-
Notifications
You must be signed in to change notification settings - Fork 544
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Consolidate certificate expiry logic #2504
Commits on Dec 6, 2022
-
Don't return early in verifyInternal
Should not change behavior now, but this should make it easier to move code around. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for fb38707 - Browse repository at this point
Copy the full SHA fb38707View commit details -
Explicitly return false on errors in verifyInternal
Let's decrease the risk of a caller not noticing an error, and make it a bit shorter to read and more clear that they are all, in fact, error paths. This may change the return value in some cases. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 7ad1d83 - Browse repository at this point
Copy the full SHA 7ad1d83View commit details -
Introduce acceptedTimestamp to track trust state
Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for a467eb6 - Browse repository at this point
Copy the full SHA a467eb6View commit details -
Return the timestamp value, not just a bool, from VerifyRFC3161Timestamp
This will allow us to move the certificate expiry responsibility to the caller. Should not change behavior, assuming timestamp.ParseResponse can't fail for an alraedy verified response. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 294ec77 - Browse repository at this point
Copy the full SHA 294ec77View commit details -
Move certificate expiration check against the TSA timestamp
... from VerifyRFC3161Timestamp, which has no reason to care, to verifyInternal. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 424d01a - Browse repository at this point
Copy the full SHA 424d01aView commit details -
Simplify the logic in verifyInternal
Don't repeat the conditions, and make the flow a bit clearer. Should not change behavior, unless there are multiple reasons to reject the signature. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 9fbe9dd - Browse repository at this point
Copy the full SHA 9fbe9ddView commit details -
Introduce acceptableRFC3161Time and acceptableRekorBundleTime
We will use them to decouple the bundle handling from certificate expiry verification. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for e544ee3 - Browse repository at this point
Copy the full SHA e544ee3View commit details -
Move the acceptableRFC3161Time enforcement logic a bit
Should not change behavior, just to prepare a further move Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 27a8a5d - Browse repository at this point
Copy the full SHA 27a8a5dView commit details -
Move the acceptableRekorBundleTime certificate expiry logic
Another small step. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 780622d - Browse repository at this point
Copy the full SHA 780622dView commit details -
BEHAVIOR CHANGE: Always validate certificate expiration
Now, we always validate certificate expiration against _some_ time. Even if we don't interact with Rekor bundles at all, we validate it against the current time. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 6a87651 - Browse repository at this point
Copy the full SHA 6a87651View commit details -
Reorganize certificate expiry check further
Consolidate all the expiry checks into one place. Should not change behavior, unless there are multiple reasons to reject the signature. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for b95b1b9 - Browse repository at this point
Copy the full SHA b95b1b9View commit details -
Move TSA and Rekor checks in verifyInternal
Do them before looking at the certificate at all; we need to do this first to obtain signature creation times. This may affect user-visible error messages; adjust a test. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 46b8cad - Browse repository at this point
Copy the full SHA 46b8cadView commit details -
Apply suggestions from code review
Signed-off-by: Hayden B <hblauzvern@google.com>
Configuration menu - View commit details
-
Copy full SHA for 14c0ddc - Browse repository at this point
Copy the full SHA 14c0ddcView commit details -
Add error if rekor client isn't set
Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
Configuration menu - View commit details
-
Copy full SHA for 2b53511 - Browse repository at this point
Copy the full SHA 2b53511View commit details -
Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
Configuration menu - View commit details
-
Copy full SHA for 52179b2 - Browse repository at this point
Copy the full SHA 52179b2View commit details -
Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
Configuration menu - View commit details
-
Copy full SHA for 81ef16c - Browse repository at this point
Copy the full SHA 81ef16cView commit details -
Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
Configuration menu - View commit details
-
Copy full SHA for 09da0bd - Browse repository at this point
Copy the full SHA 09da0bdView commit details -
Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
Configuration menu - View commit details
-
Copy full SHA for d26a68a - Browse repository at this point
Copy the full SHA d26a68aView commit details -
Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
Configuration menu - View commit details
-
Copy full SHA for 6389b08 - Browse repository at this point
Copy the full SHA 6389b08View commit details -
Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
Configuration menu - View commit details
-
Copy full SHA for 6d8ae28 - Browse repository at this point
Copy the full SHA 6d8ae28View commit details -
Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
Configuration menu - View commit details
-
Copy full SHA for 6529d99 - Browse repository at this point
Copy the full SHA 6529d99View commit details -
Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
Configuration menu - View commit details
-
Copy full SHA for 844de7c - Browse repository at this point
Copy the full SHA 844de7cView commit details -
Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
Configuration menu - View commit details
-
Copy full SHA for 34ea8c0 - Browse repository at this point
Copy the full SHA 34ea8c0View commit details
Commits on Dec 7, 2022
-
Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
Configuration menu - View commit details
-
Copy full SHA for 0f7136d - Browse repository at this point
Copy the full SHA 0f7136dView commit details -
Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
Configuration menu - View commit details
-
Copy full SHA for 325ef6c - Browse repository at this point
Copy the full SHA 325ef6cView commit details -
Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
Configuration menu - View commit details
-
Copy full SHA for 22e5a0e - Browse repository at this point
Copy the full SHA 22e5a0eView commit details