Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consolidate certificate expiry logic #2504

Merged
merged 26 commits into from
Dec 7, 2022
Merged

Consolidate certificate expiry logic #2504

merged 26 commits into from
Dec 7, 2022

Commits on Dec 6, 2022

  1. Don't return early in verifyInternal 

    Should not change behavior now, but this should make it easier
to move code around.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
    @mtrmac @haydentherapper
    mtrmac authored and haydentherapper committed Dec 6, 2022
    Configuration menu
    Copy the full SHA
    fb38707 View commit details
    Browse the repository at this point in the history

  2. Explicitly return false on errors in verifyInternal 

    Let's decrease the risk of a caller not noticing an error,
and make it a bit shorter to read and more clear that they are
all, in fact, error paths.

This may change the return value in some cases.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
    @mtrmac @haydentherapper
    mtrmac authored and haydentherapper committed Dec 6, 2022
    Configuration menu
    Copy the full SHA
    7ad1d83 View commit details
    Browse the repository at this point in the history

  3. Introduce acceptedTimestamp to track trust state 

    Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
    @mtrmac @haydentherapper
    mtrmac authored and haydentherapper committed Dec 6, 2022
    Configuration menu
    Copy the full SHA
    a467eb6 View commit details
    Browse the repository at this point in the history

  4. Return the timestamp value, not just a bool, from VerifyRFC3161Timestamp 

    This will allow us to move the certificate expiry responsibility
to the caller.

Should not change behavior, assuming timestamp.ParseResponse can't
fail for an alraedy verified response.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
    @mtrmac @haydentherapper
    mtrmac authored and haydentherapper committed Dec 6, 2022
    Configuration menu
    Copy the full SHA
    294ec77 View commit details
    Browse the repository at this point in the history

  5. Move certificate expiration check against the TSA timestamp 

    ... from VerifyRFC3161Timestamp, which has no reason to care,
to verifyInternal.

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
    @mtrmac @haydentherapper
    mtrmac authored and haydentherapper committed Dec 6, 2022
    Configuration menu
    Copy the full SHA
    424d01a View commit details
    Browse the repository at this point in the history

  6. Simplify the logic in verifyInternal 

    Don't repeat the conditions, and make the flow a bit clearer.

Should not change behavior, unless there are multiple
reasons to reject the signature.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
    @mtrmac @haydentherapper
    mtrmac authored and haydentherapper committed Dec 6, 2022
    Configuration menu
    Copy the full SHA
    9fbe9dd View commit details
    Browse the repository at this point in the history

  7. Introduce acceptableRFC3161Time and acceptableRekorBundleTime 

    We will use them to decouple the bundle handling from certificate
expiry verification.

Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
    @mtrmac @haydentherapper
    mtrmac authored and haydentherapper committed Dec 6, 2022
    Configuration menu
    Copy the full SHA
    e544ee3 View commit details
    Browse the repository at this point in the history

  8. Move the acceptableRFC3161Time enforcement logic a bit 

    Should not change behavior, just to prepare a further move

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
    @mtrmac @haydentherapper
    mtrmac authored and haydentherapper committed Dec 6, 2022
    Configuration menu
    Copy the full SHA
    27a8a5d View commit details
    Browse the repository at this point in the history

  9. Move the acceptableRekorBundleTime certificate expiry logic 

    Another small step. Should not change behavior.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
    @mtrmac @haydentherapper
    mtrmac authored and haydentherapper committed Dec 6, 2022
    Configuration menu
    Copy the full SHA
    780622d View commit details
    Browse the repository at this point in the history

  10. BEHAVIOR CHANGE: Always validate certificate expiration 

    Now, we always validate certificate expiration against _some_ time.

Even if we don't interact with Rekor bundles at all, we validate it against
the current time.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
    @mtrmac @haydentherapper
    mtrmac authored and haydentherapper committed Dec 6, 2022
    Configuration menu
    Copy the full SHA
    6a87651 View commit details
    Browse the repository at this point in the history

  11. Reorganize certificate expiry check further 

    Consolidate all the expiry checks into one place.

Should not change behavior, unless there are multiple
reasons to reject the signature.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
    @mtrmac @haydentherapper
    mtrmac authored and haydentherapper committed Dec 6, 2022
    Configuration menu
    Copy the full SHA
    b95b1b9 View commit details
    Browse the repository at this point in the history

  12. Move TSA and Rekor checks in verifyInternal 

    Do them before looking at the certificate at all; we need
to do this first to obtain signature creation times.

This may affect user-visible error messages; adjust a test.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
    @mtrmac @haydentherapper
    mtrmac authored and haydentherapper committed Dec 6, 2022
    Configuration menu
    Copy the full SHA
    46b8cad View commit details
    Browse the repository at this point in the history

  13. Apply suggestions from code review 

    Signed-off-by: Hayden B <hblauzvern@google.com>
    @haydentherapper
    haydentherapper committed Dec 6, 2022
    Configuration menu
    Copy the full SHA
    14c0ddc View commit details
    Browse the repository at this point in the history

  14. Add error if rekor client isn't set 

    Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
    @haydentherapper
    haydentherapper committed Dec 6, 2022
    Configuration menu
    Copy the full SHA
    2b53511 View commit details
    Browse the repository at this point in the history

  15. Fix tests 

    Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
    @haydentherapper
    haydentherapper committed Dec 6, 2022
    Configuration menu
    Copy the full SHA
    52179b2 View commit details
    Browse the repository at this point in the history

  16. Fixing e2e tests 

    Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
    @haydentherapper
    haydentherapper committed Dec 6, 2022
    Configuration menu
    Copy the full SHA
    81ef16c View commit details
    Browse the repository at this point in the history

  17. Update ps1 test 

    Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
    @haydentherapper
    haydentherapper committed Dec 6, 2022
    Configuration menu
    Copy the full SHA
    09da0bd View commit details
    Browse the repository at this point in the history

  18. Trying to fix ps1 

    Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
    @haydentherapper
    haydentherapper committed Dec 6, 2022
    Configuration menu
    Copy the full SHA
    d26a68a View commit details
    Browse the repository at this point in the history

  19. Trying to fix ps1 again 

    Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
    @haydentherapper
    haydentherapper committed Dec 6, 2022
    Configuration menu
    Copy the full SHA
    6389b08 View commit details
    Browse the repository at this point in the history

  20. Fix ps1 test 

    Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
    @haydentherapper
    haydentherapper committed Dec 6, 2022
    Configuration menu
    Copy the full SHA
    6d8ae28 View commit details
    Browse the repository at this point in the history

  21. Remove println 

    Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
    @haydentherapper
    haydentherapper committed Dec 6, 2022
    Configuration menu
    Copy the full SHA
    6529d99 View commit details
    Browse the repository at this point in the history

  22. Address nit 

    Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
    @haydentherapper
    haydentherapper committed Dec 6, 2022
    Configuration menu
    Copy the full SHA
    844de7c View commit details
    Browse the repository at this point in the history

  23. Remove line 

    Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
    @haydentherapper
    haydentherapper committed Dec 6, 2022
    Configuration menu
    Copy the full SHA
    34ea8c0 View commit details
    Browse the repository at this point in the history

Commits on Dec 7, 2022

  1. Clean up error 

    Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
    @haydentherapper
    haydentherapper committed Dec 7, 2022
    Configuration menu
    Copy the full SHA
    0f7136d View commit details
    Browse the repository at this point in the history

  2. Fix test for invalid root CA 

    Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
    @haydentherapper
    haydentherapper committed Dec 7, 2022
    Configuration menu
    Copy the full SHA
    325ef6c View commit details
    Browse the repository at this point in the history

  3. Merge in upstream changes 

    Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
    @haydentherapper
    haydentherapper committed Dec 7, 2022
    Configuration menu
    Copy the full SHA
    22e5a0e View commit details
    Browse the repository at this point in the history