Improve compatibility with sigstore-js mock server (#170)

* Improve compatibility with sigstore-js mock server

Signed-off-by: Samuel Giddins <[email protected]>

* Update lib/sigstore/signer.rb

Signed-off-by: Samuel Giddins <[email protected]>

---------

Signed-off-by: Samuel Giddins <[email protected]>

Author: segiddins

bin/sigstore-ruby

@@ -110,6 +110,31 @@ module Sigstore
     end
     map "sign-bundle" => :sign
 
+    desc "display", "Display sigstore bundle(s)"
+    def display(*files)
+      require "sigstore/models"
+      require "sigstore/internal/x509"
+
+      files.each do |file|
+        bundle_bytes = Gem.read_binary(file)
+        bundle = SBundle.new Bundle::V1::Bundle.decode_json(bundle_bytes, registry: Sigstore::REGISTRY)
+
+        say "--- Bundle #{file} ---"
+        say "Media Type: #{bundle.media_type}"
+        say bundle.leaf_certificate.to_text
+
+        case bundle.content
+        when :message_signature
+          say "Signature over: #{bundle.message_signature.message_digest.algorithm} " \
+              "#{Internal::Util.hex_encode bundle.message_signature.message_digest.digest}"
+        when :dsse_envelope
+          say bundle.dsse_envelope.payloadType
+          say bundle.dsse_envelope.payload
+        else raise Error::InvalidBundle, "expected either message_signature or dsse_envelope"
+        end
+      end
+    end
+
     class TUF < Thor
       def self.exit_on_failure?
         true

lib/sigstore/policy.rb

@@ -51,14 +51,16 @@ class OIDCIssuer < SingleX509ExtPolicy
       OID = "1.3.6.1.4.1.57264.1.1"
     end
 
-    class OIDCIssuerV2 < SingleX509ExtPolicy
-      OID = "1.3.6.1.4.1.57264.1.8"
-
+    class SingleX509ExtDerEncodedPolicy < SingleX509ExtPolicy
       def ext_value(ext)
         OpenSSL::ASN1.decode(ext.value_der).value
       end
     end
 
+    class OIDCIssuerV2 < SingleX509ExtDerEncodedPolicy
+      OID = "1.3.6.1.4.1.57264.1.8"
+    end
+
     class AnyOf
       def initialize(*policies)
         @policies = policies

lib/sigstore/signer.rb

@@ -97,9 +97,9 @@ def generate_csr(keypair)
 
       {
         credentials: {
-          oidc_identity_token: @identity_token.raw_token
+          oidcIdentityToken: @identity_token.raw_token
         },
-        certificate_signing_request: Internal::Util.base64_encode(csr.to_pem)
+        certificateSigningRequest: Internal::Util.base64_encode(csr.to_pem)
       }
     end
 

lib/sigstore/tuf/updater.rb

@@ -21,6 +21,8 @@
 require_relative "targets"
 require_relative "timestamp"
 
+require "set"
+
 module Sigstore::TUF
   class Updater
     include Sigstore::Loggable

lib/sigstore/verifier.rb

@@ -118,7 +118,7 @@ def verify(input:, policy:, offline:)
 
         unless store_ctx.verify
           return VerificationFailure.new(
-            "failed to validate certification from fulcio cert chain: #{store_ctx.error_string}"
+            "failed to validate certificate from fulcio cert chain: #{store_ctx.error_string}"
           )
         end