Class: Sigstore::TUF::Role

Inherits:

Object

• Object
• Sigstore::TUF::Role

Includes:

Loggable

Defined in:

lib/sigstore/tuf/roles.rb

Instance Attribute Summary

• #keys ⇒ Object readonly

  Returns the value of attribute keys.

• #name ⇒ Object readonly

  Returns the value of attribute name.

• #paths ⇒ Object readonly

  Returns the value of attribute paths.

• #threshold ⇒ Object readonly

  Returns the value of attribute threshold.

Instance Method Summary

• #initialize(data, keys) ⇒ Role constructor

  A new instance of Role.

• #terminating? ⇒ Boolean
• #verify_delegate(type, bytes, signatures) ⇒ Object

Methods included from Loggable

included, #logger

Constructor Details

#initialize(data, keys) ⇒ Role

Returns a new instance of Role.

# File 'lib/sigstore/tuf/roles.rb', line 66

def initialize(data, keys)
  @name = data.fetch("name")
  @paths = data.fetch("paths")
  @threshold = data.fetch("threshold")
  @keys = data.fetch("keyids").to_h { |key_id| [key_id, keys.fetch(key_id)] }
  @terminating = data.fetch("terminating", false)
end

Instance Attribute Details

#keys ⇒ Object (readonly)

Returns the value of attribute keys.

# File 'lib/sigstore/tuf/roles.rb', line 64

def keys
  @keys
end

#name ⇒ Object (readonly)

Returns the value of attribute name.

# File 'lib/sigstore/tuf/roles.rb', line 64

def name
  @name
end

#paths ⇒ Object (readonly)

Returns the value of attribute paths.

# File 'lib/sigstore/tuf/roles.rb', line 64

def paths
  @paths
end

#threshold ⇒ Object (readonly)

Returns the value of attribute threshold.

# File 'lib/sigstore/tuf/roles.rb', line 64

def threshold
  @threshold
end

Instance Method Details

#terminating? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/sigstore/tuf/roles.rb', line 74

def terminating?
  @terminating
end

#verify_delegate(type, bytes, signatures) ⇒ Object

Raises:

• (Error::TooFewSignatures)

# File 'lib/sigstore/tuf/roles.rb', line 78

def verify_delegate(type, bytes, signatures)
  if (duplicate_keys = signatures.map { |sig| sig.fetch("keyid") }.tally.select { |_, count| count > 1 }).any?
    raise Error::DuplicateKeys, "Duplicate keys found in signatures: #{duplicate_keys.inspect}"
  end

  count = signatures.count do |signature|
    key_id = signature.fetch("keyid")
    unless @keys.include?(key_id)
      logger.warn "Unknown key_id=#{key_id.inspect} in signatures for #{type}"
      next
    end

    key = @keys.fetch(key_id)
    signature_bytes = [signature.fetch("sig")].pack("H*")
    verified = key.verify("sha256", signature_bytes, bytes)

    logger.debug do
      "key_id=#{key_id.inspect} type=#{type} verified=#{verified}"
    end
    verified
  end

  return unless count < @threshold

  raise Error::TooFewSignatures,
        "Not enough signatures: found #{count} out of threshold=#{@threshold} for #{type}"
end