@enactprotocol/shared 1.2.5 → 1.2.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/core/EnactCore.js
CHANGED
|
@@ -288,7 +288,10 @@ export class EnactCore {
|
|
|
288
288
|
throw new Error(`Tool ${tool.name} does not have any signatures`);
|
|
289
289
|
}
|
|
290
290
|
const documentForVerification = {
|
|
291
|
-
command: tool.command
|
|
291
|
+
command: tool.command,
|
|
292
|
+
description: tool.description,
|
|
293
|
+
from: tool.from,
|
|
294
|
+
name: tool.name,
|
|
292
295
|
};
|
|
293
296
|
const referenceSignature = {
|
|
294
297
|
signature: tool.signatures[0].value,
|
|
@@ -297,14 +300,14 @@ export class EnactCore {
|
|
|
297
300
|
timestamp: new Date(tool.signatures[0].created).getTime()
|
|
298
301
|
};
|
|
299
302
|
// Check what canonical document looks like
|
|
300
|
-
const canonicalDoc = SigningService.getCanonicalDocument(documentForVerification, { includeFields: ['command'] });
|
|
303
|
+
const canonicalDoc = SigningService.getCanonicalDocument(documentForVerification, { includeFields: ['command', 'description', 'from', 'name'] });
|
|
301
304
|
const docString = JSON.stringify(canonicalDoc);
|
|
302
305
|
const messageHash = CryptoUtils.hash(docString);
|
|
303
306
|
// Test direct crypto verification
|
|
304
307
|
const directVerify = CryptoUtils.verify(referenceSignature.publicKey, messageHash, referenceSignature.signature);
|
|
305
308
|
// Check trusted keys
|
|
306
309
|
// const trustedKeys = KeyManager.getAllTrustedPublicKeys();
|
|
307
|
-
const isValid = SigningService.verifyDocument(documentForVerification, referenceSignature, { includeFields: ['command'] });
|
|
310
|
+
const isValid = SigningService.verifyDocument(documentForVerification, referenceSignature, { includeFields: ['command', 'description', 'from', 'name'] });
|
|
308
311
|
// console.log("Final verification result:", isValid);
|
|
309
312
|
if (!isValid) {
|
|
310
313
|
throw new Error(`Tool ${tool.name} has invalid signatures`);
|
package/package.json
CHANGED
|
@@ -11,8 +11,7 @@ import { parseTimeout } from "../utils/timeout.js";
|
|
|
11
11
|
import fs from "fs/promises";
|
|
12
12
|
import path from "path";
|
|
13
13
|
import crypto from "crypto";
|
|
14
|
-
import {
|
|
15
|
-
import { exit } from "process";
|
|
14
|
+
import { spawnSync } from "child_process";
|
|
16
15
|
|
|
17
16
|
export interface DaggerExecutionOptions {
|
|
18
17
|
baseImage?: string; // Default container image
|
package/src/core/EnactCore.ts
CHANGED
|
@@ -15,8 +15,6 @@ import { DaggerExecutionProvider } from "./DaggerExecutionProvider.js";
|
|
|
15
15
|
import { resolveToolEnvironmentVariables } from "../utils/env-loader.js";
|
|
16
16
|
import logger from "../exec/logger.js";
|
|
17
17
|
import yaml from "yaml";
|
|
18
|
-
import fs from "fs";
|
|
19
|
-
import path from "path";
|
|
20
18
|
import { CryptoUtils, KeyManager, SecurityConfigManager, SigningService } from "@enactprotocol/security";
|
|
21
19
|
import { getFrontendUrl, getApiUrl } from "../utils/config";
|
|
22
20
|
|
|
@@ -420,7 +418,10 @@ private async verifyTool(tool: EnactTool, dangerouslySkipVerification: boolean =
|
|
|
420
418
|
}
|
|
421
419
|
|
|
422
420
|
const documentForVerification = {
|
|
423
|
-
command: tool.command
|
|
421
|
+
command: tool.command,
|
|
422
|
+
description: tool.description,
|
|
423
|
+
from: tool.from,
|
|
424
|
+
name: tool.name,
|
|
424
425
|
};
|
|
425
426
|
|
|
426
427
|
const referenceSignature = {
|
|
@@ -432,7 +433,8 @@ private async verifyTool(tool: EnactTool, dangerouslySkipVerification: boolean =
|
|
|
432
433
|
|
|
433
434
|
|
|
434
435
|
// Check what canonical document looks like
|
|
435
|
-
const canonicalDoc = SigningService.getCanonicalDocument(documentForVerification,
|
|
436
|
+
const canonicalDoc = SigningService.getCanonicalDocument(documentForVerification, { includeFields: ['command', 'description', 'from', 'name'] }
|
|
437
|
+
);
|
|
436
438
|
|
|
437
439
|
const docString = JSON.stringify(canonicalDoc);
|
|
438
440
|
const messageHash = CryptoUtils.hash(docString);
|
|
@@ -451,7 +453,7 @@ private async verifyTool(tool: EnactTool, dangerouslySkipVerification: boolean =
|
|
|
451
453
|
const isValid = SigningService.verifyDocument(
|
|
452
454
|
documentForVerification,
|
|
453
455
|
referenceSignature,
|
|
454
|
-
|
|
456
|
+
{ includeFields: ['command', 'description', 'from', 'name'] }
|
|
455
457
|
);
|
|
456
458
|
|
|
457
459
|
// console.log("Final verification result:", isValid);
|