mypy

Signed-off-by: Ramon Petgrave <ramon.petgrave64@gmail.com>

Author: ramonpetgrave64

sigstore/_internal/rekor/client.py

@@ -28,15 +28,15 @@
 import rekor_types
 import requests
 from cryptography.hazmat.primitives import serialization
+from cryptography.x509 import Certificate
 
 from sigstore._internal import USER_AGENT
 from sigstore._internal.rekor import (
-    Certificate,
-    Envelope,
-    Hashed,
-    LogEntry,
     RekorLogSubmitter,
 )
+from sigstore.dsse import Envelope
+from sigstore.hashes import Hashed
+from sigstore.models import LogEntry
 
 _logger = logging.getLogger(__name__)
 
@@ -270,13 +270,15 @@ def log(self) -> RekorLog:
         """
         return RekorLog(f"{self.url}/log", session=self.session)
 
-    def create_entry(self, request: rekor_types.Hashedrekord) -> LogEntry:
+    def create_entry(  # type: ignore[override]
+        self, request: rekor_types.Hashedrekord | rekor_types.Dsse
+    ) -> LogEntry:
         """
         Submit the request to Rekor.
         """
         return self.log.entries.post(request)
 
-    def _build_hashed_rekord_request(
+    def _build_hashed_rekord_request(  # type: ignore[override]
         self, hashed_input: Hashed, signature: bytes, certificate: Certificate
     ) -> rekor_types.Hashedrekord:
         """
@@ -303,7 +305,7 @@ def _build_hashed_rekord_request(
             ),
         )
 
-    def _build_dsse_request(
+    def _build_dsse_request(  # type: ignore[override]
         self, envelope: Envelope, certificate: Certificate
     ) -> rekor_types.Dsse:
         """

sigstore/_internal/rekor/client_v2.py

@@ -27,10 +27,13 @@
 from cryptography.x509 import Certificate
 
 from sigstore._internal import USER_AGENT
-from sigstore._internal.rekor import Envelope, Hashed, LogEntry, RekorLogSubmitter
+from sigstore._internal.rekor import RekorLogSubmitter
 from sigstore._internal.rekor.v2_types.dev.sigstore.common import v1 as common_v1
 from sigstore._internal.rekor.v2_types.dev.sigstore.rekor import v2
 from sigstore._internal.rekor.v2_types.io import intoto as v2_intoto
+from sigstore.dsse import Envelope
+from sigstore.hashes import Hashed
+from sigstore.models import LogEntry
 
 _logger = logging.getLogger(__name__)
 

sigstore/sign.py

@@ -38,7 +38,6 @@
 
 from __future__ import annotations
 
-import base64
 import logging
 from collections.abc import Iterator
 from contextlib import contextmanager
@@ -47,7 +46,7 @@
 
 import cryptography.x509 as x509
 import rekor_types
-from cryptography.hazmat.primitives import hashes, serialization
+from cryptography.hazmat.primitives import hashes
 from cryptography.hazmat.primitives.asymmetric import ec
 from cryptography.x509.oid import NameOID
 from sigstore_protobuf_specs.dev.sigstore.common.v1 import (
@@ -211,27 +210,10 @@ def sign_dsse(
         """
         cert = self._signing_cert()
 
-        # Prepare inputs
-        b64_cert = base64.b64encode(
-            cert.public_bytes(encoding=serialization.Encoding.PEM)
-        )
-
         # Sign the statement, producing a DSSE envelope
         content = dsse._sign(self._private_key, input_)
 
         # Create the proposed DSSE log entry
-        proposed_entry = rekor_types.Dsse(
-            spec=rekor_types.dsse.DsseSchema(
-                # NOTE: mypy can't see that this kwarg is correct due to two interacting
-                # behaviors/bugs (one pydantic, one datamodel-codegen):
-                # See: <https://github.com/pydantic/pydantic/discussions/7418#discussioncomment-9024927>
-                # See: <https://github.com/koxudaxi/datamodel-code-generator/issues/1903>
-                proposed_content=rekor_types.dsse.ProposedContent(  # type: ignore[call-arg]
-                    envelope=content.to_json(),
-                    verifiers=[b64_cert.decode()],
-                ),
-            ),
-        )
         proposed_entry = self._signing_ctx._rekor._build_dsse_request(
             envelope=content, certificate=cert
         )