From e5aaefee24f78f69e235112bbce68b98a88fc774 Mon Sep 17 00:00:00 2001 From: Patrick Zheng Date: Mon, 8 Apr 2024 14:13:47 +0800 Subject: [PATCH] added tsa ocsp check Signed-off-by: Patrick Zheng --- go.mod | 2 +- go.sum | 4 ++-- verifier/verifier.go | 10 +--------- 3 files changed, 4 insertions(+), 12 deletions(-) diff --git a/go.mod b/go.mod index 50ec0b56..714b5b97 100644 --- a/go.mod +++ b/go.mod @@ -25,6 +25,6 @@ require ( golang.org/x/sync v0.6.0 // indirect ) -replace github.com/notaryproject/notation-core-go => github.com/Two-Hearts/notation-core-go v0.0.0-20240408053347-db08071e1dba +replace github.com/notaryproject/notation-core-go => github.com/Two-Hearts/notation-core-go v0.0.0-20240408061121-8c59a124c1ff replace github.com/notaryproject/tspclient-go => github.com/Two-Hearts/tspclient-go v0.0.0-20240327080830-9d2a35b7f3f0 diff --git a/go.sum b/go.sum index 8f7b780c..4da3fd58 100644 --- a/go.sum +++ b/go.sum @@ -1,7 +1,7 @@ github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+s7s0MwaRv9igoPqLRdzOLzw/8Xvq8= github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU= -github.com/Two-Hearts/notation-core-go v0.0.0-20240408053347-db08071e1dba h1:NkrPabtr/MVAsD2NZVkJGkbvnOjoG6wCQPvXIPluyqw= -github.com/Two-Hearts/notation-core-go v0.0.0-20240408053347-db08071e1dba/go.mod h1:GsHR/83xmdubOk+77PlzIilthZNt+qCY4I9BxMKXbxg= +github.com/Two-Hearts/notation-core-go v0.0.0-20240408061121-8c59a124c1ff h1:FiCD0T10oRjvO3ADmrkpaiYBZA1U91SfYEK8UTDqDbQ= +github.com/Two-Hearts/notation-core-go v0.0.0-20240408061121-8c59a124c1ff/go.mod h1:GsHR/83xmdubOk+77PlzIilthZNt+qCY4I9BxMKXbxg= github.com/Two-Hearts/tspclient-go v0.0.0-20240327080830-9d2a35b7f3f0 h1:EbUo6vzeco2sq3ipHCL7JtsgAwOXNiM7BRRRLVp2o3U= github.com/Two-Hearts/tspclient-go v0.0.0-20240327080830-9d2a35b7f3f0/go.mod h1:LGyA/6Kwd2FlM0uk8Vc5il3j0CddbWSHBj/4kxQDbjs= github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74 h1:Kk6a4nehpJ3UuJRqlA3JxYxBZEqCeOmATOvrbT4p9RA= diff --git a/verifier/verifier.go b/verifier/verifier.go index 5e58994a..ed27cb03 100644 --- a/verifier/verifier.go +++ b/verifier/verifier.go @@ -612,15 +612,7 @@ func verifyAuthenticTimestamp(ctx context.Context, trustPolicy *trustpolicy.Trus timeStampUpperLimit := ts.Add(accuracy) fmt.Printf("timestamp token time range: [%v, %v]\n", timeStampLowerLimit, timeStampUpperLimit) // TSA certificate chain revocation check - revocationClient, err := revocation.New(&http.Client{Timeout: 2 * time.Second}) - if err != nil { - return ¬ation.ValidationResult{ - Error: err, - Type: trustpolicy.TypeAuthenticTimestamp, - Action: outcome.VerificationLevel.Enforcement[trustpolicy.TypeAuthenticTimestamp], - } - } - certResults, err := revocationClient.Validate(tsaCertChain, timeStampUpperLimit) + certResults, err := revocation.ValidateTimestampCertChain(tsaCertChain, timeStampUpperLimit) if err != nil { logger.Debug("error while checking revocation status, err: %s", err.Error()) return ¬ation.ValidationResult{