Merge branch 'main' into bdehamer/signature-content-sig

sigstore · Jan 3, 2024 · 2edd99f · 2edd99f
2 parents df5e7d6 + 922a1be
commit 2edd99f
Show file tree

Hide file tree

Showing 9 changed files with 171 additions and 270 deletions.
diff --git a/.changeset/spicy-kiwis-scream.md b/.changeset/spicy-kiwis-scream.md
@@ -0,0 +1,5 @@
+---
+"@sigstore/mock": patch
+---
+
+Bump jose from 5.1.3 to 5.2.0
diff --git a/.changeset/tasty-years-sneeze.md b/.changeset/tasty-years-sneeze.md
@@ -0,0 +1,5 @@
+---
+"@sigstore/cli": patch
+---
+
+Bump openid-client from 5.6.1 to 5.6.2
diff --git a/.changeset/tough-adults-sing.md b/.changeset/tough-adults-sing.md
@@ -0,0 +1,5 @@
+---
+"@sigstore/core": patch
+---
+
+Ensure the `isCA` value for the `X509BasicConstraintsExtension` defaults to `false` if no other value is present
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -19,9 +19,9 @@
     "@total-typescript/shoehorn": "^0.1.1",
     "@tsconfig/node16": "^16.1.1",
     "@types/jest": "^29.5.11",
-    "@types/node": "^20.10.5",
-    "@typescript-eslint/eslint-plugin": "^6.16.0",
-    "@typescript-eslint/parser": "^6.16.0",
+    "@types/node": "^20.10.6",
+    "@typescript-eslint/eslint-plugin": "^6.17.0",
+    "@typescript-eslint/parser": "^6.17.0",
     "eslint": "^8.56.0",
     "eslint-config-prettier": "^9.1.0",
     "eslint-plugin-prettier": "^5.1.2",

diff --git a/packages/cli/package.json b/packages/cli/package.json
@@ -36,7 +36,7 @@
     "@oclif/core": "^3",
     "@oclif/plugin-help": "^6",
     "open": "^8.4.2",
-    "openid-client": "^5.6.1",
+    "openid-client": "^5.6.2",
     "sigstore": "^2.1.0"
   },
   "devDependencies": {

diff --git a/packages/core/src/__tests__/x509/ext.test.ts b/packages/core/src/__tests__/x509/ext.test.ts
@@ -103,6 +103,21 @@ describe('x509BasicConstraintsExtension', () => {
         expect(subject.isCA).toBe(true);
       });
     });
+
+    describe('when the extension contains no value for the CA', () => {
+      // Extension w/ NO isCA value specified
+      const basicConstraintsExtension = Buffer.from(
+        '300C0603551D130101FF04023000',
+        'hex'
+      );
+      const subject = new X509BasicConstraintsExtension(
+        ASN1Obj.parseBuffer(basicConstraintsExtension)
+      );
+
+      it('returns false', () => {
+        expect(subject.isCA).toBe(false);
+      });
+    });
   });
 
   describe('#pathLenConstraint', () => {

diff --git a/packages/core/src/x509/ext.ts b/packages/core/src/x509/ext.ts
@@ -52,7 +52,7 @@ export class X509Extension {
 // https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.9
 export class X509BasicConstraintsExtension extends X509Extension {
   get isCA(): boolean {
-    return this.sequence.subs[0].toBoolean();
+    return this.sequence.subs[0]?.toBoolean() ?? false;
   }
 
   get pathLenConstraint(): bigint | undefined {

diff --git a/packages/mock/package.json b/packages/mock/package.json
@@ -36,7 +36,7 @@
     "asn1js": "^3.0.5",
     "bytestreamjs": "^2.0.1",
     "canonicalize": "^2.0.0",
-    "jose": "^5.1.3",
+    "jose": "^5.2.0",
     "nock": "^13.4.0",
     "pkijs": "^3.0.15",
     "pvutils": "^1.1.3"