Skip to content

Commit

Permalink
fix: fix signerInfo.authenticSigningTime according to spec (#211)
Browse files Browse the repository at this point in the history
Signed-off-by: Patrick Zheng <[email protected]>
  • Loading branch information
Two-Hearts authored Jul 16, 2024
1 parent e18808c commit f45197c
Show file tree
Hide file tree
Showing 2 changed files with 54 additions and 9 deletions.
23 changes: 14 additions & 9 deletions signature/types.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ import (
"context"
"crypto/x509"
"errors"
"fmt"
"time"

"github.com/notaryproject/tspclient-go"
Expand Down Expand Up @@ -197,17 +198,21 @@ func (signerInfo *SignerInfo) ExtendedAttribute(key string) (Attribute, error) {
return Attribute{}, errors.New("key not in ExtendedAttributes")
}

// AuthenticSigningTime returns the authentic signing time
// AuthenticSigningTime returns the authentic signing time under signing scheme
// notary.x509.signingAuthority.
// For signing scheme notary.x509, since it only supports authentic timestamp,
// an error is returned.
//
// Reference: https://github.com/notaryproject/specifications/blob/3b0743cd9bb99faee60600dc31d706149775fd49/specs/signature-specification.md#signing-time--authentic-signing-time
func (signerInfo *SignerInfo) AuthenticSigningTime() (time.Time, error) {
switch signerInfo.SignedAttributes.SigningScheme {
switch signingScheme := signerInfo.SignedAttributes.SigningScheme; signingScheme {
case SigningSchemeX509SigningAuthority:
return signerInfo.SignedAttributes.SigningTime, nil
case SigningSchemeX509:
if len(signerInfo.UnsignedAttributes.TimestampSignature) > 0 {
// TODO: Add TSA support for AutheticSigningTime
// https://github.com/notaryproject/notation-core-go/issues/38
return time.Time{}, errors.New("TSA checking has not been implemented")
signingTime := signerInfo.SignedAttributes.SigningTime
if signingTime.IsZero() {
return time.Time{}, fmt.Errorf("authentic signing time must be present under signing scheme %q", signingScheme)
}
return signingTime, nil
default:
return time.Time{}, fmt.Errorf("authentic signing time not supported under signing scheme %q", signingScheme)
}
return time.Time{}, errors.New("authenticSigningTime not found")
}
40 changes: 40 additions & 0 deletions signature/types_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ import (
"context"
"fmt"
"testing"
"time"
)

func TestSignRequestContext(t *testing.T) {
Expand Down Expand Up @@ -51,3 +52,42 @@ func TestSignRequestWithContext(t *testing.T) {
}()
r.WithContext(nil) // should panic
}

func TestAuthenticSigningTime(t *testing.T) {
testTime := time.Now()
signerInfo := SignerInfo{
SignedAttributes: SignedAttributes{
SigningScheme: "notary.x509.signingAuthority",
SigningTime: testTime,
},
}
authenticSigningTime, err := signerInfo.AuthenticSigningTime()
if err != nil {
t.Fatal(err)
}
if !authenticSigningTime.Equal(testTime) {
t.Fatalf("expected %s, but got %s", testTime, authenticSigningTime)
}

signerInfo = SignerInfo{
SignedAttributes: SignedAttributes{
SigningScheme: "notary.x509.signingAuthority",
},
}
expectedErrMsg := "authentic signing time must be present under signing scheme \"notary.x509.signingAuthority\""
_, err = signerInfo.AuthenticSigningTime()
if err == nil || err.Error() != expectedErrMsg {
t.Fatalf("expected %s, but got %s", expectedErrMsg, err)
}

signerInfo = SignerInfo{
SignedAttributes: SignedAttributes{
SigningScheme: "notary.x509",
},
}
expectedErrMsg = "authentic signing time not supported under signing scheme \"notary.x509\""
_, err = signerInfo.AuthenticSigningTime()
if err == nil || err.Error() != expectedErrMsg {
t.Fatalf("expected %s, but got %s", expectedErrMsg, err)
}
}

0 comments on commit f45197c

Please sign in to comment.