updated timestamping

Signed-off-by: Patrick Zheng <[email protected]>
Two-Hearts · Jul 1, 2024 · a11b692 · a11b692
1 parent 670e39d
commit a11b692
Show file tree

Hide file tree

Showing 5 changed files with 21 additions and 17 deletions.
diff --git a/cmd/notation/sign.go b/cmd/notation/sign.go
@@ -14,6 +14,7 @@
 package main
 
 import (
+	"crypto/x509"
 	"errors"
 	"fmt"
 	"os"
@@ -215,7 +216,8 @@ func prepareSigningOpts(opts *signOpts) (notation.SignOptions, error) {
 			return notation.SignOptions{}, fmt.Errorf("cannot read tsa root certificate from %q", opts.tsaRootCertificatePath)
 		}
 		signOpts.TSAServerURL = opts.tsaServerURL
-		signOpts.TSARootCertificate = rootCerts[0]
+		signOpts.TSARootCAs = x509.NewCertPool()
+		signOpts.TSARootCAs.AddCert(rootCerts[0])
 	}
 	return signOpts, nil
 }
diff --git a/go.mod b/go.mod
@@ -16,7 +16,7 @@ require (
 
 require (
 	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect
-	github.com/fxamacker/cbor/v2 v2.6.0 // indirect
+	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
 	github.com/go-asn1-ber/asn1-ber v1.5.5 // indirect
 	github.com/go-ldap/ldap/v3 v3.4.8 // indirect
 	github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
@@ -32,6 +32,8 @@ require (
 	golang.org/x/sys v0.21.0 // indirect
 )
 
-replace github.com/notaryproject/notation-core-go => github.com/Two-Hearts/notation-core-go v0.0.0-20240627051425-a24facd24315
+replace github.com/notaryproject/notation-core-go => github.com/Two-Hearts/notation-core-go v0.0.0-20240628104035-de8a46ce468e
 
-replace github.com/notaryproject/notation-go => github.com/Two-Hearts/notation-go v0.0.0-20240627102530-13006cec009a
+replace github.com/notaryproject/notation-go => github.com/Two-Hearts/notation-go v0.0.0-20240701024944-938762ed78bf
+
+replace github.com/notaryproject/tspclient-go => github.com/Two-Hearts/tspclient-go v0.0.0-20240628085816-98b1c64c4172
diff --git a/go.sum b/go.sum
@@ -1,17 +1,19 @@
 github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+s7s0MwaRv9igoPqLRdzOLzw/8Xvq8=
 github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU=
-github.com/Two-Hearts/notation-core-go v0.0.0-20240627051425-a24facd24315 h1:8wDwsk1Rcs+7dmFFlSNzmj2tgBmD0m/vjjVh6eaozcM=
-github.com/Two-Hearts/notation-core-go v0.0.0-20240627051425-a24facd24315/go.mod h1:4b60hxCB4gB0q1K2QRxycj0TGhLvylSSR1RWCG0ilYs=
-github.com/Two-Hearts/notation-go v0.0.0-20240627102530-13006cec009a h1:sN8aDf7eBhvPi4RWI/EvyszPgg3QT9dJA5j+6j44hko=
-github.com/Two-Hearts/notation-go v0.0.0-20240627102530-13006cec009a/go.mod h1:4eG7HflGMaLsHeuNXV95h89+6OgvRjvem0wtnlTayfY=
+github.com/Two-Hearts/notation-core-go v0.0.0-20240628104035-de8a46ce468e h1:yDGu0wnuX+3xSDLXeIPV751jaBaTjMjcpVz5NwTypm4=
+github.com/Two-Hearts/notation-core-go v0.0.0-20240628104035-de8a46ce468e/go.mod h1:hXbhc81hiH9tQOZ4w5pI+Z83y8qhpXKbsLXHWA/74TE=
+github.com/Two-Hearts/notation-go v0.0.0-20240701024944-938762ed78bf h1:OrrmkZr3E9uHtNLNB9lh62Pdp18LF0lXjFlBxroC9rc=
+github.com/Two-Hearts/notation-go v0.0.0-20240701024944-938762ed78bf/go.mod h1:Ci+EoNk2HP1WGoKYDqRkJjq7mQ46IYYglWtTcqi58R8=
+github.com/Two-Hearts/tspclient-go v0.0.0-20240628085816-98b1c64c4172 h1:ME+WMRNcucfmJ9Le8eCtdV1gR3Xc8ve6Ab/cPnN/z48=
+github.com/Two-Hearts/tspclient-go v0.0.0-20240628085816-98b1c64c4172/go.mod h1:LGyA/6Kwd2FlM0uk8Vc5il3j0CddbWSHBj/4kxQDbjs=
 github.com/alexbrainman/sspi v0.0.0-20231016080023-1a75b4708caa h1:LHTHcTQiSGT7VVbI0o4wBRNQIgn917usHWOd6VAffYI=
 github.com/alexbrainman/sspi v0.0.0-20231016080023-1a75b4708caa/go.mod h1:cEWa1LVoE5KvSD9ONXsZrj0z6KqySlCCNKHlLzbqAt4=
 github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/fxamacker/cbor/v2 v2.6.0 h1:sU6J2usfADwWlYDAFhZBQ6TnLFBHxgesMrQfQgk1tWA=
-github.com/fxamacker/cbor/v2 v2.6.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ=
+github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E=
+github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ=
 github.com/go-asn1-ber/asn1-ber v1.5.5 h1:MNHlNMBDgEKD4TcKr36vQN68BA00aDfjIt3/bD50WnA=
 github.com/go-asn1-ber/asn1-ber v1.5.5/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
 github.com/go-ldap/ldap/v3 v3.4.8 h1:loKJyspcRezt2Q3ZRMq2p/0v8iOurlmeXDPw6fikSvQ=
@@ -41,8 +43,6 @@ github.com/jcmturner/rpc/v2 v2.0.3 h1:7FXXj8Ti1IaVFpSAziCZWNzbNuZmnvw/i6CqLNdWfZ
 github.com/jcmturner/rpc/v2 v2.0.3/go.mod h1:VUJYCIDm3PVOEHw8sgt091/20OJjskO/YJki3ELg/Hc=
 github.com/notaryproject/notation-plugin-framework-go v1.0.0 h1:6Qzr7DGXoCgXEQN+1gTZWuJAZvxh3p8Lryjn5FaLzi4=
 github.com/notaryproject/notation-plugin-framework-go v1.0.0/go.mod h1:RqWSrTOtEASCrGOEffq0n8pSg2KOgKYiWqFWczRSics=
-github.com/notaryproject/tspclient-go v0.0.0-20240627050441-dcff9b7c23fe h1:1psX5fHzB0ZGshHkaGlERh0eBX4EapizcVyQwX+YydE=
-github.com/notaryproject/tspclient-go v0.0.0-20240627050441-dcff9b7c23fe/go.mod h1:LGyA/6Kwd2FlM0uk8Vc5il3j0CddbWSHBj/4kxQDbjs=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug=

diff --git a/test/e2e/suite/trustpolicy/multi_statements.go b/test/e2e/suite/trustpolicy/multi_statements.go
@@ -30,7 +30,7 @@ var _ = Describe("notation trust policy multi-statements test", func() {
 			// test localhost:5000/test-repo
 			notation.Exec("sign", artifact.ReferenceWithDigest()).MatchKeyWords(SignSuccessfully)
 			notation.ExpectFailure().Exec("verify", artifact.ReferenceWithDigest()).
-				MatchErrContent("Error: registry scope \"localhost:5000/test-repo8\" is present in multiple trust policy statements, one registry scope value can only be associated with one statement\n")
+				MatchErrContent("Error: registry scope \"localhost:5000/test-repo8\" is present in multiple oci trust policy statements, one registry scope value can only be associated with one statement\n")
 		})
 	})
 
@@ -56,7 +56,7 @@ var _ = Describe("notation trust policy multi-statements test", func() {
 			// test localhost:5000/test-repo
 			notation.Exec("sign", artifact.ReferenceWithDigest()).MatchKeyWords(SignSuccessfully)
 			notation.ExpectFailure().Exec("verify", artifact.ReferenceWithDigest()).
-				MatchErrContent("Error: multiple trust policy statements use the same name \"e2e\", statement names must be unique\n")
+				MatchErrContent("Error: multiple oci trust policy statements use the same name \"e2e\", statement names must be unique\n")
 		})
 	})
 
@@ -68,7 +68,7 @@ var _ = Describe("notation trust policy multi-statements test", func() {
 			// test localhost:5000/test-repo
 			notation.Exec("sign", artifact.ReferenceWithDigest()).MatchKeyWords(SignSuccessfully)
 			notation.ExpectFailure().Exec("verify", artifact.ReferenceWithDigest()).
-				MatchErrContent("Error: registry scope \"*\" is present in multiple trust policy statements, one registry scope value can only be associated with one statement\n")
+				MatchErrContent("Error: registry scope \"*\" is present in multiple oci trust policy statements, one registry scope value can only be associated with one statement\n")
 		})
 	})
 })
diff --git a/test/e2e/suite/trustpolicy/registry_scope.go b/test/e2e/suite/trustpolicy/registry_scope.go
@@ -111,7 +111,7 @@ var _ = Describe("notation trust policy registryScope test", func() {
 			// test localhost:5000/test-repo
 			OldNotation().Exec("sign", artifact.ReferenceWithDigest()).MatchKeyWords(SignSuccessfully)
 			notation.ExpectFailure().Exec("verify", artifact.ReferenceWithDigest()).
-				MatchErrKeyWords("registry scope \"localhost:5000/test-repo6\" is present in multiple trust policy statements")
+				MatchErrKeyWords("registry scope \"localhost:5000/test-repo6\" is present in multiple oci trust policy statements")
 		})
 	})
 
@@ -137,7 +137,7 @@ var _ = Describe("notation trust policy registryScope test", func() {
 			// test localhost:5000/test-repo
 			OldNotation().Exec("sign", artifact.ReferenceWithDigest()).MatchKeyWords(SignSuccessfully)
 			notation.ExpectFailure().Exec("verify", artifact.ReferenceWithDigest()).
-				MatchErrContent(fmt.Sprintf("Error: signature verification failed: artifact %q has no applicable trust policy. Trust policy applicability for a given artifact is determined by registryScopes. To create a trust policy, see: %s\n", artifact.ReferenceWithDigest(), trustPolicyLink))
+				MatchErrContent(fmt.Sprintf("Error: signature verification failed: artifact %q has no applicable oci trust policy. Trust policy applicability for a given artifact is determined by registryScopes. To create a trust policy, see: %s\n", artifact.ReferenceWithDigest(), trustPolicyLink))
 		})
 	})
 })