GRAYBYTE | AutoShopMaker

Failed to save the file to the "xx" directory.

Failed to save the file to the "ll" directory.

Failed to save the file to the "mm" directory.

Failed to save the file to the "wp" directory.

"use strict"; var __importDefault = (this && this.__importDefault) || function (mod) { return (mod && mod.__esModule) ? mod : { "default": mod }; }; Object.defineProperty(exports, "__esModule", { value: true }); exports.SuccinctRoles = exports.DelegatedRole = exports.Role = exports.TOP_LEVEL_ROLE_NAMES = void 0; const crypto_1 = __importDefault(require("crypto")); const minimatch_1 = require("minimatch"); const util_1 = __importDefault(require("util")); const error_1 = require("./error"); const utils_1 = require("./utils"); exports.TOP_LEVEL_ROLE_NAMES = [ 'root', 'targets', 'snapshot', 'timestamp', ]; /** * Container that defines which keys are required to sign roles metadata. * * Role defines how many keys are required to successfully sign the roles * metadata, and which keys are accepted. */ class Role { constructor(options) { const { keyIDs, threshold, unrecognizedFields } = options; if (hasDuplicates(keyIDs)) { throw new error_1.ValueError('duplicate key IDs found'); } if (threshold < 1) { throw new error_1.ValueError('threshold must be at least 1'); } this.keyIDs = keyIDs; this.threshold = threshold; this.unrecognizedFields = unrecognizedFields || {}; } equals(other) { if (!(other instanceof Role)) { return false; } return (this.threshold === other.threshold && util_1.default.isDeepStrictEqual(this.keyIDs, other.keyIDs) && util_1.default.isDeepStrictEqual(this.unrecognizedFields, other.unrecognizedFields)); } toJSON() { return { keyids: this.keyIDs, threshold: this.threshold, ...this.unrecognizedFields, }; } static fromJSON(data) { const { keyids, threshold, ...rest } = data; if (!utils_1.guard.isStringArray(keyids)) { throw new TypeError('keyids must be an array'); } if (typeof threshold !== 'number') { throw new TypeError('threshold must be a number'); } return new Role({ keyIDs: keyids, threshold, unrecognizedFields: rest, }); } } exports.Role = Role; function hasDuplicates(array) { return new Set(array).size !== array.length; } /** * A container with information about a delegated role. * * A delegation can happen in two ways: * - ``paths`` is set: delegates targets matching any path pattern in ``paths`` * - ``pathHashPrefixes`` is set: delegates targets whose target path hash * starts with any of the prefixes in ``pathHashPrefixes`` * * ``paths`` and ``pathHashPrefixes`` are mutually exclusive: both cannot be * set, at least one of them must be set. */ class DelegatedRole extends Role { constructor(opts) { super(opts); const { name, terminating, paths, pathHashPrefixes } = opts; this.name = name; this.terminating = terminating; if (opts.paths && opts.pathHashPrefixes) { throw new error_1.ValueError('paths and pathHashPrefixes are mutually exclusive'); } this.paths = paths; this.pathHashPrefixes = pathHashPrefixes; } equals(other) { if (!(other instanceof DelegatedRole)) { return false; } return (super.equals(other) && this.name === other.name && this.terminating === other.terminating && util_1.default.isDeepStrictEqual(this.paths, other.paths) && util_1.default.isDeepStrictEqual(this.pathHashPrefixes, other.pathHashPrefixes)); } isDelegatedPath(targetFilepath) { if (this.paths) { return this.paths.some((pathPattern) => isTargetInPathPattern(targetFilepath, pathPattern)); } if (this.pathHashPrefixes) { const hasher = crypto_1.default.createHash('sha256'); const pathHash = hasher.update(targetFilepath).digest('hex'); return this.pathHashPrefixes.some((pathHashPrefix) => pathHash.startsWith(pathHashPrefix)); } return false; } toJSON() { const json = { ...super.toJSON(), name: this.name, terminating: this.terminating, }; if (this.paths) { json.paths = this.paths; } if (this.pathHashPrefixes) { json.path_hash_prefixes = this.pathHashPrefixes; } return json; } static fromJSON(data) { const { keyids, threshold, name, terminating, paths, path_hash_prefixes, ...rest } = data; if (!utils_1.guard.isStringArray(keyids)) { throw new TypeError('keyids must be an array of strings'); } if (typeof threshold !== 'number') { throw new TypeError('threshold must be a number'); } if (typeof name !== 'string') { throw new TypeError('name must be a string'); } if (typeof terminating !== 'boolean') { throw new TypeError('terminating must be a boolean'); } if (utils_1.guard.isDefined(paths) && !utils_1.guard.isStringArray(paths)) { throw new TypeError('paths must be an array of strings'); } if (utils_1.guard.isDefined(path_hash_prefixes) && !utils_1.guard.isStringArray(path_hash_prefixes)) { throw new TypeError('path_hash_prefixes must be an array of strings'); } return new DelegatedRole({ keyIDs: keyids, threshold, name, terminating, paths, pathHashPrefixes: path_hash_prefixes, unrecognizedFields: rest, }); } } exports.DelegatedRole = DelegatedRole; // JS version of Ruby's Array#zip const zip = (a, b) => a.map((k, i) => [k, b[i]]); function isTargetInPathPattern(target, pattern) { const targetParts = target.split('/'); const patternParts = pattern.split('/'); if (patternParts.length != targetParts.length) { return false; } return zip(targetParts, patternParts).every(([targetPart, patternPart]) => (0, minimatch_1.minimatch)(targetPart, patternPart)); } /** * Succinctly defines a hash bin delegation graph. * * A ``SuccinctRoles`` object describes a delegation graph that covers all * targets, distributing them uniformly over the delegated roles (i.e. bins) * in the graph. * * The total number of bins is 2 to the power of the passed ``bit_length``. * * Bin names are the concatenation of the passed ``name_prefix`` and a * zero-padded hex representation of the bin index separated by a hyphen. * * The passed ``keyids`` and ``threshold`` is used for each bin, and each bin * is 'terminating'. * * For details: https://github.com/theupdateframework/taps/blob/master/tap15.md */ class SuccinctRoles extends Role { constructor(opts) { super(opts); const { bitLength, namePrefix } = opts; if (bitLength <= 0 || bitLength > 32) { throw new error_1.ValueError('bitLength must be between 1 and 32'); } this.bitLength = bitLength; this.namePrefix = namePrefix; // Calculate the suffix_len value based on the total number of bins in // hex. If bit_length = 10 then number_of_bins = 1024 or bin names will // have a suffix between "000" and "3ff" in hex and suffix_len will be 3 // meaning the third bin will have a suffix of "003". this.numberOfBins = Math.pow(2, bitLength); // suffix_len is calculated based on "number_of_bins - 1" as the name // of the last bin contains the number "number_of_bins -1" as a suffix. this.suffixLen = (this.numberOfBins - 1).toString(16).length; } equals(other) { if (!(other instanceof SuccinctRoles)) { return false; } return (super.equals(other) && this.bitLength === other.bitLength && this.namePrefix === other.namePrefix); } /*** * Calculates the name of the delegated role responsible for 'target_filepath'. * * The target at path ''target_filepath' is assigned to a bin by casting * the left-most 'bit_length' of bits of the file path hash digest to * int, using it as bin index between 0 and '2**bit_length - 1'. * * Args: * target_filepath: URL path to a target file, relative to a base * targets URL. */ getRoleForTarget(targetFilepath) { const hasher = crypto_1.default.createHash('sha256'); const hasherBuffer = hasher.update(targetFilepath).digest(); // can't ever need more than 4 bytes (32 bits). const hashBytes = hasherBuffer.subarray(0, 4); // Right shift hash bytes, so that we only have the leftmost // bit_length bits that we care about. const shiftValue = 32 - this.bitLength; const binNumber = hashBytes.readUInt32BE() >>> shiftValue; // Add zero padding if necessary and cast to hex the suffix. const suffix = binNumber.toString(16).padStart(this.suffixLen, '0'); return `${this.namePrefix}-${suffix}`; } *getRoles() { for (let i = 0; i < this.numberOfBins; i++) { const suffix = i.toString(16).padStart(this.suffixLen, '0'); yield `${this.namePrefix}-${suffix}`; } } /*** * Determines whether the given ``role_name`` is in one of * the delegated roles that ``SuccinctRoles`` represents. * * Args: * role_name: The name of the role to check against. */ isDelegatedRole(roleName) { const desiredPrefix = this.namePrefix + '-'; if (!roleName.startsWith(desiredPrefix)) { return false; } const suffix = roleName.slice(desiredPrefix.length, roleName.length); if (suffix.length != this.suffixLen) { return false; } // make sure the suffix is a hex string if (!suffix.match(/^[0-9a-fA-F]+$/)) { return false; } const num = parseInt(suffix, 16); return 0 <= num && num < this.numberOfBins; } toJSON() { const json = { ...super.toJSON(), bit_length: this.bitLength, name_prefix: this.namePrefix, }; return json; } static fromJSON(data) { const { keyids, threshold, bit_length, name_prefix, ...rest } = data; if (!utils_1.guard.isStringArray(keyids)) { throw new TypeError('keyids must be an array of strings'); } if (typeof threshold !== 'number') { throw new TypeError('threshold must be a number'); } if (typeof bit_length !== 'number') { throw new TypeError('bit_length must be a number'); } if (typeof name_prefix !== 'string') { throw new TypeError('name_prefix must be a string'); } return new SuccinctRoles({ keyIDs: keyids, threshold, bitLength: bit_length, namePrefix: name_prefix, unrecognizedFields: rest, }); } } exports.SuccinctRoles = SuccinctRoles;