Эхлэл Бүгдийг харах Тусламж
Бүртгүүлэх Нэвтрэх
hjw
/
myapp
1
0
Салаа 0
Файлууд Асуудлууд 0 Хуулах хүсэлтүүд 0 Мэдлэгийн сан
Мод: 9d3eb606ed
Салаанууд Тагууд
myapp
/
node_modules
/
@sigstore
/
verify
/
dist
/
timestamp
/
set.js

set.js 2.5 KB
Түүх Анхны өгөгдөл

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960 
  1. "use strict";
    2. 

  2. Object.defineProperty(exports, "__esModule", { value: true });
    3. 

  3. exports.verifyTLogSET = verifyTLogSET;
    4. 

  4. /*
    5. 

  5. Copyright 2023 The Sigstore Authors.
    6. 

  6. 

  7. Licensed under the Apache License, Version 2.0 (the "License");
    8. 

  8. you may not use this file except in compliance with the License.
    9. 

  9. You may obtain a copy of the License at
    10. 

  10. 

  11.     http://www.apache.org/licenses/LICENSE-2.0
    12. 

  12. 

  13. Unless required by applicable law or agreed to in writing, software
    14. 

  14. distributed under the License is distributed on an "AS IS" BASIS,
    15. 

  15. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    16. 

  16. See the License for the specific language governing permissions and
    17. 

  17. limitations under the License.
    18. 

  18. */
    19. 

  19. const core_1 = require("@sigstore/core");
    20. 

  20. const error_1 = require("../error");
    21. 

  21. const trust_1 = require("../trust");
    22. 

  22. // Verifies the SET for the given entry against the list of trusted
    23. 

  23. // transparency logs. Returns true if the SET can be verified against at least
    24. 

  24. // one of the trusted logs; otherwise, returns false.
    25. 

  25. function verifyTLogSET(entry, tlogs) {
    26. 

  26.     // Filter the list of tlog instances to only those which might be able to
    27. 

  27.     // verify the SET
    28. 

  28.     const validTLogs = (0, trust_1.filterTLogAuthorities)(tlogs, {
    29. 

  29.         logID: entry.logId.keyId,
    30. 

  30.         targetDate: new Date(Number(entry.integratedTime) * 1000),
    31. 

  31.     });
    32. 

  32.     // Check to see if we can verify the SET against any of the valid tlogs
    33. 

  33.     const verified = validTLogs.some((tlog) => {
    34. 

  34.         // Re-create the original Rekor verification payload
    35. 

  35.         const payload = toVerificationPayload(entry);
    36. 

  36.         // Canonicalize the payload and turn into a buffer for verification
    37. 

  37.         const data = Buffer.from(core_1.json.canonicalize(payload), 'utf8');
    38. 

  38.         // Extract the SET from the tlog entry
    39. 

  39.         const signature = entry.inclusionPromise.signedEntryTimestamp;
    40. 

  40.         return core_1.crypto.verify(data, tlog.publicKey, signature);
    41. 

  41.     });
    42. 

  42.     if (!verified) {
    43. 

  43.         throw new error_1.VerificationError({
    44. 

  44.             code: 'TLOG_INCLUSION_PROMISE_ERROR',
    45. 

  45.             message: 'inclusion promise could not be verified',
    46. 

  46.         });
    47. 

  47.     }
    48. 

  48. }
    49. 

  49. // Returns a properly formatted "VerificationPayload" for one of the
    50. 

  50. // transaction log entires in the given bundle which can be used for SET
    51. 

  51. // verification.
    52. 

  52. function toVerificationPayload(entry) {
    53. 

  53.     const { integratedTime, logIndex, logId, canonicalizedBody } = entry;
    54. 

  54.     return {
    55. 

  55.         body: canonicalizedBody.toString('base64'),
    56. 

  56.         integratedTime: Number(integratedTime),
    57. 

  57.         logIndex: Number(logIndex),
    58. 

  58.         logID: logId.keyId.toString('hex'),
    59. 

  59.     };
    60. 

  60. }
    61.