Skip to content

Commit

Permalink
Merge pull request #334 from Xynnn007/fix-lint
Browse files Browse the repository at this point in the history 
lint: fix lint error of chrono and tokio
  • Loading branch information
@flavio
flavio authored Mar 11, 2024
2 parents 2164b67 + 950f134 commit 87d0c34
Show file tree
Hide file tree
Showing 5 changed files with 50 additions and 22 deletions.
1 change: 1 addition & 0 deletions Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -138,6 +138,7 @@ rstest = "0.18.1"
serial_test = "3.0.0"
tempfile = "3.3.0"
testcontainers = "0.15"
tokio = { version = "1.17.0", features = ["rt", "rt-multi-thread"] }
tracing-subscriber = { version = "0.3.9", features = ["env-filter"] }

# cosign example mappings
Expand Down
14 changes: 10 additions & 4 deletions src/cosign/signature_layers.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -876,7 +876,7 @@ JsB89BPhZYch0U0hKANx5TY+ncrm0s8bfJxxHoenAEFhwhuXeb4PqIrtoQ==
use crate::cosign::bundle::Payload;
use crate::crypto::tests::{generate_certificate, CertGenerationOptions};
use crate::crypto::SigningScheme;
use chrono::{Duration, Utc};
use chrono::{TimeDelta, Utc};

impl TryFrom<X509> for crate::registry::Certificate {
type Error = anyhow::Error;
Expand Down Expand Up @@ -908,7 +908,9 @@ JsB89BPhZYch0U0hKANx5TY+ncrm0s8bfJxxHoenAEFhwhuXeb4PqIrtoQ==
.try_into()?];
let cert_pool = CertificatePool::from_certificates(certs, []).unwrap();

let integrated_time = Utc::now().checked_sub_signed(Duration::minutes(1)).unwrap();
let integrated_time = Utc::now()
.checked_sub_signed(TimeDelta::try_minutes(1).unwrap())
.unwrap();
let bundle = Bundle {
signed_entry_timestamp: "not relevant".to_string(),
payload: Payload {
Expand Down Expand Up @@ -957,7 +959,9 @@ JsB89BPhZYch0U0hKANx5TY+ncrm0s8bfJxxHoenAEFhwhuXeb4PqIrtoQ==
.try_into()?];
let cert_pool = CertificatePool::from_certificates(certs, []).unwrap();

let integrated_time = Utc::now().checked_sub_signed(Duration::minutes(1)).unwrap();
let integrated_time = Utc::now()
.checked_sub_signed(TimeDelta::try_minutes(1).unwrap())
.unwrap();
let bundle = Bundle {
signed_entry_timestamp: "not relevant".to_string(),
payload: Payload {
Expand Down Expand Up @@ -1005,7 +1009,9 @@ JsB89BPhZYch0U0hKANx5TY+ncrm0s8bfJxxHoenAEFhwhuXeb4PqIrtoQ==
.try_into()?];
let cert_pool = CertificatePool::from_certificates(certs, []).unwrap();

let integrated_time = Utc::now().checked_sub_signed(Duration::minutes(1)).unwrap();
let integrated_time = Utc::now()
.checked_sub_signed(TimeDelta::try_minutes(1).unwrap())
.unwrap();
let bundle = Bundle {
signed_entry_timestamp: "not relevant".to_string(),
payload: Payload {
Expand Down
10 changes: 6 additions & 4 deletions src/cosign/verification_constraint/certificate_verifier.rs
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
use chrono::{DateTime, NaiveDateTime, Utc};
use chrono::{DateTime, Utc};
use pkcs8::der::Decode;
use std::convert::TryFrom;
use tracing::warn;
Expand Down Expand Up @@ -89,9 +89,11 @@ impl VerificationConstraint for CertificateVerifier {
match &signature_layer.bundle {
Some(bundle) => {
let it = DateTime::<Utc>::from_naive_utc_and_offset(
NaiveDateTime::from_timestamp_opt(bundle.payload.integrated_time, 0).ok_or(
SigstoreError::UnexpectedError("timestamp is not legal".into()),
)?,
DateTime::from_timestamp(bundle.payload.integrated_time, 0)
.ok_or(SigstoreError::UnexpectedError(
"timestamp is not legal".into(),
))?
.naive_utc(),
Utc,
);
let not_before: DateTime<Utc> =
Expand Down
37 changes: 26 additions & 11 deletions src/crypto/certificate.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@
// See the License for the specific language governing permissions and
// limitations under the License.

use chrono::{DateTime, NaiveDateTime, Utc};
use chrono::{DateTime, Utc};
use const_oid::db::rfc5912::ID_KP_CODE_SIGNING;
use x509_cert::{
ext::pkix::{ExtendedKeyUsage, KeyUsage, KeyUsages, SubjectAltName},
Expand Down Expand Up @@ -92,8 +92,9 @@ pub(crate) fn verify_validity(certificate: &Certificate) -> Result<()> {

fn verify_expiration(certificate: &Certificate, integrated_time: i64) -> Result<()> {
let it = DateTime::<Utc>::from_naive_utc_and_offset(
NaiveDateTime::from_timestamp_opt(integrated_time, 0)
.ok_or(SigstoreError::X509Error("timestamp is not legal".into()))?,
DateTime::from_timestamp(integrated_time, 0)
.ok_or(SigstoreError::X509Error("timestamp is not legal".into()))?
.naive_utc(),
Utc,
);
let validity = &certificate.tbs_certificate.validity;
Expand Down Expand Up @@ -125,7 +126,7 @@ mod tests {
use super::*;
use crate::crypto::tests::*;

use chrono::{Duration, Utc};
use chrono::{TimeDelta, Utc};
use x509_cert::der::Decode;

#[test]
Expand Down Expand Up @@ -238,8 +239,12 @@ mod tests {
let issued_cert = generate_certificate(
Some(&ca_data),
CertGenerationOptions {
not_before: Utc::now().checked_add_signed(Duration::days(5)).unwrap(),
not_after: Utc::now().checked_add_signed(Duration::days(6)).unwrap(),
not_before: Utc::now()
.checked_add_signed(TimeDelta::try_days(5).unwrap())
.unwrap(),
not_after: Utc::now()
.checked_add_signed(TimeDelta::try_days(6).unwrap())
.unwrap(),
..Default::default()
},
)?;
Expand All @@ -266,8 +271,12 @@ mod tests {
let issued_cert = generate_certificate(
Some(&ca_data),
CertGenerationOptions {
not_before: Utc::now().checked_sub_signed(Duration::days(1)).unwrap(),
not_after: Utc::now().checked_add_signed(Duration::days(1)).unwrap(),
not_before: Utc::now()
.checked_sub_signed(TimeDelta::try_days(1).unwrap())
.unwrap(),
not_after: Utc::now()
.checked_add_signed(TimeDelta::try_days(1).unwrap())
.unwrap(),
..Default::default()
},
)?;
Expand All @@ -284,13 +293,19 @@ mod tests {
fn verify_cert_expiration_failure() -> anyhow::Result<()> {
let ca_data = generate_certificate(None, CertGenerationOptions::default())?;

let integrated_time = Utc::now().checked_add_signed(Duration::days(5)).unwrap();
let integrated_time = Utc::now()
.checked_add_signed(TimeDelta::try_days(5).unwrap())
.unwrap();

let issued_cert = generate_certificate(
Some(&ca_data),
CertGenerationOptions {
not_before: Utc::now().checked_sub_signed(Duration::days(1)).unwrap(),
not_after: Utc::now().checked_add_signed(Duration::days(1)).unwrap(),
not_before: Utc::now()
.checked_sub_signed(TimeDelta::try_days(1).unwrap())
.unwrap(),
not_after: Utc::now()
.checked_add_signed(TimeDelta::try_days(1).unwrap())
.unwrap(),
..Default::default()
},
)?;
Expand Down
10 changes: 7 additions & 3 deletions src/crypto/mod.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -190,7 +190,7 @@ pub mod signing_key;

#[cfg(test)]
pub(crate) mod tests {
use chrono::{DateTime, Duration, Utc};
use chrono::{DateTime, TimeDelta, Utc};
use openssl::asn1::{Asn1Integer, Asn1Time};
use openssl::bn::{BigNum, MsbOption};
use openssl::conf::{Conf, ConfMethod};
Expand Down Expand Up @@ -231,8 +231,12 @@ OSWS1X9vPavpiQOoTTGC0xX57OojUadxF1cdQmrsiReWg2Wn4FneJfa8xw==

impl Default for CertGenerationOptions {
fn default() -> Self {
let not_before = Utc::now().checked_sub_signed(Duration::days(1)).unwrap();
let not_after = Utc::now().checked_add_signed(Duration::days(1)).unwrap();
let not_before = Utc::now()
.checked_sub_signed(TimeDelta::try_days(1).unwrap())
.unwrap();
let not_after = Utc::now()
.checked_add_signed(TimeDelta::try_days(1).unwrap())
.unwrap();

// Sigstore relies on NIST P-256
// NIST P-256 is a Weierstrass curve specified in FIPS 186-4: Digital Signature Standard (DSS):
Expand Down

0 comments on commit 87d0c34

Please sign in to comment.