Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: enhanced output of TSTInfo Validate #23

Merged
merged 8 commits into from
Jul 2, 2024
Merged

feat: enhanced output of TSTInfo Validate #23

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
ec775ad
added TimestampLimit
Two-Hearts Jun 28, 2024
458ec16
add more tests
Two-Hearts Jun 28, 2024
cc399db
naming
Two-Hearts Jun 28, 2024
7c32454
updated to Timestamp
Two-Hearts Jun 28, 2024
149239f
updated per code review
Two-Hearts Jun 28, 2024
4aa5800
update
Two-Hearts Jun 28, 2024
98b1c64
updated per code review
Two-Hearts Jun 28, 2024
2d38353
update
Two-Hearts Jul 2, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 9 additions & 9 deletions conformance_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -113,17 +113,17 @@ func TestTSATimestampGranted(t *testing.T) {
if err != nil {
t.Fatal("SignedToken.Info() error =", err)
}
ts, accuracy, err := info.Validate(message)
timestamp, err := info.Validate(message)
if err != nil {
t.Errorf("TSTInfo.Timestamp() error = %v", err)
}
wantTimestamp := now
if ts != wantTimestamp {
t.Errorf("TSTInfo.Timestamp() Timestamp = %v, want %v", ts, wantTimestamp)
wantTimestampValue := time.Date(2021, 9, 18, 11, 54, 34, 0, time.UTC)
wantTimestampAccuracy := time.Second
if timestamp.Value != wantTimestampValue {
t.Fatalf("TSTInfo.Timestamp() Timestamp = %v, want %v", wantTimestampValue, timestamp.Value)
}
wantAccuracy := time.Second
if accuracy != wantAccuracy {
t.Errorf("TSTInfo.Timestamp() Accuracy = %v, want %v", accuracy, wantAccuracy)
if timestamp.Accuracy != wantTimestampAccuracy {
t.Fatalf("TSTInfo.Timestamp() Timestamp Accuracy = %v, want %v", wantTimestampAccuracy, timestamp.Accuracy)
}
}

Expand Down Expand Up @@ -328,7 +328,7 @@ func newTestTSA(malformedExtKeyUsage, criticalTimestampingExtKeyUsage bool) (*te
BasicConstraintsValid: true,
}
if criticalTimestampingExtKeyUsage {
extValue, err := asn1.Marshal([]asn1.ObjectIdentifier{oid.TimeStamping})
extValue, err := asn1.Marshal([]asn1.ObjectIdentifier{oid.Timestamping})
if err != nil {
return nil, err
}
Expand Down Expand Up @@ -414,7 +414,7 @@ func (tsa *testTSA) Timestamp(_ context.Context, req *Request) (*Response, error
Status: pki.StatusInfo{
Status: pki.StatusGranted,
},
TimeStampToken: token,
TimestampToken: token,
}, nil
}

Expand Down
38 changes: 19 additions & 19 deletions http_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,10 +40,10 @@ func TestHTTPTimestampGranted(t *testing.T) {
ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
const wantContentType = MediaTypeTimestampQuery
if got := r.Header.Get("Content-Type"); got != wantContentType {
t.Fatalf("TimeStampRequest.ContentType = %v, want %v", err, wantContentType)
t.Fatalf("TimestampRequest.ContentType = %v, want %v", err, wantContentType)
}
if _, err := io.ReadAll(r.Body); err != nil {
t.Fatalf("TimeStampRequest.Body read error = %v", err)
t.Fatalf("TimestampRequest.Body read error = %v", err)
}

// write reply
Expand Down Expand Up @@ -122,17 +122,17 @@ func TestHTTPTimestampGranted(t *testing.T) {
if err != nil {
t.Fatal("SignedToken.Info() error =", err)
}
timestamp, accuracy, err := info.Validate(message)
timestamp, err := info.Validate(message)
if err != nil {
t.Errorf("TSTInfo.Timestamp() error = %v", err)
}
wantTimestamp := time.Date(2021, 9, 18, 11, 54, 34, 0, time.UTC)
if timestamp != wantTimestamp {
t.Errorf("TSTInfo.Timestamp() Timestamp = %v, want %v", timestamp, wantTimestamp)
wantTimestampValue := time.Date(2021, 9, 18, 11, 54, 34, 0, time.UTC)
wantTimestampAccuracy := time.Second
if timestamp.Value != wantTimestampValue {
t.Fatalf("TSTInfo.Timestamp() Timestamp = %v, want %v", wantTimestampValue, timestamp.Value)
}
wantAccuracy := time.Second
if accuracy != wantAccuracy {
t.Errorf("TSTInfo.Timestamp() Accuracy = %v, want %v", accuracy, wantAccuracy)
if timestamp.Accuracy != wantTimestampAccuracy {
t.Fatalf("TSTInfo.Timestamp() Timestamp Accuracy = %v, want %v", wantTimestampAccuracy, timestamp.Accuracy)
}
}

Expand All @@ -145,10 +145,10 @@ func TestHTTPTimestampRejection(t *testing.T) {
ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
const wantContentType = MediaTypeTimestampQuery
if got := r.Header.Get("Content-Type"); got != wantContentType {
t.Fatalf("TimeStampRequest.ContentType = %v, want %v", err, wantContentType)
t.Fatalf("TimestampRequest.ContentType = %v, want %v", err, wantContentType)
}
if _, err := io.ReadAll(r.Body); err != nil {
t.Fatalf("TimeStampRequest.Body read error = %v", err)
t.Fatalf("TimestampRequest.Body read error = %v", err)
}

// write reply
Expand Down Expand Up @@ -267,10 +267,10 @@ func TestHttpTimestamperTimestamp(t *testing.T) {
ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
const wantContentType = MediaTypeTimestampQuery
if got := r.Header.Get("Content-Type"); got != wantContentType {
t.Fatalf("TimeStampRequest.ContentType = %v, want %v", err, wantContentType)
t.Fatalf("TimestampRequest.ContentType = %v, want %v", err, wantContentType)
}
if _, err := io.ReadAll(r.Body); err != nil {
t.Fatalf("TimeStampRequest.Body read error = %v", err)
t.Fatalf("TimestampRequest.Body read error = %v", err)
}

// write reply
Expand Down Expand Up @@ -308,10 +308,10 @@ func TestHttpTimestamperTimestamp(t *testing.T) {
ts2 := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
const wantContentType = MediaTypeTimestampQuery
if got := r.Header.Get("Content-Type"); got != wantContentType {
t.Fatalf("TimeStampRequest.ContentType = %v, want %v", err, wantContentType)
t.Fatalf("TimestampRequest.ContentType = %v, want %v", err, wantContentType)
}
if _, err := io.ReadAll(r.Body); err != nil {
t.Fatalf("TimeStampRequest.Body read error = %v", err)
t.Fatalf("TimestampRequest.Body read error = %v", err)
}

// write reply
Expand All @@ -334,10 +334,10 @@ func TestHttpTimestamperTimestamp(t *testing.T) {
ts3 := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
const wantContentType = MediaTypeTimestampQuery
if got := r.Header.Get("Content-Type"); got != wantContentType {
t.Fatalf("TimeStampRequest.ContentType = %v, want %v", err, wantContentType)
t.Fatalf("TimestampRequest.ContentType = %v, want %v", err, wantContentType)
}
if _, err := io.ReadAll(r.Body); err != nil {
t.Fatalf("TimeStampRequest.Body read error = %v", err)
t.Fatalf("TimestampRequest.Body read error = %v", err)
}

// write reply
Expand All @@ -363,10 +363,10 @@ func TestHttpTimestamperTimestamp(t *testing.T) {
ts4 := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
const wantContentType = MediaTypeTimestampQuery
if got := r.Header.Get("Content-Type"); got != wantContentType {
t.Fatalf("TimeStampRequest.ContentType = %v, want %v", err, wantContentType)
t.Fatalf("TimestampRequest.ContentType = %v, want %v", err, wantContentType)
}
if _, err := io.ReadAll(r.Body); err != nil {
t.Fatalf("TimeStampRequest.Body read error = %v", err)
t.Fatalf("TimestampRequest.Body read error = %v", err)
}

// write reply
Expand Down
13 changes: 11 additions & 2 deletions internal/oid/oid.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -93,8 +93,17 @@ var (
// Reference: https://www.rfc-editor.org/rfc/rfc5280.html#section-4.2.1.12
ExtKeyUsage = asn1.ObjectIdentifier{2, 5, 29, 37}

// TimeStamping (id-kp-timeStamping) is defined in RFC 3161 2.3
// Timestamping (id-kp-timeStamping) is defined in RFC 3161 2.3
//
// Reference: https://datatracker.ietf.org/doc/html/rfc3161#section-2.3
TimeStamping = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 8}
Timestamping = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 8}
)

// OIDs for RFC 3628 Policy Requirements for Time-Stamping Authorities (TSAs)
var (
// BaselineTimestampPolicy (baseline time-stamp policy) is defined in
// RFC 3628
//
// Referene: https://datatracker.ietf.org/doc/html/rfc3628#section-5.2
BaselineTimestampPolicy = asn1.ObjectIdentifier{0, 4, 0, 2023, 1, 1}
)
4 changes: 2 additions & 2 deletions response.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -107,7 +107,7 @@ type generalNames struct {
// timeStampToken TimeStampToken OPTIONAL }
type Response struct {
Status pki.StatusInfo
TimeStampToken asn1.RawValue `asn1:"optional"`
TimestampToken asn1.RawValue `asn1:"optional"`
}

// MarshalBinary encodes the response to binary form.
Expand Down Expand Up @@ -138,7 +138,7 @@ func (r *Response) SignedToken() (*SignedToken, error) {
if err := r.validateStatus(); err != nil {
return nil, err
}
return ParseSignedToken(r.TimeStampToken.FullBytes)
return ParseSignedToken(r.TimestampToken.FullBytes)
}

// Validate checks if resp is a successful timestamp response against
Expand Down
18 changes: 9 additions & 9 deletions response_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -168,7 +168,7 @@ func TestValidateResponse(t *testing.T) {
Status: pki.StatusInfo{
Status: pki.StatusGranted,
},
TimeStampToken: asn1.RawValue{
TimestampToken: asn1.RawValue{
FullBytes: token,
},
}
Expand All @@ -187,7 +187,7 @@ func TestValidateResponse(t *testing.T) {
Status: pki.StatusInfo{
Status: pki.StatusGranted,
},
TimeStampToken: asn1.RawValue{
TimestampToken: asn1.RawValue{
FullBytes: token,
},
}
Expand All @@ -208,7 +208,7 @@ func TestValidateResponse(t *testing.T) {
Status: pki.StatusInfo{
Status: pki.StatusGranted,
},
TimeStampToken: asn1.RawValue{
TimestampToken: asn1.RawValue{
FullBytes: token,
},
}
Expand All @@ -227,7 +227,7 @@ func TestValidateResponse(t *testing.T) {
Status: pki.StatusInfo{
Status: pki.StatusGranted,
},
TimeStampToken: asn1.RawValue{
TimestampToken: asn1.RawValue{
FullBytes: token,
},
}
Expand Down Expand Up @@ -264,7 +264,7 @@ func TestValidateResponse(t *testing.T) {
Status: pki.StatusInfo{
Status: pki.StatusGranted,
},
TimeStampToken: asn1.RawValue{
TimestampToken: asn1.RawValue{
FullBytes: token,
},
}
Expand All @@ -286,7 +286,7 @@ func TestValidateResponse(t *testing.T) {
Status: pki.StatusInfo{
Status: pki.StatusGranted,
},
TimeStampToken: asn1.RawValue{
TimestampToken: asn1.RawValue{
FullBytes: token,
},
}
Expand All @@ -308,7 +308,7 @@ func TestValidateResponse(t *testing.T) {
Status: pki.StatusInfo{
Status: pki.StatusGranted,
},
TimeStampToken: asn1.RawValue{
TimestampToken: asn1.RawValue{
FullBytes: token,
},
}
Expand All @@ -332,7 +332,7 @@ func TestValidateResponse(t *testing.T) {
Status: pki.StatusInfo{
Status: pki.StatusGranted,
},
TimeStampToken: asn1.RawValue{
TimestampToken: asn1.RawValue{
FullBytes: token,
},
}
Expand All @@ -355,7 +355,7 @@ func TestValidateResponse(t *testing.T) {
Status: pki.StatusInfo{
Status: pki.StatusGranted,
},
TimeStampToken: asn1.RawValue{
TimestampToken: asn1.RawValue{
FullBytes: token,
},
}
Expand Down
57 changes: 51 additions & 6 deletions token.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -214,16 +214,61 @@ type TSTInfo struct {
Extensions []pkix.Extension `asn1:"optional,tag:1"`
}

// Timestamp denots the time at which the timestamp token was created by the TSA
//
// Reference: RFC 3161 2.4.2
type Timestamp struct {
Two-Hearts marked this conversation as resolved.
Show resolved Hide resolved
// Value is the GenTime of TSTInfo
Value time.Time
Two-Hearts marked this conversation as resolved.
Show resolved Hide resolved

// Accuracy is the Accuracy of TSTInfo
Accuracy time.Duration
}

// Before returns true if the lower limit of the time at which the timestamp
// token was created is before u.
//
// Reference: RFC 3161 2.4.2
func (t *Timestamp) Before(u time.Time) bool {
timestampLowerLimit := t.Value.Add(-t.Accuracy)
Two-Hearts marked this conversation as resolved.
Show resolved Hide resolved
return timestampLowerLimit.Before(u)
}

// After returns true if the upper limit of the time at which the timestamp
// token was created is after u.
//
// Reference: RFC 3161 2.4.2
func (t *Timestamp) After(u time.Time) bool {
timestampUpperLimit := t.Value.Add(t.Accuracy)
Two-Hearts marked this conversation as resolved.
Show resolved Hide resolved
return timestampUpperLimit.After(u)
}

// Validate validates tst and returns the GenTime and Accuracy.
// tst MUST be valid and the time stamped datum MUST match message.
func (tst *TSTInfo) Validate(message []byte) (time.Time, time.Duration, error) {
func (tst *TSTInfo) Validate(message []byte) (*Timestamp, error) {
if err := tst.validate(message); err != nil {
return time.Time{}, 0, err
return nil, err
}
accuracy := time.Duration(tst.Accuracy.Seconds)*time.Second +
time.Duration(tst.Accuracy.Milliseconds)*time.Millisecond +
time.Duration(tst.Accuracy.Microseconds)*time.Microsecond
return tst.GenTime, accuracy, nil

var accuracy time.Duration
// References:
// https://datatracker.ietf.org/doc/html/rfc3628#section-5.1
// https://github.com/notaryproject/specifications/blob/main/specs/trust-store-trust-policy.md#steps
if tst.Accuracy.Seconds == 0 &&
tst.Accuracy.Microseconds == 0 &&
tst.Accuracy.Milliseconds == 0 &&
oid.BaselineTimestampPolicy.Equal(tst.Policy) {
accuracy = 1 * time.Second
} else {
accuracy = time.Duration(tst.Accuracy.Seconds)*time.Second +
time.Duration(tst.Accuracy.Milliseconds)*time.Millisecond +
time.Duration(tst.Accuracy.Microseconds)*time.Microsecond
}

priteshbandi marked this conversation as resolved.
Show resolved Hide resolved
return &Timestamp{
Value: tst.GenTime,
Accuracy: accuracy,
}, nil
}

// validate checks tst against RFC 3161.
Expand Down
Loading
Loading