Skip to content

Commit 812aa6d

Browse files
lukekarryslukekarrys
committed
1 parent 7fab9d3 commit 812aa6d

File tree

21 files changed

+124
-77
lines changed

21 files changed

+124
-77
lines changed

node_modules/@sigstore/bundle/dist/build.js

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@ const bundle_1 = require("./bundle");
2121
// Message signature bundle - $case: 'messageSignature'
2222
function toMessageSignatureBundle(options) {
2323
return {
24-
mediaType: bundle_1.BUNDLE_V01_MEDIA_TYPE,
24+
mediaType: bundle_1.BUNDLE_V02_MEDIA_TYPE,
2525
content: {
2626
$case: 'messageSignature',
2727
messageSignature: {
@@ -39,7 +39,7 @@ exports.toMessageSignatureBundle = toMessageSignatureBundle;
3939
// DSSE envelope bundle - $case: 'dsseEnvelope'
4040
function toDSSEBundle(options) {
4141
return {
42-
mediaType: bundle_1.BUNDLE_V01_MEDIA_TYPE,
42+
mediaType: bundle_1.BUNDLE_V02_MEDIA_TYPE,
4343
content: {
4444
$case: 'dsseEnvelope',
4545
dsseEnvelope: toEnvelope(options),

node_modules/@sigstore/bundle/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
{
22
"name": "@sigstore/bundle",
3-
"version": "2.0.0",
3+
"version": "2.1.0",
44
"description": "Sigstore bundle type",
55
"main": "dist/index.js",
66
"types": "dist/index.d.ts",

node_modules/@sigstore/sign/dist/error.js

Lines changed: 28 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,22 @@
11
"use strict";
2+
/*
3+
Copyright 2023 The Sigstore Authors.
4+
5+
Licensed under the Apache License, Version 2.0 (the "License");
6+
you may not use this file except in compliance with the License.
7+
You may obtain a copy of the License at
8+
9+
http://www.apache.org/licenses/LICENSE-2.0
10+
11+
Unless required by applicable law or agreed to in writing, software
12+
distributed under the License is distributed on an "AS IS" BASIS,
13+
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14+
See the License for the specific language governing permissions and
15+
limitations under the License.
16+
*/
217
Object.defineProperty(exports, "__esModule", { value: true });
3-
exports.InternalError = void 0;
18+
exports.internalError = exports.InternalError = void 0;
19+
const error_1 = require("./external/error");
420
class InternalError extends Error {
521
constructor({ code, message, cause, }) {
622
super(message);
@@ -10,3 +26,14 @@ class InternalError extends Error {
1026
}
1127
}
1228
exports.InternalError = InternalError;
29+
function internalError(err, code, message) {
30+
if (err instanceof error_1.HTTPError) {
31+
message += ` - ${err.message}`;
32+
}
33+
throw new InternalError({
34+
code: code,
35+
message: message,
36+
cause: err,
37+
});
38+
}
39+
exports.internalError = internalError;

node_modules/@sigstore/sign/dist/external/error.js

Lines changed: 24 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -2,20 +2,37 @@
22
Object.defineProperty(exports, "__esModule", { value: true });
33
exports.checkStatus = exports.HTTPError = void 0;
44
class HTTPError extends Error {
5-
constructor(response) {
6-
super(`HTTP Error: ${response.status} ${response.statusText}`);
7-
this.response = response;
8-
this.statusCode = response.status;
9-
this.location = response.headers?.get('Location') || undefined;
5+
constructor({ status, message, location, }) {
6+
super(`(${status}) ${message}`);
7+
this.statusCode = status;
8+
this.location = location;
109
}
1110
}
1211
exports.HTTPError = HTTPError;
13-
const checkStatus = (response) => {
12+
const checkStatus = async (response) => {
1413
if (response.ok) {
1514
return response;
1615
}
1716
else {
18-
throw new HTTPError(response);
17+
let message = response.statusText;
18+
const location = response.headers?.get('Location') || undefined;
19+
const contentType = response.headers?.get('Content-Type');
20+
// If response type is JSON, try to parse the body for a message
21+
if (contentType?.includes('application/json')) {
22+
try {
23+
await response.json().then((body) => {
24+
message = body.message;
25+
});
26+
}
27+
catch (e) {
28+
// ignore
29+
}
30+
}
31+
throw new HTTPError({
32+
status: response.status,
33+
message: message,
34+
location: location,
35+
});
1936
}
2037
};
2138
exports.checkStatus = checkStatus;

node_modules/@sigstore/sign/dist/external/fulcio.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -43,7 +43,7 @@ class Fulcio {
4343
method: 'POST',
4444
body: JSON.stringify(request),
4545
});
46-
(0, error_1.checkStatus)(response);
46+
await (0, error_1.checkStatus)(response);
4747
const data = await response.json();
4848
return data;
4949
}

node_modules/@sigstore/sign/dist/external/rekor.js

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -49,7 +49,7 @@ class Rekor {
4949
headers: { 'Content-Type': 'application/json' },
5050
body: JSON.stringify(propsedEntry),
5151
});
52-
(0, error_1.checkStatus)(response);
52+
await (0, error_1.checkStatus)(response);
5353
const data = await response.json();
5454
return entryFromResponse(data);
5555
}
@@ -61,7 +61,7 @@ class Rekor {
6161
async getEntry(uuid) {
6262
const url = `${this.baseUrl}/api/v1/log/entries/${uuid}`;
6363
const response = await this.fetch(url);
64-
(0, error_1.checkStatus)(response);
64+
await (0, error_1.checkStatus)(response);
6565
const data = await response.json();
6666
return entryFromResponse(data);
6767
}
@@ -77,7 +77,7 @@ class Rekor {
7777
body: JSON.stringify(opts),
7878
headers: { 'Content-Type': 'application/json' },
7979
});
80-
(0, error_1.checkStatus)(response);
80+
await (0, error_1.checkStatus)(response);
8181
const data = await response.json();
8282
return data;
8383
}
@@ -93,7 +93,7 @@ class Rekor {
9393
body: JSON.stringify(opts),
9494
headers: { 'Content-Type': 'application/json' },
9595
});
96-
(0, error_1.checkStatus)(response);
96+
await (0, error_1.checkStatus)(response);
9797
const rawData = await response.json();
9898
const data = rawData.map((d) => entryFromResponse(d));
9999
return data;

node_modules/@sigstore/sign/dist/external/tsa.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -40,7 +40,7 @@ class TimestampAuthority {
4040
method: 'POST',
4141
body: JSON.stringify(request),
4242
});
43-
(0, error_1.checkStatus)(response);
43+
await (0, error_1.checkStatus)(response);
4444
return response.buffer();
4545
}
4646
}

node_modules/@sigstore/sign/dist/index.js

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
"use strict";
22
Object.defineProperty(exports, "__esModule", { value: true });
3-
exports.TSAWitness = exports.RekorWitness = exports.FulcioSigner = exports.CIContextProvider = exports.InternalError = exports.MessageSignatureBundleBuilder = exports.DSSEBundleBuilder = void 0;
3+
exports.TSAWitness = exports.RekorWitness = exports.DEFAULT_REKOR_URL = exports.FulcioSigner = exports.DEFAULT_FULCIO_URL = exports.CIContextProvider = exports.InternalError = exports.MessageSignatureBundleBuilder = exports.DSSEBundleBuilder = void 0;
44
var bundler_1 = require("./bundler");
55
Object.defineProperty(exports, "DSSEBundleBuilder", { enumerable: true, get: function () { return bundler_1.DSSEBundleBuilder; } });
66
Object.defineProperty(exports, "MessageSignatureBundleBuilder", { enumerable: true, get: function () { return bundler_1.MessageSignatureBundleBuilder; } });
@@ -9,7 +9,9 @@ Object.defineProperty(exports, "InternalError", { enumerable: true, get: functio
99
var identity_1 = require("./identity");
1010
Object.defineProperty(exports, "CIContextProvider", { enumerable: true, get: function () { return identity_1.CIContextProvider; } });
1111
var signer_1 = require("./signer");
12+
Object.defineProperty(exports, "DEFAULT_FULCIO_URL", { enumerable: true, get: function () { return signer_1.DEFAULT_FULCIO_URL; } });
1213
Object.defineProperty(exports, "FulcioSigner", { enumerable: true, get: function () { return signer_1.FulcioSigner; } });
1314
var witness_1 = require("./witness");
15+
Object.defineProperty(exports, "DEFAULT_REKOR_URL", { enumerable: true, get: function () { return witness_1.DEFAULT_REKOR_URL; } });
1416
Object.defineProperty(exports, "RekorWitness", { enumerable: true, get: function () { return witness_1.RekorWitness; } });
1517
Object.defineProperty(exports, "TSAWitness", { enumerable: true, get: function () { return witness_1.TSAWitness; } });

node_modules/@sigstore/sign/dist/signer/fulcio/ca.js

Lines changed: 1 addition & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -39,11 +39,7 @@ class CAClient {
3939
return cert.chain.certificates;
4040
}
4141
catch (err) {
42-
throw new error_1.InternalError({
43-
code: 'CA_CREATE_SIGNING_CERTIFICATE_ERROR',
44-
message: 'error creating signing certificate',
45-
cause: err,
46-
});
42+
(0, error_1.internalError)(err, 'CA_CREATE_SIGNING_CERTIFICATE_ERROR', 'error creating signing certificate');
4743
}
4844
}
4945
}

node_modules/@sigstore/sign/dist/signer/fulcio/index.js

Lines changed: 17 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
"use strict";
22
Object.defineProperty(exports, "__esModule", { value: true });
3-
exports.FulcioSigner = void 0;
3+
exports.FulcioSigner = exports.DEFAULT_FULCIO_URL = void 0;
44
/*
55
Copyright 2023 The Sigstore Authors.
66
@@ -20,21 +20,35 @@ const error_1 = require("../../error");
2020
const util_1 = require("../../util");
2121
const ca_1 = require("./ca");
2222
const ephemeral_1 = require("./ephemeral");
23+
exports.DEFAULT_FULCIO_URL = 'https://fulcio.sigstore.dev';
2324
// Signer implementation which can be used to decorate another signer
2425
// with a Fulcio-issued signing certificate for the signer's public key.
2526
// Must be instantiated with an identity provider which can provide a JWT
2627
// which represents the identity to be bound to the signing certificate.
2728
class FulcioSigner {
2829
constructor(options) {
29-
this.ca = new ca_1.CAClient(options);
30+
this.ca = new ca_1.CAClient({
31+
...options,
32+
fulcioBaseURL: options.fulcioBaseURL || /* istanbul ignore next */ exports.DEFAULT_FULCIO_URL,
33+
});
3034
this.identityProvider = options.identityProvider;
3135
this.keyHolder = options.keyHolder || new ephemeral_1.EphemeralSigner();
3236
}
3337
async sign(data) {
3438
// Retrieve identity token from the supplied identity provider
3539
const identityToken = await this.getIdentityToken();
3640
// Extract challenge claim from OIDC token
37-
const subject = util_1.oidc.extractJWTSubject(identityToken);
41+
let subject;
42+
try {
43+
subject = util_1.oidc.extractJWTSubject(identityToken);
44+
}
45+
catch (err) {
46+
throw new error_1.InternalError({
47+
code: 'IDENTITY_TOKEN_PARSE_ERROR',
48+
message: `invalid identity token: ${identityToken}`,
49+
cause: err,
50+
});
51+
}
3852
// Construct challenge value by signing the subject claim
3953
const challenge = await this.keyHolder.sign(Buffer.from(subject));
4054
if (challenge.key.$case !== 'publicKey') {

0 commit comments

Comments
 (0)