| Server IP : 78.140.185.180 / Your IP : 3.133.100.204 Web Server : LiteSpeed System : Linux cpanel13.v.fozzy.com 4.18.0-513.11.1.lve.el8.x86_64 #1 SMP Thu Jan 18 16:21:02 UTC 2024 x86_64 User : builderbox ( 1072) PHP Version : 7.3.33 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : OFF | Pkexec : OFF Directory : /opt/alt/alt-nodejs19/root/lib/node_modules/npm/node_modules/sigstore/dist/tlog/verify/ |
Upload File : |
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.verifyTLogSET = void 0;
const util_1 = require("../../util");
// Verifies the SET for the given entry against the list of trusted
// transparency logs. Returns true if the SET can be verified against at least
// one of the trusted logs; otherwise, returns false.
function verifyTLogSET(entry, tlogs) {
// Filter the list of tlog instances to only those which might be able to
// verify the SET
const validTLogs = filterTLogInstances(tlogs, entry.logId.keyId, entry.integratedTime);
// Check to see if we can verify the SET against any of the valid tlogs
return validTLogs.some((tlog) => {
if (!tlog.publicKey?.rawBytes) {
return false;
}
const publicKey = util_1.crypto.createPublicKey(tlog.publicKey.rawBytes);
// Re-create the original Rekor verification payload
const payload = toVerificationPayload(entry);
// Canonicalize the payload and turn into a buffer for verification
const data = Buffer.from(util_1.json.canonicalize(payload), 'utf8');
// Extract the SET from the tlog entry
const signature = entry.inclusionPromise.signedEntryTimestamp;
return util_1.crypto.verifyBlob(data, publicKey, signature);
});
}
exports.verifyTLogSET = verifyTLogSET;
// Returns a properly formatted "VerificationPayload" for one of the
// transaction log entires in the given bundle which can be used for SET
// verification.
function toVerificationPayload(entry) {
const { integratedTime, logIndex, logId, canonicalizedBody } = entry;
return {
body: canonicalizedBody.toString('base64'),
integratedTime: Number(integratedTime),
logIndex: Number(logIndex),
logID: logId.keyId.toString('hex'),
};
}
// Filter the list of tlog instances to only those which match the given log
// ID and have public keys which are valid for the given integrated time.
function filterTLogInstances(tlogInstances, logID, integratedTime) {
const targetDate = new Date(Number(integratedTime) * 1000);
return tlogInstances.filter((tlog) => {
// If the log IDs don't match, we can't use this tlog
if (!tlog.logId?.keyId.equals(logID)) {
return false;
}
// If the tlog doesn't have a public key, we can't use it
const publicKey = tlog.publicKey;
if (publicKey === undefined) {
return false;
}
// If the tlog doesn't have a rawBytes field, we can't use it
if (publicKey.rawBytes === undefined) {
return false;
}
// If the tlog doesn't have a validFor field, we don't need to check it
if (publicKey.validFor === undefined) {
return true;
}
// Check that the integrated time is within the validFor range
return (publicKey.validFor.start &&
publicKey.validFor.start <= targetDate &&
(!publicKey.validFor.end || targetDate <= publicKey.validFor.end));
});
}