1"use strict"; 2Object.defineProperty(exports, "__esModule", { value: true }); 3exports.BaseBundleBuilder = void 0; 4// BaseBundleBuilder is a base class for BundleBuilder implementations. It 5// provides a the basic wokflow for signing and witnessing an artifact. 6// Subclasses must implement the `package` method to assemble a valid bundle 7// with the generated signature and verification material. 8class BaseBundleBuilder { 9 constructor(options) { 10 this.signer = options.signer; 11 this.witnesses = options.witnesses; 12 } 13 // Executes the signing/witnessing process for the given artifact. 14 async create(artifact) { 15 const signature = await this.prepare(artifact).then((blob) => this.signer.sign(blob)); 16 const bundle = await this.package(artifact, signature); 17 // Invoke all of the witnesses in parallel 18 const verificationMaterials = await Promise.all(this.witnesses.map((witness) => witness.testify(bundle.content, publicKey(signature.key)))); 19 // Collect the verification material from all of the witnesses 20 const tlogEntryList = []; 21 const timestampList = []; 22 verificationMaterials.forEach(({ tlogEntries, rfc3161Timestamps }) => { 23 tlogEntryList.push(...(tlogEntries ?? [])); 24 timestampList.push(...(rfc3161Timestamps ?? [])); 25 }); 26 // Merge the collected verification material into the bundle 27 bundle.verificationMaterial.tlogEntries = tlogEntryList; 28 bundle.verificationMaterial.timestampVerificationData = { 29 rfc3161Timestamps: timestampList, 30 }; 31 return bundle; 32 } 33 // Override this function to apply any pre-signing transformations to the 34 // artifact. The returned buffer will be signed by the signer. The default 35 // implementation simply returns the artifact data. 36 async prepare(artifact) { 37 return artifact.data; 38 } 39} 40exports.BaseBundleBuilder = BaseBundleBuilder; 41// Extracts the public key from a KeyMaterial. Returns either the public key 42// or the certificate, depending on the type of key material. 43function publicKey(key) { 44 switch (key.$case) { 45 case 'publicKey': 46 return key.publicKey; 47 case 'x509Certificate': 48 return key.certificate; 49 } 50} 51