init

2025-11-13 16:23:22 +01:00
parent de9c515a47
commit cb235644dc
34924 changed files with 3811102 additions and 0 deletions
--- a/node_modules/@sigstore/verify/dist/trust/filter.d.ts
+++ b/node_modules/@sigstore/verify/dist/trust/filter.d.ts
@@ -0,0 +1,8 @@
+import type { CertAuthority, TLogAuthority } from './trust.types';
+export declare function filterCertAuthorities(certAuthorities: CertAuthority[], timestamp: Date): CertAuthority[];
+type TLogAuthorityFilterCriteria = {
+    targetDate: Date;
+    logID?: Buffer;
+};
+export declare function filterTLogAuthorities(tlogAuthorities: TLogAuthority[], criteria: TLogAuthorityFilterCriteria): TLogAuthority[];
+export {};
--- a/node_modules/@sigstore/verify/dist/trust/filter.js
+++ b/node_modules/@sigstore/verify/dist/trust/filter.js
@@ -0,0 +1,23 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.filterCertAuthorities = filterCertAuthorities;
+exports.filterTLogAuthorities = filterTLogAuthorities;
+function filterCertAuthorities(certAuthorities, timestamp) {
+    return certAuthorities.filter((ca) => {
+        return ca.validFor.start <= timestamp && ca.validFor.end >= timestamp;
+    });
+}
+// Filter the list of tlog instances to only those which match the given log
+// ID and have public keys which are valid for the given integrated time.
+function filterTLogAuthorities(tlogAuthorities, criteria) {
+    return tlogAuthorities.filter((tlog) => {
+        // If we're filtering by log ID and the log IDs don't match, we can't use
+        // this tlog
+        if (criteria.logID && !tlog.logID.equals(criteria.logID)) {
+            return false;
+        }
+        // Check that the integrated time is within the validFor range
+        return (tlog.validFor.start <= criteria.targetDate &&
+            criteria.targetDate <= tlog.validFor.end);
+    });
+}
--- a/node_modules/@sigstore/verify/dist/trust/index.d.ts
+++ b/node_modules/@sigstore/verify/dist/trust/index.d.ts
@@ -0,0 +1,5 @@
+import { type PublicKey, type TrustedRoot } from '@sigstore/protobuf-specs';
+import type { KeyFinderFunc, TrustMaterial } from './trust.types';
+export { filterCertAuthorities, filterTLogAuthorities } from './filter';
+export type { CertAuthority, KeyFinderFunc, TLogAuthority, TrustMaterial, } from './trust.types';
+export declare function toTrustMaterial(root: TrustedRoot, keys?: Record<string, PublicKey> | KeyFinderFunc): TrustMaterial;
--- a/node_modules/@sigstore/verify/dist/trust/index.js
+++ b/node_modules/@sigstore/verify/dist/trust/index.js
@@ -0,0 +1,86 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.filterTLogAuthorities = exports.filterCertAuthorities = void 0;
+exports.toTrustMaterial = toTrustMaterial;
+/*
+Copyright 2023 The Sigstore Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+const core_1 = require("@sigstore/core");
+const protobuf_specs_1 = require("@sigstore/protobuf-specs");
+const error_1 = require("../error");
+const BEGINNING_OF_TIME = new Date(0);
+const END_OF_TIME = new Date(8640000000000000);
+var filter_1 = require("./filter");
+Object.defineProperty(exports, "filterCertAuthorities", { enumerable: true, get: function () { return filter_1.filterCertAuthorities; } });
+Object.defineProperty(exports, "filterTLogAuthorities", { enumerable: true, get: function () { return filter_1.filterTLogAuthorities; } });
+function toTrustMaterial(root, keys) {
+    const keyFinder = typeof keys === 'function' ? keys : keyLocator(keys);
+    return {
+        certificateAuthorities: root.certificateAuthorities.map(createCertAuthority),
+        timestampAuthorities: root.timestampAuthorities.map(createCertAuthority),
+        tlogs: root.tlogs.map(createTLogAuthority),
+        ctlogs: root.ctlogs.map(createTLogAuthority),
+        publicKey: keyFinder,
+    };
+}
+function createTLogAuthority(tlogInstance) {
+    const keyDetails = tlogInstance.publicKey.keyDetails;
+    const keyType = keyDetails === protobuf_specs_1.PublicKeyDetails.PKCS1_RSA_PKCS1V5 ||
+        keyDetails === protobuf_specs_1.PublicKeyDetails.PKIX_RSA_PKCS1V5 ||
+        keyDetails === protobuf_specs_1.PublicKeyDetails.PKIX_RSA_PKCS1V15_2048_SHA256 ||
+        keyDetails === protobuf_specs_1.PublicKeyDetails.PKIX_RSA_PKCS1V15_3072_SHA256 ||
+        keyDetails === protobuf_specs_1.PublicKeyDetails.PKIX_RSA_PKCS1V15_4096_SHA256
+        ? 'pkcs1'
+        : 'spki';
+    return {
+        logID: tlogInstance.logId.keyId,
+        publicKey: core_1.crypto.createPublicKey(tlogInstance.publicKey.rawBytes, keyType),
+        validFor: {
+            start: tlogInstance.publicKey.validFor?.start || BEGINNING_OF_TIME,
+            end: tlogInstance.publicKey.validFor?.end || END_OF_TIME,
+        },
+    };
+}
+function createCertAuthority(ca) {
+    /* istanbul ignore next */
+    return {
+        certChain: ca.certChain.certificates.map((cert) => {
+            return core_1.X509Certificate.parse(cert.rawBytes);
+        }),
+        validFor: {
+            start: ca.validFor?.start || BEGINNING_OF_TIME,
+            end: ca.validFor?.end || END_OF_TIME,
+        },
+    };
+}
+function keyLocator(keys) {
+    return (hint) => {
+        const key = (keys || {})[hint];
+        if (!key) {
+            throw new error_1.VerificationError({
+                code: 'PUBLIC_KEY_ERROR',
+                message: `key not found: ${hint}`,
+            });
+        }
+        return {
+            publicKey: core_1.crypto.createPublicKey(key.rawBytes),
+            validFor: (date) => {
+                /* istanbul ignore next */
+                return ((key.validFor?.start || BEGINNING_OF_TIME) <= date &&
+                    (key.validFor?.end || END_OF_TIME) >= date);
+            },
+        };
+    };
+}
--- a/node_modules/@sigstore/verify/dist/trust/trust.types.d.ts
+++ b/node_modules/@sigstore/verify/dist/trust/trust.types.d.ts
@@ -0,0 +1,28 @@
+import type { X509Certificate, crypto } from '@sigstore/core';
+export type TLogAuthority = {
+    logID: Buffer;
+    publicKey: crypto.KeyObject;
+    validFor: {
+        start: Date;
+        end: Date;
+    };
+};
+export type CertAuthority = {
+    certChain: X509Certificate[];
+    validFor: {
+        start: Date;
+        end: Date;
+    };
+};
+export type TimeConstrainedKey = {
+    publicKey: crypto.KeyObject;
+    validFor(date: Date): boolean;
+};
+export type KeyFinderFunc = (hint: string) => TimeConstrainedKey;
+export type TrustMaterial = {
+    certificateAuthorities: CertAuthority[];
+    timestampAuthorities: CertAuthority[];
+    tlogs: TLogAuthority[];
+    ctlogs: TLogAuthority[];
+    publicKey: KeyFinderFunc;
+};
--- a/node_modules/@sigstore/verify/dist/trust/trust.types.js
+++ b/node_modules/@sigstore/verify/dist/trust/trust.types.js
@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });