Server IP : 85.214.239.14 / Your IP : 3.145.45.223 Web Server : Apache/2.4.62 (Debian) System : Linux h2886529.stratoserver.net 4.9.0 #1 SMP Tue Jan 9 19:45:01 MSK 2024 x86_64 User : www-data ( 33) PHP Version : 7.4.18 Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare, MySQL : OFF | cURL : OFF | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : OFF Directory : /lib/node_modules/npm/node_modules/@sigstore/sign/dist/bundler/ |
Upload File : |
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.BaseBundleBuilder = void 0; // BaseBundleBuilder is a base class for BundleBuilder implementations. It // provides a the basic wokflow for signing and witnessing an artifact. // Subclasses must implement the `package` method to assemble a valid bundle // with the generated signature and verification material. class BaseBundleBuilder { constructor(options) { this.signer = options.signer; this.witnesses = options.witnesses; } // Executes the signing/witnessing process for the given artifact. async create(artifact) { const signature = await this.prepare(artifact).then((blob) => this.signer.sign(blob)); const bundle = await this.package(artifact, signature); // Invoke all of the witnesses in parallel const verificationMaterials = await Promise.all(this.witnesses.map((witness) => witness.testify(bundle.content, publicKey(signature.key)))); // Collect the verification material from all of the witnesses const tlogEntryList = []; const timestampList = []; verificationMaterials.forEach(({ tlogEntries, rfc3161Timestamps }) => { tlogEntryList.push(...(tlogEntries ?? [])); timestampList.push(...(rfc3161Timestamps ?? [])); }); // Merge the collected verification material into the bundle bundle.verificationMaterial.tlogEntries = tlogEntryList; bundle.verificationMaterial.timestampVerificationData = { rfc3161Timestamps: timestampList, }; return bundle; } // Override this function to apply any pre-signing transformations to the // artifact. The returned buffer will be signed by the signer. The default // implementation simply returns the artifact data. async prepare(artifact) { return artifact.data; } } exports.BaseBundleBuilder = BaseBundleBuilder; // Extracts the public key from a KeyMaterial. Returns either the public key // or the certificate, depending on the type of key material. function publicKey(key) { switch (key.$case) { case 'publicKey': return key.publicKey; case 'x509Certificate': return key.certificate; } }