batuhan-basoglu/Kargi-Sitesi
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Deployed the page to Github Pages.

Browse source
This commit is contained in:
Batuhan Berk Başoğlu 2024-11-03 21:30:09 -05:00
parent 1d79754e93
commit 2c89899458
Signed by: batuhan-basoglu
SSH key fingerprint: SHA256:kEsnuHX+qbwhxSAXPUQ4ox535wFHu/hIRaa53FzxRpo
62797 changed files with 6551425 additions and 15279 deletions
Download patch file Download diff file Expand all files Collapse all files

37
node_modules/@tufjs/models/dist/base.d.ts generated vendored Normal file
View file

@ -0,0 +1,37 @@
import { Signature } from './signature';
import { JSONObject, JSONValue } from './utils';
export interface Signable {
signatures: Record<string, Signature>;
signed: Signed;
}
export interface SignedOptions {
version?: number;
specVersion?: string;
expires?: string;
unrecognizedFields?: Record<string, JSONValue>;
}
export declare enum MetadataKind {
Root = "root",
Timestamp = "timestamp",
Snapshot = "snapshot",
Targets = "targets"
}
export declare function isMetadataKind(value: unknown): value is MetadataKind;
/***
* A base class for the signed part of TUF metadata.
*
* Objects with base class Signed are usually included in a ``Metadata`` object
* on the signed attribute. This class provides attributes and methods that
* are common for all TUF metadata types (roles).
*/
export declare abstract class Signed {
readonly specVersion: string;
readonly expires: string;
readonly version: number;
readonly unrecognizedFields: Record<string, JSONValue>;
constructor(options: SignedOptions);
equals(other: Signed): boolean;
isExpired(referenceTime?: Date): boolean;
static commonFieldsFromJSON(data: JSONObject): SignedOptions;
abstract toJSON(): JSONObject;
}

83
node_modules/@tufjs/models/dist/base.js generated vendored Normal file
View file

@ -0,0 +1,83 @@
"use strict";
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.Signed = exports.isMetadataKind = exports.MetadataKind = void 0;
const util_1 = __importDefault(require("util"));
const error_1 = require("./error");
const utils_1 = require("./utils");
const SPECIFICATION_VERSION = ['1', '0', '31'];
var MetadataKind;
(function (MetadataKind) {
MetadataKind["Root"] = "root";
MetadataKind["Timestamp"] = "timestamp";
MetadataKind["Snapshot"] = "snapshot";
MetadataKind["Targets"] = "targets";
})(MetadataKind || (exports.MetadataKind = MetadataKind = {}));
function isMetadataKind(value) {
return (typeof value === 'string' &&
Object.values(MetadataKind).includes(value));
}
exports.isMetadataKind = isMetadataKind;
/***
* A base class for the signed part of TUF metadata.
*
* Objects with base class Signed are usually included in a ``Metadata`` object
* on the signed attribute. This class provides attributes and methods that
* are common for all TUF metadata types (roles).
*/
class Signed {
constructor(options) {
this.specVersion = options.specVersion || SPECIFICATION_VERSION.join('.');
const specList = this.specVersion.split('.');
if (!(specList.length === 2 || specList.length === 3) ||
!specList.every((item) => isNumeric(item))) {
throw new error_1.ValueError('Failed to parse specVersion');
}
// major version must match
if (specList[0] != SPECIFICATION_VERSION[0]) {
throw new error_1.ValueError('Unsupported specVersion');
}
this.expires = options.expires || new Date().toISOString();
this.version = options.version || 1;
this.unrecognizedFields = options.unrecognizedFields || {};
}
equals(other) {
if (!(other instanceof Signed)) {
return false;
}
return (this.specVersion === other.specVersion &&
this.expires === other.expires &&
this.version === other.version &&
util_1.default.isDeepStrictEqual(this.unrecognizedFields, other.unrecognizedFields));
}
isExpired(referenceTime) {
if (!referenceTime) {
referenceTime = new Date();
}
return referenceTime >= new Date(this.expires);
}
static commonFieldsFromJSON(data) {
const { spec_version, expires, version, ...rest } = data;
if (utils_1.guard.isDefined(spec_version) && !(typeof spec_version === 'string')) {
throw new TypeError('spec_version must be a string');
}
if (utils_1.guard.isDefined(expires) && !(typeof expires === 'string')) {
throw new TypeError('expires must be a string');
}
if (utils_1.guard.isDefined(version) && !(typeof version === 'number')) {
throw new TypeError('version must be a number');
}
return {
specVersion: spec_version,
expires,
version,
unrecognizedFields: rest,
};
}
}
exports.Signed = Signed;
function isNumeric(str) {
return !isNaN(Number(str));
}

32
node_modules/@tufjs/models/dist/delegations.d.ts generated vendored Normal file
View file

@ -0,0 +1,32 @@
import { Key } from './key';
import { DelegatedRole, SuccinctRoles } from './role';
import { JSONObject, JSONValue } from './utils';
type DelegatedRoleMap = Record<string, DelegatedRole>;
type KeyMap = Record<string, Key>;
interface DelegationsOptions {
keys: KeyMap;
roles?: DelegatedRoleMap;
succinctRoles?: SuccinctRoles;
unrecognizedFields?: Record<string, JSONValue>;
}
/**
* A container object storing information about all delegations.
*
* Targets roles that are trusted to provide signed metadata files
* describing targets with designated pathnames and/or further delegations.
*/
export declare class Delegations {
readonly keys: KeyMap;
readonly roles?: DelegatedRoleMap;
readonly unrecognizedFields?: Record<string, JSONValue>;
readonly succinctRoles?: SuccinctRoles;
constructor(options: DelegationsOptions);
equals(other: Delegations): boolean;
rolesForTarget(targetPath: string): Generator<{
role: string;
terminating: boolean;
}>;
toJSON(): JSONObject;
static fromJSON(data: JSONObject): Delegations;
}
export {};

115
node_modules/@tufjs/models/dist/delegations.js generated vendored Normal file
View file

@ -0,0 +1,115 @@
"use strict";
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.Delegations = void 0;
const util_1 = __importDefault(require("util"));
const error_1 = require("./error");
const key_1 = require("./key");
const role_1 = require("./role");
const utils_1 = require("./utils");
/**
* A container object storing information about all delegations.
*
* Targets roles that are trusted to provide signed metadata files
* describing targets with designated pathnames and/or further delegations.
*/
class Delegations {
constructor(options) {
this.keys = options.keys;
this.unrecognizedFields = options.unrecognizedFields || {};
if (options.roles) {
if (Object.keys(options.roles).some((roleName) => role_1.TOP_LEVEL_ROLE_NAMES.includes(roleName))) {
throw new error_1.ValueError('Delegated role name conflicts with top-level role name');
}
}
this.succinctRoles = options.succinctRoles;
this.roles = options.roles;
}
equals(other) {
if (!(other instanceof Delegations)) {
return false;
}
return (util_1.default.isDeepStrictEqual(this.keys, other.keys) &&
util_1.default.isDeepStrictEqual(this.roles, other.roles) &&
util_1.default.isDeepStrictEqual(this.unrecognizedFields, other.unrecognizedFields) &&
util_1.default.isDeepStrictEqual(this.succinctRoles, other.succinctRoles));
}
*rolesForTarget(targetPath) {
if (this.roles) {
for (const role of Object.values(this.roles)) {
if (role.isDelegatedPath(targetPath)) {
yield { role: role.name, terminating: role.terminating };
}
}
}
else if (this.succinctRoles) {
yield {
role: this.succinctRoles.getRoleForTarget(targetPath),
terminating: true,
};
}
}
toJSON() {
const json = {
keys: keysToJSON(this.keys),
...this.unrecognizedFields,
};
if (this.roles) {
json.roles = rolesToJSON(this.roles);
}
else if (this.succinctRoles) {
json.succinct_roles = this.succinctRoles.toJSON();
}
return json;
}
static fromJSON(data) {
const { keys, roles, succinct_roles, ...unrecognizedFields } = data;
let succinctRoles;
if (utils_1.guard.isObject(succinct_roles)) {
succinctRoles = role_1.SuccinctRoles.fromJSON(succinct_roles);
}
return new Delegations({
keys: keysFromJSON(keys),
roles: rolesFromJSON(roles),
unrecognizedFields,
succinctRoles,
});
}
}
exports.Delegations = Delegations;
function keysToJSON(keys) {
return Object.entries(keys).reduce((acc, [keyId, key]) => ({
...acc,
[keyId]: key.toJSON(),
}), {});
}
function rolesToJSON(roles) {
return Object.values(roles).map((role) => role.toJSON());
}
function keysFromJSON(data) {
if (!utils_1.guard.isObjectRecord(data)) {
throw new TypeError('keys is malformed');
}
return Object.entries(data).reduce((acc, [keyID, keyData]) => ({
...acc,
[keyID]: key_1.Key.fromJSON(keyID, keyData),
}), {});
}
function rolesFromJSON(data) {
let roleMap;
if (utils_1.guard.isDefined(data)) {
if (!utils_1.guard.isObjectArray(data)) {
throw new TypeError('roles is malformed');
}
roleMap = data.reduce((acc, role) => {
const delegatedRole = role_1.DelegatedRole.fromJSON(role);
return {
...acc,
[delegatedRole.name]: delegatedRole,
};
}, {});
}
return roleMap;
}

12
node_modules/@tufjs/models/dist/error.d.ts generated vendored Normal file
View file

@ -0,0 +1,12 @@
export declare class ValueError extends Error {
}
export declare class RepositoryError extends Error {
}
export declare class UnsignedMetadataError extends RepositoryError {
}
export declare class LengthOrHashMismatchError extends RepositoryError {
}
export declare class CryptoError extends Error {
}
export declare class UnsupportedAlgorithmError extends CryptoError {
}

27
node_modules/@tufjs/models/dist/error.js generated vendored Normal file
View file

@ -0,0 +1,27 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.UnsupportedAlgorithmError = exports.CryptoError = exports.LengthOrHashMismatchError = exports.UnsignedMetadataError = exports.RepositoryError = exports.ValueError = void 0;
// An error about insufficient values
class ValueError extends Error {
}
exports.ValueError = ValueError;
// An error with a repository's state, such as a missing file.
// It covers all exceptions that come from the repository side when
// looking from the perspective of users of metadata API or ngclient.
class RepositoryError extends Error {
}
exports.RepositoryError = RepositoryError;
// An error about metadata object with insufficient threshold of signatures.
class UnsignedMetadataError extends RepositoryError {
}
exports.UnsignedMetadataError = UnsignedMetadataError;
// An error while checking the length and hash values of an object.
class LengthOrHashMismatchError extends RepositoryError {
}
exports.LengthOrHashMismatchError = LengthOrHashMismatchError;
class CryptoError extends Error {
}
exports.CryptoError = CryptoError;
class UnsupportedAlgorithmError extends CryptoError {
}
exports.UnsupportedAlgorithmError = UnsupportedAlgorithmError;

40
node_modules/@tufjs/models/dist/file.d.ts generated vendored Normal file
View file

@ -0,0 +1,40 @@
/// <reference types="node" />
/// <reference types="node" />
import { Readable } from 'stream';
import { JSONObject, JSONValue } from './utils';
interface MetaFileOptions {
version: number;
length?: number;
hashes?: Record<string, string>;
unrecognizedFields?: Record<string, JSONValue>;
}
export declare class MetaFile {
readonly version: number;
readonly length?: number;
readonly hashes?: Record<string, string>;
readonly unrecognizedFields?: Record<string, JSONValue>;
constructor(opts: MetaFileOptions);
equals(other: MetaFile): boolean;
verify(data: Buffer): void;
toJSON(): JSONObject;
static fromJSON(data: JSONObject): MetaFile;
}
interface TargetFileOptions {
length: number;
path: string;
hashes: Record<string, string>;
unrecognizedFields?: Record<string, JSONValue>;
}
export declare class TargetFile {
readonly length: number;
readonly path: string;
readonly hashes: Record<string, string>;
readonly unrecognizedFields: Record<string, JSONValue>;
constructor(opts: TargetFileOptions);
get custom(): Record<string, unknown>;
equals(other: TargetFile): boolean;
verify(stream: Readable): Promise<void>;
toJSON(): JSONObject;
static fromJSON(path: string, data: JSONObject): TargetFile;
}
export {};

183
node_modules/@tufjs/models/dist/file.js generated vendored Normal file
View file

@ -0,0 +1,183 @@
"use strict";
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.TargetFile = exports.MetaFile = void 0;
const crypto_1 = __importDefault(require("crypto"));
const util_1 = __importDefault(require("util"));
const error_1 = require("./error");
const utils_1 = require("./utils");
// A container with information about a particular metadata file.
//
// This class is used for Timestamp and Snapshot metadata.
class MetaFile {
constructor(opts) {
if (opts.version <= 0) {
throw new error_1.ValueError('Metafile version must be at least 1');
}
if (opts.length !== undefined) {
validateLength(opts.length);
}
this.version = opts.version;
this.length = opts.length;
this.hashes = opts.hashes;
this.unrecognizedFields = opts.unrecognizedFields || {};
}
equals(other) {
if (!(other instanceof MetaFile)) {
return false;
}
return (this.version === other.version &&
this.length === other.length &&
util_1.default.isDeepStrictEqual(this.hashes, other.hashes) &&
util_1.default.isDeepStrictEqual(this.unrecognizedFields, other.unrecognizedFields));
}
verify(data) {
// Verifies that the given data matches the expected length.
if (this.length !== undefined) {
if (data.length !== this.length) {
throw new error_1.LengthOrHashMismatchError(`Expected length ${this.length} but got ${data.length}`);
}
}
// Verifies that the given data matches the supplied hashes.
if (this.hashes) {
Object.entries(this.hashes).forEach(([key, value]) => {
let hash;
try {
hash = crypto_1.default.createHash(key);
}
catch (e) {
throw new error_1.LengthOrHashMismatchError(`Hash algorithm ${key} not supported`);
}
const observedHash = hash.update(data).digest('hex');
if (observedHash !== value) {
throw new error_1.LengthOrHashMismatchError(`Expected hash ${value} but got ${observedHash}`);
}
});
}
}
toJSON() {
const json = {
version: this.version,
...this.unrecognizedFields,
};
if (this.length !== undefined) {
json.length = this.length;
}
if (this.hashes) {
json.hashes = this.hashes;
}
return json;
}
static fromJSON(data) {
const { version, length, hashes, ...rest } = data;
if (typeof version !== 'number') {
throw new TypeError('version must be a number');
}
if (utils_1.guard.isDefined(length) && typeof length !== 'number') {
throw new TypeError('length must be a number');
}
if (utils_1.guard.isDefined(hashes) && !utils_1.guard.isStringRecord(hashes)) {
throw new TypeError('hashes must be string keys and values');
}
return new MetaFile({
version,
length,
hashes,
unrecognizedFields: rest,
});
}
}
exports.MetaFile = MetaFile;
// Container for info about a particular target file.
//
// This class is used for Target metadata.
class TargetFile {
constructor(opts) {
validateLength(opts.length);
this.length = opts.length;
this.path = opts.path;
this.hashes = opts.hashes;
this.unrecognizedFields = opts.unrecognizedFields || {};
}
get custom() {
const custom = this.unrecognizedFields['custom'];
if (!custom || Array.isArray(custom) || !(typeof custom === 'object')) {
return {};
}
return custom;
}
equals(other) {
if (!(other instanceof TargetFile)) {
return false;
}
return (this.length === other.length &&
this.path === other.path &&
util_1.default.isDeepStrictEqual(this.hashes, other.hashes) &&
util_1.default.isDeepStrictEqual(this.unrecognizedFields, other.unrecognizedFields));
}
async verify(stream) {
let observedLength = 0;
// Create a digest for each hash algorithm
const digests = Object.keys(this.hashes).reduce((acc, key) => {
try {
acc[key] = crypto_1.default.createHash(key);
}
catch (e) {
throw new error_1.LengthOrHashMismatchError(`Hash algorithm ${key} not supported`);
}
return acc;
}, {});
// Read stream chunk by chunk
for await (const chunk of stream) {
// Keep running tally of stream length
observedLength += chunk.length;
// Append chunk to each digest
Object.values(digests).forEach((digest) => {
digest.update(chunk);
});
}
// Verify length matches expected value
if (observedLength !== this.length) {
throw new error_1.LengthOrHashMismatchError(`Expected length ${this.length} but got ${observedLength}`);
}
// Verify each digest matches expected value
Object.entries(digests).forEach(([key, value]) => {
const expected = this.hashes[key];
const actual = value.digest('hex');
if (actual !== expected) {
throw new error_1.LengthOrHashMismatchError(`Expected hash ${expected} but got ${actual}`);
}
});
}
toJSON() {
return {
length: this.length,
hashes: this.hashes,
...this.unrecognizedFields,
};
}
static fromJSON(path, data) {
const { length, hashes, ...rest } = data;
if (typeof length !== 'number') {
throw new TypeError('length must be a number');
}
if (!utils_1.guard.isStringRecord(hashes)) {
throw new TypeError('hashes must have string keys and values');
}
return new TargetFile({
length,
path,
hashes,
unrecognizedFields: rest,
});
}
}
exports.TargetFile = TargetFile;
// Check that supplied length if valid
function validateLength(length) {
if (length < 0) {
throw new error_1.ValueError('Length must be at least 0');
}
}

10
node_modules/@tufjs/models/dist/index.d.ts generated vendored Normal file
View file

@ -0,0 +1,10 @@
export { MetadataKind } from './base';
export { ValueError } from './error';
export { MetaFile, TargetFile } from './file';
export { Key } from './key';
export { Metadata } from './metadata';
export { Root } from './root';
export { Signature } from './signature';
export { Snapshot } from './snapshot';
export { Targets } from './targets';
export { Timestamp } from './timestamp';

24
node_modules/@tufjs/models/dist/index.js generated vendored Normal file
View file

@ -0,0 +1,24 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.Timestamp = exports.Targets = exports.Snapshot = exports.Signature = exports.Root = exports.Metadata = exports.Key = exports.TargetFile = exports.MetaFile = exports.ValueError = exports.MetadataKind = void 0;
var base_1 = require("./base");
Object.defineProperty(exports, "MetadataKind", { enumerable: true, get: function () { return base_1.MetadataKind; } });
var error_1 = require("./error");
Object.defineProperty(exports, "ValueError", { enumerable: true, get: function () { return error_1.ValueError; } });
var file_1 = require("./file");
Object.defineProperty(exports, "MetaFile", { enumerable: true, get: function () { return file_1.MetaFile; } });
Object.defineProperty(exports, "TargetFile", { enumerable: true, get: function () { return file_1.TargetFile; } });
var key_1 = require("./key");
Object.defineProperty(exports, "Key", { enumerable: true, get: function () { return key_1.Key; } });
var metadata_1 = require("./metadata");
Object.defineProperty(exports, "Metadata", { enumerable: true, get: function () { return metadata_1.Metadata; } });
var root_1 = require("./root");
Object.defineProperty(exports, "Root", { enumerable: true, get: function () { return root_1.Root; } });
var signature_1 = require("./signature");
Object.defineProperty(exports, "Signature", { enumerable: true, get: function () { return signature_1.Signature; } });
var snapshot_1 = require("./snapshot");
Object.defineProperty(exports, "Snapshot", { enumerable: true, get: function () { return snapshot_1.Snapshot; } });
var targets_1 = require("./targets");
Object.defineProperty(exports, "Targets", { enumerable: true, get: function () { return targets_1.Targets; } });
var timestamp_1 = require("./timestamp");
Object.defineProperty(exports, "Timestamp", { enumerable: true, get: function () { return timestamp_1.Timestamp; } });

21
node_modules/@tufjs/models/dist/key.d.ts generated vendored Normal file
View file

@ -0,0 +1,21 @@
import { Signable } from './base';
import { JSONObject, JSONValue } from './utils';
export interface KeyOptions {
keyID: string;
keyType: string;
scheme: string;
keyVal: Record<string, string>;
unrecognizedFields?: Record<string, JSONValue>;
}
export declare class Key {
readonly keyID: string;
readonly keyType: string;
readonly scheme: string;
readonly keyVal: Record<string, string>;
readonly unrecognizedFields?: Record<string, JSONValue>;
constructor(options: KeyOptions);
verifySignature(metadata: Signable): void;
equals(other: Key): boolean;
toJSON(): JSONObject;
static fromJSON(keyID: string, data: JSONObject): Key;
}

85
node_modules/@tufjs/models/dist/key.js generated vendored Normal file
View file

@ -0,0 +1,85 @@
"use strict";
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.Key = void 0;
const util_1 = __importDefault(require("util"));
const error_1 = require("./error");
const utils_1 = require("./utils");
const key_1 = require("./utils/key");
// A container class representing the public portion of a Key.
class Key {
constructor(options) {
const { keyID, keyType, scheme, keyVal, unrecognizedFields } = options;
this.keyID = keyID;
this.keyType = keyType;
this.scheme = scheme;
this.keyVal = keyVal;
this.unrecognizedFields = unrecognizedFields || {};
}
// Verifies the that the metadata.signatures contains a signature made with
// this key and is correctly signed.
verifySignature(metadata) {
const signature = metadata.signatures[this.keyID];
if (!signature)
throw new error_1.UnsignedMetadataError('no signature for key found in metadata');
if (!this.keyVal.public)
throw new error_1.UnsignedMetadataError('no public key found');
const publicKey = (0, key_1.getPublicKey)({
keyType: this.keyType,
scheme: this.scheme,
keyVal: this.keyVal.public,
});
const signedData = metadata.signed.toJSON();
try {
if (!utils_1.crypto.verifySignature(signedData, publicKey, signature.sig)) {
throw new error_1.UnsignedMetadataError(`failed to verify ${this.keyID} signature`);
}
}
catch (error) {
if (error instanceof error_1.UnsignedMetadataError) {
throw error;
}
throw new error_1.UnsignedMetadataError(`failed to verify ${this.keyID} signature`);
}
}
equals(other) {
if (!(other instanceof Key)) {
return false;
}
return (this.keyID === other.keyID &&
this.keyType === other.keyType &&
this.scheme === other.scheme &&
util_1.default.isDeepStrictEqual(this.keyVal, other.keyVal) &&
util_1.default.isDeepStrictEqual(this.unrecognizedFields, other.unrecognizedFields));
}
toJSON() {
return {
keytype: this.keyType,
scheme: this.scheme,
keyval: this.keyVal,
...this.unrecognizedFields,
};
}
static fromJSON(keyID, data) {
const { keytype, scheme, keyval, ...rest } = data;
if (typeof keytype !== 'string') {
throw new TypeError('keytype must be a string');
}
if (typeof scheme !== 'string') {
throw new TypeError('scheme must be a string');
}
if (!utils_1.guard.isStringRecord(keyval)) {
throw new TypeError('keyval must be a string record');
}
return new Key({
keyID,
keyType: keytype,
scheme,
keyVal: keyval,
unrecognizedFields: rest,
});
}
}
exports.Key = Key;

48
node_modules/@tufjs/models/dist/metadata.d.ts generated vendored Normal file
View file

@ -0,0 +1,48 @@
/// <reference types="node" />
import { MetadataKind, Signable } from './base';
import { Root } from './root';
import { Signature } from './signature';
import { Snapshot } from './snapshot';
import { Targets } from './targets';
import { Timestamp } from './timestamp';
import { JSONObject, JSONValue } from './utils';
type MetadataType = Root | Timestamp | Snapshot | Targets;
/***
* A container for signed TUF metadata.
*
* Provides methods to convert to and from json, read and write to and
* from JSON and to create and verify metadata signatures.
*
* ``Metadata[T]`` is a generic container type where T can be any one type of
* [``Root``, ``Timestamp``, ``Snapshot``, ``Targets``]. The purpose of this
* is to allow static type checking of the signed attribute in code using
* Metadata::
*
* root_md = Metadata[Root].fromJSON("root.json")
* # root_md type is now Metadata[Root]. This means signed and its
* # attributes like consistent_snapshot are now statically typed and the
* # types can be verified by static type checkers and shown by IDEs
*
* Using a type constraint is not required but not doing so means T is not a
* specific type so static typing cannot happen. Note that the type constraint
* ``[Root]`` is not validated at runtime (as pure annotations are not available
* then).
*
* Apart from ``expires`` all of the arguments to the inner constructors have
* reasonable default values for new metadata.
*/
export declare class Metadata<T extends MetadataType> implements Signable {
signed: T;
signatures: Record<string, Signature>;
unrecognizedFields: Record<string, JSONValue>;
constructor(signed: T, signatures?: Record<string, Signature>, unrecognizedFields?: Record<string, JSONValue>);
sign(signer: (data: Buffer) => Signature, append?: boolean): void;
verifyDelegate(delegatedRole: string, delegatedMetadata: Metadata<MetadataType>): void;
equals(other: T): boolean;
toJSON(): JSONObject;
static fromJSON(type: MetadataKind.Root, data: JSONObject): Metadata<Root>;
static fromJSON(type: MetadataKind.Timestamp, data: JSONObject): Metadata<Timestamp>;
static fromJSON(type: MetadataKind.Snapshot, data: JSONObject): Metadata<Snapshot>;
static fromJSON(type: MetadataKind.Targets, data: JSONObject): Metadata<Targets>;
}
export {};

158
node_modules/@tufjs/models/dist/metadata.js generated vendored Normal file
View file

@ -0,0 +1,158 @@
"use strict";
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.Metadata = void 0;
const canonical_json_1 = require("@tufjs/canonical-json");
const util_1 = __importDefault(require("util"));
const base_1 = require("./base");
const error_1 = require("./error");
const root_1 = require("./root");
const signature_1 = require("./signature");
const snapshot_1 = require("./snapshot");
const targets_1 = require("./targets");
const timestamp_1 = require("./timestamp");
const utils_1 = require("./utils");
/***
* A container for signed TUF metadata.
*
* Provides methods to convert to and from json, read and write to and
* from JSON and to create and verify metadata signatures.
*
* ``Metadata[T]`` is a generic container type where T can be any one type of
* [``Root``, ``Timestamp``, ``Snapshot``, ``Targets``]. The purpose of this
* is to allow static type checking of the signed attribute in code using
* Metadata::
*
* root_md = Metadata[Root].fromJSON("root.json")
* # root_md type is now Metadata[Root]. This means signed and its
* # attributes like consistent_snapshot are now statically typed and the
* # types can be verified by static type checkers and shown by IDEs
*
* Using a type constraint is not required but not doing so means T is not a
* specific type so static typing cannot happen. Note that the type constraint
* ``[Root]`` is not validated at runtime (as pure annotations are not available
* then).
*
* Apart from ``expires`` all of the arguments to the inner constructors have
* reasonable default values for new metadata.
*/
class Metadata {
constructor(signed, signatures, unrecognizedFields) {
this.signed = signed;
this.signatures = signatures || {};
this.unrecognizedFields = unrecognizedFields || {};
}
sign(signer, append = true) {
const bytes = Buffer.from((0, canonical_json_1.canonicalize)(this.signed.toJSON()));
const signature = signer(bytes);
if (!append) {
this.signatures = {};
}
this.signatures[signature.keyID] = signature;
}
verifyDelegate(delegatedRole, delegatedMetadata) {
let role;
let keys = {};
switch (this.signed.type) {
case base_1.MetadataKind.Root:
keys = this.signed.keys;
role = this.signed.roles[delegatedRole];
break;
case base_1.MetadataKind.Targets:
if (!this.signed.delegations) {
throw new error_1.ValueError(`No delegations found for ${delegatedRole}`);
}
keys = this.signed.delegations.keys;
if (this.signed.delegations.roles) {
role = this.signed.delegations.roles[delegatedRole];
}
else if (this.signed.delegations.succinctRoles) {
if (this.signed.delegations.succinctRoles.isDelegatedRole(delegatedRole)) {
role = this.signed.delegations.succinctRoles;
}
}
break;
default:
throw new TypeError('invalid metadata type');
}
if (!role) {
throw new error_1.ValueError(`no delegation found for ${delegatedRole}`);
}
const signingKeys = new Set();
role.keyIDs.forEach((keyID) => {
const key = keys[keyID];
// If we dont' have the key, continue checking other keys
if (!key) {
return;
}
try {
key.verifySignature(delegatedMetadata);
signingKeys.add(key.keyID);
}
catch (error) {
// continue
}
});
if (signingKeys.size < role.threshold) {
throw new error_1.UnsignedMetadataError(`${delegatedRole} was signed by ${signingKeys.size}/${role.threshold} keys`);
}
}
equals(other) {
if (!(other instanceof Metadata)) {
return false;
}
return (this.signed.equals(other.signed) &&
util_1.default.isDeepStrictEqual(this.signatures, other.signatures) &&
util_1.default.isDeepStrictEqual(this.unrecognizedFields, other.unrecognizedFields));
}
toJSON() {
const signatures = Object.values(this.signatures).map((signature) => {
return signature.toJSON();
});
return {
signatures,
signed: this.signed.toJSON(),
...this.unrecognizedFields,
};
}
static fromJSON(type, data) {
const { signed, signatures, ...rest } = data;
if (!utils_1.guard.isDefined(signed) || !utils_1.guard.isObject(signed)) {
throw new TypeError('signed is not defined');
}
if (type !== signed._type) {
throw new error_1.ValueError(`expected '${type}', got ${signed['_type']}`);
}
let signedObj;
switch (type) {
case base_1.MetadataKind.Root:
signedObj = root_1.Root.fromJSON(signed);
break;
case base_1.MetadataKind.Timestamp:
signedObj = timestamp_1.Timestamp.fromJSON(signed);
break;
case base_1.MetadataKind.Snapshot:
signedObj = snapshot_1.Snapshot.fromJSON(signed);
break;
case base_1.MetadataKind.Targets:
signedObj = targets_1.Targets.fromJSON(signed);
break;
default:
throw new TypeError('invalid metadata type');
}
const sigMap = signaturesFromJSON(signatures);
return new Metadata(signedObj, sigMap, rest);
}
}
exports.Metadata = Metadata;
function signaturesFromJSON(data) {
if (!utils_1.guard.isObjectArray(data)) {
throw new TypeError('signatures is not an array');
}
return data.reduce((acc, sigData) => {
const signature = signature_1.Signature.fromJSON(sigData);
return { ...acc, [signature.keyID]: signature };
}, {});
}

103
node_modules/@tufjs/models/dist/role.d.ts generated vendored Normal file
View file

@ -0,0 +1,103 @@
import { JSONObject, JSONValue } from './utils';
export declare const TOP_LEVEL_ROLE_NAMES: string[];
export interface RoleOptions {
keyIDs: string[];
threshold: number;
unrecognizedFields?: Record<string, JSONValue>;
}
/**
* Container that defines which keys are required to sign roles metadata.
*
* Role defines how many keys are required to successfully sign the roles
* metadata, and which keys are accepted.
*/
export declare class Role {
readonly keyIDs: string[];
readonly threshold: number;
readonly unrecognizedFields?: Record<string, JSONValue>;
constructor(options: RoleOptions);
equals(other: Role): boolean;
toJSON(): JSONObject;
static fromJSON(data: JSONObject): Role;
}
interface DelegatedRoleOptions extends RoleOptions {
name: string;
terminating: boolean;
paths?: string[];
pathHashPrefixes?: string[];
}
/**
* A container with information about a delegated role.
*
* A delegation can happen in two ways:
* - ``paths`` is set: delegates targets matching any path pattern in ``paths``
* - ``pathHashPrefixes`` is set: delegates targets whose target path hash
* starts with any of the prefixes in ``pathHashPrefixes``
*
* ``paths`` and ``pathHashPrefixes`` are mutually exclusive: both cannot be
* set, at least one of them must be set.
*/
export declare class DelegatedRole extends Role {
readonly name: string;
readonly terminating: boolean;
readonly paths?: string[];
readonly pathHashPrefixes?: string[];
constructor(opts: DelegatedRoleOptions);
equals(other: DelegatedRole): boolean;
isDelegatedPath(targetFilepath: string): boolean;
toJSON(): JSONObject;
static fromJSON(data: JSONObject): DelegatedRole;
}
interface SuccinctRolesOption extends RoleOptions {
bitLength: number;
namePrefix: string;
}
/**
* Succinctly defines a hash bin delegation graph.
*
* A ``SuccinctRoles`` object describes a delegation graph that covers all
* targets, distributing them uniformly over the delegated roles (i.e. bins)
* in the graph.
*
* The total number of bins is 2 to the power of the passed ``bit_length``.
*
* Bin names are the concatenation of the passed ``name_prefix`` and a
* zero-padded hex representation of the bin index separated by a hyphen.
*
* The passed ``keyids`` and ``threshold`` is used for each bin, and each bin
* is 'terminating'.
*
* For details: https://github.com/theupdateframework/taps/blob/master/tap15.md
*/
export declare class SuccinctRoles extends Role {
readonly bitLength: number;
readonly namePrefix: string;
readonly numberOfBins: number;
readonly suffixLen: number;
constructor(opts: SuccinctRolesOption);
equals(other: SuccinctRoles): boolean;
/***
* Calculates the name of the delegated role responsible for 'target_filepath'.
*
* The target at path ''target_filepath' is assigned to a bin by casting
* the left-most 'bit_length' of bits of the file path hash digest to
* int, using it as bin index between 0 and '2**bit_length - 1'.
*
* Args:
* target_filepath: URL path to a target file, relative to a base
* targets URL.
*/
getRoleForTarget(targetFilepath: string): string;
getRoles(): Generator<string>;
/***
* Determines whether the given ``role_name`` is in one of
* the delegated roles that ``SuccinctRoles`` represents.
*
* Args:
* role_name: The name of the role to check against.
*/
isDelegatedRole(roleName: string): boolean;
toJSON(): JSONObject;
static fromJSON(data: JSONObject): SuccinctRoles;
}
export {};

299
node_modules/@tufjs/models/dist/role.js generated vendored Normal file
View file

@ -0,0 +1,299 @@
"use strict";
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.SuccinctRoles = exports.DelegatedRole = exports.Role = exports.TOP_LEVEL_ROLE_NAMES = void 0;
const crypto_1 = __importDefault(require("crypto"));
const minimatch_1 = require("minimatch");
const util_1 = __importDefault(require("util"));
const error_1 = require("./error");
const utils_1 = require("./utils");
exports.TOP_LEVEL_ROLE_NAMES = [
'root',
'targets',
'snapshot',
'timestamp',
];
/**
* Container that defines which keys are required to sign roles metadata.
*
* Role defines how many keys are required to successfully sign the roles
* metadata, and which keys are accepted.
*/
class Role {
constructor(options) {
const { keyIDs, threshold, unrecognizedFields } = options;
if (hasDuplicates(keyIDs)) {
throw new error_1.ValueError('duplicate key IDs found');
}
if (threshold < 1) {
throw new error_1.ValueError('threshold must be at least 1');
}
this.keyIDs = keyIDs;
this.threshold = threshold;
this.unrecognizedFields = unrecognizedFields || {};
}
equals(other) {
if (!(other instanceof Role)) {
return false;
}
return (this.threshold === other.threshold &&
util_1.default.isDeepStrictEqual(this.keyIDs, other.keyIDs) &&
util_1.default.isDeepStrictEqual(this.unrecognizedFields, other.unrecognizedFields));
}
toJSON() {
return {
keyids: this.keyIDs,
threshold: this.threshold,
...this.unrecognizedFields,
};
}
static fromJSON(data) {
const { keyids, threshold, ...rest } = data;
if (!utils_1.guard.isStringArray(keyids)) {
throw new TypeError('keyids must be an array');
}
if (typeof threshold !== 'number') {
throw new TypeError('threshold must be a number');
}
return new Role({
keyIDs: keyids,
threshold,
unrecognizedFields: rest,
});
}
}
exports.Role = Role;
function hasDuplicates(array) {
return new Set(array).size !== array.length;
}
/**
* A container with information about a delegated role.
*
* A delegation can happen in two ways:
* - ``paths`` is set: delegates targets matching any path pattern in ``paths``
* - ``pathHashPrefixes`` is set: delegates targets whose target path hash
* starts with any of the prefixes in ``pathHashPrefixes``
*
* ``paths`` and ``pathHashPrefixes`` are mutually exclusive: both cannot be
* set, at least one of them must be set.
*/
class DelegatedRole extends Role {
constructor(opts) {
super(opts);
const { name, terminating, paths, pathHashPrefixes } = opts;
this.name = name;
this.terminating = terminating;
if (opts.paths && opts.pathHashPrefixes) {
throw new error_1.ValueError('paths and pathHashPrefixes are mutually exclusive');
}
this.paths = paths;
this.pathHashPrefixes = pathHashPrefixes;
}
equals(other) {
if (!(other instanceof DelegatedRole)) {
return false;
}
return (super.equals(other) &&
this.name === other.name &&
this.terminating === other.terminating &&
util_1.default.isDeepStrictEqual(this.paths, other.paths) &&
util_1.default.isDeepStrictEqual(this.pathHashPrefixes, other.pathHashPrefixes));
}
isDelegatedPath(targetFilepath) {
if (this.paths) {
return this.paths.some((pathPattern) => isTargetInPathPattern(targetFilepath, pathPattern));
}
if (this.pathHashPrefixes) {
const hasher = crypto_1.default.createHash('sha256');
const pathHash = hasher.update(targetFilepath).digest('hex');
return this.pathHashPrefixes.some((pathHashPrefix) => pathHash.startsWith(pathHashPrefix));
}
return false;
}
toJSON() {
const json = {
...super.toJSON(),
name: this.name,
terminating: this.terminating,
};
if (this.paths) {
json.paths = this.paths;
}
if (this.pathHashPrefixes) {
json.path_hash_prefixes = this.pathHashPrefixes;
}
return json;
}
static fromJSON(data) {
const { keyids, threshold, name, terminating, paths, path_hash_prefixes, ...rest } = data;
if (!utils_1.guard.isStringArray(keyids)) {
throw new TypeError('keyids must be an array of strings');
}
if (typeof threshold !== 'number') {
throw new TypeError('threshold must be a number');
}
if (typeof name !== 'string') {
throw new TypeError('name must be a string');
}
if (typeof terminating !== 'boolean') {
throw new TypeError('terminating must be a boolean');
}
if (utils_1.guard.isDefined(paths) && !utils_1.guard.isStringArray(paths)) {
throw new TypeError('paths must be an array of strings');
}
if (utils_1.guard.isDefined(path_hash_prefixes) &&
!utils_1.guard.isStringArray(path_hash_prefixes)) {
throw new TypeError('path_hash_prefixes must be an array of strings');
}
return new DelegatedRole({
keyIDs: keyids,
threshold,
name,
terminating,
paths,
pathHashPrefixes: path_hash_prefixes,
unrecognizedFields: rest,
});
}
}
exports.DelegatedRole = DelegatedRole;
// JS version of Ruby's Array#zip
const zip = (a, b) => a.map((k, i) => [k, b[i]]);
function isTargetInPathPattern(target, pattern) {
const targetParts = target.split('/');
const patternParts = pattern.split('/');
if (patternParts.length != targetParts.length) {
return false;
}
return zip(targetParts, patternParts).every(([targetPart, patternPart]) => (0, minimatch_1.minimatch)(targetPart, patternPart));
}
/**
* Succinctly defines a hash bin delegation graph.
*
* A ``SuccinctRoles`` object describes a delegation graph that covers all
* targets, distributing them uniformly over the delegated roles (i.e. bins)
* in the graph.
*
* The total number of bins is 2 to the power of the passed ``bit_length``.
*
* Bin names are the concatenation of the passed ``name_prefix`` and a
* zero-padded hex representation of the bin index separated by a hyphen.
*
* The passed ``keyids`` and ``threshold`` is used for each bin, and each bin
* is 'terminating'.
*
* For details: https://github.com/theupdateframework/taps/blob/master/tap15.md
*/
class SuccinctRoles extends Role {
constructor(opts) {
super(opts);
const { bitLength, namePrefix } = opts;
if (bitLength <= 0 || bitLength > 32) {
throw new error_1.ValueError('bitLength must be between 1 and 32');
}
this.bitLength = bitLength;
this.namePrefix = namePrefix;
// Calculate the suffix_len value based on the total number of bins in
// hex. If bit_length = 10 then number_of_bins = 1024 or bin names will
// have a suffix between "000" and "3ff" in hex and suffix_len will be 3
// meaning the third bin will have a suffix of "003".
this.numberOfBins = Math.pow(2, bitLength);
// suffix_len is calculated based on "number_of_bins - 1" as the name
// of the last bin contains the number "number_of_bins -1" as a suffix.
this.suffixLen = (this.numberOfBins - 1).toString(16).length;
}
equals(other) {
if (!(other instanceof SuccinctRoles)) {
return false;
}
return (super.equals(other) &&
this.bitLength === other.bitLength &&
this.namePrefix === other.namePrefix);
}
/***
* Calculates the name of the delegated role responsible for 'target_filepath'.
*
* The target at path ''target_filepath' is assigned to a bin by casting
* the left-most 'bit_length' of bits of the file path hash digest to
* int, using it as bin index between 0 and '2**bit_length - 1'.
*
* Args:
* target_filepath: URL path to a target file, relative to a base
* targets URL.
*/
getRoleForTarget(targetFilepath) {
const hasher = crypto_1.default.createHash('sha256');
const hasherBuffer = hasher.update(targetFilepath).digest();
// can't ever need more than 4 bytes (32 bits).
const hashBytes = hasherBuffer.subarray(0, 4);
// Right shift hash bytes, so that we only have the leftmost
// bit_length bits that we care about.
const shiftValue = 32 - this.bitLength;
const binNumber = hashBytes.readUInt32BE() >>> shiftValue;
// Add zero padding if necessary and cast to hex the suffix.
const suffix = binNumber.toString(16).padStart(this.suffixLen, '0');
return `${this.namePrefix}-${suffix}`;
}
*getRoles() {
for (let i = 0; i < this.numberOfBins; i++) {
const suffix = i.toString(16).padStart(this.suffixLen, '0');
yield `${this.namePrefix}-${suffix}`;
}
}
/***
* Determines whether the given ``role_name`` is in one of
* the delegated roles that ``SuccinctRoles`` represents.
*
* Args:
* role_name: The name of the role to check against.
*/
isDelegatedRole(roleName) {
const desiredPrefix = this.namePrefix + '-';
if (!roleName.startsWith(desiredPrefix)) {
return false;
}
const suffix = roleName.slice(desiredPrefix.length, roleName.length);
if (suffix.length != this.suffixLen) {
return false;
}
// make sure the suffix is a hex string
if (!suffix.match(/^[0-9a-fA-F]+$/)) {
return false;
}
const num = parseInt(suffix, 16);
return 0 <= num && num < this.numberOfBins;
}
toJSON() {
const json = {
...super.toJSON(),
bit_length: this.bitLength,
name_prefix: this.namePrefix,
};
return json;
}
static fromJSON(data) {
const { keyids, threshold, bit_length, name_prefix, ...rest } = data;
if (!utils_1.guard.isStringArray(keyids)) {
throw new TypeError('keyids must be an array of strings');
}
if (typeof threshold !== 'number') {
throw new TypeError('threshold must be a number');
}
if (typeof bit_length !== 'number') {
throw new TypeError('bit_length must be a number');
}
if (typeof name_prefix !== 'string') {
throw new TypeError('name_prefix must be a string');
}
return new SuccinctRoles({
keyIDs: keyids,
threshold,
bitLength: bit_length,
namePrefix: name_prefix,
unrecognizedFields: rest,
});
}
}
exports.SuccinctRoles = SuccinctRoles;

29
node_modules/@tufjs/models/dist/root.d.ts generated vendored Normal file
View file

@ -0,0 +1,29 @@
import { MetadataKind, Signed, SignedOptions } from './base';
import { Key } from './key';
import { Role } from './role';
import { JSONObject } from './utils';
type KeyMap = Record<string, Key>;
type RoleMap = Record<string, Role>;
export interface RootOptions extends SignedOptions {
keys?: Record<string, Key>;
roles?: Record<string, Role>;
consistentSnapshot?: boolean;
}
/**
* A container for the signed part of root metadata.
*
* The top-level role and metadata file signed by the root keys.
* This role specifies trusted keys for all other top-level roles, which may further delegate trust.
*/
export declare class Root extends Signed {
readonly type = MetadataKind.Root;
readonly keys: KeyMap;
readonly roles: RoleMap;
readonly consistentSnapshot: boolean;
constructor(options: RootOptions);
addKey(key: Key, role: string): void;
equals(other: Root): boolean;
toJSON(): JSONObject;
static fromJSON(data: JSONObject): Root;
}
export {};

116
node_modules/@tufjs/models/dist/root.js generated vendored Normal file
View file

@ -0,0 +1,116 @@
"use strict";
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.Root = void 0;
const util_1 = __importDefault(require("util"));
const base_1 = require("./base");
const error_1 = require("./error");
const key_1 = require("./key");
const role_1 = require("./role");
const utils_1 = require("./utils");
/**
* A container for the signed part of root metadata.
*
* The top-level role and metadata file signed by the root keys.
* This role specifies trusted keys for all other top-level roles, which may further delegate trust.
*/
class Root extends base_1.Signed {
constructor(options) {
super(options);
this.type = base_1.MetadataKind.Root;
this.keys = options.keys || {};
this.consistentSnapshot = options.consistentSnapshot ?? true;
if (!options.roles) {
this.roles = role_1.TOP_LEVEL_ROLE_NAMES.reduce((acc, role) => ({
...acc,
[role]: new role_1.Role({ keyIDs: [], threshold: 1 }),
}), {});
}
else {
const roleNames = new Set(Object.keys(options.roles));
if (!role_1.TOP_LEVEL_ROLE_NAMES.every((role) => roleNames.has(role))) {
throw new error_1.ValueError('missing top-level role');
}
this.roles = options.roles;
}
}
addKey(key, role) {
if (!this.roles[role]) {
throw new error_1.ValueError(`role ${role} does not exist`);
}
if (!this.roles[role].keyIDs.includes(key.keyID)) {
this.roles[role].keyIDs.push(key.keyID);
}
this.keys[key.keyID] = key;
}
equals(other) {
if (!(other instanceof Root)) {
return false;
}
return (super.equals(other) &&
this.consistentSnapshot === other.consistentSnapshot &&
util_1.default.isDeepStrictEqual(this.keys, other.keys) &&
util_1.default.isDeepStrictEqual(this.roles, other.roles));
}
toJSON() {
return {
_type: this.type,
spec_version: this.specVersion,
version: this.version,
expires: this.expires,
keys: keysToJSON(this.keys),
roles: rolesToJSON(this.roles),
consistent_snapshot: this.consistentSnapshot,
...this.unrecognizedFields,
};
}
static fromJSON(data) {
const { unrecognizedFields, ...commonFields } = base_1.Signed.commonFieldsFromJSON(data);
const { keys, roles, consistent_snapshot, ...rest } = unrecognizedFields;
if (typeof consistent_snapshot !== 'boolean') {
throw new TypeError('consistent_snapshot must be a boolean');
}
return new Root({
...commonFields,
keys: keysFromJSON(keys),
roles: rolesFromJSON(roles),
consistentSnapshot: consistent_snapshot,
unrecognizedFields: rest,
});
}
}
exports.Root = Root;
function keysToJSON(keys) {
return Object.entries(keys).reduce((acc, [keyID, key]) => ({ ...acc, [keyID]: key.toJSON() }), {});
}
function rolesToJSON(roles) {
return Object.entries(roles).reduce((acc, [roleName, role]) => ({ ...acc, [roleName]: role.toJSON() }), {});
}
function keysFromJSON(data) {
let keys;
if (utils_1.guard.isDefined(data)) {
if (!utils_1.guard.isObjectRecord(data)) {
throw new TypeError('keys must be an object');
}
keys = Object.entries(data).reduce((acc, [keyID, keyData]) => ({
...acc,
[keyID]: key_1.Key.fromJSON(keyID, keyData),
}), {});
}
return keys;
}
function rolesFromJSON(data) {
let roles;
if (utils_1.guard.isDefined(data)) {
if (!utils_1.guard.isObjectRecord(data)) {
throw new TypeError('roles must be an object');
}
roles = Object.entries(data).reduce((acc, [roleName, roleData]) => ({
...acc,
[roleName]: role_1.Role.fromJSON(roleData),
}), {});
}
return roles;
}

20
node_modules/@tufjs/models/dist/signature.d.ts generated vendored Normal file
View file

@ -0,0 +1,20 @@
import { JSONObject } from './utils';
export interface SignatureOptions {
keyID: string;
sig: string;
}
/**
* A container class containing information about a signature.
*
* Contains a signature and the keyid uniquely identifying the key used
* to generate the signature.
*
* Provide a `fromJSON` method to create a Signature from a JSON object.
*/
export declare class Signature {
readonly keyID: string;
readonly sig: string;
constructor(options: SignatureOptions);
toJSON(): JSONObject;
static fromJSON(data: JSONObject): Signature;
}

38
node_modules/@tufjs/models/dist/signature.js generated vendored Normal file
View file

@ -0,0 +1,38 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.Signature = void 0;
/**
* A container class containing information about a signature.
*
* Contains a signature and the keyid uniquely identifying the key used
* to generate the signature.
*
* Provide a `fromJSON` method to create a Signature from a JSON object.
*/
class Signature {
constructor(options) {
const { keyID, sig } = options;
this.keyID = keyID;
this.sig = sig;
}
toJSON() {
return {
keyid: this.keyID,
sig: this.sig,
};
}
static fromJSON(data) {
const { keyid, sig } = data;
if (typeof keyid !== 'string') {
throw new TypeError('keyid must be a string');
}
if (typeof sig !== 'string') {
throw new TypeError('sig must be a string');
}
return new Signature({
keyID: keyid,
sig: sig,
});
}
}
exports.Signature = Signature;

23
node_modules/@tufjs/models/dist/snapshot.d.ts generated vendored Normal file
View file

@ -0,0 +1,23 @@
import { MetadataKind, Signed, SignedOptions } from './base';
import { MetaFile } from './file';
import { JSONObject } from './utils';
type MetaFileMap = Record<string, MetaFile>;
export interface SnapshotOptions extends SignedOptions {
meta?: MetaFileMap;
}
/**
* A container for the signed part of snapshot metadata.
*
* Snapshot contains information about all target Metadata files.
* A top-level role that specifies the latest versions of all targets metadata files,
* and hence the latest versions of all targets (including any dependencies between them) on the repository.
*/
export declare class Snapshot extends Signed {
readonly type = MetadataKind.Snapshot;
readonly meta: MetaFileMap;
constructor(opts: SnapshotOptions);
equals(other: Snapshot): boolean;
toJSON(): JSONObject;
static fromJSON(data: JSONObject): Snapshot;
}
export {};

71
node_modules/@tufjs/models/dist/snapshot.js generated vendored Normal file
View file

@ -0,0 +1,71 @@
"use strict";
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.Snapshot = void 0;
const util_1 = __importDefault(require("util"));
const base_1 = require("./base");
const file_1 = require("./file");
const utils_1 = require("./utils");
/**
* A container for the signed part of snapshot metadata.
*
* Snapshot contains information about all target Metadata files.
* A top-level role that specifies the latest versions of all targets metadata files,
* and hence the latest versions of all targets (including any dependencies between them) on the repository.
*/
class Snapshot extends base_1.Signed {
constructor(opts) {
super(opts);
this.type = base_1.MetadataKind.Snapshot;
this.meta = opts.meta || { 'targets.json': new file_1.MetaFile({ version: 1 }) };
}
equals(other) {
if (!(other instanceof Snapshot)) {
return false;
}
return super.equals(other) && util_1.default.isDeepStrictEqual(this.meta, other.meta);
}
toJSON() {
return {
_type: this.type,
meta: metaToJSON(this.meta),
spec_version: this.specVersion,
version: this.version,
expires: this.expires,
...this.unrecognizedFields,
};
}
static fromJSON(data) {
const { unrecognizedFields, ...commonFields } = base_1.Signed.commonFieldsFromJSON(data);
const { meta, ...rest } = unrecognizedFields;
return new Snapshot({
...commonFields,
meta: metaFromJSON(meta),
unrecognizedFields: rest,
});
}
}
exports.Snapshot = Snapshot;
function metaToJSON(meta) {
return Object.entries(meta).reduce((acc, [path, metadata]) => ({
...acc,
[path]: metadata.toJSON(),
}), {});
}
function metaFromJSON(data) {
let meta;
if (utils_1.guard.isDefined(data)) {
if (!utils_1.guard.isObjectRecord(data)) {
throw new TypeError('meta field is malformed');
}
else {
meta = Object.entries(data).reduce((acc, [path, metadata]) => ({
...acc,
[path]: file_1.MetaFile.fromJSON(metadata),
}), {});
}
}
return meta;
}

20
node_modules/@tufjs/models/dist/targets.d.ts generated vendored Normal file
View file

@ -0,0 +1,20 @@
import { MetadataKind, Signed, SignedOptions } from './base';
import { Delegations } from './delegations';
import { TargetFile } from './file';
import { JSONObject } from './utils';
type TargetFileMap = Record<string, TargetFile>;
interface TargetsOptions extends SignedOptions {
targets?: TargetFileMap;
delegations?: Delegations;
}
export declare class Targets extends Signed {
readonly type = MetadataKind.Targets;
readonly targets: TargetFileMap;
readonly delegations?: Delegations;
constructor(options: TargetsOptions);
addTarget(target: TargetFile): void;
equals(other: Targets): boolean;
toJSON(): JSONObject;
static fromJSON(data: JSONObject): Targets;
}
export {};

92
node_modules/@tufjs/models/dist/targets.js generated vendored Normal file
View file

@ -0,0 +1,92 @@
"use strict";
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.Targets = void 0;
const util_1 = __importDefault(require("util"));
const base_1 = require("./base");
const delegations_1 = require("./delegations");
const file_1 = require("./file");
const utils_1 = require("./utils");
// Container for the signed part of targets metadata.
//
// Targets contains verifying information about target files and also delegates
// responsible to other Targets roles.
class Targets extends base_1.Signed {
constructor(options) {
super(options);
this.type = base_1.MetadataKind.Targets;
this.targets = options.targets || {};
this.delegations = options.delegations;
}
addTarget(target) {
this.targets[target.path] = target;
}
equals(other) {
if (!(other instanceof Targets)) {
return false;
}
return (super.equals(other) &&
util_1.default.isDeepStrictEqual(this.targets, other.targets) &&
util_1.default.isDeepStrictEqual(this.delegations, other.delegations));
}
toJSON() {
const json = {
_type: this.type,
spec_version: this.specVersion,
version: this.version,
expires: this.expires,
targets: targetsToJSON(this.targets),
...this.unrecognizedFields,
};
if (this.delegations) {
json.delegations = this.delegations.toJSON();
}
return json;
}
static fromJSON(data) {
const { unrecognizedFields, ...commonFields } = base_1.Signed.commonFieldsFromJSON(data);
const { targets, delegations, ...rest } = unrecognizedFields;
return new Targets({
...commonFields,
targets: targetsFromJSON(targets),
delegations: delegationsFromJSON(delegations),
unrecognizedFields: rest,
});
}
}
exports.Targets = Targets;
function targetsToJSON(targets) {
return Object.entries(targets).reduce((acc, [path, target]) => ({
...acc,
[path]: target.toJSON(),
}), {});
}
function targetsFromJSON(data) {
let targets;
if (utils_1.guard.isDefined(data)) {
if (!utils_1.guard.isObjectRecord(data)) {
throw new TypeError('targets must be an object');
}
else {
targets = Object.entries(data).reduce((acc, [path, target]) => ({
...acc,
[path]: file_1.TargetFile.fromJSON(path, target),
}), {});
}
}
return targets;
}
function delegationsFromJSON(data) {
let delegations;
if (utils_1.guard.isDefined(data)) {
if (!utils_1.guard.isObject(data)) {
throw new TypeError('delegations must be an object');
}
else {
delegations = delegations_1.Delegations.fromJSON(data);
}
}
return delegations;
}

21
node_modules/@tufjs/models/dist/timestamp.d.ts generated vendored Normal file
View file

@ -0,0 +1,21 @@
import { MetadataKind, Signed, SignedOptions } from './base';
import { MetaFile } from './file';
import { JSONObject } from './utils';
interface TimestampOptions extends SignedOptions {
snapshotMeta?: MetaFile;
}
/**
* A container for the signed part of timestamp metadata.
*
* A top-level that specifies the latest version of the snapshot role metadata file,
* and hence the latest versions of all metadata and targets on the repository.
*/
export declare class Timestamp extends Signed {
readonly type = MetadataKind.Timestamp;
readonly snapshotMeta: MetaFile;
constructor(options: TimestampOptions);
equals(other: Timestamp): boolean;
toJSON(): JSONObject;
static fromJSON(data: JSONObject): Timestamp;
}
export {};

58
node_modules/@tufjs/models/dist/timestamp.js generated vendored Normal file
View file

@ -0,0 +1,58 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.Timestamp = void 0;
const base_1 = require("./base");
const file_1 = require("./file");
const utils_1 = require("./utils");
/**
* A container for the signed part of timestamp metadata.
*
* A top-level that specifies the latest version of the snapshot role metadata file,
* and hence the latest versions of all metadata and targets on the repository.
*/
class Timestamp extends base_1.Signed {
constructor(options) {
super(options);
this.type = base_1.MetadataKind.Timestamp;
this.snapshotMeta = options.snapshotMeta || new file_1.MetaFile({ version: 1 });
}
equals(other) {
if (!(other instanceof Timestamp)) {
return false;
}
return super.equals(other) && this.snapshotMeta.equals(other.snapshotMeta);
}
toJSON() {
return {
_type: this.type,
spec_version: this.specVersion,
version: this.version,
expires: this.expires,
meta: { 'snapshot.json': this.snapshotMeta.toJSON() },
...this.unrecognizedFields,
};
}
static fromJSON(data) {
const { unrecognizedFields, ...commonFields } = base_1.Signed.commonFieldsFromJSON(data);
const { meta, ...rest } = unrecognizedFields;
return new Timestamp({
...commonFields,
snapshotMeta: snapshotMetaFromJSON(meta),
unrecognizedFields: rest,
});
}
}
exports.Timestamp = Timestamp;
function snapshotMetaFromJSON(data) {
let snapshotMeta;
if (utils_1.guard.isDefined(data)) {
const snapshotData = data['snapshot.json'];
if (!utils_1.guard.isDefined(snapshotData) || !utils_1.guard.isObject(snapshotData)) {
throw new TypeError('missing snapshot.json in meta');
}
else {
snapshotMeta = file_1.MetaFile.fromJSON(snapshotData);
}
}
return snapshotMeta;
}

7
node_modules/@tufjs/models/dist/utils/guard.d.ts generated vendored Normal file
View file

@ -0,0 +1,7 @@
import { JSONObject } from './types';
export declare function isDefined<T>(val: T | undefined): val is T;
export declare function isObject(value: unknown): value is JSONObject;
export declare function isStringArray(value: unknown): value is string[];
export declare function isObjectArray(value: unknown): value is JSONObject[];
export declare function isStringRecord(value: unknown): value is Record<string, string>;
export declare function isObjectRecord(value: unknown): value is Record<string, JSONObject>;

33
node_modules/@tufjs/models/dist/utils/guard.js generated vendored Normal file
View file

@ -0,0 +1,33 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.isObjectRecord = exports.isStringRecord = exports.isObjectArray = exports.isStringArray = exports.isObject = exports.isDefined = void 0;
function isDefined(val) {
return val !== undefined;
}
exports.isDefined = isDefined;
function isObject(value) {
return typeof value === 'object' && value !== null;
}
exports.isObject = isObject;
function isStringArray(value) {
return Array.isArray(value) && value.every((v) => typeof v === 'string');
}
exports.isStringArray = isStringArray;
function isObjectArray(value) {
return Array.isArray(value) && value.every(isObject);
}
exports.isObjectArray = isObjectArray;
function isStringRecord(value) {
return (typeof value === 'object' &&
value !== null &&
Object.keys(value).every((k) => typeof k === 'string') &&
Object.values(value).every((v) => typeof v === 'string'));
}
exports.isStringRecord = isStringRecord;
function isObjectRecord(value) {
return (typeof value === 'object' &&
value !== null &&
Object.keys(value).every((k) => typeof k === 'string') &&
Object.values(value).every((v) => typeof v === 'object' && v !== null));
}
exports.isObjectRecord = isObjectRecord;

3
node_modules/@tufjs/models/dist/utils/index.d.ts generated vendored Normal file
View file

@ -0,0 +1,3 @@
export * as guard from './guard';
export { JSONObject, JSONValue } from './types';
export * as crypto from './verify';

28
node_modules/@tufjs/models/dist/utils/index.js generated vendored Normal file
View file

@ -0,0 +1,28 @@
"use strict";
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
var desc = Object.getOwnPropertyDescriptor(m, k);
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
desc = { enumerable: true, get: function() { return m[k]; } };
}
Object.defineProperty(o, k2, desc);
}) : (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
o["default"] = v;
});
var __importStar = (this && this.__importStar) || function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
__setModuleDefault(result, mod);
return result;
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.crypto = exports.guard = void 0;
exports.guard = __importStar(require("./guard"));
exports.crypto = __importStar(require("./verify"));

9
node_modules/@tufjs/models/dist/utils/key.d.ts generated vendored Normal file
View file

@ -0,0 +1,9 @@
/// <reference types="node" />
import { VerifyKeyObjectInput } from 'crypto';
interface KeyInfo {
keyType: string;
scheme: string;
keyVal: string;
}
export declare function getPublicKey(keyInfo: KeyInfo): VerifyKeyObjectInput;
export {};

143
node_modules/@tufjs/models/dist/utils/key.js generated vendored Normal file
View file

@ -0,0 +1,143 @@
"use strict";
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.getPublicKey = void 0;
const crypto_1 = __importDefault(require("crypto"));
const error_1 = require("../error");
const oid_1 = require("./oid");
const ASN1_TAG_SEQUENCE = 0x30;
const ANS1_TAG_BIT_STRING = 0x03;
const NULL_BYTE = 0x00;
const OID_EDDSA = '1.3.101.112';
const OID_EC_PUBLIC_KEY = '1.2.840.10045.2.1';
const OID_EC_CURVE_P256V1 = '1.2.840.10045.3.1.7';
const PEM_HEADER = '-----BEGIN PUBLIC KEY-----';
function getPublicKey(keyInfo) {
switch (keyInfo.keyType) {
case 'rsa':
return getRSAPublicKey(keyInfo);
case 'ed25519':
return getED25519PublicKey(keyInfo);
case 'ecdsa':
case 'ecdsa-sha2-nistp256':
case 'ecdsa-sha2-nistp384':
return getECDCSAPublicKey(keyInfo);
default:
throw new error_1.UnsupportedAlgorithmError(`Unsupported key type: ${keyInfo.keyType}`);
}
}
exports.getPublicKey = getPublicKey;
function getRSAPublicKey(keyInfo) {
// Only support PEM-encoded RSA keys
if (!keyInfo.keyVal.startsWith(PEM_HEADER)) {
throw new error_1.CryptoError('Invalid key format');
}
const key = crypto_1.default.createPublicKey(keyInfo.keyVal);
switch (keyInfo.scheme) {
case 'rsassa-pss-sha256':
return {
key: key,
padding: crypto_1.default.constants.RSA_PKCS1_PSS_PADDING,
};
default:
throw new error_1.UnsupportedAlgorithmError(`Unsupported RSA scheme: ${keyInfo.scheme}`);
}
}
function getED25519PublicKey(keyInfo) {
let key;
// If key is already PEM-encoded we can just parse it
if (keyInfo.keyVal.startsWith(PEM_HEADER)) {
key = crypto_1.default.createPublicKey(keyInfo.keyVal);
}
else {
// If key is not PEM-encoded it had better be hex
if (!isHex(keyInfo.keyVal)) {
throw new error_1.CryptoError('Invalid key format');
}
key = crypto_1.default.createPublicKey({
key: ed25519.hexToDER(keyInfo.keyVal),
format: 'der',
type: 'spki',
});
}
return { key };
}
function getECDCSAPublicKey(keyInfo) {
let key;
// If key is already PEM-encoded we can just parse it
if (keyInfo.keyVal.startsWith(PEM_HEADER)) {
key = crypto_1.default.createPublicKey(keyInfo.keyVal);
}
else {
// If key is not PEM-encoded it had better be hex
if (!isHex(keyInfo.keyVal)) {
throw new error_1.CryptoError('Invalid key format');
}
key = crypto_1.default.createPublicKey({
key: ecdsa.hexToDER(keyInfo.keyVal),
format: 'der',
type: 'spki',
});
}
return { key };
}
const ed25519 = {
// Translates a hex key into a crypto KeyObject
// https://keygen.sh/blog/how-to-use-hexadecimal-ed25519-keys-in-node/
hexToDER: (hex) => {
const key = Buffer.from(hex, 'hex');
const oid = (0, oid_1.encodeOIDString)(OID_EDDSA);
// Create a byte sequence containing the OID and key
const elements = Buffer.concat([
Buffer.concat([
Buffer.from([ASN1_TAG_SEQUENCE]),
Buffer.from([oid.length]),
oid,
]),
Buffer.concat([
Buffer.from([ANS1_TAG_BIT_STRING]),
Buffer.from([key.length + 1]),
Buffer.from([NULL_BYTE]),
key,
]),
]);
// Wrap up by creating a sequence of elements
const der = Buffer.concat([
Buffer.from([ASN1_TAG_SEQUENCE]),
Buffer.from([elements.length]),
elements,
]);
return der;
},
};
const ecdsa = {
hexToDER: (hex) => {
const key = Buffer.from(hex, 'hex');
const bitString = Buffer.concat([
Buffer.from([ANS1_TAG_BIT_STRING]),
Buffer.from([key.length + 1]),
Buffer.from([NULL_BYTE]),
key,
]);
const oids = Buffer.concat([
(0, oid_1.encodeOIDString)(OID_EC_PUBLIC_KEY),
(0, oid_1.encodeOIDString)(OID_EC_CURVE_P256V1),
]);
const oidSequence = Buffer.concat([
Buffer.from([ASN1_TAG_SEQUENCE]),
Buffer.from([oids.length]),
oids,
]);
// Wrap up by creating a sequence of elements
const der = Buffer.concat([
Buffer.from([ASN1_TAG_SEQUENCE]),
Buffer.from([oidSequence.length + bitString.length]),
oidSequence,
bitString,
]);
return der;
},
};
const isHex = (key) => /^[0-9a-fA-F]+$/.test(key);

2
node_modules/@tufjs/models/dist/utils/oid.d.ts generated vendored Normal file
View file

@ -0,0 +1,2 @@
/// <reference types="node" />
export declare function encodeOIDString(oid: string): Buffer;

27
node_modules/@tufjs/models/dist/utils/oid.js generated vendored Normal file
View file

@ -0,0 +1,27 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.encodeOIDString = void 0;
const ANS1_TAG_OID = 0x06;
function encodeOIDString(oid) {
const parts = oid.split('.');
// The first two subidentifiers are encoded into the first byte
const first = parseInt(parts[0], 10) * 40 + parseInt(parts[1], 10);
const rest = [];
parts.slice(2).forEach((part) => {
const bytes = encodeVariableLengthInteger(parseInt(part, 10));
rest.push(...bytes);
});
const der = Buffer.from([first, ...rest]);
return Buffer.from([ANS1_TAG_OID, der.length, ...der]);
}
exports.encodeOIDString = encodeOIDString;
function encodeVariableLengthInteger(value) {
const bytes = [];
let mask = 0x00;
while (value > 0) {
bytes.unshift((value & 0x7f) | mask);
value >>= 7;
mask = 0x80;
}
return bytes;
}

4
node_modules/@tufjs/models/dist/utils/types.d.ts generated vendored Normal file
View file

@ -0,0 +1,4 @@
export type JSONObject = {
[key: string]: JSONValue;
};
export type JSONValue = null | boolean | number | string | JSONValue[] | JSONObject;

2
node_modules/@tufjs/models/dist/utils/types.js generated vendored Normal file
View file

@ -0,0 +1,2 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });

4
node_modules/@tufjs/models/dist/utils/verify.d.ts generated vendored Normal file
View file

@ -0,0 +1,4 @@
/// <reference types="node" />
import crypto from 'crypto';
import { JSONObject } from '../utils/types';
export declare const verifySignature: (metaDataSignedData: JSONObject, key: crypto.VerifyKeyObjectInput, signature: string) => boolean;

13
node_modules/@tufjs/models/dist/utils/verify.js generated vendored Normal file
View file

@ -0,0 +1,13 @@
"use strict";
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.verifySignature = void 0;
const canonical_json_1 = require("@tufjs/canonical-json");
const crypto_1 = __importDefault(require("crypto"));
const verifySignature = (metaDataSignedData, key, signature) => {
const canonicalData = Buffer.from((0, canonical_json_1.canonicalize)(metaDataSignedData));
return crypto_1.default.verify(undefined, canonicalData, key, Buffer.from(signature, 'hex'));
};
exports.verifySignature = verifySignature;