integrate @sigstore/sign package into client (#629)

Signed-off-by: Brian DeHamer <[email protected]>

.changeset/khaki-camels-train.md

@@ -0,0 +1,5 @@
+---
+'sigstore': minor
+---
+
+Integrate `@sigstore/sign` package

packages/client/package.json

@@ -32,12 +32,14 @@
   "devDependencies": {
     "@sigstore/rekor-types": "^1.0.0",
     "@sigstore/jest": "^0.0.0",
+    "@sigstore/mock": "^0.1.1",
     "@tufjs/repo-mock": "^1.1.0",
     "@types/make-fetch-happen": "^10.0.0"
   },
   "dependencies": {
     "@sigstore/bundle": "^1.0.0",
     "@sigstore/protobuf-specs": "^0.2.0",
+    "@sigstore/sign": "^0.0.0",
     "@sigstore/tuf": "^1.0.3",
     "make-fetch-happen": "^11.0.1"
   },

packages/client/src/__tests__/config.test.ts

@@ -1,11 +1,99 @@
+/*
+Copyright 2023 The Sigstore Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
 import { SubjectAlternativeNameType } from '@sigstore/protobuf-specs';
 import {
-  artifactVerificationOptions,
-  IdentityProviderOptions,
-  identityProviders,
+  DSSEBundleBuilder,
+  MessageSignatureBundleBuilder,
+} from '@sigstore/sign';
+import {
   VerifyOptions,
+  artifactVerificationOptions,
+  createBundleBuilder,
 } from '../config';
 
+describe('createBundleBuilder', () => {
+  describe('when the bundleType is messageSignature', () => {
+    const bundleType = 'messageSignature';
+
+    describe('when a custom signer is provided', () => {
+      const options = { signer: jest.fn() };
+
+      it('returns a MessageSignatureBundleBuilder', () => {
+        const bundler = createBundleBuilder(bundleType, options);
+        expect(bundler).toBeInstanceOf(MessageSignatureBundleBuilder);
+      });
+    });
+
+    describe('when a custom signer is NOT provided', () => {
+      describe('when a hard-coded OIDC token is provided', () => {
+        const options = { identityToken: 'abc' };
+        it('returns a MessageSignatureBundleBuilder', () => {
+          const bundler = createBundleBuilder(bundleType, options);
+          expect(bundler).toBeInstanceOf(MessageSignatureBundleBuilder);
+        });
+      });
+
+      describe('when an OIDC issuer is provided', () => {
+        const options = {
+          oidcIssuer: 'https://example.com',
+          oidcClientID: 'abc',
+        };
+        it('returns a MessageSignatureBundleBuilder', () => {
+          const bundler = createBundleBuilder(bundleType, options);
+          expect(bundler).toBeInstanceOf(MessageSignatureBundleBuilder);
+        });
+      });
+
+      describe('when no OIDC options are provided', () => {
+        it('returns a MessageSignatureBundleBuilder', () => {
+          const bundler = createBundleBuilder(bundleType, {});
+          expect(bundler).toBeInstanceOf(MessageSignatureBundleBuilder);
+        });
+      });
+    });
+
+    describe('when Rekor is disabled', () => {
+      const options = { tlogUpload: false };
+
+      it('returns a MessageSignatureBundleBuilder', () => {
+        const bundler = createBundleBuilder(bundleType, options);
+        expect(bundler).toBeInstanceOf(MessageSignatureBundleBuilder);
+      });
+    });
+
+    describe('when TSA is enabled', () => {
+      const options = { tsaServerURL: 'https://tsa.example.com' };
+
+      it('returns a MessageSignatureBundleBuilder', () => {
+        const bundler = createBundleBuilder(bundleType, options);
+        expect(bundler).toBeInstanceOf(MessageSignatureBundleBuilder);
+      });
+    });
+  });
+
+  describe('when the bundleType is dsseEnvelope', () => {
+    const bundleType = 'dsseEnvelope';
+
+    it('returns a MessageSignatureBundleBuilder', () => {
+      const bundler = createBundleBuilder(bundleType, {});
+      expect(bundler).toBeInstanceOf(DSSEBundleBuilder);
+    });
+  });
+});
+
 describe('artifactVerificationOptions', () => {
   describe('when no certificate issuer is provided', () => {
     it('returns the default options', () => {
@@ -179,46 +267,3 @@ describe('artifactVerificationOptions', () => {
     });
   });
 });
-
-describe('identityProvider', () => {
-  describe('when no options are supplied', () => {
-    const options: IdentityProviderOptions = {};
-
-    it('returns the static IdentityProvider', async () => {
-      const result = identityProviders(options);
-      expect(result).toBeDefined();
-      expect(result).toHaveLength(1);
-
-      const { getToken } = result[0];
-      await expect(getToken()).rejects.toThrowError();
-    });
-  });
-
-  describe('when a static token is provided', () => {
-    const options: IdentityProviderOptions = {
-      identityToken: 'token',
-    };
-
-    it('returns the CI IdentityProvider', async () => {
-      const result = identityProviders(options);
-      expect(result).toBeDefined();
-      expect(result).toHaveLength(1);
-
-      const { getToken } = result[0];
-      await expect(getToken()).resolves.toEqual(options.identityToken);
-    });
-  });
-
-  describe('when OAuth config options are provided', () => {
-    const options: IdentityProviderOptions = {
-      oidcIssuer: 'https://example.com',
-      oidcClientID: 'client-id',
-    };
-
-    it('returns both the CI and OAuth IdentityProviders', async () => {
-      const result = identityProviders(options);
-      expect(result).toBeDefined();
-      expect(result).toHaveLength(2);
-    });
-  });
-});