diff --git a/src/bundle/verify/verifier.rs b/src/bundle/verify/verifier.rs index 4b7b173063..07118c8cd8 100644 --- a/src/bundle/verify/verifier.rs +++ b/src/bundle/verify/verifier.rs @@ -16,10 +16,10 @@ use std::io::{self, Read}; +use pki_types::{CertificateDer, UnixTime}; use sha2::{Digest, Sha256}; use tokio::io::{AsyncRead, AsyncReadExt}; use tracing::debug; -use webpki::types::{CertificateDer, UnixTime}; use x509_cert::der::Encode; use crate::{ diff --git a/src/cosign/client_builder.rs b/src/cosign/client_builder.rs index a1f7406353..ff94a4d4ed 100644 --- a/src/cosign/client_builder.rs +++ b/src/cosign/client_builder.rs @@ -13,8 +13,8 @@ // See the License for the specific language governing permissions and // limitations under the License. +use pki_types::CertificateDer; use tracing::info; -use webpki::types::CertificateDer; use super::client::Client; use crate::crypto::SigningScheme; diff --git a/src/cosign/mod.rs b/src/cosign/mod.rs index bf798e4675..eb3b76aaeb 100644 --- a/src/cosign/mod.rs +++ b/src/cosign/mod.rs @@ -281,8 +281,8 @@ where #[cfg(test)] mod tests { + use pki_types::CertificateDer; use serde_json::json; - use webpki::types::CertificateDer; use super::constraint::{AnnotationMarker, PrivateKeySigner}; use super::verification_constraint::cert_subject_email_verifier::StringVerifier; diff --git a/src/cosign/signature_layers.rs b/src/cosign/signature_layers.rs index e62662d7da..46e9ec16e8 100644 --- a/src/cosign/signature_layers.rs +++ b/src/cosign/signature_layers.rs @@ -435,7 +435,7 @@ impl CertificateSignature { // ensure the certificate has been issued by Fulcio fulcio_cert_pool.verify_pem_cert( cert_pem, - Some(webpki::types::UnixTime::since_unix_epoch( + Some(pki_types::UnixTime::since_unix_epoch( cert.tbs_certificate.validity.not_before.to_unix_duration(), )), )?; diff --git a/src/cosign/verification_constraint/certificate_verifier.rs b/src/cosign/verification_constraint/certificate_verifier.rs index d918803bd6..5f62233056 100644 --- a/src/cosign/verification_constraint/certificate_verifier.rs +++ b/src/cosign/verification_constraint/certificate_verifier.rs @@ -1,7 +1,7 @@ use chrono::{DateTime, Utc}; use pkcs8::der::Decode; +use pki_types::CertificateDer; use tracing::warn; -use webpki::types::CertificateDer; use x509_cert::Certificate; use super::VerificationConstraint; diff --git a/src/crypto/certificate_pool.rs b/src/crypto/certificate_pool.rs index 1fddead331..2cac254ec9 100644 --- a/src/crypto/certificate_pool.rs +++ b/src/crypto/certificate_pool.rs @@ -14,10 +14,8 @@ // limitations under the License. use const_oid::db::rfc5280::ID_KP_CODE_SIGNING; -use webpki::{ - types::{CertificateDer, TrustAnchor, UnixTime}, - EndEntityCert, KeyUsage, VerifiedPath, -}; +use pki_types::{CertificateDer, TrustAnchor, UnixTime}; +use webpki::{EndEntityCert, KeyUsage, VerifiedPath}; use crate::errors::{Result as SigstoreResult, SigstoreError}; diff --git a/src/registry/config.rs b/src/registry/config.rs index bd6d15f38f..779e4e123c 100644 --- a/src/registry/config.rs +++ b/src/registry/config.rs @@ -15,9 +15,9 @@ //! Set of structs and enums used to define how to interact with OCI registries +use pki_types::CertificateDer; use serde::Serialize; use std::cmp::Ordering; -use webpki::types::CertificateDer; use crate::errors; diff --git a/src/trust/mod.rs b/src/trust/mod.rs index af966d4c8f..8dbb4172bb 100644 --- a/src/trust/mod.rs +++ b/src/trust/mod.rs @@ -13,7 +13,7 @@ // See the License for the specific language governing permissions and // limitations under the License. -use webpki::types::CertificateDer; +use pki_types::CertificateDer; #[cfg_attr(docsrs, doc(cfg(feature = "sigstore-trust-root")))] #[cfg(feature = "sigstore-trust-root")] diff --git a/src/trust/sigstore/mod.rs b/src/trust/sigstore/mod.rs index 9ee9f02cce..3f60923410 100644 --- a/src/trust/sigstore/mod.rs +++ b/src/trust/sigstore/mod.rs @@ -25,13 +25,13 @@ use sha2::{Digest, Sha256}; use std::path::Path; use tokio_util::bytes::BytesMut; +use pki_types::CertificateDer; use sigstore_protobuf_specs::dev::sigstore::{ common::v1::TimeRange, trustroot::v1::{CertificateAuthority, TransparencyLogInstance, TrustedRoot}, }; use tough::TargetName; use tracing::debug; -use webpki::types::CertificateDer; mod constants;