• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1"use strict";
2Object.defineProperty(exports, "__esModule", { value: true });
3exports.toTrustMaterial = exports.filterTLogAuthorities = exports.filterCertAuthorities = void 0;
4/*
5Copyright 2023 The Sigstore Authors.
6
7Licensed under the Apache License, Version 2.0 (the "License");
8you may not use this file except in compliance with the License.
9You may obtain a copy of the License at
10
11    http://www.apache.org/licenses/LICENSE-2.0
12
13Unless required by applicable law or agreed to in writing, software
14distributed under the License is distributed on an "AS IS" BASIS,
15WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16See the License for the specific language governing permissions and
17limitations under the License.
18*/
19const core_1 = require("@sigstore/core");
20const error_1 = require("../error");
21const BEGINNING_OF_TIME = new Date(0);
22const END_OF_TIME = new Date(8640000000000000);
23var filter_1 = require("./filter");
24Object.defineProperty(exports, "filterCertAuthorities", { enumerable: true, get: function () { return filter_1.filterCertAuthorities; } });
25Object.defineProperty(exports, "filterTLogAuthorities", { enumerable: true, get: function () { return filter_1.filterTLogAuthorities; } });
26function toTrustMaterial(root, keys) {
27    const keyFinder = typeof keys === 'function' ? keys : keyLocator(keys);
28    return {
29        certificateAuthorities: root.certificateAuthorities.map(createCertAuthority),
30        timestampAuthorities: root.timestampAuthorities.map(createCertAuthority),
31        tlogs: root.tlogs.map(createTLogAuthority),
32        ctlogs: root.ctlogs.map(createTLogAuthority),
33        publicKey: keyFinder,
34    };
35}
36exports.toTrustMaterial = toTrustMaterial;
37function createTLogAuthority(tlogInstance) {
38    return {
39        logID: tlogInstance.logId.keyId,
40        publicKey: core_1.crypto.createPublicKey(tlogInstance.publicKey.rawBytes),
41        validFor: {
42            start: tlogInstance.publicKey.validFor?.start || BEGINNING_OF_TIME,
43            end: tlogInstance.publicKey.validFor?.end || END_OF_TIME,
44        },
45    };
46}
47function createCertAuthority(ca) {
48    return {
49        certChain: ca.certChain.certificates.map((cert) => {
50            return core_1.X509Certificate.parse(cert.rawBytes);
51        }),
52        validFor: {
53            start: ca.validFor?.start || BEGINNING_OF_TIME,
54            end: ca.validFor?.end || END_OF_TIME,
55        },
56    };
57}
58function keyLocator(keys) {
59    return (hint) => {
60        const key = (keys || {})[hint];
61        if (!key) {
62            throw new error_1.VerificationError({
63                code: 'PUBLIC_KEY_ERROR',
64                message: `key not found: ${hint}`,
65            });
66        }
67        return {
68            publicKey: core_1.crypto.createPublicKey(key.rawBytes),
69            validFor: (date) => {
70                return ((key.validFor?.start || BEGINNING_OF_TIME) <= date &&
71                    (key.validFor?.end || END_OF_TIME) >= date);
72            },
73        };
74    };
75}
76