实现示例type RoleMeta = { role: 'root' | 'targets' | 'snapshot' | 'timestamp'; sigs: number; threshold: number; expires: number; created: number } function within(created: number, expires: number, now: number, leewaySec: number): boolean { if (expires <= created) return false; return now + leewaySec * 1000 >= created && now - leewaySec * 1000 <= expires } function validRole(r: RoleMeta): boolean { return r.sigs >= r.threshold && within(r.created, r.expires, Date.now(), 60) } function gate(list: RoleMeta[]): { ok: boolean; errors: string[] } { const errors: string[] = []; const roles = new Set(list.map(x => x.role)); for (const req of ['root','targets','snapshot','timestamp'] as const) if (!roles.has(req)) errors.push(`missing:${req}`); for (const r of list) if (!validRole(r)) errors.push(`role:${r.role}`); return { ok: errors.length === 0, errors } } 审计与发布治理记录角色、阈值与时间窗口;不合规阻断并输出修复建议。根元数据变更需审批与归档。
投稿
微信公众账号
微信扫一扫加关注
评论 返回
顶部
发表评论 取消回复