@super-protocol/sdk-js 3.8.2 → 3.8.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/constants.d.ts +2 -2
- package/dist/cjs/constants.js +4 -3
- package/dist/cjs/tee/TeeCertificateService.d.ts +3 -1
- package/dist/cjs/tee/TeeCertificateService.js +36 -36
- package/dist/cjs/tee/TeeSignatureVerifier.js +2 -2
- package/dist/cjs/tee/errors.d.ts +2 -0
- package/dist/cjs/tee/errors.js +5 -2
- package/dist/mjs/constants.d.ts +2 -2
- package/dist/mjs/constants.js +3 -2
- package/dist/mjs/tee/TeeCertificateService.d.ts +3 -1
- package/dist/mjs/tee/TeeCertificateService.js +37 -37
- package/dist/mjs/tee/TeeSignatureVerifier.js +3 -3
- package/dist/mjs/tee/errors.d.ts +2 -0
- package/dist/mjs/tee/errors.js +3 -1
- package/package.json +1 -1
package/dist/cjs/constants.d.ts
CHANGED
|
@@ -1,4 +1,3 @@
|
|
|
1
|
-
/// <reference types="node" />
|
|
2
1
|
import { Hash } from '@super-protocol/dto-js';
|
|
3
2
|
export declare const defaultBlockchainUrl = "http://127.0.0.1:8545";
|
|
4
3
|
export declare const defaultGasLimit: bigint;
|
|
@@ -26,7 +25,8 @@ export declare const AMOY_TX_GAS_LIMIT: bigint;
|
|
|
26
25
|
export declare const DEFAULT_OFFER_VERSION = 0;
|
|
27
26
|
export declare const HTTPS_PORT = 443;
|
|
28
27
|
export declare const ZERO_HASH: Hash;
|
|
29
|
-
export declare const TEE_LOADER_TRUSTED_MRSIGNER
|
|
28
|
+
export declare const TEE_LOADER_TRUSTED_MRSIGNER = "4a5cb479b8a30fa3821b88aa29bad04788ea006a9e09925bf3ec36398fc9d64b";
|
|
29
|
+
export declare const TEE_PKI_TRUSTED_MRSIGNER = "34ea7ca88034fe80f209e97cd0f8442f7ba621eb2a5f60393ab05871ae6b979d";
|
|
30
30
|
export declare const TEE_LOADER_TRUSTED_CERTIFICATE = "-----BEGIN CERTIFICATE-----\nMIIEJTCCAo2gAwIBAgIUGvcNLMGAOGK/UWfDl1PDc8v6qTYwDQYJKoZIhvcNAQEL\nBQAwMDEWMBQGA1UEAwwNU3VwZXJQcm90b2NvbDEWMBQGA1UECgwNU3VwZXJQcm90\nb2NvbDAeFw0yNDA5MDQwOTA4MDZaFw0zNDA5MDIwOTA4MDZaMDAxFjAUBgNVBAMM\nDVN1cGVyUHJvdG9jb2wxFjAUBgNVBAoMDVN1cGVyUHJvdG9jb2wwggGgMA0GCSqG\nSIb3DQEBAQUAA4IBjQAwggGIAoIBgQDL326V3vj04Plbjyuhngxu4qTUGju0Yh8Q\n6i3X7GVZAoMMFpFAOD4s4aE+lGYZsX+zi32tQa/EGePKX4+2kvImTH54FPq5tMRv\n/hJt2CKo+O1ddXR5RVigFkdKZP1gWSVwnVhYPBjE6bSySH/CbkgGlKcYy4unaZzw\nXKr6/FbMQ94XNssfpBZ0b/1OzmYkcndRpYbV9biVIx/d5Vz0FHClru2lelREuPZO\nxfzCAJtBVDX5BgugJ1Lodlznu+wgZHpPEd6qZolakNpcFXx3PD1p6RMZp2T38h62\nMjVtpf0EnyzsinH19id/2rCZZ7ME7VyY6jCb0x3pMw8SRXG/Np3L6szItZsasmho\nnodbkQ9igVBbZwEU53VDNLhqMve39JdCkHdOcFLJ4jP7w6jAf5oB3v/28IjlGjyP\nRGycNT9PeY2RvmkDg7BjqrGiudHf1GYdPPcZpFl6Yr76l89HfcBUyUl2ynKb6pBU\njhO1qrNwj7I4d0ZMPa8xO6JFDv7WLz0CAQOjOTA3MAkGA1UdEwQCMAAwCwYDVR0P\nBAQDAgeAMB0GA1UdDgQWBBQiTjvWXxnyck2wUpWfEC7UTab/hjANBgkqhkiG9w0B\nAQsFAAOCAYEAt3/TnuC2ieDLBFx/QEme9OsiqX4wdfU1zBNnL6ECG5J9WXqS08p7\nqkBXV9mbPGwHy1nGhLy3BKgGHZj6+Wv19CKRwGNFkcweqJexzFxbYHyikBTL5n9o\nvL+A3M0PU2iZAyayKpY62TXTxwIDHDOTETTCtubqwnNHkoFYKRz7P075mYg1SJFe\n+cfssv0/IBvdZ8p34JB5hibAkKkZn9SSa6CAFmFG5L5ps9kXumJEti+HPU8fbBdA\nogoTFEQGzYIFNgu7IZ5/PQgNeSPxQFJqRMJYWkBSD/+uOCh3G5cJ2Oe+rwtR5BL3\nuqR6T7QVrRzzDWy0mzo2GYACilBYoGMiXXqxuZB5XHsNobAvZLVbn5wpPyOChvT+\nR5GssD2vxtyGKL++xi9z1x+Yu48RAd9wSNgF8ZOzoGnvDZAyOQlCV5CgwJvHKvI/\n2ONVNHPSXgVgj5ZBi+MXoDVKumEfABtovfwAgU2sXF3m7c7++1Zav5h+tNjmjJ3/\n1kFRhndoOxr4\n-----END CERTIFICATE-----";
|
|
31
31
|
export declare const OID_CUSTOM_EXTENSION_ORDER_REPORT = "1.3.6.1.3.8888.2";
|
|
32
32
|
export declare const OID_CUSTOM_EXTENSION_ORDER_REPORT_HARDWARE_CONTEXT = "1.3.6.1.3.8888.2.1";
|
package/dist/cjs/constants.js
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.SUPERPROTOCOL_CA = exports.OID_OCSP_NONCE = exports.OID_OCSP_ISSUER_ACCESS_METHOD = exports.OID_OCSP_ACCESS_METHOD = exports.OID_CRL_DISTRIBUTION_POINTS = exports.OID_AUTHORITY_INFORMATION_ACCESS_EXTENSION = exports.OID_CUSTOM_EXTENSION_USER_DATA = exports.OID_CUSTOM_EXTENSION_ORDER_REPORT_WORKLOAD_INFO_HASH = exports.OID_CUSTOM_EXTENSION_ORDER_REPORT_SIGNATURE_KEY_HASH = exports.OID_CUSTOM_EXTENSION_ORDER_REPORT_HARDWARE_CONTEXT = exports.OID_CUSTOM_EXTENSION_ORDER_REPORT = exports.TEE_LOADER_TRUSTED_CERTIFICATE = exports.TEE_LOADER_TRUSTED_MRSIGNER = exports.ZERO_HASH = exports.HTTPS_PORT = exports.DEFAULT_OFFER_VERSION = exports.AMOY_TX_GAS_LIMIT = exports.AMOY_TX_COST_LIMIT = exports.POLYGON_MAIN_GASSTATION_URL = exports.POLYGON_AMOY_GASSTATION_URL = exports.POLYGON_AMOY_CHAIN_ID = exports.POLYGON_MAIN_CHAIN_ID = exports.BLOCKCHAIN_BATCH_REQUEST_TIMEOUT = exports.BLOCKCHAIN_CALL_RETRY_INTERVAL = exports.BLOCKCHAIN_CALL_RETRY_ATTEMPTS = exports.POLYGON_MATIC_EVENT_PATH = exports.BLOCK_SIZE_TO_FETCH_TRANSACTION = exports.FIVE_MINUTES = exports.ONE_HOUR = exports.ONE_DAY = exports.txIntervalMs = exports.txConcurrency = exports.defaultMaxPriorityFeePerGasMultiplier = exports.defaultMaxFeePerGasMultiplier = exports.defaultGasLimitMultiplier = exports.defaultGasPriceMultiplier = exports.defaultGasPrice = exports.defaultGasLimit = exports.defaultBlockchainUrl = void 0;
|
|
3
|
+
exports.SUPERPROTOCOL_CA = exports.OID_OCSP_NONCE = exports.OID_OCSP_ISSUER_ACCESS_METHOD = exports.OID_OCSP_ACCESS_METHOD = exports.OID_CRL_DISTRIBUTION_POINTS = exports.OID_AUTHORITY_INFORMATION_ACCESS_EXTENSION = exports.OID_CUSTOM_EXTENSION_USER_DATA = exports.OID_CUSTOM_EXTENSION_ORDER_REPORT_WORKLOAD_INFO_HASH = exports.OID_CUSTOM_EXTENSION_ORDER_REPORT_SIGNATURE_KEY_HASH = exports.OID_CUSTOM_EXTENSION_ORDER_REPORT_HARDWARE_CONTEXT = exports.OID_CUSTOM_EXTENSION_ORDER_REPORT = exports.TEE_LOADER_TRUSTED_CERTIFICATE = exports.TEE_PKI_TRUSTED_MRSIGNER = exports.TEE_LOADER_TRUSTED_MRSIGNER = exports.ZERO_HASH = exports.HTTPS_PORT = exports.DEFAULT_OFFER_VERSION = exports.AMOY_TX_GAS_LIMIT = exports.AMOY_TX_COST_LIMIT = exports.POLYGON_MAIN_GASSTATION_URL = exports.POLYGON_AMOY_GASSTATION_URL = exports.POLYGON_AMOY_CHAIN_ID = exports.POLYGON_MAIN_CHAIN_ID = exports.BLOCKCHAIN_BATCH_REQUEST_TIMEOUT = exports.BLOCKCHAIN_CALL_RETRY_INTERVAL = exports.BLOCKCHAIN_CALL_RETRY_ATTEMPTS = exports.POLYGON_MATIC_EVENT_PATH = exports.BLOCK_SIZE_TO_FETCH_TRANSACTION = exports.FIVE_MINUTES = exports.ONE_HOUR = exports.ONE_DAY = exports.txIntervalMs = exports.txConcurrency = exports.defaultMaxPriorityFeePerGasMultiplier = exports.defaultMaxFeePerGasMultiplier = exports.defaultGasLimitMultiplier = exports.defaultGasPriceMultiplier = exports.defaultGasPrice = exports.defaultGasLimit = exports.defaultBlockchainUrl = void 0;
|
|
4
4
|
const dto_js_1 = require("@super-protocol/dto-js");
|
|
5
5
|
exports.defaultBlockchainUrl = 'http://127.0.0.1:8545';
|
|
6
6
|
exports.defaultGasLimit = BigInt(7000000);
|
|
@@ -32,7 +32,8 @@ exports.ZERO_HASH = {
|
|
|
32
32
|
algo: dto_js_1.HashAlgorithm.SHA256,
|
|
33
33
|
encoding: dto_js_1.Encoding.base64,
|
|
34
34
|
};
|
|
35
|
-
exports.TEE_LOADER_TRUSTED_MRSIGNER =
|
|
35
|
+
exports.TEE_LOADER_TRUSTED_MRSIGNER = '4a5cb479b8a30fa3821b88aa29bad04788ea006a9e09925bf3ec36398fc9d64b';
|
|
36
|
+
exports.TEE_PKI_TRUSTED_MRSIGNER = '34ea7ca88034fe80f209e97cd0f8442f7ba621eb2a5f60393ab05871ae6b979d';
|
|
36
37
|
exports.TEE_LOADER_TRUSTED_CERTIFICATE = `-----BEGIN CERTIFICATE-----
|
|
37
38
|
MIIEJTCCAo2gAwIBAgIUGvcNLMGAOGK/UWfDl1PDc8v6qTYwDQYJKoZIhvcNAQEL
|
|
38
39
|
BQAwMDEWMBQGA1UEAwwNU3VwZXJQcm90b2NvbDEWMBQGA1UECgwNU3VwZXJQcm90
|
|
@@ -191,4 +192,4 @@ Z/dda6qpPxXBiwhpfcFJtpiP0tIYhS6LJgFnSAdEE9G1HwYUrCYsjQ2LCgBQDqYB
|
|
|
191
192
|
balDQD+0bddS+Jvj4ELLmKRk/yX51Lqx6YYr0rSX7t9RaI9F9muzzQ4mWzWA6ief
|
|
192
193
|
YwF1StA=
|
|
193
194
|
-----END CERTIFICATE-----`;
|
|
194
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
195
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY29uc3RhbnRzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL2NvbnN0YW50cy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSxtREFBdUU7QUFFMUQsUUFBQSxvQkFBb0IsR0FBRyx1QkFBdUIsQ0FBQztBQUMvQyxRQUFBLGVBQWUsR0FBRyxNQUFNLENBQUMsT0FBTyxDQUFDLENBQUM7QUFDbEMsUUFBQSxlQUFlLEdBQUcsTUFBTSxDQUFDLFVBQVUsQ0FBQyxDQUFDO0FBQ3JDLFFBQUEseUJBQXlCLEdBQUcsQ0FBQyxDQUFDO0FBQzlCLFFBQUEseUJBQXlCLEdBQUcsR0FBRyxDQUFDO0FBQ2hDLFFBQUEsNkJBQTZCLEdBQUcsQ0FBQyxDQUFDO0FBQ2xDLFFBQUEscUNBQXFDLEdBQUcsR0FBRyxDQUFDO0FBQzVDLFFBQUEsYUFBYSxHQUFHLEVBQUUsQ0FBQztBQUNuQixRQUFBLFlBQVksR0FBRyxFQUFFLENBQUM7QUFDbEIsUUFBQSxPQUFPLEdBQUcsRUFBRSxHQUFHLEVBQUUsR0FBRyxFQUFFLENBQUM7QUFDdkIsUUFBQSxRQUFRLEdBQUcsRUFBRSxHQUFHLEVBQUUsQ0FBQztBQUNuQixRQUFBLFlBQVksR0FBRyxDQUFDLEdBQUcsRUFBRSxDQUFDO0FBQ3RCLFFBQUEsK0JBQStCLEdBQUcsR0FBRyxDQUFDO0FBQ3RDLFFBQUEsd0JBQXdCLEdBQUcsNENBQTRDLENBQUM7QUFDeEUsUUFBQSw4QkFBOEIsR0FBRyxFQUFFLENBQUM7QUFDcEMsUUFBQSw4QkFBOEIsR0FBRyxJQUFJLENBQUM7QUFDdEMsUUFBQSxnQ0FBZ0MsR0FBRyxLQUFLLENBQUM7QUFDekMsUUFBQSxxQkFBcUIsR0FBRyxHQUFHLENBQUM7QUFDNUIsUUFBQSxxQkFBcUIsR0FBRyxLQUFLLENBQUM7QUFDOUIsUUFBQSwyQkFBMkIsR0FBRyw0Q0FBNEMsQ0FBQztBQUMzRSxRQUFBLDJCQUEyQixHQUFHLDBDQUEwQyxDQUFDO0FBQ3pFLFFBQUEsa0JBQWtCLEdBQUcsTUFBTSxDQUFDLG9CQUFvQixDQUFDLENBQUM7QUFDbEQsUUFBQSxpQkFBaUIsR0FBRyxNQUFNLENBQUMsU0FBUyxDQUFDLENBQUM7QUFDdEMsUUFBQSxxQkFBcUIsR0FBRyxDQUFDLENBQUM7QUFDMUIsUUFBQSxVQUFVLEdBQUcsR0FBRyxDQUFDO0FBQ2pCLFFBQUEsU0FBUyxHQUFTO0lBQzdCLElBQUksRUFBRSxrRUFBa0U7SUFDeEUsSUFBSSxFQUFFLHNCQUFhLENBQUMsTUFBTTtJQUMxQixRQUFRLEVBQUUsaUJBQVEsQ0FBQyxNQUFNO0NBQzFCLENBQUM7QUFDVyxRQUFBLDJCQUEyQixHQUN0QyxrRUFBa0UsQ0FBQztBQUN4RCxRQUFBLHdCQUF3QixHQUNuQyxrRUFBa0UsQ0FBQztBQUV4RCxRQUFBLDhCQUE4QixHQUFHOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7MEJBd0JwQixDQUFDO0FBQ2QsUUFBQSxpQ0FBaUMsR0FBRyxrQkFBa0IsQ0FBQztBQUN2RCxRQUFBLGtEQUFrRCxHQUFHLEdBQUcseUNBQWlDLElBQUksQ0FBQztBQUM5RixRQUFBLG9EQUFvRCxHQUFHLEdBQUcseUNBQWlDLElBQUksQ0FBQztBQUNoRyxRQUFBLG9EQUFvRCxHQUFHLEdBQUcseUNBQWlDLElBQUksQ0FBQztBQUNoRyxRQUFBLDhCQUE4QixHQUFHLEdBQUcseUNBQWlDLElBQUksQ0FBQztBQUMxRSxRQUFBLDBDQUEwQyxHQUFHLG1CQUFtQixDQUFDO0FBQ2pFLFFBQUEsMkJBQTJCLEdBQUcsV0FBVyxDQUFDO0FBQzFDLFFBQUEsc0JBQXNCLEdBQUcsb0JBQW9CLENBQUM7QUFDOUMsUUFBQSw2QkFBNkIsR0FBRyxvQkFBb0IsQ0FBQztBQUNyRCxRQUFBLGNBQWMsR0FBRyxzQkFBc0IsQ0FBQztBQUN4QyxRQUFBLGdCQUFnQixHQUFHOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OzswQkEwSE4sQ0FBQyJ9
|
|
@@ -11,7 +11,9 @@ export interface ValidateTeeCertChainResult {
|
|
|
11
11
|
export declare class TeeCertificateService {
|
|
12
12
|
static validateTeeCertChainOrFail(certsPem: string): Promise<void>;
|
|
13
13
|
static validateTeeCertChain(certsPem: string): Promise<ValidateTeeCertChainResult>;
|
|
14
|
+
private static validateChallenge;
|
|
15
|
+
private static validateGpuChallenge;
|
|
14
16
|
private static validateChallengeSgx;
|
|
15
17
|
private static validateChallengeTdxAndSnp;
|
|
16
|
-
private static
|
|
18
|
+
private static getGpuInfoFromCert;
|
|
17
19
|
}
|
|
@@ -32,48 +32,48 @@ class TeeCertificateService {
|
|
|
32
32
|
// ROOT CA doesn't have challenge. but we trust it as it is in SUPERPROTOCOL_CA constant
|
|
33
33
|
const { certs } = index_js_1.CertificatesHelper.extractCAFromChain(certsPem);
|
|
34
34
|
const sortedCerts = index_js_1.CertificatesHelper.sortCertsFromLeafToRoot(certs);
|
|
35
|
-
const challenges = sortedCerts.map((cert) => index_js_1.CertificatesHelper.getExtensionValue(cert, pki_common_1.OID_CUSTOM_EXTENSION_CHALLENGE_TYPE)?.toString('binary'));
|
|
36
|
-
if (challenges.some((challenge) => !challenge || challenge === pki_common_1.ChallengeType.Untrusted)) {
|
|
37
|
-
return {
|
|
38
|
-
isValid: false,
|
|
39
|
-
errorCode: ValidateTeeCertChainErrorCode.NOT_ALLOWED_CHALLENGE,
|
|
40
|
-
errorMessage: `Cert chain has cert without or Untrusted challenge`,
|
|
41
|
-
};
|
|
42
|
-
}
|
|
43
|
-
const leafCertChallengeType = challenges[0];
|
|
44
35
|
try {
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
break;
|
|
49
|
-
case pki_common_1.ChallengeType.TDX:
|
|
50
|
-
case pki_common_1.ChallengeType.AMDSEV:
|
|
51
|
-
await TeeCertificateService.validateChallengeTdxAndSnp(certsPem);
|
|
52
|
-
break;
|
|
53
|
-
default:
|
|
54
|
-
return {
|
|
55
|
-
isValid: false,
|
|
56
|
-
errorCode: ValidateTeeCertChainErrorCode.NOT_ALLOWED_CHALLENGE,
|
|
57
|
-
errorMessage: `Challenge type ${leafCertChallengeType || `[none]`} is missing or not allowed!`,
|
|
58
|
-
};
|
|
59
|
-
}
|
|
60
|
-
const gpusInfo = TeeCertificateService.getGPUInfoFromCert(certsPem);
|
|
61
|
-
const gpusInDebugMode = gpusInfo.filter((gpu) => gpu.dbgStat);
|
|
62
|
-
if (gpusInDebugMode.length) {
|
|
63
|
-
throw new Error(`The certificate contains information about GPU that is running in debug mode: ${JSON.stringify(gpusInDebugMode)}`);
|
|
64
|
-
}
|
|
36
|
+
await Promise.all(sortedCerts.map((cert) => TeeCertificateService.validateChallenge(cert)));
|
|
37
|
+
const leafCert = sortedCerts[0];
|
|
38
|
+
await TeeCertificateService.validateGpuChallenge(leafCert);
|
|
65
39
|
}
|
|
66
40
|
catch (err) {
|
|
67
41
|
return {
|
|
68
42
|
isValid: false,
|
|
69
|
-
errorCode:
|
|
43
|
+
errorCode: err instanceof errors_js_1.NotAllowedChallengeError
|
|
44
|
+
? ValidateTeeCertChainErrorCode.NOT_ALLOWED_CHALLENGE
|
|
45
|
+
: ValidateTeeCertChainErrorCode.CHALLENGE_IS_INVALID,
|
|
70
46
|
errorMessage: `Challenge is not valid! (${err.message})`,
|
|
71
47
|
};
|
|
72
48
|
}
|
|
73
49
|
return { isValid: true };
|
|
74
50
|
}
|
|
75
|
-
static
|
|
76
|
-
const
|
|
51
|
+
static async validateChallenge(cert) {
|
|
52
|
+
const challengeType = index_js_1.CertificatesHelper.getExtensionValue(cert, pki_common_1.OID_CUSTOM_EXTENSION_CHALLENGE_TYPE)?.toString('binary');
|
|
53
|
+
if (challengeType === pki_common_1.ChallengeType.Untrusted) {
|
|
54
|
+
throw new errors_js_1.NotAllowedChallengeError(`Cert chain has cert with Untrusted challenge`);
|
|
55
|
+
}
|
|
56
|
+
switch (challengeType) {
|
|
57
|
+
case pki_common_1.ChallengeType.SGXDCAP:
|
|
58
|
+
TeeCertificateService.validateChallengeSgx(cert);
|
|
59
|
+
break;
|
|
60
|
+
case pki_common_1.ChallengeType.TDX:
|
|
61
|
+
case pki_common_1.ChallengeType.AMDSEV:
|
|
62
|
+
await TeeCertificateService.validateChallengeTdxAndSnp(cert);
|
|
63
|
+
break;
|
|
64
|
+
default:
|
|
65
|
+
throw new errors_js_1.NotAllowedChallengeError(`Challenge type ${challengeType || `[none]`} is missing or not allowed!`);
|
|
66
|
+
}
|
|
67
|
+
}
|
|
68
|
+
static validateGpuChallenge(cert) {
|
|
69
|
+
const gpusInfo = TeeCertificateService.getGpuInfoFromCert(cert);
|
|
70
|
+
const gpusInDebugMode = gpusInfo.filter((gpu) => gpu.dbgStat);
|
|
71
|
+
if (gpusInDebugMode.length) {
|
|
72
|
+
throw new Error(`The certificate contains information about GPU that is running in debug mode: ${JSON.stringify(gpusInDebugMode)}`);
|
|
73
|
+
}
|
|
74
|
+
}
|
|
75
|
+
static validateChallengeSgx(cert) {
|
|
76
|
+
const mrSignerBinaryString = index_js_1.CertificatesHelper.getExtensionValue(cert, pki_common_1.OID_CUSTOM_EXTENSION_CHALLENGE_COMMON_ID);
|
|
77
77
|
if (!mrSignerBinaryString) {
|
|
78
78
|
throw new Error(`SGX challenge signature is wrong!`);
|
|
79
79
|
}
|
|
@@ -84,8 +84,8 @@ class TeeCertificateService {
|
|
|
84
84
|
throw new Error(`SGX challenge signature is wrong!`);
|
|
85
85
|
}
|
|
86
86
|
}
|
|
87
|
-
static async validateChallengeTdxAndSnp(
|
|
88
|
-
const mrEnclaveBinaryString = index_js_1.CertificatesHelper.getExtensionValue(
|
|
87
|
+
static async validateChallengeTdxAndSnp(cert) {
|
|
88
|
+
const mrEnclaveBinaryString = index_js_1.CertificatesHelper.getExtensionValue(cert, pki_common_1.OID_CUSTOM_EXTENSION_CHALLENGE_ID);
|
|
89
89
|
if (!mrEnclaveBinaryString) {
|
|
90
90
|
throw new Error(`Challenge id is missing in certificate!`);
|
|
91
91
|
}
|
|
@@ -100,7 +100,7 @@ class TeeCertificateService {
|
|
|
100
100
|
throw new Error(message);
|
|
101
101
|
}
|
|
102
102
|
}
|
|
103
|
-
static
|
|
103
|
+
static getGpuInfoFromCert(cert) {
|
|
104
104
|
let gpusInfo = { gpus: [] };
|
|
105
105
|
const gpusInfoRaw = index_js_1.CertificatesHelper.getExtensionValue(cert, pki_common_1.OID_CUSTOM_EXTENSION_NVIDIA_INFO_GPU);
|
|
106
106
|
if (gpusInfoRaw) {
|
|
@@ -119,4 +119,4 @@ class TeeCertificateService {
|
|
|
119
119
|
}
|
|
120
120
|
}
|
|
121
121
|
exports.TeeCertificateService = TeeCertificateService;
|
|
122
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
122
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiVGVlQ2VydGlmaWNhdGVTZXJ2aWNlLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL3RlZS9UZWVDZXJ0aWZpY2F0ZVNlcnZpY2UudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQUEsa0RBQW1EO0FBQ25ELDJEQU1vQztBQUNwQyx1RUFBaUU7QUFDakUsMkNBQThFO0FBQzlFLHVEQUE4RDtBQUM5RCxvREFBcUU7QUFHckUsSUFBWSw2QkFJWDtBQUpELFdBQVksNkJBQTZCO0lBQ3ZDLGdGQUErQyxDQUFBO0lBQy9DLGdGQUErQyxDQUFBO0lBQy9DLDhFQUE2QyxDQUFBO0FBQy9DLENBQUMsRUFKVyw2QkFBNkIsNkNBQTdCLDZCQUE2QixRQUl4QztBQU9ELE1BQWEscUJBQXFCO0lBQ2hDLE1BQU0sQ0FBQyxLQUFLLENBQUMsMEJBQTBCLENBQUMsUUFBZ0I7UUFDdEQsTUFBTSxNQUFNLEdBQUcsTUFBTSxxQkFBcUIsQ0FBQyxvQkFBb0IsQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUMxRSxJQUFJLENBQUMsTUFBTSxDQUFDLE9BQU8sRUFBRSxDQUFDO1lBQ3BCLE1BQU0sSUFBSSxLQUFLLENBQUMsTUFBTSxDQUFDLFlBQVksQ0FBQyxDQUFDO1FBQ3ZDLENBQUM7SUFDSCxDQUFDO0lBRUQsTUFBTSxDQUFDLEtBQUssQ0FBQyxvQkFBb0IsQ0FBQyxRQUFnQjtRQUNoRCxNQUFNLEVBQUUsT0FBTyxFQUFFLFlBQVksRUFBRSxHQUFHLE1BQU0sNkJBQWtCLENBQUMsaUJBQWlCLENBQzFFLFFBQVEsRUFDUiwrQkFBZ0IsQ0FDakIsQ0FBQztRQUVGLElBQUksQ0FBQyxPQUFPLEVBQUUsQ0FBQztZQUNiLE9BQU87Z0JBQ0wsT0FBTyxFQUFFLEtBQUs7Z0JBQ2QsU0FBUyxFQUFFLDZCQUE2QixDQUFDLHFCQUFxQjtnQkFDOUQsWUFBWSxFQUFFLDJCQUEyQixZQUFZLEdBQUc7YUFDekQsQ0FBQztRQUNKLENBQUM7UUFFRCx3RkFBd0Y7UUFDeEYsTUFBTSxFQUFFLEtBQUssRUFBRSxHQUFHLDZCQUFrQixDQUFDLGtCQUFrQixDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQ2xFLE1BQU0sV0FBVyxHQUFHLDZCQUFrQixDQUFDLHVCQUF1QixDQUFDLEtBQUssQ0FBQyxDQUFDO1FBRXRFLElBQUksQ0FBQztZQUNILE1BQU0sT0FBTyxDQUFDLEdBQUcsQ0FBQyxXQUFXLENBQUMsR0FBRyxDQUFDLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxxQkFBcUIsQ0FBQyxpQkFBaUIsQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLENBQUM7WUFFNUYsTUFBTSxRQUFRLEdBQUcsV0FBVyxDQUFDLENBQUMsQ0FBQyxDQUFDO1lBQ2hDLE1BQU0scUJBQXFCLENBQUMsb0JBQW9CLENBQUMsUUFBUSxDQUFDLENBQUM7UUFDN0QsQ0FBQztRQUFDLE9BQU8sR0FBRyxFQUFFLENBQUM7WUFDYixPQUFPO2dCQUNMLE9BQU8sRUFBRSxLQUFLO2dCQUNkLFNBQVMsRUFDUCxHQUFHLFlBQVksb0NBQXdCO29CQUNyQyxDQUFDLENBQUMsNkJBQTZCLENBQUMscUJBQXFCO29CQUNyRCxDQUFDLENBQUMsNkJBQTZCLENBQUMsb0JBQW9CO2dCQUN4RCxZQUFZLEVBQUUsNEJBQTZCLEdBQWEsQ0FBQyxPQUFPLEdBQUc7YUFDcEUsQ0FBQztRQUNKLENBQUM7UUFFRCxPQUFPLEVBQUUsT0FBTyxFQUFFLElBQUksRUFBRSxDQUFDO0lBQzNCLENBQUM7SUFFTyxNQUFNLENBQUMsS0FBSyxDQUFDLGlCQUFpQixDQUFDLElBQWdDO1FBQ3JFLE1BQU0sYUFBYSxHQUFHLDZCQUFrQixDQUFDLGlCQUFpQixDQUN4RCxJQUFJLEVBQ0osZ0RBQW1DLENBQ3BDLEVBQUUsUUFBUSxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBRXRCLElBQUksYUFBYSxLQUFLLDBCQUFhLENBQUMsU0FBUyxFQUFFLENBQUM7WUFDOUMsTUFBTSxJQUFJLG9DQUF3QixDQUFDLDhDQUE4QyxDQUFDLENBQUM7UUFDckYsQ0FBQztRQUVELFFBQVEsYUFBYSxFQUFFLENBQUM7WUFDdEIsS0FBSywwQkFBYSxDQUFDLE9BQU87Z0JBQ3hCLHFCQUFxQixDQUFDLG9CQUFvQixDQUFDLElBQUksQ0FBQyxDQUFDO2dCQUNqRCxNQUFNO1lBQ1IsS0FBSywwQkFBYSxDQUFDLEdBQUcsQ0FBQztZQUN2QixLQUFLLDBCQUFhLENBQUMsTUFBTTtnQkFDdkIsTUFBTSxxQkFBcUIsQ0FBQywwQkFBMEIsQ0FBQyxJQUFJLENBQUMsQ0FBQztnQkFDN0QsTUFBTTtZQUVSO2dCQUNFLE1BQU0sSUFBSSxvQ0FBd0IsQ0FDaEMsa0JBQWtCLGFBQWEsSUFBSSxRQUFRLDZCQUE2QixDQUN6RSxDQUFDO1FBQ04sQ0FBQztJQUNILENBQUM7SUFFTyxNQUFNLENBQUMsb0JBQW9CLENBQUMsSUFBZ0M7UUFDbEUsTUFBTSxRQUFRLEdBQUcscUJBQXFCLENBQUMsa0JBQWtCLENBQUMsSUFBSSxDQUFDLENBQUM7UUFDaEUsTUFBTSxlQUFlLEdBQUcsUUFBUSxDQUFDLE1BQU0sQ0FBQyxDQUFDLEdBQUcsRUFBRSxFQUFFLENBQUMsR0FBRyxDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBQzlELElBQUksZUFBZSxDQUFDLE1BQU0sRUFBRSxDQUFDO1lBQzNCLE1BQU0sSUFBSSxLQUFLLENBQ2IsaUZBQWlGLElBQUksQ0FBQyxTQUFTLENBQUMsZUFBZSxDQUFDLEVBQUUsQ0FDbkgsQ0FBQztRQUNKLENBQUM7SUFDSCxDQUFDO0lBRU8sTUFBTSxDQUFDLG9CQUFvQixDQUFDLElBQWdDO1FBQ2xFLE1BQU0sb0JBQW9CLEdBQUcsNkJBQWtCLENBQUMsaUJBQWlCLENBQy9ELElBQUksRUFDSixxREFBd0MsQ0FDekMsQ0FBQztRQUNGLElBQUksQ0FBQyxvQkFBb0IsRUFBRSxDQUFDO1lBQzFCLE1BQU0sSUFBSSxLQUFLLENBQUMsbUNBQW1DLENBQUMsQ0FBQztRQUN2RCxDQUFDO1FBRUQsSUFBSSxDQUFDO1lBQ0gsOENBQW9CLENBQUMsb0JBQW9CLENBQUMsb0JBQW9CLENBQUMsQ0FBQztRQUNsRSxDQUFDO1FBQUMsT0FBTyxHQUFHLEVBQUUsQ0FBQztZQUNiLE1BQU0sSUFBSSxLQUFLLENBQUMsbUNBQW1DLENBQUMsQ0FBQztRQUN2RCxDQUFDO0lBQ0gsQ0FBQztJQUVPLE1BQU0sQ0FBQyxLQUFLLENBQUMsMEJBQTBCLENBQUMsSUFBZ0M7UUFDOUUsTUFBTSxxQkFBcUIsR0FBRyw2QkFBa0IsQ0FBQyxpQkFBaUIsQ0FDaEUsSUFBSSxFQUNKLDhDQUFpQyxDQUNsQyxDQUFDO1FBQ0YsSUFBSSxDQUFDLHFCQUFxQixFQUFFLENBQUM7WUFDM0IsTUFBTSxJQUFJLEtBQUssQ0FBQyx5Q0FBeUMsQ0FBQyxDQUFDO1FBQzdELENBQUM7UUFFRCxJQUFJLENBQUM7WUFDSCxNQUFNLDhDQUFvQixDQUFDLDBCQUEwQixDQUFDLHFCQUFxQixDQUFDLENBQUM7UUFDL0UsQ0FBQztRQUFDLE9BQU8sR0FBRyxFQUFFLENBQUM7WUFDYixNQUFNLE9BQU8sR0FBRywyQkFBMkIsQ0FBQztZQUM1QyxJQUFJLEdBQUcsWUFBWSxpQ0FBcUIsRUFBRSxDQUFDO2dCQUN6QyxNQUFNLElBQUksS0FBSyxDQUFDLEdBQUcsT0FBTyxJQUFJLEdBQUcsQ0FBQyxPQUFPLEVBQUUsQ0FBQyxDQUFDO1lBQy9DLENBQUM7WUFDRCxNQUFNLElBQUksS0FBSyxDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBQzNCLENBQUM7SUFDSCxDQUFDO0lBRU8sTUFBTSxDQUFDLGtCQUFrQixDQUFDLElBQWdDO1FBQ2hFLElBQUksUUFBUSxHQUFtQixFQUFFLElBQUksRUFBRSxFQUFFLEVBQUUsQ0FBQztRQUM1QyxNQUFNLFdBQVcsR0FBRyw2QkFBa0IsQ0FBQyxpQkFBaUIsQ0FDdEQsSUFBSSxFQUNKLGlEQUFvQyxDQUNyQyxDQUFDO1FBRUYsSUFBSSxXQUFXLEVBQUUsQ0FBQztZQUNoQixJQUFJLENBQUM7Z0JBQ0gsUUFBUSxHQUFHLDJCQUFjLENBQUMsTUFBTSxDQUFDLFdBQVcsQ0FBQyxDQUFDO1lBQ2hELENBQUM7WUFBQyxPQUFPLEdBQUcsRUFBRSxDQUFDO2dCQUNiLE1BQU0sT0FBTyxHQUFHLDJCQUEyQixDQUFDO2dCQUM1QyxJQUFJLEdBQUcsWUFBWSxLQUFLLEVBQUUsQ0FBQztvQkFDekIsTUFBTSxJQUFJLEtBQUssQ0FBQyxHQUFHLE9BQU8sSUFBSSxHQUFHLENBQUMsT0FBTyxFQUFFLENBQUMsQ0FBQztnQkFDL0MsQ0FBQztnQkFDRCxNQUFNLElBQUksS0FBSyxDQUFDLE9BQU8sQ0FBQyxDQUFDO1lBQzNCLENBQUM7UUFDSCxDQUFDO1FBQ0QsT0FBTyxRQUFRLENBQUMsSUFBSSxDQUFDO0lBQ3ZCLENBQUM7Q0FDRjtBQXpJRCxzREF5SUMifQ==
|
|
@@ -16,7 +16,7 @@ class TeeSignatureVerifier {
|
|
|
16
16
|
* @throws Error If signature validation fails
|
|
17
17
|
*/
|
|
18
18
|
static validateSignatureSgx(mrSigner) {
|
|
19
|
-
if (
|
|
19
|
+
if (![constants_js_1.TEE_PKI_TRUSTED_MRSIGNER, constants_js_1.TEE_LOADER_TRUSTED_MRSIGNER].includes(mrSigner.toString('hex'))) {
|
|
20
20
|
throw new index_js_1.InvalidSignatureError('Quote has an invalid MR signer');
|
|
21
21
|
}
|
|
22
22
|
}
|
|
@@ -88,4 +88,4 @@ class TeeSignatureVerifier {
|
|
|
88
88
|
}
|
|
89
89
|
}
|
|
90
90
|
exports.TeeSignatureVerifier = TeeSignatureVerifier;
|
|
91
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
91
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiVGVlU2lnbmF0dXJlVmVyaWZpZXIuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvdGVlL1RlZVNpZ25hdHVyZVZlcmlmaWVyLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7OztBQUFBLGtEQUE2QztBQUM3Qyw0REFBK0I7QUFDL0Isa0RBSXlCO0FBQ3pCLDBDQUFvRDtBQUVwRCx3REFBNEQ7QUFPNUQsTUFBYSxvQkFBb0I7SUFDL0I7Ozs7T0FJRztJQUNILE1BQU0sQ0FBQyxvQkFBb0IsQ0FBQyxRQUFvQjtRQUM5QyxJQUNFLENBQUMsQ0FBQyx1Q0FBd0IsRUFBRSwwQ0FBMkIsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxRQUFRLENBQUMsUUFBUSxDQUFDLEtBQUssQ0FBQyxDQUFDLEVBQzNGLENBQUM7WUFDRCxNQUFNLElBQUksZ0NBQXFCLENBQUMsZ0NBQWdDLENBQUMsQ0FBQztRQUNwRSxDQUFDO0lBQ0gsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNILE1BQU0sQ0FBQyxLQUFLLENBQUMsMEJBQTBCLENBQ3JDLFNBQXFCLEVBQ3JCLFVBQWlDLEVBQUUscUJBQXFCLEVBQUUsb0JBQW9CLENBQUMsWUFBWSxFQUFFO1FBRTdGLE1BQU0sRUFBRSxxQkFBcUIsRUFBRSxHQUFHLE9BQU8sQ0FBQztRQUMxQyxNQUFNLElBQUksR0FBRyxvQkFBSyxDQUFDLEdBQUcsQ0FBQyxrQkFBa0IsQ0FBQyw2Q0FBOEIsQ0FBQyxDQUFDO1FBQzFFLE1BQU0sV0FBVyxHQUFHLG9CQUFLLENBQUMsR0FBRyxDQUFDLHNCQUFzQixDQUFDLG9CQUFLLENBQUMsR0FBRyxDQUFDLGFBQWEsQ0FBQyxDQUFDLElBQUksQ0FBQyxDQUFDLEVBQUUsQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDO1FBQzlGLElBQUksQ0FBQyxXQUFXLEVBQUUsQ0FBQztZQUNqQixNQUFNLElBQUksS0FBSyxDQUFDLHlCQUF5QixDQUFDLENBQUM7UUFDN0MsQ0FBQztRQUVELE1BQU0sU0FBUyxHQUFHLElBQUksQ0FBQyxTQUFTLENBQUM7UUFDakMsSUFDRSxDQUFDLE1BQU0sQ0FBQyxTQUFTLENBQUMsY0FBYyxDQUFDLElBQUksQ0FBQyxTQUFTLEVBQUUsR0FBRyxDQUFDO1lBQ3JELENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FBQyxjQUFjLENBQUMsSUFBSSxDQUFDLFNBQVMsRUFBRSxHQUFHLENBQUMsRUFDckQsQ0FBQztZQUNELE1BQU0sSUFBSSxnQ0FBcUIsQ0FBQyw2Q0FBNkMsQ0FBQyxDQUFDO1FBQ2pGLENBQUM7UUFFRCxNQUFNLE1BQU0sR0FBRyxvQkFBSyxDQUFDLEVBQUUsQ0FBQyxNQUFNO2FBQzNCLE1BQU0sRUFBRTthQUNSLE1BQU0sQ0FBQyxNQUFNLENBQUMsWUFBWSxDQUFDLEdBQUcsU0FBUyxDQUFDLENBQUM7YUFDekMsTUFBTSxFQUFFLENBQUM7UUFDWixNQUFNLFNBQVMsR0FBRyxNQUFNLHFCQUFxQixDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsU0FBUyxDQUFDLENBQUMsQ0FBQztRQUV0RSxNQUFNLGdCQUFnQixHQUFJLFNBQXFDLENBQUMsTUFBTSxDQUNwRSxNQUFNLENBQUMsS0FBSyxFQUFFLEVBQ2QsTUFBTSxDQUFDLFlBQVksQ0FBQyxHQUFHLFNBQVMsQ0FBQyxDQUNsQyxDQUFDO1FBQ0YsSUFBSSxDQUFDLGdCQUFnQixFQUFFLENBQUM7WUFDdEIsTUFBTSxJQUFJLGdDQUFxQixDQUFDLDBCQUEwQixDQUFDLENBQUM7UUFDOUQsQ0FBQztJQUNILENBQUM7SUFFRCxNQUFNLENBQUMsS0FBSyxDQUFDLFlBQVksQ0FBQyxTQUFpQixFQUFFLE9BQWdDO1FBQzNFLE1BQU0sT0FBTyxHQUFHLE9BQU8sRUFBRSxPQUFPLElBQUksd0RBQXdELENBQUM7UUFDN0YsTUFBTSxRQUFRLEdBQUcsT0FBTyxFQUFFLFFBQVEsSUFBSSxDQUFDLENBQUM7UUFDeEMsTUFBTSxhQUFhLEdBQUcsT0FBTyxFQUFFLGFBQWEsSUFBSSxJQUFJLENBQUM7UUFDckQsTUFBTSxZQUFZLEdBQUcsU0FBUyxDQUFDLFFBQVEsQ0FBQyxLQUFLLENBQUMsQ0FBQztRQUUvQyxNQUFNLGFBQWEsR0FBRyxlQUFLLENBQUMsTUFBTSxDQUFDO1lBQ2pDLE9BQU87U0FDUixDQUFDLENBQUM7UUFDSCxJQUFJLENBQUM7WUFDSCxNQUFNLFFBQVEsR0FBRyxNQUFNLElBQUEsMEJBQWUsRUFBZ0I7Z0JBQ3BELFdBQVcsQ0FBQyxRQUFRO29CQUNsQixPQUFPLEVBQUUsVUFBVSxFQUFFLFFBQVEsQ0FBQyxNQUFNLEtBQUssR0FBRyxFQUFFLENBQUM7Z0JBQ2pELENBQUM7Z0JBQ0QsT0FBTztvQkFDTCxPQUFPLGFBQWEsQ0FBQyxHQUFHLENBQUMsOEJBQThCLFlBQVksT0FBTyxFQUFFO3dCQUMxRSxZQUFZLEVBQUUsYUFBYTtxQkFDNUIsQ0FBQyxDQUFDO2dCQUNMLENBQUM7Z0JBQ0QsVUFBVSxDQUFDLEdBQUc7b0JBQ1osSUFBSSxlQUFLLENBQUMsWUFBWSxDQUFDLEdBQUcsQ0FBQyxJQUFJLEdBQUcsQ0FBQyxRQUFRLEVBQUUsQ0FBQzt3QkFDNUMsTUFBTSxNQUFNLEdBQUcsR0FBRyxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUM7d0JBRW5DLE9BQU8sRUFBRSxTQUFTLEVBQUUsTUFBTSxHQUFHLEdBQUcsSUFBSSxNQUFNLElBQUksR0FBRyxFQUFFLENBQUM7b0JBQ3RELENBQUM7b0JBQ0QsT0FBTyxFQUFFLFNBQVMsRUFBRSxlQUFLLENBQUMsWUFBWSxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUM7Z0JBQ2hELENBQUM7Z0JBQ0QsYUFBYTtnQkFDYixRQUFRO2FBQ1QsQ0FBQyxDQUFDO1lBRUgsT0FBTyxNQUFNLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUNwQyxDQUFDO1FBQUMsT0FBTyxHQUFHLEVBQUUsQ0FBQztZQUNiLElBQUksZUFBSyxDQUFDLFlBQVksQ0FBQyxHQUFHLENBQUMsSUFBSSxHQUFHLENBQUMsUUFBUSxFQUFFLE1BQU0sS0FBSyxHQUFHLEVBQUUsQ0FBQztnQkFDNUQsTUFBTSxJQUFJLGdDQUFxQixDQUFDLDBDQUEwQyxZQUFZLEVBQUUsQ0FBQyxDQUFDO1lBQzVGLENBQUM7WUFFRCxNQUFNLEdBQUcsQ0FBQztRQUNaLENBQUM7SUFDSCxDQUFDO0NBQ0Y7QUEvRkQsb0RBK0ZDIn0=
|
package/dist/cjs/tee/errors.d.ts
CHANGED
package/dist/cjs/tee/errors.js
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.InvalidSignatureError = exports.TeeQuoteValidatorError = exports.TeeQuoteParserError = exports.TLBlockSerializerError = void 0;
|
|
3
|
+
exports.NotAllowedChallengeError = exports.InvalidSignatureError = exports.TeeQuoteValidatorError = exports.TeeQuoteParserError = exports.TLBlockSerializerError = void 0;
|
|
4
4
|
const index_js_1 = require("../errors/index.js");
|
|
5
5
|
class TLBlockSerializerError extends index_js_1.BaseError {
|
|
6
6
|
}
|
|
@@ -14,4 +14,7 @@ exports.TeeQuoteValidatorError = TeeQuoteValidatorError;
|
|
|
14
14
|
class InvalidSignatureError extends index_js_1.BaseError {
|
|
15
15
|
}
|
|
16
16
|
exports.InvalidSignatureError = InvalidSignatureError;
|
|
17
|
-
|
|
17
|
+
class NotAllowedChallengeError extends index_js_1.BaseError {
|
|
18
|
+
}
|
|
19
|
+
exports.NotAllowedChallengeError = NotAllowedChallengeError;
|
|
20
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZXJyb3JzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL3RlZS9lcnJvcnMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQUEsaURBQStDO0FBRS9DLE1BQWEsc0JBQXVCLFNBQVEsb0JBQVM7Q0FBRztBQUF4RCx3REFBd0Q7QUFFeEQsTUFBYSxtQkFBb0IsU0FBUSxvQkFBUztDQUFHO0FBQXJELGtEQUFxRDtBQUVyRCxNQUFhLHNCQUF1QixTQUFRLG9CQUFTO0NBQUc7QUFBeEQsd0RBQXdEO0FBRXhELE1BQWEscUJBQXNCLFNBQVEsb0JBQVM7Q0FBRztBQUF2RCxzREFBdUQ7QUFFdkQsTUFBYSx3QkFBeUIsU0FBUSxvQkFBUztDQUFHO0FBQTFELDREQUEwRCJ9
|
package/dist/mjs/constants.d.ts
CHANGED
|
@@ -1,4 +1,3 @@
|
|
|
1
|
-
/// <reference types="node" />
|
|
2
1
|
import { Hash } from '@super-protocol/dto-js';
|
|
3
2
|
export declare const defaultBlockchainUrl = "http://127.0.0.1:8545";
|
|
4
3
|
export declare const defaultGasLimit: bigint;
|
|
@@ -26,7 +25,8 @@ export declare const AMOY_TX_GAS_LIMIT: bigint;
|
|
|
26
25
|
export declare const DEFAULT_OFFER_VERSION = 0;
|
|
27
26
|
export declare const HTTPS_PORT = 443;
|
|
28
27
|
export declare const ZERO_HASH: Hash;
|
|
29
|
-
export declare const TEE_LOADER_TRUSTED_MRSIGNER
|
|
28
|
+
export declare const TEE_LOADER_TRUSTED_MRSIGNER = "4a5cb479b8a30fa3821b88aa29bad04788ea006a9e09925bf3ec36398fc9d64b";
|
|
29
|
+
export declare const TEE_PKI_TRUSTED_MRSIGNER = "34ea7ca88034fe80f209e97cd0f8442f7ba621eb2a5f60393ab05871ae6b979d";
|
|
30
30
|
export declare const TEE_LOADER_TRUSTED_CERTIFICATE = "-----BEGIN CERTIFICATE-----\nMIIEJTCCAo2gAwIBAgIUGvcNLMGAOGK/UWfDl1PDc8v6qTYwDQYJKoZIhvcNAQEL\nBQAwMDEWMBQGA1UEAwwNU3VwZXJQcm90b2NvbDEWMBQGA1UECgwNU3VwZXJQcm90\nb2NvbDAeFw0yNDA5MDQwOTA4MDZaFw0zNDA5MDIwOTA4MDZaMDAxFjAUBgNVBAMM\nDVN1cGVyUHJvdG9jb2wxFjAUBgNVBAoMDVN1cGVyUHJvdG9jb2wwggGgMA0GCSqG\nSIb3DQEBAQUAA4IBjQAwggGIAoIBgQDL326V3vj04Plbjyuhngxu4qTUGju0Yh8Q\n6i3X7GVZAoMMFpFAOD4s4aE+lGYZsX+zi32tQa/EGePKX4+2kvImTH54FPq5tMRv\n/hJt2CKo+O1ddXR5RVigFkdKZP1gWSVwnVhYPBjE6bSySH/CbkgGlKcYy4unaZzw\nXKr6/FbMQ94XNssfpBZ0b/1OzmYkcndRpYbV9biVIx/d5Vz0FHClru2lelREuPZO\nxfzCAJtBVDX5BgugJ1Lodlznu+wgZHpPEd6qZolakNpcFXx3PD1p6RMZp2T38h62\nMjVtpf0EnyzsinH19id/2rCZZ7ME7VyY6jCb0x3pMw8SRXG/Np3L6szItZsasmho\nnodbkQ9igVBbZwEU53VDNLhqMve39JdCkHdOcFLJ4jP7w6jAf5oB3v/28IjlGjyP\nRGycNT9PeY2RvmkDg7BjqrGiudHf1GYdPPcZpFl6Yr76l89HfcBUyUl2ynKb6pBU\njhO1qrNwj7I4d0ZMPa8xO6JFDv7WLz0CAQOjOTA3MAkGA1UdEwQCMAAwCwYDVR0P\nBAQDAgeAMB0GA1UdDgQWBBQiTjvWXxnyck2wUpWfEC7UTab/hjANBgkqhkiG9w0B\nAQsFAAOCAYEAt3/TnuC2ieDLBFx/QEme9OsiqX4wdfU1zBNnL6ECG5J9WXqS08p7\nqkBXV9mbPGwHy1nGhLy3BKgGHZj6+Wv19CKRwGNFkcweqJexzFxbYHyikBTL5n9o\nvL+A3M0PU2iZAyayKpY62TXTxwIDHDOTETTCtubqwnNHkoFYKRz7P075mYg1SJFe\n+cfssv0/IBvdZ8p34JB5hibAkKkZn9SSa6CAFmFG5L5ps9kXumJEti+HPU8fbBdA\nogoTFEQGzYIFNgu7IZ5/PQgNeSPxQFJqRMJYWkBSD/+uOCh3G5cJ2Oe+rwtR5BL3\nuqR6T7QVrRzzDWy0mzo2GYACilBYoGMiXXqxuZB5XHsNobAvZLVbn5wpPyOChvT+\nR5GssD2vxtyGKL++xi9z1x+Yu48RAd9wSNgF8ZOzoGnvDZAyOQlCV5CgwJvHKvI/\n2ONVNHPSXgVgj5ZBi+MXoDVKumEfABtovfwAgU2sXF3m7c7++1Zav5h+tNjmjJ3/\n1kFRhndoOxr4\n-----END CERTIFICATE-----";
|
|
31
31
|
export declare const OID_CUSTOM_EXTENSION_ORDER_REPORT = "1.3.6.1.3.8888.2";
|
|
32
32
|
export declare const OID_CUSTOM_EXTENSION_ORDER_REPORT_HARDWARE_CONTEXT = "1.3.6.1.3.8888.2.1";
|
package/dist/mjs/constants.js
CHANGED
|
@@ -29,7 +29,8 @@ export const ZERO_HASH = {
|
|
|
29
29
|
algo: HashAlgorithm.SHA256,
|
|
30
30
|
encoding: Encoding.base64,
|
|
31
31
|
};
|
|
32
|
-
export const TEE_LOADER_TRUSTED_MRSIGNER =
|
|
32
|
+
export const TEE_LOADER_TRUSTED_MRSIGNER = '4a5cb479b8a30fa3821b88aa29bad04788ea006a9e09925bf3ec36398fc9d64b';
|
|
33
|
+
export const TEE_PKI_TRUSTED_MRSIGNER = '34ea7ca88034fe80f209e97cd0f8442f7ba621eb2a5f60393ab05871ae6b979d';
|
|
33
34
|
export const TEE_LOADER_TRUSTED_CERTIFICATE = `-----BEGIN CERTIFICATE-----
|
|
34
35
|
MIIEJTCCAo2gAwIBAgIUGvcNLMGAOGK/UWfDl1PDc8v6qTYwDQYJKoZIhvcNAQEL
|
|
35
36
|
BQAwMDEWMBQGA1UEAwwNU3VwZXJQcm90b2NvbDEWMBQGA1UECgwNU3VwZXJQcm90
|
|
@@ -188,4 +189,4 @@ Z/dda6qpPxXBiwhpfcFJtpiP0tIYhS6LJgFnSAdEE9G1HwYUrCYsjQ2LCgBQDqYB
|
|
|
188
189
|
balDQD+0bddS+Jvj4ELLmKRk/yX51Lqx6YYr0rSX7t9RaI9F9muzzQ4mWzWA6ief
|
|
189
190
|
YwF1StA=
|
|
190
191
|
-----END CERTIFICATE-----`;
|
|
191
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
192
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY29uc3RhbnRzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL2NvbnN0YW50cy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEVBQUUsUUFBUSxFQUFRLGFBQWEsRUFBRSxNQUFNLHdCQUF3QixDQUFDO0FBRXZFLE1BQU0sQ0FBQyxNQUFNLG9CQUFvQixHQUFHLHVCQUF1QixDQUFDO0FBQzVELE1BQU0sQ0FBQyxNQUFNLGVBQWUsR0FBRyxNQUFNLENBQUMsT0FBTyxDQUFDLENBQUM7QUFDL0MsTUFBTSxDQUFDLE1BQU0sZUFBZSxHQUFHLE1BQU0sQ0FBQyxVQUFVLENBQUMsQ0FBQztBQUNsRCxNQUFNLENBQUMsTUFBTSx5QkFBeUIsR0FBRyxDQUFDLENBQUM7QUFDM0MsTUFBTSxDQUFDLE1BQU0seUJBQXlCLEdBQUcsR0FBRyxDQUFDO0FBQzdDLE1BQU0sQ0FBQyxNQUFNLDZCQUE2QixHQUFHLENBQUMsQ0FBQztBQUMvQyxNQUFNLENBQUMsTUFBTSxxQ0FBcUMsR0FBRyxHQUFHLENBQUM7QUFDekQsTUFBTSxDQUFDLE1BQU0sYUFBYSxHQUFHLEVBQUUsQ0FBQztBQUNoQyxNQUFNLENBQUMsTUFBTSxZQUFZLEdBQUcsRUFBRSxDQUFDO0FBQy9CLE1BQU0sQ0FBQyxNQUFNLE9BQU8sR0FBRyxFQUFFLEdBQUcsRUFBRSxHQUFHLEVBQUUsQ0FBQztBQUNwQyxNQUFNLENBQUMsTUFBTSxRQUFRLEdBQUcsRUFBRSxHQUFHLEVBQUUsQ0FBQztBQUNoQyxNQUFNLENBQUMsTUFBTSxZQUFZLEdBQUcsQ0FBQyxHQUFHLEVBQUUsQ0FBQztBQUNuQyxNQUFNLENBQUMsTUFBTSwrQkFBK0IsR0FBRyxHQUFHLENBQUM7QUFDbkQsTUFBTSxDQUFDLE1BQU0sd0JBQXdCLEdBQUcsNENBQTRDLENBQUM7QUFDckYsTUFBTSxDQUFDLE1BQU0sOEJBQThCLEdBQUcsRUFBRSxDQUFDO0FBQ2pELE1BQU0sQ0FBQyxNQUFNLDhCQUE4QixHQUFHLElBQUksQ0FBQztBQUNuRCxNQUFNLENBQUMsTUFBTSxnQ0FBZ0MsR0FBRyxLQUFLLENBQUM7QUFDdEQsTUFBTSxDQUFDLE1BQU0scUJBQXFCLEdBQUcsR0FBRyxDQUFDO0FBQ3pDLE1BQU0sQ0FBQyxNQUFNLHFCQUFxQixHQUFHLEtBQUssQ0FBQztBQUMzQyxNQUFNLENBQUMsTUFBTSwyQkFBMkIsR0FBRyw0Q0FBNEMsQ0FBQztBQUN4RixNQUFNLENBQUMsTUFBTSwyQkFBMkIsR0FBRywwQ0FBMEMsQ0FBQztBQUN0RixNQUFNLENBQUMsTUFBTSxrQkFBa0IsR0FBRyxNQUFNLENBQUMsb0JBQW9CLENBQUMsQ0FBQztBQUMvRCxNQUFNLENBQUMsTUFBTSxpQkFBaUIsR0FBRyxNQUFNLENBQUMsU0FBUyxDQUFDLENBQUM7QUFDbkQsTUFBTSxDQUFDLE1BQU0scUJBQXFCLEdBQUcsQ0FBQyxDQUFDO0FBQ3ZDLE1BQU0sQ0FBQyxNQUFNLFVBQVUsR0FBRyxHQUFHLENBQUM7QUFDOUIsTUFBTSxDQUFDLE1BQU0sU0FBUyxHQUFTO0lBQzdCLElBQUksRUFBRSxrRUFBa0U7SUFDeEUsSUFBSSxFQUFFLGFBQWEsQ0FBQyxNQUFNO0lBQzFCLFFBQVEsRUFBRSxRQUFRLENBQUMsTUFBTTtDQUMxQixDQUFDO0FBQ0YsTUFBTSxDQUFDLE1BQU0sMkJBQTJCLEdBQ3RDLGtFQUFrRSxDQUFDO0FBQ3JFLE1BQU0sQ0FBQyxNQUFNLHdCQUF3QixHQUNuQyxrRUFBa0UsQ0FBQztBQUVyRSxNQUFNLENBQUMsTUFBTSw4QkFBOEIsR0FBRzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OzBCQXdCcEIsQ0FBQztBQUMzQixNQUFNLENBQUMsTUFBTSxpQ0FBaUMsR0FBRyxrQkFBa0IsQ0FBQztBQUNwRSxNQUFNLENBQUMsTUFBTSxrREFBa0QsR0FBRyxHQUFHLGlDQUFpQyxJQUFJLENBQUM7QUFDM0csTUFBTSxDQUFDLE1BQU0sb0RBQW9ELEdBQUcsR0FBRyxpQ0FBaUMsSUFBSSxDQUFDO0FBQzdHLE1BQU0sQ0FBQyxNQUFNLG9EQUFvRCxHQUFHLEdBQUcsaUNBQWlDLElBQUksQ0FBQztBQUM3RyxNQUFNLENBQUMsTUFBTSw4QkFBOEIsR0FBRyxHQUFHLGlDQUFpQyxJQUFJLENBQUM7QUFDdkYsTUFBTSxDQUFDLE1BQU0sMENBQTBDLEdBQUcsbUJBQW1CLENBQUM7QUFDOUUsTUFBTSxDQUFDLE1BQU0sMkJBQTJCLEdBQUcsV0FBVyxDQUFDO0FBQ3ZELE1BQU0sQ0FBQyxNQUFNLHNCQUFzQixHQUFHLG9CQUFvQixDQUFDO0FBQzNELE1BQU0sQ0FBQyxNQUFNLDZCQUE2QixHQUFHLG9CQUFvQixDQUFDO0FBQ2xFLE1BQU0sQ0FBQyxNQUFNLGNBQWMsR0FBRyxzQkFBc0IsQ0FBQztBQUNyRCxNQUFNLENBQUMsTUFBTSxnQkFBZ0IsR0FBRzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7MEJBMEhOLENBQUMifQ==
|
|
@@ -11,7 +11,9 @@ export interface ValidateTeeCertChainResult {
|
|
|
11
11
|
export declare class TeeCertificateService {
|
|
12
12
|
static validateTeeCertChainOrFail(certsPem: string): Promise<void>;
|
|
13
13
|
static validateTeeCertChain(certsPem: string): Promise<ValidateTeeCertChainResult>;
|
|
14
|
+
private static validateChallenge;
|
|
15
|
+
private static validateGpuChallenge;
|
|
14
16
|
private static validateChallengeSgx;
|
|
15
17
|
private static validateChallengeTdxAndSnp;
|
|
16
|
-
private static
|
|
18
|
+
private static getGpuInfoFromCert;
|
|
17
19
|
}
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { SUPERPROTOCOL_CA } from '../constants.js';
|
|
2
2
|
import { ChallengeType, OID_CUSTOM_EXTENSION_CHALLENGE_COMMON_ID, OID_CUSTOM_EXTENSION_CHALLENGE_ID, OID_CUSTOM_EXTENSION_CHALLENGE_TYPE, OID_CUSTOM_EXTENSION_NVIDIA_INFO_GPU, } from '@super-protocol/pki-common';
|
|
3
3
|
import { TeeSignatureVerifier } from './TeeSignatureVerifier.js';
|
|
4
|
-
import { InvalidSignatureError } from './errors.js';
|
|
4
|
+
import { InvalidSignatureError, NotAllowedChallengeError } from './errors.js';
|
|
5
5
|
import { CertificatesHelper } from '../certificates/index.js';
|
|
6
6
|
import { NvtrustGPUList } from '../proto/Nvtrust.js';
|
|
7
7
|
export var ValidateTeeCertChainErrorCode;
|
|
@@ -29,48 +29,48 @@ export class TeeCertificateService {
|
|
|
29
29
|
// ROOT CA doesn't have challenge. but we trust it as it is in SUPERPROTOCOL_CA constant
|
|
30
30
|
const { certs } = CertificatesHelper.extractCAFromChain(certsPem);
|
|
31
31
|
const sortedCerts = CertificatesHelper.sortCertsFromLeafToRoot(certs);
|
|
32
|
-
const challenges = sortedCerts.map((cert) => CertificatesHelper.getExtensionValue(cert, OID_CUSTOM_EXTENSION_CHALLENGE_TYPE)?.toString('binary'));
|
|
33
|
-
if (challenges.some((challenge) => !challenge || challenge === ChallengeType.Untrusted)) {
|
|
34
|
-
return {
|
|
35
|
-
isValid: false,
|
|
36
|
-
errorCode: ValidateTeeCertChainErrorCode.NOT_ALLOWED_CHALLENGE,
|
|
37
|
-
errorMessage: `Cert chain has cert without or Untrusted challenge`,
|
|
38
|
-
};
|
|
39
|
-
}
|
|
40
|
-
const leafCertChallengeType = challenges[0];
|
|
41
32
|
try {
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
break;
|
|
46
|
-
case ChallengeType.TDX:
|
|
47
|
-
case ChallengeType.AMDSEV:
|
|
48
|
-
await TeeCertificateService.validateChallengeTdxAndSnp(certsPem);
|
|
49
|
-
break;
|
|
50
|
-
default:
|
|
51
|
-
return {
|
|
52
|
-
isValid: false,
|
|
53
|
-
errorCode: ValidateTeeCertChainErrorCode.NOT_ALLOWED_CHALLENGE,
|
|
54
|
-
errorMessage: `Challenge type ${leafCertChallengeType || `[none]`} is missing or not allowed!`,
|
|
55
|
-
};
|
|
56
|
-
}
|
|
57
|
-
const gpusInfo = TeeCertificateService.getGPUInfoFromCert(certsPem);
|
|
58
|
-
const gpusInDebugMode = gpusInfo.filter((gpu) => gpu.dbgStat);
|
|
59
|
-
if (gpusInDebugMode.length) {
|
|
60
|
-
throw new Error(`The certificate contains information about GPU that is running in debug mode: ${JSON.stringify(gpusInDebugMode)}`);
|
|
61
|
-
}
|
|
33
|
+
await Promise.all(sortedCerts.map((cert) => TeeCertificateService.validateChallenge(cert)));
|
|
34
|
+
const leafCert = sortedCerts[0];
|
|
35
|
+
await TeeCertificateService.validateGpuChallenge(leafCert);
|
|
62
36
|
}
|
|
63
37
|
catch (err) {
|
|
64
38
|
return {
|
|
65
39
|
isValid: false,
|
|
66
|
-
errorCode:
|
|
40
|
+
errorCode: err instanceof NotAllowedChallengeError
|
|
41
|
+
? ValidateTeeCertChainErrorCode.NOT_ALLOWED_CHALLENGE
|
|
42
|
+
: ValidateTeeCertChainErrorCode.CHALLENGE_IS_INVALID,
|
|
67
43
|
errorMessage: `Challenge is not valid! (${err.message})`,
|
|
68
44
|
};
|
|
69
45
|
}
|
|
70
46
|
return { isValid: true };
|
|
71
47
|
}
|
|
72
|
-
static
|
|
73
|
-
const
|
|
48
|
+
static async validateChallenge(cert) {
|
|
49
|
+
const challengeType = CertificatesHelper.getExtensionValue(cert, OID_CUSTOM_EXTENSION_CHALLENGE_TYPE)?.toString('binary');
|
|
50
|
+
if (challengeType === ChallengeType.Untrusted) {
|
|
51
|
+
throw new NotAllowedChallengeError(`Cert chain has cert with Untrusted challenge`);
|
|
52
|
+
}
|
|
53
|
+
switch (challengeType) {
|
|
54
|
+
case ChallengeType.SGXDCAP:
|
|
55
|
+
TeeCertificateService.validateChallengeSgx(cert);
|
|
56
|
+
break;
|
|
57
|
+
case ChallengeType.TDX:
|
|
58
|
+
case ChallengeType.AMDSEV:
|
|
59
|
+
await TeeCertificateService.validateChallengeTdxAndSnp(cert);
|
|
60
|
+
break;
|
|
61
|
+
default:
|
|
62
|
+
throw new NotAllowedChallengeError(`Challenge type ${challengeType || `[none]`} is missing or not allowed!`);
|
|
63
|
+
}
|
|
64
|
+
}
|
|
65
|
+
static validateGpuChallenge(cert) {
|
|
66
|
+
const gpusInfo = TeeCertificateService.getGpuInfoFromCert(cert);
|
|
67
|
+
const gpusInDebugMode = gpusInfo.filter((gpu) => gpu.dbgStat);
|
|
68
|
+
if (gpusInDebugMode.length) {
|
|
69
|
+
throw new Error(`The certificate contains information about GPU that is running in debug mode: ${JSON.stringify(gpusInDebugMode)}`);
|
|
70
|
+
}
|
|
71
|
+
}
|
|
72
|
+
static validateChallengeSgx(cert) {
|
|
73
|
+
const mrSignerBinaryString = CertificatesHelper.getExtensionValue(cert, OID_CUSTOM_EXTENSION_CHALLENGE_COMMON_ID);
|
|
74
74
|
if (!mrSignerBinaryString) {
|
|
75
75
|
throw new Error(`SGX challenge signature is wrong!`);
|
|
76
76
|
}
|
|
@@ -81,8 +81,8 @@ export class TeeCertificateService {
|
|
|
81
81
|
throw new Error(`SGX challenge signature is wrong!`);
|
|
82
82
|
}
|
|
83
83
|
}
|
|
84
|
-
static async validateChallengeTdxAndSnp(
|
|
85
|
-
const mrEnclaveBinaryString = CertificatesHelper.getExtensionValue(
|
|
84
|
+
static async validateChallengeTdxAndSnp(cert) {
|
|
85
|
+
const mrEnclaveBinaryString = CertificatesHelper.getExtensionValue(cert, OID_CUSTOM_EXTENSION_CHALLENGE_ID);
|
|
86
86
|
if (!mrEnclaveBinaryString) {
|
|
87
87
|
throw new Error(`Challenge id is missing in certificate!`);
|
|
88
88
|
}
|
|
@@ -97,7 +97,7 @@ export class TeeCertificateService {
|
|
|
97
97
|
throw new Error(message);
|
|
98
98
|
}
|
|
99
99
|
}
|
|
100
|
-
static
|
|
100
|
+
static getGpuInfoFromCert(cert) {
|
|
101
101
|
let gpusInfo = { gpus: [] };
|
|
102
102
|
const gpusInfoRaw = CertificatesHelper.getExtensionValue(cert, OID_CUSTOM_EXTENSION_NVIDIA_INFO_GPU);
|
|
103
103
|
if (gpusInfoRaw) {
|
|
@@ -115,4 +115,4 @@ export class TeeCertificateService {
|
|
|
115
115
|
return gpusInfo.gpus;
|
|
116
116
|
}
|
|
117
117
|
}
|
|
118
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
118
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiVGVlQ2VydGlmaWNhdGVTZXJ2aWNlLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL3RlZS9UZWVDZXJ0aWZpY2F0ZVNlcnZpY2UudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxFQUFFLGdCQUFnQixFQUFFLE1BQU0saUJBQWlCLENBQUM7QUFDbkQsT0FBTyxFQUNMLGFBQWEsRUFDYix3Q0FBd0MsRUFDeEMsaUNBQWlDLEVBQ2pDLG1DQUFtQyxFQUNuQyxvQ0FBb0MsR0FDckMsTUFBTSw0QkFBNEIsQ0FBQztBQUNwQyxPQUFPLEVBQUUsb0JBQW9CLEVBQUUsTUFBTSwyQkFBMkIsQ0FBQztBQUNqRSxPQUFPLEVBQUUscUJBQXFCLEVBQUUsd0JBQXdCLEVBQUUsTUFBTSxhQUFhLENBQUM7QUFDOUUsT0FBTyxFQUFFLGtCQUFrQixFQUFFLE1BQU0sMEJBQTBCLENBQUM7QUFDOUQsT0FBTyxFQUFrQixjQUFjLEVBQUUsTUFBTSxxQkFBcUIsQ0FBQztBQUdyRSxNQUFNLENBQU4sSUFBWSw2QkFJWDtBQUpELFdBQVksNkJBQTZCO0lBQ3ZDLGdGQUErQyxDQUFBO0lBQy9DLGdGQUErQyxDQUFBO0lBQy9DLDhFQUE2QyxDQUFBO0FBQy9DLENBQUMsRUFKVyw2QkFBNkIsS0FBN0IsNkJBQTZCLFFBSXhDO0FBT0QsTUFBTSxPQUFPLHFCQUFxQjtJQUNoQyxNQUFNLENBQUMsS0FBSyxDQUFDLDBCQUEwQixDQUFDLFFBQWdCO1FBQ3RELE1BQU0sTUFBTSxHQUFHLE1BQU0scUJBQXFCLENBQUMsb0JBQW9CLENBQUMsUUFBUSxDQUFDLENBQUM7UUFDMUUsSUFBSSxDQUFDLE1BQU0sQ0FBQyxPQUFPLEVBQUUsQ0FBQztZQUNwQixNQUFNLElBQUksS0FBSyxDQUFDLE1BQU0sQ0FBQyxZQUFZLENBQUMsQ0FBQztRQUN2QyxDQUFDO0lBQ0gsQ0FBQztJQUVELE1BQU0sQ0FBQyxLQUFLLENBQUMsb0JBQW9CLENBQUMsUUFBZ0I7UUFDaEQsTUFBTSxFQUFFLE9BQU8sRUFBRSxZQUFZLEVBQUUsR0FBRyxNQUFNLGtCQUFrQixDQUFDLGlCQUFpQixDQUMxRSxRQUFRLEVBQ1IsZ0JBQWdCLENBQ2pCLENBQUM7UUFFRixJQUFJLENBQUMsT0FBTyxFQUFFLENBQUM7WUFDYixPQUFPO2dCQUNMLE9BQU8sRUFBRSxLQUFLO2dCQUNkLFNBQVMsRUFBRSw2QkFBNkIsQ0FBQyxxQkFBcUI7Z0JBQzlELFlBQVksRUFBRSwyQkFBMkIsWUFBWSxHQUFHO2FBQ3pELENBQUM7UUFDSixDQUFDO1FBRUQsd0ZBQXdGO1FBQ3hGLE1BQU0sRUFBRSxLQUFLLEVBQUUsR0FBRyxrQkFBa0IsQ0FBQyxrQkFBa0IsQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUNsRSxNQUFNLFdBQVcsR0FBRyxrQkFBa0IsQ0FBQyx1QkFBdUIsQ0FBQyxLQUFLLENBQUMsQ0FBQztRQUV0RSxJQUFJLENBQUM7WUFDSCxNQUFNLE9BQU8sQ0FBQyxHQUFHLENBQUMsV0FBVyxDQUFDLEdBQUcsQ0FBQyxDQUFDLElBQUksRUFBRSxFQUFFLENBQUMscUJBQXFCLENBQUMsaUJBQWlCLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQyxDQUFDO1lBRTVGLE1BQU0sUUFBUSxHQUFHLFdBQVcsQ0FBQyxDQUFDLENBQUMsQ0FBQztZQUNoQyxNQUFNLHFCQUFxQixDQUFDLG9CQUFvQixDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQzdELENBQUM7UUFBQyxPQUFPLEdBQUcsRUFBRSxDQUFDO1lBQ2IsT0FBTztnQkFDTCxPQUFPLEVBQUUsS0FBSztnQkFDZCxTQUFTLEVBQ1AsR0FBRyxZQUFZLHdCQUF3QjtvQkFDckMsQ0FBQyxDQUFDLDZCQUE2QixDQUFDLHFCQUFxQjtvQkFDckQsQ0FBQyxDQUFDLDZCQUE2QixDQUFDLG9CQUFvQjtnQkFDeEQsWUFBWSxFQUFFLDRCQUE2QixHQUFhLENBQUMsT0FBTyxHQUFHO2FBQ3BFLENBQUM7UUFDSixDQUFDO1FBRUQsT0FBTyxFQUFFLE9BQU8sRUFBRSxJQUFJLEVBQUUsQ0FBQztJQUMzQixDQUFDO0lBRU8sTUFBTSxDQUFDLEtBQUssQ0FBQyxpQkFBaUIsQ0FBQyxJQUFnQztRQUNyRSxNQUFNLGFBQWEsR0FBRyxrQkFBa0IsQ0FBQyxpQkFBaUIsQ0FDeEQsSUFBSSxFQUNKLG1DQUFtQyxDQUNwQyxFQUFFLFFBQVEsQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUV0QixJQUFJLGFBQWEsS0FBSyxhQUFhLENBQUMsU0FBUyxFQUFFLENBQUM7WUFDOUMsTUFBTSxJQUFJLHdCQUF3QixDQUFDLDhDQUE4QyxDQUFDLENBQUM7UUFDckYsQ0FBQztRQUVELFFBQVEsYUFBYSxFQUFFLENBQUM7WUFDdEIsS0FBSyxhQUFhLENBQUMsT0FBTztnQkFDeEIscUJBQXFCLENBQUMsb0JBQW9CLENBQUMsSUFBSSxDQUFDLENBQUM7Z0JBQ2pELE1BQU07WUFDUixLQUFLLGFBQWEsQ0FBQyxHQUFHLENBQUM7WUFDdkIsS0FBSyxhQUFhLENBQUMsTUFBTTtnQkFDdkIsTUFBTSxxQkFBcUIsQ0FBQywwQkFBMEIsQ0FBQyxJQUFJLENBQUMsQ0FBQztnQkFDN0QsTUFBTTtZQUVSO2dCQUNFLE1BQU0sSUFBSSx3QkFBd0IsQ0FDaEMsa0JBQWtCLGFBQWEsSUFBSSxRQUFRLDZCQUE2QixDQUN6RSxDQUFDO1FBQ04sQ0FBQztJQUNILENBQUM7SUFFTyxNQUFNLENBQUMsb0JBQW9CLENBQUMsSUFBZ0M7UUFDbEUsTUFBTSxRQUFRLEdBQUcscUJBQXFCLENBQUMsa0JBQWtCLENBQUMsSUFBSSxDQUFDLENBQUM7UUFDaEUsTUFBTSxlQUFlLEdBQUcsUUFBUSxDQUFDLE1BQU0sQ0FBQyxDQUFDLEdBQUcsRUFBRSxFQUFFLENBQUMsR0FBRyxDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBQzlELElBQUksZUFBZSxDQUFDLE1BQU0sRUFBRSxDQUFDO1lBQzNCLE1BQU0sSUFBSSxLQUFLLENBQ2IsaUZBQWlGLElBQUksQ0FBQyxTQUFTLENBQUMsZUFBZSxDQUFDLEVBQUUsQ0FDbkgsQ0FBQztRQUNKLENBQUM7SUFDSCxDQUFDO0lBRU8sTUFBTSxDQUFDLG9CQUFvQixDQUFDLElBQWdDO1FBQ2xFLE1BQU0sb0JBQW9CLEdBQUcsa0JBQWtCLENBQUMsaUJBQWlCLENBQy9ELElBQUksRUFDSix3Q0FBd0MsQ0FDekMsQ0FBQztRQUNGLElBQUksQ0FBQyxvQkFBb0IsRUFBRSxDQUFDO1lBQzFCLE1BQU0sSUFBSSxLQUFLLENBQUMsbUNBQW1DLENBQUMsQ0FBQztRQUN2RCxDQUFDO1FBRUQsSUFBSSxDQUFDO1lBQ0gsb0JBQW9CLENBQUMsb0JBQW9CLENBQUMsb0JBQW9CLENBQUMsQ0FBQztRQUNsRSxDQUFDO1FBQUMsT0FBTyxHQUFHLEVBQUUsQ0FBQztZQUNiLE1BQU0sSUFBSSxLQUFLLENBQUMsbUNBQW1DLENBQUMsQ0FBQztRQUN2RCxDQUFDO0lBQ0gsQ0FBQztJQUVPLE1BQU0sQ0FBQyxLQUFLLENBQUMsMEJBQTBCLENBQUMsSUFBZ0M7UUFDOUUsTUFBTSxxQkFBcUIsR0FBRyxrQkFBa0IsQ0FBQyxpQkFBaUIsQ0FDaEUsSUFBSSxFQUNKLGlDQUFpQyxDQUNsQyxDQUFDO1FBQ0YsSUFBSSxDQUFDLHFCQUFxQixFQUFFLENBQUM7WUFDM0IsTUFBTSxJQUFJLEtBQUssQ0FBQyx5Q0FBeUMsQ0FBQyxDQUFDO1FBQzdELENBQUM7UUFFRCxJQUFJLENBQUM7WUFDSCxNQUFNLG9CQUFvQixDQUFDLDBCQUEwQixDQUFDLHFCQUFxQixDQUFDLENBQUM7UUFDL0UsQ0FBQztRQUFDLE9BQU8sR0FBRyxFQUFFLENBQUM7WUFDYixNQUFNLE9BQU8sR0FBRywyQkFBMkIsQ0FBQztZQUM1QyxJQUFJLEdBQUcsWUFBWSxxQkFBcUIsRUFBRSxDQUFDO2dCQUN6QyxNQUFNLElBQUksS0FBSyxDQUFDLEdBQUcsT0FBTyxJQUFJLEdBQUcsQ0FBQyxPQUFPLEVBQUUsQ0FBQyxDQUFDO1lBQy9DLENBQUM7WUFDRCxNQUFNLElBQUksS0FBSyxDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBQzNCLENBQUM7SUFDSCxDQUFDO0lBRU8sTUFBTSxDQUFDLGtCQUFrQixDQUFDLElBQWdDO1FBQ2hFLElBQUksUUFBUSxHQUFtQixFQUFFLElBQUksRUFBRSxFQUFFLEVBQUUsQ0FBQztRQUM1QyxNQUFNLFdBQVcsR0FBRyxrQkFBa0IsQ0FBQyxpQkFBaUIsQ0FDdEQsSUFBSSxFQUNKLG9DQUFvQyxDQUNyQyxDQUFDO1FBRUYsSUFBSSxXQUFXLEVBQUUsQ0FBQztZQUNoQixJQUFJLENBQUM7Z0JBQ0gsUUFBUSxHQUFHLGNBQWMsQ0FBQyxNQUFNLENBQUMsV0FBVyxDQUFDLENBQUM7WUFDaEQsQ0FBQztZQUFDLE9BQU8sR0FBRyxFQUFFLENBQUM7Z0JBQ2IsTUFBTSxPQUFPLEdBQUcsMkJBQTJCLENBQUM7Z0JBQzVDLElBQUksR0FBRyxZQUFZLEtBQUssRUFBRSxDQUFDO29CQUN6QixNQUFNLElBQUksS0FBSyxDQUFDLEdBQUcsT0FBTyxJQUFJLEdBQUcsQ0FBQyxPQUFPLEVBQUUsQ0FBQyxDQUFDO2dCQUMvQyxDQUFDO2dCQUNELE1BQU0sSUFBSSxLQUFLLENBQUMsT0FBTyxDQUFDLENBQUM7WUFDM0IsQ0FBQztRQUNILENBQUM7UUFDRCxPQUFPLFFBQVEsQ0FBQyxJQUFJLENBQUM7SUFDdkIsQ0FBQztDQUNGIn0=
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import axios from 'axios';
|
|
2
2
|
import forge from 'node-forge';
|
|
3
|
-
import { TEE_LOADER_TRUSTED_CERTIFICATE, TEE_LOADER_TRUSTED_MRSIGNER } from '../constants.js';
|
|
3
|
+
import { TEE_LOADER_TRUSTED_CERTIFICATE, TEE_LOADER_TRUSTED_MRSIGNER, TEE_PKI_TRUSTED_MRSIGNER, } from '../constants.js';
|
|
4
4
|
import { InvalidSignatureError } from '../index.js';
|
|
5
5
|
import { tryWithInterval } from '../utils/helpers/index.js';
|
|
6
6
|
export class TeeSignatureVerifier {
|
|
@@ -10,7 +10,7 @@ export class TeeSignatureVerifier {
|
|
|
10
10
|
* @throws Error If signature validation fails
|
|
11
11
|
*/
|
|
12
12
|
static validateSignatureSgx(mrSigner) {
|
|
13
|
-
if (
|
|
13
|
+
if (![TEE_PKI_TRUSTED_MRSIGNER, TEE_LOADER_TRUSTED_MRSIGNER].includes(mrSigner.toString('hex'))) {
|
|
14
14
|
throw new InvalidSignatureError('Quote has an invalid MR signer');
|
|
15
15
|
}
|
|
16
16
|
}
|
|
@@ -81,4 +81,4 @@ export class TeeSignatureVerifier {
|
|
|
81
81
|
}
|
|
82
82
|
}
|
|
83
83
|
}
|
|
84
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
84
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiVGVlU2lnbmF0dXJlVmVyaWZpZXIuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvdGVlL1RlZVNpZ25hdHVyZVZlcmlmaWVyLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sS0FBd0IsTUFBTSxPQUFPLENBQUM7QUFDN0MsT0FBTyxLQUFLLE1BQU0sWUFBWSxDQUFDO0FBQy9CLE9BQU8sRUFDTCw4QkFBOEIsRUFDOUIsMkJBQTJCLEVBQzNCLHdCQUF3QixHQUN6QixNQUFNLGlCQUFpQixDQUFDO0FBQ3pCLE9BQU8sRUFBRSxxQkFBcUIsRUFBRSxNQUFNLGFBQWEsQ0FBQztBQUVwRCxPQUFPLEVBQUUsZUFBZSxFQUFFLE1BQU0sMkJBQTJCLENBQUM7QUFPNUQsTUFBTSxPQUFPLG9CQUFvQjtJQUMvQjs7OztPQUlHO0lBQ0gsTUFBTSxDQUFDLG9CQUFvQixDQUFDLFFBQW9CO1FBQzlDLElBQ0UsQ0FBQyxDQUFDLHdCQUF3QixFQUFFLDJCQUEyQixDQUFDLENBQUMsUUFBUSxDQUFDLFFBQVEsQ0FBQyxRQUFRLENBQUMsS0FBSyxDQUFDLENBQUMsRUFDM0YsQ0FBQztZQUNELE1BQU0sSUFBSSxxQkFBcUIsQ0FBQyxnQ0FBZ0MsQ0FBQyxDQUFDO1FBQ3BFLENBQUM7SUFDSCxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0gsTUFBTSxDQUFDLEtBQUssQ0FBQywwQkFBMEIsQ0FDckMsU0FBcUIsRUFDckIsVUFBaUMsRUFBRSxxQkFBcUIsRUFBRSxvQkFBb0IsQ0FBQyxZQUFZLEVBQUU7UUFFN0YsTUFBTSxFQUFFLHFCQUFxQixFQUFFLEdBQUcsT0FBTyxDQUFDO1FBQzFDLE1BQU0sSUFBSSxHQUFHLEtBQUssQ0FBQyxHQUFHLENBQUMsa0JBQWtCLENBQUMsOEJBQThCLENBQUMsQ0FBQztRQUMxRSxNQUFNLFdBQVcsR0FBRyxLQUFLLENBQUMsR0FBRyxDQUFDLHNCQUFzQixDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsYUFBYSxDQUFDLENBQUMsSUFBSSxDQUFDLENBQUMsRUFBRSxDQUFDLElBQUksQ0FBQyxDQUFDLENBQUM7UUFDOUYsSUFBSSxDQUFDLFdBQVcsRUFBRSxDQUFDO1lBQ2pCLE1BQU0sSUFBSSxLQUFLLENBQUMseUJBQXlCLENBQUMsQ0FBQztRQUM3QyxDQUFDO1FBRUQsTUFBTSxTQUFTLEdBQUcsSUFBSSxDQUFDLFNBQVMsQ0FBQztRQUNqQyxJQUNFLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FBQyxjQUFjLENBQUMsSUFBSSxDQUFDLFNBQVMsRUFBRSxHQUFHLENBQUM7WUFDckQsQ0FBQyxNQUFNLENBQUMsU0FBUyxDQUFDLGNBQWMsQ0FBQyxJQUFJLENBQUMsU0FBUyxFQUFFLEdBQUcsQ0FBQyxFQUNyRCxDQUFDO1lBQ0QsTUFBTSxJQUFJLHFCQUFxQixDQUFDLDZDQUE2QyxDQUFDLENBQUM7UUFDakYsQ0FBQztRQUVELE1BQU0sTUFBTSxHQUFHLEtBQUssQ0FBQyxFQUFFLENBQUMsTUFBTTthQUMzQixNQUFNLEVBQUU7YUFDUixNQUFNLENBQUMsTUFBTSxDQUFDLFlBQVksQ0FBQyxHQUFHLFNBQVMsQ0FBQyxDQUFDO2FBQ3pDLE1BQU0sRUFBRSxDQUFDO1FBQ1osTUFBTSxTQUFTLEdBQUcsTUFBTSxxQkFBcUIsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxDQUFDLENBQUM7UUFFdEUsTUFBTSxnQkFBZ0IsR0FBSSxTQUFxQyxDQUFDLE1BQU0sQ0FDcEUsTUFBTSxDQUFDLEtBQUssRUFBRSxFQUNkLE1BQU0sQ0FBQyxZQUFZLENBQUMsR0FBRyxTQUFTLENBQUMsQ0FDbEMsQ0FBQztRQUNGLElBQUksQ0FBQyxnQkFBZ0IsRUFBRSxDQUFDO1lBQ3RCLE1BQU0sSUFBSSxxQkFBcUIsQ0FBQywwQkFBMEIsQ0FBQyxDQUFDO1FBQzlELENBQUM7SUFDSCxDQUFDO0lBRUQsTUFBTSxDQUFDLEtBQUssQ0FBQyxZQUFZLENBQUMsU0FBaUIsRUFBRSxPQUFnQztRQUMzRSxNQUFNLE9BQU8sR0FBRyxPQUFPLEVBQUUsT0FBTyxJQUFJLHdEQUF3RCxDQUFDO1FBQzdGLE1BQU0sUUFBUSxHQUFHLE9BQU8sRUFBRSxRQUFRLElBQUksQ0FBQyxDQUFDO1FBQ3hDLE1BQU0sYUFBYSxHQUFHLE9BQU8sRUFBRSxhQUFhLElBQUksSUFBSSxDQUFDO1FBQ3JELE1BQU0sWUFBWSxHQUFHLFNBQVMsQ0FBQyxRQUFRLENBQUMsS0FBSyxDQUFDLENBQUM7UUFFL0MsTUFBTSxhQUFhLEdBQUcsS0FBSyxDQUFDLE1BQU0sQ0FBQztZQUNqQyxPQUFPO1NBQ1IsQ0FBQyxDQUFDO1FBQ0gsSUFBSSxDQUFDO1lBQ0gsTUFBTSxRQUFRLEdBQUcsTUFBTSxlQUFlLENBQWdCO2dCQUNwRCxXQUFXLENBQUMsUUFBUTtvQkFDbEIsT0FBTyxFQUFFLFVBQVUsRUFBRSxRQUFRLENBQUMsTUFBTSxLQUFLLEdBQUcsRUFBRSxDQUFDO2dCQUNqRCxDQUFDO2dCQUNELE9BQU87b0JBQ0wsT0FBTyxhQUFhLENBQUMsR0FBRyxDQUFDLDhCQUE4QixZQUFZLE9BQU8sRUFBRTt3QkFDMUUsWUFBWSxFQUFFLGFBQWE7cUJBQzVCLENBQUMsQ0FBQztnQkFDTCxDQUFDO2dCQUNELFVBQVUsQ0FBQyxHQUFHO29CQUNaLElBQUksS0FBSyxDQUFDLFlBQVksQ0FBQyxHQUFHLENBQUMsSUFBSSxHQUFHLENBQUMsUUFBUSxFQUFFLENBQUM7d0JBQzVDLE1BQU0sTUFBTSxHQUFHLEdBQUcsQ0FBQyxRQUFRLENBQUMsTUFBTSxDQUFDO3dCQUVuQyxPQUFPLEVBQUUsU0FBUyxFQUFFLE1BQU0sR0FBRyxHQUFHLElBQUksTUFBTSxJQUFJLEdBQUcsRUFBRSxDQUFDO29CQUN0RCxDQUFDO29CQUNELE9BQU8sRUFBRSxTQUFTLEVBQUUsS0FBSyxDQUFDLFlBQVksQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDO2dCQUNoRCxDQUFDO2dCQUNELGFBQWE7Z0JBQ2IsUUFBUTthQUNULENBQUMsQ0FBQztZQUVILE9BQU8sTUFBTSxDQUFDLElBQUksQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLENBQUM7UUFDcEMsQ0FBQztRQUFDLE9BQU8sR0FBRyxFQUFFLENBQUM7WUFDYixJQUFJLEtBQUssQ0FBQyxZQUFZLENBQUMsR0FBRyxDQUFDLElBQUksR0FBRyxDQUFDLFFBQVEsRUFBRSxNQUFNLEtBQUssR0FBRyxFQUFFLENBQUM7Z0JBQzVELE1BQU0sSUFBSSxxQkFBcUIsQ0FBQywwQ0FBMEMsWUFBWSxFQUFFLENBQUMsQ0FBQztZQUM1RixDQUFDO1lBRUQsTUFBTSxHQUFHLENBQUM7UUFDWixDQUFDO0lBQ0gsQ0FBQztDQUNGIn0=
|
package/dist/mjs/tee/errors.d.ts
CHANGED
package/dist/mjs/tee/errors.js
CHANGED
|
@@ -7,4 +7,6 @@ export class TeeQuoteValidatorError extends BaseError {
|
|
|
7
7
|
}
|
|
8
8
|
export class InvalidSignatureError extends BaseError {
|
|
9
9
|
}
|
|
10
|
-
|
|
10
|
+
export class NotAllowedChallengeError extends BaseError {
|
|
11
|
+
}
|
|
12
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZXJyb3JzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL3RlZS9lcnJvcnMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxFQUFFLFNBQVMsRUFBRSxNQUFNLG9CQUFvQixDQUFDO0FBRS9DLE1BQU0sT0FBTyxzQkFBdUIsU0FBUSxTQUFTO0NBQUc7QUFFeEQsTUFBTSxPQUFPLG1CQUFvQixTQUFRLFNBQVM7Q0FBRztBQUVyRCxNQUFNLE9BQU8sc0JBQXVCLFNBQVEsU0FBUztDQUFHO0FBRXhELE1BQU0sT0FBTyxxQkFBc0IsU0FBUSxTQUFTO0NBQUc7QUFFdkQsTUFBTSxPQUFPLHdCQUF5QixTQUFRLFNBQVM7Q0FBRyJ9
|