File Explorer

/proc/self/root/proc/1/task/1/root/node24/lib/node_modules/npm/node_modules/tuf-js/dist
This explorer reads the filesystem of the server it runs on, so /workspace/user isn't present here. Browsing and the terminal still work against this server's own disk from /.
1 dir
6 files
store.js11.0 KB · 220 lines
1"use strict";2Object.defineProperty(exports, "__esModule", { value: true });3exports.TrustedMetadataStore = void 0;4const models_1 = require("@tufjs/models");5const error_1 = require("./error");6class TrustedMetadataStore {7    trustedSet = {};8    referenceTime;9    constructor(rootData) {10        // Client workflow 5.1: record fixed update start time11        this.referenceTime = new Date();12        // Client workflow 5.2: load trusted root metadata13        this.loadTrustedRoot(rootData);14    }15    get root() {16        if (!this.trustedSet.root) {17            throw new ReferenceError('No trusted root metadata');18        }19        return this.trustedSet.root;20    }21    get timestamp() {22        return this.trustedSet.timestamp;23    }24    get snapshot() {25        return this.trustedSet.snapshot;26    }27    get targets() {28        return this.trustedSet.targets;29    }30    getRole(name) {31        return this.trustedSet[name];32    }33    updateRoot(bytesBuffer) {34        // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment35        const data = JSON.parse(bytesBuffer.toString('utf8'));36        // eslint-disable-next-line @typescript-eslint/no-unsafe-argument37        const newRoot = models_1.Metadata.fromJSON(models_1.MetadataKind.Root, data);38        if (newRoot.signed.type != models_1.MetadataKind.Root) {39            throw new error_1.RepositoryError(`Expected 'root', got ${newRoot.signed.type}`);40        }41        // Client workflow 5.4: check for arbitrary software attack42        this.root.verifyDelegate(models_1.MetadataKind.Root, newRoot);43        // Client workflow 5.5: check for rollback attack44        if (newRoot.signed.version != this.root.signed.version + 1) {45            throw new error_1.BadVersionError(`Expected version ${this.root.signed.version + 1}, got ${newRoot.signed.version}`);46        }47        // Check that new root is signed by self48        newRoot.verifyDelegate(models_1.MetadataKind.Root, newRoot);49        // Client workflow 5.7: set new root as trusted root50        this.trustedSet.root = newRoot;51        return newRoot;52    }53    updateTimestamp(bytesBuffer) {54        if (this.snapshot) {55            throw new error_1.RuntimeError('Cannot update timestamp after snapshot');56        }57        if (this.root.signed.isExpired(this.referenceTime)) {58            throw new error_1.ExpiredMetadataError('Final root.json is expired');59        }60        // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment61        const data = JSON.parse(bytesBuffer.toString('utf8'));62        // eslint-disable-next-line @typescript-eslint/no-unsafe-argument63        const newTimestamp = models_1.Metadata.fromJSON(models_1.MetadataKind.Timestamp, data);64        if (newTimestamp.signed.type != models_1.MetadataKind.Timestamp) {65            throw new error_1.RepositoryError(`Expected 'timestamp', got ${newTimestamp.signed.type}`);66        }67        // Client workflow 5.4.2: check for arbitrary software attack68        this.root.verifyDelegate(models_1.MetadataKind.Timestamp, newTimestamp);69        if (this.timestamp) {70            // Prevent rolling back timestamp version71            // Client workflow 5.4.3.1: check for rollback attack72            if (newTimestamp.signed.version < this.timestamp.signed.version) {73                throw new error_1.BadVersionError(`New timestamp version ${newTimestamp.signed.version} is less than current version ${this.timestamp.signed.version}`);74            }75            //  Keep using old timestamp if versions are equal.76            if (newTimestamp.signed.version === this.timestamp.signed.version) {77                throw new error_1.EqualVersionError(`New timestamp version ${newTimestamp.signed.version} is equal to current version ${this.timestamp.signed.version}`);78            }79            // Prevent rolling back snapshot version80            // Client workflow 5.4.3.2: check for rollback attack81            const snapshotMeta = this.timestamp.signed.snapshotMeta;82            const newSnapshotMeta = newTimestamp.signed.snapshotMeta;83            if (newSnapshotMeta.version < snapshotMeta.version) {84                throw new error_1.BadVersionError(`New snapshot version ${newSnapshotMeta.version} is less than current version ${snapshotMeta.version}`);85            }86        }87        // expiry not checked to allow old timestamp to be used for rollback88        // protection of new timestamp: expiry is checked in update_snapshot89        this.trustedSet.timestamp = newTimestamp;90        // Client workflow 5.4.4: check for freeze attack91        this.checkFinalTimestamp();92        return newTimestamp;93    }94    updateSnapshot(bytesBuffer, trusted = false) {95        if (!this.timestamp) {96            throw new error_1.RuntimeError('Cannot update snapshot before timestamp');97        }98        if (this.targets) {99            throw new error_1.RuntimeError('Cannot update snapshot after targets');100        }101        // Snapshot cannot be loaded if final timestamp is expired102        this.checkFinalTimestamp();103        const snapshotMeta = this.timestamp.signed.snapshotMeta;104        // Verify non-trusted data against the hashes in timestamp, if any.105        // Trusted snapshot data has already been verified once.106        // Client workflow 5.5.2: check against timestamp role's snaphsot hash107        if (!trusted) {108            snapshotMeta.verify(bytesBuffer);109        }110        // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment111        const data = JSON.parse(bytesBuffer.toString('utf8'));112        // eslint-disable-next-line @typescript-eslint/no-unsafe-argument113        const newSnapshot = models_1.Metadata.fromJSON(models_1.MetadataKind.Snapshot, data);114        if (newSnapshot.signed.type != models_1.MetadataKind.Snapshot) {115            throw new error_1.RepositoryError(`Expected 'snapshot', got ${newSnapshot.signed.type}`);116        }117        // Client workflow 5.5.3: check for arbitrary software attack118        this.root.verifyDelegate(models_1.MetadataKind.Snapshot, newSnapshot);119        // version check against meta version (5.5.4) is deferred to allow old120        // snapshot to be used in rollback protection121        // Client workflow 5.5.5: check for rollback attack122        if (this.snapshot) {123            Object.entries(this.snapshot.signed.meta).forEach(([fileName, fileInfo]) => {124                const newFileInfo = newSnapshot.signed.meta[fileName];125                if (!newFileInfo) {126                    throw new error_1.RepositoryError(`Missing file ${fileName} in new snapshot`);127                }128                if (newFileInfo.version < fileInfo.version) {129                    throw new error_1.BadVersionError(`New version ${newFileInfo.version} of ${fileName} is less than current version ${fileInfo.version}`);130                }131            });132        }133        this.trustedSet.snapshot = newSnapshot;134        // snapshot is loaded, but we raise if it's not valid _final_ snapshot135        // Client workflow 5.5.4 & 5.5.6136        this.checkFinalSnapsnot();137        return newSnapshot;138    }139    updateDelegatedTargets(bytesBuffer, roleName, delegatorName) {140        if (!this.snapshot) {141            throw new error_1.RuntimeError('Cannot update delegated targets before snapshot');142        }143        // Targets cannot be loaded if final snapshot is expired or its version144        // does not match meta version in timestamp.145        this.checkFinalSnapsnot();146        const delegator = this.trustedSet[delegatorName];147        if (!delegator) {148            throw new error_1.RuntimeError(`No trusted ${delegatorName} metadata`);149        }150        // Extract metadata for the delegated role from snapshot151        const meta = this.snapshot.signed.meta?.[`${roleName}.json`];152        if (!meta) {153            throw new error_1.RepositoryError(`Missing ${roleName}.json in snapshot`);154        }155        // Client workflow 5.6.2: check against snapshot role's targets hash156        meta.verify(bytesBuffer);157        // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment158        const data = JSON.parse(bytesBuffer.toString('utf8'));159        // eslint-disable-next-line @typescript-eslint/no-unsafe-argument160        const newDelegate = models_1.Metadata.fromJSON(models_1.MetadataKind.Targets, data);161        if (newDelegate.signed.type != models_1.MetadataKind.Targets) {162            throw new error_1.RepositoryError(`Expected 'targets', got ${newDelegate.signed.type}`);163        }164        // Client workflow 5.6.3: check for arbitrary software attack165        delegator.verifyDelegate(roleName, newDelegate);166        // Client workflow 5.6.4: Check against snapshot role’s targets version167        const version = newDelegate.signed.version;168        if (version != meta.version) {169            throw new error_1.BadVersionError(`Version ${version} of ${roleName} does not match snapshot version ${meta.version}`);170        }171        // Client workflow 5.6.5: check for a freeze attack172        if (newDelegate.signed.isExpired(this.referenceTime)) {173            throw new error_1.ExpiredMetadataError(`${roleName}.json is expired`);174        }175        this.trustedSet[roleName] = newDelegate;176    }177    // Verifies and loads data as trusted root metadata.178    // Note that an expired initial root is still considered valid.179    loadTrustedRoot(bytesBuffer) {180        // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment181        const data = JSON.parse(bytesBuffer.toString('utf8'));182        // eslint-disable-next-line @typescript-eslint/no-unsafe-argument183        const root = models_1.Metadata.fromJSON(models_1.MetadataKind.Root, data);184        if (root.signed.type != models_1.MetadataKind.Root) {185            throw new error_1.RepositoryError(`Expected 'root', got ${root.signed.type}`);186        }187        root.verifyDelegate(models_1.MetadataKind.Root, root);188        this.trustedSet['root'] = root;189    }190    checkFinalTimestamp() {191        // Timestamp MUST be loaded192        if (!this.timestamp) {193            throw new ReferenceError('No trusted timestamp metadata');194        }195        // Client workflow 5.4.4: check for freeze attack196        if (this.timestamp.signed.isExpired(this.referenceTime)) {197            throw new error_1.ExpiredMetadataError('Final timestamp.json is expired');198        }199    }200    checkFinalSnapsnot() {201        // Snapshot and timestamp MUST be loaded202        if (!this.snapshot) {203            throw new ReferenceError('No trusted snapshot metadata');204        }205        if (!this.timestamp) {206            throw new ReferenceError('No trusted timestamp metadata');207        }208        // Client workflow 5.5.6: check for freeze attack209        if (this.snapshot.signed.isExpired(this.referenceTime)) {210            throw new error_1.ExpiredMetadataError('snapshot.json is expired');211        }212        // Client workflow 5.5.4: check against timestamp role’s snapshot version213        const snapshotMeta = this.timestamp.signed.snapshotMeta;214        if (this.snapshot.signed.version !== snapshotMeta.version) {215            throw new error_1.BadVersionError("Snapshot version doesn't match timestamp");216        }217    }218}219exports.TrustedMetadataStore = TrustedMetadataStore;220