Skip to content

Commit dafa903

Browse files
wraithgarwraithgar
committed
1 parent d0bcb76 commit dafa903

37 files changed

Lines changed: 369 additions & 3585 deletions

node_modules/.gitignore

Lines changed: 0 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -44,11 +44,6 @@
4444
!/@sigstore/protobuf-specs
4545
!/@sigstore/sign
4646
!/@sigstore/tuf
47-
!/@sigstore/tuf/node_modules/
48-
/@sigstore/tuf/node_modules/*
49-
!/@sigstore/tuf/node_modules/@sigstore/
50-
/@sigstore/tuf/node_modules/@sigstore/*
51-
!/@sigstore/tuf/node_modules/@sigstore/protobuf-specs
5247
!/@sigstore/verify
5348
!/@tufjs/
5449
/@tufjs/*

node_modules/@sigstore/bundle/dist/bundle.js

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,9 @@
11
"use strict";
22
Object.defineProperty(exports, "__esModule", { value: true });
3-
exports.isBundleWithDsseEnvelope = exports.isBundleWithMessageSignature = exports.isBundleWithPublicKey = exports.isBundleWithCertificateChain = exports.BUNDLE_V02_MEDIA_TYPE = exports.BUNDLE_V01_MEDIA_TYPE = void 0;
3+
exports.isBundleWithDsseEnvelope = exports.isBundleWithMessageSignature = exports.isBundleWithPublicKey = exports.isBundleWithCertificateChain = exports.BUNDLE_V03_MEDIA_TYPE = exports.BUNDLE_V02_MEDIA_TYPE = exports.BUNDLE_V01_MEDIA_TYPE = void 0;
44
exports.BUNDLE_V01_MEDIA_TYPE = 'application/vnd.dev.sigstore.bundle+json;version=0.1';
55
exports.BUNDLE_V02_MEDIA_TYPE = 'application/vnd.dev.sigstore.bundle+json;version=0.2';
6+
exports.BUNDLE_V03_MEDIA_TYPE = 'application/vnd.dev.sigstore.bundle+json;version=0.3';
67
// Type guards for bundle variants.
78
function isBundleWithCertificateChain(b) {
89
return b.verificationMaterial.content.$case === 'x509CertificateChain';

node_modules/@sigstore/bundle/dist/index.js

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
"use strict";
22
Object.defineProperty(exports, "__esModule", { value: true });
3-
exports.isBundleV01 = exports.assertBundleV01 = exports.assertBundleLatest = exports.assertBundle = exports.envelopeToJSON = exports.envelopeFromJSON = exports.bundleToJSON = exports.bundleFromJSON = exports.ValidationError = exports.isBundleWithPublicKey = exports.isBundleWithMessageSignature = exports.isBundleWithDsseEnvelope = exports.isBundleWithCertificateChain = exports.BUNDLE_V02_MEDIA_TYPE = exports.BUNDLE_V01_MEDIA_TYPE = exports.toMessageSignatureBundle = exports.toDSSEBundle = void 0;
3+
exports.isBundleV01 = exports.assertBundleV02 = exports.assertBundleV01 = exports.assertBundleLatest = exports.assertBundle = exports.envelopeToJSON = exports.envelopeFromJSON = exports.bundleToJSON = exports.bundleFromJSON = exports.ValidationError = exports.isBundleWithPublicKey = exports.isBundleWithMessageSignature = exports.isBundleWithDsseEnvelope = exports.isBundleWithCertificateChain = exports.BUNDLE_V03_MEDIA_TYPE = exports.BUNDLE_V02_MEDIA_TYPE = exports.BUNDLE_V01_MEDIA_TYPE = exports.toMessageSignatureBundle = exports.toDSSEBundle = void 0;
44
/*
55
Copyright 2023 The Sigstore Authors.
66
@@ -22,6 +22,7 @@ Object.defineProperty(exports, "toMessageSignatureBundle", { enumerable: true, g
2222
var bundle_1 = require("./bundle");
2323
Object.defineProperty(exports, "BUNDLE_V01_MEDIA_TYPE", { enumerable: true, get: function () { return bundle_1.BUNDLE_V01_MEDIA_TYPE; } });
2424
Object.defineProperty(exports, "BUNDLE_V02_MEDIA_TYPE", { enumerable: true, get: function () { return bundle_1.BUNDLE_V02_MEDIA_TYPE; } });
25+
Object.defineProperty(exports, "BUNDLE_V03_MEDIA_TYPE", { enumerable: true, get: function () { return bundle_1.BUNDLE_V03_MEDIA_TYPE; } });
2526
Object.defineProperty(exports, "isBundleWithCertificateChain", { enumerable: true, get: function () { return bundle_1.isBundleWithCertificateChain; } });
2627
Object.defineProperty(exports, "isBundleWithDsseEnvelope", { enumerable: true, get: function () { return bundle_1.isBundleWithDsseEnvelope; } });
2728
Object.defineProperty(exports, "isBundleWithMessageSignature", { enumerable: true, get: function () { return bundle_1.isBundleWithMessageSignature; } });
@@ -37,4 +38,5 @@ var validate_1 = require("./validate");
3738
Object.defineProperty(exports, "assertBundle", { enumerable: true, get: function () { return validate_1.assertBundle; } });
3839
Object.defineProperty(exports, "assertBundleLatest", { enumerable: true, get: function () { return validate_1.assertBundleLatest; } });
3940
Object.defineProperty(exports, "assertBundleV01", { enumerable: true, get: function () { return validate_1.assertBundleV01; } });
41+
Object.defineProperty(exports, "assertBundleV02", { enumerable: true, get: function () { return validate_1.assertBundleV02; } });
4042
Object.defineProperty(exports, "isBundleV01", { enumerable: true, get: function () { return validate_1.isBundleV01; } });

node_modules/@sigstore/bundle/dist/serialized.js

Lines changed: 10 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -21,12 +21,16 @@ const bundle_1 = require("./bundle");
2121
const validate_1 = require("./validate");
2222
const bundleFromJSON = (obj) => {
2323
const bundle = protobuf_specs_1.Bundle.fromJSON(obj);
24-
(0, validate_1.assertBundle)(bundle);
25-
if (bundle.mediaType === bundle_1.BUNDLE_V01_MEDIA_TYPE) {
26-
(0, validate_1.assertBundleV01)(bundle);
27-
}
28-
else {
29-
(0, validate_1.assertBundleLatest)(bundle);
24+
switch (bundle.mediaType) {
25+
case bundle_1.BUNDLE_V01_MEDIA_TYPE:
26+
(0, validate_1.assertBundleV01)(bundle);
27+
break;
28+
case bundle_1.BUNDLE_V02_MEDIA_TYPE:
29+
(0, validate_1.assertBundleV02)(bundle);
30+
break;
31+
default:
32+
(0, validate_1.assertBundleLatest)(bundle);
33+
break;
3034
}
3135
return bundle;
3236
};

node_modules/@sigstore/bundle/dist/validate.js

Lines changed: 69 additions & 31 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
"use strict";
22
Object.defineProperty(exports, "__esModule", { value: true });
3-
exports.assertBundleLatest = exports.isBundleV01 = exports.assertBundleV01 = exports.assertBundle = void 0;
3+
exports.assertBundleLatest = exports.assertBundleV02 = exports.isBundleV01 = exports.assertBundleV01 = exports.assertBundle = void 0;
44
/*
55
Copyright 2023 The Sigstore Authors.
66
@@ -16,13 +16,61 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
1616
See the License for the specific language governing permissions and
1717
limitations under the License.
1818
*/
19-
const bundle_1 = require("./bundle");
2019
const error_1 = require("./error");
2120
// Performs basic validation of a Sigstore bundle to ensure that all required
2221
// fields are populated. This is not a complete validation of the bundle, but
2322
// rather a check that the bundle is in a valid state to be processed by the
2423
// rest of the code.
2524
function assertBundle(b) {
25+
const invalidValues = validateBundleBase(b);
26+
if (invalidValues.length > 0) {
27+
throw new error_1.ValidationError('invalid bundle', invalidValues);
28+
}
29+
}
30+
exports.assertBundle = assertBundle;
31+
// Asserts that the given bundle conforms to the v0.1 bundle format.
32+
function assertBundleV01(b) {
33+
const invalidValues = [];
34+
invalidValues.push(...validateBundleBase(b));
35+
invalidValues.push(...validateInclusionPromise(b));
36+
if (invalidValues.length > 0) {
37+
throw new error_1.ValidationError('invalid v0.1 bundle', invalidValues);
38+
}
39+
}
40+
exports.assertBundleV01 = assertBundleV01;
41+
// Type guard to determine if Bundle is a v0.1 bundle.
42+
function isBundleV01(b) {
43+
try {
44+
assertBundleV01(b);
45+
return true;
46+
}
47+
catch (e) {
48+
return false;
49+
}
50+
}
51+
exports.isBundleV01 = isBundleV01;
52+
// Asserts that the given bundle conforms to the v0.2 bundle format.
53+
function assertBundleV02(b) {
54+
const invalidValues = [];
55+
invalidValues.push(...validateBundleBase(b));
56+
invalidValues.push(...validateInclusionProof(b));
57+
if (invalidValues.length > 0) {
58+
throw new error_1.ValidationError('invalid v0.2 bundle', invalidValues);
59+
}
60+
}
61+
exports.assertBundleV02 = assertBundleV02;
62+
// Asserts that the given bundle conforms to the newest (0.3) bundle format.
63+
function assertBundleLatest(b) {
64+
const invalidValues = [];
65+
invalidValues.push(...validateBundleBase(b));
66+
invalidValues.push(...validateInclusionProof(b));
67+
invalidValues.push(...validateNoCertificateChain(b));
68+
if (invalidValues.length > 0) {
69+
throw new error_1.ValidationError('invalid bundle', invalidValues);
70+
}
71+
}
72+
exports.assertBundleLatest = assertBundleLatest;
73+
function validateBundleBase(b) {
2674
const invalidValues = [];
2775
// Media type validation
2876
if (b.mediaType === undefined ||
@@ -84,6 +132,11 @@ function assertBundle(b) {
84132
}
85133
});
86134
break;
135+
case 'certificate':
136+
if (b.verificationMaterial.content.certificate.rawBytes.length === 0) {
137+
invalidValues.push('verificationMaterial.content.certificate.rawBytes');
138+
}
139+
break;
87140
}
88141
}
89142
if (b.verificationMaterial.tlogEntries === undefined) {
@@ -102,17 +155,11 @@ function assertBundle(b) {
102155
}
103156
}
104157
}
105-
if (invalidValues.length > 0) {
106-
throw new error_1.ValidationError('invalid bundle', invalidValues);
107-
}
158+
return invalidValues;
108159
}
109-
exports.assertBundle = assertBundle;
110-
// Asserts that the given bundle conforms to the v0.1 bundle format.
111-
function assertBundleV01(b) {
160+
// Necessary for V01 bundles
161+
function validateInclusionPromise(b) {
112162
const invalidValues = [];
113-
if (b.mediaType && b.mediaType !== bundle_1.BUNDLE_V01_MEDIA_TYPE) {
114-
invalidValues.push('mediaType');
115-
}
116163
if (b.verificationMaterial &&
117164
b.verificationMaterial.tlogEntries?.length > 0) {
118165
b.verificationMaterial.tlogEntries.forEach((entry, i) => {
@@ -121,24 +168,10 @@ function assertBundleV01(b) {
121168
}
122169
});
123170
}
124-
if (invalidValues.length > 0) {
125-
throw new error_1.ValidationError('invalid v0.1 bundle', invalidValues);
126-
}
171+
return invalidValues;
127172
}
128-
exports.assertBundleV01 = assertBundleV01;
129-
// Type guard to determine if Bundle is a v0.1 bundle.
130-
function isBundleV01(b) {
131-
try {
132-
assertBundleV01(b);
133-
return true;
134-
}
135-
catch (e) {
136-
return false;
137-
}
138-
}
139-
exports.isBundleV01 = isBundleV01;
140-
// Asserts that the given bundle conforms to the newest (0.2) bundle format.
141-
function assertBundleLatest(b) {
173+
// Necessary for V02 and later bundles
174+
function validateInclusionProof(b) {
142175
const invalidValues = [];
143176
if (b.verificationMaterial &&
144177
b.verificationMaterial.tlogEntries?.length > 0) {
@@ -153,8 +186,13 @@ function assertBundleLatest(b) {
153186
}
154187
});
155188
}
156-
if (invalidValues.length > 0) {
157-
throw new error_1.ValidationError('invalid v0.2 bundle', invalidValues);
189+
return invalidValues;
190+
}
191+
// Necessary for V03 and later bundles
192+
function validateNoCertificateChain(b) {
193+
const invalidValues = [];
194+
if (b.verificationMaterial?.content?.$case === 'x509CertificateChain') {
195+
invalidValues.push('verificationMaterial.content.$case');
158196
}
197+
return invalidValues;
159198
}
160-
exports.assertBundleLatest = assertBundleLatest;

node_modules/@sigstore/bundle/package.json

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
{
22
"name": "@sigstore/bundle",
3-
"version": "2.1.1",
3+
"version": "2.2.0",
44
"description": "Sigstore bundle type",
55
"main": "dist/index.js",
66
"types": "dist/index.d.ts",
@@ -27,7 +27,7 @@
2727
"provenance": true
2828
},
2929
"dependencies": {
30-
"@sigstore/protobuf-specs": "^0.2.1"
30+
"@sigstore/protobuf-specs": "^0.3.0"
3131
},
3232
"engines": {
3333
"node": "^16.14.0 || >=18.0.0"

node_modules/@sigstore/core/dist/asn1/dump.js

Lines changed: 0 additions & 97 deletions
This file was deleted.

node_modules/@sigstore/core/dist/asn1/tag.js

Lines changed: 9 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
"use strict";
22
Object.defineProperty(exports, "__esModule", { value: true });
3-
exports.ASN1Tag = exports.UNIVERSAL_TAG = void 0;
3+
exports.ASN1Tag = void 0;
44
/*
55
Copyright 2023 The Sigstore Authors.
66
@@ -17,7 +17,7 @@ See the License for the specific language governing permissions and
1717
limitations under the License.
1818
*/
1919
const error_1 = require("./error");
20-
exports.UNIVERSAL_TAG = {
20+
const UNIVERSAL_TAG = {
2121
BOOLEAN: 0x01,
2222
INTEGER: 0x02,
2323
BIT_STRING: 0x03,
@@ -59,25 +59,25 @@ class ASN1Tag {
5959
return num !== undefined ? res && this.number === num : res;
6060
}
6161
isBoolean() {
62-
return this.isUniversal() && this.number === exports.UNIVERSAL_TAG.BOOLEAN;
62+
return this.isUniversal() && this.number === UNIVERSAL_TAG.BOOLEAN;
6363
}
6464
isInteger() {
65-
return this.isUniversal() && this.number === exports.UNIVERSAL_TAG.INTEGER;
65+
return this.isUniversal() && this.number === UNIVERSAL_TAG.INTEGER;
6666
}
6767
isBitString() {
68-
return this.isUniversal() && this.number === exports.UNIVERSAL_TAG.BIT_STRING;
68+
return this.isUniversal() && this.number === UNIVERSAL_TAG.BIT_STRING;
6969
}
7070
isOctetString() {
71-
return this.isUniversal() && this.number === exports.UNIVERSAL_TAG.OCTET_STRING;
71+
return this.isUniversal() && this.number === UNIVERSAL_TAG.OCTET_STRING;
7272
}
7373
isOID() {
74-
return (this.isUniversal() && this.number === exports.UNIVERSAL_TAG.OBJECT_IDENTIFIER);
74+
return (this.isUniversal() && this.number === UNIVERSAL_TAG.OBJECT_IDENTIFIER);
7575
}
7676
isUTCTime() {
77-
return this.isUniversal() && this.number === exports.UNIVERSAL_TAG.UTC_TIME;
77+
return this.isUniversal() && this.number === UNIVERSAL_TAG.UTC_TIME;
7878
}
7979
isGeneralizedTime() {
80-
return this.isUniversal() && this.number === exports.UNIVERSAL_TAG.GENERALIZED_TIME;
80+
return this.isUniversal() && this.number === UNIVERSAL_TAG.GENERALIZED_TIME;
8181
}
8282
toDER() {
8383
return this.number | (this.constructed ? 0x20 : 0x00) | (this.class << 6);

node_modules/@sigstore/core/dist/stream.js

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
"use strict";
22
Object.defineProperty(exports, "__esModule", { value: true });
3-
exports.ByteStream = exports.StreamError = void 0;
3+
exports.ByteStream = void 0;
44
/*
55
Copyright 2023 The Sigstore Authors.
66
@@ -18,7 +18,6 @@ limitations under the License.
1818
*/
1919
class StreamError extends Error {
2020
}
21-
exports.StreamError = StreamError;
2221
class ByteStream {
2322
constructor(buffer) {
2423
this.start = 0;

0 commit comments

Comments
 (0)