@super-protocol/sdk-js 3.7.1 → 3.7.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/certificates/index.d.ts +1 -0
- package/dist/cjs/certificates/index.js +2 -1
- package/dist/cjs/certificates/serializer.d.ts +5 -0
- package/dist/cjs/certificates/serializer.js +27 -0
- package/dist/cjs/providers/storage/StorjCredentialsManager.js +2 -2
- package/dist/cjs/tee/TeeBlockVerifier.d.ts +2 -0
- package/dist/cjs/tee/TeeBlockVerifier.js +30 -5
- package/dist/mjs/certificates/index.d.ts +1 -0
- package/dist/mjs/certificates/index.js +2 -1
- package/dist/mjs/certificates/serializer.d.ts +5 -0
- package/dist/mjs/certificates/serializer.js +23 -0
- package/dist/mjs/providers/storage/StorjCredentialsManager.js +2 -2
- package/dist/mjs/tee/TeeBlockVerifier.d.ts +2 -0
- package/dist/mjs/tee/TeeBlockVerifier.js +30 -5
- package/package.json +1 -1
|
@@ -16,4 +16,5 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
|
16
16
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
17
|
__exportStar(require("./helper.js"), exports);
|
|
18
18
|
__exportStar(require("./types.js"), exports);
|
|
19
|
-
|
|
19
|
+
__exportStar(require("./serializer.js"), exports);
|
|
20
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvY2VydGlmaWNhdGVzL2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7Ozs7Ozs7Ozs7Ozs7QUFBQSw4Q0FBNEI7QUFDNUIsNkNBQTJCO0FBQzNCLGtEQUFnQyJ9
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.CertificateSerializer = void 0;
|
|
4
|
+
const helper_js_1 = require("./helper.js");
|
|
5
|
+
const CERTS_CHAIN_DELIMITER = ';';
|
|
6
|
+
const CERTS_SERIALIZATION_PREFIX = 'certs:';
|
|
7
|
+
class CertificateSerializer {
|
|
8
|
+
static serializeCertChain(certChainPem) {
|
|
9
|
+
const certsDer = helper_js_1.CertificatesHelper.pemChainToDer(certChainPem);
|
|
10
|
+
return `${CERTS_SERIALIZATION_PREFIX}${certsDer.map((cert) => Buffer.from(cert).toString('base64')).join(CERTS_CHAIN_DELIMITER)}`;
|
|
11
|
+
}
|
|
12
|
+
static deserializeCertChain(input) {
|
|
13
|
+
if (!input.startsWith(CERTS_SERIALIZATION_PREFIX)) {
|
|
14
|
+
throw new Error(`Missing prefix "${CERTS_SERIALIZATION_PREFIX}" in input`);
|
|
15
|
+
}
|
|
16
|
+
const certsDer = input
|
|
17
|
+
.split(CERTS_SERIALIZATION_PREFIX)[1]
|
|
18
|
+
?.split(CERTS_CHAIN_DELIMITER)
|
|
19
|
+
?.map((cert) => Buffer.from(cert, 'base64'));
|
|
20
|
+
return helper_js_1.CertificatesHelper.derChainToPem(certsDer);
|
|
21
|
+
}
|
|
22
|
+
static isSerializedCertChain(certChainBase64) {
|
|
23
|
+
return certChainBase64.startsWith(CERTS_SERIALIZATION_PREFIX);
|
|
24
|
+
}
|
|
25
|
+
}
|
|
26
|
+
exports.CertificateSerializer = CertificateSerializer;
|
|
27
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2VyaWFsaXplci5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9jZXJ0aWZpY2F0ZXMvc2VyaWFsaXplci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSwyQ0FBaUQ7QUFFakQsTUFBTSxxQkFBcUIsR0FBRyxHQUFHLENBQUM7QUFDbEMsTUFBTSwwQkFBMEIsR0FBRyxRQUFRLENBQUM7QUFFNUMsTUFBYSxxQkFBcUI7SUFDaEMsTUFBTSxDQUFDLGtCQUFrQixDQUFDLFlBQW9CO1FBQzVDLE1BQU0sUUFBUSxHQUFHLDhCQUFrQixDQUFDLGFBQWEsQ0FBQyxZQUFZLENBQUMsQ0FBQztRQUVoRSxPQUFPLEdBQUcsMEJBQTBCLEdBQUcsUUFBUSxDQUFDLEdBQUcsQ0FBQyxDQUFDLElBQUksRUFBRSxFQUFFLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsQ0FBQyxRQUFRLENBQUMsUUFBUSxDQUFDLENBQUMsQ0FBQyxJQUFJLENBQUMscUJBQXFCLENBQUMsRUFBRSxDQUFDO0lBQ3BJLENBQUM7SUFFRCxNQUFNLENBQUMsb0JBQW9CLENBQUMsS0FBYTtRQUN2QyxJQUFJLENBQUMsS0FBSyxDQUFDLFVBQVUsQ0FBQywwQkFBMEIsQ0FBQyxFQUFFLENBQUM7WUFDbEQsTUFBTSxJQUFJLEtBQUssQ0FBQyxtQkFBbUIsMEJBQTBCLFlBQVksQ0FBQyxDQUFDO1FBQzdFLENBQUM7UUFFRCxNQUFNLFFBQVEsR0FBRyxLQUFLO2FBQ25CLEtBQUssQ0FBQywwQkFBMEIsQ0FBQyxDQUFDLENBQUMsQ0FBQztZQUNyQyxFQUFFLEtBQUssQ0FBQyxxQkFBcUIsQ0FBQztZQUM5QixFQUFFLEdBQUcsQ0FBQyxDQUFDLElBQUksRUFBRSxFQUFFLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxJQUFJLEVBQUUsUUFBUSxDQUFDLENBQUMsQ0FBQztRQUMvQyxPQUFPLDhCQUFrQixDQUFDLGFBQWEsQ0FBQyxRQUFRLENBQUMsQ0FBQztJQUNwRCxDQUFDO0lBRUQsTUFBTSxDQUFDLHFCQUFxQixDQUFDLGVBQXVCO1FBQ2xELE9BQU8sZUFBZSxDQUFDLFVBQVUsQ0FBQywwQkFBMEIsQ0FBQyxDQUFDO0lBQ2hFLENBQUM7Q0FDRjtBQXRCRCxzREFzQkMifQ==
|
|
@@ -50,7 +50,7 @@ class StorjCredentialsManager {
|
|
|
50
50
|
async acquireCredentials(permissions, prefix) {
|
|
51
51
|
const readPerm = permissions.includes(CredentialsPermissions.read), writePerm = permissions.includes(CredentialsPermissions.write), listPerm = permissions.includes(CredentialsPermissions.list), deletePerm = permissions.includes(CredentialsPermissions.delete);
|
|
52
52
|
const storj = await this.lazyStorj();
|
|
53
|
-
const perm = new storj.Permission(readPerm, writePerm,
|
|
53
|
+
const perm = new storj.Permission(readPerm, writePerm, listPerm, deletePerm, 0, 0);
|
|
54
54
|
const sharePrefix = new storj.SharePrefix(this.bucket, prefix + '/');
|
|
55
55
|
const access = await this.lazyAccess();
|
|
56
56
|
const share = await access.share(perm, [sharePrefix], 1);
|
|
@@ -106,4 +106,4 @@ class StorjCredentialsManager {
|
|
|
106
106
|
}
|
|
107
107
|
}
|
|
108
108
|
exports.StorjCredentialsManager = StorjCredentialsManager;
|
|
109
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
109
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiU3RvcmpDcmVkZW50aWFsc01hbmFnZXIuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi9zcmMvcHJvdmlkZXJzL3N0b3JhZ2UvU3RvcmpDcmVkZW50aWFsc01hbmFnZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7QUFTQSxJQUFZLHNCQUtYO0FBTEQsV0FBWSxzQkFBc0I7SUFDaEMsbUVBQUksQ0FBQTtJQUNKLHFFQUFLLENBQUE7SUFDTCxtRUFBSSxDQUFBO0lBQ0osdUVBQU0sQ0FBQTtBQUNSLENBQUMsRUFMVyxzQkFBc0Isc0NBQXRCLHNCQUFzQixRQUtqQztBQUVELE1BQWEsdUJBQXVCO0lBQzFCLFdBQVcsQ0FBUztJQUNwQixNQUFNLENBQVM7SUFDZixNQUFNLENBQVU7SUFDaEIsT0FBTyxDQUFXO0lBRTFCLFlBQVksYUFBeUQ7UUFDbkUsSUFBSSxDQUFDLFdBQVcsR0FBRyxhQUFhLENBQUMsS0FBSyxDQUFDO1FBQ3ZDLElBQUksQ0FBQyxNQUFNLEdBQUcsYUFBYSxDQUFDLE1BQU0sQ0FBQztJQUNyQyxDQUFDO0lBRUQsWUFBWSxDQUFDLE1BQWMsRUFBRSxRQUFnQjtRQUMzQyxPQUFPLEdBQUcsTUFBTSxJQUFJLFFBQVEsRUFBRSxDQUFDO0lBQ2pDLENBQUM7SUFFRCxLQUFLLENBQUMsTUFBTTtRQUNWLE1BQU0sT0FBTyxHQUFHLE1BQU0sSUFBSSxDQUFDLFdBQVcsRUFBRSxDQUFDO1FBQ3pDLE1BQU0sT0FBTyxDQUFDLFlBQVksQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLENBQUM7SUFDMUMsQ0FBQztJQUVELEtBQUssQ0FBQyxrQkFBa0IsQ0FDdEIsV0FBcUMsRUFDckMsTUFBYztRQUVkLE1BQU0sUUFBUSxHQUFHLFdBQVcsQ0FBQyxRQUFRLENBQUMsc0JBQXNCLENBQUMsSUFBSSxDQUFDLEVBQ2hFLFNBQVMsR0FBRyxXQUFXLENBQUMsUUFBUSxDQUFDLHNCQUFzQixDQUFDLEtBQUssQ0FBQyxFQUM5RCxRQUFRLEdBQUcsV0FBVyxDQUFDLFFBQVEsQ0FBQyxzQkFBc0IsQ0FBQyxJQUFJLENBQUMsRUFDNUQsVUFBVSxHQUFHLFdBQVcsQ0FBQyxRQUFRLENBQUMsc0JBQXNCLENBQUMsTUFBTSxDQUFDLENBQUM7UUFFbkUsTUFBTSxLQUFLLEdBQUcsTUFBTSxJQUFJLENBQUMsU0FBUyxFQUFFLENBQUM7UUFDckMsTUFBTSxJQUFJLEdBQUcsSUFBSSxLQUFLLENBQUMsVUFBVSxDQUFDLFFBQVEsRUFBRSxTQUFTLEVBQUUsUUFBUSxFQUFFLFVBQVUsRUFBRSxDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUM7UUFDbkYsTUFBTSxXQUFXLEdBQUcsSUFBSSxLQUFLLENBQUMsV0FBVyxDQUFDLElBQUksQ0FBQyxNQUFNLEVBQUUsTUFBTSxHQUFHLEdBQUcsQ0FBQyxDQUFDO1FBQ3JFLE1BQU0sTUFBTSxHQUFHLE1BQU0sSUFBSSxDQUFDLFVBQVUsRUFBRSxDQUFDO1FBQ3ZDLE1BQU0sS0FBSyxHQUFHLE1BQU0sTUFBTSxDQUFDLEtBQUssQ0FBQyxJQUFJLEVBQUUsQ0FBQyxXQUFXLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQztRQUV6RCxPQUFPLElBQUksQ0FBQyxTQUFTLENBQUM7WUFDcEIsTUFBTSxFQUFFLElBQUksQ0FBQyxNQUFNO1lBQ25CLE1BQU0sRUFBRSxNQUFNLEdBQUcsR0FBRztZQUNwQixLQUFLLEVBQUUsTUFBTSxLQUFLLENBQUMsU0FBUyxFQUFFO1NBQy9CLENBQUMsQ0FBQztJQUNMLENBQUM7SUFFRCxLQUFLLENBQUMsb0JBQW9CLENBQ3hCLFdBQXFDLEVBQ3JDLE1BQWM7UUFFZCxNQUFNLFVBQVUsR0FBRyxNQUFNLElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxXQUFXLEVBQUUsTUFBTSxDQUFDLENBQUM7UUFDdEUsT0FBTyxJQUFJLENBQUMsZ0JBQWdCLENBQUMsVUFBVSxDQUFDLENBQUM7SUFDM0MsQ0FBQztJQUlELEtBQUssQ0FBQyxnQkFBZ0IsQ0FBQyxLQUFnRDtRQUNyRSxNQUFNLGdCQUFnQixHQUNwQixPQUFPLEtBQUssS0FBSyxRQUFRLENBQUMsQ0FBQyxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBQztRQUN4RCxNQUFNLE1BQU0sR0FBRyxNQUFNLElBQUksQ0FBQyxVQUFVLEVBQUUsQ0FBQztRQUN2QyxNQUFNLGFBQWEsR0FBRyxNQUFNLE1BQU0sQ0FBQyxxQkFBcUIsQ0FBQyxnQkFBZ0IsQ0FBQyxLQUFLLENBQUMsQ0FBQztRQUVqRixPQUFPO1lBQ0wsV0FBVyxFQUFFLGFBQWEsQ0FBQyxXQUFXO1lBQ3RDLFNBQVMsRUFBRSxhQUFhLENBQUMsU0FBUztZQUNsQyxRQUFRLEVBQUUsYUFBYSxDQUFDLFFBQVE7WUFDaEMsTUFBTSxFQUFFLGdCQUFnQixDQUFDLE1BQU07WUFDL0IsTUFBTSxFQUFFLGdCQUFnQixDQUFDLE1BQU07U0FDaEMsQ0FBQztJQUNKLENBQUM7SUFFRCxLQUFLLENBQUMsaUJBQWlCLENBQ3JCLGdCQUEwRDtRQUUxRCxNQUFNLFdBQVcsR0FBcUIsSUFBSSxDQUFDLEtBQUssQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDO1FBQ25FLE1BQU0sS0FBSyxHQUFHLE1BQU0sSUFBSSxDQUFDLFNBQVMsRUFBRSxDQUFDO1FBQ3JDLE1BQU0sTUFBTSxHQUFHLElBQUksS0FBSyxDQUFDLE1BQU0sRUFBRSxDQUFDO1FBQ2xDLE1BQU0sTUFBTSxHQUFHLE1BQU0sTUFBTSxDQUFDLFdBQVcsQ0FBQyxXQUFXLENBQUMsS0FBSyxDQUFDLENBQUM7UUFDM0QsTUFBTSxPQUFPLEdBQUcsTUFBTSxJQUFJLENBQUMsV0FBVyxFQUFFLENBQUM7UUFFekMsTUFBTSxPQUFPLENBQUMsWUFBWSxDQUFDLE1BQU0sQ0FBQyxDQUFDO0lBQ3JDLENBQUM7SUFFTyxLQUFLLENBQUMsU0FBUztRQUtyQixPQUFPLHdEQUFhLCtCQUErQixHQUFDLENBQUM7SUFDdkQsQ0FBQztJQUVPLEtBQUssQ0FBQyxVQUFVO1FBQ3RCLElBQUksSUFBSSxDQUFDLE1BQU0sRUFBRSxDQUFDO1lBQ2hCLE9BQU8sSUFBSSxDQUFDLE1BQU0sQ0FBQztRQUNyQixDQUFDO1FBRUQsTUFBTSxLQUFLLEdBQUcsTUFBTSxJQUFJLENBQUMsU0FBUyxFQUFFLENBQUM7UUFDckMsTUFBTSxNQUFNLEdBQUcsSUFBSSxLQUFLLENBQUMsTUFBTSxFQUFFLENBQUM7UUFFbEMsSUFBSSxDQUFDLE1BQU0sR0FBRyxNQUFNLE1BQU0sQ0FBQyxXQUFXLENBQUMsSUFBSSxDQUFDLFdBQVcsQ0FBQyxDQUFDO1FBRXpELE9BQU8sSUFBSSxDQUFDLE1BQU0sQ0FBQztJQUNyQixDQUFDO0lBRU8sS0FBSyxDQUFDLFdBQVc7UUFDdkIsSUFBSSxJQUFJLENBQUMsT0FBTyxFQUFFLENBQUM7WUFDakIsT0FBTyxJQUFJLENBQUMsT0FBTyxDQUFDO1FBQ3RCLENBQUM7UUFFRCxNQUFNLE1BQU0sR0FBRyxNQUFNLElBQUksQ0FBQyxVQUFVLEVBQUUsQ0FBQztRQUN2QyxJQUFJLENBQUMsT0FBTyxHQUFHLE1BQU0sTUFBTSxDQUFDLFdBQVcsRUFBRSxDQUFDO1FBRTFDLE9BQU8sSUFBSSxDQUFDLE9BQU8sQ0FBQztJQUN0QixDQUFDO0NBQ0Y7QUE5R0QsMERBOEdDIn0=
|
|
@@ -3,4 +3,6 @@ import { TcbUtilityData } from '../types/index.js';
|
|
|
3
3
|
export declare class TeeBlockVerifier {
|
|
4
4
|
private static readonly verifiedTcbs;
|
|
5
5
|
static verifyTcb(tcb: TCB, utilityData: TcbUtilityData, sgxApiUrl: string): Promise<void>;
|
|
6
|
+
private static verifyWithQuote;
|
|
7
|
+
private static verifyWithCertificates;
|
|
6
8
|
}
|
|
@@ -4,11 +4,16 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
4
4
|
};
|
|
5
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
6
|
exports.TeeBlockVerifier = void 0;
|
|
7
|
+
const dto_js_1 = require("@super-protocol/dto-js");
|
|
7
8
|
const logger_js_1 = __importDefault(require("../logger.js"));
|
|
8
9
|
const config_js_1 = require("../config.js");
|
|
9
10
|
const QuoteValidator_js_1 = require("./QuoteValidator.js");
|
|
10
11
|
const TcbSerializer_js_1 = require("./TcbSerializer.js");
|
|
11
12
|
const Consensus_js_1 = __importDefault(require("../staticModels/Consensus.js"));
|
|
13
|
+
const index_js_1 = require("../certificates/index.js");
|
|
14
|
+
const TeeCertificateService_js_1 = require("./TeeCertificateService.js");
|
|
15
|
+
const index_js_2 = require("../utils/helpers/index.js");
|
|
16
|
+
const constants_js_1 = require("../constants.js");
|
|
12
17
|
class TeeBlockVerifier {
|
|
13
18
|
static verifiedTcbs = new Set();
|
|
14
19
|
static async verifyTcb(tcb, utilityData, sgxApiUrl) {
|
|
@@ -17,16 +22,17 @@ class TeeBlockVerifier {
|
|
|
17
22
|
logger_js_1.default.trace(`Tcb id = ${tcb.tcbId}, already validated`);
|
|
18
23
|
return;
|
|
19
24
|
}
|
|
20
|
-
const quote = Buffer.from(utilityData.quote, 'base64');
|
|
21
25
|
const signedTcbData = {
|
|
22
26
|
checkingTcbId: tcb.tcbId.toString(),
|
|
23
27
|
pubKey: utilityData.pubKey,
|
|
24
28
|
...(await tcb.getPublicData()),
|
|
25
29
|
benchmark: (await Consensus_js_1.default.getBenchmarksByTcbIds([tcb.tcbId], [utilityData.teeOfferId]))[tcb.tcbId],
|
|
26
30
|
};
|
|
27
|
-
const
|
|
28
|
-
|
|
29
|
-
|
|
31
|
+
const isCert = index_js_1.CertificateSerializer.isSerializedCertChain(utilityData.quote);
|
|
32
|
+
logger_js_1.default.trace({ tcbId: tcb.tcbId.toString() }, `Verifying TCB (isCert=${isCert})`);
|
|
33
|
+
isCert
|
|
34
|
+
? await TeeBlockVerifier.verifyWithCertificates(utilityData.quote, signedTcbData)
|
|
35
|
+
: await TeeBlockVerifier.verifyWithQuote(utilityData.quote, signedTcbData, sgxApiUrl);
|
|
30
36
|
// update cache
|
|
31
37
|
this.verifiedTcbs.add(tcb.tcbId);
|
|
32
38
|
if (this.verifiedTcbs.size > config_js_1.config.TLB_CACHE_SIZE) {
|
|
@@ -36,6 +42,25 @@ class TeeBlockVerifier {
|
|
|
36
42
|
}
|
|
37
43
|
logger_js_1.default.trace(tcb.tcbId, `TCB id = ${tcb.tcbId} added to the cache. Cache size: ${this.verifiedTcbs.size}, cache limit: ${config_js_1.config.TLB_CACHE_SIZE}`);
|
|
38
44
|
}
|
|
45
|
+
static async verifyWithQuote(quoteBase64, signedTcbData, sgxApiUrl) {
|
|
46
|
+
const quote = Buffer.from(quoteBase64, dto_js_1.Encoding.base64);
|
|
47
|
+
const validator = new QuoteValidator_js_1.QuoteValidator(sgxApiUrl);
|
|
48
|
+
await validator.checkQuote(quote, TcbSerializer_js_1.TcbDataSerializer.serialize(signedTcbData));
|
|
49
|
+
await validator.checkSignature(quote);
|
|
50
|
+
}
|
|
51
|
+
static async verifyWithCertificates(certs, signedTcbData) {
|
|
52
|
+
const certChain = index_js_1.CertificateSerializer.deserializeCertChain(certs);
|
|
53
|
+
await TeeCertificateService_js_1.TeeCertificateService.validateTeeCertChainOrFail(certChain);
|
|
54
|
+
const userDataHashFromCert = index_js_1.CertificatesHelper.getExtensionValue(certChain, constants_js_1.OID_CUSTOM_EXTENSION_USER_DATA);
|
|
55
|
+
if (!userDataHashFromCert) {
|
|
56
|
+
throw new Error(`TCB is invalid: userData not found in TCB certificate`);
|
|
57
|
+
}
|
|
58
|
+
const signableDataHash = (0, index_js_2.calculateObjectHash)(signedTcbData);
|
|
59
|
+
const signableDataHashBuffer = Buffer.from(signableDataHash.hash, signableDataHash.encoding);
|
|
60
|
+
if (Buffer.compare(userDataHashFromCert, signableDataHashBuffer) !== 0) {
|
|
61
|
+
throw new Error(`TCB is invalid: userData is not match`);
|
|
62
|
+
}
|
|
63
|
+
}
|
|
39
64
|
}
|
|
40
65
|
exports.TeeBlockVerifier = TeeBlockVerifier;
|
|
41
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
66
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiVGVlQmxvY2tWZXJpZmllci5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy90ZWUvVGVlQmxvY2tWZXJpZmllci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7Ozs7QUFBQSxtREFBa0Q7QUFDbEQsNkRBQWtDO0FBQ2xDLDRDQUFzQztBQUV0QywyREFBcUQ7QUFFckQseURBQWdFO0FBQ2hFLGdGQUFxRDtBQUNyRCx1REFBcUY7QUFDckYseUVBQW1FO0FBQ25FLHdEQUFnRTtBQUNoRSxrREFBaUU7QUFFakUsTUFBYSxnQkFBZ0I7SUFDbkIsTUFBTSxDQUFVLFlBQVksR0FBc0IsSUFBSSxHQUFHLEVBQUUsQ0FBQztJQUVwRSxNQUFNLENBQUMsS0FBSyxDQUFDLFNBQVMsQ0FBQyxHQUFRLEVBQUUsV0FBMkIsRUFBRSxTQUFpQjtRQUM3RSxjQUFjO1FBQ2QsSUFBSSxJQUFJLENBQUMsWUFBWSxDQUFDLEdBQUcsQ0FBQyxHQUFHLENBQUMsS0FBSyxDQUFDLEVBQUUsQ0FBQztZQUNyQyxtQkFBTSxDQUFDLEtBQUssQ0FBQyxZQUFZLEdBQUcsQ0FBQyxLQUFLLHFCQUFxQixDQUFDLENBQUM7WUFDekQsT0FBTztRQUNULENBQUM7UUFFRCxNQUFNLGFBQWEsR0FBRztZQUNwQixhQUFhLEVBQUUsR0FBRyxDQUFDLEtBQUssQ0FBQyxRQUFRLEVBQUU7WUFDbkMsTUFBTSxFQUFFLFdBQVcsQ0FBQyxNQUFNO1lBQzFCLEdBQUcsQ0FBQyxNQUFNLEdBQUcsQ0FBQyxhQUFhLEVBQUUsQ0FBQztZQUM5QixTQUFTLEVBQUUsQ0FBQyxNQUFNLHNCQUFTLENBQUMscUJBQXFCLENBQUMsQ0FBQyxHQUFHLENBQUMsS0FBSyxDQUFDLEVBQUUsQ0FBQyxXQUFXLENBQUMsVUFBVSxDQUFDLENBQUMsQ0FBQyxDQUN2RixHQUFHLENBQUMsS0FBSyxDQUNWO1NBQ0YsQ0FBQztRQUNGLE1BQU0sTUFBTSxHQUFHLGdDQUFxQixDQUFDLHFCQUFxQixDQUFDLFdBQVcsQ0FBQyxLQUFLLENBQUMsQ0FBQztRQUM5RSxtQkFBTSxDQUFDLEtBQUssQ0FBQyxFQUFFLEtBQUssRUFBRSxHQUFHLENBQUMsS0FBSyxDQUFDLFFBQVEsRUFBRSxFQUFFLEVBQUUseUJBQXlCLE1BQU0sR0FBRyxDQUFDLENBQUM7UUFDbEYsTUFBTTtZQUNKLENBQUMsQ0FBQyxNQUFNLGdCQUFnQixDQUFDLHNCQUFzQixDQUFDLFdBQVcsQ0FBQyxLQUFLLEVBQUUsYUFBYSxDQUFDO1lBQ2pGLENBQUMsQ0FBQyxNQUFNLGdCQUFnQixDQUFDLGVBQWUsQ0FBQyxXQUFXLENBQUMsS0FBSyxFQUFFLGFBQWEsRUFBRSxTQUFTLENBQUMsQ0FBQztRQUV4RixlQUFlO1FBQ2YsSUFBSSxDQUFDLFlBQVksQ0FBQyxHQUFHLENBQUMsR0FBRyxDQUFDLEtBQUssQ0FBQyxDQUFDO1FBQ2pDLElBQUksSUFBSSxDQUFDLFlBQVksQ0FBQyxJQUFJLEdBQUcsa0JBQU0sQ0FBQyxjQUFjLEVBQUUsQ0FBQztZQUNuRCxNQUFNLENBQUMsS0FBSyxDQUFDLEdBQUcsSUFBSSxDQUFDLFlBQVksQ0FBQyxPQUFPLEVBQUUsQ0FBQyxJQUFJLEVBQUUsQ0FBQyxLQUF5QixDQUFDO1lBQzdFLElBQUksQ0FBQyxZQUFZLENBQUMsTUFBTSxDQUFDLEtBQUssQ0FBQyxDQUFDO1lBQ2hDLG1CQUFNLENBQUMsS0FBSyxDQUNWLEtBQUssRUFDTCxZQUFZLEtBQUssd0NBQXdDLElBQUksQ0FBQyxZQUFZLENBQUMsSUFBSSxrQkFBa0Isa0JBQU0sQ0FBQyxjQUFjLEVBQUUsQ0FDekgsQ0FBQztRQUNKLENBQUM7UUFDRCxtQkFBTSxDQUFDLEtBQUssQ0FDVixHQUFHLENBQUMsS0FBSyxFQUNULFlBQVksR0FBRyxDQUFDLEtBQUssb0NBQW9DLElBQUksQ0FBQyxZQUFZLENBQUMsSUFBSSxrQkFBa0Isa0JBQU0sQ0FBQyxjQUFjLEVBQUUsQ0FDekgsQ0FBQztJQUNKLENBQUM7SUFFTyxNQUFNLENBQUMsS0FBSyxDQUFDLGVBQWUsQ0FDbEMsV0FBbUIsRUFDbkIsYUFBc0IsRUFDdEIsU0FBaUI7UUFFakIsTUFBTSxLQUFLLEdBQUcsTUFBTSxDQUFDLElBQUksQ0FBQyxXQUFXLEVBQUUsaUJBQVEsQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUN4RCxNQUFNLFNBQVMsR0FBRyxJQUFJLGtDQUFjLENBQUMsU0FBUyxDQUFDLENBQUM7UUFDaEQsTUFBTSxTQUFTLENBQUMsVUFBVSxDQUFDLEtBQUssRUFBRSxvQ0FBaUIsQ0FBQyxTQUFTLENBQUMsYUFBYSxDQUFDLENBQUMsQ0FBQztRQUM5RSxNQUFNLFNBQVMsQ0FBQyxjQUFjLENBQUMsS0FBSyxDQUFDLENBQUM7SUFDeEMsQ0FBQztJQUVPLE1BQU0sQ0FBQyxLQUFLLENBQUMsc0JBQXNCLENBQ3pDLEtBQWEsRUFDYixhQUFzQjtRQUV0QixNQUFNLFNBQVMsR0FBRyxnQ0FBcUIsQ0FBQyxvQkFBb0IsQ0FBQyxLQUFLLENBQUMsQ0FBQztRQUNwRSxNQUFNLGdEQUFxQixDQUFDLDBCQUEwQixDQUFDLFNBQVMsQ0FBQyxDQUFDO1FBRWxFLE1BQU0sb0JBQW9CLEdBQUcsNkJBQWtCLENBQUMsaUJBQWlCLENBQy9ELFNBQVMsRUFDVCw2Q0FBOEIsQ0FDL0IsQ0FBQztRQUNGLElBQUksQ0FBQyxvQkFBb0IsRUFBRSxDQUFDO1lBQzFCLE1BQU0sSUFBSSxLQUFLLENBQUMsdURBQXVELENBQUMsQ0FBQztRQUMzRSxDQUFDO1FBRUQsTUFBTSxnQkFBZ0IsR0FBRyxJQUFBLDhCQUFtQixFQUFDLGFBQWEsQ0FBQyxDQUFDO1FBQzVELE1BQU0sc0JBQXNCLEdBQUcsTUFBTSxDQUFDLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxJQUFJLEVBQUUsZ0JBQWdCLENBQUMsUUFBUSxDQUFDLENBQUM7UUFDN0YsSUFBSSxNQUFNLENBQUMsT0FBTyxDQUFDLG9CQUFvQixFQUFFLHNCQUFzQixDQUFDLEtBQUssQ0FBQyxFQUFFLENBQUM7WUFDdkUsTUFBTSxJQUFJLEtBQUssQ0FBQyx1Q0FBdUMsQ0FBQyxDQUFDO1FBQzNELENBQUM7SUFDSCxDQUFDOztBQXZFSCw0Q0F3RUMifQ==
|
|
@@ -1,3 +1,4 @@
|
|
|
1
1
|
export * from './helper.js';
|
|
2
2
|
export * from './types.js';
|
|
3
|
-
|
|
3
|
+
export * from './serializer.js';
|
|
4
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvY2VydGlmaWNhdGVzL2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLGNBQWMsYUFBYSxDQUFDO0FBQzVCLGNBQWMsWUFBWSxDQUFDO0FBQzNCLGNBQWMsaUJBQWlCLENBQUMifQ==
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
import { CertificatesHelper } from './helper.js';
|
|
2
|
+
const CERTS_CHAIN_DELIMITER = ';';
|
|
3
|
+
const CERTS_SERIALIZATION_PREFIX = 'certs:';
|
|
4
|
+
export class CertificateSerializer {
|
|
5
|
+
static serializeCertChain(certChainPem) {
|
|
6
|
+
const certsDer = CertificatesHelper.pemChainToDer(certChainPem);
|
|
7
|
+
return `${CERTS_SERIALIZATION_PREFIX}${certsDer.map((cert) => Buffer.from(cert).toString('base64')).join(CERTS_CHAIN_DELIMITER)}`;
|
|
8
|
+
}
|
|
9
|
+
static deserializeCertChain(input) {
|
|
10
|
+
if (!input.startsWith(CERTS_SERIALIZATION_PREFIX)) {
|
|
11
|
+
throw new Error(`Missing prefix "${CERTS_SERIALIZATION_PREFIX}" in input`);
|
|
12
|
+
}
|
|
13
|
+
const certsDer = input
|
|
14
|
+
.split(CERTS_SERIALIZATION_PREFIX)[1]
|
|
15
|
+
?.split(CERTS_CHAIN_DELIMITER)
|
|
16
|
+
?.map((cert) => Buffer.from(cert, 'base64'));
|
|
17
|
+
return CertificatesHelper.derChainToPem(certsDer);
|
|
18
|
+
}
|
|
19
|
+
static isSerializedCertChain(certChainBase64) {
|
|
20
|
+
return certChainBase64.startsWith(CERTS_SERIALIZATION_PREFIX);
|
|
21
|
+
}
|
|
22
|
+
}
|
|
23
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2VyaWFsaXplci5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9jZXJ0aWZpY2F0ZXMvc2VyaWFsaXplci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEVBQUUsa0JBQWtCLEVBQUUsTUFBTSxhQUFhLENBQUM7QUFFakQsTUFBTSxxQkFBcUIsR0FBRyxHQUFHLENBQUM7QUFDbEMsTUFBTSwwQkFBMEIsR0FBRyxRQUFRLENBQUM7QUFFNUMsTUFBTSxPQUFPLHFCQUFxQjtJQUNoQyxNQUFNLENBQUMsa0JBQWtCLENBQUMsWUFBb0I7UUFDNUMsTUFBTSxRQUFRLEdBQUcsa0JBQWtCLENBQUMsYUFBYSxDQUFDLFlBQVksQ0FBQyxDQUFDO1FBRWhFLE9BQU8sR0FBRywwQkFBMEIsR0FBRyxRQUFRLENBQUMsR0FBRyxDQUFDLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxDQUFDLFFBQVEsQ0FBQyxRQUFRLENBQUMsQ0FBQyxDQUFDLElBQUksQ0FBQyxxQkFBcUIsQ0FBQyxFQUFFLENBQUM7SUFDcEksQ0FBQztJQUVELE1BQU0sQ0FBQyxvQkFBb0IsQ0FBQyxLQUFhO1FBQ3ZDLElBQUksQ0FBQyxLQUFLLENBQUMsVUFBVSxDQUFDLDBCQUEwQixDQUFDLEVBQUUsQ0FBQztZQUNsRCxNQUFNLElBQUksS0FBSyxDQUFDLG1CQUFtQiwwQkFBMEIsWUFBWSxDQUFDLENBQUM7UUFDN0UsQ0FBQztRQUVELE1BQU0sUUFBUSxHQUFHLEtBQUs7YUFDbkIsS0FBSyxDQUFDLDBCQUEwQixDQUFDLENBQUMsQ0FBQyxDQUFDO1lBQ3JDLEVBQUUsS0FBSyxDQUFDLHFCQUFxQixDQUFDO1lBQzlCLEVBQUUsR0FBRyxDQUFDLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLElBQUksRUFBRSxRQUFRLENBQUMsQ0FBQyxDQUFDO1FBQy9DLE9BQU8sa0JBQWtCLENBQUMsYUFBYSxDQUFDLFFBQVEsQ0FBQyxDQUFDO0lBQ3BELENBQUM7SUFFRCxNQUFNLENBQUMscUJBQXFCLENBQUMsZUFBdUI7UUFDbEQsT0FBTyxlQUFlLENBQUMsVUFBVSxDQUFDLDBCQUEwQixDQUFDLENBQUM7SUFDaEUsQ0FBQztDQUNGIn0=
|
|
@@ -24,7 +24,7 @@ export class StorjCredentialsManager {
|
|
|
24
24
|
async acquireCredentials(permissions, prefix) {
|
|
25
25
|
const readPerm = permissions.includes(CredentialsPermissions.read), writePerm = permissions.includes(CredentialsPermissions.write), listPerm = permissions.includes(CredentialsPermissions.list), deletePerm = permissions.includes(CredentialsPermissions.delete);
|
|
26
26
|
const storj = await this.lazyStorj();
|
|
27
|
-
const perm = new storj.Permission(readPerm, writePerm,
|
|
27
|
+
const perm = new storj.Permission(readPerm, writePerm, listPerm, deletePerm, 0, 0);
|
|
28
28
|
const sharePrefix = new storj.SharePrefix(this.bucket, prefix + '/');
|
|
29
29
|
const access = await this.lazyAccess();
|
|
30
30
|
const share = await access.share(perm, [sharePrefix], 1);
|
|
@@ -79,4 +79,4 @@ export class StorjCredentialsManager {
|
|
|
79
79
|
return this.project;
|
|
80
80
|
}
|
|
81
81
|
}
|
|
82
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
82
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiU3RvcmpDcmVkZW50aWFsc01hbmFnZXIuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi9zcmMvcHJvdmlkZXJzL3N0b3JhZ2UvU3RvcmpDcmVkZW50aWFsc01hbmFnZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBU0EsTUFBTSxDQUFOLElBQVksc0JBS1g7QUFMRCxXQUFZLHNCQUFzQjtJQUNoQyxtRUFBSSxDQUFBO0lBQ0oscUVBQUssQ0FBQTtJQUNMLG1FQUFJLENBQUE7SUFDSix1RUFBTSxDQUFBO0FBQ1IsQ0FBQyxFQUxXLHNCQUFzQixLQUF0QixzQkFBc0IsUUFLakM7QUFFRCxNQUFNLE9BQU8sdUJBQXVCO0lBQzFCLFdBQVcsQ0FBUztJQUNwQixNQUFNLENBQVM7SUFDZixNQUFNLENBQVU7SUFDaEIsT0FBTyxDQUFXO0lBRTFCLFlBQVksYUFBeUQ7UUFDbkUsSUFBSSxDQUFDLFdBQVcsR0FBRyxhQUFhLENBQUMsS0FBSyxDQUFDO1FBQ3ZDLElBQUksQ0FBQyxNQUFNLEdBQUcsYUFBYSxDQUFDLE1BQU0sQ0FBQztJQUNyQyxDQUFDO0lBRUQsWUFBWSxDQUFDLE1BQWMsRUFBRSxRQUFnQjtRQUMzQyxPQUFPLEdBQUcsTUFBTSxJQUFJLFFBQVEsRUFBRSxDQUFDO0lBQ2pDLENBQUM7SUFFRCxLQUFLLENBQUMsTUFBTTtRQUNWLE1BQU0sT0FBTyxHQUFHLE1BQU0sSUFBSSxDQUFDLFdBQVcsRUFBRSxDQUFDO1FBQ3pDLE1BQU0sT0FBTyxDQUFDLFlBQVksQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLENBQUM7SUFDMUMsQ0FBQztJQUVELEtBQUssQ0FBQyxrQkFBa0IsQ0FDdEIsV0FBcUMsRUFDckMsTUFBYztRQUVkLE1BQU0sUUFBUSxHQUFHLFdBQVcsQ0FBQyxRQUFRLENBQUMsc0JBQXNCLENBQUMsSUFBSSxDQUFDLEVBQ2hFLFNBQVMsR0FBRyxXQUFXLENBQUMsUUFBUSxDQUFDLHNCQUFzQixDQUFDLEtBQUssQ0FBQyxFQUM5RCxRQUFRLEdBQUcsV0FBVyxDQUFDLFFBQVEsQ0FBQyxzQkFBc0IsQ0FBQyxJQUFJLENBQUMsRUFDNUQsVUFBVSxHQUFHLFdBQVcsQ0FBQyxRQUFRLENBQUMsc0JBQXNCLENBQUMsTUFBTSxDQUFDLENBQUM7UUFFbkUsTUFBTSxLQUFLLEdBQUcsTUFBTSxJQUFJLENBQUMsU0FBUyxFQUFFLENBQUM7UUFDckMsTUFBTSxJQUFJLEdBQUcsSUFBSSxLQUFLLENBQUMsVUFBVSxDQUFDLFFBQVEsRUFBRSxTQUFTLEVBQUUsUUFBUSxFQUFFLFVBQVUsRUFBRSxDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUM7UUFDbkYsTUFBTSxXQUFXLEdBQUcsSUFBSSxLQUFLLENBQUMsV0FBVyxDQUFDLElBQUksQ0FBQyxNQUFNLEVBQUUsTUFBTSxHQUFHLEdBQUcsQ0FBQyxDQUFDO1FBQ3JFLE1BQU0sTUFBTSxHQUFHLE1BQU0sSUFBSSxDQUFDLFVBQVUsRUFBRSxDQUFDO1FBQ3ZDLE1BQU0sS0FBSyxHQUFHLE1BQU0sTUFBTSxDQUFDLEtBQUssQ0FBQyxJQUFJLEVBQUUsQ0FBQyxXQUFXLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQztRQUV6RCxPQUFPLElBQUksQ0FBQyxTQUFTLENBQUM7WUFDcEIsTUFBTSxFQUFFLElBQUksQ0FBQyxNQUFNO1lBQ25CLE1BQU0sRUFBRSxNQUFNLEdBQUcsR0FBRztZQUNwQixLQUFLLEVBQUUsTUFBTSxLQUFLLENBQUMsU0FBUyxFQUFFO1NBQy9CLENBQUMsQ0FBQztJQUNMLENBQUM7SUFFRCxLQUFLLENBQUMsb0JBQW9CLENBQ3hCLFdBQXFDLEVBQ3JDLE1BQWM7UUFFZCxNQUFNLFVBQVUsR0FBRyxNQUFNLElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxXQUFXLEVBQUUsTUFBTSxDQUFDLENBQUM7UUFDdEUsT0FBTyxJQUFJLENBQUMsZ0JBQWdCLENBQUMsVUFBVSxDQUFDLENBQUM7SUFDM0MsQ0FBQztJQUlELEtBQUssQ0FBQyxnQkFBZ0IsQ0FBQyxLQUFnRDtRQUNyRSxNQUFNLGdCQUFnQixHQUNwQixPQUFPLEtBQUssS0FBSyxRQUFRLENBQUMsQ0FBQyxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBQztRQUN4RCxNQUFNLE1BQU0sR0FBRyxNQUFNLElBQUksQ0FBQyxVQUFVLEVBQUUsQ0FBQztRQUN2QyxNQUFNLGFBQWEsR0FBRyxNQUFNLE1BQU0sQ0FBQyxxQkFBcUIsQ0FBQyxnQkFBZ0IsQ0FBQyxLQUFLLENBQUMsQ0FBQztRQUVqRixPQUFPO1lBQ0wsV0FBVyxFQUFFLGFBQWEsQ0FBQyxXQUFXO1lBQ3RDLFNBQVMsRUFBRSxhQUFhLENBQUMsU0FBUztZQUNsQyxRQUFRLEVBQUUsYUFBYSxDQUFDLFFBQVE7WUFDaEMsTUFBTSxFQUFFLGdCQUFnQixDQUFDLE1BQU07WUFDL0IsTUFBTSxFQUFFLGdCQUFnQixDQUFDLE1BQU07U0FDaEMsQ0FBQztJQUNKLENBQUM7SUFFRCxLQUFLLENBQUMsaUJBQWlCLENBQ3JCLGdCQUEwRDtRQUUxRCxNQUFNLFdBQVcsR0FBcUIsSUFBSSxDQUFDLEtBQUssQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDO1FBQ25FLE1BQU0sS0FBSyxHQUFHLE1BQU0sSUFBSSxDQUFDLFNBQVMsRUFBRSxDQUFDO1FBQ3JDLE1BQU0sTUFBTSxHQUFHLElBQUksS0FBSyxDQUFDLE1BQU0sRUFBRSxDQUFDO1FBQ2xDLE1BQU0sTUFBTSxHQUFHLE1BQU0sTUFBTSxDQUFDLFdBQVcsQ0FBQyxXQUFXLENBQUMsS0FBSyxDQUFDLENBQUM7UUFDM0QsTUFBTSxPQUFPLEdBQUcsTUFBTSxJQUFJLENBQUMsV0FBVyxFQUFFLENBQUM7UUFFekMsTUFBTSxPQUFPLENBQUMsWUFBWSxDQUFDLE1BQU0sQ0FBQyxDQUFDO0lBQ3JDLENBQUM7SUFFTyxLQUFLLENBQUMsU0FBUztRQUtyQixPQUFPLE1BQU0sTUFBTSxDQUFDLCtCQUErQixDQUFDLENBQUM7SUFDdkQsQ0FBQztJQUVPLEtBQUssQ0FBQyxVQUFVO1FBQ3RCLElBQUksSUFBSSxDQUFDLE1BQU0sRUFBRSxDQUFDO1lBQ2hCLE9BQU8sSUFBSSxDQUFDLE1BQU0sQ0FBQztRQUNyQixDQUFDO1FBRUQsTUFBTSxLQUFLLEdBQUcsTUFBTSxJQUFJLENBQUMsU0FBUyxFQUFFLENBQUM7UUFDckMsTUFBTSxNQUFNLEdBQUcsSUFBSSxLQUFLLENBQUMsTUFBTSxFQUFFLENBQUM7UUFFbEMsSUFBSSxDQUFDLE1BQU0sR0FBRyxNQUFNLE1BQU0sQ0FBQyxXQUFXLENBQUMsSUFBSSxDQUFDLFdBQVcsQ0FBQyxDQUFDO1FBRXpELE9BQU8sSUFBSSxDQUFDLE1BQU0sQ0FBQztJQUNyQixDQUFDO0lBRU8sS0FBSyxDQUFDLFdBQVc7UUFDdkIsSUFBSSxJQUFJLENBQUMsT0FBTyxFQUFFLENBQUM7WUFDakIsT0FBTyxJQUFJLENBQUMsT0FBTyxDQUFDO1FBQ3RCLENBQUM7UUFFRCxNQUFNLE1BQU0sR0FBRyxNQUFNLElBQUksQ0FBQyxVQUFVLEVBQUUsQ0FBQztRQUN2QyxJQUFJLENBQUMsT0FBTyxHQUFHLE1BQU0sTUFBTSxDQUFDLFdBQVcsRUFBRSxDQUFDO1FBRTFDLE9BQU8sSUFBSSxDQUFDLE9BQU8sQ0FBQztJQUN0QixDQUFDO0NBQ0YifQ==
|
|
@@ -3,4 +3,6 @@ import { TcbUtilityData } from '../types/index.js';
|
|
|
3
3
|
export declare class TeeBlockVerifier {
|
|
4
4
|
private static readonly verifiedTcbs;
|
|
5
5
|
static verifyTcb(tcb: TCB, utilityData: TcbUtilityData, sgxApiUrl: string): Promise<void>;
|
|
6
|
+
private static verifyWithQuote;
|
|
7
|
+
private static verifyWithCertificates;
|
|
6
8
|
}
|
|
@@ -1,8 +1,13 @@
|
|
|
1
|
+
import { Encoding } from '@super-protocol/dto-js';
|
|
1
2
|
import logger from '../logger.js';
|
|
2
3
|
import { config } from '../config.js';
|
|
3
4
|
import { QuoteValidator } from './QuoteValidator.js';
|
|
4
5
|
import { TcbDataSerializer } from './TcbSerializer.js';
|
|
5
6
|
import Consensus from '../staticModels/Consensus.js';
|
|
7
|
+
import { CertificateSerializer, CertificatesHelper } from '../certificates/index.js';
|
|
8
|
+
import { TeeCertificateService } from './TeeCertificateService.js';
|
|
9
|
+
import { calculateObjectHash } from '../utils/helpers/index.js';
|
|
10
|
+
import { OID_CUSTOM_EXTENSION_USER_DATA } from '../constants.js';
|
|
6
11
|
export class TeeBlockVerifier {
|
|
7
12
|
static verifiedTcbs = new Set();
|
|
8
13
|
static async verifyTcb(tcb, utilityData, sgxApiUrl) {
|
|
@@ -11,16 +16,17 @@ export class TeeBlockVerifier {
|
|
|
11
16
|
logger.trace(`Tcb id = ${tcb.tcbId}, already validated`);
|
|
12
17
|
return;
|
|
13
18
|
}
|
|
14
|
-
const quote = Buffer.from(utilityData.quote, 'base64');
|
|
15
19
|
const signedTcbData = {
|
|
16
20
|
checkingTcbId: tcb.tcbId.toString(),
|
|
17
21
|
pubKey: utilityData.pubKey,
|
|
18
22
|
...(await tcb.getPublicData()),
|
|
19
23
|
benchmark: (await Consensus.getBenchmarksByTcbIds([tcb.tcbId], [utilityData.teeOfferId]))[tcb.tcbId],
|
|
20
24
|
};
|
|
21
|
-
const
|
|
22
|
-
|
|
23
|
-
|
|
25
|
+
const isCert = CertificateSerializer.isSerializedCertChain(utilityData.quote);
|
|
26
|
+
logger.trace({ tcbId: tcb.tcbId.toString() }, `Verifying TCB (isCert=${isCert})`);
|
|
27
|
+
isCert
|
|
28
|
+
? await TeeBlockVerifier.verifyWithCertificates(utilityData.quote, signedTcbData)
|
|
29
|
+
: await TeeBlockVerifier.verifyWithQuote(utilityData.quote, signedTcbData, sgxApiUrl);
|
|
24
30
|
// update cache
|
|
25
31
|
this.verifiedTcbs.add(tcb.tcbId);
|
|
26
32
|
if (this.verifiedTcbs.size > config.TLB_CACHE_SIZE) {
|
|
@@ -30,5 +36,24 @@ export class TeeBlockVerifier {
|
|
|
30
36
|
}
|
|
31
37
|
logger.trace(tcb.tcbId, `TCB id = ${tcb.tcbId} added to the cache. Cache size: ${this.verifiedTcbs.size}, cache limit: ${config.TLB_CACHE_SIZE}`);
|
|
32
38
|
}
|
|
39
|
+
static async verifyWithQuote(quoteBase64, signedTcbData, sgxApiUrl) {
|
|
40
|
+
const quote = Buffer.from(quoteBase64, Encoding.base64);
|
|
41
|
+
const validator = new QuoteValidator(sgxApiUrl);
|
|
42
|
+
await validator.checkQuote(quote, TcbDataSerializer.serialize(signedTcbData));
|
|
43
|
+
await validator.checkSignature(quote);
|
|
44
|
+
}
|
|
45
|
+
static async verifyWithCertificates(certs, signedTcbData) {
|
|
46
|
+
const certChain = CertificateSerializer.deserializeCertChain(certs);
|
|
47
|
+
await TeeCertificateService.validateTeeCertChainOrFail(certChain);
|
|
48
|
+
const userDataHashFromCert = CertificatesHelper.getExtensionValue(certChain, OID_CUSTOM_EXTENSION_USER_DATA);
|
|
49
|
+
if (!userDataHashFromCert) {
|
|
50
|
+
throw new Error(`TCB is invalid: userData not found in TCB certificate`);
|
|
51
|
+
}
|
|
52
|
+
const signableDataHash = calculateObjectHash(signedTcbData);
|
|
53
|
+
const signableDataHashBuffer = Buffer.from(signableDataHash.hash, signableDataHash.encoding);
|
|
54
|
+
if (Buffer.compare(userDataHashFromCert, signableDataHashBuffer) !== 0) {
|
|
55
|
+
throw new Error(`TCB is invalid: userData is not match`);
|
|
56
|
+
}
|
|
57
|
+
}
|
|
33
58
|
}
|
|
34
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
59
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiVGVlQmxvY2tWZXJpZmllci5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy90ZWUvVGVlQmxvY2tWZXJpZmllci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEVBQUUsUUFBUSxFQUFFLE1BQU0sd0JBQXdCLENBQUM7QUFDbEQsT0FBTyxNQUFNLE1BQU0sY0FBYyxDQUFDO0FBQ2xDLE9BQU8sRUFBRSxNQUFNLEVBQUUsTUFBTSxjQUFjLENBQUM7QUFFdEMsT0FBTyxFQUFFLGNBQWMsRUFBRSxNQUFNLHFCQUFxQixDQUFDO0FBRXJELE9BQU8sRUFBVyxpQkFBaUIsRUFBRSxNQUFNLG9CQUFvQixDQUFDO0FBQ2hFLE9BQU8sU0FBUyxNQUFNLDhCQUE4QixDQUFDO0FBQ3JELE9BQU8sRUFBRSxxQkFBcUIsRUFBRSxrQkFBa0IsRUFBRSxNQUFNLDBCQUEwQixDQUFDO0FBQ3JGLE9BQU8sRUFBRSxxQkFBcUIsRUFBRSxNQUFNLDRCQUE0QixDQUFDO0FBQ25FLE9BQU8sRUFBRSxtQkFBbUIsRUFBRSxNQUFNLDJCQUEyQixDQUFDO0FBQ2hFLE9BQU8sRUFBRSw4QkFBOEIsRUFBRSxNQUFNLGlCQUFpQixDQUFDO0FBRWpFLE1BQU0sT0FBTyxnQkFBZ0I7SUFDbkIsTUFBTSxDQUFVLFlBQVksR0FBc0IsSUFBSSxHQUFHLEVBQUUsQ0FBQztJQUVwRSxNQUFNLENBQUMsS0FBSyxDQUFDLFNBQVMsQ0FBQyxHQUFRLEVBQUUsV0FBMkIsRUFBRSxTQUFpQjtRQUM3RSxjQUFjO1FBQ2QsSUFBSSxJQUFJLENBQUMsWUFBWSxDQUFDLEdBQUcsQ0FBQyxHQUFHLENBQUMsS0FBSyxDQUFDLEVBQUUsQ0FBQztZQUNyQyxNQUFNLENBQUMsS0FBSyxDQUFDLFlBQVksR0FBRyxDQUFDLEtBQUsscUJBQXFCLENBQUMsQ0FBQztZQUN6RCxPQUFPO1FBQ1QsQ0FBQztRQUVELE1BQU0sYUFBYSxHQUFHO1lBQ3BCLGFBQWEsRUFBRSxHQUFHLENBQUMsS0FBSyxDQUFDLFFBQVEsRUFBRTtZQUNuQyxNQUFNLEVBQUUsV0FBVyxDQUFDLE1BQU07WUFDMUIsR0FBRyxDQUFDLE1BQU0sR0FBRyxDQUFDLGFBQWEsRUFBRSxDQUFDO1lBQzlCLFNBQVMsRUFBRSxDQUFDLE1BQU0sU0FBUyxDQUFDLHFCQUFxQixDQUFDLENBQUMsR0FBRyxDQUFDLEtBQUssQ0FBQyxFQUFFLENBQUMsV0FBVyxDQUFDLFVBQVUsQ0FBQyxDQUFDLENBQUMsQ0FDdkYsR0FBRyxDQUFDLEtBQUssQ0FDVjtTQUNGLENBQUM7UUFDRixNQUFNLE1BQU0sR0FBRyxxQkFBcUIsQ0FBQyxxQkFBcUIsQ0FBQyxXQUFXLENBQUMsS0FBSyxDQUFDLENBQUM7UUFDOUUsTUFBTSxDQUFDLEtBQUssQ0FBQyxFQUFFLEtBQUssRUFBRSxHQUFHLENBQUMsS0FBSyxDQUFDLFFBQVEsRUFBRSxFQUFFLEVBQUUseUJBQXlCLE1BQU0sR0FBRyxDQUFDLENBQUM7UUFDbEYsTUFBTTtZQUNKLENBQUMsQ0FBQyxNQUFNLGdCQUFnQixDQUFDLHNCQUFzQixDQUFDLFdBQVcsQ0FBQyxLQUFLLEVBQUUsYUFBYSxDQUFDO1lBQ2pGLENBQUMsQ0FBQyxNQUFNLGdCQUFnQixDQUFDLGVBQWUsQ0FBQyxXQUFXLENBQUMsS0FBSyxFQUFFLGFBQWEsRUFBRSxTQUFTLENBQUMsQ0FBQztRQUV4RixlQUFlO1FBQ2YsSUFBSSxDQUFDLFlBQVksQ0FBQyxHQUFHLENBQUMsR0FBRyxDQUFDLEtBQUssQ0FBQyxDQUFDO1FBQ2pDLElBQUksSUFBSSxDQUFDLFlBQVksQ0FBQyxJQUFJLEdBQUcsTUFBTSxDQUFDLGNBQWMsRUFBRSxDQUFDO1lBQ25ELE1BQU0sQ0FBQyxLQUFLLENBQUMsR0FBRyxJQUFJLENBQUMsWUFBWSxDQUFDLE9BQU8sRUFBRSxDQUFDLElBQUksRUFBRSxDQUFDLEtBQXlCLENBQUM7WUFDN0UsSUFBSSxDQUFDLFlBQVksQ0FBQyxNQUFNLENBQUMsS0FBSyxDQUFDLENBQUM7WUFDaEMsTUFBTSxDQUFDLEtBQUssQ0FDVixLQUFLLEVBQ0wsWUFBWSxLQUFLLHdDQUF3QyxJQUFJLENBQUMsWUFBWSxDQUFDLElBQUksa0JBQWtCLE1BQU0sQ0FBQyxjQUFjLEVBQUUsQ0FDekgsQ0FBQztRQUNKLENBQUM7UUFDRCxNQUFNLENBQUMsS0FBSyxDQUNWLEdBQUcsQ0FBQyxLQUFLLEVBQ1QsWUFBWSxHQUFHLENBQUMsS0FBSyxvQ0FBb0MsSUFBSSxDQUFDLFlBQVksQ0FBQyxJQUFJLGtCQUFrQixNQUFNLENBQUMsY0FBYyxFQUFFLENBQ3pILENBQUM7SUFDSixDQUFDO0lBRU8sTUFBTSxDQUFDLEtBQUssQ0FBQyxlQUFlLENBQ2xDLFdBQW1CLEVBQ25CLGFBQXNCLEVBQ3RCLFNBQWlCO1FBRWpCLE1BQU0sS0FBSyxHQUFHLE1BQU0sQ0FBQyxJQUFJLENBQUMsV0FBVyxFQUFFLFFBQVEsQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUN4RCxNQUFNLFNBQVMsR0FBRyxJQUFJLGNBQWMsQ0FBQyxTQUFTLENBQUMsQ0FBQztRQUNoRCxNQUFNLFNBQVMsQ0FBQyxVQUFVLENBQUMsS0FBSyxFQUFFLGlCQUFpQixDQUFDLFNBQVMsQ0FBQyxhQUFhLENBQUMsQ0FBQyxDQUFDO1FBQzlFLE1BQU0sU0FBUyxDQUFDLGNBQWMsQ0FBQyxLQUFLLENBQUMsQ0FBQztJQUN4QyxDQUFDO0lBRU8sTUFBTSxDQUFDLEtBQUssQ0FBQyxzQkFBc0IsQ0FDekMsS0FBYSxFQUNiLGFBQXNCO1FBRXRCLE1BQU0sU0FBUyxHQUFHLHFCQUFxQixDQUFDLG9CQUFvQixDQUFDLEtBQUssQ0FBQyxDQUFDO1FBQ3BFLE1BQU0scUJBQXFCLENBQUMsMEJBQTBCLENBQUMsU0FBUyxDQUFDLENBQUM7UUFFbEUsTUFBTSxvQkFBb0IsR0FBRyxrQkFBa0IsQ0FBQyxpQkFBaUIsQ0FDL0QsU0FBUyxFQUNULDhCQUE4QixDQUMvQixDQUFDO1FBQ0YsSUFBSSxDQUFDLG9CQUFvQixFQUFFLENBQUM7WUFDMUIsTUFBTSxJQUFJLEtBQUssQ0FBQyx1REFBdUQsQ0FBQyxDQUFDO1FBQzNFLENBQUM7UUFFRCxNQUFNLGdCQUFnQixHQUFHLG1CQUFtQixDQUFDLGFBQWEsQ0FBQyxDQUFDO1FBQzVELE1BQU0sc0JBQXNCLEdBQUcsTUFBTSxDQUFDLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxJQUFJLEVBQUUsZ0JBQWdCLENBQUMsUUFBUSxDQUFDLENBQUM7UUFDN0YsSUFBSSxNQUFNLENBQUMsT0FBTyxDQUFDLG9CQUFvQixFQUFFLHNCQUFzQixDQUFDLEtBQUssQ0FBQyxFQUFFLENBQUM7WUFDdkUsTUFBTSxJQUFJLEtBQUssQ0FBQyx1Q0FBdUMsQ0FBQyxDQUFDO1FBQzNELENBQUM7SUFDSCxDQUFDIn0=
|