diff --git a/sigstore/_internal/rekor/checkpoint.py b/sigstore/_internal/rekor/checkpoint.py index 87ac48381..cc1389658 100644 --- a/sigstore/_internal/rekor/checkpoint.py +++ b/sigstore/_internal/rekor/checkpoint.py @@ -27,11 +27,11 @@ from pydantic import BaseModel, Field, StrictStr -from sigstore._internal.trust import RekorKeyring from sigstore._utils import KeyID from sigstore.errors import VerificationError if typing.TYPE_CHECKING: + from sigstore._internal.trust import RekorKeyring from sigstore.models import LogEntry diff --git a/sigstore/_internal/sct.py b/sigstore/_internal/sct.py index e9ad5a45f..8fd6cc5b2 100644 --- a/sigstore/_internal/sct.py +++ b/sigstore/_internal/sct.py @@ -37,7 +37,6 @@ from sigstore._internal.trust import CTKeyring from sigstore._utils import ( - DERCert, KeyID, cert_is_ca, key_id, @@ -56,7 +55,7 @@ def _pack_signed_entry( # # [0]: opaque ASN.1Cert<1..2^24-1> pack_format = "!BBB{cert_der_len}s" - cert_der = DERCert(cert.public_bytes(encoding=serialization.Encoding.DER)) + cert_der = cert.public_bytes(encoding=serialization.Encoding.DER) elif sct.entry_type == LogEntryType.PRE_CERTIFICATE: if not issuer_key_id or len(issuer_key_id) != 32: raise VerificationError("API misuse: issuer key ID missing") @@ -68,7 +67,7 @@ def _pack_signed_entry( pack_format = "!32sBBB{cert_der_len}s" # Precertificates must have their SCT list extension filtered out. - cert_der = DERCert(cert.tbs_precertificate_bytes) + cert_der = cert.tbs_precertificate_bytes fields.append(issuer_key_id) else: raise VerificationError(f"unknown SCT log entry type: {sct.entry_type!r}") diff --git a/sigstore/_utils.py b/sigstore/_utils.py index 302560ef5..970d77d81 100644 --- a/sigstore/_utils.py +++ b/sigstore/_utils.py @@ -56,14 +56,6 @@ """ A newtype for `str` objects that contain base64 encoded strings. """ -PEMCert = NewType("PEMCert", str) -""" -A newtype for `str` objects that contain PEM-encoded certificates. -""" -DERCert = NewType("DERCert", bytes) -""" -A newtype for `bytes` objects that contain DER-encoded certificates. -""" KeyID = NewType("KeyID", bytes) """ A newtype for `bytes` objects that contain a key id.