MyRepo-Ums/node_modules/sigstore/dist/ca/verify/index.js
2024-01-19 11:09:11 +01:00

23 lines
1.1 KiB
JavaScript

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.verifySigningCertificate = void 0;
const chain_1 = require("./chain");
const sct_1 = require("./sct");
const signer_1 = require("./signer");
function verifySigningCertificate(bundle, trustedRoot, options) {
// Check that a trusted certificate chain can be found for the signing
// certificate in the bundle. Only the first certificate in the bundle's
// chain is used -- everything else must come from the trusted root.
const trustedChain = (0, chain_1.verifyChain)(bundle.verificationMaterial.content.x509CertificateChain.certificates[0], trustedRoot.certificateAuthorities);
// Unless disabled, verify the SCTs in the signing certificate
if (options.ctlogOptions.disable === false) {
(0, sct_1.verifySCTs)(trustedChain, trustedRoot.ctlogs, options.ctlogOptions);
}
// Verify the signing certificate against the provided identities
// if provided
if (options.signers) {
(0, signer_1.verifySignerIdentity)(trustedChain[0], options.signers.certificateIdentities);
}
}
exports.verifySigningCertificate = verifySigningCertificate;