Skip to content

Allow targetStore to return input streams #962

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
May 15, 2025
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -16,12 +16,9 @@
package dev.sigstore;

import com.google.common.base.Preconditions;
import com.google.protobuf.util.JsonFormat;
import dev.sigstore.proto.trustroot.v1.TrustedRoot;
import dev.sigstore.trustroot.SigstoreTrustedRoot;
import dev.sigstore.tuf.SigstoreTufClient;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Path;
import java.security.InvalidAlgorithmParameterException;
Expand Down Expand Up @@ -53,10 +50,9 @@ static TrustedRootProvider from(SigstoreTufClient.Builder tufClientBuilder) {
static TrustedRootProvider from(Path trustedRoot) {
Preconditions.checkNotNull(trustedRoot);
return () -> {
var trustedRootBuilder = TrustedRoot.newBuilder();
JsonFormat.parser()
.merge(Files.readString(trustedRoot, StandardCharsets.UTF_8), trustedRootBuilder);
return SigstoreTrustedRoot.from(trustedRootBuilder.build());
try (var is = Files.newInputStream(trustedRoot)) {
return SigstoreTrustedRoot.from(is);
}
};
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,13 @@
package dev.sigstore.trustroot;

import com.google.api.client.util.Lists;
import com.google.protobuf.util.JsonFormat;
import dev.sigstore.proto.trustroot.v1.TrustedRoot;
import dev.sigstore.proto.trustroot.v1.TrustedRootOrBuilder;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
import java.security.cert.CertificateException;
import java.util.List;
import java.util.stream.Collectors;
Expand All @@ -25,17 +31,26 @@
@Immutable
public interface SigstoreTrustedRoot {

/** A list of certificate authorities associated with this trustroot. */
/** A list of certificate authorities associated with this trustedroot. */
List<CertificateAuthority> getCAs();

/** A list of binary transparency logs associated with this trustroot. */
/** A list of binary transparency logs associated with this trustedroot. */
List<TransparencyLog> getTLogs();

/** A list of certificate transparency logs associated with this trustroot. */
/** A list of certificate transparency logs associated with this trustedroot. */
List<TransparencyLog> getCTLogs();

/** Create an instance from a parsed proto definition of a trustroot. */
static SigstoreTrustedRoot from(TrustedRoot proto) throws CertificateException {
/** Create an instance from an input stream of a json representation of a trustedroot. */
static SigstoreTrustedRoot from(InputStream json) throws IOException, CertificateException {
var trustedRootBuilder = TrustedRoot.newBuilder();
try (var reader = new InputStreamReader(json, StandardCharsets.UTF_8)) {
JsonFormat.parser().merge(reader, trustedRootBuilder);
}
return from(trustedRootBuilder);
}

/** Create an instance from a parsed proto definition of a trustedroot. */
static SigstoreTrustedRoot from(TrustedRootOrBuilder proto) throws CertificateException {
List<CertificateAuthority> cas = Lists.newArrayList();
for (var certAuthority : proto.getCertificateAuthoritiesList()) {
cas.add(CertificateAuthority.from(certAuthority));
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@
import dev.sigstore.tuf.model.*;
import java.io.BufferedWriter;
import java.io.IOException;
import java.io.InputStream;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
Expand Down Expand Up @@ -77,6 +78,12 @@ public byte[] readTarget(String targetName) throws IOException {
return Files.readAllBytes(targetsDir.resolve(encoded));
}

@Override
public InputStream getTargetInputSteam(String targetName) throws IOException {
var encoded = URLEncoder.encode(targetName, StandardCharsets.UTF_8);
return Files.newInputStream(targetsDir.resolve(encoded));
}

@Override
public boolean hasTarget(String targetName) throws IOException {
var encoded = URLEncoder.encode(targetName, StandardCharsets.UTF_8);
Expand Down
13 changes: 13 additions & 0 deletions sigstore-java/src/main/java/dev/sigstore/tuf/TargetReader.java
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@
package dev.sigstore.tuf;

import java.io.IOException;
import java.io.InputStream;

/** Interface that defines reading targets from local storage. */
public interface TargetReader {
Expand All @@ -30,6 +31,18 @@ public interface TargetReader {
*/
byte[] readTarget(String targetName) throws IOException;

/**
* Returns an input stream to a TUF target file in the local TUF store. Target names may include
* path elements and the storage engine should be consistent when handling writing and reading
* these.
*
* @param targetName the name of the target file to read (e.g. ctfe.pub)
* @return an input steam to the target file in the local store, the consumer must close the input
* stream
* @throws IOException if an error occurs
*/
InputStream getTargetInputSteam(String targetName) throws IOException;

/**
* Checks if the local TUF store actually contains a target file with name.
*
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -16,10 +16,8 @@
package dev.sigstore.fulcio.client;

import com.google.common.io.Resources;
import com.google.protobuf.util.JsonFormat;
import dev.sigstore.bundle.Bundle;
import dev.sigstore.encryption.certificates.Certificates;
import dev.sigstore.proto.trustroot.v1.TrustedRoot;
import dev.sigstore.trustroot.ImmutableLogId;
import dev.sigstore.trustroot.ImmutableTransparencyLog;
import dev.sigstore.trustroot.SigstoreTrustedRoot;
Expand Down Expand Up @@ -59,14 +57,9 @@ public static void loadResources() throws IOException {

@BeforeAll
public static void initTrustRoot() throws Exception {
var json =
Resources.toString(
Resources.getResource("dev/sigstore/trustroot/trusted_root.json"),
StandardCharsets.UTF_8);
var builder = TrustedRoot.newBuilder();
JsonFormat.parser().merge(json, builder);

trustRoot = SigstoreTrustedRoot.from(builder.build());
trustRoot =
SigstoreTrustedRoot.from(
Resources.getResource("dev/sigstore/trustroot/trusted_root.json").openStream());
}

@Test
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -16,8 +16,6 @@
package dev.sigstore.rekor.client;

import com.google.common.io.Resources;
import com.google.protobuf.util.JsonFormat;
import dev.sigstore.proto.trustroot.v1.TrustedRoot;
import dev.sigstore.trustroot.ImmutableLogId;
import dev.sigstore.trustroot.ImmutablePublicKey;
import dev.sigstore.trustroot.ImmutableTransparencyLog;
Expand Down Expand Up @@ -58,14 +56,9 @@ public void loadResources() throws IOException {

@BeforeAll
public static void initTrustRoot() throws IOException, CertificateException {
var json =
Resources.toString(
Resources.getResource("dev/sigstore/trustroot/staging_trusted_root.json"),
StandardCharsets.UTF_8);
var builder = TrustedRoot.newBuilder();
JsonFormat.parser().merge(json, builder);

trustRoot = SigstoreTrustedRoot.from(builder.build());
trustRoot =
SigstoreTrustedRoot.from(
Resources.getResource("dev/sigstore/trustroot/staging_trusted_root.json").openStream());
}

@Test
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -21,10 +21,7 @@
import static org.junit.jupiter.api.Assertions.assertTrue;

import com.google.common.io.Resources;
import com.google.protobuf.util.JsonFormat;
import dev.sigstore.proto.trustroot.v1.TrustedRoot;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.cert.CertificateException;
import java.time.ZonedDateTime;
import java.util.List;
Expand All @@ -38,14 +35,9 @@ class SigstoreTrustedRootTest {

@BeforeAll
public static void initTrustRoot() throws IOException, CertificateException {
var json =
Resources.toString(
Resources.getResource("dev/sigstore/trustroot/trusted_root.json"),
StandardCharsets.UTF_8);
var builder = TrustedRoot.newBuilder();
JsonFormat.parser().merge(json, builder);

trustRoot = SigstoreTrustedRoot.from(builder.build());
trustRoot =
SigstoreTrustedRoot.from(
Resources.getResource("dev/sigstore/trustroot/trusted_root.json").openStream());
}

@Test
Expand Down
Loading