Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
  • Loading branch information
lukekarrys committed Aug 30, 2023
1 parent 7fab9d3 commit 812aa6d
Show file tree
Hide file tree
Showing 21 changed files with 124 additions and 77 deletions.
4 changes: 2 additions & 2 deletions node_modules/@sigstore/bundle/dist/build.js
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ const bundle_1 = require("./bundle");
// Message signature bundle - $case: 'messageSignature'
function toMessageSignatureBundle(options) {
return {
mediaType: bundle_1.BUNDLE_V01_MEDIA_TYPE,
mediaType: bundle_1.BUNDLE_V02_MEDIA_TYPE,
content: {
$case: 'messageSignature',
messageSignature: {
Expand All @@ -39,7 +39,7 @@ exports.toMessageSignatureBundle = toMessageSignatureBundle;
// DSSE envelope bundle - $case: 'dsseEnvelope'
function toDSSEBundle(options) {
return {
mediaType: bundle_1.BUNDLE_V01_MEDIA_TYPE,
mediaType: bundle_1.BUNDLE_V02_MEDIA_TYPE,
content: {
$case: 'dsseEnvelope',
dsseEnvelope: toEnvelope(options),
Expand Down
2 changes: 1 addition & 1 deletion node_modules/@sigstore/bundle/package.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "@sigstore/bundle",
"version": "2.0.0",
"version": "2.1.0",
"description": "Sigstore bundle type",
"main": "dist/index.js",
"types": "dist/index.d.ts",
Expand Down
29 changes: 28 additions & 1 deletion node_modules/@sigstore/sign/dist/error.js
Original file line number Diff line number Diff line change
@@ -1,6 +1,22 @@
"use strict";
/*
Copyright 2023 The Sigstore Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
Object.defineProperty(exports, "__esModule", { value: true });
exports.InternalError = void 0;
exports.internalError = exports.InternalError = void 0;
const error_1 = require("./external/error");
class InternalError extends Error {
constructor({ code, message, cause, }) {
super(message);
Expand All @@ -10,3 +26,14 @@ class InternalError extends Error {
}
}
exports.InternalError = InternalError;
function internalError(err, code, message) {
if (err instanceof error_1.HTTPError) {
message += ` - ${err.message}`;
}
throw new InternalError({
code: code,
message: message,
cause: err,
});
}
exports.internalError = internalError;
31 changes: 24 additions & 7 deletions node_modules/@sigstore/sign/dist/external/error.js
Original file line number Diff line number Diff line change
Expand Up @@ -2,20 +2,37 @@
Object.defineProperty(exports, "__esModule", { value: true });
exports.checkStatus = exports.HTTPError = void 0;
class HTTPError extends Error {
constructor(response) {
super(`HTTP Error: ${response.status} ${response.statusText}`);
this.response = response;
this.statusCode = response.status;
this.location = response.headers?.get('Location') || undefined;
constructor({ status, message, location, }) {
super(`(${status}) ${message}`);
this.statusCode = status;
this.location = location;
}
}
exports.HTTPError = HTTPError;
const checkStatus = (response) => {
const checkStatus = async (response) => {
if (response.ok) {
return response;
}
else {
throw new HTTPError(response);
let message = response.statusText;
const location = response.headers?.get('Location') || undefined;
const contentType = response.headers?.get('Content-Type');
// If response type is JSON, try to parse the body for a message
if (contentType?.includes('application/json')) {
try {
await response.json().then((body) => {
message = body.message;
});
}
catch (e) {
// ignore
}
}
throw new HTTPError({
status: response.status,
message: message,
location: location,
});
}
};
exports.checkStatus = checkStatus;
2 changes: 1 addition & 1 deletion node_modules/@sigstore/sign/dist/external/fulcio.js
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ class Fulcio {
method: 'POST',
body: JSON.stringify(request),
});
(0, error_1.checkStatus)(response);
await (0, error_1.checkStatus)(response);
const data = await response.json();
return data;
}
Expand Down
8 changes: 4 additions & 4 deletions node_modules/@sigstore/sign/dist/external/rekor.js
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ class Rekor {
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify(propsedEntry),
});
(0, error_1.checkStatus)(response);
await (0, error_1.checkStatus)(response);
const data = await response.json();
return entryFromResponse(data);
}
Expand All @@ -61,7 +61,7 @@ class Rekor {
async getEntry(uuid) {
const url = `${this.baseUrl}/api/v1/log/entries/${uuid}`;
const response = await this.fetch(url);
(0, error_1.checkStatus)(response);
await (0, error_1.checkStatus)(response);
const data = await response.json();
return entryFromResponse(data);
}
Expand All @@ -77,7 +77,7 @@ class Rekor {
body: JSON.stringify(opts),
headers: { 'Content-Type': 'application/json' },
});
(0, error_1.checkStatus)(response);
await (0, error_1.checkStatus)(response);
const data = await response.json();
return data;
}
Expand All @@ -93,7 +93,7 @@ class Rekor {
body: JSON.stringify(opts),
headers: { 'Content-Type': 'application/json' },
});
(0, error_1.checkStatus)(response);
await (0, error_1.checkStatus)(response);
const rawData = await response.json();
const data = rawData.map((d) => entryFromResponse(d));
return data;
Expand Down
2 changes: 1 addition & 1 deletion node_modules/@sigstore/sign/dist/external/tsa.js
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ class TimestampAuthority {
method: 'POST',
body: JSON.stringify(request),
});
(0, error_1.checkStatus)(response);
await (0, error_1.checkStatus)(response);
return response.buffer();
}
}
Expand Down
4 changes: 3 additions & 1 deletion node_modules/@sigstore/sign/dist/index.js
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.TSAWitness = exports.RekorWitness = exports.FulcioSigner = exports.CIContextProvider = exports.InternalError = exports.MessageSignatureBundleBuilder = exports.DSSEBundleBuilder = void 0;
exports.TSAWitness = exports.RekorWitness = exports.DEFAULT_REKOR_URL = exports.FulcioSigner = exports.DEFAULT_FULCIO_URL = exports.CIContextProvider = exports.InternalError = exports.MessageSignatureBundleBuilder = exports.DSSEBundleBuilder = void 0;
var bundler_1 = require("./bundler");
Object.defineProperty(exports, "DSSEBundleBuilder", { enumerable: true, get: function () { return bundler_1.DSSEBundleBuilder; } });
Object.defineProperty(exports, "MessageSignatureBundleBuilder", { enumerable: true, get: function () { return bundler_1.MessageSignatureBundleBuilder; } });
Expand All @@ -9,7 +9,9 @@ Object.defineProperty(exports, "InternalError", { enumerable: true, get: functio
var identity_1 = require("./identity");
Object.defineProperty(exports, "CIContextProvider", { enumerable: true, get: function () { return identity_1.CIContextProvider; } });
var signer_1 = require("./signer");
Object.defineProperty(exports, "DEFAULT_FULCIO_URL", { enumerable: true, get: function () { return signer_1.DEFAULT_FULCIO_URL; } });
Object.defineProperty(exports, "FulcioSigner", { enumerable: true, get: function () { return signer_1.FulcioSigner; } });
var witness_1 = require("./witness");
Object.defineProperty(exports, "DEFAULT_REKOR_URL", { enumerable: true, get: function () { return witness_1.DEFAULT_REKOR_URL; } });
Object.defineProperty(exports, "RekorWitness", { enumerable: true, get: function () { return witness_1.RekorWitness; } });
Object.defineProperty(exports, "TSAWitness", { enumerable: true, get: function () { return witness_1.TSAWitness; } });
6 changes: 1 addition & 5 deletions node_modules/@sigstore/sign/dist/signer/fulcio/ca.js
Original file line number Diff line number Diff line change
Expand Up @@ -39,11 +39,7 @@ class CAClient {
return cert.chain.certificates;
}
catch (err) {
throw new error_1.InternalError({
code: 'CA_CREATE_SIGNING_CERTIFICATE_ERROR',
message: 'error creating signing certificate',
cause: err,
});
(0, error_1.internalError)(err, 'CA_CREATE_SIGNING_CERTIFICATE_ERROR', 'error creating signing certificate');
}
}
}
Expand Down
20 changes: 17 additions & 3 deletions node_modules/@sigstore/sign/dist/signer/fulcio/index.js
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.FulcioSigner = void 0;
exports.FulcioSigner = exports.DEFAULT_FULCIO_URL = void 0;
/*
Copyright 2023 The Sigstore Authors.
Expand All @@ -20,21 +20,35 @@ const error_1 = require("../../error");
const util_1 = require("../../util");
const ca_1 = require("./ca");
const ephemeral_1 = require("./ephemeral");
exports.DEFAULT_FULCIO_URL = 'https://fulcio.sigstore.dev';
// Signer implementation which can be used to decorate another signer
// with a Fulcio-issued signing certificate for the signer's public key.
// Must be instantiated with an identity provider which can provide a JWT
// which represents the identity to be bound to the signing certificate.
class FulcioSigner {
constructor(options) {
this.ca = new ca_1.CAClient(options);
this.ca = new ca_1.CAClient({
...options,
fulcioBaseURL: options.fulcioBaseURL || /* istanbul ignore next */ exports.DEFAULT_FULCIO_URL,
});
this.identityProvider = options.identityProvider;
this.keyHolder = options.keyHolder || new ephemeral_1.EphemeralSigner();
}
async sign(data) {
// Retrieve identity token from the supplied identity provider
const identityToken = await this.getIdentityToken();
// Extract challenge claim from OIDC token
const subject = util_1.oidc.extractJWTSubject(identityToken);
let subject;
try {
subject = util_1.oidc.extractJWTSubject(identityToken);
}
catch (err) {
throw new error_1.InternalError({
code: 'IDENTITY_TOKEN_PARSE_ERROR',
message: `invalid identity token: ${identityToken}`,
cause: err,
});
}
// Construct challenge value by signing the subject claim
const challenge = await this.keyHolder.sign(Buffer.from(subject));
if (challenge.key.$case !== 'publicKey') {
Expand Down
3 changes: 2 additions & 1 deletion node_modules/@sigstore/sign/dist/signer/index.js
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.FulcioSigner = void 0;
exports.FulcioSigner = exports.DEFAULT_FULCIO_URL = void 0;
/*
Copyright 2023 The Sigstore Authors.
Expand All @@ -17,4 +17,5 @@ See the License for the specific language governing permissions and
limitations under the License.
*/
var fulcio_1 = require("./fulcio");
Object.defineProperty(exports, "DEFAULT_FULCIO_URL", { enumerable: true, get: function () { return fulcio_1.DEFAULT_FULCIO_URL; } });
Object.defineProperty(exports, "FulcioSigner", { enumerable: true, get: function () { return fulcio_1.FulcioSigner; } });
3 changes: 2 additions & 1 deletion node_modules/@sigstore/sign/dist/witness/index.js
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.TSAWitness = exports.RekorWitness = void 0;
exports.TSAWitness = exports.RekorWitness = exports.DEFAULT_REKOR_URL = void 0;
/*
Copyright 2023 The Sigstore Authors.
Expand All @@ -17,6 +17,7 @@ See the License for the specific language governing permissions and
limitations under the License.
*/
var tlog_1 = require("./tlog");
Object.defineProperty(exports, "DEFAULT_REKOR_URL", { enumerable: true, get: function () { return tlog_1.DEFAULT_REKOR_URL; } });
Object.defineProperty(exports, "RekorWitness", { enumerable: true, get: function () { return tlog_1.RekorWitness; } });
var tsa_1 = require("./tsa");
Object.defineProperty(exports, "TSAWitness", { enumerable: true, get: function () { return tsa_1.TSAWitness; } });
12 changes: 2 additions & 10 deletions node_modules/@sigstore/sign/dist/witness/tlog/client.js
Original file line number Diff line number Diff line change
Expand Up @@ -43,19 +43,11 @@ class TLogClient {
entry = await this.rekor.getEntry(uuid);
}
catch (err) {
throw new error_1.InternalError({
code: 'TLOG_FETCH_ENTRY_ERROR',
message: 'error fetching tlog entry',
cause: err,
});
(0, error_1.internalError)(err, 'TLOG_FETCH_ENTRY_ERROR', 'error fetching tlog entry');
}
}
else {
throw new error_1.InternalError({
code: 'TLOG_CREATE_ENTRY_ERROR',
message: 'error creating tlog entry',
cause: err,
});
(0, error_1.internalError)(err, 'TLOG_CREATE_ENTRY_ERROR', 'error creating tlog entry');
}
}
return entry;
Expand Down
8 changes: 6 additions & 2 deletions node_modules/@sigstore/sign/dist/witness/tlog/index.js
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.RekorWitness = void 0;
exports.RekorWitness = exports.DEFAULT_REKOR_URL = void 0;
/*
Copyright 2023 The Sigstore Authors.
Expand All @@ -19,9 +19,13 @@ limitations under the License.
const util_1 = require("../../util");
const client_1 = require("./client");
const entry_1 = require("./entry");
exports.DEFAULT_REKOR_URL = 'https://rekor.sigstore.dev';
class RekorWitness {
constructor(options) {
this.tlog = new client_1.TLogClient(options);
this.tlog = new client_1.TLogClient({
...options,
rekorBaseURL: options.rekorBaseURL || /* istanbul ignore next */ exports.DEFAULT_REKOR_URL,
});
}
async testify(content, publicKey) {
const proposedEntry = (0, entry_1.toProposedEntry)(content, publicKey);
Expand Down
6 changes: 1 addition & 5 deletions node_modules/@sigstore/sign/dist/witness/tsa/client.js
Original file line number Diff line number Diff line change
Expand Up @@ -36,11 +36,7 @@ class TSAClient {
return await this.tsa.createTimestamp(request);
}
catch (err) {
throw new error_1.InternalError({
code: 'TSA_CREATE_TIMESTAMP_ERROR',
message: 'error creating timestamp',
cause: err,
});
(0, error_1.internalError)(err, 'TSA_CREATE_TIMESTAMP_ERROR', 'error creating timestamp');
}
}
}
Expand Down
6 changes: 3 additions & 3 deletions node_modules/@sigstore/sign/package.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "@sigstore/sign",
"version": "2.0.0",
"version": "2.1.0",
"description": "Sigstore signing library",
"main": "dist/index.js",
"types": "dist/index.d.ts",
Expand All @@ -27,12 +27,12 @@
},
"devDependencies": {
"@sigstore/jest": "^0.0.0",
"@sigstore/mock": "^0.3.0",
"@sigstore/mock": "^0.4.0",
"@sigstore/rekor-types": "^2.0.0",
"@types/make-fetch-happen": "^10.0.0"
},
"dependencies": {
"@sigstore/bundle": "^2.0.0",
"@sigstore/bundle": "^2.1.0",
"@sigstore/protobuf-specs": "^0.2.1",
"make-fetch-happen": "^13.0.0"
},
Expand Down
8 changes: 3 additions & 5 deletions node_modules/sigstore/dist/config.js
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ var __importStar = (this && this.__importStar) || function (mod) {
return result;
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.artifactVerificationOptions = exports.createBundleBuilder = exports.DEFAULT_TIMEOUT = exports.DEFAULT_RETRY = exports.DEFAULT_REKOR_URL = exports.DEFAULT_FULCIO_URL = void 0;
exports.artifactVerificationOptions = exports.createBundleBuilder = exports.DEFAULT_TIMEOUT = exports.DEFAULT_RETRY = void 0;
/*
Copyright 2023 The Sigstore Authors.
Expand All @@ -41,8 +41,6 @@ limitations under the License.
*/
const sign_1 = require("@sigstore/sign");
const sigstore = __importStar(require("./types/sigstore"));
exports.DEFAULT_FULCIO_URL = 'https://fulcio.sigstore.dev';
exports.DEFAULT_REKOR_URL = 'https://rekor.sigstore.dev';
exports.DEFAULT_RETRY = { retries: 2 };
exports.DEFAULT_TIMEOUT = 5000;
function createBundleBuilder(bundleType, options) {
Expand All @@ -61,7 +59,7 @@ exports.createBundleBuilder = createBundleBuilder;
// Instantiate the FulcioSigner based on the supplied options.
function initSigner(options) {
return new sign_1.FulcioSigner({
fulcioBaseURL: options.fulcioURL || exports.DEFAULT_FULCIO_URL,
fulcioBaseURL: options.fulcioURL,
identityProvider: options.identityProvider || initIdentityProvider(options),
retry: options.retry ?? exports.DEFAULT_RETRY,
timeout: options.timeout ?? exports.DEFAULT_TIMEOUT,
Expand All @@ -84,7 +82,7 @@ function initWitnesses(options) {
const witnesses = [];
if (isRekorEnabled(options)) {
witnesses.push(new sign_1.RekorWitness({
rekorBaseURL: options.rekorURL || exports.DEFAULT_REKOR_URL,
rekorBaseURL: options.rekorURL,
fetchOnConflict: false,
retry: options.retry ?? exports.DEFAULT_RETRY,
timeout: options.timeout ?? exports.DEFAULT_TIMEOUT,
Expand Down
Loading

0 comments on commit 812aa6d

Please sign in to comment.