lint: fix lint error of chrono and tokio

Cargo.toml

@@ -138,6 +138,7 @@ rstest = "0.18.1"
 serial_test = "3.0.0"
 tempfile = "3.3.0"
 testcontainers = "0.15"
+tokio = { version = "1.17.0", features = ["rt", "rt-multi-thread"] }
 tracing-subscriber = { version = "0.3.9", features = ["env-filter"] }
 
 # cosign example mappings

src/cosign/signature_layers.rs

@@ -876,7 +876,7 @@ JsB89BPhZYch0U0hKANx5TY+ncrm0s8bfJxxHoenAEFhwhuXeb4PqIrtoQ==
     use crate::cosign::bundle::Payload;
     use crate::crypto::tests::{generate_certificate, CertGenerationOptions};
     use crate::crypto::SigningScheme;
-    use chrono::{Duration, Utc};
+    use chrono::{TimeDelta, Utc};
 
     impl TryFrom<X509> for crate::registry::Certificate {
         type Error = anyhow::Error;
@@ -908,7 +908,9 @@ JsB89BPhZYch0U0hKANx5TY+ncrm0s8bfJxxHoenAEFhwhuXeb4PqIrtoQ==
             .try_into()?];
         let cert_pool = CertificatePool::from_certificates(certs, []).unwrap();
 
-        let integrated_time = Utc::now().checked_sub_signed(Duration::minutes(1)).unwrap();
+        let integrated_time = Utc::now()
+            .checked_sub_signed(TimeDelta::try_minutes(1).unwrap())
+            .unwrap();
         let bundle = Bundle {
             signed_entry_timestamp: "not relevant".to_string(),
             payload: Payload {
@@ -957,7 +959,9 @@ JsB89BPhZYch0U0hKANx5TY+ncrm0s8bfJxxHoenAEFhwhuXeb4PqIrtoQ==
             .try_into()?];
         let cert_pool = CertificatePool::from_certificates(certs, []).unwrap();
 
-        let integrated_time = Utc::now().checked_sub_signed(Duration::minutes(1)).unwrap();
+        let integrated_time = Utc::now()
+            .checked_sub_signed(TimeDelta::try_minutes(1).unwrap())
+            .unwrap();
         let bundle = Bundle {
             signed_entry_timestamp: "not relevant".to_string(),
             payload: Payload {
@@ -1005,7 +1009,9 @@ JsB89BPhZYch0U0hKANx5TY+ncrm0s8bfJxxHoenAEFhwhuXeb4PqIrtoQ==
             .try_into()?];
         let cert_pool = CertificatePool::from_certificates(certs, []).unwrap();
 
-        let integrated_time = Utc::now().checked_sub_signed(Duration::minutes(1)).unwrap();
+        let integrated_time = Utc::now()
+            .checked_sub_signed(TimeDelta::try_minutes(1).unwrap())
+            .unwrap();
         let bundle = Bundle {
             signed_entry_timestamp: "not relevant".to_string(),
             payload: Payload {

src/cosign/verification_constraint/certificate_verifier.rs

@@ -1,4 +1,4 @@
-use chrono::{DateTime, NaiveDateTime, Utc};
+use chrono::{DateTime, Utc};
 use pkcs8::der::Decode;
 use std::convert::TryFrom;
 use tracing::warn;
@@ -89,9 +89,11 @@ impl VerificationConstraint for CertificateVerifier {
         match &signature_layer.bundle {
             Some(bundle) => {
                 let it = DateTime::<Utc>::from_naive_utc_and_offset(
-                    NaiveDateTime::from_timestamp_opt(bundle.payload.integrated_time, 0).ok_or(
-                        SigstoreError::UnexpectedError("timestamp is not legal".into()),
-                    )?,
+                    DateTime::from_timestamp(bundle.payload.integrated_time, 0)
+                        .ok_or(SigstoreError::UnexpectedError(
+                            "timestamp is not legal".into(),
+                        ))?
+                        .naive_utc(),
                     Utc,
                 );
                 let not_before: DateTime<Utc> =

src/crypto/certificate.rs

@@ -13,7 +13,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-use chrono::{DateTime, NaiveDateTime, Utc};
+use chrono::{DateTime, Utc};
 use const_oid::db::rfc5912::ID_KP_CODE_SIGNING;
 use x509_cert::{
     ext::pkix::{ExtendedKeyUsage, KeyUsage, KeyUsages, SubjectAltName},
@@ -92,8 +92,9 @@ pub(crate) fn verify_validity(certificate: &Certificate) -> Result<()> {
 
 fn verify_expiration(certificate: &Certificate, integrated_time: i64) -> Result<()> {
     let it = DateTime::<Utc>::from_naive_utc_and_offset(
-        NaiveDateTime::from_timestamp_opt(integrated_time, 0)
-            .ok_or(SigstoreError::X509Error("timestamp is not legal".into()))?,
+        DateTime::from_timestamp(integrated_time, 0)
+            .ok_or(SigstoreError::X509Error("timestamp is not legal".into()))?
+            .naive_utc(),
         Utc,
     );
     let validity = &certificate.tbs_certificate.validity;
@@ -125,7 +126,7 @@ mod tests {
     use super::*;
     use crate::crypto::tests::*;
 
-    use chrono::{Duration, Utc};
+    use chrono::{TimeDelta, Utc};
     use x509_cert::der::Decode;
 
     #[test]
@@ -238,8 +239,12 @@ mod tests {
         let issued_cert = generate_certificate(
             Some(&ca_data),
             CertGenerationOptions {
-                not_before: Utc::now().checked_add_signed(Duration::days(5)).unwrap(),
-                not_after: Utc::now().checked_add_signed(Duration::days(6)).unwrap(),
+                not_before: Utc::now()
+                    .checked_add_signed(TimeDelta::try_days(5).unwrap())
+                    .unwrap(),
+                not_after: Utc::now()
+                    .checked_add_signed(TimeDelta::try_days(6).unwrap())
+                    .unwrap(),
                 ..Default::default()
             },
         )?;
@@ -266,8 +271,12 @@ mod tests {
         let issued_cert = generate_certificate(
             Some(&ca_data),
             CertGenerationOptions {
-                not_before: Utc::now().checked_sub_signed(Duration::days(1)).unwrap(),
-                not_after: Utc::now().checked_add_signed(Duration::days(1)).unwrap(),
+                not_before: Utc::now()
+                    .checked_sub_signed(TimeDelta::try_days(1).unwrap())
+                    .unwrap(),
+                not_after: Utc::now()
+                    .checked_add_signed(TimeDelta::try_days(1).unwrap())
+                    .unwrap(),
                 ..Default::default()
             },
         )?;
@@ -284,13 +293,19 @@ mod tests {
     fn verify_cert_expiration_failure() -> anyhow::Result<()> {
         let ca_data = generate_certificate(None, CertGenerationOptions::default())?;
 
-        let integrated_time = Utc::now().checked_add_signed(Duration::days(5)).unwrap();
+        let integrated_time = Utc::now()
+            .checked_add_signed(TimeDelta::try_days(5).unwrap())
+            .unwrap();
 
         let issued_cert = generate_certificate(
             Some(&ca_data),
             CertGenerationOptions {
-                not_before: Utc::now().checked_sub_signed(Duration::days(1)).unwrap(),
-                not_after: Utc::now().checked_add_signed(Duration::days(1)).unwrap(),
+                not_before: Utc::now()
+                    .checked_sub_signed(TimeDelta::try_days(1).unwrap())
+                    .unwrap(),
+                not_after: Utc::now()
+                    .checked_add_signed(TimeDelta::try_days(1).unwrap())
+                    .unwrap(),
                 ..Default::default()
             },
         )?;

src/crypto/mod.rs

@@ -190,7 +190,7 @@ pub mod signing_key;
 
 #[cfg(test)]
 pub(crate) mod tests {
-    use chrono::{DateTime, Duration, Utc};
+    use chrono::{DateTime, TimeDelta, Utc};
     use openssl::asn1::{Asn1Integer, Asn1Time};
     use openssl::bn::{BigNum, MsbOption};
     use openssl::conf::{Conf, ConfMethod};
@@ -231,8 +231,12 @@ OSWS1X9vPavpiQOoTTGC0xX57OojUadxF1cdQmrsiReWg2Wn4FneJfa8xw==
 
     impl Default for CertGenerationOptions {
         fn default() -> Self {
-            let not_before = Utc::now().checked_sub_signed(Duration::days(1)).unwrap();
-            let not_after = Utc::now().checked_add_signed(Duration::days(1)).unwrap();
+            let not_before = Utc::now()
+                .checked_sub_signed(TimeDelta::try_days(1).unwrap())
+                .unwrap();
+            let not_after = Utc::now()
+                .checked_add_signed(TimeDelta::try_days(1).unwrap())
+                .unwrap();
 
             // Sigstore relies on NIST P-256
             // NIST P-256 is a Weierstrass curve specified in FIPS 186-4: Digital Signature Standard (DSS):