Merge branch 'main' into dependabot/github_actions/actions-82278822e4

Author: jku

sigstore/_internal/rekor/checkpoint.py

@@ -27,11 +27,11 @@
 
 from pydantic import BaseModel, Field, StrictStr
 
-from sigstore._internal.trust import RekorKeyring
 from sigstore._utils import KeyID
 from sigstore.errors import VerificationError
 
 if typing.TYPE_CHECKING:
+    from sigstore._internal.trust import RekorKeyring
     from sigstore.models import LogEntry
 
 

sigstore/_internal/sct.py

@@ -37,7 +37,6 @@
 
 from sigstore._internal.trust import CTKeyring
 from sigstore._utils import (
-    DERCert,
     KeyID,
     cert_is_ca,
     key_id,
@@ -56,7 +55,7 @@ def _pack_signed_entry(
         #
         # [0]: opaque ASN.1Cert<1..2^24-1>
         pack_format = "!BBB{cert_der_len}s"
-        cert_der = DERCert(cert.public_bytes(encoding=serialization.Encoding.DER))
+        cert_der = cert.public_bytes(encoding=serialization.Encoding.DER)
     elif sct.entry_type == LogEntryType.PRE_CERTIFICATE:
         if not issuer_key_id or len(issuer_key_id) != 32:
             raise VerificationError("API misuse: issuer key ID missing")
@@ -68,7 +67,7 @@ def _pack_signed_entry(
         pack_format = "!32sBBB{cert_der_len}s"
 
         # Precertificates must have their SCT list extension filtered out.
-        cert_der = DERCert(cert.tbs_precertificate_bytes)
+        cert_der = cert.tbs_precertificate_bytes
         fields.append(issuer_key_id)
     else:
         raise VerificationError(f"unknown SCT log entry type: {sct.entry_type!r}")

sigstore/_utils.py

@@ -56,14 +56,6 @@
 """
 A newtype for `str` objects that contain base64 encoded strings.
 """
-PEMCert = NewType("PEMCert", str)
-"""
-A newtype for `str` objects that contain PEM-encoded certificates.
-"""
-DERCert = NewType("DERCert", bytes)
-"""
-A newtype for `bytes` objects that contain DER-encoded certificates.
-"""
 KeyID = NewType("KeyID", bytes)
 """
 A newtype for `bytes` objects that contain a key id.