Add high-level APIs to sign and verify Python artifacts (#8)

* Add high-level APIs to sign and verify Python artifacts

* Add a verification test that doesn't mock the sigstore verifier

* Update sigstore dependency

* Fix type error

* Raise own exception class for verification errors

Author: facutuesca

README.md

@@ -18,6 +18,42 @@ python -m pip install pypi-attestation-models
 
 See the full API documentation [here].
 
+
+### Signing and verification
+Use these APIs to create a PEP 740-compliant `Attestation` object by signing a Python artifact
+(i.e: sdist or wheel files), and to verify an `Attestation` object against a Python artifact.
+
+```python
+from pathlib import Path
+
+from pypi_attestation_models import Attestation, AttestationPayload
+from sigstore.oidc import Issuer
+from sigstore.sign import SigningContext
+from sigstore.verify import Verifier, policy
+
+artifact_path = Path("test_package-0.0.1-py3-none-any.whl")
+
+# Sign a Python artifact
+issuer = Issuer.production()
+identity_token = issuer.identity_token()
+signing_ctx = SigningContext.production()
+with signing_ctx.signer(identity_token, cache=True) as signer:
+    attestation = AttestationPayload.from_dist(artifact_path).sign(signer)
+
+print(attestation.model_dump_json())
+
+# Verify an attestation against a Python artifact
+attestation_path = Path("test_package-0.0.1-py3-none-any.whl.attestation")
+attestation = Attestation.model_validate_json(attestation_path.read_bytes())
+verifier = Verifier.production()
+policy = policy.Identity(identity="example@gmail.com", issuer="https://accounts.google.com")
+attestation.verify(verifier, policy, attestation_path)
+
+```
+
+### Low-level model conversions
+These conversions assume that any Sigstore Bundle used as an input was created
+by signing an `AttestationPayload` object.
 ```python
 from pathlib import Path
 from pypi_attestation_models import pypi_to_sigstore, sigstore_to_pypi, Attestation

pyproject.toml

@@ -15,7 +15,7 @@ classifiers = [
     "Programming Language :: Python :: 3",
     "License :: OSI Approved :: Apache Software License",
 ]
-dependencies = ["cryptography", "pydantic", "sigstore==3.0.0rc1"]
+dependencies = ["cryptography", "pydantic", "sigstore==3.0.0rc2"]
 requires-python = ">=3.9"
 
 [project.optional-dependencies]
@@ -73,11 +73,11 @@ target-version = "py39"
 
 [tool.ruff.lint]
 select = ["ALL"]
-# ANN102 is deprecated
+# ANN101 and ANN102 are deprecated
 # D203 and D213 are incompatible with D211 and D212 respectively.
 # COM812 and ISC001 can cause conflicts when using ruff as a formatter.
 # See https://docs.astral.sh/ruff/formatter/#conflicting-lint-rules.
-ignore = ["ANN102", "D203", "D213", "COM812", "ISC001"]
+ignore = ["ANN101", "ANN102", "D203", "D213", "COM812", "ISC001"]
 
 [tool.ruff.lint.per-file-ignores]
 

src/pypi_attestation_models/__init__.py

@@ -8,6 +8,7 @@
     ConversionError,
     InvalidAttestationError,
     TransparencyLogEntry,
+    VerificationError,
     VerificationMaterial,
     pypi_to_sigstore,
     sigstore_to_pypi,
@@ -19,6 +20,7 @@
     "ConversionError",
     "InvalidAttestationError",
     "TransparencyLogEntry",
+    "VerificationError",
     "VerificationMaterial",
     "pypi_to_sigstore",
     "sigstore_to_pypi",

src/pypi_attestation_models/_impl.py

@@ -22,6 +22,10 @@
 if TYPE_CHECKING:
     from pathlib import Path  # pragma: no cover
 
+    from sigstore.sign import Signer  # pragma: no cover
+    from sigstore.verify import Verifier  # pragma: no cover
+    from sigstore.verify.policy import VerificationPolicy  # pragma: no cover
+
 
 class ConversionError(ValueError):
     """The base error for all errors during conversion."""
@@ -35,6 +39,14 @@ def __init__(self: InvalidAttestationError, msg: str) -> None:
         super().__init__(f"Could not convert input Attestation: {msg}")
 
 
+class VerificationError(ValueError):
+    """The PyPI Attestation failed verification."""
+
+    def __init__(self: VerificationError, msg: str) -> None:
+        """Initialize an `VerificationError`."""
+        super().__init__(f"Verification failed: {msg}")
+
+
 TransparencyLogEntry = NewType("TransparencyLogEntry", dict[str, Any])
 
 
@@ -72,6 +84,21 @@ class Attestation(BaseModel):
     is the raw bytes of the signing operation over the attestation payload.
     """
 
+    def verify(self, verifier: Verifier, policy: VerificationPolicy, dist: Path) -> None:
+        """Verify against an existing Python artifact.
+
+        On failure, raises:
+        - `InvalidAttestationError` if the attestation could not be converted to
+           a Sigstore Bundle.
+        - `VerificationError` if the attestation could not be verified.
+        """
+        payload_to_verify = AttestationPayload.from_dist(dist)
+        bundle = pypi_to_sigstore(self)
+        try:
+            verifier.verify_artifact(bytes(payload_to_verify), bundle, policy)
+        except sigstore.errors.VerificationError as err:
+            raise VerificationError(str(err)) from err
+
 
 class AttestationPayload(BaseModel):
     """Attestation Payload object as defined in PEP 740."""
@@ -94,6 +121,11 @@ def from_dist(cls, dist: Path) -> AttestationPayload:
             digest=sha256(dist.read_bytes()).hexdigest(),
         )
 
+    def sign(self, signer: Signer) -> Attestation:
+        """Create a PEP 740 attestation by signing this payload."""
+        sigstore_bundle = signer.sign_artifact(bytes(self))
+        return sigstore_to_pypi(sigstore_bundle)
+
     def __bytes__(self: AttestationPayload) -> bytes:
         """Convert to bytes using a canonicalized JSON representation (from RFC8785)."""
         return rfc8785.dumps(self.model_dump())
@@ -110,7 +142,7 @@ def sigstore_to_pypi(sigstore_bundle: Bundle) -> Attestation:
         version=1,
         verification_material=VerificationMaterial(
             certificate=b64encode(certificate).decode("ascii"),
-            transparency_entries=[sigstore_bundle.log_entry._to_dict_rekor()],  # noqa: SLF001
+            transparency_entries=[TransparencyLogEntry(sigstore_bundle.log_entry._to_dict_rekor())],  # noqa: SLF001
         ),
         message_signature=b64encode(signature).decode("ascii"),
     )

test/assets/rfc8785-0.1.2-py3-none-any.whl.attestation

@@ -1,49 +1,48 @@
 {
   "version": 1,
   "verification_material": {
-    "certificate": "MIIC1zCCAl2gAwIBAgIUZk9ToGFUJexy+/rxwIF8BB+3C5YwCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjQwNDI5MTY1MTMzWhcNMjQwNDI5MTcwMTMzWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEM5H5f7A4HutVTfKFimTd2UbTzgUOY7rph9GKqgsZ7ChAp8FGJbrrgn6o+nprUEFKqEaIi+fWQJvR+RJkoQcWMKOCAXwwggF4MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUnrc9nJ2dxJd1a5sCFj/P+y3MuhQwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wLAYDVR0RAQH/BCIwIIEeZmFjdW5kby50dWVzY2FAdHJhaWxvZmJpdHMuY29tMCkGCisGAQQBg78wAQEEG2h0dHBzOi8vYWNjb3VudHMuZ29vZ2xlLmNvbTArBgorBgEEAYO/MAEIBB0MG2h0dHBzOi8vYWNjb3VudHMuZ29vZ2xlLmNvbTCBigYKKwYBBAHWeQIEAgR8BHoAeAB2AN09MGrGxxEyYxkeHJlnNwKiSl643jyt/4eKcoAvKe6OAAABjyrE0sQAAAQDAEcwRQIhAORhP1HaCcD4QK8+8VcNL46W0AAk6cIDUAH3SV4stJUVAiBafyw+FTpgvoTU+2U7QCyjlQZ5J2dPpVqv9Up3vV2GTDAKBggqhkjOPQQDAwNoADBlAjEAzoA4cMHxHCEXA80ahwJUSz/1kYotTXRNzeWU69SyaZE7Po+vZ5/ANfKvbCv9s19rAjABbw/INkA4dGKWEDNtSjnloZuH5N9aPBOV425+iKCe2bmf9cYVlFvCbGmHiEg/r5k=",
+    "certificate": "MIIC1jCCAlygAwIBAgIUTDMXIHMGbNF+Sm0qoQoj35hY3zkwCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjQwNTAzMTQwNTU0WhcNMjQwNTAzMTQxNTU0WjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEqv2vvFAD66IdGSg/+JbB/nYfook1FqpmM773o9MdVZktl1LkUWAU8SzaZhSso/7qVriyH/S8km0HqTVMzuZ+SaOCAXswggF3MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQU5TQvo55q5OXkVFmYDsR93Neffq0wHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wLAYDVR0RAQH/BCIwIIEeZmFjdW5kby50dWVzY2FAdHJhaWxvZmJpdHMuY29tMCkGCisGAQQBg78wAQEEG2h0dHBzOi8vYWNjb3VudHMuZ29vZ2xlLmNvbTArBgorBgEEAYO/MAEIBB0MG2h0dHBzOi8vYWNjb3VudHMuZ29vZ2xlLmNvbTCBiQYKKwYBBAHWeQIEAgR7BHkAdwB1AN09MGrGxxEyYxkeHJlnNwKiSl643jyt/4eKcoAvKe6OAAABjz7Gm3oAAAQDAEYwRAIgGkFpx5q3NzmgBIPywysdADDRRRPM/xsa8Fkfva+chKECIAu5HgO2eKsdc9pohmgn/modVcJ1Q5Muou9d4l1c5fXyMAoGCCqGSM49BAMDA2gAMGUCMHschAnWt88W4cu35dEv0MJ72s3BZsudUQzZ8dtg0xBlF3uwdDoprNfbA2tM5piDlAIxAMBg5Dqx0BV/9Rp/QMLhb+aGqZm7n7E5GkXJpHA8TySZamdyYuRlEiPf4cj7x/ruyw==",
     "transparency_entries": [
       {
-        "logIndex": "89569370",
+        "logIndex": "90818200",
         "logId": {
           "keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="
         },
         "kindVersion": {
           "kind": "hashedrekord",
           "version": "0.0.1"
         },
-        "integratedTime": "1714409493",
+        "integratedTime": "1714745154",
         "inclusionPromise": {
-          "signedEntryTimestamp": "MEUCIQC29r0j8BCu5Zye9dvFaVBmCFzHIDBDDWH+LqcZ8aTAyAIgas85UjhG4jrVwqBr/U/nQ86vwOWQnHKjGnd/bdnQafQ="
+          "signedEntryTimestamp": "MEUCIQCyiwcUzPS8I8WKRuLGelfRdlmx/AtM6TwMmyvK8utURwIgDKtqe3gaZe8bbVupw3HJm4nzvpYAZHaHmv/cCbJRYlo="
         },
         "inclusionProof": {
-          "logIndex": "85405939",
-          "rootHash": "CdYMKt8P8arrU1iilSLHbPDwMzhWgUbA6xvb1DSZktc=",
-          "treeSize": "85405941",
+          "logIndex": "86654769",
+          "rootHash": "rpJ6l1p+pM8A+nMvMT80o0+qrCozIEfbG6qa0psYB0U=",
+          "treeSize": "86654770",
           "hashes": [
-            "btr1R1ZOzi0Kqk+vdfHrDcC1zasNMvXaNehse4NeMu8=",
-            "8IgEN8pEU3WrVRCsbbCkFHeamV5xoyN1OByng98lPow=",
-            "i6x3rMfR1HZCafUIGTyYgvtfwjF9zUe9Q5MPKNdWhS8=",
-            "kE6NsBxRpnT9Q/DgLDqQELBaor5pThUMmHIRuKapA7c=",
-            "Y55DSeWN5DUnIuvK5RRsaF4b35EtjKasFpV2n2LfrA0=",
-            "UeVeMpyn/bEywYJvThS5PltcrELznbc/OFTARixCNUQ=",
-            "MaMJLiuvSigqcgOZ6BulADPyhWaoYE1C+sGj/twciwM=",
-            "YrLY+ujALEUYcIeyq2ri+QBsl7Sxh+frMg7GlVcIvZ0=",
-            "27GLifvQI1aATtmSwJQGmbKXDoBpa0R5Q8fQUuX3/kQ=",
-            "xhLV7tE4kPldhHSKGpGuBkcxIUSpEvNntVSzM+5raW4=",
-            "btR5C6cRDz4AcGce5sOqhKIlEYTQ29AJLmv7L3kPyDI=",
-            "TuI0yJQvmNIs3J9pfzPMu2aYibKQ0MUpGgkcmjsS30g=",
-            "TxcrLS66touilnjU30hIZ8JkbH6bfnBbD6pQ5OoIpXs=",
+            "9X9+Ewnt1Jv3SVUsUbtRTb8QezxTGW71hfmYyj4urho=",
+            "XMz5WH5iwOITJcBdVsAUj+h1uxgH8EPXezgGg4lNP5M=",
+            "LLawJ9A3X4PEGMwFRwVbwhUxkHMJj9wFemKagvJlDFw=",
+            "7PXuijLdBg+hW8HdjY+IyuFgLXvlTKOKqHRFTMJB4Ko=",
+            "er0Z148pal4gYGSVfQ/rvzPKTc1EIDd7pYQjHd7RtKk=",
+            "ZmLzbyYsyxNDvtbH/T00VHzMFhW8WBS9lgPH2rlNFMY=",
+            "DH+I5x/ZvX3i2Ysc2divZ/6MK1e3ppSmNtUTg+CQwEw=",
+            "nrCOZ+D41yjNI2zgMlBLN0LHOn5OP4sJYffOuoPgSJg=",
+            "vQtr96qBr+8s4Up0YK2ibgbVOYyLK4e8zsjHOyMnOM4=",
+            "4GdrZvm4dTLD8P8KPOQx8Op0UOT7XbRS1WG43uXseJU=",
+            "fp4aY4dEhrMBmS4ex9s/lm8UPsk42eWg77zd+uJn0F4=",
+            "2aaLz8XcvX3I3Ihft0W701fVKICZLYtBIxRbPmdkcZ0=",
             "sjohk/3DQIfXTgf/5XpwtdF7yNbrf8YykOMHr1CyBYQ=",
             "98enzMaC+x5oCMvIZQA5z8vu2apDMCFvE/935NfuPw8="
           ],
           "checkpoint": {
-            "envelope": "rekor.sigstore.dev - 2605736670972794746\n85405941\nCdYMKt8P8arrU1iilSLHbPDwMzhWgUbA6xvb1DSZktc=\n\n— rekor.sigstore.dev wNI9ajBGAiEAkEVEjIsNbuvKywuzjow1tyD1IkIpHu/bCVK73fSpBzECIQD5ctzIS0Rp3cC3PF0ZcFEP8ObC2KJqojg4hfKjFxxy9A==\n"
+            "envelope": "rekor.sigstore.dev - 2605736670972794746\n86654770\nrpJ6l1p+pM8A+nMvMT80o0+qrCozIEfbG6qa0psYB0U=\n\n— rekor.sigstore.dev wNI9ajBFAiBXlxCjY0PMu4XUVJa/auC+EwEJws9xXfEbiYRM5uIjpgIhAKRduPCMlSRhNCQeGUifB2nAkKJDGlOJa75mkYYrrVMK\n"
           }
         },
-        "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiJjNGU5MmU5ZWNjODI4YmVmMmFhN2RiYTFkZThhYzk4MzUxMWY3NTMyYTBkZjExYzc3MGQzOTA5OWEyNWNmMjAxIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FUUNJSGlXY2JRY2szTzE2K3dGR3pyR09sYWVWRkpodkNwT1EwajZJd0ZtUnp0YUFpQWJWL3NOSWg0OFJQSHdIdm9IZklDcFA3Y29seGpjbUx6WEhsU2pleGEvUVE9PSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTXhla05EUVd3eVowRjNTVUpCWjBsVldtczVWRzlIUmxWS1pYaDVLeTl5ZUhkSlJqaENRaXN6UXpWWmQwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFJkMDVFU1RWTlZGa3hUVlJOZWxkb1kwNU5hbEYzVGtSSk5VMVVZM2ROVkUxNlYycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZOTlVnMVpqZEJORWgxZEZaVVprdEdhVzFVWkRKVllsUjZaMVZQV1RkeWNHZzVSMHNLY1dkeldqZERhRUZ3T0VaSFNtSnljbWR1Tm04cmJuQnlWVVZHUzNGRllVbHBLMlpYVVVwMlVpdFNTbXR2VVdOWFRVdFBRMEZZZDNkblowWTBUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlZ1Y21NNUNtNUtNbVI0U21ReFlUVnpRMFpxTDFBcmVUTk5kV2hSZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDB4QldVUldVakJTUVZGSUwwSkRTWGRKU1VWbFdtMUdhbVJYTld0aWVUVXdaRmRXZWxreVJrRmtTRXBvWVZkNGRscHRTbkJrU0UxMVdUSTVkQXBOUTJ0SFEybHpSMEZSVVVKbk56aDNRVkZGUlVjeWFEQmtTRUo2VDJrNGRsbFhUbXBpTTFaMVpFaE5kVm95T1haYU1uaHNURzFPZG1KVVFYSkNaMjl5Q2tKblJVVkJXVTh2VFVGRlNVSkNNRTFITW1nd1pFaENlazlwT0haWlYwNXFZak5XZFdSSVRYVmFNamwyV2pKNGJFeHRUblppVkVOQ2FXZFpTMHQzV1VJS1FrRklWMlZSU1VWQloxSTRRa2h2UVdWQlFqSkJUakE1VFVkeVIzaDRSWGxaZUd0bFNFcHNiazUzUzJsVGJEWTBNMnA1ZEM4MFpVdGpiMEYyUzJVMlR3cEJRVUZDYW5seVJUQnpVVUZCUVZGRVFVVmpkMUpSU1doQlQxSm9VREZJWVVOalJEUlJTemdyT0ZaalRrdzBObGN3UVVGck5tTkpSRlZCU0ROVFZqUnpDblJLVlZaQmFVSmhabmwzSzBaVWNHZDJiMVJWS3pKVk4xRkRlV3BzVVZvMVNqSmtVSEJXY1hZNVZYQXpkbFl5UjFSRVFVdENaMmR4YUd0cVQxQlJVVVFLUVhkT2IwRkVRbXhCYWtWQmVtOUJOR05OU0hoSVEwVllRVGd3WVdoM1NsVlRlaTh4YTFsdmRGUllVazU2WlZkVk5qbFRlV0ZhUlRkUWJ5dDJXalV2UVFwT1prdDJZa04yT1hNeE9YSkJha0ZDWW5jdlNVNXJRVFJrUjB0WFJVUk9kRk5xYm14dlduVklOVTQ1WVZCQ1QxWTBNalVyYVV0RFpUSmliV1k1WTFsV0NteEdka05pUjIxSWFVVm5MM0kxYXowS0xTMHRMUzFGVGtRZ1EwVlNWRWxHU1VOQlZFVXRMUzB0TFFvPSJ9fX19"
+        "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiJmMTQ2ZmY4NWMxMGZjMTg4ODM0MDVjMWQ5Mzc0NjIzZWI3YzI5ZjRlYTRiYTYyYzZmNWUyYzZmMTc5M2ZiZDEwIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FVUNJUUMvd1ZYcTlBeWExQW1JZlgzZmVoSUZTbkN1Q0tzNGhWTks1eGJ3ckVtV1d3SWdHMzhtcmtsOHhmNG1SYWhmYmNIckVTdFZYYjg3enFySVFoT1BUOVJTcFdFPSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTXhha05EUVd4NVowRjNTVUpCWjBsVlZFUk5XRWxJVFVkaVRrWXJVMjB3Y1c5UmIyb3pOV2haTTNwcmQwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFJkMDVVUVhwTlZGRjNUbFJWTUZkb1kwNU5hbEYzVGxSQmVrMVVVWGhPVkZVd1YycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZ4ZGpKMmRrWkJSRFkyU1dSSFUyY3ZLMHBpUWk5dVdXWnZiMnN4Um5Gd2JVMDNOek1LYnpsTlpGWmFhM1JzTVV4clZWZEJWVGhUZW1GYWFGTnpieTgzY1ZaeWFYbElMMU00YTIwd1NIRlVWazE2ZFZvclUyRlBRMEZZYzNkblowWXpUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlUxVkZGMkNtODFOWEUxVDFoclZrWnRXVVJ6VWprelRtVm1abkV3ZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDB4QldVUldVakJTUVZGSUwwSkRTWGRKU1VWbFdtMUdhbVJYTld0aWVUVXdaRmRXZWxreVJrRmtTRXBvWVZkNGRscHRTbkJrU0UxMVdUSTVkQXBOUTJ0SFEybHpSMEZSVVVKbk56aDNRVkZGUlVjeWFEQmtTRUo2VDJrNGRsbFhUbXBpTTFaMVpFaE5kVm95T1haYU1uaHNURzFPZG1KVVFYSkNaMjl5Q2tKblJVVkJXVTh2VFVGRlNVSkNNRTFITW1nd1pFaENlazlwT0haWlYwNXFZak5XZFdSSVRYVmFNamwyV2pKNGJFeHRUblppVkVOQ2FWRlpTMHQzV1VJS1FrRklWMlZSU1VWQloxSTNRa2hyUVdSM1FqRkJUakE1VFVkeVIzaDRSWGxaZUd0bFNFcHNiazUzUzJsVGJEWTBNMnA1ZEM4MFpVdGpiMEYyUzJVMlR3cEJRVUZDYW5vM1IyMHpiMEZCUVZGRVFVVlpkMUpCU1dkSGEwWndlRFZ4TTA1NmJXZENTVkI1ZDNselpFRkVSRkpTVWxCTkwzaHpZVGhHYTJaMllTdGpDbWhMUlVOSlFYVTFTR2RQTW1WTGMyUmpPWEJ2YUcxbmJpOXRiMlJXWTBveFVUVk5kVzkxT1dRMGJERmpOV1pZZVUxQmIwZERRM0ZIVTAwME9VSkJUVVFLUVRKblFVMUhWVU5OU0hOamFFRnVWM1E0T0ZjMFkzVXpOV1JGZGpCTlNqY3ljek5DV25OMVpGVlJlbG80WkhSbk1IaENiRVl6ZFhka1JHOXdjazVtWWdwQk1uUk5OWEJwUkd4QlNYaEJUVUpuTlVSeGVEQkNWaTg1VW5BdlVVMU1hR0lyWVVkeFdtMDNiamRGTlVkcldFcHdTRUU0VkhsVFdtRnRaSGxaZFZKc0NrVnBVR1kwWTJvM2VDOXlkWGwzUFQwS0xTMHRMUzFGVGtRZ1EwVlNWRWxHU1VOQlZFVXRMUzB0TFFvPSJ9fX19"
       }
     ]
   },
-  "message_signature": "MEQCIHiWcbQck3O16+wFGzrGOlaeVFJhvCpOQ0j6IwFmRztaAiAbV/sNIh48RPHwHvoHfICpP7colxjcmLzXHlSjexa/QQ=="
+  "message_signature": "MEUCIQC/wVXq9Aya1AmIfX3fehIFSnCuCKs4hVNK5xbwrEmWWwIgG38mrkl8xf4mRahfbcHrEStVXb87zqrIQhOPT9RSpWE="
 }