cernont/pyrofetes-frontend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

init

Browse Source
This commit is contained in:
CHEVALLIER Abel
2025-11-13 16:23:22 +01:00
parent de9c515a47
commit cb235644dc
34924 changed files with 3811102 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

202
node_modules/@sigstore/protobuf-specs/LICENSE generated vendored Normal file
View File

@@ -0,0 +1,202 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright 2023 The Sigstore Authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

5
node_modules/@sigstore/protobuf-specs/README.md generated vendored Normal file
View File

@@ -0,0 +1,5 @@
# @sigstore/protobuf-specs
TypeScript language bindings for Sigstore's protobuf specs.
See the [repository's README](https://github.com/sigstore/protobuf-specs) for more information.

44
node_modules/@sigstore/protobuf-specs/dist/__generated__/envelope.d.ts generated vendored Normal file
View File

@@ -0,0 +1,44 @@
/** An authenticated message of arbitrary type. */
export interface Envelope {
/**
* Message to be signed. (In JSON, this is encoded as base64.)
* REQUIRED.
*/
payload: Buffer;
/**
* String unambiguously identifying how to interpret payload.
* REQUIRED.
*/
payloadType: string;
/**
* Signature over:
* PAE(type, payload)
* Where PAE is defined as:
* PAE(type, payload) = "DSSEv1" + SP + LEN(type) + SP + type + SP + LEN(payload) + SP + payload
* + = concatenation
* SP = ASCII space [0x20]
* "DSSEv1" = ASCII [0x44, 0x53, 0x53, 0x45, 0x76, 0x31]
* LEN(s) = ASCII decimal encoding of the byte length of s, with no leading zeros
* REQUIRED (length >= 1).
*/
signatures: Signature[];
}
export interface Signature {
/**
* Signature itself. (In JSON, this is encoded as base64.)
* REQUIRED.
*/
sig: Buffer;
/**
* Unauthenticated* hint identifying which public key was used.
* OPTIONAL.
*/
keyid: string;
}
export declare const Envelope: MessageFns<Envelope>;
export declare const Signature: MessageFns<Signature>;
interface MessageFns<T> {
fromJSON(object: any): T;
toJSON(message: T): unknown;
}
export {};

59
node_modules/@sigstore/protobuf-specs/dist/__generated__/envelope.js generated vendored Normal file
View File

@@ -0,0 +1,59 @@
"use strict";
// Code generated by protoc-gen-ts_proto. DO NOT EDIT.
// versions:
// protoc-gen-ts_proto v2.7.0
// protoc v6.30.2
// source: envelope.proto
Object.defineProperty(exports, "__esModule", { value: true });
exports.Signature = exports.Envelope = void 0;
exports.Envelope = {
fromJSON(object) {
return {
payload: isSet(object.payload) ? Buffer.from(bytesFromBase64(object.payload)) : Buffer.alloc(0),
payloadType: isSet(object.payloadType) ? globalThis.String(object.payloadType) : "",
signatures: globalThis.Array.isArray(object?.signatures)
? object.signatures.map((e) => exports.Signature.fromJSON(e))
: [],
};
},
toJSON(message) {
const obj = {};
if (message.payload.length !== 0) {
obj.payload = base64FromBytes(message.payload);
}
if (message.payloadType !== "") {
obj.payloadType = message.payloadType;
}
if (message.signatures?.length) {
obj.signatures = message.signatures.map((e) => exports.Signature.toJSON(e));
}
return obj;
},
};
exports.Signature = {
fromJSON(object) {
return {
sig: isSet(object.sig) ? Buffer.from(bytesFromBase64(object.sig)) : Buffer.alloc(0),
keyid: isSet(object.keyid) ? globalThis.String(object.keyid) : "",
};
},
toJSON(message) {
const obj = {};
if (message.sig.length !== 0) {
obj.sig = base64FromBytes(message.sig);
}
if (message.keyid !== "") {
obj.keyid = message.keyid;
}
return obj;
},
};
function bytesFromBase64(b64) {
return Uint8Array.from(globalThis.Buffer.from(b64, "base64"));
}
function base64FromBytes(arr) {
return globalThis.Buffer.from(arr).toString("base64");
}
function isSet(value) {
return value !== null && value !== undefined;
}

64
node_modules/@sigstore/protobuf-specs/dist/__generated__/events.d.ts generated vendored Normal file
View File

@@ -0,0 +1,64 @@
import { Any } from "./google/protobuf/any";
export interface CloudEvent {
/** Required Attributes */
id: string;
/** URI-reference */
source: string;
specVersion: string;
type: string;
/** Optional & Extension Attributes */
attributes: {
[key: string]: CloudEvent_CloudEventAttributeValue;
};
/** -- CloudEvent Data (Bytes, Text, or Proto) */
data?: {
$case: "binaryData";
binaryData: Buffer;
} | {
$case: "textData";
textData: string;
} | {
$case: "protoData";
protoData: Any;
} | undefined;
}
export interface CloudEvent_AttributesEntry {
key: string;
value: CloudEvent_CloudEventAttributeValue | undefined;
}
export interface CloudEvent_CloudEventAttributeValue {
attr?: {
$case: "ceBoolean";
ceBoolean: boolean;
} | {
$case: "ceInteger";
ceInteger: number;
} | {
$case: "ceString";
ceString: string;
} | {
$case: "ceBytes";
ceBytes: Buffer;
} | {
$case: "ceUri";
ceUri: string;
} | {
$case: "ceUriRef";
ceUriRef: string;
} | {
$case: "ceTimestamp";
ceTimestamp: Date;
} | undefined;
}
export interface CloudEventBatch {
events: CloudEvent[];
}
export declare const CloudEvent: MessageFns<CloudEvent>;
export declare const CloudEvent_AttributesEntry: MessageFns<CloudEvent_AttributesEntry>;
export declare const CloudEvent_CloudEventAttributeValue: MessageFns<CloudEvent_CloudEventAttributeValue>;
export declare const CloudEventBatch: MessageFns<CloudEventBatch>;
interface MessageFns<T> {
fromJSON(object: any): T;
toJSON(message: T): unknown;
}
export {};

174
node_modules/@sigstore/protobuf-specs/dist/__generated__/events.js generated vendored Normal file
View File

@@ -0,0 +1,174 @@
"use strict";
// Code generated by protoc-gen-ts_proto. DO NOT EDIT.
// versions:
// protoc-gen-ts_proto v2.7.0
// protoc v6.30.2
// source: events.proto
Object.defineProperty(exports, "__esModule", { value: true });
exports.CloudEventBatch = exports.CloudEvent_CloudEventAttributeValue = exports.CloudEvent_AttributesEntry = exports.CloudEvent = void 0;
/* eslint-disable */
const any_1 = require("./google/protobuf/any");
const timestamp_1 = require("./google/protobuf/timestamp");
exports.CloudEvent = {
fromJSON(object) {
return {
id: isSet(object.id) ? globalThis.String(object.id) : "",
source: isSet(object.source) ? globalThis.String(object.source) : "",
specVersion: isSet(object.specVersion) ? globalThis.String(object.specVersion) : "",
type: isSet(object.type) ? globalThis.String(object.type) : "",
attributes: isObject(object.attributes)
? Object.entries(object.attributes).reduce((acc, [key, value]) => {
acc[key] = exports.CloudEvent_CloudEventAttributeValue.fromJSON(value);
return acc;
}, {})
: {},
data: isSet(object.binaryData)
? { $case: "binaryData", binaryData: Buffer.from(bytesFromBase64(object.binaryData)) }
: isSet(object.textData)
? { $case: "textData", textData: globalThis.String(object.textData) }
: isSet(object.protoData)
? { $case: "protoData", protoData: any_1.Any.fromJSON(object.protoData) }
: undefined,
};
},
toJSON(message) {
const obj = {};
if (message.id !== "") {
obj.id = message.id;
}
if (message.source !== "") {
obj.source = message.source;
}
if (message.specVersion !== "") {
obj.specVersion = message.specVersion;
}
if (message.type !== "") {
obj.type = message.type;
}
if (message.attributes) {
const entries = Object.entries(message.attributes);
if (entries.length > 0) {
obj.attributes = {};
entries.forEach(([k, v]) => {
obj.attributes[k] = exports.CloudEvent_CloudEventAttributeValue.toJSON(v);
});
}
}
if (message.data?.$case === "binaryData") {
obj.binaryData = base64FromBytes(message.data.binaryData);
}
else if (message.data?.$case === "textData") {
obj.textData = message.data.textData;
}
else if (message.data?.$case === "protoData") {
obj.protoData = any_1.Any.toJSON(message.data.protoData);
}
return obj;
},
};
exports.CloudEvent_AttributesEntry = {
fromJSON(object) {
return {
key: isSet(object.key) ? globalThis.String(object.key) : "",
value: isSet(object.value) ? exports.CloudEvent_CloudEventAttributeValue.fromJSON(object.value) : undefined,
};
},
toJSON(message) {
const obj = {};
if (message.key !== "") {
obj.key = message.key;
}
if (message.value !== undefined) {
obj.value = exports.CloudEvent_CloudEventAttributeValue.toJSON(message.value);
}
return obj;
},
};
exports.CloudEvent_CloudEventAttributeValue = {
fromJSON(object) {
return {
attr: isSet(object.ceBoolean)
? { $case: "ceBoolean", ceBoolean: globalThis.Boolean(object.ceBoolean) }
: isSet(object.ceInteger)
? { $case: "ceInteger", ceInteger: globalThis.Number(object.ceInteger) }
: isSet(object.ceString)
? { $case: "ceString", ceString: globalThis.String(object.ceString) }
: isSet(object.ceBytes)
? { $case: "ceBytes", ceBytes: Buffer.from(bytesFromBase64(object.ceBytes)) }
: isSet(object.ceUri)
? { $case: "ceUri", ceUri: globalThis.String(object.ceUri) }
: isSet(object.ceUriRef)
? { $case: "ceUriRef", ceUriRef: globalThis.String(object.ceUriRef) }
: isSet(object.ceTimestamp)
? { $case: "ceTimestamp", ceTimestamp: fromJsonTimestamp(object.ceTimestamp) }
: undefined,
};
},
toJSON(message) {
const obj = {};
if (message.attr?.$case === "ceBoolean") {
obj.ceBoolean = message.attr.ceBoolean;
}
else if (message.attr?.$case === "ceInteger") {
obj.ceInteger = Math.round(message.attr.ceInteger);
}
else if (message.attr?.$case === "ceString") {
obj.ceString = message.attr.ceString;
}
else if (message.attr?.$case === "ceBytes") {
obj.ceBytes = base64FromBytes(message.attr.ceBytes);
}
else if (message.attr?.$case === "ceUri") {
obj.ceUri = message.attr.ceUri;
}
else if (message.attr?.$case === "ceUriRef") {
obj.ceUriRef = message.attr.ceUriRef;
}
else if (message.attr?.$case === "ceTimestamp") {
obj.ceTimestamp = message.attr.ceTimestamp.toISOString();
}
return obj;
},
};
exports.CloudEventBatch = {
fromJSON(object) {
return {
events: globalThis.Array.isArray(object?.events) ? object.events.map((e) => exports.CloudEvent.fromJSON(e)) : [],
};
},
toJSON(message) {
const obj = {};
if (message.events?.length) {
obj.events = message.events.map((e) => exports.CloudEvent.toJSON(e));
}
return obj;
},
};
function bytesFromBase64(b64) {
return Uint8Array.from(globalThis.Buffer.from(b64, "base64"));
}
function base64FromBytes(arr) {
return globalThis.Buffer.from(arr).toString("base64");
}
function fromTimestamp(t) {
let millis = (globalThis.Number(t.seconds) || 0) * 1_000;
millis += (t.nanos || 0) / 1_000_000;
return new globalThis.Date(millis);
}
function fromJsonTimestamp(o) {
if (o instanceof globalThis.Date) {
return o;
}
else if (typeof o === "string") {
return new globalThis.Date(o);
}
else {
return fromTimestamp(timestamp_1.Timestamp.fromJSON(o));
}
}
function isObject(value) {
return typeof value === "object" && value !== null;
}
function isSet(value) {
return value !== null && value !== undefined;
}

74
node_modules/@sigstore/protobuf-specs/dist/__generated__/google/api/field_behavior.d.ts generated vendored Normal file
View File

@@ -0,0 +1,74 @@
/**
* An indicator of the behavior of a given field (for example, that a field
* is required in requests, or given as output but ignored as input).
* This **does not** change the behavior in protocol buffers itself; it only
* denotes the behavior and may affect how API tooling handles the field.
*
* Note: This enum **may** receive new values in the future.
*/
export declare enum FieldBehavior {
/** FIELD_BEHAVIOR_UNSPECIFIED - Conventional default for enums. Do not use this. */
FIELD_BEHAVIOR_UNSPECIFIED = 0,
/**
* OPTIONAL - Specifically denotes a field as optional.
* While all fields in protocol buffers are optional, this may be specified
* for emphasis if appropriate.
*/
OPTIONAL = 1,
/**
* REQUIRED - Denotes a field as required.
* This indicates that the field **must** be provided as part of the request,
* and failure to do so will cause an error (usually `INVALID_ARGUMENT`).
*/
REQUIRED = 2,
/**
* OUTPUT_ONLY - Denotes a field as output only.
* This indicates that the field is provided in responses, but including the
* field in a request does nothing (the server *must* ignore it and
* *must not* throw an error as a result of the field's presence).
*/
OUTPUT_ONLY = 3,
/**
* INPUT_ONLY - Denotes a field as input only.
* This indicates that the field is provided in requests, and the
* corresponding field is not included in output.
*/
INPUT_ONLY = 4,
/**
* IMMUTABLE - Denotes a field as immutable.
* This indicates that the field may be set once in a request to create a
* resource, but may not be changed thereafter.
*/
IMMUTABLE = 5,
/**
* UNORDERED_LIST - Denotes that a (repeated) field is an unordered list.
* This indicates that the service may provide the elements of the list
* in any arbitrary order, rather than the order the user originally
* provided. Additionally, the list's order may or may not be stable.
*/
UNORDERED_LIST = 6,
/**
* NON_EMPTY_DEFAULT - Denotes that this field returns a non-empty default value if not set.
* This indicates that if the user provides the empty value in a request,
* a non-empty value will be returned. The user will not be aware of what
* non-empty value to expect.
*/
NON_EMPTY_DEFAULT = 7,
/**
* IDENTIFIER - Denotes that the field in a resource (a message annotated with
* google.api.resource) is used in the resource name to uniquely identify the
* resource. For AIP-compliant APIs, this should only be applied to the
* `name` field on the resource.
*
* This behavior should not be applied to references to other resources within
* the message.
*
* The identifier field of resources often have different field behavior
* depending on the request it is embedded in (e.g. for Create methods name
* is optional and unused, while for Update methods it is required). Instead
* of method-specific annotations, only `IDENTIFIER` is required.
*/
IDENTIFIER = 8
}
export declare function fieldBehaviorFromJSON(object: any): FieldBehavior;
export declare function fieldBehaviorToJSON(object: FieldBehavior): string;

141
node_modules/@sigstore/protobuf-specs/dist/__generated__/google/api/field_behavior.js generated vendored Normal file
View File

@@ -0,0 +1,141 @@
"use strict";
// Code generated by protoc-gen-ts_proto. DO NOT EDIT.
// versions:
// protoc-gen-ts_proto v2.7.0
// protoc v6.30.2
// source: google/api/field_behavior.proto
Object.defineProperty(exports, "__esModule", { value: true });
exports.FieldBehavior = void 0;
exports.fieldBehaviorFromJSON = fieldBehaviorFromJSON;
exports.fieldBehaviorToJSON = fieldBehaviorToJSON;
/* eslint-disable */
/**
* An indicator of the behavior of a given field (for example, that a field
* is required in requests, or given as output but ignored as input).
* This **does not** change the behavior in protocol buffers itself; it only
* denotes the behavior and may affect how API tooling handles the field.
*
* Note: This enum **may** receive new values in the future.
*/
var FieldBehavior;
(function (FieldBehavior) {
/** FIELD_BEHAVIOR_UNSPECIFIED - Conventional default for enums. Do not use this. */
FieldBehavior[FieldBehavior["FIELD_BEHAVIOR_UNSPECIFIED"] = 0] = "FIELD_BEHAVIOR_UNSPECIFIED";
/**
* OPTIONAL - Specifically denotes a field as optional.
* While all fields in protocol buffers are optional, this may be specified
* for emphasis if appropriate.
*/
FieldBehavior[FieldBehavior["OPTIONAL"] = 1] = "OPTIONAL";
/**
* REQUIRED - Denotes a field as required.
* This indicates that the field **must** be provided as part of the request,
* and failure to do so will cause an error (usually `INVALID_ARGUMENT`).
*/
FieldBehavior[FieldBehavior["REQUIRED"] = 2] = "REQUIRED";
/**
* OUTPUT_ONLY - Denotes a field as output only.
* This indicates that the field is provided in responses, but including the
* field in a request does nothing (the server *must* ignore it and
* *must not* throw an error as a result of the field's presence).
*/
FieldBehavior[FieldBehavior["OUTPUT_ONLY"] = 3] = "OUTPUT_ONLY";
/**
* INPUT_ONLY - Denotes a field as input only.
* This indicates that the field is provided in requests, and the
* corresponding field is not included in output.
*/
FieldBehavior[FieldBehavior["INPUT_ONLY"] = 4] = "INPUT_ONLY";
/**
* IMMUTABLE - Denotes a field as immutable.
* This indicates that the field may be set once in a request to create a
* resource, but may not be changed thereafter.
*/
FieldBehavior[FieldBehavior["IMMUTABLE"] = 5] = "IMMUTABLE";
/**
* UNORDERED_LIST - Denotes that a (repeated) field is an unordered list.
* This indicates that the service may provide the elements of the list
* in any arbitrary order, rather than the order the user originally
* provided. Additionally, the list's order may or may not be stable.
*/
FieldBehavior[FieldBehavior["UNORDERED_LIST"] = 6] = "UNORDERED_LIST";
/**
* NON_EMPTY_DEFAULT - Denotes that this field returns a non-empty default value if not set.
* This indicates that if the user provides the empty value in a request,
* a non-empty value will be returned. The user will not be aware of what
* non-empty value to expect.
*/
FieldBehavior[FieldBehavior["NON_EMPTY_DEFAULT"] = 7] = "NON_EMPTY_DEFAULT";
/**
* IDENTIFIER - Denotes that the field in a resource (a message annotated with
* google.api.resource) is used in the resource name to uniquely identify the
* resource. For AIP-compliant APIs, this should only be applied to the
* `name` field on the resource.
*
* This behavior should not be applied to references to other resources within
* the message.
*
* The identifier field of resources often have different field behavior
* depending on the request it is embedded in (e.g. for Create methods name
* is optional and unused, while for Update methods it is required). Instead
* of method-specific annotations, only `IDENTIFIER` is required.
*/
FieldBehavior[FieldBehavior["IDENTIFIER"] = 8] = "IDENTIFIER";
})(FieldBehavior || (exports.FieldBehavior = FieldBehavior = {}));
function fieldBehaviorFromJSON(object) {
switch (object) {
case 0:
case "FIELD_BEHAVIOR_UNSPECIFIED":
return FieldBehavior.FIELD_BEHAVIOR_UNSPECIFIED;
case 1:
case "OPTIONAL":
return FieldBehavior.OPTIONAL;
case 2:
case "REQUIRED":
return FieldBehavior.REQUIRED;
case 3:
case "OUTPUT_ONLY":
return FieldBehavior.OUTPUT_ONLY;
case 4:
case "INPUT_ONLY":
return FieldBehavior.INPUT_ONLY;
case 5:
case "IMMUTABLE":
return FieldBehavior.IMMUTABLE;
case 6:
case "UNORDERED_LIST":
return FieldBehavior.UNORDERED_LIST;
case 7:
case "NON_EMPTY_DEFAULT":
return FieldBehavior.NON_EMPTY_DEFAULT;
case 8:
case "IDENTIFIER":
return FieldBehavior.IDENTIFIER;
default:
throw new globalThis.Error("Unrecognized enum value " + object + " for enum FieldBehavior");
}
}
function fieldBehaviorToJSON(object) {
switch (object) {
case FieldBehavior.FIELD_BEHAVIOR_UNSPECIFIED:
return "FIELD_BEHAVIOR_UNSPECIFIED";
case FieldBehavior.OPTIONAL:
return "OPTIONAL";
case FieldBehavior.REQUIRED:
return "REQUIRED";
case FieldBehavior.OUTPUT_ONLY:
return "OUTPUT_ONLY";
case FieldBehavior.INPUT_ONLY:
return "INPUT_ONLY";
case FieldBehavior.IMMUTABLE:
return "IMMUTABLE";
case FieldBehavior.UNORDERED_LIST:
return "UNORDERED_LIST";
case FieldBehavior.NON_EMPTY_DEFAULT:
return "NON_EMPTY_DEFAULT";
case FieldBehavior.IDENTIFIER:
return "IDENTIFIER";
default:
throw new globalThis.Error("Unrecognized enum value " + object + " for enum FieldBehavior");
}
}

128
node_modules/@sigstore/protobuf-specs/dist/__generated__/google/protobuf/any.d.ts generated vendored Normal file
View File

@@ -0,0 +1,128 @@
/**
* `Any` contains an arbitrary serialized protocol buffer message along with a
* URL that describes the type of the serialized message.
*
* Protobuf library provides support to pack/unpack Any values in the form
* of utility functions or additional generated methods of the Any type.
*
* Example 1: Pack and unpack a message in C++.
*
* Foo foo = ...;
* Any any;
* any.PackFrom(foo);
* ...
* if (any.UnpackTo(&foo)) {
* ...
* }
*
* Example 2: Pack and unpack a message in Java.
*
* Foo foo = ...;
* Any any = Any.pack(foo);
* ...
* if (any.is(Foo.class)) {
* foo = any.unpack(Foo.class);
* }
* // or ...
* if (any.isSameTypeAs(Foo.getDefaultInstance())) {
* foo = any.unpack(Foo.getDefaultInstance());
* }
*
* Example 3: Pack and unpack a message in Python.
*
* foo = Foo(...)
* any = Any()
* any.Pack(foo)
* ...
* if any.Is(Foo.DESCRIPTOR):
* any.Unpack(foo)
* ...
*
* Example 4: Pack and unpack a message in Go
*
* foo := &pb.Foo{...}
* any, err := anypb.New(foo)
* if err != nil {
* ...
* }
* ...
* foo := &pb.Foo{}
* if err := any.UnmarshalTo(foo); err != nil {
* ...
* }
*
* The pack methods provided by protobuf library will by default use
* 'type.googleapis.com/full.type.name' as the type URL and the unpack
* methods only use the fully qualified type name after the last '/'
* in the type URL, for example "foo.bar.com/x/y.z" will yield type
* name "y.z".
*
* JSON
* ====
* The JSON representation of an `Any` value uses the regular
* representation of the deserialized, embedded message, with an
* additional field `@type` which contains the type URL. Example:
*
* package google.profile;
* message Person {
* string first_name = 1;
* string last_name = 2;
* }
*
* {
* "@type": "type.googleapis.com/google.profile.Person",
* "firstName": <string>,
* "lastName": <string>
* }
*
* If the embedded message type is well-known and has a custom JSON
* representation, that representation will be embedded adding a field
* `value` which holds the custom JSON in addition to the `@type`
* field. Example (for message [google.protobuf.Duration][]):
*
* {
* "@type": "type.googleapis.com/google.protobuf.Duration",
* "value": "1.212s"
* }
*/
export interface Any {
/**
* A URL/resource name that uniquely identifies the type of the serialized
* protocol buffer message. This string must contain at least
* one "/" character. The last segment of the URL's path must represent
* the fully qualified name of the type (as in
* `path/google.protobuf.Duration`). The name should be in a canonical form
* (e.g., leading "." is not accepted).
*
* In practice, teams usually precompile into the binary all types that they
* expect it to use in the context of Any. However, for URLs which use the
* scheme `http`, `https`, or no scheme, one can optionally set up a type
* server that maps type URLs to message definitions as follows:
*
* * If no scheme is provided, `https` is assumed.
* * An HTTP GET on the URL must yield a [google.protobuf.Type][]
* value in binary format, or produce an error.
* * Applications are allowed to cache lookup results based on the
* URL, or have them precompiled into a binary to avoid any
* lookup. Therefore, binary compatibility needs to be preserved
* on changes to types. (Use versioned type names to manage
* breaking changes.)
*
* Note: this functionality is not currently available in the official
* protobuf release, and it is not used for type URLs beginning with
* type.googleapis.com. As of May 2023, there are no widely used type server
* implementations and no plans to implement one.
*
* Schemes other than `http`, `https` (or the empty scheme) might be
* used with implementation specific semantics.
*/
typeUrl: string;
/** Must be a valid serialized protocol buffer of the above specified type. */
value: Buffer;
}
export declare const Any: MessageFns<Any>;
interface MessageFns<T> {
fromJSON(object: any): T;
toJSON(message: T): unknown;
}
export {};

35
node_modules/@sigstore/protobuf-specs/dist/__generated__/google/protobuf/any.js generated vendored Normal file
View File

@@ -0,0 +1,35 @@
"use strict";
// Code generated by protoc-gen-ts_proto. DO NOT EDIT.
// versions:
// protoc-gen-ts_proto v2.7.0
// protoc v6.30.2
// source: google/protobuf/any.proto
Object.defineProperty(exports, "__esModule", { value: true });
exports.Any = void 0;
exports.Any = {
fromJSON(object) {
return {
typeUrl: isSet(object.typeUrl) ? globalThis.String(object.typeUrl) : "",
value: isSet(object.value) ? Buffer.from(bytesFromBase64(object.value)) : Buffer.alloc(0),
};
},
toJSON(message) {
const obj = {};
if (message.typeUrl !== "") {
obj.typeUrl = message.typeUrl;
}
if (message.value.length !== 0) {
obj.value = base64FromBytes(message.value);
}
return obj;
},
};
function bytesFromBase64(b64) {
return Uint8Array.from(globalThis.Buffer.from(b64, "base64"));
}
function base64FromBytes(arr) {
return globalThis.Buffer.from(arr).toString("base64");
}
function isSet(value) {
return value !== null && value !== undefined;
}

1251
node_modules/@sigstore/protobuf-specs/dist/__generated__/google/protobuf/descriptor.d.ts generated vendored Normal file
View File

File diff suppressed because it is too large Load Diff

2042
node_modules/@sigstore/protobuf-specs/dist/__generated__/google/protobuf/descriptor.js generated vendored Normal file
View File

File diff suppressed because it is too large Load Diff

112
node_modules/@sigstore/protobuf-specs/dist/__generated__/google/protobuf/timestamp.d.ts generated vendored Normal file
View File

@@ -0,0 +1,112 @@
/**
* A Timestamp represents a point in time independent of any time zone or local
* calendar, encoded as a count of seconds and fractions of seconds at
* nanosecond resolution. The count is relative to an epoch at UTC midnight on
* January 1, 1970, in the proleptic Gregorian calendar which extends the
* Gregorian calendar backwards to year one.
*
* All minutes are 60 seconds long. Leap seconds are "smeared" so that no leap
* second table is needed for interpretation, using a [24-hour linear
* smear](https://developers.google.com/time/smear).
*
* The range is from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z. By
* restricting to that range, we ensure that we can convert to and from [RFC
* 3339](https://www.ietf.org/rfc/rfc3339.txt) date strings.
*
* # Examples
*
* Example 1: Compute Timestamp from POSIX `time()`.
*
* Timestamp timestamp;
* timestamp.set_seconds(time(NULL));
* timestamp.set_nanos(0);
*
* Example 2: Compute Timestamp from POSIX `gettimeofday()`.
*
* struct timeval tv;
* gettimeofday(&tv, NULL);
*
* Timestamp timestamp;
* timestamp.set_seconds(tv.tv_sec);
* timestamp.set_nanos(tv.tv_usec * 1000);
*
* Example 3: Compute Timestamp from Win32 `GetSystemTimeAsFileTime()`.
*
* FILETIME ft;
* GetSystemTimeAsFileTime(&ft);
* UINT64 ticks = (((UINT64)ft.dwHighDateTime) << 32) | ft.dwLowDateTime;
*
* // A Windows tick is 100 nanoseconds. Windows epoch 1601-01-01T00:00:00Z
* // is 11644473600 seconds before Unix epoch 1970-01-01T00:00:00Z.
* Timestamp timestamp;
* timestamp.set_seconds((INT64) ((ticks / 10000000) - 11644473600LL));
* timestamp.set_nanos((INT32) ((ticks % 10000000) * 100));
*
* Example 4: Compute Timestamp from Java `System.currentTimeMillis()`.
*
* long millis = System.currentTimeMillis();
*
* Timestamp timestamp = Timestamp.newBuilder().setSeconds(millis / 1000)
* .setNanos((int) ((millis % 1000) * 1000000)).build();
*
* Example 5: Compute Timestamp from Java `Instant.now()`.
*
* Instant now = Instant.now();
*
* Timestamp timestamp =
* Timestamp.newBuilder().setSeconds(now.getEpochSecond())
* .setNanos(now.getNano()).build();
*
* Example 6: Compute Timestamp from current time in Python.
*
* timestamp = Timestamp()
* timestamp.GetCurrentTime()
*
* # JSON Mapping
*
* In JSON format, the Timestamp type is encoded as a string in the
* [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format. That is, the
* format is "{year}-{month}-{day}T{hour}:{min}:{sec}[.{frac_sec}]Z"
* where {year} is always expressed using four digits while {month}, {day},
* {hour}, {min}, and {sec} are zero-padded to two digits each. The fractional
* seconds, which can go up to 9 digits (i.e. up to 1 nanosecond resolution),
* are optional. The "Z" suffix indicates the timezone ("UTC"); the timezone
* is required. A proto3 JSON serializer should always use UTC (as indicated by
* "Z") when printing the Timestamp type and a proto3 JSON parser should be
* able to accept both UTC and other timezones (as indicated by an offset).
*
* For example, "2017-01-15T01:30:15.01Z" encodes 15.01 seconds past
* 01:30 UTC on January 15, 2017.
*
* In JavaScript, one can convert a Date object to this format using the
* standard
* [toISOString()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toISOString)
* method. In Python, a standard `datetime.datetime` object can be converted
* to this format using
* [`strftime`](https://docs.python.org/2/library/time.html#time.strftime) with
* the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in Java, one can use
* the Joda Time's [`ISODateTimeFormat.dateTime()`](
* http://joda-time.sourceforge.net/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime()
* ) to obtain a formatter capable of generating timestamps in this format.
*/
export interface Timestamp {
/**
* Represents seconds of UTC time since Unix epoch
* 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to
* 9999-12-31T23:59:59Z inclusive.
*/
seconds: string;
/**
* Non-negative fractions of a second at nanosecond resolution. Negative
* second values with fractions must still have non-negative nanos values
* that count forward in time. Must be from 0 to 999,999,999
* inclusive.
*/
nanos: number;
}
export declare const Timestamp: MessageFns<Timestamp>;
interface MessageFns<T> {
fromJSON(object: any): T;
toJSON(message: T): unknown;
}
export {};

29
node_modules/@sigstore/protobuf-specs/dist/__generated__/google/protobuf/timestamp.js generated vendored Normal file
View File

@@ -0,0 +1,29 @@
"use strict";
// Code generated by protoc-gen-ts_proto. DO NOT EDIT.
// versions:
// protoc-gen-ts_proto v2.7.0
// protoc v6.30.2
// source: google/protobuf/timestamp.proto
Object.defineProperty(exports, "__esModule", { value: true });
exports.Timestamp = void 0;
exports.Timestamp = {
fromJSON(object) {
return {
seconds: isSet(object.seconds) ? globalThis.String(object.seconds) : "0",
nanos: isSet(object.nanos) ? globalThis.Number(object.nanos) : 0,
};
},
toJSON(message) {
const obj = {};
if (message.seconds !== "0") {
obj.seconds = message.seconds;
}
if (message.nanos !== 0) {
obj.nanos = Math.round(message.nanos);
}
return obj;
},
};
function isSet(value) {
return value !== null && value !== undefined;
}

23
node_modules/@sigstore/protobuf-specs/dist/__generated__/rekor/v2/dsse.d.ts generated vendored Normal file
View File

@@ -0,0 +1,23 @@
import { Envelope } from "../../envelope";
import { HashOutput } from "../../sigstore_common";
import { Signature, Verifier } from "./verifier";
/** A request to add a DSSE v0.0.2 entry to the log */
export interface DSSERequestV002 {
/** A DSSE envelope */
envelope: Envelope | undefined;
/** All necessary verification material to verify all signatures embedded in the envelope */
verifiers: Verifier[];
}
export interface DSSELogEntryV002 {
/** The hash of the DSSE payload */
payloadHash: HashOutput | undefined;
/** Signatures and their associated verification material used to verify the payload */
signatures: Signature[];
}
export declare const DSSERequestV002: MessageFns<DSSERequestV002>;
export declare const DSSELogEntryV002: MessageFns<DSSELogEntryV002>;
interface MessageFns<T> {
fromJSON(object: any): T;
toJSON(message: T): unknown;
}
export {};

55
node_modules/@sigstore/protobuf-specs/dist/__generated__/rekor/v2/dsse.js generated vendored Normal file
View File

@@ -0,0 +1,55 @@
"use strict";
// Code generated by protoc-gen-ts_proto. DO NOT EDIT.
// versions:
// protoc-gen-ts_proto v2.7.0
// protoc v6.30.2
// source: rekor/v2/dsse.proto
Object.defineProperty(exports, "__esModule", { value: true });
exports.DSSELogEntryV002 = exports.DSSERequestV002 = void 0;
/* eslint-disable */
const envelope_1 = require("../../envelope");
const sigstore_common_1 = require("../../sigstore_common");
const verifier_1 = require("./verifier");
exports.DSSERequestV002 = {
fromJSON(object) {
return {
envelope: isSet(object.envelope) ? envelope_1.Envelope.fromJSON(object.envelope) : undefined,
verifiers: globalThis.Array.isArray(object?.verifiers)
? object.verifiers.map((e) => verifier_1.Verifier.fromJSON(e))
: [],
};
},
toJSON(message) {
const obj = {};
if (message.envelope !== undefined) {
obj.envelope = envelope_1.Envelope.toJSON(message.envelope);
}
if (message.verifiers?.length) {
obj.verifiers = message.verifiers.map((e) => verifier_1.Verifier.toJSON(e));
}
return obj;
},
};
exports.DSSELogEntryV002 = {
fromJSON(object) {
return {
payloadHash: isSet(object.payloadHash) ? sigstore_common_1.HashOutput.fromJSON(object.payloadHash) : undefined,
signatures: globalThis.Array.isArray(object?.signatures)
? object.signatures.map((e) => verifier_1.Signature.fromJSON(e))
: [],
};
},
toJSON(message) {
const obj = {};
if (message.payloadHash !== undefined) {
obj.payloadHash = sigstore_common_1.HashOutput.toJSON(message.payloadHash);
}
if (message.signatures?.length) {
obj.signatures = message.signatures.map((e) => verifier_1.Signature.toJSON(e));
}
return obj;
},
};
function isSet(value) {
return value !== null && value !== undefined;
}

43
node_modules/@sigstore/protobuf-specs/dist/__generated__/rekor/v2/entry.d.ts generated vendored Normal file
View File

@@ -0,0 +1,43 @@
import { DSSELogEntryV002, DSSERequestV002 } from "./dsse";
import { HashedRekordLogEntryV002, HashedRekordRequestV002 } from "./hashedrekord";
/**
* Entry is the message that is canonicalized and uploaded to the log.
* This format is meant to be compliant with Rekor v1 entries in that
* the `apiVersion` and `kind` can be parsed before parsing the spec.
* Clients are expected to understand and handle the differences in the
* contents of `spec` between Rekor v1 (a polymorphic OpenAPI defintion)
* and Rekor v2 (a typed proto defintion).
*/
export interface Entry {
kind: string;
apiVersion: string;
spec: Spec | undefined;
}
/** Spec contains one of the Rekor entry types. */
export interface Spec {
spec?: {
$case: "hashedRekordV002";
hashedRekordV002: HashedRekordLogEntryV002;
} | {
$case: "dsseV002";
dsseV002: DSSELogEntryV002;
} | undefined;
}
/** Create a new HashedRekord or DSSE */
export interface CreateEntryRequest {
spec?: {
$case: "hashedRekordRequestV002";
hashedRekordRequestV002: HashedRekordRequestV002;
} | {
$case: "dsseRequestV002";
dsseRequestV002: DSSERequestV002;
} | undefined;
}
export declare const Entry: MessageFns<Entry>;
export declare const Spec: MessageFns<Spec>;
export declare const CreateEntryRequest: MessageFns<CreateEntryRequest>;
interface MessageFns<T> {
fromJSON(object: any): T;
toJSON(message: T): unknown;
}
export {};

81
node_modules/@sigstore/protobuf-specs/dist/__generated__/rekor/v2/entry.js generated vendored Normal file
View File

@@ -0,0 +1,81 @@
"use strict";
// Code generated by protoc-gen-ts_proto. DO NOT EDIT.
// versions:
// protoc-gen-ts_proto v2.7.0
// protoc v6.30.2
// source: rekor/v2/entry.proto
Object.defineProperty(exports, "__esModule", { value: true });
exports.CreateEntryRequest = exports.Spec = exports.Entry = void 0;
/* eslint-disable */
const dsse_1 = require("./dsse");
const hashedrekord_1 = require("./hashedrekord");
exports.Entry = {
fromJSON(object) {
return {
kind: isSet(object.kind) ? globalThis.String(object.kind) : "",
apiVersion: isSet(object.apiVersion) ? globalThis.String(object.apiVersion) : "",
spec: isSet(object.spec) ? exports.Spec.fromJSON(object.spec) : undefined,
};
},
toJSON(message) {
const obj = {};
if (message.kind !== "") {
obj.kind = message.kind;
}
if (message.apiVersion !== "") {
obj.apiVersion = message.apiVersion;
}
if (message.spec !== undefined) {
obj.spec = exports.Spec.toJSON(message.spec);
}
return obj;
},
};
exports.Spec = {
fromJSON(object) {
return {
spec: isSet(object.hashedRekordV002)
? { $case: "hashedRekordV002", hashedRekordV002: hashedrekord_1.HashedRekordLogEntryV002.fromJSON(object.hashedRekordV002) }
: isSet(object.dsseV002)
? { $case: "dsseV002", dsseV002: dsse_1.DSSELogEntryV002.fromJSON(object.dsseV002) }
: undefined,
};
},
toJSON(message) {
const obj = {};
if (message.spec?.$case === "hashedRekordV002") {
obj.hashedRekordV002 = hashedrekord_1.HashedRekordLogEntryV002.toJSON(message.spec.hashedRekordV002);
}
else if (message.spec?.$case === "dsseV002") {
obj.dsseV002 = dsse_1.DSSELogEntryV002.toJSON(message.spec.dsseV002);
}
return obj;
},
};
exports.CreateEntryRequest = {
fromJSON(object) {
return {
spec: isSet(object.hashedRekordRequestV002)
? {
$case: "hashedRekordRequestV002",
hashedRekordRequestV002: hashedrekord_1.HashedRekordRequestV002.fromJSON(object.hashedRekordRequestV002),
}
: isSet(object.dsseRequestV002)
? { $case: "dsseRequestV002", dsseRequestV002: dsse_1.DSSERequestV002.fromJSON(object.dsseRequestV002) }
: undefined,
};
},
toJSON(message) {
const obj = {};
if (message.spec?.$case === "hashedRekordRequestV002") {
obj.hashedRekordRequestV002 = hashedrekord_1.HashedRekordRequestV002.toJSON(message.spec.hashedRekordRequestV002);
}
else if (message.spec?.$case === "dsseRequestV002") {
obj.dsseRequestV002 = dsse_1.DSSERequestV002.toJSON(message.spec.dsseRequestV002);
}
return obj;
},
};
function isSet(value) {
return value !== null && value !== undefined;
}

22
node_modules/@sigstore/protobuf-specs/dist/__generated__/rekor/v2/hashedrekord.d.ts generated vendored Normal file
View File

@@ -0,0 +1,22 @@
import { HashOutput } from "../../sigstore_common";
import { Signature } from "./verifier";
/** A request to add a hashedrekord v0.0.2 to the log */
export interface HashedRekordRequestV002 {
/** The hashed data */
digest: Buffer;
/** A single signature over the hashed data with the verifier needed to validate it */
signature: Signature | undefined;
}
export interface HashedRekordLogEntryV002 {
/** The hashed data */
data: HashOutput | undefined;
/** A single signature over the hashed data with the verifier needed to validate it */
signature: Signature | undefined;
}
export declare const HashedRekordRequestV002: MessageFns<HashedRekordRequestV002>;
export declare const HashedRekordLogEntryV002: MessageFns<HashedRekordLogEntryV002>;
interface MessageFns<T> {
fromJSON(object: any): T;
toJSON(message: T): unknown;
}
export {};

56
node_modules/@sigstore/protobuf-specs/dist/__generated__/rekor/v2/hashedrekord.js generated vendored Normal file
View File

@@ -0,0 +1,56 @@
"use strict";
// Code generated by protoc-gen-ts_proto. DO NOT EDIT.
// versions:
// protoc-gen-ts_proto v2.7.0
// protoc v6.30.2
// source: rekor/v2/hashedrekord.proto
Object.defineProperty(exports, "__esModule", { value: true });
exports.HashedRekordLogEntryV002 = exports.HashedRekordRequestV002 = void 0;
/* eslint-disable */
const sigstore_common_1 = require("../../sigstore_common");
const verifier_1 = require("./verifier");
exports.HashedRekordRequestV002 = {
fromJSON(object) {
return {
digest: isSet(object.digest) ? Buffer.from(bytesFromBase64(object.digest)) : Buffer.alloc(0),
signature: isSet(object.signature) ? verifier_1.Signature.fromJSON(object.signature) : undefined,
};
},
toJSON(message) {
const obj = {};
if (message.digest.length !== 0) {
obj.digest = base64FromBytes(message.digest);
}
if (message.signature !== undefined) {
obj.signature = verifier_1.Signature.toJSON(message.signature);
}
return obj;
},
};
exports.HashedRekordLogEntryV002 = {
fromJSON(object) {
return {
data: isSet(object.data) ? sigstore_common_1.HashOutput.fromJSON(object.data) : undefined,
signature: isSet(object.signature) ? verifier_1.Signature.fromJSON(object.signature) : undefined,
};
},
toJSON(message) {
const obj = {};
if (message.data !== undefined) {
obj.data = sigstore_common_1.HashOutput.toJSON(message.data);
}
if (message.signature !== undefined) {
obj.signature = verifier_1.Signature.toJSON(message.signature);
}
return obj;
},
};
function bytesFromBase64(b64) {
return Uint8Array.from(globalThis.Buffer.from(b64, "base64"));
}
function base64FromBytes(arr) {
return globalThis.Buffer.from(arr).toString("base64");
}
function isSet(value) {
return value !== null && value !== undefined;
}

35
node_modules/@sigstore/protobuf-specs/dist/__generated__/rekor/v2/verifier.d.ts generated vendored Normal file
View File

@@ -0,0 +1,35 @@
import { PublicKeyDetails, X509Certificate } from "../../sigstore_common";
/** PublicKey contains an encoded public key */
export interface PublicKey {
/** DER-encoded public key */
rawBytes: Buffer;
}
/** Either a public key or a X.509 cerificiate with an embedded public key */
export interface Verifier {
verifier?: //
/** DER-encoded public key. Encoding method is specified by the key_details attribute */
{
$case: "publicKey";
publicKey: PublicKey;
} | //
/** DER-encoded certificate */
{
$case: "x509Certificate";
x509Certificate: X509Certificate;
} | undefined;
/** Key encoding and signature algorithm to use for this key */
keyDetails: PublicKeyDetails;
}
/** A signature and an associated verifier */
export interface Signature {
content: Buffer;
verifier: Verifier | undefined;
}
export declare const PublicKey: MessageFns<PublicKey>;
export declare const Verifier: MessageFns<Verifier>;
export declare const Signature: MessageFns<Signature>;
interface MessageFns<T> {
fromJSON(object: any): T;
toJSON(message: T): unknown;
}
export {};

74
node_modules/@sigstore/protobuf-specs/dist/__generated__/rekor/v2/verifier.js generated vendored Normal file
View File

@@ -0,0 +1,74 @@
"use strict";
// Code generated by protoc-gen-ts_proto. DO NOT EDIT.
// versions:
// protoc-gen-ts_proto v2.7.0
// protoc v6.30.2
// source: rekor/v2/verifier.proto
Object.defineProperty(exports, "__esModule", { value: true });
exports.Signature = exports.Verifier = exports.PublicKey = void 0;
/* eslint-disable */
const sigstore_common_1 = require("../../sigstore_common");
exports.PublicKey = {
fromJSON(object) {
return { rawBytes: isSet(object.rawBytes) ? Buffer.from(bytesFromBase64(object.rawBytes)) : Buffer.alloc(0) };
},
toJSON(message) {
const obj = {};
if (message.rawBytes.length !== 0) {
obj.rawBytes = base64FromBytes(message.rawBytes);
}
return obj;
},
};
exports.Verifier = {
fromJSON(object) {
return {
verifier: isSet(object.publicKey)
? { $case: "publicKey", publicKey: exports.PublicKey.fromJSON(object.publicKey) }
: isSet(object.x509Certificate)
? { $case: "x509Certificate", x509Certificate: sigstore_common_1.X509Certificate.fromJSON(object.x509Certificate) }
: undefined,
keyDetails: isSet(object.keyDetails) ? (0, sigstore_common_1.publicKeyDetailsFromJSON)(object.keyDetails) : 0,
};
},
toJSON(message) {
const obj = {};
if (message.verifier?.$case === "publicKey") {
obj.publicKey = exports.PublicKey.toJSON(message.verifier.publicKey);
}
else if (message.verifier?.$case === "x509Certificate") {
obj.x509Certificate = sigstore_common_1.X509Certificate.toJSON(message.verifier.x509Certificate);
}
if (message.keyDetails !== 0) {
obj.keyDetails = (0, sigstore_common_1.publicKeyDetailsToJSON)(message.keyDetails);
}
return obj;
},
};
exports.Signature = {
fromJSON(object) {
return {
content: isSet(object.content) ? Buffer.from(bytesFromBase64(object.content)) : Buffer.alloc(0),
verifier: isSet(object.verifier) ? exports.Verifier.fromJSON(object.verifier) : undefined,
};
},
toJSON(message) {
const obj = {};
if (message.content.length !== 0) {
obj.content = base64FromBytes(message.content);
}
if (message.verifier !== undefined) {
obj.verifier = exports.Verifier.toJSON(message.verifier);
}
return obj;
},
};
function bytesFromBase64(b64) {
return Uint8Array.from(globalThis.Buffer.from(b64, "base64"));
}
function base64FromBytes(arr) {
return globalThis.Buffer.from(arr).toString("base64");
}
function isSet(value) {
return value !== null && value !== undefined;
}

146
node_modules/@sigstore/protobuf-specs/dist/__generated__/sigstore_bundle.d.ts generated vendored Normal file
View File

@@ -0,0 +1,146 @@
import { Envelope } from "./envelope";
import { MessageSignature, PublicKeyIdentifier, RFC3161SignedTimestamp, X509Certificate, X509CertificateChain } from "./sigstore_common";
import { TransparencyLogEntry } from "./sigstore_rekor";
/**
* Various timestamped counter signatures over the artifacts signature.
* Currently only RFC3161 signatures are provided. More formats may be added
* in the future.
*/
export interface TimestampVerificationData {
/**
* A list of RFC3161 signed timestamps provided by the user.
* This can be used when the entry has not been stored on a
* transparency log, or in conjunction for a stronger trust model.
* Clients MUST verify the hashed message in the message imprint
* against the signature in the bundle.
*/
rfc3161Timestamps: RFC3161SignedTimestamp[];
}
/**
* VerificationMaterial captures details on the materials used to verify
* signatures. This message may be embedded in a DSSE envelope as a signature
* extension. Specifically, the `ext` field of the extension will expect this
* message when the signature extension is for Sigstore. This is identified by
* the `kind` field in the extension, which must be set to
* application/vnd.dev.sigstore.verificationmaterial;version=0.1 for Sigstore.
* When used as a DSSE extension, if the `public_key` field is used to indicate
* the key identifier, it MUST match the `keyid` field of the signature the
* extension is attached to.
*/
export interface VerificationMaterial {
/**
* The key material for verification purposes.
*
* This allows key material to be conveyed in one of three forms:
*
* 1. An unspecified public key identifier, for retrieving a key
* from an out-of-band mechanism (such as a keyring);
*
* 2. A sequence of one or more X.509 certificates, of which the first member
* MUST be a leaf certificate conveying the signing key. Subsequent members
* SHOULD be in issuing order, meaning that `n + 1` should be an issuer for `n`.
*
* Signers MUST NOT include root CA certificates in bundles, and SHOULD NOT
* include intermediate CA certificates that appear in an independent root of trust
* (such as the Public Good Instance's trusted root).
*
* Verifiers MUST validate the chain carefully to ensure that it chains up
* to a CA certificate that they independently trust. Verifiers SHOULD
* handle old or non-complying bundles that have superfluous intermediate and/or
* root CA certificates by either ignoring them or explicitly considering them
* untrusted for the purposes of chain building.
*
* 3. A single X.509 certificate, which MUST be a leaf certificate conveying
* the signing key.
*
* When used with the Public Good Instance (PGI) of Sigstore for "keyless" signing
* via Fulcio, form (1) MUST NOT be used, regardless of bundle version. Form (1)
* MAY be used with the PGI for self-managed keys.
*
* When used in a `0.1` or `0.2` bundle with the PGI and "keyless" signing,
* form (2) MUST be used.
*
* When used in a `0.3` bundle with the PGI and "keyless" signing,
* form (3) MUST be used.
*/
content?: {
$case: "publicKey";
publicKey: PublicKeyIdentifier;
} | {
$case: "x509CertificateChain";
x509CertificateChain: X509CertificateChain;
} | {
$case: "certificate";
certificate: X509Certificate;
} | undefined;
/**
* An inclusion proof and an optional signed timestamp from the log.
* Client verification libraries MAY provide an option to support v0.1
* bundles for backwards compatibility, which may contain an inclusion
* promise and not an inclusion proof. In this case, the client MUST
* validate the promise.
* Verifiers SHOULD NOT allow v0.1 bundles if they're used in an
* ecosystem which never produced them.
*/
tlogEntries: TransparencyLogEntry[];
/**
* Timestamp may also come from
* tlog_entries.inclusion_promise.signed_entry_timestamp.
*/
timestampVerificationData: TimestampVerificationData | undefined;
}
export interface Bundle {
/**
* MUST be application/vnd.dev.sigstore.bundle.v0.3+json when
* when encoded as JSON.
* Clients must to be able to accept media type using the previously
* defined formats:
* * application/vnd.dev.sigstore.bundle+json;version=0.1
* * application/vnd.dev.sigstore.bundle+json;version=0.2
* * application/vnd.dev.sigstore.bundle+json;version=0.3
*/
mediaType: string;
/**
* When a signer is identified by a X.509 certificate, a verifier MUST
* verify that the signature was computed at the time the certificate
* was valid as described in the Sigstore client spec: "Verification
* using a Bundle".
* <https://docs.google.com/document/d/1kbhK2qyPPk8SLavHzYSDM8-Ueul9_oxIMVFuWMWKz0E/edit#heading=h.x8bduppe89ln>
* If the verification material contains a public key identifier
* (key hint) and the `content` is a DSSE envelope, the key hints
* MUST be exactly the same in the verification material and in the
* DSSE envelope.
*/
verificationMaterial: VerificationMaterial | undefined;
content?: {
$case: "messageSignature";
messageSignature: MessageSignature;
} | //
/**
* A DSSE envelope can contain arbitrary payloads.
* Verifiers must verify that the payload type is a
* supported and expected type. This is part of the DSSE
* protocol which is defined here:
* <https://github.com/secure-systems-lab/dsse/blob/master/protocol.md>
* DSSE envelopes in a bundle MUST have exactly one signature.
* This is a limitation from the DSSE spec, as it can contain
* multiple signatures. There are two primary reasons:
* 1. It simplifies the verification logic and policy
* 2. The bundle (currently) can only contain a single
* instance of the required verification materials
* During verification a client MUST reject an envelope if
* the number of signatures is not equal to one.
*/
{
$case: "dsseEnvelope";
dsseEnvelope: Envelope;
} | undefined;
}
export declare const TimestampVerificationData: MessageFns<TimestampVerificationData>;
export declare const VerificationMaterial: MessageFns<VerificationMaterial>;
export declare const Bundle: MessageFns<Bundle>;
interface MessageFns<T> {
fromJSON(object: any): T;
toJSON(message: T): unknown;
}
export {};

103
node_modules/@sigstore/protobuf-specs/dist/__generated__/sigstore_bundle.js generated vendored Normal file
View File

@@ -0,0 +1,103 @@
"use strict";
// Code generated by protoc-gen-ts_proto. DO NOT EDIT.
// versions:
// protoc-gen-ts_proto v2.7.0
// protoc v6.30.2
// source: sigstore_bundle.proto
Object.defineProperty(exports, "__esModule", { value: true });
exports.Bundle = exports.VerificationMaterial = exports.TimestampVerificationData = void 0;
/* eslint-disable */
const envelope_1 = require("./envelope");
const sigstore_common_1 = require("./sigstore_common");
const sigstore_rekor_1 = require("./sigstore_rekor");
exports.TimestampVerificationData = {
fromJSON(object) {
return {
rfc3161Timestamps: globalThis.Array.isArray(object?.rfc3161Timestamps)
? object.rfc3161Timestamps.map((e) => sigstore_common_1.RFC3161SignedTimestamp.fromJSON(e))
: [],
};
},
toJSON(message) {
const obj = {};
if (message.rfc3161Timestamps?.length) {
obj.rfc3161Timestamps = message.rfc3161Timestamps.map((e) => sigstore_common_1.RFC3161SignedTimestamp.toJSON(e));
}
return obj;
},
};
exports.VerificationMaterial = {
fromJSON(object) {
return {
content: isSet(object.publicKey)
? { $case: "publicKey", publicKey: sigstore_common_1.PublicKeyIdentifier.fromJSON(object.publicKey) }
: isSet(object.x509CertificateChain)
? {
$case: "x509CertificateChain",
x509CertificateChain: sigstore_common_1.X509CertificateChain.fromJSON(object.x509CertificateChain),
}
: isSet(object.certificate)
? { $case: "certificate", certificate: sigstore_common_1.X509Certificate.fromJSON(object.certificate) }
: undefined,
tlogEntries: globalThis.Array.isArray(object?.tlogEntries)
? object.tlogEntries.map((e) => sigstore_rekor_1.TransparencyLogEntry.fromJSON(e))
: [],
timestampVerificationData: isSet(object.timestampVerificationData)
? exports.TimestampVerificationData.fromJSON(object.timestampVerificationData)
: undefined,
};
},
toJSON(message) {
const obj = {};
if (message.content?.$case === "publicKey") {
obj.publicKey = sigstore_common_1.PublicKeyIdentifier.toJSON(message.content.publicKey);
}
else if (message.content?.$case === "x509CertificateChain") {
obj.x509CertificateChain = sigstore_common_1.X509CertificateChain.toJSON(message.content.x509CertificateChain);
}
else if (message.content?.$case === "certificate") {
obj.certificate = sigstore_common_1.X509Certificate.toJSON(message.content.certificate);
}
if (message.tlogEntries?.length) {
obj.tlogEntries = message.tlogEntries.map((e) => sigstore_rekor_1.TransparencyLogEntry.toJSON(e));
}
if (message.timestampVerificationData !== undefined) {
obj.timestampVerificationData = exports.TimestampVerificationData.toJSON(message.timestampVerificationData);
}
return obj;
},
};
exports.Bundle = {
fromJSON(object) {
return {
mediaType: isSet(object.mediaType) ? globalThis.String(object.mediaType) : "",
verificationMaterial: isSet(object.verificationMaterial)
? exports.VerificationMaterial.fromJSON(object.verificationMaterial)
: undefined,
content: isSet(object.messageSignature)
? { $case: "messageSignature", messageSignature: sigstore_common_1.MessageSignature.fromJSON(object.messageSignature) }
: isSet(object.dsseEnvelope)
? { $case: "dsseEnvelope", dsseEnvelope: envelope_1.Envelope.fromJSON(object.dsseEnvelope) }
: undefined,
};
},
toJSON(message) {
const obj = {};
if (message.mediaType !== "") {
obj.mediaType = message.mediaType;
}
if (message.verificationMaterial !== undefined) {
obj.verificationMaterial = exports.VerificationMaterial.toJSON(message.verificationMaterial);
}
if (message.content?.$case === "messageSignature") {
obj.messageSignature = sigstore_common_1.MessageSignature.toJSON(message.content.messageSignature);
}
else if (message.content?.$case === "dsseEnvelope") {
obj.dsseEnvelope = envelope_1.Envelope.toJSON(message.content.dsseEnvelope);
}
return obj;
},
};
function isSet(value) {
return value !== null && value !== undefined;
}

293
node_modules/@sigstore/protobuf-specs/dist/__generated__/sigstore_common.d.ts generated vendored Normal file
View File

@@ -0,0 +1,293 @@
/**
* Only a subset of the secure hash standard algorithms are supported.
* See <https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf> for more
* details.
* UNSPECIFIED SHOULD not be used, primary reason for inclusion is to force
* any proto JSON serialization to emit the used hash algorithm, as default
* option is to *omit* the default value of an enum (which is the first
* value, represented by '0'.
*/
export declare enum HashAlgorithm {
HASH_ALGORITHM_UNSPECIFIED = 0,
SHA2_256 = 1,
SHA2_384 = 2,
SHA2_512 = 3,
SHA3_256 = 4,
SHA3_384 = 5
}
export declare function hashAlgorithmFromJSON(object: any): HashAlgorithm;
export declare function hashAlgorithmToJSON(object: HashAlgorithm): string;
/**
* Details of a specific public key, capturing the the key encoding method,
* and signature algorithm.
*
* PublicKeyDetails captures the public key/hash algorithm combinations
* recommended in the Sigstore ecosystem.
*
* This is modelled as a linear set as we want to provide a small number of
* opinionated options instead of allowing every possible permutation.
*
* Any changes to this enum MUST be reflected in the algorithm registry.
*
* See: <https://github.com/sigstore/architecture-docs/blob/main/algorithm-registry.md>
*
* To avoid the possibility of contradicting formats such as PKCS1 with
* ED25519 the valid permutations are listed as a linear set instead of a
* cartesian set (i.e one combined variable instead of two, one for encoding
* and one for the signature algorithm).
*/
export declare enum PublicKeyDetails {
PUBLIC_KEY_DETAILS_UNSPECIFIED = 0,
/**
* PKCS1_RSA_PKCS1V5 - RSA
*
* @deprecated
*/
PKCS1_RSA_PKCS1V5 = 1,
/**
* PKCS1_RSA_PSS - See RFC8017
*
* @deprecated
*/
PKCS1_RSA_PSS = 2,
/** @deprecated */
PKIX_RSA_PKCS1V5 = 3,
/** @deprecated */
PKIX_RSA_PSS = 4,
/** PKIX_RSA_PKCS1V15_2048_SHA256 - RSA public key in PKIX format, PKCS#1v1.5 signature */
PKIX_RSA_PKCS1V15_2048_SHA256 = 9,
PKIX_RSA_PKCS1V15_3072_SHA256 = 10,
PKIX_RSA_PKCS1V15_4096_SHA256 = 11,
/** PKIX_RSA_PSS_2048_SHA256 - RSA public key in PKIX format, RSASSA-PSS signature */
PKIX_RSA_PSS_2048_SHA256 = 16,
PKIX_RSA_PSS_3072_SHA256 = 17,
PKIX_RSA_PSS_4096_SHA256 = 18,
/**
* PKIX_ECDSA_P256_HMAC_SHA_256 - ECDSA
*
* @deprecated
*/
PKIX_ECDSA_P256_HMAC_SHA_256 = 6,
/** PKIX_ECDSA_P256_SHA_256 - See NIST FIPS 186-4 */
PKIX_ECDSA_P256_SHA_256 = 5,
PKIX_ECDSA_P384_SHA_384 = 12,
PKIX_ECDSA_P521_SHA_512 = 13,
/** PKIX_ED25519 - Ed 25519 */
PKIX_ED25519 = 7,
PKIX_ED25519_PH = 8,
/**
* PKIX_ECDSA_P384_SHA_256 - These algorithms are deprecated and should not be used, but they
* were/are being used by most Sigstore clients implementations.
*
* @deprecated
*/
PKIX_ECDSA_P384_SHA_256 = 19,
/** @deprecated */
PKIX_ECDSA_P521_SHA_256 = 20,
/**
* LMS_SHA256 - LMS and LM-OTS
*
* These algorithms are deprecated and should not be used.
* Keys and signatures MAY be used by private Sigstore
* deployments, but will not be supported by the public
* good instance.
*
* USER WARNING: LMS and LM-OTS are both stateful signature schemes.
* Using them correctly requires discretion and careful consideration
* to ensure that individual secret keys are not used more than once.
* In addition, LM-OTS is a single-use scheme, meaning that it
* MUST NOT be used for more than one signature per LM-OTS key.
* If you cannot maintain these invariants, you MUST NOT use these
* schemes.
*
* @deprecated
*/
LMS_SHA256 = 14,
/** @deprecated */
LMOTS_SHA256 = 15,
/**
* ML_DSA_65 - ML-DSA
*
* These ML_DSA_65 and ML-DSA_87 algorithms are the pure variants that
* take data to sign rather than the prehash variants (HashML-DSA), which
* take digests. While considered quantum-resistant, their usage
* involves tradeoffs in that signatures and keys are much larger, and
* this makes deployments more costly.
*
* USER WARNING: ML_DSA_65 and ML_DSA_87 are experimental algorithms.
* In the future they MAY be used by private Sigstore deployments, but
* they are not yet fully functional. This warning will be removed when
* these algorithms are widely supported by Sigstore clients and servers,
* but care should still be taken for production environments.
*/
ML_DSA_65 = 21,
ML_DSA_87 = 22
}
export declare function publicKeyDetailsFromJSON(object: any): PublicKeyDetails;
export declare function publicKeyDetailsToJSON(object: PublicKeyDetails): string;
export declare enum SubjectAlternativeNameType {
SUBJECT_ALTERNATIVE_NAME_TYPE_UNSPECIFIED = 0,
EMAIL = 1,
URI = 2,
/**
* OTHER_NAME - OID 1.3.6.1.4.1.57264.1.7
* See https://github.com/sigstore/fulcio/blob/main/docs/oid-info.md#1361415726417--othername-san
* for more details.
*/
OTHER_NAME = 3
}
export declare function subjectAlternativeNameTypeFromJSON(object: any): SubjectAlternativeNameType;
export declare function subjectAlternativeNameTypeToJSON(object: SubjectAlternativeNameType): string;
/**
* HashOutput captures a digest of a 'message' (generic octet sequence)
* and the corresponding hash algorithm used.
*/
export interface HashOutput {
algorithm: HashAlgorithm;
/**
* This is the raw octets of the message digest as computed by
* the hash algorithm.
*/
digest: Buffer;
}
/** MessageSignature stores the computed signature over a message. */
export interface MessageSignature {
/**
* Message digest can be used to identify the artifact.
* Clients MUST NOT attempt to use this digest to verify the associated
* signature; it is intended solely for identification.
*/
messageDigest: HashOutput | undefined;
/**
* The raw bytes as returned from the signature algorithm.
* The signature algorithm (and so the format of the signature bytes)
* are determined by the contents of the 'verification_material',
* either a key-pair or a certificate. If using a certificate, the
* certificate contains the required information on the signature
* algorithm.
* When using a key pair, the algorithm MUST be part of the public
* key, which MUST be communicated out-of-band.
*/
signature: Buffer;
}
/** LogId captures the identity of a transparency log. */
export interface LogId {
/** The unique identity of the log, represented by its public key. */
keyId: Buffer;
}
/** This message holds a RFC 3161 timestamp. */
export interface RFC3161SignedTimestamp {
/**
* Signed timestamp is the DER encoded TimeStampResponse.
* See https://www.rfc-editor.org/rfc/rfc3161.html#section-2.4.2
*/
signedTimestamp: Buffer;
}
export interface PublicKey {
/**
* DER-encoded public key, encoding method is specified by the
* key_details attribute.
*/
rawBytes?: Buffer | undefined;
/** Key encoding and signature algorithm to use for this key. */
keyDetails: PublicKeyDetails;
/** Optional validity period for this key, *inclusive* of the endpoints. */
validFor?: TimeRange | undefined;
}
/**
* PublicKeyIdentifier can be used to identify an (out of band) delivered
* key, to verify a signature.
*/
export interface PublicKeyIdentifier {
/**
* Optional unauthenticated hint on which key to use.
* The format of the hint must be agreed upon out of band by the
* signer and the verifiers, and so is not subject to this
* specification.
* Example use-case is to specify the public key to use, from a
* trusted key-ring.
* Implementors are RECOMMENDED to derive the value from the public
* key as described in RFC 6962.
* See: <https://www.rfc-editor.org/rfc/rfc6962#section-3.2>
*/
hint: string;
}
/** An ASN.1 OBJECT IDENTIFIER */
export interface ObjectIdentifier {
id: number[];
}
/** An OID and the corresponding (byte) value. */
export interface ObjectIdentifierValuePair {
oid: ObjectIdentifier | undefined;
value: Buffer;
}
export interface DistinguishedName {
organization: string;
commonName: string;
}
export interface X509Certificate {
/** DER-encoded X.509 certificate. */
rawBytes: Buffer;
}
export interface SubjectAlternativeName {
type: SubjectAlternativeNameType;
identity?: //
/**
* A regular expression describing the expected value for
* the SAN.
*/
{
$case: "regexp";
regexp: string;
} | //
/** The exact value to match against. */
{
$case: "value";
value: string;
} | undefined;
}
/**
* A collection of X.509 certificates.
*
* This "chain" can be used in multiple contexts, such as providing a root CA
* certificate within a TUF root of trust or multiple untrusted certificates for
* the purpose of chain building.
*/
export interface X509CertificateChain {
/**
* One or more DER-encoded certificates.
*
* In some contexts (such as `VerificationMaterial.x509_certificate_chain`), this sequence
* has an imposed order. Unless explicitly specified, there is otherwise no
* guaranteed order.
*/
certificates: X509Certificate[];
}
/**
* The time range is closed and includes both the start and end times,
* (i.e., [start, end]).
* End is optional to be able to capture a period that has started but
* has no known end.
*/
export interface TimeRange {
start: Date | undefined;
end?: Date | undefined;
}
export declare const HashOutput: MessageFns<HashOutput>;
export declare const MessageSignature: MessageFns<MessageSignature>;
export declare const LogId: MessageFns<LogId>;
export declare const RFC3161SignedTimestamp: MessageFns<RFC3161SignedTimestamp>;
export declare const PublicKey: MessageFns<PublicKey>;
export declare const PublicKeyIdentifier: MessageFns<PublicKeyIdentifier>;
export declare const ObjectIdentifier: MessageFns<ObjectIdentifier>;
export declare const ObjectIdentifierValuePair: MessageFns<ObjectIdentifierValuePair>;
export declare const DistinguishedName: MessageFns<DistinguishedName>;
export declare const X509Certificate: MessageFns<X509Certificate>;
export declare const SubjectAlternativeName: MessageFns<SubjectAlternativeName>;
export declare const X509CertificateChain: MessageFns<X509CertificateChain>;
export declare const TimeRange: MessageFns<TimeRange>;
interface MessageFns<T> {
fromJSON(object: any): T;
toJSON(message: T): unknown;
}
export {};

596
node_modules/@sigstore/protobuf-specs/dist/__generated__/sigstore_common.js generated vendored Normal file
View File

@@ -0,0 +1,596 @@
"use strict";
// Code generated by protoc-gen-ts_proto. DO NOT EDIT.
// versions:
// protoc-gen-ts_proto v2.7.0
// protoc v6.30.2
// source: sigstore_common.proto
Object.defineProperty(exports, "__esModule", { value: true });
exports.TimeRange = exports.X509CertificateChain = exports.SubjectAlternativeName = exports.X509Certificate = exports.DistinguishedName = exports.ObjectIdentifierValuePair = exports.ObjectIdentifier = exports.PublicKeyIdentifier = exports.PublicKey = exports.RFC3161SignedTimestamp = exports.LogId = exports.MessageSignature = exports.HashOutput = exports.SubjectAlternativeNameType = exports.PublicKeyDetails = exports.HashAlgorithm = void 0;
exports.hashAlgorithmFromJSON = hashAlgorithmFromJSON;
exports.hashAlgorithmToJSON = hashAlgorithmToJSON;
exports.publicKeyDetailsFromJSON = publicKeyDetailsFromJSON;
exports.publicKeyDetailsToJSON = publicKeyDetailsToJSON;
exports.subjectAlternativeNameTypeFromJSON = subjectAlternativeNameTypeFromJSON;
exports.subjectAlternativeNameTypeToJSON = subjectAlternativeNameTypeToJSON;
/* eslint-disable */
const timestamp_1 = require("./google/protobuf/timestamp");
/**
* Only a subset of the secure hash standard algorithms are supported.
* See <https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf> for more
* details.
* UNSPECIFIED SHOULD not be used, primary reason for inclusion is to force
* any proto JSON serialization to emit the used hash algorithm, as default
* option is to *omit* the default value of an enum (which is the first
* value, represented by '0'.
*/
var HashAlgorithm;
(function (HashAlgorithm) {
HashAlgorithm[HashAlgorithm["HASH_ALGORITHM_UNSPECIFIED"] = 0] = "HASH_ALGORITHM_UNSPECIFIED";
HashAlgorithm[HashAlgorithm["SHA2_256"] = 1] = "SHA2_256";
HashAlgorithm[HashAlgorithm["SHA2_384"] = 2] = "SHA2_384";
HashAlgorithm[HashAlgorithm["SHA2_512"] = 3] = "SHA2_512";
HashAlgorithm[HashAlgorithm["SHA3_256"] = 4] = "SHA3_256";
HashAlgorithm[HashAlgorithm["SHA3_384"] = 5] = "SHA3_384";
})(HashAlgorithm || (exports.HashAlgorithm = HashAlgorithm = {}));
function hashAlgorithmFromJSON(object) {
switch (object) {
case 0:
case "HASH_ALGORITHM_UNSPECIFIED":
return HashAlgorithm.HASH_ALGORITHM_UNSPECIFIED;
case 1:
case "SHA2_256":
return HashAlgorithm.SHA2_256;
case 2:
case "SHA2_384":
return HashAlgorithm.SHA2_384;
case 3:
case "SHA2_512":
return HashAlgorithm.SHA2_512;
case 4:
case "SHA3_256":
return HashAlgorithm.SHA3_256;
case 5:
case "SHA3_384":
return HashAlgorithm.SHA3_384;
default:
throw new globalThis.Error("Unrecognized enum value " + object + " for enum HashAlgorithm");
}
}
function hashAlgorithmToJSON(object) {
switch (object) {
case HashAlgorithm.HASH_ALGORITHM_UNSPECIFIED:
return "HASH_ALGORITHM_UNSPECIFIED";
case HashAlgorithm.SHA2_256:
return "SHA2_256";
case HashAlgorithm.SHA2_384:
return "SHA2_384";
case HashAlgorithm.SHA2_512:
return "SHA2_512";
case HashAlgorithm.SHA3_256:
return "SHA3_256";
case HashAlgorithm.SHA3_384:
return "SHA3_384";
default:
throw new globalThis.Error("Unrecognized enum value " + object + " for enum HashAlgorithm");
}
}
/**
* Details of a specific public key, capturing the the key encoding method,
* and signature algorithm.
*
* PublicKeyDetails captures the public key/hash algorithm combinations
* recommended in the Sigstore ecosystem.
*
* This is modelled as a linear set as we want to provide a small number of
* opinionated options instead of allowing every possible permutation.
*
* Any changes to this enum MUST be reflected in the algorithm registry.
*
* See: <https://github.com/sigstore/architecture-docs/blob/main/algorithm-registry.md>
*
* To avoid the possibility of contradicting formats such as PKCS1 with
* ED25519 the valid permutations are listed as a linear set instead of a
* cartesian set (i.e one combined variable instead of two, one for encoding
* and one for the signature algorithm).
*/
var PublicKeyDetails;
(function (PublicKeyDetails) {
PublicKeyDetails[PublicKeyDetails["PUBLIC_KEY_DETAILS_UNSPECIFIED"] = 0] = "PUBLIC_KEY_DETAILS_UNSPECIFIED";
/**
* PKCS1_RSA_PKCS1V5 - RSA
*
* @deprecated
*/
PublicKeyDetails[PublicKeyDetails["PKCS1_RSA_PKCS1V5"] = 1] = "PKCS1_RSA_PKCS1V5";
/**
* PKCS1_RSA_PSS - See RFC8017
*
* @deprecated
*/
PublicKeyDetails[PublicKeyDetails["PKCS1_RSA_PSS"] = 2] = "PKCS1_RSA_PSS";
/** @deprecated */
PublicKeyDetails[PublicKeyDetails["PKIX_RSA_PKCS1V5"] = 3] = "PKIX_RSA_PKCS1V5";
/** @deprecated */
PublicKeyDetails[PublicKeyDetails["PKIX_RSA_PSS"] = 4] = "PKIX_RSA_PSS";
/** PKIX_RSA_PKCS1V15_2048_SHA256 - RSA public key in PKIX format, PKCS#1v1.5 signature */
PublicKeyDetails[PublicKeyDetails["PKIX_RSA_PKCS1V15_2048_SHA256"] = 9] = "PKIX_RSA_PKCS1V15_2048_SHA256";
PublicKeyDetails[PublicKeyDetails["PKIX_RSA_PKCS1V15_3072_SHA256"] = 10] = "PKIX_RSA_PKCS1V15_3072_SHA256";
PublicKeyDetails[PublicKeyDetails["PKIX_RSA_PKCS1V15_4096_SHA256"] = 11] = "PKIX_RSA_PKCS1V15_4096_SHA256";
/** PKIX_RSA_PSS_2048_SHA256 - RSA public key in PKIX format, RSASSA-PSS signature */
PublicKeyDetails[PublicKeyDetails["PKIX_RSA_PSS_2048_SHA256"] = 16] = "PKIX_RSA_PSS_2048_SHA256";
PublicKeyDetails[PublicKeyDetails["PKIX_RSA_PSS_3072_SHA256"] = 17] = "PKIX_RSA_PSS_3072_SHA256";
PublicKeyDetails[PublicKeyDetails["PKIX_RSA_PSS_4096_SHA256"] = 18] = "PKIX_RSA_PSS_4096_SHA256";
/**
* PKIX_ECDSA_P256_HMAC_SHA_256 - ECDSA
*
* @deprecated
*/
PublicKeyDetails[PublicKeyDetails["PKIX_ECDSA_P256_HMAC_SHA_256"] = 6] = "PKIX_ECDSA_P256_HMAC_SHA_256";
/** PKIX_ECDSA_P256_SHA_256 - See NIST FIPS 186-4 */
PublicKeyDetails[PublicKeyDetails["PKIX_ECDSA_P256_SHA_256"] = 5] = "PKIX_ECDSA_P256_SHA_256";
PublicKeyDetails[PublicKeyDetails["PKIX_ECDSA_P384_SHA_384"] = 12] = "PKIX_ECDSA_P384_SHA_384";
PublicKeyDetails[PublicKeyDetails["PKIX_ECDSA_P521_SHA_512"] = 13] = "PKIX_ECDSA_P521_SHA_512";
/** PKIX_ED25519 - Ed 25519 */
PublicKeyDetails[PublicKeyDetails["PKIX_ED25519"] = 7] = "PKIX_ED25519";
PublicKeyDetails[PublicKeyDetails["PKIX_ED25519_PH"] = 8] = "PKIX_ED25519_PH";
/**
* PKIX_ECDSA_P384_SHA_256 - These algorithms are deprecated and should not be used, but they
* were/are being used by most Sigstore clients implementations.
*
* @deprecated
*/
PublicKeyDetails[PublicKeyDetails["PKIX_ECDSA_P384_SHA_256"] = 19] = "PKIX_ECDSA_P384_SHA_256";
/** @deprecated */
PublicKeyDetails[PublicKeyDetails["PKIX_ECDSA_P521_SHA_256"] = 20] = "PKIX_ECDSA_P521_SHA_256";
/**
* LMS_SHA256 - LMS and LM-OTS
*
* These algorithms are deprecated and should not be used.
* Keys and signatures MAY be used by private Sigstore
* deployments, but will not be supported by the public
* good instance.
*
* USER WARNING: LMS and LM-OTS are both stateful signature schemes.
* Using them correctly requires discretion and careful consideration
* to ensure that individual secret keys are not used more than once.
* In addition, LM-OTS is a single-use scheme, meaning that it
* MUST NOT be used for more than one signature per LM-OTS key.
* If you cannot maintain these invariants, you MUST NOT use these
* schemes.
*
* @deprecated
*/
PublicKeyDetails[PublicKeyDetails["LMS_SHA256"] = 14] = "LMS_SHA256";
/** @deprecated */
PublicKeyDetails[PublicKeyDetails["LMOTS_SHA256"] = 15] = "LMOTS_SHA256";
/**
* ML_DSA_65 - ML-DSA
*
* These ML_DSA_65 and ML-DSA_87 algorithms are the pure variants that
* take data to sign rather than the prehash variants (HashML-DSA), which
* take digests. While considered quantum-resistant, their usage
* involves tradeoffs in that signatures and keys are much larger, and
* this makes deployments more costly.
*
* USER WARNING: ML_DSA_65 and ML_DSA_87 are experimental algorithms.
* In the future they MAY be used by private Sigstore deployments, but
* they are not yet fully functional. This warning will be removed when
* these algorithms are widely supported by Sigstore clients and servers,
* but care should still be taken for production environments.
*/
PublicKeyDetails[PublicKeyDetails["ML_DSA_65"] = 21] = "ML_DSA_65";
PublicKeyDetails[PublicKeyDetails["ML_DSA_87"] = 22] = "ML_DSA_87";
})(PublicKeyDetails || (exports.PublicKeyDetails = PublicKeyDetails = {}));
function publicKeyDetailsFromJSON(object) {
switch (object) {
case 0:
case "PUBLIC_KEY_DETAILS_UNSPECIFIED":
return PublicKeyDetails.PUBLIC_KEY_DETAILS_UNSPECIFIED;
case 1:
case "PKCS1_RSA_PKCS1V5":
return PublicKeyDetails.PKCS1_RSA_PKCS1V5;
case 2:
case "PKCS1_RSA_PSS":
return PublicKeyDetails.PKCS1_RSA_PSS;
case 3:
case "PKIX_RSA_PKCS1V5":
return PublicKeyDetails.PKIX_RSA_PKCS1V5;
case 4:
case "PKIX_RSA_PSS":
return PublicKeyDetails.PKIX_RSA_PSS;
case 9:
case "PKIX_RSA_PKCS1V15_2048_SHA256":
return PublicKeyDetails.PKIX_RSA_PKCS1V15_2048_SHA256;
case 10:
case "PKIX_RSA_PKCS1V15_3072_SHA256":
return PublicKeyDetails.PKIX_RSA_PKCS1V15_3072_SHA256;
case 11:
case "PKIX_RSA_PKCS1V15_4096_SHA256":
return PublicKeyDetails.PKIX_RSA_PKCS1V15_4096_SHA256;
case 16:
case "PKIX_RSA_PSS_2048_SHA256":
return PublicKeyDetails.PKIX_RSA_PSS_2048_SHA256;
case 17:
case "PKIX_RSA_PSS_3072_SHA256":
return PublicKeyDetails.PKIX_RSA_PSS_3072_SHA256;
case 18:
case "PKIX_RSA_PSS_4096_SHA256":
return PublicKeyDetails.PKIX_RSA_PSS_4096_SHA256;
case 6:
case "PKIX_ECDSA_P256_HMAC_SHA_256":
return PublicKeyDetails.PKIX_ECDSA_P256_HMAC_SHA_256;
case 5:
case "PKIX_ECDSA_P256_SHA_256":
return PublicKeyDetails.PKIX_ECDSA_P256_SHA_256;
case 12:
case "PKIX_ECDSA_P384_SHA_384":
return PublicKeyDetails.PKIX_ECDSA_P384_SHA_384;
case 13:
case "PKIX_ECDSA_P521_SHA_512":
return PublicKeyDetails.PKIX_ECDSA_P521_SHA_512;
case 7:
case "PKIX_ED25519":
return PublicKeyDetails.PKIX_ED25519;
case 8:
case "PKIX_ED25519_PH":
return PublicKeyDetails.PKIX_ED25519_PH;
case 19:
case "PKIX_ECDSA_P384_SHA_256":
return PublicKeyDetails.PKIX_ECDSA_P384_SHA_256;
case 20:
case "PKIX_ECDSA_P521_SHA_256":
return PublicKeyDetails.PKIX_ECDSA_P521_SHA_256;
case 14:
case "LMS_SHA256":
return PublicKeyDetails.LMS_SHA256;
case 15:
case "LMOTS_SHA256":
return PublicKeyDetails.LMOTS_SHA256;
case 21:
case "ML_DSA_65":
return PublicKeyDetails.ML_DSA_65;
case 22:
case "ML_DSA_87":
return PublicKeyDetails.ML_DSA_87;
default:
throw new globalThis.Error("Unrecognized enum value " + object + " for enum PublicKeyDetails");
}
}
function publicKeyDetailsToJSON(object) {
switch (object) {
case PublicKeyDetails.PUBLIC_KEY_DETAILS_UNSPECIFIED:
return "PUBLIC_KEY_DETAILS_UNSPECIFIED";
case PublicKeyDetails.PKCS1_RSA_PKCS1V5:
return "PKCS1_RSA_PKCS1V5";
case PublicKeyDetails.PKCS1_RSA_PSS:
return "PKCS1_RSA_PSS";
case PublicKeyDetails.PKIX_RSA_PKCS1V5:
return "PKIX_RSA_PKCS1V5";
case PublicKeyDetails.PKIX_RSA_PSS:
return "PKIX_RSA_PSS";
case PublicKeyDetails.PKIX_RSA_PKCS1V15_2048_SHA256:
return "PKIX_RSA_PKCS1V15_2048_SHA256";
case PublicKeyDetails.PKIX_RSA_PKCS1V15_3072_SHA256:
return "PKIX_RSA_PKCS1V15_3072_SHA256";
case PublicKeyDetails.PKIX_RSA_PKCS1V15_4096_SHA256:
return "PKIX_RSA_PKCS1V15_4096_SHA256";
case PublicKeyDetails.PKIX_RSA_PSS_2048_SHA256:
return "PKIX_RSA_PSS_2048_SHA256";
case PublicKeyDetails.PKIX_RSA_PSS_3072_SHA256:
return "PKIX_RSA_PSS_3072_SHA256";
case PublicKeyDetails.PKIX_RSA_PSS_4096_SHA256:
return "PKIX_RSA_PSS_4096_SHA256";
case PublicKeyDetails.PKIX_ECDSA_P256_HMAC_SHA_256:
return "PKIX_ECDSA_P256_HMAC_SHA_256";
case PublicKeyDetails.PKIX_ECDSA_P256_SHA_256:
return "PKIX_ECDSA_P256_SHA_256";
case PublicKeyDetails.PKIX_ECDSA_P384_SHA_384:
return "PKIX_ECDSA_P384_SHA_384";
case PublicKeyDetails.PKIX_ECDSA_P521_SHA_512:
return "PKIX_ECDSA_P521_SHA_512";
case PublicKeyDetails.PKIX_ED25519:
return "PKIX_ED25519";
case PublicKeyDetails.PKIX_ED25519_PH:
return "PKIX_ED25519_PH";
case PublicKeyDetails.PKIX_ECDSA_P384_SHA_256:
return "PKIX_ECDSA_P384_SHA_256";
case PublicKeyDetails.PKIX_ECDSA_P521_SHA_256:
return "PKIX_ECDSA_P521_SHA_256";
case PublicKeyDetails.LMS_SHA256:
return "LMS_SHA256";
case PublicKeyDetails.LMOTS_SHA256:
return "LMOTS_SHA256";
case PublicKeyDetails.ML_DSA_65:
return "ML_DSA_65";
case PublicKeyDetails.ML_DSA_87:
return "ML_DSA_87";
default:
throw new globalThis.Error("Unrecognized enum value " + object + " for enum PublicKeyDetails");
}
}
var SubjectAlternativeNameType;
(function (SubjectAlternativeNameType) {
SubjectAlternativeNameType[SubjectAlternativeNameType["SUBJECT_ALTERNATIVE_NAME_TYPE_UNSPECIFIED"] = 0] = "SUBJECT_ALTERNATIVE_NAME_TYPE_UNSPECIFIED";
SubjectAlternativeNameType[SubjectAlternativeNameType["EMAIL"] = 1] = "EMAIL";
SubjectAlternativeNameType[SubjectAlternativeNameType["URI"] = 2] = "URI";
/**
* OTHER_NAME - OID 1.3.6.1.4.1.57264.1.7
* See https://github.com/sigstore/fulcio/blob/main/docs/oid-info.md#1361415726417--othername-san
* for more details.
*/
SubjectAlternativeNameType[SubjectAlternativeNameType["OTHER_NAME"] = 3] = "OTHER_NAME";
})(SubjectAlternativeNameType || (exports.SubjectAlternativeNameType = SubjectAlternativeNameType = {}));
function subjectAlternativeNameTypeFromJSON(object) {
switch (object) {
case 0:
case "SUBJECT_ALTERNATIVE_NAME_TYPE_UNSPECIFIED":
return SubjectAlternativeNameType.SUBJECT_ALTERNATIVE_NAME_TYPE_UNSPECIFIED;
case 1:
case "EMAIL":
return SubjectAlternativeNameType.EMAIL;
case 2:
case "URI":
return SubjectAlternativeNameType.URI;
case 3:
case "OTHER_NAME":
return SubjectAlternativeNameType.OTHER_NAME;
default:
throw new globalThis.Error("Unrecognized enum value " + object + " for enum SubjectAlternativeNameType");
}
}
function subjectAlternativeNameTypeToJSON(object) {
switch (object) {
case SubjectAlternativeNameType.SUBJECT_ALTERNATIVE_NAME_TYPE_UNSPECIFIED:
return "SUBJECT_ALTERNATIVE_NAME_TYPE_UNSPECIFIED";
case SubjectAlternativeNameType.EMAIL:
return "EMAIL";
case SubjectAlternativeNameType.URI:
return "URI";
case SubjectAlternativeNameType.OTHER_NAME:
return "OTHER_NAME";
default:
throw new globalThis.Error("Unrecognized enum value " + object + " for enum SubjectAlternativeNameType");
}
}
exports.HashOutput = {
fromJSON(object) {
return {
algorithm: isSet(object.algorithm) ? hashAlgorithmFromJSON(object.algorithm) : 0,
digest: isSet(object.digest) ? Buffer.from(bytesFromBase64(object.digest)) : Buffer.alloc(0),
};
},
toJSON(message) {
const obj = {};
if (message.algorithm !== 0) {
obj.algorithm = hashAlgorithmToJSON(message.algorithm);
}
if (message.digest.length !== 0) {
obj.digest = base64FromBytes(message.digest);
}
return obj;
},
};
exports.MessageSignature = {
fromJSON(object) {
return {
messageDigest: isSet(object.messageDigest) ? exports.HashOutput.fromJSON(object.messageDigest) : undefined,
signature: isSet(object.signature) ? Buffer.from(bytesFromBase64(object.signature)) : Buffer.alloc(0),
};
},
toJSON(message) {
const obj = {};
if (message.messageDigest !== undefined) {
obj.messageDigest = exports.HashOutput.toJSON(message.messageDigest);
}
if (message.signature.length !== 0) {
obj.signature = base64FromBytes(message.signature);
}
return obj;
},
};
exports.LogId = {
fromJSON(object) {
return { keyId: isSet(object.keyId) ? Buffer.from(bytesFromBase64(object.keyId)) : Buffer.alloc(0) };
},
toJSON(message) {
const obj = {};
if (message.keyId.length !== 0) {
obj.keyId = base64FromBytes(message.keyId);
}
return obj;
},
};
exports.RFC3161SignedTimestamp = {
fromJSON(object) {
return {
signedTimestamp: isSet(object.signedTimestamp)
? Buffer.from(bytesFromBase64(object.signedTimestamp))
: Buffer.alloc(0),
};
},
toJSON(message) {
const obj = {};
if (message.signedTimestamp.length !== 0) {
obj.signedTimestamp = base64FromBytes(message.signedTimestamp);
}
return obj;
},
};
exports.PublicKey = {
fromJSON(object) {
return {
rawBytes: isSet(object.rawBytes) ? Buffer.from(bytesFromBase64(object.rawBytes)) : undefined,
keyDetails: isSet(object.keyDetails) ? publicKeyDetailsFromJSON(object.keyDetails) : 0,
validFor: isSet(object.validFor) ? exports.TimeRange.fromJSON(object.validFor) : undefined,
};
},
toJSON(message) {
const obj = {};
if (message.rawBytes !== undefined) {
obj.rawBytes = base64FromBytes(message.rawBytes);
}
if (message.keyDetails !== 0) {
obj.keyDetails = publicKeyDetailsToJSON(message.keyDetails);
}
if (message.validFor !== undefined) {
obj.validFor = exports.TimeRange.toJSON(message.validFor);
}
return obj;
},
};
exports.PublicKeyIdentifier = {
fromJSON(object) {
return { hint: isSet(object.hint) ? globalThis.String(object.hint) : "" };
},
toJSON(message) {
const obj = {};
if (message.hint !== "") {
obj.hint = message.hint;
}
return obj;
},
};
exports.ObjectIdentifier = {
fromJSON(object) {
return { id: globalThis.Array.isArray(object?.id) ? object.id.map((e) => globalThis.Number(e)) : [] };
},
toJSON(message) {
const obj = {};
if (message.id?.length) {
obj.id = message.id.map((e) => Math.round(e));
}
return obj;
},
};
exports.ObjectIdentifierValuePair = {
fromJSON(object) {
return {
oid: isSet(object.oid) ? exports.ObjectIdentifier.fromJSON(object.oid) : undefined,
value: isSet(object.value) ? Buffer.from(bytesFromBase64(object.value)) : Buffer.alloc(0),
};
},
toJSON(message) {
const obj = {};
if (message.oid !== undefined) {
obj.oid = exports.ObjectIdentifier.toJSON(message.oid);
}
if (message.value.length !== 0) {
obj.value = base64FromBytes(message.value);
}
return obj;
},
};
exports.DistinguishedName = {
fromJSON(object) {
return {
organization: isSet(object.organization) ? globalThis.String(object.organization) : "",
commonName: isSet(object.commonName) ? globalThis.String(object.commonName) : "",
};
},
toJSON(message) {
const obj = {};
if (message.organization !== "") {
obj.organization = message.organization;
}
if (message.commonName !== "") {
obj.commonName = message.commonName;
}
return obj;
},
};
exports.X509Certificate = {
fromJSON(object) {
return { rawBytes: isSet(object.rawBytes) ? Buffer.from(bytesFromBase64(object.rawBytes)) : Buffer.alloc(0) };
},
toJSON(message) {
const obj = {};
if (message.rawBytes.length !== 0) {
obj.rawBytes = base64FromBytes(message.rawBytes);
}
return obj;
},
};
exports.SubjectAlternativeName = {
fromJSON(object) {
return {
type: isSet(object.type) ? subjectAlternativeNameTypeFromJSON(object.type) : 0,
identity: isSet(object.regexp)
? { $case: "regexp", regexp: globalThis.String(object.regexp) }
: isSet(object.value)
? { $case: "value", value: globalThis.String(object.value) }
: undefined,
};
},
toJSON(message) {
const obj = {};
if (message.type !== 0) {
obj.type = subjectAlternativeNameTypeToJSON(message.type);
}
if (message.identity?.$case === "regexp") {
obj.regexp = message.identity.regexp;
}
else if (message.identity?.$case === "value") {
obj.value = message.identity.value;
}
return obj;
},
};
exports.X509CertificateChain = {
fromJSON(object) {
return {
certificates: globalThis.Array.isArray(object?.certificates)
? object.certificates.map((e) => exports.X509Certificate.fromJSON(e))
: [],
};
},
toJSON(message) {
const obj = {};
if (message.certificates?.length) {
obj.certificates = message.certificates.map((e) => exports.X509Certificate.toJSON(e));
}
return obj;
},
};
exports.TimeRange = {
fromJSON(object) {
return {
start: isSet(object.start) ? fromJsonTimestamp(object.start) : undefined,
end: isSet(object.end) ? fromJsonTimestamp(object.end) : undefined,
};
},
toJSON(message) {
const obj = {};
if (message.start !== undefined) {
obj.start = message.start.toISOString();
}
if (message.end !== undefined) {
obj.end = message.end.toISOString();
}
return obj;
},
};
function bytesFromBase64(b64) {
return Uint8Array.from(globalThis.Buffer.from(b64, "base64"));
}
function base64FromBytes(arr) {
return globalThis.Buffer.from(arr).toString("base64");
}
function fromTimestamp(t) {
let millis = (globalThis.Number(t.seconds) || 0) * 1_000;
millis += (t.nanos || 0) / 1_000_000;
return new globalThis.Date(millis);
}
function fromJsonTimestamp(o) {
if (o instanceof globalThis.Date) {
return o;
}
else if (typeof o === "string") {
return new globalThis.Date(o);
}
else {
return fromTimestamp(timestamp_1.Timestamp.fromJSON(o));
}
}
function isSet(value) {
return value !== null && value !== undefined;
}

144
node_modules/@sigstore/protobuf-specs/dist/__generated__/sigstore_rekor.d.ts generated vendored Normal file
View File

@@ -0,0 +1,144 @@
import { LogId } from "./sigstore_common";
/** KindVersion contains the entry's kind and api version. */
export interface KindVersion {
/**
* Kind is the type of entry being stored in the log.
* See here for a list: https://github.com/sigstore/rekor/tree/main/pkg/types
*/
kind: string;
/** The specific api version of the type. */
version: string;
}
/**
* The checkpoint MUST contain an origin string as a unique log identifier,
* the tree size, and the root hash. It MAY also be followed by optional data,
* and clients MUST NOT assume optional data. The checkpoint MUST also contain
* a signature over the root hash (tree head). The checkpoint MAY contain additional
* signatures, but the first SHOULD be the signature from the log. Checkpoint contents
* are concatenated with newlines into a single string.
* The checkpoint format is described in
* https://github.com/transparency-dev/formats/blob/main/log/README.md
* and https://github.com/C2SP/C2SP/blob/main/tlog-checkpoint.md.
* An example implementation can be found in https://github.com/sigstore/rekor/blob/main/pkg/util/signed_note.go
*/
export interface Checkpoint {
envelope: string;
}
/**
* InclusionProof is the proof returned from the transparency log. Can
* be used for offline or online verification against the log.
*/
export interface InclusionProof {
/** The index of the entry in the tree it was written to. */
logIndex: string;
/**
* The hash digest stored at the root of the merkle tree at the time
* the proof was generated.
*/
rootHash: Buffer;
/** The size of the merkle tree at the time the proof was generated. */
treeSize: string;
/**
* A list of hashes required to compute the inclusion proof, sorted
* in order from leaf to root.
* Note that leaf and root hashes are not included.
* The root hash is available separately in this message, and the
* leaf hash should be calculated by the client.
*/
hashes: Buffer[];
/**
* Signature of the tree head, as of the time of this proof was
* generated. See above info on 'Checkpoint' for more details.
*/
checkpoint: Checkpoint | undefined;
}
/**
* The inclusion promise is calculated by Rekor. It's calculated as a
* signature over a canonical JSON serialization of the persisted entry, the
* log ID, log index and the integration timestamp.
* See https://github.com/sigstore/rekor/blob/a6e58f72b6b18cc06cefe61808efd562b9726330/pkg/api/entries.go#L54
* The format of the signature depends on the transparency log's public key.
* If the signature algorithm requires a hash function and/or a signature
* scheme (e.g. RSA) those has to be retrieved out-of-band from the log's
* operators, together with the public key.
* This is used to verify the integration timestamp's value and that the log
* has promised to include the entry.
*/
export interface InclusionPromise {
signedEntryTimestamp: Buffer;
}
/**
* TransparencyLogEntry captures all the details required from Rekor to
* reconstruct an entry, given that the payload is provided via other means.
* This type can easily be created from the existing response from Rekor.
* Future iterations could rely on Rekor returning the minimal set of
* attributes (excluding the payload) that are required for verifying the
* inclusion promise. The inclusion promise (called SignedEntryTimestamp in
* the response from Rekor) is similar to a Signed Certificate Timestamp
* as described here https://www.rfc-editor.org/rfc/rfc6962.html#section-3.2.
*/
export interface TransparencyLogEntry {
/** The global index of the entry, used when querying the log by index. */
logIndex: string;
/** The unique identifier of the log. */
logId: LogId | undefined;
/**
* The kind (type) and version of the object associated with this
* entry. These values are required to construct the entry during
* verification.
*/
kindVersion: KindVersion | undefined;
/**
* The UNIX timestamp from the log when the entry was persisted.
* The integration time MUST NOT be trusted if inclusion_promise
* is omitted.
*/
integratedTime: string;
/**
* The inclusion promise/signed entry timestamp from the log.
* Required for v0.1 bundles, and MUST be verified.
* Optional for >= v0.2 bundles if another suitable source of
* time is present (such as another source of signed time,
* or the current system time for long-lived certificates).
* MUST be verified if no other suitable source of time is present,
* and SHOULD be verified otherwise.
*/
inclusionPromise: InclusionPromise | undefined;
/**
* The inclusion proof can be used for offline or online verification
* that the entry was appended to the log, and that the log has not been
* altered.
*/
inclusionProof: InclusionProof | undefined;
/**
* Optional. The canonicalized transparency log entry, used to
* reconstruct the Signed Entry Timestamp (SET) during verification.
* The contents of this field are the same as the `body` field in
* a Rekor response, meaning that it does **not** include the "full"
* canonicalized form (of log index, ID, etc.) which are
* exposed as separate fields. The verifier is responsible for
* combining the `canonicalized_body`, `log_index`, `log_id`,
* and `integrated_time` into the payload that the SET's signature
* is generated over.
* This field is intended to be used in cases where the SET cannot be
* produced determinisitically (e.g. inconsistent JSON field ordering,
* differing whitespace, etc).
*
* If set, clients MUST verify that the signature referenced in the
* `canonicalized_body` matches the signature provided in the
* `Bundle.content`.
* If not set, clients are responsible for constructing an equivalent
* payload from other sources to verify the signature.
*/
canonicalizedBody: Buffer;
}
export declare const KindVersion: MessageFns<KindVersion>;
export declare const Checkpoint: MessageFns<Checkpoint>;
export declare const InclusionProof: MessageFns<InclusionProof>;
export declare const InclusionPromise: MessageFns<InclusionPromise>;
export declare const TransparencyLogEntry: MessageFns<TransparencyLogEntry>;
interface MessageFns<T> {
fromJSON(object: any): T;
toJSON(message: T): unknown;
}
export {};

137
node_modules/@sigstore/protobuf-specs/dist/__generated__/sigstore_rekor.js generated vendored Normal file
View File

@@ -0,0 +1,137 @@
"use strict";
// Code generated by protoc-gen-ts_proto. DO NOT EDIT.
// versions:
// protoc-gen-ts_proto v2.7.0
// protoc v6.30.2
// source: sigstore_rekor.proto
Object.defineProperty(exports, "__esModule", { value: true });
exports.TransparencyLogEntry = exports.InclusionPromise = exports.InclusionProof = exports.Checkpoint = exports.KindVersion = void 0;
/* eslint-disable */
const sigstore_common_1 = require("./sigstore_common");
exports.KindVersion = {
fromJSON(object) {
return {
kind: isSet(object.kind) ? globalThis.String(object.kind) : "",
version: isSet(object.version) ? globalThis.String(object.version) : "",
};
},
toJSON(message) {
const obj = {};
if (message.kind !== "") {
obj.kind = message.kind;
}
if (message.version !== "") {
obj.version = message.version;
}
return obj;
},
};
exports.Checkpoint = {
fromJSON(object) {
return { envelope: isSet(object.envelope) ? globalThis.String(object.envelope) : "" };
},
toJSON(message) {
const obj = {};
if (message.envelope !== "") {
obj.envelope = message.envelope;
}
return obj;
},
};
exports.InclusionProof = {
fromJSON(object) {
return {
logIndex: isSet(object.logIndex) ? globalThis.String(object.logIndex) : "0",
rootHash: isSet(object.rootHash) ? Buffer.from(bytesFromBase64(object.rootHash)) : Buffer.alloc(0),
treeSize: isSet(object.treeSize) ? globalThis.String(object.treeSize) : "0",
hashes: globalThis.Array.isArray(object?.hashes)
? object.hashes.map((e) => Buffer.from(bytesFromBase64(e)))
: [],
checkpoint: isSet(object.checkpoint) ? exports.Checkpoint.fromJSON(object.checkpoint) : undefined,
};
},
toJSON(message) {
const obj = {};
if (message.logIndex !== "0") {
obj.logIndex = message.logIndex;
}
if (message.rootHash.length !== 0) {
obj.rootHash = base64FromBytes(message.rootHash);
}
if (message.treeSize !== "0") {
obj.treeSize = message.treeSize;
}
if (message.hashes?.length) {
obj.hashes = message.hashes.map((e) => base64FromBytes(e));
}
if (message.checkpoint !== undefined) {
obj.checkpoint = exports.Checkpoint.toJSON(message.checkpoint);
}
return obj;
},
};
exports.InclusionPromise = {
fromJSON(object) {
return {
signedEntryTimestamp: isSet(object.signedEntryTimestamp)
? Buffer.from(bytesFromBase64(object.signedEntryTimestamp))
: Buffer.alloc(0),
};
},
toJSON(message) {
const obj = {};
if (message.signedEntryTimestamp.length !== 0) {
obj.signedEntryTimestamp = base64FromBytes(message.signedEntryTimestamp);
}
return obj;
},
};
exports.TransparencyLogEntry = {
fromJSON(object) {
return {
logIndex: isSet(object.logIndex) ? globalThis.String(object.logIndex) : "0",
logId: isSet(object.logId) ? sigstore_common_1.LogId.fromJSON(object.logId) : undefined,
kindVersion: isSet(object.kindVersion) ? exports.KindVersion.fromJSON(object.kindVersion) : undefined,
integratedTime: isSet(object.integratedTime) ? globalThis.String(object.integratedTime) : "0",
inclusionPromise: isSet(object.inclusionPromise) ? exports.InclusionPromise.fromJSON(object.inclusionPromise) : undefined,
inclusionProof: isSet(object.inclusionProof) ? exports.InclusionProof.fromJSON(object.inclusionProof) : undefined,
canonicalizedBody: isSet(object.canonicalizedBody)
? Buffer.from(bytesFromBase64(object.canonicalizedBody))
: Buffer.alloc(0),
};
},
toJSON(message) {
const obj = {};
if (message.logIndex !== "0") {
obj.logIndex = message.logIndex;
}
if (message.logId !== undefined) {
obj.logId = sigstore_common_1.LogId.toJSON(message.logId);
}
if (message.kindVersion !== undefined) {
obj.kindVersion = exports.KindVersion.toJSON(message.kindVersion);
}
if (message.integratedTime !== "0") {
obj.integratedTime = message.integratedTime;
}
if (message.inclusionPromise !== undefined) {
obj.inclusionPromise = exports.InclusionPromise.toJSON(message.inclusionPromise);
}
if (message.inclusionProof !== undefined) {
obj.inclusionProof = exports.InclusionProof.toJSON(message.inclusionProof);
}
if (message.canonicalizedBody.length !== 0) {
obj.canonicalizedBody = base64FromBytes(message.canonicalizedBody);
}
return obj;
},
};
function bytesFromBase64(b64) {
return Uint8Array.from(globalThis.Buffer.from(b64, "base64"));
}
function base64FromBytes(arr) {
return globalThis.Buffer.from(arr).toString("base64");
}
function isSet(value) {
return value !== null && value !== undefined;
}

383
node_modules/@sigstore/protobuf-specs/dist/__generated__/sigstore_trustroot.d.ts generated vendored Normal file
View File

@@ -0,0 +1,383 @@
import { DistinguishedName, HashAlgorithm, LogId, PublicKey, TimeRange, X509CertificateChain } from "./sigstore_common";
/**
* ServiceSelector specifies how a client SHOULD select a set of
* Services to connect to. A client SHOULD throw an error if
* the value is SERVICE_SELECTOR_UNDEFINED.
*/
export declare enum ServiceSelector {
SERVICE_SELECTOR_UNDEFINED = 0,
/**
* ALL - Clients SHOULD select all Services based on supported API version
* and validity window.
*/
ALL = 1,
/**
* ANY - Clients SHOULD select one Service based on supported API version
* and validity window. It is up to the client implementation to
* decide how to select the Service, e.g. random or round-robin.
*/
ANY = 2,
/**
* EXACT - Clients SHOULD select a specific number of Services based on
* supported API version and validity window, using the provided
* `count`. It is up to the client implementation to decide how to
* select the Service, e.g. random or round-robin.
*/
EXACT = 3
}
export declare function serviceSelectorFromJSON(object: any): ServiceSelector;
export declare function serviceSelectorToJSON(object: ServiceSelector): string;
/**
* TransparencyLogInstance describes the immutable parameters from a
* transparency log.
* See https://www.rfc-editor.org/rfc/rfc9162.html#name-log-parameters
* for more details.
* The included parameters are the minimal set required to identify a log,
* and verify an inclusion proof/promise.
*/
export interface TransparencyLogInstance {
/**
* The base URL at which can be used to URLs for the client.
* SHOULD match the origin on the log checkpoint:
* https://github.com/C2SP/C2SP/blob/main/tlog-checkpoint.md#note-text.
*/
baseUrl: string;
/** The hash algorithm used for the Merkle Tree. */
hashAlgorithm: HashAlgorithm;
/**
* The public key used to verify signatures generated by the log.
* This attribute contains the signature algorithm used by the log.
*/
publicKey: PublicKey | undefined;
/**
* The unique identifier for this transparency log.
* Represented as the SHA-256 hash of the log's public key,
* calculated over the DER encoding of the key represented as
* SubjectPublicKeyInfo.
* See https://www.rfc-editor.org/rfc/rfc6962#section-3.2
* MUST set checkpoint_key_id if multiple logs use the same
* signing key.
* Deprecated: Use checkpoint_key_id instead, since log_id is not
* guaranteed to be unique across multiple deployments. Clients
* must use the key name and key ID from a checkpoint to determine
* the correct TransparencyLogInstance to verify a proof.
*
* @deprecated
*/
logId: LogId | undefined;
/**
* The unique identifier for the log, used in the checkpoint.
* Its calculation is described in
* https://github.com/C2SP/C2SP/blob/main/signed-note.md#signatures
* SHOULD be set for all logs. When not set, clients MUST use log_id.
*
* For Ed25519 signatures, the key ID is computed per the C2SP spec:
* key ID = SHA-256(key name || 0x0A || 0x01 || 32-byte Ed25519 public key)[:4]
* For ECDSA signatures, the key ID is computed per the C2SP spec:
* key ID = SHA-256(PKIX ASN.1 DER-encoded public key, in SubjectPublicKeyInfo format)[:4]
* For RSA signatures, the signature type will be 0xff with an appended identifier for the format,
* "PKIX-RSA-PKCS#1v1.5":
* key ID = SHA-256(key name || 0x0A || 0xff || PKIX-RSA-PKCS#1v1.5 || PKIX ASN.1 DER-encoded public key)[:4]
*
* This is provided for convenience. Clients can also calculate the
* checkpoint key ID given the log's public key.
* SHOULD be 4 bytes long, as a truncated hash.
*
* To find a matching TransparencyLogInstance in the TrustedRoot,
* clients will parse the checkpoint, and for each signature line,
* use the key name (i.e. log origin, base_url from TrustedRoot)
* and checkpoint key ID (i.e. checkpoint_key_id from TrustedRoot)
* which can then be compared against the TrustedRoot log instances.
*/
checkpointKeyId: LogId | undefined;
/**
* The name of the operator of this log deployment. Operator MUST be
* formatted as a scheme-less URI, e.g. sigstore.dev
* This MUST be used when there are multiple transparency log instances
* to determine if log proof verification meets a specified threshold,
* e.g. two proofs from log deployments operated by the same operator
* should count as only one valid proof.
*/
operator: string;
}
/**
* CertificateAuthority enlists the information required to identify which
* CA to use and perform signature verification.
*/
export interface CertificateAuthority {
/**
* The root certificate MUST be self-signed, and so the subject and
* issuer are the same.
*/
subject: DistinguishedName | undefined;
/**
* The URI identifies the certificate authority.
*
* It is RECOMMENDED that the URI is the base URL for the certificate
* authority, that can be provided to any SDK/client provided
* by the certificate authority to interact with the certificate
* authority.
*/
uri: string;
/**
* The certificate chain for this CA. The last certificate in the chain
* MUST be the trust anchor. The trust anchor MAY be a self-signed root
* CA certificate or MAY be an intermediate CA certificate.
*/
certChain: X509CertificateChain | undefined;
/**
* The time the *entire* chain was valid. This is at max the
* longest interval when *all* certificates in the chain were valid,
* but it MAY be shorter. Clients MUST check timestamps against *both*
* the `valid_for` time range *and* the entire certificate chain.
*
* The TimeRange should be considered valid *inclusive* of the
* endpoints.
*/
validFor: TimeRange | undefined;
/**
* The name of the operator of this certificate or timestamp authority.
* Operator MUST be formatted as a scheme-less URI, e.g. sigstore.dev
* This MUST be used when there are multiple timestamp authorities to
* determine if the signed timestamp verification meets a specified
* threshold, e.g. two signed timestamps from timestamp authorities
* operated by the same operator should count as only one valid
* timestamp.
*/
operator: string;
}
/**
* TrustedRoot describes the client's complete set of trusted entities.
* How the TrustedRoot is populated is not specified, but can be a
* combination of many sources such as TUF repositories, files on disk etc.
*
* The TrustedRoot is not meant to be used for any artifact verification, only
* to capture the complete/global set of trusted verification materials.
* When verifying an artifact, based on the artifact and policies, a selection
* of keys/authorities are expected to be extracted and provided to the
* verification function. This way the set of keys/authorities can be kept to
* a minimal set by the policy to gain better control over what signatures
* that are allowed.
*
* The embedded transparency logs, CT logs, CAs and TSAs MUST include any
* previously used instance -- otherwise signatures made in the past cannot
* be verified.
*
* All the listed instances SHOULD be sorted by the 'valid_for' in ascending
* order, that is, the oldest instance first. Only the last instance is
* allowed to have their 'end' timestamp unset. All previous instances MUST
* have a closed interval of validity. The last instance MAY have a closed
* interval. Clients MUST accept instances that overlaps in time, if not
* clients may experience problems during rotations of verification
* materials.
*
* To be able to manage planned rotations of either transparency logs or
* certificate authorities, clienst MUST accept lists of instances where
* the last instance have a 'valid_for' that belongs to the future.
* This should not be a problem as clients SHOULD first seek the trust root
* for a suitable instance before creating a per artifact trust root (that
* is, a sub-set of the complete trust root) that is used for verification.
*/
export interface TrustedRoot {
/**
* MUST be application/vnd.dev.sigstore.trustedroot.v0.1+json
* when encoded as JSON.
* Clients MUST be able to process and parse content with the media
* type defined in the old format:
* application/vnd.dev.sigstore.trustedroot+json;version=0.1
*/
mediaType: string;
/** A set of trusted Rekor servers. */
tlogs: TransparencyLogInstance[];
/**
* A set of trusted certificate authorities (e.g Fulcio), and any
* intermediate certificates they provide.
* If a CA is issuing multiple intermediate certificate, each
* combination shall be represented as separate chain. I.e, a single
* root cert may appear in multiple chains but with different
* intermediate and/or leaf certificates.
* The certificates are intended to be used for verifying artifact
* signatures.
*/
certificateAuthorities: CertificateAuthority[];
/** A set of trusted certificate transparency logs. */
ctlogs: TransparencyLogInstance[];
/** A set of trusted timestamping authorities. */
timestampAuthorities: CertificateAuthority[];
}
/**
* SigningConfig represents the trusted entities/state needed by Sigstore
* signing. In particular, it primarily contains service URLs that a Sigstore
* signer may need to connect to for the online aspects of signing.
*/
export interface SigningConfig {
/**
* MUST be application/vnd.dev.sigstore.signingconfig.v0.2+json
* Clients MAY choose to also support
* application/vnd.dev.sigstore.signingconfig.v0.1+json
*/
mediaType: string;
/**
* URLs to Fulcio-compatible CAs, capable of receiving
* Certificate Signing Requests (CSRs) and responding with
* issued certificates.
*
* These URLs MUST be the "base" URL for the CAs, which clients
* should construct an appropriate CSR endpoint on top of.
* For example, if a CA URL is `https://example.com/ca`, then
* the client MAY construct the CSR endpoint as
* `https://example.com/ca/api/v2/signingCert`.
*
* Clients MUST select only one Service with the highest API version
* that the client is compatible with, that is within its
* validity period, and has the newest validity start date.
* Client SHOULD select the first Service that meets this requirement.
* All listed Services SHOULD be sorted by the `valid_for` window in
* descending order, with the newest instance first.
*/
caUrls: Service[];
/**
* URLs to OpenID Connect identity providers.
*
* These URLs MUST be the "base" URLs for the OIDC IdPs, which clients
* should perform well-known OpenID Connect discovery against.
*
* Clients MUST select only one Service with the highest API version
* that the client is compatible with, that is within its
* validity period, and has the newest validity start date.
* Client SHOULD select the first Service that meets this requirement.
* All listed Services SHOULD be sorted by the `valid_for` window in
* descending order, with the newest instance first.
*/
oidcUrls: Service[];
/**
* URLs to Rekor transparency logs.
*
* These URL MUST be the "base" URLs for the transparency logs,
* which clients should construct appropriate API endpoints on top of.
*
* Clients MUST group Services by `operator` and select at most one
* Service from each operator. Clients MUST select Services with the
* highest API version that the client is compatible with, that are
* within its validity period, and have the newest validity start dates.
* All listed Services SHOULD be sorted by the `valid_for` window in
* descending order, with the newest instance first.
*
* Clients MUST select Services based on the selector value of
* `rekor_tlog_config`.
*/
rekorTlogUrls: Service[];
/**
* Specifies how a client should select the set of Rekor transparency
* logs to write to.
*/
rekorTlogConfig: ServiceConfiguration | undefined;
/**
* URLs to RFC 3161 Time Stamping Authorities (TSA).
*
* These URLs MUST be the *full* URL for the TSA, meaning that it
* should be suitable for submitting Time Stamp Requests (TSRs) to
* via HTTP, per RFC 3161.
*
* Clients MUST group Services by `operator` and select at most one
* Service from each operator. Clients MUST select Services with the
* highest API version that the client is compatible with, that are
* within its validity period, and have the newest validity start dates.
* All listed Services SHOULD be sorted by the `valid_for` window in
* descending order, with the newest instance first.
*
* Clients MUST select Services based on the selector value of
* `tsa_config`.
*/
tsaUrls: Service[];
/**
* Specifies how a client should select the set of TSAs to request
* signed timestamps from.
*/
tsaConfig: ServiceConfiguration | undefined;
}
/**
* Service represents an instance of a service that is a part of Sigstore infrastructure.
* When selecting one or multiple services from a list of services, clients MUST:
* * Use the API version hint to determine the service with the highest API version
* that the client is compatible with.
* * Only select services within the specified validity period and that have the
* newest validity start date.
* When selecting multiple services, clients MUST:
* * Use the ServiceConfiguration to determine how many services MUST be selected.
* Clients MUST return an error if there are not enough services that meet the
* selection criteria.
* * Group services by `operator` and select at most one service from an operator.
* During verification, clients MUST treat valid verification metadata from the
* operator as valid only once towards a threshold.
* * Select services from only the highest supported API version.
*/
export interface Service {
/** URL of the service. MUST include scheme and authority. MAY include path. */
url: string;
/**
* Specifies the major API version. A value of 0 represents a service that
* has not yet been released.
*/
majorApiVersion: number;
/**
* Validity period of a service. A service that has only a start date
* SHOULD be considered the most recent instance of that service, but
* the client MUST NOT assume there is only one valid instance.
* The TimeRange MUST be considered valid *inclusive* of the
* endpoints.
*/
validFor: TimeRange | undefined;
/**
* Specifies the name of the service operator. When selecting multiple
* services, clients MUST use the operator to select services from
* distinct operators. Operator MUST be formatted as a scheme-less
* URI, e.g. sigstore.dev
*/
operator: string;
}
/**
* ServiceConfiguration specifies how a client should select a set of
* Services to connect to, along with a count when a specific number
* of Services is requested.
*/
export interface ServiceConfiguration {
/**
* How a client should select a set of Services to connect to.
* Clients SHOULD NOT select services from multiple API versions.
*/
selector: ServiceSelector;
/**
* count specifies the number of Services the client should use.
* Only used when selector is set to EXACT, and count MUST be greater
* than 0. count MUST be less than or equal to the number of Services.
* Clients MUST return an error is there are not enough services
* that meet selection criteria.
*/
count: number;
}
/**
* ClientTrustConfig describes the complete state needed by a client
* to perform both signing and verification operations against a particular
* instance of Sigstore.
*/
export interface ClientTrustConfig {
/** MUST be application/vnd.dev.sigstore.clienttrustconfig.v0.1+json */
mediaType: string;
/** The root of trust, which MUST be present. */
trustedRoot: TrustedRoot | undefined;
/** Configuration for signing clients, which MUST be present. */
signingConfig: SigningConfig | undefined;
}
export declare const TransparencyLogInstance: MessageFns<TransparencyLogInstance>;
export declare const CertificateAuthority: MessageFns<CertificateAuthority>;
export declare const TrustedRoot: MessageFns<TrustedRoot>;
export declare const SigningConfig: MessageFns<SigningConfig>;
export declare const Service: MessageFns<Service>;
export declare const ServiceConfiguration: MessageFns<ServiceConfiguration>;
export declare const ClientTrustConfig: MessageFns<ClientTrustConfig>;
interface MessageFns<T> {
fromJSON(object: any): T;
toJSON(message: T): unknown;
}
export {};

284
node_modules/@sigstore/protobuf-specs/dist/__generated__/sigstore_trustroot.js generated vendored Normal file
View File

@@ -0,0 +1,284 @@
"use strict";
// Code generated by protoc-gen-ts_proto. DO NOT EDIT.
// versions:
// protoc-gen-ts_proto v2.7.0
// protoc v6.30.2
// source: sigstore_trustroot.proto
Object.defineProperty(exports, "__esModule", { value: true });
exports.ClientTrustConfig = exports.ServiceConfiguration = exports.Service = exports.SigningConfig = exports.TrustedRoot = exports.CertificateAuthority = exports.TransparencyLogInstance = exports.ServiceSelector = void 0;
exports.serviceSelectorFromJSON = serviceSelectorFromJSON;
exports.serviceSelectorToJSON = serviceSelectorToJSON;
/* eslint-disable */
const sigstore_common_1 = require("./sigstore_common");
/**
* ServiceSelector specifies how a client SHOULD select a set of
* Services to connect to. A client SHOULD throw an error if
* the value is SERVICE_SELECTOR_UNDEFINED.
*/
var ServiceSelector;
(function (ServiceSelector) {
ServiceSelector[ServiceSelector["SERVICE_SELECTOR_UNDEFINED"] = 0] = "SERVICE_SELECTOR_UNDEFINED";
/**
* ALL - Clients SHOULD select all Services based on supported API version
* and validity window.
*/
ServiceSelector[ServiceSelector["ALL"] = 1] = "ALL";
/**
* ANY - Clients SHOULD select one Service based on supported API version
* and validity window. It is up to the client implementation to
* decide how to select the Service, e.g. random or round-robin.
*/
ServiceSelector[ServiceSelector["ANY"] = 2] = "ANY";
/**
* EXACT - Clients SHOULD select a specific number of Services based on
* supported API version and validity window, using the provided
* `count`. It is up to the client implementation to decide how to
* select the Service, e.g. random or round-robin.
*/
ServiceSelector[ServiceSelector["EXACT"] = 3] = "EXACT";
})(ServiceSelector || (exports.ServiceSelector = ServiceSelector = {}));
function serviceSelectorFromJSON(object) {
switch (object) {
case 0:
case "SERVICE_SELECTOR_UNDEFINED":
return ServiceSelector.SERVICE_SELECTOR_UNDEFINED;
case 1:
case "ALL":
return ServiceSelector.ALL;
case 2:
case "ANY":
return ServiceSelector.ANY;
case 3:
case "EXACT":
return ServiceSelector.EXACT;
default:
throw new globalThis.Error("Unrecognized enum value " + object + " for enum ServiceSelector");
}
}
function serviceSelectorToJSON(object) {
switch (object) {
case ServiceSelector.SERVICE_SELECTOR_UNDEFINED:
return "SERVICE_SELECTOR_UNDEFINED";
case ServiceSelector.ALL:
return "ALL";
case ServiceSelector.ANY:
return "ANY";
case ServiceSelector.EXACT:
return "EXACT";
default:
throw new globalThis.Error("Unrecognized enum value " + object + " for enum ServiceSelector");
}
}
exports.TransparencyLogInstance = {
fromJSON(object) {
return {
baseUrl: isSet(object.baseUrl) ? globalThis.String(object.baseUrl) : "",
hashAlgorithm: isSet(object.hashAlgorithm) ? (0, sigstore_common_1.hashAlgorithmFromJSON)(object.hashAlgorithm) : 0,
publicKey: isSet(object.publicKey) ? sigstore_common_1.PublicKey.fromJSON(object.publicKey) : undefined,
logId: isSet(object.logId) ? sigstore_common_1.LogId.fromJSON(object.logId) : undefined,
checkpointKeyId: isSet(object.checkpointKeyId) ? sigstore_common_1.LogId.fromJSON(object.checkpointKeyId) : undefined,
operator: isSet(object.operator) ? globalThis.String(object.operator) : "",
};
},
toJSON(message) {
const obj = {};
if (message.baseUrl !== "") {
obj.baseUrl = message.baseUrl;
}
if (message.hashAlgorithm !== 0) {
obj.hashAlgorithm = (0, sigstore_common_1.hashAlgorithmToJSON)(message.hashAlgorithm);
}
if (message.publicKey !== undefined) {
obj.publicKey = sigstore_common_1.PublicKey.toJSON(message.publicKey);
}
if (message.logId !== undefined) {
obj.logId = sigstore_common_1.LogId.toJSON(message.logId);
}
if (message.checkpointKeyId !== undefined) {
obj.checkpointKeyId = sigstore_common_1.LogId.toJSON(message.checkpointKeyId);
}
if (message.operator !== "") {
obj.operator = message.operator;
}
return obj;
},
};
exports.CertificateAuthority = {
fromJSON(object) {
return {
subject: isSet(object.subject) ? sigstore_common_1.DistinguishedName.fromJSON(object.subject) : undefined,
uri: isSet(object.uri) ? globalThis.String(object.uri) : "",
certChain: isSet(object.certChain) ? sigstore_common_1.X509CertificateChain.fromJSON(object.certChain) : undefined,
validFor: isSet(object.validFor) ? sigstore_common_1.TimeRange.fromJSON(object.validFor) : undefined,
operator: isSet(object.operator) ? globalThis.String(object.operator) : "",
};
},
toJSON(message) {
const obj = {};
if (message.subject !== undefined) {
obj.subject = sigstore_common_1.DistinguishedName.toJSON(message.subject);
}
if (message.uri !== "") {
obj.uri = message.uri;
}
if (message.certChain !== undefined) {
obj.certChain = sigstore_common_1.X509CertificateChain.toJSON(message.certChain);
}
if (message.validFor !== undefined) {
obj.validFor = sigstore_common_1.TimeRange.toJSON(message.validFor);
}
if (message.operator !== "") {
obj.operator = message.operator;
}
return obj;
},
};
exports.TrustedRoot = {
fromJSON(object) {
return {
mediaType: isSet(object.mediaType) ? globalThis.String(object.mediaType) : "",
tlogs: globalThis.Array.isArray(object?.tlogs)
? object.tlogs.map((e) => exports.TransparencyLogInstance.fromJSON(e))
: [],
certificateAuthorities: globalThis.Array.isArray(object?.certificateAuthorities)
? object.certificateAuthorities.map((e) => exports.CertificateAuthority.fromJSON(e))
: [],
ctlogs: globalThis.Array.isArray(object?.ctlogs)
? object.ctlogs.map((e) => exports.TransparencyLogInstance.fromJSON(e))
: [],
timestampAuthorities: globalThis.Array.isArray(object?.timestampAuthorities)
? object.timestampAuthorities.map((e) => exports.CertificateAuthority.fromJSON(e))
: [],
};
},
toJSON(message) {
const obj = {};
if (message.mediaType !== "") {
obj.mediaType = message.mediaType;
}
if (message.tlogs?.length) {
obj.tlogs = message.tlogs.map((e) => exports.TransparencyLogInstance.toJSON(e));
}
if (message.certificateAuthorities?.length) {
obj.certificateAuthorities = message.certificateAuthorities.map((e) => exports.CertificateAuthority.toJSON(e));
}
if (message.ctlogs?.length) {
obj.ctlogs = message.ctlogs.map((e) => exports.TransparencyLogInstance.toJSON(e));
}
if (message.timestampAuthorities?.length) {
obj.timestampAuthorities = message.timestampAuthorities.map((e) => exports.CertificateAuthority.toJSON(e));
}
return obj;
},
};
exports.SigningConfig = {
fromJSON(object) {
return {
mediaType: isSet(object.mediaType) ? globalThis.String(object.mediaType) : "",
caUrls: globalThis.Array.isArray(object?.caUrls) ? object.caUrls.map((e) => exports.Service.fromJSON(e)) : [],
oidcUrls: globalThis.Array.isArray(object?.oidcUrls) ? object.oidcUrls.map((e) => exports.Service.fromJSON(e)) : [],
rekorTlogUrls: globalThis.Array.isArray(object?.rekorTlogUrls)
? object.rekorTlogUrls.map((e) => exports.Service.fromJSON(e))
: [],
rekorTlogConfig: isSet(object.rekorTlogConfig)
? exports.ServiceConfiguration.fromJSON(object.rekorTlogConfig)
: undefined,
tsaUrls: globalThis.Array.isArray(object?.tsaUrls) ? object.tsaUrls.map((e) => exports.Service.fromJSON(e)) : [],
tsaConfig: isSet(object.tsaConfig) ? exports.ServiceConfiguration.fromJSON(object.tsaConfig) : undefined,
};
},
toJSON(message) {
const obj = {};
if (message.mediaType !== "") {
obj.mediaType = message.mediaType;
}
if (message.caUrls?.length) {
obj.caUrls = message.caUrls.map((e) => exports.Service.toJSON(e));
}
if (message.oidcUrls?.length) {
obj.oidcUrls = message.oidcUrls.map((e) => exports.Service.toJSON(e));
}
if (message.rekorTlogUrls?.length) {
obj.rekorTlogUrls = message.rekorTlogUrls.map((e) => exports.Service.toJSON(e));
}
if (message.rekorTlogConfig !== undefined) {
obj.rekorTlogConfig = exports.ServiceConfiguration.toJSON(message.rekorTlogConfig);
}
if (message.tsaUrls?.length) {
obj.tsaUrls = message.tsaUrls.map((e) => exports.Service.toJSON(e));
}
if (message.tsaConfig !== undefined) {
obj.tsaConfig = exports.ServiceConfiguration.toJSON(message.tsaConfig);
}
return obj;
},
};
exports.Service = {
fromJSON(object) {
return {
url: isSet(object.url) ? globalThis.String(object.url) : "",
majorApiVersion: isSet(object.majorApiVersion) ? globalThis.Number(object.majorApiVersion) : 0,
validFor: isSet(object.validFor) ? sigstore_common_1.TimeRange.fromJSON(object.validFor) : undefined,
operator: isSet(object.operator) ? globalThis.String(object.operator) : "",
};
},
toJSON(message) {
const obj = {};
if (message.url !== "") {
obj.url = message.url;
}
if (message.majorApiVersion !== 0) {
obj.majorApiVersion = Math.round(message.majorApiVersion);
}
if (message.validFor !== undefined) {
obj.validFor = sigstore_common_1.TimeRange.toJSON(message.validFor);
}
if (message.operator !== "") {
obj.operator = message.operator;
}
return obj;
},
};
exports.ServiceConfiguration = {
fromJSON(object) {
return {
selector: isSet(object.selector) ? serviceSelectorFromJSON(object.selector) : 0,
count: isSet(object.count) ? globalThis.Number(object.count) : 0,
};
},
toJSON(message) {
const obj = {};
if (message.selector !== 0) {
obj.selector = serviceSelectorToJSON(message.selector);
}
if (message.count !== 0) {
obj.count = Math.round(message.count);
}
return obj;
},
};
exports.ClientTrustConfig = {
fromJSON(object) {
return {
mediaType: isSet(object.mediaType) ? globalThis.String(object.mediaType) : "",
trustedRoot: isSet(object.trustedRoot) ? exports.TrustedRoot.fromJSON(object.trustedRoot) : undefined,
signingConfig: isSet(object.signingConfig) ? exports.SigningConfig.fromJSON(object.signingConfig) : undefined,
};
},
toJSON(message) {
const obj = {};
if (message.mediaType !== "") {
obj.mediaType = message.mediaType;
}
if (message.trustedRoot !== undefined) {
obj.trustedRoot = exports.TrustedRoot.toJSON(message.trustedRoot);
}
if (message.signingConfig !== undefined) {
obj.signingConfig = exports.SigningConfig.toJSON(message.signingConfig);
}
return obj;
},
};
function isSet(value) {
return value !== null && value !== undefined;
}

191
node_modules/@sigstore/protobuf-specs/dist/__generated__/sigstore_verification.d.ts generated vendored Normal file
View File

@@ -0,0 +1,191 @@
import { Bundle } from "./sigstore_bundle";
import { HashOutput, ObjectIdentifierValuePair, PublicKey, SubjectAlternativeName } from "./sigstore_common";
import { TrustedRoot } from "./sigstore_trustroot";
/** The identity of a X.509 Certificate signer. */
export interface CertificateIdentity {
/** The X.509v3 issuer extension (OID 1.3.6.1.4.1.57264.1.1) */
issuer: string;
san: SubjectAlternativeName | undefined;
/**
* An unordered list of OIDs that must be verified.
* All OID/values provided in this list MUST exactly match against
* the values in the certificate for verification to be successful.
*/
oids: ObjectIdentifierValuePair[];
}
export interface CertificateIdentities {
identities: CertificateIdentity[];
}
export interface PublicKeyIdentities {
publicKeys: PublicKey[];
}
/**
* A light-weight set of options/policies for identifying trusted signers,
* used during verification of a single artifact.
*/
export interface ArtifactVerificationOptions {
/**
* At least one identity MUST be provided. Providing zero identities
* is an error. If at least one provided identity is found as a
* signer, the verification is considered successful.
*/
signers?: {
$case: "certificateIdentities";
certificateIdentities: CertificateIdentities;
} | //
/**
* To simplify verification implementation, the logic for
* bundle verification should be implemented as a
* higher-order function, where one of argument should be an
* interface over the set of trusted public keys, like this:
* `Verify(bytes artifact, bytes signature, string key_id)`.
* This way the caller is in full control of mapping the
* identified (or hinted) key in the bundle to one of the
* trusted keys, as this process is inherently application
* specific.
*/
{
$case: "publicKeys";
publicKeys: PublicKeyIdentities;
} | undefined;
/**
* Optional options for artifact transparency log verification.
* If none is provided, the default verification options are:
* Threshold: 1
* Online verification: false
* Disable: false
*/
tlogOptions?: ArtifactVerificationOptions_TlogOptions | undefined;
/**
* Optional options for certificate transparency log verification.
* If none is provided, the default verification options are:
* Threshold: 1
* Disable: false
*/
ctlogOptions?: ArtifactVerificationOptions_CtlogOptions | undefined;
/**
* Optional options for certificate signed timestamp verification.
* If none is provided, the default verification options are:
* Threshold: 0
* Disable: true
*/
tsaOptions?: ArtifactVerificationOptions_TimestampAuthorityOptions | undefined;
/**
* Optional options for integrated timestamp verification.
* If none is provided, the default verification options are:
* Threshold: 0
* Disable: true
*/
integratedTsOptions?: ArtifactVerificationOptions_TlogIntegratedTimestampOptions | undefined;
/**
* Optional options for observed timestamp verification.
* If none is provided, the default verification options are:
* Threshold 1
* Disable: false
*/
observerOptions?: ArtifactVerificationOptions_ObserverTimestampOptions | undefined;
}
export interface ArtifactVerificationOptions_TlogOptions {
/** Number of transparency logs the entry must appear on. */
threshold: number;
/** Perform an online inclusion proof. */
performOnlineVerification: boolean;
/** Disable verification for transparency logs. */
disable: boolean;
}
export interface ArtifactVerificationOptions_CtlogOptions {
/**
* The number of ct transparency logs the certificate must
* appear on.
*/
threshold: number;
/** Disable ct transparency log verification */
disable: boolean;
}
export interface ArtifactVerificationOptions_TimestampAuthorityOptions {
/** The number of signed timestamps that are expected. */
threshold: number;
/** Disable signed timestamp verification. */
disable: boolean;
}
export interface ArtifactVerificationOptions_TlogIntegratedTimestampOptions {
/** The number of integrated timestamps that are expected. */
threshold: number;
/** Disable integrated timestamp verification. */
disable: boolean;
}
export interface ArtifactVerificationOptions_ObserverTimestampOptions {
/**
* The number of external observers of the timestamp.
* This is a union of RFC3161 signed timestamps, and
* integrated timestamps from a transparency log, that
* could include additional timestamp sources in the
* future.
*/
threshold: number;
/** Disable observer timestamp verification. */
disable: boolean;
}
export interface Artifact {
data?: //
/** Location of the artifact */
{
$case: "artifactUri";
artifactUri: string;
} | //
/** The raw bytes of the artifact */
{
$case: "artifact";
artifact: Buffer;
} | //
/**
* Digest of the artifact. SHOULD NOT be used when verifying an
* in-toto attestation as the subject digest cannot be
* reconstructed. This option will not work with Ed25519
* signatures, use Ed25519Ph or another algorithm instead.
*/
{
$case: "artifactDigest";
artifactDigest: HashOutput;
} | undefined;
}
/**
* Input captures all that is needed to call the bundle verification method,
* to verify a single artifact referenced by the bundle.
*/
export interface Input {
/**
* The verification materials provided during a bundle verification.
* The running process is usually preloaded with a "global"
* dev.sisgtore.trustroot.TrustedRoot.v1 instance. Prior to
* verifying an artifact (i.e a bundle), and/or based on current
* policy, some selection is expected to happen, to filter out the
* exact certificate authority to use, which transparency logs are
* relevant etc. The result should b ecaptured in the
* `artifact_trust_root`.
*/
artifactTrustRoot: TrustedRoot | undefined;
artifactVerificationOptions: ArtifactVerificationOptions | undefined;
bundle: Bundle | undefined;
/**
* If the bundle contains a message signature, the artifact must be
* provided.
*/
artifact?: Artifact | undefined;
}
export declare const CertificateIdentity: MessageFns<CertificateIdentity>;
export declare const CertificateIdentities: MessageFns<CertificateIdentities>;
export declare const PublicKeyIdentities: MessageFns<PublicKeyIdentities>;
export declare const ArtifactVerificationOptions: MessageFns<ArtifactVerificationOptions>;
export declare const ArtifactVerificationOptions_TlogOptions: MessageFns<ArtifactVerificationOptions_TlogOptions>;
export declare const ArtifactVerificationOptions_CtlogOptions: MessageFns<ArtifactVerificationOptions_CtlogOptions>;
export declare const ArtifactVerificationOptions_TimestampAuthorityOptions: MessageFns<ArtifactVerificationOptions_TimestampAuthorityOptions>;
export declare const ArtifactVerificationOptions_TlogIntegratedTimestampOptions: MessageFns<ArtifactVerificationOptions_TlogIntegratedTimestampOptions>;
export declare const ArtifactVerificationOptions_ObserverTimestampOptions: MessageFns<ArtifactVerificationOptions_ObserverTimestampOptions>;
export declare const Artifact: MessageFns<Artifact>;
export declare const Input: MessageFns<Input>;
interface MessageFns<T> {
fromJSON(object: any): T;
toJSON(message: T): unknown;
}
export {};

281
node_modules/@sigstore/protobuf-specs/dist/__generated__/sigstore_verification.js generated vendored Normal file
View File

@@ -0,0 +1,281 @@
"use strict";
// Code generated by protoc-gen-ts_proto. DO NOT EDIT.
// versions:
// protoc-gen-ts_proto v2.7.0
// protoc v6.30.2
// source: sigstore_verification.proto
Object.defineProperty(exports, "__esModule", { value: true });
exports.Input = exports.Artifact = exports.ArtifactVerificationOptions_ObserverTimestampOptions = exports.ArtifactVerificationOptions_TlogIntegratedTimestampOptions = exports.ArtifactVerificationOptions_TimestampAuthorityOptions = exports.ArtifactVerificationOptions_CtlogOptions = exports.ArtifactVerificationOptions_TlogOptions = exports.ArtifactVerificationOptions = exports.PublicKeyIdentities = exports.CertificateIdentities = exports.CertificateIdentity = void 0;
/* eslint-disable */
const sigstore_bundle_1 = require("./sigstore_bundle");
const sigstore_common_1 = require("./sigstore_common");
const sigstore_trustroot_1 = require("./sigstore_trustroot");
exports.CertificateIdentity = {
fromJSON(object) {
return {
issuer: isSet(object.issuer) ? globalThis.String(object.issuer) : "",
san: isSet(object.san) ? sigstore_common_1.SubjectAlternativeName.fromJSON(object.san) : undefined,
oids: globalThis.Array.isArray(object?.oids)
? object.oids.map((e) => sigstore_common_1.ObjectIdentifierValuePair.fromJSON(e))
: [],
};
},
toJSON(message) {
const obj = {};
if (message.issuer !== "") {
obj.issuer = message.issuer;
}
if (message.san !== undefined) {
obj.san = sigstore_common_1.SubjectAlternativeName.toJSON(message.san);
}
if (message.oids?.length) {
obj.oids = message.oids.map((e) => sigstore_common_1.ObjectIdentifierValuePair.toJSON(e));
}
return obj;
},
};
exports.CertificateIdentities = {
fromJSON(object) {
return {
identities: globalThis.Array.isArray(object?.identities)
? object.identities.map((e) => exports.CertificateIdentity.fromJSON(e))
: [],
};
},
toJSON(message) {
const obj = {};
if (message.identities?.length) {
obj.identities = message.identities.map((e) => exports.CertificateIdentity.toJSON(e));
}
return obj;
},
};
exports.PublicKeyIdentities = {
fromJSON(object) {
return {
publicKeys: globalThis.Array.isArray(object?.publicKeys)
? object.publicKeys.map((e) => sigstore_common_1.PublicKey.fromJSON(e))
: [],
};
},
toJSON(message) {
const obj = {};
if (message.publicKeys?.length) {
obj.publicKeys = message.publicKeys.map((e) => sigstore_common_1.PublicKey.toJSON(e));
}
return obj;
},
};
exports.ArtifactVerificationOptions = {
fromJSON(object) {
return {
signers: isSet(object.certificateIdentities)
? {
$case: "certificateIdentities",
certificateIdentities: exports.CertificateIdentities.fromJSON(object.certificateIdentities),
}
: isSet(object.publicKeys)
? { $case: "publicKeys", publicKeys: exports.PublicKeyIdentities.fromJSON(object.publicKeys) }
: undefined,
tlogOptions: isSet(object.tlogOptions)
? exports.ArtifactVerificationOptions_TlogOptions.fromJSON(object.tlogOptions)
: undefined,
ctlogOptions: isSet(object.ctlogOptions)
? exports.ArtifactVerificationOptions_CtlogOptions.fromJSON(object.ctlogOptions)
: undefined,
tsaOptions: isSet(object.tsaOptions)
? exports.ArtifactVerificationOptions_TimestampAuthorityOptions.fromJSON(object.tsaOptions)
: undefined,
integratedTsOptions: isSet(object.integratedTsOptions)
? exports.ArtifactVerificationOptions_TlogIntegratedTimestampOptions.fromJSON(object.integratedTsOptions)
: undefined,
observerOptions: isSet(object.observerOptions)
? exports.ArtifactVerificationOptions_ObserverTimestampOptions.fromJSON(object.observerOptions)
: undefined,
};
},
toJSON(message) {
const obj = {};
if (message.signers?.$case === "certificateIdentities") {
obj.certificateIdentities = exports.CertificateIdentities.toJSON(message.signers.certificateIdentities);
}
else if (message.signers?.$case === "publicKeys") {
obj.publicKeys = exports.PublicKeyIdentities.toJSON(message.signers.publicKeys);
}
if (message.tlogOptions !== undefined) {
obj.tlogOptions = exports.ArtifactVerificationOptions_TlogOptions.toJSON(message.tlogOptions);
}
if (message.ctlogOptions !== undefined) {
obj.ctlogOptions = exports.ArtifactVerificationOptions_CtlogOptions.toJSON(message.ctlogOptions);
}
if (message.tsaOptions !== undefined) {
obj.tsaOptions = exports.ArtifactVerificationOptions_TimestampAuthorityOptions.toJSON(message.tsaOptions);
}
if (message.integratedTsOptions !== undefined) {
obj.integratedTsOptions = exports.ArtifactVerificationOptions_TlogIntegratedTimestampOptions.toJSON(message.integratedTsOptions);
}
if (message.observerOptions !== undefined) {
obj.observerOptions = exports.ArtifactVerificationOptions_ObserverTimestampOptions.toJSON(message.observerOptions);
}
return obj;
},
};
exports.ArtifactVerificationOptions_TlogOptions = {
fromJSON(object) {
return {
threshold: isSet(object.threshold) ? globalThis.Number(object.threshold) : 0,
performOnlineVerification: isSet(object.performOnlineVerification)
? globalThis.Boolean(object.performOnlineVerification)
: false,
disable: isSet(object.disable) ? globalThis.Boolean(object.disable) : false,
};
},
toJSON(message) {
const obj = {};
if (message.threshold !== 0) {
obj.threshold = Math.round(message.threshold);
}
if (message.performOnlineVerification !== false) {
obj.performOnlineVerification = message.performOnlineVerification;
}
if (message.disable !== false) {
obj.disable = message.disable;
}
return obj;
},
};
exports.ArtifactVerificationOptions_CtlogOptions = {
fromJSON(object) {
return {
threshold: isSet(object.threshold) ? globalThis.Number(object.threshold) : 0,
disable: isSet(object.disable) ? globalThis.Boolean(object.disable) : false,
};
},
toJSON(message) {
const obj = {};
if (message.threshold !== 0) {
obj.threshold = Math.round(message.threshold);
}
if (message.disable !== false) {
obj.disable = message.disable;
}
return obj;
},
};
exports.ArtifactVerificationOptions_TimestampAuthorityOptions = {
fromJSON(object) {
return {
threshold: isSet(object.threshold) ? globalThis.Number(object.threshold) : 0,
disable: isSet(object.disable) ? globalThis.Boolean(object.disable) : false,
};
},
toJSON(message) {
const obj = {};
if (message.threshold !== 0) {
obj.threshold = Math.round(message.threshold);
}
if (message.disable !== false) {
obj.disable = message.disable;
}
return obj;
},
};
exports.ArtifactVerificationOptions_TlogIntegratedTimestampOptions = {
fromJSON(object) {
return {
threshold: isSet(object.threshold) ? globalThis.Number(object.threshold) : 0,
disable: isSet(object.disable) ? globalThis.Boolean(object.disable) : false,
};
},
toJSON(message) {
const obj = {};
if (message.threshold !== 0) {
obj.threshold = Math.round(message.threshold);
}
if (message.disable !== false) {
obj.disable = message.disable;
}
return obj;
},
};
exports.ArtifactVerificationOptions_ObserverTimestampOptions = {
fromJSON(object) {
return {
threshold: isSet(object.threshold) ? globalThis.Number(object.threshold) : 0,
disable: isSet(object.disable) ? globalThis.Boolean(object.disable) : false,
};
},
toJSON(message) {
const obj = {};
if (message.threshold !== 0) {
obj.threshold = Math.round(message.threshold);
}
if (message.disable !== false) {
obj.disable = message.disable;
}
return obj;
},
};
exports.Artifact = {
fromJSON(object) {
return {
data: isSet(object.artifactUri)
? { $case: "artifactUri", artifactUri: globalThis.String(object.artifactUri) }
: isSet(object.artifact)
? { $case: "artifact", artifact: Buffer.from(bytesFromBase64(object.artifact)) }
: isSet(object.artifactDigest)
? { $case: "artifactDigest", artifactDigest: sigstore_common_1.HashOutput.fromJSON(object.artifactDigest) }
: undefined,
};
},
toJSON(message) {
const obj = {};
if (message.data?.$case === "artifactUri") {
obj.artifactUri = message.data.artifactUri;
}
else if (message.data?.$case === "artifact") {
obj.artifact = base64FromBytes(message.data.artifact);
}
else if (message.data?.$case === "artifactDigest") {
obj.artifactDigest = sigstore_common_1.HashOutput.toJSON(message.data.artifactDigest);
}
return obj;
},
};
exports.Input = {
fromJSON(object) {
return {
artifactTrustRoot: isSet(object.artifactTrustRoot) ? sigstore_trustroot_1.TrustedRoot.fromJSON(object.artifactTrustRoot) : undefined,
artifactVerificationOptions: isSet(object.artifactVerificationOptions)
? exports.ArtifactVerificationOptions.fromJSON(object.artifactVerificationOptions)
: undefined,
bundle: isSet(object.bundle) ? sigstore_bundle_1.Bundle.fromJSON(object.bundle) : undefined,
artifact: isSet(object.artifact) ? exports.Artifact.fromJSON(object.artifact) : undefined,
};
},
toJSON(message) {
const obj = {};
if (message.artifactTrustRoot !== undefined) {
obj.artifactTrustRoot = sigstore_trustroot_1.TrustedRoot.toJSON(message.artifactTrustRoot);
}
if (message.artifactVerificationOptions !== undefined) {
obj.artifactVerificationOptions = exports.ArtifactVerificationOptions.toJSON(message.artifactVerificationOptions);
}
if (message.bundle !== undefined) {
obj.bundle = sigstore_bundle_1.Bundle.toJSON(message.bundle);
}
if (message.artifact !== undefined) {
obj.artifact = exports.Artifact.toJSON(message.artifact);
}
return obj;
},
};
function bytesFromBase64(b64) {
return Uint8Array.from(globalThis.Buffer.from(b64, "base64"));
}
function base64FromBytes(arr) {
return globalThis.Buffer.from(arr).toString("base64");
}
function isSet(value) {
return value !== null && value !== undefined;
}

6
node_modules/@sigstore/protobuf-specs/dist/index.d.ts generated vendored Normal file
View File

@@ -0,0 +1,6 @@
export * from './__generated__/envelope';
export * from './__generated__/sigstore_bundle';
export * from './__generated__/sigstore_common';
export * from './__generated__/sigstore_rekor';
export * from './__generated__/sigstore_trustroot';
export * from './__generated__/sigstore_verification';

37
node_modules/@sigstore/protobuf-specs/dist/index.js generated vendored Normal file
View File

@@ -0,0 +1,37 @@
"use strict";
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
var desc = Object.getOwnPropertyDescriptor(m, k);
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
desc = { enumerable: true, get: function() { return m[k]; } };
}
Object.defineProperty(o, k2, desc);
}) : (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
o[k2] = m[k];
}));
var __exportStar = (this && this.__exportStar) || function(m, exports) {
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
};
Object.defineProperty(exports, "__esModule", { value: true });
/*
Copyright 2023 The Sigstore Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
__exportStar(require("./__generated__/envelope"), exports);
__exportStar(require("./__generated__/sigstore_bundle"), exports);
__exportStar(require("./__generated__/sigstore_common"), exports);
__exportStar(require("./__generated__/sigstore_rekor"), exports);
__exportStar(require("./__generated__/sigstore_trustroot"), exports);
__exportStar(require("./__generated__/sigstore_verification"), exports);

31
node_modules/@sigstore/protobuf-specs/package.json generated vendored Normal file
View File

@@ -0,0 +1,31 @@
{
"name": "@sigstore/protobuf-specs",
"version": "0.4.3",
"description": "code-signing for npm packages",
"main": "dist/index.js",
"types": "dist/index.d.ts",
"scripts": {
"build": "tsc"
},
"repository": {
"type": "git",
"url": "git+https://github.com/sigstore/protobuf-specs.git"
},
"files": [
"dist"
],
"author": "bdehamer@github.com",
"license": "Apache-2.0",
"bugs": {
"url": "https://github.com/sigstore/protobuf-specs/issues"
},
"homepage": "https://github.com/sigstore/protobuf-specs#readme",
"devDependencies": {
"@tsconfig/node18": "^18.2.4",
"@types/node": "^18.14.0",
"typescript": "^5.7.2"
},
"engines": {
"node": "^18.17.0 || >=20.5.0"
}
}