trailofbits · facutuesca · May 7, 2024 · May 6, 2024 · May 6, 2024 · May 7, 2024
diff --git a/src/pypi_attestation_models/__init__.py b/src/pypi_attestation_models/__init__.py
@@ -7,6 +7,7 @@
     AttestationPayload,
     ConversionError,
     InvalidAttestationError,
+    TransparencyLogEntry,
     VerificationMaterial,
     pypi_to_sigstore,
     sigstore_to_pypi,
@@ -17,6 +18,7 @@
     "AttestationPayload",
     "ConversionError",
     "InvalidAttestationError",
+    "TransparencyLogEntry",
     "VerificationMaterial",
     "pypi_to_sigstore",
     "sigstore_to_pypi",

diff --git a/src/pypi_attestation_models/_impl.py b/src/pypi_attestation_models/_impl.py
@@ -11,10 +11,12 @@
 from typing import TYPE_CHECKING, Annotated, Any, Literal, NewType
 
 import rfc8785
+import sigstore.errors
 from annotated_types import MinLen  # noqa: TCH002
 from cryptography import x509
 from cryptography.hazmat.primitives import serialization
 from pydantic import BaseModel
+from pydantic_core import ValidationError
 from sigstore.models import Bundle, LogEntry
 
 if TYPE_CHECKING:
@@ -123,9 +125,18 @@ def pypi_to_sigstore(pypi_attestation: Attestation) -> Bundle:
         raise InvalidAttestationError(str(err)) from err
 
     tlog_entry = pypi_attestation.verification_material.transparency_entries[0]
+    try:
+        certificate = x509.load_der_x509_certificate(certificate_bytes)
+    except ValueError as err:
+        raise InvalidAttestationError(str(err)) from err
+
+    try:
+        log_entry = LogEntry._from_dict_rekor(tlog_entry)  # noqa: SLF001
+    except (ValidationError, sigstore.errors.Error) as err:
+        raise InvalidAttestationError(str(err)) from err
 
     return Bundle.from_parts(
-        cert=x509.load_der_x509_certificate(certificate_bytes),
+        cert=certificate,
         sig=signature_bytes,
-        log_entry=LogEntry._from_dict_rekor(tlog_entry),  # noqa: SLF001
+        log_entry=log_entry,
     )
diff --git a/src/pypi_attestation_models/py.typed b/src/pypi_attestation_models/py.typed
diff --git a/test/test_impl.py b/test/test_impl.py
@@ -54,6 +54,25 @@ def test_pypi_to_sigstore_invalid_certificate_base64() -> None:
         impl.pypi_to_sigstore(attestation)
 
 
+def test_pypi_to_sigstore_invalid_certificate() -> None:
+    with attestation_path.open("rb") as f:
+        attestation = impl.Attestation.model_validate_json(f.read())
+    new_cert = attestation.verification_material.certificate.replace("M", "x")
+    attestation.verification_material.certificate = new_cert
+    with pytest.raises(impl.InvalidAttestationError):
+        impl.pypi_to_sigstore(attestation)
+
+
+def test_pypi_to_sigstore_invalid_log_entry() -> None:
+    with attestation_path.open("rb") as f:
+        attestation = impl.Attestation.model_validate_json(f.read())
+    new_log_entry = attestation.verification_material.transparency_entries[0]
+    del new_log_entry["inclusionProof"]
+    attestation.verification_material.transparency_entries = [new_log_entry]
+    with pytest.raises(impl.InvalidAttestationError):
+        impl.pypi_to_sigstore(attestation)
+
+
 def test_verification_roundtrip() -> None:
     # Load an existing Sigstore bundle, check that verification passes,
     # convert it to a PyPI attestation and then back again to a Sigstore