Skip to content

Commit

Permalink
updated tsa root cert pool
Browse files Browse the repository at this point in the history
Signed-off-by: Patrick Zheng <[email protected]>
  • Loading branch information
Two-Hearts committed Jun 24, 2024
1 parent d5f6868 commit 329760b
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 7 deletions.
6 changes: 5 additions & 1 deletion notation.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ package notation
import (
"context"
"crypto/sha256"
"crypto/x509"
"encoding/hex"
"encoding/json"
"errors"
Expand Down Expand Up @@ -62,8 +63,11 @@ type SignerSignOptions struct {
// SigningAgent sets the signing agent name
SigningAgent string

// TSA denotes the TSA server URL
// TSAServerURL denotes the TSA server URL
TSAServerURL string

// TSARootCertificate denotes the TSA trust anchor
TSARootCertificate *x509.Certificate
}

// Signer is a generic interface for signing an OCI artifact.
Expand Down
12 changes: 6 additions & 6 deletions signer/signer.go
Original file line number Diff line number Diff line change
Expand Up @@ -118,11 +118,12 @@ func (s *GenericSigner) Sign(ctx context.Context, desc ocispec.Descriptor, opts
ContentType: envelope.MediaTypePayloadV1,
Content: payloadBytes,
},
Signer: s.signer,
SigningTime: time.Now(),
SigningScheme: signature.SigningSchemeX509,
SigningAgent: signingAgentId,
TSAServerURL: opts.TSAServerURL,
Signer: s.signer,
SigningTime: time.Now(),
SigningScheme: signature.SigningSchemeX509,
SigningAgent: signingAgentId,
TSAServerURL: opts.TSAServerURL,
TSARootCertificate: opts.TSARootCertificate,
}

// Add expiry only if ExpiryDuration is not zero
Expand All @@ -137,7 +138,6 @@ func (s *GenericSigner) Sign(ctx context.Context, desc ocispec.Descriptor, opts
logger.Debugf(" SigningScheme: %v", signReq.SigningScheme)
logger.Debugf(" SigningAgent: %v", signReq.SigningAgent)
logger.Debugf(" TSAServerURL: %v", signReq.TSAServerURL)
logger.Debugf(" TSARootCertificate Subject: %v", signReq.TSARootCertificate.Subject)

// perform signing
sigEnv, err := signature.NewEnvelope(opts.SignatureMediaType)
Expand Down

0 comments on commit 329760b

Please sign in to comment.