deps: @sigstore/sign@2.3.1

DEPENDENCIES.md

@@ -737,6 +737,8 @@ graph LR;
   sigstore-->sigstore-verify["@sigstore/verify"];
   sigstore-bundle-->sigstore-protobuf-specs["@sigstore/protobuf-specs"];
   sigstore-sign-->make-fetch-happen;
+  sigstore-sign-->proc-log;
+  sigstore-sign-->promise-retry;
   sigstore-sign-->sigstore-bundle["@sigstore/bundle"];
   sigstore-sign-->sigstore-core["@sigstore/core"];
   sigstore-sign-->sigstore-protobuf-specs["@sigstore/protobuf-specs"];

node_modules/@sigstore/sign/dist/external/error.js

@@ -1,6 +1,21 @@
 "use strict";
+/*
+Copyright 2023 The Sigstore Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.checkStatus = exports.HTTPError = void 0;
+exports.HTTPError = void 0;
 class HTTPError extends Error {
     constructor({ status, message, location, }) {
         super(`(${status}) ${message}`);
@@ -9,30 +24,3 @@ class HTTPError extends Error {
     }
 }
 exports.HTTPError = HTTPError;
-const checkStatus = async (response) => {
-    if (response.ok) {
-        return response;
-    }
-    else {
-        let message = response.statusText;
-        const location = response.headers?.get('Location') || undefined;
-        const contentType = response.headers?.get('Content-Type');
-        // If response type is JSON, try to parse the body for a message
-        if (contentType?.includes('application/json')) {
-            try {
-                await response.json().then((body) => {
-                    message = body.message;
-                });
-            }
-            catch (e) {
-                // ignore
-            }
-        }
-        throw new HTTPError({
-            status: response.status,
-            message: message,
-            location: location,
-        });
-    }
-};
-exports.checkStatus = checkStatus;

node_modules/@sigstore/sign/dist/external/fetch.js

@@ -0,0 +1,99 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.fetchWithRetry = void 0;
+/*
+Copyright 2023 The Sigstore Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+const http2_1 = require("http2");
+const make_fetch_happen_1 = __importDefault(require("make-fetch-happen"));
+const proc_log_1 = require("proc-log");
+const promise_retry_1 = __importDefault(require("promise-retry"));
+const util_1 = require("../util");
+const error_1 = require("./error");
+const { HTTP2_HEADER_LOCATION, HTTP2_HEADER_CONTENT_TYPE, HTTP2_HEADER_USER_AGENT, HTTP_STATUS_INTERNAL_SERVER_ERROR, HTTP_STATUS_TOO_MANY_REQUESTS, HTTP_STATUS_REQUEST_TIMEOUT, } = http2_1.constants;
+async function fetchWithRetry(url, options) {
+    return (0, promise_retry_1.default)(async (retry, attemptNum) => {
+        const method = options.method || 'POST';
+        const headers = {
+            [HTTP2_HEADER_USER_AGENT]: util_1.ua.getUserAgent(),
+            ...options.headers,
+        };
+        const response = await (0, make_fetch_happen_1.default)(url, {
+            method,
+            headers,
+            body: options.body,
+            timeout: options.timeout,
+            retry: false, // We're handling retries ourselves
+        }).catch((reason) => {
+            proc_log_1.log.http('fetch', `${method} ${url} attempt ${attemptNum} failed with ${reason}`);
+            return retry(reason);
+        });
+        if (response.ok) {
+            return response;
+        }
+        else {
+            const error = await errorFromResponse(response);
+            proc_log_1.log.http('fetch', `${method} ${url} attempt ${attemptNum} failed with ${response.status}`);
+            if (retryable(response.status)) {
+                return retry(error);
+            }
+            else {
+                throw error;
+            }
+        }
+    }, retryOpts(options.retry));
+}
+exports.fetchWithRetry = fetchWithRetry;
+// Translate a Response into an HTTPError instance. This will attempt to parse
+// the response body for a message, but will default to the statusText if none
+// is found.
+const errorFromResponse = async (response) => {
+    let message = response.statusText;
+    const location = response.headers?.get(HTTP2_HEADER_LOCATION) || undefined;
+    const contentType = response.headers?.get(HTTP2_HEADER_CONTENT_TYPE);
+    // If response type is JSON, try to parse the body for a message
+    if (contentType?.includes('application/json')) {
+        try {
+            const body = await response.json();
+            message = body.message || message;
+        }
+        catch (e) {
+            // ignore
+        }
+    }
+    return new error_1.HTTPError({
+        status: response.status,
+        message: message,
+        location: location,
+    });
+};
+// Determine if a status code is retryable. This includes 5xx errors, 408, and
+// 429.
+const retryable = (status) => [HTTP_STATUS_REQUEST_TIMEOUT, HTTP_STATUS_TOO_MANY_REQUESTS].includes(status) || status >= HTTP_STATUS_INTERNAL_SERVER_ERROR;
+// Normalize the retry options to the format expected by promise-retry
+const retryOpts = (retry) => {
+    if (typeof retry === 'boolean') {
+        return { retries: retry ? 1 : 0 };
+    }
+    else if (typeof retry === 'number') {
+        return { retries: retry };
+    }
+    else {
+        return { retries: 0, ...retry };
+    }
+};

node_modules/@sigstore/sign/dist/external/fulcio.js

@@ -1,7 +1,4 @@
 "use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.Fulcio = void 0;
 /*
@@ -19,33 +16,26 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
-const make_fetch_happen_1 = __importDefault(require("make-fetch-happen"));
-const util_1 = require("../util");
-const error_1 = require("./error");
+const fetch_1 = require("./fetch");
 /**
  * Fulcio API client.
  */
 class Fulcio {
     constructor(options) {
-        this.fetch = make_fetch_happen_1.default.defaults({
-            retry: options.retry,
-            timeout: options.timeout,
+        this.options = options;
+    }
+    async createSigningCertificate(request) {
+        const { baseURL, retry, timeout } = this.options;
+        const url = `${baseURL}/api/v2/signingCert`;
+        const response = await (0, fetch_1.fetchWithRetry)(url, {
             headers: {
                 'Content-Type': 'application/json',
-                'User-Agent': util_1.ua.getUserAgent(),
             },
-        });
-        this.baseUrl = options.baseURL;
-    }
-    async createSigningCertificate(request) {
-        const url = `${this.baseUrl}/api/v2/signingCert`;
-        const response = await this.fetch(url, {
-            method: 'POST',
             body: JSON.stringify(request),
+            timeout,
+            retry,
         });
-        await (0, error_1.checkStatus)(response);
-        const data = await response.json();
-        return data;
+        return response.json();
     }
 }
 exports.Fulcio = Fulcio;

node_modules/@sigstore/sign/dist/external/rekor.js

@@ -1,7 +1,4 @@
 "use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.Rekor = void 0;
 /*
@@ -19,37 +16,31 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
-const make_fetch_happen_1 = __importDefault(require("make-fetch-happen"));
-const util_1 = require("../util");
-const error_1 = require("./error");
+const fetch_1 = require("./fetch");
 /**
  * Rekor API client.
  */
 class Rekor {
     constructor(options) {
-        this.fetch = make_fetch_happen_1.default.defaults({
-            retry: options.retry,
-            timeout: options.timeout,
-            headers: {
-                Accept: 'application/json',
-                'User-Agent': util_1.ua.getUserAgent(),
-            },
-        });
-        this.baseUrl = options.baseURL;
+        this.options = options;
     }
     /**
      * Create a new entry in the Rekor log.
      * @param propsedEntry {ProposedEntry} Data to create a new entry
      * @returns {Promise<Entry>} The created entry
      */
     async createEntry(propsedEntry) {
-        const url = `${this.baseUrl}/api/v1/log/entries`;
-        const response = await this.fetch(url, {
-            method: 'POST',
-            headers: { 'Content-Type': 'application/json' },
+        const { baseURL, timeout, retry } = this.options;
+        const url = `${baseURL}/api/v1/log/entries`;
+        const response = await (0, fetch_1.fetchWithRetry)(url, {
+            headers: {
+                'Content-Type': 'application/json',
+                Accept: 'application/json',
+            },
             body: JSON.stringify(propsedEntry),
+            timeout,
+            retry,
         });
-        await (0, error_1.checkStatus)(response);
         const data = await response.json();
         return entryFromResponse(data);
     }
@@ -59,44 +50,18 @@ class Rekor {
      * @returns {Promise<Entry>} The retrieved entry
      */
     async getEntry(uuid) {
-        const url = `${this.baseUrl}/api/v1/log/entries/${uuid}`;
-        const response = await this.fetch(url);
-        await (0, error_1.checkStatus)(response);
-        const data = await response.json();
-        return entryFromResponse(data);
-    }
-    /**
-     * Search the Rekor log index for entries matching the given query.
-     * @param opts {SearchIndex} Options to search the Rekor log
-     * @returns {Promise<string[]>} UUIDs of matching entries
-     */
-    async searchIndex(opts) {
-        const url = `${this.baseUrl}/api/v1/index/retrieve`;
-        const response = await this.fetch(url, {
-            method: 'POST',
-            body: JSON.stringify(opts),
-            headers: { 'Content-Type': 'application/json' },
+        const { baseURL, timeout, retry } = this.options;
+        const url = `${baseURL}/api/v1/log/entries/${uuid}`;
+        const response = await (0, fetch_1.fetchWithRetry)(url, {
+            method: 'GET',
+            headers: {
+                Accept: 'application/json',
+            },
+            timeout,
+            retry,
         });
-        await (0, error_1.checkStatus)(response);
         const data = await response.json();
-        return data;
-    }
-    /**
-     * Search the Rekor logs for matching the given query.
-     * @param opts {SearchLogQuery} Query to search the Rekor log
-     * @returns {Promise<Entry[]>} List of matching entries
-     */
-    async searchLog(opts) {
-        const url = `${this.baseUrl}/api/v1/log/entries/retrieve`;
-        const response = await this.fetch(url, {
-            method: 'POST',
-            body: JSON.stringify(opts),
-            headers: { 'Content-Type': 'application/json' },
-        });
-        await (0, error_1.checkStatus)(response);
-        const rawData = await response.json();
-        const data = rawData.map((d) => entryFromResponse(d));
-        return data;
+        return entryFromResponse(data);
     }
 }
 exports.Rekor = Rekor;

node_modules/@sigstore/sign/dist/external/tsa.js

@@ -1,7 +1,4 @@
 "use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.TimestampAuthority = void 0;
 /*
@@ -19,28 +16,22 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
-const make_fetch_happen_1 = __importDefault(require("make-fetch-happen"));
-const util_1 = require("../util");
-const error_1 = require("./error");
+const fetch_1 = require("./fetch");
 class TimestampAuthority {
     constructor(options) {
-        this.fetch = make_fetch_happen_1.default.defaults({
-            retry: options.retry,
-            timeout: options.timeout,
+        this.options = options;
+    }
+    async createTimestamp(request) {
+        const { baseURL, timeout, retry } = this.options;
+        const url = `${baseURL}/api/v1/timestamp`;
+        const response = await (0, fetch_1.fetchWithRetry)(url, {
             headers: {
                 'Content-Type': 'application/json',
-                'User-Agent': util_1.ua.getUserAgent(),
             },
-        });
-        this.baseUrl = options.baseURL;
-    }
-    async createTimestamp(request) {
-        const url = `${this.baseUrl}/api/v1/timestamp`;
-        const response = await this.fetch(url, {
-            method: 'POST',
             body: JSON.stringify(request),
+            timeout,
+            retry,
         });
-        await (0, error_1.checkStatus)(response);
         return response.buffer();
     }
 }