+147
-68
lines changedFilter options
+147
-68
lines changed Original file line number Diff line number Diff line change
@@ -21,7 +21,9 @@ const bundle_1 = require("./bundle");
21 21
// Message signature bundle - $case: 'messageSignature'
22 22
function toMessageSignatureBundle(options) {
23 23
return {
24 -
mediaType: bundle_1.BUNDLE_V02_MEDIA_TYPE,
24 +
mediaType: options.singleCertificate
25 +
? bundle_1.BUNDLE_V03_MEDIA_TYPE
26 +
: bundle_1.BUNDLE_V02_MEDIA_TYPE,
25 27
content: {
26 28
$case: 'messageSignature',
27 29
messageSignature: {
@@ -39,7 +41,9 @@ exports.toMessageSignatureBundle = toMessageSignatureBundle;
39 41
// DSSE envelope bundle - $case: 'dsseEnvelope'
40 42
function toDSSEBundle(options) {
41 43
return {
42 -
mediaType: bundle_1.BUNDLE_V02_MEDIA_TYPE,
44 +
mediaType: options.singleCertificate
45 +
? bundle_1.BUNDLE_V03_MEDIA_TYPE
46 +
: bundle_1.BUNDLE_V02_MEDIA_TYPE,
43 47
content: {
44 48
$case: 'dsseEnvelope',
45 49
dsseEnvelope: toEnvelope(options),
@@ -71,12 +75,20 @@ function toVerificationMaterial(options) {
71 75
}
72 76
function toKeyContent(options) {
73 77
if (options.certificate) {
74 -
return {
75 -
$case: 'x509CertificateChain',
76 -
x509CertificateChain: {
77 -
certificates: [{ rawBytes: options.certificate }],
78 -
},
79 -
};
78 +
if (options.singleCertificate) {
79 +
return {
80 +
$case: 'certificate',
81 +
certificate: { rawBytes: options.certificate },
82 +
};
83 +
}
84 +
else {
85 +
return {
86 +
$case: 'x509CertificateChain',
87 +
x509CertificateChain: {
88 +
certificates: [{ rawBytes: options.certificate }],
89 +
},
90 +
};
91 +
}
80 92
}
81 93
else {
82 94
return {
@@ -1,9 +1,10 @@
1 1
"use strict";
2 2
Object.defineProperty(exports, "__esModule", { value: true });
3 -
exports.isBundleWithDsseEnvelope = exports.isBundleWithMessageSignature = exports.isBundleWithPublicKey = exports.isBundleWithCertificateChain = exports.BUNDLE_V03_MEDIA_TYPE = exports.BUNDLE_V02_MEDIA_TYPE = exports.BUNDLE_V01_MEDIA_TYPE = void 0;
3 +
exports.isBundleWithDsseEnvelope = exports.isBundleWithMessageSignature = exports.isBundleWithPublicKey = exports.isBundleWithCertificateChain = exports.BUNDLE_V03_MEDIA_TYPE = exports.BUNDLE_V03_LEGACY_MEDIA_TYPE = exports.BUNDLE_V02_MEDIA_TYPE = exports.BUNDLE_V01_MEDIA_TYPE = void 0;
4 4
exports.BUNDLE_V01_MEDIA_TYPE = 'application/vnd.dev.sigstore.bundle+json;version=0.1';
5 5
exports.BUNDLE_V02_MEDIA_TYPE = 'application/vnd.dev.sigstore.bundle+json;version=0.2';
6 -
exports.BUNDLE_V03_MEDIA_TYPE = 'application/vnd.dev.sigstore.bundle+json;version=0.3';
6 +
exports.BUNDLE_V03_LEGACY_MEDIA_TYPE = 'application/vnd.dev.sigstore.bundle+json;version=0.3';
7 +
exports.BUNDLE_V03_MEDIA_TYPE = 'application/vnd.dev.sigstore.bundle.v0.3+json';
7 8
// Type guards for bundle variants.
8 9
function isBundleWithCertificateChain(b) {
9 10
return b.verificationMaterial.content.$case === 'x509CertificateChain';
@@ -1,6 +1,6 @@
1 1
"use strict";
2 2
Object.defineProperty(exports, "__esModule", { value: true });
3 -
exports.isBundleV01 = exports.assertBundleV02 = exports.assertBundleV01 = exports.assertBundleLatest = exports.assertBundle = exports.envelopeToJSON = exports.envelopeFromJSON = exports.bundleToJSON = exports.bundleFromJSON = exports.ValidationError = exports.isBundleWithPublicKey = exports.isBundleWithMessageSignature = exports.isBundleWithDsseEnvelope = exports.isBundleWithCertificateChain = exports.BUNDLE_V03_MEDIA_TYPE = exports.BUNDLE_V02_MEDIA_TYPE = exports.BUNDLE_V01_MEDIA_TYPE = exports.toMessageSignatureBundle = exports.toDSSEBundle = void 0;
3 +
exports.isBundleV01 = exports.assertBundleV02 = exports.assertBundleV01 = exports.assertBundleLatest = exports.assertBundle = exports.envelopeToJSON = exports.envelopeFromJSON = exports.bundleToJSON = exports.bundleFromJSON = exports.ValidationError = exports.isBundleWithPublicKey = exports.isBundleWithMessageSignature = exports.isBundleWithDsseEnvelope = exports.isBundleWithCertificateChain = exports.BUNDLE_V03_MEDIA_TYPE = exports.BUNDLE_V03_LEGACY_MEDIA_TYPE = exports.BUNDLE_V02_MEDIA_TYPE = exports.BUNDLE_V01_MEDIA_TYPE = exports.toMessageSignatureBundle = exports.toDSSEBundle = void 0;
4 4
/*
5 5
Copyright 2023 The Sigstore Authors.
6 6
@@ -22,6 +22,7 @@ Object.defineProperty(exports, "toMessageSignatureBundle", { enumerable: true, g
22 22
var bundle_1 = require("./bundle");
23 23
Object.defineProperty(exports, "BUNDLE_V01_MEDIA_TYPE", { enumerable: true, get: function () { return bundle_1.BUNDLE_V01_MEDIA_TYPE; } });
24 24
Object.defineProperty(exports, "BUNDLE_V02_MEDIA_TYPE", { enumerable: true, get: function () { return bundle_1.BUNDLE_V02_MEDIA_TYPE; } });
25 +
Object.defineProperty(exports, "BUNDLE_V03_LEGACY_MEDIA_TYPE", { enumerable: true, get: function () { return bundle_1.BUNDLE_V03_LEGACY_MEDIA_TYPE; } });
25 26
Object.defineProperty(exports, "BUNDLE_V03_MEDIA_TYPE", { enumerable: true, get: function () { return bundle_1.BUNDLE_V03_MEDIA_TYPE; } });
26 27
Object.defineProperty(exports, "isBundleWithCertificateChain", { enumerable: true, get: function () { return bundle_1.isBundleWithCertificateChain; } });
27 28
Object.defineProperty(exports, "isBundleWithDsseEnvelope", { enumerable: true, get: function () { return bundle_1.isBundleWithDsseEnvelope; } });
@@ -74,7 +74,8 @@ function validateBundleBase(b) {
74 74
const invalidValues = [];
75 75
// Media type validation
76 76
if (b.mediaType === undefined ||
77 -
!b.mediaType.startsWith('application/vnd.dev.sigstore.bundle+json;version=')) {
77 +
(!b.mediaType.match(/^application\/vnd\.dev\.sigstore\.bundle\+json;version=\d\.\d/) &&
78 +
!b.mediaType.match(/^application\/vnd\.dev\.sigstore\.bundle\.v\d\.\d\+json/))) {
78 79
invalidValues.push('mediaType');
79 80
}
80 81
// Content-related validation
@@ -1,6 +1,6 @@
1 1
{
2 2
"name": "@sigstore/bundle",
3 -
"version": "2.2.0",
3 +
"version": "2.3.1",
4 4
"description": "Sigstore bundle type",
5 5
"main": "dist/index.js",
6 6
"types": "dist/index.d.ts",
@@ -27,7 +27,7 @@
27 27
"provenance": true
28 28
},
29 29
"dependencies": {
30 -
"@sigstore/protobuf-specs": "^0.3.0"
30 +
"@sigstore/protobuf-specs": "^0.3.1"
31 31
},
32 32
"engines": {
33 33
"node": "^16.14.0 || >=18.0.0"
@@ -21,12 +21,12 @@ limitations under the License.
21 21
*/
22 22
const crypto_1 = __importDefault(require("crypto"));
23 23
const SHA256_ALGORITHM = 'sha256';
24 -
function createPublicKey(key) {
24 +
function createPublicKey(key, type = 'spki') {
25 25
if (typeof key === 'string') {
26 26
return crypto_1.default.createPublicKey(key);
27 27
}
28 28
else {
29 -
return crypto_1.default.createPublicKey({ key, format: 'der', type: 'spki' });
29 +
return crypto_1.default.createPublicKey({ key, format: 'der', type: type });
30 30
}
31 31
}
32 32
exports.createPublicKey = createPublicKey;
@@ -1,6 +1,6 @@
1 1
{
2 2
"name": "@sigstore/core",
3 -
"version": "1.0.0",
3 +
"version": "1.1.0",
4 4
"description": "Base library for Sigstore",
5 5
"main": "dist/index.js",
6 6
"types": "dist/index.d.ts",
@@ -1,6 +1,6 @@
1 1
"use strict";
2 2
Object.defineProperty(exports, "__esModule", { value: true });
3 -
exports.TrustedRoot = exports.CertificateAuthority = exports.TransparencyLogInstance = void 0;
3 +
exports.ClientTrustConfig = exports.SigningConfig = exports.TrustedRoot = exports.CertificateAuthority = exports.TransparencyLogInstance = void 0;
4 4
/* eslint-disable */
5 5
const sigstore_common_1 = require("./sigstore_common");
6 6
function createBaseTransparencyLogInstance() {
@@ -98,6 +98,58 @@ exports.TrustedRoot = {
98 98
return obj;
99 99
},
100 100
};
101 +
function createBaseSigningConfig() {
102 +
return { caUrl: "", oidcUrl: "", tlogUrls: [], tsaUrls: [] };
103 +
}
104 +
exports.SigningConfig = {
105 +
fromJSON(object) {
106 +
return {
107 +
caUrl: isSet(object.caUrl) ? String(object.caUrl) : "",
108 +
oidcUrl: isSet(object.oidcUrl) ? String(object.oidcUrl) : "",
109 +
tlogUrls: Array.isArray(object?.tlogUrls) ? object.tlogUrls.map((e) => String(e)) : [],
110 +
tsaUrls: Array.isArray(object?.tsaUrls) ? object.tsaUrls.map((e) => String(e)) : [],
111 +
};
112 +
},
113 +
toJSON(message) {
114 +
const obj = {};
115 +
message.caUrl !== undefined && (obj.caUrl = message.caUrl);
116 +
message.oidcUrl !== undefined && (obj.oidcUrl = message.oidcUrl);
117 +
if (message.tlogUrls) {
118 +
obj.tlogUrls = message.tlogUrls.map((e) => e);
119 +
}
120 +
else {
121 +
obj.tlogUrls = [];
122 +
}
123 +
if (message.tsaUrls) {
124 +
obj.tsaUrls = message.tsaUrls.map((e) => e);
125 +
}
126 +
else {
127 +
obj.tsaUrls = [];
128 +
}
129 +
return obj;
130 +
},
131 +
};
132 +
function createBaseClientTrustConfig() {
133 +
return { mediaType: "", trustedRoot: undefined, signingConfig: undefined };
134 +
}
135 +
exports.ClientTrustConfig = {
136 +
fromJSON(object) {
137 +
return {
138 +
mediaType: isSet(object.mediaType) ? String(object.mediaType) : "",
139 +
trustedRoot: isSet(object.trustedRoot) ? exports.TrustedRoot.fromJSON(object.trustedRoot) : undefined,
140 +
signingConfig: isSet(object.signingConfig) ? exports.SigningConfig.fromJSON(object.signingConfig) : undefined,
141 +
};
142 +
},
143 +
toJSON(message) {
144 +
const obj = {};
145 +
message.mediaType !== undefined && (obj.mediaType = message.mediaType);
146 +
message.trustedRoot !== undefined &&
147 +
(obj.trustedRoot = message.trustedRoot ? exports.TrustedRoot.toJSON(message.trustedRoot) : undefined);
148 +
message.signingConfig !== undefined &&
149 +
(obj.signingConfig = message.signingConfig ? exports.SigningConfig.toJSON(message.signingConfig) : undefined);
150 +
return obj;
151 +
},
152 +
};
101 153
function isSet(value) {
102 154
return value !== null && value !== undefined;
103 155
}
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
1 1
{
2 2
"name": "@sigstore/protobuf-specs",
3 -
"version": "0.3.0",
3 +
"version": "0.3.1",
4 4
"description": "code-signing for npm packages",
5 5
"main": "dist/index.js",
6 6
"types": "dist/index.d.ts",
@@ -21,11 +21,11 @@
21 21
},
22 22
"homepage": "https://github.com/sigstore/protobuf-specs#readme",
23 23
"devDependencies": {
24 -
"@tsconfig/node14": "^1.0.3",
24 +
"@tsconfig/node16": "^16.1.1",
25 25
"@types/node": "^18.14.0",
26 26
"typescript": "^4.9.5"
27 27
},
28 28
"engines": {
29 -
"node": "^14.17.0 || ^16.13.0 || >=18.0.0"
29 +
"node": "^16.14.0 || >=18.0.0"
30 30
}
31 31
}
Original file line number Diff line number Diff line change
@@ -56,7 +56,7 @@ function toMessageSignatureBundle(artifact, signature) {
56 56
}
57 57
exports.toMessageSignatureBundle = toMessageSignatureBundle;
58 58
// DSSE envelope bundle - $case: 'dsseEnvelope'
59 -
function toDSSEBundle(artifact, signature) {
59 +
function toDSSEBundle(artifact, signature, singleCertificate) {
60 60
return sigstore.toDSSEBundle({
61 61
artifact: artifact.data,
62 62
artifactType: artifact.type,
@@ -65,6 +65,7 @@ function toDSSEBundle(artifact, signature) {
65 65
? util_1.pem.toDER(signature.key.certificate)
66 66
: undefined,
67 67
keyHint: signature.key.$case === 'publicKey' ? signature.key.hint : undefined,
68 +
singleCertificate,
68 69
});
69 70
}
70 71
exports.toDSSEBundle = toDSSEBundle;
You can’t perform that action at this time.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4