1"use strict"; 2var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) { 3 if (k2 === undefined) k2 = k; 4 var desc = Object.getOwnPropertyDescriptor(m, k); 5 if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) { 6 desc = { enumerable: true, get: function() { return m[k]; } }; 7 } 8 Object.defineProperty(o, k2, desc); 9}) : (function(o, m, k, k2) { 10 if (k2 === undefined) k2 = k; 11 o[k2] = m[k]; 12})); 13var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) { 14 Object.defineProperty(o, "default", { enumerable: true, value: v }); 15}) : function(o, v) { 16 o["default"] = v; 17}); 18var __importStar = (this && this.__importStar) || function (mod) { 19 if (mod && mod.__esModule) return mod; 20 var result = {}; 21 if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k); 22 __setModuleDefault(result, mod); 23 return result; 24}; 25Object.defineProperty(exports, "__esModule", { value: true }); 26exports.createVerifier = exports.verify = exports.attest = exports.sign = void 0; 27/* 28Copyright 2023 The Sigstore Authors. 29 30Licensed under the Apache License, Version 2.0 (the "License"); 31you may not use this file except in compliance with the License. 32You may obtain a copy of the License at 33 34 http://www.apache.org/licenses/LICENSE-2.0 35 36Unless required by applicable law or agreed to in writing, software 37distributed under the License is distributed on an "AS IS" BASIS, 38WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 39See the License for the specific language governing permissions and 40limitations under the License. 41*/ 42const bundle_1 = require("@sigstore/bundle"); 43const tuf = __importStar(require("@sigstore/tuf")); 44const verify_1 = require("@sigstore/verify"); 45const config = __importStar(require("./config")); 46async function sign(payload, 47/* istanbul ignore next */ 48options = {}) { 49 const bundler = config.createBundleBuilder('messageSignature', options); 50 const bundle = await bundler.create({ data: payload }); 51 return (0, bundle_1.bundleToJSON)(bundle); 52} 53exports.sign = sign; 54async function attest(payload, payloadType, 55/* istanbul ignore next */ 56options = {}) { 57 const bundler = config.createBundleBuilder('dsseEnvelope', options); 58 const bundle = await bundler.create({ data: payload, type: payloadType }); 59 return (0, bundle_1.bundleToJSON)(bundle); 60} 61exports.attest = attest; 62async function verify(bundle, dataOrOptions, options) { 63 let data; 64 if (Buffer.isBuffer(dataOrOptions)) { 65 data = dataOrOptions; 66 } 67 else { 68 options = dataOrOptions; 69 } 70 return createVerifier(options).then((verifier) => verifier.verify(bundle, data)); 71} 72exports.verify = verify; 73async function createVerifier( 74/* istanbul ignore next */ 75options = {}) { 76 const trustedRoot = await tuf.getTrustedRoot({ 77 mirrorURL: options.tufMirrorURL, 78 rootPath: options.tufRootPath, 79 cachePath: options.tufCachePath, 80 forceCache: options.tufForceCache, 81 retry: options.retry ?? config.DEFAULT_RETRY, 82 timeout: options.timeout ?? config.DEFAULT_TIMEOUT, 83 }); 84 const keyFinder = options.keySelector 85 ? config.createKeyFinder(options.keySelector) 86 : undefined; 87 const trustMaterial = (0, verify_1.toTrustMaterial)(trustedRoot, keyFinder); 88 const verifierOptions = { 89 ctlogThreshold: options.ctLogThreshold, 90 tlogThreshold: options.tlogThreshold, 91 }; 92 const verifier = new verify_1.Verifier(trustMaterial, verifierOptions); 93 const policy = config.createVerificationPolicy(options); 94 return { 95 verify: (bundle, payload) => { 96 const deserializedBundle = (0, bundle_1.bundleFromJSON)(bundle); 97 const signedEntity = (0, verify_1.toSignedEntity)(deserializedBundle, payload); 98 verifier.verify(signedEntity, policy); 99 return; 100 }, 101 }; 102} 103exports.createVerifier = createVerifier; 104