cernont/pyrofetes-frontend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

avancement planning

Browse Source
This commit is contained in:
timothe
2026-05-26 11:58:39 +02:00
parent 619a2b240a
commit 150b97cd2e
4892 changed files with 99214 additions and 429382 deletions
Download Patch File Download Diff File Expand all files Collapse all files
node_modules/@sigstore/verify/dist/verifier.js
Generated Vendored
+38 -19
View File
@@ -23,12 +23,15 @@ const policy_1 = require("./policy");
const timestamp_1 = require("./timestamp");
const tlog_1 = require("./tlog");
class Verifier {
trustMaterial;
options;
constructor(trustMaterial, options = {}) {
this.trustMaterial = trustMaterial;
this.options = {
ctlogThreshold: options.ctlogThreshold ?? 1,
tlogThreshold: options.tlogThreshold ?? 1,
tsaThreshold: options.tsaThreshold ?? 0,
timestampThreshold: options.timestampThreshold ?? options.tsaThreshold ?? 1,
tsaThreshold: 0,
};
}
verify(entity, policy) {
@@ -43,18 +46,22 @@ class Verifier {
}
// Checks that all of the timestamps in the entity are valid and returns them
verifyTimestamps(entity) {
let tlogCount = 0;
let tsaCount = 0;
const timestamps = entity.timestamps.map((timestamp) => {
const timestamps = [];
for (const timestamp of entity.timestamps) {
switch (timestamp.$case) {
case 'timestamp-authority':
tsaCount++;
return (0, timestamp_1.verifyTSATimestamp)(timestamp.timestamp, entity.signature.signature, this.trustMaterial.timestampAuthorities);
case 'transparency-log':
tlogCount++;
return (0, timestamp_1.verifyTLogTimestamp)(timestamp.tlogEntry, this.trustMaterial.tlogs);
timestamps.push((0, timestamp_1.getTSATimestamp)(timestamp.timestamp, entity.signature.signature, this.trustMaterial.timestampAuthorities));
break;
case 'transparency-log': {
const result = (0, timestamp_1.getTLogTimestamp)(timestamp.tlogEntry);
/* istanbul ignore else */
if (result) {
timestamps.push(result);
}
break;
}
}
});
}
// Check for duplicate timestamps
if (containsDupes(timestamps)) {
throw new error_1.VerificationError({
@@ -62,16 +69,10 @@ class Verifier {
message: 'duplicate timestamp',
});
}
if (tlogCount < this.options.tlogThreshold) {
if (timestamps.length < this.options.timestampThreshold) {
throw new error_1.VerificationError({
code: 'TIMESTAMP_ERROR',
message: `expected ${this.options.tlogThreshold} tlog timestamps, got ${tlogCount}`,
});
}
if (tsaCount < this.options.tsaThreshold) {
throw new error_1.VerificationError({
code: 'TIMESTAMP_ERROR',
message: `expected ${this.options.tsaThreshold} tsa timestamps, got ${tsaCount}`,
message: `expected ${this.options.timestampThreshold} timestamps, got ${timestamps.length}`,
});
}
return timestamps.map((t) => t.timestamp);
@@ -104,7 +105,18 @@ class Verifier {
}
// Checks that the tlog entries are valid for the supplied content
verifyTLogs({ signature: content, tlogEntries }) {
tlogEntries.forEach((entry) => (0, tlog_1.verifyTLogBody)(entry, content));
let tlogCount = 0;
tlogEntries.forEach((entry) => {
tlogCount++;
(0, tlog_1.verifyTLogInclusion)(entry, this.trustMaterial.tlogs);
(0, tlog_1.verifyTLogBody)(entry, content);
});
if (tlogCount < this.options.tlogThreshold) {
throw new error_1.VerificationError({
code: 'TLOG_ERROR',
message: `expected ${this.options.tlogThreshold} tlog entries, got ${tlogCount}`,
});
}
}
// Checks that the signature is valid for the supplied content
verifySignature(entity, signer) {
@@ -117,13 +129,20 @@ class Verifier {
}
verifyPolicy(policy, identity) {
// Check the subject alternative name of the signer matches the policy
/* istanbul ignore else */
if (policy.subjectAlternativeName) {
(0, policy_1.verifySubjectAlternativeName)(policy.subjectAlternativeName, identity.subjectAlternativeName);
}
// Check that the extensions of the signer match the policy
/* istanbul ignore else */
if (policy.extensions) {
(0, policy_1.verifyExtensions)(policy.extensions, identity.extensions);
}
// Check that the OIDs of the signer match the policy
/* istanbul ignore if */
if (policy.oids) {
(0, policy_1.verifyOIDs)(policy.oids, identity.oids);
}
}
}
exports.Verifier = Verifier;