Support cpython bundles & fix dsse 0.0.1 entries (#125)

lib/sigstore/internal/x509.rb

@@ -308,6 +308,8 @@ def parse_value(value)
               tag = general_name.tag
 
               case tag
+              when 1
+                [:otherName, general_name.value]
               when 6
                 [:uniformResourceIdentifier, general_name.value]
               else

lib/sigstore/models.rb

@@ -262,7 +262,7 @@ def expected_dsse_0_0_1_tlog_entry
             dsse_envelope.signatures.map do |sig|
               {
                 "signature" => Internal::Util.base64_encode(sig.sig),
-                "verifier" => Internal::Util.base64_encode(certificate.to_pem)
+                "verifier" => Internal::Util.base64_encode(leaf_certificate.to_pem)
               }
             end
         }

lib/sigstore/policy.rb

@@ -90,7 +90,7 @@ def verify(cert)
         san_ext = cert.extension(Sigstore::Internal::X509::Extension::SubjectAlternativeName)
         raise Error::InvalidCertificate, "Certificate does not contain subjectAltName extension" unless san_ext
 
-        verified = san_ext.general_names.include?([:uniformResourceIdentifier, @identity])
+        verified = san_ext.general_names.any? { |_, id| id == @identity }
         unless verified
           return VerificationFailure.new(
             "Certificate's SANs do not match #{@identity}; actual SANs: #{san_ext.general_names}"