From be2ea0e3a52ad7d3ca6d157cf2d19d1adf54b89a Mon Sep 17 00:00:00 2001 From: Patrick Zheng Date: Wed, 27 Mar 2024 16:30:59 +0800 Subject: [PATCH] updated timestmap Signed-off-by: Patrick Zheng --- go.mod | 8 +++++--- go.sum | 8 ++++---- verifier/verifier.go | 8 ++++---- 3 files changed, 13 insertions(+), 11 deletions(-) diff --git a/go.mod b/go.mod index e8973f3f..2a08e992 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,8 @@ module github.com/notaryproject/notation-go -go 1.20 +go 1.21 + +toolchain go1.21.4 require ( github.com/go-ldap/ldap/v3 v3.4.6 @@ -25,6 +27,6 @@ require ( golang.org/x/sync v0.6.0 // indirect ) -replace github.com/notaryproject/notation-core-go => github.com/Two-Hearts/notation-core-go v0.0.0-20240322074029-e6537801a769 +replace github.com/notaryproject/notation-core-go => github.com/Two-Hearts/notation-core-go v0.0.0-20240327082239-e085696162b1 -replace github.com/notaryproject/tspclient-go => github.com/Two-Hearts/tspclient-go v0.0.0-20240322031047-c33159600668 +replace github.com/notaryproject/tspclient-go => github.com/Two-Hearts/tspclient-go v0.0.0-20240327080830-9d2a35b7f3f0 diff --git a/go.sum b/go.sum index 5b61fa77..e94cf25e 100644 --- a/go.sum +++ b/go.sum @@ -1,9 +1,9 @@ github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+s7s0MwaRv9igoPqLRdzOLzw/8Xvq8= github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU= -github.com/Two-Hearts/notation-core-go v0.0.0-20240322074029-e6537801a769 h1:IjW5HyuNFL1rW29o/dCFoO4J5kXGCrEMOwNTwPyd6fs= -github.com/Two-Hearts/notation-core-go v0.0.0-20240322074029-e6537801a769/go.mod h1:cYwg3vrJsiuSC3ID7bG4/q6spGYbBTIr2mqG3ePwrqQ= -github.com/Two-Hearts/tspclient-go v0.0.0-20240322031047-c33159600668 h1:DwEjNM07LP9yYT17LMWEgv4g0UnjmORuyX2aqUgnURE= -github.com/Two-Hearts/tspclient-go v0.0.0-20240322031047-c33159600668/go.mod h1:Pgt9nPf69t08eVXdxjcfxZalElbQocRuP1DGSKZDpMs= +github.com/Two-Hearts/notation-core-go v0.0.0-20240327082239-e085696162b1 h1:VFaRt48d2PQ97WY3u4sWWgWpIBHSzid6UjiJG+0Ydcw= +github.com/Two-Hearts/notation-core-go v0.0.0-20240327082239-e085696162b1/go.mod h1:GsHR/83xmdubOk+77PlzIilthZNt+qCY4I9BxMKXbxg= +github.com/Two-Hearts/tspclient-go v0.0.0-20240327080830-9d2a35b7f3f0 h1:EbUo6vzeco2sq3ipHCL7JtsgAwOXNiM7BRRRLVp2o3U= +github.com/Two-Hearts/tspclient-go v0.0.0-20240327080830-9d2a35b7f3f0/go.mod h1:LGyA/6Kwd2FlM0uk8Vc5il3j0CddbWSHBj/4kxQDbjs= github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74 h1:Kk6a4nehpJ3UuJRqlA3JxYxBZEqCeOmATOvrbT4p9RA= github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74/go.mod h1:cEWa1LVoE5KvSD9ONXsZrj0z6KqySlCCNKHlLzbqAt4= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= diff --git a/verifier/verifier.go b/verifier/verifier.go index 642ebefc..6e793ca0 100644 --- a/verifier/verifier.go +++ b/verifier/verifier.go @@ -570,7 +570,7 @@ func verifyAuthenticTimestamp(ctx context.Context, trustPolicy *trustpolicy.Trus opts := x509.VerifyOptions{ Roots: roots, } - // TODO: check revocation of cert chain + // TODO: validate and check revocation of cert chain if _, err := signedToken.Verify(ctx, opts); err != nil { return ¬ation.ValidationResult{ Error: err, @@ -586,15 +586,15 @@ func verifyAuthenticTimestamp(ctx context.Context, trustPolicy *trustpolicy.Trus Action: outcome.VerificationLevel.Enforcement[trustpolicy.TypeAuthenticTimestamp], } } - if err := info.VerifyContent(signerInfo.Signature); err != nil { + // validate and consume the timestamp + ts, accuracy, err := info.Timestamp(signerInfo.Signature) + if err != nil { return ¬ation.ValidationResult{ Error: err, Type: trustpolicy.TypeAuthenticTimestamp, Action: outcome.VerificationLevel.Enforcement[trustpolicy.TypeAuthenticTimestamp], } } - // consume the timestamp - ts, accuracy := info.Timestamp() timeStampLowerLimit := ts.Add(-accuracy) timeStampUpperLimit := ts.Add(accuracy) fmt.Printf("timestamp token time range: [%v, %v]\n", timeStampLowerLimit, timeStampUpperLimit)