diff --git a/go.mod b/go.mod index 61e27ab5..af1edd8f 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ require ( github.com/go-ldap/ldap/v3 v3.4.8 github.com/notaryproject/notation-core-go v1.0.4-0.20240708015912-faac9b7f3f10 github.com/notaryproject/notation-plugin-framework-go v1.0.0 - github.com/notaryproject/tspclient-go v0.1.0 + github.com/notaryproject/tspclient-go v0.1.1-0.20240715235637-df25ef8d2172 github.com/opencontainers/go-digest v1.0.0 github.com/opencontainers/image-spec v1.1.0 github.com/veraison/go-cose v1.1.0 diff --git a/go.sum b/go.sum index de10e43d..eab4a3af 100644 --- a/go.sum +++ b/go.sum @@ -36,8 +36,8 @@ github.com/notaryproject/notation-core-go v1.0.4-0.20240708015912-faac9b7f3f10 h github.com/notaryproject/notation-core-go v1.0.4-0.20240708015912-faac9b7f3f10/go.mod h1:6DN+zUYRhXx7swFMVSrai5J+7jqyuOCru1q9G+SbFno= github.com/notaryproject/notation-plugin-framework-go v1.0.0 h1:6Qzr7DGXoCgXEQN+1gTZWuJAZvxh3p8Lryjn5FaLzi4= github.com/notaryproject/notation-plugin-framework-go v1.0.0/go.mod h1:RqWSrTOtEASCrGOEffq0n8pSg2KOgKYiWqFWczRSics= -github.com/notaryproject/tspclient-go v0.1.0 h1:kmtQuN32iwBAizOhPr+NZsxCErydoGcrfQy1ppJi5Vo= -github.com/notaryproject/tspclient-go v0.1.0/go.mod h1:LGyA/6Kwd2FlM0uk8Vc5il3j0CddbWSHBj/4kxQDbjs= +github.com/notaryproject/tspclient-go v0.1.1-0.20240715235637-df25ef8d2172 h1:Q8UsmeFMzyFuMMq4dlbIRJUi7khEKXKUe2H2Hm3W92Y= +github.com/notaryproject/tspclient-go v0.1.1-0.20240715235637-df25ef8d2172/go.mod h1:LGyA/6Kwd2FlM0uk8Vc5il3j0CddbWSHBj/4kxQDbjs= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug= diff --git a/verifier/verifier.go b/verifier/verifier.go index 4eeca168..eea10eb2 100644 --- a/verifier/verifier.go +++ b/verifier/verifier.go @@ -335,7 +335,7 @@ func (v *verifier) Verify(ctx context.Context, desc ocispec.Descriptor, signatur } if !content.Equal(payload.TargetArtifact, desc) { - logger.Infof("payload.TargetArtifact in signature: %+v", payload.TargetArtifact) + logger.Infof("Target artifact in signature payload: %+v", payload.TargetArtifact) logger.Infof("Target artifact that want to be verified: %+v", desc) outcome.Error = errors.New("content descriptor mismatch") } @@ -1007,7 +1007,7 @@ func verifyTimestamp(ctx context.Context, policyName string, trustStores []strin // 4. Check the timestamp against the signing certificate chain logger.Debug("Checking the timestamp against the signing certificate chain...") - logger.Debugf("Timestamp range: [%v, %v]", timestamp.Value.Add(-timestamp.Accuracy), timestamp.Value.Add(timestamp.Accuracy)) + logger.Debugf("Timestamp range: %s", timestamp.Format(time.RFC3339)) for _, cert := range signerInfo.CertificateChain { if !timestamp.BoundedAfter(cert.NotBefore) { return fmt.Errorf("timestamp can be before certificate %q validity period, it will be valid from %q", cert.Subject, cert.NotBefore.Format(time.RFC1123Z))