The Repository trait and ManualRepository struct no longer require a feature flag

Cargo.toml

@@ -9,7 +9,7 @@ readme = "README.md"
 repository = "https://github.com/sigstore/sigstore-rs"
 
 [features]
-default = ["full-native-tls", "cached-client", "tuf", "sign"]
+default = ["full-native-tls", "cached-client", "sigstore-trust-root", "sign"]
 wasm = ["getrandom/js"]
 
 full-native-tls = [
@@ -40,7 +40,7 @@ rekor-native-tls = ["reqwest/native-tls", "rekor"]
 rekor-rustls-tls = ["reqwest/rustls-tls", "rekor"]
 rekor = ["reqwest"]
 
-tuf = ["tough", "regex"]
+sigstore-trust-root = ["tough", "regex"]
 
 sign = []
 

examples/cosign/verify/main.rs

@@ -22,7 +22,7 @@ use sigstore::cosign::{CosignCapabilities, SignatureLayer};
 use sigstore::crypto::SigningScheme;
 use sigstore::errors::SigstoreVerifyConstraintsError;
 use sigstore::registry::{ClientConfig, ClientProtocol, OciReference};
-use sigstore::tuf::SigstoreRepository;
+use sigstore::trust::sigstore::SigstoreTrustRoot;
 use std::boxed::Box;
 use std::convert::TryFrom;
 use std::time::Instant;
@@ -110,7 +110,7 @@ struct Cli {
 
 async fn run_app(
     cli: &Cli,
-    frd: &dyn sigstore::tuf::Repository,
+    frd: &dyn sigstore::trust::TrustRoot,
 ) -> anyhow::Result<(Vec<SignatureLayer>, VerificationConstraintVec)> {
     // Note well: this a limitation deliberately introduced by this example.
     if cli.cert_email.is_some() && cli.cert_url.is_some() {
@@ -228,19 +228,19 @@ async fn run_app(
     Ok((trusted_layers, verification_constraints))
 }
 
-async fn fulcio_and_rekor_data(cli: &Cli) -> anyhow::Result<Box<dyn sigstore::tuf::Repository>> {
+async fn fulcio_and_rekor_data(cli: &Cli) -> anyhow::Result<Box<dyn sigstore::trust::TrustRoot>> {
     if cli.use_sigstore_tuf_data {
-        let repo: sigstore::errors::Result<SigstoreRepository> = spawn_blocking(|| {
+        let repo: sigstore::errors::Result<SigstoreTrustRoot> = spawn_blocking(|| {
             info!("Downloading data from Sigstore TUF repository");
-            SigstoreRepository::new(None)?.prefetch()
+            SigstoreTrustRoot::new(None)?.prefetch()
         })
         .await
         .map_err(|e| anyhow!("Error spawning blocking task inside of tokio: {}", e))?;
 
         return Ok(Box::new(repo?));
     };
 
-    let mut data = sigstore::tuf::ManualRepository::default();
+    let mut data = sigstore::trust::ManualTrustRoot::default();
     if let Some(path) = cli.rekor_pub_key.as_ref() {
         data.rekor_key = Some(
             fs::read(path)

src/cosign/client_builder.rs

@@ -21,24 +21,24 @@ use crate::crypto::SigningScheme;
 use crate::crypto::{certificate_pool::CertificatePool, CosignVerificationKey};
 use crate::errors::Result;
 use crate::registry::ClientConfig;
-use crate::tuf::Repository;
+use crate::trust::TrustRoot;
 
 /// A builder that generates Client objects.
 ///
 /// ## Rekor integration
 ///
 /// Rekor integration can be enabled by specifying Rekor's public key.
-/// This can be provided via a [`crate::tuf::ManualRepository`].
+/// This can be provided via a [`crate::sigstore::ManualTrustRoot`].
 ///
-/// > Note well: the [`tuf`](crate::tuf) module provides helper structs and methods
+/// > Note well: the [`sigstore`](crate::sigstore) module provides helper structs and methods
 /// > to obtain this data from the official TUF repository of the Sigstore project.
 ///
 /// ## Fulcio integration
 ///
 /// Fulcio integration can be enabled by specifying Fulcio's certificate.
-/// This can be provided via a [`crate::tuf::ManualRepository`].
+/// This can be provided via a [`crate::sigstore::ManualTrustRoot`].
 ///
-/// > Note well: the [`tuf`](crate::tuf) module provides helper structs and methods
+/// > Note well: the [`sigstore`](crate::sigstore) module provides helper structs and methods
 /// > to obtain this data from the official TUF repository of the Sigstore project.
 ///
 /// ## Registry caching
@@ -71,8 +71,8 @@ impl<'a> ClientBuilder<'a> {
     /// Optional - Configures the roots of trust.
     ///
     /// Enables Fulcio and Rekor integration with the given trust repository.
-    /// See [crate::tuf::Repository] for more details on trust repositories.
-    pub fn with_trust_repository<R: Repository + ?Sized>(mut self, repo: &'a R) -> Result<Self> {
+    /// See [crate::sigstore::TrustRoot] for more details on trust repositories.
+    pub fn with_trust_repository<R: TrustRoot + ?Sized>(mut self, repo: &'a R) -> Result<Self> {
         let rekor_keys = repo.rekor_keys()?;
         if !rekor_keys.is_empty() {
             self.rekor_pub_key = Some(rekor_keys[0]);

src/cosign/mod.rs

@@ -102,12 +102,12 @@ pub trait CosignCapabilities {
     /// must be satisfied:
     ///
     /// * The [`sigstore::cosign::Client`](crate::cosign::client::Client) must
-    ///   have been created with Rekor integration enabled (see [`crate::tuf::ManualRepository`])
+    ///   have been created with Rekor integration enabled (see [`crate::sigstore::ManualTrustRoot`])
     /// * The [`sigstore::cosign::Client`](crate::cosign::client::Client) must
-    ///   have been created with Fulcio integration enabled (see [`crate::tuf::ManualRepository])
+    ///   have been created with Fulcio integration enabled (see [`crate::sigstore::ManualTrustRoot])
     /// * The layer must include a bundle produced by Rekor
     ///
-    /// > Note well: the [`tuf`](crate::tuf) module provides helper structs and methods
+    /// > Note well: the [`sigstore`](crate::sigstore) module provides helper structs and methods
     /// > to obtain this data from the official TUF repository of the Sigstore project.
     ///
     /// When the embedded certificate cannot be verified, [`SignatureLayer::certificate_signature`]

src/errors.rs

@@ -161,7 +161,7 @@ pub enum SigstoreError {
     #[error("No Signature Layer passed verification")]
     SigstoreNoVerifiedLayer,
 
-    #[cfg(feature = "tuf")]
+    #[cfg(feature = "sigstore-trust-root")]
     #[error(transparent)]
     TufError(#[from] Box<tough::error::Error>),
 

src/lib.rs

@@ -58,7 +58,7 @@
 //!
 //! Verify the signature of a container image/oci artifact:
 //!
-//! ```rust,no_run
+//!```rust,no_run
 //! use crate::sigstore::cosign::{
 //!     CosignCapabilities,
 //!     verify_constraints,
@@ -92,7 +92,7 @@
 //!     data: fulcio_cert_data
 //!   };
 //!
-//!   let mut repo = sigstore::tuf::ManualRepository {
+//!   let mut repo = sigstore::trust::ManualTrustRoot {
 //!     fulcio_certs: Some(vec![fulcio_cert.try_into().unwrap()]),
 //!     rekor_key: Some(rekor_pub_key),
 //!     ..Default::default()
@@ -228,7 +228,7 @@
 //! requires the following data to work: Fulcio's certificate and Rekor's public key.
 //!
 //! These files are safely distributed by the Sigstore project via a TUF repository.
-//! The [`sigstore::tuf`](crate::tuf) module provides the helper structures to deal
+//! The [`sigstore::trust::sigstore`](crate::trust::sigstore) module provides the helper structures to deal
 //! with it.
 //!
 //! # Feature Flags
@@ -254,12 +254,13 @@
 //! - `cached-client`: Enables support for OCI registry client caching.
 //!
 //! - `test-registry`: Enables tests based on a temporary OCI registry.
-//! - `tuf`: Enables support for TUF to request for fulcio certs and rekor public key.
+//! - `sigstore-trust-root`: Enables support for TUF to request for fulcio certs and rekor public key.
 
 #![forbid(unsafe_code)]
 #![warn(clippy::unwrap_used, clippy::panic)]
 
 pub mod crypto;
+pub mod trust;
 
 #[cfg(feature = "mock-client")]
 mod mock_client;
@@ -281,9 +282,6 @@ pub mod registry;
 #[cfg(feature = "rekor")]
 pub mod rekor;
 
-#[cfg(feature = "tuf")]
-pub mod tuf;
-
 // Don't export yet -- these types should only be useful internally.
 mod bundle;
 pub use bundle::Bundle;

src/trust/mod.rs

@@ -0,0 +1,49 @@
+//
+// Copyright 2024 The Sigstore Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+use webpki::types::CertificateDer;
+
+#[cfg(feature = "sigstore-trust-root")]
+pub mod sigstore;
+
+/// A `TrustRoot` owns all key material necessary for establishing a root of trust.
+pub trait TrustRoot {
+    fn fulcio_certs(&self) -> crate::errors::Result<Vec<CertificateDer>>;
+    fn rekor_keys(&self) -> crate::errors::Result<Vec<&[u8]>>;
+}
+
+/// A `ManualTrustRoot` is a [TrustRoot] with out-of-band trust materials.
+/// As it does not establish a trust root with TUF, users must initialize its materials themselves.
+#[derive(Debug, Default)]
+pub struct ManualTrustRoot<'a> {
+    pub fulcio_certs: Option<Vec<CertificateDer<'a>>>,
+    pub rekor_key: Option<Vec<u8>>,
+}
+
+impl TrustRoot for ManualTrustRoot<'_> {
+    fn fulcio_certs(&self) -> crate::errors::Result<Vec<CertificateDer>> {
+        Ok(match &self.fulcio_certs {
+            Some(certs) => certs.clone(),
+            None => Vec::new(),
+        })
+    }
+
+    fn rekor_keys(&self) -> crate::errors::Result<Vec<&[u8]>> {
+        Ok(match &self.rekor_key {
+            Some(key) => vec![&key[..]],
+            None => Vec::new(),
+        })
+    }
+}

src/tuf/mod.rs → src/trust/sigstore/mod.rs

@@ -15,20 +15,20 @@
 
 //! Helper Structs to interact with the Sigstore TUF repository.
 //!
-//! The main interaction point is [`SigstoreRepository`], which fetches Rekor's
+//! The main interaction point is [`SigstoreTrustRoot`], which fetches Rekor's
 //! public key and Fulcio's certificate.
 //!
 //! These can later be given to [`cosign::ClientBuilder`](crate::cosign::ClientBuilder)
 //! to enable Fulcio and Rekor integrations.
 //!
 //! # Example
 //!
-//! The `SigstoreRepository` instance can be created via the [`SigstoreRepository::prefetch`]
+//! The `SigstoreRootTrust` instance can be created via the [`SigstoreTrustRoot::prefetch`]
 //! method.
 //!
 //! ```rust,no_run
-//! use sigstore::tuf::SigstoreRepository;
-//! let repo = SigstoreRepository::new(None).unwrap().prefetch().unwrap();
+//! use sigstore::trust::sigstore::SigstoreTrustRoot;
+//! let repo = SigstoreTrustRoot::new(None).unwrap().prefetch().unwrap();
 //! ```
 use std::{
     cell::OnceCell,
@@ -47,47 +47,19 @@ use webpki::types::CertificateDer;
 
 use self::trustroot::{CertificateAuthority, TimeRange, TransparencyLogInstance, TrustedRoot};
 
-use super::errors::{Result, SigstoreError};
+use crate::errors::{Result, SigstoreError};
 
-/// A `Repository` owns all key material necessary for establishing a root of trust.
-pub trait Repository {
-    fn fulcio_certs(&self) -> Result<Vec<CertificateDer>>;
-    fn rekor_keys(&self) -> Result<Vec<&[u8]>>;
-}
-
-/// A `ManualRepository` is a [Repository] with out-of-band trust materials.
-/// As it does not establish a trust root with TUF, users must initialize its materials themselves.
-#[derive(Debug, Default)]
-pub struct ManualRepository<'a> {
-    pub fulcio_certs: Option<Vec<CertificateDer<'a>>>,
-    pub rekor_key: Option<Vec<u8>>,
-}
-
-impl Repository for ManualRepository<'_> {
-    fn fulcio_certs(&self) -> Result<Vec<CertificateDer>> {
-        Ok(match &self.fulcio_certs {
-            Some(certs) => certs.clone(),
-            None => Vec::new(),
-        })
-    }
-
-    fn rekor_keys(&self) -> Result<Vec<&[u8]>> {
-        Ok(match &self.rekor_key {
-            Some(key) => vec![&key[..]],
-            None => Vec::new(),
-        })
-    }
-}
+pub use crate::trust::{ManualTrustRoot, TrustRoot};
 
 /// Securely fetches Rekor public key and Fulcio certificates from Sigstore's TUF repository.
 #[derive(Debug)]
-pub struct SigstoreRepository {
+pub struct SigstoreTrustRoot {
     repository: tough::Repository,
     checkout_dir: Option<PathBuf>,
     trusted_root: OnceCell<TrustedRoot>,
 }
 
-impl SigstoreRepository {
+impl SigstoreTrustRoot {
     /// Constructs a new trust repository established by a [tough::Repository].
     pub fn new(checkout_dir: Option<&Path>) -> Result<Self> {
         // These are statically defined and should always parse correctly.
@@ -136,18 +108,18 @@ impl SigstoreRepository {
 
     /// Prefetches trust materials.
     ///
-    /// [Repository::fulcio_certs()] and [Repository::rekor_keys()] on [SigstoreRepository] lazily
+    /// [TrustRoot::fulcio_certs()] and [TrustRoot::rekor_keys()] on [SigstoreTrustRoot] lazily
     /// fetches the requested data, which is problematic for async callers. Those callers should
     /// use this method to fetch the trust root ahead of time.
     ///
     /// ```rust
     /// # use tokio::task::spawn_blocking;
-    /// # use sigstore::tuf::SigstoreRepository;
+    /// # use sigstore::trust::sigstore::SigstoreTrustRoot;
     /// # use sigstore::errors::Result;
     /// # #[tokio::main]
     /// # async fn main() -> std::result::Result<(), anyhow::Error> {
-    /// let repo: Result<SigstoreRepository> = spawn_blocking(|| Ok(SigstoreRepository::new(None)?.prefetch()?)).await?;
-    /// // Now, get Fulcio and Rekor trust roots with the returned `SigstoreRepository`
+    /// let repo: Result<SigstoreTrustRoot> = spawn_blocking(|| Ok(SigstoreTrustRoot::new(None)?.prefetch()?)).await?;
+    /// // Now, get Fulcio and Rekor trust roots with the returned `SigstoreRootTrust`
     /// # Ok(())
     /// # }
     /// ```
@@ -177,7 +149,7 @@ impl SigstoreRepository {
     }
 }
 
-impl Repository for SigstoreRepository {
+impl crate::trust::TrustRoot for SigstoreTrustRoot {
     /// Fetch Fulcio certificates from the given TUF repository or reuse
     /// the local cache if its contents are not outdated.
     ///