Quella/JavaTools
Template
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
Quella777
2025-08-18 23:06:34 +08:00
parent 0bc04fb659
commit ed18af0cad
1926 changed files with 275098 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

202
package/node_modules/@sigstore/bundle/LICENSE generated vendored Normal file
View File

@@ -0,0 +1,202 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright 2023 The Sigstore Authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

101
package/node_modules/@sigstore/bundle/dist/build.js generated vendored Normal file
View File

@@ -0,0 +1,101 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.toDSSEBundle = exports.toMessageSignatureBundle = void 0;
/*
Copyright 2023 The Sigstore Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
const protobuf_specs_1 = require("@sigstore/protobuf-specs");
const bundle_1 = require("./bundle");
// Message signature bundle - $case: 'messageSignature'
function toMessageSignatureBundle(options) {
return {
mediaType: options.singleCertificate
? bundle_1.BUNDLE_V03_MEDIA_TYPE
: bundle_1.BUNDLE_V02_MEDIA_TYPE,
content: {
$case: 'messageSignature',
messageSignature: {
messageDigest: {
algorithm: protobuf_specs_1.HashAlgorithm.SHA2_256,
digest: options.digest,
},
signature: options.signature,
},
},
verificationMaterial: toVerificationMaterial(options),
};
}
exports.toMessageSignatureBundle = toMessageSignatureBundle;
// DSSE envelope bundle - $case: 'dsseEnvelope'
function toDSSEBundle(options) {
return {
mediaType: options.singleCertificate
? bundle_1.BUNDLE_V03_MEDIA_TYPE
: bundle_1.BUNDLE_V02_MEDIA_TYPE,
content: {
$case: 'dsseEnvelope',
dsseEnvelope: toEnvelope(options),
},
verificationMaterial: toVerificationMaterial(options),
};
}
exports.toDSSEBundle = toDSSEBundle;
function toEnvelope(options) {
return {
payloadType: options.artifactType,
payload: options.artifact,
signatures: [toSignature(options)],
};
}
function toSignature(options) {
return {
keyid: options.keyHint || '',
sig: options.signature,
};
}
// Verification material
function toVerificationMaterial(options) {
return {
content: toKeyContent(options),
tlogEntries: [],
timestampVerificationData: { rfc3161Timestamps: [] },
};
}
function toKeyContent(options) {
if (options.certificate) {
if (options.singleCertificate) {
return {
$case: 'certificate',
certificate: { rawBytes: options.certificate },
};
}
else {
return {
$case: 'x509CertificateChain',
x509CertificateChain: {
certificates: [{ rawBytes: options.certificate }],
},
};
}
}
else {
return {
$case: 'publicKey',
publicKey: {
hint: options.keyHint || '',
},
};
}
}

24
package/node_modules/@sigstore/bundle/dist/bundle.js generated vendored Normal file
View File

@@ -0,0 +1,24 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.isBundleWithDsseEnvelope = exports.isBundleWithMessageSignature = exports.isBundleWithPublicKey = exports.isBundleWithCertificateChain = exports.BUNDLE_V03_MEDIA_TYPE = exports.BUNDLE_V03_LEGACY_MEDIA_TYPE = exports.BUNDLE_V02_MEDIA_TYPE = exports.BUNDLE_V01_MEDIA_TYPE = void 0;
exports.BUNDLE_V01_MEDIA_TYPE = 'application/vnd.dev.sigstore.bundle+json;version=0.1';
exports.BUNDLE_V02_MEDIA_TYPE = 'application/vnd.dev.sigstore.bundle+json;version=0.2';
exports.BUNDLE_V03_LEGACY_MEDIA_TYPE = 'application/vnd.dev.sigstore.bundle+json;version=0.3';
exports.BUNDLE_V03_MEDIA_TYPE = 'application/vnd.dev.sigstore.bundle.v0.3+json';
// Type guards for bundle variants.
function isBundleWithCertificateChain(b) {
return b.verificationMaterial.content.$case === 'x509CertificateChain';
}
exports.isBundleWithCertificateChain = isBundleWithCertificateChain;
function isBundleWithPublicKey(b) {
return b.verificationMaterial.content.$case === 'publicKey';
}
exports.isBundleWithPublicKey = isBundleWithPublicKey;
function isBundleWithMessageSignature(b) {
return b.content.$case === 'messageSignature';
}
exports.isBundleWithMessageSignature = isBundleWithMessageSignature;
function isBundleWithDsseEnvelope(b) {
return b.content.$case === 'dsseEnvelope';
}
exports.isBundleWithDsseEnvelope = isBundleWithDsseEnvelope;

25
package/node_modules/@sigstore/bundle/dist/error.js generated vendored Normal file
View File

@@ -0,0 +1,25 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.ValidationError = void 0;
/*
Copyright 2023 The Sigstore Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
class ValidationError extends Error {
constructor(message, fields) {
super(message);
this.fields = fields;
}
}
exports.ValidationError = ValidationError;

43
package/node_modules/@sigstore/bundle/dist/index.js generated vendored Normal file
View File

@@ -0,0 +1,43 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.isBundleV01 = exports.assertBundleV02 = exports.assertBundleV01 = exports.assertBundleLatest = exports.assertBundle = exports.envelopeToJSON = exports.envelopeFromJSON = exports.bundleToJSON = exports.bundleFromJSON = exports.ValidationError = exports.isBundleWithPublicKey = exports.isBundleWithMessageSignature = exports.isBundleWithDsseEnvelope = exports.isBundleWithCertificateChain = exports.BUNDLE_V03_MEDIA_TYPE = exports.BUNDLE_V03_LEGACY_MEDIA_TYPE = exports.BUNDLE_V02_MEDIA_TYPE = exports.BUNDLE_V01_MEDIA_TYPE = exports.toMessageSignatureBundle = exports.toDSSEBundle = void 0;
/*
Copyright 2023 The Sigstore Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
var build_1 = require("./build");
Object.defineProperty(exports, "toDSSEBundle", { enumerable: true, get: function () { return build_1.toDSSEBundle; } });
Object.defineProperty(exports, "toMessageSignatureBundle", { enumerable: true, get: function () { return build_1.toMessageSignatureBundle; } });
var bundle_1 = require("./bundle");
Object.defineProperty(exports, "BUNDLE_V01_MEDIA_TYPE", { enumerable: true, get: function () { return bundle_1.BUNDLE_V01_MEDIA_TYPE; } });
Object.defineProperty(exports, "BUNDLE_V02_MEDIA_TYPE", { enumerable: true, get: function () { return bundle_1.BUNDLE_V02_MEDIA_TYPE; } });
Object.defineProperty(exports, "BUNDLE_V03_LEGACY_MEDIA_TYPE", { enumerable: true, get: function () { return bundle_1.BUNDLE_V03_LEGACY_MEDIA_TYPE; } });
Object.defineProperty(exports, "BUNDLE_V03_MEDIA_TYPE", { enumerable: true, get: function () { return bundle_1.BUNDLE_V03_MEDIA_TYPE; } });
Object.defineProperty(exports, "isBundleWithCertificateChain", { enumerable: true, get: function () { return bundle_1.isBundleWithCertificateChain; } });
Object.defineProperty(exports, "isBundleWithDsseEnvelope", { enumerable: true, get: function () { return bundle_1.isBundleWithDsseEnvelope; } });
Object.defineProperty(exports, "isBundleWithMessageSignature", { enumerable: true, get: function () { return bundle_1.isBundleWithMessageSignature; } });
Object.defineProperty(exports, "isBundleWithPublicKey", { enumerable: true, get: function () { return bundle_1.isBundleWithPublicKey; } });
var error_1 = require("./error");
Object.defineProperty(exports, "ValidationError", { enumerable: true, get: function () { return error_1.ValidationError; } });
var serialized_1 = require("./serialized");
Object.defineProperty(exports, "bundleFromJSON", { enumerable: true, get: function () { return serialized_1.bundleFromJSON; } });
Object.defineProperty(exports, "bundleToJSON", { enumerable: true, get: function () { return serialized_1.bundleToJSON; } });
Object.defineProperty(exports, "envelopeFromJSON", { enumerable: true, get: function () { return serialized_1.envelopeFromJSON; } });
Object.defineProperty(exports, "envelopeToJSON", { enumerable: true, get: function () { return serialized_1.envelopeToJSON; } });
var validate_1 = require("./validate");
Object.defineProperty(exports, "assertBundle", { enumerable: true, get: function () { return validate_1.assertBundle; } });
Object.defineProperty(exports, "assertBundleLatest", { enumerable: true, get: function () { return validate_1.assertBundleLatest; } });
Object.defineProperty(exports, "assertBundleV01", { enumerable: true, get: function () { return validate_1.assertBundleV01; } });
Object.defineProperty(exports, "assertBundleV02", { enumerable: true, get: function () { return validate_1.assertBundleV02; } });
Object.defineProperty(exports, "isBundleV01", { enumerable: true, get: function () { return validate_1.isBundleV01; } });

49
package/node_modules/@sigstore/bundle/dist/serialized.js generated vendored Normal file
View File

@@ -0,0 +1,49 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.envelopeToJSON = exports.envelopeFromJSON = exports.bundleToJSON = exports.bundleFromJSON = void 0;
/*
Copyright 2023 The Sigstore Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
const protobuf_specs_1 = require("@sigstore/protobuf-specs");
const bundle_1 = require("./bundle");
const validate_1 = require("./validate");
const bundleFromJSON = (obj) => {
const bundle = protobuf_specs_1.Bundle.fromJSON(obj);
switch (bundle.mediaType) {
case bundle_1.BUNDLE_V01_MEDIA_TYPE:
(0, validate_1.assertBundleV01)(bundle);
break;
case bundle_1.BUNDLE_V02_MEDIA_TYPE:
(0, validate_1.assertBundleV02)(bundle);
break;
default:
(0, validate_1.assertBundleLatest)(bundle);
break;
}
return bundle;
};
exports.bundleFromJSON = bundleFromJSON;
const bundleToJSON = (bundle) => {
return protobuf_specs_1.Bundle.toJSON(bundle);
};
exports.bundleToJSON = bundleToJSON;
const envelopeFromJSON = (obj) => {
return protobuf_specs_1.Envelope.fromJSON(obj);
};
exports.envelopeFromJSON = envelopeFromJSON;
const envelopeToJSON = (envelope) => {
return protobuf_specs_1.Envelope.toJSON(envelope);
};
exports.envelopeToJSON = envelopeToJSON;

2
package/node_modules/@sigstore/bundle/dist/utility.js generated vendored Normal file
View File

@@ -0,0 +1,2 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });

199
package/node_modules/@sigstore/bundle/dist/validate.js generated vendored Normal file
View File

@@ -0,0 +1,199 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.assertBundleLatest = exports.assertBundleV02 = exports.isBundleV01 = exports.assertBundleV01 = exports.assertBundle = void 0;
/*
Copyright 2023 The Sigstore Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
const error_1 = require("./error");
// Performs basic validation of a Sigstore bundle to ensure that all required
// fields are populated. This is not a complete validation of the bundle, but
// rather a check that the bundle is in a valid state to be processed by the
// rest of the code.
function assertBundle(b) {
const invalidValues = validateBundleBase(b);
if (invalidValues.length > 0) {
throw new error_1.ValidationError('invalid bundle', invalidValues);
}
}
exports.assertBundle = assertBundle;
// Asserts that the given bundle conforms to the v0.1 bundle format.
function assertBundleV01(b) {
const invalidValues = [];
invalidValues.push(...validateBundleBase(b));
invalidValues.push(...validateInclusionPromise(b));
if (invalidValues.length > 0) {
throw new error_1.ValidationError('invalid v0.1 bundle', invalidValues);
}
}
exports.assertBundleV01 = assertBundleV01;
// Type guard to determine if Bundle is a v0.1 bundle.
function isBundleV01(b) {
try {
assertBundleV01(b);
return true;
}
catch (e) {
return false;
}
}
exports.isBundleV01 = isBundleV01;
// Asserts that the given bundle conforms to the v0.2 bundle format.
function assertBundleV02(b) {
const invalidValues = [];
invalidValues.push(...validateBundleBase(b));
invalidValues.push(...validateInclusionProof(b));
if (invalidValues.length > 0) {
throw new error_1.ValidationError('invalid v0.2 bundle', invalidValues);
}
}
exports.assertBundleV02 = assertBundleV02;
// Asserts that the given bundle conforms to the newest (0.3) bundle format.
function assertBundleLatest(b) {
const invalidValues = [];
invalidValues.push(...validateBundleBase(b));
invalidValues.push(...validateInclusionProof(b));
invalidValues.push(...validateNoCertificateChain(b));
if (invalidValues.length > 0) {
throw new error_1.ValidationError('invalid bundle', invalidValues);
}
}
exports.assertBundleLatest = assertBundleLatest;
function validateBundleBase(b) {
const invalidValues = [];
// Media type validation
if (b.mediaType === undefined ||
(!b.mediaType.match(/^application\/vnd\.dev\.sigstore\.bundle\+json;version=\d\.\d/) &&
!b.mediaType.match(/^application\/vnd\.dev\.sigstore\.bundle\.v\d\.\d\+json/))) {
invalidValues.push('mediaType');
}
// Content-related validation
if (b.content === undefined) {
invalidValues.push('content');
}
else {
switch (b.content.$case) {
case 'messageSignature':
if (b.content.messageSignature.messageDigest === undefined) {
invalidValues.push('content.messageSignature.messageDigest');
}
else {
if (b.content.messageSignature.messageDigest.digest.length === 0) {
invalidValues.push('content.messageSignature.messageDigest.digest');
}
}
if (b.content.messageSignature.signature.length === 0) {
invalidValues.push('content.messageSignature.signature');
}
break;
case 'dsseEnvelope':
if (b.content.dsseEnvelope.payload.length === 0) {
invalidValues.push('content.dsseEnvelope.payload');
}
if (b.content.dsseEnvelope.signatures.length !== 1) {
invalidValues.push('content.dsseEnvelope.signatures');
}
else {
if (b.content.dsseEnvelope.signatures[0].sig.length === 0) {
invalidValues.push('content.dsseEnvelope.signatures[0].sig');
}
}
break;
}
}
// Verification material-related validation
if (b.verificationMaterial === undefined) {
invalidValues.push('verificationMaterial');
}
else {
if (b.verificationMaterial.content === undefined) {
invalidValues.push('verificationMaterial.content');
}
else {
switch (b.verificationMaterial.content.$case) {
case 'x509CertificateChain':
if (b.verificationMaterial.content.x509CertificateChain.certificates
.length === 0) {
invalidValues.push('verificationMaterial.content.x509CertificateChain.certificates');
}
b.verificationMaterial.content.x509CertificateChain.certificates.forEach((cert, i) => {
if (cert.rawBytes.length === 0) {
invalidValues.push(`verificationMaterial.content.x509CertificateChain.certificates[${i}].rawBytes`);
}
});
break;
case 'certificate':
if (b.verificationMaterial.content.certificate.rawBytes.length === 0) {
invalidValues.push('verificationMaterial.content.certificate.rawBytes');
}
break;
}
}
if (b.verificationMaterial.tlogEntries === undefined) {
invalidValues.push('verificationMaterial.tlogEntries');
}
else {
if (b.verificationMaterial.tlogEntries.length > 0) {
b.verificationMaterial.tlogEntries.forEach((entry, i) => {
if (entry.logId === undefined) {
invalidValues.push(`verificationMaterial.tlogEntries[${i}].logId`);
}
if (entry.kindVersion === undefined) {
invalidValues.push(`verificationMaterial.tlogEntries[${i}].kindVersion`);
}
});
}
}
}
return invalidValues;
}
// Necessary for V01 bundles
function validateInclusionPromise(b) {
const invalidValues = [];
if (b.verificationMaterial &&
b.verificationMaterial.tlogEntries?.length > 0) {
b.verificationMaterial.tlogEntries.forEach((entry, i) => {
if (entry.inclusionPromise === undefined) {
invalidValues.push(`verificationMaterial.tlogEntries[${i}].inclusionPromise`);
}
});
}
return invalidValues;
}
// Necessary for V02 and later bundles
function validateInclusionProof(b) {
const invalidValues = [];
if (b.verificationMaterial &&
b.verificationMaterial.tlogEntries?.length > 0) {
b.verificationMaterial.tlogEntries.forEach((entry, i) => {
if (entry.inclusionProof === undefined) {
invalidValues.push(`verificationMaterial.tlogEntries[${i}].inclusionProof`);
}
else {
if (entry.inclusionProof.checkpoint === undefined) {
invalidValues.push(`verificationMaterial.tlogEntries[${i}].inclusionProof.checkpoint`);
}
}
});
}
return invalidValues;
}
// Necessary for V03 and later bundles
function validateNoCertificateChain(b) {
const invalidValues = [];
if (b.verificationMaterial?.content?.$case === 'x509CertificateChain') {
invalidValues.push('verificationMaterial.content.$case');
}
return invalidValues;
}

35
package/node_modules/@sigstore/bundle/package.json generated vendored Normal file
View File

@@ -0,0 +1,35 @@
{
"name": "@sigstore/bundle",
"version": "2.3.2",
"description": "Sigstore bundle type",
"main": "dist/index.js",
"types": "dist/index.d.ts",
"scripts": {
"clean": "shx rm -rf dist *.tsbuildinfo",
"build": "tsc --build",
"test": "jest"
},
"files": [
"dist",
"store"
],
"author": "bdehamer@github.com",
"license": "Apache-2.0",
"repository": {
"type": "git",
"url": "git+https://github.com/sigstore/sigstore-js.git"
},
"bugs": {
"url": "https://github.com/sigstore/sigstore-js/issues"
},
"homepage": "https://github.com/sigstore/sigstore-js/tree/main/packages/bundle#readme",
"publishConfig": {
"provenance": true
},
"dependencies": {
"@sigstore/protobuf-specs": "^0.3.2"
},
"engines": {
"node": "^16.14.0 || >=18.0.0"
}
}

202
package/node_modules/@sigstore/core/LICENSE generated vendored Normal file
View File

@@ -0,0 +1,202 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright 2023 The Sigstore Authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

24
package/node_modules/@sigstore/core/dist/asn1/error.js generated vendored Normal file
View File

@@ -0,0 +1,24 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.ASN1TypeError = exports.ASN1ParseError = void 0;
/*
Copyright 2023 The Sigstore Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
class ASN1ParseError extends Error {
}
exports.ASN1ParseError = ASN1ParseError;
class ASN1TypeError extends Error {
}
exports.ASN1TypeError = ASN1TypeError;

20
package/node_modules/@sigstore/core/dist/asn1/index.js generated vendored Normal file
View File

@@ -0,0 +1,20 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.ASN1Obj = void 0;
/*
Copyright 2023 The Sigstore Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
var obj_1 = require("./obj");
Object.defineProperty(exports, "ASN1Obj", { enumerable: true, get: function () { return obj_1.ASN1Obj; } });

63
package/node_modules/@sigstore/core/dist/asn1/length.js generated vendored Normal file
View File

@@ -0,0 +1,63 @@
"use strict";
/*
Copyright 2023 The Sigstore Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
Object.defineProperty(exports, "__esModule", { value: true });
exports.encodeLength = exports.decodeLength = void 0;
const error_1 = require("./error");
// Decodes the length of a DER-encoded ANS.1 element from the supplied stream.
// https://learn.microsoft.com/en-us/windows/win32/seccertenroll/about-encoded-length-and-value-bytes
function decodeLength(stream) {
const buf = stream.getUint8();
// If the most significant bit is UNSET the length is just the value of the
// byte.
if ((buf & 0x80) === 0x00) {
return buf;
}
// Otherwise, the lower 7 bits of the first byte indicate the number of bytes
// that follow to encode the length.
const byteCount = buf & 0x7f;
// Ensure the encoded length can safely fit in a JS number.
if (byteCount > 6) {
throw new error_1.ASN1ParseError('length exceeds 6 byte limit');
}
// Iterate over the bytes that encode the length.
let len = 0;
for (let i = 0; i < byteCount; i++) {
len = len * 256 + stream.getUint8();
}
// This is a valid ASN.1 length encoding, but we don't support it.
if (len === 0) {
throw new error_1.ASN1ParseError('indefinite length encoding not supported');
}
return len;
}
exports.decodeLength = decodeLength;
// Translates the supplied value to a DER-encoded length.
function encodeLength(len) {
if (len < 128) {
return Buffer.from([len]);
}
// Bitwise operations on large numbers are not supported in JS, so we need to
// use BigInts.
let val = BigInt(len);
const bytes = [];
while (val > 0n) {
bytes.unshift(Number(val & 255n));
val = val >> 8n;
}
return Buffer.from([0x80 | bytes.length, ...bytes]);
}
exports.encodeLength = encodeLength;

152
package/node_modules/@sigstore/core/dist/asn1/obj.js generated vendored Normal file
View File

@@ -0,0 +1,152 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.ASN1Obj = void 0;
/*
Copyright 2023 The Sigstore Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
const stream_1 = require("../stream");
const error_1 = require("./error");
const length_1 = require("./length");
const parse_1 = require("./parse");
const tag_1 = require("./tag");
class ASN1Obj {
constructor(tag, value, subs) {
this.tag = tag;
this.value = value;
this.subs = subs;
}
// Constructs an ASN.1 object from a Buffer of DER-encoded bytes.
static parseBuffer(buf) {
return parseStream(new stream_1.ByteStream(buf));
}
toDER() {
const valueStream = new stream_1.ByteStream();
if (this.subs.length > 0) {
for (const sub of this.subs) {
valueStream.appendView(sub.toDER());
}
}
else {
valueStream.appendView(this.value);
}
const value = valueStream.buffer;
// Concat tag/length/value
const obj = new stream_1.ByteStream();
obj.appendChar(this.tag.toDER());
obj.appendView((0, length_1.encodeLength)(value.length));
obj.appendView(value);
return obj.buffer;
}
/////////////////////////////////////////////////////////////////////////////
// Convenience methods for parsing ASN.1 primitives into JS types
// Returns the ASN.1 object's value as a boolean. Throws an error if the
// object is not a boolean.
toBoolean() {
if (!this.tag.isBoolean()) {
throw new error_1.ASN1TypeError('not a boolean');
}
return (0, parse_1.parseBoolean)(this.value);
}
// Returns the ASN.1 object's value as a BigInt. Throws an error if the
// object is not an integer.
toInteger() {
if (!this.tag.isInteger()) {
throw new error_1.ASN1TypeError('not an integer');
}
return (0, parse_1.parseInteger)(this.value);
}
// Returns the ASN.1 object's value as an OID string. Throws an error if the
// object is not an OID.
toOID() {
if (!this.tag.isOID()) {
throw new error_1.ASN1TypeError('not an OID');
}
return (0, parse_1.parseOID)(this.value);
}
// Returns the ASN.1 object's value as a Date. Throws an error if the object
// is not either a UTCTime or a GeneralizedTime.
toDate() {
switch (true) {
case this.tag.isUTCTime():
return (0, parse_1.parseTime)(this.value, true);
case this.tag.isGeneralizedTime():
return (0, parse_1.parseTime)(this.value, false);
default:
throw new error_1.ASN1TypeError('not a date');
}
}
// Returns the ASN.1 object's value as a number[] where each number is the
// value of a bit in the bit string. Throws an error if the object is not a
// bit string.
toBitString() {
if (!this.tag.isBitString()) {
throw new error_1.ASN1TypeError('not a bit string');
}
return (0, parse_1.parseBitString)(this.value);
}
}
exports.ASN1Obj = ASN1Obj;
/////////////////////////////////////////////////////////////////////////////
// Internal stream parsing functions
function parseStream(stream) {
// Parse tag, length, and value from stream
const tag = new tag_1.ASN1Tag(stream.getUint8());
const len = (0, length_1.decodeLength)(stream);
const value = stream.slice(stream.position, len);
const start = stream.position;
let subs = [];
// If the object is constructed, parse its children. Sometimes, children
// are embedded in OCTESTRING objects, so we need to check those
// for children as well.
if (tag.constructed) {
subs = collectSubs(stream, len);
}
else if (tag.isOctetString()) {
// Attempt to parse children of OCTETSTRING objects. If anything fails,
// assume the object is not constructed and treat as primitive.
try {
subs = collectSubs(stream, len);
}
catch (e) {
// Fail silently and treat as primitive
}
}
// If there are no children, move stream cursor to the end of the object
if (subs.length === 0) {
stream.seek(start + len);
}
return new ASN1Obj(tag, value, subs);
}
function collectSubs(stream, len) {
// Calculate end of object content
const end = stream.position + len;
// Make sure there are enough bytes left in the stream. This should never
// happen, cause it'll get caught when the stream is sliced in parseStream.
// Leaving as an extra check just in case.
/* istanbul ignore if */
if (end > stream.length) {
throw new error_1.ASN1ParseError('invalid length');
}
// Parse all children
const subs = [];
while (stream.position < end) {
subs.push(parseStream(stream));
}
// When we're done parsing children, we should be at the end of the object
if (stream.position !== end) {
throw new error_1.ASN1ParseError('invalid length');
}
return subs;
}

125
package/node_modules/@sigstore/core/dist/asn1/parse.js generated vendored Normal file
View File

@@ -0,0 +1,125 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.parseBitString = exports.parseBoolean = exports.parseOID = exports.parseTime = exports.parseStringASCII = exports.parseInteger = void 0;
/*
Copyright 2023 The Sigstore Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
const RE_TIME_SHORT_YEAR = /^(\d{2})(\d{2})(\d{2})(\d{2})(\d{2})(\d{2})(\.\d{3})?Z$/;
const RE_TIME_LONG_YEAR = /^(\d{4})(\d{2})(\d{2})(\d{2})(\d{2})(\d{2})(\.\d{3})?Z$/;
// Parse a BigInt from the DER-encoded buffer
// https://learn.microsoft.com/en-us/windows/win32/seccertenroll/about-integer
function parseInteger(buf) {
let pos = 0;
const end = buf.length;
let val = buf[pos];
const neg = val > 0x7f;
// Consume any padding bytes
const pad = neg ? 0xff : 0x00;
while (val == pad && ++pos < end) {
val = buf[pos];
}
// Calculate remaining bytes to read
const len = end - pos;
if (len === 0)
return BigInt(neg ? -1 : 0);
// Handle two's complement for negative numbers
val = neg ? val - 256 : val;
// Parse remaining bytes
let n = BigInt(val);
for (let i = pos + 1; i < end; ++i) {
n = n * BigInt(256) + BigInt(buf[i]);
}
return n;
}
exports.parseInteger = parseInteger;
// Parse an ASCII string from the DER-encoded buffer
// https://learn.microsoft.com/en-us/windows/win32/seccertenroll/about-basic-types#boolean
function parseStringASCII(buf) {
return buf.toString('ascii');
}
exports.parseStringASCII = parseStringASCII;
// Parse a Date from the DER-encoded buffer
// https://www.rfc-editor.org/rfc/rfc5280#section-4.1.2.5.1
function parseTime(buf, shortYear) {
const timeStr = parseStringASCII(buf);
// Parse the time string into matches - captured groups start at index 1
const m = shortYear
? RE_TIME_SHORT_YEAR.exec(timeStr)
: RE_TIME_LONG_YEAR.exec(timeStr);
if (!m) {
throw new Error('invalid time');
}
// Translate dates with a 2-digit year to 4 digits per the spec
if (shortYear) {
let year = Number(m[1]);
year += year >= 50 ? 1900 : 2000;
m[1] = year.toString();
}
// Translate to ISO8601 format and parse
return new Date(`${m[1]}-${m[2]}-${m[3]}T${m[4]}:${m[5]}:${m[6]}Z`);
}
exports.parseTime = parseTime;
// Parse an OID from the DER-encoded buffer
// https://learn.microsoft.com/en-us/windows/win32/seccertenroll/about-object-identifier
function parseOID(buf) {
let pos = 0;
const end = buf.length;
// Consume first byte which encodes the first two OID components
let n = buf[pos++];
const first = Math.floor(n / 40);
const second = n % 40;
let oid = `${first}.${second}`;
// Consume remaining bytes
let val = 0;
for (; pos < end; ++pos) {
n = buf[pos];
val = (val << 7) + (n & 0x7f);
// If the left-most bit is NOT set, then this is the last byte in the
// sequence and we can add the value to the OID and reset the accumulator
if ((n & 0x80) === 0) {
oid += `.${val}`;
val = 0;
}
}
return oid;
}
exports.parseOID = parseOID;
// Parse a boolean from the DER-encoded buffer
// https://learn.microsoft.com/en-us/windows/win32/seccertenroll/about-basic-types#boolean
function parseBoolean(buf) {
return buf[0] !== 0;
}
exports.parseBoolean = parseBoolean;
// Parse a bit string from the DER-encoded buffer
// https://learn.microsoft.com/en-us/windows/win32/seccertenroll/about-bit-string
function parseBitString(buf) {
// First byte tell us how many unused bits are in the last byte
const unused = buf[0];
const start = 1;
const end = buf.length;
const bits = [];
for (let i = start; i < end; ++i) {
const byte = buf[i];
// The skip value is only used for the last byte
const skip = i === end - 1 ? unused : 0;
// Iterate over each bit in the byte (most significant first)
for (let j = 7; j >= skip; --j) {
// Read the bit and add it to the bit string
bits.push((byte >> j) & 0x01);
}
}
return bits;
}
exports.parseBitString = parseBitString;

86
package/node_modules/@sigstore/core/dist/asn1/tag.js generated vendored Normal file
View File

@@ -0,0 +1,86 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.ASN1Tag = void 0;
/*
Copyright 2023 The Sigstore Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
const error_1 = require("./error");
const UNIVERSAL_TAG = {
BOOLEAN: 0x01,
INTEGER: 0x02,
BIT_STRING: 0x03,
OCTET_STRING: 0x04,
OBJECT_IDENTIFIER: 0x06,
SEQUENCE: 0x10,
SET: 0x11,
PRINTABLE_STRING: 0x13,
UTC_TIME: 0x17,
GENERALIZED_TIME: 0x18,
};
const TAG_CLASS = {
UNIVERSAL: 0x00,
APPLICATION: 0x01,
CONTEXT_SPECIFIC: 0x02,
PRIVATE: 0x03,
};
// https://learn.microsoft.com/en-us/windows/win32/seccertenroll/about-encoded-tag-bytes
class ASN1Tag {
constructor(enc) {
// Bits 0 through 4 are the tag number
this.number = enc & 0x1f;
// Bit 5 is the constructed bit
this.constructed = (enc & 0x20) === 0x20;
// Bit 6 & 7 are the class
this.class = enc >> 6;
if (this.number === 0x1f) {
throw new error_1.ASN1ParseError('long form tags not supported');
}
if (this.class === TAG_CLASS.UNIVERSAL && this.number === 0x00) {
throw new error_1.ASN1ParseError('unsupported tag 0x00');
}
}
isUniversal() {
return this.class === TAG_CLASS.UNIVERSAL;
}
isContextSpecific(num) {
const res = this.class === TAG_CLASS.CONTEXT_SPECIFIC;
return num !== undefined ? res && this.number === num : res;
}
isBoolean() {
return this.isUniversal() && this.number === UNIVERSAL_TAG.BOOLEAN;
}
isInteger() {
return this.isUniversal() && this.number === UNIVERSAL_TAG.INTEGER;
}
isBitString() {
return this.isUniversal() && this.number === UNIVERSAL_TAG.BIT_STRING;
}
isOctetString() {
return this.isUniversal() && this.number === UNIVERSAL_TAG.OCTET_STRING;
}
isOID() {
return (this.isUniversal() && this.number === UNIVERSAL_TAG.OBJECT_IDENTIFIER);
}
isUTCTime() {
return this.isUniversal() && this.number === UNIVERSAL_TAG.UTC_TIME;
}
isGeneralizedTime() {
return this.isUniversal() && this.number === UNIVERSAL_TAG.GENERALIZED_TIME;
}
toDER() {
return this.number | (this.constructed ? 0x20 : 0x00) | (this.class << 6);
}
}
exports.ASN1Tag = ASN1Tag;

71
package/node_modules/@sigstore/core/dist/crypto.js generated vendored Normal file
View File

@@ -0,0 +1,71 @@
"use strict";
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.bufferEqual = exports.verify = exports.hash = exports.digest = exports.createPublicKey = void 0;
/*
Copyright 2023 The Sigstore Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
const crypto_1 = __importDefault(require("crypto"));
const SHA256_ALGORITHM = 'sha256';
function createPublicKey(key, type = 'spki') {
if (typeof key === 'string') {
return crypto_1.default.createPublicKey(key);
}
else {
return crypto_1.default.createPublicKey({ key, format: 'der', type: type });
}
}
exports.createPublicKey = createPublicKey;
function digest(algorithm, ...data) {
const hash = crypto_1.default.createHash(algorithm);
for (const d of data) {
hash.update(d);
}
return hash.digest();
}
exports.digest = digest;
// TODO: deprecate this in favor of digest()
function hash(...data) {
const hash = crypto_1.default.createHash(SHA256_ALGORITHM);
for (const d of data) {
hash.update(d);
}
return hash.digest();
}
exports.hash = hash;
function verify(data, key, signature, algorithm) {
// The try/catch is to work around an issue in Node 14.x where verify throws
// an error in some scenarios if the signature is invalid.
try {
return crypto_1.default.verify(algorithm, data, key, signature);
}
catch (e) {
/* istanbul ignore next */
return false;
}
}
exports.verify = verify;
function bufferEqual(a, b) {
try {
return crypto_1.default.timingSafeEqual(a, b);
}
catch {
/* istanbul ignore next */
return false;
}
}
exports.bufferEqual = bufferEqual;

31
package/node_modules/@sigstore/core/dist/dsse.js generated vendored Normal file
View File

@@ -0,0 +1,31 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.preAuthEncoding = void 0;
/*
Copyright 2023 The Sigstore Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
const PAE_PREFIX = 'DSSEv1';
// DSSE Pre-Authentication Encoding
function preAuthEncoding(payloadType, payload) {
const prefix = [
PAE_PREFIX,
payloadType.length,
payloadType,
payload.length,
'',
].join(' ');
return Buffer.concat([Buffer.from(prefix, 'ascii'), payload]);
}
exports.preAuthEncoding = preAuthEncoding;

28
package/node_modules/@sigstore/core/dist/encoding.js generated vendored Normal file
View File

@@ -0,0 +1,28 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.base64Decode = exports.base64Encode = void 0;
/*
Copyright 2023 The Sigstore Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
const BASE64_ENCODING = 'base64';
const UTF8_ENCODING = 'utf-8';
function base64Encode(str) {
return Buffer.from(str, UTF8_ENCODING).toString(BASE64_ENCODING);
}
exports.base64Encode = base64Encode;
function base64Decode(str) {
return Buffer.from(str, BASE64_ENCODING).toString(UTF8_ENCODING);
}
exports.base64Decode = base64Decode;

56
package/node_modules/@sigstore/core/dist/index.js generated vendored Normal file
View File

@@ -0,0 +1,56 @@
"use strict";
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
var desc = Object.getOwnPropertyDescriptor(m, k);
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
desc = { enumerable: true, get: function() { return m[k]; } };
}
Object.defineProperty(o, k2, desc);
}) : (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
o["default"] = v;
});
var __importStar = (this && this.__importStar) || function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
__setModuleDefault(result, mod);
return result;
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.X509SCTExtension = exports.X509Certificate = exports.EXTENSION_OID_SCT = exports.ByteStream = exports.RFC3161Timestamp = exports.pem = exports.json = exports.encoding = exports.dsse = exports.crypto = exports.ASN1Obj = void 0;
/*
Copyright 2023 The Sigstore Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
var asn1_1 = require("./asn1");
Object.defineProperty(exports, "ASN1Obj", { enumerable: true, get: function () { return asn1_1.ASN1Obj; } });
exports.crypto = __importStar(require("./crypto"));
exports.dsse = __importStar(require("./dsse"));
exports.encoding = __importStar(require("./encoding"));
exports.json = __importStar(require("./json"));
exports.pem = __importStar(require("./pem"));
var rfc3161_1 = require("./rfc3161");
Object.defineProperty(exports, "RFC3161Timestamp", { enumerable: true, get: function () { return rfc3161_1.RFC3161Timestamp; } });
var stream_1 = require("./stream");
Object.defineProperty(exports, "ByteStream", { enumerable: true, get: function () { return stream_1.ByteStream; } });
var x509_1 = require("./x509");
Object.defineProperty(exports, "EXTENSION_OID_SCT", { enumerable: true, get: function () { return x509_1.EXTENSION_OID_SCT; } });
Object.defineProperty(exports, "X509Certificate", { enumerable: true, get: function () { return x509_1.X509Certificate; } });
Object.defineProperty(exports, "X509SCTExtension", { enumerable: true, get: function () { return x509_1.X509SCTExtension; } });

61
package/node_modules/@sigstore/core/dist/json.js generated vendored Normal file
View File

@@ -0,0 +1,61 @@
"use strict";
/*
Copyright 2023 The Sigstore Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
Object.defineProperty(exports, "__esModule", { value: true });
exports.canonicalize = void 0;
// JSON canonicalization per https://github.com/cyberphone/json-canonicalization
// eslint-disable-next-line @typescript-eslint/no-explicit-any
function canonicalize(object) {
let buffer = '';
if (object === null || typeof object !== 'object' || object.toJSON != null) {
// Primitives or toJSONable objects
buffer += JSON.stringify(object);
}
else if (Array.isArray(object)) {
// Array - maintain element order
buffer += '[';
let first = true;
object.forEach((element) => {
if (!first) {
buffer += ',';
}
first = false;
// recursive call
buffer += canonicalize(element);
});
buffer += ']';
}
else {
// Object - Sort properties before serializing
buffer += '{';
let first = true;
Object.keys(object)
.sort()
.forEach((property) => {
if (!first) {
buffer += ',';
}
first = false;
buffer += JSON.stringify(property);
buffer += ':';
// recursive call
buffer += canonicalize(object[property]);
});
buffer += '}';
}
return buffer;
}
exports.canonicalize = canonicalize;

14
package/node_modules/@sigstore/core/dist/oid.js generated vendored Normal file
View File

@@ -0,0 +1,14 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.SHA2_HASH_ALGOS = exports.ECDSA_SIGNATURE_ALGOS = void 0;
exports.ECDSA_SIGNATURE_ALGOS = {
'1.2.840.10045.4.3.1': 'sha224',
'1.2.840.10045.4.3.2': 'sha256',
'1.2.840.10045.4.3.3': 'sha384',
'1.2.840.10045.4.3.4': 'sha512',
};
exports.SHA2_HASH_ALGOS = {
'2.16.840.1.101.3.4.2.1': 'sha256',
'2.16.840.1.101.3.4.2.2': 'sha384',
'2.16.840.1.101.3.4.2.3': 'sha512',
};

44
package/node_modules/@sigstore/core/dist/pem.js generated vendored Normal file
View File

@@ -0,0 +1,44 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.fromDER = exports.toDER = void 0;
/*
Copyright 2023 The Sigstore Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
const PEM_HEADER = /-----BEGIN (.*)-----/;
const PEM_FOOTER = /-----END (.*)-----/;
function toDER(certificate) {
let der = '';
certificate.split('\n').forEach((line) => {
if (line.match(PEM_HEADER) || line.match(PEM_FOOTER)) {
return;
}
der += line;
});
return Buffer.from(der, 'base64');
}
exports.toDER = toDER;
// Translates a DER-encoded buffer into a PEM-encoded string. Standard PEM
// encoding dictates that each certificate should have a trailing newline after
// the footer.
function fromDER(certificate, type = 'CERTIFICATE') {
// Base64-encode the certificate.
const der = certificate.toString('base64');
// Split the certificate into lines of 64 characters.
const lines = der.match(/.{1,64}/g) || '';
return [`-----BEGIN ${type}-----`, ...lines, `-----END ${type}-----`]
.join('\n')
.concat('\n');
}
exports.fromDER = fromDER;

21
package/node_modules/@sigstore/core/dist/rfc3161/error.js generated vendored Normal file
View File

@@ -0,0 +1,21 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.RFC3161TimestampVerificationError = void 0;
/*
Copyright 2023 The Sigstore Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
class RFC3161TimestampVerificationError extends Error {
}
exports.RFC3161TimestampVerificationError = RFC3161TimestampVerificationError;

20
package/node_modules/@sigstore/core/dist/rfc3161/index.js generated vendored Normal file
View File

@@ -0,0 +1,20 @@
"use strict";
/*
Copyright 2023 The Sigstore Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
Object.defineProperty(exports, "__esModule", { value: true });
exports.RFC3161Timestamp = void 0;
var timestamp_1 = require("./timestamp");
Object.defineProperty(exports, "RFC3161Timestamp", { enumerable: true, get: function () { return timestamp_1.RFC3161Timestamp; } });

201
package/node_modules/@sigstore/core/dist/rfc3161/timestamp.js generated vendored Normal file
View File

@@ -0,0 +1,201 @@
"use strict";
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
var desc = Object.getOwnPropertyDescriptor(m, k);
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
desc = { enumerable: true, get: function() { return m[k]; } };
}
Object.defineProperty(o, k2, desc);
}) : (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
o["default"] = v;
});
var __importStar = (this && this.__importStar) || function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
__setModuleDefault(result, mod);
return result;
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.RFC3161Timestamp = void 0;
/*
Copyright 2023 The Sigstore Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
const asn1_1 = require("../asn1");
const crypto = __importStar(require("../crypto"));
const oid_1 = require("../oid");
const error_1 = require("./error");
const tstinfo_1 = require("./tstinfo");
const OID_PKCS9_CONTENT_TYPE_SIGNED_DATA = '1.2.840.113549.1.7.2';
const OID_PKCS9_CONTENT_TYPE_TSTINFO = '1.2.840.113549.1.9.16.1.4';
const OID_PKCS9_MESSAGE_DIGEST_KEY = '1.2.840.113549.1.9.4';
class RFC3161Timestamp {
constructor(asn1) {
this.root = asn1;
}
static parse(der) {
const asn1 = asn1_1.ASN1Obj.parseBuffer(der);
return new RFC3161Timestamp(asn1);
}
get status() {
return this.pkiStatusInfoObj.subs[0].toInteger();
}
get contentType() {
return this.contentTypeObj.toOID();
}
get eContentType() {
return this.eContentTypeObj.toOID();
}
get signingTime() {
return this.tstInfo.genTime;
}
get signerIssuer() {
return this.signerSidObj.subs[0].value;
}
get signerSerialNumber() {
return this.signerSidObj.subs[1].value;
}
get signerDigestAlgorithm() {
const oid = this.signerDigestAlgorithmObj.subs[0].toOID();
return oid_1.SHA2_HASH_ALGOS[oid];
}
get signatureAlgorithm() {
const oid = this.signatureAlgorithmObj.subs[0].toOID();
return oid_1.ECDSA_SIGNATURE_ALGOS[oid];
}
get signatureValue() {
return this.signatureValueObj.value;
}
get tstInfo() {
// Need to unpack tstInfo from an OCTET STRING
return new tstinfo_1.TSTInfo(this.eContentObj.subs[0].subs[0]);
}
verify(data, publicKey) {
if (!this.timeStampTokenObj) {
throw new error_1.RFC3161TimestampVerificationError('timeStampToken is missing');
}
// Check for expected ContentInfo content type
if (this.contentType !== OID_PKCS9_CONTENT_TYPE_SIGNED_DATA) {
throw new error_1.RFC3161TimestampVerificationError(`incorrect content type: ${this.contentType}`);
}
// Check for expected encapsulated content type
if (this.eContentType !== OID_PKCS9_CONTENT_TYPE_TSTINFO) {
throw new error_1.RFC3161TimestampVerificationError(`incorrect encapsulated content type: ${this.eContentType}`);
}
// Check that the tstInfo references the correct artifact
this.tstInfo.verify(data);
// Check that the signed message digest matches the tstInfo
this.verifyMessageDigest();
// Check that the signature is valid for the signed attributes
this.verifySignature(publicKey);
}
verifyMessageDigest() {
// Check that the tstInfo matches the signed data
const tstInfoDigest = crypto.digest(this.signerDigestAlgorithm, this.tstInfo.raw);
const expectedDigest = this.messageDigestAttributeObj.subs[1].subs[0].value;
if (!crypto.bufferEqual(tstInfoDigest, expectedDigest)) {
throw new error_1.RFC3161TimestampVerificationError('signed data does not match tstInfo');
}
}
verifySignature(key) {
// Encode the signed attributes for verification
const signedAttrs = this.signedAttrsObj.toDER();
signedAttrs[0] = 0x31; // Change context-specific tag to SET
// Check that the signature is valid for the signed attributes
const verified = crypto.verify(signedAttrs, key, this.signatureValue, this.signatureAlgorithm);
if (!verified) {
throw new error_1.RFC3161TimestampVerificationError('signature verification failed');
}
}
// https://www.rfc-editor.org/rfc/rfc3161#section-2.4.2
get pkiStatusInfoObj() {
// pkiStatusInfo is the first element of the timestamp response sequence
return this.root.subs[0];
}
// https://www.rfc-editor.org/rfc/rfc3161#section-2.4.2
get timeStampTokenObj() {
// timeStampToken is the first element of the timestamp response sequence
return this.root.subs[1];
}
// https://datatracker.ietf.org/doc/html/rfc5652#section-3
get contentTypeObj() {
return this.timeStampTokenObj.subs[0];
}
// https://www.rfc-editor.org/rfc/rfc5652#section-3
get signedDataObj() {
const obj = this.timeStampTokenObj.subs.find((sub) => sub.tag.isContextSpecific(0x00));
return obj.subs[0];
}
// https://datatracker.ietf.org/doc/html/rfc5652#section-5.1
get encapContentInfoObj() {
return this.signedDataObj.subs[2];
}
// https://datatracker.ietf.org/doc/html/rfc5652#section-5.1
get signerInfosObj() {
// SignerInfos is the last element of the signed data sequence
const sd = this.signedDataObj;
return sd.subs[sd.subs.length - 1];
}
// https://www.rfc-editor.org/rfc/rfc5652#section-5.1
get signerInfoObj() {
// Only supporting one signer
return this.signerInfosObj.subs[0];
}
// https://datatracker.ietf.org/doc/html/rfc5652#section-5.2
get eContentTypeObj() {
return this.encapContentInfoObj.subs[0];
}
// https://datatracker.ietf.org/doc/html/rfc5652#section-5.2
get eContentObj() {
return this.encapContentInfoObj.subs[1];
}
// https://datatracker.ietf.org/doc/html/rfc5652#section-5.3
get signedAttrsObj() {
const signedAttrs = this.signerInfoObj.subs.find((sub) => sub.tag.isContextSpecific(0x00));
return signedAttrs;
}
// https://datatracker.ietf.org/doc/html/rfc5652#section-5.3
get messageDigestAttributeObj() {
const messageDigest = this.signedAttrsObj.subs.find((sub) => sub.subs[0].tag.isOID() &&
sub.subs[0].toOID() === OID_PKCS9_MESSAGE_DIGEST_KEY);
return messageDigest;
}
// https://datatracker.ietf.org/doc/html/rfc5652#section-5.3
get signerSidObj() {
return this.signerInfoObj.subs[1];
}
// https://datatracker.ietf.org/doc/html/rfc5652#section-5.3
get signerDigestAlgorithmObj() {
// Signature is the 2nd element of the signerInfoObj object
return this.signerInfoObj.subs[2];
}
// https://datatracker.ietf.org/doc/html/rfc5652#section-5.3
get signatureAlgorithmObj() {
// Signature is the 4th element of the signerInfoObj object
return this.signerInfoObj.subs[4];
}
// https://datatracker.ietf.org/doc/html/rfc5652#section-5.3
get signatureValueObj() {
// Signature is the 6th element of the signerInfoObj object
return this.signerInfoObj.subs[5];
}
}
exports.RFC3161Timestamp = RFC3161Timestamp;

61
package/node_modules/@sigstore/core/dist/rfc3161/tstinfo.js generated vendored Normal file
View File

@@ -0,0 +1,61 @@
"use strict";
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
var desc = Object.getOwnPropertyDescriptor(m, k);
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
desc = { enumerable: true, get: function() { return m[k]; } };
}
Object.defineProperty(o, k2, desc);
}) : (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
o["default"] = v;
});
var __importStar = (this && this.__importStar) || function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
__setModuleDefault(result, mod);
return result;
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.TSTInfo = void 0;
const crypto = __importStar(require("../crypto"));
const oid_1 = require("../oid");
const error_1 = require("./error");
class TSTInfo {
constructor(asn1) {
this.root = asn1;
}
get version() {
return this.root.subs[0].toInteger();
}
get genTime() {
return this.root.subs[4].toDate();
}
get messageImprintHashAlgorithm() {
const oid = this.messageImprintObj.subs[0].subs[0].toOID();
return oid_1.SHA2_HASH_ALGOS[oid];
}
get messageImprintHashedMessage() {
return this.messageImprintObj.subs[1].value;
}
get raw() {
return this.root.toDER();
}
verify(data) {
const digest = crypto.digest(this.messageImprintHashAlgorithm, data);
if (!crypto.bufferEqual(digest, this.messageImprintHashedMessage)) {
throw new error_1.RFC3161TimestampVerificationError('message imprint does not match artifact');
}
}
// https://www.rfc-editor.org/rfc/rfc3161#section-2.4.2
get messageImprintObj() {
return this.root.subs[2];
}
}
exports.TSTInfo = TSTInfo;

115
package/node_modules/@sigstore/core/dist/stream.js generated vendored Normal file
View File

@@ -0,0 +1,115 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.ByteStream = void 0;
/*
Copyright 2023 The Sigstore Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
class StreamError extends Error {
}
class ByteStream {
constructor(buffer) {
this.start = 0;
if (buffer) {
this.buf = buffer;
this.view = Buffer.from(buffer);
}
else {
this.buf = new ArrayBuffer(0);
this.view = Buffer.from(this.buf);
}
}
get buffer() {
return this.view.subarray(0, this.start);
}
get length() {
return this.view.byteLength;
}
get position() {
return this.start;
}
seek(position) {
this.start = position;
}
// Returns a Buffer containing the specified number of bytes starting at the
// given start position.
slice(start, len) {
const end = start + len;
if (end > this.length) {
throw new StreamError('request past end of buffer');
}
return this.view.subarray(start, end);
}
appendChar(char) {
this.ensureCapacity(1);
this.view[this.start] = char;
this.start += 1;
}
appendUint16(num) {
this.ensureCapacity(2);
const value = new Uint16Array([num]);
const view = new Uint8Array(value.buffer);
this.view[this.start] = view[1];
this.view[this.start + 1] = view[0];
this.start += 2;
}
appendUint24(num) {
this.ensureCapacity(3);
const value = new Uint32Array([num]);
const view = new Uint8Array(value.buffer);
this.view[this.start] = view[2];
this.view[this.start + 1] = view[1];
this.view[this.start + 2] = view[0];
this.start += 3;
}
appendView(view) {
this.ensureCapacity(view.length);
this.view.set(view, this.start);
this.start += view.length;
}
getBlock(size) {
if (size <= 0) {
return Buffer.alloc(0);
}
if (this.start + size > this.view.length) {
throw new Error('request past end of buffer');
}
const result = this.view.subarray(this.start, this.start + size);
this.start += size;
return result;
}
getUint8() {
return this.getBlock(1)[0];
}
getUint16() {
const block = this.getBlock(2);
return (block[0] << 8) | block[1];
}
ensureCapacity(size) {
if (this.start + size > this.view.byteLength) {
const blockSize = ByteStream.BLOCK_SIZE + (size > ByteStream.BLOCK_SIZE ? size : 0);
this.realloc(this.view.byteLength + blockSize);
}
}
realloc(size) {
const newArray = new ArrayBuffer(size);
const newView = Buffer.from(newArray);
// Copy the old buffer into the new one
newView.set(this.view);
this.buf = newArray;
this.view = newView;
}
}
exports.ByteStream = ByteStream;
ByteStream.BLOCK_SIZE = 1024;

226
package/node_modules/@sigstore/core/dist/x509/cert.js generated vendored Normal file
View File

@@ -0,0 +1,226 @@
"use strict";
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
var desc = Object.getOwnPropertyDescriptor(m, k);
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
desc = { enumerable: true, get: function() { return m[k]; } };
}
Object.defineProperty(o, k2, desc);
}) : (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
o["default"] = v;
});
var __importStar = (this && this.__importStar) || function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
__setModuleDefault(result, mod);
return result;
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.X509Certificate = exports.EXTENSION_OID_SCT = void 0;
/*
Copyright 2023 The Sigstore Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
const asn1_1 = require("../asn1");
const crypto = __importStar(require("../crypto"));
const oid_1 = require("../oid");
const pem = __importStar(require("../pem"));
const ext_1 = require("./ext");
const EXTENSION_OID_SUBJECT_KEY_ID = '2.5.29.14';
const EXTENSION_OID_KEY_USAGE = '2.5.29.15';
const EXTENSION_OID_SUBJECT_ALT_NAME = '2.5.29.17';
const EXTENSION_OID_BASIC_CONSTRAINTS = '2.5.29.19';
const EXTENSION_OID_AUTHORITY_KEY_ID = '2.5.29.35';
exports.EXTENSION_OID_SCT = '1.3.6.1.4.1.11129.2.4.2';
class X509Certificate {
constructor(asn1) {
this.root = asn1;
}
static parse(cert) {
const der = typeof cert === 'string' ? pem.toDER(cert) : cert;
const asn1 = asn1_1.ASN1Obj.parseBuffer(der);
return new X509Certificate(asn1);
}
get tbsCertificate() {
return this.tbsCertificateObj;
}
get version() {
// version number is the first element of the version context specific tag
const ver = this.versionObj.subs[0].toInteger();
return `v${(ver + BigInt(1)).toString()}`;
}
get serialNumber() {
return this.serialNumberObj.value;
}
get notBefore() {
// notBefore is the first element of the validity sequence
return this.validityObj.subs[0].toDate();
}
get notAfter() {
// notAfter is the second element of the validity sequence
return this.validityObj.subs[1].toDate();
}
get issuer() {
return this.issuerObj.value;
}
get subject() {
return this.subjectObj.value;
}
get publicKey() {
return this.subjectPublicKeyInfoObj.toDER();
}
get signatureAlgorithm() {
const oid = this.signatureAlgorithmObj.subs[0].toOID();
return oid_1.ECDSA_SIGNATURE_ALGOS[oid];
}
get signatureValue() {
// Signature value is a bit string, so we need to skip the first byte
return this.signatureValueObj.value.subarray(1);
}
get subjectAltName() {
const ext = this.extSubjectAltName;
return ext?.uri || ext?.rfc822Name;
}
get extensions() {
// The extension list is the first (and only) element of the extensions
// context specific tag
const extSeq = this.extensionsObj?.subs[0];
return extSeq?.subs || /* istanbul ignore next */ [];
}
get extKeyUsage() {
const ext = this.findExtension(EXTENSION_OID_KEY_USAGE);
return ext ? new ext_1.X509KeyUsageExtension(ext) : undefined;
}
get extBasicConstraints() {
const ext = this.findExtension(EXTENSION_OID_BASIC_CONSTRAINTS);
return ext ? new ext_1.X509BasicConstraintsExtension(ext) : undefined;
}
get extSubjectAltName() {
const ext = this.findExtension(EXTENSION_OID_SUBJECT_ALT_NAME);
return ext ? new ext_1.X509SubjectAlternativeNameExtension(ext) : undefined;
}
get extAuthorityKeyID() {
const ext = this.findExtension(EXTENSION_OID_AUTHORITY_KEY_ID);
return ext ? new ext_1.X509AuthorityKeyIDExtension(ext) : undefined;
}
get extSubjectKeyID() {
const ext = this.findExtension(EXTENSION_OID_SUBJECT_KEY_ID);
return ext
? new ext_1.X509SubjectKeyIDExtension(ext)
: /* istanbul ignore next */ undefined;
}
get extSCT() {
const ext = this.findExtension(exports.EXTENSION_OID_SCT);
return ext ? new ext_1.X509SCTExtension(ext) : undefined;
}
get isCA() {
const ca = this.extBasicConstraints?.isCA || false;
// If the KeyUsage extension is present, keyCertSign must be set
if (this.extKeyUsage) {
ca && this.extKeyUsage.keyCertSign;
}
return ca;
}
extension(oid) {
const ext = this.findExtension(oid);
return ext ? new ext_1.X509Extension(ext) : undefined;
}
verify(issuerCertificate) {
// Use the issuer's public key if provided, otherwise use the subject's
const publicKey = issuerCertificate?.publicKey || this.publicKey;
const key = crypto.createPublicKey(publicKey);
return crypto.verify(this.tbsCertificate.toDER(), key, this.signatureValue, this.signatureAlgorithm);
}
validForDate(date) {
return this.notBefore <= date && date <= this.notAfter;
}
equals(other) {
return this.root.toDER().equals(other.root.toDER());
}
// Creates a copy of the certificate with a new buffer
clone() {
const der = this.root.toDER();
const clone = Buffer.alloc(der.length);
der.copy(clone);
return X509Certificate.parse(clone);
}
findExtension(oid) {
// Find the extension with the given OID. The OID will always be the first
// element of the extension sequence
return this.extensions.find((ext) => ext.subs[0].toOID() === oid);
}
/////////////////////////////////////////////////////////////////////////////
// The following properties use the documented x509 structure to locate the
// desired ASN.1 object
// https://www.rfc-editor.org/rfc/rfc5280#section-4.1
// https://www.rfc-editor.org/rfc/rfc5280#section-4.1.1.1
get tbsCertificateObj() {
// tbsCertificate is the first element of the certificate sequence
return this.root.subs[0];
}
// https://www.rfc-editor.org/rfc/rfc5280#section-4.1.1.2
get signatureAlgorithmObj() {
// signatureAlgorithm is the second element of the certificate sequence
return this.root.subs[1];
}
// https://www.rfc-editor.org/rfc/rfc5280#section-4.1.1.3
get signatureValueObj() {
// signatureValue is the third element of the certificate sequence
return this.root.subs[2];
}
// https://www.rfc-editor.org/rfc/rfc5280#section-4.1.2.1
get versionObj() {
// version is the first element of the tbsCertificate sequence
return this.tbsCertificateObj.subs[0];
}
// https://www.rfc-editor.org/rfc/rfc5280#section-4.1.2.2
get serialNumberObj() {
// serialNumber is the second element of the tbsCertificate sequence
return this.tbsCertificateObj.subs[1];
}
// https://www.rfc-editor.org/rfc/rfc5280#section-4.1.2.4
get issuerObj() {
// issuer is the fourth element of the tbsCertificate sequence
return this.tbsCertificateObj.subs[3];
}
// https://www.rfc-editor.org/rfc/rfc5280#section-4.1.2.5
get validityObj() {
// version is the fifth element of the tbsCertificate sequence
return this.tbsCertificateObj.subs[4];
}
// https://www.rfc-editor.org/rfc/rfc5280#section-4.1.2.6
get subjectObj() {
// subject is the sixth element of the tbsCertificate sequence
return this.tbsCertificateObj.subs[5];
}
// https://www.rfc-editor.org/rfc/rfc5280#section-4.1.2.7
get subjectPublicKeyInfoObj() {
// subjectPublicKeyInfo is the seventh element of the tbsCertificate sequence
return this.tbsCertificateObj.subs[6];
}
// Extensions can't be located by index because their position varies. Instead,
// we need to find the extensions context specific tag
// https://www.rfc-editor.org/rfc/rfc5280#section-4.1.2.9
get extensionsObj() {
return this.tbsCertificateObj.subs.find((sub) => sub.tag.isContextSpecific(0x03));
}
}
exports.X509Certificate = X509Certificate;

145
package/node_modules/@sigstore/core/dist/x509/ext.js generated vendored Normal file
View File

@@ -0,0 +1,145 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.X509SCTExtension = exports.X509SubjectKeyIDExtension = exports.X509AuthorityKeyIDExtension = exports.X509SubjectAlternativeNameExtension = exports.X509KeyUsageExtension = exports.X509BasicConstraintsExtension = exports.X509Extension = void 0;
const stream_1 = require("../stream");
const sct_1 = require("./sct");
// https://www.rfc-editor.org/rfc/rfc5280#section-4.1
class X509Extension {
constructor(asn1) {
this.root = asn1;
}
get oid() {
return this.root.subs[0].toOID();
}
get critical() {
// The critical field is optional and will be the second element of the
// extension sequence if present. Default to false if not present.
return this.root.subs.length === 3 ? this.root.subs[1].toBoolean() : false;
}
get value() {
return this.extnValueObj.value;
}
get valueObj() {
return this.extnValueObj;
}
get extnValueObj() {
// The extnValue field will be the last element of the extension sequence
return this.root.subs[this.root.subs.length - 1];
}
}
exports.X509Extension = X509Extension;
// https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.9
class X509BasicConstraintsExtension extends X509Extension {
get isCA() {
return this.sequence.subs[0]?.toBoolean() ?? false;
}
get pathLenConstraint() {
return this.sequence.subs.length > 1
? this.sequence.subs[1].toInteger()
: undefined;
}
// The extnValue field contains a single sequence wrapping the isCA and
// pathLenConstraint.
get sequence() {
return this.extnValueObj.subs[0];
}
}
exports.X509BasicConstraintsExtension = X509BasicConstraintsExtension;
// https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.3
class X509KeyUsageExtension extends X509Extension {
get digitalSignature() {
return this.bitString[0] === 1;
}
get keyCertSign() {
return this.bitString[5] === 1;
}
get crlSign() {
return this.bitString[6] === 1;
}
// The extnValue field contains a single bit string which is a bit mask
// indicating which key usages are enabled.
get bitString() {
return this.extnValueObj.subs[0].toBitString();
}
}
exports.X509KeyUsageExtension = X509KeyUsageExtension;
// https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.6
class X509SubjectAlternativeNameExtension extends X509Extension {
get rfc822Name() {
return this.findGeneralName(0x01)?.value.toString('ascii');
}
get uri() {
return this.findGeneralName(0x06)?.value.toString('ascii');
}
// Retrieve the value of an otherName with the given OID.
otherName(oid) {
const otherName = this.findGeneralName(0x00);
if (otherName === undefined) {
return undefined;
}
// The otherName is a sequence containing an OID and a value.
// Need to check that the OID matches the one we're looking for.
const otherNameOID = otherName.subs[0].toOID();
if (otherNameOID !== oid) {
return undefined;
}
// The otherNameValue is a sequence containing the actual value.
const otherNameValue = otherName.subs[1];
return otherNameValue.subs[0].value.toString('ascii');
}
findGeneralName(tag) {
return this.generalNames.find((gn) => gn.tag.isContextSpecific(tag));
}
// The extnValue field contains a sequence of GeneralNames.
get generalNames() {
return this.extnValueObj.subs[0].subs;
}
}
exports.X509SubjectAlternativeNameExtension = X509SubjectAlternativeNameExtension;
// https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.1
class X509AuthorityKeyIDExtension extends X509Extension {
get keyIdentifier() {
return this.findSequenceMember(0x00)?.value;
}
findSequenceMember(tag) {
return this.sequence.subs.find((el) => el.tag.isContextSpecific(tag));
}
// The extnValue field contains a single sequence wrapping the keyIdentifier
get sequence() {
return this.extnValueObj.subs[0];
}
}
exports.X509AuthorityKeyIDExtension = X509AuthorityKeyIDExtension;
// https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.2
class X509SubjectKeyIDExtension extends X509Extension {
get keyIdentifier() {
return this.extnValueObj.subs[0].value;
}
}
exports.X509SubjectKeyIDExtension = X509SubjectKeyIDExtension;
// https://www.rfc-editor.org/rfc/rfc6962#section-3.3
class X509SCTExtension extends X509Extension {
constructor(asn1) {
super(asn1);
}
get signedCertificateTimestamps() {
const buf = this.extnValueObj.subs[0].value;
const stream = new stream_1.ByteStream(buf);
// The overall list length is encoded in the first two bytes -- note this
// is the length of the list in bytes, NOT the number of SCTs in the list
const end = stream.getUint16() + 2;
const sctList = [];
while (stream.position < end) {
// Read the length of the next SCT
const sctLength = stream.getUint16();
// Slice out the bytes for the next SCT and parse it
const sct = stream.getBlock(sctLength);
sctList.push(sct_1.SignedCertificateTimestamp.parse(sct));
}
if (stream.position !== end) {
throw new Error('SCT list length does not match actual length');
}
return sctList;
}
}
exports.X509SCTExtension = X509SCTExtension;

23
package/node_modules/@sigstore/core/dist/x509/index.js generated vendored Normal file
View File

@@ -0,0 +1,23 @@
"use strict";
/*
Copyright 2023 The Sigstore Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
Object.defineProperty(exports, "__esModule", { value: true });
exports.X509SCTExtension = exports.X509Certificate = exports.EXTENSION_OID_SCT = void 0;
var cert_1 = require("./cert");
Object.defineProperty(exports, "EXTENSION_OID_SCT", { enumerable: true, get: function () { return cert_1.EXTENSION_OID_SCT; } });
Object.defineProperty(exports, "X509Certificate", { enumerable: true, get: function () { return cert_1.X509Certificate; } });
var ext_1 = require("./ext");
Object.defineProperty(exports, "X509SCTExtension", { enumerable: true, get: function () { return ext_1.X509SCTExtension; } });

141
package/node_modules/@sigstore/core/dist/x509/sct.js generated vendored Normal file
View File

@@ -0,0 +1,141 @@
"use strict";
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
var desc = Object.getOwnPropertyDescriptor(m, k);
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
desc = { enumerable: true, get: function() { return m[k]; } };
}
Object.defineProperty(o, k2, desc);
}) : (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
o["default"] = v;
});
var __importStar = (this && this.__importStar) || function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
__setModuleDefault(result, mod);
return result;
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.SignedCertificateTimestamp = void 0;
/*
Copyright 2023 The Sigstore Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
const crypto = __importStar(require("../crypto"));
const stream_1 = require("../stream");
class SignedCertificateTimestamp {
constructor(options) {
this.version = options.version;
this.logID = options.logID;
this.timestamp = options.timestamp;
this.extensions = options.extensions;
this.hashAlgorithm = options.hashAlgorithm;
this.signatureAlgorithm = options.signatureAlgorithm;
this.signature = options.signature;
}
get datetime() {
return new Date(Number(this.timestamp.readBigInt64BE()));
}
// Returns the hash algorithm used to generate the SCT's signature.
// https://www.rfc-editor.org/rfc/rfc5246#section-7.4.1.4.1
get algorithm() {
switch (this.hashAlgorithm) {
/* istanbul ignore next */
case 0:
return 'none';
/* istanbul ignore next */
case 1:
return 'md5';
/* istanbul ignore next */
case 2:
return 'sha1';
/* istanbul ignore next */
case 3:
return 'sha224';
case 4:
return 'sha256';
/* istanbul ignore next */
case 5:
return 'sha384';
/* istanbul ignore next */
case 6:
return 'sha512';
/* istanbul ignore next */
default:
return 'unknown';
}
}
verify(preCert, key) {
// Assemble the digitally-signed struct (the data over which the signature
// was generated).
// https://www.rfc-editor.org/rfc/rfc6962#section-3.2
const stream = new stream_1.ByteStream();
stream.appendChar(this.version);
stream.appendChar(0x00); // SignatureType = certificate_timestamp(0)
stream.appendView(this.timestamp);
stream.appendUint16(0x01); // LogEntryType = precert_entry(1)
stream.appendView(preCert);
stream.appendUint16(this.extensions.byteLength);
/* istanbul ignore next - extensions are very uncommon */
if (this.extensions.byteLength > 0) {
stream.appendView(this.extensions);
}
return crypto.verify(stream.buffer, key, this.signature, this.algorithm);
}
// Parses a SignedCertificateTimestamp from a buffer. SCTs are encoded using
// TLS encoding which means the fields and lengths of most fields are
// specified as part of the SCT and TLS specs.
// https://www.rfc-editor.org/rfc/rfc6962#section-3.2
// https://www.rfc-editor.org/rfc/rfc5246#section-7.4.1.4.1
static parse(buf) {
const stream = new stream_1.ByteStream(buf);
// Version - enum { v1(0), (255) }
const version = stream.getUint8();
// Log ID - struct { opaque key_id[32]; }
const logID = stream.getBlock(32);
// Timestamp - uint64
const timestamp = stream.getBlock(8);
// Extensions - opaque extensions<0..2^16-1>;
const extenstionLength = stream.getUint16();
const extensions = stream.getBlock(extenstionLength);
// Hash algo - enum { sha256(4), . . . (255) }
const hashAlgorithm = stream.getUint8();
// Signature algo - enum { anonymous(0), rsa(1), dsa(2), ecdsa(3), (255) }
const signatureAlgorithm = stream.getUint8();
// Signature - opaque signature<0..2^16-1>;
const sigLength = stream.getUint16();
const signature = stream.getBlock(sigLength);
// Check that we read the entire buffer
if (stream.position !== buf.length) {
throw new Error('SCT buffer length mismatch');
}
return new SignedCertificateTimestamp({
version,
logID,
timestamp,
extensions,
hashAlgorithm,
signatureAlgorithm,
signature,
});
}
}
exports.SignedCertificateTimestamp = SignedCertificateTimestamp;

31
package/node_modules/@sigstore/core/package.json generated vendored Normal file
View File

@@ -0,0 +1,31 @@
{
"name": "@sigstore/core",
"version": "1.1.0",
"description": "Base library for Sigstore",
"main": "dist/index.js",
"types": "dist/index.d.ts",
"scripts": {
"clean": "shx rm -rf dist *.tsbuildinfo",
"build": "tsc --build",
"test": "jest"
},
"files": [
"dist"
],
"author": "bdehamer@github.com",
"license": "Apache-2.0",
"repository": {
"type": "git",
"url": "git+https://github.com/sigstore/sigstore-js.git"
},
"bugs": {
"url": "https://github.com/sigstore/sigstore-js/issues"
},
"homepage": "https://github.com/sigstore/sigstore-js/tree/main/packages/core#readme",
"publishConfig": {
"provenance": true
},
"engines": {
"node": "^16.14.0 || >=18.0.0"
}
}

202
package/node_modules/@sigstore/protobuf-specs/LICENSE generated vendored Normal file
View File

@@ -0,0 +1,202 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright 2023 The Sigstore Authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

89
package/node_modules/@sigstore/protobuf-specs/dist/__generated__/envelope.js generated vendored Normal file
View File

@@ -0,0 +1,89 @@
"use strict";
/* eslint-disable */
Object.defineProperty(exports, "__esModule", { value: true });
exports.Signature = exports.Envelope = void 0;
function createBaseEnvelope() {
return { payload: Buffer.alloc(0), payloadType: "", signatures: [] };
}
exports.Envelope = {
fromJSON(object) {
return {
payload: isSet(object.payload) ? Buffer.from(bytesFromBase64(object.payload)) : Buffer.alloc(0),
payloadType: isSet(object.payloadType) ? String(object.payloadType) : "",
signatures: Array.isArray(object?.signatures) ? object.signatures.map((e) => exports.Signature.fromJSON(e)) : [],
};
},
toJSON(message) {
const obj = {};
message.payload !== undefined &&
(obj.payload = base64FromBytes(message.payload !== undefined ? message.payload : Buffer.alloc(0)));
message.payloadType !== undefined && (obj.payloadType = message.payloadType);
if (message.signatures) {
obj.signatures = message.signatures.map((e) => e ? exports.Signature.toJSON(e) : undefined);
}
else {
obj.signatures = [];
}
return obj;
},
};
function createBaseSignature() {
return { sig: Buffer.alloc(0), keyid: "" };
}
exports.Signature = {
fromJSON(object) {
return {
sig: isSet(object.sig) ? Buffer.from(bytesFromBase64(object.sig)) : Buffer.alloc(0),
keyid: isSet(object.keyid) ? String(object.keyid) : "",
};
},
toJSON(message) {
const obj = {};
message.sig !== undefined && (obj.sig = base64FromBytes(message.sig !== undefined ? message.sig : Buffer.alloc(0)));
message.keyid !== undefined && (obj.keyid = message.keyid);
return obj;
},
};
var tsProtoGlobalThis = (() => {
if (typeof globalThis !== "undefined") {
return globalThis;
}
if (typeof self !== "undefined") {
return self;
}
if (typeof window !== "undefined") {
return window;
}
if (typeof global !== "undefined") {
return global;
}
throw "Unable to locate global object";
})();
function bytesFromBase64(b64) {
if (tsProtoGlobalThis.Buffer) {
return Uint8Array.from(tsProtoGlobalThis.Buffer.from(b64, "base64"));
}
else {
const bin = tsProtoGlobalThis.atob(b64);
const arr = new Uint8Array(bin.length);
for (let i = 0; i < bin.length; ++i) {
arr[i] = bin.charCodeAt(i);
}
return arr;
}
}
function base64FromBytes(arr) {
if (tsProtoGlobalThis.Buffer) {
return tsProtoGlobalThis.Buffer.from(arr).toString("base64");
}
else {
const bin = [];
arr.forEach((byte) => {
bin.push(String.fromCharCode(byte));
});
return tsProtoGlobalThis.btoa(bin.join(""));
}
}
function isSet(value) {
return value !== null && value !== undefined;
}

185
package/node_modules/@sigstore/protobuf-specs/dist/__generated__/events.js generated vendored Normal file
View File

@@ -0,0 +1,185 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.CloudEventBatch = exports.CloudEvent_CloudEventAttributeValue = exports.CloudEvent_AttributesEntry = exports.CloudEvent = void 0;
/* eslint-disable */
const any_1 = require("./google/protobuf/any");
const timestamp_1 = require("./google/protobuf/timestamp");
function createBaseCloudEvent() {
return { id: "", source: "", specVersion: "", type: "", attributes: {}, data: undefined };
}
exports.CloudEvent = {
fromJSON(object) {
return {
id: isSet(object.id) ? String(object.id) : "",
source: isSet(object.source) ? String(object.source) : "",
specVersion: isSet(object.specVersion) ? String(object.specVersion) : "",
type: isSet(object.type) ? String(object.type) : "",
attributes: isObject(object.attributes)
? Object.entries(object.attributes).reduce((acc, [key, value]) => {
acc[key] = exports.CloudEvent_CloudEventAttributeValue.fromJSON(value);
return acc;
}, {})
: {},
data: isSet(object.binaryData)
? { $case: "binaryData", binaryData: Buffer.from(bytesFromBase64(object.binaryData)) }
: isSet(object.textData)
? { $case: "textData", textData: String(object.textData) }
: isSet(object.protoData)
? { $case: "protoData", protoData: any_1.Any.fromJSON(object.protoData) }
: undefined,
};
},
toJSON(message) {
const obj = {};
message.id !== undefined && (obj.id = message.id);
message.source !== undefined && (obj.source = message.source);
message.specVersion !== undefined && (obj.specVersion = message.specVersion);
message.type !== undefined && (obj.type = message.type);
obj.attributes = {};
if (message.attributes) {
Object.entries(message.attributes).forEach(([k, v]) => {
obj.attributes[k] = exports.CloudEvent_CloudEventAttributeValue.toJSON(v);
});
}
message.data?.$case === "binaryData" &&
(obj.binaryData = message.data?.binaryData !== undefined ? base64FromBytes(message.data?.binaryData) : undefined);
message.data?.$case === "textData" && (obj.textData = message.data?.textData);
message.data?.$case === "protoData" &&
(obj.protoData = message.data?.protoData ? any_1.Any.toJSON(message.data?.protoData) : undefined);
return obj;
},
};
function createBaseCloudEvent_AttributesEntry() {
return { key: "", value: undefined };
}
exports.CloudEvent_AttributesEntry = {
fromJSON(object) {
return {
key: isSet(object.key) ? String(object.key) : "",
value: isSet(object.value) ? exports.CloudEvent_CloudEventAttributeValue.fromJSON(object.value) : undefined,
};
},
toJSON(message) {
const obj = {};
message.key !== undefined && (obj.key = message.key);
message.value !== undefined &&
(obj.value = message.value ? exports.CloudEvent_CloudEventAttributeValue.toJSON(message.value) : undefined);
return obj;
},
};
function createBaseCloudEvent_CloudEventAttributeValue() {
return { attr: undefined };
}
exports.CloudEvent_CloudEventAttributeValue = {
fromJSON(object) {
return {
attr: isSet(object.ceBoolean)
? { $case: "ceBoolean", ceBoolean: Boolean(object.ceBoolean) }
: isSet(object.ceInteger)
? { $case: "ceInteger", ceInteger: Number(object.ceInteger) }
: isSet(object.ceString)
? { $case: "ceString", ceString: String(object.ceString) }
: isSet(object.ceBytes)
? { $case: "ceBytes", ceBytes: Buffer.from(bytesFromBase64(object.ceBytes)) }
: isSet(object.ceUri)
? { $case: "ceUri", ceUri: String(object.ceUri) }
: isSet(object.ceUriRef)
? { $case: "ceUriRef", ceUriRef: String(object.ceUriRef) }
: isSet(object.ceTimestamp)
? { $case: "ceTimestamp", ceTimestamp: fromJsonTimestamp(object.ceTimestamp) }
: undefined,
};
},
toJSON(message) {
const obj = {};
message.attr?.$case === "ceBoolean" && (obj.ceBoolean = message.attr?.ceBoolean);
message.attr?.$case === "ceInteger" && (obj.ceInteger = Math.round(message.attr?.ceInteger));
message.attr?.$case === "ceString" && (obj.ceString = message.attr?.ceString);
message.attr?.$case === "ceBytes" &&
(obj.ceBytes = message.attr?.ceBytes !== undefined ? base64FromBytes(message.attr?.ceBytes) : undefined);
message.attr?.$case === "ceUri" && (obj.ceUri = message.attr?.ceUri);
message.attr?.$case === "ceUriRef" && (obj.ceUriRef = message.attr?.ceUriRef);
message.attr?.$case === "ceTimestamp" && (obj.ceTimestamp = message.attr?.ceTimestamp.toISOString());
return obj;
},
};
function createBaseCloudEventBatch() {
return { events: [] };
}
exports.CloudEventBatch = {
fromJSON(object) {
return { events: Array.isArray(object?.events) ? object.events.map((e) => exports.CloudEvent.fromJSON(e)) : [] };
},
toJSON(message) {
const obj = {};
if (message.events) {
obj.events = message.events.map((e) => e ? exports.CloudEvent.toJSON(e) : undefined);
}
else {
obj.events = [];
}
return obj;
},
};
var tsProtoGlobalThis = (() => {
if (typeof globalThis !== "undefined") {
return globalThis;
}
if (typeof self !== "undefined") {
return self;
}
if (typeof window !== "undefined") {
return window;
}
if (typeof global !== "undefined") {
return global;
}
throw "Unable to locate global object";
})();
function bytesFromBase64(b64) {
if (tsProtoGlobalThis.Buffer) {
return Uint8Array.from(tsProtoGlobalThis.Buffer.from(b64, "base64"));
}
else {
const bin = tsProtoGlobalThis.atob(b64);
const arr = new Uint8Array(bin.length);
for (let i = 0; i < bin.length; ++i) {
arr[i] = bin.charCodeAt(i);
}
return arr;
}
}
function base64FromBytes(arr) {
if (tsProtoGlobalThis.Buffer) {
return tsProtoGlobalThis.Buffer.from(arr).toString("base64");
}
else {
const bin = [];
arr.forEach((byte) => {
bin.push(String.fromCharCode(byte));
});
return tsProtoGlobalThis.btoa(bin.join(""));
}
}
function fromTimestamp(t) {
let millis = Number(t.seconds) * 1000;
millis += t.nanos / 1000000;
return new Date(millis);
}
function fromJsonTimestamp(o) {
if (o instanceof Date) {
return o;
}
else if (typeof o === "string") {
return new Date(o);
}
else {
return fromTimestamp(timestamp_1.Timestamp.fromJSON(o));
}
}
function isObject(value) {
return typeof value === "object" && value !== null;
}
function isSet(value) {
return value !== null && value !== undefined;
}

119
package/node_modules/@sigstore/protobuf-specs/dist/__generated__/google/api/field_behavior.js generated vendored Normal file
View File

@@ -0,0 +1,119 @@
"use strict";
/* eslint-disable */
Object.defineProperty(exports, "__esModule", { value: true });
exports.fieldBehaviorToJSON = exports.fieldBehaviorFromJSON = exports.FieldBehavior = void 0;
/**
* An indicator of the behavior of a given field (for example, that a field
* is required in requests, or given as output but ignored as input).
* This **does not** change the behavior in protocol buffers itself; it only
* denotes the behavior and may affect how API tooling handles the field.
*
* Note: This enum **may** receive new values in the future.
*/
var FieldBehavior;
(function (FieldBehavior) {
/** FIELD_BEHAVIOR_UNSPECIFIED - Conventional default for enums. Do not use this. */
FieldBehavior[FieldBehavior["FIELD_BEHAVIOR_UNSPECIFIED"] = 0] = "FIELD_BEHAVIOR_UNSPECIFIED";
/**
* OPTIONAL - Specifically denotes a field as optional.
* While all fields in protocol buffers are optional, this may be specified
* for emphasis if appropriate.
*/
FieldBehavior[FieldBehavior["OPTIONAL"] = 1] = "OPTIONAL";
/**
* REQUIRED - Denotes a field as required.
* This indicates that the field **must** be provided as part of the request,
* and failure to do so will cause an error (usually `INVALID_ARGUMENT`).
*/
FieldBehavior[FieldBehavior["REQUIRED"] = 2] = "REQUIRED";
/**
* OUTPUT_ONLY - Denotes a field as output only.
* This indicates that the field is provided in responses, but including the
* field in a request does nothing (the server *must* ignore it and
* *must not* throw an error as a result of the field's presence).
*/
FieldBehavior[FieldBehavior["OUTPUT_ONLY"] = 3] = "OUTPUT_ONLY";
/**
* INPUT_ONLY - Denotes a field as input only.
* This indicates that the field is provided in requests, and the
* corresponding field is not included in output.
*/
FieldBehavior[FieldBehavior["INPUT_ONLY"] = 4] = "INPUT_ONLY";
/**
* IMMUTABLE - Denotes a field as immutable.
* This indicates that the field may be set once in a request to create a
* resource, but may not be changed thereafter.
*/
FieldBehavior[FieldBehavior["IMMUTABLE"] = 5] = "IMMUTABLE";
/**
* UNORDERED_LIST - Denotes that a (repeated) field is an unordered list.
* This indicates that the service may provide the elements of the list
* in any arbitrary order, rather than the order the user originally
* provided. Additionally, the list's order may or may not be stable.
*/
FieldBehavior[FieldBehavior["UNORDERED_LIST"] = 6] = "UNORDERED_LIST";
})(FieldBehavior = exports.FieldBehavior || (exports.FieldBehavior = {}));
function fieldBehaviorFromJSON(object) {
switch (object) {
case 0:
case "FIELD_BEHAVIOR_UNSPECIFIED":
return FieldBehavior.FIELD_BEHAVIOR_UNSPECIFIED;
case 1:
case "OPTIONAL":
return FieldBehavior.OPTIONAL;
case 2:
case "REQUIRED":
return FieldBehavior.REQUIRED;
case 3:
case "OUTPUT_ONLY":
return FieldBehavior.OUTPUT_ONLY;
case 4:
case "INPUT_ONLY":
return FieldBehavior.INPUT_ONLY;
case 5:
case "IMMUTABLE":
return FieldBehavior.IMMUTABLE;
case 6:
case "UNORDERED_LIST":
return FieldBehavior.UNORDERED_LIST;
default:
throw new tsProtoGlobalThis.Error("Unrecognized enum value " + object + " for enum FieldBehavior");
}
}
exports.fieldBehaviorFromJSON = fieldBehaviorFromJSON;
function fieldBehaviorToJSON(object) {
switch (object) {
case FieldBehavior.FIELD_BEHAVIOR_UNSPECIFIED:
return "FIELD_BEHAVIOR_UNSPECIFIED";
case FieldBehavior.OPTIONAL:
return "OPTIONAL";
case FieldBehavior.REQUIRED:
return "REQUIRED";
case FieldBehavior.OUTPUT_ONLY:
return "OUTPUT_ONLY";
case FieldBehavior.INPUT_ONLY:
return "INPUT_ONLY";
case FieldBehavior.IMMUTABLE:
return "IMMUTABLE";
case FieldBehavior.UNORDERED_LIST:
return "UNORDERED_LIST";
default:
throw new tsProtoGlobalThis.Error("Unrecognized enum value " + object + " for enum FieldBehavior");
}
}
exports.fieldBehaviorToJSON = fieldBehaviorToJSON;
var tsProtoGlobalThis = (() => {
if (typeof globalThis !== "undefined") {
return globalThis;
}
if (typeof self !== "undefined") {
return self;
}
if (typeof window !== "undefined") {
return window;
}
if (typeof global !== "undefined") {
return global;
}
throw "Unable to locate global object";
})();

65
package/node_modules/@sigstore/protobuf-specs/dist/__generated__/google/protobuf/any.js generated vendored Normal file
View File

@@ -0,0 +1,65 @@
"use strict";
/* eslint-disable */
Object.defineProperty(exports, "__esModule", { value: true });
exports.Any = void 0;
function createBaseAny() {
return { typeUrl: "", value: Buffer.alloc(0) };
}
exports.Any = {
fromJSON(object) {
return {
typeUrl: isSet(object.typeUrl) ? String(object.typeUrl) : "",
value: isSet(object.value) ? Buffer.from(bytesFromBase64(object.value)) : Buffer.alloc(0),
};
},
toJSON(message) {
const obj = {};
message.typeUrl !== undefined && (obj.typeUrl = message.typeUrl);
message.value !== undefined &&
(obj.value = base64FromBytes(message.value !== undefined ? message.value : Buffer.alloc(0)));
return obj;
},
};
var tsProtoGlobalThis = (() => {
if (typeof globalThis !== "undefined") {
return globalThis;
}
if (typeof self !== "undefined") {
return self;
}
if (typeof window !== "undefined") {
return window;
}
if (typeof global !== "undefined") {
return global;
}
throw "Unable to locate global object";
})();
function bytesFromBase64(b64) {
if (tsProtoGlobalThis.Buffer) {
return Uint8Array.from(tsProtoGlobalThis.Buffer.from(b64, "base64"));
}
else {
const bin = tsProtoGlobalThis.atob(b64);
const arr = new Uint8Array(bin.length);
for (let i = 0; i < bin.length; ++i) {
arr[i] = bin.charCodeAt(i);
}
return arr;
}
}
function base64FromBytes(arr) {
if (tsProtoGlobalThis.Buffer) {
return tsProtoGlobalThis.Buffer.from(arr).toString("base64");
}
else {
const bin = [];
arr.forEach((byte) => {
bin.push(String.fromCharCode(byte));
});
return tsProtoGlobalThis.btoa(bin.join(""));
}
}
function isSet(value) {
return value !== null && value !== undefined;
}

1308
package/node_modules/@sigstore/protobuf-specs/dist/__generated__/google/protobuf/descriptor.js generated vendored Normal file
View File

File diff suppressed because it is too large Load Diff

24
package/node_modules/@sigstore/protobuf-specs/dist/__generated__/google/protobuf/timestamp.js generated vendored Normal file
View File

@@ -0,0 +1,24 @@
"use strict";
/* eslint-disable */
Object.defineProperty(exports, "__esModule", { value: true });
exports.Timestamp = void 0;
function createBaseTimestamp() {
return { seconds: "0", nanos: 0 };
}
exports.Timestamp = {
fromJSON(object) {
return {
seconds: isSet(object.seconds) ? String(object.seconds) : "0",
nanos: isSet(object.nanos) ? Number(object.nanos) : 0,
};
},
toJSON(message) {
const obj = {};
message.seconds !== undefined && (obj.seconds = message.seconds);
message.nanos !== undefined && (obj.nanos = Math.round(message.nanos));
return obj;
},
};
function isSet(value) {
return value !== null && value !== undefined;
}

112
package/node_modules/@sigstore/protobuf-specs/dist/__generated__/sigstore_bundle.js generated vendored Normal file
View File

@@ -0,0 +1,112 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.Bundle = exports.VerificationMaterial = exports.TimestampVerificationData = void 0;
/* eslint-disable */
const envelope_1 = require("./envelope");
const sigstore_common_1 = require("./sigstore_common");
const sigstore_rekor_1 = require("./sigstore_rekor");
function createBaseTimestampVerificationData() {
return { rfc3161Timestamps: [] };
}
exports.TimestampVerificationData = {
fromJSON(object) {
return {
rfc3161Timestamps: Array.isArray(object?.rfc3161Timestamps)
? object.rfc3161Timestamps.map((e) => sigstore_common_1.RFC3161SignedTimestamp.fromJSON(e))
: [],
};
},
toJSON(message) {
const obj = {};
if (message.rfc3161Timestamps) {
obj.rfc3161Timestamps = message.rfc3161Timestamps.map((e) => e ? sigstore_common_1.RFC3161SignedTimestamp.toJSON(e) : undefined);
}
else {
obj.rfc3161Timestamps = [];
}
return obj;
},
};
function createBaseVerificationMaterial() {
return { content: undefined, tlogEntries: [], timestampVerificationData: undefined };
}
exports.VerificationMaterial = {
fromJSON(object) {
return {
content: isSet(object.publicKey)
? { $case: "publicKey", publicKey: sigstore_common_1.PublicKeyIdentifier.fromJSON(object.publicKey) }
: isSet(object.x509CertificateChain)
? {
$case: "x509CertificateChain",
x509CertificateChain: sigstore_common_1.X509CertificateChain.fromJSON(object.x509CertificateChain),
}
: isSet(object.certificate)
? { $case: "certificate", certificate: sigstore_common_1.X509Certificate.fromJSON(object.certificate) }
: undefined,
tlogEntries: Array.isArray(object?.tlogEntries)
? object.tlogEntries.map((e) => sigstore_rekor_1.TransparencyLogEntry.fromJSON(e))
: [],
timestampVerificationData: isSet(object.timestampVerificationData)
? exports.TimestampVerificationData.fromJSON(object.timestampVerificationData)
: undefined,
};
},
toJSON(message) {
const obj = {};
message.content?.$case === "publicKey" &&
(obj.publicKey = message.content?.publicKey ? sigstore_common_1.PublicKeyIdentifier.toJSON(message.content?.publicKey) : undefined);
message.content?.$case === "x509CertificateChain" &&
(obj.x509CertificateChain = message.content?.x509CertificateChain
? sigstore_common_1.X509CertificateChain.toJSON(message.content?.x509CertificateChain)
: undefined);
message.content?.$case === "certificate" &&
(obj.certificate = message.content?.certificate
? sigstore_common_1.X509Certificate.toJSON(message.content?.certificate)
: undefined);
if (message.tlogEntries) {
obj.tlogEntries = message.tlogEntries.map((e) => e ? sigstore_rekor_1.TransparencyLogEntry.toJSON(e) : undefined);
}
else {
obj.tlogEntries = [];
}
message.timestampVerificationData !== undefined &&
(obj.timestampVerificationData = message.timestampVerificationData
? exports.TimestampVerificationData.toJSON(message.timestampVerificationData)
: undefined);
return obj;
},
};
function createBaseBundle() {
return { mediaType: "", verificationMaterial: undefined, content: undefined };
}
exports.Bundle = {
fromJSON(object) {
return {
mediaType: isSet(object.mediaType) ? String(object.mediaType) : "",
verificationMaterial: isSet(object.verificationMaterial)
? exports.VerificationMaterial.fromJSON(object.verificationMaterial)
: undefined,
content: isSet(object.messageSignature)
? { $case: "messageSignature", messageSignature: sigstore_common_1.MessageSignature.fromJSON(object.messageSignature) }
: isSet(object.dsseEnvelope)
? { $case: "dsseEnvelope", dsseEnvelope: envelope_1.Envelope.fromJSON(object.dsseEnvelope) }
: undefined,
};
},
toJSON(message) {
const obj = {};
message.mediaType !== undefined && (obj.mediaType = message.mediaType);
message.verificationMaterial !== undefined && (obj.verificationMaterial = message.verificationMaterial
? exports.VerificationMaterial.toJSON(message.verificationMaterial)
: undefined);
message.content?.$case === "messageSignature" && (obj.messageSignature = message.content?.messageSignature
? sigstore_common_1.MessageSignature.toJSON(message.content?.messageSignature)
: undefined);
message.content?.$case === "dsseEnvelope" &&
(obj.dsseEnvelope = message.content?.dsseEnvelope ? envelope_1.Envelope.toJSON(message.content?.dsseEnvelope) : undefined);
return obj;
},
};
function isSet(value) {
return value !== null && value !== undefined;
}

588
package/node_modules/@sigstore/protobuf-specs/dist/__generated__/sigstore_common.js generated vendored Normal file
View File

@@ -0,0 +1,588 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.TimeRange = exports.X509CertificateChain = exports.SubjectAlternativeName = exports.X509Certificate = exports.DistinguishedName = exports.ObjectIdentifierValuePair = exports.ObjectIdentifier = exports.PublicKeyIdentifier = exports.PublicKey = exports.RFC3161SignedTimestamp = exports.LogId = exports.MessageSignature = exports.HashOutput = exports.subjectAlternativeNameTypeToJSON = exports.subjectAlternativeNameTypeFromJSON = exports.SubjectAlternativeNameType = exports.publicKeyDetailsToJSON = exports.publicKeyDetailsFromJSON = exports.PublicKeyDetails = exports.hashAlgorithmToJSON = exports.hashAlgorithmFromJSON = exports.HashAlgorithm = void 0;
/* eslint-disable */
const timestamp_1 = require("./google/protobuf/timestamp");
/**
* Only a subset of the secure hash standard algorithms are supported.
* See <https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf> for more
* details.
* UNSPECIFIED SHOULD not be used, primary reason for inclusion is to force
* any proto JSON serialization to emit the used hash algorithm, as default
* option is to *omit* the default value of an enum (which is the first
* value, represented by '0'.
*/
var HashAlgorithm;
(function (HashAlgorithm) {
HashAlgorithm[HashAlgorithm["HASH_ALGORITHM_UNSPECIFIED"] = 0] = "HASH_ALGORITHM_UNSPECIFIED";
HashAlgorithm[HashAlgorithm["SHA2_256"] = 1] = "SHA2_256";
HashAlgorithm[HashAlgorithm["SHA2_384"] = 2] = "SHA2_384";
HashAlgorithm[HashAlgorithm["SHA2_512"] = 3] = "SHA2_512";
HashAlgorithm[HashAlgorithm["SHA3_256"] = 4] = "SHA3_256";
HashAlgorithm[HashAlgorithm["SHA3_384"] = 5] = "SHA3_384";
})(HashAlgorithm = exports.HashAlgorithm || (exports.HashAlgorithm = {}));
function hashAlgorithmFromJSON(object) {
switch (object) {
case 0:
case "HASH_ALGORITHM_UNSPECIFIED":
return HashAlgorithm.HASH_ALGORITHM_UNSPECIFIED;
case 1:
case "SHA2_256":
return HashAlgorithm.SHA2_256;
case 2:
case "SHA2_384":
return HashAlgorithm.SHA2_384;
case 3:
case "SHA2_512":
return HashAlgorithm.SHA2_512;
case 4:
case "SHA3_256":
return HashAlgorithm.SHA3_256;
case 5:
case "SHA3_384":
return HashAlgorithm.SHA3_384;
default:
throw new tsProtoGlobalThis.Error("Unrecognized enum value " + object + " for enum HashAlgorithm");
}
}
exports.hashAlgorithmFromJSON = hashAlgorithmFromJSON;
function hashAlgorithmToJSON(object) {
switch (object) {
case HashAlgorithm.HASH_ALGORITHM_UNSPECIFIED:
return "HASH_ALGORITHM_UNSPECIFIED";
case HashAlgorithm.SHA2_256:
return "SHA2_256";
case HashAlgorithm.SHA2_384:
return "SHA2_384";
case HashAlgorithm.SHA2_512:
return "SHA2_512";
case HashAlgorithm.SHA3_256:
return "SHA3_256";
case HashAlgorithm.SHA3_384:
return "SHA3_384";
default:
throw new tsProtoGlobalThis.Error("Unrecognized enum value " + object + " for enum HashAlgorithm");
}
}
exports.hashAlgorithmToJSON = hashAlgorithmToJSON;
/**
* Details of a specific public key, capturing the the key encoding method,
* and signature algorithm.
*
* PublicKeyDetails captures the public key/hash algorithm combinations
* recommended in the Sigstore ecosystem.
*
* This is modelled as a linear set as we want to provide a small number of
* opinionated options instead of allowing every possible permutation.
*
* Any changes to this enum MUST be reflected in the algorithm registry.
* See: docs/algorithm-registry.md
*
* To avoid the possibility of contradicting formats such as PKCS1 with
* ED25519 the valid permutations are listed as a linear set instead of a
* cartesian set (i.e one combined variable instead of two, one for encoding
* and one for the signature algorithm).
*/
var PublicKeyDetails;
(function (PublicKeyDetails) {
PublicKeyDetails[PublicKeyDetails["PUBLIC_KEY_DETAILS_UNSPECIFIED"] = 0] = "PUBLIC_KEY_DETAILS_UNSPECIFIED";
/**
* PKCS1_RSA_PKCS1V5 - RSA
*
* @deprecated
*/
PublicKeyDetails[PublicKeyDetails["PKCS1_RSA_PKCS1V5"] = 1] = "PKCS1_RSA_PKCS1V5";
/**
* PKCS1_RSA_PSS - See RFC8017
*
* @deprecated
*/
PublicKeyDetails[PublicKeyDetails["PKCS1_RSA_PSS"] = 2] = "PKCS1_RSA_PSS";
/** @deprecated */
PublicKeyDetails[PublicKeyDetails["PKIX_RSA_PKCS1V5"] = 3] = "PKIX_RSA_PKCS1V5";
/** @deprecated */
PublicKeyDetails[PublicKeyDetails["PKIX_RSA_PSS"] = 4] = "PKIX_RSA_PSS";
/** PKIX_RSA_PKCS1V15_2048_SHA256 - RSA public key in PKIX format, PKCS#1v1.5 signature */
PublicKeyDetails[PublicKeyDetails["PKIX_RSA_PKCS1V15_2048_SHA256"] = 9] = "PKIX_RSA_PKCS1V15_2048_SHA256";
PublicKeyDetails[PublicKeyDetails["PKIX_RSA_PKCS1V15_3072_SHA256"] = 10] = "PKIX_RSA_PKCS1V15_3072_SHA256";
PublicKeyDetails[PublicKeyDetails["PKIX_RSA_PKCS1V15_4096_SHA256"] = 11] = "PKIX_RSA_PKCS1V15_4096_SHA256";
/** PKIX_RSA_PSS_2048_SHA256 - RSA public key in PKIX format, RSASSA-PSS signature */
PublicKeyDetails[PublicKeyDetails["PKIX_RSA_PSS_2048_SHA256"] = 16] = "PKIX_RSA_PSS_2048_SHA256";
PublicKeyDetails[PublicKeyDetails["PKIX_RSA_PSS_3072_SHA256"] = 17] = "PKIX_RSA_PSS_3072_SHA256";
PublicKeyDetails[PublicKeyDetails["PKIX_RSA_PSS_4096_SHA256"] = 18] = "PKIX_RSA_PSS_4096_SHA256";
/**
* PKIX_ECDSA_P256_HMAC_SHA_256 - ECDSA
*
* @deprecated
*/
PublicKeyDetails[PublicKeyDetails["PKIX_ECDSA_P256_HMAC_SHA_256"] = 6] = "PKIX_ECDSA_P256_HMAC_SHA_256";
/** PKIX_ECDSA_P256_SHA_256 - See NIST FIPS 186-4 */
PublicKeyDetails[PublicKeyDetails["PKIX_ECDSA_P256_SHA_256"] = 5] = "PKIX_ECDSA_P256_SHA_256";
PublicKeyDetails[PublicKeyDetails["PKIX_ECDSA_P384_SHA_384"] = 12] = "PKIX_ECDSA_P384_SHA_384";
PublicKeyDetails[PublicKeyDetails["PKIX_ECDSA_P521_SHA_512"] = 13] = "PKIX_ECDSA_P521_SHA_512";
/** PKIX_ED25519 - Ed 25519 */
PublicKeyDetails[PublicKeyDetails["PKIX_ED25519"] = 7] = "PKIX_ED25519";
PublicKeyDetails[PublicKeyDetails["PKIX_ED25519_PH"] = 8] = "PKIX_ED25519_PH";
/**
* LMS_SHA256 - LMS and LM-OTS
*
* These keys and signatures may be used by private Sigstore
* deployments, but are not currently supported by the public
* good instance.
*
* USER WARNING: LMS and LM-OTS are both stateful signature schemes.
* Using them correctly requires discretion and careful consideration
* to ensure that individual secret keys are not used more than once.
* In addition, LM-OTS is a single-use scheme, meaning that it
* MUST NOT be used for more than one signature per LM-OTS key.
* If you cannot maintain these invariants, you MUST NOT use these
* schemes.
*/
PublicKeyDetails[PublicKeyDetails["LMS_SHA256"] = 14] = "LMS_SHA256";
PublicKeyDetails[PublicKeyDetails["LMOTS_SHA256"] = 15] = "LMOTS_SHA256";
})(PublicKeyDetails = exports.PublicKeyDetails || (exports.PublicKeyDetails = {}));
function publicKeyDetailsFromJSON(object) {
switch (object) {
case 0:
case "PUBLIC_KEY_DETAILS_UNSPECIFIED":
return PublicKeyDetails.PUBLIC_KEY_DETAILS_UNSPECIFIED;
case 1:
case "PKCS1_RSA_PKCS1V5":
return PublicKeyDetails.PKCS1_RSA_PKCS1V5;
case 2:
case "PKCS1_RSA_PSS":
return PublicKeyDetails.PKCS1_RSA_PSS;
case 3:
case "PKIX_RSA_PKCS1V5":
return PublicKeyDetails.PKIX_RSA_PKCS1V5;
case 4:
case "PKIX_RSA_PSS":
return PublicKeyDetails.PKIX_RSA_PSS;
case 9:
case "PKIX_RSA_PKCS1V15_2048_SHA256":
return PublicKeyDetails.PKIX_RSA_PKCS1V15_2048_SHA256;
case 10:
case "PKIX_RSA_PKCS1V15_3072_SHA256":
return PublicKeyDetails.PKIX_RSA_PKCS1V15_3072_SHA256;
case 11:
case "PKIX_RSA_PKCS1V15_4096_SHA256":
return PublicKeyDetails.PKIX_RSA_PKCS1V15_4096_SHA256;
case 16:
case "PKIX_RSA_PSS_2048_SHA256":
return PublicKeyDetails.PKIX_RSA_PSS_2048_SHA256;
case 17:
case "PKIX_RSA_PSS_3072_SHA256":
return PublicKeyDetails.PKIX_RSA_PSS_3072_SHA256;
case 18:
case "PKIX_RSA_PSS_4096_SHA256":
return PublicKeyDetails.PKIX_RSA_PSS_4096_SHA256;
case 6:
case "PKIX_ECDSA_P256_HMAC_SHA_256":
return PublicKeyDetails.PKIX_ECDSA_P256_HMAC_SHA_256;
case 5:
case "PKIX_ECDSA_P256_SHA_256":
return PublicKeyDetails.PKIX_ECDSA_P256_SHA_256;
case 12:
case "PKIX_ECDSA_P384_SHA_384":
return PublicKeyDetails.PKIX_ECDSA_P384_SHA_384;
case 13:
case "PKIX_ECDSA_P521_SHA_512":
return PublicKeyDetails.PKIX_ECDSA_P521_SHA_512;
case 7:
case "PKIX_ED25519":
return PublicKeyDetails.PKIX_ED25519;
case 8:
case "PKIX_ED25519_PH":
return PublicKeyDetails.PKIX_ED25519_PH;
case 14:
case "LMS_SHA256":
return PublicKeyDetails.LMS_SHA256;
case 15:
case "LMOTS_SHA256":
return PublicKeyDetails.LMOTS_SHA256;
default:
throw new tsProtoGlobalThis.Error("Unrecognized enum value " + object + " for enum PublicKeyDetails");
}
}
exports.publicKeyDetailsFromJSON = publicKeyDetailsFromJSON;
function publicKeyDetailsToJSON(object) {
switch (object) {
case PublicKeyDetails.PUBLIC_KEY_DETAILS_UNSPECIFIED:
return "PUBLIC_KEY_DETAILS_UNSPECIFIED";
case PublicKeyDetails.PKCS1_RSA_PKCS1V5:
return "PKCS1_RSA_PKCS1V5";
case PublicKeyDetails.PKCS1_RSA_PSS:
return "PKCS1_RSA_PSS";
case PublicKeyDetails.PKIX_RSA_PKCS1V5:
return "PKIX_RSA_PKCS1V5";
case PublicKeyDetails.PKIX_RSA_PSS:
return "PKIX_RSA_PSS";
case PublicKeyDetails.PKIX_RSA_PKCS1V15_2048_SHA256:
return "PKIX_RSA_PKCS1V15_2048_SHA256";
case PublicKeyDetails.PKIX_RSA_PKCS1V15_3072_SHA256:
return "PKIX_RSA_PKCS1V15_3072_SHA256";
case PublicKeyDetails.PKIX_RSA_PKCS1V15_4096_SHA256:
return "PKIX_RSA_PKCS1V15_4096_SHA256";
case PublicKeyDetails.PKIX_RSA_PSS_2048_SHA256:
return "PKIX_RSA_PSS_2048_SHA256";
case PublicKeyDetails.PKIX_RSA_PSS_3072_SHA256:
return "PKIX_RSA_PSS_3072_SHA256";
case PublicKeyDetails.PKIX_RSA_PSS_4096_SHA256:
return "PKIX_RSA_PSS_4096_SHA256";
case PublicKeyDetails.PKIX_ECDSA_P256_HMAC_SHA_256:
return "PKIX_ECDSA_P256_HMAC_SHA_256";
case PublicKeyDetails.PKIX_ECDSA_P256_SHA_256:
return "PKIX_ECDSA_P256_SHA_256";
case PublicKeyDetails.PKIX_ECDSA_P384_SHA_384:
return "PKIX_ECDSA_P384_SHA_384";
case PublicKeyDetails.PKIX_ECDSA_P521_SHA_512:
return "PKIX_ECDSA_P521_SHA_512";
case PublicKeyDetails.PKIX_ED25519:
return "PKIX_ED25519";
case PublicKeyDetails.PKIX_ED25519_PH:
return "PKIX_ED25519_PH";
case PublicKeyDetails.LMS_SHA256:
return "LMS_SHA256";
case PublicKeyDetails.LMOTS_SHA256:
return "LMOTS_SHA256";
default:
throw new tsProtoGlobalThis.Error("Unrecognized enum value " + object + " for enum PublicKeyDetails");
}
}
exports.publicKeyDetailsToJSON = publicKeyDetailsToJSON;
var SubjectAlternativeNameType;
(function (SubjectAlternativeNameType) {
SubjectAlternativeNameType[SubjectAlternativeNameType["SUBJECT_ALTERNATIVE_NAME_TYPE_UNSPECIFIED"] = 0] = "SUBJECT_ALTERNATIVE_NAME_TYPE_UNSPECIFIED";
SubjectAlternativeNameType[SubjectAlternativeNameType["EMAIL"] = 1] = "EMAIL";
SubjectAlternativeNameType[SubjectAlternativeNameType["URI"] = 2] = "URI";
/**
* OTHER_NAME - OID 1.3.6.1.4.1.57264.1.7
* See https://github.com/sigstore/fulcio/blob/main/docs/oid-info.md#1361415726417--othername-san
* for more details.
*/
SubjectAlternativeNameType[SubjectAlternativeNameType["OTHER_NAME"] = 3] = "OTHER_NAME";
})(SubjectAlternativeNameType = exports.SubjectAlternativeNameType || (exports.SubjectAlternativeNameType = {}));
function subjectAlternativeNameTypeFromJSON(object) {
switch (object) {
case 0:
case "SUBJECT_ALTERNATIVE_NAME_TYPE_UNSPECIFIED":
return SubjectAlternativeNameType.SUBJECT_ALTERNATIVE_NAME_TYPE_UNSPECIFIED;
case 1:
case "EMAIL":
return SubjectAlternativeNameType.EMAIL;
case 2:
case "URI":
return SubjectAlternativeNameType.URI;
case 3:
case "OTHER_NAME":
return SubjectAlternativeNameType.OTHER_NAME;
default:
throw new tsProtoGlobalThis.Error("Unrecognized enum value " + object + " for enum SubjectAlternativeNameType");
}
}
exports.subjectAlternativeNameTypeFromJSON = subjectAlternativeNameTypeFromJSON;
function subjectAlternativeNameTypeToJSON(object) {
switch (object) {
case SubjectAlternativeNameType.SUBJECT_ALTERNATIVE_NAME_TYPE_UNSPECIFIED:
return "SUBJECT_ALTERNATIVE_NAME_TYPE_UNSPECIFIED";
case SubjectAlternativeNameType.EMAIL:
return "EMAIL";
case SubjectAlternativeNameType.URI:
return "URI";
case SubjectAlternativeNameType.OTHER_NAME:
return "OTHER_NAME";
default:
throw new tsProtoGlobalThis.Error("Unrecognized enum value " + object + " for enum SubjectAlternativeNameType");
}
}
exports.subjectAlternativeNameTypeToJSON = subjectAlternativeNameTypeToJSON;
function createBaseHashOutput() {
return { algorithm: 0, digest: Buffer.alloc(0) };
}
exports.HashOutput = {
fromJSON(object) {
return {
algorithm: isSet(object.algorithm) ? hashAlgorithmFromJSON(object.algorithm) : 0,
digest: isSet(object.digest) ? Buffer.from(bytesFromBase64(object.digest)) : Buffer.alloc(0),
};
},
toJSON(message) {
const obj = {};
message.algorithm !== undefined && (obj.algorithm = hashAlgorithmToJSON(message.algorithm));
message.digest !== undefined &&
(obj.digest = base64FromBytes(message.digest !== undefined ? message.digest : Buffer.alloc(0)));
return obj;
},
};
function createBaseMessageSignature() {
return { messageDigest: undefined, signature: Buffer.alloc(0) };
}
exports.MessageSignature = {
fromJSON(object) {
return {
messageDigest: isSet(object.messageDigest) ? exports.HashOutput.fromJSON(object.messageDigest) : undefined,
signature: isSet(object.signature) ? Buffer.from(bytesFromBase64(object.signature)) : Buffer.alloc(0),
};
},
toJSON(message) {
const obj = {};
message.messageDigest !== undefined &&
(obj.messageDigest = message.messageDigest ? exports.HashOutput.toJSON(message.messageDigest) : undefined);
message.signature !== undefined &&
(obj.signature = base64FromBytes(message.signature !== undefined ? message.signature : Buffer.alloc(0)));
return obj;
},
};
function createBaseLogId() {
return { keyId: Buffer.alloc(0) };
}
exports.LogId = {
fromJSON(object) {
return { keyId: isSet(object.keyId) ? Buffer.from(bytesFromBase64(object.keyId)) : Buffer.alloc(0) };
},
toJSON(message) {
const obj = {};
message.keyId !== undefined &&
(obj.keyId = base64FromBytes(message.keyId !== undefined ? message.keyId : Buffer.alloc(0)));
return obj;
},
};
function createBaseRFC3161SignedTimestamp() {
return { signedTimestamp: Buffer.alloc(0) };
}
exports.RFC3161SignedTimestamp = {
fromJSON(object) {
return {
signedTimestamp: isSet(object.signedTimestamp)
? Buffer.from(bytesFromBase64(object.signedTimestamp))
: Buffer.alloc(0),
};
},
toJSON(message) {
const obj = {};
message.signedTimestamp !== undefined &&
(obj.signedTimestamp = base64FromBytes(message.signedTimestamp !== undefined ? message.signedTimestamp : Buffer.alloc(0)));
return obj;
},
};
function createBasePublicKey() {
return { rawBytes: undefined, keyDetails: 0, validFor: undefined };
}
exports.PublicKey = {
fromJSON(object) {
return {
rawBytes: isSet(object.rawBytes) ? Buffer.from(bytesFromBase64(object.rawBytes)) : undefined,
keyDetails: isSet(object.keyDetails) ? publicKeyDetailsFromJSON(object.keyDetails) : 0,
validFor: isSet(object.validFor) ? exports.TimeRange.fromJSON(object.validFor) : undefined,
};
},
toJSON(message) {
const obj = {};
message.rawBytes !== undefined &&
(obj.rawBytes = message.rawBytes !== undefined ? base64FromBytes(message.rawBytes) : undefined);
message.keyDetails !== undefined && (obj.keyDetails = publicKeyDetailsToJSON(message.keyDetails));
message.validFor !== undefined &&
(obj.validFor = message.validFor ? exports.TimeRange.toJSON(message.validFor) : undefined);
return obj;
},
};
function createBasePublicKeyIdentifier() {
return { hint: "" };
}
exports.PublicKeyIdentifier = {
fromJSON(object) {
return { hint: isSet(object.hint) ? String(object.hint) : "" };
},
toJSON(message) {
const obj = {};
message.hint !== undefined && (obj.hint = message.hint);
return obj;
},
};
function createBaseObjectIdentifier() {
return { id: [] };
}
exports.ObjectIdentifier = {
fromJSON(object) {
return { id: Array.isArray(object?.id) ? object.id.map((e) => Number(e)) : [] };
},
toJSON(message) {
const obj = {};
if (message.id) {
obj.id = message.id.map((e) => Math.round(e));
}
else {
obj.id = [];
}
return obj;
},
};
function createBaseObjectIdentifierValuePair() {
return { oid: undefined, value: Buffer.alloc(0) };
}
exports.ObjectIdentifierValuePair = {
fromJSON(object) {
return {
oid: isSet(object.oid) ? exports.ObjectIdentifier.fromJSON(object.oid) : undefined,
value: isSet(object.value) ? Buffer.from(bytesFromBase64(object.value)) : Buffer.alloc(0),
};
},
toJSON(message) {
const obj = {};
message.oid !== undefined && (obj.oid = message.oid ? exports.ObjectIdentifier.toJSON(message.oid) : undefined);
message.value !== undefined &&
(obj.value = base64FromBytes(message.value !== undefined ? message.value : Buffer.alloc(0)));
return obj;
},
};
function createBaseDistinguishedName() {
return { organization: "", commonName: "" };
}
exports.DistinguishedName = {
fromJSON(object) {
return {
organization: isSet(object.organization) ? String(object.organization) : "",
commonName: isSet(object.commonName) ? String(object.commonName) : "",
};
},
toJSON(message) {
const obj = {};
message.organization !== undefined && (obj.organization = message.organization);
message.commonName !== undefined && (obj.commonName = message.commonName);
return obj;
},
};
function createBaseX509Certificate() {
return { rawBytes: Buffer.alloc(0) };
}
exports.X509Certificate = {
fromJSON(object) {
return { rawBytes: isSet(object.rawBytes) ? Buffer.from(bytesFromBase64(object.rawBytes)) : Buffer.alloc(0) };
},
toJSON(message) {
const obj = {};
message.rawBytes !== undefined &&
(obj.rawBytes = base64FromBytes(message.rawBytes !== undefined ? message.rawBytes : Buffer.alloc(0)));
return obj;
},
};
function createBaseSubjectAlternativeName() {
return { type: 0, identity: undefined };
}
exports.SubjectAlternativeName = {
fromJSON(object) {
return {
type: isSet(object.type) ? subjectAlternativeNameTypeFromJSON(object.type) : 0,
identity: isSet(object.regexp)
? { $case: "regexp", regexp: String(object.regexp) }
: isSet(object.value)
? { $case: "value", value: String(object.value) }
: undefined,
};
},
toJSON(message) {
const obj = {};
message.type !== undefined && (obj.type = subjectAlternativeNameTypeToJSON(message.type));
message.identity?.$case === "regexp" && (obj.regexp = message.identity?.regexp);
message.identity?.$case === "value" && (obj.value = message.identity?.value);
return obj;
},
};
function createBaseX509CertificateChain() {
return { certificates: [] };
}
exports.X509CertificateChain = {
fromJSON(object) {
return {
certificates: Array.isArray(object?.certificates)
? object.certificates.map((e) => exports.X509Certificate.fromJSON(e))
: [],
};
},
toJSON(message) {
const obj = {};
if (message.certificates) {
obj.certificates = message.certificates.map((e) => e ? exports.X509Certificate.toJSON(e) : undefined);
}
else {
obj.certificates = [];
}
return obj;
},
};
function createBaseTimeRange() {
return { start: undefined, end: undefined };
}
exports.TimeRange = {
fromJSON(object) {
return {
start: isSet(object.start) ? fromJsonTimestamp(object.start) : undefined,
end: isSet(object.end) ? fromJsonTimestamp(object.end) : undefined,
};
},
toJSON(message) {
const obj = {};
message.start !== undefined && (obj.start = message.start.toISOString());
message.end !== undefined && (obj.end = message.end.toISOString());
return obj;
},
};
var tsProtoGlobalThis = (() => {
if (typeof globalThis !== "undefined") {
return globalThis;
}
if (typeof self !== "undefined") {
return self;
}
if (typeof window !== "undefined") {
return window;
}
if (typeof global !== "undefined") {
return global;
}
throw "Unable to locate global object";
})();
function bytesFromBase64(b64) {
if (tsProtoGlobalThis.Buffer) {
return Uint8Array.from(tsProtoGlobalThis.Buffer.from(b64, "base64"));
}
else {
const bin = tsProtoGlobalThis.atob(b64);
const arr = new Uint8Array(bin.length);
for (let i = 0; i < bin.length; ++i) {
arr[i] = bin.charCodeAt(i);
}
return arr;
}
}
function base64FromBytes(arr) {
if (tsProtoGlobalThis.Buffer) {
return tsProtoGlobalThis.Buffer.from(arr).toString("base64");
}
else {
const bin = [];
arr.forEach((byte) => {
bin.push(String.fromCharCode(byte));
});
return tsProtoGlobalThis.btoa(bin.join(""));
}
}
function fromTimestamp(t) {
let millis = Number(t.seconds) * 1000;
millis += t.nanos / 1000000;
return new Date(millis);
}
function fromJsonTimestamp(o) {
if (o instanceof Date) {
return o;
}
else if (typeof o === "string") {
return new Date(o);
}
else {
return fromTimestamp(timestamp_1.Timestamp.fromJSON(o));
}
}
function isSet(value) {
return value !== null && value !== undefined;
}

167
package/node_modules/@sigstore/protobuf-specs/dist/__generated__/sigstore_rekor.js generated vendored Normal file
View File

@@ -0,0 +1,167 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.TransparencyLogEntry = exports.InclusionPromise = exports.InclusionProof = exports.Checkpoint = exports.KindVersion = void 0;
/* eslint-disable */
const sigstore_common_1 = require("./sigstore_common");
function createBaseKindVersion() {
return { kind: "", version: "" };
}
exports.KindVersion = {
fromJSON(object) {
return {
kind: isSet(object.kind) ? String(object.kind) : "",
version: isSet(object.version) ? String(object.version) : "",
};
},
toJSON(message) {
const obj = {};
message.kind !== undefined && (obj.kind = message.kind);
message.version !== undefined && (obj.version = message.version);
return obj;
},
};
function createBaseCheckpoint() {
return { envelope: "" };
}
exports.Checkpoint = {
fromJSON(object) {
return { envelope: isSet(object.envelope) ? String(object.envelope) : "" };
},
toJSON(message) {
const obj = {};
message.envelope !== undefined && (obj.envelope = message.envelope);
return obj;
},
};
function createBaseInclusionProof() {
return { logIndex: "0", rootHash: Buffer.alloc(0), treeSize: "0", hashes: [], checkpoint: undefined };
}
exports.InclusionProof = {
fromJSON(object) {
return {
logIndex: isSet(object.logIndex) ? String(object.logIndex) : "0",
rootHash: isSet(object.rootHash) ? Buffer.from(bytesFromBase64(object.rootHash)) : Buffer.alloc(0),
treeSize: isSet(object.treeSize) ? String(object.treeSize) : "0",
hashes: Array.isArray(object?.hashes) ? object.hashes.map((e) => Buffer.from(bytesFromBase64(e))) : [],
checkpoint: isSet(object.checkpoint) ? exports.Checkpoint.fromJSON(object.checkpoint) : undefined,
};
},
toJSON(message) {
const obj = {};
message.logIndex !== undefined && (obj.logIndex = message.logIndex);
message.rootHash !== undefined &&
(obj.rootHash = base64FromBytes(message.rootHash !== undefined ? message.rootHash : Buffer.alloc(0)));
message.treeSize !== undefined && (obj.treeSize = message.treeSize);
if (message.hashes) {
obj.hashes = message.hashes.map((e) => base64FromBytes(e !== undefined ? e : Buffer.alloc(0)));
}
else {
obj.hashes = [];
}
message.checkpoint !== undefined &&
(obj.checkpoint = message.checkpoint ? exports.Checkpoint.toJSON(message.checkpoint) : undefined);
return obj;
},
};
function createBaseInclusionPromise() {
return { signedEntryTimestamp: Buffer.alloc(0) };
}
exports.InclusionPromise = {
fromJSON(object) {
return {
signedEntryTimestamp: isSet(object.signedEntryTimestamp)
? Buffer.from(bytesFromBase64(object.signedEntryTimestamp))
: Buffer.alloc(0),
};
},
toJSON(message) {
const obj = {};
message.signedEntryTimestamp !== undefined &&
(obj.signedEntryTimestamp = base64FromBytes(message.signedEntryTimestamp !== undefined ? message.signedEntryTimestamp : Buffer.alloc(0)));
return obj;
},
};
function createBaseTransparencyLogEntry() {
return {
logIndex: "0",
logId: undefined,
kindVersion: undefined,
integratedTime: "0",
inclusionPromise: undefined,
inclusionProof: undefined,
canonicalizedBody: Buffer.alloc(0),
};
}
exports.TransparencyLogEntry = {
fromJSON(object) {
return {
logIndex: isSet(object.logIndex) ? String(object.logIndex) : "0",
logId: isSet(object.logId) ? sigstore_common_1.LogId.fromJSON(object.logId) : undefined,
kindVersion: isSet(object.kindVersion) ? exports.KindVersion.fromJSON(object.kindVersion) : undefined,
integratedTime: isSet(object.integratedTime) ? String(object.integratedTime) : "0",
inclusionPromise: isSet(object.inclusionPromise) ? exports.InclusionPromise.fromJSON(object.inclusionPromise) : undefined,
inclusionProof: isSet(object.inclusionProof) ? exports.InclusionProof.fromJSON(object.inclusionProof) : undefined,
canonicalizedBody: isSet(object.canonicalizedBody)
? Buffer.from(bytesFromBase64(object.canonicalizedBody))
: Buffer.alloc(0),
};
},
toJSON(message) {
const obj = {};
message.logIndex !== undefined && (obj.logIndex = message.logIndex);
message.logId !== undefined && (obj.logId = message.logId ? sigstore_common_1.LogId.toJSON(message.logId) : undefined);
message.kindVersion !== undefined &&
(obj.kindVersion = message.kindVersion ? exports.KindVersion.toJSON(message.kindVersion) : undefined);
message.integratedTime !== undefined && (obj.integratedTime = message.integratedTime);
message.inclusionPromise !== undefined &&
(obj.inclusionPromise = message.inclusionPromise ? exports.InclusionPromise.toJSON(message.inclusionPromise) : undefined);
message.inclusionProof !== undefined &&
(obj.inclusionProof = message.inclusionProof ? exports.InclusionProof.toJSON(message.inclusionProof) : undefined);
message.canonicalizedBody !== undefined &&
(obj.canonicalizedBody = base64FromBytes(message.canonicalizedBody !== undefined ? message.canonicalizedBody : Buffer.alloc(0)));
return obj;
},
};
var tsProtoGlobalThis = (() => {
if (typeof globalThis !== "undefined") {
return globalThis;
}
if (typeof self !== "undefined") {
return self;
}
if (typeof window !== "undefined") {
return window;
}
if (typeof global !== "undefined") {
return global;
}
throw "Unable to locate global object";
})();
function bytesFromBase64(b64) {
if (tsProtoGlobalThis.Buffer) {
return Uint8Array.from(tsProtoGlobalThis.Buffer.from(b64, "base64"));
}
else {
const bin = tsProtoGlobalThis.atob(b64);
const arr = new Uint8Array(bin.length);
for (let i = 0; i < bin.length; ++i) {
arr[i] = bin.charCodeAt(i);
}
return arr;
}
}
function base64FromBytes(arr) {
if (tsProtoGlobalThis.Buffer) {
return tsProtoGlobalThis.Buffer.from(arr).toString("base64");
}
else {
const bin = [];
arr.forEach((byte) => {
bin.push(String.fromCharCode(byte));
});
return tsProtoGlobalThis.btoa(bin.join(""));
}
}
function isSet(value) {
return value !== null && value !== undefined;
}

158
package/node_modules/@sigstore/protobuf-specs/dist/__generated__/sigstore_trustroot.js generated vendored Normal file
View File

@@ -0,0 +1,158 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.ClientTrustConfig = exports.SigningConfig = exports.TrustedRoot = exports.CertificateAuthority = exports.TransparencyLogInstance = void 0;
/* eslint-disable */
const sigstore_common_1 = require("./sigstore_common");
function createBaseTransparencyLogInstance() {
return { baseUrl: "", hashAlgorithm: 0, publicKey: undefined, logId: undefined, checkpointKeyId: undefined };
}
exports.TransparencyLogInstance = {
fromJSON(object) {
return {
baseUrl: isSet(object.baseUrl) ? String(object.baseUrl) : "",
hashAlgorithm: isSet(object.hashAlgorithm) ? (0, sigstore_common_1.hashAlgorithmFromJSON)(object.hashAlgorithm) : 0,
publicKey: isSet(object.publicKey) ? sigstore_common_1.PublicKey.fromJSON(object.publicKey) : undefined,
logId: isSet(object.logId) ? sigstore_common_1.LogId.fromJSON(object.logId) : undefined,
checkpointKeyId: isSet(object.checkpointKeyId) ? sigstore_common_1.LogId.fromJSON(object.checkpointKeyId) : undefined,
};
},
toJSON(message) {
const obj = {};
message.baseUrl !== undefined && (obj.baseUrl = message.baseUrl);
message.hashAlgorithm !== undefined && (obj.hashAlgorithm = (0, sigstore_common_1.hashAlgorithmToJSON)(message.hashAlgorithm));
message.publicKey !== undefined &&
(obj.publicKey = message.publicKey ? sigstore_common_1.PublicKey.toJSON(message.publicKey) : undefined);
message.logId !== undefined && (obj.logId = message.logId ? sigstore_common_1.LogId.toJSON(message.logId) : undefined);
message.checkpointKeyId !== undefined &&
(obj.checkpointKeyId = message.checkpointKeyId ? sigstore_common_1.LogId.toJSON(message.checkpointKeyId) : undefined);
return obj;
},
};
function createBaseCertificateAuthority() {
return { subject: undefined, uri: "", certChain: undefined, validFor: undefined };
}
exports.CertificateAuthority = {
fromJSON(object) {
return {
subject: isSet(object.subject) ? sigstore_common_1.DistinguishedName.fromJSON(object.subject) : undefined,
uri: isSet(object.uri) ? String(object.uri) : "",
certChain: isSet(object.certChain) ? sigstore_common_1.X509CertificateChain.fromJSON(object.certChain) : undefined,
validFor: isSet(object.validFor) ? sigstore_common_1.TimeRange.fromJSON(object.validFor) : undefined,
};
},
toJSON(message) {
const obj = {};
message.subject !== undefined &&
(obj.subject = message.subject ? sigstore_common_1.DistinguishedName.toJSON(message.subject) : undefined);
message.uri !== undefined && (obj.uri = message.uri);
message.certChain !== undefined &&
(obj.certChain = message.certChain ? sigstore_common_1.X509CertificateChain.toJSON(message.certChain) : undefined);
message.validFor !== undefined &&
(obj.validFor = message.validFor ? sigstore_common_1.TimeRange.toJSON(message.validFor) : undefined);
return obj;
},
};
function createBaseTrustedRoot() {
return { mediaType: "", tlogs: [], certificateAuthorities: [], ctlogs: [], timestampAuthorities: [] };
}
exports.TrustedRoot = {
fromJSON(object) {
return {
mediaType: isSet(object.mediaType) ? String(object.mediaType) : "",
tlogs: Array.isArray(object?.tlogs) ? object.tlogs.map((e) => exports.TransparencyLogInstance.fromJSON(e)) : [],
certificateAuthorities: Array.isArray(object?.certificateAuthorities)
? object.certificateAuthorities.map((e) => exports.CertificateAuthority.fromJSON(e))
: [],
ctlogs: Array.isArray(object?.ctlogs)
? object.ctlogs.map((e) => exports.TransparencyLogInstance.fromJSON(e))
: [],
timestampAuthorities: Array.isArray(object?.timestampAuthorities)
? object.timestampAuthorities.map((e) => exports.CertificateAuthority.fromJSON(e))
: [],
};
},
toJSON(message) {
const obj = {};
message.mediaType !== undefined && (obj.mediaType = message.mediaType);
if (message.tlogs) {
obj.tlogs = message.tlogs.map((e) => e ? exports.TransparencyLogInstance.toJSON(e) : undefined);
}
else {
obj.tlogs = [];
}
if (message.certificateAuthorities) {
obj.certificateAuthorities = message.certificateAuthorities.map((e) => e ? exports.CertificateAuthority.toJSON(e) : undefined);
}
else {
obj.certificateAuthorities = [];
}
if (message.ctlogs) {
obj.ctlogs = message.ctlogs.map((e) => e ? exports.TransparencyLogInstance.toJSON(e) : undefined);
}
else {
obj.ctlogs = [];
}
if (message.timestampAuthorities) {
obj.timestampAuthorities = message.timestampAuthorities.map((e) => e ? exports.CertificateAuthority.toJSON(e) : undefined);
}
else {
obj.timestampAuthorities = [];
}
return obj;
},
};
function createBaseSigningConfig() {
return { caUrl: "", oidcUrl: "", tlogUrls: [], tsaUrls: [] };
}
exports.SigningConfig = {
fromJSON(object) {
return {
caUrl: isSet(object.caUrl) ? String(object.caUrl) : "",
oidcUrl: isSet(object.oidcUrl) ? String(object.oidcUrl) : "",
tlogUrls: Array.isArray(object?.tlogUrls) ? object.tlogUrls.map((e) => String(e)) : [],
tsaUrls: Array.isArray(object?.tsaUrls) ? object.tsaUrls.map((e) => String(e)) : [],
};
},
toJSON(message) {
const obj = {};
message.caUrl !== undefined && (obj.caUrl = message.caUrl);
message.oidcUrl !== undefined && (obj.oidcUrl = message.oidcUrl);
if (message.tlogUrls) {
obj.tlogUrls = message.tlogUrls.map((e) => e);
}
else {
obj.tlogUrls = [];
}
if (message.tsaUrls) {
obj.tsaUrls = message.tsaUrls.map((e) => e);
}
else {
obj.tsaUrls = [];
}
return obj;
},
};
function createBaseClientTrustConfig() {
return { mediaType: "", trustedRoot: undefined, signingConfig: undefined };
}
exports.ClientTrustConfig = {
fromJSON(object) {
return {
mediaType: isSet(object.mediaType) ? String(object.mediaType) : "",
trustedRoot: isSet(object.trustedRoot) ? exports.TrustedRoot.fromJSON(object.trustedRoot) : undefined,
signingConfig: isSet(object.signingConfig) ? exports.SigningConfig.fromJSON(object.signingConfig) : undefined,
};
},
toJSON(message) {
const obj = {};
message.mediaType !== undefined && (obj.mediaType = message.mediaType);
message.trustedRoot !== undefined &&
(obj.trustedRoot = message.trustedRoot ? exports.TrustedRoot.toJSON(message.trustedRoot) : undefined);
message.signingConfig !== undefined &&
(obj.signingConfig = message.signingConfig ? exports.SigningConfig.toJSON(message.signingConfig) : undefined);
return obj;
},
};
function isSet(value) {
return value !== null && value !== undefined;
}

324
package/node_modules/@sigstore/protobuf-specs/dist/__generated__/sigstore_verification.js generated vendored Normal file
View File

@@ -0,0 +1,324 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.Input = exports.Artifact = exports.ArtifactVerificationOptions_ObserverTimestampOptions = exports.ArtifactVerificationOptions_TlogIntegratedTimestampOptions = exports.ArtifactVerificationOptions_TimestampAuthorityOptions = exports.ArtifactVerificationOptions_CtlogOptions = exports.ArtifactVerificationOptions_TlogOptions = exports.ArtifactVerificationOptions = exports.PublicKeyIdentities = exports.CertificateIdentities = exports.CertificateIdentity = void 0;
/* eslint-disable */
const sigstore_bundle_1 = require("./sigstore_bundle");
const sigstore_common_1 = require("./sigstore_common");
const sigstore_trustroot_1 = require("./sigstore_trustroot");
function createBaseCertificateIdentity() {
return { issuer: "", san: undefined, oids: [] };
}
exports.CertificateIdentity = {
fromJSON(object) {
return {
issuer: isSet(object.issuer) ? String(object.issuer) : "",
san: isSet(object.san) ? sigstore_common_1.SubjectAlternativeName.fromJSON(object.san) : undefined,
oids: Array.isArray(object?.oids) ? object.oids.map((e) => sigstore_common_1.ObjectIdentifierValuePair.fromJSON(e)) : [],
};
},
toJSON(message) {
const obj = {};
message.issuer !== undefined && (obj.issuer = message.issuer);
message.san !== undefined && (obj.san = message.san ? sigstore_common_1.SubjectAlternativeName.toJSON(message.san) : undefined);
if (message.oids) {
obj.oids = message.oids.map((e) => e ? sigstore_common_1.ObjectIdentifierValuePair.toJSON(e) : undefined);
}
else {
obj.oids = [];
}
return obj;
},
};
function createBaseCertificateIdentities() {
return { identities: [] };
}
exports.CertificateIdentities = {
fromJSON(object) {
return {
identities: Array.isArray(object?.identities)
? object.identities.map((e) => exports.CertificateIdentity.fromJSON(e))
: [],
};
},
toJSON(message) {
const obj = {};
if (message.identities) {
obj.identities = message.identities.map((e) => e ? exports.CertificateIdentity.toJSON(e) : undefined);
}
else {
obj.identities = [];
}
return obj;
},
};
function createBasePublicKeyIdentities() {
return { publicKeys: [] };
}
exports.PublicKeyIdentities = {
fromJSON(object) {
return {
publicKeys: Array.isArray(object?.publicKeys) ? object.publicKeys.map((e) => sigstore_common_1.PublicKey.fromJSON(e)) : [],
};
},
toJSON(message) {
const obj = {};
if (message.publicKeys) {
obj.publicKeys = message.publicKeys.map((e) => e ? sigstore_common_1.PublicKey.toJSON(e) : undefined);
}
else {
obj.publicKeys = [];
}
return obj;
},
};
function createBaseArtifactVerificationOptions() {
return {
signers: undefined,
tlogOptions: undefined,
ctlogOptions: undefined,
tsaOptions: undefined,
integratedTsOptions: undefined,
observerOptions: undefined,
};
}
exports.ArtifactVerificationOptions = {
fromJSON(object) {
return {
signers: isSet(object.certificateIdentities)
? {
$case: "certificateIdentities",
certificateIdentities: exports.CertificateIdentities.fromJSON(object.certificateIdentities),
}
: isSet(object.publicKeys)
? { $case: "publicKeys", publicKeys: exports.PublicKeyIdentities.fromJSON(object.publicKeys) }
: undefined,
tlogOptions: isSet(object.tlogOptions)
? exports.ArtifactVerificationOptions_TlogOptions.fromJSON(object.tlogOptions)
: undefined,
ctlogOptions: isSet(object.ctlogOptions)
? exports.ArtifactVerificationOptions_CtlogOptions.fromJSON(object.ctlogOptions)
: undefined,
tsaOptions: isSet(object.tsaOptions)
? exports.ArtifactVerificationOptions_TimestampAuthorityOptions.fromJSON(object.tsaOptions)
: undefined,
integratedTsOptions: isSet(object.integratedTsOptions)
? exports.ArtifactVerificationOptions_TlogIntegratedTimestampOptions.fromJSON(object.integratedTsOptions)
: undefined,
observerOptions: isSet(object.observerOptions)
? exports.ArtifactVerificationOptions_ObserverTimestampOptions.fromJSON(object.observerOptions)
: undefined,
};
},
toJSON(message) {
const obj = {};
message.signers?.$case === "certificateIdentities" &&
(obj.certificateIdentities = message.signers?.certificateIdentities
? exports.CertificateIdentities.toJSON(message.signers?.certificateIdentities)
: undefined);
message.signers?.$case === "publicKeys" && (obj.publicKeys = message.signers?.publicKeys
? exports.PublicKeyIdentities.toJSON(message.signers?.publicKeys)
: undefined);
message.tlogOptions !== undefined && (obj.tlogOptions = message.tlogOptions
? exports.ArtifactVerificationOptions_TlogOptions.toJSON(message.tlogOptions)
: undefined);
message.ctlogOptions !== undefined && (obj.ctlogOptions = message.ctlogOptions
? exports.ArtifactVerificationOptions_CtlogOptions.toJSON(message.ctlogOptions)
: undefined);
message.tsaOptions !== undefined && (obj.tsaOptions = message.tsaOptions
? exports.ArtifactVerificationOptions_TimestampAuthorityOptions.toJSON(message.tsaOptions)
: undefined);
message.integratedTsOptions !== undefined && (obj.integratedTsOptions = message.integratedTsOptions
? exports.ArtifactVerificationOptions_TlogIntegratedTimestampOptions.toJSON(message.integratedTsOptions)
: undefined);
message.observerOptions !== undefined && (obj.observerOptions = message.observerOptions
? exports.ArtifactVerificationOptions_ObserverTimestampOptions.toJSON(message.observerOptions)
: undefined);
return obj;
},
};
function createBaseArtifactVerificationOptions_TlogOptions() {
return { threshold: 0, performOnlineVerification: false, disable: false };
}
exports.ArtifactVerificationOptions_TlogOptions = {
fromJSON(object) {
return {
threshold: isSet(object.threshold) ? Number(object.threshold) : 0,
performOnlineVerification: isSet(object.performOnlineVerification)
? Boolean(object.performOnlineVerification)
: false,
disable: isSet(object.disable) ? Boolean(object.disable) : false,
};
},
toJSON(message) {
const obj = {};
message.threshold !== undefined && (obj.threshold = Math.round(message.threshold));
message.performOnlineVerification !== undefined &&
(obj.performOnlineVerification = message.performOnlineVerification);
message.disable !== undefined && (obj.disable = message.disable);
return obj;
},
};
function createBaseArtifactVerificationOptions_CtlogOptions() {
return { threshold: 0, disable: false };
}
exports.ArtifactVerificationOptions_CtlogOptions = {
fromJSON(object) {
return {
threshold: isSet(object.threshold) ? Number(object.threshold) : 0,
disable: isSet(object.disable) ? Boolean(object.disable) : false,
};
},
toJSON(message) {
const obj = {};
message.threshold !== undefined && (obj.threshold = Math.round(message.threshold));
message.disable !== undefined && (obj.disable = message.disable);
return obj;
},
};
function createBaseArtifactVerificationOptions_TimestampAuthorityOptions() {
return { threshold: 0, disable: false };
}
exports.ArtifactVerificationOptions_TimestampAuthorityOptions = {
fromJSON(object) {
return {
threshold: isSet(object.threshold) ? Number(object.threshold) : 0,
disable: isSet(object.disable) ? Boolean(object.disable) : false,
};
},
toJSON(message) {
const obj = {};
message.threshold !== undefined && (obj.threshold = Math.round(message.threshold));
message.disable !== undefined && (obj.disable = message.disable);
return obj;
},
};
function createBaseArtifactVerificationOptions_TlogIntegratedTimestampOptions() {
return { threshold: 0, disable: false };
}
exports.ArtifactVerificationOptions_TlogIntegratedTimestampOptions = {
fromJSON(object) {
return {
threshold: isSet(object.threshold) ? Number(object.threshold) : 0,
disable: isSet(object.disable) ? Boolean(object.disable) : false,
};
},
toJSON(message) {
const obj = {};
message.threshold !== undefined && (obj.threshold = Math.round(message.threshold));
message.disable !== undefined && (obj.disable = message.disable);
return obj;
},
};
function createBaseArtifactVerificationOptions_ObserverTimestampOptions() {
return { threshold: 0, disable: false };
}
exports.ArtifactVerificationOptions_ObserverTimestampOptions = {
fromJSON(object) {
return {
threshold: isSet(object.threshold) ? Number(object.threshold) : 0,
disable: isSet(object.disable) ? Boolean(object.disable) : false,
};
},
toJSON(message) {
const obj = {};
message.threshold !== undefined && (obj.threshold = Math.round(message.threshold));
message.disable !== undefined && (obj.disable = message.disable);
return obj;
},
};
function createBaseArtifact() {
return { data: undefined };
}
exports.Artifact = {
fromJSON(object) {
return {
data: isSet(object.artifactUri)
? { $case: "artifactUri", artifactUri: String(object.artifactUri) }
: isSet(object.artifact)
? { $case: "artifact", artifact: Buffer.from(bytesFromBase64(object.artifact)) }
: undefined,
};
},
toJSON(message) {
const obj = {};
message.data?.$case === "artifactUri" && (obj.artifactUri = message.data?.artifactUri);
message.data?.$case === "artifact" &&
(obj.artifact = message.data?.artifact !== undefined ? base64FromBytes(message.data?.artifact) : undefined);
return obj;
},
};
function createBaseInput() {
return {
artifactTrustRoot: undefined,
artifactVerificationOptions: undefined,
bundle: undefined,
artifact: undefined,
};
}
exports.Input = {
fromJSON(object) {
return {
artifactTrustRoot: isSet(object.artifactTrustRoot) ? sigstore_trustroot_1.TrustedRoot.fromJSON(object.artifactTrustRoot) : undefined,
artifactVerificationOptions: isSet(object.artifactVerificationOptions)
? exports.ArtifactVerificationOptions.fromJSON(object.artifactVerificationOptions)
: undefined,
bundle: isSet(object.bundle) ? sigstore_bundle_1.Bundle.fromJSON(object.bundle) : undefined,
artifact: isSet(object.artifact) ? exports.Artifact.fromJSON(object.artifact) : undefined,
};
},
toJSON(message) {
const obj = {};
message.artifactTrustRoot !== undefined &&
(obj.artifactTrustRoot = message.artifactTrustRoot ? sigstore_trustroot_1.TrustedRoot.toJSON(message.artifactTrustRoot) : undefined);
message.artifactVerificationOptions !== undefined &&
(obj.artifactVerificationOptions = message.artifactVerificationOptions
? exports.ArtifactVerificationOptions.toJSON(message.artifactVerificationOptions)
: undefined);
message.bundle !== undefined && (obj.bundle = message.bundle ? sigstore_bundle_1.Bundle.toJSON(message.bundle) : undefined);
message.artifact !== undefined && (obj.artifact = message.artifact ? exports.Artifact.toJSON(message.artifact) : undefined);
return obj;
},
};
var tsProtoGlobalThis = (() => {
if (typeof globalThis !== "undefined") {
return globalThis;
}
if (typeof self !== "undefined") {
return self;
}
if (typeof window !== "undefined") {
return window;
}
if (typeof global !== "undefined") {
return global;
}
throw "Unable to locate global object";
})();
function bytesFromBase64(b64) {
if (tsProtoGlobalThis.Buffer) {
return Uint8Array.from(tsProtoGlobalThis.Buffer.from(b64, "base64"));
}
else {
const bin = tsProtoGlobalThis.atob(b64);
const arr = new Uint8Array(bin.length);
for (let i = 0; i < bin.length; ++i) {
arr[i] = bin.charCodeAt(i);
}
return arr;
}
}
function base64FromBytes(arr) {
if (tsProtoGlobalThis.Buffer) {
return tsProtoGlobalThis.Buffer.from(arr).toString("base64");
}
else {
const bin = [];
arr.forEach((byte) => {
bin.push(String.fromCharCode(byte));
});
return tsProtoGlobalThis.btoa(bin.join(""));
}
}
function isSet(value) {
return value !== null && value !== undefined;
}

37
package/node_modules/@sigstore/protobuf-specs/dist/index.js generated vendored Normal file
View File

@@ -0,0 +1,37 @@
"use strict";
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
var desc = Object.getOwnPropertyDescriptor(m, k);
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
desc = { enumerable: true, get: function() { return m[k]; } };
}
Object.defineProperty(o, k2, desc);
}) : (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
o[k2] = m[k];
}));
var __exportStar = (this && this.__exportStar) || function(m, exports) {
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
};
Object.defineProperty(exports, "__esModule", { value: true });
/*
Copyright 2023 The Sigstore Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
__exportStar(require("./__generated__/envelope"), exports);
__exportStar(require("./__generated__/sigstore_bundle"), exports);
__exportStar(require("./__generated__/sigstore_common"), exports);
__exportStar(require("./__generated__/sigstore_rekor"), exports);
__exportStar(require("./__generated__/sigstore_trustroot"), exports);
__exportStar(require("./__generated__/sigstore_verification"), exports);

31
package/node_modules/@sigstore/protobuf-specs/package.json generated vendored Normal file
View File

@@ -0,0 +1,31 @@
{
"name": "@sigstore/protobuf-specs",
"version": "0.3.2",
"description": "code-signing for npm packages",
"main": "dist/index.js",
"types": "dist/index.d.ts",
"scripts": {
"build": "tsc"
},
"repository": {
"type": "git",
"url": "git+https://github.com/sigstore/protobuf-specs.git"
},
"files": [
"dist"
],
"author": "bdehamer@github.com",
"license": "Apache-2.0",
"bugs": {
"url": "https://github.com/sigstore/protobuf-specs/issues"
},
"homepage": "https://github.com/sigstore/protobuf-specs#readme",
"devDependencies": {
"@tsconfig/node16": "^16.1.1",
"@types/node": "^18.14.0",
"typescript": "^4.9.5"
},
"engines": {
"node": "^16.14.0 || >=18.0.0"
}
}

202
package/node_modules/@sigstore/sign/LICENSE generated vendored Normal file
View File

@@ -0,0 +1,202 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright 2023 The Sigstore Authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

50
package/node_modules/@sigstore/sign/dist/bundler/base.js generated vendored Normal file
View File

@@ -0,0 +1,50 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.BaseBundleBuilder = void 0;
// BaseBundleBuilder is a base class for BundleBuilder implementations. It
// provides a the basic wokflow for signing and witnessing an artifact.
// Subclasses must implement the `package` method to assemble a valid bundle
// with the generated signature and verification material.
class BaseBundleBuilder {
constructor(options) {
this.signer = options.signer;
this.witnesses = options.witnesses;
}
// Executes the signing/witnessing process for the given artifact.
async create(artifact) {
const signature = await this.prepare(artifact).then((blob) => this.signer.sign(blob));
const bundle = await this.package(artifact, signature);
// Invoke all of the witnesses in parallel
const verificationMaterials = await Promise.all(this.witnesses.map((witness) => witness.testify(bundle.content, publicKey(signature.key))));
// Collect the verification material from all of the witnesses
const tlogEntryList = [];
const timestampList = [];
verificationMaterials.forEach(({ tlogEntries, rfc3161Timestamps }) => {
tlogEntryList.push(...(tlogEntries ?? []));
timestampList.push(...(rfc3161Timestamps ?? []));
});
// Merge the collected verification material into the bundle
bundle.verificationMaterial.tlogEntries = tlogEntryList;
bundle.verificationMaterial.timestampVerificationData = {
rfc3161Timestamps: timestampList,
};
return bundle;
}
// Override this function to apply any pre-signing transformations to the
// artifact. The returned buffer will be signed by the signer. The default
// implementation simply returns the artifact data.
async prepare(artifact) {
return artifact.data;
}
}
exports.BaseBundleBuilder = BaseBundleBuilder;
// Extracts the public key from a KeyMaterial. Returns either the public key
// or the certificate, depending on the type of key material.
function publicKey(key) {
switch (key.$case) {
case 'publicKey':
return key.publicKey;
case 'x509Certificate':
return key.certificate;
}
}

71
package/node_modules/@sigstore/sign/dist/bundler/bundle.js generated vendored Normal file
View File

@@ -0,0 +1,71 @@
"use strict";
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
var desc = Object.getOwnPropertyDescriptor(m, k);
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
desc = { enumerable: true, get: function() { return m[k]; } };
}
Object.defineProperty(o, k2, desc);
}) : (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
o["default"] = v;
});
var __importStar = (this && this.__importStar) || function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
__setModuleDefault(result, mod);
return result;
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.toDSSEBundle = exports.toMessageSignatureBundle = void 0;
/*
Copyright 2023 The Sigstore Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
const sigstore = __importStar(require("@sigstore/bundle"));
const util_1 = require("../util");
// Helper functions for assembling the parts of a Sigstore bundle
// Message signature bundle - $case: 'messageSignature'
function toMessageSignatureBundle(artifact, signature) {
const digest = util_1.crypto.hash(artifact.data);
return sigstore.toMessageSignatureBundle({
digest,
signature: signature.signature,
certificate: signature.key.$case === 'x509Certificate'
? util_1.pem.toDER(signature.key.certificate)
: undefined,
keyHint: signature.key.$case === 'publicKey' ? signature.key.hint : undefined,
});
}
exports.toMessageSignatureBundle = toMessageSignatureBundle;
// DSSE envelope bundle - $case: 'dsseEnvelope'
function toDSSEBundle(artifact, signature, singleCertificate) {
return sigstore.toDSSEBundle({
artifact: artifact.data,
artifactType: artifact.type,
signature: signature.signature,
certificate: signature.key.$case === 'x509Certificate'
? util_1.pem.toDER(signature.key.certificate)
: undefined,
keyHint: signature.key.$case === 'publicKey' ? signature.key.hint : undefined,
singleCertificate,
});
}
exports.toDSSEBundle = toDSSEBundle;

46
package/node_modules/@sigstore/sign/dist/bundler/dsse.js generated vendored Normal file
View File

@@ -0,0 +1,46 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.DSSEBundleBuilder = void 0;
/*
Copyright 2023 The Sigstore Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
const util_1 = require("../util");
const base_1 = require("./base");
const bundle_1 = require("./bundle");
// BundleBuilder implementation for DSSE wrapped attestations
class DSSEBundleBuilder extends base_1.BaseBundleBuilder {
constructor(options) {
super(options);
this.singleCertificate = options.singleCertificate ?? false;
}
// DSSE requires the artifact to be pre-encoded with the payload type
// before the signature is generated.
async prepare(artifact) {
const a = artifactDefaults(artifact);
return util_1.dsse.preAuthEncoding(a.type, a.data);
}
// Packages the artifact and signature into a DSSE bundle
async package(artifact, signature) {
return (0, bundle_1.toDSSEBundle)(artifactDefaults(artifact), signature, this.singleCertificate);
}
}
exports.DSSEBundleBuilder = DSSEBundleBuilder;
// Defaults the artifact type to an empty string if not provided
function artifactDefaults(artifact) {
return {
...artifact,
type: artifact.type ?? '',
};
}

7
package/node_modules/@sigstore/sign/dist/bundler/index.js generated vendored Normal file
View File

@@ -0,0 +1,7 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.MessageSignatureBundleBuilder = exports.DSSEBundleBuilder = void 0;
var dsse_1 = require("./dsse");
Object.defineProperty(exports, "DSSEBundleBuilder", { enumerable: true, get: function () { return dsse_1.DSSEBundleBuilder; } });
var message_1 = require("./message");
Object.defineProperty(exports, "MessageSignatureBundleBuilder", { enumerable: true, get: function () { return message_1.MessageSignatureBundleBuilder; } });

30
package/node_modules/@sigstore/sign/dist/bundler/message.js generated vendored Normal file
View File

@@ -0,0 +1,30 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.MessageSignatureBundleBuilder = void 0;
/*
Copyright 2023 The Sigstore Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
const base_1 = require("./base");
const bundle_1 = require("./bundle");
// BundleBuilder implementation for raw message signatures
class MessageSignatureBundleBuilder extends base_1.BaseBundleBuilder {
constructor(options) {
super(options);
}
async package(artifact, signature) {
return (0, bundle_1.toMessageSignatureBundle)(artifact, signature);
}
}
exports.MessageSignatureBundleBuilder = MessageSignatureBundleBuilder;

39
package/node_modules/@sigstore/sign/dist/error.js generated vendored Normal file
View File

@@ -0,0 +1,39 @@
"use strict";
/*
Copyright 2023 The Sigstore Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
Object.defineProperty(exports, "__esModule", { value: true });
exports.internalError = exports.InternalError = void 0;
const error_1 = require("./external/error");
class InternalError extends Error {
constructor({ code, message, cause, }) {
super(message);
this.name = this.constructor.name;
this.cause = cause;
this.code = code;
}
}
exports.InternalError = InternalError;
function internalError(err, code, message) {
if (err instanceof error_1.HTTPError) {
message += ` - ${err.message}`;
}
throw new InternalError({
code: code,
message: message,
cause: err,
});
}
exports.internalError = internalError;

26
package/node_modules/@sigstore/sign/dist/external/error.js generated vendored Normal file
View File

@@ -0,0 +1,26 @@
"use strict";
/*
Copyright 2023 The Sigstore Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
Object.defineProperty(exports, "__esModule", { value: true });
exports.HTTPError = void 0;
class HTTPError extends Error {
constructor({ status, message, location, }) {
super(`(${status}) ${message}`);
this.statusCode = status;
this.location = location;
}
}
exports.HTTPError = HTTPError;

99
package/node_modules/@sigstore/sign/dist/external/fetch.js generated vendored Normal file
View File

@@ -0,0 +1,99 @@
"use strict";
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.fetchWithRetry = void 0;
/*
Copyright 2023 The Sigstore Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
const http2_1 = require("http2");
const make_fetch_happen_1 = __importDefault(require("make-fetch-happen"));
const proc_log_1 = require("proc-log");
const promise_retry_1 = __importDefault(require("promise-retry"));
const util_1 = require("../util");
const error_1 = require("./error");
const { HTTP2_HEADER_LOCATION, HTTP2_HEADER_CONTENT_TYPE, HTTP2_HEADER_USER_AGENT, HTTP_STATUS_INTERNAL_SERVER_ERROR, HTTP_STATUS_TOO_MANY_REQUESTS, HTTP_STATUS_REQUEST_TIMEOUT, } = http2_1.constants;
async function fetchWithRetry(url, options) {
return (0, promise_retry_1.default)(async (retry, attemptNum) => {
const method = options.method || 'POST';
const headers = {
[HTTP2_HEADER_USER_AGENT]: util_1.ua.getUserAgent(),
...options.headers,
};
const response = await (0, make_fetch_happen_1.default)(url, {
method,
headers,
body: options.body,
timeout: options.timeout,
retry: false, // We're handling retries ourselves
}).catch((reason) => {
proc_log_1.log.http('fetch', `${method} ${url} attempt ${attemptNum} failed with ${reason}`);
return retry(reason);
});
if (response.ok) {
return response;
}
else {
const error = await errorFromResponse(response);
proc_log_1.log.http('fetch', `${method} ${url} attempt ${attemptNum} failed with ${response.status}`);
if (retryable(response.status)) {
return retry(error);
}
else {
throw error;
}
}
}, retryOpts(options.retry));
}
exports.fetchWithRetry = fetchWithRetry;
// Translate a Response into an HTTPError instance. This will attempt to parse
// the response body for a message, but will default to the statusText if none
// is found.
const errorFromResponse = async (response) => {
let message = response.statusText;
const location = response.headers?.get(HTTP2_HEADER_LOCATION) || undefined;
const contentType = response.headers?.get(HTTP2_HEADER_CONTENT_TYPE);
// If response type is JSON, try to parse the body for a message
if (contentType?.includes('application/json')) {
try {
const body = await response.json();
message = body.message || message;
}
catch (e) {
// ignore
}
}
return new error_1.HTTPError({
status: response.status,
message: message,
location: location,
});
};
// Determine if a status code is retryable. This includes 5xx errors, 408, and
// 429.
const retryable = (status) => [HTTP_STATUS_REQUEST_TIMEOUT, HTTP_STATUS_TOO_MANY_REQUESTS].includes(status) || status >= HTTP_STATUS_INTERNAL_SERVER_ERROR;
// Normalize the retry options to the format expected by promise-retry
const retryOpts = (retry) => {
if (typeof retry === 'boolean') {
return { retries: retry ? 1 : 0 };
}
else if (typeof retry === 'number') {
return { retries: retry };
}
else {
return { retries: 0, ...retry };
}
};

41
package/node_modules/@sigstore/sign/dist/external/fulcio.js generated vendored Normal file
View File

@@ -0,0 +1,41 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.Fulcio = void 0;
/*
Copyright 2023 The Sigstore Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
const fetch_1 = require("./fetch");
/**
* Fulcio API client.
*/
class Fulcio {
constructor(options) {
this.options = options;
}
async createSigningCertificate(request) {
const { baseURL, retry, timeout } = this.options;
const url = `${baseURL}/api/v2/signingCert`;
const response = await (0, fetch_1.fetchWithRetry)(url, {
headers: {
'Content-Type': 'application/json',
},
body: JSON.stringify(request),
timeout,
retry,
});
return response.json();
}
}
exports.Fulcio = Fulcio;

80
package/node_modules/@sigstore/sign/dist/external/rekor.js generated vendored Normal file
View File

@@ -0,0 +1,80 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.Rekor = void 0;
/*
Copyright 2023 The Sigstore Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
const fetch_1 = require("./fetch");
/**
* Rekor API client.
*/
class Rekor {
constructor(options) {
this.options = options;
}
/**
* Create a new entry in the Rekor log.
* @param propsedEntry {ProposedEntry} Data to create a new entry
* @returns {Promise<Entry>} The created entry
*/
async createEntry(propsedEntry) {
const { baseURL, timeout, retry } = this.options;
const url = `${baseURL}/api/v1/log/entries`;
const response = await (0, fetch_1.fetchWithRetry)(url, {
headers: {
'Content-Type': 'application/json',
Accept: 'application/json',
},
body: JSON.stringify(propsedEntry),
timeout,
retry,
});
const data = await response.json();
return entryFromResponse(data);
}
/**
* Get an entry from the Rekor log.
* @param uuid {string} The UUID of the entry to retrieve
* @returns {Promise<Entry>} The retrieved entry
*/
async getEntry(uuid) {
const { baseURL, timeout, retry } = this.options;
const url = `${baseURL}/api/v1/log/entries/${uuid}`;
const response = await (0, fetch_1.fetchWithRetry)(url, {
method: 'GET',
headers: {
Accept: 'application/json',
},
timeout,
retry,
});
const data = await response.json();
return entryFromResponse(data);
}
}
exports.Rekor = Rekor;
// Unpack the response from the Rekor API into a more convenient format.
function entryFromResponse(data) {
const entries = Object.entries(data);
if (entries.length != 1) {
throw new Error('Received multiple entries in Rekor response');
}
// Grab UUID and entry data from the response
const [uuid, entry] = entries[0];
return {
...entry,
uuid,
};
}

38
package/node_modules/@sigstore/sign/dist/external/tsa.js generated vendored Normal file
View File

@@ -0,0 +1,38 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.TimestampAuthority = void 0;
/*
Copyright 2023 The Sigstore Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
const fetch_1 = require("./fetch");
class TimestampAuthority {
constructor(options) {
this.options = options;
}
async createTimestamp(request) {
const { baseURL, timeout, retry } = this.options;
const url = `${baseURL}/api/v1/timestamp`;
const response = await (0, fetch_1.fetchWithRetry)(url, {
headers: {
'Content-Type': 'application/json',
},
body: JSON.stringify(request),
timeout,
retry,
});
return response.buffer();
}
}
exports.TimestampAuthority = TimestampAuthority;

73
package/node_modules/@sigstore/sign/dist/identity/ci.js generated vendored Normal file
View File

@@ -0,0 +1,73 @@
"use strict";
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.CIContextProvider = void 0;
/*
Copyright 2023 The Sigstore Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
const make_fetch_happen_1 = __importDefault(require("make-fetch-happen"));
// Collection of all the CI-specific providers we have implemented
const providers = [getGHAToken, getEnv];
/**
* CIContextProvider is a composite identity provider which will iterate
* over all of the CI-specific providers and return the token from the first
* one that resolves.
*/
class CIContextProvider {
/* istanbul ignore next */
constructor(audience = 'sigstore') {
this.audience = audience;
}
// Invoke all registered ProviderFuncs and return the value of whichever one
// resolves first.
async getToken() {
return Promise.any(providers.map((getToken) => getToken(this.audience))).catch(() => Promise.reject('CI: no tokens available'));
}
}
exports.CIContextProvider = CIContextProvider;
/**
* getGHAToken can retrieve an OIDC token when running in a GitHub Actions
* workflow
*/
async function getGHAToken(audience) {
// Check to see if we're running in GitHub Actions
if (!process.env.ACTIONS_ID_TOKEN_REQUEST_URL ||
!process.env.ACTIONS_ID_TOKEN_REQUEST_TOKEN) {
return Promise.reject('no token available');
}
// Construct URL to request token w/ appropriate audience
const url = new URL(process.env.ACTIONS_ID_TOKEN_REQUEST_URL);
url.searchParams.append('audience', audience);
const response = await (0, make_fetch_happen_1.default)(url.href, {
retry: 2,
headers: {
Accept: 'application/json',
Authorization: `Bearer ${process.env.ACTIONS_ID_TOKEN_REQUEST_TOKEN}`,
},
});
return response.json().then((data) => data.value);
}
/**
* getEnv can retrieve an OIDC token from an environment variable.
* This matches the behavior of https://github.com/sigstore/cosign/tree/main/pkg/providers/envvar
*/
async function getEnv() {
if (!process.env.SIGSTORE_ID_TOKEN) {
return Promise.reject('no token available');
}
return process.env.SIGSTORE_ID_TOKEN;
}

20
package/node_modules/@sigstore/sign/dist/identity/index.js generated vendored Normal file
View File

@@ -0,0 +1,20 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.CIContextProvider = void 0;
/*
Copyright 2023 The Sigstore Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
var ci_1 = require("./ci");
Object.defineProperty(exports, "CIContextProvider", { enumerable: true, get: function () { return ci_1.CIContextProvider; } });

2
package/node_modules/@sigstore/sign/dist/identity/provider.js generated vendored Normal file
View File

@@ -0,0 +1,2 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });

17
package/node_modules/@sigstore/sign/dist/index.js generated vendored Normal file
View File

@@ -0,0 +1,17 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.TSAWitness = exports.RekorWitness = exports.DEFAULT_REKOR_URL = exports.FulcioSigner = exports.DEFAULT_FULCIO_URL = exports.CIContextProvider = exports.InternalError = exports.MessageSignatureBundleBuilder = exports.DSSEBundleBuilder = void 0;
var bundler_1 = require("./bundler");
Object.defineProperty(exports, "DSSEBundleBuilder", { enumerable: true, get: function () { return bundler_1.DSSEBundleBuilder; } });
Object.defineProperty(exports, "MessageSignatureBundleBuilder", { enumerable: true, get: function () { return bundler_1.MessageSignatureBundleBuilder; } });
var error_1 = require("./error");
Object.defineProperty(exports, "InternalError", { enumerable: true, get: function () { return error_1.InternalError; } });
var identity_1 = require("./identity");
Object.defineProperty(exports, "CIContextProvider", { enumerable: true, get: function () { return identity_1.CIContextProvider; } });
var signer_1 = require("./signer");
Object.defineProperty(exports, "DEFAULT_FULCIO_URL", { enumerable: true, get: function () { return signer_1.DEFAULT_FULCIO_URL; } });
Object.defineProperty(exports, "FulcioSigner", { enumerable: true, get: function () { return signer_1.FulcioSigner; } });
var witness_1 = require("./witness");
Object.defineProperty(exports, "DEFAULT_REKOR_URL", { enumerable: true, get: function () { return witness_1.DEFAULT_REKOR_URL; } });
Object.defineProperty(exports, "RekorWitness", { enumerable: true, get: function () { return witness_1.RekorWitness; } });
Object.defineProperty(exports, "TSAWitness", { enumerable: true, get: function () { return witness_1.TSAWitness; } });

60
package/node_modules/@sigstore/sign/dist/signer/fulcio/ca.js generated vendored Normal file
View File

@@ -0,0 +1,60 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.CAClient = void 0;
/*
Copyright 2023 The Sigstore Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
const error_1 = require("../../error");
const fulcio_1 = require("../../external/fulcio");
class CAClient {
constructor(options) {
this.fulcio = new fulcio_1.Fulcio({
baseURL: options.fulcioBaseURL,
retry: options.retry,
timeout: options.timeout,
});
}
async createSigningCertificate(identityToken, publicKey, challenge) {
const request = toCertificateRequest(identityToken, publicKey, challenge);
try {
const resp = await this.fulcio.createSigningCertificate(request);
// Account for the fact that the response may contain either a
// signedCertificateEmbeddedSct or a signedCertificateDetachedSct.
const cert = resp.signedCertificateEmbeddedSct
? resp.signedCertificateEmbeddedSct
: resp.signedCertificateDetachedSct;
// eslint-disable-next-line @typescript-eslint/no-non-null-assertion
return cert.chain.certificates;
}
catch (err) {
(0, error_1.internalError)(err, 'CA_CREATE_SIGNING_CERTIFICATE_ERROR', 'error creating signing certificate');
}
}
}
exports.CAClient = CAClient;
function toCertificateRequest(identityToken, publicKey, challenge) {
return {
credentials: {
oidcIdentityToken: identityToken,
},
publicKeyRequest: {
publicKey: {
algorithm: 'ECDSA',
content: publicKey,
},
proofOfPossession: challenge.toString('base64'),
},
};
}

45
package/node_modules/@sigstore/sign/dist/signer/fulcio/ephemeral.js generated vendored Normal file
View File

@@ -0,0 +1,45 @@
"use strict";
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.EphemeralSigner = void 0;
/*
Copyright 2023 The Sigstore Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
const crypto_1 = __importDefault(require("crypto"));
const EC_KEYPAIR_TYPE = 'ec';
const P256_CURVE = 'P-256';
// Signer implementation which uses an ephemeral keypair to sign artifacts.
// The private key lives only in memory and is tied to the lifetime of the
// EphemeralSigner instance.
class EphemeralSigner {
constructor() {
this.keypair = crypto_1.default.generateKeyPairSync(EC_KEYPAIR_TYPE, {
namedCurve: P256_CURVE,
});
}
async sign(data) {
const signature = crypto_1.default.sign(null, data, this.keypair.privateKey);
const publicKey = this.keypair.publicKey
.export({ format: 'pem', type: 'spki' })
.toString('ascii');
return {
signature: signature,
key: { $case: 'publicKey', publicKey },
};
}
}
exports.EphemeralSigner = EphemeralSigner;

87
package/node_modules/@sigstore/sign/dist/signer/fulcio/index.js generated vendored Normal file
View File

@@ -0,0 +1,87 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.FulcioSigner = exports.DEFAULT_FULCIO_URL = void 0;
/*
Copyright 2023 The Sigstore Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
const error_1 = require("../../error");
const util_1 = require("../../util");
const ca_1 = require("./ca");
const ephemeral_1 = require("./ephemeral");
exports.DEFAULT_FULCIO_URL = 'https://fulcio.sigstore.dev';
// Signer implementation which can be used to decorate another signer
// with a Fulcio-issued signing certificate for the signer's public key.
// Must be instantiated with an identity provider which can provide a JWT
// which represents the identity to be bound to the signing certificate.
class FulcioSigner {
constructor(options) {
this.ca = new ca_1.CAClient({
...options,
fulcioBaseURL: options.fulcioBaseURL || /* istanbul ignore next */ exports.DEFAULT_FULCIO_URL,
});
this.identityProvider = options.identityProvider;
this.keyHolder = options.keyHolder || new ephemeral_1.EphemeralSigner();
}
async sign(data) {
// Retrieve identity token from the supplied identity provider
const identityToken = await this.getIdentityToken();
// Extract challenge claim from OIDC token
let subject;
try {
subject = util_1.oidc.extractJWTSubject(identityToken);
}
catch (err) {
throw new error_1.InternalError({
code: 'IDENTITY_TOKEN_PARSE_ERROR',
message: `invalid identity token: ${identityToken}`,
cause: err,
});
}
// Construct challenge value by signing the subject claim
const challenge = await this.keyHolder.sign(Buffer.from(subject));
if (challenge.key.$case !== 'publicKey') {
throw new error_1.InternalError({
code: 'CA_CREATE_SIGNING_CERTIFICATE_ERROR',
message: 'unexpected format for signing key',
});
}
// Create signing certificate
const certificates = await this.ca.createSigningCertificate(identityToken, challenge.key.publicKey, challenge.signature);
// Generate artifact signature
const signature = await this.keyHolder.sign(data);
// Specifically returning only the first certificate in the chain
// as the key.
return {
signature: signature.signature,
key: {
$case: 'x509Certificate',
certificate: certificates[0],
},
};
}
async getIdentityToken() {
try {
return await this.identityProvider.getToken();
}
catch (err) {
throw new error_1.InternalError({
code: 'IDENTITY_TOKEN_READ_ERROR',
message: 'error retrieving identity token',
cause: err,
});
}
}
}
exports.FulcioSigner = FulcioSigner;

22
package/node_modules/@sigstore/sign/dist/signer/index.js generated vendored Normal file
View File

@@ -0,0 +1,22 @@
"use strict";
/* istanbul ignore file */
Object.defineProperty(exports, "__esModule", { value: true });
exports.FulcioSigner = exports.DEFAULT_FULCIO_URL = void 0;
/*
Copyright 2023 The Sigstore Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
var fulcio_1 = require("./fulcio");
Object.defineProperty(exports, "DEFAULT_FULCIO_URL", { enumerable: true, get: function () { return fulcio_1.DEFAULT_FULCIO_URL; } });
Object.defineProperty(exports, "FulcioSigner", { enumerable: true, get: function () { return fulcio_1.FulcioSigner; } });

17
package/node_modules/@sigstore/sign/dist/signer/signer.js generated vendored Normal file
View File

@@ -0,0 +1,17 @@
"use strict";
/*
Copyright 2023 The Sigstore Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
Object.defineProperty(exports, "__esModule", { value: true });

2
package/node_modules/@sigstore/sign/dist/types/fetch.js generated vendored Normal file
View File

@@ -0,0 +1,2 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });

49
package/node_modules/@sigstore/sign/dist/util/index.js generated vendored Normal file
View File

@@ -0,0 +1,49 @@
"use strict";
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
var desc = Object.getOwnPropertyDescriptor(m, k);
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
desc = { enumerable: true, get: function() { return m[k]; } };
}
Object.defineProperty(o, k2, desc);
}) : (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
o["default"] = v;
});
var __importStar = (this && this.__importStar) || function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
__setModuleDefault(result, mod);
return result;
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.ua = exports.oidc = exports.pem = exports.json = exports.encoding = exports.dsse = exports.crypto = void 0;
/*
Copyright 2023 The Sigstore Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
var core_1 = require("@sigstore/core");
Object.defineProperty(exports, "crypto", { enumerable: true, get: function () { return core_1.crypto; } });
Object.defineProperty(exports, "dsse", { enumerable: true, get: function () { return core_1.dsse; } });
Object.defineProperty(exports, "encoding", { enumerable: true, get: function () { return core_1.encoding; } });
Object.defineProperty(exports, "json", { enumerable: true, get: function () { return core_1.json; } });
Object.defineProperty(exports, "pem", { enumerable: true, get: function () { return core_1.pem; } });
exports.oidc = __importStar(require("./oidc"));
exports.ua = __importStar(require("./ua"));

31
package/node_modules/@sigstore/sign/dist/util/oidc.js generated vendored Normal file
View File

@@ -0,0 +1,31 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.extractJWTSubject = void 0;
/*
Copyright 2023 The Sigstore Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
const core_1 = require("@sigstore/core");
function extractJWTSubject(jwt) {
const parts = jwt.split('.', 3);
const payload = JSON.parse(core_1.encoding.base64Decode(parts[1]));
switch (payload.iss) {
case 'https://accounts.google.com':
case 'https://oauth2.sigstore.dev/auth':
return payload.email;
default:
return payload.sub;
}
}
exports.extractJWTSubject = extractJWTSubject;

33
package/node_modules/@sigstore/sign/dist/util/ua.js generated vendored Normal file
View File

@@ -0,0 +1,33 @@
"use strict";
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.getUserAgent = void 0;
/*
Copyright 2023 The Sigstore Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
const os_1 = __importDefault(require("os"));
// Format User-Agent: <product> / <product-version> (<platform>)
// source: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/User-Agent
const getUserAgent = () => {
// eslint-disable-next-line @typescript-eslint/no-var-requires
const packageVersion = require('../../package.json').version;
const nodeVersion = process.version;
const platformName = os_1.default.platform();
const archName = os_1.default.arch();
return `sigstore-js/${packageVersion} (Node ${nodeVersion}) (${platformName}/${archName})`;
};
exports.getUserAgent = getUserAgent;

24
package/node_modules/@sigstore/sign/dist/witness/index.js generated vendored Normal file
View File

@@ -0,0 +1,24 @@
"use strict";
/* istanbul ignore file */
Object.defineProperty(exports, "__esModule", { value: true });
exports.TSAWitness = exports.RekorWitness = exports.DEFAULT_REKOR_URL = void 0;
/*
Copyright 2023 The Sigstore Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
var tlog_1 = require("./tlog");
Object.defineProperty(exports, "DEFAULT_REKOR_URL", { enumerable: true, get: function () { return tlog_1.DEFAULT_REKOR_URL; } });
Object.defineProperty(exports, "RekorWitness", { enumerable: true, get: function () { return tlog_1.RekorWitness; } });
var tsa_1 = require("./tsa");
Object.defineProperty(exports, "TSAWitness", { enumerable: true, get: function () { return tsa_1.TSAWitness; } });

61
package/node_modules/@sigstore/sign/dist/witness/tlog/client.js generated vendored Normal file
View File

@@ -0,0 +1,61 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.TLogClient = void 0;
/*
Copyright 2023 The Sigstore Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
const error_1 = require("../../error");
const error_2 = require("../../external/error");
const rekor_1 = require("../../external/rekor");
class TLogClient {
constructor(options) {
this.fetchOnConflict = options.fetchOnConflict ?? false;
this.rekor = new rekor_1.Rekor({
baseURL: options.rekorBaseURL,
retry: options.retry,
timeout: options.timeout,
});
}
async createEntry(proposedEntry) {
let entry;
try {
entry = await this.rekor.createEntry(proposedEntry);
}
catch (err) {
// If the entry already exists, fetch it (if enabled)
if (entryExistsError(err) && this.fetchOnConflict) {
// Grab the UUID of the existing entry from the location header
/* istanbul ignore next */
const uuid = err.location.split('/').pop() || '';
try {
entry = await this.rekor.getEntry(uuid);
}
catch (err) {
(0, error_1.internalError)(err, 'TLOG_FETCH_ENTRY_ERROR', 'error fetching tlog entry');
}
}
else {
(0, error_1.internalError)(err, 'TLOG_CREATE_ENTRY_ERROR', 'error creating tlog entry');
}
}
return entry;
}
}
exports.TLogClient = TLogClient;
function entryExistsError(value) {
return (value instanceof error_2.HTTPError &&
value.statusCode === 409 &&
value.location !== undefined);
}

136
package/node_modules/@sigstore/sign/dist/witness/tlog/entry.js generated vendored Normal file
View File

@@ -0,0 +1,136 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.toProposedEntry = void 0;
/*
Copyright 2023 The Sigstore Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
const bundle_1 = require("@sigstore/bundle");
const util_1 = require("../../util");
function toProposedEntry(content, publicKey,
// TODO: Remove this parameter once have completely switched to 'dsse' entries
entryType = 'intoto') {
switch (content.$case) {
case 'dsseEnvelope':
// TODO: Remove this conditional once have completely switched to 'dsse' entries
if (entryType === 'dsse') {
return toProposedDSSEEntry(content.dsseEnvelope, publicKey);
}
return toProposedIntotoEntry(content.dsseEnvelope, publicKey);
case 'messageSignature':
return toProposedHashedRekordEntry(content.messageSignature, publicKey);
}
}
exports.toProposedEntry = toProposedEntry;
// Returns a properly formatted Rekor "hashedrekord" entry for the given digest
// and signature
function toProposedHashedRekordEntry(messageSignature, publicKey) {
const hexDigest = messageSignature.messageDigest.digest.toString('hex');
const b64Signature = messageSignature.signature.toString('base64');
const b64Key = util_1.encoding.base64Encode(publicKey);
return {
apiVersion: '0.0.1',
kind: 'hashedrekord',
spec: {
data: {
hash: {
algorithm: 'sha256',
value: hexDigest,
},
},
signature: {
content: b64Signature,
publicKey: {
content: b64Key,
},
},
},
};
}
// Returns a properly formatted Rekor "dsse" entry for the given DSSE envelope
// and signature
function toProposedDSSEEntry(envelope, publicKey) {
const envelopeJSON = JSON.stringify((0, bundle_1.envelopeToJSON)(envelope));
const encodedKey = util_1.encoding.base64Encode(publicKey);
return {
apiVersion: '0.0.1',
kind: 'dsse',
spec: {
proposedContent: {
envelope: envelopeJSON,
verifiers: [encodedKey],
},
},
};
}
// Returns a properly formatted Rekor "intoto" entry for the given DSSE
// envelope and signature
function toProposedIntotoEntry(envelope, publicKey) {
// Calculate the value for the payloadHash field in the Rekor entry
const payloadHash = util_1.crypto.hash(envelope.payload).toString('hex');
// Calculate the value for the hash field in the Rekor entry
const envelopeHash = calculateDSSEHash(envelope, publicKey);
// Collect values for re-creating the DSSE envelope.
// Double-encode payload and signature cause that's what Rekor expects
const payload = util_1.encoding.base64Encode(envelope.payload.toString('base64'));
const sig = util_1.encoding.base64Encode(envelope.signatures[0].sig.toString('base64'));
const keyid = envelope.signatures[0].keyid;
const encodedKey = util_1.encoding.base64Encode(publicKey);
// Create the envelope portion of the entry. Note the inclusion of the
// publicKey in the signature struct is not a standard part of a DSSE
// envelope, but is required by Rekor.
const dsse = {
payloadType: envelope.payloadType,
payload: payload,
signatures: [{ sig, publicKey: encodedKey }],
};
// If the keyid is an empty string, Rekor seems to remove it altogether. We
// need to do the same here so that we can properly recreate the entry for
// verification.
if (keyid.length > 0) {
dsse.signatures[0].keyid = keyid;
}
return {
apiVersion: '0.0.2',
kind: 'intoto',
spec: {
content: {
envelope: dsse,
hash: { algorithm: 'sha256', value: envelopeHash },
payloadHash: { algorithm: 'sha256', value: payloadHash },
},
},
};
}
// Calculates the hash of a DSSE envelope for inclusion in a Rekor entry.
// There is no standard way to do this, so the scheme we're using as as
// follows:
// * payload is base64 encoded
// * signature is base64 encoded (only the first signature is used)
// * keyid is included ONLY if it is NOT an empty string
// * The resulting JSON is canonicalized and hashed to a hex string
function calculateDSSEHash(envelope, publicKey) {
const dsse = {
payloadType: envelope.payloadType,
payload: envelope.payload.toString('base64'),
signatures: [
{ sig: envelope.signatures[0].sig.toString('base64'), publicKey },
],
};
// If the keyid is an empty string, Rekor seems to remove it altogether.
if (envelope.signatures[0].keyid.length > 0) {
dsse.signatures[0].keyid = envelope.signatures[0].keyid;
}
return util_1.crypto.hash(util_1.json.canonicalize(dsse)).toString('hex');
}

82
package/node_modules/@sigstore/sign/dist/witness/tlog/index.js generated vendored Normal file
View File

@@ -0,0 +1,82 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.RekorWitness = exports.DEFAULT_REKOR_URL = void 0;
/*
Copyright 2023 The Sigstore Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
const util_1 = require("../../util");
const client_1 = require("./client");
const entry_1 = require("./entry");
exports.DEFAULT_REKOR_URL = 'https://rekor.sigstore.dev';
class RekorWitness {
constructor(options) {
this.entryType = options.entryType;
this.tlog = new client_1.TLogClient({
...options,
rekorBaseURL: options.rekorBaseURL || /* istanbul ignore next */ exports.DEFAULT_REKOR_URL,
});
}
async testify(content, publicKey) {
const proposedEntry = (0, entry_1.toProposedEntry)(content, publicKey, this.entryType);
const entry = await this.tlog.createEntry(proposedEntry);
return toTransparencyLogEntry(entry);
}
}
exports.RekorWitness = RekorWitness;
function toTransparencyLogEntry(entry) {
const logID = Buffer.from(entry.logID, 'hex');
// Parse entry body so we can extract the kind and version.
const bodyJSON = util_1.encoding.base64Decode(entry.body);
const entryBody = JSON.parse(bodyJSON);
const promise = entry?.verification?.signedEntryTimestamp
? inclusionPromise(entry.verification.signedEntryTimestamp)
: undefined;
const proof = entry?.verification?.inclusionProof
? inclusionProof(entry.verification.inclusionProof)
: undefined;
const tlogEntry = {
logIndex: entry.logIndex.toString(),
logId: {
keyId: logID,
},
integratedTime: entry.integratedTime.toString(),
kindVersion: {
kind: entryBody.kind,
version: entryBody.apiVersion,
},
inclusionPromise: promise,
inclusionProof: proof,
canonicalizedBody: Buffer.from(entry.body, 'base64'),
};
return {
tlogEntries: [tlogEntry],
};
}
function inclusionPromise(promise) {
return {
signedEntryTimestamp: Buffer.from(promise, 'base64'),
};
}
function inclusionProof(proof) {
return {
logIndex: proof.logIndex.toString(),
treeSize: proof.treeSize.toString(),
rootHash: Buffer.from(proof.rootHash, 'hex'),
hashes: proof.hashes.map((h) => Buffer.from(h, 'hex')),
checkpoint: {
envelope: proof.checkpoint,
},
};
}

43
package/node_modules/@sigstore/sign/dist/witness/tsa/client.js generated vendored Normal file
View File

@@ -0,0 +1,43 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.TSAClient = void 0;
/*
Copyright 2023 The Sigstore Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
const error_1 = require("../../error");
const tsa_1 = require("../../external/tsa");
const util_1 = require("../../util");
class TSAClient {
constructor(options) {
this.tsa = new tsa_1.TimestampAuthority({
baseURL: options.tsaBaseURL,
retry: options.retry,
timeout: options.timeout,
});
}
async createTimestamp(signature) {
const request = {
artifactHash: util_1.crypto.hash(signature).toString('base64'),
hashAlgorithm: 'sha256',
};
try {
return await this.tsa.createTimestamp(request);
}
catch (err) {
(0, error_1.internalError)(err, 'TSA_CREATE_TIMESTAMP_ERROR', 'error creating timestamp');
}
}
}
exports.TSAClient = TSAClient;

44
package/node_modules/@sigstore/sign/dist/witness/tsa/index.js generated vendored Normal file
View File

@@ -0,0 +1,44 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.TSAWitness = void 0;
/*
Copyright 2023 The Sigstore Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
const client_1 = require("./client");
class TSAWitness {
constructor(options) {
this.tsa = new client_1.TSAClient({
tsaBaseURL: options.tsaBaseURL,
retry: options.retry,
timeout: options.timeout,
});
}
async testify(content) {
const signature = extractSignature(content);
const timestamp = await this.tsa.createTimestamp(signature);
return {
rfc3161Timestamps: [{ signedTimestamp: timestamp }],
};
}
}
exports.TSAWitness = TSAWitness;
function extractSignature(content) {
switch (content.$case) {
case 'dsseEnvelope':
return content.dsseEnvelope.signatures[0].sig;
case 'messageSignature':
return content.messageSignature.signature;
}
}

2
package/node_modules/@sigstore/sign/dist/witness/witness.js generated vendored Normal file
View File

@@ -0,0 +1,2 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });

46
package/node_modules/@sigstore/sign/package.json generated vendored Normal file
View File

@@ -0,0 +1,46 @@
{
"name": "@sigstore/sign",
"version": "2.3.2",
"description": "Sigstore signing library",
"main": "dist/index.js",
"types": "dist/index.d.ts",
"scripts": {
"clean": "shx rm -rf dist *.tsbuildinfo",
"build": "tsc --build",
"test": "jest"
},
"files": [
"dist"
],
"author": "bdehamer@github.com",
"license": "Apache-2.0",
"repository": {
"type": "git",
"url": "git+https://github.com/sigstore/sigstore-js.git"
},
"bugs": {
"url": "https://github.com/sigstore/sigstore-js/issues"
},
"homepage": "https://github.com/sigstore/sigstore-js/tree/main/packages/sign#readme",
"publishConfig": {
"provenance": true
},
"devDependencies": {
"@sigstore/jest": "^0.0.0",
"@sigstore/mock": "^0.7.4",
"@sigstore/rekor-types": "^2.0.0",
"@types/make-fetch-happen": "^10.0.4",
"@types/promise-retry": "^1.1.6"
},
"dependencies": {
"@sigstore/bundle": "^2.3.2",
"@sigstore/core": "^1.0.0",
"@sigstore/protobuf-specs": "^0.3.2",
"make-fetch-happen": "^13.0.1",
"proc-log": "^4.2.0",
"promise-retry": "^2.0.1"
},
"engines": {
"node": "^16.14.0 || >=18.0.0"
}
}

202
package/node_modules/@sigstore/tuf/LICENSE generated vendored Normal file
View File

@@ -0,0 +1,202 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright 2023 The Sigstore Authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

44
package/node_modules/@sigstore/tuf/dist/appdata.js generated vendored Normal file
View File

@@ -0,0 +1,44 @@
"use strict";
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.appDataPath = void 0;
/*
Copyright 2023 The Sigstore Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
const os_1 = __importDefault(require("os"));
const path_1 = __importDefault(require("path"));
function appDataPath(name) {
const homedir = os_1.default.homedir();
switch (process.platform) {
/* istanbul ignore next */
case 'darwin': {
const appSupport = path_1.default.join(homedir, 'Library', 'Application Support');
return path_1.default.join(appSupport, name);
}
/* istanbul ignore next */
case 'win32': {
const localAppData = process.env.LOCALAPPDATA || path_1.default.join(homedir, 'AppData', 'Local');
return path_1.default.join(localAppData, name, 'Data');
}
/* istanbul ignore next */
default: {
const localData = process.env.XDG_DATA_HOME || path_1.default.join(homedir, '.local', 'share');
return path_1.default.join(localData, name);
}
}
}
exports.appDataPath = appDataPath;

112
package/node_modules/@sigstore/tuf/dist/client.js generated vendored Normal file
View File

@@ -0,0 +1,112 @@
"use strict";
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.TUFClient = void 0;
/*
Copyright 2023 The Sigstore Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
const fs_1 = __importDefault(require("fs"));
const path_1 = __importDefault(require("path"));
const tuf_js_1 = require("tuf-js");
const _1 = require(".");
const target_1 = require("./target");
const TARGETS_DIR_NAME = 'targets';
class TUFClient {
constructor(options) {
const url = new URL(options.mirrorURL);
const repoName = encodeURIComponent(url.host + url.pathname.replace(/\/$/, ''));
const cachePath = path_1.default.join(options.cachePath, repoName);
initTufCache(cachePath);
seedCache({
cachePath,
mirrorURL: options.mirrorURL,
tufRootPath: options.rootPath,
forceInit: options.forceInit,
});
this.updater = initClient({
mirrorURL: options.mirrorURL,
cachePath,
forceCache: options.forceCache,
retry: options.retry,
timeout: options.timeout,
});
}
async refresh() {
return this.updater.refresh();
}
getTarget(targetName) {
return (0, target_1.readTarget)(this.updater, targetName);
}
}
exports.TUFClient = TUFClient;
// Initializes the TUF cache directory structure including the initial
// root.json file. If the cache directory does not exist, it will be
// created. If the targets directory does not exist, it will be created.
// If the root.json file does not exist, it will be copied from the
// rootPath argument.
function initTufCache(cachePath) {
const targetsPath = path_1.default.join(cachePath, TARGETS_DIR_NAME);
if (!fs_1.default.existsSync(cachePath)) {
fs_1.default.mkdirSync(cachePath, { recursive: true });
}
if (!fs_1.default.existsSync(targetsPath)) {
fs_1.default.mkdirSync(targetsPath);
}
}
// Populates the TUF cache with the initial root.json file. If the root.json
// file does not exist (or we're forcing re-initialization), copy it from either
// the rootPath argument or from one of the repo seeds.
function seedCache({ cachePath, mirrorURL, tufRootPath, forceInit, }) {
const cachedRootPath = path_1.default.join(cachePath, 'root.json');
// If the root.json file does not exist (or we're forcing re-initialization),
// populate it either from the supplied rootPath or from one of the repo seeds.
if (!fs_1.default.existsSync(cachedRootPath) || forceInit) {
if (tufRootPath) {
fs_1.default.copyFileSync(tufRootPath, cachedRootPath);
}
else {
/* eslint-disable @typescript-eslint/no-var-requires */
const seeds = require('../seeds.json');
const repoSeed = seeds[mirrorURL];
if (!repoSeed) {
throw new _1.TUFError({
code: 'TUF_INIT_CACHE_ERROR',
message: `No root.json found for mirror: ${mirrorURL}`,
});
}
fs_1.default.writeFileSync(cachedRootPath, Buffer.from(repoSeed['root.json'], 'base64'));
// Copy any seed targets into the cache
Object.entries(repoSeed.targets).forEach(([targetName, target]) => {
fs_1.default.writeFileSync(path_1.default.join(cachePath, TARGETS_DIR_NAME, targetName), Buffer.from(target, 'base64'));
});
}
}
}
function initClient(options) {
const config = {
fetchTimeout: options.timeout,
fetchRetry: options.retry,
};
return new tuf_js_1.Updater({
metadataBaseUrl: options.mirrorURL,
targetBaseUrl: `${options.mirrorURL}/targets`,
metadataDir: options.cachePath,
targetDir: path_1.default.join(options.cachePath, TARGETS_DIR_NAME),
forceCache: options.forceCache,
config,
});
}

12
package/node_modules/@sigstore/tuf/dist/error.js generated vendored Normal file
View File

@@ -0,0 +1,12 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.TUFError = void 0;
class TUFError extends Error {
constructor({ code, message, cause, }) {
super(message);
this.code = code;
this.cause = cause;
this.name = this.constructor.name;
}
}
exports.TUFError = TUFError;

56
package/node_modules/@sigstore/tuf/dist/index.js generated vendored Normal file
View File

@@ -0,0 +1,56 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.TUFError = exports.initTUF = exports.getTrustedRoot = exports.DEFAULT_MIRROR_URL = void 0;
/*
Copyright 2023 The Sigstore Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
const protobuf_specs_1 = require("@sigstore/protobuf-specs");
const appdata_1 = require("./appdata");
const client_1 = require("./client");
exports.DEFAULT_MIRROR_URL = 'https://tuf-repo-cdn.sigstore.dev';
const DEFAULT_CACHE_DIR = 'sigstore-js';
const DEFAULT_RETRY = { retries: 2 };
const DEFAULT_TIMEOUT = 5000;
const TRUSTED_ROOT_TARGET = 'trusted_root.json';
async function getTrustedRoot(
/* istanbul ignore next */
options = {}) {
const client = createClient(options);
const trustedRoot = await client.getTarget(TRUSTED_ROOT_TARGET);
return protobuf_specs_1.TrustedRoot.fromJSON(JSON.parse(trustedRoot));
}
exports.getTrustedRoot = getTrustedRoot;
async function initTUF(
/* istanbul ignore next */
options = {}) {
const client = createClient(options);
return client.refresh().then(() => client);
}
exports.initTUF = initTUF;
// Create a TUF client with default options
function createClient(options) {
/* istanbul ignore next */
return new client_1.TUFClient({
cachePath: options.cachePath || (0, appdata_1.appDataPath)(DEFAULT_CACHE_DIR),
rootPath: options.rootPath,
mirrorURL: options.mirrorURL || exports.DEFAULT_MIRROR_URL,
retry: options.retry ?? DEFAULT_RETRY,
timeout: options.timeout ?? DEFAULT_TIMEOUT,
forceCache: options.forceCache ?? false,
forceInit: options.forceInit ?? options.force ?? false,
});
}
var error_1 = require("./error");
Object.defineProperty(exports, "TUFError", { enumerable: true, get: function () { return error_1.TUFError; } });

80
package/node_modules/@sigstore/tuf/dist/target.js generated vendored Normal file
View File

@@ -0,0 +1,80 @@
"use strict";
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.readTarget = void 0;
/*
Copyright 2023 The Sigstore Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
const fs_1 = __importDefault(require("fs"));
const error_1 = require("./error");
// Downloads and returns the specified target from the provided TUF Updater.
async function readTarget(tuf, targetPath) {
const path = await getTargetPath(tuf, targetPath);
return new Promise((resolve, reject) => {
fs_1.default.readFile(path, 'utf-8', (err, data) => {
if (err) {
reject(new error_1.TUFError({
code: 'TUF_READ_TARGET_ERROR',
message: `error reading target ${path}`,
cause: err,
}));
}
else {
resolve(data);
}
});
});
}
exports.readTarget = readTarget;
// Returns the local path to the specified target. If the target is not yet
// cached locally, the provided TUF Updater will be used to download and
// cache the target.
async function getTargetPath(tuf, target) {
let targetInfo;
try {
targetInfo = await tuf.getTargetInfo(target);
}
catch (err) {
throw new error_1.TUFError({
code: 'TUF_REFRESH_METADATA_ERROR',
message: 'error refreshing TUF metadata',
cause: err,
});
}
if (!targetInfo) {
throw new error_1.TUFError({
code: 'TUF_FIND_TARGET_ERROR',
message: `target ${target} not found`,
});
}
let path = await tuf.findCachedTarget(targetInfo);
// An empty path here means the target has not been cached locally, or is
// out of date. In either case, we need to download it.
if (!path) {
try {
path = await tuf.downloadTarget(targetInfo);
}
catch (err) {
throw new error_1.TUFError({
code: 'TUF_DOWNLOAD_TARGET_ERROR',
message: `error downloading target ${path}`,
cause: err,
});
}
}
return path;
}

41
package/node_modules/@sigstore/tuf/package.json generated vendored Normal file
View File

@@ -0,0 +1,41 @@
{
"name": "@sigstore/tuf",
"version": "2.3.4",
"description": "Client for the Sigstore TUF repository",
"main": "dist/index.js",
"types": "dist/index.d.ts",
"scripts": {
"clean": "shx rm -rf dist *.tsbuildinfo",
"build": "tsc --build",
"test": "jest"
},
"files": [
"dist",
"seeds.json"
],
"author": "bdehamer@github.com",
"license": "Apache-2.0",
"repository": {
"type": "git",
"url": "git+https://github.com/sigstore/sigstore-js.git"
},
"bugs": {
"url": "https://github.com/sigstore/sigstore-js/issues"
},
"homepage": "https://github.com/sigstore/sigstore-js/tree/main/packages/tuf#readme",
"publishConfig": {
"provenance": true
},
"devDependencies": {
"@sigstore/jest": "^0.0.0",
"@tufjs/repo-mock": "^2.0.1",
"@types/make-fetch-happen": "^10.0.4"
},
"dependencies": {
"@sigstore/protobuf-specs": "^0.3.2",
"tuf-js": "^2.2.1"
},
"engines": {
"node": "^16.14.0 || >=18.0.0"
}
}

1
package/node_modules/@sigstore/tuf/seeds.json generated vendored Normal file
View File

File diff suppressed because one or more lines are too long

43
package/node_modules/@sigstore/verify/dist/bundle/dsse.js generated vendored Normal file
View File

@@ -0,0 +1,43 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.DSSESignatureContent = void 0;
/*
Copyright 2023 The Sigstore Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
const core_1 = require("@sigstore/core");
class DSSESignatureContent {
constructor(env) {
this.env = env;
}
compareDigest(digest) {
return core_1.crypto.bufferEqual(digest, core_1.crypto.hash(this.env.payload));
}
compareSignature(signature) {
return core_1.crypto.bufferEqual(signature, this.signature);
}
verifySignature(key) {
return core_1.crypto.verify(this.preAuthEncoding, key, this.signature);
}
get signature() {
return this.env.signatures.length > 0
? this.env.signatures[0].sig
: Buffer.from('');
}
// DSSE Pre-Authentication Encoding
get preAuthEncoding() {
return core_1.dsse.preAuthEncoding(this.env.payloadType, this.env.payload);
}
}
exports.DSSESignatureContent = DSSESignatureContent;

58
package/node_modules/@sigstore/verify/dist/bundle/index.js generated vendored Normal file
View File

@@ -0,0 +1,58 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.signatureContent = exports.toSignedEntity = void 0;
const core_1 = require("@sigstore/core");
const dsse_1 = require("./dsse");
const message_1 = require("./message");
function toSignedEntity(bundle, artifact) {
const { tlogEntries, timestampVerificationData } = bundle.verificationMaterial;
const timestamps = [];
for (const entry of tlogEntries) {
timestamps.push({
$case: 'transparency-log',
tlogEntry: entry,
});
}
for (const ts of timestampVerificationData?.rfc3161Timestamps ?? []) {
timestamps.push({
$case: 'timestamp-authority',
timestamp: core_1.RFC3161Timestamp.parse(ts.signedTimestamp),
});
}
return {
signature: signatureContent(bundle, artifact),
key: key(bundle),
tlogEntries,
timestamps,
};
}
exports.toSignedEntity = toSignedEntity;
function signatureContent(bundle, artifact) {
switch (bundle.content.$case) {
case 'dsseEnvelope':
return new dsse_1.DSSESignatureContent(bundle.content.dsseEnvelope);
case 'messageSignature':
return new message_1.MessageSignatureContent(bundle.content.messageSignature, artifact);
}
}
exports.signatureContent = signatureContent;
function key(bundle) {
switch (bundle.verificationMaterial.content.$case) {
case 'publicKey':
return {
$case: 'public-key',
hint: bundle.verificationMaterial.content.publicKey.hint,
};
case 'x509CertificateChain':
return {
$case: 'certificate',
certificate: core_1.X509Certificate.parse(bundle.verificationMaterial.content.x509CertificateChain
.certificates[0].rawBytes),
};
case 'certificate':
return {
$case: 'certificate',
certificate: core_1.X509Certificate.parse(bundle.verificationMaterial.content.certificate.rawBytes),
};
}
}

36
package/node_modules/@sigstore/verify/dist/bundle/message.js generated vendored Normal file
View File

@@ -0,0 +1,36 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.MessageSignatureContent = void 0;
/*
Copyright 2023 The Sigstore Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
const core_1 = require("@sigstore/core");
class MessageSignatureContent {
constructor(messageSignature, artifact) {
this.signature = messageSignature.signature;
this.messageDigest = messageSignature.messageDigest.digest;
this.artifact = artifact;
}
compareSignature(signature) {
return core_1.crypto.bufferEqual(signature, this.signature);
}
compareDigest(digest) {
return core_1.crypto.bufferEqual(digest, this.messageDigest);
}
verifySignature(key) {
return core_1.crypto.verify(this.artifact, key, this.signature);
}
}
exports.MessageSignatureContent = MessageSignatureContent;

32
package/node_modules/@sigstore/verify/dist/error.js generated vendored Normal file
View File

@@ -0,0 +1,32 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.PolicyError = exports.VerificationError = void 0;
/*
Copyright 2023 The Sigstore Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
class BaseError extends Error {
constructor({ code, message, cause, }) {
super(message);
this.code = code;
this.cause = cause;
this.name = this.constructor.name;
}
}
class VerificationError extends BaseError {
}
exports.VerificationError = VerificationError;
class PolicyError extends BaseError {
}
exports.PolicyError = PolicyError;

28
package/node_modules/@sigstore/verify/dist/index.js generated vendored Normal file
View File

@@ -0,0 +1,28 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.Verifier = exports.toTrustMaterial = exports.VerificationError = exports.PolicyError = exports.toSignedEntity = void 0;
/* istanbul ignore file */
/*
Copyright 2023 The Sigstore Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
var bundle_1 = require("./bundle");
Object.defineProperty(exports, "toSignedEntity", { enumerable: true, get: function () { return bundle_1.toSignedEntity; } });
var error_1 = require("./error");
Object.defineProperty(exports, "PolicyError", { enumerable: true, get: function () { return error_1.PolicyError; } });
Object.defineProperty(exports, "VerificationError", { enumerable: true, get: function () { return error_1.VerificationError; } });
var trust_1 = require("./trust");
Object.defineProperty(exports, "toTrustMaterial", { enumerable: true, get: function () { return trust_1.toTrustMaterial; } });
var verifier_1 = require("./verifier");
Object.defineProperty(exports, "Verifier", { enumerable: true, get: function () { return verifier_1.Verifier; } });

205
package/node_modules/@sigstore/verify/dist/key/certificate.js generated vendored Normal file
View File

@@ -0,0 +1,205 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.CertificateChainVerifier = exports.verifyCertificateChain = void 0;
const error_1 = require("../error");
const trust_1 = require("../trust");
function verifyCertificateChain(leaf, certificateAuthorities) {
// Filter list of trusted CAs to those which are valid for the given
// leaf certificate.
const cas = (0, trust_1.filterCertAuthorities)(certificateAuthorities, {
start: leaf.notBefore,
end: leaf.notAfter,
});
/* eslint-disable-next-line @typescript-eslint/no-explicit-any */
let error;
for (const ca of cas) {
try {
const verifier = new CertificateChainVerifier({
trustedCerts: ca.certChain,
untrustedCert: leaf,
});
return verifier.verify();
}
catch (err) {
error = err;
}
}
// If we failed to verify the certificate chain for all of the trusted
// CAs, throw the last error we encountered.
throw new error_1.VerificationError({
code: 'CERTIFICATE_ERROR',
message: 'Failed to verify certificate chain',
cause: error,
});
}
exports.verifyCertificateChain = verifyCertificateChain;
class CertificateChainVerifier {
constructor(opts) {
this.untrustedCert = opts.untrustedCert;
this.trustedCerts = opts.trustedCerts;
this.localCerts = dedupeCertificates([
...opts.trustedCerts,
opts.untrustedCert,
]);
}
verify() {
// Construct certificate path from leaf to root
const certificatePath = this.sort();
// Perform validation checks on each certificate in the path
this.checkPath(certificatePath);
// Return verified certificate path
return certificatePath;
}
sort() {
const leafCert = this.untrustedCert;
// Construct all possible paths from the leaf
let paths = this.buildPaths(leafCert);
// Filter for paths which contain a trusted certificate
paths = paths.filter((path) => path.some((cert) => this.trustedCerts.includes(cert)));
if (paths.length === 0) {
throw new error_1.VerificationError({
code: 'CERTIFICATE_ERROR',
message: 'no trusted certificate path found',
});
}
// Find the shortest of possible paths
/* istanbul ignore next */
const path = paths.reduce((prev, curr) => prev.length < curr.length ? prev : curr);
// Construct chain from shortest path
// Removes the last certificate in the path, which will be a second copy
// of the root certificate given that the root is self-signed.
return [leafCert, ...path].slice(0, -1);
}
// Recursively build all possible paths from the leaf to the root
buildPaths(certificate) {
const paths = [];
const issuers = this.findIssuer(certificate);
if (issuers.length === 0) {
throw new error_1.VerificationError({
code: 'CERTIFICATE_ERROR',
message: 'no valid certificate path found',
});
}
for (let i = 0; i < issuers.length; i++) {
const issuer = issuers[i];
// Base case - issuer is self
if (issuer.equals(certificate)) {
paths.push([certificate]);
continue;
}
// Recursively build path for the issuer
const subPaths = this.buildPaths(issuer);
// Construct paths by appending the issuer to each subpath
for (let j = 0; j < subPaths.length; j++) {
paths.push([issuer, ...subPaths[j]]);
}
}
return paths;
}
// Return all possible issuers for the given certificate
findIssuer(certificate) {
let issuers = [];
let keyIdentifier;
// Exit early if the certificate is self-signed
if (certificate.subject.equals(certificate.issuer)) {
if (certificate.verify()) {
return [certificate];
}
}
// If the certificate has an authority key identifier, use that
// to find the issuer
if (certificate.extAuthorityKeyID) {
keyIdentifier = certificate.extAuthorityKeyID.keyIdentifier;
// TODO: Add support for authorityCertIssuer/authorityCertSerialNumber
// though Fulcio doesn't appear to use these
}
// Find possible issuers by comparing the authorityKeyID/subjectKeyID
// or issuer/subject. Potential issuers are added to the result array.
this.localCerts.forEach((possibleIssuer) => {
if (keyIdentifier) {
if (possibleIssuer.extSubjectKeyID) {
if (possibleIssuer.extSubjectKeyID.keyIdentifier.equals(keyIdentifier)) {
issuers.push(possibleIssuer);
}
return;
}
}
// Fallback to comparing certificate issuer and subject if
// subjectKey/authorityKey extensions are not present
if (possibleIssuer.subject.equals(certificate.issuer)) {
issuers.push(possibleIssuer);
}
});
// Remove any issuers which fail to verify the certificate
issuers = issuers.filter((issuer) => {
try {
return certificate.verify(issuer);
}
catch (ex) {
/* istanbul ignore next - should never error */
return false;
}
});
return issuers;
}
checkPath(path) {
/* istanbul ignore if */
if (path.length < 1) {
throw new error_1.VerificationError({
code: 'CERTIFICATE_ERROR',
message: 'certificate chain must contain at least one certificate',
});
}
// Ensure that all certificates beyond the leaf are CAs
const validCAs = path.slice(1).every((cert) => cert.isCA);
if (!validCAs) {
throw new error_1.VerificationError({
code: 'CERTIFICATE_ERROR',
message: 'intermediate certificate is not a CA',
});
}
// Certificate's issuer must match the subject of the next certificate
// in the chain
for (let i = path.length - 2; i >= 0; i--) {
/* istanbul ignore if */
if (!path[i].issuer.equals(path[i + 1].subject)) {
throw new error_1.VerificationError({
code: 'CERTIFICATE_ERROR',
message: 'incorrect certificate name chaining',
});
}
}
// Check pathlength constraints
for (let i = 0; i < path.length; i++) {
const cert = path[i];
// If the certificate is a CA, check the path length
if (cert.extBasicConstraints?.isCA) {
const pathLength = cert.extBasicConstraints.pathLenConstraint;
// The path length, if set, indicates how many intermediate
// certificates (NOT including the leaf) are allowed to follow. The
// pathLength constraint of any intermediate CA certificate MUST be
// greater than or equal to it's own depth in the chain (with an
// adjustment for the leaf certificate)
if (pathLength !== undefined && pathLength < i - 1) {
throw new error_1.VerificationError({
code: 'CERTIFICATE_ERROR',
message: 'path length constraint exceeded',
});
}
}
}
}
}
exports.CertificateChainVerifier = CertificateChainVerifier;
// Remove duplicate certificates from the array
function dedupeCertificates(certs) {
for (let i = 0; i < certs.length; i++) {
for (let j = i + 1; j < certs.length; j++) {
if (certs[i].equals(certs[j])) {
certs.splice(j, 1);
j--;
}
}
}
return certs;
}

72
package/node_modules/@sigstore/verify/dist/key/index.js generated vendored Normal file
View File

@@ -0,0 +1,72 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.verifyCertificate = exports.verifyPublicKey = void 0;
/*
Copyright 2023 The Sigstore Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
const core_1 = require("@sigstore/core");
const error_1 = require("../error");
const certificate_1 = require("./certificate");
const sct_1 = require("./sct");
const OID_FULCIO_ISSUER_V1 = '1.3.6.1.4.1.57264.1.1';
const OID_FULCIO_ISSUER_V2 = '1.3.6.1.4.1.57264.1.8';
function verifyPublicKey(hint, timestamps, trustMaterial) {
const key = trustMaterial.publicKey(hint);
timestamps.forEach((timestamp) => {
if (!key.validFor(timestamp)) {
throw new error_1.VerificationError({
code: 'PUBLIC_KEY_ERROR',
message: `Public key is not valid for timestamp: ${timestamp.toISOString()}`,
});
}
});
return { key: key.publicKey };
}
exports.verifyPublicKey = verifyPublicKey;
function verifyCertificate(leaf, timestamps, trustMaterial) {
// Check that leaf certificate chains to a trusted CA
const path = (0, certificate_1.verifyCertificateChain)(leaf, trustMaterial.certificateAuthorities);
// Check that ALL certificates are valid for ALL of the timestamps
const validForDate = timestamps.every((timestamp) => path.every((cert) => cert.validForDate(timestamp)));
if (!validForDate) {
throw new error_1.VerificationError({
code: 'CERTIFICATE_ERROR',
message: 'certificate is not valid or expired at the specified date',
});
}
return {
scts: (0, sct_1.verifySCTs)(path[0], path[1], trustMaterial.ctlogs),
signer: getSigner(path[0]),
};
}
exports.verifyCertificate = verifyCertificate;
function getSigner(cert) {
let issuer;
const issuerExtension = cert.extension(OID_FULCIO_ISSUER_V2);
if (issuerExtension) {
issuer = issuerExtension.valueObj.subs?.[0]?.value.toString('ascii');
}
else {
issuer = cert.extension(OID_FULCIO_ISSUER_V1)?.value.toString('ascii');
}
const identity = {
extensions: { issuer },
subjectAlternativeName: cert.subjectAltName,
};
return {
key: core_1.crypto.createPublicKey(cert.publicKey),
identity,
};
}

79
package/node_modules/@sigstore/verify/dist/key/sct.js generated vendored Normal file
View File

@@ -0,0 +1,79 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.verifySCTs = void 0;
/*
Copyright 2023 The Sigstore Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
const core_1 = require("@sigstore/core");
const error_1 = require("../error");
const trust_1 = require("../trust");
function verifySCTs(cert, issuer, ctlogs) {
let extSCT;
// Verifying the SCT requires that we remove the SCT extension and
// re-encode the TBS structure to DER -- this value is part of the data
// over which the signature is calculated. Since this is a destructive action
// we create a copy of the certificate so we can remove the SCT extension
// without affecting the original certificate.
const clone = cert.clone();
// Intentionally not using the findExtension method here because we want to
// remove the the SCT extension from the certificate before calculating the
// PreCert structure
for (let i = 0; i < clone.extensions.length; i++) {
const ext = clone.extensions[i];
if (ext.subs[0].toOID() === core_1.EXTENSION_OID_SCT) {
extSCT = new core_1.X509SCTExtension(ext);
// Remove the extension from the certificate
clone.extensions.splice(i, 1);
break;
}
}
// No SCT extension found to verify
if (!extSCT) {
return [];
}
// Found an SCT extension but it has no SCTs
/* istanbul ignore if -- too difficult to fabricate test case for this */
if (extSCT.signedCertificateTimestamps.length === 0) {
return [];
}
// Construct the PreCert structure
// https://www.rfc-editor.org/rfc/rfc6962#section-3.2
const preCert = new core_1.ByteStream();
// Calculate hash of the issuer's public key
const issuerId = core_1.crypto.hash(issuer.publicKey);
preCert.appendView(issuerId);
// Re-encodes the certificate to DER after removing the SCT extension
const tbs = clone.tbsCertificate.toDER();
preCert.appendUint24(tbs.length);
preCert.appendView(tbs);
// Calculate and return the verification results for each SCT
return extSCT.signedCertificateTimestamps.map((sct) => {
// Find the ctlog instance that corresponds to the SCT's logID
const validCTLogs = (0, trust_1.filterTLogAuthorities)(ctlogs, {
logID: sct.logID,
targetDate: sct.datetime,
});
// See if the SCT is valid for any of the CT logs
const verified = validCTLogs.some((log) => sct.verify(preCert.buffer, log.publicKey));
if (!verified) {
throw new error_1.VerificationError({
code: 'CERTIFICATE_ERROR',
message: 'SCT verification failed',
});
}
return sct.logID;
});
}
exports.verifySCTs = verifySCTs;

25
package/node_modules/@sigstore/verify/dist/policy.js generated vendored Normal file
View File

@@ -0,0 +1,25 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.verifyExtensions = exports.verifySubjectAlternativeName = void 0;
const error_1 = require("./error");
function verifySubjectAlternativeName(policyIdentity, signerIdentity) {
if (signerIdentity === undefined || !signerIdentity.match(policyIdentity)) {
throw new error_1.PolicyError({
code: 'UNTRUSTED_SIGNER_ERROR',
message: `certificate identity error - expected ${policyIdentity}, got ${signerIdentity}`,
});
}
}
exports.verifySubjectAlternativeName = verifySubjectAlternativeName;
function verifyExtensions(policyExtensions, signerExtensions = {}) {
let key;
for (key in policyExtensions) {
if (signerExtensions[key] !== policyExtensions[key]) {
throw new error_1.PolicyError({
code: 'UNTRUSTED_SIGNER_ERROR',
message: `invalid certificate extension - expected ${key}=${policyExtensions[key]}, got ${key}=${signerExtensions[key]}`,
});
}
}
}
exports.verifyExtensions = verifyExtensions;

2
package/node_modules/@sigstore/verify/dist/shared.types.js generated vendored Normal file
View File

@@ -0,0 +1,2 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });

158
package/node_modules/@sigstore/verify/dist/timestamp/checkpoint.js generated vendored Normal file
View File

@@ -0,0 +1,158 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.verifyCheckpoint = void 0;
/*
Copyright 2023 The Sigstore Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
const core_1 = require("@sigstore/core");
const error_1 = require("../error");
const trust_1 = require("../trust");
// Separator between the note and the signatures in a checkpoint
const CHECKPOINT_SEPARATOR = '\n\n';
// Checkpoint signatures are of the following form:
// " <identity> <key_hint+signature_bytes>\n"
// where:
// - the prefix is an emdash (U+2014).
// - <identity> gives a human-readable representation of the signing ID.
// - <key_hint+signature_bytes> is the first 4 bytes of the SHA256 hash of the
// associated public key followed by the signature bytes.
const SIGNATURE_REGEX = /\u2014 (\S+) (\S+)\n/g;
// Verifies the checkpoint value in the given tlog entry. There are two steps
// to the verification:
// 1. Verify that all signatures in the checkpoint can be verified against a
// trusted public key
// 2. Verify that the root hash in the checkpoint matches the root hash in the
// inclusion proof
// See: https://github.com/transparency-dev/formats/blob/main/log/README.md
function verifyCheckpoint(entry, tlogs) {
// Filter tlog instances to just those which were valid at the time of the
// entry
const validTLogs = (0, trust_1.filterTLogAuthorities)(tlogs, {
targetDate: new Date(Number(entry.integratedTime) * 1000),
});
const inclusionProof = entry.inclusionProof;
const signedNote = SignedNote.fromString(inclusionProof.checkpoint.envelope);
const checkpoint = LogCheckpoint.fromString(signedNote.note);
// Verify that the signatures in the checkpoint are all valid
if (!verifySignedNote(signedNote, validTLogs)) {
throw new error_1.VerificationError({
code: 'TLOG_INCLUSION_PROOF_ERROR',
message: 'invalid checkpoint signature',
});
}
// Verify that the root hash from the checkpoint matches the root hash in the
// inclusion proof
if (!core_1.crypto.bufferEqual(checkpoint.logHash, inclusionProof.rootHash)) {
throw new error_1.VerificationError({
code: 'TLOG_INCLUSION_PROOF_ERROR',
message: 'root hash mismatch',
});
}
}
exports.verifyCheckpoint = verifyCheckpoint;
// Verifies the signatures in the SignedNote. For each signature, the
// corresponding transparency log is looked up by the key hint and the
// signature is verified against the public key in the transparency log.
// Throws an error if any of the signatures are invalid.
function verifySignedNote(signedNote, tlogs) {
const data = Buffer.from(signedNote.note, 'utf-8');
return signedNote.signatures.every((signature) => {
// Find the transparency log instance with the matching key hint
const tlog = tlogs.find((tlog) => core_1.crypto.bufferEqual(tlog.logID.subarray(0, 4), signature.keyHint));
if (!tlog) {
return false;
}
return core_1.crypto.verify(data, tlog.publicKey, signature.signature);
});
}
// SignedNote represents a signed note from a transparency log checkpoint. Consists
// of a body (or note) and one more signatures calculated over the body. See
// https://github.com/transparency-dev/formats/blob/main/log/README.md#signed-envelope
class SignedNote {
constructor(note, signatures) {
this.note = note;
this.signatures = signatures;
}
// Deserialize a SignedNote from a string
static fromString(envelope) {
if (!envelope.includes(CHECKPOINT_SEPARATOR)) {
throw new error_1.VerificationError({
code: 'TLOG_INCLUSION_PROOF_ERROR',
message: 'missing checkpoint separator',
});
}
// Split the note into the header and the data portions at the separator
const split = envelope.indexOf(CHECKPOINT_SEPARATOR);
const header = envelope.slice(0, split + 1);
const data = envelope.slice(split + CHECKPOINT_SEPARATOR.length);
// Find all the signature lines in the data portion
const matches = data.matchAll(SIGNATURE_REGEX);
// Parse each of the matched signature lines into the name and signature.
// The first four bytes of the signature are the key hint (should match the
// first four bytes of the log ID), and the rest is the signature itself.
const signatures = Array.from(matches, (match) => {
const [, name, signature] = match;
const sigBytes = Buffer.from(signature, 'base64');
if (sigBytes.length < 5) {
throw new error_1.VerificationError({
code: 'TLOG_INCLUSION_PROOF_ERROR',
message: 'malformed checkpoint signature',
});
}
return {
name,
keyHint: sigBytes.subarray(0, 4),
signature: sigBytes.subarray(4),
};
});
if (signatures.length === 0) {
throw new error_1.VerificationError({
code: 'TLOG_INCLUSION_PROOF_ERROR',
message: 'no signatures found in checkpoint',
});
}
return new SignedNote(header, signatures);
}
}
// LogCheckpoint represents a transparency log checkpoint. Consists of the
// following:
// - origin: the name of the transparency log
// - logSize: the size of the log at the time of the checkpoint
// - logHash: the root hash of the log at the time of the checkpoint
// - rest: the rest of the checkpoint body, which is a list of log entries
// See:
// https://github.com/transparency-dev/formats/blob/main/log/README.md#checkpoint-body
class LogCheckpoint {
constructor(origin, logSize, logHash, rest) {
this.origin = origin;
this.logSize = logSize;
this.logHash = logHash;
this.rest = rest;
}
static fromString(note) {
const lines = note.trimEnd().split('\n');
if (lines.length < 3) {
throw new error_1.VerificationError({
code: 'TLOG_INCLUSION_PROOF_ERROR',
message: 'too few lines in checkpoint header',
});
}
const origin = lines[0];
const logSize = BigInt(lines[1]);
const rootHash = Buffer.from(lines[2], 'base64');
const rest = lines.slice(3);
return new LogCheckpoint(origin, logSize, rootHash, rest);
}
}

47
package/node_modules/@sigstore/verify/dist/timestamp/index.js generated vendored Normal file
View File

@@ -0,0 +1,47 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.verifyTLogTimestamp = exports.verifyTSATimestamp = void 0;
const error_1 = require("../error");
const checkpoint_1 = require("./checkpoint");
const merkle_1 = require("./merkle");
const set_1 = require("./set");
const tsa_1 = require("./tsa");
function verifyTSATimestamp(timestamp, data, timestampAuthorities) {
(0, tsa_1.verifyRFC3161Timestamp)(timestamp, data, timestampAuthorities);
return {
type: 'timestamp-authority',
logID: timestamp.signerSerialNumber,
timestamp: timestamp.signingTime,
};
}
exports.verifyTSATimestamp = verifyTSATimestamp;
function verifyTLogTimestamp(entry, tlogAuthorities) {
let inclusionVerified = false;
if (isTLogEntryWithInclusionPromise(entry)) {
(0, set_1.verifyTLogSET)(entry, tlogAuthorities);
inclusionVerified = true;
}
if (isTLogEntryWithInclusionProof(entry)) {
(0, merkle_1.verifyMerkleInclusion)(entry);
(0, checkpoint_1.verifyCheckpoint)(entry, tlogAuthorities);
inclusionVerified = true;
}
if (!inclusionVerified) {
throw new error_1.VerificationError({
code: 'TLOG_MISSING_INCLUSION_ERROR',
message: 'inclusion could not be verified',
});
}
return {
type: 'transparency-log',
logID: entry.logId.keyId,
timestamp: new Date(Number(entry.integratedTime) * 1000),
};
}
exports.verifyTLogTimestamp = verifyTLogTimestamp;
function isTLogEntryWithInclusionPromise(entry) {
return entry.inclusionPromise !== undefined;
}
function isTLogEntryWithInclusionProof(entry) {
return entry.inclusionProof !== undefined;
}

Some files were not shown because too many files have changed in this diff Show More