Add unit tests for signing with sigstore.

We need to do quite a lot of mocking around Sigstore, but we are able to test all logic in our library. What is left to do for testing is e2e integration tests (#5) and testing with signing on one OS and verifying on another (sigstore#25). Both of these are integration style tests and we will only be able to run them in GHA. I'll send a PR for those soon.

While testing, I discovered some minor bugs with error reporting and one moderate bug. Fixed in this PR.

We now have achieved 100% test coverage! 🎉

```
Name    Stmts   Miss  Cover   Missing
-------------------------------------
TOTAL     835      0   100%
```

Well, almost. There are 2 files that are not imported by tests at all, so they don't get included in the report:

```
src/model_signing/signature/fake.py
src/model_signing/signature/pki.py
```

This depends on sigstore#287 which configures the coverage reporting.

Signed-off-by: Mihai Maruseac <[email protected]>

src/model_signing/signing/in_toto.py

@@ -75,7 +75,7 @@ def manifest_from_payload(
             if predicate_type == subcls.predicate_type:
                 return subcls.manifest_from_payload(payload)
 
-        raise ValueError("Unknown in-toto predicate type {predicate_type}")
+        raise ValueError(f"Unknown in-toto predicate type {predicate_type}")
 
 
 class SingleDigestIntotoPayload(IntotoPayload):
@@ -182,10 +182,10 @@ def manifest_from_payload(
         predicate = payload["predicate"]
 
         if len(subjects) != 1:
-            raise ValueError("Expected one single subject, got {subjects}")
+            raise ValueError(f"Expected one single subject, got {subjects}")
 
         algorithm = predicate["actual_hash_algorithm"]
-        digest_value = subjects[0]["digest"]["sha256"]
+        digest_value = bytes.fromhex(subjects[0]["digest"]["sha256"])
         digest = hashing.Digest(algorithm, digest_value)
         return manifest_module.DigestManifest(digest)
 
@@ -343,7 +343,7 @@ def manifest_from_payload(
         predicate = payload["predicate"]
 
         if len(subjects) != 1:
-            raise ValueError("Expected one single subject, got {subjects}")
+            raise ValueError(f"Expected one single subject, got {subjects}")
 
         hasher = memory.SHA256()
         items = []
@@ -360,7 +360,7 @@ def manifest_from_payload(
         obtained_digest = hasher.compute().digest_hex
         if obtained_digest != expected_digest:
             raise ValueError(
-                f"Verification failed. "
+                "Verification failed. "
                 f"Expected {expected_digest}, got {obtained_digest}"
             )
 
@@ -486,7 +486,7 @@ def manifest_from_payload(
         predicate = payload["predicate"]
 
         if len(subjects) != 1:
-            raise ValueError("Expected one single subject, got {subjects}")
+            raise ValueError(f"Expected one single subject, got {subjects}")
 
         hasher = memory.SHA256()
         items = []
@@ -505,7 +505,7 @@ def manifest_from_payload(
         obtained_digest = hasher.compute().digest_hex
         if obtained_digest != expected_digest:
             raise ValueError(
-                f"Verification failed. "
+                "Verification failed. "
                 f"Expected {expected_digest}, got {obtained_digest}"
             )
 

src/model_signing/signing/sigstore.py

@@ -337,8 +337,8 @@ def verify(self, signature: signing.Signature) -> manifest.Manifest:
 
         if payload_type != _IN_TOTO_JSON_PAYLOAD_TYPE:
             raise ValueError(
-                f"Only {_IN_TOTO_JSON_PAYLOAD_TYPE} DSSE payload acceped, "
-                f"got {payload_type}"
+                f"Expected DSSE payload {_IN_TOTO_JSON_PAYLOAD_TYPE}, "
+                f"but got {payload_type}"
             )
 
         payload = json.loads(payload)