Skip to content

Commit

Permalink
added tsa ocsp check
Browse files Browse the repository at this point in the history
Signed-off-by: Patrick Zheng <[email protected]>
  • Loading branch information
Two-Hearts committed Apr 8, 2024
1 parent 53ee15c commit e5aaefe
Show file tree
Hide file tree
Showing 3 changed files with 4 additions and 12 deletions.
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,6 @@ require (
golang.org/x/sync v0.6.0 // indirect
)

replace github.com/notaryproject/notation-core-go => github.com/Two-Hearts/notation-core-go v0.0.0-20240408053347-db08071e1dba
replace github.com/notaryproject/notation-core-go => github.com/Two-Hearts/notation-core-go v0.0.0-20240408061121-8c59a124c1ff

replace github.com/notaryproject/tspclient-go => github.com/Two-Hearts/tspclient-go v0.0.0-20240327080830-9d2a35b7f3f0
4 changes: 2 additions & 2 deletions go.sum
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+s7s0MwaRv9igoPqLRdzOLzw/8Xvq8=
github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU=
github.com/Two-Hearts/notation-core-go v0.0.0-20240408053347-db08071e1dba h1:NkrPabtr/MVAsD2NZVkJGkbvnOjoG6wCQPvXIPluyqw=
github.com/Two-Hearts/notation-core-go v0.0.0-20240408053347-db08071e1dba/go.mod h1:GsHR/83xmdubOk+77PlzIilthZNt+qCY4I9BxMKXbxg=
github.com/Two-Hearts/notation-core-go v0.0.0-20240408061121-8c59a124c1ff h1:FiCD0T10oRjvO3ADmrkpaiYBZA1U91SfYEK8UTDqDbQ=
github.com/Two-Hearts/notation-core-go v0.0.0-20240408061121-8c59a124c1ff/go.mod h1:GsHR/83xmdubOk+77PlzIilthZNt+qCY4I9BxMKXbxg=
github.com/Two-Hearts/tspclient-go v0.0.0-20240327080830-9d2a35b7f3f0 h1:EbUo6vzeco2sq3ipHCL7JtsgAwOXNiM7BRRRLVp2o3U=
github.com/Two-Hearts/tspclient-go v0.0.0-20240327080830-9d2a35b7f3f0/go.mod h1:LGyA/6Kwd2FlM0uk8Vc5il3j0CddbWSHBj/4kxQDbjs=
github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74 h1:Kk6a4nehpJ3UuJRqlA3JxYxBZEqCeOmATOvrbT4p9RA=
Expand Down
10 changes: 1 addition & 9 deletions verifier/verifier.go
Original file line number Diff line number Diff line change
Expand Up @@ -612,15 +612,7 @@ func verifyAuthenticTimestamp(ctx context.Context, trustPolicy *trustpolicy.Trus
timeStampUpperLimit := ts.Add(accuracy)
fmt.Printf("timestamp token time range: [%v, %v]\n", timeStampLowerLimit, timeStampUpperLimit)
// TSA certificate chain revocation check
revocationClient, err := revocation.New(&http.Client{Timeout: 2 * time.Second})
if err != nil {
return &notation.ValidationResult{
Error: err,
Type: trustpolicy.TypeAuthenticTimestamp,
Action: outcome.VerificationLevel.Enforcement[trustpolicy.TypeAuthenticTimestamp],
}
}
certResults, err := revocationClient.Validate(tsaCertChain, timeStampUpperLimit)
certResults, err := revocation.ValidateTimestampCertChain(tsaCertChain, timeStampUpperLimit)
if err != nil {
logger.Debug("error while checking revocation status, err: %s", err.Error())
return &notation.ValidationResult{
Expand Down

0 comments on commit e5aaefe

Please sign in to comment.