@enactprotocol/trust 2.0.0 → 2.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/hash.d.ts +53 -0
- package/dist/hash.d.ts.map +1 -0
- package/dist/hash.js +104 -0
- package/dist/hash.js.map +1 -0
- package/dist/index.d.ts +12 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +14 -0
- package/dist/index.js.map +1 -0
- package/dist/keys.d.ts +41 -0
- package/dist/keys.d.ts.map +1 -0
- package/dist/keys.js +130 -0
- package/dist/keys.js.map +1 -0
- package/dist/sigstore/attestation.d.ts +245 -0
- package/dist/sigstore/attestation.d.ts.map +1 -0
- package/dist/sigstore/attestation.js +324 -0
- package/dist/sigstore/attestation.js.map +1 -0
- package/dist/sigstore/cosign.d.ts +90 -0
- package/dist/sigstore/cosign.d.ts.map +1 -0
- package/dist/sigstore/cosign.js +457 -0
- package/dist/sigstore/cosign.js.map +1 -0
- package/dist/sigstore/index.d.ts +17 -0
- package/dist/sigstore/index.d.ts.map +1 -0
- package/dist/sigstore/index.js +21 -0
- package/dist/sigstore/index.js.map +1 -0
- package/dist/sigstore/oauth/client.d.ts +38 -0
- package/dist/sigstore/oauth/client.d.ts.map +1 -0
- package/dist/sigstore/oauth/client.js +71 -0
- package/dist/sigstore/oauth/client.js.map +1 -0
- package/dist/sigstore/oauth/index.d.ts +47 -0
- package/dist/sigstore/oauth/index.d.ts.map +1 -0
- package/dist/sigstore/oauth/index.js +66 -0
- package/dist/sigstore/oauth/index.js.map +1 -0
- package/dist/sigstore/oauth/server.d.ts +29 -0
- package/dist/sigstore/oauth/server.d.ts.map +1 -0
- package/dist/sigstore/oauth/server.js +145 -0
- package/dist/sigstore/oauth/server.js.map +1 -0
- package/dist/sigstore/policy.d.ts +85 -0
- package/dist/sigstore/policy.d.ts.map +1 -0
- package/dist/sigstore/policy.js +351 -0
- package/dist/sigstore/policy.js.map +1 -0
- package/dist/sigstore/signing.d.ts +94 -0
- package/dist/sigstore/signing.d.ts.map +1 -0
- package/dist/sigstore/signing.js +477 -0
- package/dist/sigstore/signing.js.map +1 -0
- package/dist/sigstore/types.d.ts +541 -0
- package/dist/sigstore/types.d.ts.map +1 -0
- package/dist/sigstore/types.js +5 -0
- package/dist/sigstore/types.js.map +1 -0
- package/dist/sigstore/verification.d.ts +66 -0
- package/dist/sigstore/verification.d.ts.map +1 -0
- package/dist/sigstore/verification.js +317 -0
- package/dist/sigstore/verification.js.map +1 -0
- package/dist/types.d.ts +61 -0
- package/dist/types.d.ts.map +1 -0
- package/dist/types.js +5 -0
- package/dist/types.js.map +1 -0
- package/package.json +1 -1
|
@@ -0,0 +1,317 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Sigstore verification module
|
|
3
|
+
*
|
|
4
|
+
* This module provides verification capabilities for Sigstore bundles and attestations.
|
|
5
|
+
* It verifies signatures, certificates, and transparency log entries.
|
|
6
|
+
*
|
|
7
|
+
* NOTE: This implementation bypasses TUF (The Update Framework) and uses bundled trusted
|
|
8
|
+
* roots directly. This is necessary for Bun compatibility because TUF verification fails
|
|
9
|
+
* with BoringSSL's stricter signature algorithm requirements.
|
|
10
|
+
*/
|
|
11
|
+
import * as fs from "node:fs";
|
|
12
|
+
import * as path from "node:path";
|
|
13
|
+
import { bundleFromJSON } from "@sigstore/bundle";
|
|
14
|
+
import { TrustedRoot } from "@sigstore/protobuf-specs";
|
|
15
|
+
import { Verifier, toSignedEntity, toTrustMaterial } from "@sigstore/verify";
|
|
16
|
+
import { extractIdentityFromBundle } from "./signing";
|
|
17
|
+
// ============================================================================
|
|
18
|
+
// Constants
|
|
19
|
+
// ============================================================================
|
|
20
|
+
/**
|
|
21
|
+
* Get the path to bundled TUF seeds
|
|
22
|
+
* We need to navigate from the @sigstore/tuf main entry point to find seeds.json
|
|
23
|
+
*/
|
|
24
|
+
function getTufSeedsPath() {
|
|
25
|
+
// The package.json main points to dist/index.js, but seeds.json is at package root
|
|
26
|
+
const tufPkgPath = require.resolve("@sigstore/tuf/package.json");
|
|
27
|
+
return path.join(path.dirname(tufPkgPath), "seeds.json");
|
|
28
|
+
}
|
|
29
|
+
// ============================================================================
|
|
30
|
+
// Trusted Root Management
|
|
31
|
+
// ============================================================================
|
|
32
|
+
/**
|
|
33
|
+
* Load the trusted root from bundled TUF seeds
|
|
34
|
+
* This bypasses TUF's online verification which fails with BoringSSL
|
|
35
|
+
*/
|
|
36
|
+
async function loadTrustedRoot() {
|
|
37
|
+
const seedsPath = getTufSeedsPath();
|
|
38
|
+
const seeds = JSON.parse(fs.readFileSync(seedsPath, "utf8"));
|
|
39
|
+
const seedData = seeds["https://tuf-repo-cdn.sigstore.dev"];
|
|
40
|
+
const trustedRootB64 = seedData.targets["trusted_root.json"];
|
|
41
|
+
const trustedRootJson = JSON.parse(Buffer.from(trustedRootB64, "base64").toString());
|
|
42
|
+
return TrustedRoot.fromJSON(trustedRootJson);
|
|
43
|
+
}
|
|
44
|
+
/**
|
|
45
|
+
* Create trust material from the bundled trusted root
|
|
46
|
+
*/
|
|
47
|
+
async function createTrustMaterial() {
|
|
48
|
+
const trustedRoot = await loadTrustedRoot();
|
|
49
|
+
return toTrustMaterial(trustedRoot);
|
|
50
|
+
}
|
|
51
|
+
// ============================================================================
|
|
52
|
+
// Verification Functions
|
|
53
|
+
// ============================================================================
|
|
54
|
+
/**
|
|
55
|
+
* Verify a Sigstore bundle
|
|
56
|
+
*
|
|
57
|
+
* @param bundle - The Sigstore bundle to verify
|
|
58
|
+
* @param artifact - Optional artifact data (for message signature bundles)
|
|
59
|
+
* @param options - Verification options
|
|
60
|
+
* @returns Verification result with detailed checks
|
|
61
|
+
*
|
|
62
|
+
* @example
|
|
63
|
+
* ```ts
|
|
64
|
+
* const result = await verifyBundle(bundle, artifact, {
|
|
65
|
+
* expectedIdentity: {
|
|
66
|
+
* subjectAlternativeName: "user@example.com",
|
|
67
|
+
* issuer: "https://accounts.google.com"
|
|
68
|
+
* }
|
|
69
|
+
* });
|
|
70
|
+
* if (result.verified) {
|
|
71
|
+
* console.log("Bundle verified successfully");
|
|
72
|
+
* }
|
|
73
|
+
* ```
|
|
74
|
+
*/
|
|
75
|
+
export async function verifyBundle(bundle, artifact, options = {}) {
|
|
76
|
+
const details = {
|
|
77
|
+
signatureValid: false,
|
|
78
|
+
certificateValid: false,
|
|
79
|
+
certificateWithinValidity: false,
|
|
80
|
+
rekorEntryValid: false,
|
|
81
|
+
inclusionProofValid: false,
|
|
82
|
+
errors: [],
|
|
83
|
+
};
|
|
84
|
+
try {
|
|
85
|
+
// Create trust material from bundled roots
|
|
86
|
+
const trustMaterial = await createTrustMaterial();
|
|
87
|
+
// Create verifier
|
|
88
|
+
const verifier = new Verifier(trustMaterial);
|
|
89
|
+
// Convert bundle to proper format
|
|
90
|
+
const parsedBundle = bundleFromJSON(bundle);
|
|
91
|
+
const signedEntity = toSignedEntity(parsedBundle, artifact);
|
|
92
|
+
// Perform verification
|
|
93
|
+
verifier.verify(signedEntity);
|
|
94
|
+
// If we get here, verification passed
|
|
95
|
+
details.signatureValid = true;
|
|
96
|
+
details.certificateValid = true;
|
|
97
|
+
details.certificateWithinValidity = true;
|
|
98
|
+
details.rekorEntryValid = true;
|
|
99
|
+
details.inclusionProofValid = true;
|
|
100
|
+
// Extract identity from bundle
|
|
101
|
+
const identity = extractIdentityFromBundle(bundle);
|
|
102
|
+
// Check identity if expected identity is provided
|
|
103
|
+
if (options.expectedIdentity) {
|
|
104
|
+
details.identityMatches = matchesExpectedIdentity(identity, options.expectedIdentity);
|
|
105
|
+
if (!details.identityMatches) {
|
|
106
|
+
details.errors.push("Identity does not match expected values");
|
|
107
|
+
const result = {
|
|
108
|
+
verified: false,
|
|
109
|
+
error: "Identity mismatch",
|
|
110
|
+
details,
|
|
111
|
+
};
|
|
112
|
+
if (identity)
|
|
113
|
+
result.identity = identity;
|
|
114
|
+
const timestamp = extractTimestampFromBundle(bundle);
|
|
115
|
+
if (timestamp)
|
|
116
|
+
result.timestamp = timestamp;
|
|
117
|
+
return result;
|
|
118
|
+
}
|
|
119
|
+
}
|
|
120
|
+
const result = {
|
|
121
|
+
verified: true,
|
|
122
|
+
details,
|
|
123
|
+
};
|
|
124
|
+
if (identity)
|
|
125
|
+
result.identity = identity;
|
|
126
|
+
const timestamp = extractTimestampFromBundle(bundle);
|
|
127
|
+
if (timestamp)
|
|
128
|
+
result.timestamp = timestamp;
|
|
129
|
+
return result;
|
|
130
|
+
}
|
|
131
|
+
catch (error) {
|
|
132
|
+
const errorMessage = error instanceof Error ? error.message : String(error);
|
|
133
|
+
details.errors.push(errorMessage);
|
|
134
|
+
// Try to determine which check failed based on error message
|
|
135
|
+
categorizeVerificationError(errorMessage, details);
|
|
136
|
+
return {
|
|
137
|
+
verified: false,
|
|
138
|
+
error: errorMessage,
|
|
139
|
+
details,
|
|
140
|
+
};
|
|
141
|
+
}
|
|
142
|
+
}
|
|
143
|
+
/**
|
|
144
|
+
* Create a reusable verifier for multiple verifications
|
|
145
|
+
*
|
|
146
|
+
* @param options - Verification options
|
|
147
|
+
* @returns A verifier object that can verify multiple bundles
|
|
148
|
+
*
|
|
149
|
+
* @example
|
|
150
|
+
* ```ts
|
|
151
|
+
* const verifier = await createBundleVerifier({
|
|
152
|
+
* expectedIdentity: { issuer: "https://accounts.google.com" }
|
|
153
|
+
* });
|
|
154
|
+
*
|
|
155
|
+
* // Verify multiple bundles efficiently
|
|
156
|
+
* for (const bundle of bundles) {
|
|
157
|
+
* verifier.verify(bundle);
|
|
158
|
+
* }
|
|
159
|
+
* ```
|
|
160
|
+
*/
|
|
161
|
+
export async function createBundleVerifier(options = {}) {
|
|
162
|
+
// Create trust material once and reuse
|
|
163
|
+
const trustMaterial = await createTrustMaterial();
|
|
164
|
+
const verifier = new Verifier(trustMaterial);
|
|
165
|
+
return {
|
|
166
|
+
/**
|
|
167
|
+
* Verify a bundle using the cached verifier
|
|
168
|
+
*/
|
|
169
|
+
verify: async (bundle, artifact) => {
|
|
170
|
+
const details = {
|
|
171
|
+
signatureValid: false,
|
|
172
|
+
certificateValid: false,
|
|
173
|
+
certificateWithinValidity: false,
|
|
174
|
+
rekorEntryValid: false,
|
|
175
|
+
inclusionProofValid: false,
|
|
176
|
+
errors: [],
|
|
177
|
+
};
|
|
178
|
+
try {
|
|
179
|
+
// Convert bundle to proper format
|
|
180
|
+
const parsedBundle = bundleFromJSON(bundle);
|
|
181
|
+
const signedEntity = toSignedEntity(parsedBundle, artifact);
|
|
182
|
+
// Perform verification
|
|
183
|
+
verifier.verify(signedEntity);
|
|
184
|
+
details.signatureValid = true;
|
|
185
|
+
details.certificateValid = true;
|
|
186
|
+
details.certificateWithinValidity = true;
|
|
187
|
+
details.rekorEntryValid = true;
|
|
188
|
+
details.inclusionProofValid = true;
|
|
189
|
+
const identity = extractIdentityFromBundle(bundle);
|
|
190
|
+
if (options.expectedIdentity) {
|
|
191
|
+
details.identityMatches = matchesExpectedIdentity(identity, options.expectedIdentity);
|
|
192
|
+
if (!details.identityMatches) {
|
|
193
|
+
details.errors.push("Identity does not match expected values");
|
|
194
|
+
const result = {
|
|
195
|
+
verified: false,
|
|
196
|
+
error: "Identity mismatch",
|
|
197
|
+
details,
|
|
198
|
+
};
|
|
199
|
+
if (identity)
|
|
200
|
+
result.identity = identity;
|
|
201
|
+
const timestamp = extractTimestampFromBundle(bundle);
|
|
202
|
+
if (timestamp)
|
|
203
|
+
result.timestamp = timestamp;
|
|
204
|
+
return result;
|
|
205
|
+
}
|
|
206
|
+
}
|
|
207
|
+
const result = {
|
|
208
|
+
verified: true,
|
|
209
|
+
details,
|
|
210
|
+
};
|
|
211
|
+
if (identity)
|
|
212
|
+
result.identity = identity;
|
|
213
|
+
const timestamp = extractTimestampFromBundle(bundle);
|
|
214
|
+
if (timestamp)
|
|
215
|
+
result.timestamp = timestamp;
|
|
216
|
+
return result;
|
|
217
|
+
}
|
|
218
|
+
catch (error) {
|
|
219
|
+
const errorMessage = error instanceof Error ? error.message : String(error);
|
|
220
|
+
details.errors.push(errorMessage);
|
|
221
|
+
categorizeVerificationError(errorMessage, details);
|
|
222
|
+
return {
|
|
223
|
+
verified: false,
|
|
224
|
+
error: errorMessage,
|
|
225
|
+
details,
|
|
226
|
+
};
|
|
227
|
+
}
|
|
228
|
+
},
|
|
229
|
+
};
|
|
230
|
+
}
|
|
231
|
+
/**
|
|
232
|
+
* Quick verification check - returns boolean only
|
|
233
|
+
*
|
|
234
|
+
* @param bundle - The Sigstore bundle to verify
|
|
235
|
+
* @param artifact - Optional artifact data
|
|
236
|
+
* @returns True if verification passes, false otherwise
|
|
237
|
+
*/
|
|
238
|
+
export async function isVerified(bundle, artifact) {
|
|
239
|
+
try {
|
|
240
|
+
const trustMaterial = await createTrustMaterial();
|
|
241
|
+
const verifier = new Verifier(trustMaterial);
|
|
242
|
+
const parsedBundle = bundleFromJSON(bundle);
|
|
243
|
+
const signedEntity = toSignedEntity(parsedBundle, artifact);
|
|
244
|
+
verifier.verify(signedEntity);
|
|
245
|
+
return true;
|
|
246
|
+
}
|
|
247
|
+
catch {
|
|
248
|
+
return false;
|
|
249
|
+
}
|
|
250
|
+
}
|
|
251
|
+
// ============================================================================
|
|
252
|
+
// Helper Functions
|
|
253
|
+
// ============================================================================
|
|
254
|
+
/**
|
|
255
|
+
* Check if an identity matches expected values
|
|
256
|
+
*/
|
|
257
|
+
function matchesExpectedIdentity(identity, expected) {
|
|
258
|
+
if (!identity) {
|
|
259
|
+
return false;
|
|
260
|
+
}
|
|
261
|
+
// Check issuer
|
|
262
|
+
if (expected.issuer && identity.issuer !== expected.issuer) {
|
|
263
|
+
return false;
|
|
264
|
+
}
|
|
265
|
+
// Check subject alternative name (could be email or URI)
|
|
266
|
+
if (expected.subjectAlternativeName) {
|
|
267
|
+
const san = expected.subjectAlternativeName;
|
|
268
|
+
if (identity.email !== san && identity.subject !== san) {
|
|
269
|
+
return false;
|
|
270
|
+
}
|
|
271
|
+
}
|
|
272
|
+
// Check GitHub workflow repository
|
|
273
|
+
if (expected.workflowRepository && identity.workflowRepository !== expected.workflowRepository) {
|
|
274
|
+
return false;
|
|
275
|
+
}
|
|
276
|
+
// Check GitHub workflow ref
|
|
277
|
+
if (expected.workflowRef && identity.workflowRef !== expected.workflowRef) {
|
|
278
|
+
return false;
|
|
279
|
+
}
|
|
280
|
+
return true;
|
|
281
|
+
}
|
|
282
|
+
/**
|
|
283
|
+
* Extract timestamp from a Sigstore bundle
|
|
284
|
+
*/
|
|
285
|
+
function extractTimestampFromBundle(bundle) {
|
|
286
|
+
// Try to get timestamp from transparency log entry
|
|
287
|
+
const tlogEntry = bundle.verificationMaterial?.tlogEntries?.[0];
|
|
288
|
+
if (tlogEntry?.integratedTime) {
|
|
289
|
+
const timestamp = Number.parseInt(tlogEntry.integratedTime, 10);
|
|
290
|
+
if (!Number.isNaN(timestamp)) {
|
|
291
|
+
return new Date(timestamp * 1000);
|
|
292
|
+
}
|
|
293
|
+
}
|
|
294
|
+
return undefined;
|
|
295
|
+
}
|
|
296
|
+
/**
|
|
297
|
+
* Categorize a verification error to update details
|
|
298
|
+
*/
|
|
299
|
+
function categorizeVerificationError(errorMessage, details) {
|
|
300
|
+
const lowerError = errorMessage.toLowerCase();
|
|
301
|
+
if (lowerError.includes("signature")) {
|
|
302
|
+
details.signatureValid = false;
|
|
303
|
+
}
|
|
304
|
+
else if (lowerError.includes("certificate") && lowerError.includes("expired")) {
|
|
305
|
+
details.certificateWithinValidity = false;
|
|
306
|
+
}
|
|
307
|
+
else if (lowerError.includes("certificate")) {
|
|
308
|
+
details.certificateValid = false;
|
|
309
|
+
}
|
|
310
|
+
else if (lowerError.includes("rekor") || lowerError.includes("transparency")) {
|
|
311
|
+
details.rekorEntryValid = false;
|
|
312
|
+
}
|
|
313
|
+
else if (lowerError.includes("inclusion") || lowerError.includes("proof")) {
|
|
314
|
+
details.inclusionProofValid = false;
|
|
315
|
+
}
|
|
316
|
+
}
|
|
317
|
+
//# sourceMappingURL=verification.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"verification.js","sourceRoot":"","sources":["../../src/sigstore/verification.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAClD,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AACvD,OAAO,EAAE,QAAQ,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAC7E,OAAO,EAAE,yBAAyB,EAAE,MAAM,WAAW,CAAC;AAUtD,+EAA+E;AAC/E,YAAY;AACZ,+EAA+E;AAE/E;;;GAGG;AACH,SAAS,eAAe;IACtB,mFAAmF;IACnF,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,4BAA4B,CAAC,CAAC;IACjE,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,YAAY,CAAC,CAAC;AAC3D,CAAC;AAED,+EAA+E;AAC/E,0BAA0B;AAC1B,+EAA+E;AAE/E;;;GAGG;AACH,KAAK,UAAU,eAAe;IAC5B,MAAM,SAAS,GAAG,eAAe,EAAE,CAAC;IACpC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC;IAC7D,MAAM,QAAQ,GAAG,KAAK,CAAC,mCAAmC,CAAC,CAAC;IAC5D,MAAM,cAAc,GAAG,QAAQ,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;IAC7D,MAAM,eAAe,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,cAAc,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC;IACrF,OAAO,WAAW,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC;AAC/C,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,mBAAmB;IAChC,MAAM,WAAW,GAAG,MAAM,eAAe,EAAE,CAAC;IAC5C,OAAO,eAAe,CAAC,WAAW,CAAC,CAAC;AACtC,CAAC;AAED,+EAA+E;AAC/E,yBAAyB;AACzB,+EAA+E;AAE/E;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,MAAsB,EACtB,QAAiB,EACjB,UAA+B,EAAE;IAEjC,MAAM,OAAO,GAAwB;QACnC,cAAc,EAAE,KAAK;QACrB,gBAAgB,EAAE,KAAK;QACvB,yBAAyB,EAAE,KAAK;QAChC,eAAe,EAAE,KAAK;QACtB,mBAAmB,EAAE,KAAK;QAC1B,MAAM,EAAE,EAAE;KACX,CAAC;IAEF,IAAI,CAAC;QACH,2CAA2C;QAC3C,MAAM,aAAa,GAAG,MAAM,mBAAmB,EAAE,CAAC;QAElD,kBAAkB;QAClB,MAAM,QAAQ,GAAG,IAAI,QAAQ,CAAC,aAAa,CAAC,CAAC;QAE7C,kCAAkC;QAClC,MAAM,YAAY,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;QAC5C,MAAM,YAAY,GAAG,cAAc,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC;QAE5D,uBAAuB;QACvB,QAAQ,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;QAE9B,sCAAsC;QACtC,OAAO,CAAC,cAAc,GAAG,IAAI,CAAC;QAC9B,OAAO,CAAC,gBAAgB,GAAG,IAAI,CAAC;QAChC,OAAO,CAAC,yBAAyB,GAAG,IAAI,CAAC;QACzC,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC;QAC/B,OAAO,CAAC,mBAAmB,GAAG,IAAI,CAAC;QAEnC,+BAA+B;QAC/B,MAAM,QAAQ,GAAG,yBAAyB,CAAC,MAAM,CAAC,CAAC;QAEnD,kDAAkD;QAClD,IAAI,OAAO,CAAC,gBAAgB,EAAE,CAAC;YAC7B,OAAO,CAAC,eAAe,GAAG,uBAAuB,CAAC,QAAQ,EAAE,OAAO,CAAC,gBAAgB,CAAC,CAAC;YACtF,IAAI,CAAC,OAAO,CAAC,eAAe,EAAE,CAAC;gBAC7B,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,yCAAyC,CAAC,CAAC;gBAC/D,MAAM,MAAM,GAAuB;oBACjC,QAAQ,EAAE,KAAK;oBACf,KAAK,EAAE,mBAAmB;oBAC1B,OAAO;iBACR,CAAC;gBACF,IAAI,QAAQ;oBAAE,MAAM,CAAC,QAAQ,GAAG,QAAQ,CAAC;gBACzC,MAAM,SAAS,GAAG,0BAA0B,CAAC,MAAM,CAAC,CAAC;gBACrD,IAAI,SAAS;oBAAE,MAAM,CAAC,SAAS,GAAG,SAAS,CAAC;gBAC5C,OAAO,MAAM,CAAC;YAChB,CAAC;QACH,CAAC;QAED,MAAM,MAAM,GAAuB;YACjC,QAAQ,EAAE,IAAI;YACd,OAAO;SACR,CAAC;QACF,IAAI,QAAQ;YAAE,MAAM,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzC,MAAM,SAAS,GAAG,0BAA0B,CAAC,MAAM,CAAC,CAAC;QACrD,IAAI,SAAS;YAAE,MAAM,CAAC,SAAS,GAAG,SAAS,CAAC;QAC5C,OAAO,MAAM,CAAC;IAChB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,YAAY,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAC5E,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAElC,6DAA6D;QAC7D,2BAA2B,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;QAEnD,OAAO;YACL,QAAQ,EAAE,KAAK;YACf,KAAK,EAAE,YAAY;YACnB,OAAO;SACR,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CAAC,UAA+B,EAAE;IAC1E,uCAAuC;IACvC,MAAM,aAAa,GAAG,MAAM,mBAAmB,EAAE,CAAC;IAClD,MAAM,QAAQ,GAAG,IAAI,QAAQ,CAAC,aAAa,CAAC,CAAC;IAE7C,OAAO;QACL;;WAEG;QACH,MAAM,EAAE,KAAK,EAAE,MAAsB,EAAE,QAAiB,EAA+B,EAAE;YACvF,MAAM,OAAO,GAAwB;gBACnC,cAAc,EAAE,KAAK;gBACrB,gBAAgB,EAAE,KAAK;gBACvB,yBAAyB,EAAE,KAAK;gBAChC,eAAe,EAAE,KAAK;gBACtB,mBAAmB,EAAE,KAAK;gBAC1B,MAAM,EAAE,EAAE;aACX,CAAC;YAEF,IAAI,CAAC;gBACH,kCAAkC;gBAClC,MAAM,YAAY,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;gBAC5C,MAAM,YAAY,GAAG,cAAc,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC;gBAE5D,uBAAuB;gBACvB,QAAQ,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;gBAE9B,OAAO,CAAC,cAAc,GAAG,IAAI,CAAC;gBAC9B,OAAO,CAAC,gBAAgB,GAAG,IAAI,CAAC;gBAChC,OAAO,CAAC,yBAAyB,GAAG,IAAI,CAAC;gBACzC,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC;gBAC/B,OAAO,CAAC,mBAAmB,GAAG,IAAI,CAAC;gBAEnC,MAAM,QAAQ,GAAG,yBAAyB,CAAC,MAAM,CAAC,CAAC;gBAEnD,IAAI,OAAO,CAAC,gBAAgB,EAAE,CAAC;oBAC7B,OAAO,CAAC,eAAe,GAAG,uBAAuB,CAAC,QAAQ,EAAE,OAAO,CAAC,gBAAgB,CAAC,CAAC;oBACtF,IAAI,CAAC,OAAO,CAAC,eAAe,EAAE,CAAC;wBAC7B,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,yCAAyC,CAAC,CAAC;wBAC/D,MAAM,MAAM,GAAuB;4BACjC,QAAQ,EAAE,KAAK;4BACf,KAAK,EAAE,mBAAmB;4BAC1B,OAAO;yBACR,CAAC;wBACF,IAAI,QAAQ;4BAAE,MAAM,CAAC,QAAQ,GAAG,QAAQ,CAAC;wBACzC,MAAM,SAAS,GAAG,0BAA0B,CAAC,MAAM,CAAC,CAAC;wBACrD,IAAI,SAAS;4BAAE,MAAM,CAAC,SAAS,GAAG,SAAS,CAAC;wBAC5C,OAAO,MAAM,CAAC;oBAChB,CAAC;gBACH,CAAC;gBAED,MAAM,MAAM,GAAuB;oBACjC,QAAQ,EAAE,IAAI;oBACd,OAAO;iBACR,CAAC;gBACF,IAAI,QAAQ;oBAAE,MAAM,CAAC,QAAQ,GAAG,QAAQ,CAAC;gBACzC,MAAM,SAAS,GAAG,0BAA0B,CAAC,MAAM,CAAC,CAAC;gBACrD,IAAI,SAAS;oBAAE,MAAM,CAAC,SAAS,GAAG,SAAS,CAAC;gBAC5C,OAAO,MAAM,CAAC;YAChB,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,YAAY,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;gBAC5E,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;gBAClC,2BAA2B,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;gBAEnD,OAAO;oBACL,QAAQ,EAAE,KAAK;oBACf,KAAK,EAAE,YAAY;oBACnB,OAAO;iBACR,CAAC;YACJ,CAAC;QACH,CAAC;KACF,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,MAAsB,EAAE,QAAiB;IACxE,IAAI,CAAC;QACH,MAAM,aAAa,GAAG,MAAM,mBAAmB,EAAE,CAAC;QAClD,MAAM,QAAQ,GAAG,IAAI,QAAQ,CAAC,aAAa,CAAC,CAAC;QAC7C,MAAM,YAAY,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;QAC5C,MAAM,YAAY,GAAG,cAAc,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC;QAC5D,QAAQ,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;QAC9B,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,+EAA+E;AAC/E,mBAAmB;AACnB,+EAA+E;AAE/E;;GAEG;AACH,SAAS,uBAAuB,CAC9B,QAAkC,EAClC,QAA0B;IAE1B,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,OAAO,KAAK,CAAC;IACf,CAAC;IAED,eAAe;IACf,IAAI,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,MAAM,KAAK,QAAQ,CAAC,MAAM,EAAE,CAAC;QAC3D,OAAO,KAAK,CAAC;IACf,CAAC;IAED,yDAAyD;IACzD,IAAI,QAAQ,CAAC,sBAAsB,EAAE,CAAC;QACpC,MAAM,GAAG,GAAG,QAAQ,CAAC,sBAAsB,CAAC;QAC5C,IAAI,QAAQ,CAAC,KAAK,KAAK,GAAG,IAAI,QAAQ,CAAC,OAAO,KAAK,GAAG,EAAE,CAAC;YACvD,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,mCAAmC;IACnC,IAAI,QAAQ,CAAC,kBAAkB,IAAI,QAAQ,CAAC,kBAAkB,KAAK,QAAQ,CAAC,kBAAkB,EAAE,CAAC;QAC/F,OAAO,KAAK,CAAC;IACf,CAAC;IAED,4BAA4B;IAC5B,IAAI,QAAQ,CAAC,WAAW,IAAI,QAAQ,CAAC,WAAW,KAAK,QAAQ,CAAC,WAAW,EAAE,CAAC;QAC1E,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,SAAS,0BAA0B,CAAC,MAAsB;IACxD,mDAAmD;IACnD,MAAM,SAAS,GAAG,MAAM,CAAC,oBAAoB,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,CAAC;IAChE,IAAI,SAAS,EAAE,cAAc,EAAE,CAAC;QAC9B,MAAM,SAAS,GAAG,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,cAAc,EAAE,EAAE,CAAC,CAAC;QAChE,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,CAAC;YAC7B,OAAO,IAAI,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC;QACpC,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;GAEG;AACH,SAAS,2BAA2B,CAAC,YAAoB,EAAE,OAA4B;IACrF,MAAM,UAAU,GAAG,YAAY,CAAC,WAAW,EAAE,CAAC;IAE9C,IAAI,UAAU,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;QACrC,OAAO,CAAC,cAAc,GAAG,KAAK,CAAC;IACjC,CAAC;SAAM,IAAI,UAAU,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QAChF,OAAO,CAAC,yBAAyB,GAAG,KAAK,CAAC;IAC5C,CAAC;SAAM,IAAI,UAAU,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;QAC9C,OAAO,CAAC,gBAAgB,GAAG,KAAK,CAAC;IACnC,CAAC;SAAM,IAAI,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;QAC/E,OAAO,CAAC,eAAe,GAAG,KAAK,CAAC;IAClC,CAAC;SAAM,IAAI,UAAU,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QAC5E,OAAO,CAAC,mBAAmB,GAAG,KAAK,CAAC;IACtC,CAAC;AACH,CAAC"}
|
package/dist/types.d.ts
ADDED
|
@@ -0,0 +1,61 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Type definitions for security operations
|
|
3
|
+
*/
|
|
4
|
+
/**
|
|
5
|
+
* Supported hash algorithms
|
|
6
|
+
*/
|
|
7
|
+
export type HashAlgorithm = "sha256" | "sha512";
|
|
8
|
+
/**
|
|
9
|
+
* Result of a hash operation
|
|
10
|
+
*/
|
|
11
|
+
export interface HashResult {
|
|
12
|
+
/** The hash algorithm used */
|
|
13
|
+
algorithm: HashAlgorithm;
|
|
14
|
+
/** The hash digest in hexadecimal format */
|
|
15
|
+
digest: string;
|
|
16
|
+
}
|
|
17
|
+
/**
|
|
18
|
+
* Options for file hashing operations
|
|
19
|
+
*/
|
|
20
|
+
export interface FileHashOptions {
|
|
21
|
+
/** Hash algorithm to use (default: sha256) */
|
|
22
|
+
algorithm?: HashAlgorithm;
|
|
23
|
+
/** Progress callback for large files */
|
|
24
|
+
onProgress?: (bytesRead: number, totalBytes: number) => void;
|
|
25
|
+
}
|
|
26
|
+
/**
|
|
27
|
+
* Supported key types
|
|
28
|
+
*/
|
|
29
|
+
export type KeyType = "rsa" | "ed25519" | "ecdsa";
|
|
30
|
+
/**
|
|
31
|
+
* Key format for storage
|
|
32
|
+
*/
|
|
33
|
+
export type KeyFormat = "pem" | "der" | "jwk";
|
|
34
|
+
/**
|
|
35
|
+
* A cryptographic key pair
|
|
36
|
+
*/
|
|
37
|
+
export interface KeyPair {
|
|
38
|
+
/** Public key */
|
|
39
|
+
publicKey: string;
|
|
40
|
+
/** Private key (encrypted or plain) */
|
|
41
|
+
privateKey: string;
|
|
42
|
+
/** Key type */
|
|
43
|
+
type: KeyType;
|
|
44
|
+
/** Key format */
|
|
45
|
+
format: KeyFormat;
|
|
46
|
+
}
|
|
47
|
+
/**
|
|
48
|
+
* Options for key generation
|
|
49
|
+
*/
|
|
50
|
+
export interface KeyGenerationOptions {
|
|
51
|
+
/** Key type to generate */
|
|
52
|
+
type: KeyType;
|
|
53
|
+
/** Output format */
|
|
54
|
+
format?: KeyFormat;
|
|
55
|
+
/** RSA key size in bits (only for RSA keys) */
|
|
56
|
+
modulusLength?: number;
|
|
57
|
+
/** Passphrase for encrypting private key */
|
|
58
|
+
passphrase?: string;
|
|
59
|
+
}
|
|
60
|
+
export type SecurityConfig = Record<string, unknown>;
|
|
61
|
+
//# sourceMappingURL=types.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAMH;;GAEG;AACH,MAAM,MAAM,aAAa,GAAG,QAAQ,GAAG,QAAQ,CAAC;AAEhD;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,8BAA8B;IAC9B,SAAS,EAAE,aAAa,CAAC;IACzB,4CAA4C;IAC5C,MAAM,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,8CAA8C;IAC9C,SAAS,CAAC,EAAE,aAAa,CAAC;IAC1B,wCAAwC;IACxC,UAAU,CAAC,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,KAAK,IAAI,CAAC;CAC9D;AAMD;;GAEG;AACH,MAAM,MAAM,OAAO,GAAG,KAAK,GAAG,SAAS,GAAG,OAAO,CAAC;AAElD;;GAEG;AACH,MAAM,MAAM,SAAS,GAAG,KAAK,GAAG,KAAK,GAAG,KAAK,CAAC;AAE9C;;GAEG;AACH,MAAM,WAAW,OAAO;IACtB,iBAAiB;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,uCAAuC;IACvC,UAAU,EAAE,MAAM,CAAC;IACnB,eAAe;IACf,IAAI,EAAE,OAAO,CAAC;IACd,iBAAiB;IACjB,MAAM,EAAE,SAAS,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,2BAA2B;IAC3B,IAAI,EAAE,OAAO,CAAC;IACd,oBAAoB;IACpB,MAAM,CAAC,EAAE,SAAS,CAAC;IACnB,+CAA+C;IAC/C,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,4CAA4C;IAC5C,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAMD,MAAM,MAAM,cAAc,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC"}
|
package/dist/types.js
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG"}
|