refactor: drop sigstore-protobuf-specs dependency

Closes #131.

Author: woodruffw

pyproject.toml

@@ -10,18 +10,16 @@ readme = "README.md"
 license = "Apache-2.0"
 license-files = ["LICENSE"]
 authors = [{ name = "Trail of Bits", email = "opensource@trailofbits.com" }]
-classifiers = [
-    "Programming Language :: Python :: 3",
-]
+classifiers = ["Programming Language :: Python :: 3"]
 dependencies = [
     "cryptography",
     "packaging",
     "pyasn1 ~= 0.6",
     "pydantic >= 2.10.0",
     "requests",
     "rfc3986",
-    "sigstore >= 3.5.3, < 3.7",
-    "sigstore-protobuf-specs",
+    "sigstore @ git+https://github.com/sigstore/sigstore-python.git@ww/rm-protobufs",
+    "sigstore-models",
 ]
 requires-python = ">=3.9"
 
@@ -108,10 +106,6 @@ pyupgrade.keep-runtime-typing = true
 [tool.interrogate]
 # don't enforce documentation coverage for packaging, testing, the virtual
 # environment, or the CLI (which is documented separately).
-exclude = [
-    "env",
-    "test",
-    "src/pypi_attestations/__main__.py",
-]
+exclude = ["env", "test", "src/pypi_attestations/__main__.py"]
 ignore-semiprivate = true
 fail-under = 100

src/pypi_attestations/_impl.py

@@ -27,12 +27,14 @@
 from sigstore._utils import _sha256_streaming
 from sigstore.dsse import DigestSet, StatementBuilder, Subject, _Statement
 from sigstore.dsse import Envelope as DsseEnvelope
-from sigstore.dsse import Error as DsseError
-from sigstore.models import Bundle, LogEntry
+from sigstore.errors import Error as SigstoreError
+from sigstore.models import Bundle
+from sigstore.models import TransparencyLogEntry as _TransparencyLogEntry
 from sigstore.sign import ExpiredCertificate, ExpiredIdentity
 from sigstore.verify import Verifier, policy
-from sigstore_protobuf_specs.io.intoto import Envelope as _Envelope
-from sigstore_protobuf_specs.io.intoto import Signature as _Signature
+from sigstore_models.intoto import Envelope as _Envelope
+from sigstore_models.intoto import Signature as _Signature
+from sigstore_models.rekor.v1 import TransparencyLogEntry as _TransparencyLogEntryInner
 
 if TYPE_CHECKING:  # pragma: no cover
     from pathlib import Path
@@ -198,7 +200,7 @@ def sign(cls, signer: Signer, dist: Distribution) -> Attestation:
                 .predicate_type(AttestationType.PYPI_PUBLISH_V1)
                 .build()
             )
-        except DsseError as e:
+        except SigstoreError as e:
             raise AttestationError(str(e))
 
         try:
@@ -327,9 +329,9 @@ def to_bundle(self) -> Bundle:
 
         evp = DsseEnvelope(
             _Envelope(
-                payload=statement,
+                payload=base64.b64encode(statement),
                 payload_type=DsseEnvelope._TYPE,  # noqa: SLF001
-                signatures=[_Signature(sig=signature)],
+                signatures=[_Signature(sig=base64.b64encode(signature))],
             )
         )
 
@@ -340,7 +342,8 @@ def to_bundle(self) -> Bundle:
             raise ConversionError("invalid X.509 certificate") from err
 
         try:
-            log_entry = LogEntry._from_dict_rekor(tlog_entry)  # noqa: SLF001
+            inner = _TransparencyLogEntryInner.from_dict(tlog_entry)
+            log_entry = _TransparencyLogEntry(inner)
         except (ValidationError, sigstore.errors.Error) as err:
             raise ConversionError("invalid transparency log entry") from err
 
@@ -359,6 +362,9 @@ def from_bundle(cls, sigstore_bundle: Bundle) -> Attestation:
 
         envelope = sigstore_bundle._inner.dsse_envelope  # noqa: SLF001
 
+        if not envelope:
+            raise ConversionError("bundle does not contain a DSSE envelope")
+
         if len(envelope.signatures) != 1:
             raise ConversionError(f"expected exactly one signature, got {len(envelope.signatures)}")
 
@@ -367,7 +373,7 @@ def from_bundle(cls, sigstore_bundle: Bundle) -> Attestation:
             verification_material=VerificationMaterial(
                 certificate=base64.b64encode(certificate),
                 transparency_entries=[
-                    sigstore_bundle.log_entry._to_rekor().to_dict()  # noqa: SLF001
+                    sigstore_bundle.log_entry._inner.to_dict()  # noqa: SLF001
                 ],
             ),
             envelope=Envelope(