integrate bundle format changes (#212)

* integrate bundle format changes

Signed-off-by: Brian DeHamer <bdehamer@github.com>

* bundle change cleanup

Signed-off-by: Brian DeHamer <bdehamer@github.com>

* bump package version to 0.4.0

Signed-off-by: Brian DeHamer <bdehamer@github.com>

Signed-off-by: Brian DeHamer <bdehamer@github.com>

Author: bdehamer

package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "sigstore",
-  "version": "0.3.0",
+  "version": "0.4.0",
   "description": "code-signing for npm packages",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

package.json

@@ -15,15 +15,12 @@ limitations under the License.
 */
 import fs from 'fs';
 import { verifySigningCertificate } from '../../ca/verify';
-import { translateLegacyBundleJSON } from '../../types';
 import * as sigstore from '../../types/sigstore';
 import bundles from '../__fixtures__/bundles/';
 
 describe('verifySigningCertificate', () => {
   // Temporary until we reconsole bundle formats
-  const bundleJSON = translateLegacyBundleJSON(
-    bundles.dsse.valid.withSigningCert
-  );
+  const bundleJSON = bundles.dsse.valid.withSigningCert;
   const bundle = sigstore.Bundle.fromJSON(bundleJSON);
 
   const trustedRootJSON = JSON.parse(
@@ -42,9 +39,7 @@ describe('verifySigningCertificate', () => {
 
   describe('when the bundle does not contain a certificate chain', () => {
     // Bundle with no certificate chain
-    const bundleJSON = translateLegacyBundleJSON(
-      bundles.dsse.valid.withPublicKey
-    );
+    const bundleJSON = bundles.dsse.valid.withPublicKey;
     const bundle = sigstore.Bundle.fromJSON(bundleJSON);
 
     it('throws an error', () => {

src/__tests__/__fixtures__/bundles/dsse.ts

@@ -176,18 +176,12 @@ describe('Signer', () => {
               fail('Expected x509CertificateChain');
             }
 
-            // Timestamp verification data
-            expect(bundle.verificationData).toBeTruthy();
             expect(
-              bundle.verificationData?.timestampVerificationData
-            ).toBeTruthy();
-            expect(
-              bundle.verificationData?.timestampVerificationData
-                ?.rfc3161Timestamps
-            ).toHaveLength(0);
-            expect(bundle.verificationData?.tlogEntries).toHaveLength(1);
+              bundle.verificationMaterial?.timestampVerificationData
+            ).toBeUndefined();
+            expect(bundle.verificationMaterial?.tlogEntries).toHaveLength(1);
 
-            const tlog = bundle.verificationData?.tlogEntries[0];
+            const tlog = bundle.verificationMaterial?.tlogEntries[0];
             expect(tlog?.inclusionPromise).toBeTruthy();
             expect(tlog?.inclusionPromise?.signedEntryTimestamp).toBeTruthy();
             expect(
@@ -364,18 +358,12 @@ describe('Signer', () => {
             fail('Expected x509CertificateChain');
           }
 
-          // Timestamp verification data
-          expect(bundle.verificationData).toBeTruthy();
-          expect(
-            bundle.verificationData?.timestampVerificationData
-          ).toBeTruthy();
           expect(
-            bundle.verificationData?.timestampVerificationData
-              ?.rfc3161Timestamps
-          ).toHaveLength(0);
-          expect(bundle.verificationData?.tlogEntries).toHaveLength(1);
+            bundle.verificationMaterial?.timestampVerificationData
+          ).toBeUndefined();
+          expect(bundle.verificationMaterial?.tlogEntries).toHaveLength(1);
 
-          const tlog = bundle.verificationData?.tlogEntries[0];
+          const tlog = bundle.verificationMaterial?.tlogEntries[0];
           expect(tlog?.inclusionPromise).toBeTruthy();
           expect(tlog?.inclusionPromise?.signedEntryTimestamp).toBeTruthy();
           expect(

src/__tests__/__fixtures__/bundles/signature.ts

@@ -18,43 +18,43 @@ import { sign, signAttestation, utils, verify } from '../sigstore';
 import {
   Bundle,
   HashAlgorithm,
-  VerificationData,
+  TimestampVerificationData,
+  TransparencyLogEntry,
   X509CertificateChain,
 } from '../types/bundle';
 import bundles from './__fixtures__/bundles';
 
 jest.mock('../sign');
 
-const verificationData: VerificationData = {
-  tlogEntries: [
-    {
+const tlogEntries: TransparencyLogEntry[] = [
+  {
+    logIndex: '0',
+    logId: {
+      keyId: Buffer.from('logId'),
+    },
+    kindVersion: {
+      kind: 'kind',
+      version: 'version',
+    },
+    canonicalizedBody: Buffer.from('body'),
+    integratedTime: '2021-01-01T00:00:00Z',
+    inclusionPromise: {
+      signedEntryTimestamp: Buffer.from('inclusionPromise'),
+    },
+    inclusionProof: {
       logIndex: '0',
-      logId: {
-        keyId: Buffer.from('logId'),
-      },
-      kindVersion: {
-        kind: 'kind',
-        version: 'version',
-      },
-      canonicalizedBody: Buffer.from('body'),
-      integratedTime: '2021-01-01T00:00:00Z',
-      inclusionPromise: {
-        signedEntryTimestamp: Buffer.from('inclusionPromise'),
-      },
-      inclusionProof: {
-        logIndex: '0',
-        rootHash: Buffer.from('rootHash'),
-        treeSize: '0',
-        hashes: [Buffer.from('hash')],
-        checkpoint: {
-          envelope: 'checkpoint',
-        },
+      rootHash: Buffer.from('rootHash'),
+      treeSize: '0',
+      hashes: [Buffer.from('hash')],
+      checkpoint: {
+        envelope: 'checkpoint',
       },
     },
-  ],
-  timestampVerificationData: {
-    rfc3161Timestamps: [{ signedTimestamp: Buffer.from('signedTimestamp') }],
   },
+];
+
+const timestampVerificationData: TimestampVerificationData = {
+  rfc3161Timestamps: [{ signedTimestamp: Buffer.from('signedTimestamp') }],
 };
 
 const x509CertificateChain: X509CertificateChain = {
@@ -74,12 +74,13 @@ describe('sign', () => {
   // Signer output
   const bundle: Bundle = {
     mediaType: 'test/output',
-    verificationData: verificationData,
     verificationMaterial: {
       content: {
         $case: 'x509CertificateChain',
         x509CertificateChain: x509CertificateChain,
       },
+      tlogEntries,
+      timestampVerificationData,
     },
     content: {
       $case: 'messageSignature',
@@ -141,12 +142,13 @@ describe('signAttestation', () => {
   // Signer output
   const bundle: Bundle = {
     mediaType: 'test/output',
-    verificationData: verificationData,
     verificationMaterial: {
       content: {
         $case: 'x509CertificateChain',
         x509CertificateChain: x509CertificateChain,
       },
+      tlogEntries,
+      timestampVerificationData,
     },
     content: {
       $case: 'dsseEnvelope',

src/__tests__/ca/verify.test.ts

@@ -147,15 +147,12 @@ describe('TLogClient', () => {
           fail('Expected x509CertificateChain');
         }
 
-        // Timestamp verification data
-        expect(bundle.verificationData).toBeTruthy();
-        expect(bundle.verificationData?.timestampVerificationData).toBeTruthy();
         expect(
-          bundle.verificationData?.timestampVerificationData?.rfc3161Timestamps
-        ).toHaveLength(0);
-        expect(bundle.verificationData?.tlogEntries).toHaveLength(1);
+          bundle.verificationMaterial?.timestampVerificationData
+        ).toBeUndefined();
+        expect(bundle.verificationMaterial?.tlogEntries).toHaveLength(1);
 
-        const tlog = bundle.verificationData?.tlogEntries[0];
+        const tlog = bundle.verificationMaterial?.tlogEntries[0];
         expect(tlog?.inclusionPromise).toBeTruthy();
         expect(tlog?.inclusionPromise?.signedEntryTimestamp).toBeTruthy();
         expect(
@@ -364,15 +361,12 @@ describe('TLogClient', () => {
           fail('Expected x509CertificateChain');
         }
 
-        // Timestamp verification data
-        expect(bundle.verificationData).toBeTruthy();
-        expect(bundle.verificationData?.timestampVerificationData).toBeTruthy();
         expect(
-          bundle.verificationData?.timestampVerificationData?.rfc3161Timestamps
-        ).toHaveLength(0);
-        expect(bundle.verificationData?.tlogEntries).toHaveLength(1);
+          bundle.verificationMaterial?.timestampVerificationData
+        ).toBeUndefined();
+        expect(bundle.verificationMaterial?.tlogEntries).toHaveLength(1);
 
-        const tlog = bundle.verificationData?.tlogEntries[0];
+        const tlog = bundle.verificationMaterial?.tlogEntries[0];
         expect(tlog?.inclusionPromise).toBeTruthy();
         expect(tlog?.inclusionPromise?.signedEntryTimestamp).toBeTruthy();
         expect(

src/__tests__/sign.test.ts

@@ -87,14 +87,10 @@ describe('bundle', () => {
       }
 
       // Timestamp verification data
-      expect(b.verificationData).toBeTruthy();
-      expect(b.verificationData?.timestampVerificationData).toBeTruthy();
-      expect(
-        b.verificationData?.timestampVerificationData?.rfc3161Timestamps
-      ).toHaveLength(0);
-      expect(b.verificationData?.tlogEntries).toHaveLength(1);
+      expect(b.verificationMaterial?.timestampVerificationData).toBeUndefined();
+      expect(b.verificationMaterial?.tlogEntries).toHaveLength(1);
 
-      const tlog = b.verificationData?.tlogEntries[0];
+      const tlog = b.verificationMaterial?.tlogEntries[0];
       expect(tlog?.inclusionPromise).toBeTruthy();
       expect(
         tlog?.inclusionPromise?.signedEntryTimestamp.toString('base64')
@@ -170,15 +166,10 @@ describe('bundle', () => {
         fail('Expected x509CertificateChain');
       }
 
-      // Timestamp verification data
-      expect(b.verificationData).toBeTruthy();
-      expect(b.verificationData?.timestampVerificationData).toBeTruthy();
-      expect(
-        b.verificationData?.timestampVerificationData?.rfc3161Timestamps
-      ).toHaveLength(0);
-      expect(b.verificationData?.tlogEntries).toHaveLength(1);
+      expect(b.verificationMaterial?.timestampVerificationData).toBeUndefined();
+      expect(b.verificationMaterial?.tlogEntries).toHaveLength(1);
 
-      const tlog = b.verificationData?.tlogEntries[0];
+      const tlog = b.verificationMaterial?.tlogEntries[0];
       expect(tlog?.inclusionPromise).toBeTruthy();
       expect(
         tlog?.inclusionPromise?.signedEntryTimestamp.toString('base64')