Skip unrecognized keys

This library does not support Rekor v2, which has caused issues when a
new key type is attempted. Until we have comprehensive support for Rekor
v2, we can skip unrecognized keys.

Signed-off-by: Landon Grindheim <landon.grindheim@gmail.com>

Author: landongrindheim

lib/sigstore/internal/key.rb

@@ -30,7 +30,11 @@ def self.from_key_details(key_details, key_bytes)
           key_type = "rsa"
           key_schema = "rsa-pkcs1v15-sha256"
         else
-          raise Error::UnsupportedKeyType, "Unsupported key type #{key_details}"
+          # Skip unrecognized key types instead of raising an error.
+          # This allows the library to work with newer trusted roots that include
+          # key types we don't yet support (e.g., PKIX_ED25519 for Rekor v2).
+          logger.warn { "Skipping unrecognized key type: #{key_details}" }
+          return nil
         end
 
         read(key_type, key_schema, key_bytes, key_id: OpenSSL::Digest::SHA256.hexdigest(key_bytes))

lib/sigstore/trusted_root.rb

@@ -87,7 +87,8 @@ def tlog_keys(tlogs)
 
       tlogs.each do |transparency_log_instance|
         key = transparency_log_instance.public_key
-        yield Internal::Key.from_key_details(key.key_details, key.raw_bytes)
+        parsed_key = Internal::Key.from_key_details(key.key_details, key.raw_bytes)
+        yield parsed_key if parsed_key
       end
     end