-
Notifications
You must be signed in to change notification settings - Fork 21
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add interface types for TimestampingAuthority and CertificateAuthority #300
base: main
Are you sure you want to change the base?
Conversation
Signed-off-by: Cody Soyland <codysoyland@github.com>
Signed-off-by: Cody Soyland <codysoyland@github.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice work!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks! Just a few comments about testing and some clean up.
|
||
timestampingAuthority.URI = certAuthority.Uri | ||
|
||
// TODO: Should we inspect/enforce ca.Subject? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we either file issues for these TODOs or decide if these are needed?
My two cents:
- Subject is more of a human-readable value and not something we need to check. It's also the subject of the root, so there's not really anything to verify, as we implicitly trust the root.
- What is there to handle with the validity period? It seems like the above is reading it.
@@ -0,0 +1,64 @@ | |||
// Copyright 2023 The Sigstore Authors. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Update copyright?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we add tests for this file and the next? Given these are verification functions, having some coverage would be good.
|
||
scts, err := x509util.ParseSCTsFromCertificate(leafCert.Raw) | ||
scts, err := x509util.ParseSCTsFromCertificate(chains[0][0].Raw) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we add a comment noting that chains[][0] is always the leaf certificate? This just stands out as looking problematic when it should be safe.
@@ -98,39 +84,16 @@ func VerifyTimestampAuthorityWithThreshold(entity SignedEntity, trustedMaterial | |||
return verifiedTimestamps, nil | |||
} | |||
|
|||
func verifySignedTimestamp(signedTimestamp []byte, dsseSignatureBytes []byte, trustedMaterial root.TrustedMaterial, verificationContent VerificationContent) (Timestamp, error) { | |||
certAuthorities := trustedMaterial.TimestampingAuthorities() | |||
func verifySignedTimestamp(signedTimestamp []byte, dsseSignatureBytes []byte, trustedMaterial root.TrustedMaterial) (*root.Timestamp, error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit on naming, this isn't always a dsse signature
|
||
// Check tlog entry time against bundle certificates | ||
// TODO: technically no longer needed since we check the cert validity period in the main Verify loop | ||
if !verificationContent.ValidAtTime(timestamp.Time, trustedMaterial) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just wanted to check, we removed this - this was intentional? I agree that I think it's fine to remove as we should decouple certificate and timestamp verification.
This PR modifies the
TrustedMaterial
interface with interface types forCertificateAuthority
andTimestampingAuthority
. This decouples the originalCertificateAuthority
struct from the verifier and allows clients to have more control over the verification of certificates and timestamps.Additionally, this PR modifies the verifier to output the chains of certificates that were used to verify the certificate, which has the added benefit of improving performance of the SCT verifier by only attempting SCT verification on the chain that was used to verify the certificate.
This is a breaking change to the
TrustedMaterial
interface, so clients that directly modifyTrustedMaterial
must be updated to use the new interface types.Fixes #293
Summary
Release Note
Documentation