cernont/pyrofetes-frontend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(planning): grille hebdomadaire complète avec API et filtres

Browse Source 
- Connexion API via proxy Angular (résolution CORS, base path /api)
- Import CSS ng-zorro global pour les modales et composants
- Filtres Camion/Show câblés sur l'affichage de la grille
- Camions affichés via TrucksService (linkés au show du même créneau)
- Panneau de détails : spectacles + camions du jour sélectionné
- Modale de création de spectacle stylisée avec fond et centrage
- Positionnement précis des events à la minute dans leur créneau
- Auto-scroll vers l'heure courante au chargement
- Ligne "maintenant" sur la colonne du jour actuel
- Régénération des services OpenAPI (nouveaux noms de types)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
timothe
2026-05-27 20:36:03 +02:00
parent 150b97cd2e
commit 654b297e2e
3131 changed files with 149304 additions and 104334 deletions
Download Patch File Download Diff File Expand all files Collapse all files
node_modules/@sigstore/bundle/README.md
Generated Vendored
+1 -1
View File
@@ -10,7 +10,7 @@ A JavaScript library for working with the Sigstore bundle format.
## Prerequisites
- Node.js version ^20.17.0 || >=22.9.0
- Node.js version >= 18.17.0
## Installation
node_modules/@sigstore/bundle/package.json
Generated Vendored
+3 -3
View File
@@ -1,6 +1,6 @@
{
"name": "@sigstore/bundle",
"version": "4.0.0",
"version": "3.1.0",
"description": "Sigstore bundle type",
"main": "dist/index.js",
"types": "dist/index.d.ts",
@@ -27,9 +27,9 @@
"provenance": true
},
"dependencies": {
"@sigstore/protobuf-specs": "^0.5.0"
"@sigstore/protobuf-specs": "^0.4.0"
},
"engines": {
"node": "^20.17.0 || >=22.9.0"
"node": "^18.17.0 || >=20.5.0"
}
}
node_modules/@sigstore/core/README.md
Generated Vendored
+1 -1
View File
@@ -4,7 +4,7 @@ Base library for [Sigstore][1] JavaScript packages.
## Prerequisites
- Node.js version ^20.17.0 || >=22.9.0
- Node.js version >= 18.17.0
[1]: https://www.sigstore.dev
node_modules/@sigstore/core/dist/asn1/obj.d.ts
Generated Vendored
+3 -3
View File
@@ -2,9 +2,9 @@ import { ASN1Tag } from './tag';
export declare class ASN1Obj {
readonly tag: ASN1Tag;
readonly subs: ASN1Obj[];
readonly value: Buffer<ArrayBufferLike>;
constructor(tag: ASN1Tag, value: Buffer<ArrayBufferLike>, subs: ASN1Obj[]);
static parseBuffer(buf: Buffer<ArrayBuffer>): ASN1Obj;
readonly value: Buffer;
constructor(tag: ASN1Tag, value: Buffer, subs: ASN1Obj[]);
static parseBuffer(buf: Buffer): ASN1Obj;
toDER(): Buffer;
toBoolean(): boolean;
toInteger(): bigint;
node_modules/@sigstore/core/dist/asn1/obj.js
Generated Vendored
-3
View File
@@ -22,9 +22,6 @@ const length_1 = require("./length");
const parse_1 = require("./parse");
const tag_1 = require("./tag");
class ASN1Obj {
tag;
subs;
value;
constructor(tag, value, subs) {
this.tag = tag;
this.value = value;
node_modules/@sigstore/core/dist/asn1/tag.js
Generated Vendored
-3
View File
@@ -37,9 +37,6 @@ const TAG_CLASS = {
};
// https://learn.microsoft.com/en-us/windows/win32/seccertenroll/about-encoded-tag-bytes
class ASN1Tag {
number;
constructed;
class;
constructor(enc) {
// Bits 0 through 4 are the tag number
this.number = enc & 0x1f;
node_modules/@sigstore/core/dist/crypto.js
Generated Vendored
+1 -10
View File
@@ -25,16 +25,7 @@ limitations under the License.
const crypto_1 = __importDefault(require("crypto"));
function createPublicKey(key, type = 'spki') {
if (typeof key === 'string') {
if (key.startsWith('-----')) {
return crypto_1.default.createPublicKey(key);
}
else {
return crypto_1.default.createPublicKey({
key: Buffer.from(key, 'base64'),
format: 'der',
type: type,
});
}
return crypto_1.default.createPublicKey(key);
}
else {
return crypto_1.default.createPublicKey({ key, format: 'der', type: type });
node_modules/@sigstore/core/dist/dsse.js
Generated Vendored
+8 -7
View File
@@ -19,11 +19,12 @@ limitations under the License.
const PAE_PREFIX = 'DSSEv1';
// DSSE Pre-Authentication Encoding
function preAuthEncoding(payloadType, payload) {
const typeBytes = Buffer.from(payloadType, 'utf-8');
return Buffer.concat([
Buffer.from(`${PAE_PREFIX} ${typeBytes.length} `, 'ascii'),
typeBytes,
Buffer.from(` ${payload.length} `, 'ascii'),
payload,
]);
const prefix = [
PAE_PREFIX,
payloadType.length,
payloadType,
payload.length,
'',
].join(' ');
return Buffer.concat([Buffer.from(prefix, 'ascii'), payload]);
}
node_modules/@sigstore/core/dist/index.js
Generated Vendored
+7 -17
View File
@@ -15,23 +15,13 @@ var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (
}) : function(o, v) {
o["default"] = v;
});
var __importStar = (this && this.__importStar) || (function () {
var ownKeys = function(o) {
ownKeys = Object.getOwnPropertyNames || function (o) {
var ar = [];
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
return ar;
};
return ownKeys(o);
};
return function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
__setModuleDefault(result, mod);
return result;
};
})();
var __importStar = (this && this.__importStar) || function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
__setModuleDefault(result, mod);
return result;
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.X509SCTExtension = exports.X509Certificate = exports.EXTENSION_OID_SCT = exports.ByteStream = exports.RFC3161Timestamp = exports.pem = exports.json = exports.encoding = exports.dsse = exports.crypto = exports.ASN1Obj = void 0;
/*
node_modules/@sigstore/core/dist/oid.d.ts
Generated Vendored
-1
View File
@@ -1,3 +1,2 @@
export declare const ECDSA_SIGNATURE_ALGOS: Record<string, string>;
export declare const RSA_SIGNATURE_ALGOS: Record<string, string>;
export declare const SHA2_HASH_ALGOS: Record<string, string>;
node_modules/@sigstore/core/dist/oid.js
Generated Vendored
+1 -7
View File
@@ -1,18 +1,12 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.SHA2_HASH_ALGOS = exports.RSA_SIGNATURE_ALGOS = exports.ECDSA_SIGNATURE_ALGOS = void 0;
exports.SHA2_HASH_ALGOS = exports.ECDSA_SIGNATURE_ALGOS = void 0;
exports.ECDSA_SIGNATURE_ALGOS = {
'1.2.840.10045.4.3.1': 'sha224',
'1.2.840.10045.4.3.2': 'sha256',
'1.2.840.10045.4.3.3': 'sha384',
'1.2.840.10045.4.3.4': 'sha512',
};
exports.RSA_SIGNATURE_ALGOS = {
'1.2.840.113549.1.1.14': 'sha224',
'1.2.840.113549.1.1.11': 'sha256',
'1.2.840.113549.1.1.12': 'sha384',
'1.2.840.113549.1.1.13': 'sha512',
};
exports.SHA2_HASH_ALGOS = {
'2.16.840.1.101.3.4.2.1': 'sha256',
'2.16.840.1.101.3.4.2.2': 'sha384',
node_modules/@sigstore/core/dist/pem.d.ts
Generated Vendored
+1 -1
View File
@@ -1,2 +1,2 @@
export declare function toDER(certificate: string): Buffer<ArrayBuffer>;
export declare function toDER(certificate: string): Buffer;
export declare function fromDER(certificate: Buffer, type?: string): string;
node_modules/@sigstore/core/dist/rfc3161/timestamp.d.ts
Generated Vendored
+1 -1
View File
@@ -4,7 +4,7 @@ import { TSTInfo } from './tstinfo';
export declare class RFC3161Timestamp {
root: ASN1Obj;
constructor(asn1: ASN1Obj);
static parse(der: Buffer<ArrayBuffer>): RFC3161Timestamp;
static parse(der: Buffer): RFC3161Timestamp;
get status(): bigint;
get contentType(): string;
get eContentType(): string;
node_modules/@sigstore/core/dist/rfc3161/timestamp.js
Generated Vendored
+7 -18
View File
@@ -15,23 +15,13 @@ var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (
}) : function(o, v) {
o["default"] = v;
});
var __importStar = (this && this.__importStar) || (function () {
var ownKeys = function(o) {
ownKeys = Object.getOwnPropertyNames || function (o) {
var ar = [];
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
return ar;
};
return ownKeys(o);
};
return function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
__setModuleDefault(result, mod);
return result;
};
})();
var __importStar = (this && this.__importStar) || function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
__setModuleDefault(result, mod);
return result;
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.RFC3161Timestamp = void 0;
/*
@@ -58,7 +48,6 @@ const OID_PKCS9_CONTENT_TYPE_SIGNED_DATA = '1.2.840.113549.1.7.2';
const OID_PKCS9_CONTENT_TYPE_TSTINFO = '1.2.840.113549.1.9.16.1.4';
const OID_PKCS9_MESSAGE_DIGEST_KEY = '1.2.840.113549.1.9.4';
class RFC3161Timestamp {
root;
constructor(asn1) {
this.root = asn1;
}
node_modules/@sigstore/core/dist/rfc3161/tstinfo.js
Generated Vendored
+7 -18
View File
@@ -15,30 +15,19 @@ var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (
}) : function(o, v) {
o["default"] = v;
});
var __importStar = (this && this.__importStar) || (function () {
var ownKeys = function(o) {
ownKeys = Object.getOwnPropertyNames || function (o) {
var ar = [];
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
return ar;
};
return ownKeys(o);
};
return function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
__setModuleDefault(result, mod);
return result;
};
})();
var __importStar = (this && this.__importStar) || function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
__setModuleDefault(result, mod);
return result;
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.TSTInfo = void 0;
const crypto = __importStar(require("../crypto"));
const oid_1 = require("../oid");
const error_1 = require("./error");
class TSTInfo {
root;
constructor(asn1) {
this.root = asn1;
}
node_modules/@sigstore/core/dist/stream.d.ts
Generated Vendored
+1 -1
View File
@@ -3,7 +3,7 @@ export declare class ByteStream {
private buf;
private view;
private start;
constructor(buffer?: Buffer<ArrayBufferLike>);
constructor(buffer?: ArrayBuffer);
get buffer(): Buffer;
get length(): number;
get position(): number;
node_modules/@sigstore/core/dist/stream.js
Generated Vendored
+4 -6
View File
@@ -19,17 +19,14 @@ limitations under the License.
class StreamError extends Error {
}
class ByteStream {
static BLOCK_SIZE = 1024;
buf;
view;
start = 0;
constructor(buffer) {
this.start = 0;
if (buffer) {
this.buf = buffer;
this.view = Buffer.from(buffer);
}
else {
this.buf = Buffer.alloc(0);
this.buf = new ArrayBuffer(0);
this.view = Buffer.from(this.buf);
}
}
@@ -106,7 +103,7 @@ class ByteStream {
}
}
realloc(size) {
const newArray = Buffer.alloc(size);
const newArray = new ArrayBuffer(size);
const newView = Buffer.from(newArray);
// Copy the old buffer into the new one
newView.set(this.view);
@@ -115,3 +112,4 @@ class ByteStream {
}
}
exports.ByteStream = ByteStream;
ByteStream.BLOCK_SIZE = 1024;
node_modules/@sigstore/core/dist/x509/cert.d.ts
Generated Vendored
+1 -1
View File
@@ -4,7 +4,7 @@ export declare const EXTENSION_OID_SCT = "1.3.6.1.4.1.11129.2.4.2";
export declare class X509Certificate {
root: ASN1Obj;
constructor(asn1: ASN1Obj);
static parse(cert: Buffer<ArrayBuffer> | string): X509Certificate;
static parse(cert: Buffer | string): X509Certificate;
get tbsCertificate(): ASN1Obj;
get version(): string;
get serialNumber(): Buffer;
node_modules/@sigstore/core/dist/x509/cert.js
Generated Vendored
+7 -22
View File
@@ -15,23 +15,13 @@ var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (
}) : function(o, v) {
o["default"] = v;
});
var __importStar = (this && this.__importStar) || (function () {
var ownKeys = function(o) {
ownKeys = Object.getOwnPropertyNames || function (o) {
var ar = [];
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
return ar;
};
return ownKeys(o);
};
return function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
__setModuleDefault(result, mod);
return result;
};
})();
var __importStar = (this && this.__importStar) || function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
__setModuleDefault(result, mod);
return result;
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.X509Certificate = exports.EXTENSION_OID_SCT = void 0;
/*
@@ -61,7 +51,6 @@ const EXTENSION_OID_BASIC_CONSTRAINTS = '2.5.29.19';
const EXTENSION_OID_AUTHORITY_KEY_ID = '2.5.29.35';
exports.EXTENSION_OID_SCT = '1.3.6.1.4.1.11129.2.4.2';
class X509Certificate {
root;
constructor(asn1) {
this.root = asn1;
}
@@ -100,9 +89,6 @@ class X509Certificate {
}
get signatureAlgorithm() {
const oid = this.signatureAlgorithmObj.subs[0].toOID();
if (oid_1.RSA_SIGNATURE_ALGOS[oid]) {
return oid_1.RSA_SIGNATURE_ALGOS[oid];
}
return oid_1.ECDSA_SIGNATURE_ALGOS[oid];
}
get signatureValue() {
@@ -150,7 +136,6 @@ class X509Certificate {
get isCA() {
const ca = this.extBasicConstraints?.isCA || false;
// If the KeyUsage extension is present, keyCertSign must be set
/* istanbul ignore else */
if (this.extKeyUsage) {
return ca && this.extKeyUsage.keyCertSign;
}
node_modules/@sigstore/core/dist/x509/ext.d.ts
Generated Vendored
+1 -1
View File
@@ -5,7 +5,7 @@ export declare class X509Extension {
constructor(asn1: ASN1Obj);
get oid(): string;
get critical(): boolean;
get value(): Buffer<ArrayBufferLike>;
get value(): Buffer;
get valueObj(): ASN1Obj;
protected get extnValueObj(): ASN1Obj;
}
node_modules/@sigstore/core/dist/x509/ext.js
Generated Vendored
-1
View File
@@ -5,7 +5,6 @@ const stream_1 = require("../stream");
const sct_1 = require("./sct");
// https://www.rfc-editor.org/rfc/rfc5280#section-4.1
class X509Extension {
root;
constructor(asn1) {
this.root = asn1;
}
node_modules/@sigstore/core/dist/x509/sct.js
Generated Vendored
+7 -24
View File
@@ -15,23 +15,13 @@ var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (
}) : function(o, v) {
o["default"] = v;
});
var __importStar = (this && this.__importStar) || (function () {
var ownKeys = function(o) {
ownKeys = Object.getOwnPropertyNames || function (o) {
var ar = [];
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
return ar;
};
return ownKeys(o);
};
return function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
__setModuleDefault(result, mod);
return result;
};
})();
var __importStar = (this && this.__importStar) || function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
__setModuleDefault(result, mod);
return result;
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.SignedCertificateTimestamp = void 0;
/*
@@ -52,13 +42,6 @@ limitations under the License.
const crypto = __importStar(require("../crypto"));
const stream_1 = require("../stream");
class SignedCertificateTimestamp {
version;
logID;
timestamp;
extensions;
hashAlgorithm;
signatureAlgorithm;
signature;
constructor(options) {
this.version = options.version;
this.logID = options.logID;
node_modules/@sigstore/core/package.json
Generated Vendored
+2 -2
View File
@@ -1,6 +1,6 @@
{
"name": "@sigstore/core",
"version": "3.2.1",
"version": "2.0.0",
"description": "Base library for Sigstore",
"main": "dist/index.js",
"types": "dist/index.d.ts",
@@ -26,6 +26,6 @@
"provenance": true
},
"engines": {
"node": "^20.17.0 || >=22.9.0"
"node": "^18.17.0 || >=20.5.0"
}
}
node_modules/@sigstore/protobuf-specs/dist/__generated__/envelope.js
Generated Vendored
+2 -2
View File
@@ -1,8 +1,8 @@
"use strict";
// Code generated by protoc-gen-ts_proto. DO NOT EDIT.
// versions:
// protoc-gen-ts_proto v2.11.5
// protoc v7.34.1
// protoc-gen-ts_proto v2.7.0
// protoc v6.30.2
// source: envelope.proto
Object.defineProperty(exports, "__esModule", { value: true });
exports.Signature = exports.Envelope = void 0;
node_modules/@sigstore/protobuf-specs/dist/__generated__/events.d.ts
Generated Vendored
+2 -2
View File
@@ -11,7 +11,7 @@ export interface CloudEvent {
[key: string]: CloudEvent_CloudEventAttributeValue;
};
/** -- CloudEvent Data (Bytes, Text, or Proto) */
data: {
data?: {
$case: "binaryData";
binaryData: Buffer;
} | {
@@ -27,7 +27,7 @@ export interface CloudEvent_AttributesEntry {
value: CloudEvent_CloudEventAttributeValue | undefined;
}
export interface CloudEvent_CloudEventAttributeValue {
attr: {
attr?: {
$case: "ceBoolean";
ceBoolean: boolean;
} | {
node_modules/@sigstore/protobuf-specs/dist/__generated__/events.js
Generated Vendored
+4 -4
View File
@@ -1,8 +1,8 @@
"use strict";
// Code generated by protoc-gen-ts_proto. DO NOT EDIT.
// versions:
// protoc-gen-ts_proto v2.11.5
// protoc v7.34.1
// protoc-gen-ts_proto v2.7.0
// protoc v6.30.2
// source: events.proto
Object.defineProperty(exports, "__esModule", { value: true });
exports.CloudEventBatch = exports.CloudEvent_CloudEventAttributeValue = exports.CloudEvent_AttributesEntry = exports.CloudEvent = void 0;
@@ -17,7 +17,7 @@ exports.CloudEvent = {
specVersion: isSet(object.specVersion) ? globalThis.String(object.specVersion) : "",
type: isSet(object.type) ? globalThis.String(object.type) : "",
attributes: isObject(object.attributes)
? globalThis.Object.entries(object.attributes).reduce((acc, [key, value]) => {
? Object.entries(object.attributes).reduce((acc, [key, value]) => {
acc[key] = exports.CloudEvent_CloudEventAttributeValue.fromJSON(value);
return acc;
}, {})
@@ -46,7 +46,7 @@ exports.CloudEvent = {
obj.type = message.type;
}
if (message.attributes) {
const entries = globalThis.Object.entries(message.attributes);
const entries = Object.entries(message.attributes);
if (entries.length > 0) {
obj.attributes = {};
entries.forEach(([k, v]) => {
node_modules/@sigstore/protobuf-specs/dist/__generated__/google/api/field_behavior.js
Generated Vendored
+2 -2
View File
@@ -1,8 +1,8 @@
"use strict";
// Code generated by protoc-gen-ts_proto. DO NOT EDIT.
// versions:
// protoc-gen-ts_proto v2.11.5
// protoc v7.34.1
// protoc-gen-ts_proto v2.7.0
// protoc v6.30.2
// source: google/api/field_behavior.proto
Object.defineProperty(exports, "__esModule", { value: true });
exports.FieldBehavior = void 0;
node_modules/@sigstore/protobuf-specs/dist/__generated__/google/protobuf/any.js
Generated Vendored
+2 -2
View File
@@ -1,8 +1,8 @@
"use strict";
// Code generated by protoc-gen-ts_proto. DO NOT EDIT.
// versions:
// protoc-gen-ts_proto v2.11.5
// protoc v7.34.1
// protoc-gen-ts_proto v2.7.0
// protoc v6.30.2
// source: google/protobuf/any.proto
Object.defineProperty(exports, "__esModule", { value: true });
exports.Any = void 0;
node_modules/@sigstore/protobuf-specs/dist/__generated__/google/protobuf/descriptor.d.ts
Generated Vendored
+1 -57
View File
@@ -22,8 +22,6 @@ export declare enum Edition {
*/
EDITION_2023 = 1000,
EDITION_2024 = 1001,
/** EDITION_UNSTABLE - A placeholder edition for developing and testing unscheduled features. */
EDITION_UNSTABLE = 9999,
/**
* EDITION_1_TEST_ONLY - Placeholder editions for testing feature resolution. These should not be
* used or relied on outside of tests.
@@ -42,20 +40,6 @@ export declare enum Edition {
}
export declare function editionFromJSON(object: any): Edition;
export declare function editionToJSON(object: Edition): string;
/**
* Describes the 'visibility' of a symbol with respect to the proto import
* system. Symbols can only be imported when the visibility rules do not prevent
* it (ex: local symbols cannot be imported). Visibility modifiers can only set
* on `message` and `enum` as they are the only types available to be referenced
* from other files.
*/
export declare enum SymbolVisibility {
VISIBILITY_UNSET = 0,
VISIBILITY_LOCAL = 1,
VISIBILITY_EXPORT = 2
}
export declare function symbolVisibilityFromJSON(object: any): SymbolVisibility;
export declare function symbolVisibilityToJSON(object: SymbolVisibility): string;
/**
* The protocol compiler can output a FileDescriptorSet containing the .proto
* files it parses.
@@ -78,11 +62,6 @@ export interface FileDescriptorProto {
* For Google-internal migration only. Do not use.
*/
weakDependency: number[];
/**
* Names of files imported by this file purely for the purpose of providing
* option extensions. These are excluded from the dependency list above.
*/
optionDependency: string[];
/** All top-level definitions in this file. */
messageType: DescriptorProto[];
enumType: EnumDescriptorProto[];
@@ -130,8 +109,6 @@ export interface DescriptorProto {
* A given name may only be reserved once.
*/
reservedName: string[];
/** Support for `export` and `local` keywords on enums. */
visibility?: SymbolVisibility | undefined;
}
export interface DescriptorProto_ExtensionRange {
/** Inclusive. */
@@ -350,8 +327,6 @@ export interface EnumDescriptorProto {
* be reserved once.
*/
reservedName: string[];
/** Support for `export` and `local` keywords on enums. */
visibility?: SymbolVisibility | undefined;
}
/**
* Range of reserved numeric values. Reserved values may not be used by
@@ -692,12 +667,7 @@ export interface FieldOptions {
* is a formalization for deprecating fields.
*/
deprecated?: boolean | undefined;
/**
* DEPRECATED. DO NOT USE!
* For Google-internal migration only. Do not use.
*
* @deprecated
*/
/** For Google-internal migration only. Do not use. */
weak?: boolean | undefined;
/**
* Indicate that the field value should not be printed out when using debug
@@ -800,11 +770,6 @@ export interface FieldOptions_FeatureSupport {
* not be able to override it.
*/
editionRemoved?: Edition | undefined;
/**
* The removal error text if this feature is used after the edition it was
* removed in.
*/
removalError?: string | undefined;
}
export interface OneofOptions {
/**
@@ -976,7 +941,6 @@ export interface FeatureSet {
messageEncoding?: FeatureSet_MessageEncoding | undefined;
jsonFormat?: FeatureSet_JsonFormat | undefined;
enforceNamingStyle?: FeatureSet_EnforceNamingStyle | undefined;
defaultSymbolVisibility?: FeatureSet_VisibilityFeature_DefaultSymbolVisibility | undefined;
}
export declare enum FeatureSet_FieldPresence {
FIELD_PRESENCE_UNKNOWN = 0,
@@ -1028,25 +992,6 @@ export declare enum FeatureSet_EnforceNamingStyle {
}
export declare function featureSet_EnforceNamingStyleFromJSON(object: any): FeatureSet_EnforceNamingStyle;
export declare function featureSet_EnforceNamingStyleToJSON(object: FeatureSet_EnforceNamingStyle): string;
export interface FeatureSet_VisibilityFeature {
}
export declare enum FeatureSet_VisibilityFeature_DefaultSymbolVisibility {
DEFAULT_SYMBOL_VISIBILITY_UNKNOWN = 0,
/** EXPORT_ALL - Default pre-EDITION_2024, all UNSET visibility are export. */
EXPORT_ALL = 1,
/** EXPORT_TOP_LEVEL - All top-level symbols default to export, nested default to local. */
EXPORT_TOP_LEVEL = 2,
/** LOCAL_ALL - All symbols default to local. */
LOCAL_ALL = 3,
/**
* STRICT - All symbols local by default. Nested types cannot be exported.
* With special case caveat for message { enum {} reserved 1 to max; }
* This is the recommended setting for new protos.
*/
STRICT = 4
}
export declare function featureSet_VisibilityFeature_DefaultSymbolVisibilityFromJSON(object: any): FeatureSet_VisibilityFeature_DefaultSymbolVisibility;
export declare function featureSet_VisibilityFeature_DefaultSymbolVisibilityToJSON(object: FeatureSet_VisibilityFeature_DefaultSymbolVisibility): string;
/**
* A compiled specification for the defaults of a set of features. These
* messages are generated from FeatureSet extensions and can be used to seed
@@ -1293,7 +1238,6 @@ export declare const MethodOptions: MessageFns<MethodOptions>;
export declare const UninterpretedOption: MessageFns<UninterpretedOption>;
export declare const UninterpretedOption_NamePart: MessageFns<UninterpretedOption_NamePart>;
export declare const FeatureSet: MessageFns<FeatureSet>;
export declare const FeatureSet_VisibilityFeature: MessageFns<FeatureSet_VisibilityFeature>;
export declare const FeatureSetDefaults: MessageFns<FeatureSetDefaults>;
export declare const FeatureSetDefaults_FeatureSetEditionDefault: MessageFns<FeatureSetDefaults_FeatureSetEditionDefault>;
export declare const SourceCodeInfo: MessageFns<SourceCodeInfo>;
node_modules/@sigstore/protobuf-specs/dist/__generated__/google/protobuf/descriptor.js
Generated Vendored
+4 -141
View File
@@ -1,16 +1,14 @@
"use strict";
// Code generated by protoc-gen-ts_proto. DO NOT EDIT.
// versions:
// protoc-gen-ts_proto v2.11.5
// protoc v7.34.1
// protoc-gen-ts_proto v2.7.0
// protoc v6.30.2
// source: google/protobuf/descriptor.proto
Object.defineProperty(exports, "__esModule", { value: true });
exports.FeatureSetDefaults_FeatureSetEditionDefault = exports.FeatureSetDefaults = exports.FeatureSet_VisibilityFeature = exports.FeatureSet = exports.UninterpretedOption_NamePart = exports.UninterpretedOption = exports.MethodOptions = exports.ServiceOptions = exports.EnumValueOptions = exports.EnumOptions = exports.OneofOptions = exports.FieldOptions_FeatureSupport = exports.FieldOptions_EditionDefault = exports.FieldOptions = exports.MessageOptions = exports.FileOptions = exports.MethodDescriptorProto = exports.ServiceDescriptorProto = exports.EnumValueDescriptorProto = exports.EnumDescriptorProto_EnumReservedRange = exports.EnumDescriptorProto = exports.OneofDescriptorProto = exports.FieldDescriptorProto = exports.ExtensionRangeOptions_Declaration = exports.ExtensionRangeOptions = exports.DescriptorProto_ReservedRange = exports.DescriptorProto_ExtensionRange = exports.DescriptorProto = exports.FileDescriptorProto = exports.FileDescriptorSet = exports.GeneratedCodeInfo_Annotation_Semantic = exports.FeatureSet_VisibilityFeature_DefaultSymbolVisibility = exports.FeatureSet_EnforceNamingStyle = exports.FeatureSet_JsonFormat = exports.FeatureSet_MessageEncoding = exports.FeatureSet_Utf8Validation = exports.FeatureSet_RepeatedFieldEncoding = exports.FeatureSet_EnumType = exports.FeatureSet_FieldPresence = exports.MethodOptions_IdempotencyLevel = exports.FieldOptions_OptionTargetType = exports.FieldOptions_OptionRetention = exports.FieldOptions_JSType = exports.FieldOptions_CType = exports.FileOptions_OptimizeMode = exports.FieldDescriptorProto_Label = exports.FieldDescriptorProto_Type = exports.ExtensionRangeOptions_VerificationState = exports.SymbolVisibility = exports.Edition = void 0;
exports.GeneratedCodeInfo_Annotation = exports.GeneratedCodeInfo = exports.SourceCodeInfo_Location = exports.SourceCodeInfo = void 0;
exports.GeneratedCodeInfo = exports.SourceCodeInfo_Location = exports.SourceCodeInfo = exports.FeatureSetDefaults_FeatureSetEditionDefault = exports.FeatureSetDefaults = exports.FeatureSet = exports.UninterpretedOption_NamePart = exports.UninterpretedOption = exports.MethodOptions = exports.ServiceOptions = exports.EnumValueOptions = exports.EnumOptions = exports.OneofOptions = exports.FieldOptions_FeatureSupport = exports.FieldOptions_EditionDefault = exports.FieldOptions = exports.MessageOptions = exports.FileOptions = exports.MethodDescriptorProto = exports.ServiceDescriptorProto = exports.EnumValueDescriptorProto = exports.EnumDescriptorProto_EnumReservedRange = exports.EnumDescriptorProto = exports.OneofDescriptorProto = exports.FieldDescriptorProto = exports.ExtensionRangeOptions_Declaration = exports.ExtensionRangeOptions = exports.DescriptorProto_ReservedRange = exports.DescriptorProto_ExtensionRange = exports.DescriptorProto = exports.FileDescriptorProto = exports.FileDescriptorSet = exports.GeneratedCodeInfo_Annotation_Semantic = exports.FeatureSet_EnforceNamingStyle = exports.FeatureSet_JsonFormat = exports.FeatureSet_MessageEncoding = exports.FeatureSet_Utf8Validation = exports.FeatureSet_RepeatedFieldEncoding = exports.FeatureSet_EnumType = exports.FeatureSet_FieldPresence = exports.MethodOptions_IdempotencyLevel = exports.FieldOptions_OptionTargetType = exports.FieldOptions_OptionRetention = exports.FieldOptions_JSType = exports.FieldOptions_CType = exports.FileOptions_OptimizeMode = exports.FieldDescriptorProto_Label = exports.FieldDescriptorProto_Type = exports.ExtensionRangeOptions_VerificationState = exports.Edition = void 0;
exports.GeneratedCodeInfo_Annotation = void 0;
exports.editionFromJSON = editionFromJSON;
exports.editionToJSON = editionToJSON;
exports.symbolVisibilityFromJSON = symbolVisibilityFromJSON;
exports.symbolVisibilityToJSON = symbolVisibilityToJSON;
exports.extensionRangeOptions_VerificationStateFromJSON = extensionRangeOptions_VerificationStateFromJSON;
exports.extensionRangeOptions_VerificationStateToJSON = extensionRangeOptions_VerificationStateToJSON;
exports.fieldDescriptorProto_TypeFromJSON = fieldDescriptorProto_TypeFromJSON;
@@ -43,8 +41,6 @@ exports.featureSet_JsonFormatFromJSON = featureSet_JsonFormatFromJSON;
exports.featureSet_JsonFormatToJSON = featureSet_JsonFormatToJSON;
exports.featureSet_EnforceNamingStyleFromJSON = featureSet_EnforceNamingStyleFromJSON;
exports.featureSet_EnforceNamingStyleToJSON = featureSet_EnforceNamingStyleToJSON;
exports.featureSet_VisibilityFeature_DefaultSymbolVisibilityFromJSON = featureSet_VisibilityFeature_DefaultSymbolVisibilityFromJSON;
exports.featureSet_VisibilityFeature_DefaultSymbolVisibilityToJSON = featureSet_VisibilityFeature_DefaultSymbolVisibilityToJSON;
exports.generatedCodeInfo_Annotation_SemanticFromJSON = generatedCodeInfo_Annotation_SemanticFromJSON;
exports.generatedCodeInfo_Annotation_SemanticToJSON = generatedCodeInfo_Annotation_SemanticToJSON;
/* eslint-disable */
@@ -73,8 +69,6 @@ var Edition;
*/
Edition[Edition["EDITION_2023"] = 1000] = "EDITION_2023";
Edition[Edition["EDITION_2024"] = 1001] = "EDITION_2024";
/** EDITION_UNSTABLE - A placeholder edition for developing and testing unscheduled features. */
Edition[Edition["EDITION_UNSTABLE"] = 9999] = "EDITION_UNSTABLE";
/**
* EDITION_1_TEST_ONLY - Placeholder editions for testing feature resolution. These should not be
* used or relied on outside of tests.
@@ -111,9 +105,6 @@ function editionFromJSON(object) {
case 1001:
case "EDITION_2024":
return Edition.EDITION_2024;
case 9999:
case "EDITION_UNSTABLE":
return Edition.EDITION_UNSTABLE;
case 1:
case "EDITION_1_TEST_ONLY":
return Edition.EDITION_1_TEST_ONLY;
@@ -150,8 +141,6 @@ function editionToJSON(object) {
return "EDITION_2023";
case Edition.EDITION_2024:
return "EDITION_2024";
case Edition.EDITION_UNSTABLE:
return "EDITION_UNSTABLE";
case Edition.EDITION_1_TEST_ONLY:
return "EDITION_1_TEST_ONLY";
case Edition.EDITION_2_TEST_ONLY:
@@ -168,46 +157,6 @@ function editionToJSON(object) {
throw new globalThis.Error("Unrecognized enum value " + object + " for enum Edition");
}
}
/**
* Describes the 'visibility' of a symbol with respect to the proto import
* system. Symbols can only be imported when the visibility rules do not prevent
* it (ex: local symbols cannot be imported). Visibility modifiers can only set
* on `message` and `enum` as they are the only types available to be referenced
* from other files.
*/
var SymbolVisibility;
(function (SymbolVisibility) {
SymbolVisibility[SymbolVisibility["VISIBILITY_UNSET"] = 0] = "VISIBILITY_UNSET";
SymbolVisibility[SymbolVisibility["VISIBILITY_LOCAL"] = 1] = "VISIBILITY_LOCAL";
SymbolVisibility[SymbolVisibility["VISIBILITY_EXPORT"] = 2] = "VISIBILITY_EXPORT";
})(SymbolVisibility || (exports.SymbolVisibility = SymbolVisibility = {}));
function symbolVisibilityFromJSON(object) {
switch (object) {
case 0:
case "VISIBILITY_UNSET":
return SymbolVisibility.VISIBILITY_UNSET;
case 1:
case "VISIBILITY_LOCAL":
return SymbolVisibility.VISIBILITY_LOCAL;
case 2:
case "VISIBILITY_EXPORT":
return SymbolVisibility.VISIBILITY_EXPORT;
default:
throw new globalThis.Error("Unrecognized enum value " + object + " for enum SymbolVisibility");
}
}
function symbolVisibilityToJSON(object) {
switch (object) {
case SymbolVisibility.VISIBILITY_UNSET:
return "VISIBILITY_UNSET";
case SymbolVisibility.VISIBILITY_LOCAL:
return "VISIBILITY_LOCAL";
case SymbolVisibility.VISIBILITY_EXPORT:
return "VISIBILITY_EXPORT";
default:
throw new globalThis.Error("Unrecognized enum value " + object + " for enum SymbolVisibility");
}
}
/** The verification state of the extension range. */
var ExtensionRangeOptions_VerificationState;
(function (ExtensionRangeOptions_VerificationState) {
@@ -928,59 +877,6 @@ function featureSet_EnforceNamingStyleToJSON(object) {
throw new globalThis.Error("Unrecognized enum value " + object + " for enum FeatureSet_EnforceNamingStyle");
}
}
var FeatureSet_VisibilityFeature_DefaultSymbolVisibility;
(function (FeatureSet_VisibilityFeature_DefaultSymbolVisibility) {
FeatureSet_VisibilityFeature_DefaultSymbolVisibility[FeatureSet_VisibilityFeature_DefaultSymbolVisibility["DEFAULT_SYMBOL_VISIBILITY_UNKNOWN"] = 0] = "DEFAULT_SYMBOL_VISIBILITY_UNKNOWN";
/** EXPORT_ALL - Default pre-EDITION_2024, all UNSET visibility are export. */
FeatureSet_VisibilityFeature_DefaultSymbolVisibility[FeatureSet_VisibilityFeature_DefaultSymbolVisibility["EXPORT_ALL"] = 1] = "EXPORT_ALL";
/** EXPORT_TOP_LEVEL - All top-level symbols default to export, nested default to local. */
FeatureSet_VisibilityFeature_DefaultSymbolVisibility[FeatureSet_VisibilityFeature_DefaultSymbolVisibility["EXPORT_TOP_LEVEL"] = 2] = "EXPORT_TOP_LEVEL";
/** LOCAL_ALL - All symbols default to local. */
FeatureSet_VisibilityFeature_DefaultSymbolVisibility[FeatureSet_VisibilityFeature_DefaultSymbolVisibility["LOCAL_ALL"] = 3] = "LOCAL_ALL";
/**
* STRICT - All symbols local by default. Nested types cannot be exported.
* With special case caveat for message { enum {} reserved 1 to max; }
* This is the recommended setting for new protos.
*/
FeatureSet_VisibilityFeature_DefaultSymbolVisibility[FeatureSet_VisibilityFeature_DefaultSymbolVisibility["STRICT"] = 4] = "STRICT";
})(FeatureSet_VisibilityFeature_DefaultSymbolVisibility || (exports.FeatureSet_VisibilityFeature_DefaultSymbolVisibility = FeatureSet_VisibilityFeature_DefaultSymbolVisibility = {}));
function featureSet_VisibilityFeature_DefaultSymbolVisibilityFromJSON(object) {
switch (object) {
case 0:
case "DEFAULT_SYMBOL_VISIBILITY_UNKNOWN":
return FeatureSet_VisibilityFeature_DefaultSymbolVisibility.DEFAULT_SYMBOL_VISIBILITY_UNKNOWN;
case 1:
case "EXPORT_ALL":
return FeatureSet_VisibilityFeature_DefaultSymbolVisibility.EXPORT_ALL;
case 2:
case "EXPORT_TOP_LEVEL":
return FeatureSet_VisibilityFeature_DefaultSymbolVisibility.EXPORT_TOP_LEVEL;
case 3:
case "LOCAL_ALL":
return FeatureSet_VisibilityFeature_DefaultSymbolVisibility.LOCAL_ALL;
case 4:
case "STRICT":
return FeatureSet_VisibilityFeature_DefaultSymbolVisibility.STRICT;
default:
throw new globalThis.Error("Unrecognized enum value " + object + " for enum FeatureSet_VisibilityFeature_DefaultSymbolVisibility");
}
}
function featureSet_VisibilityFeature_DefaultSymbolVisibilityToJSON(object) {
switch (object) {
case FeatureSet_VisibilityFeature_DefaultSymbolVisibility.DEFAULT_SYMBOL_VISIBILITY_UNKNOWN:
return "DEFAULT_SYMBOL_VISIBILITY_UNKNOWN";
case FeatureSet_VisibilityFeature_DefaultSymbolVisibility.EXPORT_ALL:
return "EXPORT_ALL";
case FeatureSet_VisibilityFeature_DefaultSymbolVisibility.EXPORT_TOP_LEVEL:
return "EXPORT_TOP_LEVEL";
case FeatureSet_VisibilityFeature_DefaultSymbolVisibility.LOCAL_ALL:
return "LOCAL_ALL";
case FeatureSet_VisibilityFeature_DefaultSymbolVisibility.STRICT:
return "STRICT";
default:
throw new globalThis.Error("Unrecognized enum value " + object + " for enum FeatureSet_VisibilityFeature_DefaultSymbolVisibility");
}
}
/**
* Represents the identified object's effect on the element in the original
* .proto file.
@@ -1049,9 +945,6 @@ exports.FileDescriptorProto = {
weakDependency: globalThis.Array.isArray(object?.weakDependency)
? object.weakDependency.map((e) => globalThis.Number(e))
: [],
optionDependency: globalThis.Array.isArray(object?.optionDependency)
? object.optionDependency.map((e) => globalThis.String(e))
: [],
messageType: globalThis.Array.isArray(object?.messageType)
? object.messageType.map((e) => exports.DescriptorProto.fromJSON(e))
: [],
@@ -1087,9 +980,6 @@ exports.FileDescriptorProto = {
if (message.weakDependency?.length) {
obj.weakDependency = message.weakDependency.map((e) => Math.round(e));
}
if (message.optionDependency?.length) {
obj.optionDependency = message.optionDependency;
}
if (message.messageType?.length) {
obj.messageType = message.messageType.map((e) => exports.DescriptorProto.toJSON(e));
}
@@ -1146,7 +1036,6 @@ exports.DescriptorProto = {
reservedName: globalThis.Array.isArray(object?.reservedName)
? object.reservedName.map((e) => globalThis.String(e))
: [],
visibility: isSet(object.visibility) ? symbolVisibilityFromJSON(object.visibility) : 0,
};
},
toJSON(message) {
@@ -1181,9 +1070,6 @@ exports.DescriptorProto = {
if (message.reservedName?.length) {
obj.reservedName = message.reservedName;
}
if (message.visibility !== undefined && message.visibility !== 0) {
obj.visibility = symbolVisibilityToJSON(message.visibility);
}
return obj;
},
};
@@ -1375,7 +1261,6 @@ exports.EnumDescriptorProto = {
reservedName: globalThis.Array.isArray(object?.reservedName)
? object.reservedName.map((e) => globalThis.String(e))
: [],
visibility: isSet(object.visibility) ? symbolVisibilityFromJSON(object.visibility) : 0,
};
},
toJSON(message) {
@@ -1395,9 +1280,6 @@ exports.EnumDescriptorProto = {
if (message.reservedName?.length) {
obj.reservedName = message.reservedName;
}
if (message.visibility !== undefined && message.visibility !== 0) {
obj.visibility = symbolVisibilityToJSON(message.visibility);
}
return obj;
},
};
@@ -1742,7 +1624,6 @@ exports.FieldOptions_FeatureSupport = {
editionDeprecated: isSet(object.editionDeprecated) ? editionFromJSON(object.editionDeprecated) : 0,
deprecationWarning: isSet(object.deprecationWarning) ? globalThis.String(object.deprecationWarning) : "",
editionRemoved: isSet(object.editionRemoved) ? editionFromJSON(object.editionRemoved) : 0,
removalError: isSet(object.removalError) ? globalThis.String(object.removalError) : "",
};
},
toJSON(message) {
@@ -1759,9 +1640,6 @@ exports.FieldOptions_FeatureSupport = {
if (message.editionRemoved !== undefined && message.editionRemoved !== 0) {
obj.editionRemoved = editionToJSON(message.editionRemoved);
}
if (message.removalError !== undefined && message.removalError !== "") {
obj.removalError = message.removalError;
}
return obj;
},
};
@@ -1979,9 +1857,6 @@ exports.FeatureSet = {
enforceNamingStyle: isSet(object.enforceNamingStyle)
? featureSet_EnforceNamingStyleFromJSON(object.enforceNamingStyle)
: 0,
defaultSymbolVisibility: isSet(object.defaultSymbolVisibility)
? featureSet_VisibilityFeature_DefaultSymbolVisibilityFromJSON(object.defaultSymbolVisibility)
: 0,
};
},
toJSON(message) {
@@ -2007,18 +1882,6 @@ exports.FeatureSet = {
if (message.enforceNamingStyle !== undefined && message.enforceNamingStyle !== 0) {
obj.enforceNamingStyle = featureSet_EnforceNamingStyleToJSON(message.enforceNamingStyle);
}
if (message.defaultSymbolVisibility !== undefined && message.defaultSymbolVisibility !== 0) {
obj.defaultSymbolVisibility = featureSet_VisibilityFeature_DefaultSymbolVisibilityToJSON(message.defaultSymbolVisibility);
}
return obj;
},
};
exports.FeatureSet_VisibilityFeature = {
fromJSON(_) {
return {};
},
toJSON(_) {
const obj = {};
return obj;
},
};
node_modules/@sigstore/protobuf-specs/dist/__generated__/google/protobuf/timestamp.d.ts
Generated Vendored
+8 -9
View File
@@ -71,8 +71,8 @@
* {hour}, {min}, and {sec} are zero-padded to two digits each. The fractional
* seconds, which can go up to 9 digits (i.e. up to 1 nanosecond resolution),
* are optional. The "Z" suffix indicates the timezone ("UTC"); the timezone
* is required. A ProtoJSON serializer should always use UTC (as indicated by
* "Z") when printing the Timestamp type and a ProtoJSON parser should be
* is required. A proto3 JSON serializer should always use UTC (as indicated by
* "Z") when printing the Timestamp type and a proto3 JSON parser should be
* able to accept both UTC and other timezones (as indicated by an offset).
*
* For example, "2017-01-15T01:30:15.01Z" encodes 15.01 seconds past
@@ -91,16 +91,15 @@
*/
export interface Timestamp {
/**
* Represents seconds of UTC time since Unix epoch 1970-01-01T00:00:00Z. Must
* be between -62135596800 and 253402300799 inclusive (which corresponds to
* 0001-01-01T00:00:00Z to 9999-12-31T23:59:59Z).
* Represents seconds of UTC time since Unix epoch
* 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to
* 9999-12-31T23:59:59Z inclusive.
*/
seconds: string;
/**
* Non-negative fractions of a second at nanosecond resolution. This field is
* the nanosecond portion of the duration, not an alternative to seconds.
* Negative second values with fractions must still have non-negative nanos
* values that count forward in time. Must be between 0 and 999,999,999
* Non-negative fractions of a second at nanosecond resolution. Negative
* second values with fractions must still have non-negative nanos values
* that count forward in time. Must be from 0 to 999,999,999
* inclusive.
*/
nanos: number;
node_modules/@sigstore/protobuf-specs/dist/__generated__/google/protobuf/timestamp.js
Generated Vendored
+2 -2
View File
@@ -1,8 +1,8 @@
"use strict";
// Code generated by protoc-gen-ts_proto. DO NOT EDIT.
// versions:
// protoc-gen-ts_proto v2.11.5
// protoc v7.34.1
// protoc-gen-ts_proto v2.7.0
// protoc v6.30.2
// source: google/protobuf/timestamp.proto
Object.defineProperty(exports, "__esModule", { value: true });
exports.Timestamp = void 0;
node_modules/@sigstore/protobuf-specs/dist/__generated__/rekor/v2/dsse.js
Generated Vendored
+2 -2
View File
@@ -1,8 +1,8 @@
"use strict";
// Code generated by protoc-gen-ts_proto. DO NOT EDIT.
// versions:
// protoc-gen-ts_proto v2.11.5
// protoc v7.34.1
// protoc-gen-ts_proto v2.7.0
// protoc v6.30.2
// source: rekor/v2/dsse.proto
Object.defineProperty(exports, "__esModule", { value: true });
exports.DSSELogEntryV002 = exports.DSSERequestV002 = void 0;
node_modules/@sigstore/protobuf-specs/dist/__generated__/rekor/v2/entry.d.ts
Generated Vendored
+2 -2
View File
@@ -15,7 +15,7 @@ export interface Entry {
}
/** Spec contains one of the Rekor entry types. */
export interface Spec {
spec: {
spec?: {
$case: "hashedRekordV002";
hashedRekordV002: HashedRekordLogEntryV002;
} | {
@@ -25,7 +25,7 @@ export interface Spec {
}
/** Create a new HashedRekord or DSSE */
export interface CreateEntryRequest {
spec: {
spec?: {
$case: "hashedRekordRequestV002";
hashedRekordRequestV002: HashedRekordRequestV002;
} | {
node_modules/@sigstore/protobuf-specs/dist/__generated__/rekor/v2/entry.js
Generated Vendored
+2 -2
View File
@@ -1,8 +1,8 @@
"use strict";
// Code generated by protoc-gen-ts_proto. DO NOT EDIT.
// versions:
// protoc-gen-ts_proto v2.11.5
// protoc v7.34.1
// protoc-gen-ts_proto v2.7.0
// protoc v6.30.2
// source: rekor/v2/entry.proto
Object.defineProperty(exports, "__esModule", { value: true });
exports.CreateEntryRequest = exports.Spec = exports.Entry = void 0;
node_modules/@sigstore/protobuf-specs/dist/__generated__/rekor/v2/hashedrekord.js
Generated Vendored
+2 -2
View File
@@ -1,8 +1,8 @@
"use strict";
// Code generated by protoc-gen-ts_proto. DO NOT EDIT.
// versions:
// protoc-gen-ts_proto v2.11.5
// protoc v7.34.1
// protoc-gen-ts_proto v2.7.0
// protoc v6.30.2
// source: rekor/v2/hashedrekord.proto
Object.defineProperty(exports, "__esModule", { value: true });
exports.HashedRekordLogEntryV002 = exports.HashedRekordRequestV002 = void 0;
node_modules/@sigstore/protobuf-specs/dist/__generated__/rekor/v2/verifier.d.ts
Generated Vendored
+1 -1
View File
@@ -6,7 +6,7 @@ export interface PublicKey {
}
/** Either a public key or a X.509 cerificiate with an embedded public key */
export interface Verifier {
verifier: //
verifier?: //
/** DER-encoded public key. Encoding method is specified by the key_details attribute */
{
$case: "publicKey";
node_modules/@sigstore/protobuf-specs/dist/__generated__/rekor/v2/verifier.js
Generated Vendored
+2 -2
View File
@@ -1,8 +1,8 @@
"use strict";
// Code generated by protoc-gen-ts_proto. DO NOT EDIT.
// versions:
// protoc-gen-ts_proto v2.11.5
// protoc v7.34.1
// protoc-gen-ts_proto v2.7.0
// protoc v6.30.2
// source: rekor/v2/verifier.proto
Object.defineProperty(exports, "__esModule", { value: true });
exports.Signature = exports.Verifier = exports.PublicKey = void 0;
node_modules/@sigstore/protobuf-specs/dist/__generated__/sigstore_bundle.d.ts
Generated Vendored
+2 -2
View File
@@ -63,7 +63,7 @@ export interface VerificationMaterial {
* When used in a `0.3` bundle with the PGI and "keyless" signing,
* form (3) MUST be used.
*/
content: {
content?: {
$case: "publicKey";
publicKey: PublicKeyIdentifier;
} | {
@@ -112,7 +112,7 @@ export interface Bundle {
* DSSE envelope.
*/
verificationMaterial: VerificationMaterial | undefined;
content: {
content?: {
$case: "messageSignature";
messageSignature: MessageSignature;
} | //
node_modules/@sigstore/protobuf-specs/dist/__generated__/sigstore_bundle.js
Generated Vendored
+2 -2
View File
@@ -1,8 +1,8 @@
"use strict";
// Code generated by protoc-gen-ts_proto. DO NOT EDIT.
// versions:
// protoc-gen-ts_proto v2.11.5
// protoc v7.34.1
// protoc-gen-ts_proto v2.7.0
// protoc v6.30.2
// source: sigstore_bundle.proto
Object.defineProperty(exports, "__esModule", { value: true });
exports.Bundle = exports.VerificationMaterial = exports.TimestampVerificationData = void 0;
node_modules/@sigstore/protobuf-specs/dist/__generated__/sigstore_common.d.ts
Generated Vendored
+10 -21
View File
@@ -12,17 +12,7 @@ export declare enum HashAlgorithm {
SHA2_256 = 1,
SHA2_384 = 2,
SHA2_512 = 3,
/**
* SHA3_256 - Used for LMS
*
* @deprecated
*/
SHA3_256 = 4,
/**
* SHA3_384 - Used for LMS
*
* @deprecated
*/
SHA3_384 = 5
}
export declare function hashAlgorithmFromJSON(object: any): HashAlgorithm;
@@ -98,7 +88,9 @@ export declare enum PublicKeyDetails {
* LMS_SHA256 - LMS and LM-OTS
*
* These algorithms are deprecated and should not be used.
* There are no plans to support SLH-DSA at this time.
* Keys and signatures MAY be used by private Sigstore
* deployments, but will not be supported by the public
* good instance.
*
* USER WARNING: LMS and LM-OTS are both stateful signature schemes.
* Using them correctly requires discretion and careful consideration
@@ -114,23 +106,20 @@ export declare enum PublicKeyDetails {
/** @deprecated */
LMOTS_SHA256 = 15,
/**
* ML_DSA_44 - ML-DSA
* ML_DSA_65 - ML-DSA
*
* These ML_DSA_44, ML_DSA_65 and ML-DSA_87 algorithms are the pure variants
* that take data to sign rather than the prehash variants (HashML-DSA), which
* take digests. While considered quantum-resistant, their usage
* These ML_DSA_65 and ML-DSA_87 algorithms are the pure variants that
* take data to sign rather than the prehash variants (HashML-DSA), which
* take digests. While considered quantum-resistant, their usage
* involves tradeoffs in that signatures and keys are much larger, and
* this makes deployments more costly.
*
* USER WARNING: ML_DSA_44, ML_DSA_65 and ML_DSA_87 are experimental algorithms.
* USER WARNING: ML_DSA_65 and ML_DSA_87 are experimental algorithms.
* In the future they MAY be used by private Sigstore deployments, but
* they are not yet fully functional. This warning will be removed when
* they are not yet fully functional. This warning will be removed when
* these algorithms are widely supported by Sigstore clients and servers,
* but care should still be taken for production environments.
*
* See NIST FIPS 204, RFC 9881 for algorithm identifiers
*/
ML_DSA_44 = 23,
ML_DSA_65 = 21,
ML_DSA_87 = 22
}
@@ -242,7 +231,7 @@ export interface X509Certificate {
}
export interface SubjectAlternativeName {
type: SubjectAlternativeNameType;
identity: //
identity?: //
/**
* A regular expression describing the expected value for
* the SAN.
node_modules/@sigstore/protobuf-specs/dist/__generated__/sigstore_common.js
Generated Vendored
+11 -27
View File
@@ -1,8 +1,8 @@
"use strict";
// Code generated by protoc-gen-ts_proto. DO NOT EDIT.
// versions:
// protoc-gen-ts_proto v2.11.5
// protoc v7.34.1
// protoc-gen-ts_proto v2.7.0
// protoc v6.30.2
// source: sigstore_common.proto
Object.defineProperty(exports, "__esModule", { value: true });
exports.TimeRange = exports.X509CertificateChain = exports.SubjectAlternativeName = exports.X509Certificate = exports.DistinguishedName = exports.ObjectIdentifierValuePair = exports.ObjectIdentifier = exports.PublicKeyIdentifier = exports.PublicKey = exports.RFC3161SignedTimestamp = exports.LogId = exports.MessageSignature = exports.HashOutput = exports.SubjectAlternativeNameType = exports.PublicKeyDetails = exports.HashAlgorithm = void 0;
@@ -29,17 +29,7 @@ var HashAlgorithm;
HashAlgorithm[HashAlgorithm["SHA2_256"] = 1] = "SHA2_256";
HashAlgorithm[HashAlgorithm["SHA2_384"] = 2] = "SHA2_384";
HashAlgorithm[HashAlgorithm["SHA2_512"] = 3] = "SHA2_512";
/**
* SHA3_256 - Used for LMS
*
* @deprecated
*/
HashAlgorithm[HashAlgorithm["SHA3_256"] = 4] = "SHA3_256";
/**
* SHA3_384 - Used for LMS
*
* @deprecated
*/
HashAlgorithm[HashAlgorithm["SHA3_384"] = 5] = "SHA3_384";
})(HashAlgorithm || (exports.HashAlgorithm = HashAlgorithm = {}));
function hashAlgorithmFromJSON(object) {
@@ -156,7 +146,9 @@ var PublicKeyDetails;
* LMS_SHA256 - LMS and LM-OTS
*
* These algorithms are deprecated and should not be used.
* There are no plans to support SLH-DSA at this time.
* Keys and signatures MAY be used by private Sigstore
* deployments, but will not be supported by the public
* good instance.
*
* USER WARNING: LMS and LM-OTS are both stateful signature schemes.
* Using them correctly requires discretion and careful consideration
@@ -172,23 +164,20 @@ var PublicKeyDetails;
/** @deprecated */
PublicKeyDetails[PublicKeyDetails["LMOTS_SHA256"] = 15] = "LMOTS_SHA256";
/**
* ML_DSA_44 - ML-DSA
* ML_DSA_65 - ML-DSA
*
* These ML_DSA_44, ML_DSA_65 and ML-DSA_87 algorithms are the pure variants
* that take data to sign rather than the prehash variants (HashML-DSA), which
* take digests. While considered quantum-resistant, their usage
* These ML_DSA_65 and ML-DSA_87 algorithms are the pure variants that
* take data to sign rather than the prehash variants (HashML-DSA), which
* take digests. While considered quantum-resistant, their usage
* involves tradeoffs in that signatures and keys are much larger, and
* this makes deployments more costly.
*
* USER WARNING: ML_DSA_44, ML_DSA_65 and ML_DSA_87 are experimental algorithms.
* USER WARNING: ML_DSA_65 and ML_DSA_87 are experimental algorithms.
* In the future they MAY be used by private Sigstore deployments, but
* they are not yet fully functional. This warning will be removed when
* they are not yet fully functional. This warning will be removed when
* these algorithms are widely supported by Sigstore clients and servers,
* but care should still be taken for production environments.
*
* See NIST FIPS 204, RFC 9881 for algorithm identifiers
*/
PublicKeyDetails[PublicKeyDetails["ML_DSA_44"] = 23] = "ML_DSA_44";
PublicKeyDetails[PublicKeyDetails["ML_DSA_65"] = 21] = "ML_DSA_65";
PublicKeyDetails[PublicKeyDetails["ML_DSA_87"] = 22] = "ML_DSA_87";
})(PublicKeyDetails || (exports.PublicKeyDetails = PublicKeyDetails = {}));
@@ -257,9 +246,6 @@ function publicKeyDetailsFromJSON(object) {
case 15:
case "LMOTS_SHA256":
return PublicKeyDetails.LMOTS_SHA256;
case 23:
case "ML_DSA_44":
return PublicKeyDetails.ML_DSA_44;
case 21:
case "ML_DSA_65":
return PublicKeyDetails.ML_DSA_65;
@@ -314,8 +300,6 @@ function publicKeyDetailsToJSON(object) {
return "LMS_SHA256";
case PublicKeyDetails.LMOTS_SHA256:
return "LMOTS_SHA256";
case PublicKeyDetails.ML_DSA_44:
return "ML_DSA_44";
case PublicKeyDetails.ML_DSA_65:
return "ML_DSA_65";
case PublicKeyDetails.ML_DSA_87:
node_modules/@sigstore/protobuf-specs/dist/__generated__/sigstore_rekor.js
Generated Vendored
+2 -2
View File
@@ -1,8 +1,8 @@
"use strict";
// Code generated by protoc-gen-ts_proto. DO NOT EDIT.
// versions:
// protoc-gen-ts_proto v2.11.5
// protoc v7.34.1
// protoc-gen-ts_proto v2.7.0
// protoc v6.30.2
// source: sigstore_rekor.proto
Object.defineProperty(exports, "__esModule", { value: true });
exports.TransparencyLogEntry = exports.InclusionPromise = exports.InclusionProof = exports.Checkpoint = exports.KindVersion = void 0;
node_modules/@sigstore/protobuf-specs/dist/__generated__/sigstore_trustroot.d.ts
Generated Vendored
+18 -21
View File
@@ -50,25 +50,23 @@ export interface TransparencyLogInstance {
*/
publicKey: PublicKey | undefined;
/**
* The identifier for this transparency log.
* The unique identifier for this transparency log.
* Represented as the SHA-256 hash of the log's public key,
* calculated over the DER encoding of the key represented as
* SubjectPublicKeyInfo.
* See https://www.rfc-editor.org/rfc/rfc6962#section-3.2
* For Rekor v2 instances, log_id and checkpoint_key_id will be set
* to the same value.
* It is recommended to use checkpoint_key_id instead, since log_id is not
* MUST set checkpoint_key_id if multiple logs use the same
* signing key.
* Deprecated: Use checkpoint_key_id instead, since log_id is not
* guaranteed to be unique across multiple deployments. Clients
* must use the key name and key ID, as defined by the signed-note spec
* linked below, from a checkpoint to determine the correct
* TransparencyLogInstance to verify a proof.
* log_id will eventually be deprecated in favor of checkpoint_id.
* must use the key name and key ID from a checkpoint to determine
* the correct TransparencyLogInstance to verify a proof.
*
* @deprecated
*/
logId: LogId | undefined;
/**
* The unique identifier for the log, used in the checkpoint.
* Only supported for TrustedRoot media types matching or greater than
* application/vnd.dev.sigstore.trustedroot.v0.2+json
* Its calculation is described in
* https://github.com/C2SP/C2SP/blob/main/signed-note.md#signatures
* SHOULD be set for all logs. When not set, clients MUST use log_id.
@@ -95,8 +93,6 @@ export interface TransparencyLogInstance {
/**
* The name of the operator of this log deployment. Operator MUST be
* formatted as a scheme-less URI, e.g. sigstore.dev
* Only supported for TrustedRoot media types matching or greater than
* application/vnd.dev.sigstore.trustedroot.v0.2+json
* This MUST be used when there are multiple transparency log instances
* to determine if log proof verification meets a specified threshold,
* e.g. two proofs from log deployments operated by the same operator
@@ -167,10 +163,13 @@ export interface CertificateAuthority {
* previously used instance -- otherwise signatures made in the past cannot
* be verified.
*
* All the listed instances SHOULD be sorted by the 'valid_for.start'
* in ascending order, that is, the oldest instance first. Clients
* MUST accept instances that overlaps in time, if not clients may
* experience problems during rotations of verification materials.
* All the listed instances SHOULD be sorted by the 'valid_for' in ascending
* order, that is, the oldest instance first. Only the last instance is
* allowed to have their 'end' timestamp unset. All previous instances MUST
* have a closed interval of validity. The last instance MAY have a closed
* interval. Clients MUST accept instances that overlaps in time, if not
* clients may experience problems during rotations of verification
* materials.
*
* To be able to manage planned rotations of either transparency logs or
* certificate authorities, clienst MUST accept lists of instances where
@@ -181,12 +180,10 @@ export interface CertificateAuthority {
*/
export interface TrustedRoot {
/**
* MUST be application/vnd.dev.sigstore.trustedroot.v0.2+json
* MUST be application/vnd.dev.sigstore.trustedroot.v0.1+json
* when encoded as JSON.
* Clients MAY choose to also support
* application/vnd.dev.sigstore.trustedroot.v0.1+json
* Clients MAY process and parse content with the media type defined
* in the old format:
* Clients MUST be able to process and parse content with the media
* type defined in the old format:
* application/vnd.dev.sigstore.trustedroot+json;version=0.1
*/
mediaType: string;
node_modules/@sigstore/protobuf-specs/dist/__generated__/sigstore_trustroot.js
Generated Vendored
+2 -2
View File
@@ -1,8 +1,8 @@
"use strict";
// Code generated by protoc-gen-ts_proto. DO NOT EDIT.
// versions:
// protoc-gen-ts_proto v2.11.5
// protoc v7.34.1
// protoc-gen-ts_proto v2.7.0
// protoc v6.30.2
// source: sigstore_trustroot.proto
Object.defineProperty(exports, "__esModule", { value: true });
exports.ClientTrustConfig = exports.ServiceConfiguration = exports.Service = exports.SigningConfig = exports.TrustedRoot = exports.CertificateAuthority = exports.TransparencyLogInstance = exports.ServiceSelector = void 0;
node_modules/@sigstore/protobuf-specs/dist/__generated__/sigstore_verification.d.ts
Generated Vendored
+2 -2
View File
@@ -29,7 +29,7 @@ export interface ArtifactVerificationOptions {
* is an error. If at least one provided identity is found as a
* signer, the verification is considered successful.
*/
signers: {
signers?: {
$case: "certificateIdentities";
certificateIdentities: CertificateIdentities;
} | //
@@ -127,7 +127,7 @@ export interface ArtifactVerificationOptions_ObserverTimestampOptions {
disable: boolean;
}
export interface Artifact {
data: //
data?: //
/** Location of the artifact */
{
$case: "artifactUri";
node_modules/@sigstore/protobuf-specs/dist/__generated__/sigstore_verification.js
Generated Vendored
+2 -2
View File
@@ -1,8 +1,8 @@
"use strict";
// Code generated by protoc-gen-ts_proto. DO NOT EDIT.
// versions:
// protoc-gen-ts_proto v2.11.5
// protoc v7.34.1
// protoc-gen-ts_proto v2.7.0
// protoc v6.30.2
// source: sigstore_verification.proto
Object.defineProperty(exports, "__esModule", { value: true });
exports.Input = exports.Artifact = exports.ArtifactVerificationOptions_ObserverTimestampOptions = exports.ArtifactVerificationOptions_TlogIntegratedTimestampOptions = exports.ArtifactVerificationOptions_TimestampAuthorityOptions = exports.ArtifactVerificationOptions_CtlogOptions = exports.ArtifactVerificationOptions_TlogOptions = exports.ArtifactVerificationOptions = exports.PublicKeyIdentities = exports.CertificateIdentities = exports.CertificateIdentity = void 0;
node_modules/@sigstore/protobuf-specs/package.json
Generated Vendored
+1 -5
View File
@@ -1,13 +1,9 @@
{
"name": "@sigstore/protobuf-specs",
"version": "0.5.1",
"version": "0.4.3",
"description": "code-signing for npm packages",
"main": "dist/index.js",
"types": "dist/index.d.ts",
"exports": {
".": "./dist/index.js",
"./rekor/v2": "./dist/rekor/v2/index.js"
},
"scripts": {
"build": "tsc"
},
node_modules/@sigstore/sign/README.md
Generated Vendored
+1 -1
View File
@@ -13,7 +13,7 @@ A library for generating [Sigstore][1] signatures.
## Prerequisites
- Node.js version ^20.17.0 || >=22.9.0
- Node.js version >= 18.17.0
## Installation
node_modules/@sigstore/sign/dist/bundler/base.js
Generated Vendored
-2
View File
@@ -6,8 +6,6 @@ exports.BaseBundleBuilder = void 0;
// Subclasses must implement the `package` method to assemble a valid bundle
// with the generated signature and verification material.
class BaseBundleBuilder {
signer;
witnesses;
constructor(options) {
this.signer = options.signer;
this.witnesses = options.witnesses;
node_modules/@sigstore/sign/dist/bundler/dsse.js
Generated Vendored
-1
View File
@@ -21,7 +21,6 @@ const base_1 = require("./base");
const bundle_1 = require("./bundle");
// BundleBuilder implementation for DSSE wrapped attestations
class DSSEBundleBuilder extends base_1.BaseBundleBuilder {
certificateChain;
constructor(options) {
super(options);
this.certificateChain = options.certificateChain ?? false;
node_modules/@sigstore/sign/dist/error.js
Generated Vendored
-2
View File
@@ -19,8 +19,6 @@ exports.InternalError = void 0;
exports.internalError = internalError;
const error_1 = require("./external/error");
class InternalError extends Error {
code;
cause;
constructor({ code, message, cause, }) {
super(message);
this.name = this.constructor.name;
node_modules/@sigstore/sign/dist/external/error.js
Generated Vendored
-2
View File
@@ -17,8 +17,6 @@ limitations under the License.
Object.defineProperty(exports, "__esModule", { value: true });
exports.HTTPError = void 0;
class HTTPError extends Error {
statusCode;
location;
constructor({ status, message, location, }) {
super(`(${status}) ${message}`);
this.statusCode = status;
node_modules/@sigstore/sign/dist/external/fetch.js
Generated Vendored
+2 -2
View File
@@ -19,15 +19,15 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
const promise_retry_1 = require("@gar/promise-retry");
const http2_1 = require("http2");
const make_fetch_happen_1 = __importDefault(require("make-fetch-happen"));
const proc_log_1 = require("proc-log");
const promise_retry_1 = __importDefault(require("promise-retry"));
const util_1 = require("../util");
const error_1 = require("./error");
const { HTTP2_HEADER_LOCATION, HTTP2_HEADER_CONTENT_TYPE, HTTP2_HEADER_USER_AGENT, HTTP_STATUS_INTERNAL_SERVER_ERROR, HTTP_STATUS_TOO_MANY_REQUESTS, HTTP_STATUS_REQUEST_TIMEOUT, } = http2_1.constants;
async function fetchWithRetry(url, options) {
return (0, promise_retry_1.promiseRetry)(async (retry, attemptNum) => {
return (0, promise_retry_1.default)(async (retry, attemptNum) => {
const method = options.method || 'POST';
const headers = {
[HTTP2_HEADER_USER_AGENT]: util_1.ua.getUserAgent(),
node_modules/@sigstore/sign/dist/external/fulcio.js
Generated Vendored
-1
View File
@@ -21,7 +21,6 @@ const fetch_1 = require("./fetch");
* Fulcio API client.
*/
class Fulcio {
options;
constructor(options) {
this.options = options;
}
node_modules/@sigstore/sign/dist/external/rekor.js
Generated Vendored
-1
View File
@@ -21,7 +21,6 @@ const fetch_1 = require("./fetch");
* Rekor API client.
*/
class Rekor {
options;
constructor(options) {
this.options = options;
}
node_modules/@sigstore/sign/dist/external/tsa.js
Generated Vendored
+1 -7
View File
@@ -18,18 +18,12 @@ limitations under the License.
*/
const fetch_1 = require("./fetch");
class TimestampAuthority {
options;
constructor(options) {
this.options = options;
}
async createTimestamp(request) {
const { baseURL, timeout, retry } = this.options;
// Account for the fact that the TSA URL may already include the full
// path if the client was initalized from a `SigningConfig` service entry
// (which always uses the full URL).
const url = new URL(baseURL).pathname === '/'
? `${baseURL}/api/v1/timestamp`
: baseURL;
const url = `${baseURL}/api/v1/timestamp`;
const response = await (0, fetch_1.fetchWithRetry)(url, {
headers: {
'Content-Type': 'application/json',
node_modules/@sigstore/sign/dist/identity/ci.js
Generated Vendored
-1
View File
@@ -28,7 +28,6 @@ const providers = [getGHAToken, getEnv];
* one that resolves.
*/
class CIContextProvider {
audience;
/* istanbul ignore next */
constructor(audience = 'sigstore') {
this.audience = audience;
node_modules/@sigstore/sign/dist/index.d.ts
Generated Vendored
-1
View File
@@ -1,7 +1,6 @@
export type { Bundle } from '@sigstore/bundle';
export { DSSEBundleBuilder, MessageSignatureBundleBuilder } from './bundler';
export type { Artifact, BundleBuilder, BundleBuilderOptions } from './bundler';
export { bundleBuilderFromSigningConfig } from './config';
export { InternalError } from './error';
export { CIContextProvider } from './identity';
export type { IdentityProvider } from './identity';
node_modules/@sigstore/sign/dist/index.js
Generated Vendored
+1 -3
View File
@@ -1,11 +1,9 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.TSAWitness = exports.RekorWitness = exports.DEFAULT_REKOR_URL = exports.FulcioSigner = exports.DEFAULT_FULCIO_URL = exports.CIContextProvider = exports.InternalError = exports.bundleBuilderFromSigningConfig = exports.MessageSignatureBundleBuilder = exports.DSSEBundleBuilder = void 0;
exports.TSAWitness = exports.RekorWitness = exports.DEFAULT_REKOR_URL = exports.FulcioSigner = exports.DEFAULT_FULCIO_URL = exports.CIContextProvider = exports.InternalError = exports.MessageSignatureBundleBuilder = exports.DSSEBundleBuilder = void 0;
var bundler_1 = require("./bundler");
Object.defineProperty(exports, "DSSEBundleBuilder", { enumerable: true, get: function () { return bundler_1.DSSEBundleBuilder; } });
Object.defineProperty(exports, "MessageSignatureBundleBuilder", { enumerable: true, get: function () { return bundler_1.MessageSignatureBundleBuilder; } });
var config_1 = require("./config");
Object.defineProperty(exports, "bundleBuilderFromSigningConfig", { enumerable: true, get: function () { return config_1.bundleBuilderFromSigningConfig; } });
var error_1 = require("./error");
Object.defineProperty(exports, "InternalError", { enumerable: true, get: function () { return error_1.InternalError; } });
var identity_1 = require("./identity");
node_modules/@sigstore/sign/dist/signer/fulcio/ca.js
Generated Vendored
-1
View File
@@ -19,7 +19,6 @@ limitations under the License.
const error_1 = require("../../error");
const fulcio_1 = require("../../external/fulcio");
class CAClient {
fulcio;
constructor(options) {
this.fulcio = new fulcio_1.Fulcio({
baseURL: options.fulcioBaseURL,
node_modules/@sigstore/sign/dist/signer/fulcio/ephemeral.js
Generated Vendored
+6 -4
View File
@@ -1,4 +1,7 @@
"use strict";
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.EphemeralSigner = void 0;
/*
@@ -16,21 +19,20 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
const crypto_1 = require("crypto");
const crypto_1 = __importDefault(require("crypto"));
const EC_KEYPAIR_TYPE = 'ec';
const P256_CURVE = 'P-256';
// Signer implementation which uses an ephemeral keypair to sign artifacts.
// The private key lives only in memory and is tied to the lifetime of the
// EphemeralSigner instance.
class EphemeralSigner {
keypair;
constructor() {
this.keypair = (0, crypto_1.generateKeyPairSync)(EC_KEYPAIR_TYPE, {
this.keypair = crypto_1.default.generateKeyPairSync(EC_KEYPAIR_TYPE, {
namedCurve: P256_CURVE,
});
}
async sign(data) {
const signature = (0, crypto_1.sign)('sha256', data, this.keypair.privateKey);
const signature = crypto_1.default.sign(null, data, this.keypair.privateKey);
const publicKey = this.keypair.publicKey
.export({ format: 'pem', type: 'spki' })
.toString('ascii');
node_modules/@sigstore/sign/dist/signer/fulcio/index.js
Generated Vendored
-3
View File
@@ -26,9 +26,6 @@ exports.DEFAULT_FULCIO_URL = 'https://fulcio.sigstore.dev';
// Must be instantiated with an identity provider which can provide a JWT
// which represents the identity to be bound to the signing certificate.
class FulcioSigner {
ca;
identityProvider;
keyHolder;
constructor(options) {
this.ca = new ca_1.CAClient({
...options,
node_modules/@sigstore/sign/dist/util/oidc.js
Generated Vendored
+6 -11
View File
@@ -20,16 +20,11 @@ const core_1 = require("@sigstore/core");
function extractJWTSubject(jwt) {
const parts = jwt.split('.', 3);
const payload = JSON.parse(core_1.encoding.base64Decode(parts[1]));
if (payload.email) {
if (!payload.email_verified) {
throw new Error('JWT email not verified by issuer');
}
return payload.email;
}
if (payload.sub) {
return payload.sub;
}
else {
throw new Error('JWT subject not found');
switch (payload.iss) {
case 'https://accounts.google.com':
case 'https://oauth2.sigstore.dev/auth':
return payload.email;
default:
return payload.sub;
}
}
node_modules/@sigstore/sign/dist/witness/tlog/client.d.ts
Generated Vendored
-13
View File
@@ -1,5 +1,3 @@
import type { TransparencyLogEntry } from '@sigstore/bundle';
import type { CreateEntryRequest } from '@sigstore/protobuf-specs/rekor/v2';
import type { Entry, ProposedEntry } from '../../external/rekor';
import type { FetchOptions } from '../../types/fetch';
export type { Entry, ProposedEntry };
@@ -16,14 +14,3 @@ export declare class TLogClient implements TLog {
constructor(options: TLogClientOptions);
createEntry(proposedEntry: ProposedEntry): Promise<Entry>;
}
export interface TLogV2 {
createEntry: (createEntryRequest: CreateEntryRequest) => Promise<TransparencyLogEntry>;
}
export type TLogV2ClientOptions = {
rekorBaseURL: string;
} & FetchOptions;
export declare class TLogV2Client implements TLogV2 {
private rekor;
constructor(options: TLogV2ClientOptions);
createEntry(createEntryRequest: CreateEntryRequest): Promise<TransparencyLogEntry>;
}
node_modules/@sigstore/sign/dist/witness/tlog/client.js
Generated Vendored
+2 -33
View File
@@ -1,8 +1,8 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.TLogV2Client = exports.TLogClient = void 0;
exports.TLogClient = void 0;
/*
Copyright 2025 The Sigstore Authors.
Copyright 2023 The Sigstore Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@@ -19,10 +19,7 @@ limitations under the License.
const error_1 = require("../../error");
const error_2 = require("../../external/error");
const rekor_1 = require("../../external/rekor");
const rekor_v2_1 = require("../../external/rekor-v2");
class TLogClient {
rekor;
fetchOnConflict;
constructor(options) {
this.fetchOnConflict = options.fetchOnConflict ?? false;
this.rekor = new rekor_1.Rekor({
@@ -62,31 +59,3 @@ function entryExistsError(value) {
value.statusCode === 409 &&
value.location !== undefined);
}
class TLogV2Client {
rekor;
constructor(options) {
this.rekor = new rekor_v2_1.RekorV2({
baseURL: options.rekorBaseURL,
retry: options.retry,
timeout: options.timeout,
});
}
async createEntry(createEntryRequest) {
let entry;
try {
entry = await this.rekor.createEntry(createEntryRequest);
}
catch (err) {
(0, error_1.internalError)(err, 'TLOG_CREATE_ENTRY_ERROR', 'error creating tlog entry');
}
if (entry.logId === undefined || entry.kindVersion === undefined) {
(0, error_1.internalError)(new Error('invalid tlog entry'), 'TLOG_CREATE_ENTRY_ERROR', 'error creating tlog entry');
}
return {
...entry,
logId: entry.logId,
kindVersion: entry.kindVersion,
};
}
}
exports.TLogV2Client = TLogV2Client;
node_modules/@sigstore/sign/dist/witness/tlog/entry.d.ts
Generated Vendored
-2
View File
@@ -1,5 +1,3 @@
import type { CreateEntryRequest } from '@sigstore/protobuf-specs/rekor/v2';
import type { ProposedEntry } from '../../external/rekor';
import type { SignatureBundle } from '../witness';
export declare function toProposedEntry(content: SignatureBundle, publicKey: string, entryType?: 'dsse' | 'intoto'): ProposedEntry;
export declare function toCreateEntryRequest(content: SignatureBundle, publicKey: string): CreateEntryRequest;
node_modules/@sigstore/sign/dist/witness/tlog/entry.js
Generated Vendored
+1 -58
View File
@@ -1,9 +1,8 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.toProposedEntry = toProposedEntry;
exports.toCreateEntryRequest = toCreateEntryRequest;
/*
Copyright 2025 The Sigstore Authors.
Copyright 2023 The Sigstore Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@@ -18,7 +17,6 @@ See the License for the specific language governing permissions and
limitations under the License.
*/
const bundle_1 = require("@sigstore/bundle");
const protobuf_specs_1 = require("@sigstore/protobuf-specs");
const util_1 = require("../../util");
const SHA256_ALGORITHM = 'sha256';
function toProposedEntry(content, publicKey,
@@ -140,58 +138,3 @@ function calculateDSSEHash(envelope, publicKey) {
.digest(SHA256_ALGORITHM, util_1.json.canonicalize(dsse))
.toString('hex');
}
function toCreateEntryRequest(content, publicKey) {
switch (content.$case) {
case 'dsseEnvelope':
return toCreateEntryRequestDSSE(content.dsseEnvelope, publicKey);
case 'messageSignature':
return toCreateEntryRequestMessageSignature(content.messageSignature, publicKey);
}
}
function toCreateEntryRequestDSSE(envelope, publicKey) {
return {
spec: {
$case: 'dsseRequestV002',
dsseRequestV002: {
envelope: envelope,
verifiers: [
{
// TODO: We need to add support of passing the key details in the
// signature bundle. For now we're hardcoding the key details here.
keyDetails: protobuf_specs_1.PublicKeyDetails.PKIX_ECDSA_P256_SHA_256,
verifier: {
$case: 'x509Certificate',
x509Certificate: {
rawBytes: util_1.pem.toDER(publicKey),
},
},
},
],
},
},
};
}
function toCreateEntryRequestMessageSignature(messageSignature, publicKey) {
return {
spec: {
$case: 'hashedRekordRequestV002',
hashedRekordRequestV002: {
digest: messageSignature.messageDigest.digest,
signature: {
content: messageSignature.signature,
verifier: {
// TODO: We need to add support of passing the key details in the
// signature bundle. For now we're hardcoding the key details here.
keyDetails: protobuf_specs_1.PublicKeyDetails.PKIX_ECDSA_P256_SHA_256,
verifier: {
$case: 'x509Certificate',
x509Certificate: {
rawBytes: util_1.pem.toDER(publicKey),
},
},
},
},
},
},
};
}
node_modules/@sigstore/sign/dist/witness/tlog/index.d.ts
Generated Vendored
+1 -4
View File
@@ -7,13 +7,10 @@ type TransparencyLogEntries = {
};
export type RekorWitnessOptions = Partial<TLogClientOptions> & {
entryType?: 'dsse' | 'intoto';
majorApiVersion?: number;
};
export declare class RekorWitness implements Witness {
private tlogV1;
private tlogV2;
private tlog;
private entryType?;
private majorApiVersion;
constructor(options: RekorWitnessOptions);
testify(content: SignatureBundle, publicKey: string): Promise<TransparencyLogEntries>;
}
node_modules/@sigstore/sign/dist/witness/tlog/index.js
Generated Vendored
+8 -23
View File
@@ -2,7 +2,7 @@
Object.defineProperty(exports, "__esModule", { value: true });
exports.RekorWitness = exports.DEFAULT_REKOR_URL = void 0;
/*
Copyright 2025 The Sigstore Authors.
Copyright 2023 The Sigstore Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@@ -21,34 +21,17 @@ const client_1 = require("./client");
const entry_1 = require("./entry");
exports.DEFAULT_REKOR_URL = 'https://rekor.sigstore.dev';
class RekorWitness {
tlogV1;
tlogV2;
entryType;
majorApiVersion;
constructor(options) {
this.entryType = options.entryType;
this.majorApiVersion = options.majorApiVersion || 1;
this.tlogV1 = new client_1.TLogClient({
...options,
rekorBaseURL: options.rekorBaseURL || /* istanbul ignore next */ exports.DEFAULT_REKOR_URL,
});
this.tlogV2 = new client_1.TLogV2Client({
this.tlog = new client_1.TLogClient({
...options,
rekorBaseURL: options.rekorBaseURL || /* istanbul ignore next */ exports.DEFAULT_REKOR_URL,
});
}
async testify(content, publicKey) {
let tlogEntry;
if (this.majorApiVersion === 2) {
const request = (0, entry_1.toCreateEntryRequest)(content, publicKey);
tlogEntry = await this.tlogV2.createEntry(request);
}
else {
const proposedEntry = (0, entry_1.toProposedEntry)(content, publicKey, this.entryType);
const entry = await this.tlogV1.createEntry(proposedEntry);
tlogEntry = toTransparencyLogEntry(entry);
}
return { tlogEntries: [tlogEntry] };
const proposedEntry = (0, entry_1.toProposedEntry)(content, publicKey, this.entryType);
const entry = await this.tlog.createEntry(proposedEntry);
return toTransparencyLogEntry(entry);
}
}
exports.RekorWitness = RekorWitness;
@@ -77,7 +60,9 @@ function toTransparencyLogEntry(entry) {
inclusionProof: proof,
canonicalizedBody: Buffer.from(entry.body, 'base64'),
};
return tlogEntry;
return {
tlogEntries: [tlogEntry],
};
}
function inclusionPromise(promise) {
return {
node_modules/@sigstore/sign/dist/witness/tsa/client.js
Generated Vendored
-1
View File
@@ -21,7 +21,6 @@ const tsa_1 = require("../../external/tsa");
const util_1 = require("../../util");
const SHA256_ALGORITHM = 'sha256';
class TSAClient {
tsa;
constructor(options) {
this.tsa = new tsa_1.TimestampAuthority({
baseURL: options.tsaBaseURL,
node_modules/@sigstore/sign/dist/witness/tsa/index.js
Generated Vendored
-1
View File
@@ -18,7 +18,6 @@ limitations under the License.
*/
const client_1 = require("./client");
class TSAWitness {
tsa;
constructor(options) {
this.tsa = new client_1.TSAClient({
tsaBaseURL: options.tsaBaseURL,
node_modules/@sigstore/sign/package.json
Generated Vendored
+12 -11
View File
@@ -1,6 +1,6 @@
{
"name": "@sigstore/sign",
"version": "4.1.1",
"version": "3.1.0",
"description": "Sigstore signing library",
"main": "dist/index.js",
"types": "dist/index.d.ts",
@@ -27,19 +27,20 @@
},
"devDependencies": {
"@sigstore/jest": "^0.0.0",
"@sigstore/mock": "^0.12.0",
"@sigstore/rekor-types": "^4.0.0",
"@types/make-fetch-happen": "^10.0.4"
"@sigstore/mock": "^0.10.0",
"@sigstore/rekor-types": "^3.0.0",
"@types/make-fetch-happen": "^10.0.4",
"@types/promise-retry": "^1.1.6"
},
"dependencies": {
"@sigstore/bundle": "^4.0.0",
"@sigstore/core": "^3.2.0",
"@sigstore/protobuf-specs": "^0.5.0",
"make-fetch-happen": "^15.0.4",
"proc-log": "^6.1.0",
"@gar/promise-retry": "^1.0.2"
"@sigstore/bundle": "^3.1.0",
"@sigstore/core": "^2.0.0",
"@sigstore/protobuf-specs": "^0.4.0",
"make-fetch-happen": "^14.0.2",
"proc-log": "^5.0.0",
"promise-retry": "^2.0.1"
},
"engines": {
"node": "^20.17.0 || >=22.9.0"
"node": "^18.17.0 || >=20.5.0"
}
}
node_modules/@sigstore/tuf/README.md
Generated Vendored
+1 -1
View File
@@ -12,7 +12,7 @@ repository.
## Prerequisites
- Node.js version ^20.17.0 || >=22.9.0
- Node.js version >= 18.17.0
## Installation
node_modules/@sigstore/tuf/dist/client.js
Generated Vendored
-5
View File
@@ -23,11 +23,9 @@ const fs_1 = __importDefault(require("fs"));
const path_1 = __importDefault(require("path"));
const tuf_js_1 = require("tuf-js");
const _1 = require(".");
const package_json_1 = require("../package.json");
const target_1 = require("./target");
const TARGETS_DIR_NAME = 'targets';
class TUFClient {
updater;
constructor(options) {
const url = new URL(options.mirrorURL);
const repoName = encodeURIComponent(url.host + url.pathname.replace(/\/$/, ''));
@@ -65,7 +63,6 @@ function initTufCache(cachePath) {
if (!fs_1.default.existsSync(cachePath)) {
fs_1.default.mkdirSync(cachePath, { recursive: true });
}
/* istanbul ignore else */
if (!fs_1.default.existsSync(targetsPath)) {
fs_1.default.mkdirSync(targetsPath);
}
@@ -77,7 +74,6 @@ function seedCache({ cachePath, mirrorURL, tufRootPath, forceInit, }) {
const cachedRootPath = path_1.default.join(cachePath, 'root.json');
// If the root.json file does not exist (or we're forcing re-initialization),
// populate it either from the supplied rootPath or from one of the repo seeds.
/* istanbul ignore else */
if (!fs_1.default.existsSync(cachedRootPath) || forceInit) {
if (tufRootPath) {
fs_1.default.copyFileSync(tufRootPath, cachedRootPath);
@@ -103,7 +99,6 @@ function initClient(options) {
const config = {
fetchTimeout: options.timeout,
fetchRetry: options.retry,
userAgent: `${encodeURIComponent(package_json_1.name)}/${package_json_1.version}`,
};
return new tuf_js_1.Updater({
metadataBaseUrl: options.mirrorURL,
node_modules/@sigstore/tuf/dist/error.js
Generated Vendored
-2
View File
@@ -2,8 +2,6 @@
Object.defineProperty(exports, "__esModule", { value: true });
exports.TUFError = void 0;
class TUFError extends Error {
code;
cause;
constructor({ code, message, cause, }) {
super(message);
this.code = code;
node_modules/@sigstore/tuf/package.json
Generated Vendored
+5 -5
View File
@@ -1,6 +1,6 @@
{
"name": "@sigstore/tuf",
"version": "4.0.2",
"version": "3.1.1",
"description": "Client for the Sigstore TUF repository",
"main": "dist/index.js",
"types": "dist/index.d.ts",
@@ -28,14 +28,14 @@
},
"devDependencies": {
"@sigstore/jest": "^0.0.0",
"@tufjs/repo-mock": "^4.0.1",
"@tufjs/repo-mock": "^3.0.1",
"@types/make-fetch-happen": "^10.0.4"
},
"dependencies": {
"@sigstore/protobuf-specs": "^0.5.0",
"tuf-js": "^4.1.0"
"@sigstore/protobuf-specs": "^0.4.1",
"tuf-js": "^3.0.1"
},
"engines": {
"node": "^20.17.0 || >=22.9.0"
"node": "^18.17.0 || >=20.5.0"
}
}
node_modules/@sigstore/tuf/seeds.json
Generated Vendored
+1 -1
View File
File diff suppressed because one or more lines are too long
node_modules/@sigstore/verify/README.md
Generated Vendored
+1 -1
View File
@@ -4,6 +4,6 @@ A library for verifying [Sigstore][1] signatures.
## Prerequisites
- Node.js version ^20.17.0 || >=22.9.0
- Node.js version >= 18.17.0
[1]: https://www.sigstore.dev
node_modules/@sigstore/verify/dist/bundle/dsse.js
Generated Vendored
-1
View File
@@ -18,7 +18,6 @@ limitations under the License.
*/
const core_1 = require("@sigstore/core");
class DSSESignatureContent {
env;
constructor(env) {
this.env = env;
}
node_modules/@sigstore/verify/dist/bundle/index.js
Generated Vendored
+8 -10
View File
@@ -9,17 +9,15 @@ function toSignedEntity(bundle, artifact) {
const { tlogEntries, timestampVerificationData } = bundle.verificationMaterial;
const timestamps = [];
for (const entry of tlogEntries) {
if (entry.integratedTime && entry.integratedTime !== '0') {
timestamps.push({
$case: 'transparency-log',
tlogEntry: entry,
});
}
timestamps.push({
$case: 'transparency-log',
tlogEntry: entry,
});
}
for (const ts of timestampVerificationData?.rfc3161Timestamps ?? []) {
timestamps.push({
$case: 'timestamp-authority',
timestamp: core_1.RFC3161Timestamp.parse(Buffer.from(ts.signedTimestamp)),
timestamp: core_1.RFC3161Timestamp.parse(ts.signedTimestamp),
});
}
return {
@@ -47,13 +45,13 @@ function key(bundle) {
case 'x509CertificateChain':
return {
$case: 'certificate',
certificate: core_1.X509Certificate.parse(Buffer.from(bundle.verificationMaterial.content.x509CertificateChain
.certificates[0].rawBytes)),
certificate: core_1.X509Certificate.parse(bundle.verificationMaterial.content.x509CertificateChain
.certificates[0].rawBytes),
};
case 'certificate':
return {
$case: 'certificate',
certificate: core_1.X509Certificate.parse(Buffer.from(bundle.verificationMaterial.content.certificate.rawBytes)),
certificate: core_1.X509Certificate.parse(bundle.verificationMaterial.content.certificate.rawBytes),
};
}
}
node_modules/@sigstore/verify/dist/bundle/message.d.ts
Generated Vendored
-1
View File
@@ -5,7 +5,6 @@ export declare class MessageSignatureContent implements SignatureContent {
readonly signature: Buffer;
private readonly messageDigest;
private readonly artifact;
private readonly hashAlgorithm;
constructor(messageSignature: MessageSignature, artifact: Buffer);
compareSignature(signature: Buffer): boolean;
compareDigest(digest: Buffer): boolean;
node_modules/@sigstore/verify/dist/bundle/message.js
Generated Vendored
+1 -19
View File
@@ -17,29 +17,11 @@ See the License for the specific language governing permissions and
limitations under the License.
*/
const core_1 = require("@sigstore/core");
const protobuf_specs_1 = require("@sigstore/protobuf-specs");
// Map from the Sigstore protobuf HashAlgorithm enum to
// the string values used by the Node.js crypto module.
const HASH_ALGORITHM_MAP = {
[protobuf_specs_1.HashAlgorithm.HASH_ALGORITHM_UNSPECIFIED]: 'sha256',
[protobuf_specs_1.HashAlgorithm.SHA2_256]: 'sha256',
[protobuf_specs_1.HashAlgorithm.SHA2_384]: 'sha384',
[protobuf_specs_1.HashAlgorithm.SHA2_512]: 'sha512',
[protobuf_specs_1.HashAlgorithm.SHA3_256]: 'sha3-256',
[protobuf_specs_1.HashAlgorithm.SHA3_384]: 'sha3-384',
};
class MessageSignatureContent {
signature;
messageDigest;
artifact;
hashAlgorithm;
constructor(messageSignature, artifact) {
this.signature = messageSignature.signature;
this.messageDigest = messageSignature.messageDigest.digest;
this.artifact = artifact;
this.hashAlgorithm =
HASH_ALGORITHM_MAP[messageSignature.messageDigest.algorithm] ??
/* istanbul ignore next */ 'sha256';
}
compareSignature(signature) {
return core_1.crypto.bufferEqual(signature, this.signature);
@@ -48,7 +30,7 @@ class MessageSignatureContent {
return core_1.crypto.bufferEqual(digest, this.messageDigest);
}
verifySignature(key) {
return core_1.crypto.verify(this.artifact, key, this.signature, this.hashAlgorithm);
return core_1.crypto.verify(this.artifact, key, this.signature);
}
}
exports.MessageSignatureContent = MessageSignatureContent;
node_modules/@sigstore/verify/dist/error.d.ts
Generated Vendored
+1 -1
View File
@@ -7,7 +7,7 @@ declare class BaseError<T extends string> extends Error {
cause?: any;
});
}
type VerificationErrorCode = 'NOT_IMPLEMENTED_ERROR' | 'TLOG_ERROR' | 'TLOG_INCLUSION_PROOF_ERROR' | 'TLOG_INCLUSION_PROMISE_ERROR' | 'TLOG_MISSING_INCLUSION_ERROR' | 'TLOG_BODY_ERROR' | 'CERTIFICATE_ERROR' | 'PUBLIC_KEY_ERROR' | 'SIGNATURE_ERROR' | 'TIMESTAMP_ERROR';
type VerificationErrorCode = 'NOT_IMPLEMENTED_ERROR' | 'TLOG_INCLUSION_PROOF_ERROR' | 'TLOG_INCLUSION_PROMISE_ERROR' | 'TLOG_MISSING_INCLUSION_ERROR' | 'TLOG_BODY_ERROR' | 'CERTIFICATE_ERROR' | 'PUBLIC_KEY_ERROR' | 'SIGNATURE_ERROR' | 'TIMESTAMP_ERROR';
export declare class VerificationError extends BaseError<VerificationErrorCode> {
}
type PolicyErrorCode = 'UNTRUSTED_SIGNER_ERROR';
node_modules/@sigstore/verify/dist/error.js
Generated Vendored
-2
View File
@@ -17,8 +17,6 @@ See the License for the specific language governing permissions and
limitations under the License.
*/
class BaseError extends Error {
code;
cause; /* eslint-disable-line @typescript-eslint/no-explicit-any */
constructor({ code, message, cause, }) {
super(message);
this.code = code;
node_modules/@sigstore/verify/dist/index.d.ts
Generated Vendored
-1
View File
@@ -3,4 +3,3 @@ export { PolicyError, VerificationError } from './error';
export { KeyFinderFunc, TrustMaterial, toTrustMaterial } from './trust';
export { Verifier, VerifierOptions } from './verifier';
export type { SignedEntity, Signer, VerificationPolicy } from './shared.types';
export type { ObjectIdentifierValuePair } from '@sigstore/protobuf-specs';
node_modules/@sigstore/verify/dist/key/certificate.js
Generated Vendored
-5
View File
@@ -32,10 +32,6 @@ function verifyCertificateChain(timestamp, leaf, certificateAuthorities) {
});
}
class CertificateChainVerifier {
untrustedCert;
trustedCerts;
localCerts;
timestamp;
constructor(opts) {
this.untrustedCert = opts.untrustedCert;
this.trustedCerts = opts.trustedCerts;
@@ -127,7 +123,6 @@ class CertificateChainVerifier {
// or issuer/subject. Potential issuers are added to the result array.
this.localCerts.forEach((possibleIssuer) => {
if (keyIdentifier) {
/* istanbul ignore else */
if (possibleIssuer.extSubjectKeyID) {
if (possibleIssuer.extSubjectKeyID.keyIdentifier.equals(keyIdentifier)) {
issuers.push(possibleIssuer);
node_modules/@sigstore/verify/dist/key/index.js
Generated Vendored
-8
View File
@@ -56,17 +56,9 @@ function getSigner(cert) {
else {
issuer = cert.extension(OID_FULCIO_ISSUER_V1)?.value.toString('ascii');
}
const oids = cert.extensions.map((ext) => {
const oid = ext.subs[0].toOID();
return {
oid: { id: oid.split('.').map(Number) },
value: ext.subs[ext.subs.length - 1].value,
};
});
const identity = {
extensions: { issuer },
subjectAlternativeName: cert.subjectAltName,
oids,
};
return {
key: core_1.crypto.createPublicKey(cert.publicKey),
node_modules/@sigstore/verify/dist/policy.d.ts
Generated Vendored
-2
View File
@@ -1,5 +1,3 @@
import { CertificateExtensions } from './shared.types';
import type { ObjectIdentifierValuePair } from '@sigstore/protobuf-specs';
export declare function verifySubjectAlternativeName(policyIdentity: string, signerIdentity: string | undefined): void;
export declare function verifyExtensions(policyExtensions: CertificateExtensions, signerExtensions?: CertificateExtensions): void;
export declare function verifyOIDs(policyOIDs: ObjectIdentifierValuePair[], signerOIDs?: ObjectIdentifierValuePair[]): void;
node_modules/@sigstore/verify/dist/policy.js
Generated Vendored
-26
View File
@@ -2,12 +2,7 @@
Object.defineProperty(exports, "__esModule", { value: true });
exports.verifySubjectAlternativeName = verifySubjectAlternativeName;
exports.verifyExtensions = verifyExtensions;
exports.verifyOIDs = verifyOIDs;
const error_1 = require("./error");
// Verifies that the signer's SAN matches the policy identity. The
// policyIdentity is treated as a JavaScript regular expression pattern and
// tested against the full signerIdentity string. For exact matching, use
// anchored patterns (e.g. '^user@example\\.com$').
function verifySubjectAlternativeName(policyIdentity, signerIdentity) {
if (signerIdentity === undefined || !signerIdentity.match(policyIdentity)) {
throw new error_1.PolicyError({
@@ -27,24 +22,3 @@ function verifyExtensions(policyExtensions, signerExtensions = {}) {
}
}
}
function verifyOIDs(policyOIDs, signerOIDs = []) {
for (const policyOID of policyOIDs) {
const match = signerOIDs.find((signerOID) => oidEquals(policyOID.oid?.id, signerOID.oid?.id) &&
policyOID.value.equals(signerOID.value));
if (!match) {
/* istanbul ignore next */
const oid = policyOID.oid?.id.join('.') ?? '<unknown>';
throw new error_1.PolicyError({
code: 'UNTRUSTED_SIGNER_ERROR',
message: `invalid certificate extension - missing OID ${oid}`,
});
}
}
}
function oidEquals(a, b) {
/* istanbul ignore if */
if (a === undefined || b === undefined) {
return false;
}
return a.length === b.length && a.every((v, i) => v === b[i]);
}
node_modules/@sigstore/verify/dist/shared.types.d.ts
Generated Vendored
-2
View File
@@ -1,6 +1,5 @@
import type { TransparencyLogEntry } from '@sigstore/bundle';
import type { RFC3161Timestamp, X509Certificate, crypto } from '@sigstore/core';
import type { ObjectIdentifierValuePair } from '@sigstore/protobuf-specs';
export type CertificateExtensionName = 'issuer';
export type CertificateExtensions = {
[key in CertificateExtensionName]?: string;
@@ -8,7 +7,6 @@ export type CertificateExtensions = {
export type CertificateIdentity = {
subjectAlternativeName?: string;
extensions?: CertificateExtensions;
oids?: ObjectIdentifierValuePair[];
};
export type VerificationPolicy = CertificateIdentity;
export type Signer = {
node_modules/@sigstore/verify/dist/timestamp/index.d.ts
Generated Vendored
+3 -3
View File
@@ -1,11 +1,11 @@
import { RFC3161Timestamp } from '@sigstore/core';
import type { TransparencyLogEntry } from '@sigstore/bundle';
import type { CertAuthority } from '../trust';
import type { CertAuthority, TLogAuthority } from '../trust';
export type TimestampType = 'transparency-log' | 'timestamp-authority';
export type TimestampVerificationResult = {
type: TimestampType;
logID: Buffer;
timestamp: Date;
};
export declare function getTSATimestamp(timestamp: RFC3161Timestamp, data: Buffer, timestampAuthorities: CertAuthority[]): TimestampVerificationResult;
export declare function getTLogTimestamp(entry: TransparencyLogEntry): TimestampVerificationResult | undefined;
export declare function verifyTSATimestamp(timestamp: RFC3161Timestamp, data: Buffer, timestampAuthorities: CertAuthority[]): TimestampVerificationResult;
export declare function verifyTLogTimestamp(entry: TransparencyLogEntry, tlogAuthorities: TLogAuthority[]): TimestampVerificationResult;
node_modules/@sigstore/verify/dist/timestamp/index.js
Generated Vendored
+29 -7
View File
@@ -1,9 +1,13 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.getTSATimestamp = getTSATimestamp;
exports.getTLogTimestamp = getTLogTimestamp;
exports.verifyTSATimestamp = verifyTSATimestamp;
exports.verifyTLogTimestamp = verifyTLogTimestamp;
const error_1 = require("../error");
const checkpoint_1 = require("./checkpoint");
const merkle_1 = require("./merkle");
const set_1 = require("./set");
const tsa_1 = require("./tsa");
function getTSATimestamp(timestamp, data, timestampAuthorities) {
function verifyTSATimestamp(timestamp, data, timestampAuthorities) {
(0, tsa_1.verifyRFC3161Timestamp)(timestamp, data, timestampAuthorities);
return {
type: 'timestamp-authority',
@@ -11,10 +15,22 @@ function getTSATimestamp(timestamp, data, timestampAuthorities) {
timestamp: timestamp.signingTime,
};
}
function getTLogTimestamp(entry) {
// Only entries with an inclusion promise provide a verifiable timestamp
if (!entry.inclusionPromise) {
return undefined;
function verifyTLogTimestamp(entry, tlogAuthorities) {
let inclusionVerified = false;
if (isTLogEntryWithInclusionPromise(entry)) {
(0, set_1.verifyTLogSET)(entry, tlogAuthorities);
inclusionVerified = true;
}
if (isTLogEntryWithInclusionProof(entry)) {
(0, merkle_1.verifyMerkleInclusion)(entry);
(0, checkpoint_1.verifyCheckpoint)(entry, tlogAuthorities);
inclusionVerified = true;
}
if (!inclusionVerified) {
throw new error_1.VerificationError({
code: 'TLOG_MISSING_INCLUSION_ERROR',
message: 'inclusion could not be verified',
});
}
return {
type: 'transparency-log',
@@ -22,3 +38,9 @@ function getTLogTimestamp(entry) {
timestamp: new Date(Number(entry.integratedTime) * 1000),
};
}
function isTLogEntryWithInclusionPromise(entry) {
return entry.inclusionPromise !== undefined;
}
function isTLogEntryWithInclusionProof(entry) {
return entry.inclusionProof !== undefined;
}
node_modules/@sigstore/verify/dist/tlog/dsse.d.ts
Generated Vendored
-3
View File
@@ -1,6 +1,3 @@
import type { Entry } from '@sigstore/protobuf-specs/rekor/v2';
import type { ProposedDSSEEntry } from '@sigstore/rekor-types';
import type { SignatureContent } from '../shared.types';
export declare const DSSE_API_VERSION_V1 = "0.0.1";
export declare function verifyDSSETLogBody(tlogEntry: ProposedDSSEEntry, content: SignatureContent): void;
export declare function verifyDSSETLogBodyV2(tlogEntry: Entry, content: SignatureContent): void;
node_modules/@sigstore/verify/dist/tlog/dsse.js
Generated Vendored
+3 -52
View File
@@ -1,10 +1,8 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.DSSE_API_VERSION_V1 = void 0;
exports.verifyDSSETLogBody = verifyDSSETLogBody;
exports.verifyDSSETLogBodyV2 = verifyDSSETLogBodyV2;
/*
Copyright 2025 The Sigstore Authors.
Copyright 2023 The Sigstore Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@@ -19,11 +17,10 @@ See the License for the specific language governing permissions and
limitations under the License.
*/
const error_1 = require("../error");
exports.DSSE_API_VERSION_V1 = '0.0.1';
// Compare the given dsse tlog entry to the given bundle
// Compare the given intoto tlog entry to the given bundle
function verifyDSSETLogBody(tlogEntry, content) {
switch (tlogEntry.apiVersion) {
case exports.DSSE_API_VERSION_V1:
case '0.0.1':
return verifyDSSE001TLogBody(tlogEntry, content);
default:
throw new error_1.VerificationError({
@@ -32,26 +29,6 @@ function verifyDSSETLogBody(tlogEntry, content) {
});
}
}
// Compare the given dsse tlog entry to the given bundle. This function is
// specifically for Rekor V2 entries.
function verifyDSSETLogBodyV2(tlogEntry, content) {
const spec = tlogEntry.spec?.spec;
if (!spec) {
throw new error_1.VerificationError({
code: 'TLOG_BODY_ERROR',
message: `missing dsse spec`,
});
}
switch (spec.$case) {
case 'dsseV002':
return verifyDSSE002TLogBody(spec.dsseV002, content);
default:
throw new error_1.VerificationError({
code: 'TLOG_BODY_ERROR',
message: `unsupported version: ${spec.$case}`,
});
}
}
// Compare the given dsse v0.0.1 tlog entry to the given DSSE envelope.
function verifyDSSE001TLogBody(tlogEntry, content) {
// Ensure the bundle's DSSE only contains a single signature
@@ -78,29 +55,3 @@ function verifyDSSE001TLogBody(tlogEntry, content) {
});
}
}
// Compare the given dsse v0.0.2 tlog entry to the given DSSE envelope.
function verifyDSSE002TLogBody(spec, content) {
// Ensure the bundle's DSSE only contains a single signature
if (spec.signatures?.length !== 1) {
throw new error_1.VerificationError({
code: 'TLOG_BODY_ERROR',
message: 'signature count mismatch',
});
}
const tlogSig = spec.signatures[0].content;
// Ensure that the signature in the bundle's DSSE matches tlog entry
if (!content.compareSignature(tlogSig))
throw new error_1.VerificationError({
code: 'TLOG_BODY_ERROR',
message: 'tlog entry signature mismatch',
});
// Ensure the digest of the bundle's DSSE payload matches the digest in the
// tlog entry
const tlogHash = spec.payloadHash?.digest || Buffer.from('');
if (!content.compareDigest(tlogHash)) {
throw new error_1.VerificationError({
code: 'TLOG_BODY_ERROR',
message: 'DSSE payload hash mismatch',
});
}
}
node_modules/@sigstore/verify/dist/tlog/hashedrekord.d.ts
Generated Vendored
-3
View File
@@ -1,6 +1,3 @@
import { Entry } from '@sigstore/protobuf-specs/rekor/v2';
import type { ProposedHashedRekordEntry } from '@sigstore/rekor-types';
import type { SignatureContent } from '../shared.types';
export declare const HASHEDREKORD_API_VERSION_V1 = "0.0.1";
export declare function verifyHashedRekordTLogBody(tlogEntry: ProposedHashedRekordEntry, content: SignatureContent): void;
export declare function verifyHashedRekordTLogBodyV2(tlogEntry: Entry, content: SignatureContent): void;
node_modules/@sigstore/verify/dist/tlog/hashedrekord.js
Generated Vendored
+2 -45
View File
@@ -1,10 +1,8 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.HASHEDREKORD_API_VERSION_V1 = void 0;
exports.verifyHashedRekordTLogBody = verifyHashedRekordTLogBody;
exports.verifyHashedRekordTLogBodyV2 = verifyHashedRekordTLogBodyV2;
/*
Copyright 2025 The Sigstore Authors.
Copyright 2023 The Sigstore Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@@ -19,11 +17,10 @@ See the License for the specific language governing permissions and
limitations under the License.
*/
const error_1 = require("../error");
exports.HASHEDREKORD_API_VERSION_V1 = '0.0.1';
// Compare the given hashedrekord tlog entry to the given bundle
function verifyHashedRekordTLogBody(tlogEntry, content) {
switch (tlogEntry.apiVersion) {
case exports.HASHEDREKORD_API_VERSION_V1:
case '0.0.1':
return verifyHashedrekord001TLogBody(tlogEntry, content);
default:
throw new error_1.VerificationError({
@@ -32,26 +29,6 @@ function verifyHashedRekordTLogBody(tlogEntry, content) {
});
}
}
// Compare the given hashedrekor tlog entry to the given bundle. This function is
// specifically for Rekor V2 entries.
function verifyHashedRekordTLogBodyV2(tlogEntry, content) {
const spec = tlogEntry.spec?.spec;
if (!spec) {
throw new error_1.VerificationError({
code: 'TLOG_BODY_ERROR',
message: `missing dsse spec`,
});
}
switch (spec.$case) {
case 'hashedRekordV002':
return verifyHashedrekord002TLogBody(spec.hashedRekordV002, content);
default:
throw new error_1.VerificationError({
code: 'TLOG_BODY_ERROR',
message: `unsupported version: ${spec.$case}`,
});
}
}
// Compare the given hashedrekord v0.0.1 tlog entry to the given message
// signature
function verifyHashedrekord001TLogBody(tlogEntry, content) {
@@ -72,23 +49,3 @@ function verifyHashedrekord001TLogBody(tlogEntry, content) {
});
}
}
// Compare the given hashedrekord v0.0.2 tlog entry to the given message
// signature
function verifyHashedrekord002TLogBody(spec, content) {
// Ensure that the bundles message signature matches the tlog entry
const tlogSig = spec.signature?.content || Buffer.from('');
if (!content.compareSignature(tlogSig)) {
throw new error_1.VerificationError({
code: 'TLOG_BODY_ERROR',
message: 'signature mismatch',
});
}
// Ensure that the bundle's message digest matches the tlog entry
const tlogHash = spec.data?.digest || Buffer.from('');
if (!content.compareDigest(tlogHash)) {
throw new error_1.VerificationError({
code: 'TLOG_BODY_ERROR',
message: 'digest mismatch',
});
}
}
node_modules/@sigstore/verify/dist/tlog/index.d.ts
Generated Vendored
-2
View File
@@ -1,5 +1,3 @@
import type { TransparencyLogEntry } from '@sigstore/bundle';
import type { SignatureContent } from '../shared.types';
import { TLogAuthority } from '../trust';
export declare function verifyTLogBody(entry: TransparencyLogEntry, sigContent: SignatureContent): void;
export declare function verifyTLogInclusion(entry: TransparencyLogEntry, tlogAuthorities: TLogAuthority[]): void;
node_modules/@sigstore/verify/dist/tlog/index.js
Generated Vendored
+3 -48
View File
@@ -1,7 +1,6 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.verifyTLogBody = verifyTLogBody;
exports.verifyTLogInclusion = verifyTLogInclusion;
/*
Copyright 2023 The Sigstore Authors.
@@ -17,46 +16,27 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
const v2_1 = require("@sigstore/protobuf-specs/rekor/v2");
const error_1 = require("../error");
const dsse_1 = require("./dsse");
const hashedrekord_1 = require("./hashedrekord");
const intoto_1 = require("./intoto");
const checkpoint_1 = require("./checkpoint");
const merkle_1 = require("./merkle");
const set_1 = require("./set");
// Verifies that the given tlog entry matches the supplied signature content.
function verifyTLogBody(entry, sigContent) {
const { kind, version } = entry.kindVersion;
const body = JSON.parse(entry.canonicalizedBody.toString('utf8'));
// validate body
if (kind !== body.kind || version !== body.apiVersion) {
throw new error_1.VerificationError({
code: 'TLOG_BODY_ERROR',
message: `kind/version mismatch - expected: ${kind}/${version}, received: ${body.kind}/${body.apiVersion}`,
});
}
switch (kind) {
switch (body.kind) {
case 'dsse':
// Rekor V1 and V2 use incompatible types so we need to branch here based on version
if (version == dsse_1.DSSE_API_VERSION_V1) {
return (0, dsse_1.verifyDSSETLogBody)(body, sigContent);
}
else {
const entryRekorV2 = v2_1.Entry.fromJSON(body);
return (0, dsse_1.verifyDSSETLogBodyV2)(entryRekorV2, sigContent);
}
return (0, dsse_1.verifyDSSETLogBody)(body, sigContent);
case 'intoto':
return (0, intoto_1.verifyIntotoTLogBody)(body, sigContent);
case 'hashedrekord':
// Rekor V1 and V2 use incompatible types so we need to branch here based on version
if (version == hashedrekord_1.HASHEDREKORD_API_VERSION_V1) {
return (0, hashedrekord_1.verifyHashedRekordTLogBody)(body, sigContent);
}
else {
const entryRekorV2 = v2_1.Entry.fromJSON(body);
return (0, hashedrekord_1.verifyHashedRekordTLogBodyV2)(entryRekorV2, sigContent);
}
return (0, hashedrekord_1.verifyHashedRekordTLogBody)(body, sigContent);
/* istanbul ignore next */
default:
throw new error_1.VerificationError({
@@ -65,28 +45,3 @@ function verifyTLogBody(entry, sigContent) {
});
}
}
function verifyTLogInclusion(entry, tlogAuthorities) {
let inclusionVerified = false;
if (isTLogEntryWithInclusionPromise(entry)) {
(0, set_1.verifyTLogSET)(entry, tlogAuthorities);
inclusionVerified = true;
}
if (isTLogEntryWithInclusionProof(entry)) {
const checkpoint = (0, checkpoint_1.verifyCheckpoint)(entry, tlogAuthorities);
(0, merkle_1.verifyMerkleInclusion)(entry, checkpoint);
inclusionVerified = true;
}
if (!inclusionVerified) {
throw new error_1.VerificationError({
code: 'TLOG_MISSING_INCLUSION_ERROR',
message: 'inclusion could not be verified',
});
}
return;
}
function isTLogEntryWithInclusionPromise(entry) {
return entry.inclusionPromise !== undefined;
}
function isTLogEntryWithInclusionProof(entry) {
return entry.inclusionProof !== undefined;
}
node_modules/@sigstore/verify/dist/trust/index.js
Generated Vendored
+2 -6
View File
@@ -44,12 +44,8 @@ function createTLogAuthority(tlogInstance) {
keyDetails === protobuf_specs_1.PublicKeyDetails.PKIX_RSA_PKCS1V15_4096_SHA256
? 'pkcs1'
: 'spki';
/* istanbul ignore next */
return {
baseURL: tlogInstance.baseUrl,
logID: tlogInstance.checkpointKeyId
? tlogInstance.checkpointKeyId.keyId
: tlogInstance.logId.keyId,
logID: tlogInstance.logId.keyId,
publicKey: core_1.crypto.createPublicKey(tlogInstance.publicKey.rawBytes, keyType),
validFor: {
start: tlogInstance.publicKey.validFor?.start || BEGINNING_OF_TIME,
@@ -61,7 +57,7 @@ function createCertAuthority(ca) {
/* istanbul ignore next */
return {
certChain: ca.certChain.certificates.map((cert) => {
return core_1.X509Certificate.parse(Buffer.from(cert.rawBytes));
return core_1.X509Certificate.parse(cert.rawBytes);
}),
validFor: {
start: ca.validFor?.start || BEGINNING_OF_TIME,

Some files were not shown because too many files have changed in this diff Show More