From d8f19cfde887c089cbc32aa4de3bb37ecc818743 Mon Sep 17 00:00:00 2001 From: Patrick Zheng Date: Tue, 4 Jun 2024 16:50:03 +0800 Subject: [PATCH] updated timestamping Signed-off-by: Patrick Zheng --- verifier/verifier.go | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/verifier/verifier.go b/verifier/verifier.go index 8ac2919a..8a3668b2 100644 --- a/verifier/verifier.go +++ b/verifier/verifier.go @@ -521,7 +521,7 @@ func verifyAuthenticTimestamp(ctx context.Context, trustPolicy *trustpolicy.Trus // under signing scheme notary.x509 if signerInfo := outcome.EnvelopeContent.SignerInfo; signerInfo.SignedAttributes.SigningScheme == signature.SigningSchemeX509 { - logger.Info("under signing scheme notary.x509...") + logger.Info("Under signing scheme notary.x509...") performTimestampVerification := true timeStampLowerLimit := time.Now() timeStampUpperLimit := timeStampLowerLimit @@ -666,7 +666,7 @@ func verifyAuthenticTimestamp(ctx context.Context, trustPolicy *trustpolicy.Trus finalResult, problematicCertSubject := revocationFinalResult(certResults, tsaCertChain, logger) switch finalResult { case revocationresult.ResultOK: - logger.Debug("no verification impacting errors encountered while checking timestamping certificate chain revocation, status is OK") + logger.Debug("No verification impacting errors encountered while checking timestamping certificate chain revocation, status is OK") case revocationresult.ResultRevoked: return ¬ation.ValidationResult{ Error: fmt.Errorf("timestamping certificate with subject %q is revoked", problematicCertSubject), @@ -683,7 +683,7 @@ func verifyAuthenticTimestamp(ctx context.Context, trustPolicy *trustpolicy.Trus } // 5. Check the timestamp against the signing certificate chain logger.Info("Checking the timestamp against the signing certificate chain...") - logger.Infof("timestamp range: [%v, %v]", timeStampLowerLimit, timeStampUpperLimit) + logger.Infof("Timestamp range: [%v, %v]", timeStampLowerLimit, timeStampUpperLimit) for _, cert := range signerInfo.CertificateChain { if timeStampLowerLimit.Before(cert.NotBefore) { return ¬ation.ValidationResult{ @@ -702,7 +702,7 @@ func verifyAuthenticTimestamp(ctx context.Context, trustPolicy *trustpolicy.Trus } } else if signerInfo.SignedAttributes.SigningScheme == signature.SigningSchemeX509SigningAuthority { // under signing scheme notary.x509.signingAuthority - logger.Info("under signing scheme notary.x509.signingAuthority...") + logger.Info("Under signing scheme notary.x509.signingAuthority...") authenticSigningTime := signerInfo.SignedAttributes.SigningTime for _, cert := range signerInfo.CertificateChain { if authenticSigningTime.Before(cert.NotBefore) || authenticSigningTime.After(cert.NotAfter) { @@ -733,12 +733,12 @@ func verifyRevocation(outcome *notation.VerificationOutcome, r revocation.Revoca authenticSigningTime, err := outcome.EnvelopeContent.SignerInfo.AuthenticSigningTime() if err != nil { - logger.Debugf("not using authentic signing time due to error retrieving AuthenticSigningTime, err: %v", err) + logger.Debugf("Not using authentic signing time due to error retrieving AuthenticSigningTime, err: %v", err) authenticSigningTime = time.Time{} } certResults, err := r.Validate(outcome.EnvelopeContent.SignerInfo.CertificateChain, authenticSigningTime) if err != nil { - logger.Debug("error while checking revocation status, err: %s", err.Error()) + logger.Debug("Error while checking revocation status, err: %s", err.Error()) return ¬ation.ValidationResult{ Type: trustpolicy.TypeRevocation, Action: outcome.VerificationLevel.Enforcement[trustpolicy.TypeRevocation], @@ -753,7 +753,7 @@ func verifyRevocation(outcome *notation.VerificationOutcome, r revocation.Revoca finalResult, problematicCertSubject := revocationFinalResult(certResults, outcome.EnvelopeContent.SignerInfo.CertificateChain, logger) switch finalResult { case revocationresult.ResultOK: - logger.Debug("no verification impacting errors encountered while checking revocation, status is OK") + logger.Debug("No verification impacting errors encountered while checking revocation, status is OK") case revocationresult.ResultRevoked: result.Error = fmt.Errorf("signing certificate with subject %q is revoked", problematicCertSubject) default: @@ -774,7 +774,7 @@ func revocationFinalResult(certResults []*revocationresult.CertRevocationResult, var revokedCertSubject string for i := len(certResults) - 1; i >= 0; i-- { if len(certResults[i].ServerResults) > 0 && certResults[i].ServerResults[0].Error != nil { - logger.Debugf("error for certificate #%d in chain with subject %v for server %q: %v", (i + 1), certChain[i].Subject.String(), certResults[i].ServerResults[0].Server, certResults[i].ServerResults[0].Error) + logger.Debugf("Error for certificate #%d in chain with subject %v for server %q: %v", (i + 1), certChain[i].Subject.String(), certResults[i].ServerResults[0].Server, certResults[i].ServerResults[0].Error) } if certResults[i].Result == revocationresult.ResultOK || certResults[i].Result == revocationresult.ResultNonRevokable {