG6MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUq7ncNn0/raL4uhuVD5Bvnl9IUoowHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wRwYDVR0RAQH/BD0wO4E5dW50cnVzdGVkLXNhQHNpZ3N0b3JlLWNvbmZvcm1hbmNlLmlhbS5nc2VydmljZWFjY291bnQuY29tMCkGCisGAQQBg78wAQEEG2h0dHBzOi8vYWNjb3VudHMuZ29vZ2xlLmNvbTArBgorBgEEAYO/MAEIBB0MG2h0dHBzOi8vYWNjb3VudHMuZ29vZ2xlLmNvbTAlBgorBgEEAYO/MAEYBBcMFTEwNTE0NDYxODA0OTI0ODk2NjE3NzCBigYKKwYBBAHWeQIEAgR8BHoAeAB2AN09MGrGxxEyYxkeHJlnNwKiSl643jyt/4eKcoAvKe6OAAABno7wzEUAAAQDAEcwRQIhAJO5HsWZ6vBSHZk7eZRlJBd/pXVyhpMsor26qiX58SjHAiB5Gj/Xj/tsxJMnUDZLYz1hQPujBKbWllLM3vJjD/3IIjAKBggqhkjOPQQDAwNoADBlAjBjVMbUk6e6utw1GR8/9++BCNlbCY1GMH+1U9fiAVisuiI6FVIHa5R57GP9dOUuC4YCMQDLDBGE1DeLnkxL+7nppdfeMkGGY8ONdtoDbtIzEDuogLdiDsgSqlUAOUTcP6kKy1g=" + } + }, + "dsseEnvelope": { + "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjEiLCJzdWJqZWN0IjpbeyJuYW1lIjoiYS50eHQiLCJkaWdlc3QiOnsic2hhMjU2IjoiYTBjZmM3MTI3MWQ2ZTI3OGU1N2NkMzMyZmY5NTdjM2Y3MDQzZmRkYTM1NGM0Y2JiMTkwYTMwZDU2ZWZhMDFiZiJ9fV0sInByZWRpY2F0ZVR5cGUiOiJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjEiLCJwcmVkaWNhdGUiOnsiYnVpbGREZWZpbml0aW9uIjp7ImJ1aWxkVHlwZSI6Imh0dHBzOi8vYWN0aW9ucy5naXRodWIuaW8vYnVpbGR0eXBlcy93b3JrZmxvdy92MSIsImV4dGVybmFsUGFyYW1ldGVycyI6eyJ3b3JrZmxvdyI6eyJyZWYiOiJyZWZzL2hlYWRzL21haW4iLCJyZXBvc2l0b3J5IjoiaHR0cHM6Ly9naXRodWIuY29tL2xvb3NlYmF6b29rYS9hYS10ZXN0IiwicGF0aCI6Ii5naXRodWIvd29ya2Zsb3dzL3Byb3ZlbmFuY2UueWFtbCJ9fSwiaW50ZXJuYWxQYXJhbWV0ZXJzIjp7ImdpdGh1YiI6eyJldmVudF9uYW1lIjoid29ya2Zsb3dfZGlzcGF0Y2giLCJyZXBvc2l0b3J5X2lkIjoiODkxNzE1NDQ0IiwicmVwb3NpdG9yeV9vd25lcl9pZCI6IjEzMDQ4MjYiLCJydW5uZXJfZW52aXJvbm1lbnQiOiJnaXRodWItaG9zdGVkIn19LCJyZXNvbHZlZERlcGVuZGVuY2llcyI6W3sidXJpIjoiZ2l0K2h0dHBzOi8vZ2l0aHViLmNvbS9sb29zZWJhem9va2EvYWEtdGVzdEByZWZzL2hlYWRzL21haW4iLCJkaWdlc3QiOnsiZ2l0Q29tbWl0IjoiZWJmZjhkZmJkNjA5YjdiMjIyMzdjNzcxOWNlMDdmMmRjNzkzNGY1ZiJ9fV19LCJydW5EZXRhaWxzIjp7ImJ1aWxkZXIiOnsiaWQiOiJodHRwczovL2dpdGh1Yi5jb20vbG9vc2ViYXpvb2thL2FhLXRlc3QvLmdpdGh1Yi93b3JrZmxvd3MvcHJvdmVuYW5jZS55YW1sQHJlZnMvaGVhZHMvbWFpbiJ9LCJtZXRhZGF0YSI6eyJpbnZvY2F0aW9uSWQiOiJodHRwczovL2dpdGh1Yi5jb20vbG9vc2ViYXpvb2thL2FhLXRlc3QvYWN0aW9ucy9ydW5zLzExOTQxNDI1NDg3L2F0dGVtcHRzLzEifX19fQ==", + "payloadType": "application/vnd.in-toto+json", + "signatures": [{ + "sig": "MEQCIEDCK2rEsWNkx/kOO32Hpbd3os6wBAlKt1s0V7+7qmqxAiBAf+okvynbffaVLpmgYITPq2y+VBoQOCHQlbV2ch/RBg==" + }] + } +}