deps: sigstore@2.1.0

Author: lukekarrys

node_modules/@sigstore/bundle/dist/build.js

@@ -21,7 +21,7 @@ const bundle_1 = require("./bundle");
 // Message signature bundle - $case: 'messageSignature'
 function toMessageSignatureBundle(options) {
     return {
-        mediaType: bundle_1.BUNDLE_V01_MEDIA_TYPE,
+        mediaType: bundle_1.BUNDLE_V02_MEDIA_TYPE,
         content: {
             $case: 'messageSignature',
             messageSignature: {
@@ -39,7 +39,7 @@ exports.toMessageSignatureBundle = toMessageSignatureBundle;
 // DSSE envelope bundle - $case: 'dsseEnvelope'
 function toDSSEBundle(options) {
     return {
-        mediaType: bundle_1.BUNDLE_V01_MEDIA_TYPE,
+        mediaType: bundle_1.BUNDLE_V02_MEDIA_TYPE,
         content: {
             $case: 'dsseEnvelope',
             dsseEnvelope: toEnvelope(options),

node_modules/@sigstore/bundle/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sigstore/bundle",
-  "version": "2.0.0",
+  "version": "2.1.0",
   "description": "Sigstore bundle type",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

node_modules/@sigstore/sign/dist/error.js

@@ -1,6 +1,22 @@
 "use strict";
+/*
+Copyright 2023 The Sigstore Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.InternalError = void 0;
+exports.internalError = exports.InternalError = void 0;
+const error_1 = require("./external/error");
 class InternalError extends Error {
     constructor({ code, message, cause, }) {
         super(message);
@@ -10,3 +26,14 @@ class InternalError extends Error {
     }
 }
 exports.InternalError = InternalError;
+function internalError(err, code, message) {
+    if (err instanceof error_1.HTTPError) {
+        message += ` - ${err.message}`;
+    }
+    throw new InternalError({
+        code: code,
+        message: message,
+        cause: err,
+    });
+}
+exports.internalError = internalError;

node_modules/@sigstore/sign/dist/external/error.js

@@ -2,20 +2,37 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.checkStatus = exports.HTTPError = void 0;
 class HTTPError extends Error {
-    constructor(response) {
-        super(`HTTP Error: ${response.status} ${response.statusText}`);
-        this.response = response;
-        this.statusCode = response.status;
-        this.location = response.headers?.get('Location') || undefined;
+    constructor({ status, message, location, }) {
+        super(`(${status}) ${message}`);
+        this.statusCode = status;
+        this.location = location;
     }
 }
 exports.HTTPError = HTTPError;
-const checkStatus = (response) => {
+const checkStatus = async (response) => {
     if (response.ok) {
         return response;
     }
     else {
-        throw new HTTPError(response);
+        let message = response.statusText;
+        const location = response.headers?.get('Location') || undefined;
+        const contentType = response.headers?.get('Content-Type');
+        // If response type is JSON, try to parse the body for a message
+        if (contentType?.includes('application/json')) {
+            try {
+                await response.json().then((body) => {
+                    message = body.message;
+                });
+            }
+            catch (e) {
+                // ignore
+            }
+        }
+        throw new HTTPError({
+            status: response.status,
+            message: message,
+            location: location,
+        });
     }
 };
 exports.checkStatus = checkStatus;

node_modules/@sigstore/sign/dist/external/fulcio.js

@@ -43,7 +43,7 @@ class Fulcio {
             method: 'POST',
             body: JSON.stringify(request),
         });
-        (0, error_1.checkStatus)(response);
+        await (0, error_1.checkStatus)(response);
         const data = await response.json();
         return data;
     }

node_modules/@sigstore/sign/dist/external/rekor.js

@@ -49,7 +49,7 @@ class Rekor {
             headers: { 'Content-Type': 'application/json' },
             body: JSON.stringify(propsedEntry),
         });
-        (0, error_1.checkStatus)(response);
+        await (0, error_1.checkStatus)(response);
         const data = await response.json();
         return entryFromResponse(data);
     }
@@ -61,7 +61,7 @@ class Rekor {
     async getEntry(uuid) {
         const url = `${this.baseUrl}/api/v1/log/entries/${uuid}`;
         const response = await this.fetch(url);
-        (0, error_1.checkStatus)(response);
+        await (0, error_1.checkStatus)(response);
         const data = await response.json();
         return entryFromResponse(data);
     }
@@ -77,7 +77,7 @@ class Rekor {
             body: JSON.stringify(opts),
             headers: { 'Content-Type': 'application/json' },
         });
-        (0, error_1.checkStatus)(response);
+        await (0, error_1.checkStatus)(response);
         const data = await response.json();
         return data;
     }
@@ -93,7 +93,7 @@ class Rekor {
             body: JSON.stringify(opts),
             headers: { 'Content-Type': 'application/json' },
         });
-        (0, error_1.checkStatus)(response);
+        await (0, error_1.checkStatus)(response);
         const rawData = await response.json();
         const data = rawData.map((d) => entryFromResponse(d));
         return data;

node_modules/@sigstore/sign/dist/external/tsa.js

@@ -40,7 +40,7 @@ class TimestampAuthority {
             method: 'POST',
             body: JSON.stringify(request),
         });
-        (0, error_1.checkStatus)(response);
+        await (0, error_1.checkStatus)(response);
         return response.buffer();
     }
 }

node_modules/@sigstore/sign/dist/index.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.TSAWitness = exports.RekorWitness = exports.FulcioSigner = exports.CIContextProvider = exports.InternalError = exports.MessageSignatureBundleBuilder = exports.DSSEBundleBuilder = void 0;
+exports.TSAWitness = exports.RekorWitness = exports.DEFAULT_REKOR_URL = exports.FulcioSigner = exports.DEFAULT_FULCIO_URL = exports.CIContextProvider = exports.InternalError = exports.MessageSignatureBundleBuilder = exports.DSSEBundleBuilder = void 0;
 var bundler_1 = require("./bundler");
 Object.defineProperty(exports, "DSSEBundleBuilder", { enumerable: true, get: function () { return bundler_1.DSSEBundleBuilder; } });
 Object.defineProperty(exports, "MessageSignatureBundleBuilder", { enumerable: true, get: function () { return bundler_1.MessageSignatureBundleBuilder; } });
@@ -9,7 +9,9 @@ Object.defineProperty(exports, "InternalError", { enumerable: true, get: functio
 var identity_1 = require("./identity");
 Object.defineProperty(exports, "CIContextProvider", { enumerable: true, get: function () { return identity_1.CIContextProvider; } });
 var signer_1 = require("./signer");
+Object.defineProperty(exports, "DEFAULT_FULCIO_URL", { enumerable: true, get: function () { return signer_1.DEFAULT_FULCIO_URL; } });
 Object.defineProperty(exports, "FulcioSigner", { enumerable: true, get: function () { return signer_1.FulcioSigner; } });
 var witness_1 = require("./witness");
+Object.defineProperty(exports, "DEFAULT_REKOR_URL", { enumerable: true, get: function () { return witness_1.DEFAULT_REKOR_URL; } });
 Object.defineProperty(exports, "RekorWitness", { enumerable: true, get: function () { return witness_1.RekorWitness; } });
 Object.defineProperty(exports, "TSAWitness", { enumerable: true, get: function () { return witness_1.TSAWitness; } });

node_modules/@sigstore/sign/dist/signer/fulcio/ca.js

@@ -39,11 +39,7 @@ class CAClient {
             return cert.chain.certificates;
         }
         catch (err) {
-            throw new error_1.InternalError({
-                code: 'CA_CREATE_SIGNING_CERTIFICATE_ERROR',
-                message: 'error creating signing certificate',
-                cause: err,
-            });
+            (0, error_1.internalError)(err, 'CA_CREATE_SIGNING_CERTIFICATE_ERROR', 'error creating signing certificate');
         }
     }
 }

node_modules/@sigstore/sign/dist/signer/fulcio/index.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.FulcioSigner = void 0;
+exports.FulcioSigner = exports.DEFAULT_FULCIO_URL = void 0;
 /*
 Copyright 2023 The Sigstore Authors.
 
@@ -20,21 +20,35 @@ const error_1 = require("../../error");
 const util_1 = require("../../util");
 const ca_1 = require("./ca");
 const ephemeral_1 = require("./ephemeral");
+exports.DEFAULT_FULCIO_URL = 'https://fulcio.sigstore.dev';
 // Signer implementation which can be used to decorate another signer
 // with a Fulcio-issued signing certificate for the signer's public key.
 // Must be instantiated with an identity provider which can provide a JWT
 // which represents the identity to be bound to the signing certificate.
 class FulcioSigner {
     constructor(options) {
-        this.ca = new ca_1.CAClient(options);
+        this.ca = new ca_1.CAClient({
+            ...options,
+            fulcioBaseURL: options.fulcioBaseURL || /* istanbul ignore next */ exports.DEFAULT_FULCIO_URL,
+        });
         this.identityProvider = options.identityProvider;
         this.keyHolder = options.keyHolder || new ephemeral_1.EphemeralSigner();
     }
     async sign(data) {
         // Retrieve identity token from the supplied identity provider
         const identityToken = await this.getIdentityToken();
         // Extract challenge claim from OIDC token
-        const subject = util_1.oidc.extractJWTSubject(identityToken);
+        let subject;
+        try {
+            subject = util_1.oidc.extractJWTSubject(identityToken);
+        }
+        catch (err) {
+            throw new error_1.InternalError({
+                code: 'IDENTITY_TOKEN_PARSE_ERROR',
+                message: `invalid identity token: ${identityToken}`,
+                cause: err,
+            });
+        }
         // Construct challenge value by signing the subject claim
         const challenge = await this.keyHolder.sign(Buffer.from(subject));
         if (challenge.key.$case !== 'publicKey') {

node_modules/@sigstore/sign/dist/signer/index.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.FulcioSigner = void 0;
+exports.FulcioSigner = exports.DEFAULT_FULCIO_URL = void 0;
 /*
 Copyright 2023 The Sigstore Authors.
 
@@ -17,4 +17,5 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 var fulcio_1 = require("./fulcio");
+Object.defineProperty(exports, "DEFAULT_FULCIO_URL", { enumerable: true, get: function () { return fulcio_1.DEFAULT_FULCIO_URL; } });
 Object.defineProperty(exports, "FulcioSigner", { enumerable: true, get: function () { return fulcio_1.FulcioSigner; } });

node_modules/@sigstore/sign/dist/witness/index.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.TSAWitness = exports.RekorWitness = void 0;
+exports.TSAWitness = exports.RekorWitness = exports.DEFAULT_REKOR_URL = void 0;
 /*
 Copyright 2023 The Sigstore Authors.
 
@@ -17,6 +17,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 var tlog_1 = require("./tlog");
+Object.defineProperty(exports, "DEFAULT_REKOR_URL", { enumerable: true, get: function () { return tlog_1.DEFAULT_REKOR_URL; } });
 Object.defineProperty(exports, "RekorWitness", { enumerable: true, get: function () { return tlog_1.RekorWitness; } });
 var tsa_1 = require("./tsa");
 Object.defineProperty(exports, "TSAWitness", { enumerable: true, get: function () { return tsa_1.TSAWitness; } });

node_modules/@sigstore/sign/dist/witness/tlog/client.js

@@ -43,19 +43,11 @@ class TLogClient {
                     entry = await this.rekor.getEntry(uuid);
                 }
                 catch (err) {
-                    throw new error_1.InternalError({
-                        code: 'TLOG_FETCH_ENTRY_ERROR',
-                        message: 'error fetching tlog entry',
-                        cause: err,
-                    });
+                    (0, error_1.internalError)(err, 'TLOG_FETCH_ENTRY_ERROR', 'error fetching tlog entry');
                 }
             }
             else {
-                throw new error_1.InternalError({
-                    code: 'TLOG_CREATE_ENTRY_ERROR',
-                    message: 'error creating tlog entry',
-                    cause: err,
-                });
+                (0, error_1.internalError)(err, 'TLOG_CREATE_ENTRY_ERROR', 'error creating tlog entry');
             }
         }
         return entry;

node_modules/@sigstore/sign/dist/witness/tlog/index.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.RekorWitness = void 0;
+exports.RekorWitness = exports.DEFAULT_REKOR_URL = void 0;
 /*
 Copyright 2023 The Sigstore Authors.
 
@@ -19,9 +19,13 @@ limitations under the License.
 const util_1 = require("../../util");
 const client_1 = require("./client");
 const entry_1 = require("./entry");
+exports.DEFAULT_REKOR_URL = 'https://rekor.sigstore.dev';
 class RekorWitness {
     constructor(options) {
-        this.tlog = new client_1.TLogClient(options);
+        this.tlog = new client_1.TLogClient({
+            ...options,
+            rekorBaseURL: options.rekorBaseURL || /* istanbul ignore next */ exports.DEFAULT_REKOR_URL,
+        });
     }
     async testify(content, publicKey) {
         const proposedEntry = (0, entry_1.toProposedEntry)(content, publicKey);

node_modules/@sigstore/sign/dist/witness/tsa/client.js

@@ -36,11 +36,7 @@ class TSAClient {
             return await this.tsa.createTimestamp(request);
         }
         catch (err) {
-            throw new error_1.InternalError({
-                code: 'TSA_CREATE_TIMESTAMP_ERROR',
-                message: 'error creating timestamp',
-                cause: err,
-            });
+            (0, error_1.internalError)(err, 'TSA_CREATE_TIMESTAMP_ERROR', 'error creating timestamp');
         }
     }
 }

node_modules/@sigstore/sign/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sigstore/sign",
-  "version": "2.0.0",
+  "version": "2.1.0",
   "description": "Sigstore signing library",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -27,12 +27,12 @@
   },
   "devDependencies": {
     "@sigstore/jest": "^0.0.0",
-    "@sigstore/mock": "^0.3.0",
+    "@sigstore/mock": "^0.4.0",
     "@sigstore/rekor-types": "^2.0.0",
     "@types/make-fetch-happen": "^10.0.0"
   },
   "dependencies": {
-    "@sigstore/bundle": "^2.0.0",
+    "@sigstore/bundle": "^2.1.0",
     "@sigstore/protobuf-specs": "^0.2.1",
     "make-fetch-happen": "^13.0.0"
   },

node_modules/sigstore/dist/config.js

@@ -23,7 +23,7 @@ var __importStar = (this && this.__importStar) || function (mod) {
     return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.artifactVerificationOptions = exports.createBundleBuilder = exports.DEFAULT_TIMEOUT = exports.DEFAULT_RETRY = exports.DEFAULT_REKOR_URL = exports.DEFAULT_FULCIO_URL = void 0;
+exports.artifactVerificationOptions = exports.createBundleBuilder = exports.DEFAULT_TIMEOUT = exports.DEFAULT_RETRY = void 0;
 /*
 Copyright 2023 The Sigstore Authors.
 
@@ -41,8 +41,6 @@ limitations under the License.
 */
 const sign_1 = require("@sigstore/sign");
 const sigstore = __importStar(require("./types/sigstore"));
-exports.DEFAULT_FULCIO_URL = 'https://fulcio.sigstore.dev';
-exports.DEFAULT_REKOR_URL = 'https://rekor.sigstore.dev';
 exports.DEFAULT_RETRY = { retries: 2 };
 exports.DEFAULT_TIMEOUT = 5000;
 function createBundleBuilder(bundleType, options) {
@@ -61,7 +59,7 @@ exports.createBundleBuilder = createBundleBuilder;
 // Instantiate the FulcioSigner based on the supplied options.
 function initSigner(options) {
     return new sign_1.FulcioSigner({
-        fulcioBaseURL: options.fulcioURL || exports.DEFAULT_FULCIO_URL,
+        fulcioBaseURL: options.fulcioURL,
         identityProvider: options.identityProvider || initIdentityProvider(options),
         retry: options.retry ?? exports.DEFAULT_RETRY,
         timeout: options.timeout ?? exports.DEFAULT_TIMEOUT,
@@ -84,7 +82,7 @@ function initWitnesses(options) {
     const witnesses = [];
     if (isRekorEnabled(options)) {
         witnesses.push(new sign_1.RekorWitness({
-            rekorBaseURL: options.rekorURL || exports.DEFAULT_REKOR_URL,
+            rekorBaseURL: options.rekorURL,
             fetchOnConflict: false,
             retry: options.retry ?? exports.DEFAULT_RETRY,
             timeout: options.timeout ?? exports.DEFAULT_TIMEOUT,