Improve method naming in TrustedMaterial interface (#114)

* Improve method naming in TrustedMaterial interface

This implements @haydentherapper's proposal for improved naming for the methods in the TrustedMaterial interface: #71

Signed-off-by: Cody Soyland <[email protected]>

* Rename ParseRekorLogs to ParseTransparencyLogs

Signed-off-by: Cody Soyland <[email protected]>

---------

Signed-off-by: Cody Soyland <[email protected]>

cmd/conformance/main.go

@@ -237,12 +237,12 @@ func main() {
 			os.Exit(1)
 		}
 
-		if len(tr.TSACertificateAuthorities()) > 0 && len(bundleTimestamps) > 0 {
+		if len(tr.TimestampingAuthorities()) > 0 && len(bundleTimestamps) > 0 {
 			verifierConfig = append(verifierConfig, verify.WithSignedTimestamps(1))
 		}
 
 		// Check bundle and trusted root for Tlog information
-		if len(tr.TlogAuthorities()) > 0 && b.HasInclusionPromise() {
+		if len(tr.RekorLogs()) > 0 && b.HasInclusionPromise() {
 			verifierConfig = append(verifierConfig, verify.WithTransparencyLog(1), verify.WithIntegratedTimestamps(1))
 		}
 

go.mod

@@ -16,7 +16,7 @@ require (
 	github.com/sigstore/sigstore v1.8.2
 	github.com/sigstore/timestamp-authority v1.2.2
 	github.com/stretchr/testify v1.9.0
-	github.com/theupdateframework/go-tuf/v2 v2.0.0-20240222081530-454b12158917
+	github.com/theupdateframework/go-tuf/v2 v2.0.0-20240223092044-1e7978e83f63
 	golang.org/x/crypto v0.20.0
 	golang.org/x/mod v0.15.0
 	google.golang.org/protobuf v1.32.0

go.sum

@@ -298,6 +298,8 @@ github.com/theupdateframework/go-tuf v0.7.0 h1:CqbQFrWo1ae3/I0UCblSbczevCCbS31Qv
 github.com/theupdateframework/go-tuf v0.7.0/go.mod h1:uEB7WSY+7ZIugK6R1hiBMBjQftaFzn7ZCDJcp1tCUug=
 github.com/theupdateframework/go-tuf/v2 v2.0.0-20240222081530-454b12158917 h1:Ov8+IAeR7pivNDC0Cd25MyyaCR3WPlGBED4wNxIFQ8s=
 github.com/theupdateframework/go-tuf/v2 v2.0.0-20240222081530-454b12158917/go.mod h1:+gWwqe1pk4nvGeOKosGJqPgD+N/kbD9M0QVLL9TGIYU=
+github.com/theupdateframework/go-tuf/v2 v2.0.0-20240223092044-1e7978e83f63 h1:27XWhDZHPD+cufF6qSdYx6PgGQvD2jJ6pq9sDvR6VBk=
+github.com/theupdateframework/go-tuf/v2 v2.0.0-20240223092044-1e7978e83f63/go.mod h1:+gWwqe1pk4nvGeOKosGJqPgD+N/kbD9M0QVLL9TGIYU=
 github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 h1:e/5i7d4oYZ+C1wj2THlRK+oAhjeS/TRQwMfkIuet3w0=
 github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399/go.mod h1:LdwHTNJT99C5fTAzDz0ud328OgXz+gierycbcIx2fRs=
 github.com/transparency-dev/merkle v0.0.2 h1:Q9nBoQcZcgPamMkGn7ghV8XiTZ/kRxn1yCG81+twTK4=

pkg/root/trusted_material.go

@@ -22,29 +22,29 @@ import (
 )
 
 type TrustedMaterial interface {
-	TSACertificateAuthorities() []CertificateAuthority
+	TimestampingAuthorities() []CertificateAuthority
 	FulcioCertificateAuthorities() []CertificateAuthority
-	TlogAuthorities() map[string]*TlogAuthority
-	CTlogAuthorities() map[string]*TlogAuthority
+	RekorLogs() map[string]*TransparencyLog
+	CTLogs() map[string]*TransparencyLog
 	PublicKeyVerifier(string) (TimeConstrainedVerifier, error)
 }
 
 type BaseTrustedMaterial struct{}
 
-func (b *BaseTrustedMaterial) TSACertificateAuthorities() []CertificateAuthority {
+func (b *BaseTrustedMaterial) TimestampingAuthorities() []CertificateAuthority {
 	return []CertificateAuthority{}
 }
 
 func (b *BaseTrustedMaterial) FulcioCertificateAuthorities() []CertificateAuthority {
 	return []CertificateAuthority{}
 }
 
-func (b *BaseTrustedMaterial) TlogAuthorities() map[string]*TlogAuthority {
-	return map[string]*TlogAuthority{}
+func (b *BaseTrustedMaterial) RekorLogs() map[string]*TransparencyLog {
+	return map[string]*TransparencyLog{}
 }
 
-func (b *BaseTrustedMaterial) CTlogAuthorities() map[string]*TlogAuthority {
-	return map[string]*TlogAuthority{}
+func (b *BaseTrustedMaterial) CTLogs() map[string]*TransparencyLog {
+	return map[string]*TransparencyLog{}
 }
 
 func (b *BaseTrustedMaterial) PublicKeyVerifier(_ string) (TimeConstrainedVerifier, error) {
@@ -67,10 +67,10 @@ func (tmc TrustedMaterialCollection) PublicKeyVerifier(keyID string) (TimeConstr
 	return nil, fmt.Errorf("public key verifier not found for keyID: %s", keyID)
 }
 
-func (tmc TrustedMaterialCollection) TSACertificateAuthorities() []CertificateAuthority {
+func (tmc TrustedMaterialCollection) TimestampingAuthorities() []CertificateAuthority {
 	var certAuthorities []CertificateAuthority
 	for _, tm := range tmc {
-		certAuthorities = append(certAuthorities, tm.TSACertificateAuthorities()...)
+		certAuthorities = append(certAuthorities, tm.TimestampingAuthorities()...)
 	}
 	return certAuthorities
 }
@@ -83,24 +83,24 @@ func (tmc TrustedMaterialCollection) FulcioCertificateAuthorities() []Certificat
 	return certAuthorities
 }
 
-func (tmc TrustedMaterialCollection) TlogAuthorities() map[string]*TlogAuthority {
-	tlogAuthorities := make(map[string]*TlogAuthority)
+func (tmc TrustedMaterialCollection) RekorLogs() map[string]*TransparencyLog {
+	rekorLogs := make(map[string]*TransparencyLog)
 	for _, tm := range tmc {
-		for keyID, tlogVerifier := range tm.TlogAuthorities() {
-			tlogAuthorities[keyID] = tlogVerifier
+		for keyID, tlogVerifier := range tm.RekorLogs() {
+			rekorLogs[keyID] = tlogVerifier
 		}
 	}
-	return tlogAuthorities
+	return rekorLogs
 }
 
-func (tmc TrustedMaterialCollection) CTlogAuthorities() map[string]*TlogAuthority {
-	tlogAuthorities := make(map[string]*TlogAuthority)
+func (tmc TrustedMaterialCollection) CTLogs() map[string]*TransparencyLog {
+	rekorLogs := make(map[string]*TransparencyLog)
 	for _, tm := range tmc {
-		for keyID, tlogVerifier := range tm.CTlogAuthorities() {
-			tlogAuthorities[keyID] = tlogVerifier
+		for keyID, tlogVerifier := range tm.CTLogs() {
+			rekorLogs[keyID] = tlogVerifier
 		}
 	}
-	return tlogAuthorities
+	return rekorLogs
 }
 
 type ValidityPeriodChecker interface {

pkg/root/trusted_root.go

@@ -35,11 +35,11 @@ const TrustedRootMediaType01 = "application/vnd.dev.sigstore.trustedroot+json;ve
 
 type TrustedRoot struct {
 	BaseTrustedMaterial
-	trustedRoot           *prototrustroot.TrustedRoot
-	tlogAuthorities       map[string]*TlogAuthority
-	fulcioCertAuthorities []CertificateAuthority
-	ctLogAuthorities      map[string]*TlogAuthority
-	tsaCertAuthorities    []CertificateAuthority
+	trustedRoot             *prototrustroot.TrustedRoot
+	rekorLogs               map[string]*TransparencyLog
+	fulcioCertAuthorities   []CertificateAuthority
+	ctLogs                  map[string]*TransparencyLog
+	timestampingAuthorities []CertificateAuthority
 }
 
 type CertificateAuthority struct {
@@ -50,7 +50,7 @@ type CertificateAuthority struct {
 	ValidityPeriodEnd   time.Time
 }
 
-type TlogAuthority struct {
+type TransparencyLog struct {
 	BaseURL             string
 	ID                  []byte
 	ValidityPeriodStart time.Time
@@ -62,20 +62,20 @@ type TlogAuthority struct {
 	SignatureHashFunc crypto.Hash
 }
 
-func (tr *TrustedRoot) TSACertificateAuthorities() []CertificateAuthority {
-	return tr.tsaCertAuthorities
+func (tr *TrustedRoot) TimestampingAuthorities() []CertificateAuthority {
+	return tr.timestampingAuthorities
 }
 
 func (tr *TrustedRoot) FulcioCertificateAuthorities() []CertificateAuthority {
 	return tr.fulcioCertAuthorities
 }
 
-func (tr *TrustedRoot) TlogAuthorities() map[string]*TlogAuthority {
-	return tr.tlogAuthorities
+func (tr *TrustedRoot) RekorLogs() map[string]*TransparencyLog {
+	return tr.rekorLogs
 }
 
-func (tr *TrustedRoot) CTlogAuthorities() map[string]*TlogAuthority {
-	return tr.ctLogAuthorities
+func (tr *TrustedRoot) CTLogs() map[string]*TransparencyLog {
+	return tr.ctLogs
 }
 
 func NewTrustedRootFromProtobuf(protobufTrustedRoot *prototrustroot.TrustedRoot) (trustedRoot *TrustedRoot, err error) {
@@ -84,7 +84,7 @@ func NewTrustedRootFromProtobuf(protobufTrustedRoot *prototrustroot.TrustedRoot)
 	}
 
 	trustedRoot = &TrustedRoot{trustedRoot: protobufTrustedRoot}
-	trustedRoot.tlogAuthorities, err = ParseTlogAuthorities(protobufTrustedRoot.GetTlogs())
+	trustedRoot.rekorLogs, err = ParseTransparencyLogs(protobufTrustedRoot.GetTlogs())
 	if err != nil {
 		return nil, err
 	}
@@ -94,21 +94,21 @@ func NewTrustedRootFromProtobuf(protobufTrustedRoot *prototrustroot.TrustedRoot)
 		return nil, err
 	}
 
-	trustedRoot.tsaCertAuthorities, err = ParseCertificateAuthorities(protobufTrustedRoot.GetTimestampAuthorities())
+	trustedRoot.timestampingAuthorities, err = ParseCertificateAuthorities(protobufTrustedRoot.GetTimestampAuthorities())
 	if err != nil {
 		return nil, err
 	}
 
-	trustedRoot.ctLogAuthorities, err = ParseTlogAuthorities(protobufTrustedRoot.GetCtlogs())
+	trustedRoot.ctLogs, err = ParseTransparencyLogs(protobufTrustedRoot.GetCtlogs())
 	if err != nil {
 		return nil, err
 	}
 
 	return trustedRoot, nil
 }
 
-func ParseTlogAuthorities(tlogs []*prototrustroot.TransparencyLogInstance) (tlogAuthorities map[string]*TlogAuthority, err error) {
-	tlogAuthorities = make(map[string]*TlogAuthority)
+func ParseTransparencyLogs(tlogs []*prototrustroot.TransparencyLogInstance) (transparencyLogs map[string]*TransparencyLog, err error) {
+	transparencyLogs = make(map[string]*TransparencyLog)
 	for _, tlog := range tlogs {
 		if tlog.GetHashAlgorithm() != protocommon.HashAlgorithm_SHA2_256 {
 			return nil, fmt.Errorf("unsupported tlog hash algorithm: %s", tlog.GetHashAlgorithm())
@@ -147,7 +147,7 @@ func ParseTlogAuthorities(tlogs []*prototrustroot.TransparencyLogInstance) (tlog
 			if ecKey, ok = key.(*ecdsa.PublicKey); !ok {
 				return nil, fmt.Errorf("tlog public key is not ECDSA P256")
 			}
-			tlogAuthorities[encodedKeyID] = &TlogAuthority{
+			transparencyLogs[encodedKeyID] = &TransparencyLog{
 				BaseURL:           tlog.GetBaseUrl(),
 				ID:                tlog.GetLogId().GetKeyId(),
 				HashFunc:          hashFunc,
@@ -156,12 +156,12 @@ func ParseTlogAuthorities(tlogs []*prototrustroot.TransparencyLogInstance) (tlog
 			}
 			if validFor := tlog.GetPublicKey().GetValidFor(); validFor != nil {
 				if validFor.GetStart() != nil {
-					tlogAuthorities[encodedKeyID].ValidityPeriodStart = validFor.GetStart().AsTime()
+					transparencyLogs[encodedKeyID].ValidityPeriodStart = validFor.GetStart().AsTime()
 				} else {
 					return nil, fmt.Errorf("tlog missing public key validity period start time")
 				}
 				if validFor.GetEnd() != nil {
-					tlogAuthorities[encodedKeyID].ValidityPeriodEnd = validFor.GetEnd().AsTime()
+					transparencyLogs[encodedKeyID].ValidityPeriodEnd = validFor.GetEnd().AsTime()
 				}
 			} else {
 				return nil, fmt.Errorf("tlog missing public key validity period")
@@ -170,7 +170,7 @@ func ParseTlogAuthorities(tlogs []*prototrustroot.TransparencyLogInstance) (tlog
 			return nil, fmt.Errorf("unsupported tlog public key type: %s", tlog.GetPublicKey().GetKeyDetails())
 		}
 	}
-	return tlogAuthorities, nil
+	return transparencyLogs, nil
 }
 
 func ParseCertificateAuthorities(certAuthorities []*prototrustroot.CertificateAuthority) (certificateAuthorities []CertificateAuthority, err error) {
@@ -329,10 +329,10 @@ func NewLiveTrustedRoot(opts *tuf.Options) (*LiveTrustedRoot, error) {
 	return ltr, nil
 }
 
-func (l *LiveTrustedRoot) TSACertificateAuthorities() []CertificateAuthority {
+func (l *LiveTrustedRoot) TimestampingAuthorities() []CertificateAuthority {
 	l.mu.RLock()
 	defer l.mu.RUnlock()
-	return l.TrustedRoot.TSACertificateAuthorities()
+	return l.TrustedRoot.TimestampingAuthorities()
 }
 
 func (l *LiveTrustedRoot) FulcioCertificateAuthorities() []CertificateAuthority {
@@ -341,16 +341,16 @@ func (l *LiveTrustedRoot) FulcioCertificateAuthorities() []CertificateAuthority
 	return l.TrustedRoot.FulcioCertificateAuthorities()
 }
 
-func (l *LiveTrustedRoot) TlogAuthorities() map[string]*TlogAuthority {
+func (l *LiveTrustedRoot) RekorLogs() map[string]*TransparencyLog {
 	l.mu.RLock()
 	defer l.mu.RUnlock()
-	return l.TrustedRoot.TlogAuthorities()
+	return l.TrustedRoot.RekorLogs()
 }
 
-func (l *LiveTrustedRoot) CTlogAuthorities() map[string]*TlogAuthority {
+func (l *LiveTrustedRoot) CTLogs() map[string]*TransparencyLog {
 	l.mu.RLock()
 	defer l.mu.RUnlock()
-	return l.TrustedRoot.CTlogAuthorities()
+	return l.TrustedRoot.CTLogs()
 }
 
 func (l *LiveTrustedRoot) PublicKeyVerifier(keyID string) (TimeConstrainedVerifier, error) {

pkg/testing/ca/ca.go

@@ -426,21 +426,21 @@ func generateTimestampingResponse(sig []byte, tsaCert *x509.Certificate, tsaKey
 	return tsTemplate.CreateResponseWithOpts(tsaCert, tsaKey, hash)
 }
 
-func (ca *VirtualSigstore) TSACertificateAuthorities() []root.CertificateAuthority {
+func (ca *VirtualSigstore) TimestampingAuthorities() []root.CertificateAuthority {
 	return []root.CertificateAuthority{ca.tsaCA}
 }
 
 func (ca *VirtualSigstore) FulcioCertificateAuthorities() []root.CertificateAuthority {
 	return []root.CertificateAuthority{ca.fulcioCA}
 }
 
-func (ca *VirtualSigstore) TlogAuthorities() map[string]*root.TlogAuthority {
-	verifiers := make(map[string]*root.TlogAuthority)
+func (ca *VirtualSigstore) RekorLogs() map[string]*root.TransparencyLog {
+	verifiers := make(map[string]*root.TransparencyLog)
 	logID, err := getLogID(ca.rekorKey.Public())
 	if err != nil {
 		panic(err)
 	}
-	verifiers[logID] = &root.TlogAuthority{
+	verifiers[logID] = &root.TransparencyLog{
 		BaseURL:             "test",
 		ID:                  []byte(logID),
 		ValidityPeriodStart: time.Now().Add(-time.Hour),
@@ -451,13 +451,13 @@ func (ca *VirtualSigstore) TlogAuthorities() map[string]*root.TlogAuthority {
 	return verifiers
 }
 
-func (ca *VirtualSigstore) CTlogAuthorities() map[string]*root.TlogAuthority {
-	verifiers := make(map[string]*root.TlogAuthority)
+func (ca *VirtualSigstore) CTLogs() map[string]*root.TransparencyLog {
+	verifiers := make(map[string]*root.TransparencyLog)
 	logID, err := getLogID(ca.ctlogKey.Public())
 	if err != nil {
 		panic(err)
 	}
-	verifiers[logID] = &root.TlogAuthority{
+	verifiers[logID] = &root.TransparencyLog{
 		BaseURL:             "test",
 		ID:                  []byte(logID),
 		ValidityPeriodStart: time.Now().Add(-time.Hour),

pkg/tlog/entry.go

@@ -256,7 +256,7 @@ func VerifyInclusion(entry *Entry, verifier signature.Verifier) error {
 	return nil
 }
 
-func VerifySET(entry *Entry, verifiers map[string]*root.TlogAuthority) error {
+func VerifySET(entry *Entry, verifiers map[string]*root.TransparencyLog) error {
 	rekorPayload := RekorPayload{
 		Body:           entry.logEntryAnon.Body,
 		IntegratedTime: *entry.logEntryAnon.IntegratedTime,

pkg/verify/sct.go

@@ -28,10 +28,10 @@ import (
 // VerifySignedCertificateTimestamp, given a threshold, TrustedMaterial, and a
 // leaf certificate, will extract SCTs from the leaf certificate and verify the
 // timestamps using the TrustedMaterial's FulcioCertificateAuthorities() and
-// CTlogAuthorities()
+// CTLogs()
 // TODO(issue#46): Add unit tests
 func VerifySignedCertificateTimestamp(leafCert *x509.Certificate, threshold int, trustedMaterial root.TrustedMaterial) error { // nolint: revive
-	ctlogs := trustedMaterial.CTlogAuthorities()
+	ctlogs := trustedMaterial.CTLogs()
 	fulcioCerts := trustedMaterial.FulcioCertificateAuthorities()
 
 	scts, err := x509util.ParseSCTsFromCertificate(leafCert.Raw)

pkg/verify/signed_entity.go

@@ -118,7 +118,7 @@ func WithOnlineVerification() VerifierOption {
 
 // WithSignedTimestamps configures the SignedEntityVerifier to expect RFC 3161
 // timestamps from a Timestamp Authority, verify them using the TrustedMaterial's
-// TSACertificateAuthorities(), and, if it exists, use the resulting timestamp(s)
+// TimestampingAuthorities(), and, if it exists, use the resulting timestamp(s)
 // to verify the Fulcio certificate.
 func WithSignedTimestamps(threshold int) VerifierOption {
 	return func(c *VerifierConfig) error {
@@ -134,7 +134,7 @@ func WithSignedTimestamps(threshold int) VerifierOption {
 // WithObserverTimestamps configures the SignedEntityVerifier to expect
 // timestamps from either an RFC3161 timestamp authority or a log's
 // SignedEntryTimestamp. These are verified using the TrustedMaterial's
-// TSACertificateAuthorities() or TlogAuthorities(), and used to verify
+// TimestampingAuthorities() or RekorLogs(), and used to verify
 // the Fulcio certificate.
 func WithObserverTimestamps(threshold int) VerifierOption {
 	return func(c *VerifierConfig) error {
@@ -149,7 +149,7 @@ func WithObserverTimestamps(threshold int) VerifierOption {
 
 // WithTransparencyLog configures the SignedEntityVerifier to expect
 // Transparency Log inclusion proofs or SignedEntryTimestamps, verifying them
-// using the TrustedMaterial's TlogAuthorities().
+// using the TrustedMaterial's RekorLogs().
 func WithTransparencyLog(threshold int) VerifierOption {
 	return func(c *VerifierConfig) error {
 		if threshold < 1 {

pkg/verify/tlog.go

@@ -82,7 +82,7 @@ func VerifyArtifactTransparencyLog(entity SignedEntity, trustedMaterial root.Tru
 				return nil, fmt.Errorf("entry must contain an inclusion proof and/or promise")
 			}
 			if entry.HasInclusionPromise() {
-				err = tlog.VerifySET(entry, trustedMaterial.TlogAuthorities())
+				err = tlog.VerifySET(entry, trustedMaterial.RekorLogs())
 				if err != nil {
 					// skip entries the trust root cannot verify
 					continue
@@ -94,7 +94,7 @@ func VerifyArtifactTransparencyLog(entity SignedEntity, trustedMaterial root.Tru
 			if entity.HasInclusionProof() {
 				keyID := entry.LogKeyID()
 				hex64Key := hex.EncodeToString([]byte(keyID))
-				tlogVerifier, ok := trustedMaterial.TlogAuthorities()[hex64Key]
+				tlogVerifier, ok := trustedMaterial.RekorLogs()[hex64Key]
 				if !ok {
 					// skip entries the trust root cannot verify
 					continue
@@ -114,7 +114,7 @@ func VerifyArtifactTransparencyLog(entity SignedEntity, trustedMaterial root.Tru
 		} else {
 			keyID := entry.LogKeyID()
 			hex64Key := hex.EncodeToString([]byte(keyID))
-			tlogVerifier, ok := trustedMaterial.TlogAuthorities()[hex64Key]
+			tlogVerifier, ok := trustedMaterial.RekorLogs()[hex64Key]
 			if !ok {
 				// skip entries the trust root cannot verify
 				continue