sigstore 0.2.1 → 0.2.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: fa312f6e10182026328d12ad51c96d3cbd38d42634f320cd2b070a1a0623b0c7
-  data.tar.gz: 306b5649f38263c3adaf0967dfb5dd6b3f635d481ac67628828bdeaa0f5284d9
+  metadata.gz: 4a9a3ef5da7b2fc632b31f48e168423e1c3d12dd601621937d1dc0ddf27be250
+  data.tar.gz: 9daf366761da11b908f6670644976bbb12ac11c6d7037d36c754083a56be9995
 SHA512:
-  metadata.gz: f8349026b8a3ce937ff160f052a5d788a9e0b3c1d067687eb04a22ed4541a0ccf7dfb4fc41cb34eab72fc8a151c979e0ca844250ccfb677116fbfe23e299c230
-  data.tar.gz: 9a9e0d495263d824313815aad4b0daff4f920e5959b6f843b57b06dc4fa1f87f14d26a2ce3b10f5b3d3ce0ff824c0506e2fa55547c52341f8c792dcce79c2f5c
+  metadata.gz: 7f4ccdeef1781aa702cc3bde7fa2006b0d58d6e89e0eb5ef17cf53db6570bbd50a7d65ba2c33638f09fcd9439fb565566429926497e3aaa9e7e9cee16631b86e
+  data.tar.gz: 361d3082ca855a0ed086ffc15cb63c011be86c6bde88afd9c0c88cc916768b8370088e6a488af4316f7e2eec94fee81f72f1f117ff349e44af7c93aad774df0e

data/README.md

@@ -1,6 +1,6 @@
 # Sigstore
 
-This is a pure Ruby implementation of the `sigstore verify` command from the [sigstore/cosign](https://sigstore.dev/projects/cosign) project. It is intended to be used as a library in other Ruby projects, in additional to a `gem` subcommand. The project also contains a TUF client implementation, given TUF is a part of the sigstore verification flow.
+This is a pure Ruby implementation of the `sigstore verify` command from the [sigstore/cosign](https://sigstore.dev/projects/cosign) project. It is intended to be used as a library in other Ruby projects or directly through a new `gem` subcommand. The project also contains a TUF client implementation, given TUF is a part of the sigstore verification flow.
 
 ## Usage
 

data/lib/sigstore/internal/key.rb

@@ -30,7 +30,11 @@ module Sigstore
           key_type = "rsa"
           key_schema = "rsa-pkcs1v15-sha256"
         else
-          raise Error::UnsupportedKeyType, "Unsupported key type #{key_details}"
+          # Skip unrecognized key types instead of raising an error.
+          # This allows the library to work with newer trusted roots that include
+          # key types we don't yet support (e.g., PKIX_ED25519 for Rekor v2).
+          logger.warn { "Skipping unrecognized key type: #{key_details}" }
+          return nil
         end
 
         read(key_type, key_schema, key_bytes, key_id: OpenSSL::Digest::SHA256.hexdigest(key_bytes))
@@ -49,10 +53,6 @@ module Sigstore
           RSA.new(key_type, schema, pkey, key_id:)
         else
           raise ArgumentError, "Unsupported key type #{key_type}"
-        end.tap do |key|
-          if RUBY_ENGINE == "jruby" && key.to_pem != key_bytes && key.to_der != key_bytes
-            raise Error::UnsupportedPlatform, "Key mismatch: #{key.to_pem.inspect} != #{key_bytes.inspect}"
-          end
         end
       rescue OpenSSL::PKey::PKeyError => e
         raise OpenSSL::PKey::PKeyError, "Invalid key: #{e} for #{key_type} #{schema} #{key_id}"

data/lib/sigstore/internal/merkle.rb

@@ -69,7 +69,7 @@ module Sigstore
 
         intermediate_result = chain_inner(
           leaf_hash,
-          (proof[...inner] || raise(MissingHashError, "missing left hashes")),
+          proof[...inner] || raise(MissingHashError, "missing left hashes"),
           log_index
         )
 
@@ -93,7 +93,7 @@ module Sigstore
 
       def self.chain_inner(seed, hashes, log_index)
         hashes.each_with_index do |hash, i|
-          seed = if ((log_index >> i) & 1).zero?
+          seed = if (log_index >> i).nobits?(1)
                    hash_children(seed, hash)
                  else
                    hash_children(hash, seed)

data/lib/sigstore/internal/x509.rb

@@ -20,6 +20,74 @@ require "openssl"
 module Sigstore
   module Internal
     module X509
+      if RUBY_ENGINE == "jruby"
+        unless JOpenSSL::VERSION >= "0.15.3"
+          raise Error::UnsupportedPlatform, "JRuby support requires jruby-openssl >= 0.15.3, is #{JOpenSSL::VERSION}"
+        end
+
+        def self.validate_chain(trust_roots, leaf, time)
+          cert_factory = java.security.cert.CertificateFactory.getInstance("X.509")
+          cert_factory.generateCertificate(java.io.ByteArrayInputStream.new(leaf.to_der.to_java_bytes))
+          target = leaf.openssl.to_java
+
+          trust_anchors = Set.new
+          intermediate_certs = []
+          trust_roots.each do |chain|
+            root = chain.last
+
+            trust_anchors << java.security.cert.TrustAnchor.new(root.openssl.to_java, nil)
+            chain[..-2].each do |cert|
+              intermediate_certs << cert.openssl.to_java
+            end
+          end
+
+          cert_store_parameters = java.security.cert.CollectionCertStoreParameters.new(intermediate_certs)
+          cert_store = java.security.cert.CertStore.getInstance("Collection", cert_store_parameters)
+
+          cert_selector = java.security.cert.X509CertSelector.new
+          cert_selector.setCertificate(target)
+
+          pkix_builder_parameters = java.security.cert.PKIXBuilderParameters.new(trust_anchors, cert_selector)
+          pkix_builder_parameters.setDate(time) if time
+          pkix_builder_parameters.setRevocationEnabled(false)
+          pkix_builder_parameters.addCertStore(cert_store)
+
+          cert_path_builder = java.security.cert.CertPathBuilder.getInstance("PKIX")
+          cert_path_result = cert_path_builder.build(pkix_builder_parameters)
+          chain = cert_path_result.cert_path.getCertificates.map do |cert|
+            der = String.from_java_bytes(cert.getEncoded).b
+            Certificate.read(der)
+          end
+          chain.shift # remove the cert itself
+          chain << Certificate.read(
+            String.from_java_bytes(cert_path_result.get_trust_anchor.getTrustedCert.getEncoded).b
+          )
+          [chain, nil]
+        end
+      else
+        def self.validate_chain(trust_roots, leaf, time)
+          store = OpenSSL::X509::Store.new
+          intermediate_certs = []
+          trust_roots.each do |chain|
+            store.add_cert(chain.last.openssl)
+            chain[..-2].each do |cert|
+              intermediate_certs << cert.openssl
+            end
+          end
+          store_ctx = OpenSSL::X509::StoreContext.new(store, leaf.openssl, intermediate_certs)
+          store_ctx.time = time if time
+          unless store_ctx.verify
+            return nil, VerificationFailure.new(
+              "failed to validate certificate from fulcio cert chain: #{store_ctx.error_string}"
+            )
+          end
+
+          chain = store_ctx.chain || raise(Error::InvalidCertificate, "no valid cert chain found")
+          chain.shift # remove the cert itself
+          [chain.map! { Certificate.new(_1) }, nil]
+        end
+      end
+
       class Certificate
         extend Forwardable
 
@@ -149,7 +217,7 @@ module Sigstore
           extended_key_usage = extension(Extension::ExtendedKeyUsage)
           return false unless extended_key_usage
 
-          extended_key_usage.purposes.include?(OpenSSL::ASN1::ObjectId.new("1.3.6.1.4.1.11129.2.4.4"))
+          extended_key_usage.precert?
         end
       end
 
@@ -236,7 +304,7 @@ module Sigstore
 
           def parse_value(value)
             unless value.is_a?(OpenSSL::ASN1::Sequence)
-              rasie ArgumentError,
+              raise ArgumentError,
                     "Invalid extended key usage: #{value.inspect}"
             end
 
@@ -248,10 +316,15 @@ module Sigstore
           end
 
           CODE_SIGNING = OpenSSL::ASN1::ObjectId.new("1.3.6.1.5.5.7.3.3")
+          PRECERT_PURPOSE = OpenSSL::ASN1::ObjectId.new("1.3.6.1.4.1.11129.2.4.4")
 
           def code_signing?
             purposes.any? { |purpose| purpose.oid == CODE_SIGNING.oid }
           end
+
+          def precert?
+            purposes.any? { |purpose| purpose.oid == PRECERT_PURPOSE.oid }
+          end
         end
 
         class BasicConstraints < Extension
@@ -309,11 +382,15 @@ module Sigstore
             @general_names = value.map do |general_name|
               tag = general_name.tag
 
+              value = general_name.value
+              value = value.first if value.is_a?(Array) && value.size == 1
+              value = value.value if value.is_a?(OpenSSL::ASN1::OctetString)
+
               case tag
               when 1
-                [:otherName, general_name.value]
+                [:otherName, value]
               when 6
-                [:uniformResourceIdentifier, general_name.value]
+                [:uniformResourceIdentifier, value]
               else
                 raise Error::Unimplemented,
                       "Unhandled general name tag: #{tag}"
@@ -361,7 +438,7 @@ module Sigstore
                     signature_algorithm
                     entry_type
                     signature]
-          Timestamp = defined?(Data.define) ? Data.define(*args) : Struct.new(*args, keyword_init: true) # rubocop:disable Naming/ConstantName
+          Timestamp = defined?(Data.define) ? Data.define(*args) : Struct.new(*args) # rubocop:disable Naming/ConstantName
 
           HASHES = {
             0 => "none",
@@ -384,46 +461,22 @@ module Sigstore
 
           private
 
-          if RUBY_VERSION >= "3.1"
-            def unpack_at(string, format, offset:)
-              string.unpack(format, offset:)
-            end
-
-            def unpack1_at(string, format, offset:)
-              string.unpack1(format, offset:)
-            end
-          else
-            def unpack_at(string, format, offset:)
-              string[offset..].unpack(format)
-            end
-
-            def unpack1_at(string, format, offset:)
-              string[offset..].unpack1(format)
-            end
-          end
-
           # https://letsencrypt.org/2018/04/04/sct-encoding.html
           def unpack_sct_list(string)
             offset = 0
             len = string.bytesize
             list = []
             while offset < len
-              sct_version, sct_log_id, sct_timestamp, sct_extensions_len = unpack_at(string, "Ca32Q>n", offset:)
+              sct_version, sct_log_id, sct_timestamp, sct_extensions_len = string.unpack("Ca32Q>n", offset:)
               offset += 1 + 32 + 8 + 2
               raise Error::Unimplemented, "expect sct version to be 0, got #{sct_version}" unless sct_version.zero?
 
-              sct_extensions_bytes = unpack1_at(string, "a#{sct_extensions_len}", offset:).b
+              sct_extensions_bytes = string.unpack1("a#{sct_extensions_len}", offset:).b
               offset += sct_extensions_len
 
-              unless sct_extensions_len.zero?
-                raise Error::Unimplemented,
-                      "sct_extensions_len=#{sct_extensions_len} not supported"
-              end
-
-              sct_signature_alg_hash, sct_signature_alg_sign, sct_signature_len = unpack_at(string, "CCn",
-                                                                                            offset:)
+              sct_signature_alg_hash, sct_signature_alg_sign, sct_signature_len = string.unpack("CCn", offset:)
               offset += 1 + 1 + 2
-              sct_signature_bytes = unpack1_at(string, "a#{sct_signature_len}", offset:).b
+              sct_signature_bytes = string.unpack1("a#{sct_signature_len}", offset:).b
               offset += sct_signature_len
               list << Timestamp.new(
                 version: sct_version,

data/lib/sigstore/models.rb

@@ -19,7 +19,7 @@ require_relative "error"
 require_relative "trusted_root"
 
 module Sigstore
-  VerificationResult = Struct.new(:success, keyword_init: true) do
+  VerificationResult = Struct.new(:success) do
     # @implements VerificationResult
 
     alias_method :verified?, :success

data/lib/sigstore/policy.rb

@@ -38,8 +38,16 @@ module Sigstore
         VerificationSuccess.new
       end
 
-      def ext_value(ext)
-        ext.value
+      if RUBY_ENGINE == "jruby"
+        def ext_value(ext)
+          der = ext.to_der
+          seq = OpenSSL::ASN1.decode(der)
+          seq.value.last.value
+        end
+      else
+        def ext_value(ext)
+          ext.value
+        end
       end
 
       def oid

data/lib/sigstore/rekor/checkpoint.rb

@@ -17,9 +17,9 @@
 module Sigstore
   module Rekor
     module Checkpoint
-      Signature = Struct.new(:name, :sig_hash, :signature, keyword_init: true)
+      Signature = Struct.new(:name, :sig_hash, :signature)
 
-      SignedCheckpoint = Struct.new(:signed_note, :checkpoint, keyword_init: true) do
+      SignedCheckpoint = Struct.new(:signed_note, :checkpoint) do
         # @implements SignedCheckpoint
 
         def self.from_text(text)
@@ -30,7 +30,7 @@ module Sigstore
         end
       end
 
-      SignedNote = Struct.new(:note, :signatures, keyword_init: true) do
+      SignedNote = Struct.new(:note, :signatures) do
         # @implements SignedNote
 
         def self.from_text(text)
@@ -77,7 +77,7 @@ module Sigstore
         end
       end
 
-      LogCheckpoint = Struct.new(:origin, :log_size, :log_hash, :other_content, keyword_init: true) do
+      LogCheckpoint = Struct.new(:origin, :log_size, :log_hash, :other_content) do
         # @implements LogCheckpoint
 
         def self.from_text(text)

data/lib/sigstore/rekor/client.rb

@@ -15,6 +15,7 @@
 # limitations under the License.
 
 require "net/http"
+require_relative "../version"
 
 module Sigstore
   module Rekor
@@ -66,7 +67,8 @@ module Sigstore
 
       def post(entry)
         resp = @session.post2(@url.path.chomp("/"), entry.to_json,
-                              { "Content-Type" => "application/json", "Accept" => "application/json" })
+                              { "Content-Type" => "application/json", "Accept" => "application/json",
+                                "User-Agent" => Sigstore::USER_AGENT })
 
         unless resp.code == "201"
           raise Error::FailedRekorPost,
@@ -89,7 +91,8 @@ module Sigstore
         def post(expected_entry)
           data = { entries: [expected_entry] }
           resp = @session.post2(@url.path, data.to_json,
-                                { "Content-Type" => "application/json", "Accept" => "application/json" })
+                                { "Content-Type" => "application/json", "Accept" => "application/json",
+                                  "User-Agent" => Sigstore::USER_AGENT })
 
           if resp.code != "200"
             raise Error::FailedRekorLookup,
@@ -109,12 +112,17 @@ module Sigstore
         raise ArgumentError, "Received multiple entries in response" if response.size != 1
 
         _, result = response.first
+        canonicalized_body = Internal::Util.base64_decode(result.fetch("body"))
+        body = JSON.parse(canonicalized_body)
         entry = V1::TransparencyLogEntry.new
-        entry.canonicalized_body = Internal::Util.base64_decode(result.fetch("body"))
-        entry.integrated_time = result.fetch("integratedTime")
+        entry.log_index = result.fetch("logIndex")
         entry.log_id = Common::V1::LogId.new
         entry.log_id.key_id = Internal::Util.hex_decode(result.fetch("logID"))
-        entry.log_index = result.fetch("logIndex")
+        entry.kind_version = V1::KindVersion.new
+        entry.kind_version.kind = body.fetch("kind")
+        entry.kind_version.version = body.fetch("apiVersion")
+        entry.integrated_time = result.fetch("integratedTime")
+        entry.canonicalized_body = canonicalized_body
         if (set = result.dig("verification", "signedEntryTimestamp"))
           entry.inclusion_promise = V1::InclusionPromise.new
           entry.inclusion_promise.signed_entry_timestamp = Internal::Util.base64_decode(set)

data/lib/sigstore/signer.rb

@@ -20,6 +20,7 @@ require_relative "models"
 require_relative "oidc"
 require_relative "policy"
 require_relative "verifier"
+require_relative "version"
 
 module Sigstore
   class Signer
@@ -109,7 +110,7 @@ module Sigstore
       resp = Net::HTTP.post(
         uri,
         JSON.dump(csr),
-        { "Content-Type" => "application/json" }
+        { "Content-Type" => "application/json", "User-Agent" => Sigstore::USER_AGENT }
       )
 
       unless resp.code == "200"
@@ -133,17 +134,20 @@ module Sigstore
       # Perform certification path validation (RFC 5280 §6) of the returned certificate chain with the pre-distributed
       # Fulcio root certificate(s) as a trust anchor.
 
-      x509_store = OpenSSL::X509::Store.new
-      expected_chain = @trusted_root.fulcio_cert_chain
+      now = Time.now
+      if leaf.not_before > now
+        unless leaf.not_before - now < 60
+          raise Error::Signing, "leaf certificate not yet valid: #{leaf.not_before.inspect} vs #{now.inspect}"
+        end
 
-      x509_store.add_cert expected_chain.last.openssl
-      unless x509_store.verify(leaf.openssl, expected_chain[..-2].map(&:openssl))
-        raise Error::Signing, "returned certificate does not validate: #{x509_store.error_string}"
+        logger.warn do
+          "leaf certificate not yet valid: #{leaf.not_before.inspect} vs #{now.inspect}, sleeping until valid"
+        end
+        sleep(leaf.not_before - now)
       end
 
-      chain = x509_store.chain
-      chain.shift # remove the leaf cert
-      chain.map! { |cert| Internal::X509::Certificate.new(cert) }
+      chain, err = Internal::X509.validate_chain(@trusted_root.fulcio_cert_chains, leaf, nil)
+      raise Error::Signing, "failed to validate returned certificate chain: #{err.reason}" if err
 
       logger.debug { "verified chain" }
 
@@ -175,7 +179,7 @@ module Sigstore
               "certificate does not contain expected SAN #{expected_san}, got #{general_names}"
       end
 
-      [leaf, x509_store.chain]
+      [leaf, chain.unshift(leaf)]
     end
 
     def sign_payload(payload, key)
@@ -267,7 +271,7 @@ module Sigstore
       bundle.media_type = BundleType::BUNDLE_0_3.media_type
       bundle.verification_material = Bundle::V1::VerificationMaterial.new
       bundle.verification_material.certificate = Common::V1::X509Certificate.new
-      bundle.verification_material.certificate.raw_bytes = leaf_certificate.to_pem
+      bundle.verification_material.certificate.raw_bytes = leaf_certificate.to_der
       bundle.verification_material.tlog_entries = tlog_entries
       bundle.verification_material.timestamp_verification_data = timestamp_verification_data
       bundle.message_signature = Sigstore::Common::V1::MessageSignature.new.tap do |ms|

data/lib/sigstore/trusted_root.rb

@@ -59,13 +59,13 @@ module Sigstore
       keys
     end
 
-    def fulcio_cert_chain
-      certs = ca_keys(certificate_authorities, allow_expired: true).flat_map do |raw_bytes|
-        Internal::X509::Certificate.read(raw_bytes)
+    def fulcio_cert_chains
+      chains = ca_keys(certificate_authorities, allow_expired: true).map do |certs|
+        certs.map { |raw_bytes| Internal::X509::Certificate.read(raw_bytes) }
       end
-      raise Error::InvalidBundle, "Fulcio certificates not found in trusted root" if certs.empty?
+      raise Error::InvalidBundle, "Fulcio certificates not found in trusted root" if chains.none?(&:any?)
 
-      certs
+      chains
     end
 
     def tlog_for_signing
@@ -87,7 +87,8 @@ module Sigstore
 
       tlogs.each do |transparency_log_instance|
         key = transparency_log_instance.public_key
-        yield Internal::Key.from_key_details(key.key_details, key.raw_bytes)
+        parsed_key = Internal::Key.from_key_details(key.key_details, key.raw_bytes)
+        yield parsed_key if parsed_key
       end
     end
 
@@ -97,9 +98,7 @@ module Sigstore
       certificate_authorities.each do |ca|
         next unless timerange_valid?(ca.valid_for, allow_expired:)
 
-        ca.cert_chain.certificates.each do |cert|
-          yield cert.raw_bytes
-        end
+        yield ca.cert_chain.certificates.map(&:raw_bytes)
       end
     end
 

data/lib/sigstore/tuf/updater.rb

@@ -21,8 +21,6 @@ require_relative "snapshot"
 require_relative "targets"
 require_relative "timestamp"
 
-require "set"
-
 module Sigstore::TUF
   class Updater
     include Sigstore::Loggable
@@ -74,6 +72,10 @@ module Sigstore::TUF
       target_base_url ||= @target_base_url
       raise ArgumentError, "No target_base_url set" unless target_base_url
 
+      if (cached_target = find_cached_target(target_info, filepath))
+        return cached_target
+      end
+
       filepath ||= generate_target_file_path(target_info)
 
       target_filepath = target_info.path

data/lib/sigstore/tuf.rb

@@ -19,6 +19,7 @@ require "tempfile"
 require "uri"
 require "net/http"
 require "rubygems/remote_fetcher"
+require_relative "version"
 
 module Sigstore
   module TUF
@@ -133,8 +134,8 @@ module Sigstore
 
         fetcher = Gem::RemoteFetcher.fetcher
         begin
-          response = fetcher.request(uri, Net::HTTP::Get, nil) do
-            nil
+          response = fetcher.request(uri, Net::HTTP::Get, nil) do |req|
+            req["User-Agent"] = Sigstore::USER_AGENT
           end
           response.uri = uri
           case response

data/lib/sigstore/verifier.rb

@@ -28,9 +28,9 @@ module Sigstore
 
     attr_reader :rekor_client
 
-    def initialize(rekor_client:, fulcio_cert_chain:, timestamp_authorities:, rekor_keyring:, ct_keyring:)
+    def initialize(rekor_client:, fulcio_cert_chains:, timestamp_authorities:, rekor_keyring:, ct_keyring:)
       @rekor_client = rekor_client
-      @fulcio_cert_chain = fulcio_cert_chain
+      @fulcio_cert_chains = fulcio_cert_chains
       @timestamp_authorities = timestamp_authorities
       @rekor_keyring = rekor_keyring
       @ct_keyring = ct_keyring
@@ -39,7 +39,7 @@ module Sigstore
     def self.for_trust_root(trust_root:)
       new(
         rekor_client: Rekor::Client.new(url: trust_root.tlog_for_signing.base_url),
-        fulcio_cert_chain: trust_root.fulcio_cert_chain,
+        fulcio_cert_chains: trust_root.fulcio_cert_chains,
         timestamp_authorities: trust_root.timestamp_authorities,
         rekor_keyring: Internal::Keyring.new(keys: trust_root.rekor_keys),
         ct_keyring: Internal::Keyring.new(keys: trust_root.ctfe_keys)
@@ -97,14 +97,6 @@ module Sigstore
 
       timestamps << Time.at(entry.integrated_time).utc
 
-      # TODO: implement this step
-
-      store = OpenSSL::X509::Store.new
-
-      @fulcio_cert_chain.each do |cert|
-        store.add_cert(cert.openssl)
-      end
-
       # 3)
       # The Verifier MUST perform certification path validation (RFC 5280 §6) of the certificate chain with the
       # pre-distributed Fulcio root certificate(s) as a trust anchor, but with a fake “current time.”
@@ -112,19 +104,12 @@ module Sigstore
       # timestamp from the Timestamping Service. If a timestamp from the Transparency Service is available, the Verifier
       # MUST perform path validation using the timestamp from the Transparency Service. If both are available, the
       # Verifier performs path validation twice. If either fails, verification fails.
-      chains = timestamps.map do |ts|
-        store_ctx = OpenSSL::X509::StoreContext.new(store, bundle.leaf_certificate.openssl)
-        store_ctx.time = ts
 
-        unless store_ctx.verify
-          return VerificationFailure.new(
-            "failed to validate certificate from fulcio cert chain: #{store_ctx.error_string}"
-          )
-        end
+      chains = timestamps.map do |ts|
+        chain, err = Internal::X509.validate_chain(@fulcio_cert_chains, bundle.leaf_certificate, ts)
+        return err if err
 
-        chain = store_ctx.chain || raise(Error::InvalidCertificate, "no valid cert chain found")
-        chain.shift # remove the cert itself
-        chain.map! { Internal::X509::Certificate.new(_1) }
+        chain
       end
 
       chains.uniq! { |chain| chain.map(&:to_der) }
@@ -188,7 +173,9 @@ module Sigstore
           rescue JSON::ParserError
             raise Error::InvalidBundle, "invalid JSON for in-toto statement in DSSE payload"
           end
-          verify_in_toto(input, in_toto)
+          if (result = verify_in_toto(input, in_toto))
+            return result
+          end
         else
           raise Sigstore::Error::Unimplemented,
                 "unsupported DSSE payload type: #{bundle.dsse_envelope.payloadType.inspect}"
@@ -231,25 +218,27 @@ module Sigstore
     end
 
     def verify_in_toto(input, in_toto_payload)
-      type = in_toto_payload.fetch("_type")
+      type = in_toto_payload["_type"]
       raise Error::InvalidBundle, "Expected in-toto statement, got #{type.inspect}" unless type == "https://in-toto.io/Statement/v1"
 
-      subject = in_toto_payload.fetch("subject")
-      raise Error::InvalidBundle, "Expected in-toto statement with subject" unless subject && subject.size == 1
-
-      subject = subject.first
-      digest = subject.fetch("digest")
-      raise Error::InvalidBundle, "Expected in-toto statement with digest" if !digest || digest.empty?
+      subjects = in_toto_payload["subject"]
+      raise Error::InvalidBundle, "Expected in-toto statement with subject" if !subjects || subjects.empty?
 
+      expected_algorithm = Internal::Util.hash_algorithm_name(input.hashed_input.algorithm)
       expected_hexdigest = Internal::Util.hex_encode(input.hashed_input.digest)
-      digest.each do |name, value|
-        next if expected_hexdigest == value
 
-        return VerificationFailure.new(
-          "in-toto subject does not match for #{input.hashed_input.algorithm} of #{subject.fetch("name")}: " \
-          "expected #{name} to be #{value}, got #{expected_hexdigest}"
-        )
-      end
+      matched = subjects.map do |subject|
+        digest = subject["digest"]
+        raise Error::InvalidBundle, "Expected in-toto statement with digest" if !digest || digest.empty?
+
+        digest[expected_algorithm] == expected_hexdigest
+      end.any?
+
+      return if matched
+
+      VerificationFailure.new(
+        "None of in-toto subjects matches artifact for #{expected_algorithm}: #{expected_hexdigest}"
+      )
     end
 
     public
@@ -280,13 +269,15 @@ module Sigstore
         issuer_cert = find_issuer_cert(chain)
         issuer_pubkey = issuer_cert.public_key
         unless issuer_cert.ca?
-          raise Error::InvalidCertificate, "Invalid issuer pubkey basicConstraint (not a CA): #{issuer_cert.to_text}"
+          raise Error::InvalidCertificate, "Invalid issuer pubkey basicConstraint (not a CA): #{issuer_cert.to_pem}"
         end
 
-        issuer_key_id = OpenSSL::Digest::SHA256.digest(issuer_pubkey.public_to_der)
+        # TODO: use public_to_der when available
+        issuer_key_id = OpenSSL::Digest::SHA256.digest(issuer_pubkey.to_der)
       end
 
       digitally_signed = pack_digitally_signed(sct, certificate, issuer_key_id).b
+
       ct_keyring.verify(key_id: sct.log_id, signature: sct.signature, data: digitally_signed)
     end
 
@@ -328,16 +319,25 @@ module Sigstore
 
           [issuer_key_id, len1, len2, len3, tbs_cert].pack("a32 CCC a#{tbs_cert_len}")
         else
-          raise Error::Unimplemented, "only x509_entry and precert_entry supported, given #{sct[:entry_type].inspect}"
+          raise Error::Unimplemented, "only x509_entry and precert_entry supported, given #{sct.entry_type.inspect}"
         end
 
-      [sct.version, 0, sct.timestamp, sct.entry_type, signed_entry, 0].pack(<<~PACK)
+      [
+        sct.version,
+        0,
+        sct.timestamp,
+        sct.entry_type,
+        signed_entry,
+        sct.extensions_bytes&.bytesize.to_i,
+        sct.extensions_bytes
+      ].pack(<<~PACK)
         C # version
         C # signature_type
         Q> # timestamp
         n # entry_type
         a#{signed_entry.bytesize} # signed_entry
         n # extensions length
+        a#{sct.extensions_bytes&.bytesize.to_i} # extension
       PACK
     end
 

data/lib/sigstore/version.rb

@@ -15,5 +15,6 @@
 # limitations under the License.
 
 module Sigstore
-  VERSION = "0.2.1"
+  VERSION = "0.2.3"
+  USER_AGENT = "sigstore-ruby/#{VERSION}".freeze
 end

metadata

@@ -1,16 +1,30 @@
 --- !ruby/object:Gem::Specification
 name: sigstore
 version: !ruby/object:Gem::Version
-  version: 0.2.1
+  version: 0.2.3
 platform: ruby
 authors:
 - The Sigstore Authors
 - Samuel Giddins
-autorequire: 
+autorequire:
 bindir: exe
 cert_chain: []
-date: 2024-11-19 00:00:00.000000000 Z
+date: 2026-03-10 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: logger
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: net-http
   requirement: !ruby/object:Gem::Requirement
@@ -53,9 +67,9 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-description: 
+description:
 email:
-- 
+-
 - segiddins@segiddins.me
 executables: []
 extensions: []
@@ -106,7 +120,7 @@ metadata:
   allowed_push_host: https://rubygems.org
   homepage_uri: https://github.com/sigstore/sigstore-ruby
   rubygems_mfa_required: 'true'
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -114,7 +128,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 3.1.0
+      version: 3.2.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
@@ -122,7 +136,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubygems_version: 3.5.22
-signing_key: 
+signing_key:
 specification_version: 4
 summary: A pure-ruby implementation of sigstore signature verification
 test_files: []