实现示例type Asset = { name: string; sha256: string; url: string } type Sig = { alg: 'RS256'; kid: string; b64: string; created: number; expires: number } function hex64(h: string): boolean { return /^[A-Fa-f0-9]{64}$/.test(h) } function b64(s: string): boolean { return /^[A-Za-z0-9+/=]+$/.test(s) } function within(created: number, expires: number, now: number, leewaySec: number): boolean { if (expires <= created) return false; return now + leewaySec * 1000 >= created && now - leewaySec * 1000 <= expires } function evaluate(a: Asset, s: Sig, now: number): { ok: boolean; errors: string[] } { const errors: string[] = [] if (!a.name || !hex64(a.sha256) || !/^https:\/\//.test(a.url)) errors.push('asset') if (s.alg !== 'RS256' || !s.kid || !b64(s.b64)) errors.push('sig') if (!within(s.created, s.expires, now, 60)) errors.push('time') return { ok: errors.length === 0, errors } } 审计与发布治理审计资产摘要与签名、时间窗口;异常阻断并回退到最近可信版本。变更需审批与归档。
投稿
微信公众账号
微信扫一扫加关注
评论 返回
顶部
发表评论 取消回复